Discuss Joomla! 3.9.3
- pe7er
- Joomla! Master
- Posts: 24974
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Discuss Joomla! 3.9.3
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
-
- Joomla! Apprentice
- Posts: 8
- Joined: Sat Jan 24, 2015 1:29 pm
Re: Discuss Joomla! 3.9.3
My site in 3.9.2 was working fine using php 7.2, after the update to 3.9.3 it did not work, but it does by switching php version back to 7.1. Is this a known issue?
- toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Discuss Joomla! 3.9.3
Create a separate topic in the forum 'Migrating and Upgrading to Joomla! 3.x' at viewforum.php?f=710 and include the results from the Forum Post Assistant (FPA) by following the instructions from viewtopic.php?f=806&t=969442.
If the back end works, change also the error reporting in Global Configuration to 'Maximum' and post the PHP error messages, warnings and notices.
If the back end works, change also the error reporting in Global Configuration to 'Maximum' and post the PHP error messages, warnings and notices.
Toivo Talikka, Global Moderator
- pmleconte
- Joomla! Guru
- Posts: 591
- Joined: Fri Mar 17, 2017 12:55 pm
- Location: France
Re: Discuss Joomla! 3.9.3
I did update from 3.9.2 to 3.9.3 on a dozen websites running php 7.2 without any noticeable problem.timcsalmon wrote: ↑Tue Feb 12, 2019 3:38 pmMy site in 3.9.2 was working fine using php 7.2, after the update to 3.9.3 it did not work, but it does by switching php version back to 7.1. Is this a known issue?
Enable debugging to give us more information about your problem : go to System/Global Config, System tab, set Debug System, then go to Server Tab and set Error Reporting to Maximum. This should tell you which extension/module/plugin did not like Joomla! 3.9.3.
Pascal
Last edited by pmleconte on Tue Feb 12, 2019 4:03 pm, edited 1 time in total.
If anything can go wrong, it will.
https://www.conseilgouz.com/en
https://www.conseilgouz.com/en
- toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Discuss Joomla! 3.9.3
Updated several sites, including launch.joomla.org/joomla.com sites to 3.9.3 and the updates worked perfectly. Thanks to all the teams involved!
Toivo Talikka, Global Moderator
- nailson_imgn
- Joomla! Guru
- Posts: 729
- Joined: Wed Apr 15, 2009 5:33 pm
- Location: Fortaleza, CE - Brasil
Re: Discuss Joomla! 3.9.3
I'm using PHP 7.2.12. The update went through without any noticeable impact.
Thank you and keep up the good work!
Thank you and keep up the good work!
.
Nailson Oliveira
Técnico de Tecnologia da Informação - Desenvolvedor Joomla!
-----------------------------------------------------------------------------------------
Nailson Oliveira
Técnico de Tecnologia da Informação - Desenvolvedor Joomla!
-----------------------------------------------------------------------------------------
- Per Yngve Berg
- Joomla! Master
- Posts: 30890
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: Discuss Joomla! 3.9.3
.htaccess & web.config security Update
Siden versjon 3.9.3
Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.
The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.
Changes for .htaccess
Add the following lines before "## Mod_rewrite in use.":
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
Changes for web.config
Add the following lines right after "</rewrite>":
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
How is this done on Nginx?
- pmleconte
- Joomla! Guru
- Posts: 591
- Joined: Fri Mar 17, 2017 12:55 pm
- Location: France
Re: Discuss Joomla! 3.9.3
if you check https://content-security-policy.com/, server config is described at the bottom of the page (Apache, NGinx, IIS).
To handle this, I prefer zero-24's plugin : httpheader (included in Joomla 4.0) :
https://github.com/zero-24/plg_system_h ... r/releases
Pascal
If anything can go wrong, it will.
https://www.conseilgouz.com/en
https://www.conseilgouz.com/en
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
Thanks, @Per, for highlighting the recommendations of the JSST concerning MIME type sniffing. I'm not sure if I have the answer to his question [as far as NGINX is concerned) but it prompted me to do some research: https://www.keycdn.com/support/x-content-type-options
** Disclaimer **
I haven't yet installed J! 3.9.3 on any of my websites and I haven't yet modified my .htaccess files in accordance with the latest security recommendations.
