| Time |
S |
Nick |
Message |
| 00:49 |
|
|
AndrewFH joined #koha |
| 00:49 |
|
|
PerplexedTheta joined #koha |
| 01:49 |
|
|
JBoyer joined #koha |
| 02:59 |
|
|
schnydszch joined #koha |
| 03:03 |
|
schnydszch |
good day! I have some questions regarding some security vulnerability regarding Koha, here are enumerated vulnerabilities from one of the reviews of one Koha server I managed: Cross-Site Scripting (XSS) Filter not Disabled, Content Sniffing not Disabled, Software Version Revealed via HTTP Response Headers, Missing object-src in CSP Declaration. Though risk classification is low for all of these except for "Missing object-src in CSP Declaration". I |
| 03:03 |
|
schnydszch |
want to get some insights on this. Keep safe and best regards! |
| 03:11 |
|
mtj |
hi schnydszch, what version of koha - and what tool are you using to detect security vulnerabilites? |
| 03:14 |
|
schnydszch |
Hi mtj! Koha 21.05. Let me check the document for the penetration test report |
| 03:16 |
|
schnydszch |
I can't see what was the tool used in the document only technical references. |
| 03:17 |
|
schnydszch |
well for CSP, here is the evaluator used: https://csp-evaluator.withgoogle.com/ |
| 03:18 |
|
schnydszch |
here is the technical reference: https://owasp.org/www-project-secure-headers/ |
| 03:40 |
|
mtj |
many thanks ^ :) |
| 03:58 |
|
tuxayo |
schnydszch: hi :) for the most serious ones if you have the time to confirm the relevance of the reported vulnerabilities I invite you to open a security ticket on the bug tracker https://bugs.koha-community.or[…]t=Koha%20security |
| 04:00 |
|
tuxayo |
It seems to be about hardening the default webserver configuration. It's important that your webserver configuration is the one bundled with Koha package. Otherwise it's not relevant. |
| 04:31 |
|
|
enkidu joined #koha |
| 04:37 |
|
huginn |
News from kohagit: Bug 30209: Upgrade 'libdbd-sqlite2-perl' package to 'libdbd-sqlite3-perl' <https://git.koha-community.org[…]05878ab689bf86697> |
| 04:41 |
|
|
dcook joined #koha |
| 04:53 |
|
tuxayo |
schnydszch: If you have a reverse proxy that somehow strips headers (my example might make no sense) then it wouldn't be a good instance to make an analysis. Well it would, for your webserver config. But not for the one shipped with Koha |
| 05:11 |
|
koha-jenkins |
Project Koha_Master_D11_CPAN build #551: STILL UNSTABLE in 33 min: https://jenkins.koha-community[…]ter_D11_CPAN/551/ |
| 05:16 |
|
alohabot |
🎠🦄 Koha 'master' packages pushed to 'koha-staging' repo ðŸŠðŸŠðŸ™ |
| 05:21 |
|
koha-jenkins |
Project Koha_Master_D11_My8 build #765: STILL UNSTABLE in 43 min: https://jenkins.koha-community[…]ster_D11_My8/765/ |
| 05:25 |
|
schnydszch |
@tuxayo Koha webserver configuration is the one bundled with Koha, though https was automatically created via letsencrypt script "certbot..." |
| 05:25 |
|
huginn |
schnydszch: downloading the Perl source |
| 05:30 |
|
koha-jenkins |
Project Koha_Master_D11_MDB_Latest build #818: STILL UNSTABLE in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/818/ |
| 05:38 |
|
koha-jenkins |
Project Koha_Master_U21 build #111: STILL UNSTABLE in 1 hr 0 min: https://jenkins.koha-community[…]a_Master_U21/111/ |
| 05:39 |
|
koha-jenkins |
Project Koha_Master_U_Stable build #399: STILL UNSTABLE in 1 hr 1 min: https://jenkins.koha-community[…]ter_U_Stable/399/ |
| 05:48 |
|
koha-jenkins |
Project Koha_Master_D9 build #1894: STILL UNSTABLE in 36 min: https://jenkins.koha-community[…]a_Master_D9/1894/ |
| 05:51 |
|
koha-jenkins |
Project Koha_Master build #1940: ABORTED in 12 min: https://jenkins.koha-community[…]Koha_Master/1940/ |
| 05:51 |
|
koha-jenkins |
Project Koha_Master_D12 build #95: ABORTED in 12 min: https://jenkins.koha-community[…]ha_Master_D12/95/ |
| 05:51 |
|
