[Bug 42080] New: Invoice PDFs are forced downloads
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Bug ID: 42080 Summary: Invoice PDFs are forced downloads Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Acquisitions Assignee: koha-bugs@lists.koha-community.org Reporter: ephetteplace@cca.edu QA Contact: testopia@bugs.koha-community.org Our acquisitions technician preferred being able to view invoice PDFs directly in the browser, behavior which bug 41591 changed to prevent a SVG XSS attack. We would prefer if invoice-files.pl served files inline with a CSP header instead of forcing a download. Basically, replace -attachment => $file->{'file_name'} with 'Content-Security-Policy' => "default-src 'none'; script-src 'none';". Arguably, Koha could add an op=view here so we could use JS to change the current op=download links to op=view if other libraries do not want to view files inline. But my assumption is that what our staff want is popular; it's not just extra clicks to find the downloaded PDF but a context shift to a reader app outside the browser. A more involved solution would be using a condition to download SVGs but render other attachment types inline. I believe inferring mime type from file extension is fine in this context since a browser will not execute code in an SVG served with a PDF mimetype, so "malicious.svg.pdf" would not work. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Eric Phetteplace <ephetteplace@cca.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=41591 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Eric Phetteplace <ephetteplace@cca.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ephetteplace@cca.edu -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au, | |lucas@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #1 from Eric Phetteplace <ephetteplace@cca.edu> --- FYI I tested my proposed changed (CSP header instead of attachment header) and the results look correct. I have two identical files named malicious.svg and malicious.svg.pdf with a `console.log("hello")` script in them: - malicious.svg: browser console shows "Executing inline script violates the following Content Security Policy directive 'script-src 'none''." and nothing is logged - malicious.svg.pdf: browser says "Error: Failed to load PDF document" because file is not a valid PDF -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #2 from Eric Phetteplace <ephetteplace@cca.edu> --- Created attachment 195226 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195226&action=edit Bug 42080: Invoice PDFs are forced downloads Serve invoice files with a CSP header that prevents XSS instead of with an attachment header that turns them into downloads. Testing plan: - Set AcqEnableFiles preference to Do - Acquisitions > Vendor > Receive Shipment > Create invoice - Finish Receiving > Manage invoice files - Upload an SVG with a <script> tag in it - Click the SVG filename to open it - Inspect browser's console: it should say something about a script being blocked due to the CSP directive -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #3 from Eric Phetteplace <ephetteplace@cca.edu> --- OK I added my patch and testing plan just to clarify but I leave this at status NEW until I can get some feedback. I also asked in Mattermost. For testing, you can use this as your "malicious.svg" file: <svg version="1.1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 400"> <title>malicious</title> <text x="200" y="200" text-anchor="middle" font-size="20" fill="black"> This SVG contains a script tag which prints "hello" to the console </text> <script>console.log("hello")</script> </svg> -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=38365 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #4 from David Cook <dcook@prosentient.com.au> --- Hi Eric, We're actually already working on bringing Content-Security-Policy into Koha with bug 38365, so it looks like great minds think alike! That said, I think I'll need to think on this one a bit more. I love Content-Security-Policy, but it won't be turned on out of the box, and it'll be set globally so the same header will be sent for all pages sent by Starman. (I am curious though about layering Content-Security-Policy headers. Perhaps we can include the one you've provided PLUS the global one. I'm going to look into that shortly.) Another thing is while Content-Security-Policy is great (seriously I truly love it), it is only one layer of defence. Ideally it would be good to have multiple. So I'm going to think a bit more about what we could do in terms of data validation. With bug 41591 I really didn't think that it would make that much of a difference to end users, so thanks for this report. It's interesting to know that people really do want to view the file inline. Different strokes for different folks, but Koha tries to be all things to all people, so let's try to figure this one out... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #5 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #4)
That said, I think I'll need to think on this one a bit more. I love Content-Security-Policy, but it won't be turned on out of the box, and it'll be set globally so the same header will be sent for all pages sent by Starman. (I am curious though about layering Content-Security-Policy headers. Perhaps we can include the one you've provided PLUS the global one. I'm going to look into that shortly.)
Fortunately, it does appear to be possible to have multiple Content-Security-Policy headers. The browser will interpret both of them and if at least one of them fails it will block, so yeah this approach could work well in this case. That said, I think it would probably be better to undo bug 41591 and re-implement with solutions from this bug report.
Another thing is while Content-Security-Policy is great (seriously I truly love it), it is only one layer of defence. Ideally it would be good to have multiple.
So I'm going to think a bit more about what we could do in terms of data validation.
