← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
| Time | Nick | Message |
|---|---|---|
| 00:49 | AndrewFH joined #koha | |
| 00:49 | PerplexedTheta joined #koha | |
| 01:49 | JBoyer joined #koha | |
| 02:59 | schnydszch joined #koha | |
| 03:03 | schnydszch | good day! I have some questions regarding some security vulnerability regarding Koha, here are enumerated vulnerabilities from one of the reviews of one Koha server I managed: Cross-Site Scripting (XSS) Filter not Disabled, Content Sniffing not Disabled, Software Version Revealed via HTTP Response Headers, Missing object-src in CSP Declaration. Though risk classification is low for all of these except for "Missing object-src in CSP Declaration". I |
| 03:03 | want to get some insights on this. Keep safe and best regards! | |
| 03:11 | mtj | hi schnydszch, what version of koha - and what tool are you using to detect security vulnerabilites? |
| 03:14 | schnydszch | Hi mtj! Koha 21.05. Let me check the document for the penetration test report |
| 03:16 | I can't see what was the tool used in the document only technical references. | |
| 03:17 | well for CSP, here is the evaluator used: https://csp-evaluator.withgoogle.com/ | |
| 03:18 | here is the technical reference: https://owasp.org/www-project-secure-headers/ | |
| 03:40 | mtj | many thanks ^ :) |
| 03:58 | tuxayo | schnydszch: hi :) for the most serious ones if you have the time to confirm the relevance of the reported vulnerabilities I invite you to open a security ticket on the bug tracker https://bugs.koha-community.or[…]t=Koha%20security |
| 04:00 | It seems to be about hardening the default webserver configuration. It's important that your webserver configuration is the one bundled with Koha package. Otherwise it's not relevant. | |
| 04:31 | enkidu joined #koha | |
| 04:37 | huginn | News from kohagit: Bug 30209: Upgrade 'libdbd-sqlite2-perl' package to 'libdbd-sqlite3-perl' <https://git.koha-community.org[…]05878ab689bf86697> |
| 04:41 | dcook joined #koha | |
| 04:53 | tuxayo | schnydszch: If you have a reverse proxy that somehow strips headers (my example might make no sense) then it wouldn't be a good instance to make an analysis. Well it would, for your webserver config. But not for the one shipped with Koha |
| 05:11 | koha-jenkins | Project Koha_Master_D11_CPAN build #551: STILL UNSTABLE in 33 min: https://jenkins.koha-community[…]ter_D11_CPAN/551/ |
| 05:16 | alohabot | 🎁 🦄 Koha 'master' packages pushed to 'koha-staging' repo 🍊🍊🍙 |
| 05:21 | koha-jenkins | Project Koha_Master_D11_My8 build #765: STILL UNSTABLE in 43 min: https://jenkins.koha-community[…]ster_D11_My8/765/ |
| 05:25 | schnydszch | @tuxayo Koha webserver configuration is the one bundled with Koha, though https was automatically created via letsencrypt script "certbot..." |
| 05:25 | huginn | schnydszch: downloading the Perl source |
| 05:30 | koha-jenkins | Project Koha_Master_D11_MDB_Latest build #818: STILL UNSTABLE in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/818/ |
| 05:38 | Project Koha_Master_U21 build #111: STILL UNSTABLE in 1 hr 0 min: https://jenkins.koha-community[…]a_Master_U21/111/ | |
| 05:39 | Project Koha_Master_U_Stable build #399: STILL UNSTABLE in 1 hr 1 min: https://jenkins.koha-community[…]ter_U_Stable/399/ | |
| 05:48 | Project Koha_Master_D9 build #1894: STILL UNSTABLE in 36 min: https://jenkins.koha-community[…]a_Master_D9/1894/ | |
| 05:51 | Project Koha_Master build #1940: ABORTED in 12 min: https://jenkins.koha-community[…]Koha_Master/1940/ | |