** End Disclaimer **
Let's also not forget that these changes to htaccess.txt will probably attract more attention for J! users constructing new websites starting with J! 3.9.3. While all members of the community should take note of the recommendation—to review all of their websites and, where they have .htaccess (or similar) webserver mechanisms in place—they should edit these files. These matters are particularly important for the huge section of the community who mistakenly believe that
a) J! 1.x is safe and never requires updating;
b) J! 2.5 is safe, never requires maintenance, and will go on to live forever;
c) any website that was built with J! 3.x before J! 3.9.3 is safe, nothing to worry about, will never be hacked, and doesn't need to be updated to J! 3.9.3;
d) any website, once built, will outlast the pyramids of Egypt, the European Union, the iPhone or climate change; or
e) updating to J! 3.9.3 will not require "post-upgrade" [manual] attention to apply the recommendations contained in the latest release.
So, again thank you, @Per, for highlighting this important matter (albeit "relatively" low risk for most people) and I will be taking these recommendations on board and changing the .htaccess files for all of my web sites. Cheers.
** Disclaimer **
I haven't yet installed J! 3.9.3 on any of my websites and I haven't yet modified my .htaccess files in accordance with the latest security recommendations.
** End Disclaimer **
Let's also not forget that these changes to htaccess.txt will probably attract more attention for J! users constructing new websites starting with J! 3.9.3. While all members of the community should take note of the recommendation—to review all of their websites and, where they have .htaccess (or similar) webserver mechanisms in place—they should edit these files. These matters are particularly important for the huge section of the community who mistakenly believe that
a) J! 1.x is safe and never requires updating;
b) J! 2.5 is safe, never requires maintenance, and will go on to live forever;
c) any website that was built with J! 3.x before J! 3.9.3 is safe, nothing to worry about, will never be hacked, and doesn't need to be updated to J! 3.9.3;
d) any website, once built, will outlast the pyramids of Egypt, the European Union, the iPhone or climate change; or
e) updating to J! 3.9.3 will not require "post-upgrade" [manual] attention to apply the recommendations contained in the latest release.
My websites usually attract about 30-50 content-sniffing "experiments" every day. Makes one wonder why there are "businesses" or individuals who spend their resources looking to see how my websites were built, what technology/techniques I've employed, and whether they can hack their way into 'em, doesn't it? Oh well, it's there time and money, I guess.The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.
So, again thank you, @Per, for highlighting this important matter (albeit "relatively" low risk for most people) and I will be taking these recommendations on board and changing the .htaccess files for all of my web sites. Cheers.
- ribo
- Joomla! Virtuoso
- Posts: 3507
- Joined: Sun Jan 03, 2010 8:47 pm
- Contact:
Re: Discuss Joomla! 3.9.3
Updated many joomla websites. No problem with update progress. Thank you joomla team
chat room spontes : http://www.spontes.com
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
Further observations w.r.t. @Per's earlier post
I've updated one test website to J! 3.9.3 and, so far, I haven't seen any issues resulting from updating. Will continue to test.
Make sure you use the right method depending on whether you're modifying .htaccess or web.config—you should modify one or the other—and don't just "copy and paste" everything from @Per's post.Per Yngve Berg wrote: ↑Tue Feb 12, 2019 6:30 pmChanges for .htaccess
Add the following lines before "## Mod_rewrite in use.":
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
Changes for web.config
Add the following lines right after "</rewrite>":
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
I've updated one test website to J! 3.9.3 and, so far, I haven't seen any issues resulting from updating. Will continue to test.
-
- Joomla! Apprentice
- Posts: 8
- Joined: Tue Nov 27, 2018 11:53 am
Re: Discuss Joomla! 3.9.3
upgrade to Joomla 3.9.3 and now when I force a user to change their password the page goes blank. I have another site this on 3.9.2 and their is no issue, anyone else have the same problem.
Thanks
Thanks
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Aug 20, 2018 1:48 pm
Just updated 3.9.3
Just updated and got this message
.htaccess & web.config security Update
Since version 3.9.3
Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.
The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.
Changes for .htaccess
Add the following lines before "## Mod_rewrite in use.":
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
Changes for web.config
Add the following lines right after "</rewrite>":
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
Presumably this could be quite a number of files, is there an easy way?
