-
e107 is moving to Jira for issue tracking
That's right, we are finally going to get rid of our custom coded bugtracking system and move to something more mainstream.
After much reading and testing, we've decided upon JIRA http://www.atlassian.com/software/jira/.
It came down to either bugzilla and Jira, we chose Jira because it seemed more focused on planning and not just bugs, it also has some additional features that we were looking for that just weren't available in bugzilla (at least not that we could find).
The new system is up and running here http://e107inc.org:8080, we will be updating e107.org soon with the new links.
Using Jira will require a new log in, separate from e107.org. You can still view everything without logging in, but in order to open a bug or post a comment you will need to register for an account.
We are discussing which bugs from the current bugtracker to move over to Jira, it may end up being only the currently open bugs and we may even restrict it to less than that. None of the comments will be able to be moved, only the bug report itself.
We are also discussing moving the 'ideas' over to Jira as 'Enhancement requests'. This will give us one-stop shopping for bugs and requests and just makes sense. Again, we'll have to make some decision on which ones to move over.
For those on the support team, Jira does allow for private comments so we will have to get you all added to a different user-class within Jira. So once you get an account over there, let one of us know and we'll hook you up.
Some of you have been asking about some sort of private bugtracking system for the progress on 0.8, as well as just having a way to track what we are working on. Jira will allow for both of these to happen. The devs are going to make an effort to create issues for all items we are or will be working on, Jira will also auto-link the commits relating to each issue, as long as we remark the commits correctly.
Did I say bugtracking for 0.8? Yes I did! We will be looking for a few willing, experienced e107'ers to start posting bugs for 0.8. Please contact a dev if you'd like to do this, please ensure you have an account on Jira already.
NOTE: Please expect some issues/changes/stumbling with Jira, we are all still learning the software.
-
0.7.19 released
This is a non-urgent upgrade. We've produced this release for a few reasons:
1) As part of the move to subversion, we changed the headers of most files to contain the new svn related keywords. Unfortunately this means that all users must replace their current files with the new ones, otherwise the file inspector won't like it. You will notice the upgrade packages are much larger for this upgrade.
2) I have a script that I wrote that creates the builds from cvs. I was able to set a few values in a configuration file, kick of the script, and have nice release files a minute or so later. Well, obviously the cvs related commands are no longer valid. I've recoded most of the script and it now uses svn commands. It can now also handle 0.7 and 0.8 builds (previous version could not). It was used to create this build, so it needs live testing 
3) We needed to get everyone upgraded successfully to .19 with the new build system, just in case we needed to get a security release out quickly (nothing known about currently). Allowing everyone to carefully upgrade now as they find time is much easier than trying to do it quickly later.
Please carefully perform your upgrades and let us know of any problems you find.
As always, you can find the link to downloads here: http://e107.org/edownload.php
UPDATE: I have been working on the changelog to give better information on what has changed between revisions. You can now see all of the changes that occured on 0.7.19 here.
I also added a new 'ignore' parameter to the url, so we can filter out huge commits (like the one that added the svn keywords and affected every file). So you can now see a list of the 'real' files that were changed in 0.7.19, but going here: http://e107.org/svn_changelog.php?version=0.7.19&ignore=11346
-
e107 moves to subversion
Due to some limitations with CVS, e107 is finally moving away from it in favor of subversion (SVN). We realize that there are other newer version control systems out that that are all the rage today (like git), but we feel for our needs SVN will do just fine.
I have made the current cvs repository read-only, so no more commits will occur there. Over the next few days we will be working to update the cvs related information on e107.org to point to the new svn information.
We hope this doesn't cause any issues, but please let us know if you find any. Also, any tips anyone has for dealing with svn will be appreciated.
The changelog has been broken since our host moved us to a new server a few days ago. It is currently being rewritten to work with svn, so expect it to be down for a bit.
-
New version - 0.7.18
Yes, here's yet another release.
We have tightened up some of the security relates stuff from the last release and fixed some bugs that crept into it.
Most notably an issue with not being able to save extended user field data.
I also change a few things in the file inspector to make that a bit more useful, thanks to Lawbringer for that.
Here for changes: http://e107.org/e107_plugins/bugtrack/changelog.php?0718
Here for your files: http://e107.org/edownload.php
Note: For anyone who was really quick off the mark, there was a hitch with generating the first set of release files. If you downloaded later than 2235 UTC on 4th February, the files should be good - you can check by opening file e107_admin/ver.php in a text editor, and it should mention 0.7.18 (in some of the releases, the file wasn't there at all).
-
eCheck Security Scanner
We all already know what happened to e107.org just because we patched it few ours after the official release of 0.7.17. I'm trying to stay positive - we learned an important lesson, I hope e107 community did the same - a good example of what could happen if you don't apply critical security patch quick enough.
I also spotted first symptoms of panic. They were additionally fed by all kind of security organizations and blog posts, made before we were able to make any kind of statement, because we were busy to fix all current problems and investigate for any additional security vulnerabilities of e107 core (I'm glad the problem came from issue we were already fixed) I'm not angry about this - I know this is the only way of more traffic and popularity (let's call it marketing).
In other hand, I understand the worries of the people using e107 - especially those with less Development/Administration knowledge.
That's why I wrote a small tool and called it (don't ask me why) eCheck Security. I'm not gonna explain what it does here, because I did it already in my eCheck Security PHP tool - find malware on your site Blog post.
I hope this tool will make lot of people feel much more peaceful - at least this was my intention while I wrote it
Cheers
-
e107.org compromised
OK, here's what I know happened and what's been done:
* e107.org was hacked using the exact exploit we patched in .17, it looks like we waited too long to fix e107.org. I have spent the past day attempting to clean everything up and am relatively confident I've cleaned it up, but you never know. If hacks persist, we'll have to resort to more drastic measures.
* Yes, there was a zip file that was backdoored. This file was NOT the officially released zip file and the source code was not compromised. While the hackers had access to our server, they uploaded their own version of the full zip file and re-pointed the download link to this corrupt file. It was only the full install .zip file. If you upgraded your version of e107 using files from the full install .zip file, please download the one that is available from sourceforge and re-upgrade.
* The current version (0.7.17) is safe (as far as I know) from further attacks in this same manner, there will be a .18 release someday, but there are no immediate plans for it's release.
* Yes .17 has a new favicon, this was a mistaken commit by one of the devs and the current .17 package files have this file restored.
* When downloading e107 release files, please ensure they are coming from sourceforge, we only release files from there. We have, in the past, provided specific patch files from e107.org locally, but this will stop. If you get a file from somewhere other than sourceforge, don't trust it.
If anyone sees anything odd with their sites or with e107.org, or just has specific question, please do not hesitate to contact me personally. Please be patient, I will attempt to answer anything I receive.
-
**SECURITY UPDATE** 0.7.17
We were recently informed of a very nasty exploit that, as far as we can see, affects almost all e107 0.7 releases. Everyone running e107 needs to get their sites updated as soon as possible. If you are a site owner and you are unable to upgrade for some reason (too much hacked core code), please contact me directly and I can help you with a quick-fix.
Please get the word out to all other e107ers. If you find an e107 site out there, post on their site somewhere about this upgrade.
We have also included an automatic update check in this release. It was in previous ones, but was based of sourceforge's rss feed, which they apparently don't want to fix. The new code will now check a file on e107.org, which will always contain the most recent e107 release information. If there is an update available, you should see a notice on your main admin screen. Depending on your admin theme, it may also appear in the left column of all admin pages.
As always, please ensure you perform a full db and site backup before performing the upgrade. Please inform us if you have any problems with this new release.
For a list of the fixes, you can see them here: http://e107.org/e107_plugins/bugtrack/changelog.php?0717
Link to updates: http://e107.org/edownload.php
-
Another PHP5.3 bug!
The authors of the sql interface section of PHP5.3 haven't been having a good time! There's a second database-related bug, which affects the admin user list and the admin download list (and some upgrade bits). Likely symptoms include Apache crashing, or blank pages if you try to view these functions.
If you're running PHP 5.3.0, download , and overwrite the corresponding files in your 0.7.16 installation. (Don't envisage any need to use the latest updates from CVS, but if you have problems, please report them)
This download also includes the installer, which needed update to work round a different bug.
-
eAdvent
The blog site at http://blogs.e107.org/news.php has been quite dead recently as we concentrate on development of v0.8 or, worse, real life interferes.
In a small attempt to address this issue we're going to try out eAdvent. Not a new plugin or core code, just a post a day starting from tomorrow. Don't expect long in depth blogs, but hopefully will give you some interesting snippets of information about v0.8.
|
