XOOPS: XOOPS 2.5.8 Release Candidate 1 Available

Posted by: geekwrighton 2016/3/8 18:20:00 3943 reads The XOOPS Development Team is pleased to announce the release of XOOPS 2.5.8 RC1.

This new version has numerous bug fixes and enhancements. You can download the XOOPS 2.5.8 RC1 release directly from XOOPS/XoopsCore25 on GitHub, or XOOPS Core (Beta Releases)/XOOPS_2.5.8_RC1 on SourceForge.

Please report any issues you encounter with this release so that we can make XOOPS better for everyone. If you are registered on GitHub, just open an issue. We will also monitor the XOOPS forums.


Fixes and Enhancements

Without the contributions of many, this release would not exist. A big "Thank you!" goes to everyone that has contributed. In alphabetical order, the list includes:

- Angelo Rocha
- Cédric MONTUY
- cesagonchu
- Dingjie Yang
- elpaksu
- hyp3rlinx
- luciorota
- mamba
- Peekay
- redheadedrod
- slider84
- timgno
- wppd
- xd9527
- zyspec

View the full change log here: https://github.com/XOOPS/XoopsCore25/b ... C1/docs/changelog.250.txt

Lots of effort has been put into making XOOPS better cleaner, safer and more compliant with current standards and best practices.


Security

This release includes fixes for multiple issues (CSRF, weak password hash, and directory traversal) reported by hyp3rlinx. Also, fixes for a potential privileged information disclosure issue reported by Cédric MONTUY.

Passwords are now hashed using PHP's password_hash() function. A library that brings compatibility to users with PHP versions earlier than 5.5 is included.

The new XMF library (see below) includes support for JWT, which can be very useful in securing AJAX and REST processing.


Ready for PHP 7 Testing

The world of PHP is in constant motion. The recent release of PHP 7 brings with it huge improvements, but also compatibility issues. While XOOPS 2.5.8 supports PHP 5.3.7 through the latest 5.6 release, PHP 7 support should still be considered experimental, and is released for public testing.

MySQL support using the mysql extension has been deprecated for quite a while, and PHP7 removes it completely. XOOPS 2.5.8 now uses the mysqli exclusively. Any database access using standard calls to the XoopsDatabase classes will use the newer mysqli extension. Some modules are using direct database calls through PHP mysql_* functions. These will continue to work under PHP 5, but it is recommended that module developers consider remediation of any such calls.

Another thing that changes in PHP 7 is "All of the E_STRICT notices have been reclassified to other levels." In previous XOOPS versions, E_STRICT warnings have been suppressed when using the debugging logger. These are no longer suppressed to give developers insight into what may need to be fixed. We've tried to make sure XoopsCore runs clean, but modules may produce debugging output you have not seen with earlier versions.

Custom administration themes may have issues due to a long existing bug in the XoopsSystemGui::validate() definition.


XMF Included

XOOPS Module Framework library, the XMF library, is now included, and is used in the core in several places. XMF is a library of standard classes useful in module development. It can be very useful in the near future, as all of its classes are forward compatible with the next generation of XOOPS.

Developers can learn more in the XMF Cookbook, and may want to look at the Xmfdemo module on GitHub.


Upgrade Required

There are database changes with this version. There are no new requirements for a fresh installation, but for updating an existing system, follow the recommended upgrade process. In a nut shell:

- Make a full backup of site files and database. (We've done lots of testing, but it is always best to be safe.)

- Copy the contents of the distribution htdocs directory into your web root directory.

- Copy the contents of htdocs/xoops_lib to your relocated/renamed xoops_lib as applicable.

- Copy the distribution upgrade directory into your web root directory.

- Point your browser to http://your-site-url/upgrade/ and follow the prompts.

- Log in and step through any needed updates.

- At the end, follow the link to upgrade the system module.

- Also update pm, profile and protector modules if installed.

- Remove the install and upgrade directories from your web root.

Your site should be ready to use.


--------------------------------------------------------

NOTE: Work continues on our next major release of XOOPS! To see what's coming, please check out our GitHub code repositories:

- XOOPS 2.6.0 Core

- XOOPS 2.6.0 Modules

- XOOPS 2.6.0 Roadmap


and especially the great work Eduardo (bitcero) is doing on:

- XOOPS 2.6.0 Enhanced Admin GUI


Please also check out our other Github repositories:

- XOOPS Documentation

- XOOPS current Themes

- XOOPS 2.5.x Modules

- XOOPS 2.0.14+ Themes, 3 columns

- XOOPS 2.0.14+ Themes (2 columns)

- XOOPS Theme Archive (Themes for XOOPS < 2.0.14)

- XOOPS Modules Archive