Discuss Joomla! 3.9.25

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 23026
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Discuss Joomla! 3.9.25

Post by pe7er » Tue Mar 02, 2021 3:32 pm

Here you can discuss about the release of Joomla 3.9.25

See Announcement: viewtopic.php?f=8&t=985109
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13409
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Discuss Joomla! 3.9.25

Post by toivo » Tue Mar 02, 2021 5:25 pm

Localhost test sites and remote sites updated smoothly, as usual. Kudos to the teams and individuals behind this update !
Toivo Talikka, Global Moderator

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1246
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Discuss Joomla! 3.9.25

Post by PhilTaylor-Prazgod » Tue Mar 02, 2021 5:35 pm

For balance, readers should also read https://www.akeeba.com/static-content/5 ... nyway.html which provides insight on two of the reported "vulnerabilities" fixed in this release.
Phil Taylor
Founder, Lead Developer, Idiot.
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20267
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Discuss Joomla! 3.9.25

Post by leolam » Tue Mar 02, 2021 6:01 pm

@PhilTaylor +1

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Webmaster Services: gws-webmaster.services

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4233
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Discuss Joomla! 3.9.25

Post by gws » Tue Mar 02, 2021 6:09 pm

Yes @Phil Taylor that is an interesting read on Security.

User avatar
darb
Joomla! Ace
Joomla! Ace
Posts: 1731
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden
Contact:

Re: Discuss Joomla! 3.9.25

Post by darb » Tue Mar 02, 2021 6:11 pm

leolam wrote:
Tue Mar 02, 2021 6:01 pm
@PhilTaylor +1

Leo 8)
Interesting. why this confusing issues?

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1246
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Discuss Joomla! 3.9.25

Post by PhilTaylor-Prazgod » Tue Mar 02, 2021 7:36 pm

Also [3.9.25] breaks folder name validation because it assumes all folders must start with a-zA-Z

https://github.com/joomla/joomla-cms/issues/32567
Phil Taylor
Founder, Lead Developer, Idiot.
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/

User avatar
Maradona
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Fri Aug 30, 2013 2:08 pm

Re: Discuss Joomla! 3.9.25

Post by Maradona » Tue Mar 02, 2021 9:43 pm

Hi,

Wrong link in 'Additional Information' under Joomla Update.

Thanks :pop

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13409
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Discuss Joomla! 3.9.25

Post by toivo » Tue Mar 02, 2021 10:45 pm

Maradona wrote:
Tue Mar 02, 2021 9:43 pm
Wrong link in 'Additional Information' under Joomla Update.
Thank you for reporting this. It has now been fixed.
Toivo Talikka, Global Moderator

gsmela
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 151
Joined: Thu Jun 10, 2010 12:38 pm
Contact:

Re: Discuss Joomla! 3.9.25

Post by gsmela » Tue Mar 02, 2021 11:04 pm

@PhilTaylor +1

User avatar
Maradona
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Fri Aug 30, 2013 2:08 pm

Re: Discuss Joomla! 3.9.25

Post by Maradona » Wed Mar 03, 2021 12:31 am

toivo wrote:
Tue Mar 02, 2021 10:45 pm
Thank you for reporting this. It has now been fixed.
Looks like it still going to the wrong link in all of my website :p :pop

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13409
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Discuss Joomla! 3.9.25

Post by toivo » Wed Mar 03, 2021 5:36 am

@Maradona, sorry - the link that was fixed was only in the 3.9.25 Announcement here in the forum.

The broken link 'Additional Information' in the Joomla! Update page on an actual website, for example http://example.com/administrator/index. ... omlaupdate, will now be raised as a new item in Joomla! Issue Tracker.
Toivo Talikka, Global Moderator

xtremo54
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Jan 23, 2014 6:00 pm

Re: Discuss Joomla! 3.9.25

Post by xtremo54 » Wed Mar 03, 2021 7:39 am

I notice there was an issue pointed out earlier......so is it OK to do the update or should I wait for a possible 3.9.26 to replace it?

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13409
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Discuss Joomla! 3.9.25

Post by toivo » Wed Mar 03, 2021 8:03 am

xtremo54 wrote:
Wed Mar 03, 2021 7:39 am
I notice there was an issue pointed out earlier......so is it OK to do the update or should I wait for a possible 3.9.26 to replace it?
The information is available from the Github link. If your website does not use folder names starting with numbers, dots or national language characters outside the range a-z A-Z, you should update to 3.9.25 but otherwise wait.
Toivo Talikka, Global Moderator

xtremo54
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Jan 23, 2014 6:00 pm

Re: Discuss Joomla! 3.9.25

Post by xtremo54 » Wed Mar 03, 2021 8:58 am

toivo wrote:
Wed Mar 03, 2021 8:03 am
xtremo54 wrote:
Wed Mar 03, 2021 7:39 am
I notice there was an issue pointed out earlier......so is it OK to do the update or should I wait for a possible 3.9.26 to replace it?
The information is available from the Github link. If your website does not use folder names starting with numbers, dots or national language characters outside the range a-z A-Z, you should update to 3.9.25 but otherwise wait.
Many thanks toivo......I'll hold off and see if there's any update.

