Joomla 1.0.12 Released

krusada · December 26th, 2006, 12:44 AM

Joomla! 1.0.12 [ Sunfire ] is available as of Monday the 25th of December 2006 1:00 UTC for download here.
We suggest that all Joomla! users upgrade to this version.
Joomla! 1.0.12 features:

140+ General Bug Fixes
Several low level security fixes
A full security audit of SQL queries
SSL switchover support

Although this release contains several security fixes, as they are of a low level nature, this release is still being characterized as a Stability Release. If you are running a version of Joomla! older than 1.0.11, you should upgrade immediately to at least Joomla! 1.0.11 as that release addressed several important security issues. If you are using Joomla! 1.0.11, we recommend that you upgrade to 1.0.12 as it addresses several long standing bugs and several low level security issues.
We are also pleased to announce the creation of a new Security Announcements Forum. As the name suggests, this forum will be used for security announcements for the Joomla! core and third party extensions. We strongly encourage that all Joomla! users register on forum.joomla.org and subscribe to this forum to ensure that they receive notification of important security issues as soon as possible. We also encourage you to do same for all third-party extensions you use, where available.
Release Information

1.0.12 is available as a Full Package, which contains all Joomla! files or Patch Packages which contain only the files that have changed since previous Joomla! 1.0.x version.

A More Secure Joomla!

Joomla! security is getting consistently better. We have dedicated many hours to ensuring that Joomla! is as secure as it can be. To do this, we have adopted a two sided approach that includes automated security tools and manual auditing and revision. For this release, we conducted a complete audit of all SQL queries, reviewed many aspects of our login and authentication systems, and conducted several automated scans in order to make this Joomla! release as secure as possible.
SSL Switchover Support

Joomla! 1.0.12 has reintroduced SSL switchover support. If your website is setup to serve the same files via HTTP or HTTPS you will now be able to create SSL secured logins, easily switch between secure and insecure navigation and do all of your administrative tasks via an SSL protected connection. A FAQ on how to setup these features will be available soon in the Security FAQs section of the Joomla! forums.
Joomla! Version Warning

The version warning system that was added in Joomla! 1.0.11 has been removed from Joomla! 1.0.12. This version of Joomla! is intended to be the last release in the 1.0.x series. The 1.0.x is now in security mode which means that we will not be releasing any more stability updates. There will only be another version in this series if a critical security vulnerability is discovered.
Extension Installer Warning

It is essential that you take a moment after updating the core to check if your extensions are up to date, and update them if a newer version is available.
Often newer versions address not only bugs but security issues as well. You can do this by looking in the components, modules and mambots installer pages, which display a URL to the homepage of the authors, or by checking on extensions.joomla.org.
In order to better educate our users about the security risks that can arise from installing insecure extensions, we have added a warning message at the top of the extension installers. Please remember, 3rd party extensions must be kept up to date just like Joomla! and updating your Joomla! installation(s) will not update the 3rd party extensions installed on your sites.
For a list of extensions that have known security issues please see the List of Vulnerable 3rd Party Extensions.

silversow · January 26th, 2007, 3:54 AM

I think Surpass needs to change the default value for "session.auto_start" in PHP. The current value breaks Joomla by making it impossible to log into the admin menus.

krusada · January 26th, 2007, 4:58 AM

Wow I have never had that problem with Joomla when I have been hosted with Surpass they have rocked so far...

silversow · January 26th, 2007, 12:47 PM

Are you using the latest version of Joomla? 1.0.12? Are you on a shared hosting plan? It could be that some PHP settings on just my particular server are set to the wrong values, as strange as that may be.

I just tried completely uninstalling Joomla and reinstalling it again from Fantastico. It installs fine, but again I can't log into the admin menus. In Firefox it explains that the "session.auto_start" PHP value is likely to blame. When I tried a manual install of Joomla 1.5 beta, I get lots of strange PHP errors. The install goes through, but it also warns about the "session.auto_start" setting. Since people on shared servers don't have access to PHP.ini I thus can't make the needed changes to try to fix the problem myself.

silversow · January 26th, 2007, 2:37 PM

The exact error message is this:

"You need to login. If PHP's session.auto_start setting is on or session.use_cookies setting is off, you may need to correct this before you will be able to login."

krusada · January 26th, 2007, 3:26 PM

OK mate, I will try to help you out where possible - first of all - I use shared servers too, the only thing that is different for me is I always avoid fantastico installs ie. I always do a manual install.

I have to go out right now but I will come back and try to help you out - I would also contact the helpdesk and see if they have servers with the autostart feature enabled - they are very helpful!

silversow · January 26th, 2007, 11:30 PM

Cool, thanks!

