Re: Password File Config Issue, posted by Stefan Ritt on Thu Feb 10 14:02:15 2022
|
Can you try the "top groups" option, which means putting each logbook into a separate top group as described in the documentation. For us this
works well, new users are only added to the right password file. There is however the problem that as admin you might be logged in to several logbooks
(as remembered in your browser via cookies), so you might want to log out from all logbooks first (or clear all cookies of elog), then log in to one logbook |
Vulnerability?, posted by Alessandro Petrolini on Thu Mar 3 08:26:40 2022
|
Hi, I have been using elog for years at CERN.
Now I installed in my local workstation at my home inistitue
and sysadmin reported the following vulnerabilities: |
|
Re: Vulnerability?, posted by Konstantin Olchanski on Thu Mar 3 16:49:40 2022
|
The CVEs you refer to are very old and have been fixed a long time ago.
Please refer to:
|
|
Re: Vulnerability?, posted by Alessandro Petrolini on Fri Mar 4 08:51:24 2022
|
Ok, many many thanks!
I will pass the info to my sysadmin.
Best Regards.
|
|
Re: Vulnerability?, posted by Alessandro Petrolini on Sun Mar 6 09:00:33 2022
|
> Ok, many many thanks!
> I will pass the info to my sysadmin.
> Best Regards.
|
|
Re: Vulnerability?, posted by Konstantin Olchanski on Sun Mar 6 17:33:04 2022
|
> > > The CVEs you refer to are very old and have been fixed a long time ago.
>
> Am I wrong that the windows executable version on the site is dated 2018? 3.1.4-2?
|
|
Re: Vulnerability?, posted by Stefan Ritt on Mon Mar 7 08:49:41 2022
|
> I trust Stefan is reading this thread and will do something about it. My vote would
> be to remove the download link to the windows executables and ask Debian to remove
> the elog package. I think they have a way for upstream developers (Stefan) to request
|
|
Re: Vulnerability?, posted by Daniel Pfuhl on Mon Mar 7 14:30:16 2022
|
>
> Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
|