Discuss Joomla! 3.9.14

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22846
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Discuss Joomla! 3.9.14

Post by pe7er » Tue Dec 17, 2019 3:26 pm

Here you can discuss about the release of Joomla 3.9.14

See Announcement: viewtopic.php?f=8&t=976545
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3475
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.9.14

Post by ribo » Tue Dec 17, 2019 4:21 pm

Update progress went fine without any issue. Thank you joomla team
chat room spontes : http://www.spontes.com

deleted user

Re: Discuss Joomla! 3.9.14

Post by deleted user » Tue Dec 17, 2019 4:40 pm

Please be careful about upgrading to this release. Unvetted non-security related changes were included into the release and when confronted the release lead would not offer an explanation as to the nature of these changes. Based on my analysis, these are not security changes and therefore the quality control surrounding this release is to be questioned.

jgress-
Joomla! Ace
Joomla! Ace
Posts: 1078
Joined: Thu Sep 24, 2009 5:40 pm
Location: Austin, TX, USA

Re: Discuss Joomla! 3.9.14

Post by jgress- » Tue Dec 17, 2019 4:51 pm

mbabker wrote:
Tue Dec 17, 2019 4:40 pm
Please be careful about upgrading to this release. Unvetted non-security related changes were included into the release and when confronted the release lead would not offer an explanation as to the nature of these changes. Based on my analysis, these are not security changes and therefore the quality control surrounding this release is to be questioned.
Thanks Michael. What could happen as a result of applying the release? Or how should we be careful? Or what should we check?
Co-author Using Joomla, Second Edition (migration/upgrade included) http://www.usingjoomlabook.com
Find a Joomla User Group (JUG) near you http://community.joomla.org/user-groups.html

deleted user

Re: Discuss Joomla! 3.9.14

Post by deleted user » Tue Dec 17, 2019 5:15 pm

For clarity, the changes do not look to introduce new issues and actually would resolve a PHP compatibility issue on newer PHP versions. But the point is these were direct committed under the guise of being a security fix when they are clearly not, and if these types of things are being direct committed without proper review then I personally question the QA process as a whole.

jgress-
Joomla! Ace
Joomla! Ace
Posts: 1078
Joined: Thu Sep 24, 2009 5:40 pm
Location: Austin, TX, USA

Re: Discuss Joomla! 3.9.14

Post by jgress- » Tue Dec 17, 2019 5:18 pm

mbabker wrote:
Tue Dec 17, 2019 5:15 pm
For clarity, the changes do not look to introduce new issues and actually would resolve a PHP compatibility issue on newer PHP versions. But the point is these were direct committed under the guise of being a security fix when they are clearly not, and if these types of things are being direct committed without proper review then I personally question the QA process as a whole.
I see. Definitely disconcerting. Thank you for clarifying. I appreciate you. Always have. Always will.
Co-author Using Joomla, Second Edition (migration/upgrade included) http://www.usingjoomlabook.com
Find a Joomla User Group (JUG) near you http://community.joomla.org/user-groups.html

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39234
Joined: Sat Apr 05, 2008 9:58 pm

Re: Discuss Joomla! 3.9.14

Post by Webdongle » Tue Dec 17, 2019 5:53 pm

mbabker wrote:
Tue Dec 17, 2019 4:40 pm
Please be careful about upgrading to this release. Unvetted non-security related changes were included into the release and when confronted the release lead would not offer an explanation as to the nature of these changes. Based on my analysis, these are not security changes and therefore the quality control surrounding this release is to be questioned.
If
The changes are unvetted
And
The release lead is refusing to justify the changes
Then
What is being hidden and why?

As some sort of marketing deal been made?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2275
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Discuss Joomla! 3.9.14

Post by JAVesey » Tue Dec 17, 2019 6:01 pm

ribo wrote:
Tue Dec 17, 2019 4:21 pm
Update progress went fine without any issue. Thank you joomla team
Ditto.