December 26th, 2006, 12:44 AM	#1 (permalink)
krusada Registered User Fresh Surpasser Joined in Mar 2006 23 posts Gave thanks: 0 Thanked 0 times	Joomla 1.0.12 Released Joomla! 1.0.12 [ Sunfire ] is available as of Monday the 25th of December 2006 1:00 UTC for download here. We suggest that all Joomla! users upgrade to this version. Joomla! 1.0.12 features: 140+ General Bug Fixes Several low level security fixes A full security audit of SQL queries SSL switchover support Although this release contains several security fixes, as they are of a low level nature, this release is still being characterized as a Stability Release. If you are running a version of Joomla! older than 1.0.11, you should upgrade immediately to at least Joomla! 1.0.11 as that release addressed several important security issues. If you are using Joomla! 1.0.11, we recommend that you upgrade to 1.0.12 as it addresses several long standing bugs and several low level security issues. We are also pleased to announce the creation of a new Security Announcements Forum. As the name suggests, this forum will be used for security announcements for the Joomla! core and third party extensions. We strongly encourage that all Joomla! users register on forum.joomla.org and subscribe to this forum to ensure that they receive notification of important security issues as soon as possible. We also encourage you to do same for all third-party extensions you use, where available. Release Information 1.0.12 is available as a Full Package, which contains all Joomla! files or Patch Packages which contain only the files that have changed since previous Joomla! 1.0.x version. 1.0.12 Download 1.0.12 Version Information 1.0.12 Changelog 1.0.12 Package file MD5 checksums A More Secure Joomla! Joomla! security is getting consistently better. We have dedicated many hours to ensuring that Joomla! is as secure as it can be. To do this, we have adopted a two sided approach that includes automated security tools and manual auditing and revision. For this release, we conducted a complete audit of all SQL queries, reviewed many aspects of our login and authentication systems, and conducted several automated scans in order to make this Joomla! release as secure as possible. SSL Switchover Support Joomla! 1.0.12 has reintroduced SSL switchover support. If your website is setup to serve the same files via HTTP or HTTPS you will now be able to create SSL secured logins, easily switch between secure and insecure navigation and do all of your administrative tasks via an SSL protected connection. A FAQ on how to setup these features will be available soon in the Security FAQs section of the Joomla! forums. Joomla! Version Warning The version warning system that was added in Joomla! 1.0.11 has been removed from Joomla! 1.0.12. This version of Joomla! is intended to be the last release in the 1.0.x series. The 1.0.x is now in security mode which means that we will not be releasing any more stability updates. There will only be another version in this series if a critical security vulnerability is discovered. Extension Installer Warning It is essential that you take a moment after updating the core to check if your extensions are up to date, and update them if a newer version is available. Often newer versions address not only bugs but security issues as well. You can do this by looking in the components, modules and mambots installer pages, which display a URL to the homepage of the authors, or by checking on extensions.joomla.org. In order to better educate our users about the security risks that can arise from installing insecure extensions, we have added a warning message at the top of the extension installers. Please remember, 3rd party extensions must be kept up to date just like Joomla! and updating your Joomla! installation(s) will not update the 3rd party extensions installed on your sites. For a list of extensions that have known security issues please see the List of Vulnerable 3rd Party Extensions.

January 26th, 2007, 4:58 AM	#3 (permalink)
krusada Registered User Fresh Surpasser Joined in Mar 2006 23 posts Gave thanks: 0 Thanked 0 times	really? Wow I have never had that problem with Joomla when I have been hosted with Surpass they have rocked so far...

January 26th, 2007, 3:26 PM	#6 (permalink)
krusada Registered User Fresh Surpasser Joined in Mar 2006 23 posts Gave thanks: 0 Thanked 0 times	OK.... OK mate, I will try to help you out where possible - first of all - I use shared servers too, the only thing that is different for me is I always avoid fantastico installs ie. I always do a manual install. I have to go out right now but I will come back and try to help you out - I would also contact the helpdesk and see if they have servers with the autostart feature enabled - they are very helpful!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

January 26th, 2007, 3:54 AM	#2 (permalink)
silversow Registered User Fresh Surpasser Joined in Sep 2003 9 posts Gave thanks: 0 Thanked 0 times	I think Surpass needs to change the default value for "session.auto_start" in PHP. The current value breaks Joomla by making it impossible to log into the admin menus.

January 26th, 2007, 12:47 PM	#4 (permalink)
silversow Registered User Fresh Surpasser Joined in Sep 2003 9 posts Gave thanks: 0 Thanked 0 times	Are you using the latest version of Joomla? 1.0.12? Are you on a shared hosting plan? It could be that some PHP settings on just my particular server are set to the wrong values, as strange as that may be. I just tried completely uninstalling Joomla and reinstalling it again from Fantastico. It installs fine, but again I can't log into the admin menus. In Firefox it explains that the "session.auto_start" PHP value is likely to blame. When I tried a manual install of Joomla 1.5 beta, I get lots of strange PHP errors. The install goes through, but it also warns about the "session.auto_start" setting. Since people on shared servers don't have access to PHP.ini I thus can't make the needed changes to try to fix the problem myself.

January 26th, 2007, 2:37 PM	#5 (permalink)
silversow Registered User Fresh Surpasser Joined in Sep 2003 9 posts Gave thanks: 0 Thanked 0 times	The exact error message is this: "You need to login. If PHP's session.auto_start setting is on or session.use_cookies setting is off, you may need to correct this before you will be able to login."

January 26th, 2007, 11:30 PM	#7 (permalink)
silversow Registered User Fresh Surpasser Joined in Sep 2003 9 posts Gave thanks: 0 Thanked 0 times	Cool, thanks!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)