Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!

[Jinx]

Discussion area for the announcement that:

Upgrade to Joomla! 1.0.4 Security Release now!
http://www.joomla.org/content/view/498/74/

[Chinaman]

Well done to all the team, and thank you.

[55thinking]

I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?

Thank you

[guilliam]

wonderful!!

--> Sundial

the team surely prioritizes SECURITY at the top most of the list!

thank you!

- g

[pushfrog98]

just wondering if this patch has anything to do with the $ambo exploit...

http://isc.sans.org/diary.php?storyid=870

[infograf768]

I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?

Thank you

ISO has been reset to 8559-1 instead of utf-8.
A few strings have been added.
Better use a diff program to check all.

[infograf768]

Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?

Hugely annoying..

PTM

Some like to wait until later on to patch their apps. It is their decision.

We have decided not to as many sites have been hacked.
1.0.4 had a few bugs fixed by the Maintenance team. It was just a matter of releasing it sooner than planned.

The time taken to do this has not been taken over the 1.1 development. 

FYI: concerning 1.1, a second alpha will be released next week, then a beta.

Don't be so annoyed

[pcigre]

I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?

Thank you

You can see there what is changed:

http://developer.joomla.org/integration ... f_format=h

[55thinking]

I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?

Thank you

You can see there what is changed:

http://developer.joomla.org/integration ... f_format=h

Thanks a lot, helpfull link

[davidva]

Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?

Hugely annoying..

PTM

Some like to wait until later on to patch their apps. It is their decision.

We have decided not to as many sites have been hacked.
1.0.4 had a few bugs fixed by the Maintenance team. It was just a matter of releasing it sooner than planned.

The time taken to do this has not been taken over the 1.1 development. 

FYI: concerning 1.1, a second alpha will be released next week, then a beta.

Don't be so annoyed

So we still have at least a week 1/2 for 1.1? I was looking forward to the release sometime this week so I can integrate phpbb and go live with my site. =/

[nathandiehl]

Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?

Hugely annoying..

PTM

i for one am happy that the Joomla! Core Team doesn't think that Medium-Threat risks are so insignificant that they can wait a couple weeks. If you want to remain vulnerable, i might recommend you switch to Mambo or another CMS where they don't offer near the updates of Joomla!.

Thanks again core team--your work is highly appreciated!

and believe you, I appreciate my icons in administrator not going wacko anymore! Thanks again!
nathan.

[jasonmartens]

Are there any general instructions for applying the patch package? Or do I simply untar the package on top of my existing installation?

[infograf768]

Upgrade Instructions

    * To update from Joomla! 1.0.3, all you have to do is simply overwrite files from the 1.0.3 to 1.0.4 Patch Package
    * To update from Joomla! 1.0.2, all you have to do is simply overwrite files from the 1.0.2 to 1.0.4 Patch Package
    * To update from Joomla! 1.0.1, all you have to do is simply overwrite files from the 1.0.1 to 1.0.4 Patch Package
    * To update from Joomla! 1.0.0, all you have to do is simply overwrite files from the 1.0.0 to 1.0.4 Patch Package

[guilliam]

Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?

Hugely annoying..

PTM

Some like to wait until later on to patch their apps. It is their decision.

We have decided not to as many sites have been hacked.
1.0.4 had a few bugs fixed by the Maintenance team. It was just a matter of releasing it sooner than planned.

The time taken to do this has not been taken over the 1.1 development. 

FYI: concerning 1.1, a second alpha will be released next week, then a beta.

Don't be so annoyed

this post from toastman is more annoying than anything else. hmmnn.. isnt he supposed to be happy the core team has released this patch for the benifit of ALL. oh well..

- g

[focalguy]

Thanks again for all the hard work! Keep it up and 1.1 will be here when it's ready.

[MolBio]

Security releases should be the first priority and thanks to dev team that for these upgrades.
We can always wait a bit for the new version, but we certainly don’t want to be hacked!

