Page 1 of 1

Joomla! 1.0.6 Security out now!

Posted: Sun Jan 15, 2006 4:59 pm
by stingrey
**********************************
IMPORTANT
Due to a major bug discovered in 1.0.6 just after its release, 1.0.7 will be released shortly.

We advise you not to install or upgrade to 1.0.6, but instead wait for 1.0.7 and upgrade to that.
Information on how to fix the bug is found here:
http://forum.joomla.org/index.php/topic ... #msg173432

**********************************


Joomla! 1.0.6 [ Sunscreen ] is now available as of Sunday 15th January 2006 16:00 UTC for download here. This is a Security Release, which means it contains nine (9) `Low Level` Security Fixes, and seventy (70) plus minor/non-critical bug fixes. We recommend that you upgrade to this version.

1.0.6 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security & Bug Fix work conducted.

To ensure the integrity of the files you are downloading you are advised only to download from the 'Official Source' on the Official Joomla! Forge.  As a extra security measure we now make public the MD5 checksum of the respective package files to allow people to do integrity checking.

1.0.6 Changelog
1.0.6 Version Information
1.0.6 File MD5 checksums



**************************
Due to technical difficulties 1.0.6 Packages are currently available only in zip format.
Once our technical problems have been resolved packages will be available in tar and bzip2 formats

**************************
....


Read more here:
http://www.joomla.org/content/view/727/74/

Discuss here:
http://forum.joomla.org/index.php/topic,30533.0.html

Re: Joomla! 1.0.6 Security out now!

Posted: Sun Jan 15, 2006 7:38 pm
by stingrey
IMPORTANT

There is a serious bug in 1.0.6 that will cause the database password to be overwritten once you go into the Global Configuration and click `save` - causing a site to immediatly going offline.  To correct, you need to manually edit your configuration.php file (in your sites root directory) and look for this line:
$mosConfig_password = '';

And edit with your password like so:
$mosConfig_password = 'password';


I advise immediately updating to 1.0.7 if you are using 1.0.6 - when it is released.
If you are using an older version, hold off upgrading until 1.0.7 is released.

1.0.7 will be released within the hour.



I accept full responsibility for the error in 1.0.6 that has caused 1.0.7s immediate release.
It was me who introduced the code (after the Beta had been released to the coders) and it was me who had final responsibility for testing and packaging 1.0.6.