Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
kb:updates_not_detected [2018/07/31 12:44] bwiernikkb:updates_not_detected [2018/08/01 06:26] – Update for Zotero 5.0. bwiernik
Line 1: Line 1:
-<html><p id="zotero-5-update-warning" style="color: red; font-weight: bold">We’re +==== Why isn'Zotero detecting updates? ====
-in the process of updating the documentation for +
-<a href="https://www.zotero.org/blog/zotero-5-0">Zotero 5.0</a>. Some documentation +
-may be outdated in the meantime. Thanks for your understanding.</p></html>+
  
-==== Why isn't Firefox detecting Zotero updates? ====+=== Updates require Administrator privileges === 
 + 
 +Zotero does not require Administrator privileges for any of its operations and generally does not require them to install updates. If you are asked for a password or for Administrator privileges during Zotero update, one of two things is occurring: 
 +  - Zotero was initially installed with Administrator privileges. This is not necessary. Uninstall Zotero and re-install it from [[/download|zotero.org/download]]. If prompted to give Administrator privileges during the installation process, click Cancel, rather than OK. 
 +  - Your IT administrators have set your system to require Administrator privileges to install program updates. Inquire with your IT administrator if Zotero can be whitelisted to allow it to update itself.
  
 === No automatic updates are found, but manual update checks work === === No automatic updates are found, but manual update checks work ===
  
-If you're not receiving automatic updates to the Zotero Firefox extensions but you can find updates manually in the Firefox add-ons windowgo to the Firefox preferences -> Advanced -> Update and make sure that Firefox is set to automatically install updates.+If you're not receiving automatic updates to Zotero or an add-on but you can find updates manually by clicking Help → Check for Updates… (for Zotero) or Tools → Add-ons → Gear → Check for Updates… (for add-ons)check that automatic updates are enabled. For Zotero, open the Config Editor from the [[/support/preferences/advanced|Advanced pane]] of [[/support/preferences|Zotero preferences]], and ensure that ''app.update.auto'' and ''app.update.enabled'' are both set to ''true''. For add-ons, check Update Add-Ons Automatically in the Gear menu of the Zotero Add-ons window.
  
 === No automatic or manual updates are found === === No automatic or manual updates are found ===
  
-If new versions of the Zotero Firefox extensions aren't being installed automatically and aren'showing up in the Firefox add-ons window when you manually check for updates, something on your system or network may be intercepting secure (HTTPS) connections to zotero.org. To determine whether your connection is being intercepted, check the [[site certificate info]].+If new versions of Zotero or add-ons aren't being installed automatically and aren'being detected when you manually check for updates, something on your system or network may be intercepting secure (HTTPS) connections to zotero.org or the add-on's update server. To determine whether your connection is being intercepted, check the [[site certificate info]].
  
 == Quick Fix == == Quick Fix ==
Line 20: Line 21:
 == More Details == == More Details ==
  
-To ensure the security and privacy of its users, Zotero requires all connections to be made over HTTPS, which ensures that you're connecting directly to a remote website and that your connection is encrypted. However, software installed on your system, or your network administrator, can override the security protections of HTTPS, essentially masquerading as any website. Some security software does this in an attempt to provide additional security: it intercepts HTTPS connections, scans the contents itself, and then reencrypts the data and sends it to the original website in a new connection. While the makers of such software would argue that they're protecting you with this feature by searching for malware served over HTTPS, this behavior breaks a fundamental security feature built into web browsers. You can think of it as someone going through all your postal mail, reading every letter, and warning you if they find any junk mail: while what they're doing is potentially useful, they really have no business snooping around in your mail. (And in some cases, antivirus vendors have even [[http://www.howtogeek.com/199829/avast-antivirus-was-spying-on-you-with-adware-until-this-week/|stuck their own ads into the envelopes]] before resealing them.)+To ensure the security and privacy of its users, Zotero requires all connections to be made over HTTPS, which ensures that you're connecting directly to a remote website and that your connection is encrypted. However, software installed on your system, or your network administrator, can override the security protections of HTTPS, essentially masquerading as any website. Some security software does this in an attempt to provide additional security: it intercepts HTTPS connections, scans the contents itself, and then re-encrypts the data and sends it to the original website in a new connection. While the makers of such software would argue that they're protecting you with this feature by searching for malware served over HTTPS, this behavior breaks a fundamental security feature built into web browsers. You can think of it as someone going through all your postal mail, reading every letter, and warning you if they find any junk mail. While what they're doing is potentially useful, they really have no business snooping around in your mail. (And in some cases, antivirus vendors have even [[http://www.howtogeek.com/199829/avast-antivirus-was-spying-on-you-with-adware-until-this-week/|stuck their own ads and trackers into the envelopes]] before resealing them.)
  
-While such behavior is usually undetectable without manually inspecting the site security informationFirefox provides additional protections when installing add-ons and rejects installation attempts from connections that aren't truly secure.+To receive updates automaticallyyou have two options:
  
-As a temporary fix, you can manually install the updated extension from zotero.org. (Normally Firefox prevents manual installations over such connections as well, but we have implemented a workaround to allow them.) Without automatic updates, however, you may run into compatibility issues or bugs later that have already been fixed.+1) Disable the SSL/TLS/HTTPS scanning feature in the security software and try the update again. If the certificate information identifies your institution as the intercepting party, you'll need to speak to your network administrator and request that they stop intercepting your secure connections to websites, though it may be a condition of your use of the network.  
 + 
 +2) If you trust the software or institution that is intercepting your connection, you can force Zotero to download updates over intercepted connections. Open the Zotero Config Editor from the [[/support/preferences/advanced|Advanced pane]] of [[/support/preferences|Zotero preferences]]. Right-click on the list of settings that appears and select New → Boolean. For Zotero, enter ''app.update.cert.requireBuiltIn'' for the property name and choose ''true'' for the value. For add-ons, enter ''extensions.update.requireBuiltInCerts'' and choose ''true'' for the value. Be aware that there will no longer be a guarantee that you are receiving legitimate versions of Zotero or add-ons unless you return to the Config Editor and disable these preferences. 
 + 
 +=== Zotero Connector for Firefox not detecting updates === 
 + 
 +If the Zotero Connector for Firefox is not updating automatically, verify that automatic updates are enabled from the Firefox Add-ons window (Tools → Add-ons → Gear → Update Add-ons Automatically). Also check the [[support/connector_preferences|Zotero Connector preferences]] and ensure that automatic updates are enabled there. 
 + 
 +If automatic updates are enabled, try to update the connector manually by clicking the Gear button in the Firefox Add-ons window and choosing Check for Updates. If updates aren't being detected manually, you may be encountering the secure connection interception issue described above. To determine whether your connection is being intercepted, check the [[site certificate info]]. 
 + 
 +If the site certificate information points to security software on your system (Bitdefender, Avast), disable the SSL/TLS/HTTPS scanning feature of that software. The exact name of the feature will vary. Consult the software's documentation for help. 
 + 
 +As a temporary fix, you can manually install the updated extension from [[/downlod|zotero.org/download]]. (Normally Firefox prevents manual installations over such connections as well, but we have implemented a workaround to allow them.) Without automatic updates, however, you may run into compatibility issues or bugs later that have already been fixed.
  
 To receive updates automatically, you have two options: To receive updates automatically, you have two options:
Line 30: Line 43:
 1) Disable the SSL/TLS/HTTPS scanning feature in the security software and try the update again. If the certificate information identifies your institution as the intercepting party, you'll need to speak to your network administrator and request that they stop intercepting your secure connections to websites, though it may be a condition of your use of the network.  1) Disable the SSL/TLS/HTTPS scanning feature in the security software and try the update again. If the certificate information identifies your institution as the intercepting party, you'll need to speak to your network administrator and request that they stop intercepting your secure connections to websites, though it may be a condition of your use of the network. 
  
-2) If you trust the software or institution that is intercepting your connection, you can force Firefox to download add-on updates over intercepted connections. Enter "about:config" in the Firefox address bar, right-click on the list of settings that appears, select New -> Boolean, enter "extensions.update.requireBuiltInCertsfor the property name, and choose "truefor the value. Be aware that there will no longer be a guarantee that you are receiving legitimate versions of Zotero and other add-ons unless you return to about:config and disable that preference+2) If you trust the software or institution that is intercepting your connection, you can force Firefox to download add-on updates over intercepted connections. Enter "about:config" in the Firefox address bar, right-click on the list of settings that appears, select New → Boolean, enter ''extensions.update.requireBuiltInCerts'' for the property name, and choose ''true'' for the value. Be aware that there will no longer be a guarantee that you are receiving legitimate versions of Zotero and other Firefox add-ons unless you return to about:config and disable that preference.
- +
-Mozilla is in the process of switching to a new add-on framework, WebExtensions, so automatic updates over intercepted connections may begin to work in future versions of Firefox.+
  
 {{tag>kb basics}} {{tag>kb basics}}
kb/updates_not_detected.txt · Last modified: 2018/08/01 06:27 by bwiernik