tw.o : Tikiwiki CMS : ReleaseProcess199

Release Process 1.9.9

This release on the 1.9 branch is motivated by 2 improvements, first the release-check and also various security fixes as we had 3 diffferent analysts that reported security flaws to the security group, approximatively the same day, which is quite convenient. As this is a security release, it's done quite fast in emergency.

This release process began 3 days ago with security reports, handled by the security group, under release management of mose.

Release checks

This new feature adds 2 options in general admin panel, to enable/disable remote checks and to setup the frequecy of those checks. The checking of a new version is done with a simple http request on tikiwiki.org site, when someone with admin perms displays any admin panel.
When the check is done and a new version is found, a message is displayed in admin panels to warn there is something new, and then no further checks are performed anymore (until upgrade).
This feature is enabled by default, which is motivated by the fact that we know that people don't usually follow the Tikiwiki community activity and they take time to upgrade, just because they don't know they should (especially for security release).

Security fixes

We have 4 security fixes in that version.

Jesus Olmos Gonzalez, from http://www.isecauditors.com, found a possible problem of transversal path in tiki-listmovies.php
Mesut Timur, from http://www.h-labs.org, reported an XSS vulnerability in tiki-special_chars.php
redflo (from security group) also took the occasion to find other flaws, in tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php

Quick security protection

If you can't upgrade, you can secure your versiobn of tikiwiki by:

disable deatures : edit css, games, galaxia
erase files tiki-listmovies.php (which is not used except very exceptionaly by people that know their stuff) and tiki-special_chars.php (which is used in quicktags to popup a small widget to input special characters with odd accents).

Changes

wikiplugin group backported from 1.10
improvement of wiki help on editpage
new forum import feature (from tiki to tiki forums)
some galaxia improvement
module tail moved to mods
fix in tracker ratings
start of a new translation: bulgarian (bg)
more translation for portuguese brazilian (pt-br)
fixes in french (fr) translation

Contributors to this page: mose .
Page last modified on Saturday 22 December, 2007 04:09:29 CET by mose .

Category: Release

SourceHistory

Search Wiki PageName

What theme do you use the most?

To help determine the themes to include in the next Tiki release, please indicate what theme you now use (or use most). (Login necessary to vote.)

What theme do you use?
Cookies must be allowed to vote

Chatroom

Click here to login to the TikiWiki IRC chatroom

Pop ups must be allowed by your browser.

Last 15 changes

...more

Shoutbox

Darkbee : Apparently there was a power outage that caused some down-time.

Darkbee : Has there been problems with the tikiwiki.org site? I haven't been able to get on all morning.

amateurathlete : I have 1.9.10.1 now, should I bother upgrading to 1.9.11 before 2.0 is officially released?

Darkbee : Have I missed an announcement about 1.10 becoming 2.0?

Frodoger : twversion.class.php how to disable? Our tikiwiki don#t has internet access

CodyLoco : @marclaporte: Is this a finished feature in 1.10? I'm running 1.10 on my site: www.clipsharewiki.com

marclaporte : CodyLoco: coming soon (1.10), yes

Oswaldo1965 :

Oswaldo1965 : I get this error, help The XML page cannot be displayed. Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.

Oswaldo1965 : i get this error, 2nd part. Only one top level element is allowed in an XML document. Error processing resource '[Link] Undefined variable: categories in /data/16/1/35/106/1524595/