Follow

Serious security issues with Ex Libris Alma and Primo VE headers (or lack thereof) 

That's the title of the support case I just opened.

I wonder how long it will be before Ex Libris is paying us *not* to be a customer.

Point observatory.mozilla.org/ at an Alma or Primo VE instance and see the carnage for yourself.

(Note: Evergreen hasn't implemented much, but out of the box it still gets a D+ compared to Alma's stone-cold F)

Serious security issues with Ex Libris Alma and Primo VE headers (or lack thereof) 

Got our Evergreen instance up to a B+ with about a half an hour of work. Should be pretty generalizable, too.

But the reliance on the ancient Dojo framework is going to kill any chance of applying a Content Security Policy without 'unsafe-inline' and 'unsafe-eval'.

Show thread

re: Serious security issues with Ex Libris Alma and Primo VE headers (or lack thereof) 

@dbs

> I wonder how long it will be before Ex LIbris is paying us *not* to be a customer.

That's a thought.

@dbs your earlier post got me curious and I did the same to the personal instance I manage tonight. 🙂 But yeah, the gap from B+ to A is gonna be a looong one.

Sign in to participate in the conversation
code4lib.social

code4lib.social is a GLAM-themed Mastodon Instance.