Joomla CMS Release 1.0.9 veröffentlicht
Geschrieben von Grishan - 05.06.2006
Mit dem heute (05. Juni 2006) vom Joomla Core Team veröffentlichten Release 1.0.9 des Joomla CMS,
schiebt das Entwicklerteam ein weiteres Update der Joomla 1.0.x Reihe nach. Hierbei handelt es sich um ein Wartungsrelease,
in welchem 12 kleinere Sicherheitsbelange gefixt und weiterhin über 160 nicht sicherheitsrelevante Fehler behoben wurden.
Außerdem wurden mehrere Änderungen, die Systemperformance von Joomla betreffend, im neuen Release vorgenommen.
Das betrifft insbesondere die Verwaltung von sehr vielen Bildern im MosImage Manager, die Cacheverwaltung von Joomla und
eine weiter auf Performance optimiertes Datenbankhandling. Details können wie immer dem nachfolgenden Changelog entnommen werden.
Änderungen und Verbesserungen im Release 1.0.9
Im folgenden werden die wichtigsten Änderungen, welche ins neue Release Einzug gefunden haben, kurz erläutert.
MosImage Manager und Erzeugen/Bearbeiten von Content:
Beinhaltet das Verzeichnis /images/stories/ sehr viele Bilder, kann es zu einem sehr langsamen
Seitenaufbau beim Erzeugen oder Bearbeiten von Inhalten im Adminbackend kommen. Je größer die
Anzahl der Bilder in diesem Verzeichnis ist um so langsamer der Seitenaufbau.
Um diesem Verhalten entgegenzuwirken, besteht nun die Möglichkeit dem jeweiligen Beitrag
ein spezifisches Bildverzeichnis unterhalb von /images/stories/ zuzuordnen, so das nicht
jedesmal alle Bilder die sich im /images/stories/ Verzeichnis befinden vom Bildermanager
geparst werden müssen.
Logout-Sessiontime verhindert erfolgreiches Abspeichern:
Wenn beim Bearbeiten von Contenbeiträgen oder sonstigen Einstellungen im Adminbackend,
die eingestellte Sessiontime abgelaufen war, konnten Änderungen nicht mehr abgespeichert werden.
Bisher war es notwendig sich jedesmal neu einzuloggen und die gewünschten Änderungen nochmals
vorzunehmen.
Hierfür wurde nun ein verbesserter Weg gefunden. Die zuletzt getätigen Änderungen können
jetzt per Save/Apply problemlos abgespeichert werden, erst dann erfolgt bei abgelaufener
Session ein Logout aus dem Adminbackend.
Meldet man sich jetzt wieder an, erfolgt automatisch ein Redirect auf die Seite im Adminbackend,
auf der man sich zuletzt befunden hat.
Content Caching verbessert:
In den Joomla Versionen vor 1.0.9 hat das Cachesystem zur Beschleunigung der Seitenausgabe
leider eher suboptimal gearbeitet. Ein weiteres Problem stellte die Verwaltung der erzeugten
Cache Dateien dar. Hierbei entstanden oft verwaiste Cache Dateien, die nicht mehr gebraucht wurden
und somit unnötigen Ballast darstellten (Webspace Limit).
Alle diese Ungereimtheiten sollen inzwischen behoben worden sein, so dass einer performanten
Seitenausgabe mit eingeschaltetem Cachesystem nichts mehr im Wege stehen sollte.
SQL Performance Verbesserungen:
Mit dem Release 1.0.9 sind signifikante Verbesserungen, was die Anzahl der Datenbankanfragen
betrifft, eingeführt worden. Gerade bei großen Seiten, die von sehr vielen Besuchern gleichzeitig
aufgerufen werden, macht sich dies durchaus bemerkbar. Der Unterschied soll sich auf ca. 20% weniger
Datenbankabfragen im Gegensatz zur Vorgängerversion 1.0.8 belaufen.
