Discuss Joomla! 3.8.4

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
VasyaV001
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Aug 04, 2016 3:24 am

Re: Discuss Joomla! 3.8.4

Post by VasyaV001 » Fri Feb 02, 2018 8:55 pm

Wow! After many problems with the router, ID, session time, errors 500 and more, I rolled back to version 3.8.3. In general, I do not advise multilingual sites are updated to version 3.8.4. I'm sorry! I hope new version 3.8.5 will be better.

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3229
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.8.4

Post by ribo » Fri Feb 02, 2018 9:03 pm

VasyaV001 wrote: In general, I do not advise multilingual sites are updated to version 3.8.4. I'm sorry! I hope new version 3.8.5 will be better.
Wrong advice. I updated many multilingual sites to joomla 3.8.4 and i don t have the problems that you have.
chat room spontes : http://www.spontes.com

wbtcpip
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Feb 03, 2018 11:37 pm

Re: Discuss Joomla! 3.8.4

Post by wbtcpip » Sat Feb 03, 2018 11:40 pm

VasyaV001 wrote:Wow! After many problems with the router, ID, session time, errors 500 and more, I rolled back to version 3.8.3. In general, I do not advise multilingual sites are updated to version 3.8.4. I'm sorry! I hope new version 3.8.5 will be better.
I agree. Me too i had the same probblems in my multilanguage site. Waiting for 3.8.5

Scrabble
Joomla! Intern
Joomla! Intern
Posts: 92
Joined: Wed Oct 01, 2014 10:25 am

Re: Discuss Joomla! 3.8.4

Post by Scrabble » Sun Feb 04, 2018 12:39 pm

sozzled wrote:Jenn and @Scrabble: I reported the colour hilighting issue on GitHub.

https://github.com/joomla/joomla-cms/issues/19520
Thank you.

jojo12
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Sat Apr 24, 2010 5:57 am

Re: Discuss Joomla! 3.8.4

Post by jojo12 » Mon Feb 05, 2018 10:28 am

I had the same problem with login on multilingual sites. And in my eyes it's very bad, that there's no information about that in the FAQ for joomla! 3.8.4. Only searching in some forums showed me, that the login problem comes directly from Joomla!

Fan33GR
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Sat Feb 03, 2018 2:03 pm

Re: Discuss Joomla! 3.8.4

Post by Fan33GR » Tue Feb 06, 2018 7:52 am

Hello to all.

Do we have any news when the next update of Joomla will be released? (3.8.5)

I read about the bugs, but I have a huge problem with the number of visitors and the logged in users because they stay logged in forever and the numbers of visitors also remains and still rising and counting them as they are live in the site all the time.....

Also happens and something funny... Some people think that we do this on purpose to show that we have thousands of visitors to our site :P

So do we know anything about the date of the update?

Thank you.

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3386
Joined: Tue Aug 23, 2005 1:56 pm
Location: Kent / Sussex / Surrey border UK
Contact:

Re: Discuss Joomla! 3.8.4

Post by gws » Tue Feb 06, 2018 1:44 pm

In the interim you can empty the session table via phpmyadmin.Sorry don't know when 3.8.5 will be available.

jgress-
Joomla! Guru
Joomla! Guru
Posts: 945
Joined: Thu Sep 24, 2009 5:40 pm
Location: Santa Cruz, CA, USA

Re: Discuss Joomla! 3.8.4

Post by jgress- » Tue Feb 06, 2018 3:14 pm

Co-author Using Joomla, Second Edition (migration/upgrade included) http://www.usingjoomlabook.com
Find a Joomla User Group (JUG) near you http://community.joomla.org/user-groups.html

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3229
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.8.4

Post by ribo » Tue Feb 06, 2018 3:51 pm

chat room spontes : http://www.spontes.com

rjo
Joomla! Intern
Joomla! Intern
Posts: 54
Joined: Wed May 23, 2007 7:37 pm

Re: Discuss Joomla! 3.8.4

Post by rjo » Tue Feb 06, 2018 4:40 pm

Thanks a lot, the update has resolved the issues with login and editor on two of my sites.
Question: Would it make sense for the future to clearly distinguish between security patches and general patches?
If security patches only contained the relevant fixes, the risk to break other stuff (things happen) could be reduced.
That might help increasing the readiness to install security updates quickly. Some sites might have remained unpatched for a couple of days after the first issues with the update had been reported.

mikerotec
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 146
Joined: Fri Aug 08, 2014 10:08 pm

Re: Discuss Joomla! 3.8.4

Post by mikerotec » Tue Feb 06, 2018 5:15 pm

rjo wrote:Thanks a lot, the update has resolved the issues with login and editor on two of my sites.
Question: Would it make sense for the future to clearly distinguish between security patches and general patches?
If security patches only contained the relevant fixes, the risk to break other stuff (things happen) could be reduced.
That might help increasing the readiness to install security updates quickly. Some sites might have remained unpatched for a couple of days after the first issues with the update had been reported.
I've been asking Joomla for this for years now... it is 'standard best practice' in most other software eco-systems!

BIG THANKS to the devs who got 3.8.5 out... I was on the verge of sending a bulk mailer out to 20,000 users, advising them all to clear their browser cookies!

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3229
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.8.4

Post by ribo » Tue Feb 06, 2018 5:16 pm

If you want to be safe, every time update joomla, third party extensions, template and not be vulnerable. But also there are other things too, like safe passwords, safe ftp, right permissions, etc.
chat room spontes : http://www.spontes.com

rjo
Joomla! Intern
Joomla! Intern
Posts: 54
Joined: Wed May 23, 2007 7:37 pm

Re: Discuss Joomla! 3.8.4

Post by rjo » Tue Feb 06, 2018 5:25 pm

that's what I do ;-)

mbabker
Joomla! Hero
Joomla! Hero
Posts: 2176
Joined: Sun Feb 28, 2010 8:26 pm

Re: Discuss Joomla! 3.8.4

Post by mbabker » Tue Feb 06, 2018 5:48 pm

We can't efficiently distinguish between security patches and "general" patches.

