Newscoop 3.5.1 released.
-
Hi all,
Newscoop 3.5.1 was released as a security update to 3.5 today. It fixes an XSS vulnerability in the admin login page plus front end vulnerablities to Cross-Site Scripting attacks (plus some other small improvements and bugfixes). Upgrading is recommended.
Newscoop 3.5.1 download and install
Full changelog
If you've any questions, feel free to post here!
Best, Adam -
33 Comments sorted by
-
Hi:
Any changes to the templates? Changelog says that forms in frontend are vulnerable, but what do we need to modify in templates? or we need to upload all template files?
Thanks!
-
There's no need to change the templates, the bug was fixed in the template
engine.
Mugur Rus
Senior Software Developer, Sourcefabric
mugur.rus@sourcefabric.org
Cluj-Napoca, Romania
+40 (0)720 528408
Skype: mugur_rus
http://www.sourcefabric.org
http://www.twitter.com/Sourcefabric
On Sun, Feb 20, 2011 at 5:56 PM, Oscar <
newscoop-support@lists.sourcefabric.org> wrote:
> Hi:
>
> Any changes to the templates? Changelog says that forms in frontend are
> vulnerable, but what do we need to modify in templates? or we need to upload
> all template files?
>
> Thanks!
>
>
>
-
Hi,
I am at a loss to decide which package to choose for an existing instance and how to upgrade this.
Andel -
Vote Up0Vote Down
Andrey Podshivalov
March 2011
Posts: 1,526Member, Administrator, Sourcefabric Team
-
Hi Andrey,
I am aware of this information.
It does NOT help me CHOOSE which one of these several packages to use for my instance. When I installed it originally there weren't half as many choices.
Andel -
Vote Up0Vote DownAndrey Podshivalov
March 2011
Posts: 1,526Member, Administrator, Sourcefabric Team use any suitable for you format: tar.gz or zip
-
Also, .deb and .rpm packages will soon be made available in the repositories, if you are using the automated install method. Install the package in the usual way, then run the upgrade.php script in your web browser, for example:
http://www.example.com/upgrade.php
You will then see a message indicating that the upgrade has been completed, with a link to the admin login page.
-
Hi Andrey,
Ubuntu/Debian Manual Install
Ubuntu/Debian Automated Install
Fedora/Redhat Automated Install
???
THAT is my problem
People - I have no idea what to use here.
Andel -
Hi Andel,
> Ubuntu/Debian Manual Install
> Ubuntu/Debian Automated Install
> Fedora/Redhat Automated Install
> People - I have no idea what to use here.
Manual install is good if you want to follow each step and learn what
Newscoop is doing to your server. For production use, automated install
is a lot more convenient.
Which distro are you running?
Cheers!
Daniel
-
Hi Daniel,
Newscoop 3.5.0
Andel -
Hi Andel,
> Newscoop 3.5.0
OK, that should be a simple upgrade. Which Linux distribution does the
server run?
Did you perform an automated or manual installation last time? Compare
http://new.flossmanuals.net/newscoop/ch005_automated-install ation.html
and
http://new.flossmanuals.net/newscoop/ch006_command-line-inst allation.html if
you aren't sure.
Cheers!
Daniel
-
Hi,
I have not the slightest idea what Linux distribution it runs. It runs Linux and thats all I know
It has Apache version 2.2.12, PHP version 5.2.10 and MySQL version 5.0.91-community. It's also a standard shared hosting environment with PHPsuexec/Suexec.
When I set up, I extracted the tarball into the base directory and hit install. The rest was a series of windows to fill out.
Cheers
Andel
-
Hi,
hmmm.
OK, so I have now read the manual and do not recognize anything. That's not how I set up the software in the first place and there is no explanation as to how to upgrade either.
Andel -
Hi Andel,
> It's also a standard shared hosting environment with
> PHPsuexec/Suexec.
For a typical shared server you have to use the manual method. The
automated method requires root or sudo access.
> When I set up, I extracted the tarball into the base directory and hit
> install. The rest was a series of windows to fill out.
Yep, that's the manual method. With the automated method, you don't have
to find, download and check the tarball yourself.
Cheers!
Daniel
-
Hi,
well...
So what do I do to upgrade, please? What is described there as a manual installation is nothing I did to install in the first place, and I cannot find any description on how to do an upgrade. It just says "click on upgrade". I swear I am not as daft as I sound, but right now there seems to be a basic rather large knowledge discrepancy (or - as I suspect - it is assumed the webmaster knows way more than I currently do).
Cheers
Andel -
Hi Andel,
> OK, so I have now read the manual and do not recognize anything. That's
> not how I set up the software in the fist place
The recommended manual installation method has not changed recently. On
a shared hosting server where dependency packages have already been
installed for you, you can skip many of the steps in:
http://new.flossmanuals.net/newscoop/ch006_command-line-inst allation.html
I suggest that you start the upgrade at step 6 of 'Apache
configuration'. Once you have the tarball unpacked in the right place,
you can move on to:
http://new.flossmanuals.net/newscoop/ch007_installation-step s.html
> and there is no
> explanation as to how to upgrade either.
