Discussion about: Upgrade immediately to Joomla! 1.0.11

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
astridv
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Aug 29, 2005 12:48 pm

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by astridv » Tue Aug 29, 2006 11:38 am

If you have loads of sites to patch:
- change globals.php before uploading (so Emulation is off)

- note that the configuration.php has only ONe extra line $mosConfig_mbf_content='0';
Rather than filling out all the config details I added the one line to all config files.

- Overwrite the admin.mambots.php in the package with the changed one.

User avatar
mporcheron
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon May 29, 2006 5:45 pm
Location: UK
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by mporcheron » Tue Aug 29, 2006 11:59 am

sgabbio wrote:done from 1.0.10 to 1.0.11 overwriting files with Filezilla FTP client.
at first time polls and some menus in the backend didn't work well.
at second overwriting it works well but:
- JCE comp: if i chose JCE Configuration from the menu an alert says: Restricted Access and i can't access jce config (even if it's still working)
- JACPLUS: doesn't work so i've uninstalled it and now i'm re-installing it.



I know for sure that the JCE config is a mambot and subsequently requires the offical patch for the mambots section.  See edition at the end of this post: http://forum.joomla.org/index.php/topic ... 55967.html.

Upload it to administrator/components/com_mambots
Martin Porcheron - mpwebwizard.com

slyboots
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Jan 08, 2006 9:01 pm

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by slyboots » Tue Aug 29, 2006 12:16 pm

astridv wrote:If you have loads of sites to patch:
- change globals.php before uploading (so Emulation is off)

- note that the configuration.php has only ONe extra line $mosConfig_mbf_content='0';
Rather than filling out all the config details I added the one line to all config files.

- Overwrite the admin.mambots.php in the package with the changed one.


Thanks astridv - your post saved me a lot of time!
Martin

User avatar
ahmad
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Fri Apr 07, 2006 4:02 pm
Location: Egypt
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by ahmad » Tue Aug 29, 2006 12:20 pm

Upgraded to 1.0.11 with no problems :)
I uploaded the file through FTP manually

I noticed a new menu item ( Check Version ) Under ( System )


Nice work guys :)

globule
Joomla! Intern
Joomla! Intern
Posts: 77
Joined: Tue Aug 30, 2005 9:11 pm
Location: Aix-En-Provence, France
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by globule » Tue Aug 29, 2006 12:29 pm

As previous updates, some small bugs sometime appear with the upgrade patch.
Upolading the full package solved them.

What I recommend to do :
- use the file manager from your hoster panel to create a copy of your site in a subdirectory (faster than FTP)
- correct the configuration file, and .htaccess if needed
- upload the upgrade
- test this copy (mysite.com/mycopy) as deep as you can : regiter a new user, submit a new article, create a new section etc...

If it works correctly, apply to the production site.
This prevents from bugs if you hacked something and forgot it!
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)

User avatar
infograf768
Joomla! Engineer
Joomla! Engineer
Posts: 366
Joined: Fri Aug 12, 2005 3:47 pm
Location: •Translation Matters•

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by infograf768 » Tue Aug 29, 2006 12:58 pm

$mosConfig_mbf_content='0';


What is that one for?
I indeed see it in the dist file.
Jean-Marie Simonet / infograf · http://www.info-graf.fr · GMT +1
Qui vult dare parva non debet magna rogare.

User avatar
RobInk
Joomla! Guru
Joomla! Guru
Posts: 517
Joined: Thu Aug 18, 2005 10:41 am
Location: The Netherlands

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by RobInk » Tue Aug 29, 2006 1:05 pm

Hi JM,

From what I can recall, this is for MambelFish, now known as Joom!Fish multilanguage extension...
Regards Robin - Sites & Infrastructure

chris_t
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Mar 27, 2006 4:31 pm

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by chris_t » Tue Aug 29, 2006 1:17 pm

this is a real pain in the backside. i only finished upgrading to 1.0.10 last week, as i've made dozens of small hacks throughout. to now have to go through that all again is unfortunate to say the least.

can anyone tell me, briefly, how 1.0.10 and 1.0.11 differ? i've already secured register_globals, emulation, magic quotes, my .htaccess etc. why do i still need to upgrade?

User avatar
RobInk
Joomla! Guru
Joomla! Guru
Posts: 517
Joined: Thu Aug 18, 2005 10:41 am
Location: The Netherlands

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by RobInk » Tue Aug 29, 2006 1:20 pm

Hi chris_t,

Check the full changelog to see whats been changed/fixed: http://www.joomla.org/content/view/1841/78/
As you can see quite a lot of security fixes. My advice would be to upgrade, even if it means fixing/patching your files again.

