Ok thanks Peter.
From: <sysops-sig@ole-lists.openlibraryfoundation.org> on behalf of Peter Murray <peter@indexdata.com>
Reply-To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Date: Wednesday, September 25, 2019 at 11:25 AM
To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Subject: Re: Important defect
I can't think of a way of summarizing it without giving away the exploit. Given that we have a library in production now, I think it is prudent to wait until the issue is fully addressed.
Peter
--
Peter Murray
Open Source Community Advocate
Index Data, LLC
On Sep 25, 2019, 11:17 AM -0400, Robert Douglas <rld244@cornell.edu>, wrote:
Is there a description of the issue outside of Jira we can see? I’m not seeing it in this thread.
Thanks,
Robbie
From: <sysops-sig@ole-lists.openlibraryfoundation.org> on behalf of Peter Murray <peter@indexdata.com>
Reply-To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Date: Wednesday, September 25, 2019 at 11:06 AM
To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>, "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Subject: Re: Important defect
Let's bounce this through Technical Council, too, to get a broader agreement. I just mentioned it on the TC call.
Peter
--
Peter Murray
Open Source Community Advocate
Index Data, LLC
On Sep 25, 2019, 11:02 AM -0400, Harry Kaplanian <hkaplanian@ebsco.com>, wrote:
That is the concern. But, I still believe this this group must know.
I’m compiling a list of people in Sys-Ops that should be in the “group” now…
From: <sysops-sig@ole-lists.openlibraryfoundation.org> on behalf of Ian Walls <ian@bywatersolutions.com>
Reply-To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Date: Wednesday, September 25, 2019 at 10:25 AM
To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Subject: Re: Important defect
CAUTION: External E-mail
Is the concern that, if we report 0-day flaws in JIRA tickets, bad actors can come along and make exploits before our community can react?
On Wed, Sep 25, 2019 at 10:03 AM Harry Kaplanian <hkaplanian@ebsco.com> wrote:
Peter,
we need a security level that includes the Sys-Ops group since they are hosting and testing with possibly real data at this point in time. In the future as they host live, it will become critical that this group has access to this data so they can take appropriate actions when needed.
Who can create this group?
From: <sysops-sig@ole-lists.openlibraryfoundation.org> on behalf of Peter Murray <peter@indexdata.com>
Reply-To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Date: Wednesday, September 25, 2019 at 9:51 AM
To: "sysops-sig@ole-lists.openlibraryfoundation.org" <sysops-sig@ole-lists.openlibraryfoundation.org>
Subject: Re: Important defect
CAUTION: External E-mail
It is set to a Jira security level of "FOLIO Core Team", so that may be limiting who can see it.
Peter
--
Peter Murray
Open Source Community Advocate
Index Data, LLC
On Sep 25, 2019, 9:15 AM -0400, Stephen Pampell <spampell@library.tamu.edu>, wrote:
Interesting, I don’t have permission to view either of those issues.
Stephen Pampell | Systems Administrator IV
Digital Initiatives | University Libraries
Tel. 979.458.5581 | Fax 979.845.6238
On Sep 25, 2019, at 7:51 AM, Harry Kaplanian <hkaplanian@EBSCO.COM> wrote:
Hello Sys-Ops SIG,
I’m sending this to the group as I know some of you are hosting and testing FOLIO instances and there is a chance you might be loading and using real user data.
Yesterday, during bug fest, a rather critical defect was found. Please see:
The original posting is located here:
The good news is that a fix was deployed this morning and testing is ongoing.
Just in case any of you need to take precautions…
Harry
------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.
------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.
--
Ian Walls
FOLIO Implementation Lead
Phone: (888) 900-8944
pronouns: (he/him/his)
timezone: Eastern
<>
------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link: http://archives.simplelists.com.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.
------------------------------------------------------
You received this message because you are subscribed to OLE Mailing List
"sysops-sig".
To unsubscribe from this list and stop receiving emails from it, follow
this link:
http://www.simplelists.com/confirm.php?u=HHyHF4e3yq1QAcdusJyMnRBLvDv4E6IE.
To post to this group, send email to
sysops-sig@ole-lists.openlibraryfoundation.org
<mailto:sysops-sig@ole-lists.openlibraryfoundation.org>.
Visit this group at
https://ole-lists.openlibraryfoundation.org<https://ole-lists.openlibraryfoundation.org>
.