Discuss Joomla! 3.6.4

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24922
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Discuss Joomla! 3.6.4

Post by pe7er » Tue Oct 25, 2016 2:53 pm

Here you can discuss about the release of Joomla 3.6.4

See Announcement: viewtopic.php?f=8&t=937671
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Discuss Joomla! 3.6.4

Post by sozzled » Tue Oct 25, 2016 8:39 pm

Perhaps it isn't said often enough (amid the usual run of complaints, criticisms and teething problems that accompany each new release of Joomla!) but congratulations and thank you for this important release.

All my sites have updated successfully without any problems whatsoever. 8)

apsilva
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Tue Jul 12, 2016 11:22 pm

Re: Discuss Joomla! 3.6.4

Post by apsilva » Tue Oct 25, 2016 8:47 pm

100+ sites updated without any issue

afoxdvm
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Mon Jan 31, 2011 3:35 pm

Re: Discuss Joomla! 3.6.4

Post by afoxdvm » Wed Oct 26, 2016 12:34 am

Update seemed to go OK (Control Panel shows 3.6.4 is installed and site is working OK), but I am receiving the following error:

An error has occurred.

1286 Unknown storage engine 'InnoDB' SQL=CREATE TABLE IF NOT EXISTS `#__utf8_conversion` (`converted` tinyint(4) NOT NULL DEFAULT 0) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci;

Any suggestions/advice would be appreciated.
Thanks.

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4025
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Discuss Joomla! 3.6.4

Post by itoctopus » Wed Oct 26, 2016 4:51 am

It might be that you're running into a data corruption issue. Try the following (assuming you are running a VPS or a dedicated server):

- Delete the /var/lib/mysq/ib_logfile* (there are 2 files)
- Restart MySQL

Hopefully that should fix your problem.

It might also be that InnoDB is disabled on your server, and only MyISAM is enabled. In this case, you will need to modify all the SQL queries (using find and replace all in your favorite text editor) and change InnoDB to MyISAM.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

User avatar
heisenberg
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Wed Aug 12, 2009 3:29 pm
Location: near Vancouver, Canada

Re: Discuss Joomla! 3.6.4

Post by heisenberg » Wed Oct 26, 2016 6:19 am

Just a note to those who turned off Google Two Factor Authentication through PHPMyAdmin, everything updated fine. Here is my situation...

I had deleted the otpKey and otep from the user accounts along with finding the plugin named plg_twofactorauth_totp and changing its 'enabled' status from '1' to '0' and saved out. This turned off Google 2FA and cleared the user account for a fresh/new Google 2FA "Key" for when this update come out.

I went through the process of setting up Google 2FA again via the "Post-Installation Messages" area within the Control Panel. Everything worked and I got a new "key" and a list of the one-time Emergency Passwords. Make sure you copy those before you close the window. All user accounts that you want Google 2FA on you will have to repeat the same process of enabling.

Maybe someone can verify, if someone did the previous update with Google 2FA disabled but left their otpKey and otep untouched, if they would have to manually delete those items or if they can do the update right over top of it and simply enable Google 2FA and be off to the races.

Thank you very much to the Joomla Core Dev team for turning this around in short order.
-Andrew

three_d
Joomla! Intern
Joomla! Intern
Posts: 96
Joined: Tue Feb 06, 2007 4:33 pm

Re: Discuss Joomla! 3.6.4

Post by three_d » Wed Oct 26, 2016 7:16 am

I think it would be a good idea to seperate Joomla updates in:

bug fix updates which you have to install manually

and automatic security updates which would install automatically.

This way Joomla becomes more secure,
you don't have to check if the bug fixes cause any other problems,
it would save the community a lot of work
and happier clients!

The bug fix updates can then be installed when you have time for it.

User avatar
TomT
Joomla! Ace
Joomla! Ace
Posts: 1323
Joined: Thu Aug 18, 2005 5:50 am
Location: Amsterdam
Contact:

Re: Discuss Joomla! 3.6.4

Post by TomT » Wed Oct 26, 2016 8:32 am

Hi, I didn't receive a notification about this release while I'm sub-scripted to http://feeds.joomla.org/JoomlaSecurityNews. Is there another way to receive notifications?
This time I received a warning form my hosting company and I started updating immediately.

Edit: I found the security mail in the spambox on the server.

User avatar
foxter
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Wed Oct 26, 2016 9:29 am
Contact:

Re: Discuss Joomla! 3.6.4

Post by foxter » Wed Oct 26, 2016 9:32 am

I have updated my website from j3.6.3 to joomla 3.6.4. Now I am not able to login to my website. Is there any possibility to downgrade back to 3.6.3?