Regards Robin
Regards Robin - Sites & Infrastructure

User avatar
infograf768
Joomla! Engineer
Joomla! Engineer
Posts: 366
Joined: Fri Aug 12, 2005 3:47 pm
Location: •Translation Matters•

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by infograf768 » Tue Aug 29, 2006 1:24 pm

RobInk wrote:Hi JM,

From what I can recall, this is for MambelFish, now known as Joom!Fish multilanguage extension...


hmmm.. Wondering... I see it in the dist indeed for ages (saw it in a 1.0.7 at least) but a new install does not populate it.

How is it I have a Joomfish driven site and this config is nowhere to be seen in the admin?
Maybe it is only an artefact of the old mambelfish times and beginning of Joomla.  ;)
Jean-Marie Simonet / infograf · http://www.info-graf.fr · GMT +1
Qui vult dare parva non debet magna rogare.

User avatar
RobInk
Joomla! Guru
Joomla! Guru
Posts: 517
Joined: Thu Aug 18, 2005 10:41 am
Location: The Netherlands

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by RobInk » Tue Aug 29, 2006 1:29 pm

Maybe it is only an artefact of the old mambelfish times and beginning of Joomla.


Think so too, also implemented several multilanguage sites, never seen it as an option in global config either.
Regards Robin - Sites & Infrastructure

User avatar
crash777
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Sat Sep 03, 2005 1:56 am
Location: Upstate New York
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by crash777 » Tue Aug 29, 2006 1:38 pm

While this is nice to know... it does not call out files that were modified. Is there a list that shows which files were modified?

RobInk wrote:Hi chris_t,

Check the full changelog to see whats been changed/fixed: http://www.joomla.org/content/view/1841/78/
As you can see quite a lot of security fixes. My advice would be to upgrade, even if it means fixing/patching your files again.

Regards Robin
Thanks!
Aaron
Crash Graphics - Superior Design and Graphics
http://www.crashgraphics.com

User avatar
crash777
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Sat Sep 03, 2005 1:56 am
Location: Upstate New York
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by crash777 » Tue Aug 29, 2006 1:38 pm

webgyrl wrote:If anyone else is using Fantastico:

I just did the upgrade by FTPing the files using FileZilla to my site. It upgraded fine.
For upgrade instructions go here:
http://forum.joomla.org/index.php/topic,33226.0.html

Fantastico is sensitive and though I never doubted that an upgrade would work, I wonder if it will "break" the link to Fantastico rendering future upgrades in fantastico useless..

Wondering when we can expect an official upgrade through Fantastico or do they only wait for major releases?
Thanks!
Aaron
Crash Graphics - Superior Design and Graphics
http://www.crashgraphics.com

micoots
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Apr 21, 2006 7:38 pm

Re: 1.0.11 release warning

Post by micoots » Tue Aug 29, 2006 1:47 pm

Hi,

infograf768 wrote:WARNING!
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.

This is an official fix!



I used the latest 1.0.10 to 1.0.11 bz2 patch file from forge.joomla.org with md5sum:

6af7ded3b0cd8c9988e1ee4e8698142c  Joomla_1.0.10_to_1.0.11-Stable-Patch_Package.tar.bz2

This md5sum didn't match what was posted on the md5sums link on this site, but I think it's still ok since there was an "original" Joomla_1.0.10_to_1.0.11-Stable-Patch_Package.tar.bz2 file posted first which I believe matched the original md5sum on this site.

Either way, I grabbed the file you announced here and transferred it to my server.

I use JCE so will test and hope all is ok.

Thanks.

Michael.

User avatar
RobS
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 102
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by RobS » Tue Aug 29, 2006 2:24 pm

chris_t wrote:this is a real pain in the backside. i only finished upgrading to 1.0.10 last week, as i've made dozens of small hacks throughout. to now have to go through that all again is unfortunate to say the least.

can anyone tell me, briefly, how 1.0.10 and 1.0.11 differ? i've already secured register_globals, emulation, magic quotes, my .htaccess etc. why do i still need to upgrade?


1.0.11 addresses several vulnerability possibilities in Joomla and in PHP itself... the most notable of the PHP vulnerabilities is the Zend_Hash_Key_Del_Or_Index () but that could allow an attacker to potentially feed malicious data to any PHP script via the URL.  It also addresses a potential spamming issue that required a pretty extensive fix and some smaller SQL injection and XSS vulnerabilities.  Some of those vulnerabilities we rank as critical as they can lead to compromise of the website while most of them are very low risk.  For a list of the files that have been changed since 1.0.10, just download one of the 1.0.10 -> 1.0.11 patch packages as that will only contain the files that have been modified but keep in mind there have been several files modified.
Rob Schley - Joomla! Core Team
WebImagery - http://www.webimagery.net/

chris_t
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Mar 27, 2006 4:31 pm

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by chris_t » Tue Aug 29, 2006 3:21 pm

i've upgraded again and am making my little hacks again.

