Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • 2Patrick Friend
    #132159

    I had written a post about the momentum of rapid releases of new Joomla 1.5 versions ( See ” Joomla On Rapid Fire )

    So I was correct. Joomla has just released Joomla 1.5.6 !:)

    The official web site says “
    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.

    How soon will JA release the new 1.5.6 versions of the popular templates ?

    John Wesley Brett Moderator
    #265283

    Actually…this won’t impact any of the templates. This upgrade was to correct one little, bitty, tiny piece of code that is / was a MAJOR security hole in the Joomla! framework.

    You can avoid doing a full update by simply changing this one line of code…which is all this update is about:

    Patch /components/com_user/models/reset.php with the code below:

    After global $mainframe; on line 113 of reset.php, add:


    if(strlen($token) != 32) {
    $this->setError(JText::_('INVALID_TOKEN'));
    return false;
    }

    And Voila! You’re updated. MUCH simpler, quicker than uploading the update….besides, 1.5.7 is coming out soon.

    Source: Joomla! Developer

    John

    Menalto Friend
    #265286

    And i strongly advice all to upgrade asap:)

    TomC Moderator
    #265290

    <em>@2Patrick 73289 wrote:</em><blockquote>
    How soon will JA release the new 1.5.6 versions of the popular templates ?</blockquote>
    It’s very simple to upgrade your existing J 1.5.x templates oneself – though I am sure the JA Staff will work diligently toward upgrading the J 1.5 tempaltes on their servers as well.

    I’m sure the future template releases form this point forward will be complaint with the latest security release.

    2Patrick Friend
    #265294

    Yes..its just a small patch but hopefully JA will release all templates ( starting from the 2nd club template for August ) with the Joomla 1.5.6 version..

    cgc0202 Friend
    #265299

    Patrick,

    As I responded in your prior post, most of the upgrades of Joomla 1.5.x were security upgrades. The patch should not affect any template related scripts.

    As such, you can just do the following for a fresh install:

    1. Upload the unpacked Joomla 1.5.5-JA Teline II v1.5 Quick Start Kit
    2. Upload the unpacked Joomla 1.5..5 to Joomla 1.5.6 patch
    3. If you plan to do more installation, download the integrated script from the aforementioned steps — this is akin to a “Joomla 1.5.6-JA Teline II v1.5 QuickStart kit

    4. Perform installation

    If you already have a Joomla 1.5.5-JA Teline II v1.5 site, just upload the unpacked Joomla 1.5..5 to Joomla 1.5.6 patch. So far, I have not found any incompatibility when I did the latter.

    Cornelio

    2Patrick Friend
    #265340

    Hi

    Yes..I am aware its just a small patch but important from the security standpoint.

    My main point is that hopefully the new templates will be released will be under J 1.5.6 so that we dont have to undertake the patch ourselves

    John Wesley Brett Moderator
    #265375

    Well my thoughts, and this is purely my opinion, is that it is MY responsibility to make sure my instances of the Joomla! framework are up to date. If I choose to use Joomla! to develop a site, then I also accept all the risks involved in that.

    As a template house, I feel it is Joomlart’s responsibility ONLY to make sure their templates work in that framework. And that’s it. That’s what I pay them for.

    While offering a QUICKSTART version of the template, for some, is a wonderful way to get acclimated to the template…and to Joomla for beginners, I do not feel, however, it should be the be-all-end-all. And perhaps a disclaimer to that effect should be noted.

    Without such a separation of responsibilities, we would then be placing the responsibility of all of our websites on Joomlart and I think that is unreasonable and unfair. Joomlart is in the business of making templates, not updating Joomla…that’s the responsibility of Joomla.org…and on us who have chosen to use Joomla! as our framework.

    Again, just my opinion. 🙂
    John.

    cgc0202 Friend
    #265378

    <em>@2Patrick 73519 wrote:</em><blockquote>Hi

    Yes..I am aware its just a small patch but important from the security standpoint.

    My main point is that hopefully the new templates will be released will be under J 1.5.6 so that we dont have to undertake the patch ourselves</blockquote>

    I am sure they will do that Patrick. We must request new update versions of older templates — only if there are additional fixes.

