Skip to main content
Topic: ElkArte 1.0.8 - Release announcement (Read 8781 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

ElkArte 1.0.8 - Release announcement

Update: after the release a couple of issues have been discovered:
1) the "Who is online" page will not display correctly the IP addresses,
2) if using high level of caching, the menu may disappear.
The first is a mostly cosmetic bug, the second can be worked around by reducing temporarily the caching level. It's indeed sub-optimal, but better than a security hole I guess.
Both are going to be addressed soon, an "unofficial" patch that fixes both is available as attachment to the following message:
http://www.elkarte.net/community/index.php?topic=3907.msg27726#msg27726
If you really need both fixed you can download the patch and install it, though it will be released "officially" in the next 24 hours with more fixes if needed.

Sorry for the trouble.



Today, we are pleased to release ElkArte 1.0.8. This release fixes a security issue related to the unserialize php function (related to CVE-2016-5726 and CVE-2016-5727). The release fixes also some bugs that were found or reported since the release of 1.0.7. As this is a security release, it is extremely important to update for everyone running ElkArte.
If you are running a version prior to 1.0.7, the recommended procedure is install any update since 1.0.7 and then the 1.0.8 patch.

Apart from fixing the security issue, some notable updates in 1.0.8 include:
stopped using INET_ATON and INET_NTOA to improve IPv6 handling,
fixed YouTube embedding URLs to avoid problems in certain conditions,
* fixed editing of polls with expiration date,

This release follows our semantic version (MAJOR.MINOR.PATCH), meaning that third-point (x.x.X) releases should contain backwards-compatible bug fixes and enhancements, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).

Refer to the release notes on the forum for a complete list of updates.


Patching procedure:
  • go to the page https://github.com/ElkArte/ElkArte/releases/tag/v1.0.8
  • download the file ElkArte_1-0-8_patch.zip to your computer
  • go to your forum: Admin > Main > Package Manager > Upload Package
  • click the button to upload the package
  • locate and select the file you downloaded at point 2
  • click the "upload" button
  • follow the instructions on the screen.

For any question you may have, feel free to ask on the support forum.

Of course you are encouraged to update to this release since it contains a lot of fixes and improvements, thank you for your continued support!
Last Edit: July 31, 2016, 04:39:24 pm by emanuele
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.0.8 - Release announcement

Reply #1

Thanks for the release :thumbsup:

Re: ElkArte 1.0.8 - Release announcement

Reply #2

How's the OpenID bug coming? :D

Re: ElkArte 1.0.8 - Release announcement

Reply #3

Finished updating to 1.0.8. Thank you very much for this release.

I can also confirmed what @scripple just said above.

Re: ElkArte 1.0.8 - Release announcement

Reply #4

So should i update now or wait till the issue is fixed?


Re: ElkArte 1.0.8 - Release announcement

Reply #6

Quote from: Jason – So should i update now or wait till the issue is fixed?
If you value more an IP address than your forum security, wait.
If you can live with a couple of issues until they are fixed, install it.

I'm going to split the bug reports in their own topics, otherwise it becomes a mess. ;)

http://www.elkarte.net/community/index.php?topic=3907.0
http://www.elkarte.net/community/index.php?topic=3908.0
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.0.8 - Release announcement

Reply #7

Posted an update to the first message, and posting it here as well for redundancy:
QuoteUpdate: after the release a couple of issues have been discovered:
1) the "Who is online" page will not display correctly the IP addresses,
2) if using high level of caching, the menu may disappear.
The first is a mostly cosmetic bug, the second can be worked around by reducing temporarily the caching level. It's indeed sub-optimal, but better than a security hole I guess.
Both are going to be addressed soon, an "unofficial" patch that fixes both is available as attachment to the following message:
http://www.elkarte.net/community/index.php?topic=3907.msg27726#msg27726
If you really need both fixed you can download the patch and install it, though it will be released "officially" in the next 24 hours with more fixes if needed.

Sorry for the trouble.
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.0.8 - Release announcement

Reply #8

Quote from: emanuele – Posted an update to the first message, and posting it here as well for redundancy:
QuoteUpdate: after the release a couple of issues have been discovered:
1) the "Who is online" page will not display correctly the IP addresses,
2) if using high level of caching, the menu may disappear.
The first is a mostly cosmetic bug, the second can be worked around by reducing temporarily the caching level. It's indeed sub-optimal, but better than a security hole I guess.
Both are going to be addressed soon, an "unofficial" patch that fixes both is available as attachment to the following message:
http://www.elkarte.net/community/index.php?topic=3907.msg27726#msg27726
If you really need both fixed you can download the patch and install it, though it will be released "officially" in the next 24 hours with more fixes if needed.

Sorry for the trouble.

So has the 'official' fix been released yet?

 

Re: ElkArte 1.0.8 - Release announcement

Reply #9

Considering the original patch was postponed by at least a couple of days I would be surprised if I were able to push it out in 24 hours... :P
That aside, I'm waiting to see if it's possible to fix another issue with the sessions in php 7 while we are at it.
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.0.8 - Release announcement

Reply #10

Quote from: emanuele – That aside, I'm waiting to see if it's possible to fix another issue with the sessions in php 7 while we are at it.
I am about to ask about this. My EA1.1b1 shows whitepage  on php7. EA1.0.8 works fine on php7 (at least I can see no errors so far).

Re: ElkArte 1.0.8 - Release announcement

Reply #11

Bug reports? :P
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.0.8 - Release announcement

Reply #12

When trying to install the patch I get:


42.Execute Modification./sources/subs/ScheduledTask.class.phpTest failed


1.Replace./sources/subs/ScheduledTask.class.phpTest successful
2.Replace./sources/subs/ScheduledTask.class.phpTest failed
3.Replace./sources/subs/ScheduledTask.class.phpTest successful
4.Replace./sources/subs/ScheduledTask.class.phpTest successfu
and...




FaceIt-FaceIt100
Execute Modification./themes/FaceIt-FaceIt100/scripts/elk_jquery_embed.jsTest failed
1.Replace./themes/FaceIt-FaceIt100/scripts/elk_jquery_embed.jsTest failed
2.Replace./themes/FaceIt-FaceIt100/scripts/elk_jquery_embed.jsTest successful

Re: ElkArte 1.0.8 - Release announcement

Reply #13

The one in the theme could be the theme itself is using an older version of the file that changed in the meantime and now is out-of-sync. I should check it.

The one about ScheduledTask.class... could you attach it here?
Bugs creator.
Features destroyer.
Template killer.

Re: ElkArte 1.0.8 - Release announcement

Reply #14

Attached is the file.  I think it was modified a while back to fix a bug on the subscriptions task.