e107, That warm Fuzzy Feeling as you wake up.
Home Downloads Forums Misc Bugtracker Documentation/Wiki Plugins Themes Hosting Reviews
Welcome
Username:

Password:


Remember me

[ ]
[ ]
[ ]
e107 Project Tracker
Changelog Changelog | Stats
Bugtracker Bugtracker
     80 open | 5030 total | Stats
Issue tracking (Jira) Issue tracking (Jira)
Feature Requests Feature Requests
     1372 open | 2139 total
SVN Tree SVN Tree
Released Files Released Files
Download Stats Download Stats
How to get SVN version How to get SVN version

e107 on IRC
freenode.net
For real-time help and friendly chat please join #e107 on the Freenode Network

It's a friendly channel so please drop in and say hello regardless of your e107 or IRC experience

If you're new to IRC please click [here] for an explanantion of what to do.

Web Hosting

**SECURITY UPDATE** 0.7.17

We were recently informed of a very nasty exploit that, as far as we can see, affects almost all e107 0.7 releases. Everyone running e107 needs to get their sites updated as soon as possible. If you are a site owner and you are unable to upgrade for some reason (too much hacked core code), please contact me directly and I can help you with a quick-fix.

Please get the word out to all other e107ers. If you find an e107 site out there, post on their site somewhere about this upgrade.

We have also included an automatic update check in this release. It was in previous ones, but was based of sourceforge's rss feed, which they apparently don't want to fix. The new code will now check a file on e107.org, which will always contain the most recent e107 release information. If there is an update available, you should see a notice on your main admin screen. Depending on your admin theme, it may also appear in the left column of all admin pages.

As always, please ensure you perform a full db and site backup before performing the upgrade. Please inform us if you have any problems with this new release.

For a list of the fixes, you can see them here: click to open link in new window

Link to updates: click to open link in new window

posted by McFly on Friday 22 January 2010 - 09:25:00


Comments

His MAJESTY on 22 Jan : 09:54

thank you, Sir.

for the automatic update check....
that will be wonderful....

C6Dave on 22 Jan : 09:55

So far I have upgraded 3 sites with no issues.

The Auto Update Check is a welcome feature

Thanks guys.

nlstart on 22 Jan : 10:29

What's up with that weird orange star favicon.ico?

C6Dave on 22 Jan : 10:35

Just noticed that, are we getting an image makeover?

His MAJESTY on 22 Jan : 11:18

Where can I activate/spot the Automatic Updates?
I'm using Admin ? Jayya theme.

thanks.

njeske on 22 Jan : 11:53

just uploaded the updated files to my webserver and now i'm unable to login. none of the user accounts can login, including my admin accounts. i am using captcha security for login.

dolphin713 on 22 Jan : 12:09

Thanks

Flash2 on 22 Jan : 14:22

Unable to choose news Categories. Categories page empty.

Flash2 on 22 Jan : 14:24

Found the problem, my bad. Sorry

Tgtje on 22 Jan : 14:27 Member Of The e107 Support Team

for any readers : doing updates with upgrade pack.

just a reminder : after upgrade RENAME filetypes php on server, or edit etc...
Normal behaviour on lower versions: languages other then english will differ (tools: verify language)

11 site upgrades, 1 full new all fine.

[ edited 23 Jan : 16:23 ]

eleljrk on 22 Jan : 15:28

Thanks for the update, i like updates.. (But not installing them..)
I LOVE the new icon! I cant find anything negative with this update, yet.. Uploading to click to open link in new window now.

Fanat1k on 22 Jan : 16:53

is this the main reason?

click to open link in new window
[ edited 22 Jan : 16:54 ]

Martinj on 22 Jan : 17:31

I have the following error when using the [ link ] bb code in my news items...

Parse error: syntax error, unexpected '/' in /e107_handlers/bbcode_handler.php(296) : eval()'d code on line 30

Any ideas?

Jaricanese7 on 23 Jan : 00:16

Woooo it is always a happy time when there is an update to e107. Will starting upgrading site soon enough.

pankaj on 23 Jan : 02:05

updated without any issue. Thanks
always awaiting for new release.Its the best.