I'll get the :pop out for the rest of the discussion ;)
John V
Cardiff, Wales, UK
Uses Joomla 3.9.23 and PHP7.4.11

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3909
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Discuss Joomla! 3.9.14

Post by abernyte » Tue Dec 17, 2019 6:49 pm

Assuming that this transpires to have been a ...well, misunderstanding, it is really not a good look for Joomla.
My disappointment meter is twitching wildly.
What we obtain too cheap, we esteem too lightly…Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39234
Joined: Sat Apr 05, 2008 9:58 pm

Re: Discuss Joomla! 3.9.14

Post by Webdongle » Tue Dec 17, 2019 7:20 pm

When has a refusal to justify an action been a 'misunderstanding'? It either is something that is being hidden because it known not to be popular or it is incompetence. There is no excuse for refusing to give a reason for changing code in an open source project. Don't forget the J4 Template development was kept hidden.

What is the code and what does it do?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

deleted user

Re: Discuss Joomla! 3.9.14

Post by deleted user » Tue Dec 17, 2019 7:28 pm

There were two changes I pointed out that I was told "these are security fixes" with no further explanation.

One of them addresses a PHP 7.3 compatibility issue in one of the FOF files distributed with Joomla.

The other change looks to be a change for the sake of change and at best might address an undefined constant notice for failing to create all required path constants before importing a specific file.

Neither of these changes are in any way security related unless you're calling a PHP compatibility fix a security fix because it removes a PHP notice with a full path inside it; the second issue is really more a case of the developer did something wrong and there's nothing to change in core but I digress. And if that really qualifies as a security fix, then there are a half a dozen other patches in 3.9.13 and 3.9.14 that should be labeled as such but are not. And if that really is the operating motive, then all future PHP compatibility work must be done under the guise of being security fixes and cannot be addressed on the public issue tracker.

Let me make this clear. The code in question is not faulty. The procedure used to land the changes is completely FUBAR and leads me to question the release procedure, the security reporting procedure, and any quality control measures that might be in place.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39234
Joined: Sat Apr 05, 2008 9:58 pm

Re: Discuss Joomla! 3.9.14

Post by Webdongle » Tue Dec 17, 2019 8:30 pm

That sounds like incompetence to me.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
Rondeb
Joomla! Explorer
Joomla! Explorer
Posts: 263
Joined: Mon Dec 02, 2013 12:14 pm
Location: Meschede - Germany
Contact:

Re: Discuss Joomla! 3.9.14

Post by Rondeb » Tue Dec 17, 2019 9:22 pm

Update 20 joomla sites and no problems!

Thanks Joomla team for the great work.

Have a nice christmas and happy new year :)

Greatings Ron

cheshirealan
Joomla! Apprentice
Joomla! Apprentice
Posts: 35
Joined: Mon Nov 01, 2010 10:35 pm

Re: Discuss Joomla! 3.9.14

Post by cheshirealan » Wed Dec 18, 2019 8:19 am

My site is not offering me this update. Is this a known issue? I am currently on 3.9.13.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39234
Joined: Sat Apr 05, 2008 9:58 pm

Re: Discuss Joomla! 3.9.14

Post by Webdongle » Wed Dec 18, 2019 9:25 am

You can download the update package then use Components >>> Joomla update ... Upload&Update (tab). Most likely your server is preventing direct connection to the update server.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
darb
Joomla! Ace
Joomla! Ace
Posts: 1684
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden
Contact:

Re: Discuss Joomla! 3.9.14

Post by darb » Wed Dec 18, 2019 10:11 am

Updated all works well and see no problem with this update. Tnks and Merry Christmas and a Happy New Joomla year! :D

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9886
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Discuss Joomla! 3.9.14

Post by sozzled » Wed Dec 18, 2019 8:37 pm

Thanks, @pe7er, for creating this topic and allowing us to have this discussion.

I keep my J! websites updated with the latest versions. I am guided to update by reading comments in topics like this one. A lot of the time, the changes or fixes included in the update summary don't apply to me; I wouldn't know a CVE if one fell from the sky and hit me on the head. But, that being said, if the update is judged by other members of the J! community to be safe to use then I update my websites anyway.