koha-jenkins |
Project Koha_Master_U20 build #324: ABORTED in 30 min: https://jenkins.koha-community[…]a_Master_U20/324/ |
| 06:22 |
|
koha-jenkins |
Yippee, build fixed! |
| 06:22 |
|
koha-jenkins |
Project Koha_Master_D10 build #551: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_D10/551/ |
| 06:36 |
|
koha-jenkins |
Project Koha_Master_U_Stable build #400: STILL UNSTABLE in 45 min: https://jenkins.koha-community[…]ter_U_Stable/400/ |
| 06:54 |
|
koha-jenkins |
Project Koha_Master_D12 build #96: SUCCESS in 1 hr 3 min: https://jenkins.koha-community[…]ha_Master_D12/96/ |
| 06:56 |
|
koha-jenkins |
Yippee, build fixed! |
| 06:56 |
|
koha-jenkins |
Project Koha_Master_U21 build #112: FIXED in 33 min: https://jenkins.koha-community[…]a_Master_U21/112/ |
| 07:09 |
|
koha-jenkins |
Yippee, build fixed! |
| 07:09 |
|
koha-jenkins |
Project Koha_Master_D9 build #1895: FIXED in 1 hr 18 min: https://jenkins.koha-community[…]a_Master_D9/1895/ |
| 07:14 |
|
|
magnuse joined #koha |
| 07:18 |
|
koha-jenkins |
Yippee, build fixed! |
| 07:18 |
|
koha-jenkins |
Project Koha_Master build #1941: FIXED in 1 hr 27 min: https://jenkins.koha-community[…]Koha_Master/1941/ |
| 07:19 |
|
koha-jenkins |
Yippee, build fixed! |
| 07:19 |
|
koha-jenkins |
Project Koha_Master_D11_CPAN build #552: FIXED in 42 min: https://jenkins.koha-community[…]ter_D11_CPAN/552/ |
| 07:30 |
|
koha-jenkins |
Yippee, build fixed! |
| 07:30 |
|
koha-jenkins |
Project Koha_Master_U20 build #325: FIXED in 34 min: https://jenkins.koha-community[…]a_Master_U20/325/ |
| 07:31 |
|
|
JBoyer joined #koha |
| 07:38 |
|
|
alex_a joined #koha |
| 07:38 |
|
|
sodesvaux joined #koha |
| 07:42 |
|
|
reiveune joined #koha |
| 07:42 |
|
reiveune |
hello |
| 08:00 |
|
|
lds joined #koha |
| 08:02 |
|
|
cait joined #koha |
| 08:03 |
|
koha-jenkins |
Project Koha_Master_D11_MDB_Latest build #819: STILL UNSTABLE in 54 min: https://jenkins.koha-community[…]1_MDB_Latest/819/ |
| 08:03 |
|
cait |
good morning #koha |
| 08:05 |
|
koha-jenkins |
Yippee, build fixed! |
| 08:05 |
|
koha-jenkins |
Project Koha_Master_D11_My8 build #766: FIXED in 34 min: https://jenkins.koha-community[…]ster_D11_My8/766/ |
| 08:06 |
|
koha-jenkins |
Project Koha_Master_U_Stable build #401: STILL UNSTABLE in 46 min: https://jenkins.koha-community[…]ter_U_Stable/401/ |
| 08:09 |
|
|
cait1 joined #koha |
| 08:16 |
|
|
paul_p joined #koha |
| 08:30 |
|
|
alex_a joined #koha |
| 09:09 |
|
|
lmstrand joined #koha |
| 09:10 |
|
lmstrand |
Hi all! I have a question about facets that show on the left side of search results. |
| 09:11 |
|
lmstrand |
We'd like to add languages to the facets. We're using Elasticsearch. Any idea where to look? |
| 09:15 |
|
lmstrand |
it seems it has disappeared after we switched from Zebra to Elasticsearch? |
| 09:22 |
|
|
udkoha joined #koha |
| 09:27 |
|
cait1 |
if you had it with Zebra it was a customization |
| 09:28 |
|
cait1 |
I think |
| 09:28 |
|
cait1 |
have you checked bugzilla for facet und language? |
| 09:46 |
|
lmstrand |
I'll go check. |
| 10:07 |
|
|
udkoha joined #koha |
| 10:08 |
|
koha-jenkins |
Yippee, build fixed! |
| 10:08 |
|
koha-jenkins |
Project Koha_Master_D11_MDB_Latest build #820: FIXED in 53 min: https://jenkins.koha-community[…]1_MDB_Latest/820/ |
| 10:17 |
|
koha-jenkins |
Project Koha_Master_U_Stable build #402: STILL UNSTABLE in 1 hr 3 min: https://jenkins.koha-community[…]ter_U_Stable/402/ |
| 11:43 |
|
|
cait joined #koha |
| 11:58 |
|
|
AndrewFH joined #koha |
| 12:43 |
|
davewood |
i wrote a koha javascript plugin that lets you switch between the html-tabs on addbiblio.pl using hotkeys Ctrl+Meta+<num> or Ctrl+Meta+ArrowKeys ... and also switch between edit/view (addbiblio.pl/detail.pl) using Ctrl+Meta+a/Ctrl+Meta+b |
| 12:43 |
|
davewood |