CaMer0n on 23 Jan : 02:20

Martinj, looks like one of your bbcodes has an error on line 30

crienoloog on 23 Jan : 08:34

Is it me...? TinyMCE does not work...

migs on 23 Jan : 08:59

Upgraded 3 sites, and all appears okay.

For those who have commented login or other problems, none of these happen for me. All's well.

Jaricanese7 on 23 Jan : 11:31

@crienoloog Oh oh problems with tinyMCE again?
[ edited 23 Jan : 11:36 ]

Maleko on 23 Jan : 14:53

Superb work from the e107 guys again!

Updated 3 sites, all went perfect.

rgk on 23 Jan : 14:54 Member Of The e107 Support Team

the update is awesome, no problems here

good job guys, i was hoping for a new release

whoisrich on 23 Jan : 16:59 Member Of The e107 Support Team

Upgraded two sites without any problems so far.

TO TURN ON AUTOMATIC UPDATES:
Admin Area, Preferences, Advanced Features section.

The language file has not been updated, so it says "Check at SourceForge for E107 updates once/day" but the code behind it is now checking e107.org

Knutars on 23 Jan : 17:41

Why change the favicon to a orange colored star of David? Have all the developers converted to Judaism all of a sudden?

The Beer In Me on 23 Jan : 19:45

Updated from 16 to 17. No problems that I can see. Thanks for the update everyone.

josicoesp on 23 Jan : 22:21

The language files is necesary update?

C6Dave on 24 Jan : 02:31

Yes there have been some changes josicoesp but it depends if the individual language pack makers have updated theirs.

mfp on 24 Jan : 16:53

@e107 Dev
Good job indeed!

Official Italian translation Packs available here

e107 0.7.17 Full
e107 0.7.16 to 0.7.17 Upgrade
e107 0.7.17 UTF-8 Italian pack

treefrog on 25 Jan : 02:37

Just an FYI...
the tar.gz full install link of 7.17 doesn't work...

...As posted on the downloads page HERE as linked to by this article (above):

Non existent tarball

Love note received:
Error
Error 404 - Document Not Found

The requested URL could not be found on this server. The link you followed is probably outdated.

Your attempt to access e107.org/e107_files/downloads/e107_v0.7.17_full.tar.gz was unsuccessful.


Please click here to go to this site's home page
Please click here to go to this site's search page

<-- Edited for missing space between words -->
[ edited 25 Jan : 02:40 ]

Metaller on 25 Jan : 03:27

All files uploaded, but there is no any message about DB upgrade. Is there way to manual DB update?

nlstart on 25 Jan : 03:47

@Metaller: there was no database change in the upgrade. You could manually check it with Admin Area > Database > Check database validity > Check 'core' and click button 'Start Verify'.

The orange favicon.ico seems to be a mistake; it has been restored by McFly: click to open link in new window
[ edited 25 Jan : 05:09 ]

josicoesp on 25 Jan : 08:44

why don´t have the files install.php and e107_confing.php?

The file install.php of the version 7.16 no working

josicoesp on 25 Jan : 08:46

in the final installation say it this:


Warning: e_install::include_once(e107_handlers/arraystorage_class.php) [function.e-install-include-once]: failed to open stream: No such file or directory in C:\Users\jose\Documents\ZMWS\_web.zmwsc\install.php on line 924

Warning: e_install::include_once() [function.include]: Failed opening 'e107_handlers/arraystorage_class.php' for inclusion (include_path='.;C:\php5\pear') in C:\Users\jose\Documents\ZMWS\_web.zmwsc\install.php on line 924

Fatal error: Class 'ArrayData' not found in C:\Users\jose\Documents\ZMWS\_web.zmwsc\install.php on line 926

nlstart on 25 Jan : 08:47

The files install.php and e107_config.php will never be in an upgrade package. Besides, the e107_config.php will be generated by install.php. Install.php is only distributed in the full package.
Please report installation related issues in the forums.