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Discuss Joomla! 3.6.4

Post by abernyte » Wed Oct 26, 2016 9:40 am

Of course. Restore your site from the back up you made before updating.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

User avatar
foxter
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Wed Oct 26, 2016 9:29 am
Contact:

Re: Discuss Joomla! 3.6.4

Post by foxter » Wed Oct 26, 2016 9:47 am

:D this is good advice. But I dont have backup. Can I copy files from update zip 3.6.3 direct via FTP? What do I need to copy the least (from old update 3.6.3) that I have access to administrator website?

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Discuss Joomla! 3.6.4

Post by abernyte » Wed Oct 26, 2016 9:55 am

That form of downgrade is unlikely to be successful and is not advised. You need to concentrate on fixing your site at 3.6.4.
Make a post for assistance in the Administration section of the forum and give the error you get when logging in. You could even post the output of the FPA. viewtopic.php?f=621&t=582860
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2619
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Discuss Joomla! 3.6.4

Post by JAVesey » Wed Oct 26, 2016 10:55 am

Just to say thank you to all who contributed to the update and security improvements. Update went like a dream and all is as it should be.

For the record (post above), I regenerated my TFA keys at v3.6.3 after disabling the TFA plugin so I can't help answer the question about pre-existing (i.e. v3.6.2 and earlier) TFA keys. All I can say is that TFA keys regenerated at v3.6.3 are working fine, as is the TFA plugin (which was enabled at the time of the update).

HTH
John V
Cardiff, Wales, UK
Joomla 5.0.3 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.0.3 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28

pswf
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Oct 26, 2016 12:41 pm

All my modules are 'missing' : after upgrade Joomla! 3.6.4

Post by pswf » Wed Oct 26, 2016 12:48 pm



I have 9 Joomla sites, updated them all today with no issues, until I went to a module to work on it, and it will not load. Only give me what you see in the attached picture. A drop down box with only the name of the module in it!

Any advice MOST welcome please!

Thank you SO much

Paul

photomatters.co.uk
You do not have the required permissions to view the files attached to this post.

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3507
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.6.4

Post by ribo » Wed Oct 26, 2016 12:53 pm

Clear your browser cache and restart your browser
chat room spontes : http://www.spontes.com

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: All my modules are 'missing' : after upgrade Joomla! 3.6.4

Post by sozzled » Wed Oct 26, 2016 2:29 pm

pswf wrote:I have 9 Joomla sites, updated them all today with no issues, until I went to a module to work on it, and it ... only [displays] a drop down box with only the name of the module in it!
There is nothing, specifically, in the update from J! 3.6.3 to J! 3.6.4 that contributes to your problem. The issue arises when updating to J! 3.6.3 from an earlier version of Joomla. If you have not seen this problem before it is probably because

a) you have not tried to edit a module in the backend since updating to J! 3.6.3; or
b) you were using an older version of J! 3.x before you updated to J! 3.6.4 today.

In any case, the issue is documented and the reasons and the solution can be found here: viewtopic.php?f=710&t=937052

I hope this helps.

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4025
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Discuss Joomla! 3.6.4

Post by itoctopus » Wed Oct 26, 2016 2:56 pm

A couple of legitimate questions here about 3.6.4:

- How was the security exploit discovered just a couple of days after 3.6.3 was released?
- Why wasn't it discovered during the testing phase of 3.6.3?
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

apsilva
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Tue Jul 12, 2016 11:22 pm

Re: Discuss Joomla! 3.6.4

Post by apsilva » Wed Oct 26, 2016 3:16 pm

Clearly, nothing to do with 3.6.3, it's from 3.4.4 to 3.6.3 as you can see in the release news.
https://www.joomla.org/announcements/re ... eased.html

deleted user

Re: Discuss Joomla! 3.6.4

Post by deleted user » Wed Oct 26, 2016 3:26 pm

We can't control when security issues are reported. Demis' report to the security team came at about the same time that 3.6.3 was being sent out, even if the team had immediately looked at that issue and decided it needed immediate action it wouldn't have come until after the 3.6.3 release went out. It's not the first time a security report has come so close to a release (3.3.5 was released because of a security report received in the 24 hours after 3.3.4's release).

@itoctopus you're fully aware of why this wasn't discovered sooner, you answered one of Demis' queries on a public forum before he came to realize the security implications of the issue. He actually has a good blog post on this, see http://www.fox.ra.it/technical-articles ... ility.html

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4025
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Discuss Joomla! 3.6.4

Post by itoctopus » Wed Oct 26, 2016 5:04 pm

@mbabker No - I'm not - I'm sure you are just (mis)assuming this. My intention wasn't to start a debate, and your answer was the explanation I needed. Thanks for the link - really helpful.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

deleted user

Re: Discuss Joomla! 3.6.4

Post by deleted user » Wed Oct 26, 2016 5:56 pm

If you haven't already, put two and two together and you get exactly why I worded my last part of that post the way I did ;-)

User avatar
fatica
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Jan 19, 2007 10:32 pm
Contact:

Re: Discuss Joomla! 3.6.4

Post by fatica » Wed Oct 26, 2016 10:05 pm

Hi, thanks for the security update.

