WebsiteBaker Community Forum
General Community => Global WebsiteBaker 2.8.x discussion => Topic started by: pcwacht on December 29, 2010, 03:12:36 PM
-
As from this post : https://forum.WebsiteBaker.org/index.php/topic,20347.0.html
there is a wb 2.8.2. RC 5 and they want you to test it to make it better ;)
John
-
WebsiteBaker RC5 is available.
http://www.websitebaker2.org/modules/download_gallery/dlc.php?file=114&id=1295237979
You can see the (now quite log) changelog here: http://project.websitebaker2.org/projects/WebsiteBaker/repository/entry/branches/2.8.x/CHANGELOG
The detailed changes you can follow in the repository: http://project.websitebaker2.org/projects/WebsiteBaker/repository/changes/branches/2.8.x
There were done many security fixes in 2.8.2 until now, specially sorting out CSRF.
2.8.2 will be running only on PHP 5.2.2 and higher systems.
Also FCKEditor was updated to 2.6.6.
Please let the community and developer know, what you're thinking and testing with WB 2.8.2 RC5!
-
After so many error fixing I wonder if it's safe to use all older versions of WB :? If so what measures have to be taken eventually?
Hans
-
Well, WebsiteBaker 2.8.2 is much safer as 2.8.1, but in most cases only for logged in users.
2.8.2 is not different from 2.8.1 for modules and templates, niehter the database is different.
So you should use 2.8.2 when it's stable.
-
OK thank you for your prompt answer, testör
Hans
-
Well, WebsiteBaker 2.8.2 is much safer as 2.8.1, but in most cases only for logged in users.
2.8.2 is not different from 2.8.1 for modules and templates, niehter the database is different.
So you should use 2.8.2 when it's stable.
Sorry, but this is not true!
Any anonymous user can do harm to WB 2.8.1 if you are using Form or News modules!
The current version 2.8.2 RC5 does not have this critical security bugs (though it is not the final version 2.8.2, yet)
-
Any anonymous user can do harm to WB 2.8.1 if you are using Form or News modules!
Is that also true for all versions before 2.8.1? No other modules affected?
Hans
-
Any anonymous user can do harm to WB 2.8.1 if you are using Form or News modules!
Is that also true for all versions before 2.8.1? No other modules affected?
Hans
It only means that no other modules have been tested yet.
We don't have the manpower to test and fix all of the available modules. It is in the responsibility of the module authors to secure their modules accordingly.
-
We don't have the manpower to test and fix all of the available modules. It is in the responsibility of the module authors to secure their modules accordingly.
Thats completely understandable.. let's hope 2.8.2 core will be safe and sound. I will test the RC5 this week.
Thanks all.
Hans
-
Hi,
I would like to know=> There will be no releases after 2.8.2 stable, like 2.8.x , and next release is going to be differently recoded 2.9, right ?
cheers
i.
-
I'd say: never say never :-D
But current plans are like you said. WB 2.9 will be more object oriented
-
After so many error fixing I wonder if it's safe to use all older versions of WB :?
Don t worry, the devs mostly fixed their own made bugs. :-D
For example this one (worked in <= WB 2.8.1, but NOT in WB 2.8.2):
When you add a page, WB now checks, if the PAGES_DIRECTORY is writeable.
If you dont use a pages-directory, but for example in a multilingual site you use en/ and de/ - you cannot add a page, if the root is not writeable (which is mostly not). Seems like RC6 is coming soon.
-
For example this one (worked in <= WB 2.8.1, but NOT in WB 2.8.2):
When you add a page, WB now checks, if the PAGES_DIRECTORY is writeable.
I've checked just the old versions and i found that behavior back till WB2.7 (sorry 2.6 also).
If you dont use a pages-directory, but for example in a multilingual site you use en/ and de/ - you cannot add a page, if the root is not writeable (which is mostly not). Seems like RC6 is coming soon.
deny PHP write access to DocumentRoot is not normal. Each good server can deal with it. Too paranoid configured servers only makes problems.
-
I would like to edit the Argos backend theme, as it again has several alignment errors I already have mentioned and corrected a long time ago, but they somehow have gotten back in the latest versions after some people changedthe admin theme core code. Anyway, I would like to correct it now, before the final 2.8.2 will be available. What is the official way to do so?
Also the default backend theme has those errors by the way.
I also wonder why the jquery tabbed backend I created (and was never adopted nor improved by the dev team) is still not implemented in this version?
-
Hello Jurgen,
it will be a really good idea to 'repair' your BE-theme for 2.8.2.
The biggest changes will result in the implementation of FTAN & IDKEY. We tried to reduce the changes in the 2.8.2 backend to a minimum (but it's still enough, i know). I don't know if FrankH already finished the implementation yet.
IDKEY in most cases is handled by the php-code only and not visible in the templates.
FTAN mostly needs a additional {FTAN} placeholder only.
All others it will be the best to compare with corresponding templates in 'wb_theme' i guess.
If there are any questions more, don't hesitate to contact Dietmar, he is more into the 2.8. themes then me.
Werner
-
I don't know if FrankH already finished the implementation yet.
Not finished, yet. Probably need until end of January.
But Jurgen, all what is required for the htt files is a line{FTAN}in each form. So you could add this line yourself, it will not hurt when the code using it will be added later.