currently a private github repo but if needed I could make that repo public. |
| 12:44 |
|
davewood |
one of our customers (steirische landesbibliothek) requested these features. |
| 12:45 |
|
davewood |
http://paste.scsys.co.uk/596622 |
| 12:54 |
|
|
nlegrand joined #koha |
| 12:54 |
|
nlegrand |
Hey friends! Hope everyone is well :) |
| 12:56 |
|
nlegrand |
Is there something to do if I want to test something with koha-testing-docker on a stable version? I've checked out 20.11.x but it turned out to be fishy, I have an exit error on the koha machine. |
| 12:56 |
|
nlegrand |
master works great |
| 12:59 |
|
Joubu |
nlegrand: in ktd repo you should checkout the 20.11 branch |
| 13:01 |
|
nlegrand |
Joubu: ho. Seems rational :) thank you! |
| 13:05 |
|
nlegrand |
*greatly |
| 13:11 |
|
nlegrand |
I'm still having the same issue (Can't locate YAML/Syck.pm), I've tried ku-es6 and docker-compose -p koha down. Am I missing something obvious? |
| 13:37 |
|
|
Dyrcona joined #koha |
| 13:41 |
|
nlegrand |
Bug 6815 is very nice if someone from the QA team wants to look at something pleasant :) |
| 13:41 |
|
huginn |
Bug https://bugs.koha-community.or[…]w_bug.cgi?id=6815 enhancement, P5 - low, ---, oleonard, Signed Off , Capture member photo via webcam |
| 13:42 |
|
nlegrand |
On the plus side, it's a 4 digits bug. I'm sure there is more karma for 4 digits bugs. |
| 14:00 |
|
AndrewFH |
nelegrand there are a few perl modules dropped from master that older versions still require. ktd won't install them by default. I suspect that's your issue |
| 14:00 |
|
AndrewFH |
when I launch ktd in master and then go back to 21.05, I need to libyaml-syck-perl, libcgi-session-serialize-yaml-perl, libmojo-jwt-perl |
| 14:01 |
|
nlegrand |
thanks AndrewFH. Even if you check out 21.05 in ktd? |
| 14:02 |
|
AndrewFH |
correct. my understanding is ktd only automatically installs the modules needed for whatever koha version you've set as your default at launch (which will be master unless you've done some special setup) |
| 14:03 |
|
AndrewFH |
but once you've installed those modules once you don't need to do it again until you completely kill and relaunch ktd |
| 14:03 |
|
|
fribeiro joined #koha |
| 14:04 |
|
fribeiro |
Hey guys |
| 14:05 |
|
fribeiro |
I'm using Koha 21.05.07 and I get this error at some result pages |
| 14:05 |
|
fribeiro |
utf8 "\xC3" does not map to Unicode at /usr/lib/x86_64-linux-gnu/perl/5.24/Encode.pm line 202. |
| 14:05 |
|
fribeiro |
Have anyone ever experienced this? |
| 14:07 |
|
fribeiro |
The error occurs at https://github.com/Koha-Commun[…]ch/Search.pm#L382 |
| 14:09 |
|
nlegrand |
fribeiro: maybe a latin-1 char? |
| 14:10 |
|
nlegrand |
https://en.wikipedia.org/wiki/%C3%83 |
| 14:19 |
|
fribeiro |
The original text does not have that character. It seems that its the decode_base64 function that somehow its generating that |
| 14:33 |
|
|
lukeg joined #koha |
| 14:56 |
|
|
AndrewFH joined #koha |
| 16:25 |
|
reiveune |
bye |
| 16:25 |
|
|
reiveune left #koha |
| 16:47 |
|
|
cait joined #koha |
| 17:15 |
|
|
lukeg joined #koha |
| 17:27 |
|
|
cait joined #koha |
| 17:50 |
|
|
AndrewFH joined #koha |
| 18:08 |
|
|
lukeg joined #koha |
| 18:22 |
|
|
AndrewFH joined #koha |
| 19:07 |
|
tuxayo |
lol Bug 5158 |
| 19:07 |
|
huginn |
Bug https://bugs.koha-community.or[…]w_bug.cgi?id=5158 enhancement, P5 - low, ---, camins, ASSIGNED , Koha needs its own cookie, ice cream, and fudge flavors |
| 19:50 |
|
|
gooble_gobble joined #koha |
| 20:16 |
|
|
paul_p joined #koha |
| 20:25 |
|
|
udkoha joined #koha |
| 20:29 |
|
|
lukeg joined #koha |
| 21:02 |
|
|
udkoha_ joined #koha |
| 22:40 |
|
|
AndrewFH joined #koha |
| 22:47 |
|
|
AndrewFH joined #koha |
| 23:30 |
|
|
AndrewFH joined #koha |
| 23:38 |
|
|
AndrewFH joined #koha |