Thanks
Terry
.htaccess & web.config security Update
Since version 3.9.3
Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.
The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.
Changes for .htaccess
Add the following lines before "## Mod_rewrite in use.":
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
Changes for web.config
Add the following lines right after "</rewrite>":
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
Presumably this could be quite a number of files, is there an easy way?
Thanks
Terry
- pmleconte
- Joomla! Guru
- Posts: 591
- Joined: Fri Mar 17, 2017 12:55 pm
- Location: France
Re: Discuss Joomla! 3.9.3
Hi,
I don't understand why development team is pointing out "nosniff" as very important stuff, when all headers security is.
Last month, a french forumer had his whole website in a frame of another website (https://forum.joomla.fr/forum/joomla-3- ... onnais-pas) That's in french but we had to explain how headers are working. It was not a "sniffing" problem but a X-frame-Options header to set up.
As I said earlier, you may use a plugin (httpheaders that will be included in Joomla 4) to implement this and won't have to worry about htaccess, apach, nginx, iis.
Pascal
I don't understand why development team is pointing out "nosniff" as very important stuff, when all headers security is.
Last month, a french forumer had his whole website in a frame of another website (https://forum.joomla.fr/forum/joomla-3- ... onnais-pas) That's in french but we had to explain how headers are working. It was not a "sniffing" problem but a X-frame-Options header to set up.
As I said earlier, you may use a plugin (httpheaders that will be included in Joomla 4) to implement this and won't have to worry about htaccess, apach, nginx, iis.
Pascal
If anything can go wrong, it will.
https://www.conseilgouz.com/en
https://www.conseilgouz.com/en
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
I've updated all my J! 3.x websites—the ones that I intend to update, anyway—to J! 3.9.3 without any probems. Thanks to everyone involved for making and testing the changes.
Unless people want to go on living in some backwater of the internet, there's no justification for not updating to J! 3.9.3. I would even go further to say that anyone who has not updated, or does not plan to update, to J! 3.9.3 by now (or within the next few days) only has the excuse that they're too lazy to do any work or that they have some "academic interest" in outdated versions of J!.
I have not updated a couple of my old J! 3.x websites for "academic interest" reasons; not because I don't have the time to update them.
I agree with Pascal that it probably would be better for these security headers to be managed within the CMS, perhaps by way of a plugin for that purpose, rather than having to edit the .htaccess file (or tailoring the .htaccess/web.config accordingly depending on whether the server is Apache, Nginx, IIS, etc.). The solution largely depends on how many websites someone may be managing and how much time one is prepared to invest in these activities. There's a finite limit on how many websites someone can manage by themselves (even excluding the use of services like myJoomla.com, for example).
For those people who may argue that there's an excessive burden in maintaining 50 or more websites, they should probably ask themselves the question "why?". And, more to the point, the number of people who have 50 or more websites that they're maintaining is probably less than 0.01% of the entire community. In fact, the bulk of people who use this forum (excluding "forum junkies" like me) would probably only have one website. So it's not really a big deal, is it?
Cheers.
Unless people want to go on living in some backwater of the internet, there's no justification for not updating to J! 3.9.3. I would even go further to say that anyone who has not updated, or does not plan to update, to J! 3.9.3 by now (or within the next few days) only has the excuse that they're too lazy to do any work or that they have some "academic interest" in outdated versions of J!.
I have not updated a couple of my old J! 3.x websites for "academic interest" reasons; not because I don't have the time to update them.
I agree with Pascal that it probably would be better for these security headers to be managed within the CMS, perhaps by way of a plugin for that purpose, rather than having to edit the .htaccess file (or tailoring the .htaccess/web.config accordingly depending on whether the server is Apache, Nginx, IIS, etc.). The solution largely depends on how many websites someone may be managing and how much time one is prepared to invest in these activities. There's a finite limit on how many websites someone can manage by themselves (even excluding the use of services like myJoomla.com, for example).
For those people who may argue that there's an excessive burden in maintaining 50 or more websites, they should probably ask themselves the question "why?". And, more to the point, the number of people who have 50 or more websites that they're maintaining is probably less than 0.01% of the entire community. In fact, the bulk of people who use this forum (excluding "forum junkies" like me) would probably only have one website. So it's not really a big deal, is it?
