Hi, I have been using elog for years at CERN.

Now I installed in my local workstation at my home inistitue

and sysadmin reported the following vulnerabilities:

  - Configuration File Disclosure (CVE-2019-3992)

  - Password Hash Disclosure (CVE-2019-3993)

  - Use After Free (CVE-2019-3994)

  - NULL Pointer Dereference (CVE-2019-3995)

  - Unintended Proxy (CVE-2019-3996)

Am I doing soimething wrong?

sysadmin will not allow me to use it until it is fixed....

Any help is welcome.

Ok, many many thanks!
I will pass the info to my sysadmin.
Best Regards.

> The CVEs you refer to are very old and have been fixed a long time ago.
> 
> Please refer to:
> https://www.tenable.com/security/research/tra-2019-53
> 
> This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.
> 
> Note that the elog git history does not refer to these CVEs because
> they were fixed before the CVE number was assigned, per "Disclosure Timeline"
> in the above document. The relevant commits are listed under "Additional References".
> 
> K.O.

> Ok, many many thanks!
> I will pass the info to my sysadmin.
> Best Regards.
> 
> > The CVEs you refer to are very old and have been fixed a long time ago.
> > 
> > Please refer to:
> > https://www.tenable.com/security/research/tra-2019-53
> > 
> > This report states that all the reported problems are fixed as of ELOG 3.1.4-283534d or later.
> > 
> > Note that the elog git history does not refer to these CVEs because
> > they were fixed before the CVE number was assigned, per "Disclosure Timeline"
> > in the above document. The relevant commits are listed under "Additional References".
> > 
> > K.O.

Am I wrong that the windows executable version on the site is dated 2018? 3.1.4-2?

Hi,

I have been using elog for a few years and it is a wonderfull software and has been one that I can't go without. So thank you very much for making it. 

After about a year, I upgraded to the latest version. I noticed that it causes the system to crash. It doesn't seem to happen that often. 

I have installed this on 2 machines, one Windows 10 and one on Windows 7. Over the last week I got one BSOD on each OS. 

The elogs have different configs and logbooks. One is a simple elog that doesn't have any attachments or anything funky. Just straight text.

Please see attached a screenshot of the Memory.DMP which has happned seconds after an schedule restarted the elog service on my PC. 

I will keep monitoring and see if will happen again. But I thought I log it here anyway.

Thanks.

Cheers.

Ales.

 Hi

I just want to know if there is a way to upload a bunch of images at once. I need to upload ~50 images per day and of course it is really tedious. 

Thanks!!

I was wondering if anyone would be able to assist me in getting the ImageMagick/figure scaling working on an elog running under windows 11 (Microsoft Windows Version 22H2 (OS Build 22621.3880)).   I've followed the installation instructions and checked that $PATH contains the directory for both ImageMagick and GSS.  In a 'command prompt' window, when I execute "identify -version" from any directory I get the response:

Version: ImageMagick 7.1.1-35 Q16-HDRI x64 d775d2a:20240714 https://imagemagick.org
Copyright: (C) 1999 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Channel-masks(64-bit) Cipher DPC HDRI Modules OpenCL OpenMP(2.0)
Delegates (built-in): bzlib cairo flif freetype gslib heic jng jp2 jpeg jxl lcms lqr lzma openexr pangocairo png ps raqm raw rsvg tiff webp xml zip zlib
Compiler: Visual Studio 2022 (194033811)

which I believe is correct.  I've looked through the source-code for the elog and I believe that upon initialisation elogd is looking for a response containing "ImageMagick" somewhere in the response [image_magick_exist = (strstr(str, "ImageMagick") != NULL);] so I'm not sure I understand why this isn't being satisfied.  When I run elogd I get the statement "ImageMagick NOT detected. Image scaling will not work.".

I have the feeling that this is some security restriction in windows 11, so was wondering if anyone had seen this problem before and knew of a solution.

Many Thanks

I've managed to get it working and the problem wasn't what I thought it was.  It turns out that ImageMagick v7 doesn't have a "convert.exe" program in the windows version due to some conflict with a disk conversion utility.  The "convert.exe" has been replaced with a "magick.exe" and so I made a CONVERT.BAT script within the elog folder with content "magick %*".  This workaround appears to have solved the problem.

Version: ImageMagick 7.1.1-35 Q16-HDRI x64 d775d2a:20240714 https://imagemagick.org
Copyright: (C) 1999 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Channel-masks(64-bit) Cipher DPC HDRI Modules OpenCL OpenMP(2.0)
Delegates (built-in): bzlib cairo flif freetype gslib heic jng jp2 jpeg jxl lcms lqr lzma openexr pangocairo png ps raqm raw rsvg tiff webp xml zip zlib
Compiler: Visual Studio 2022 (194033811)

Hi,

I was wondering what is the correct way so that the author field when a reply is made shows the author of the
person making the reply.
In version 2.6, the field was filled correctly but since upgrading to ELOG V2.9.1-2435 due to the ssh problem
the field just keeps the author of the original post.

I have a tried a number of subst on reply Author = $long_name with no luck.

Any ideas?

Cheers,
Aldo