Thu

05

Nov

2009

Few important changes in 1.5.15 release

Written by Klas Berlič

To accompany the official release announcement, I would like to point out few of the most important changes in this release:

.htaccess change that prevents looking at your extensions XML files - while this was not a security hole by itself, it kept open doors for hackers to see what version of particular extension you are running. To put this fix into effect you have to uncomment (remove #) from corresponding section (lines 35-39) in htaccess.txt and rename htaccess.txt to .htaccess (or copy/paste that part into your existing .htaccess, must be inserted at the same place).
TEST before you put this on live site - if your site is serving publicly accessible XML than this is not directly usable for you - you would need to make exceptions for those files or use regex based rules for blocking. Also not usable for those without apache/mod_rewrite.

PHP 5.3.x compatibility - Joomla runs fine on PHP 5.3.x now (except of OpenID library)

Core components caching - com_weblinks and com_contact are using cache for the first time. Also com_content view cache comes with more refined caching logic, so that caching is disabled only where it needs to be (e.g. for users using filters). This should result in speed increases on high-traffic sites.

Other notable bugfixes:

  • TinyMCE is now working properly - all remaining bugs created by the recent TinyMCE upgrade should be gone now
  • Mootols were upgraded to 1.1.2 to ensure future compatibility with Firefox 3.6

 

Note:

For all that would like to enable access to XML inside their extensions, one way would be to create .htaccess in each directory that contains .xml files and put reverse rule in it (or in a directory above those directories that need exceptions - it applies to current directory and all directories bellow):

<Files ~ "\.xml$">
Allow from all
Satisfy all
</Files>

or even more explicit rule, limited only to myfile.xml:

<Files myfile.xml>
Allow from all
Satisfy all
</Files>

62 Votes

18 Comments

Feed

  1. avatar Mustaq makes this comment

    2009-11-05 14:57:00

    Thanks for explaining the XML issue in detail, just a small typo here,

    Quote:
    Mootols were upgraded to 1.12 to ensure future compatibility with Firefox 1.6


    should read Mootools and FF 3.6

  2. avatar vadim s. sabinich makes this comment

    2009-11-05 15:14:08

    russian translation: http://sabini.ch/neskolko-vazhnykh-izmenenii-v-novoi-versii-joomla-1515.html

  3. avatar ron.severdia makes this comment

    2009-11-05 15:53:49

    Good news, Klas. 8-)

    Can you maybe provide an example or link for people who are using XML files for other things and need to create exceptions in the new htaccess file?

  4. avatar vamba makes this comment

    2009-11-05 16:15:54

    Yes .....
    Provide an example for people who are using XML files 'd be really glad

  5. avatar AlexRed makes this comment

    2009-11-05 16:23:05

    Ciao Klas,
    I need to create exceptions in the new htaccess file rules, can you help me?
    My Ozio Gallery2 extension works with xml files and with this new rules doesn't work correctly :'(

  6. avatar candidosa2 makes this comment

    2009-11-05 17:38:50

    Yes
    thank you
    thay is good new

  7. avatar Stefan makes this comment

    2009-11-05 17:40:21

    Compatibility with PHP
    http://forum.joomla.org/viewtopic.php?f=432&p=1916553

  8. avatar klas.berlic makes this comment

    2009-11-05 18:09:10

    @Mustaq: fixed, thank's

    For those interested in .htaccess - one can use another set of tighter rules (see informationleak2-peter.patch here http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=18353).

    For extension developers that would like to enable access to XML inside their extensions, one way would be to create .htaccess in each directory that contains .xml files and put reverse rule in it (or in a directory above those directories that need exceptions - it applies to current directory and all directories bellow):

    Allow from all
    Satisfy all

    or even more explicit rule, limited only to myfile.xml:

    Allow from all
    Satisfy all

  9. avatar klas.berlic makes this comment

    2009-11-05 18:10:37

    Sorry, that would be (hope it works now):


  10. avatar klas.berlic makes this comment

    2009-11-05 18:15:31

    Looks comments don't allow code so I have appended it the article

  11. avatar vamba makes this comment

    2009-11-05 19:39:00

    Thanks klas.berlic

  12. avatar John makes this comment

    2009-11-06 03:26:36

    A large number of us wont really comprehend what needs to be done so Klas could do the Joomla community a great favor by writing a tutorial with good examples so that even bums like us can understand.

    Joomla security is just too important and should not be for the domain of only a users - especially now that the standard Joomla htaccess file has been updated.

  13. avatar Tibor Tóth makes this comment

    2009-11-06 10:22:41

    Just another typo:
    "Mootools were upgraded to 1.1.2" imo, not to 1.12!
    See: http://mootools.net/blog/2009/11/02/upgrade-mootools/
    Thanks, klas! :-)

  14. avatar sylver makes this comment

    2009-11-08 23:55:21

    After updating, my flash movie which uses xml, not working at all.

  15. avatar DG makes this comment

    2009-11-20 17:35:56

    Upgraded from 1.5.14 to 1.5.15

    Article Manager > Article > TinyMCE 2.0 does not appear to be functioning. The HTML editor is now gone. HTML code is now visibly inserted into my article text. Please advise.

  16. avatar klas.berlic makes this comment

    2009-11-20 17:54:02

    Thank's Tibor, fixed that.

    @Silver: for flash movie create exception like one mentioned above in the article. If you use multiple movies, store them in the same directory and create an exception for that directory.

  17. avatar Jamie makes this comment

    2009-11-25 06:51:10

    Like DG commented above, TinyMCE Editor is now having problems in 1.5.15. It mostly works, but a great deal of the buttons are missing.

    Also, the interface says TinyMCE Editor 2.0, but I believe the actual version is 3.2.6.

  18. avatar Matt makes this comment

    2010-02-02 06:50:17

    Why would you make such a radical change without previous warning to developers at least!! some of the sites are production sites, clients, deadlines, headaches etc. Should I not use the latest release? just like windows.

    I am building a new site, fresh joomla installation, and the built in :'(editors wont work!! come on guys!!

Add Comment


    • >:o
    • :-[
    • :'(
    • :-(
    • :-D
    • :-*
    • :-)
    • :P
    • :\
    • 8-)
    • ;-)

     
    ©2005-2010 Open Source Matters, Inc. All rights reserved.    Joomla Hosting by Rochen Ltd.    Empowered by JXtended    Accessibility Statement    Privacy Policy    Log in