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1246
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Discuss Joomla! 3.9.25

Post by PhilTaylor-Prazgod » Wed Mar 03, 2021 11:06 am

I notice there was an issue pointed out earlier......so is it OK to do the update or should I wait for a possible 3.9.26 to replace it?
It doesn't seem that the Joomla Project is giving this any urgency at all and we are not seeing any flurry of activity for a new release urgently like previously.

@HLeithner has declared: "I will write a FAQ entry later today and propose a pr too."

https://github.com/joomla/joomla-cms/issues/32567

Previously they have stated that Joomla 3.9.24 was the last in the Joomla 3 series and only security releases would be considered after that. But here we are.

I would say, if you KNOW you never use folders with a starting char that is not a A-Z or a-z then you should upgrade asap to Joomla 3.9.25.

If you KNOW you DO use folders starting with other chars, including 0-9 or non-latin chars, then I would also say upgrade to Joomla 3.9.25 asap, and then modify the line in question to add your additional characters to the regex (or remove the "return false" in the regex check.


Remember that this is only one security fix amongst the nine fixed in Joomla 3.9.25 (although two others are contested).

There is a new Joomla 3.9.26 milestone created in GitHub, so there "will probably be" a Joomla 3.9.26, if the project so decides.

https://github.com/joomla/joomla-cms/milestone/67
Phil Taylor
Founder, Lead Developer, Idiot.
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/

xtremo54
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Jan 23, 2014 6:00 pm

Re: Discuss Joomla! 3.9.25

Post by xtremo54 » Wed Mar 03, 2021 11:21 am

PhilTaylor-Prazgod wrote:
Wed Mar 03, 2021 11:06 am
I notice there was an issue pointed out earlier......so is it OK to do the update or should I wait for a possible 3.9.26 to replace it?
It doesn't seem that the Joomla Project is giving this any urgency at all and we are not seeing any flurry of activity for a new release urgently like previously.

@HLeithner has declared: "I will write a FAQ entry later today and propose a pr too."

https://github.com/joomla/joomla-cms/issues/32567

Previously they have stated that Joomla 3.9.24 was the last in the Joomla 3 series and only security releases would be considered after that. But here we are.

I would say, if you KNOW you never use folders with a starting char that is not a A-Z or a-z then you should upgrade asap to Joomla 3.9.25.

If you KNOW you DO use folders starting with other chars, including 0-9 or non-latin chars, then I would also say upgrade to Joomla 3.9.25 asap, and then modify the line in question to add your additional characters to the regex (or remove the "return false" in the regex check.


Remember that this is only one security fix amongst the nine fixed in Joomla 3.9.25 (although two others are contested).

There is a new Joomla 3.9.26 milestone created in GitHub, so there "will probably be" a Joomla 3.9.26, if the project so decides.

https://github.com/joomla/joomla-cms/milestone/67
Thanks Phil!

I know for a fact that some sites will have image folders starting with numbers so I'm just going to hold off until we get some sort of update to this.

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1246
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Discuss Joomla! 3.9.25

Post by PhilTaylor-Prazgod » Wed Mar 03, 2021 11:29 am

And to be clear. This is NOT just about image folders.

This is about any folder path that is validated by the joomla file path rule class.

This could effect 3rd party extensions if they implement that rule too.
Phil Taylor
Founder, Lead Developer, Idiot.
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/

BillyS
Joomla! Intern
Joomla! Intern
Posts: 70
Joined: Sat Nov 26, 2005 9:10 pm

Re: Discuss Joomla! 3.9.25

Post by BillyS » Thu Mar 04, 2021 12:22 am

There is a saying in the United States "it takes a big man to admit when he's wrong" (and yes, I do wear a mask - and yes, I did consider moving out of the country - and yes, I am hesitant to even admit I live here after the last four years)

Based on my read of this situation, we have egos getting in the way of customer service. This shouldn't be about who is right and who is wrong but about providing the community with a quality product. I get that as a community we rely on great people to make Joomla a reality but I will leave with some food for thought.

