0
Welcome Guest! Login
0 items Join Now

UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    • Barbara's Avatar
    • Barbara
    • Newbie
    • Posts: 17
    • Thanks: 0

    UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • As from thier site Tuesday August 29, 2006
      Welcome to Joomla!
      Upgrade immediately to Joomla! 1.0.11
      Tuesday, 29 August 2006
      Joomla! 1.0.11 [ Sunbird ] is now available as of Monday 28th August 2006 24:00 UTC for download here. and is being designated a Critical Security Release.

      All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla!

      1.0.11 contains the following critical security fixes:

      04 High Level Security Fixes
      04 Medium Level Security Fixes
      18 Low Level security

      25 General bug fixes
      If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.11 as soon as possible.


      1.0.11 Download
      1.0.11 Version Information
      1.0.11 Changelog

      1.0.11 Package File MD5 checksums
      Project Joomla! is and has always been fully committed to a Security First Principle and new intiatives have and will continue to be started to reinforce and continue this principle. Joomla! 1.0.11 highlights a redoubled effort to put Security at the forefront of everyones lexicon.

      www.joomla.org/

      Thought this information is vital to the rocket theme community ;)
    • Donna Norris's Avatar

    Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • Thanks for the heads up on this, I just recently installed Joomla for a new site and probably wouldn't have checked it in quite some time. (I vote for a sticky on this as this is a Joomla oriented site)
    • Dave Goodwin's Avatar
    • Dave Goodwin
    • Elite Rocketeer
    • Posts: 1472
    • Thanks: 4
    • Howdy!!

    Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • I upgraded to the latest Joomla, but now I can't edit my Site Mambots. Now when I click on one I get 'Access Resticted'. It doesn't allow me to go any further. Any idea what's going on?

      dave
    • "I'm an individual, just like everyone else."
    • Steve N's Avatar

    Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • I'm hesitant to "upgrade" because the last time I did I forgot one or two files and like you, David, my mambots started giving me problems. The advice I received from JoomlaShack (yes, the competitor, I started out using their template) was to reinstall EVERYTHING. That is, to transfer all the files from a new full version of the latest Joomla. I did and now everything is fine. But man was that a pain. It took forever.

      The hard part is to go back and say ok, now which file is suppose to go here because different Joomla versions upgraded different files. So as painful as it is, unless there are better ways (which I hope), you might have to do what I did. Good luck. Let us know how it goes.
    • Barbara's Avatar
    • Barbara
    • Newbie
    • Posts: 17
    • Thanks: 0

    Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • Dave Goodwin's Avatar
    • Dave Goodwin
    • Elite Rocketeer
    • Posts: 1472
    • Thanks: 4
    • Howdy!!

    Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • Thanks Barbara. The Fix worked the second time. I hope I don't run into other issues!

      It's my thought that in anticipation of Joomla 1.5, the Joomla folks are trying to get people used to the stringent requirements for security by releasiing a version on 1.0.x that leads one to those requirements. You think?

      dave

      Onward and Upward!

      dave :)
    • Last Edit: 18 years 2 months ago by .
    • "I'm an individual, just like everyone else."
  • Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • I upgraded 14 sites last night without a hitch. I don't use many add on modules because I worry about the people who make them. I added all the security upgrades that Joomla suggested. That included the edit in the globals.php and editing the servers php.ini.

      I did have one minor problem when I edited the servers php.ini. One of my clients had an OScommerce shopping cart on his web page. I had cautioned him to update it and he said he would keep it updated. Well, he couldn't open the cart after the php.ini edit and wanted me to change it back. I told him he would have to either update or move his web site. Two hours later it was working fine.

      I only mentioned all of this because I don't want anyone to hesitate about up grading for security reasons. If the upgrade breaks a component then you should look at upgrading or getting rid of the component. The Joomla people are real good but the people building components worry me a lot.

      Ray
    • Last Edit: 18 years 2 months ago by Raymond Basso.
  • Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • This security update dealt with some REAL issues and there has been a real rash of cracks into Joomla Sites of late.

      Do the update! Go through the list of vulnerable components and update them or delete them. It seems that many of the intrusions were through vulnerable add-ons! Take care of the globals issues!

      Another thing you need to do is open globals.php and find the text:
      define( 'RG_EMULATION', 1 );

      and change the 1 to a 0.

      With many servers, you can turn off the register_globals by opening the .htaccess file in your Joomla folder and add the text:
      php_flag register_globals off
      .

      If you can do that--you are done.

      Most of it went smoothly--except my site on a server with phpsuexec. With that server, I couldn't turn off the register_globals through the .htaccess.

      I had to insert a modified php.ini file into every directory with a php file to make it truly secure (warning: the register_globals warning can possibly disappear even though you have not totally secured the site! Once the php.ini is in the administator directory, it assumes it is everywhere it needs to be!).

      This may sound daunting, but there are scripts:

      tips-scripts.com/?tip=php_ini#tip

      The script on this site, grabs the server's php.ini, modifies it as you specify in the $parm lines, and put a copy in your public_html folder.

      tips-scripts.com/?tip=php_ini_copy#tip

      This script takes the modified php.ini file and copies it into all the subdirectories for you!

      I had trouble configuring it to work, but I came close. Fortunately a very helpful person at my host provider (Can I mention their name?) looked at the scripts, made the needed modifications, loaded them and ran them for me! He left copies on my server space so that I could run them whenever I need to (like when adding new components!).

      Steve
    • Barbara's Avatar
    • Barbara
    • Newbie
    • Posts: 17
    • Thanks: 0

    Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • also

      if you don't have a php.ini file

      you can request your WEBHOSTING PROVIDER to change the following setting

      PHP register_globals setting is `ON`

      to OFF
  • Re: UPGRADE IMMEDIATELY to Joomla 1.0.11 due to vulnerablities re: joomla.org

    Posted 18 years 2 months ago
    • Barbara wrote:
      also

      if you don't have a php.ini file

      you can request your WEBHOSTING PROVIDER to change the following setting

      PHP register_globals setting is `ON`

      to OFF


      Yes--that is the ideal solutions--if they will. Many, though, will say NO (like mine). No harm in asking!

      I can't wait to work my way up to a dedicated server ;)!

      Steve

Time to create page: 0.057 seconds