| 05:51 | Project Koha_Master_D12 build #95: ABORTED in 12 min: https://jenkins.koha-community[…]ha_Master_D12/95/ | |
| 05:51 | Project Koha_Master_U20 build #324: ABORTED in 30 min: https://jenkins.koha-community[…]a_Master_U20/324/ | |
| 06:22 | Yippee, build fixed! | |
| 06:22 | Project Koha_Master_D10 build #551: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_D10/551/ | |
| 06:36 | Project Koha_Master_U_Stable build #400: STILL UNSTABLE in 45 min: https://jenkins.koha-community[…]ter_U_Stable/400/ | |
| 06:54 | Project Koha_Master_D12 build #96: SUCCESS in 1 hr 3 min: https://jenkins.koha-community[…]ha_Master_D12/96/ | |
| 06:56 | Yippee, build fixed! | |
| 06:56 | Project Koha_Master_U21 build #112: FIXED in 33 min: https://jenkins.koha-community[…]a_Master_U21/112/ | |
| 07:09 | Yippee, build fixed! | |
| 07:09 | Project Koha_Master_D9 build #1895: FIXED in 1 hr 18 min: https://jenkins.koha-community[…]a_Master_D9/1895/ | |
| 07:14 | magnuse joined #koha | |
| 07:18 | koha-jenkins | Yippee, build fixed! |
| 07:18 | Project Koha_Master build #1941: FIXED in 1 hr 27 min: https://jenkins.koha-community[…]Koha_Master/1941/ | |
| 07:19 | Yippee, build fixed! | |
| 07:19 | Project Koha_Master_D11_CPAN build #552: FIXED in 42 min: https://jenkins.koha-community[…]ter_D11_CPAN/552/ | |
| 07:30 | Yippee, build fixed! | |
| 07:30 | Project Koha_Master_U20 build #325: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_U20/325/ | |
| 07:31 | JBoyer joined #koha | |
| 07:38 | alex_a joined #koha | |
| 07:38 | sodesvaux joined #koha | |
| 07:42 | reiveune joined #koha | |
| 07:42 | reiveune | hello |
| 08:00 | lds joined #koha | |
| 08:02 | cait joined #koha | |
| 08:03 | koha-jenkins | Project Koha_Master_D11_MDB_Latest build #819: STILL UNSTABLE in 54 min: https://jenkins.koha-community[…]1_MDB_Latest/819/ |
| 08:03 | cait | good morning #koha |
| 08:05 | koha-jenkins | Yippee, build fixed! |
| 08:05 | Project Koha_Master_D11_My8 build #766: FIXED in 34 min: https://jenkins.koha-community[…]ster_D11_My8/766/ | |
| 08:06 | Project Koha_Master_U_Stable build #401: STILL UNSTABLE in 46 min: https://jenkins.koha-community[…]ter_U_Stable/401/ | |
| 08:09 | cait1 joined #koha | |
| 08:16 | paul_p joined #koha | |
| 08:30 | alex_a joined #koha | |
| 09:09 | lmstrand joined #koha | |
| 09:10 | lmstrand | Hi all! I have a question about facets that show on the left side of search results. |
| 09:11 | We'd like to add languages to the facets. We're using Elasticsearch. Any idea where to look? | |
| 09:15 | it seems it has disappeared after we switched from Zebra to Elasticsearch? | |
| 09:22 | udkoha joined #koha | |
| 09:27 | cait1 | if you had it with Zebra it was a customization |
| 09:28 | I think | |
| 09:28 | have you checked bugzilla for facet und language? | |
| 09:46 | lmstrand | I'll go check. |
| 10:07 | udkoha joined #koha | |
| 10:08 | koha-jenkins | Yippee, build fixed! |
| 10:08 | Project Koha_Master_D11_MDB_Latest build #820: FIXED in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/820/ | |
| 10:17 | Project Koha_Master_U_Stable build #402: STILL UNSTABLE in 1 hr 3 min: https://jenkins.koha-community[…]ter_U_Stable/402/ | |
| 11:43 | cait joined #koha | |
| 11:58 | AndrewFH joined #koha | |
| 12:43 | davewood | i wrote a koha javascript plugin that lets you switch between the html-tabs on addbiblio.pl using hotkeys Ctrl+Meta+<num> or Ctrl+Meta+ArrowKeys ... and also switch between edit/view (addbiblio.pl/detail.pl) using Ctrl+Meta+a/Ctrl+Meta+b |
| 12:43 | currently a private github repo but if needed I could make that repo public. | |