I keep my J! websites updated with the latest software not because I will use all the features included in that software release. I keep them updated because I don't want to fall into the situations often encountered by other members of the community who fail to update their websites until they reach a situation where the wheels fall off. I keep my websites updated because I want to remain with the leaders of the pack; not the strayers.

It doesn't take me too long to update my websites: I set aside an hour or two each month for each website (and I don't have too many sites to maintain) and I keep to this practice. Yesterday and today I kept to my schedule and updated all my J! 3.x websites to J! 3.9.14; successfully as far as I can tell.

We've had quite a few discussions on the forum about the number and frequency of updates. As far as raw numbers are concerned, there have been seventy-six official releases of J! 3.x since J! 3.0.0. Spread over seven years, that's about seven to eight releases every year.

I don't know what is the mean number of websites that are owned by each J! user. One? Two? Ten? Who knows (and who cares) because that's just a number. Ultimately, though, the number of websites that one person can manage is something that each person needs to decide for themselves. I do know, however, that I cannot continually add new content, or "organise" the content that already exists, to more than a set number of websites because I just don't have enough hours in the day to perform those activities and still allow time to try to assist other people on the various places that I "inhabit". Of course, if I were managing a business employing other staff whose job it was to perform those tasks, then I could do more.

A few hours a year to update my websites (together with all the other tools that I use to manage them or just to browse the internet) is just part and parcel of keeping things square. So I do it.

Which brings me to an observation I'd like to make about this discussion: competence (or lack thereof, perhaps).

Incompetence is a very strong word. It's not a word I use often or use lightly. Incompetence covers a spectrum of meanings starting with "overlooking something" (e.g. forgetting to put a semi-colon at the end of a PHP command) to gross dereliction of duty. Incompetence is a word used by those at the top of the command chain to reflect on the non-achievement of mission objectives by the officers in the field; incompetence is a word used by the front-line troops to describe their superiors; "incompetence" is a word often used by historians to describe the reasons why missions fail—particularly when they fail with catastrophic losses. Even so, in the history I've studied, the mission objectives were clear and well-defined and the planning for those missions was not done recklessly notwithstanding the calculable losses that might be involved.

Thank you, @mbabker, for your insights. I always enjoy reading your thoughts.
Last edited by sozzled on Wed Dec 18, 2019 8:43 pm, edited 1 time in total.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

jgress-
Joomla! Ace
Joomla! Ace
Posts: 1078
Joined: Thu Sep 24, 2009 5:40 pm
Location: Austin, TX, USA

Re: Discuss Joomla! 3.9.14

Post by jgress- » Wed Dec 18, 2019 8:42 pm

50 or so sites updated just fine. Thanks everyone. Happy Holidays!
Co-author Using Joomla, Second Edition (migration/upgrade included) http://www.usingjoomlabook.com
Find a Joomla User Group (JUG) near you http://community.joomla.org/user-groups.html

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 6220
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Discuss Joomla! 3.9.14

Post by AMurray » Wed Dec 18, 2019 9:20 pm

Just did three sites, smoothly - using mysites.guru.
Regards,
--------------------------------------------------------------
A Murray
Help you I can, yes!. Post your question, you should. Keep it on topic you must!
Use the Forc....Forum Post Assistant my young Padawan!

BillyS
Joomla! Intern
Joomla! Intern
Posts: 68
Joined: Sat Nov 26, 2005 9:10 pm

Re: Discuss Joomla! 3.9.14

Post by BillyS » Thu Dec 19, 2019 12:03 am

mbabker wrote:
Tue Dec 17, 2019 7:28 pm
The procedure used to land the changes is completely FUBAR and leads me to question the release procedure, the security reporting procedure, and any quality control measures that might be in place.
Webdongle wrote:
Tue Dec 17, 2019 8:30 pm
That sounds like incompetence to me.
Webdongle wrote:
Tue Dec 17, 2019 8:30 pm
As some sort of marketing deal been made?
I've used Joomla starting from way back in the Mambo days. I am extremely grateful to the development team and read these Announcements religiously. What is the purpose of these posts in such a public forum? Is this a personal disagreement or is caution really needed? We don't own the secret decoder rings that let us in on the insider infighting, but if the objective is to make the community nervous then you've succeeded.