    For example, the updates Joomla 1.5.4 to Joomla 1.5.5 included many fixes other than security, but there were no Joomlart Template updates since Joomla 1.5.3. Thus, the request to update everything to Joomla 1.5.4 but then Joomla 1.5.5 update was released while the plan to update to Joomla 1.5.4 was underway.

    What we need are Template Update Patch similar to Joomla Update Patch — that is more useful to users who already have working Joomla-Joomlart template sites.

    I am happy to know that you already read the post and support the initiative, those who have not read it yet, please visit and support (vote in the Polll):

    Need for Joomlart Template Fix (Patch) Update without resort to uninstall/reinstall
    http://www.joomlart.com/forums/topic/jomsocial-activity-stream/

    Those of us who already have working and highly customized website should not be uninstalling and then re-installing the entire and various components of the Joomlart template (the template itself, and various “modules”, e.g., JA News, JA News Frontpage, etc.) — because the fixes usually involve just a few files.

    All that would be needed would be to follow standard fix procedure — change the buggy files or those that need to be modified.

    Considering that significant number of new users have trouble installing the very simple “QuickStart Installation”, the “uninstall and reinstall” preferred by Joomlart to update template is just courting more trouble that translate into unneeded request for help.

    Cornelio

    TomC Moderator
    #265380

    Does anyone have an EASY way to upgrade without having to go through the tedious process of backing all kinds of stuff up just to install an upgrade? A easy step-by-step would be awesome.

    🙂

    cgc0202 Friend
    #265382

    <em>@2Patrick 73519 wrote:</em><blockquote>Hi

    Yes..I am aware its just a small patch but important from the security standpoint.

    My main point is that hopefully the new templates will be released will be under J 1.5.6 so that we dont have to undertake the patch ourselves</blockquote>

    <em>@jbrett 73569 wrote:</em><blockquote>Well my thoughts, and this is purely my opinion, is that it is MY responsibility to make sure my instances of the Joomla! framework are up to date. If I choose to use Joomla! to develop a site, then I also accept all the risks involved in that.

    As a template house, I feel it is Joomlart’s responsibility ONLY to make sure their templates work in that framework. And that’s it. That’s what I pay them for.

    While offering a QUICKSTART version of the template, for some, is a wonderful way to get acclimated to the template…and to Joomla for beginners, I do not feel, however, it should be the be-all-end-all. And perhaps a disclaimer to that effect should be noted.

    Without such a separation of responsibilities, we would then be placing the responsibility of all of our websites on Joomlart and I think that is unreasonable and unfair. Joomlart is in the business of making templates, not updating Joomla…that’s the responsibility of Joomla.org…and on us who have chosen to use Joomla! as our framework.

    Again, just my opinion. 🙂
    John.</blockquote>

    Hi John,

    Technically, I agree with you. However, from a commercial business perspective, it is not a good idea.

    First. Consider this analogy.
    If an automaker decides to use Michelin tires for their car, and it turned out to be defective — the blame lies on Michelin, but the automaker cannot say — Don’t look at me, go to Michelin. In fact, the court agreed with the customers, it was the responsibility of the automaker to not only replace the defective tires but also pay the damages. This example is not hypothetical, it actually happened leading to recall of millions of Michelin tires by many automakers.

    Second.
    You argued that it is the responsibility of Joomla, not Joomlart. Yeah, but Joomla is open source, and depends on volunteers. Joomlart is making money and lots by piggybacking on a very popular CMS. Because of Joomla — based on the work of many many volunteers — not only has Joomlart able to provide decent wages for the staff, but also earn a hefty profit for whoever owns Joomlart.

    Without the backbone of all those Joomla volunteers creating Joomla, Joomla as a commercial template company will not be in existence.

    Don’t you think it would be the moral obligation of Joomlart and other commercial companies using Joomla to use some of their profit to help identify the bugs and security flaws in the Joomla script?

    Third.
    Assuming Joomlart and and other commercial companies using Joomla do not have business conscience to accept their moral responsibility suggested in the Second rationale, it is still not a good business decision to provide a complete script that will improve and make it easier for customers to use Joomlart templates.

