https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33353
--- Comment #15 from Victor Grousset/tuxayo <[email protected]> --- > This bug caught my attention last week, and I have been watching with > interest to see what responses there would be to Victor's question here. In > the absence of any (so far), I would like to offer the perspective of a > system administrator in the wild: Hi, welcome :) More input can definitely help to unblock this. > 1. The version included by Koha appeared to be one that had reached > end-of-life with the publisher ES 7 and OpenSearch 1.X (which isn't eol) has been supported since a year. But we didn't update the systems requirements documentation (now it's finally updated) due to not having the time to search for real work usage to confidently claim support :-/ > 2. Even the supported version had been associated with significant data > breaches You mean the log4j vulnerabilities? (latest 6.x patched them) or like bad defaults? Is your statement still valid for ES 7.x? > 3. There seemed to be a lack of clarity following the change in licensing and > the open source world's response to it. Indeed! About that, to have more material to raise awareness about the issue, do you happen to know more about the open source world's response to it? Besides Debian, Fedora and the Open Source Initiative not considering the SSPL license libre/open source? > - Our production server runs 22.05, BUT I can imagine a willingness to leap > forward a bit if OpenSearch is backported to 22.11. You can do that right away with OpenSearch 1.x , 22.05 supported it on launch. Sorry again for the delay in advertising it's support. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