If you were this same role and you introduced this bug to your paying customers, would you fix it immediately?

yaanimai
Joomla! Explorer
Joomla! Explorer
Posts: 356
Joined: Thu Jun 14, 2007 2:48 pm
Location: Coppell, Texas
Contact:

Re: Discuss Joomla! 3.9.25

Post by yaanimai » Thu Mar 04, 2021 1:14 am

Do we know when they plan to release 3.9.26 to fix the bug introduced by 3.9.25? I prefer not to upgrade to a release that can introduce problems for a currently functioning website, Thanks for any info you can provide!

xtremo54
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Jan 23, 2014 6:00 pm

Re: Discuss Joomla! 3.9.25

Post by xtremo54 » Thu Mar 04, 2021 7:45 am

I find it odd that this announcement went out on Twitter yesterday:

A bug has been introduced in 3.9.25 and the Release Team is working on a fix. We are sorry for the inconvenience. Stay tuned!

But I can't see any official announcement here.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13409
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Discuss Joomla! 3.9.25

Post by toivo » Thu Mar 04, 2021 8:33 am

The release FAQ mentions the issue: Version 3.9.25 FAQ
Toivo Talikka, Global Moderator

Fan33GR
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Sat Feb 03, 2018 2:03 pm

Re: Discuss Joomla! 3.9.25

Post by Fan33GR » Thu Mar 04, 2021 3:17 pm

3 sites updated without any problem. Thanks Joomla! team!

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3489
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.9.25

Post by ribo » Thu Mar 04, 2021 3:37 pm

Updating many joomla sites without any issue. Thank you joomla team
chat room spontes : http://www.spontes.com

gilplane
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Mon Sep 03, 2012 2:25 pm

Re: Discuss Joomla! 3.9.25

Post by gilplane » Fri Mar 05, 2021 9:40 am

About ten wesites updated to Joomla 3.9.25 from 3.9.24 with concern and apprehension in view of the above messages.
All went well. Configuration: Joomla, JCE;, Templates Yootheme warp 7, Hikashop, Widgetkit etc ...
Thanks to the Joomla team for this work!

User avatar
Jaydot
Joomla! Explorer
Joomla! Explorer
Posts: 403
Joined: Sun Jun 04, 2017 12:11 pm
Location: The Netherlands
Contact:

Re: Discuss Joomla! 3.9.25

Post by Jaydot » Fri Mar 05, 2021 11:38 am

20+ sites updated flawlessly.
(I didn't expect the bug to affect my sites - and as far as I can tell, it didn't).
Thanks, Joomla team.
The fact that an opinion is widely held is no evidence whatsoever that it is not utterly absurd.
Personal website: https://jaydot.nl

xtremo54
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Jan 23, 2014 6:00 pm

Re: Discuss Joomla! 3.9.25

Post by xtremo54 » Fri Mar 05, 2021 12:40 pm

I'm still holding off.....I'm not taking the risk.

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3489
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.9.25

Post by ribo » Fri Mar 05, 2021 6:37 pm

xtremo54 wrote:
Fri Mar 05, 2021 12:40 pm
I'm still holding off.....I'm not taking the risk.
There is not any risk if you always back up before.
chat room spontes : http://www.spontes.com

xtremo54
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Jan 23, 2014 6:00 pm

Re: Discuss Joomla! 3.9.25

Post by xtremo54 » Fri Mar 05, 2021 8:56 pm

ribo wrote:
Fri Mar 05, 2021 6:37 pm
xtremo54 wrote:
Fri Mar 05, 2021 12:40 pm
I'm still holding off.....I'm not taking the risk.
There is not any risk if you always back up before.
I have many sites......it would take me all day to restore the lot.

Plus it would be disruption to business sites......that can't happen.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20267
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Discuss Joomla! 3.9.25

Post by leolam » Mon Mar 08, 2021 6:09 pm

As posted on Github on the issue:
Why are we so stupid and ignorant @HLeithner not to simply do a quick release where thousands of website are broken because of this? i personally can add or remove line in a piece of code but many users cannot or don't care. A reference to a FAQ does not work since we all know that nobody reads the notes or FAQ...." If I have a problem how should I know that I have to look at FAQ's?" These are not posted on the Joomla forums so most users have no way to find out why the release broke their site

Get a release with a fix out ...you are in charge so do something quick for this community please? Typing many reactions here and elsewhere takes you more time then simply changing a few lines of code and releasing the patch! Get over your pride and spend 30 minutes to get this issue solved!!!
Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Webmaster Services: gws-webmaster.services


Post Reply

Return to “Announcements Discussions”