Cheers.
- Per Yngve Berg
- Joomla! Master
- Posts: 30890
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: Discuss Joomla! 3.9.3
I found this article about security in niginx.
https://gist.github.com/plentz/6737338
It's put in nginx.conf
https://gist.github.com/plentz/6737338
Code: Select all
add_header X-Content-Type-Options nosniff;
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
(Not that I know anything about Nginx ... but ...) thanks, @Per.
- hehemrin
- Joomla! Intern
- Posts: 67
- Joined: Thu Jul 16, 2015 10:44 am
- Location: Sweden
- Contact:
Re: Discuss Joomla! 3.9.3
More regarding the After-installation messages in control panel:
It is recommended to update the "web.config" file. I do not have that one. But I have web.config.txt, which was updated automatically. Should I create "web.config"-file? Its purpose? I feel as I may have missed this since long time. Maybe someone who understands can point me to relevant info.
(I have since long time an .htaccess-file, so that message I understand.)
It is recommended to update the "web.config" file. I do not have that one. But I have web.config.txt, which was updated automatically. Should I create "web.config"-file? Its purpose? I feel as I may have missed this since long time. Maybe someone who understands can point me to relevant info.
(I have since long time an .htaccess-file, so that message I understand.)
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
@hehemrin: you don't need web.config if you use .htaccess. Search the Internet for what web.config is used with.
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Aug 20, 2018 1:48 pm
Re: Just updated 3.9.3
Now checked I have about 25 of each , so thats 50 in total. Surely there is an easy way?tezzerp wrote: ↑Wed Feb 13, 2019 10:37 amJust updated and got this message
.htaccess & web.config security Update
Since version 3.9.3
Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.
The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.
Changes for .htaccess
Add the following lines before "## Mod_rewrite in use.":
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
Changes for web.config
Add the following lines right after "</rewrite>":
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
Presumably this could be quite a number of files, is there an easy way?
Thanks
Terry
- Per Yngve Berg
- Joomla! Master
- Posts: 30890
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
@tezzerp : the recommended changes should take less than 30 seconds to make (if people want to make them) but, first of all, let's get a few facts sorted out:
1) not everyone uses a .htaccess or web.config file
2) .htaccess files are used on Apache webservers
3) web.config files are used on IIS servers
4) if you're running your website on an Apache webserver then you do not need a web.config file
5) if you're running your website on an IIS webserver then you do not need a .htaccess file
6) if you are running your website on a Nginx webserver then you cannot use .htaccess or web.config anyway
7) if you do not know what .htaccess, web.config or nginx.conf files are used for then you should learn
8) if you want to prevent potential cross-site-scripting vulnerabilities via X-Content-Type-Options then you should do something; if you don't want to prevent XSS vulnerabilities via X-Content-Type-Options security headers the you should do nothing
9) if all of this sounds too difficult then you should probably spend a few dollars and get someone to do a security audit on your website
10) if you don't want to spend a few dollars to employ someone to do the work for you then that's OK but that doesn't mean you have to complain that you have 50 websites and it's taking you more than one hour to do the job
11) if you don't agree with any of points 1-11 above that's OK, too. I respect your choice to disagree
12) the above list is not a complete list of all the facts; there may be others
13) the above list may not be factual; it may contain the personal opinions of the author
14) making these changes requires the following tools (a) a text editor, (b) file-transfer software, (c) a good eye and a steady hand, and (d) some intelligence to co-ordinate all of (a), (b) and (c)
15) not everyone can read English
16) no-one pays any attention to the things I write on the forum, anyway
And, lastly ... some things are easy for some people and they're not easy for others.
