That's right, we are finally going to get rid of our custom coded bugtracking system and move to something more mainstream.

After much reading and testing, we've decided upon JIRA http://www.atlassian.com/software/jira/.
It came down to either bugzilla and Jira, we chose Jira because it seemed more focused on planning and not just bugs, it also has some additional features that we were looking for that just weren't available in bugzilla (at least not that we could find).

The new system is up and running here http://e107inc.org:8080, we will be updating e107.org soon with the new links.

Using Jira will require a new log in, separate from e107.org. You can still view everything without logging in, but in order to open a bug or post a comment you will need to register for an account.

We are discussing which bugs from the current bugtracker to move over to Jira, it may end up being only the currently open bugs and we may even restrict it to less than that. None of the comments will be able to be moved, only the bug report itself.
We are also discussing moving the 'ideas' over to Jira as 'Enhancement requests'. This will give us one-stop shopping for bugs and requests and just makes sense. Again, we'll have to make some decision on which ones to move over.

For those on the support team, Jira does allow for private comments so we will have to get you all added to a different user-class within Jira. So once you get an account over there, let one of us know and we'll hook you up.

Some of you have been asking about some sort of private bugtracking system for the progress on 0.8, as well as just having a way to track what we are working on. Jira will allow for both of these to happen. The devs are going to make an effort to create issues for all items we are or will be working on, Jira will also auto-link the commits relating to each issue, as long as we remark the commits correctly.

Did I say bugtracking for 0.8? Yes I did! We will be looking for a few willing, experienced e107'ers to start posting bugs for 0.8. Please contact a dev if you'd like to do this, please ensure you have an account on Jira already.

NOTE: Please expect some issues/changes/stumbling with Jira, we are all still learning the software.

This is a non-urgent upgrade. We've produced this release for a few reasons:

1) As part of the move to subversion, we changed the headers of most files to contain the new svn related keywords. Unfortunately this means that all users must replace their current files with the new ones, otherwise the file inspector won't like it. You will notice the upgrade packages are much larger for this upgrade.

2) I have a script that I wrote that creates the builds from cvs. I was able to set a few values in a configuration file, kick of the script, and have nice release files a minute or so later. Well, obviously the cvs related commands are no longer valid. I've recoded most of the script and it now uses svn commands. It can now also handle 0.7 and 0.8 builds (previous version could not). It was used to create this build, so it needs live testing

3) We needed to get everyone upgraded successfully to .19 with the new build system, just in case we needed to get a security release out quickly (nothing known about currently). Allowing everyone to carefully upgrade now as they find time is much easier than trying to do it quickly later.

Please carefully perform your upgrades and let us know of any problems you find.

As always, you can find the link to downloads here: http://e107.org/edownload.php


UPDATE: I have been working on the changelog to give better information on what has changed between revisions. You can now see all of the changes that occured on 0.7.19 here.

I also added a new 'ignore' parameter to the url, so we can filter out huge commits (like the one that added the svn keywords and affected every file). So you can now see a list of the 'real' files that were changed in 0.7.19, but going here: http://e107.org/svn_changelog.php?version=0.7.19&ignore=11346

Due to some limitations with CVS, e107 is finally moving away from it in favor of subversion (SVN). We realize that there are other newer version control systems out that that are all the rage today (like git), but we feel for our needs SVN will do just fine.

I have made the current cvs repository read-only, so no more commits will occur there. Over the next few days we will be working to update the cvs related information on e107.org to point to the new svn information.

We hope this doesn't cause any issues, but please let us know if you find any. Also, any tips anyone has for dealing with svn will be appreciated.

The changelog has been broken since our host moved us to a new server a few days ago. It is currently being rewritten to work with svn, so expect it to be down for a bit.

Yes, here's yet another release.

We have tightened up some of the security relates stuff from the last release and fixed some bugs that crept into it.
Most notably an issue with not being able to save extended user field data.

I also change a few things in the file inspector to make that a bit more useful, thanks to Lawbringer for that.

Here for changes:

Here for your files:

Note: For anyone who was really quick off the mark, there was a hitch with generating the first set of release files. If you downloaded later than 2235 UTC on 4th February, the files should be good - you can check by opening file e107_admin/ver.php in a text editor, and it should mention 0.7.18 (in some of the releases, the file wasn't there at all).

We all already know what happened to e107.org just because we patched it few ours after the official release of 0.7.17. I'm trying to stay positive - we learned an important lesson, I hope e107 community did the same - a good example of what could happen if you don't apply critical security patch quick enough.

I also spotted first symptoms of panic. They were additionally fed by all kind of security organizations and blog posts, made before we were able to make any kind of statement, because we were busy to fix all current problems and investigate for any additional security vulnerabilities of e107 core (I'm glad the problem came from issue we were already fixed) I'm not angry about this - I know this is the only way of more traffic and popularity (let's call it marketing).

In other hand, I understand the worries of the people using e107 - especially those with less Development/Administration knowledge.

That's why I wrote a small tool and called it (don't ask me why) eCheck Security. I'm not gonna explain what it does here, because I did it already in my eCheck Security PHP tool - find malware on your site Blog post.
I hope this tool will make lot of people feel much more peaceful - at least this was my intention while I wrote it

Cheers

OK, here's what I know happened and what's been done:

* e107.org was hacked using the exact exploit we patched in .17, it looks like we waited too long to fix e107.org. I have spent the past day attempting to clean everything up and am relatively confident I've cleaned it up, but you never know. If hacks persist, we'll have to resort to more drastic measures.

* Yes, there was a zip file that was backdoored. This file was NOT the officially released zip file and the source code was not compromised. While the hackers had access to our server, they uploaded their own version of the full zip file and re-pointed the download link to this corrupt file. It was only the full install .zip file. If you upgraded your version of e107 using files from the full install .zip file, please download the one that is available from sourceforge and re-upgrade.

* The current version (0.7.17) is safe (as far as I know) from further attacks in this same manner, there will be a .18 release someday, but there are no immediate plans for it's release.

* Yes .17 has a new favicon, this was a mistaken commit by one of the devs and the current .17 package files have this file restored.

* When downloading e107 release files, please ensure they are coming from sourceforge, we only release files from there. We have, in the past, provided specific patch files from e107.org locally, but this will stop. If you get a file from somewhere other than sourceforge, don't trust it.

If anyone sees anything odd with their sites or with e107.org, or just has specific question, please do not hesitate to contact me personally. Please be patient, I will attempt to answer anything I receive.