• last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
added after-mount callback to restrict default permissions

- Modify default permissions after mount to restrict read access to

the package from public read to read access for registered users.

- The change affects only fresh installed, existing permission settings

are not touched.

- fixed typos

- bumped version number to 5.10.1b3

provide posture overview for widely-accessible-packages when count == 1

Fix documentation for group::update.

provide icon and title for managing service parameters

perform proper cleanup after regressin test

use a different icon for mounting, reduced verbosity

xotcl-request-monitor Change site-node permissions after mount

This package might reveal internal information and should

not be public available per default.

bumped version number to 0.66

require login for version numbers, since this reveals internal information

added test for xotcl/version-numbers

Added state of "robots.txt" and "security.txt" to posture overview

Prettify subsite admin page

- Made explicit that "Administration" means "Subsite Administration"

(use the term consistently)

- Changed message key of acs-subsite.administration to "Subsite Administration"

- added icons to subsite admin index page (full set only for bootstrap icons)

Removed useless and hard to track ad_log messages in the forums:

Cannot determine package_id. Returning 0

use tag <i> for technical terms as on other places

increased timeout for checking requests on own site

fix over-eager renaming

delete global package parameter as for all other javascript libraries

Make managing of version numbers consistent.

For details, see: https://openacs.org/xowiki/external-javascript-packages

fixed package_id in ADP page

improved PostgreSQL version compatibility

fixed URLs

New pages for admins: Security and Privacy Posture Overview

As expressed as a wish from OpenACS users at the last OpenACS

conference, a "Security and Privacy Posture Overview" was added that

offers a quick overview of the state of the system and eases access to

the parameters scattered over different packages in the system.

The page offers:

- Quick overview

- Check of security and privacy relevant package parameters

- Permission and accessibility check of mounted packages

- Response header check

- External library check (CDN vs local usage, vulnerable or outdated libraries)

TODO: One should probably reconsider the permissions of some of the standard site nodes

(similar to what we did with the API browser some time ago).

file posture-overview.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-admin/www/posture-overview.adp
file widely-accessible-packages.tcl was initially added on branch oacs-5-10.

file widely-accessible-packages.adp was initially added on branch oacs-5-10.

file posture-overview.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-admin/www/posture-overview.tcl
reduce verbosity in the system log

    • -1
    • +12
    /openacs-4/packages/forums/tcl/forums-procs.tcl
spell "site-wide" consistently with a dash

  1. … 20 more files in changeset.
improved the site-wide admin pages for external ja libraries

- add a sample for pinning the version number via the NaviServer configuration file

- privide a link to the requirements and background page explaining the implemented policies

add action link icon just to the immediate child of an action list

factored out vulerability check to make it reusable

- New proc ::util::resources::check_vulnerability

- bumped verison number to 5.10.1b7

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
fixed typo