It looks like we store the Content-Type header in misc_files.file_type. That and the file extension are both user-supplied fields though, which cannot inherently be trusted. I think a good first step would be magic number checking. There is a library available that can help with that. So I think your patch is a good starting place, Eric. I'm just going to build a bit on top of it. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |42087 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42087 [Bug 42087] Add dependency File::LibMagic for validating file using magic numbers -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |41591 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41591 [Bug 41591] XSS vulnerability via file upload function for invoices -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |ephetteplace@cca.edu |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #195226|0 |1 is obsolete| | --- Comment #6 from David Cook <dcook@prosentient.com.au> --- Created attachment 195245 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195245&action=edit Bug 42080: Invoice PDFs are forced downloads Serve invoice files with a CSP header that prevents XSS instead of with an attachment header that turns them into downloads. Testing plan: - Set AcqEnableFiles preference to Do - Acquisitions > Vendor > Receive Shipment > Create invoice - Finish Receiving > Manage invoice files - Upload an SVG with a <script> tag in it - Click the SVG filename to open it - Inspect browser's console: it should say something about a script being blocked due to the CSP directive Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #7 from David Cook <dcook@prosentient.com.au> --- Created attachment 195246 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195246&action=edit Bug 42080: (follow-up) allow some file types, checked by libmagic, to be viewed inline This patch uses File::LibMagic to determine the real file type using libmagic and magic numbers of invoice files, and allows a select group of file types to be viewed inline for user convenience. Note that a default Content-Security-Policy is still included to offer an extra layer of protection against XSS. Test plan: 0a. Apply the patch 0b. koha-plack --restart kohadev 1. Enable the syspref AcqEnableFiles (ie set to Do) 2. Find or create an active vendor 3. Create a basket if one doesn't already exist 4. Receive a shipment for the vendor 5. Create an invoice 6. Click "Finish receiving" 7. Click "Manage invoice files" 8. Upload a range of files including SVG, PDF, PNG, TXT 9. Click on the "Download" button 10. Note that the file downloads for all types 11. Click on the link in the "Name" column 12. Note that only the PDF and PNG display inline in the browser. The other file types should be downloaded same as if you clicked the "Download" button. Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |dependency -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=30033 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #8 from Eric Phetteplace <ephetteplace@cca.edu> --- This looks great. I agree it's better to infer type from the actual file data, I was just starting with the simplest change. I like the select set of previewed types and I think it'll cover our staff's use cases. SVG invoices are rare, after all :) A few notes: Requires adding File::LibMagic to dependencies and libmagic on the host OS. The library doesn't appear to be in Koha's current cpanfile. The whole file contents are fed to $magic which could be slow for large files, but then again those were already going to be even more slow to send over HTTP. File::LibMagic lets you initialize it with `max_bytes` param which might be useful if performance becomes an issue. Most files can be identified from very few bytes (e.g. PDF only takes 5). -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #9 from David Cook <dcook@prosentient.com.au> --- (In reply to Eric Phetteplace from comment #8)
Requires adding File::LibMagic to dependencies and libmagic on the host OS. The library doesn't appear to be in Koha's current cpanfile.
Bug 42087 will take care of that
The whole file contents are fed to $magic which could be slow for large files, but then again those were already going to be even more slow to send over HTTP. File::LibMagic lets you initialize it with `max_bytes` param which might be useful if performance becomes an issue. Most files can be identified from very few bytes (e.g. PDF only takes 5).
