Joomla! Discussion Forums

I need to deploy a new site and I am wondering if I might be better off with deploying 1.0.10 since I see A LOT of session/timeouts/warnings issue with this latest release. Which one should it be?

Should we expect another release soon?

1.0.10 has some major security issues, but the 1.0.11 has not been tested to well http://forum.joomla.org/index.php/topic,90039.0.html(only my opinion). I would build the website in 1.0.10 and upgrade later (but don't make any changes to the core files).

Futhermore i don't thing an upgrade needs the install directory and i saw a lot of unchanged files in the update package (10--> 11).

I think I will do just that. Thanks Mark V.

My sites all run very well with 1.0.11. And if I would be in your shoes, I wouldn't take the risk of being hacked. Stay with 1.0.11. There are reasons why we are all telling you to use the latest version!

I have to say that up to now - upgrading from I think 1.0.8 to 1.0.11 via patches I have not had any issues, however I'm getting an odd timeout issue now.  I think I may be to blame because I do wonder whether I should change the access permissions on all files/directories before I upgrade, or else, maybe, unzipping the patch directly in my home directory may mean that certain files are not being overwritten, but I'm not sure of this.

I'm considering a clean install of the full version of 1.0.11 and then re-installing the add-ons I'm using.  I would connect to the same dbase and copy my hacked template over to the new installation. 

I guess it's just me, but I'm never really sure that the installation of the patches has gone perfectly.  There may well me a market for a component which is capable of transferring the contents of an existing installation over to a fresh one - unless something like this already exists. There is a way of checking that all the files are as they should be - Joomla file diagnostics (1.0.11) - does this, because  apart from your site doing odd things, it's not always easy to understand if everything in the right place and is the right version. 

Joomla! is, to an extent, a victim of it's own success, in that it is being targeted by more and more hackers, with the result that Joomla! users need to have a much more detailed technical understanding to keep on top of the various updates and security related settings.  I'm not from a programming, php, Apache or web design background and this seems to be becoming more of a problem for me IMHO.

I'm sorry, but if you get hacked, problems will be solved in no time. The trouble 1.0.11 gave us took us a day. No offence, but the version has not been tested well and the problems are piling up. Just look at the bugtracker. I would gladly test a 1.0.12 version and switch directly from 10 to 12.

MarkV, that is outright bullshit. it might be, that you are prepared for a hack and have daily backups and that you are experienced enough to copy a backup back in no time, but most users, especially those that rely on this forum, don't have these backups and this expertise. You say you had so many problems with J! 1.0.11, I say, I don't have any problems with it. You are giving advise that sounds like "Don't fasten your seat belt, it could restrict you in your movements and an accident isn't so bad" 1.0.11 has been tested very thoroughly and a lot of bugs have been removed, but there is no software out there, that is bug free. If you look around in the security forum, you stumble upon dozens of users, that have problems getting their site back up and which keep them down for days, sometimes even weeks.
So please don't tell people that they shouldn't update.

Yes i am experienced enough to copy a backup in no time and yes i have daily backups.

He asked a fair question and asked for opinions. I write software fairly often, and bugs do happen. We have about 30 site under daily management and we upgraded the first today. It was not easy. In the past year we have had one site hack for 30 sites. The time it took us put back a backup: 1 hour (because of the large number of files, if we had been able to upload a tar it would have been 15 minutes). The total time we spend updating joomla... i don't even want to know .

Most users have loads of components installed. Unless you have a perfect local test setup, testing joomla with all your components if difficult. So just 'risk' updating and hope every component still works? There is a chance you'll be searching for little bugs all day long (as i have today).

Somebody ones said: If it aint broken don't fix it. Cobal is a very old programmers language, but large systems still run on it. Thats not because its perfect, thats because it works.

Is it anoying when your site is hacked: yes. If you don't want to risk it: update. If you ask for my opinion on updating: i'll give it. If you want to start building a new site (from scratch): use the latest version of Joomla. (opensef/joomfish/search don't mix  )

Hackwar i don't want to step on your toes and i can't expect a joomla test team to test a new version with all the components out there. I  Joomla! and it developers. I liked the opensef/MS way of doing update things. Release a public beta and let people test it with all their weird setups. There is always a group of early adapters which find most of the weird bugs (and their solutions). The less experianced user can wait until the final update appears.

I have had nothing but headaches with 1.0.11, from error messages through to timeouts, and page errors. 
1.0.10 worked perfectly for 5 months that I had it going, upgraded to 1.0.11 and within a couple of days the sites down, users are complaining, timeouts, page errors etc.  (2 seperate sites!)
THERE IS PROBLEMS WITH VERSION 1.0.11 - Whether the introduced problems outway the fear of being hacked (because of security issues) is an individuals choice!

GOOD LUCK TO ALL!

I had the same problem...upgraded and caused problems.  I reverted back to 1.010 and will stick with that for the time being

Just to put the opposite view, I upgraded two sites.  Both went well with few problems, mainly because I read the forums beforehand and knew what problems could arise and what the solutions were.  I'd say it took around 30 mins to upgrade both sites and test them to make sure everything worked as expected.

It was a bit more work than the last upgrade that's true, but it will be nothing compared to the move from 1.0.11 to 1.5

I am still a relative newbie to this.  Over time I have migrated from PHP-Nuke to Mambo to Joomla, to version .7, .8, .9, .10...  All with NO problems.  .11, seemed ok at first.  But soon found Issues with components like Anjel, Site timeouts and hangs, and Unwriteable directories all after the upgrade.  On ALL my sites (I have 7).