Download und Updates der Joomla Version 1.0.9
Download Übersicht des CMS Projektes auf Forge Joomla :
Joomla 1.0.9 Filebase
Joomla 1.0.9 komplett / Stand 5.06.2006 :
Joomla 1.0.9 komplett Download
Update Patch von Joomla 1.0.8 auf Joomla 1.0.9 :
Joomla Update von 1.0.8 auf 1.0.9
Changelog 1.0.9
1.0.9 Stable Released -- [05-June-2006 16:00 UTC]
This Release Contains following Security Fixes
Joomla! utilizes the Open Web Application Security Project (OWASP) web application security system
to categorize security vunerabilities found within Joomla!
http://www.owasp.org/index.php/OWASP_Top_Ten_Project
12 Low Level Threats in 1.0.9
A1 Unvalidated Input
* A1 - Harden mosmsg
* A1 - Hardening of backend `User Manager` to stop 'Adminstrators' from being able to create 'Super Administrator' users
A2 Broken Access Control
* A2 - Breadcrumbs title visibility even when access restricted
* A2 - 'Edit Your Details' page now needs a published menu item to be accessible
* A2 - 'Check-In My Items' page now needs a published menu item to be accessible
* A2 - 'Submit News' page now needs a published menu item to be accessible
* A2 - 'Submit Weblink' page now needs a published menu item to be accessible
* A2 - Add ability to selectively disable certain types of syndicated feeds
* A2 - Ensure module caching does not inadvertently make special level modules visible to registered users
* A2 - Add ability to totally disable access to frontend login page
* A2 - Add ability to disable frontend user params
A3 - Broken Authentication and Session Management
* A3 - Changes to access level of user account will kill any active session for that user
04-June-2006 Rey Gigataras
# Fixed [artf4878] : inlegal dates in mysqll tables
# Fixed : missing content cache clearing calls
03-June-2006 Rey Gigataras
# Fixed [artf4864] : /includes/frontend.php
# Fixed [topic,66138] : Invailid Session at Admin login
# Fixed [topic,66044] : Installation checks
# Fixed [topic,66276] : admin password ="0"
# Fixed : No ability to set Cache time for Syndication modules
# Fixed : `Remember Expired Admin page` functionality changed from 600 seconds to half the `Admin Session Lifetime` value
# Fixed : Admin session purge (to limit only one active session per account) deleting frontend logged in session
03-June-2006 Robin Muilwijk
# Fixed [topic,66360] : Fatal error com_contact/contact.php
01-June-2006 Rey Gigataras
# Fixed : New Global Config params (added in 1.0.9) not created on clean install
31-May-2006 Rey Gigataras
# SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend Login
# SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend User params
# Fixed [artf4844] : initial setup failure on IIS when installed in subdirectory
# Fixed [topic,65009] : "Email to Friend" Can Send Unusable URLs
# Fixed [topic,65604] : Notices when adding static content
# Fixed [topic,65485] : Bug with menu item selector
# Fixed : DB error when attempting a checkin action after cancelling from creating a New item
30-May-2006 Rey Gigataras
# Fixed [topic,65381] : Override Created Date
# Fixed [artf4830] : top menu items reversed in madeyourweb template
29-May-2006 Rey Gigataras
# SECURITY A2 [ Low Level ]: [artf4752] : caching makes modules assigned to special user visible to registered users
# Fixed [artf4812] : In footer.php (C) should be ©
# Fixed [artf4806] : typo in mambots/search/contacts.searchbot.php causes sef errors
# Fixed [artf4752] : patTemplate strip comments problems
# Fixed [artf4752] : rss.php unnecessary logic code check
# Fixed [topic,64994] : problem with related items
# Fixed [topic,64046] : adding new content Frontend fails with Authorization Error
27-May-2006 Rey Gigataras
# Fixed [topic,64308] : cache and content items on frontpage
# Fixed [topic,63824] : Notice on com_contact
# Fixed [artf4801] : inputFilter::filterTags prints unexpected text
23-May-2006 Rey Gigataras