Yeah that thought did cross my mind. I figured it's one of those "we'll cross that bridge when we come to it" situations. But... You've got me thinking about it some more. I might take a quick look at this to see if we can optimize a bit more... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #10 from David Cook <dcook@prosentient.com.au> --- Tried loading an 85MB file into my KTD and it load to a timeout (server gone away) Tried loading an 18MB file and got this error: Koha::Misc::Files::AddFile(): DBI Exception: DBD::mysql::st execute failed: Got a packet bigger than 'max_allowed_packet' bytes at /kohadevbox/koha/acqui/invoice-files.pl line 116 It looks like the max allowed packet in the MySQL client libraries is 16MB That said, I think just sending a small snippet of the file to libmagic isn't a bad idea... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #11 from David Cook <dcook@prosentient.com.au> --- Created attachment 195378 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195378&action=edit Bug 42080: (follow-up) limit data sent to libmagic to 100 characters By limiting the data sent to libmagic to 100 characters, we make the test faster and we avoid situations where a large or malicious file causes too many resources to be used. 100 characters is more than enough for the file types we're allowing. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Bug 42080 depends on bug 41591, which changed state. Bug 41591 Summary: XSS vulnerability via file upload function for invoices https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41591 What |Removed |Added ---------------------------------------------------------------------------- Status|Needs documenting |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Patch doesn't apply --- Comment #12 from Jonathan Druart <jonathan.druart@gmail.com> --- failed: error: sha1 information is lacking or useless (acqui/invoice-files.pl) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #195245|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #195246|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #195378|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #13 from David Cook <dcook@prosentient.com.au> --- Created attachment 199059 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199059&action=edit Bug 42080: Invoice PDFs are forced downloads Serve invoice files with a CSP header that prevents XSS instead of with an attachment header that turns them into downloads. Testing plan: - Set AcqEnableFiles preference to Do - Acquisitions > Vendor > Receive Shipment > Create invoice - Finish Receiving > Manage invoice files - Upload an SVG with a <script> tag in it - Click the SVG filename to open it - Inspect browser's console: it should say something about a script being blocked due to the CSP directive Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #14 from David Cook <dcook@prosentient.com.au> --- Created attachment 199060 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199060&action=edit Bug 42080: (follow-up) allow some file types, checked by libmagic, to be viewed inline This patch uses File::LibMagic to determine the real file type using libmagic and magic numbers of invoice files, and allows a select group of file types to be viewed inline for user convenience. Note that a default Content-Security-Policy is still included to offer an extra layer of protection against XSS. Test plan: 0a. Apply the patch 0b. koha-plack --restart kohadev 1. Enable the syspref AcqEnableFiles (ie set to Do) 2. Find or create an active vendor 3. Create a basket if one doesn't already exist 4. Receive a shipment for the vendor 5. Create an invoice 6. Click "Finish receiving" 7. Click "Manage invoice files" 8. Upload a range of files including SVG, PDF, PNG, TXT 9. Click on the "Download" button 10. Note that the file downloads for all types 11. Click on the link in the "Name" column 12. Note that only the PDF and PNG display inline in the browser. The other file types should be downloaded same as if you clicked the "Download" button. Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #15 from David Cook <dcook@prosentient.com.au> --- Created attachment 199061 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199061&action=edit Bug 42080: (follow-up) limit data sent to libmagic to 100 characters By limiting the data sent to libmagic to 100 characters, we make the test faster and we avoid situations where a large or malicious file causes too many resources to be used. 100 characters is more than enough for the file types we're allowing. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #16 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #12)
failed: error: sha1 information is lacking or useless (acqui/invoice-files.pl)
Thanks, Jonathan. Rebased and hopefully should apply now. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |jonathan.druart@gmail.com |y.org | Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199059|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199060|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199061|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #17 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199234 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199234&action=edit Bug 42080: Invoice PDFs are forced downloads Serve invoice files with a CSP header that prevents XSS instead of with an attachment header that turns them into downloads. Testing plan: - Set AcqEnableFiles preference to Do - Acquisitions > Vendor > Receive Shipment > Create invoice - Finish Receiving > Manage invoice files - Upload an SVG with a <script> tag in it - Click the SVG filename to open it - Inspect browser's console: it should say something about a script being blocked due to the CSP directive Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #18 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199235 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199235&action=edit Bug 42080: (follow-up) allow some file types, checked by libmagic, to be viewed inline This patch uses File::LibMagic to determine the real file type using libmagic and magic numbers of invoice files, and allows a select group of file types to be viewed inline for user convenience. Note that a default Content-Security-Policy is still included to offer an extra layer of protection against XSS. Test plan: 0a. Apply the patch 0b. koha-plack --restart kohadev 1. Enable the syspref AcqEnableFiles (ie set to Do) 2. Find or create an active vendor 3. Create a basket if one doesn't already exist 4. Receive a shipment for the vendor 5. Create an invoice 6. Click "Finish receiving" 7. Click "Manage invoice files" 8. Upload a range of files including SVG, PDF, PNG, TXT 9. Click on the "Download" button 10. Note that the file downloads for all types 11. Click on the link in the "Name" column 12. Note that only the PDF and PNG display inline in the browser. The other file types should be downloaded same as if you clicked the "Download" button. Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #19 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199236 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199236&action=edit Bug 42080: (follow-up) limit data sent to libmagic to 100 characters By limiting the data sent to libmagic to 100 characters, we make the test faster and we avoid situations where a large or malicious file causes too many resources to be used. 100 characters is more than enough for the file types we're allowing. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #20 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199237 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199237&action=edit Bug 42080: Add Cypress tests Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to main Version(s)| |26.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080 --- Comment #21 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Thanks everyone! Pushed to main for 26.11! -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org