Thanks again

[mediamagnate]

It should also be remembered that some non-Joomla security issues may still exist depending on security measures and configuration of where your site is hosted. It is not unusual for some hosts to be better than others.

The team's fast response to what amounts to a serious issue is why I love this community.

Applause to our code commandos who've worked so hard during the past couple of days to make this happen.

[pruiter]

Thanks guys. Security has priority of course, but the patch (103 to 104) screwed up all my diacritical-marked words, of which I have *many* on the site I'm building. Words like

Bahá'í

show up as

Bahá'Ã

Not fun. An upfront alert to this might be helpful next time. Thanks for the hard work.

pieter

[Slixter]

Thanks guys, now on to the patching.  :)

--Slixter

[MikeFossati]

ISO has been reset to 8559-1 instead of utf-8.

As this is causing some problems on my site, I wonder if there is a simple way to fix it? Instead of "..." I see now "…" (check my site for an example: http://www.spiritofhouse.com/).

Thanks for your help,
Mike

[deafbiz]

I'm screwed!

It said the patch will work with Mambo 4.5.2.3 (I'm not ready to upgrade to Joomla just yet!).

So I did apply the patch via FTP.

Guess what???  my website is screwed!  index.php is for Joomla!

Can anyone send me an index.php for Mambo? Is that the only file I shouldn't overwrite?

Thanks,
JSG

Update: Nevermind... found the file at mambo and uploaded and all's well! Whew!  BUT TELL THAT TO SOMEONE STILL USING MAMBO!

[Manoxtra]

Well cant say im happy with this security update.... since i did that i get the following message on my homepage [pop up message  ]

overLIB 4.10 is required for the HideForm plugin.... whatever?!?

Resetting my account now to old installation... thx... will cost me 1 hour..

[benedikt]

Thanks for the upgrade.

I have one (very) little remark, though.
On the main Joomla site, the download button still says 1.0.3.
I guess there hasn't been time yet to change this since 1.0.4 is only 4 hours old. But the 1.0.3-button looks a bit silly next to the article about 1.0.4 

Keep up the great work guys!

[Tonie]

As you found out, it indeed doesn't work. You would have to completely migrate to Joomla to run the patch. First piece of advice is to ALWAYS create a backup of files and database before doing any patches, maintenance or big content updates. You can download the latest Mambo 4.5.2.3 version, and replace the files that were copied over by the Joomla patch. You should replace all files that Joomla replaced. Good luck!

[benedikt]

It said the patch will work with Mambo 4.5.2.3 (I'm not ready to upgrade to Joomla just yet!).

from http://www.joomla.org:

For those converting from Mambo 4.5.2.x please read these Migration instructions. You need to download the Joomla 1.0.4 Full package

[rhuk]

Thanks for the upgrade.

I have one (very) little remark, though.
On the main Joomla site, the download button still says 1.0.3.
I guess there hasn't been time yet to change this since 1.0.4 is only 4 hours old. But the 1.0.3-button looks a bit silly next to the article about 1.0.4 

Keep up the great work guys!

Button has been updated for several hours, i think you need to refresh your browser.

[benedikt]

Oops .. you're right (again)

Well, I guess it's a perfect job then 

Thanks again.

[alterego]

Well cant say im happy with this security update.... since i did that i get the following message on my homepage [pop up message  ]

overLIB 4.10 is required for the HideForm plugin.... whatever?!?

Resetting my account now to old installation... thx... will cost me 1 hour..

I installed a fresh Joomla 1.0.3 site just to test the patch before patching 30+  Joomla 1.0.3 sites, and I get the same problem when applying the patch. So... what's the work around? Could someone explain so we can patch our actual working sites?

Thanks.

[brad]

Have you got a link to your site? This is not something I have seen on any sites that I have upgraded.. or even on the official Joomla sites.

[ProjectMayhem]

yeah I'd like to see what the deal is before I upgrade all of my sites aswell.  so if you find out anything please share.