Announcing CMSMS 1.9.4.3 - Important Security Release

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

Thanks replytomk3

I'll try as you suggest in my test site. I have so many installations that need to be upgraded that I need to get it right first. Would have been so easy if things worked as they should! Not a complaint - I know everyone is a volunteer with other jobs etc.

Thanks again!
dmgd
Forum Members
Forum Members
Posts: 115
Joined: Tue Jun 06, 2006 1:10 pm
Location: TX

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by dmgd »

One other thing to note about TinyMCE. Always upload it and really all CMSMS files in Binary mode. Sometimes the checksup is off or files become corrupt if you up load in ASCII. I think it has something to do with the JavaScript files.
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

Thanks, dmgd, I'll watch out for that
replytomk3

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by replytomk3 »

dmgd wrote:One other thing to note about TinyMCE. Always upload it and really all CMSMS files in Binary mode. Sometimes the checksup is off or files become corrupt if you up load in ASCII. I think it has something to do with the JavaScript files.
FileZilla was set to Binary. Yet I was uploading with errors. The only solution was to upload a compressed file to my server, and extract it from SSH. How exactly to untar a compressed file is described in Wiki docs and on my site.
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

Success! Couldn't download the XML (error message) so did the zip. Went very well, no issues and then clicked on Install in Modules.

Thanks so much for all the help.

One last question, do I install the new TinyMCE before or after upgrading all my sites to CMSMS 1.9.4.3?
replytomk3

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by replytomk3 »

If you upgrade properly, like this:
cb2004 wrote:The diff files are screwed. Only upload these files:

doc/CHANGELOG.txt

modules/news/action.editarticle.php
modules/news/changelog.inc
modules/news/News.module.php

version.php

Then you will not be forced to have to upgrade Tiny, and your htaccess files will not be overwritten with empty files. Installing the patch as-is will create a security vulnerability as your files will no longer be protected by htaccess.
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

replytomk3

I'm not sure I understand. I am talking about upgrading from CMSMS 1.9.4.2 to CMSMS 1.9.4.3 which I do via Softaculous in my cPanel. I have just clicked on the upgrade symbol. So far only in my test site directories.

Are you saying that if I do that, it stuffs up? I should only upload:

doc/CHANGELOG.txt

modules/news/action.editarticle.php
modules/news/changelog.inc
modules/news/News.module.php

version.php

the above? If so, I have looked at the big list of downloads in the Forge - which one do I download? Then just upload the files listed above and overwrite?

If I do that, what is the result? Obviously I ignore the upgrade via Softaculous. What about TinyMCE once I have the files listed above in place? Do I then upgrade that as well?

Sorry to be a nuisance - I am not very technical.

Thanks for the help.
janvl
Power Poster
Power Poster
Posts: 947
Joined: Wed Aug 13, 2008 10:57 am

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by janvl »

Hi,

one should always make a backup before one begins updating.
Usually I take the files from
cmsmadesimple-full-diff-1.9.4.2-1.9.4.3.tar.gz
Just extract them to an empty subdirectory of your choice.

After that use FTP and copy the files into your CMSMS installation overwriting the old files.

Then you start your installation and have a look with the modulemanager, what modules need an update, that is the easiest way.
Some webserver do not allow the update for some large modules, then you search for the XML-file and upload the file in the menu-item "modules" check the box to overwrite existing modules. After the upload you must install it.

I hope this will help you.

Kind regards,
Jan
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

Thank you , Jan - that's a great help!
Tested it out on my own site first and it went without a hitch.
wournos
Forum Members
Forum Members
Posts: 40
Joined: Sat Jun 23, 2007 6:23 pm

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by wournos »

This has caused more issues than I expected. I have never had issues with upgrades in the past, overlooking Mac ghost files. But this time the database tables that held all my pages (all 250+ of them) was erased along with all my templates.

Could someone in charge please be more specific when it comes to what difference there are between packages? I am going through Reinstall Backup Hell right now. >:(
replytomk3

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by replytomk3 »

wournos wrote:This has caused more issues than I expected. I have never had issues with upgrades in the past, overlooking Mac ghost files. But this time the database tables that held all my pages (all 250+ of them) was erased along with all my templates.

Could someone in charge please be more specific when it comes to what difference there are between packages? I am going through Reinstall Backup Hell right now. >:(
Post in a new thread what exactly happened. I don't see how this patch, even though being buggy, would delete database files.
wournos
Forum Members
Forum Members
Posts: 40
Joined: Sat Jun 23, 2007 6:23 pm

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by wournos »

replytomk3 wrote:
wournos wrote:This has caused more issues than I expected. I have never had issues with upgrades in the past, overlooking Mac ghost files. But this time the database tables that held all my pages (all 250+ of them) was erased along with all my templates.

Could someone in charge please be more specific when it comes to what difference there are between packages? I am going through Reinstall Backup Hell right now. >:(
Post in a new thread what exactly happened. I don't see how this patch, even though being buggy, would delete database files.
I downloaded the package cmsmadesimple-1.9.4.3-full.tar.gz mainly because I never know which package I'm supposed to use. This time it asked me to add all my database details, which got me suspicious. So I canceled the upgrade and tried to reinstall v. 1.9.4.2 (that I had saved on my comp since the last upgrade) to revert back to my old version. This too asked for database details so I figured it must be a new thing when updating.
Note: My website is my hobby and nothing else. My knowledge is limited so that is why I depend on well-written information.

I completed the update only to find that the tables with templates and my pages had been erased. So I had to go through 4 hours of back-up reinstallment as well as fix TinyMCE and the news module.

Everything seems to work as it should now (except for added signs/code on several pages) but I would really appreciate a more detailed explanation of what the different packages are meant for so that I don't have to go through this again.
Jos
Support Guru
Support Guru
Posts: 4017
Joined: Wed Sep 05, 2007 8:03 pm
Location: The Netherlands

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by Jos »

Post Reply

Return to “Announcements”