Joomla 1.0.6 released today and then withdrawn due to serious bug

[Storman™]

Version 1.0.6 of Joomla was released today and then promptly withdrawn due to a serious bug (see Joomla Org for details).

Apparently there is a serious bug in 1.0.6 that will cause the database password to be overwritten once you go into the Global Configuration and click `save` - causing a site to immediatly go offline.

They are going straight to v1.0.7 which is also due soon (? today ??).

Glad I backed up !!

[Storman™]

v.1.0.7 now released at the forge.

[Nordoelum]

Code Select Expand

---------------- 1.0.7 Released -- [15-Jan-2006 21:00 UTC] ------------------


15-Jan-2006 Rey Gigataras
  # Fixed : database password being incorrectly overwritten with a blank


---------------- 1.0.6 Released -- [15-Jan-2006 15:00 UTC] ------------------


This Release Contains following Security Fixes

Low Level Threat
* Disallow Author from publishing items or changing publish state
* Hardened Contact Component against misuse
* Added simple filtering control ability to Contact Component
* Hardened misuse of Contact Component `email copy` ability when not activated
* Hardened misuse of Contact Component `VCard` ability when not activated
* `VCard` & `Email Copy` options set to hide by default
* Multiple Vulnerabilities in TinyMCE Compressor
* Hardened Itemid against misuse
* Hide database password in Global Configuration

---

15-Jan-2006 Rey Gigataras
  * SECURITY [ Low Level ]: Hide database password in Global Configuration
  # Fixed artf3064 : Warning: Invalid argument supplied mod_fullmenu Line 57
  # Fixed artf3063 : Poll Component Output Display Error

14-Jan-2006  Louis Landry
  # Fixed Caching `Blog` pagination problem

14-Jan-2006 Rey Gigataras
  * SECURITY [ Low Level ]: disallow Author from publishing items or changing publish state
    [identified Max Dymond]
  # Fixed artf3055 : Weblink submit, no email to admin
  # Fixed artf3045 : Unhandled fragment identifier with core SEF enabled
  # Fixed artf3032 : 1783: Can't get custom CSS in Tiny MCE
  # Fixed artf3052 : Contact Component Re-Direct Issue
  # Fixed artf3043 : Login & Logout redirecting to $mosConfig_live_site
  # Fixed artf3040 : Site Modules | Display can be duplicated on Pages
  # Fixed problem with display mod_rssfeed twice on a page
  ^ Contact Component confirmation now uses mosredireect msg, rather than JS

13-Jan-2005 Andrew Eddie
  # Fixed bug in database::loadRowList that reutrn assoc and not numerical array
  # Fixed bug in index2.php where joomlajavascript.js is not included

13-Jan-2006 Rey Gigataras
  * SECURITY [ Low Level ]: + simple filter check to Contact Component
  # Fixed artf3038 : Warning: array_search(): Wrong datatype for second argument in
  # Fixed artf3037 : New 404 tags aren't translated
  # Fixed artf3035 : Bug with mod_newsflash
 
12-Jan-2006 Alex Kempkens
  # Fixed mosFormateDate, handling offset's with value 0

12-Jan-2006 Rey Gigataras
  * SECURITY [ Low Level ]: changed `Email Copy` param option for new Contacts now set to `hide`
  # Fixed artf2070 : mosHTML:encoding_converter() breaks with ö
  # Fixed missing <li> tag in newsfeed component
  # Fixed artf1487 : Media Manager breaks when illegal characters in uploaded file name
  # Fixed artf2108 : Saving a parent inside of a child
  + caching support to `Frontpage` component
  + missing param for `Table - Weblink Category`
  - sef handling in mod_search.php as SEF
  - unnecessary `checked out` check in  mod_latestnews.php and mod_mostread.php
  - unnecessary param variable in mod_latestnews.php

10-Jan-2006 Rey Gigataras
  * SECURITY [ Low Level ]: Fixed artf2386 : Preventing Spambots through com_contact
  # Fixed artf2622 : admin.users.php session_start called when a session is already open
  # Fixed artf2789 : invalid xhtml
  # Fixed artf2989 : User WYSIWYG editor setting resets after adding new user from backend
  # Fixed artf2986 : Wrong link to image-icon in weblinks

08-Jan-2006 Johan Janssens
  * SECURITY [ Low Level ]: Fixed Security Vulnerability in TinyMCE Compressor

08-Jan-2006 Rey Gigataras
  * SECURITY [ Low Level ]: Fixed artf2950 : Information leak with Vcard hide function
  * SECURITY [ Low Level ]: changed `VCard` param option for new Contacts now set to `hide`
  # Fixed DOMIT bugs [identified by sarahk]
    http://sarahk.pcpropertymanager.com/blog/using-domit-rss/225/
  # Fixed artf2793 : New user confirmation link warning on login
  # Fixed artf2732 : Pagination in the Blog section/category doesnt work
  # Fixed artf2943 : Incorrect Redirect for Weblinks
  # Fixed artf2945 : Undefined constant in php_http_exceptions.php

07-Jan-2006 Rey Gigataras
  # Fixed artf2933 : Pathway problem on Windows

06-Jan-2006 Rey Gigataras
  ^ changed mod_archive so that no Itemid is assigned, meaning it uses the default Itemid=99999999
  # Fixed artf2738 : Incorrect SEF links for archive com_content links
  # Fixed artf1809 : mospagebreak problem with "Special Characters"
  # Fixed artf2861 : article_seperator glitch

05-Jan-2006 Rey Gigataras
  # Fixed artf2825 : RSS module SEF urls

04-Jan-2006 Rey Gigataras
  * SECURITY [ Low Level ]: Fixed artf2050 : Itemid in index2.php
  # Fixed Related items Module shows Expired items - Mambo Tracker [#7590]
  # Fixed artf2185 : Changing weblinks possible for everyone

03-Jan-2006 Andy Miller
  ^ Updated copyright information for iCandy Junior icons

03-Jan-2005 Rey Gigataras
  # Fixed XHTML validation error in `Blog` view with decmimal value widths
  # Fixed XHTML validation error in `Table - Content Category`
  # Fixed artf2791 : RSS item links not SEF'd
  # Fixed artf2791 : RSS items have no category
  # Fixed artf2813 : Media Manager doesn't support ICO files

02-Jan-2006 Rey Gigataras
  # Fixed artf2802 : All content made bold for Rss module published on the frontpage
  # Fixed artf2780 : Newsflash Read More bad link
  # Fixed artf2786 : Newsflash module not picking up "linked title" global setting
  # Fixed artf2810 : 1.0.x changelog incorrectly states release date of 1.0.5
 
30-Dec-2005 Rey Gigataras
  # Fixed `Unlimited` banner impressions option
  # Fixed artf2776 : Multiple banners not possible
  # Fixed artf2788 : admin template css errors

29-Dec-2005 Rey Gigataras
  # Fixed artf2646 : name="" not valid XHTML
  # Fixed artf2747 : title_alias is missing in mambots
  # Fixed `Reset Clicks` button not working in admin component `Banner Manager`
  # Fixed artf2712 : Clicks reset on save

29-Dec-2005 Andrew Eddie
  ^ SEF error handling throws to new /templates/404.php file
  # Rolled back changes to database::insertObject
  + New prototype MySQL 5 driver

24-Dec-2005 Emir Sakic
  # Fixed a bug with 404 header being returned for homepage when SEF activated
  # Fixed a bug with all items on frontpage returning Itemid=1 (duplicate content)

If you are running 1.0.6 you MUST upgrade to 1.0.7

[VTX]

Is it safe to upgrade to 1.0.7? Will the bridge stil work? (Guess so, but I better ask )

[Orstio]

Is it safe to upgrade to 1.0.7? Will the bridge stil work? (Guess so, but I better ask )

Unless they completely change the way that components and modules are installed, or the way that users or cookies are handled, there will not be any issues.

That said, yes, it will still work.  The current bridge versions will probably continue to work with all Joomla versions right up to 1.1, and maybe even after that.  By that time, there will be a bridge that will work with it.

[Excalibur!]

I just updated to 1.0.7. It seems that's everything OK...

[VTX]

Thank you, going to upgrade now

EDIT: Worked great