News

XOOPS 2.5.10 Final Released

geekwright  29-Apr-2019 23:20 24601 Reads  11
XOOPS 2.5.10 Released
The XOOPS Development Team is pleased to announce the release of XOOPS 2.5.10 Final.

This version includes numerous improvements and fixes, including:
- PHP 7.3 compatibility
- MySQL 8.0 compatibility
- XMF improvements for module writers
- Security updates
- Updated libraries
- and many more fixes and updates

See the change log for more details.

You can download from GitHub.

The guide for installations and updates is available on GitBook

It is recommended to upgrade all XOOPS systems to version 2.5.10.

Thanks for all your patience and support!
Rating 4.50/5
Rating: 4.5/5 (2 votes)
Votes are disable!
Print article
user

 Re: XOOPS 2.5.10 Final Released


Thank you Richard for all your hard work and leadership on this release!
And thanks to all who contributed!
After all, XOOPS is powered by you!!!

 
user

 Re: XOOPS 2.5.10 Final Released


Great work. Thanks to all

 
user

 Re: XOOPS 2.5.10 Final Released


Thanks , installing now :)

 
user

 Re: XOOPS 2.5.10 Final Released


Hello~
The file
XoopsCore25-2.5.10\htdocs\class\mail\phpmailer\PHPMailerAutoload.php
line 45

function __autoload($classname)

This feature has been DEPRECATED as of PHP 7.2.0. Relying on this feature is highly discouraged.

Look it
https://github.com/ltb-project/self-service-password/issues/253

 
user

 Re: XOOPS 2.5.10 Final Released


Used jQuery has a security problem:

Updated in 2.5.10 : - jQuery 3.3.1 (mamba)

But: jQuery Update 3.4.0 vulnerability
Reported by: MikeNGarrett Owned by: azaozz
jQuery's latest release contains a fix for jQuery.extend which allows for unintended behavior which could lead to cross site scripting attacks.

From jQuery's 3.4.0 release notes:
jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.

This vulnerability affects all previous version of jQuery. As they mention in the release notes, "patch diffs exist to match previous jQuery versions."

jQuery 3.4.1. i sout , why outdates files in a new Xoops ?

 
user

 Re: XOOPS 2.5.10 Final Released


When i click on the Homepage on 'Download Xoops' i get the link for 2.5.9 from 2017... Who can fix that?

 
user

 Re: XOOPS 2.5.10 Final Released


jQuery 3.4.0 was released well into the XOOPS 2.5.10 release cycle. While some sources made alarming claims about the possible exploitation of the prototype pollution, jQuery itself described the change as "Minor vulnerability fix: Object.prototype pollution."

Truth is, it is a low risk exposure that has existed for a long time, and XOOPS usage of jQuery does not match the usage patterns that would be most exploitable.

But, on the other hand, there is a very significant risk in Introducing a change of that magnitude late in a release cycle. In fact, the rushed release of jQuery 3.4.0 introduced additional issues, that jQuery described 3.4.1 as "... we’ve had a few issues reported that warranted a patch release." Also note, jQuery 3.4.1 could not included in XOOPS because it was not yet released.

XOOPS 2.5.10 includes some changes which some modules in development depend on, and the delay of restarting the release cycle (which would still be going on) would have been painful and detracted from other efforts. There is always a risk/reward balance to be maintained at the product release decision.

At this point XOOPS 2.5.10 is more secure than any previous version. The planned 2.5.11 maintenance release, due in September will include an updated jQuery.

 
user

 Re: XOOPS 2.5.10 Final Released


Thanks for the (long) explanation, so we can use Xoops without problem, however i saw a post on internet about a sql injection vurnability in 2.5.9. I have send Mamba e message and a mail but didnt get any feedback so i will send you a mail, i want to know your opinion, check you PM

 
user

 Re: XOOPS 2.5.10 Final Released


Installed on server with php 5.4.16 and MySql 5.6.46 .... cool admin graph , but I noted I cannot change modules name ... when I try, name ( in menu too ) stay blank. I have also some probs in ExtGallery installation ... where I can ask some suggestion ? TY for your work , anyway

Updated ... texts disappear also when editing account ... ; I installed before the 2.5.8 version and this has not such problems ... But I cannot add ExtGallery 1.14 there ... tried with ExtGallery 1.11 but I have an error like this :

Error ErrorCall to undefined method ExtgalleryGroupPermForm::XoopsGroupPermForm()

 
user

 Re: XOOPS 2.5.10 Final Released


can i get in touch with you via email?

okenejohnprince@gmail.com

am really having a hard time with my software installation

 
user

 Re: XOOPS 2.5.10 Final Released


emilech, please describe your problems here, so we can help you.
We don't provide individual private support!

 


Login

Username:
Password:

Lost Password? Register now!

Who's Online

71 user(s) are online (1 user(s) are browsing Publisher)


Members: 0


Guests: 71


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories