Discuss Joomla! 3.6 Beta 2

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 21864
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Discuss Joomla! 3.6 Beta 2

Postby pe7er » Thu Jun 16, 2016 1:50 pm

Here you can discuss about the release of Joomla 3.6 Beta 2

See Announcement: viewtopic.php?f=8&t=926772
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Developer of Options Manager Lite https://db8.eu/download/file/options-manager-lite

DonnieDarko
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Fri Nov 06, 2015 9:58 am

Does anyone know if Joomla 3.6 includes security patches?

Postby DonnieDarko » Tue Jun 28, 2016 9:48 am

Hi,
I understand that the Joomla 3.6 stable will be released very soon.

Does anyone know by now if the release would contain important security patch meaning that we would be highly recommended to update from 3.5.1 asap?

I remember when there is a Joomla update release, there is always an assessment in terms of how urgent it is to update. It would be really good if someone can let me know. I am going on holiday for 2 weeks and I have to think of contingency plans if it is the case.
Last edited by imanickam on Tue Jun 28, 2016 11:54 am, edited 1 time in total.
Reason: Merged the topic with the topic http://forum.joomla.org/viewtopic.php?f=9&t=926773

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14412
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Does anyone know if Joomla 3.6 includes security patches?

Postby mandville » Tue Jun 28, 2016 10:14 am

there are no security issues mentioned in the release of j3.6 see https://github.com/joomla/joomla-cms/is ... +3.6.0%22+

any security issues in j3.5.1 would be dealt with i the j3.5. branch
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

DonnieDarko
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Fri Nov 06, 2015 9:58 am

Re: Does anyone know if Joomla 3.6 includes security patches?

Postby DonnieDarko » Tue Jun 28, 2016 11:30 am

Thank you Mandville, that makes sense.

User avatar
mbabker
Joomla! Hero
Joomla! Hero
Posts: 2059
Joined: Sun Feb 28, 2010 8:26 pm
Location: White Bear Lake, MN, USA
Contact:

Re: Discuss Joomla! 3.6 Beta 2

Postby mbabker » Tue Jun 28, 2016 12:36 pm

Even if there were security patches scheduled for 3.6, news of that wouldn't get out beyond a very small circle of people until release day for security reasons. Very rarely has a pre-announcement gone out regarding that, and when it does, it's usually for a major issue.

There might be a minor security patch included in the stable release. There might not be. Depends on what types of security reports have been received and the types of patches the security team is working on. But if there were anything critical a 3.5.2 release would have gone out with that patch had an issue been reported by now and that would presumably still be the case if such a major issue were reported relatively soon.
Production Department Coordinator, Release Lead, CMS Maintainer, Framework Maintainer, Security Team Member, .org System Administrator

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e1e2fbc6b7815a733607f89281

rogereric
I've been banned!
Posts: 1
Joined: Sat Jul 09, 2016 8:36 pm

Re: Discuss Joomla! 3.6 Beta 2

Postby rogereric » Sat Jul 09, 2016 8:48 pm

In the version of Joomla 3.6.0 Beta 2 does not work the method

$user =JFactory::getUser();
$user->get('isRoot')

When Super User is logged the method does not return the value true.

Regards

User avatar
mbabker
Joomla! Hero
Joomla! Hero
Posts: 2059
Joined: Sun Feb 28, 2010 8:26 pm
Location: White Bear Lake, MN, USA
Contact:

Re: Discuss Joomla! 3.6 Beta 2

Postby mbabker » Sat Jul 09, 2016 9:36 pm

Relevant mailing list discussion - https://groups.google.com/d/topic/jooml ... discussion

Long and short, don't rely on that protected property to give you the information you need. It cannot be relied upon until at least one check to JUser::authorise() has been completed and data has been cached.

You should use JUser::authorise('core.admin') instead to consistently check if a user is a root user.
Production Department Coordinator, Release Lead, CMS Maintainer, Framework Maintainer, Security Team Member, .org System Administrator

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e1e2fbc6b7815a733607f89281


Return to “Announcements Discussions”

Who is online

Users browsing this forum: No registered users and 2 guests