We use Joomla to power a JSON API, and this update broke our authentication. Same database, different Joomla files causes this difference:

http://screencast.com/t/Uodsy7Te45FO

"Before" is in the background and "After" is in the foreground. The below code is responsible, but I don't see why this would stop working with this update.

The code takes the username and password from the URL and tests agains the $app->login. This now fails. Can anyone advise?

Code: Select all


        $credentials = array( 'username' => JRequest::getVar('username'), 'password' => JRequest::getVar('password') );

        $app = JFactory::getApplication();

        try{
            $response = $app->login($credentials);
        }catch(Exception $e){}

        if(!$response){
            JError::raiseError(403, 'Access Denied.  Invalid Username and Password.');
        }

User avatar
fatica
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Jan 19, 2007 10:32 pm
Contact:

Re: Discuss Joomla! 3.6.4

Post by fatica » Wed Oct 26, 2016 10:58 pm

In case this is helpful, the exception contents thrown at $app->login is

Code: Select all

RuntimeException Object
(
    [message:protected] => Error initialising the session.
    [string:Exception:private] => 
    [code:protected] => 1290
    [file:protected] => /var/sources/ml/libraries/cms/application/cms.php
    [line:protected] => 216
    [trace:Exception:private] => Array
        (
            [0] => Array
                (
                    [file] => /var/sources/ml/plugins/user/joomla/joomla.php
                    [line] => 222
                    [function] => checkSession
                    [class] => JApplicationCms
                    [type] => ->
                    [args] => Array
                        (
                        )

                )

            [1] => Array
                (
                    [function] => onUserLogin
                    [class] => PlgUserJoomla
                    [type] => ->
                    [args] => Array
                        (
                            [0] => Array
                                (
                                    [status] => 1
                                    [type] => Joomla
                                    [error_message] => 
                                    [username] => <redacted>
                                    [password] => <redacted>
                                    [email] => <redacted>
                                    [fullname] => API
                                    [birthdate] => 
                                    [gender] => 
                                    [postcode] => 
                                    [country] => 
                                    [language] => 
                                    [timezone] =>
                                    

User avatar
fatica
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Jan 19, 2007 10:32 pm
Contact:

Re: Discuss Joomla! 3.6.4

Post by fatica » Wed Oct 26, 2016 11:37 pm

Also we are using memcached for the session handler.

User avatar
fatica
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Jan 19, 2007 10:32 pm
Contact:

Re: Discuss Joomla! 3.6.4

Post by fatica » Wed Oct 26, 2016 11:45 pm

Turns out this server was updated from 3.4.8 to 3.6.4, causing this issue, so it may not be a 3.6.4 specific issue.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20651
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: Discuss Joomla! 3.6.4

Post by leolam » Thu Oct 27, 2016 3:27 pm

fatica wrote:Turns out this server was updated from 3.4.8 to 3.6.4, causing this issue, so it may not be a 3.6.4 specific issue.
Server was updated or Joomla? Server cannot be "updated to 3.6.4"

Just to be precise

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -

User avatar
fatica
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 153
Joined: Fri Jan 19, 2007 10:32 pm
Contact:

Re: Discuss Joomla! 3.6.4

Post by fatica » Thu Oct 27, 2016 4:27 pm

In this statement I was referring to Joomla. In that Joomla *on this server* was updated from 3.4.8 to 3.6.4. I'm terribly sorry if that was unclear.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20651
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: Discuss Joomla! 3.6.4

Post by leolam » Thu Oct 27, 2016 4:34 pm

It was clear to me but others on these forums might be confused therefore....Thanks for clarifying and have fun with J3.6.4 onward

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -

JocelynJoomla
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Sep 13, 2016 4:03 pm

Site shows 3.6.2 despite upgrade

Post by JocelynJoomla » Thu Oct 27, 2016 4:59 pm

Hi

I upgraded client's site to 3.6.4 this morning. Came back a couple of hours later to check all is ok and it's saying it's running version 3.6.2 and I should upgrade?

Any ideas?

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20651
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: Discuss Joomla! 3.6.4

Post by leolam » Thu Oct 27, 2016 5:05 pm

@JocelynJoomla Clear All caches & (Joomla) Browser cache

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -


Locked

Return to “Announcements Discussions”