Notmark-VFZ
Mentor
Joined 5 years ago
User Profile
User Widgets
Contributions
Re: Khoros Care Release Notes, week of May 2, 2022
MarenJ wrote: You found it. We fixed it. Care Previously, in the HTML editor, when you created a block quote and pressed the Enter key to continue typing outside of the block quote, the block quote was instead duplicated and you could not type anything after the block quote. This has been resolved. I'm afraid this hasn't been fixed for us MarenJ . Do I need to file a support ticket? Our Care environment has been updated I believe, since I do see the new filter option in Manage view (the Last Activities Prior To column filter). But when I try to escape a block quote it still duplicates the block quote and I can't add any text after the block quote.Re: Khoros Care Release Notes, week of March 21, 2022
MarenJ wrote: Updated HTML Editor for Community conversations With this release, we’ve updated the HTML editor that’s used for Khoros Community responses. ... Fixes in the text editor we noticed in this update: 1. Cursor jump after pasting (fixed!) When you paste text into the editor, the cursor no longer jumps to the beginning of the message. It now correctly jumps to the end of the pasted text/image. 🎉 2. Pasting creates a loop (maybe fixed?) Sometimes when you pasted somthing in the editor, it would create some sort of loop resulting in the same text pasted over and over again. We havent seen this behaviour since the update, but would like to monitor this a little longer to confirm it has been fixed. Issues that appeared in the text editor since this update: 1. Quotes duplicate themselves in Care quote a user by clicking on the quote button in the toolbar click inside the text editor to start typing press enter twice to escape the quote observe, the same quote appears a second time and you haven't escaped the quote 2. Unable to edit messages in Care click on the 3 dots next to the post click on Edit observe, the text disappears from the text editor leaving you with nothing to edit 3. Unable to paste as plain text in Care You can't paste formatted text as plain text (ctrl-shift-v), it just won't do itRe: Is community impacted by Log4J vulnerability?
tyw wrote: I think the issue you're seeing is related to Web Application Firewall (WAF) changes that may have been made on your site. We hit this with the word 'localhost'. No matter what we did, that word caused a 403 error. After checking in with Support they asked me to review the WAF email and sure enough that was the culprit. The 403 forbidden error is definitely because of the WAF, and rightly so! It's basically the 1st line of defense in preventing any kind of attack using the Log4Shell vulnerability. The WAF blocks "jndi" followed by ":" because that is a must in the string used to start the attack. So even if you have a vulnerable server, the server will not receive any malicious strings because you're blocking it before it even gets sent to the server.Re: Is community impacted by Log4J vulnerability?
allisonable wrote: It appears to be some type of block on content related to the topic? It seems (after some trial and error) the phrase "jndi" plus ":" is being blocked by Khoros in all input forms generating a 403 forbidden error. Try removing that phrase from the topic (if it's in there at all)?Re: Security risk? Our search bar is being tested periodically for vulnerabilities
FYI, we've also raised this question to Khoros directly and have received a comforting response: "We can confidently confirm that the mentioned query, although looks like SQL, is actually a Khoros(Lithium) specific language - LiQL which is well protected against most of common attacks like SQL injections. You can share a couple of articles to anyone who would want to understand the same with below links: 1. https://community.khoros.com/t5/Community-FAQ-s-from-Support/Is-LiQL-vulnerable-to-SQL-injection-attacks/ta-p/281334 2. https://community.khoros.com/t5/Developer-Discussion/LiQL-injection-attacks-and-quotes-in-Rest-API-2-0/m-p/231920"