EDIT: page title problems sorted - includes/joomla.php was the offending file.

linked titles no longer work in 1.0.11. i notice a discrepancy between the two most recent versions, in content.html.php (line 580):

new:

$row->link_on = sefRelToAbs( 'index.php?option=com_content&task=view&id=' . $row->id . $row->Itemid_link );


old:

$link_on = sefRelToAbs("index.php?option=com_content&task=view&id=".$row->id."&Itemid=".$_Itemid);


the result: now, when linked titles are turned on, the url is my site url, rather than the full content url. help please?
Last edited by chris_t on Tue Aug 29, 2006 4:46 pm, edited 1 time in total.

adewinne

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by adewinne » Tue Aug 29, 2006 3:40 pm

I upgraded from 1.0.10 to 1.0.11 everything seemed fine. I set define( 'RG_EMULATION', 0 ); in globals.php. But this morning I tried to edit a mambot setting and keep getting a 'restricted access' popup. Then it goes back to the list of mambots. The mambot I was trying to edit is now locked. This happens for ALL mambots.

JCE component seems to have the same problem. All other components and modules seem to be fine so far.

Help!


------

:) http://forum.joomla.org/index.php/topic ... html  and upload admin.mambots.php fixes the problem above.


Alex
Last edited by adewinne on Tue Aug 29, 2006 3:48 pm, edited 1 time in total.

JacquesL

Bug : non more statistics of printed pages in the administrator back-end

Post by JacquesL » Tue Aug 29, 2006 3:43 pm

Bug with 1.0.11 : non more statistics of printed pages in the administrator back-end.
I regret them !

On my site, the hacker installed twice a Cshell and his own folders and programs with CRONs, with the help of pirating the component mambowiki.

I do not know how to set register_globals on OFF. Each time I try to use a .htaccess for that, the only result is to block all access. I am on 1and1.fr.

Can somebody explain me the right steps ? Thank you by advance !

jeepn
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Jan 04, 2006 4:43 pm

Re: 1.0.11 release warning

Post by jeepn » Tue Aug 29, 2006 4:11 pm

infograf768 wrote:WARNING!
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.

This is an official fix!



So is there going to be a forthcoming 1.0.12 soon?  Or is 1.0.11 being re-packaged?

Thanks

User avatar
joomlasolutions_JB
Joomla! Apprentice
Joomla! Apprentice
Posts: 35
Joined: Wed Aug 17, 2005 11:07 pm
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by joomlasolutions_JB » Tue Aug 29, 2006 4:11 pm

from the link on the joomla front site announcement, it says ( SUNBIRD )  but when i followed that link,downloaded and applied the patch from 1.0.10 to 1.0.11 I get (SUNBOW ) on my admin. What does that mean? is it wrong release?


joomla front page announce: Joomla! 1.0.11 [ Sunbird ] is now available as of Monday 28th August 2006 24:00 UTC

admin footer after applying patch to site: Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC

also, when i look in the admin, it tells me:

Your version of Joomla! [ 1.0.11 Stable ] is
2 days old


how 2 days old??



if there is going to be a fixed release of 1.0.11 planned in the next few hours or days, i would VERY much like to know, since I and many others have multiple sites to patch...


tell us
Last edited by joomlasolutions_JB on Tue Aug 29, 2006 4:22 pm, edited 1 time in total.
Joomla! Template Shop www.joomlathemes.org

Joomla Template Club
[URL=http://templateclub.mambosolutions.com]templateclub.mambosolutions.com
[/URL]

User avatar
jtruelson
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Fri Aug 19, 2005 1:40 pm
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by jtruelson » Tue Aug 29, 2006 4:58 pm

Looks like Websmurf has Joomlaboard listed as one of those extensions fixed due to the RG_EMULATION flag. Check this post for the upgrade: < http://forum.joomla.org/index.php/topic,86525.0.html >.


