Notmark-VFZ
Mentor
Joined 5 years ago
User Profile
User Widgets
Contributions
Re: Khoros Care Release Notes, week of May 2, 2022
MarenJwrote: You found it. We fixed it. Care Previously, in the HTML editor, when you created a block quote and pressed the Enter key to continue typing outside of the block quote, the block quote was instead duplicated and you could not type anything after the block quote. This has been resolved. I'm afraid this hasn't been fixed for usMarenJ. Do I need to file a support ticket? Our Care environment has been updated I believe, since I do see the new filter option in Manage view (theLast Activities Prior Tocolumn filter). But when I try to escape a block quote it still duplicates the block quote and I can't add any text after the block quote.Re: Khoros Care Release Notes, week of March 21, 2022
MarenJwrote: Updated HTML Editor for Community conversations With this release, we’ve updated the HTML editor that’s used for Khoros Community responses. ... Fixes in the text editor we noticed in this update: 1. Cursor jump after pasting (fixed!) When you paste text into the editor, the cursor no longer jumps to the beginning of the message. It now correctly jumps to the end of the pasted text/image.🎉 2. Pasting creates a loop (maybe fixed?) Sometimes when you pasted somthing in the editor, it would create some sort of loop resulting in the same text pasted over and over again. We havent seen this behaviour since the update, but would like to monitor this a little longer to confirm it has been fixed. Issues that appeared in the text editor since this update: 1. Quotes duplicate themselves in Care quote a user by clicking on the quote button in the toolbar click inside the text editor to start typing press enter twice to escape the quote observe, the same quote appears a second time and you haven't escaped the quote 2. Unable to edit messages in Care click on the 3 dots next to the post click on Edit observe, the text disappears from the text editor leaving you with nothing to edit 3. Unable to paste as plain text in Care You can't paste formatted text as plain text (ctrl-shift-v), it just won't do itRe: Khoros Care Release Notes, week of January 24, 2022
HiMarenJ, I believe our Khoros Care did receive the update yesterday. For example I do see the new date range filter in Manage View. But I don't see the attachment icon next to posts with attachments, and also there is no "Attachment" tag to be found in Care. Is that a seperate update we need to wait for or should that already work together with the date range filter update?Re: Email registration - security and moderation options
HiNatkinson, We have e-mail registration enabled on our Community, but we don't have many restrictions enabled to prevent abuse or spam. - The automated spam-filter is pretty good at its job - Our users are quick to report abusive behaviour - We have a dedicated Community team that has people checking reports 7 days a week We've accumulated 82 user bans in the last ~12 months (out of ~2300 e-mail registrations), but that is above average compared to previous years. One user trying to avoid his ban is responsible for 62 of the 82 bans and this is the 1st time in 8 years that that's happened to this extent. If you want specifics on certain settings/permissions, let me know which.Re: Is community impacted by Log4J vulnerability?
tywwrote: I think the issue you're seeing is related to Web Application Firewall (WAF) changes that may have been made on your site. We hit this with the word 'localhost'. No matter what we did, that word caused a 403 error. After checking in with Support they asked me to review the WAF email and sure enough that was the culprit. The 403 forbidden error is definitely because of the WAF, and rightly so! It's basically the 1st line of defense in preventing any kind of attack using the Log4Shell vulnerability. The WAF blocks "jndi" followed by ":" because that is a must in the string used to start the attack. So even if you have a vulnerable server, the server will not receive any malicious strings because you're blocking it before it even gets sent to the server.Re: Is community impacted by Log4J vulnerability?
allisonablewrote: It appears to be some type of block on content related to the topic? It seems (after some trial and error) the phrase "jndi" plus ":" is being blocked by Khoros in all input forms generating a 403 forbidden error. Try removing that phrase from the topic (if it's in there at all)?Re: Security risk? Our search bar is being tested periodically for vulnerabilities
FYI, we've also raised this question to Khoros directly and have received a comforting response: "We can confidently confirm that the mentioned query, although looks like SQL, is actually a Khoros(Lithium) specific language - LiQL which is well protected against most of common attacks like SQL injections. You can share a couple of articles to anyone who would want to understand the same with below links: 1. https://community.khoros.com/t5/Community-FAQ-s-from-Support/Is-LiQL-vulnerable-to-SQL-injection-attacks/ta-p/281334 2. https://community.khoros.com/t5/Developer-Discussion/LiQL-injection-attacks-and-quotes-in-Rest-API-2-0/m-p/231920"