1) not everyone uses a .htaccess or web.config file
2) .htaccess files are used on Apache webservers
3) web.config files are used on IIS servers
4) if you're running your website on an Apache webserver then you do not need a web.config file
5) if you're running your website on an IIS webserver then you do not need a .htaccess file
6) if you are running your website on a Nginx webserver then you cannot use .htaccess or web.config anyway
7) if you do not know what .htaccess, web.config or nginx.conf files are used for then you should learn
8) if you want to prevent potential cross-site-scripting vulnerabilities via X-Content-Type-Options then you should do something; if you don't want to prevent XSS vulnerabilities via X-Content-Type-Options security headers the you should do nothing
9) if all of this sounds too difficult then you should probably spend a few dollars and get someone to do a security audit on your website
10) if you don't want to spend a few dollars to employ someone to do the work for you then that's OK but that doesn't mean you have to complain that you have 50 websites and it's taking you more than one hour to do the job
11) if you don't agree with any of points 1-11 above that's OK, too. I respect your choice to disagree
12) the above list is not a complete list of all the facts; there may be others
13) the above list may not be factual; it may contain the personal opinions of the author
14) making these changes requires the following tools (a) a text editor, (b) file-transfer software, (c) a good eye and a steady hand, and (d) some intelligence to co-ordinate all of (a), (b) and (c)
15) not everyone can read English
16) no-one pays any attention to the things I write on the forum, anyway
And, lastly ... some things are easy for some people and they're not easy for others.
-
- Joomla! Apprentice
- Posts: 29
- Joined: Mon Feb 20, 2006 10:19 pm
Re: Discuss Joomla! 3.9.3
I just tried (twice) to upgrade from J 3.9.2 to 3.9.3 using Joomla update and it hangs showing
Updating your Joomla files. Please wait ...
Percent complete
Bytes read
Bytes extracted
Files extracted
- never goes anywhere?
Updating your Joomla files. Please wait ...
Percent complete
Bytes read
Bytes extracted
Files extracted
- never goes anywhere?
- hehemrin
- Joomla! Intern
- Posts: 67
- Joined: Thu Jul 16, 2015 10:44 am
- Location: Sweden
- Contact:
Re: Discuss Joomla! 3.9.3
Thanks sozzled and Per Yngve Berg, now it's clear to me I don't need to bother about web.config. When I search on internet, it is relatively easy to find info about .htaccess (incl from my web hotel), but more difficult to find info about web.config, or their differences. Good we have a Joomla Forum!
When it comes to update the file; for me it was very easy: I logon to the Web hotel Control Panel (CP), (ie not Joomla CP), open CP File Manager and open the .htaccess in CP Text editor, edit, Save and Done. The instruction in the Joomla After-Installation message is very precise and accurate how the file is edited.
When it comes to update the file; for me it was very easy: I logon to the Web hotel Control Panel (CP), (ie not Joomla CP), open CP File Manager and open the .htaccess in CP Text editor, edit, Save and Done. The instruction in the Joomla After-Installation message is very precise and accurate how the file is edited.
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
This may happen to one or two people and it's happened before (with one or two people) with other Joomla updates. There are usually specific issues involved.trevbennett wrote: ↑Sun Feb 17, 2019 5:11 pmI just tried (twice) to upgrade from J 3.9.2 to 3.9.3 using Joomla update and it hangs ...
This is not a "problem solving" thread for specific problems with individual users. We have other places where people can seek help with their unique problems.
We cannot resolve your problem in this discussion topic. I suggest that you start a new discussion topic with the subject "Updating to J! 3.9.3 hangs", repeat what you wrote here (in this topic) and use the Forum Post Assistant tool to give us information about your particular environment. Thanks.
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Aug 20, 2018 1:48 pm
Re: Discuss Joomla! 3.9.3
OK I did a search in Cpanel File Manager and each (!) came up with 25 locations.sozzled wrote: ↑Sun Feb 17, 2019 10:03 am@tezzerp : the recommended changes should take less than 30 seconds to make (if people want to make them) but, first of all, let's get a few facts sorted out:
1) not everyone uses a .htaccess or web.config file
2) .htaccess files are used on Apache webservers
3) web.config files are used on IIS servers
4) if you're running your website on an Apache webserver then you do not need a web.config file
5) if you're running your website on an IIS webserver then you do not need a .htaccess file
6) if you are running your website on a Nginx webserver then you cannot use .htaccess or web.config anyway
7) if you do not know what .htaccess, web.config or nginx.conf files are used for then you should learn
if you want to prevent potential cross-site-scripting vulnerabilities via X-Content-Type-Options then you should do something; if you don't want to prevent XSS vulnerabilities via X-Content-Type-Options security headers the you should do nothing
9) if all of this sounds too difficult then you should probably spend a few dollars and get someone to do a security audit on your website
10) if you don't want to spend a few dollars to employ someone to do the work for you then that's OK but that doesn't mean you have to complain that you have 50 websites and it's taking you more than one hour to do the job
11) if you don't agree with any of points 1-11 above that's OK, too. I respect your choice to disagree
12) the above list is not a complete list of all the facts; there may be others
13) the above list may not be factual; it may contain the personal opinions of the author
14) making these changes requires the following tools (a) a text editor, (b) file-transfer software, (c) a good eye and a steady hand, and (d) some intelligence to co-ordinate all of (a), (b) and (c)
15) not everyone can read English
16) no-one pays any attention to the things I write on the forum, anyway
And, lastly ... some things are easy for some people and they're not easy for others.
