Since updating to version 3.5.2, the whistleblower is unable to use the receipt to access his/her submission. Is anyone else having similar issues?
I’m sorry for this inconvenience.
This issue due to a software error present in migration for 3.5.0.
If you still have a backup and you have not received new submissions you can:
- shut down globaleaks
- put the backup on /var/globaleaks
- restart globaleaks
This will restore the situation.
Manually you can alternatively read the ‘receipt_salt’ variable in the Config table of your backup and configure that value on the current database of version 3.5.2.
Thank you Giovanni.
We are getting this on a fresh install of 3.5.4 and 3.5.2. This is even for new cases.
I submit a case and when I view it I get the following error:
The key code is either invalid or the submission has expired.
Thank you @NYUser for reporting this.
We will investigate the issue and get back to you shortly,
@NYUser: we identified the issue and released a version 3.5.5.
Could you please upgrade and let us know if the fix is confirmed?
Is the update available?
I tried: apt-get update && apt-get install globaleaks
Still old version.
chmod +x install-globaleaks.sh
Still old version 3.5.4
You are right, for some reason the release procedure got stuck.
Would you please retry now?
I tried it and it seems to be working now.
That issue is resolved. However another issues has been introduced. I just recreated it. If the application is SSL enable then you can access it using any three common browsers, Firefox, Edge and Chrome. We get the following error in Firefox:
Secure Connection Failed
The connection to 172.24.33.142 was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
The site is using self-signed Certificate.
If the traffic is going through Burp Proxy, you not have the same issue. I have been using Burp for testing, as result I did not notice it now.
Has there been any new features related to SSL introduced?
UPDATE: You cannot access it with an IP address. You can access with hostname. Add an entry in the hosts file, in the addresses the issue
BTW, I do have a couple of security findings, I will share them with you later.
Thank you so much @NYUser for reporting this!
Please try to keep information separated threads topic and use github for for bug reporting: https://github.com/globaleaks/GlobaLeaks
This forum is mostly intended for users to share their knowledge while for development reasons GitHub is the preferred tool.