The XOOPS Development Team is pleased to announce the release of XOOPS 2.5.8.
Highlights: PHP7 ready, XMF included, Security updates, Bcrypt passwords
This new version has numerous bug fixes and enhancements. You can download the XOOPS 2.5.8 Final release directly from XOOPS/XoopsCore25 on GitHub, or XOOPS Core (stable releases)/XOOPS_2.5.8 on SourceForge.
Important note: XOOPS 2.5.8 requires some database updates for full function. Be sure to follow the instructions below under Upgrade Required if you are updating an existing system.
Much attention was given to keeping the same system requirements between XOOPS 2.5.7 and 2.5.8.
The minimum PHP version is 5.3.7, while use of a currently supported PHP version, 5.5 or higher, is strongly recommended. XOOPS 2.5.8 will be the last XOOPS version to support PHP 5.3 and 5.4.
MySQL versions 5.0 or higher are required, with version 5.5 or above (or compatible MariaDB version) recommended.
Please Report Any Issues
Please report any issues you encounter with this release so that we can make XOOPS better for everyone. If you are registered on GitHub, just open an issue. We will also monitor the XOOPS forums.
Fixes and Enhancements
Without the contributions of many, this release would not exist. A big "Thank you!" goes to everyone that has contributed. In alphabetical order, the list includes:
- Angelo Rocha
- Cédric MONTUY
- Dingjie Yang
View the full change log here on GitHub.
Lots of effort has been put into making XOOPS better, cleaner, safer and more compliant with current standards and best practices.
This release includes fixes for multiple issues (CSRF, weak password hash, and directory traversal) reported by hyp3rlinx. Also, fixes for a potential privileged information disclosure issue reported by Cédric MONTUY.
Passwords are now hashed using PHP's password_hash() function. A library that brings compatibility to users with PHP versions earlier than 5.5 is included.
The new XMF library (see below) includes support for JWT, which can be very useful in securing AJAX and REST processing.
Ready for PHP 7
The world of PHP is in constant motion. The recent release of PHP 7 brings with it huge improvements, but also compatibility issues. The very popular Ubuntu server in it's 2016.04 LTS release uses PHP 7 by default - and XOOPS is now ready. There are some growing pains though.
MySQL support using the mysql extension has been deprecated for quite a while, and PHP7 removes it completely. XOOPS 2.5.8 now uses the mysqli exclusively. Any database access using standard calls to the XoopsDatabase classes will use the newer mysqli extension. Some modules are using direct database calls through PHP mysql_* functions. These will continue to work under PHP 5, but it is recommended that module developers consider remediation of any such calls.
Another thing that changes in PHP 7 is "All of the E_STRICT notices have been reclassified to other levels." In previous XOOPS versions, E_STRICT warnings have been suppressed when using the debugging logger. These are no longer suppressed to give developers insight into what may need to be fixed. We've tried to make sure XoopsCore runs clean, but modules may produce debugging output you have not seen with earlier versions.
Custom administration themes may have issues due to a long existing bug in the XoopsSystemGui::validate() definition.
XOOPS Module Framework library, the XMF library, is now included, and is used in the core in several places. XMF is a library of standard classes useful in module development. It can be very useful in the near future, as all of its classes are forward compatible with the next generation of XOOPS.
Developers can learn more in the XMF Cookbook, and may want to look at the Xmfdemo module on GitHub.
IPv6 is supported in core.
XOOPS no longer ships with Flash banners, and instead uses HTML5.
Lots of updates, clean ups and fixes.
There are database changes with this version. There are no new requirements for a fresh installation, but for updating an existing system, follow the recommended upgrade process. In a nut shell:
- Make a full backup of site files and database. (We've done lots of testing, but it is always best to be safe.)
- Copy the contents of the distribution htdocs directory into your web root directory.
- Copy the contents of htdocs/xoops_lib to your relocated/renamed xoops_lib as applicable.
- Copy the distribution upgrade directory into your web root directory.
- Point your browser to http://your-site-url/upgrade/ and follow the prompts.
- Log in and step through any needed updates.
- At the end, follow the link* to upgrade the system module.
- Also update pm, profile and protector modules if installed.
- Remove the install and upgrade directories from your web root.
Your site should be ready to use.
* There are several template changes in 2.5.8, so it may be difficult to navigate the system until the system module is updated. If you missed the link at the end of the updater, you can use direct access it with:
* Please Note: The new passwords are incompatible with older XOOPS systems - in the database they are longer and use radically different hashing mechanisms. Moving forward is automatic, but going backward takes manual intervention.
Modules Updated for XOOPS 2.5.8
While older module versions are still broadly compatible with XOOPS 2.5.8, a number of modules have been updated specifically for this new release and are available for testing on XOOPS 2.5.8 and PHP 7. Also, be sure to check out our XOOPS 2.5.x Modules on GitHub.