-------------------- 1.5.9 Stable Release [9-January-2008] ------------------ Security One low-level and one high-level security issue were fixed in this release: * High Priority: Directory Traversal. A crafted request can allow an attacker to view directory trees on the server. Note: contents of files cannot be edited or deleted, just viewed. * Low Priority: SSL Session Token Disclosure. When running a site as SSL ONLY, if a non-SSL request is made, an attacker can obtain the session token. There is NO risk for Web sites that use both HTTP and HTTPS. For additional information, visit the Joomla Security Center. Components * Fixed Contact Page so that a blank page is not displayed when vCard is not enabled, but is selected in the Contact Parameters (10680) * Resolved problem with Category View Table where filter did not work when cache was enabled (10840) * vCard no longer displays excess spaces (11871) * Small change in components/com_banners/models/banner.php (12577) * Resolved invalid XHTML 1.0 Transitional issues introduced in 1.5.7 for the Contact form (12868) * Fixed problem that resulted in erroneous '404 - Contact not found' page for dropdown in Contact View (12989) * Fixed Contact Category URL problems (13045) * Fulltext Search for Uncategorized and Archived Articles is now working (13490) * onPrepareContent issue for non-com_content Components resulting in a warning message has been resolved (13505) * 'Change Contact Details' link now loads correct page (13542) * Contact image not displaying in front end (13643) * Front-end article submission no longer auto-populates, finish publishing date with same date as start publishing (13673) * Media Manager Javascript error: "Object doesn't support this property or method" that presented for IE has been fixed (13761) * Space between meta keywords no longer removed when saving Articles (13794) * com_installer Module View now correctly displays Author e-mail and URL (13942) * Robots and Author meta retained when copying Articles (13949) * Article Archive pagination fixed (14070) * Correction so that unregistered site visitors can no longer access PDF for registered Articles (14196) * Hits filter in Category List fixed (14390) * Resolved problem where "Register to read more" incorrectly redirected to Front Page, rather than Article (14392) * Poll error message resolved (14394) * Resolved problem where Category List failed to retain Column Sort preference when navigating to a different page (14398) * Resolved problem in Category List where changing Display # to All in page 2 of list would display no results (12932) * Category List now correctly shows filtering option in use (14402) * Corrected 404 error that resulted when menu access was set to Public and Contact Item is Registered (14412) Modules * New modules can now be added, even when there are no modules entries already defined (11874) * Inconsistency removed for Login/Logout Redirection page of mod_login (13611) * JMenu getMenu() doc error corrected (13617) * Archive Module Count Parameter and Tool Tip corrections (13694) * STRPOS error corrected when editing Alias Menu Item (13909) * Toolbar Image now points to an existing image (14171) Plugins * OpenID upgraded to 2.0 protocol, now works with Yahoo (12217) * plgSystemCache plugin now respect site and page language (12115) * Page string in plugins/content/pagebreak.php is now properly externalized (12730) * Legacy Plugin - Login Timeout resolved (13662) * Access level for Plugins fixed (14106) * Fixed OpenID Transition issues (14433) Legacy * No issues fixed for this release Templates * RTL feeds PARAM is now saved in database which corrects RTL feeds in Milkyway and Beez (11235) * CSS and XHTML valid error in JA_Purity resolved, as was invalid CSS validator link (12887) * JA_Purity default status for Modules defined for right position now collapse correctly, when unused (12925) * Fixed CSS errors in rhuk_milkyway/css/template_rtl.css (13517) * Missing H1 text-align in rhuk_milkyway/css/template_rtl.css fixed (13570) * Beez template override for com_search now displays error messages correctly (13584) * Corrected Last Updated date for Beez Template (13632) * Resolved inconsistencies for Beez Template Override Page Titles (13634) * Contact image changes for Beez override (13700) * Incorrect File Reference corrected for Beez Template (13859) * Short PHP Notation in Beez Windows hosting bug introduced in 12798 has been fixed (14313) * en-GB.com_statistics.ini are now correctly deleted (14391) * Removed unnecessary string in JA_Purity template (14414) * Removed unnecessary strings in rhuk_Milkyway template (14415) Language * Language INI files that were incorrectly encoded using UTF-8 with BOM have been fixed (13499) * Untranslated strings in en-GB.ini after SVN 11236 are fixed (13514) * Fixed untranslated strings in com_weblinks (13608) * Fixed untranslated strings in com_contact (13626) * Fixed untranslated Strings in admin/mod_feed (13666) * Spacer values are now translatable (14308) * Fixed issue with JA_Purity spacer so that it is now translatable (14360) * Resolved remaining English string hard-coded in mod_search (14374) * String missing in en-GB.com_installer.ini (14389) * Resolved untranslated language string for "Email a Friend" feature (14395) * Tooltip language string in com_config corrected (13633) Administrator * Added better tooltip text for the Help Server Reset button in Global Configuration System Settings (12023) * Toolbar & value fixed for Media Manager button (12841) * JInstallerHelper Class Function description has been corrected (13574) * Help screens made (13616) * Remove default filter for Super Admininistrator and fix filter whitelist problem (13770) * Corrected error where Editor deleted content for default filter; UTF-8 compatibility is now enforced with JInputFilter (13901) * Removed old dev.joomla.org links (14227) System * query_batch corrected for SQL error (12247) * uri.php changes made in 1.5.7 no longer break back-end URLs if $live_site=Http has an uppercase H (12812) * JFolder::delete bug fixed when folder contain symbolic links on folders (12939) * Typo in sample_data.sql resolved (13549) * License correction for PHPMailer in CREDITS.php (13811) * Fixed error that resulted from invoking JDatabase::Query() more than once (13860) * Cache space is now correctly released (14317) * String bug for strspn() resolved (14339) * Weird characters removed from LICENSES.php file (14408) * Removed outdated link in the installer language file (14410) * Fixed typo in Cache Manager (14434) * Updated Archive_Tar to relicensed BSD version (12746) Statistics Statistics for the 1.5.9 release period: * Joomla 1.5.9 contains: o 81 issues fixed in SVN o 55 commits * Tracker activity resulted in a net decrease of 1 active issue: o 169 new reports o 92 closed o 81 fixed in SVN * At the time the 1.5.9 release was packaged, the tracker had 113 active issues: o 63 open o 47 confirmed o 3 pending -------------------- 1.5.9 Stable Release [9-January-2008] ------------------ Legend: * -> Security Fix # -> Bug Fix $ -> Language fix or change + -> Addition ^ -> Change - -> Removed ! -> Note 09-Jan-2009 Ian MacLennan # [#14495] Issue 14398 fix doesn't work with SEF off 09-Jan-2009 Wilco Jansen ^ Updated the CREDITS.php file with new list of translators, and some contributers ^ Changed /installation/template/tmpl/finish.html updated link to community site ^ Updated language packs to 1.5.9 (thanks JM for the huge job of coordinating this) ^ Activated installation check ^ Implemented security fixes ! Thanks to all who provided the patches and worked hard on testing and documenting this release 06-Jan-2009 Ian MacLennan # [#14414] string is unnecessary # [#14433] Fix for openid transition issues # [#14434] Typo in Cache Manager 05-Jan-2009 Kevin Devine # [#14415] Rhuk Milkyway: Some strings unnecessary # [#14389] String missing in en-GB.com_installer.ini # [#10680] Blank page if vcard is not enabled in the contact parameters, but selected # [#13942] The 'modules' view in com_installer does not display author email and url # [#14070] Article archive pagination # [#14339] JString bug for strspn() # [#13949] robots & author metadata lost on copy # [#12812] 1.5.7. uri.php changes break backend urls if $live_site=Http (note uppercase H) # [#14394] Poll error message strange 05-Jan-2009 Sam Moffatt - Removed extraneous com_statistics language file 04-Jan-2009 Ian MacLennan # [#14408] Weird characters in LICENSES.php # [#14395] e-mail a friend shows language string not the translation # [#14374] One english remaining string in mod_search # [#11871] vCard displays excess spaces # [#14412] 404 if menu access is set to Public and Contact item to Registered # [#14402] In Category List, user cannot see what is being filtered # [#14391] en-GB.com_statistics.ini should be deleted # [#14410] Outdated link in the installer language file # [#14317] Cache space not freed # [#12577] Small change in components/com_banners/models/banner.php 03-Jan-2009 Ian MacLennan # [#14392] Register to read more should redirect to article, not front page. # [#14390] Hits