XOOPS

XOOPS 2.5.8 Release Candidate 2 Available

geekwright  12-Mar-2016 19:35 5590 Reads   12 Comment(s) 
Fixes and Enhancements

Without the contributions of many, this release would not exist. A big "Thank you!" goes to everyone that has contributed. In alphabetical order, the list includes:

- Angelo Rocha
- Cédric MONTUY
- cesagonchu
- Dingjie Yang
- elpaksu
- hyp3rlinx
- luciorota
- mamba
- Peekay
- redheadedrod
- slider84
- timgno
- wppd
- xd9527
- zyspec

View the full change log here: https://github.com/XOOPS/XoopsCore25/blob/v2.5.8-RC2/docs/changelog.250.txt

Lots of effort has been put into making XOOPS better cleaner, safer and more compliant with current standards and best practices.


Security

This release includes fixes for multiple issues (CSRF, weak password hash, and directory traversal) reported by hyp3rlinx. Also, fixes for a potential privileged information disclosure issue reported by Cédric MONTUY.

Passwords are now hashed using PHP's password_hash() function. A library that brings compatibility to users with PHP versions earlier than 5.5 is included.

The new XMF library (see below) includes support for JWT, which can be very useful in securing AJAX and REST processing.


Ready for PHP 7 Testing

The world of PHP is in constant motion. The recent release of PHP 7 brings with it huge improvements, but also compatibility issues. While XOOPS 2.5.8 supports PHP 5.3.7 through the latest 5.6 release, PHP 7 support should still be considered experimental, and is released for public testing.

MySQL support using the mysql extension has been deprecated for quite a while, and PHP7 removes it completely. XOOPS 2.5.8 now uses the mysqli exclusively. Any database access using standard calls to the XoopsDatabase classes will use the newer mysqli extension. Some modules are using direct database calls through PHP mysql_* functions. These will continue to work under PHP 5, but it is recommended that module developers consider remediation of any such calls.

Another thing that changes in PHP 7 is "All of the E_STRICT notices have been reclassified to other levels." In previous XOOPS versions, E_STRICT warnings have been suppressed when using the debugging logger. These are no longer suppressed to give developers insight into what may need to be fixed. We've tried to make sure XoopsCore runs clean, but modules may produce debugging output you have not seen with earlier versions.

Custom administration themes may have issues due to a long existing bug in the XoopsSystemGui::validate() definition.


XMF Included

XOOPS Module Framework library, the XMF library, is now included, and is used in the core in several places. XMF is a library of standard classes useful in module development. It can be very useful in the near future, as all of its classes are forward compatible with the next generation of XOOPS.

Developers can learn more in the XMF Cookbook, and may want to look at the Xmfdemo module on GitHub.


Upgrade Required

There are database changes with this version. There are no new requirements for a fresh installation, but for updating an existing system, follow the recommended upgrade process. In a nut shell:

- Make a full backup of site files and database. (We've done lots of testing, but it is always best to be safe.)

- Copy the contents of the distribution htdocs directory into your web root directory.

- Copy the contents of htdocs/xoops_lib to your relocated/renamed xoops_lib as applicable.

- Copy the distribution upgrade directory into your web root directory.

- Point your browser to http://your-site-url/upgrade/ and follow the prompts.

- Log in and step through any needed updates.

- At the end, follow the link to upgrade the system module.

- Also update pm, profile and protector modules if installed.

- Remove the install and upgrade directories from your web root.

Your site should be ready to use.


--------------------------------------------------------

NOTE: Work continues on our next major release of XOOPS! To see what's coming, please check out our GitHub code repositories:

- XOOPS 2.6.0 Core

- XOOPS 2.6.0 Modules

- XOOPS 2.6.0 Roadmap


and especially the great work Eduardo (bitcero) is doing on:

- XOOPS 2.6.0 Enhanced Admin GUI


Please also check out our other Github repositories:

- XOOPS Documentation

- XOOPS current Themes

- XOOPS 2.5.x Modules

- XOOPS 2.0.14+ Themes, 3 columns

- XOOPS 2.0.14+ Themes (2 columns)

- XOOPS Theme Archive (Themes for XOOPS < 2.0.14)

- XOOPS Modules Archive

Rating 0/5
Rating: 0/5 (0 votes)
Voting is disabled!


Login

Who's Online

279 user(s) are online (1 user(s) are browsing Publisher)


Members: 0


Guests: 279


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories