Joomla! 1.0.13 [ Sunglow ] is now available for download.
Joomla! 1.0.13 features:
* Several low-risk security fixes
* Improved password storage system
* Easier control over Register Globals Emulation
* An Itemid backwards compatibility setting
* Improved administrative session security
* Improved HTTP/HTTPS switchover support
Because Joomla! 1.0.13 is a security release, it is important that you upgrade but we strongly recommend that you take extra precautions when performing this upgrade. This release features several improvements to the password storage system designed to help protect the future security of your Joomla! powered website. These changes will cause compatibility issues with some 3rd Party Extensions, especially bridges. If your Joomla! site utilizes bridges to other applications or extensions that have their own login system such as Community Builder, Virtuemart, or others you should not upgrade your site until those extensions have also been updated.
The changes to the password storage system should be transparent to your Joomla! site's users. As users login for the first time after your site has been upgraded, their passwords will automatically be converted from the old password storage system to the new system. Because of this automatic conversion of passwords, it is important that you backup your entire database before performing this upgrade. Once the process of converting passwords has started, it cannot be reversed.
Release Information
1.0.13 is available as a full package, which contains all Joomla! files or as patch packages which contain only the files that have changed since previous Joomla! 1.0.x version.
* 1.0.13 Full Package
* 1.0.13 Patch Packages
* 1.0.13 Version Information
* 1.0.13 Changelog
Improved Password Storage System
Encryption and hashing technologies are constantly evolving as new processes become known and more time and energy is invested in breaking old systems. The unforunate result of this continuous evolution is that the md5 hashing system is showing its age and has become easier to break with the introduction and rapid development of high-quality rainbow tables. To combat this problem, Joomla! 1.0.13 now features salted hashes which will automatically pad a password string with 16 randomly generated characters to make the hash exponentially more difficult to reverse-engineer or guess. As users login to your Joomla! powered website, their passwords will be automatically converted from the old password storage system, to the new system. The transition should be completely transparent to both you and your users. However, there is no way to reverse this process so it is important that you take all precautions when performing this upgrade and make sure you have a complete database backup before beginning.
Easier Control over Register Globals Emulation
Joomla! has always featured the ability to emulate PHP's register globals setting. However, controlling this feature has always been one of the more difficult aspects of configuring your Joomla! installation because it required manually editing a core file. For Joomla! 1.0.13, all that is history. Joomla!'s register globals emulating controls have been moved into the Global Configuration settings to allow for fast and easy control over this feature. The advantages of this change are two-fold: 1) it will be easier to secure your Joomla! powered website and 2) disabling register globals emulation will help you identify some extensions that will not work in Joomla! 1.5.
Itemid Backwards Compatibility Setting
With the release of Joomla! 1.0.12 came a few changes to the behavior of Joomla! infamous Itemid system. Many people were dissatisfied with the changes and insisted on reverting their Joomla! powered websites back to the previous behavior. To address this problem, Joomla! 1.0.13 now features an Itemid compatibility setting that can be found in the Global Configuration manager. The setting allows you to choose between the Itemid behavior in Joomla! 1.0.12 and the Itemid behavior found in Joomla! 1.0.11 and prior.
Improved Administrative Session Security
To address a potential issue known as "session fixation" attacks, we have implemented some small changes into Joomla! 1.0.13 to improve the security of administrative sessions. Administrative sessions will now be destroyed and recreated with each request in order to prevent session fixation and session hijacking attacks.
SSL Switchover Support
Joomla! 1.0.13 has address a few lingering bugs in the HTTP/HTTPS switchover support reintroduced in Joomla! 1.0.12. SSL switchover support should now work fluidly with seemless transitions between encrypted and unecrypted pages.
New to Joomla! or starting a new site
Are you a new Joomla! user? Confused as to which of the many available packages to dowload?
The answer is simple. If you are creating a site for the first time, you will need the Full Package file:
The other packages are for those users who have already have an existing Joomla! site and wish to upgrade to the latest version.
Upgrade Instructions
Upgrading from any version of Joomla! 1.0.x to 1.0.13 simply involves overwriting your current sites files, with the files in the proper Patch Package that applies to your site.
So if you are running Joomla! 1.0.12, you will need the 1.0.12 to 1.0.13 Patch Package.
This can be done by either uncompressing the Patch Package and then using an FTP client to transfer these files to your server and overwriting existing file. If you find errors after the process, ensure that all files were properly transferred. There have been verified reports of some FTP clients not properly transferring files across to a server - without notifying the user of such a problem. One possible cause is that under certain circumstances the webserver locks the files it is using, and the ftp-server can't update those files. One possibility is to take the site shortly offline during the FTP transfer.
If your Web Provider gives you access to your site via some sort of Web Admin panel like CPanel or Plesk, you can use the syetems file manager to upload the Patch Package file to your server and then extracting the package file and overwriting all the files on your server.
More information can be found on the Forums and if at any stage you are unsure, then search the forums for posts on the subject. Most will be found in the Upgrading Forum.
Conversion Instructions
For those converting from Mambo 4.5.2.x or Mambo 4.5.3 please read these Migration instructions.
You will to need to download the Joomla 1.0.13 Full package.
Backing Up
Before undertaking an Upgrade or Conversion, it is extremely important that you backup your site's Database and if possible, also you site's files. While we try to ensure that an Upgrade or Conversion process is relatively straightforward, we cannot garuantee that this will always be the case for every user. So it is imperative that users take protective measures in case they face problems after the Upgrade or Conversion.
Packages
1.0.13 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.
Joomla! 1.0.13 comes as a Full Package:
- 1.0.13 Stable Full Package
and Patch Packages:
- 1.0.0 to 1.0.13 Patch
- 1.0.1 to 1.0.13 Patch
- 1.0.2 to 1.0.13 Patch
- 1.0.3 to 1.0.13 Patch
- 1.0.4 to 1.0.13 Patch
- 1.0.5 to 1.0.13 Patch
- 1.0.6 to 1.0.13 Patch
- 1.0.7 to 1.0.13 Patch
- 1.0.8 to 1.0.13 Patch
- 1.0.9 to 1.0.13 Patch
- 1.0.10 to 1.0.13 Patch
- 1.0.11 to 1.0.13 Patch
- 1.0.12 to 1.0.13 Patch
Package Formats
It also comes packaged in 3 different compression formats