Filter in Category List Uses Like Instead of Greater Than or Equal # [#14313] short php notation in beez as committed in 12798 creates problems on Windows hosting # [#14360] Spacers JAPurity Translatable # [#14171] No image # [#14106] Changing the access for plugins on the plugins list does not work in 1.5.8 # [#13811] Wrong license for PHPMailer in CREDITS.php # [#13517] CSS errors in rhuk_milkyway/css/template_rtl.css # [#12023] Aditional Help server is deleted when helper servers are reset # [#11874] New modules cannot be added when there are no modules in the table for a given client # [#10840] Cache:filter on view table category doesn't work if cache is enabled # [#14227] Fix for old dev.joomla.org links # [#14398] Category list loses column sort when you navigate to new page 01-Jan-2009 Wilco Jansen ! Revert CHANGELOG.php, COPYRIGHT.php, CREDITS.php, INSTALL.php, LICENSE.php, LICENSES.php to webroot 01-Jan-2009 Ian MacLennan # [#12217] Current OpenID used by joomla does not work with Yahoo - OpenID 2.0 protocol is required 30-Dec-2008 Ian MacLennan # [#12746] Replace PEAR with a GPL alternative - updated Archive_Tar to relicensed BSD version. 30-Dec-2008 Wilco Jansen - Removed CHANGELOG.php, COPYRIGHT.php, CREDITS.php, INSTALL.php, LICENSE.php, LICENSES.php from webroot ^ Moved informational php files from previous line to text versions in install/information ! See discussion at http://mail.google.com/mail/#inbox/11e86e6661059074 29-Dec-2008 Ian MacLennan # [#14308] Spacer Values Not Translatable # [#14196] Non registered users can print full pdf of registered article # [#13490] Fulltext search for Uncategorized and Archived articles # [#11235] RTL feeds PARAM not saved in db + rtl feeds not correctly displayed in Milkyway as well as in Beez/solution included 12-Dec-2008 Kevin Devine # [#12868] Contact form 1.5.7 not valid XHTML 1.0 Transitional (+solution) 05-Dec-2008 Kevin Devine # [#13909] strpos error on editing alias menu item # [#13901] Editor deletes content when default filter is applied: UTF-8 compatibility not enforced with JInputFilter. 26-Nov-2008 Ian MacLennan # [#13860] Calling JDatabase::Query() or anything invoking JDatabase::Query() more than once causes SQL error # [#12989] 404 - Contact not found - with dropdown in contact view 24-Nov-2008 Ian MacLennan # [#13859] Bad file reference in the "Beez" template # [#13694] Archive Module count Parameter doesnt work//needs tool tip correction 23-Nov-2008 Ian MacLennan # [#13794] Space between meta keywords gone after saving article # [#13634] Beez override differences in titles # [#13570] Missing h1 text-align in rhuk_milkyway/css/template_rtl.css # [#13499] • Cope with ini files wrongly encoded utf8 with bom - patch attached # [#13549] typo in sample_data.sql # [#13761] Media Manager Javascript error: Object doesn't support this property or method [IE only] # [#13700] Contact image changes for Beez override # [#13514] Untranslated Strings in en-GB.ini after SVN 11236 # [#12939] JFolder::delete bug when folder contain symbolic links on folders # [#12841] Toolbar & Button Mediamanager # [#12730] 'page'-string in plugins/content/pagebreak.php not properly externalized 21-Nov-2008 Ian MacLennan # [#13770] Remove default filter for super admin users, fix filter whitelist problem # [#13666] Untranslated Strings in admin/mod_feed # [#13662] Legacy Plugin - Login Timeout - Refresh # [#13633] Tooltip language string in com_config # [#13632] Wrong date Last Updated in Beez # [#13626] Untranslated strings in com_contact # [#13617] JMenu getMenu() doc error # [#13611] Inconsistency in login/logout redirection page of mod_login # [#13608] Untranslated Strings in com_weblinks # [#13584] Beez template override for com_search doesn't echo error message # [#13574] JInstallerHelper class function description mistakes # [#13542] 'Change Contact Details' link loads wrong page. # [#13505] onPrepareContent fix for non com_content Components # [#12925] ja_purity default status for the right modules collapsible function does not work # [#12887] CSS and XHTML valid error in template JA_Purity///link to css validator broken # [#12247] query_batch change a sql in a wrong way # [#12115] Cache: plgSystemCache plugin doesn't respect site/page language # [#13616] Changes at help screens 18-Nov-2008 Jui-Yu Tsai # [#13673] Front end article submission auto-populates "finish publishing" date with same date as "start publishing" 14-Nov-2008 Jui-Yu Tsai # [#13045] Contact category incorrect links 10-Nov-2008 Anthony Ferrara # Removed Install Check