Page 1 of 5
Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:05 pm
by Jinx
Discussion area for the announcement that:
Upgrade to Joomla! 1.0.4 Security Release now!
http://www.joomla.org/content/view/498/74/
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:12 pm
by Chinaman
Well done to all the team, and thank you.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:14 pm
by 55thinking
I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?
Thank you
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:14 pm
by guilliam
wonderful!!
--> Sundial
the team surely prioritizes SECURITY at the top most of the list!
thank you!
- g
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:17 pm
by pushfrog98
just wondering if this patch has anything to do with the $ambo exploit...
http://isc.sans.org/diary.php?storyid=870
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:20 pm
by infograf768
55thinking wrote:I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?
Thank you
ISO has been reset to 8559-1 instead of utf-8.
A few strings have been added.
Better use a diff program to check all.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:33 pm
by infograf768
Powdered Toast Man wrote:Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?
Hugely annoying..
PTM
Some like to wait until later on to patch their apps. It is their decision.
We have decided not to as many sites have been hacked.
1.0.4 had a few bugs fixed by the Maintenance team. It was just a matter of releasing it sooner than planned.
The time taken to do this has not been taken over the 1.1 development.
FYI: concerning 1.1, a second alpha will be released next week, then a beta.
Don't be so annoyed
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:44 pm
by pcigre
55thinking wrote:I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?
Thank you
You can see there what is changed:
http://developer.joomla.org/integration ... f_format=h
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 4:50 pm
by 55thinking
pcigre.com wrote:55thinking wrote:I can see that this patch affects the english.php file located in the language directory. Can we know what changes have been done to this file such as other languages file may be updated too ?
Thank you
You can see there what is changed:
http://developer.joomla.org/integration ... f_format=h
Thanks a lot, helpfull link
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 5:01 pm
by davidva
infograf768 wrote:Powdered Toast Man wrote:Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?
Hugely annoying..
PTM
Some like to wait until later on to patch their apps. It is their decision.
We have decided not to as many sites have been hacked.
1.0.4 had a few bugs fixed by the Maintenance team. It was just a matter of releasing it sooner than planned.
The time taken to do this has not been taken over the 1.1 development.
FYI: concerning 1.1, a second alpha will be released next week, then a beta.
Don't be so annoyed
So we still have at least a week 1/2 for 1.1? I was looking forward to the release sometime this week so I can integrate phpbb and go live with my site. =/
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 5:37 pm
by nathandiehl
Powdered Toast Man wrote:Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?
Hugely annoying..
PTM
i for one am happy that the Joomla! Core Team doesn't think that Medium-Threat risks are so insignificant that they can wait a couple weeks. If you want to remain vulnerable, i might recommend you switch to Mambo or another CMS where they don't offer near the updates of Joomla!.
Thanks again core team--your work is highly appreciated!
and believe you, I appreciate my icons in administrator not going wacko anymore! Thanks again!
nathan.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 5:39 pm
by jasonmartens
Are there any general instructions for applying the patch package? Or do I simply untar the package on top of my existing installation?
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 5:44 pm
by infograf768
Upgrade Instructions
* To update from Joomla! 1.0.3, all you have to do is simply overwrite files from the 1.0.3 to 1.0.4 Patch Package
* To update from Joomla! 1.0.2, all you have to do is simply overwrite files from the 1.0.2 to 1.0.4 Patch Package
* To update from Joomla! 1.0.1, all you have to do is simply overwrite files from the 1.0.1 to 1.0.4 Patch Package
* To update from Joomla! 1.0.0, all you have to do is simply overwrite files from the 1.0.0 to 1.0.4 Patch Package
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 5:50 pm
by guilliam
infograf768 wrote:Powdered Toast Man wrote:Oh come on - are we not waiting for the 1.1 release this month?? Does this mean that the 1.1 release date will creep over into December? Maybe january even? Why couldn't you have put the security fixes into 1.1?
Hugely annoying..
PTM
Some like to wait until later on to patch their apps. It is their decision.
We have decided not to as many sites have been hacked.
1.0.4 had a few bugs fixed by the Maintenance team. It was just a matter of releasing it sooner than planned.
The time taken to do this has not been taken over the 1.1 development.
FYI: concerning 1.1, a second alpha will be released next week, then a beta.
Don't be so annoyed
this post from toastman is more annoying than anything else. hmmnn.. isnt he supposed to be happy the core team has released this patch for the benifit of ALL. oh well..
- g
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 6:12 pm
by focalguy
Thanks again for all the hard work! Keep it up and 1.1 will be here when it's ready.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 6:17 pm
by MolBio
Security releases should be the first priority and thanks to dev team that for these upgrades.
