Loading...
 
Print

ReleaseProcess199

Release Process 1.9.9


This release on the 1.9 branch is motivated by 2 improvements, first the release-check and also various security fixes as we had 3 diffferent analysts that reported security flaws to the security group, approximatively the same day, which is quite convenient. As this is a security release, it's done quite fast in emergency.

This release process began 3 days ago with security reports, handled by the security group, under release management of mose.

Release checks

This new feature adds 2 options in general admin panel, to enable/disable remote checks and to setup the frequecy of those checks. The checking of a new version is done with a simple http request on tikiwiki.org site, when someone with admin perms displays any admin panel.
When the check is done and a new version is found, a message is displayed in admin panels to warn there is something new, and then no further checks are performed anymore (until upgrade).
This feature is enabled by default, which is motivated by the fact that we know that people don't usually follow the Tikiwiki community activity and they take time to upgrade, just because they don't know they should (especially for security release).

Security fixes

We have 4 security fixes in that version.

  • Jesus Olmos Gonzalez, from http://www.isecauditors.com , found a possible problem of transversal path in tiki-listmovies.php
  • Mesut Timur, from http://www.h-labs.org , reported an XSS vulnerability in tiki-special_chars.php
  • redflo (from security group) also took the occasion to find other flaws, in tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php

Quick security protection

If you can't upgrade, you can secure your versiobn of tikiwiki by:

  • disable deatures : edit css, games, galaxia
  • erase files tiki-listmovies.php (which is not used except very exceptionaly by people that know their stuff) and tiki-special_chars.php (which is used in quicktags to popup a small widget to input special characters with odd accents).

Changes

  • wikiplugin group backported from 1.10
  • improvement of wiki help on editpage
  • new forum import feature (from tiki to tiki forums)
  • some galaxia improvement
  • module tail moved to mods
  • fix in tracker ratings
  • start of a new translation: bulgarian (bg)
  • more translation for portuguese brazilian (pt-br)
  • fixes in french (fr) translation



Contributors to this page: Mose .
Page last modified on Saturday 22 December 2007 03:09:29 UTC by Mose.

Subscribe to Tiki Newsletters! [Toggle] [Toggle Vertically]

Delivered fresh to your email inbox!
Newsletter subscribe icon
Don't miss major announcements and other news!
Contribute to Tiki

Why Register? [Toggle] [Toggle Vertically]

Register at tiki.org and you'll be able to use it at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.

Shoutbox [Toggle] [Toggle Vertically]

Torsten Fabricius, 09:54 UTC, Wed 19 Feb 2014: Hello everybody, please mind the ((TikiFestSysadmin2014)) in August. Mainly meant for the Sysadmins, which are located in and near Germany (and France), active community members from Canada are expected to be attending.
luciash d' being, 12:28 UTC, Wed 01 Jan 2014: Happy New Year ! :-)
luciash d' being, 14:00 UTC, Sun 27 Oct 2013: @ricks99: there is a regression bug in Tiki resetting the avatars to the default one imho
Rick, 16:56 UTC, Wed 31 Jul 2013: What happened to the avatars?
Jonny Bradley, 12:44 UTC, Wed 10 Apr 2013: Biggest TikiFest in ages starts tomorrow [Link]