[ edited 25 Jan : 08:50 ]

josicoesp on 25 Jan : 09:07

Ok. Sorry.

And where I can search the install.php? I don´t see it

C6Dave on 25 Jan : 09:59

In the full version available to download or on sourceforge click to open link in new window

Prozac on 25 Jan : 14:08

Thanks guys!

I've never had any problems with spam in the Broken Download Reports but... after installing the latest update I started receiving spam in these reports.
But.. maybe this is just a coincidence.

Marianna on 26 Jan : 04:05

click to open link in new window это пипец. всем срочно читать и проверять свои сайты!

Marianna on 26 Jan : 04:06

click to open link in new window

Marianna on 26 Jan : 04:24

click to open link in new window Warning!

roofdog on 26 Jan : 04:31

Thankyou Marianna ..... It seems that e107 0.7.17 has also got security issues!!! Looks like 0.7.18 is on the way!

VR6Pete on 26 Jan : 06:33

its all go!

upgrade went well on my website, however I'll look for an update soon

mankan on 26 Jan : 07:01

Is the "new bug" in the full install? Because I have not seen this in the upgrade version...

Joei on 26 Jan : 09:07

So what's safer - to keep 0.7.16 with it's security holes, or install 0.7.17 with it's security holes? Maybe I'll just wait for 0.7.18.

migs on 26 Jan : 09:28

Or, alternatively, it seems to be class2.php which might be facilitating the issue?

Rolling back to 0.7.16 version of class2.php appears to have no ill effects.

Am I over-simplifying it?

Nowwhat on 26 Jan : 10:13 Member Of The e107 Support Team

Am I over-simplifying it?

Yes.
class2.php as it exists today (see CVS for the latest = internal file version 1.390) is ok.
DO NOT switch back to an "0.7.16" (or lower) version.

In case of doubt, download this one (version 1.390) : click to open link in new window and put in on your site.
You'll be fine.

migs on 26 Jan : 10:25

Updated from CVS

Cheers Nowwhat

SecretR on 26 Jan : 11:07

In other words - update to 0.7.17 (be sure you are on sourceforge.net while downloading) if you wish to avoid the troubles which e107.org has experienced recently - we were just minutes late with applying the patch to the site. More info soon.

migs on 26 Jan : 11:13

I had already updated. Until McFly posted the recent news update on the front page, nobody knew that it was only the full install that was compromised.

As far as we knew, we were all at risk, even with 0.7.17

agushardiman on 26 Jan : 11:46

Ouuuw...how can I change the favicon.ico or Pentagram symbol ? It's very sensitive in my country

I try to change with another .ico file in root dir of my e107 but no luck ! It;s still the Pentagram symbol >__<

Please help !!!

migs on 26 Jan : 11:50

Clear the cache and restart your browser

Martinj on 26 Jan : 12:39

SecretR - In other words - update to 0.7.17 (be sure you are on sourceforge.net while downloading)

McFly - When downloading e107 release files, please ensure they are coming from sourceforge, we only release files from there.

2dopey - There is a 'clean' version of e107 v0.717 available here (Link to nw-online) that covers the security hole found

Lets try not confuse things lol

C6Dave on 26 Jan : 13:37

Martinj - fine I will no longer provide any CVS updates etc. makes life far simpler for me

If it's not on sourceforge don't use it

Martinj on 26 Jan : 13:54

Dont blame me, was just pointing something out that could confuse some people.

C6Dave on 26 Jan : 14:01

I'm not blaming you and It's not personal, I took a decision to ensure there is no confusion

Donny on 28 Jan : 09:26

Spent an hour doing mass diff3 merge. it seems that the site is alot more responsive, thanks!


You must be logged in to make comments on this site - please log in, or if you are not registered click here to signup


All product names mentioned herein are the trademarks of their respective owners. In addition, images, logos, pictures or other material may be trademarks or registered trademarks of their respective owners. Emote images by seb, released under the GPL licence.
Bug Tracking Software
Render time: 0.2479 sec, 0.2033 of that for queries. Memory Usage: 2,997kB