# Fixed [topic,63674] : MySQL 5 strict mode in Admin Backend
22-May-2006 Rey Gigataras
# PERFORMANCE [topic,63468] : slow auto-login because of new MD5 calculations on whole users DB
# Fixed [topic,63446] : Category and Section
21-May-2006 Rey Gigataras
# Fixed [artf4714] : Can't add Menu Item :: Link - Static Content
# Fixed : "Unique Itemid" handling for `Link - Content Item`
# Fixed : Add "Unique Itemid" handling for `Link - Static Content`
# Fixed [artf4714] : Can't add Menu Item :: Link - Static Content
# Fixed [topic,62056] : Copyright date
20-May-2006 Rey Gigataras
# Fixed [artf4733] : Module Manager reorder via save button broken
# Fixed [artf4736] : Quotation marks in Site Name
# Fixed [topic,63257] : Notice when creating new category
18-May-2006 Rey Gigataras
# Fixed [artf4700] : pathway ampReplaces item name twice
# Fixed [artf4712] : 'type' of $mosConfig_error_reporting does not match code
+ Remember Expired Admin page functionality
17-May-2006 Rey Gigataras
# Fixed [artf4673] : setlocale
# Fixed [artf4685] : unhandled fragment identifier with core SEF enabled
# Fixed [artf4678] : Print, PDF and email buttons aren't accessible
# Fixed [topic,62124] : Hover for icons when editing content in front-end
# Fixed [topic,62165] : Canot login - admin_session_life not set
15-May-2006 Rey Gigataras
# Fixed [topic,61926] : Frontend static language text
# Fixed [topic,61971] : E-mail cloaking broken, TinyMCE `mce_href` problem
# Fixed : Frontend Content editing does not display correct publishing date/time
# Fixed : Frontend Content editing incorrect handling of 'Never' in `Finish Publishing`
# Fixed : Incorrect date/time values on `Content Items Manager` and `Static Content Manager` pages
14-May-2006 Rey Gigataras
* SECURITY A2 [ Low Level ]: add ability to selectively disable certain types of syndicated feeds
^ Upgrade to TinyMCE 2.0.6.1
# Fixed [topic,61897] : Changing any parameter for logged user returns to login screen
13-May-2006 Rey Gigataras
* SECURITY A1 [ Low Level ]: [artf4529] : User with access to administration area can easly create super administrator.
# Fixed [artf4555] : Slight Bug in registration system
# Fixed [artf4641] : Module sites with one template - modules should not show up - itemid issue
# Fixed : `Itemid=99999999` appearing in next & prev navigation links
# Fixed : `Itemid=` appearing in `Blog` links items
13-May-2006 Andrew Eddie
# Fixed [artf3302] : PatTemplate custom Functions getpage() undefined
12-May-2006 Louis Landry
# Fixed [artf4284] : database::load() resets private properties
12-May-2006 Rey Gigataras
# Fixed [topic,60970] : Finish Publishing Time not working as expected
11-May-2006 Rey Gigataras
# Fixed [artf4614] : Warning in mosCreateGUID
# Fixed [artf4619] : task=category shows unpublished items
# Fixed [artf4621] : Media manager with long filenames = no button
# Fixed [artf4613] : Sub Menu Item deletion Security Bug
# Fixed [artf4613] : Restoring menu items without a valid parent
# Fixed [topic,59258] : bug when editing user profile
# Fixed [topic,61190] : Menu Item Inconsistency
10-May-2006 Sam Moffatt
# Fixed issue with login directly after activation causing error, now redirects to index.php
09-May-2006 Rey Gigataras
# Fixed [artf4577] : saveUser in com_user has incorrect escaping for password
28-Apr-2006 Alex Kempkens
# Fixed artf : Language loading incorrect in offline mode (related to Joom!Fish language changes)
27-Apr-2006 Rey Gigataras
+ Support for restricting ability to access certain functionality for demo sites
# Fixed [artf4527] : incorrect style in function botNoEditorEditorArea
# Fixed [topic,57926] : mod_poll.php Warning
26-Apr-2006 Rey Gigataras
