Announcing CMS Made Simple 1.6.7 – Teremba Bay

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
eirik
New Member
New Member
Posts: 2
Joined: Wed Mar 26, 2008 6:46 am

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by eirik »

knuta wrote:
eirik wrote: Whatever the cause, reducing the number of changes, tends to help reduce risk.
That's what I said, too. However, I said it in the comments on http://blog.cmsmadesimple.org/2010/02/23/announcing-cms-made-simple-1-6-7-teremba-bay/comment-page-1/#comment-4137. Why there are two separate comment threads in the blog and the forums beats me, but that is another story...
Replied here, as this seemed more active -- and more suitable for discussion. Thought it'd be a good idea to let other's know that we're more people that feel the need for a stable release.
knuta wrote:
eirik wrote: Is there any documentation of the bug anywhere, so that I can evaluate the current risk -- and possibly work out a smaller patch?
The bug is documented at http://0x6a616d6573.blogspot.com/2010/02/cms-made-simple-166-file-inclusion.html. They forgot to link to it from the blog post, but the URL is mentioned in the source code.
Thanks for the link. I was a bit surprised to see the reference to bugtraq -- but I generally read it in bulk, a few times a month, so I hadn't seen the post yet.
knuta wrote: I diffed the two releases manually and determined that the security fix seems to be in lib/classes/class.module.inc.php only (and there are no other changes to that file). All the remaining changes seem non-critical, so I simply replaced that file with the new version to be safe before deploying the rest of the new release. It has been running on a relatively busy site for about 34 hours, so at least it didn't break anything.
Thank you for reposting the above information, and details regarding the fix. The original announcement was a bit light on detail.

It appears this is less serious on Linux. Can anyone confirm that ?
User avatar
rotezecke
Power Poster
Power Poster
Posts: 393
Joined: Fri Apr 18, 2008 9:34 pm
Location: Nimbin, Australia

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by rotezecke »

Rolf wrote:
Upgrading and skipping the error message you mentioned isn't a problem, everything still works fine afterwards.
It looks like at this point the folder 'safari' must be deleted (overwritten) and it won't for some reason...
This folder isn't there in the 1.6.7 package
I deleted the safari folder in question at my testsite and everything is still working like it should be.  ::)

Regards, Rolf  :)
It appears that the 1.6.6 - 1.6.7 tries to write an empty file named safari into a place where there's a directory named safari.
i moved the directory safari, tar -xzf 'cms...' and realised that the newly written safari is empty. so i deleted the empty file, and moved safari directory back in its place.

i dont know whether the folder safari should be emptied or not.

cheers
User avatar
Rolf
Dev Team Member
Dev Team Member
Posts: 7802
Joined: Wed Apr 23, 2008 7:53 am
Location: The Netherlands
Contact:

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by Rolf »

Rotezecke,

The folder 'safari' isn't present when installing a brand new base 1.6.7 version...

Grtz. Rolf
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
Cherry

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by Cherry »

just a question.....
will there be a corrected version of the base-diff file?

I think it was promised days ago.

Yours
Cherry
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by Ted »

New diff files are uploaded. Sorry for the delay.
jovo
Forum Members
Forum Members
Posts: 30
Joined: Fri Dec 23, 2005 4:10 pm

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by jovo »

Great.

1.6.7 also solved a problem with IE8 and compatibility mode.

I recently created a new website with 1.6.7 based on the standard NCleanBlue-template with some adjustments. Very nice template!
Also the integrated News-module works fine.

Thanks a lot!
stainless
Forum Members
Forum Members
Posts: 27
Joined: Wed Apr 16, 2008 9:04 pm

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by stainless »

Ziggywigged wrote: I've upgraded a few sites and noticed that nothing loads under the 'Profiles' tab from TinyMCE.
Has this been intentionally removed?
(I tried a reset all settings)
It's true, no profiles after upgrade. !?
Cherry

Re: Announcing CMS Made Simple 1.6.7 – Teremba Bay

Post by Cherry »

It seems that these two files are missing in the base-diff file:

Code: Select all

modules/TinyMCE/function.admin_profiles.php
modules/TinyMCE/templates/profilespanel.tpl
They can be found in the full-diff file.


Yours Cherry
Post Reply

Return to “Announcements”