Skip to main content
ElkArte 1.1.1 - Release announcement Started by emanuele · · Read 17741 times 0 Members and 2 Guests are viewing this topic. previous topic - next topic

ElkArte 1.1.1 - Release announcement

Today, we are pleased to release ElkArte 1.1.1. This release addresses a security issue and few bugs identified after the release of ElkArte 1.1.0. As this is a maintenance release, the majority of the updates are focused on bug fixes and increased stability.
This is a critical security update and we strongly encourage anyone running any previous version.

This release follows our semantic version (MAJOR.MINOR.PATCH), meaning that third-point (x.x.X) releases should contain backwards-compatible bug fixes and enhancements, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).

Refer to the release notes on the forum for a complete list of updates.

Patching procedure:
  • go to the page https://github.com/ElkArte/ElkArte/releases/tag/v1.1.1
  • download the file ElkArte_1-1-1_patch.zip to your computer
  • go to your forum: Admin > Main > Package Manager > Upload Package
  • click the button to upload the package
  • locate and select the file you downloaded at point 2
  • click the "upload" button
  • follow the instructions on the screen.

For any question you may have, feel free to ask on the support forum.

Of course you are encouraged to update to this release since it contains a lot of fixes and improvements, thank you for your continued support!
Last Edit: December 09, 2017, 06:26:44 pm by Skull Knight
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.1.1 - Release announcement

Reply #1

Yeah 1.1.1 is out :D :D

Re: ElkArte 1.1.1 - Release announcement

Reply #2

 emanuele hopes nothing is broken...
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.1.1 - Release announcement

Reply #3

Can someone explain why I cannot find a theme that will work with 1.1.1 without error?

Re: ElkArte 1.1.1 - Release announcement

Reply #4

Because the available themes are compatible with 1.0 version. Please be patient, they will be modified to work with 1.1 version. The team focused on releasing the 1.1.1 version and correcting bugs and security holes, most of Spud's add-ons were also upgraded to 1.1 version, and I think the next step could be upgrading the themes for 1.1 version.
sorry for my bad english
 

Re: ElkArte 1.1.1 - Release announcement

Reply #5

Yesterday I was a bit in a hurry and I couldn't manage to write it in the release announcement, though the security hole was related to the fact that the ILA code I wrote to inject the image directly into the post, was exposing the temporary name of the uploaded file to the client. This, in particular conditions of not very well configured server (i.e. attachments directory accessible from the web and executable set to any newly uploaded file), could have given an attacker the possibility to execute arbitrary code on the server.
The code is now changed so that a different hash, completely unrelated to the temporary name of the file, is sent to the client (the "shape" of the hash sent is still the same in order to reduce the impact of the patch), making it impossible again to identify the newly uploaded file.
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.1.1 - Release announcement

Reply #6

The fact that the 1.0 themes don't work without some level of modification on 1.1 gives me great pain as well ... I have a bunch to update :( ...

I'm working on Silence now, and have actually done it two ways, a quick and dirty method and the done the 1.1 way.  I'm doing that  just to see if its worth the effort to go all out or not.

Anyway if you have specific themes you want updated first, let me know.

Re: ElkArte 1.1.1 - Release announcement

Reply #7

Congrats on the release guys  8)

Re: ElkArte 1.1.1 - Release announcement

Reply #8

Quote from: Spuds – I'm working on Silence now, and have actually done it two ways, a quick and dirty method and the done the 1.1 way.  I'm doing that  just to see if its worth the effort to go all out or not.
Anyway if you have specific themes you want updated first, let me know.
@Spuds‍, I've done a great deal of work on the silence css, trying to make it look nice with elk-1.1, even with the admin pages where quite a few default white elements were left here and there, would you like to have a look at the changes? The only thing that I couldn''t dig deep enough to fix is the poster area in mobile devices. Well, to be  honest, even in desktops it's an ugly hack but at least it doesn't look that horrible.

Re: ElkArte 1.1.1 - Release announcement

Reply #9

Sure :D .... I'm probably only 1/2 way done with an update.  I was making good progress but then RL showed up ! 

But yeah post what you have, I'd like to see it and I'm sure it will help others as well.

Re: ElkArte 1.1.1 - Release announcement

Reply #10

As I don't even remember which files I've tweaked, you can get the entire theme directory:D
It contains the php files I copied over from the default elkarte theme, fonts, webfonts... not even sure which were actually needed. Most of the work though was done on _dark/{admin,index}_dark.css and custom.css.

Re: ElkArte 1.1.1 - Release announcement

Reply #11

As 1.1.1 is described as security fix and critical update will there be an update from 1.0.10 to 1.0.11 too?

Re: ElkArte 1.1.1 - Release announcement

Reply #12

No because as I wrote here https://www.elkarte.net/community/index.php?topic=4786.0 the issue is present only in 1.1.
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.1.1 - Release announcement

Reply #13

Great, thanks!

Re: ElkArte 1.1.1 - Release announcement

Reply #14

Great effort... Truly appreciated and love your work. You did awesome job. Love more then smf.