# Fixed [artf3912] : Pear's cache lite and safe_mode
# Fixed [artf3711] : mosemailcloak generates invalid XHTML
# Fixed [artf3251] : Wrong file count in Media Manager
# Fixed [artf3196] : com_media does not properly manage file names with simple quotes (')
25-Apr-2006 Rey Gigataras
^ PERFORMANCE [topic,54215] : MOSimage array affects edit page load time
24-Apr-2006 Rey Gigataras
* SECURITY A3 [ Low Level ]: logged in user session are not affected by changes of user account
# Fixed [artf4503] : Hardcoded text in page navigation
# Fixed [artf4473] : Bad char in search
# Fixed [artf4499] : Editing Quotated Menu Item
# Fixed [artf4472] : Creating New User system message only sends to superusers
# Fixed : Unable to 'Delete' `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists
# Fixed : Unable to 'change' group of `Administrator` & `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists
20-Apr-2006 Rey Gigataras
* SECURITY A3 [ Low Level ]: Allow only one session per user account in Admin Backend
+ Allow `save` and `apply` actions to be completed before logging out expired sessions
20-Apr-2006 Andrew Eddie
# Fixed slow query in com_polls
# Fixed return address errors in patErrorManager
# Fixed MySQL 5 error when saving menu items
18-Apr-2006 Rey Gigataras
+ Javascript validation checks to mod_poll
16-Apr-2006 Rey Gigataras
# Fixed [artf4424] : gethostbyaddr(): Address is not a valid IPv4 or IPv6 address
# Fixed [artf4407] : Image preview doesn't work with custom directory
# Fixed [topic,54741] : Who's Online guest count increments with RSS feed access
14-Apr-2006 Rey Gigataras
# Fixed [artf4400] : Search: Itemid in mod_search also finds trashed Itemid's
# Fixed [artf4399] : Search title in com_search is never from language file
12-Apr-2006 Rey Gigataras
# Fixed [artf4346] : $mainframe->login($username,$pwd) compatibility broken
# Fixed : `body` parameter for mailto tags
11-Apr-2006 Rey Gigataras
# Fixed [artf4340] : Itemid on menu - multiple links to same content
# Fixed : cache support for `Blog - Content Section Archive` & `Blog - Content Category Archive`
# Fixed : SEF.php incorrect handling of `mailto` & `javascript` links
# Fixed : $shownoauth default value in `configuration.php-dist`
# Fixed : `live_bookmarks` not being disbaled properly by security check;
# Fixed : admin `contact` and `weblink` ordering
08-Apr-2006 Rey Gigataras
# Fixed [topic,45136.0] : stop Cache system from creating large amount of Cache files
# Fixed [artf4302] : 'Read more' link is always displayed if 'Linked Titles' option enabled
# Fixed [artf4304] : Bugs in search.html.php
# Fixed : Content Popup page behaviour
07-Apr-2006 Rey Gigataras
# Fixed [artf4294] : InputFilter failed escaping string
# Fixed [artf4050] : mod_mainmenu.php not setting id=active_menu
06-Apr-2006 Rey Gigataras
* SECURITY A2 [ Low Level ]: check for menu item added to 'Edit Your Details' page
* SECURITY A2 [ Low Level ]: check for menu item added to 'Check-In My Items' page
* SECURITY A2 [ Low Level ]: check for menu item added to 'Submit News' page
* SECURITY A2 [ Low Level ]: check for menu item added to 'Submit Weblink' page
# Fixed [artf4282] : Extra Empty Menu Span Tags
05-Apr-2006 Rey Gigataras
# Fixed [artf4010] : When creating new module. Two modules are created when clicking save
02-Apr-2006 Rey Gigataras
# Fixed [artf3575] : Correction needed in stylesheet
# Fixed [artf4089] : Problem with domit, extended characters and PHP 5.0.2
01-Apr-2006 Rey Gigataras
# Fixed [topic,50547.0.html] : Print statement left in class.inputfilter.php
# Fixed [topic,48908.0.html] : Duplicate usernames / Length Checking
31-Mar-2006 Rey Gigataras
# Fixed [topic,46614.0.html] : mod_templatechooser not working when templates name has dashes
30-Mar-2006 Rey Gigataras
* SECURITY A1 [ Low Level ]: [artf3702] : breadcrumbs: information gathering possible by simple urlhacks
# Fixed [topic,47932.0.html] : 1.0.8 com_contact - incorrect URL?
^ Upgrade to Geshi 1.0.7.8
29-Mar-2006 Rey Gigataras
# Fixed [artf4133] : Blog - Content Section Archive
# Fixed [artf4093] : No parameter tool tip when ' is used in module.xml
# Fixed [artf4028] : url to the site is added to the entered link in a menu item (SEF disabled)
# Fixed [artf4102] : mosimage.php - Erroneous right alignment of images
# Fixed [artf4131] : com_contact displays non-localized message
^ Upgrade to TinyMCE 2.0.5.1
^ Upgrade to TinyMCE compressor 1.0.8
^ TinyMCE remove `Help` tab in help popup
^ TinyMCE 'word wrap' by default for html source mode
27-Mar-2006 Alex Kempkens
# corrcted searchbot; finding dynamic content while searching for static
# updated core-SEF support for new multilingual_content config var
24-Mar-2006 Alex Kempkens
+ Check for mambot/system directory in installer and installation dialogs
# [artf4066] content sections not being translated
16-Mar-2006 Rey Gigataras
# Fixed [artf3913] : [artf3809]: Error with < AND > in tinymce - static content manager
# Fixed : checked out lock icon visible for same user
# Fixed : Global Config JS error when no session_type value yet set - issue only when upgrading
# Fixed [topic,44206.0.html] : XML help files no longer supported
15-Mar-2006 Rey Gigataras
# Fixed [artf3927] : Typo in Installer Screen
# Fixed [artf3940] : single quotes/apostrophes (')
# Fixed [topic,46202.0.html] : Problem found in Session id function
13-Mar-2006 Rey Gigataras
^ PERFORMANCE : com_content only add call to jos_content_rating where voting option activated
12-Mar-2006 Rey Gigataras
# Fixed [topic,44117.0.html] : com_menumanager can not handle simple quotes (')
# Fixed [topic,34821.0.html] : Allow search on static contents not linked to a menu
^ PERFORMANCE : com_statistics `Search Engine Text` page, results returned off by default as highly query intensive and can cause site lockup
^ `Page Hits` into `Content` sub-menu
11-Mar-2006 Alex Kempkens
# Fixed some queries missing primary key for translations (contact, newsfeed)
11-Mar-2006 Rey Gigataras
# Fixed [artf3873] : Invalid Itemid for com_content Category Link
# Fixed [topic,45343.0.html] : Random image default behavoir
+ PERFORMANCE : Auto purge of expired messages for com_messages [default of 7 days]
10-Mar-2006 Rey Gigataras
# Fixed [artf3885] : Remove the last hardcoded texts
# Fixed [artf3713] : Joomla still doesn't work with SQL mode enabled
^ Ensure showPathway is only called once
09-Mar-2006 Rey Gigataras
# Fixed [artf3863] : mod_whosonline double ONLINE
# Fixed [topic,44644.0.html] : Miss spelled Position as Postition
# Fixed [topic,41593.0.html] : Table - content section - filter works only for the first page
08-Mar-2006 Rey Gigataras
# Fixed [artf3847] : A mistake in joomla_admin template
# Fixed [artf3748] : Archive - Access Denied
# Fixed [artf3592] : Archive Pagination Problem
# Fixed [topic,41627.0.html] : "Undefined variable: filter"
# Fixed [topic,43315.0.html] : Static text in content.php
# Fixed [topic,41466.0.html] : NullDate AND '0000-00-00 00:00:00'
^ Global define of _CURRENT_SERVER_TIME
^ sef.php optimization
07-Mar-2006 Rey Gigataras
+ Show whether Cache directory is writable where it is used - com_newsfeeds, com_syndicate, custom modules
# Fixed [artf3818] : Path error for agent_browser.php in joomla.php
# Fixed ensure all require and include calls are using absolute paths
06-Mar-2006 Rey Gigataras
# Fixed [artf3756] : mossef bot rewrites javascript:void(0) in href
# Fixed [artf3745] : includes/joomla.php on line 790 setSessionGarbageClean
# Fixed [topic,41619.0.html] : mosimage caption problem
# Fixed [topic,42023.0.html] : sample data error with Link - Static Content CID value
02-Mar-2006 Rey Gigataras
# Fixed [artf3728] : Error if change the "Syndicate" name in db table "jos_components"
# Fixed [artf3731] : mod_newsflash shows errors when no items are available
# Fixed [artf3733] : Site (frontend): url to the site is added to the entered link in a content item.
# Fixed [artf3696] : Typo Site Mambot: Edit [ TinyMCE WYSIWYG Editor ]
# Fixed [artf3658] : "New" Content Link/Image Showing With No Categories Present
# Fixed [artf3697] : sefreltoabs error with links to other sites
01-Mar-2006 Rey Gigataras
* SECURITY A1 [ Low Level ]: Harden mosmsg
# Fixed [artf3656] : contact-component, dropdown
28-Feb-2006 Rey Gigataras
# Fixed [artf3655] : Login module error
# Fixed [artf3668] : mosemailcloak bug with mailto:
# Fixed [artf3681] : invalid markup in com_content showCategories()
# Fixed [artf3688] : Hardcoded text in contact.html.php
# Fixed [artf3664] : Image links gets preceeded by "Live Site" URL after v1.0.8 upgrade
# Fixed [artf3703] : configuration.php-dist has a typo
# Fixed [topic,41404.0.html] : configuration.php-dist missing `;`