And I still haven't figured it all out yet.  Not happy. 

I've had problems with my upgrade but I think the fault lies with my FTP program and not Joomla.  Apparently some files aren't getting copied over and just when I think I have it solved, I find another issue.  I'd probably be better off to wipe the directories clean and start over again instead of rewriting.

That being said, I think a new install should go just fine.  Bugs are bad but can typically be solved without too much trouble... critical security threats are much worse.

Well, I TRIED to upgrade a nicely running site 1.0.10 site today but now all I get when I try to access my homepage is "Fatal error: Call to a member function on a non-object in /home/(my account)/public_html/(mysite)/index.php on line 151"!  I NEVER had this problem with previous upgrades.  Most disappointing.

I'm also very disappointed in the tone being expressed here that goes something like "You better upgrade now or you're going to get hacked!"  Talk about unhelpful fear mongering.  And totally not helpful to people who are having honest and sincere problems with the latest version.

Hi Tim,
1) Most likely, the upload of the files failed. Please try to upload them again and overwrite the old ones.
2) We don't say "Upgrade or else...." for fun. Unfortunately, 99% of all hacks are done through old Joomla versions or extensions and when these people come and complain about it, they say we are at fault. Joomla is getting bad media coverage from angry users that have been hacked and everytime you ask for the versions and how the hacker got in, it was an (very) old Joomla or a vulnerable extension. We know that its difficult to allways stay on top and read all the postings about security and such in the forum, but at the moment, we can't do this another way. There are plans on how to support users with automatic version checking, both for Joomla and for extensions, but these things need VERY careful planning. To give you an example: In Joomla 1.0.11 we had a really advanced version checking, that would have tried to get information about the current version of Joomla each 24 hours and it worked really great when it was tested internally. But then Rey made some calculations and came to the conclusion that this version checker would most likely have killed joomla.org with the additional traffic.
I hope you can understand what is behind this all and give us some more credit.
Hannes

Of course I can give you more credit.  And thanks for the explanation.  I hope other folks see it.

But people here still need to be a bit more caring about how they talk to what are essentially their "customers".  Many of the folks here are very new to all of this and are trying their honest best to figure it out.

I recommend the way AmyStephen and some of the other old hands deal with repeated questions; kindly take the time to supply the most helpfull answer then point the individual to a previous thread which addressed the issue more fully.  The new person may just learn how to use the search utility before rushing to ask the next question (though the search utility has its own weaknesses and can be very frustrating and inadequate - if only it would simply read my mind and get me what I want!).

I know dealing with "customers" can be very frustrating.  Twice in my career I supervised IT helpdesk operations and staff.  But you always have to put yourself in the position of the person posing the question or making the complaint.  Treating your "customers" rudely will more quickly ruin your rep and drive people away to other solutions then accusations of promoting buggy software.

Joomla is great software and the people who seem to be constantly working to make it better are stupendous.  But we don't want the community to get the reputation of being occupied by a bunch of cranky, arrogant, better-than-you-inferior-beings nerds.

Tim Olaguna - I totally agree with you.

Personally, I implement sites for clients with Joomla and in the last couple of months we have seen more than a couple "MUST!" upgrades. One or two a year of these MUST upgrades is ok but when every other release is a must I started to look around on the boards and noticed that these upgrades lead to other issues (as always) - therefore my trust in Joomla's core teams recommendations suffers.

I have A LOT of respect to the core Joomla team and think highly of the quality of their code, at the same time, let's get serious here. I don't see the rush to fix one security hole when the tradeoff is breaking a few other things in the application.

In any case, I noticed that Joomla has a new member - Rob Schley - Quality and Testing Engineer. (http://www.joomla.org/content/view/1940/74/). Welcome Rob, and please consider our remarks in this thread. Thanks!

To Whom It May Concern, I finally resolved my problems with 1.0.11.

The upgrade from 1.0.10 to 1.0.11 had worked just fine on my PC test site.  That was why I was so frustrated the upgrade wouldn't work after multiple uploads of 1.0.11 (just essential then finally several times the full package) to my ISP.  It was particularly aggravatiing  when a full upload of the earlier 1.0.10 went smoothly and brought my site snappily back to life.

For all of my earlier attempts I used FileZilla to ftp the 1.0.11 file package.  FileZilla has always worked well for me in the past and I was using the latest version.  For my last attempt, though, on a hunch I downloaded and installed SmartFTP.  After uploading the full 1.0.11 package one more time with that package the upgrade worked!

I don't know why a package uploaded with SmartFTP worked where one uploaded with FileZilla did not.  Particularly when the 1.0.10 package uploaded with FileZilla earlier worked.  I did notice the SmartFTP 1.0.11 package upload seemed to take longer than the 1.0.11 FileZilla uploads did.  Is SmartFTP more "ruthless" about overwriting files than FileZilla???

that is unexpected. Perhaps you had a file corruption that FileZilla wasn't able to work out and SmartFTP did. I usually don't use filezilla but it is interesting to make a note of this incident.

Thanks!

Just wondering, 1.0.11 has been on the market now for a couple of weeks ...when would 1.0.12 be due?

Please read this