Assume that we had a 3.8.4 release which was JUST the security patches, then the 3.8.5 release was the rest of the maintenance work. Joomla would prompt you to update to 3.8.5 and wouldn't stop nagging until you did so, because it just sees that you are on an out-of-date release.

How do security patches get rolled? Do we patch every previous security release, effectively creating a security only upgrade path for users who just want to lock on a version and never upgrade (i.e. 3.8.2 was a security release, so should there have been a 3.8.2.1 with the 3.8.4 security fixes too), or are users still forced to update to a release which has other miscellaneous fixes in place? Depending on the approach, release day turns into a major affair where a release manager is easily spending 6-8 hours merging patches, committing release tags, running scripts to build packages, and publishing all release artifacts (whereas now if need be I personally could get something out unplanned in 60-90 minutes, 30-45 minutes on a planned release day because of taking the time to prepare things in advance).

While there are a lot of ideas about how security patches can be handled, the resource requirements to implement many of them are too great for an all volunteer workforce (and my employer is not paying for my time spent in release prep, so for me personally I have to sacrifice either other time outside my normal work window or time on my job which affects my paychecks because our release windows fall in line with my office day) so I personally don't see a lot changing anytime soon.
So long and thanks for all the fish.

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e ... 3607f89281

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5375
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Discuss Joomla! 3.8.4

Post by sozzled » Tue Feb 06, 2018 6:53 pm

rjo wrote:Question: Would it make sense for the future to clearly distinguish between security patches and general patches?
I agree with comments made by @ribo and @mbabker.

Before addressing this question (also asked by @mikerotec) I think we should ask these people to consider "What would happen if there was a differentiation between 'security' and 'general' patches?" How might this affect people's decisions to implement the update or not?

Each dot-point release of software (regardless of so-called "eco-system") includes a mix of change: improvements in functionality, resolving outstanding issues that were present in previous releases, improvements in security and (occasionally) improvements or changes in functionality.

So the real question here—whether or not the production team were capable of isolating security from general changes—is really "How would this affect people in deciding whether or not to adopt the update(s)?" When people can adequately address that question then we may have a worthwhile basis for continuing that discussion.

Some people have problems with new releases and some people don't. Some people always have problems (but for different reasons). Some people have problems when they don't update (and some people have problems because they don't update); we tend to receive more topics on this forum for those reasons. I don't believe the case has adequately been made for why differentiating between security and general patches is "better" (or even worthwhile). In the meantime, I agree with@ribo that it's better for overall maintainability of Joomla websites, to apply the changes as and when they are released. 8)
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

rjo
Joomla! Intern
Joomla! Intern
Posts: 54
Joined: Wed May 23, 2007 7:37 pm

Re: Discuss Joomla! 3.8.4

Post by rjo » Tue Feb 06, 2018 7:40 pm

Thanks for your detailed response.
Of course I can only speak for myself. I install security updates immediately because I consider them to be essential. On the other side I would take some time to test updates that contain more profound changes or even new functionality.
Of course non-critical updates must be installed too to not get out of sync with the project. I fully agree to that, but I could avoid spending the weekend on updating when it is not urgent and I could take some time to test in a separate environment before breaking a production website. So I guess it would be nice to have separate security updates, if that was possible. I simply don't know if github provides any tools to assign specific tags to a change and to create a release based on such this information.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5375
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Discuss Joomla! 3.8.4

Post by sozzled » Tue Feb 06, 2018 8:03 pm

@rjo: Everyone has their own/different priorities. Some people have no sense of priorities (and that's why they're still struggling with J! 1.5, J! 2.5 or pre-J! 3.5 websites). Some people never get it into their heads that support for older versions of Joomla is wishful thinking on their part.

The Joomla project is a living, dynamic, evolving project. Of course, everyone has different needs: developers are continually at the cutting-edge of new developments in webcraft and they're continually pressing for those developments to be added to Joomla! Your typical hobbyist/enthusiast/"one-page website" owner may have none of those interests and just wants to build a website, put it "out there" and basically forget about it ... until something comes up and that's when they ask questions on this forum.

There's no pleasing everyone.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

mikerotec
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 146
Joined: Fri Aug 08, 2014 10:08 pm

Re: Discuss Joomla! 3.8.4

Post by mikerotec » Wed Feb 07, 2018 6:18 pm

Actually, I think it's getting much better. The release notes for 3.8.4 did explicitly mention that it included 4 "low priority" security patches.

But I kind of got suckered in with the announcement "Joomla 3.8.4 is now available. This is a security release for the 3.x series of Joomla addressing four security vulnerabilities and including over 100 bug fixes and improvements."

"Joomla 3.8.4 addresses four security vulnerabilities and several bugs"

Unfortunately for our users, I had become complacent after that relatively smooth 3.8.3 update, and made the fatal personal mistake of not TESTING more rigorously. Problem was that our dev test server is NOT https! (Yes, it will be soon...) And on the live server (yes, I do run through the live site after updating...) the issue was not revealed through any surfing of the site - WHILE LOGGED IN - the redirect problem only happened when logged out and then logged in again. ("GOTCHA!")

But really, in retrospect I see that I should not have updated without testing this much more rigourously on an HTTPS dev server. And If there is any improvement I could suggest in the release notes, in the case of 3.8.4 it might have been nice to have a warning like "Note: this release contains Major changes to core routing code, test accordingly!"


Post Reply

Return to “Announcements Discussions”