    I am willing to pay top dollars for a Mac computer for example, because from the first time I used computers (both those powered by Microsoft and Apple OS systems), I found it more easy to use a Mac computer — they are quite intuitive so that for the most part, I made it work without reading any manual. If something goes wrong, usually it is just a matter of turning off the computer and turning it off again. Now, if there is really something terrible that I could not solve, I have the assurance (peace of mind) that I could go to the Apple Stores in Boston to get it fixed. So far, I do not have to do that. And, if I do not know how to use a computer at all, for less than $2 I could get a one-on-one tutorial to learn how to use my Mac computer.

    Good total experience engenders loyalty. This is the reason why Apple is a 150 billion dollar company while the number one computer in the world, Dell is worth less than a third of Apple’s valuation.

    Joomlart will never become an Apple, but it could learn from Apple on how it should treat its customers — without the 20,000 customers, there will be no Joomlart.

    But that aside, let us face it, many customers ask for help because they do not do what they are doing — not just because they want to post. If each customer uses up “1 hour” of Joomlart staff time, Joomlart will go bankrupt.

    To avoid this, Joomlart must find ways so that customers who do not know what they are doing will be able to do anything that is needed as simply as possible.

    So, yeah, your perspective is technically correct, but if Joomlart will follow your advice, they will lose a lot of money (profits) by having to deploy more manpower answering questions repeatedly that should never be asked.

    If they do not respond to customers, because they follow the argument you presented, Joomlart is getting the bad reputation that their service sucks.

    Here, “perception becomes reality” that if it leaks out could put Joomlart under.

    Cornelio

    N.B.
    Just like you, this is just an opinion. In the end, it is up to Joomlart to decide what they do.

    cgc0202 Friend
    #265386

    <em>@tcraw1010 73576 wrote:</em><blockquote>Does anyone have an EASY way to upgrade without having to go through the tedious process of backing all kinds of stuff up just to install an upgrade? A easy step-by-step would be awesome.

    :)</blockquote>

    Definitely yes Tom, and it is quite simple, but it is always a good idea to at least try it first on a Sandbox (just a simple Demo miirror site, as suggested by Joomla. Also, if you are daring, the most of the Joomla upgrade “does not require” those tedious backups, but it is always good practice to do so.

    For Joomla 1.5.x upgrades, the process is “very simple”, one approach is this:

    1. Download the appropriate update patch, e.g., Joomla 1.5.5 to Joomla 1..5.6 or Joomla 1.5.0 to Joomla 1.5.6, whichever is appropriate for your site.
    2. Unpack compressed file
    3. Upload via FTP

    A detailed procedure, including alternative ways of updating, is presented in the Joomla site:

    Upgrading 1.5 from an existing 1.5x version
    http://docs.joomla.org/Upgrading_1.5_from_an_existing_1.5x_version

    Joomlart Template Update

    Joomlart should adopt a similar update for the Joomlart template, instead of the “uninstall the old – install the new” standard protocols for extensions. I posted in response to responses by some Joomlart staff, as well as wrote to them. e.g., Hung, Hainn, but they have not responded to my numerous response posts and my PM.

    So, I decided to create a separate thread and a poll to rally members to support the proposal:

    Need for Joomlart Template Fix (Patch) Update without resort to uninstall/reinstall
    http://www.joomlart.com/forums/topic/need-for-joomlart-template-fix-patch-update-without-resort-to-uninstallreinstall/

    The proposed Joomlart Template Fix (Patch) Update will make life much easier for all members, especially if those using the complex Teline II (which by the way is more stable now).

    So far, nobody was against the proposal.

    Cornelio

    reachthesky Friend
    #266655

    <em>@jbrett 73445 wrote:</em><blockquote>Actually…this won’t impact any of the templates. This upgrade was to correct one little, bitty, tiny piece of code that is / was a MAJOR security hole in the Joomla! framework.

    You can avoid doing a full update by simply changing this one line of code…which is all this update is about:

    Patch /components/com_user/models/reset.php with the code below:

    After global $mainframe; on line 113 of reset.php, add:


    if(strlen($token) != 32) {
    $this->setError(JText::_('INVALID_TOKEN'));
    return false;
    }

    And Voila! You’re updated. MUCH simpler, quicker than uploading the update….besides, 1.5.7 is coming out soon.

    Source: Joomla! Developer

    John</blockquote>
    wow, thanks for the tip

Viewing 13 posts - 1 through 13 (of 13 total)

This topic contains 13 replies, has 6 voices, and was last updated by  reachthesky 16 years, 3 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum