Newscoop 4.0.3 addresses security issue and improves media archive stability
  • Vote Up0Vote Down Kristin TretheweyKristin Trethewey
    Posts: 15Member
    Hi everyone,

    Newscoop 4.0.3 is here and ready to be installed. Included in this release is a vital security fix so upgrade is strongly advised.

    There are Debian, Ubuntu and Red Hat Enterprise packages, which allow for an automated install and you can find out more about these on the download page and in the manual.

    Please see below for a changelog. Let us know how you get on. Huge thanks to everyone who submitted bugs, tested beta releases and gave feedback.

    Kristin and the team

    --

    Headlines

    Vital security patch fixing vulnerability on password recovery.
    Improved storage schema for images means more stability for large media archives with lots of pictures

    Article Behaviour

    Fixed issue preventing creation of section when translating article
    Fixed problem with article type field not being considered empty due to 'is content' stats
    File size upload limit can now be set in System Preferences

    Topics

    Empty topic no longer created on adding a new topic with a used name
    Correct link now used after renaming a topic to a used name

    Themes and Templates

    New template syntax (role="child") allows you to list related articles in a different way
    Length argument is no longer ignored in list_related_articles

    Speed, Performance and Caching

    Caching improved by ensuring get_img returns correct headers for expiration
    All jQuery resources load on https setups
    Added a ‘Remind me Never’ button to feedback screen
    Plugin classes must register to auto-loading classes map
    Plupload examples allows to upload files w/o any authentication

    Dependencies and Upgrades

    User schema no longer contains null columns after upgrade from 3.5
    liveuser table UName can no longer be null after upgrade from 3.5 (this made it impossible to register)
    Use of composer to handle dependencies.
    Remove Doctrine from library directory as it is now handled via composer.
    Added strict error reporting in MAMP
    Proxy generation now works for entities out of library/Newscoop/Entity
    Post edited by Adam Thomas at 2012-12-14 02:21:35
  • 5 Comments sorted by
  • Vote Up0Vote Down Wahid AtifWahid Atif
    Posts: 13Member
    I'd like to know how can I auto-upgrade from 4.0.2 into 4.0.3. I installed 4.0.2 manually on a Debian System running with Nginx and php-fpm.

    Reading this within the upgrade instructions in the manual http://en.flossmanuals.net/newscoop-4-journalists-en-4-0/backup-and-upgrade/,:

    [...]
    Then you should run the upgrade.php script in your web browser, for example:
    http://www.example.com/upgrade.php
    [...]


    Does it mean: Change the php file permission and just "uncontrollably" run it (°_°) ?

    Regards
    Wahid

  • Vote Up0Vote Down Holman RomeroHolman Romero
    Posts: 261Member
    Hi Wahid !

    Yes, like that. If you have ssh access on the server we recommend to run the script using the command line. Especially in this version there is a db update that may take long depending on the number of articles you have.

    Let us know if it works Ok for you. Thanks.


    All Best,

  • Vote Up0Vote Down Wahid AtifWahid Atif
    Posts: 13Member
    Hi Holman,

    thank you for the feedback.

    I just tried it by executing:
    # php upgrade.php

    But it seems nothing to happen, php5-cli is installed and all what I could see in the php_errors.log is:

    [16-Dec-2012 00:14:51 Europe/Berlin] PHP Warning:  Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in Unknown on line 0

    I did already set the php script file as "executable" (chmod +x upgrade.php). Did I miss something ?

    For your info:

    • Debian Squeeze 6.0.6
    • # php -v
      PHP 5.3.19-1~dotdeb.0 with Suhosin-Patch (cli) (built: Nov 24 2012 07:05:58)
      Copyright (c) 1997-2012 The PHP Group
      Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies

    Any idea?

    Regards
    Wahid

  • Vote Up0Vote Down Wahid AtifWahid Atif
    Posts: 13Member
    Just found why the "upgrade.php" script could not be executed. 

    There's one other php script, that get checked at the beginning of "upgrade.php", if it doesn't not exist, nothing will be done. See this section in "upgrade.php":

    $upgrade_trigger_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'conf' . DIRECTORY_SEPARATOR . 'upgrading.php';
    if (!file_exists($upgrade_trigger_path)) {
        header('Location: index.php');
        exit(0);
    }

    I just copied the "upgrading.php" from the source code within the git repository into the "<newscoop_install>/conf" directory and now it's running (seems that the db-update will take longer as you mention above!).

    So why isn't the "upgrading.php" within the official release archive file?


    Regards
    Wahid




  • Vote Up0Vote Down Wahid AtifWahid Atif
    Posts: 13Member
    No way!! The "automatic" upgrade process seems to crash. After executing the "upgrade.php" script, all what I could see was:

    # php upgrade.php
    Upgrading the database from version 4.0.x, roll 2012-06-29...no crontab for root

    After a long time seems keep going endless, maybe as described here on this old issue http://dev.sourcefabric.org/browse/CS-3194

    I will still have to re-install everything manually. For my case it was not so risky, but I think such an auto-upgrade process is not really mature for ready productive sites and it's in need of improvements.


    Regards
    Wahid



    Post edited by Wahid Atif at 2012-12-16 17:23:00
Add a Comment