| 12:44 | one of our customers (steirische landesbibliothek) requested these features. | |
| 12:45 | http://paste.scsys.co.uk/596622 | |
| 12:54 | nlegrand joined #koha | |
| 12:54 | nlegrand | Hey friends! Hope everyone is well :) |
| 12:56 | Is there something to do if I want to test something with koha-testing-docker on a stable version? I've checked out 20.11.x but it turned out to be fishy, I have an exit error on the koha machine. | |
| 12:56 | master works great | |
| 12:59 | Joubu | nlegrand: in ktd repo you should checkout the 20.11 branch |
| 13:01 | nlegrand | Joubu: ho. Seems rational :) thank you! |
| 13:05 | *greatly | |
| 13:11 | I'm still having the same issue (Can't locate YAML/Syck.pm), I've tried ku-es6 and docker-compose -p koha down. Am I missing something obvious? | |
| 13:37 | Dyrcona joined #koha | |
| 13:41 | nlegrand | Bug 6815 is very nice if someone from the QA team wants to look at something pleasant :) |
| 13:41 | huginn | Bug https://bugs.koha-community.or[…]w_bug.cgi?id=6815 enhancement, P5 - low, ---, oleonard, Signed Off , Capture member photo via webcam |
| 13:42 | nlegrand | On the plus side, it's a 4 digits bug. I'm sure there is more karma for 4 digits bugs. |
| 14:00 | AndrewFH | nelegrand there are a few perl modules dropped from master that older versions still require. ktd won't install them by default. I suspect that's your issue |
| 14:00 | when I launch ktd in master and then go back to 21.05, I need to libyaml-syck-perl, libcgi-session-serialize-yaml-perl, libmojo-jwt-perl | |
| 14:01 | nlegrand | thanks AndrewFH. Even if you check out 21.05 in ktd? |
| 14:02 | AndrewFH | correct. my understanding is ktd only automatically installs the modules needed for whatever koha version you've set as your default at launch (which will be master unless you've done some special setup) |
| 14:03 | but once you've installed those modules once you don't need to do it again until you completely kill and relaunch ktd | |
| 14:03 | fribeiro joined #koha | |
| 14:04 | fribeiro | Hey guys |
| 14:05 | I'm using Koha 21.05.07 and I get this error at some result pages | |
| 14:05 | utf8 "\xC3" does not map to Unicode at /usr/lib/x86_64-linux-gnu/perl/5.24/Encode.pm line 202. | |
| 14:05 | Have anyone ever experienced this? | |
| 14:07 | The error occurs at https://github.com/Koha-Commun[…]ch/Search.pm#L382 | |
| 14:09 | nlegrand | fribeiro: maybe a latin-1 char? |
| 14:10 | https://en.wikipedia.org/wiki/%C3%83 | |
| 14:19 | fribeiro | The original text does not have that character. It seems that its the decode_base64 function that somehow its generating that |
| 14:33 | lukeg joined #koha | |
| 14:56 | AndrewFH joined #koha | |
| 16:25 | reiveune | bye |
| 16:25 | reiveune left #koha | |
| 16:47 | cait joined #koha | |
| 17:15 | lukeg joined #koha | |
| 17:27 | cait joined #koha | |
| 17:50 | AndrewFH joined #koha | |
| 18:08 | lukeg joined #koha | |
| 18:22 | AndrewFH joined #koha | |
| 19:07 | tuxayo | lol Bug 5158 |
| 19:07 | huginn | Bug https://bugs.koha-community.or[…]w_bug.cgi?id=5158 enhancement, P5 - low, ---, camins, ASSIGNED , Koha needs its own cookie, ice cream, and fudge flavors |
| 19:50 | gooble_gobble joined #koha | |
| 20:16 | paul_p joined #koha | |
| 20:25 | udkoha joined #koha | |
| 20:29 | lukeg joined #koha | |
| 21:02 | udkoha_ joined #koha | |
| 22:40 | AndrewFH joined #koha | |
| 22:47 | AndrewFH joined #koha | |
| 23:30 | AndrewFH joined #koha | |
| 23:38 | AndrewFH joined #koha |
← Previous day | Today | Next day → | Search | Index