My next stop isn't downloading this update because I have lost nearly all my faith in this project. My next stop is to figure out how I can move away from this nonsense and see what it will take to convert my Joomla sites to WordPress.

Mission accomplished guys.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39234
Joined: Sat Apr 05, 2008 9:58 pm

Re: Discuss Joomla! 3.9.14

Post by Webdongle » Thu Dec 19, 2019 12:41 am

Firstly please post quotes in the correct order.

Secondly I am asking questions and commenting on how things appear to me. If they appear like that to me then chances are they appear like that to other people.

Here are a few other things that appear to me.

It is the sign of the times. Hackers are getting more sophisticated and organised (big crime create the hacks and distribute them free to 'script kiddies'). Developing software becomes more intensive and time consuming. And devs can only spend so much of their free time developing.

Add to that the attitude towards testers (many have disappeared) and so the devs are testing their work as well as developing. Then more to do but less time to do it.

The symbiotic association between the devs and talented amateurs has all but vanished.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
darb
Joomla! Ace
Joomla! Ace
Posts: 1684
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden
Contact:

Re: Discuss Joomla! 3.9.14

Post by darb » Thu Dec 19, 2019 9:44 am

BillyS wrote:
Thu Dec 19, 2019 12:03 am
mbabker wrote:
Tue Dec 17, 2019 7:28 pm
The procedure used to land the changes is completely FUBAR and leads me to question the release procedure, the security reporting procedure, and any quality control measures that might be in place.
Webdongle wrote:
Tue Dec 17, 2019 8:30 pm
That sounds like incompetence to me.
Webdongle wrote:
Tue Dec 17, 2019 8:30 pm
As some sort of marketing deal been made?
I've used Joomla starting from way back in the Mambo days. I am extremely grateful to the development team and read these Announcements religiously. What is the purpose of these posts in such a public forum? Is this a personal disagreement or is caution really needed? We don't own the secret decoder rings that let us in on the insider infighting, but if the objective is to make the community nervous then you've succeeded.

My next stop isn't downloading this update because I have lost nearly all my faith in this project. My next stop is to figure out how I can move away from this nonsense and see what it will take to convert my Joomla sites to WordPress.

Mission accomplished guys.
As I read understand this is just some personal disagreements and in Joomla world that is also open for anyone to discuss and have opinions about how to make things better for the Joomla future. Nothing to worry about though Joomla doesn’t censor even these discussions as opposite WP et al :)

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3909
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Discuss Joomla! 3.9.14

Post by abernyte » Thu Dec 19, 2019 11:04 am

I have updated my sites and, as I would have expected, it has gone smoothly with no issues.
The issue raised here by Martin is not with the content of the update per se but rather with the process by which that content arrives at the user.
I agree with Darb that discussion and disagreement is not new within open source or Joomla and that is perfectly healthy. However if someone of the calibre and commitment of mbabker raises a red flag then it behoves us lesser mortals to at least to take notice and not dismiss it out of hand as insider squabbles.
We accept and install the updates and software that the Project supplies mostly without question. That is a matter of trust. In this context we can define that as "The willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party."
Our expectations are high, perfect software - delivered regularly - free, and if those that contribute to meet those are stretched I am sure we would understand and accept the changes required to deal with that. But for that to happen it needs to be transparent. Either way this is not a great look.
What we obtain too cheap, we esteem too lightly…Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39234
Joined: Sat Apr 05, 2008 9:58 pm

Re: Discuss Joomla! 3.9.14

Post by Webdongle » Thu Dec 19, 2019 11:05 am

darb wrote:
Thu Dec 19, 2019 9:44 am
...
As I read understand this is just some personal disagreements ...
Sadly it is more than that.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20243
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Discuss Joomla! 3.9.14

Post by leolam » Fri Dec 20, 2019 4:09 pm

Webdongle wrote:
Thu Dec 19, 2019 11:05 am
Sadly it is more than that.
What's new.....Incompetence? Not likely...We have very good individuals in the CMS Release Team only not too many testers (they are being kicked out since they do not contribute to code is the opinion by some in this team) Dictating personal views (ego's) and ignoring agreed procedures due to a (false) impression "i cannot be touched" or "bossy thus arrogant" behavior more likely as I have experienced myself in my former life as a Member of the CMS Release Team

I agree with Michael...Code changes if not security cannot be branded as security issues. That is falsifying core values

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Webmaster Services: gws-webmaster.services

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39234
Joined: Sat Apr 05, 2008 9:58 pm

Re: Discuss Joomla! 3.9.14

Post by Webdongle » Fri Dec 20, 2019 5:47 pm

leolam wrote:
Fri Dec 20, 2019 4:09 pm
... .We have very good individuals in the CMS Release Team only not too many testers (they are being kicked out since they do not contribute to code is the opinion by some in this team) Dictating personal views (ego's) and ignoring agreed procedures due to a (false) impression "i cannot be touched" or "bossy thus arrogant" behavior more likely as I have experienced myself in my former life as a Member of the CMS Release Team
...
A lot of testers left of their own accord because of the arrogant attitude of some of the devs. and their "i cannot be touched" or "bossy thus arrogant" behavior.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9886
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Discuss Joomla! 3.9.14

Post by sozzled » Fri Dec 20, 2019 7:19 pm

Webdongle wrote:
Fri Dec 20, 2019 5:47 pm
A lot of testers left of their own accord because of the arrogant attitude of some of the devs. and their "i cannot be touched" or "bossy thus arrogant" behavior.
I agree with Leo: this has nothing to do with incompetence. Hubris, perhaps, but not incompetence.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

stevec4
Joomla! Intern
Joomla! Intern
Posts: 79
Joined: Mon Jul 29, 2013 11:46 am

Re: Discuss Joomla! 3.9.14

Post by stevec4 » Fri Dec 20, 2019 10:00 pm

Michael thank you for the info.
I never once worried about a release when you were the lead. But I completely understand your need for stepping aside.
I see the vitriol and personal attacks here in the forums and on GitHub and I wonder how this project has managed to stayed together.

Happy Holidays

User avatar
hehemrin
Joomla! Apprentice
Joomla! Apprentice
Posts: 35
Joined: Thu Jul 16, 2015 10:44 am
Location: Sweden
Contact:

Re: Discuss Joomla! 3.9.14

Post by hehemrin » Sat Dec 21, 2019 11:30 pm

Open talk in open source is good. As all involved, both engaged in development and maintenance of the CMS, and myself as managing J! websites, are around the globe, the forum is a good place.

I "always" read or contribute to this release topic when handling website release updates, it's a good place.
It is hard for me to understand the discussion about e.g. if some release changes classified as security fixes indeed are security fixes or not. And generally to make my own conclusion out of this thread.

Someone (or a team), have apparently classified two changes as security fixes. Is it possible for this someone or someone from that team to elaborate a bit on the classification, if it is clear security issues, or could be classified differently, etc, to give me some enlightenment?

Finally, I have been using Joomla for a couple of years as web site developer/manager. One reason I selected Joomla was that it appeared to be the most free independent open source project. And Joomla works very well for me.
Best regards
Henrik Hemrin
My personal web site: https://hemrin.com

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20243
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Discuss Joomla! 3.9.14

Post by leolam » Sun Dec 22, 2019 5:28 am

@Henrik.
Michael Babker pointed this out for you in viewtopic.php?p=3589883#p3589474. Michael is former Lead Developer of Joomla so knows where he talks about

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Webmaster Services: gws-webmaster.services


Post Reply

Return to “Announcements Discussions”