XOOPS 
News
News Index News Modules Developers Hacks Themes Archive Submit News
  1. Publisher
  2. XOOPS
  3. News
  4. XOOPS 2.5.10 Final Released
News

XOOPS 2.5.10 Final Released

geekwright  29-Apr-2019 23:20 30186 Reads   11 Comment(s) 
XOOPS 2.5.10 Released
This version includes numerous improvements and fixes, including:
- PHP 7.3 compatibility
- MySQL 8.0 compatibility
- XMF improvements for module writers
- Security updates
- Updated libraries
- and many more fixes and updates

See the change log for more details.

You can download from GitHub.

The guide for installations and updates is available on GitBook

It is recommended to upgrade all XOOPS systems to version 2.5.10.

Thanks for all your patience and support!
Rating 4.50/5
Rating: 4.5/5 (2 votes)
Voting is disabled!
Items by the same author
user

 Re: XOOPS 2.5.10 Final Released

 Mamba   Published 04/30/2019 3:50   Updated 04/30/2019 3:51   Moderator   Joined 04/23/2004   Comments 11409    

Thank you Richard for all your hard work and leadership on this release!
And thanks to all who contributed!
After all, XOOPS is powered by you!!!

 
user

 Re: XOOPS 2.5.10 Final Released

 goffy   Published 04/30/2019 10:16   Just can't stay away   Joined 12/27/2010   Comments 543    

Great work. Thanks to all

 
user

 Re: XOOPS 2.5.10 Final Released

 Yurdal   Published 04/30/2019 18:07   Friend of XOOPS   Joined 03/27/2005   Comments 386    

Thanks , installing now :)

 
user

 Re: XOOPS 2.5.10 Final Released

 cadch   Published 05/17/2019 2:47   Updated 10/27/2019 8:38   Just popping in   Joined 12/17/2007   Comments 51    

Hello~
The file
XoopsCore25-2.5.10\htdocs\class\mail\phpmailer\PHPMailerAutoload.php
line 45

function __autoload($classname)

This feature has been DEPRECATED as of PHP 7.2.0. Relying on this feature is highly discouraged.

Look it
https://github.com/ltb-project/self-service-password/issues/253

 
user

 Re: XOOPS 2.5.10 Final Released

 Yurdal   Published 05/22/2019 15:12   Updated 05/22/2019 15:18   Friend of XOOPS   Joined 03/27/2005   Comments 386    

Used jQuery has a security problem:

Updated in 2.5.10 : - jQuery 3.3.1 (mamba)

But: jQuery Update 3.4.0 vulnerability
Reported by: MikeNGarrett Owned by: azaozz
jQuery's latest release contains a fix for jQuery.extend which allows for unintended behavior which could lead to cross site scripting attacks.

From jQuery's 3.4.0 release notes:
jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.

This vulnerability affects all previous version of jQuery. As they mention in the release notes, "patch diffs exist to match previous jQuery versions."

jQuery 3.4.1. i sout , why outdates files in a new Xoops ?

 
user

 Re: XOOPS 2.5.10 Final Released

 poehoes   Published 05/23/2019 12:04   Friend of XOOPS   Joined 03/27/2003   Comments 29    

When i click on the Homepage on 'Download Xoops' i get the link for 2.5.9 from 2017... Who can fix that?

 
user

 Re: XOOPS 2.5.10 Final Released

 geekwright   Published 05/23/2019 18:41   Quite a regular   Joined 10/15/2010   Comments 314    

jQuery 3.4.0 was released well into the XOOPS 2.5.10 release cycle. While some sources made alarming claims about the possible exploitation of the prototype pollution, jQuery itself described the change as "Minor vulnerability fix: Object.prototype pollution."

Truth is, it is a low risk exposure that has existed for a long time, and XOOPS usage of jQuery does not match the usage patterns that would be most exploitable.

But, on the other hand, there is a very significant risk in Introducing a change of that magnitude late in a release cycle. In fact, the rushed release of jQuery 3.4.0 introduced additional issues, that jQuery described 3.4.1 as "... we’ve had a few issues reported that warranted a patch release." Also note, jQuery 3.4.1 could not included in XOOPS because it was not yet released.

XOOPS 2.5.10 includes some changes which some modules in development depend on, and the delay of restarting the release cycle (which would still be going on) would have been painful and detracted from other efforts. There is always a risk/reward balance to be maintained at the product release decision.

At this point XOOPS 2.5.10 is more secure than any previous version. The planned 2.5.11 maintenance release, due in September will include an updated jQuery.

 
user

 Re: XOOPS 2.5.10 Final Released

 Yurdal   Published 05/23/2019 22:09   Friend of XOOPS   Joined 03/27/2005   Comments 386    

Thanks for the (long) explanation, so we can use Xoops without problem, however i saw a post on internet about a sql injection vurnability in 2.5.9. I have send Mamba e message and a mail but didnt get any feedback so i will send you a mail, i want to know your opinion, check you PM

 
user

 Re: XOOPS 2.5.10 Final Released

 Lupin   Published 07/02/2019 10:29   Updated 08/19/2019 5:01   Just popping in   Joined 06/01/2007   Comments 92    

Installed on server with php 5.4.16 and MySql 5.6.46 .... cool admin graph , but I noted I cannot change modules name ... when I try, name ( in menu too ) stay blank. I have also some probs in ExtGallery installation ... where I can ask some suggestion ? TY for your work , anyway

Updated ... texts disappear also when editing account ... ; I installed before the 2.5.8 version and this has not such problems ... But I cannot add ExtGallery 1.14 there ... tried with ExtGallery 1.11 but I have an error like this :

Error ErrorCall to undefined method ExtgalleryGroupPermForm::XoopsGroupPermForm()

 
user

 Re: XOOPS 2.5.10 Final Released

 emilech   Published 10/28/2019 19:27   Just popping in   Joined 10/28/2019   Comments 2    

can i get in touch with you via email?

okenejohnprince@gmail.com

am really having a hard time with my software installation

 
user

 Re: XOOPS 2.5.10 Final Released

 Mamba   Published 11/03/2019 3:16   Moderator   Joined 04/23/2004   Comments 11409    

emilech, please describe your problems here, so we can help you.
We don't provide individual private support!

 

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Comments

Who's Online

179 user(s) are online (13 user(s) are browsing Publisher)

Members: 0

Guests: 179

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories

XOOPS Newsletter