Joomla! 1.0.12 Released
Joomla! 1.0.12 [ Sunfire ] is available as of Monday the 25th of December 2006 1:00 UTC
News from Joomla! Website
Joomla! 1.0.12 [ Sunfire ] is available as of Monday the 25th of December 2006 1:00 UTC for download here.
We suggest that all Joomla! users upgrade to this version.
Joomla! 1.0.12 features:
- 140+ General Bug Fixes
- Several low level security fixes
- A full security audit of SQL queries
- SSL switchover support
Although this release contains several security fixes, as they are of a low level nature, this release is still being characterized as a Stability Release. If you are running a version of Joomla! older than 1.0.11, you should upgrade immediately to at least Joomla! 1.0.11 as that release addressed several important security issues. If you are using Joomla! 1.0.11, we recommend that you upgrade to 1.0.12 as it addresses several long standing bugs and several low level security issues.
We are also pleased to announce the creation of a new Security Announcements Forum. As the name suggests, this forum will be used for security announcements for the Joomla! core and third party extensions. We strongly encourage that all Joomla! users register on forum.joomla.org and subscribe to this forum to ensure that they receive notification of important security issues as soon as possible. We also encourage you to do same for all third-party extensions you use, where available.
Release Information
1.0.12 is available as a Full Package, which contains all Joomla! files or Patch Packages which contain only the files that have changed since previous Joomla! 1.0.x version.
A More Secure Joomla!
Joomla! security is getting consistently better. We have dedicated many hours to ensuring that Joomla! is as secure as it can be. To do this, we have adopted a two sided approach that includes automated security tools and manual auditing and revision. For this release, we conducted a complete audit of all SQL queries, reviewed many aspects of our login and authentication systems, and conducted several automated scans in order to make this Joomla! release as secure as possible.
SSL Switchover Support
Joomla! 1.0.12 has reintroduced SSL switchover support. If your website is setup to serve the same files via HTTP or HTTPS you will now be able to create SSL secured logins, easily switch between secure and insecure navigation and do all of your administrative tasks via an SSL protected connection. A FAQ on how to setup these features will be available soon in the Security FAQs section of the Joomla! forums.
Joomla! Version Warning
The version warning system that was added in Joomla! 1.0.11 has been removed from Joomla! 1.0.12. This version of Joomla! is intended to be the last release in the 1.0.x series. The 1.0.x is now in security mode which means that we will not be releasing any more stability updates. There will only be another version in this series if a critical security vulnerability is discovered.
Extension Installer Warning
It is essential that you take a moment after updating the core to check if your extensions are up to date, and update them if a newer version is available.
Often newer versions address not only bugs but security issues as well. You can do this by looking in the components, modules and mambots installer pages, which display a URL to the homepage of the authors, or by checking on extensions.joomla.org.
In order to better educate our users about the security risks that can arise from installing insecure extensions, we have added a warning message at the top of the extension installers. Please remember, 3rd party extensions must be kept up to date just like Joomla! and updating your Joomla! installation(s) will not update the 3rd party extensions installed on your sites.
For a list of extensions that have known security issues please see the List of Vulnerable 3rd Party Extensions.
New to Joomla! or starting a new site
Are you a new Joomla! user? Confused as to which of the 30 available packages to dowload?
The answer is simple. If you are creating a site for the first time, you will need the Full Package file:
The other packages are for those users who have already have an existing Joomla! site and wish to upgrade to the latest version.
Upgrade Instructions
Upgrading from any version of Joomla! 1.0.x to 1.0.12 simply involves
overwriting your current sites files, with the files in the proper
Patch Package that applies to your site.
So if you are running Joomla! 1.0.9, you will need the 1.0.9 to 1.0.12 Patch Package.
This can be done by either uncompressing the Patch Package and then using an FTP client to transfer these files to your server and overwriting existing file. If you find errors after the process, ensure that all files were properly transferred. There have been verified reports of some FTP clients not properly transferring files across to a server - without notifying the user of such a problem. One possible cause is that under certain circumstances the webserver locks the files it is using, and the ftp-server can't update those files. One possibility is to take the site shortly offline during the FTP transfer.
If your Web Provider gives you access to your site via some sort of Web Admin panel like CPanel or Plesk, you can use the syetems file manager to upload the Patch Package file to your server and then extracting the package file and overwriting all the files on your server.
More information can be found on the Forums and if at any stage you are unsure, then search the forums for posts on the subject. Most will be found in the Upgrading Forum.
Conversion Instructions
For those converting from Mambo 4.5.2.x or Mambo 4.5.3 please read these Migration instructions.
You will to need to download the Joomla 1.0.12 Full package.
Backing Up
Before undertaking an Upgrade or Conversion, it is extremely important that you backup your site's Database and if possible, also you site's files. While we try to ensure that an Upgrade or Conversion process is relatively straightforward, we cannot garuantee that this will always be the case for every user. So it is imperative that users take protective measures in case they face problems after the Upgrade or Conversion.
Package Integrity
To ensure the integrity of the files you are downloading, you are advised only to download from the 'Official Source' on the Ofifical Joomla! Forge. As an extra security measure we now make available the MD5 checksum values of the respective package files, to allow people to do integrity checking.