We can always wait a bit for the new version, but we certainly don’t want to be hacked!
Thanks again
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 7:45 pm
by mediamagnate
It should also be remembered that some non-Joomla security issues may still exist depending on security measures and configuration of where your site is hosted. It is not unusual for some hosts to be better than others.
The team's fast response to what amounts to a serious issue is why I love this community.
Applause to our code commandos who've worked so hard during the past couple of days to make this happen.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 7:52 pm
by pruiter
Thanks guys. Security has priority of course, but the patch (103 to 104) screwed up all my diacritical-marked words, of which I have *many* on the site I'm building. Words like
Bahá'í
show up as
Bahá'Ã
Not fun. An upfront alert to this might be helpful next time. Thanks for the hard work.
pieter
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 7:52 pm
by Slixter
Thanks guys, now on to the patching. :)
--Slixter
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:10 pm
by MikeFossati
infograf768 wrote:ISO has been reset to 8559-1 instead of utf-8.
As this is causing some problems on my site, I wonder if there is a simple way to fix it? Instead of "..." I see now "…" (check my site for an example:
http://www.spiritofhouse.com/).
Thanks for your help,
Mike
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:18 pm
by deafbiz
I'm screwed!
It said the patch will work with Mambo 4.5.2.3 (I'm not ready to upgrade to Joomla just yet!).
So I did apply the patch via FTP.
Guess what??? my website is screwed! index.php is for Joomla!
Can anyone send me an index.php for Mambo? Is that the only file I shouldn't overwrite?
Thanks,
JSG
Update: Nevermind... found the file at mambo and uploaded and all's well! Whew! BUT TELL THAT TO SOMEONE STILL USING MAMBO!
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:20 pm
by Manoxtra
Well cant say im happy with this security update.... since i did that i get the following message on my homepage [pop up message
]
overLIB 4.10 is required for the HideForm plugin.... whatever?!?
Resetting my account now to old installation... thx... will cost me 1 hour..
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:21 pm
by benedikt
Thanks for the upgrade.
I have one (very) little remark, though.
On the main Joomla site, the download button still says 1.0.3.
I guess there hasn't been time yet to change this since 1.0.4 is only 4 hours old. But the 1.0.3-button looks a bit silly next to the article about 1.0.4
Keep up the great work guys!
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:22 pm
by Tonie
As you found out, it indeed doesn't work. You would have to completely migrate to Joomla to run the patch. First piece of advice is to ALWAYS create a backup of files and database before doing any patches, maintenance or big content updates. You can download the latest Mambo 4.5.2.3 version, and replace the files that were copied over by the Joomla patch. You should replace all files that Joomla replaced. Good luck!
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:25 pm
by benedikt
deafbiz wrote:It said the patch will work with Mambo 4.5.2.3 (I'm not ready to upgrade to Joomla just yet!).
from
http://www.joomla.org:
For those converting from Mambo 4.5.2.x please read these Migration instructions. You need to download the Joomla 1.0.4 Full package
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:30 pm
by rhuk
benedikt wrote:Thanks for the upgrade.
I have one (very) little remark, though.
On the main Joomla site, the download button still says 1.0.3.
I guess there hasn't been time yet to change this since 1.0.4 is only 4 hours old. But the 1.0.3-button looks a bit silly next to the article about 1.0.4
Keep up the great work guys!
Button has been updated for several hours, i think you need to refresh your browser.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 8:38 pm
by benedikt
Oops .. you're right (again)
Well, I guess it's a perfect job then
Thanks again.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 9:13 pm
by alterego
Manoxtra wrote:Well cant say im happy with this security update.... since i did that i get the following message on my homepage [pop up message
]
overLIB 4.10 is required for the HideForm plugin.... whatever?!?
Resetting my account now to old installation... thx... will cost me 1 hour..
I installed a fresh Joomla 1.0.3 site just to test the patch before patching 30+ Joomla 1.0.3 sites, and I get the same problem when applying the patch. So... what's the work around? Could someone explain so we can patch our actual working sites?
Thanks.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 9:17 pm
by brad
Have you got a link to your site? This is not something I have seen on any sites that I have upgraded.. or even on the official Joomla sites.
Re: Discuss about : Upgrade to Joomla! 1.0.4 Security Release now!
Posted: Mon Nov 21, 2005 9:49 pm
by ProjectMayhem
yeah I'd like to see what the deal is before I upgrade all of my sites aswell. so if you find out anything please share.
