Joomla! 1.0.6 Security out now!

Announcements from the Joomla! Core Team for the attention of all Users. We encourage all Joomla! users to check for any new posts in this forum regularly.
Post Reply
User avatar
stingrey
Joomla! Engineer
Joomla! Engineer
Posts: 360
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Joomla! 1.0.6 Security out now!

Post by stingrey » Sun Jan 15, 2006 4:59 pm

**********************************
IMPORTANT
Due to a major bug discovered in 1.0.6 just after its release, 1.0.7 will be released shortly.

We advise you not to install or upgrade to 1.0.6, but instead wait for 1.0.7 and upgrade to that.
Information on how to fix the bug is found here:
http://forum.joomla.org/index.php/topic ... #msg173432

**********************************


Joomla! 1.0.6 [ Sunscreen ] is now available as of Sunday 15th January 2006 16:00 UTC for download here. This is a Security Release, which means it contains nine (9) `Low Level` Security Fixes, and seventy (70) plus minor/non-critical bug fixes. We recommend that you upgrade to this version.

1.0.6 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security & Bug Fix work conducted.

To ensure the integrity of the files you are downloading you are advised only to download from the 'Official Source' on the Official Joomla! Forge.  As a extra security measure we now make public the MD5 checksum of the respective package files to allow people to do integrity checking.

1.0.6 Changelog
1.0.6 Version Information
1.0.6 File MD5 checksums



**************************
Due to technical difficulties 1.0.6 Packages are currently available only in zip format.
Once our technical problems have been resolved packages will be available in tar and bzip2 formats

**************************
....


Read more here:
http://www.joomla.org/content/view/727/74/

Discuss here:
http://forum.joomla.org/index.php/topic,30533.0.html
Last edited by stingrey on Sun Jan 15, 2006 7:44 pm, edited 1 time in total.
Joomla! Core Team Member
Software Coding and Design - Stability Team Leader

God grant me the Serenity to Accept the things I cannot change, the Courage to change the things I can and the Wisdom to know the Difference.

User avatar
stingrey
Joomla! Engineer
Joomla! Engineer
Posts: 360
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Re: Joomla! 1.0.6 Security out now!

Post by stingrey » Sun Jan 15, 2006 7:38 pm

IMPORTANT

There is a serious bug in 1.0.6 that will cause the database password to be overwritten once you go into the Global Configuration and click `save` - causing a site to immediatly going offline.  To correct, you need to manually edit your configuration.php file (in your sites root directory) and look for this line:
$mosConfig_password = '';

And edit with your password like so:
$mosConfig_password = 'password';


I advise immediately updating to 1.0.7 if you are using 1.0.6 - when it is released.
If you are using an older version, hold off upgrading until 1.0.7 is released.

1.0.7 will be released within the hour.



I accept full responsibility for the error in 1.0.6 that has caused 1.0.7s immediate release.
It was me who introduced the code (after the Beta had been released to the coders) and it was me who had final responsibility for testing and packaging 1.0.6.
Last edited by stingrey on Sun Jan 15, 2006 7:52 pm, edited 1 time in total.
Joomla! Core Team Member
Software Coding and Design - Stability Team Leader

God grant me the Serenity to Accept the things I cannot change, the Courage to change the things I can and the Wisdom to know the Difference.


Post Reply