Re: [Dhis2-users] [Dhis2-devs] CVE-2018-11776 struts exploit | impact to DHIS 2?

2018-09-11 Thread Stephen Macauley 
Hi, Morten.

Apologies for the late reply.  Thank you for confirming the vulnerability is 
not present.

Much appreciated.

-Stephen

From: Morten Olav Hansen 
Sent: Sunday, September 9, 2018 8:45 PM
To: Stephen Macauley 
Cc: dhis2-devs ; dhis2-users 
; Matthew Dollacker 

Subject: Re: [Dhis2-devs] CVE-2018-11776 struts exploit | impact to DHIS 2?

Hi Stephan

Let me include Lars reply from a thread where we were discussing this.

"""
we did an assessment of this last week and concluded that we are not affected 
by this vulnerability. This due to the two conditions mentioned (use of 
namespaces and alwaysSelectFullNamespace config property).

That said we have patched all versions from 2.28 and later and you can fetch 
the new builds from dhis2.org/downloads.
"""

--
Morten Olav Hansen
Senior Engineer, DHIS 2
Team Integration Lead
University of Oslo
http://www.dhis2.org


On Sat, Sep 8, 2018 at 3:19 AM Stephen Macauley 
mailto:stephen.macau...@inductivehealth.com>>
 wrote:
DHIS2 Dev Team,

Can you comment on the recent 
CVE-2018-11776 
vulnerability in Struts 2.0 being contained in DHIS 2 (specially Version 2.25). 
 I did not see any recent threads about this on DHIS 2 DEV or USERS mailing 
lists.

Additional details on the vulnerability (and patch from Apache) is available 
here:  
https://krebsonsecurity.com/2018/08/experts-urge-rapid-patching-of-struts-bug/?_ke=eyJrbF9lbWFpbCI6ICJtYXR0aGV3LmRvbGxhY2tlckBnbWFpbC5jb20iLCAia2xfY29tcGFueV9pZCI6ICJlN1lDM3UifQ%3D%3D

Many thanks in advance,
-Stephen
___
Mailing list: https://launchpad.net/~dhis2-devs
Post to : 
dhis2-d...@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help   : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

[Dhis2-users] Datasets NOT Available

2018-09-11 Thread Kabango Malewezi 
Dear Members,
I just upgraded from DHIS2.28 to 2.29 to 2.30 following all the rules. My
users cannot do data entry now because datasets are not available. When I
give them full authority they are able to see datasets.
The only error I see in the log is "Cannot get users with disjoint roles as
user does not have any user roles (DefaultUserService.java
[localhost-startStop-1])". What I'm I missing?

[image: image.png]




Name: Kabango Malewezi

skype: kabango.malewezi


catalina.out
Description: Binary data
___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

[Dhis2-users] SQL protected Table Issue

2018-09-11 Thread john.bidemi82 
Hello everyone,

 

I am having an issue creating a SQL view from the DHIS2 using this query. 

 

SELECT DISTINCT public._orgunitstructure.uidlevel4 AS UID4,
public._organisationunitgroupsetstructure.organisationunitname AS name4,
public._orgunitstructure.uidlevel5 AS UID5, public.organisationunit.name AS
orgUnitName, public.organisationunit.hierarchylevel AS orgUnitLevel,
public.trackedentityattributevalue.value AS woman,
public.trackedentityinstance.uid AS womanuid,
public.trackedentityinstance.created AS womancreationdate,
public.trackedentityinstance.lastupdated AS womanupdated 

FROM public.trackedentityattribute

INNER JOIN public.trackedentityattributevalue ON
(public.trackedentityattribute.trackedentityattributeid =
public.trackedentityattributevalue.trackedentityattributeid) 

INNER JOIN public.trackedentityinstance ON
(public.trackedentityattributevalue.trackedentityinstanceid =
public.trackedentityinstance.trackedentityinstanceid)

INNER JOIN public.organisationunit ON
(public.trackedentityinstance.organisationunitid =
public.organisationunit.organisationunitid)

LEFT JOIN public._orgunitstructure ON public._orgunitstructure.uidlevel5 =
public.organisationunit.uid

LEFT JOIN public._organisationunitgroupsetstructure ON
public._organisationunitgroupsetstructure.organisationunitid =
public.organisationunit.parentid

WHERE public.trackedentityattribute.name = 'Name of Member'

 

 

Please, any advice on how to go about this.

 

Thanks

John

___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

[Dhis2-users] View Expression Value Output

2018-09-11 Thread Walusiku Muyunda 
If i have an expression like d2:substring(A{client_id_rv}, 0, 2)  != 'RV2',
is there a way I can view the output which is being compared to my
validation string?


*Walusiku J. Muyunda*



*"We have heaven to win and hell to shun, our lives testify better!"
*
___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

[Dhis2-users] Tracker Program Stages order

2018-09-11 Thread Walusiku Muyunda 
*Dear All,*

*I have a program with about 12 scheduled visits(stages). I have ordered
them in the **sequence** they should appear but for some reason they seem
to have their own order as they are appearing not according to the ordering
I shuffled them to. Is there something I am missing. I used the days from
start **option** as well as the stage order to determine how they appear
but seem not to be working.*

*Thank you.*

*Walusiku J. Muyunda*


*Cell: +260967006614Cell: +260971000614*
*Cell: +260953063387*

*"We have heaven to win and hell to shun, our lives testify better!"
*
___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp

[Dhis2-users] Could not delete due to association with another object: ProgramStageInstance in dhis 2.30

2018-09-11 Thread 林晓东 


when I do delete program in dhis2 2.30, got :
Could not delete due to association with another object: ProgramStageInstance 
and some program can delete ,some can't: Could not delete due to association 
with another object: ProgramStageInstance
OK
??
but in dev version ,it's OK




--

此致

   林晓东

莫愁前路无知己,天下谁人不识君。




 ___
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help   : https://help.launchpad.net/ListHelp