IRC log for #koha, 2022-03-10

All times shown according to UTC.

Time S Nick Message
00:49 AndrewFH joined #koha
00:49 PerplexedTheta joined #koha
01:49 JBoyer joined #koha
02:59 schnydszch joined #koha
03:03 schnydszch good day! I have some questions regarding some security vulnerability regarding Koha, here are enumerated vulnerabilities from one of the reviews of one Koha server I managed: Cross-Site Scripting (XSS) Filter not Disabled, Content Sniffing not Disabled, Software Version Revealed via HTTP Response Headers, Missing object-src in CSP Declaration. Though risk classification is low for all of these except for "Missing object-src in CSP Declaration". I
03:03 schnydszch want to get some insights on this. Keep safe and best regards!
03:11 mtj hi schnydszch, what version of koha - and what tool are you using to detect security vulnerabilites?
03:14 schnydszch Hi mtj! Koha 21.05. Let me check the document for the penetration test report
03:16 schnydszch I can't see what was the tool used in the document only technical references.
03:17 schnydszch well for CSP, here is the evaluator used: https://csp-evaluator.withgoogle.com/
03:18 schnydszch here is the technical reference: https://owasp.org/www-project-secure-headers/
03:40 mtj many thanks ^ :)
03:58 tuxayo schnydszch: hi :) for the most serious ones if you have the time to confirm the relevance of the reported vulnerabilities I invite you to open a security ticket on the bug tracker https://bugs.koha-community.or[…]t=Koha%20security
04:00 tuxayo It seems to be about hardening the default webserver configuration. It's important that your webserver configuration is the one bundled with Koha package. Otherwise it's not relevant.
04:31 enkidu joined #koha
04:37 huginn News from kohagit: Bug 30209: Upgrade 'libdbd-sqlite2-perl' package to 'libdbd-sqlite3-perl' <https://git.koha-community.org[…]05878ab689bf86697>
04:41 dcook joined #koha
04:53 tuxayo schnydszch:  If you have a reverse proxy that somehow strips headers (my example might make no sense) then it wouldn't be a good instance to make an analysis. Well it would, for your webserver config. But not for the one shipped with Koha
05:11 koha-jenkins Project Koha_Master_D11_CPAN build #551: STILL UNSTABLE in 33 min: https://jenkins.koha-community[…]ter_D11_CPAN/551/
05:16 alohabot 🎁 🦄 Koha 'master' packages pushed to 'koha-staging' repo  🍊🍊🍙
05:21 koha-jenkins Project Koha_Master_D11_My8 build #765: STILL UNSTABLE in 43 min: https://jenkins.koha-community[…]ster_D11_My8/765/
05:25 schnydszch @tuxayo Koha webserver configuration is the one bundled with Koha, though https was automatically created via letsencrypt script "certbot..."
05:25 huginn schnydszch: downloading the Perl source
05:30 koha-jenkins Project Koha_Master_D11_MDB_Latest build #818: STILL UNSTABLE in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/818/
05:38 koha-jenkins Project Koha_Master_U21 build #111: STILL UNSTABLE in 1 hr 0 min: https://jenkins.koha-community[…]a_Master_U21/111/
05:39 koha-jenkins Project Koha_Master_U_Stable build #399: STILL UNSTABLE in 1 hr 1 min: https://jenkins.koha-community[…]ter_U_Stable/399/
05:48 koha-jenkins Project Koha_Master_D9 build #1894: STILL UNSTABLE in 36 min: https://jenkins.koha-community[…]a_Master_D9/1894/
05:51 koha-jenkins Project Koha_Master build #1940: ABORTED in 12 min: https://jenkins.koha-community[…]Koha_Master/1940/
05:51 koha-jenkins Project Koha_Master_D12 build #95: ABORTED in 12 min: https://jenkins.koha-community[…]ha_Master_D12/95/
05:51 koha-jenkins Project Koha_Master_U20 build #324: ABORTED in 30 min: https://jenkins.koha-community[…]a_Master_U20/324/
06:22 koha-jenkins Yippee, build fixed!