Thank you, Amy, thank you Websmurf  - that fixed it.  :)
Jon Truelson
Media Consultant

User avatar
leolam
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 155
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/S'pore/Bali/North America
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by leolam » Tue Aug 29, 2006 5:32 pm

Thanks to all devs and testers for fixing the next layers of security holes. I would appreciate a clarification please on what this is meant to mean:

------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.
* admin.mambots.php.zip (4.14 KB - downloaded 101 times.)
« Last Edit: August 29, 2006, 08:57:23 PM by infograf768 »


Is this a repack with already identified bugs/additional changes (a sort of 1.0.11a) or is it going to be 1.0.12?

please advise? We are not waiting to upgrade so many customers every two days or so  ;)

cheers
Leo
For Professional Web-Development:: http://joomastudio.com
For Specialized Joomla Support:: http://joomadesk.com
We provide dedicated Joomla-Hosting at joomaserver.com!
Skype: joomadesk

alibroon
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Aug 28, 2005 11:00 pm

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by alibroon » Tue Aug 29, 2006 6:24 pm

I've got a problem upgrading from 1.0.7 to 1.0.11
Template is out of whack and the login gives me the following
Fatal error: Call to undefined function: josspoofvalue() in /homepages/mysite/modules/mod_login.php on line 91


I can get into control panel but when I go to modules>site modules
my-site/administrator/components/com_modules/admin.modules.php on line 28
It's also telling me that it is still at version 1.0.7
Am I missing something?
What to do ???
Last edited by alibroon on Tue Aug 29, 2006 6:57 pm, edited 1 time in total.

joomlan
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Jul 16, 2006 1:21 pm

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by joomlan » Tue Aug 29, 2006 6:44 pm

Hi,

I upgraded it to 1.11 ,but I am getting this message now :Restricted access for both Admin & Front end  !! What did I do wrong ?
I copied the folders in the patch to the same locations on the server and overwrote them !! How can I fix this ?
What are the steps to upgrade ? What did I miss ?


Thanks

jeepn
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Jan 04, 2006 4:43 pm

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by jeepn » Tue Aug 29, 2006 7:00 pm

If anyone is having troubles with upgrading... head here:

http://forum.joomla.org/index.php/board,36.0.html


;)

User avatar
zuze
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Sat Feb 11, 2006 9:43 pm
Location: Birmingham, USA
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by zuze » Tue Aug 29, 2006 8:34 pm

jtruelson wrote:It is good to know that security take precedence here.  I have 29 or so Joomla sites to patch. 
I've done two so far.  Problem with Joomlaboard (latest version) encountered.

Selecting an existing topic throws the following:

An invalid post id was requested.

\n


any thoughts on this?


I had that same problem when I updated to Joomla 1.0.10. And I am not the only one. Have not found the answer yet, not on these bords not Joomlaboard forum borads.
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org

nandoprieto

Error when trying to install templates, language, components, modules or mambots

Post by nandoprieto » Tue Aug 29, 2006 8:36 pm

I upgraded "immediately" from 1.0.10 to Joomla 1.0.11 and when I try to install any template, language, component, module or mambot this is what I have:

Fatal error: Cannot instantiate non-existent class: ftphostaccnt in /vhosts/ecc.univalle.edu.co/administrator/components/com_installer/admin.installer.html.php on line 160

I suspect this is caused because recently I uploaded the SafeMode patch for Joomla 1.0.10 which can be found at http://developer.joomla.org/sf/frs/do/l ... 4BD54DD761

If so, where can I fing the safe mode patch for Joomla 1.0.11? ???

If not, what did I do wrong? :(

Thank you very much in advance.

Fernando
Last edited by nandoprieto on Tue Aug 29, 2006 10:17 pm, edited 1 time in total.

chunkybacon

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by chunkybacon » Tue Aug 29, 2006 8:38 pm

Is there a way to be notified via email for *only* security updates?

User avatar
brad
Joomla! Hero
Joomla! Hero
Posts: 2212
Joined: Fri Aug 12, 2005 12:38 am
Skype: tested
Location: Sydney - Australia
Contact:

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by brad » Tue Aug 29, 2006 8:40 pm

chunkybacon wrote:Is there a way to be notified via email for *only* security updates?

Please subscribe the the announcement section of this forum. See frontpage of forum, all is explained:
Announcements from the Joomla! Core Team for the attention of all Users. We encourage all Joomla users to subscribe to announcements by Clicking Here.
Brad Baker - Joomla! Core Team, Sites & Infrastructure.
http://www.rochen.com - Managed Dedicated, Reseller & Multiple Domain Hosting.
http://www.joomlatutorials.com <-- Joomla! 1.5 & 1.0.x
^New Joomla 1.5 Tutorials are out!

User avatar
RobInk
Joomla! Guru
Joomla! Guru
Posts: 517
Joined: Thu Aug 18, 2005 10:41 am
Location: The Netherlands

Re: Discussion about: Upgrade immediately to Joomla! 1.0.11

Post by RobInk » Tue Aug 29, 2006 8:42 pm

Hi,

At zuze, about the issue with joomlaboard, check http://forum.joomla.org/index.php/topic,86525.0.html
Register globals emulation = 0 is causing problems with several extensions. You will find a fix in that topic.
Regards Robin - Sites & Infrastructure


Locked