Announcing CMSMS 1.9.4.3 - Important Security Release

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
User avatar
klendino
Forum Members
Forum Members
Posts: 67
Joined: Wed Oct 19, 2005 8:22 pm
Location: Caribbean

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by klendino »

I installed the diff 1.9.4.2 to 1.9.4.3 but need to know if this package is OK to use as I found out there was an install directory and apparently other files which aren't needed be there.

Is it safe to use the diff in a production environment???
faglork

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by faglork »

Just noticed: there is no base install, only an english version. is that the same as "base"?

Cheers,
Alex
faglork

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by faglork »

The not-news-related files in the cmsmadesimple-english-diff-1.9.4.2-1.9.4.3 are all empty - zero bytes.
Same with cmsmadesimple-english-diff-1.9.4.1-1.9.4.3

Do not install.

cmsmadesimple-full-diff-1.9.4.2-1.9.4.3
contains only the news update(contrary to its changelog.txt, which lists all changes).
It contains four other directories (tmp,lib,uploads, images) which are empty but contain a .htaccess with the size of 1 byte.
Same with cmsmadesimple-full-diff-1.9.4.1-1.9.4.3

I suggest that someone checks those diff files ...

Cheers,
Alex
User avatar
KJHunt
Forum Members
Forum Members
Posts: 33
Joined: Tue Aug 15, 2006 2:33 pm

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by KJHunt »

Does anyone know if this upgrade issue with TinyMCE has been resolved. I am about to upgrade a site. Kieran
faglork

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by faglork »

KJHunt wrote:Does anyone know if this upgrade issue with TinyMCE has been resolved. I am about to upgrade a site. Kieran
You can check that by yourself: Download the tar.gz and open it with a standard packing program like IZarc. Look into the modules/timymce folder. If the .js files are of the size of 0 bytes, don't install.

What I am wondering: this is called an "important security release" and the files have been broken since their release 2 weeks ago. Maybe it is not so important after all ...

hth,
Alex
User avatar
KJHunt
Forum Members
Forum Members
Posts: 33
Joined: Tue Aug 15, 2006 2:33 pm

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by KJHunt »

Hi Alex
Thanks for that tip. I have done as you say and can find js files in the following folder: CMS 1-9-4-3\modules\TinyMCE\tinymce\jscripts\tiny_mce.

The files there are:
tiny_mce 178kb
tiny_mce_popup 6kb

So hopefully it will go right for me as I don't have the time for a long fix session.

Thanks again Alex.
faglork

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by faglork »

KJHunt wrote:
So hopefully it will go right for me as I don't have the time for a long fix session.
Just make sure you have a backup, as always ;-)

Cheers,
Alex
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

Was wondering if this issue has been sorted yet?

A couple of sites I am curently working on, having upgraded to 1.9.4.3 are in all sorts of strife with TinyMCE. Can't get the new version etc - glad to find I am not the only one. It is a bit of a worry.
asdf
Forum Members
Forum Members
Posts: 39
Joined: Thu Jul 08, 2010 1:11 pm

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by asdf »

I also find it a bit strange the English diff file contains unnecessary empty files. Are they there to remove the content?

For example there's 13 en_dlg.js empty files in cmsmadesimple-english-diff-1.9.4.2-1.9.4.3.tar.gz but none in cmsmadesimple-1.9.4.3-english.tar.gz. If this is the case, it wouldn't not work in every case, admin/lang/ext/en_CY is a directory on my system but a file in the 1.9.4.3 diff. I'd rather delete files manually if there was a list of files to be removed.
replytomk3

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by replytomk3 »

cb2004 wrote:The diff files are screwed. Only upload these files:

doc/CHANGELOG.txt

modules/news/action.editarticle.php
modules/news/changelog.inc
modules/news/News.module.php

version.php
dmgd
Forum Members
Forum Members
Posts: 115
Joined: Tue Jun 06, 2006 1:10 pm
Location: TX

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by dmgd »

BTW I fixed all my TinyMCE issues by uninstalling TinyMCE, deleting all TinyMCE module files and uploading the latest version and install.
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

dmdg

When I tried to do that, it told me it (new version) was installed and activated but it was no-where to be seen.

What do you mean you uninstalled TinyMCE and then deleted all TinyMCE module files - would they not have been gone after uninstalling TinyMCE?
dmgd
Forum Members
Forum Members
Posts: 115
Joined: Tue Jun 06, 2006 1:10 pm
Location: TX

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by dmgd »

The un-install button only removes the module information form the database. If you click the "remove" button then the files will be deleted and the module will not be available for installation until a the module is uploaded to the modules directory again.

I first un-installed the TinyMCE module using the Extensions | Modules window. (this removes all the TinyMce info form the database)
Then I DELETED the modules/TinyMCE directory. (after this you should not see the module in the Extensions | Modules window)
Next I uploaded the latest version of TinyMCE 2.9.1 and installed it.
jasnick wrote:dmdg

When I tried to do that, it told me it (new version) was installed and activated but it was no-where to be seen.

What do you mean you uninstalled TinyMCE and then deleted all TinyMCE module files - would they not have been gone after uninstalling TinyMCE?
jasnick
Power Poster
Power Poster
Posts: 695
Joined: Sat Jan 15, 2011 8:36 am
Location: Western Australia

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by jasnick »

I understand what you are saying but when I uninstall TinyMCE I don't get the option to Remove Files which has appeared whenever I have uninstalled a module in the past. It just says 'Install'. Usually it has Remove Files I seem to remember.

I decided to try again on a site in my test directory and uninstalled the old version of TinyMCE. Then I went via cPanel and deleted the TinyMCE folder in modules folder. I think that is what you said. Then I went back to Modules and tried to install the latest version and I got the Checksum error message. Unfortunately as I had deleted the old files, when I went back to re-install the old version, it had gone. So now I don't have any version of it at all on one site!

I would have thought that by upgrading to the latest version of CMSMS, that would automatically include the latest version of TinyMCE but it doesn't.

So now I am really stuck. All the sites I have tried it on are in my test directory luckily. I have upgraded to CMSMS 1.9.4.3 and then tried to upgrade TinyMCE. Should it be the other way around?
replytomk3

Re: Announcing CMSMS 1.9.4.3 - Important Security Release

Post by replytomk3 »

jasnick wrote:I decided to try again on a site in my test directory and uninstalled the old version of TinyMCE. Then I went via cPanel and deleted the TinyMCE folder in modules folder. I think that is what you said. Then I went back to Modules and tried to install the latest version and I got the Checksum error message. Unfortunately as I had deleted the old files, when I went back to re-install the old version, it had gone. So now I don't have any version of it at all on one site!
1) Core modules do not have "Remove" option. The only way to remove a core module is by uninstall, then delete folder.

2) If you tried Module Manager to install Tiny, try to install from Forge xml file instead.

3) There is always the third way to install a module: download the zip file from Forge, extract on your computer, upload module files to your /modules directory, and then navigate to "Modules" and then an "Install" option will appear for Tiny.

I had absolutely no luck trying to fix my website which was broken by this "patch", as I was running out of memory, and getting errors trying to quickly install Tiny. I had to upload modules files manually, then install.
Post Reply

Return to “Announcements”