06:22 koha-jenkins Project Koha_Master_D10 build #551: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_D10/551/
06:36 koha-jenkins Project Koha_Master_U_Stable build #400: STILL UNSTABLE in 45 min: https://jenkins.koha-community[…]ter_U_Stable/400/
06:54 koha-jenkins Project Koha_Master_D12 build #96: SUCCESS in 1 hr 3 min: https://jenkins.koha-community[…]ha_Master_D12/96/
06:56 koha-jenkins Yippee, build fixed!
06:56 koha-jenkins Project Koha_Master_U21 build #112: FIXED in 33 min: https://jenkins.koha-community[…]a_Master_U21/112/
07:09 koha-jenkins Yippee, build fixed!
07:09 koha-jenkins Project Koha_Master_D9 build #1895: FIXED in 1 hr 18 min: https://jenkins.koha-community[…]a_Master_D9/1895/
07:14 magnuse joined #koha
07:18 koha-jenkins Yippee, build fixed!
07:18 koha-jenkins Project Koha_Master build #1941: FIXED in 1 hr 27 min: https://jenkins.koha-community[…]Koha_Master/1941/
07:19 koha-jenkins Yippee, build fixed!
07:19 koha-jenkins Project Koha_Master_D11_CPAN build #552: FIXED in 42 min: https://jenkins.koha-community[…]ter_D11_CPAN/552/
07:30 koha-jenkins Yippee, build fixed!
07:30 koha-jenkins Project Koha_Master_U20 build #325: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_U20/325/
07:31 JBoyer joined #koha
07:38 alex_a joined #koha
07:38 sodesvaux joined #koha
07:42 reiveune joined #koha
07:42 reiveune hello
08:00 lds joined #koha
08:02 cait joined #koha
08:03 koha-jenkins Project Koha_Master_D11_MDB_Latest build #819: STILL UNSTABLE in 54 min: https://jenkins.koha-community[…]1_MDB_Latest/819/
08:03 cait good morning #koha
08:05 koha-jenkins Yippee, build fixed!
08:05 koha-jenkins Project Koha_Master_D11_My8 build #766: FIXED in 34 min: https://jenkins.koha-community[…]ster_D11_My8/766/
08:06 koha-jenkins Project Koha_Master_U_Stable build #401: STILL UNSTABLE in 46 min: https://jenkins.koha-community[…]ter_U_Stable/401/
08:09 cait1 joined #koha
08:16 paul_p joined #koha
08:30 alex_a joined #koha
09:09 lmstrand joined #koha
09:10 lmstrand Hi all! I have a question about facets that show on the left side of search results.
09:11 lmstrand We'd like to add languages to the facets. We're using Elasticsearch. Any idea where to look?
09:15 lmstrand it seems it has disappeared after we switched from Zebra to Elasticsearch?
09:22 udkoha joined #koha
09:27 cait1 if you had it with Zebra it was a customization
09:28 cait1 I think
09:28 cait1 have you checked bugzilla for facet und language?
09:46 lmstrand I'll go check.
10:07 udkoha joined #koha
10:08 koha-jenkins Yippee, build fixed!
10:08 koha-jenkins Project Koha_Master_D11_MDB_Latest build #820: FIXED in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/820/
10:17 koha-jenkins Project Koha_Master_U_Stable build #402: STILL UNSTABLE in 1 hr 3 min: https://jenkins.koha-community[…]ter_U_Stable/402/
11:43 cait joined #koha
11:58 AndrewFH joined #koha
12:43 davewood i wrote a koha javascript plugin that lets you switch between the html-tabs on addbiblio.pl using hotkeys Ctrl+Meta+<num> or Ctrl+Meta+ArrowKeys ... and also switch between edit/view (addbiblio.pl/detail.pl) using Ctrl+Meta+a/Ctrl+Meta+b
12:43 davewood currently a private github repo but if needed I could make that repo public.
12:44 davewood one of our customers (steirische landesbibliothek) requested these features.
12:45 davewood http://paste.scsys.co.uk/596622
12:54 nlegrand joined #koha
12:54 nlegrand Hey friends! Hope everyone is well :)
12:56 nlegrand Is there something to do if I want to test something with koha-testing-docker on a stable version? I've checked out 20.11.x but it turned out to be fishy, I have an exit error on the koha machine.
12:56 nlegrand master works great
12:59 Joubu nlegrand: in ktd repo you should checkout the 20.11 branch
13:01 nlegrand Joubu: ho. Seems rational :) thank you!
13:05 nlegrand *greatly
13:11 nlegrand I'm still having the same issue (Can't locate YAML/Syck.pm), I've tried ku-es6 and docker-compose -p koha down. Am I missing something obvious?
13:37 Dyrcona joined #koha
13:41 nlegrand Bug 6815 is very nice if someone from the QA team wants to look at something pleasant :)
13:41 huginn Bug https://bugs.koha-community.or[…]w_bug.cgi?id=6815 enhancement, P5 - low, ---, oleonard, Signed Off , Capture member photo via webcam
13:42 nlegrand On the plus side, it's a 4 digits bug. I'm sure there is more karma for 4 digits bugs.
14:00 AndrewFH nelegrand there are a few perl modules dropped from master that older versions still require. ktd won't install them by default. I suspect that's your issue
14:00 AndrewFH when I launch ktd in master and then go back to 21.05, I need to libyaml-syck-perl, libcgi-session-serialize-yaml-perl, libmojo-jwt-perl
14:01 nlegrand thanks AndrewFH. Even if you check out 21.05 in ktd?
14:02 AndrewFH correct. my understanding is ktd only automatically installs the modules needed for whatever koha version you've set as your default at launch (which will be master unless you've done some special setup)
14:03 AndrewFH but once you've installed those modules once you don't need to do it again until you completely kill and relaunch ktd
14:03 fribeiro joined #koha
14:04 fribeiro Hey guys
14:05 fribeiro I'm using Koha 21.05.07 and I get this error at some result pages
14:05 fribeiro utf8 "\xC3" does not map to Unicode at /usr/lib/x86_64-linux-gnu/perl/5.24/Encode.pm line 202.
14:05 fribeiro Have anyone ever experienced this?
14:07 fribeiro The error occurs at https://github.com/Koha-Commun[…]ch/Search.pm#L382
14:09 nlegrand fribeiro: maybe a latin-1 char?
14:10 nlegrand https://en.wikipedia.org/wiki/%C3%83
14:19 fribeiro The original text does not have that character. It seems that its the decode_base64 function that somehow its generating that
14:33 lukeg joined #koha
14:56 AndrewFH joined #koha
16:25 reiveune bye
16:25 reiveune left #koha
16:47 cait joined #koha
17:15 lukeg joined #koha
17:27 cait joined #koha
17:50 AndrewFH joined #koha
18:08 lukeg joined #koha
18:22 AndrewFH joined #koha
19:07 tuxayo lol Bug 5158
19:07 huginn Bug https://bugs.koha-community.or[…]w_bug.cgi?id=5158 enhancement, P5 - low, ---, camins, ASSIGNED , Koha needs its own cookie, ice cream, and fudge flavors
19:50 gooble_gobble joined #koha
20:16 paul_p joined #koha
20:25 udkoha joined #koha
20:29 lukeg joined #koha
21:02 udkoha_ joined #koha
22:40 AndrewFH joined #koha
22:47 AndrewFH joined #koha
23:30 AndrewFH joined #koha
23:38 AndrewFH joined #koha

| Channels | #koha index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary