Time Nick Message 03:03 schnydszch good day! I have some questions regarding some security vulnerability regarding Koha, here are enumerated vulnerabilities from one of the reviews of one Koha server I managed: Cross-Site Scripting (XSS) Filter not Disabled, Content Sniffing not Disabled, Software Version Revealed via HTTP Response Headers, Missing object-src in CSP Declaration. Though risk classification is low for all of these except for "Missing object-src in CSP Declaration". I 03:03 schnydszch want to get some insights on this. Keep safe and best regards! 03:11 mtj hi schnydszch, what version of koha - and what tool are you using to detect security vulnerabilites? 03:14 schnydszch Hi mtj! Koha 21.05. Let me check the document for the penetration test report 03:16 schnydszch I can't see what was the tool used in the document only technical references. 03:17 schnydszch well for CSP, here is the evaluator used: https://csp-evaluator.withgoogle.com/ 03:18 schnydszch here is the technical reference: https://owasp.org/www-project-secure-headers/ 03:40 mtj many thanks ^ :) 03:58 tuxayo schnydszch: hi :) for the most serious ones if you have the time to confirm the relevance of the reported vulnerabilities I invite you to open a security ticket on the bug tracker https://bugs.koha-community.org/bugzilla3/enter_bug.cgi?product=Koha%20security 04:00 tuxayo It seems to be about hardening the default webserver configuration. It's important that your webserver configuration is the one bundled with Koha package. Otherwise it's not relevant. 04:37 huginn News from kohagit: Bug 30209: Upgrade 'libdbd-sqlite2-perl' package to 'libdbd-sqlite3-perl' <https://git.koha-community.org/gitweb/?p=koha.git;a=commitdiff;h=2c5f49550bffde753b33fe605878ab689bf86697> 04:53 tuxayo schnydszch: If you have a reverse proxy that somehow strips headers (my example might make no sense) then it wouldn't be a good instance to make an analysis. Well it would, for your webserver config. But not for the one shipped with Koha 05:11 koha-jenkins Project Koha_Master_D11_CPAN build #551: STILL UNSTABLE in 33 min: https://jenkins.koha-community.org/job/Koha_Master_D11_CPAN/551/ 05:16 alohabot 🎠🦄 Koha 'master' packages pushed to 'koha-staging' repo ðŸŠðŸŠðŸ™ 05:21 koha-jenkins Project Koha_Master_D11_My8 build #765: STILL UNSTABLE in 43 min: https://jenkins.koha-community.org/job/Koha_Master_D11_My8/765/ 05:25 schnydszch @tuxayo Koha webserver configuration is the one bundled with Koha, though https was automatically created via letsencrypt script "certbot..." 05:25 huginn schnydszch: downloading the Perl source 05:30 koha-jenkins Project Koha_Master_D11_MDB_Latest build #818: STILL UNSTABLE in 53 min: https://jenkins.koha-community.org/job/Koha_Master_D11_MDB_Latest/818/ 05:38 koha-jenkins Project Koha_Master_U21 build #111: STILL UNSTABLE in 1 hr 0 min: https://jenkins.koha-community.org/job/Koha_Master_U21/111/ 05:39 koha-jenkins Project Koha_Master_U_Stable build #399: STILL UNSTABLE in 1 hr 1 min: https://jenkins.koha-community.org/job/Koha_Master_U_Stable/399/ 05:48 koha-jenkins Project Koha_Master_D9 build #1894: STILL UNSTABLE in 36 min: https://jenkins.koha-community.org/job/Koha_Master_D9/1894/ 05:51 koha-jenkins Project Koha_Master build #1940: ABORTED in 12 min: https://jenkins.koha-community.org/job/Koha_Master/1940/ 05:51 koha-jenkins Project Koha_Master_D12 build #95: ABORTED in 12 min: https://jenkins.koha-community.org/job/Koha_Master_D12/95/ 05:51 koha-jenkins Project Koha_Master_U20 build #324: ABORTED in 30 min: https://jenkins.koha-community.org/job/Koha_Master_U20/324/ 06:22 koha-jenkins Yippee, build fixed! 06:22 koha-jenkins Project Koha_Master_D10 build #551: FIXED in 34 min: https://jenkins.koha-community.org/job/Koha_Master_D10/551/ 06:36 koha-jenkins Project Koha_Master_U_Stable build #400: STILL UNSTABLE in 45 min: https://jenkins.koha-community.org/job/Koha_Master_U_Stable/400/ 06:54 koha-jenkins Project Koha_Master_D12 build #96: SUCCESS in 1 hr 3 min: https://jenkins.koha-community.org/job/Koha_Master_D12/96/ 06:56 koha-jenkins Yippee, build fixed! 06:56 koha-jenkins Project Koha_Master_U21 build #112: FIXED in 33 min: https://jenkins.koha-community.org/job/Koha_Master_U21/112/ 07:09 koha-jenkins Yippee, build fixed! 07:09 koha-jenkins Project Koha_Master_D9 build #1895: FIXED in 1 hr 18 min: https://jenkins.koha-community.org/job/Koha_Master_D9/1895/ 07:18 koha-jenkins Yippee, build fixed! 07:18 koha-jenkins Project Koha_Master build #1941: FIXED in 1 hr 27 min: https://jenkins.koha-community.org/job/Koha_Master/1941/ 07:19 koha-jenkins Yippee, build fixed! 07:19 koha-jenkins Project Koha_Master_D11_CPAN build #552: FIXED in 42 min: https://jenkins.koha-community.org/job/Koha_Master_D11_CPAN/552/ 07:30 koha-jenkins Yippee, build fixed! 07:30 koha-jenkins Project Koha_Master_U20 build #325: FIXED in 34 min: https://jenkins.koha-community.org/job/Koha_Master_U20/325/ 07:42 reiveune hello 08:03 koha-jenkins Project Koha_Master_D11_MDB_Latest build #819: STILL UNSTABLE in 54 min: https://jenkins.koha-community.org/job/Koha_Master_D11_MDB_Latest/819/ 08:03 cait good morning #koha 08:05 koha-jenkins Yippee, build fixed! 08:05 koha-jenkins Project Koha_Master_D11_My8 build #766: FIXED in 34 min: https://jenkins.koha-community.org/job/Koha_Master_D11_My8/766/ 08:06 koha-jenkins Project Koha_Master_U_Stable build #401: STILL UNSTABLE in 46 min: https://jenkins.koha-community.org/job/Koha_Master_U_Stable/401/ 09:10 lmstrand Hi all! I have a question about facets that show on the left side of search results. 09:11 lmstrand We'd like to add languages to the facets. We're using Elasticsearch. Any idea where to look? 09:15 lmstrand it seems it has disappeared after we switched from Zebra to Elasticsearch? 09:27 cait1 if you had it with Zebra it was a customization 09:28 cait1 I think 09:28 cait1 have you checked bugzilla for facet und language? 09:46 lmstrand I'll go check. 10:08 koha-jenkins Yippee, build fixed! 10:08 koha-jenkins Project Koha_Master_D11_MDB_Latest build #820: FIXED in 53 min: https://jenkins.koha-community.org/job/Koha_Master_D11_MDB_Latest/820/ 10:17 koha-jenkins Project Koha_Master_U_Stable build #402: STILL UNSTABLE in 1 hr 3 min: https://jenkins.koha-community.org/job/Koha_Master_U_Stable/402/ 12:43 davewood i wrote a koha javascript plugin that lets you switch between the html-tabs on addbiblio.pl using hotkeys Ctrl+Meta+<num> or Ctrl+Meta+ArrowKeys ... and also switch between edit/view (addbiblio.pl/detail.pl) using Ctrl+Meta+a/Ctrl+Meta+b 12:43 davewood currently a private github repo but if needed I could make that repo public. 12:44 davewood one of our customers (steirische landesbibliothek) requested these features. 12:45 davewood http://paste.scsys.co.uk/596622 12:54 nlegrand Hey friends! Hope everyone is well :) 12:56 nlegrand Is there something to do if I want to test something with koha-testing-docker on a stable version? I've checked out 20.11.x but it turned out to be fishy, I have an exit error on the koha machine. 12:56 nlegrand master works great 12:59 Joubu nlegrand: in ktd repo you should checkout the 20.11 branch 13:01 nlegrand Joubu: ho. Seems rational :) thank you! 13:05 nlegrand *greatly 13:11 nlegrand I'm still having the same issue (Can't locate YAML/Syck.pm), I've tried ku-es6 and docker-compose -p koha down. Am I missing something obvious? 13:41 nlegrand Bug 6815 is very nice if someone from the QA team wants to look at something pleasant :) 13:41 huginn Bug https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6815 enhancement, P5 - low, ---, oleonard, Signed Off , Capture member photo via webcam 13:42 nlegrand On the plus side, it's a 4 digits bug. I'm sure there is more karma for 4 digits bugs. 14:00 AndrewFH nelegrand there are a few perl modules dropped from master that older versions still require. ktd won't install them by default. I suspect that's your issue 14:00 AndrewFH when I launch ktd in master and then go back to 21.05, I need to libyaml-syck-perl, libcgi-session-serialize-yaml-perl, libmojo-jwt-perl 14:01 nlegrand thanks AndrewFH. Even if you check out 21.05 in ktd? 14:02 AndrewFH correct. my understanding is ktd only automatically installs the modules needed for whatever koha version you've set as your default at launch (which will be master unless you've done some special setup) 14:03 AndrewFH but once you've installed those modules once you don't need to do it again until you completely kill and relaunch ktd 14:04 fribeiro Hey guys 14:05 fribeiro I'm using Koha 21.05.07 and I get this error at some result pages 14:05 fribeiro utf8 "\xC3" does not map to Unicode at /usr/lib/x86_64-linux-gnu/perl/5.24/Encode.pm line 202. 14:05 fribeiro Have anyone ever experienced this? 14:07 fribeiro The error occurs at https://github.com/Koha-Community/Koha/blob/v21.05.07/Koha/SearchEngine/Elasticsearch/Search.pm#L382 14:09 nlegrand fribeiro: maybe a latin-1 char? 14:10 nlegrand https://en.wikipedia.org/wiki/%C3%83 14:19 fribeiro The original text does not have that character. It seems that its the decode_base64 function that somehow its generating that 16:25 reiveune bye 19:07 tuxayo lol Bug 5158 19:07 huginn Bug https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5158 enhancement, P5 - low, ---, camins, ASSIGNED , Koha needs its own cookie, ice cream, and fudge flavors