Fixes and EnhancementsWithout the contributions of many, this release would not exist. A big "
Thank you!" goes to everyone that has contributed. In alphabetical order, the list includes:
- Angelo Rocha
- Cédric MONTUY
- cesagonchu
- Dingjie Yang
- elpaksu
- hyp3rlinx
- luciorota
- mamba
- Peekay
- redheadedrod
- slider84
- timgno
- wppd
- xd9527
- zyspec
View the full change log here:
https://github.com/XOOPS/XoopsCore25/blob/v2.5.8-RC2/docs/changelog.250.txtLots of effort has been put into making XOOPS better cleaner, safer and more compliant with current standards and best practices.
SecurityThis release includes fixes for multiple issues (CSRF, weak password hash, and directory traversal) reported by hyp3rlinx. Also, fixes for a potential privileged information disclosure issue reported by Cédric MONTUY.
Passwords are now hashed using PHP's
password_hash() function. A library that brings compatibility to users with PHP versions earlier than 5.5 is included.
The new XMF library (see below) includes support for
JWT, which can be very useful in securing AJAX and REST processing.
Ready for PHP 7 TestingThe world of PHP is in constant motion. The recent release of PHP 7 brings with it huge improvements, but also compatibility issues. While XOOPS 2.5.8 supports PHP 5.3.7 through the latest 5.6 release, PHP 7 support should still be considered experimental, and is released for public testing.
MySQL support using the
mysql extension has been deprecated for quite a while, and PHP7 removes it completely. XOOPS 2.5.8 now uses the
mysqli exclusively. Any database access using standard calls to the XoopsDatabase classes will use the newer
mysqli extension. Some modules are using direct database calls through PHP
mysql_* functions. These will continue to work under PHP 5, but it is recommended that module developers consider remediation of any such calls.
Another thing that changes in PHP 7 is "
All of the E_STRICT notices have been reclassified to other levels." In previous XOOPS versions, E_STRICT warnings have been suppressed when using the debugging logger. These are no longer suppressed to give developers insight into what may need to be fixed. We've tried to make sure XoopsCore runs clean, but modules may produce debugging output you have not seen with earlier versions.
Custom administration themes may have issues due to a long existing bug in the XoopsSystemGui::validate() definition.
XMF IncludedXOOPS Module Framework library, the
XMF library, is now included, and is used in the core in several places. XMF is a library of standard classes useful in module development. It can be very useful in the near future, as all of its classes are forward compatible with the next generation of XOOPS.
Developers can learn more in the
XMF Cookbook, and may want to look at the
Xmfdemo module on GitHub.
Upgrade RequiredThere are database changes with this version. There are no new requirements for a fresh installation, but for updating an existing system, follow the recommended
upgrade process. In a nut shell:
- Make a full backup of site files and database. (We've done lots of testing, but it is always best to be safe.)
- Copy the contents of the distribution
htdocs directory into your web root directory.
- Copy the contents of
htdocs/xoops_lib to your relocated/renamed
xoops_lib as applicable.
- Copy the distribution
upgrade directory into your web root directory.
- Point your browser to http://
your-site-url/upgrade/ and follow the prompts.
- Log in and step through any needed updates.
- At the end, follow the link to upgrade the system module.
- Also update pm, profile and protector modules if installed.
- Remove the
install and
upgrade directories from your web root.
Your site should be ready to use.
--------------------------------------------------------
NOTE: Work continues on our next major release of XOOPS! To see what's coming, please check out our
GitHub code repositories:
- XOOPS 2.6.0 Core
- XOOPS 2.6.0 Modules
- XOOPS 2.6.0 Roadmapand especially the great work Eduardo (bitcero) is doing on:
- XOOPS 2.6.0 Enhanced Admin GUI Please also check out our other Github repositories:
- XOOPS Documentation
- XOOPS current Themes
- XOOPS 2.5.x Modules
- XOOPS 2.0.14+ Themes, 3 columns
- XOOPS 2.0.14+ Themes (2 columns)
- XOOPS Theme Archive (Themes for XOOPS < 2.0.14)
- XOOPS Modules Archive