Can someone please confirm exactly where these files that have to be altered are located in a typical Joomla installation on an Apache Webserver.
Thanks
Terry
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
@tezzerp: perhaps you should start a new discussion topic?
If you are using an Apache webserver then, for each website that you are hosting on that server, you may want to make one change for each website. The question is, how many websites are you hosting on your web server? Then we may be able to answer the question. It would be better, however, to create a new discussion topic about your problems.
It's a pretty simple question, isn't it: "How many websites does someone manage on a web server?" It shouldn't really take a day to answer the question. If the person doesn't know how many websites they're managing on a web server then I don't know how we can help someone like that.
If you are using an Apache webserver then, for each website that you are hosting on that server, you may want to make one change for each website. The question is, how many websites are you hosting on your web server? Then we may be able to answer the question. It would be better, however, to create a new discussion topic about your problems.
It's a pretty simple question, isn't it: "How many websites does someone manage on a web server?" It shouldn't really take a day to answer the question. If the person doesn't know how many websites they're managing on a web server then I don't know how we can help someone like that.
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Aug 20, 2018 1:48 pm
Re: Discuss Joomla! 3.9.3
I did and it got moved to this one.sozzled wrote: ↑Sun Feb 17, 2019 7:47 pm@tezzerp: perhaps you should start a new discussion topic?
If you are using an Apache webserver then, for each website that you are hosting on that server, you may want to make one change for each website. The question is, how many websites are you hosting on your web server? Then we may be able to answer the question. It would be better, however, to create a new discussion topic about your problems.
It's a pretty simple question, isn't it: "How many websites does someone manage on a web server?" It shouldn't really take a day to answer the question. If the person doesn't know how many websites they're managing on a web server then I don't know how we can help someone like that.
I have one site only. I searched on Cpanel in my one site and it was shown to be in 25 locations within the Joomla installation. Which one do I change or do I have to do all of them?
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Discuss Joomla! 3.9.3
@tezzerp: if you have one website (on an Apache webserver) then you need to modify one file. The file is called .htaccess. The .htaccess file resides in the folder where you have the configuration.php file.
If you do not have a .htaccess then you do not need to worry about anything.
I don't understand the "25 locations within the Joomla installation". Please explain what these 25 locations are (or give examples of, say, five of them).
I'm surprised that your problem was moved into this discussion topic. This is a general discussion about the release of J! 3.9.3. Specific problems (affecting one or two people) should be discussed in separate forum topics.
I do not have the problem of "25 locations" within the one J! website, sorry.
If you do not have a .htaccess then you do not need to worry about anything.
I don't understand the "25 locations within the Joomla installation". Please explain what these 25 locations are (or give examples of, say, five of them).
I'm surprised that your problem was moved into this discussion topic. This is a general discussion about the release of J! 3.9.3. Specific problems (affecting one or two people) should be discussed in separate forum topics.
I do not have the problem of "25 locations" within the one J! website, sorry.
-
- Joomla! Enthusiast
- Posts: 130
- Joined: Mon Aug 20, 2018 1:48 pm
Re: Discuss Joomla! 3.9.3
Thank you for bearing with me. Yes I had only one txt file but many .htaccess files
I have now edited the txt file as required
Sorry to be a numpty
Terry
I have now edited the txt file as required
Sorry to be a numpty
Terry