• last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
added link to "Security and Privacy Posture Overview" to acs-admin page

improved robustness, when cluster parameters are changed without a restart

reduced verbosity

reduced verbosity in the system log, provide hint to message

fixed bug #3470

Fixed issue in cluster mode, denoted by Khy H in the OpenACS forum

A new command "ad_parameter_cache_flush_dict" was introduced to handle

the case, where a cluster node modifies a parameter value without

having it read before. This case could lead to a coherency problem for

parameter values.

Background:

This proc is necessary in cases, where a node writes a new

parameter value before it has read the old one.

Since a plain "nsv_dict unset ad_param $key $parameter_name"

raises an exception, when the pair does not exist, and we do

not want to allow in cluster requests arbitrary "catch"

commands, we allow "ad_parameter_cache_flush_dict" instead.

Probably, the best solution is to add support for

nsv_dict unset -nocomplain -- ad_param $key $parameter_nam

The existing nsv_dict was built after Tcl's "dict unset",

which does not have the "-nocomplain" option either. However,

an atomic operation would certainly be preferable over an exists/unset

pair, which is no acceptable solution.

For details, see https://openacs.org/forums/message-view?message_id=5822470

use generic mount icon in site map

added generic icon for "mount" operations

added after-mount callback to restrict default permissions

- Modify default permissions after mount to restrict read access to

the package from public read to read access for registered users.

- The change affects only fresh installed, existing permission settings

are not touched.

- fixed typos

- bumped version number to 5.10.1b3

provide posture overview for widely-accessible-packages when count == 1

Fix documentation for group::update.

provide icon and title for managing service parameters

perform proper cleanup after regressin test

use a different icon for mounting, reduced verbosity

xotcl-request-monitor Change site-node permissions after mount

This package might reveal internal information and should

not be public available per default.

bumped version number to 0.66

require login for version numbers, since this reveals internal information

added test for xotcl/version-numbers

Added state of "robots.txt" and "security.txt" to posture overview

Prettify subsite admin page

- Made explicit that "Administration" means "Subsite Administration"

(use the term consistently)

- Changed message key of acs-subsite.administration to "Subsite Administration"

- added icons to subsite admin index page (full set only for bootstrap icons)

Removed useless and hard to track ad_log messages in the forums:

Cannot determine package_id. Returning 0

use tag <i> for technical terms as on other places

increased timeout for checking requests on own site

fix over-eager renaming

delete global package parameter as for all other javascript libraries

Make managing of version numbers consistent.

For details, see: https://openacs.org/xowiki/external-javascript-packages

fixed package_id in ADP page

improved PostgreSQL version compatibility

fixed URLs

New pages for admins: Security and Privacy Posture Overview

As expressed as a wish from OpenACS users at the last OpenACS

conference, a "Security and Privacy Posture Overview" was added that

offers a quick overview of the state of the system and eases access to

the parameters scattered over different packages in the system.

The page offers:

- Quick overview

- Check of security and privacy relevant package parameters

- Permission and accessibility check of mounted packages

- Response header check

- External library check (CDN vs local usage, vulnerable or outdated libraries)

TODO: One should probably reconsider the permissions of some of the standard site nodes

(similar to what we did with the API browser some time ago).

file widely-accessible-packages.tcl was initially added on branch oacs-5-10.

file widely-accessible-packages.adp was initially added on branch oacs-5-10.