That's not the case, please look at this chapter:
http://new.flossmanuals.net/newscoop/ch004_backup-and-upgrad e.html
I'd suggest you do the backup before starting the manual upgrade.
Cheers!
Daniel
-
Hi,
sorry - I repeat it: this is not what I did to install. Not at all. I simply unzipped the tarball via CPanel and then went to the website. Period. I never fiddled with Apache, or command lines or whatever. I worked exclusively from the CPanel filemanager.
So what is written there is gobbledegook to me. I wouldn't know how to do this if my life depended on it, seriously!
Additionally, I will do the devil and try to meddle with anything Apache or PHP on a production server which has clients on it. That's a shared hosting server, not my private sandbox. I need to know exactly what to do, please.
As to upgrading:
Quote:Running the upgrade script
After you have completed the backup successfully, update your Newscoop installation using either the automated or manual methods described in the following chapters. Then run the upgrade.php script in your web browser, for example:
http://www.example.com/upgrade.php
That tells me exactly nothing. I am sorry, but that is no information I can do anything with. Nothing happens when I go there.
Cheers
Andel -
Hi Andel,
> So what do I do to upgrade, please? What is described there as a manual
> installation is nothing I did to install in the first place, and I
> cannot find any description on how to do an upgrade.
Are you sure you're looking at the chapter links I just sent you? It's
all there.
> It just says "click
> on upgrade".
Can you show me where it says that please? Send me a screenshot if that
helps.
Cheers!
Daniel
-
Hi Daniel,
I'm going to the very links you post here
, thus they are bound to be the same you see.
And it says exactly: "Then run the upgrade.php script in your web browser, for example: http://www.example.com/upgrade.php", which - I take it - is a URL and hitting/clicking it is what you do to get there after you wrote that into your browser address field.
I repeat it once more, nothing what is described there is anything I did to install in the first place. I never worked at the command line, never via shell access, never set up or changed anything on the server. I also have trouble wrapping my brain around reconfiguring the whole server just to install a software. I can't do that, there are loads of websites of clients on that server.
There seems to be some basic information lacking, possibly?
Cheers
Andel -
Hi Andel,
> sorry - I repeat it: this is not what I did to install. Not at all. I
> simply unzipped the tarball via CPanel and then went to the website.
This is because on your shared hosting server, many of the packages
required to run Newscoop are already installed for you. The manual
install instructions cover the full details of setting up a new server
from scratch, which you might need if you were hosting on your own machine.
> Additionally, I will do the devil and try to meddle with anything Apache
> or PHP on a production server which has clients on it. That's a shared
> hosting server, not my private sandbox.
You probably can't adjust those settings anyway. This is sub-optimal for
a production server, which is why a dedicated or virtual server with
full root access is a better (if more expensive) option.
> I need to know exactly what to
> do, please.
As I mentioned, you can skip most of the steps on a shared hosting
server which is already set up. Follow the method you used to do the
original Newscoop install with CPanel, that should work fine.
> Then run the upgrade.php script
> in your web browser, for example:
>
> http://www.example.com/upgrade.php
>
> That tells me exactly nothing. I am sorry, but that is no information I
> can do anything with. Nothing happens when I go there.
You should see a page like the screenshot attachment. If not, perhaps
your Newscoop 3.5.1 tarball was not extracted in the right place.
I'm sure you noticed that you have to replace www.example.com in the
above URL with the domain name of your Newscoop site. example.com is a
special domain name reserved for use in documentation, which is why
there's nothing hosted there. See: http://www.iana.org/domains/example/
Cheers!
Daniel
-
Hi Daniel,
of course I know I have to replace the URL with my site's. As I said, I may be irritated right now, but not daft.
I do not recognize any of those steps there, so I have no idea what to do.
The upgrade.php page gives me a standard Newscoop error.
Andel -
Hi Andel,
> of course I know I have to replace the URL with my site's.
Some people trip up on that :-)
> The upgrade.php page gives me a standard Newscoop error.
Then either you have already upgraded (check the version number in the
admin interface footer) or you have not unpacked the tarball in the
right place. Please back your site up and try again.
Cheers!
Daniel
-
Hi Daniel,
I have not unpacked anything. I haven't even uploaded anything. So there we are for starters. How should I know I have to upload or unpack something to update?
So what do I upload and unpack where? What do I do with the unpacked files? What do I do with the live site? What happens to my templates etc..? What do I do if the whole thing doesn't work?
Questions upon questions
Cheers
Andel -
Hi Andel,
> So what do I upload and unpack where?
It's in the manual install instructions, under Apache configuration,
step 6 onwards.
http://new.flossmanuals.net/newscoop/ch006_command-line-inst allation.html
You will have to figure out where your DocumentRoot is, and what the
equivalent commands in CPanel are. You may not need to do step 9 on
shared hosting, as you probably aren't allowed to use the chown command.
> What do I do with the live site?
You don't have to do anything special with it to upgrade. The site will
be taken offline automatically until you run the upgrade.php script.
> What happens to my templates
> etc..?
I haven't tested this personally, but custom templates are supposed to
be included in the backup archive.
http://new.flossmanuals.net/newscoop/ch004_backup-and-upgrad e.html
You should have your original templates backed up somewhere safe too, of
course.
> What do I do if the whole thing doesn't work?
That's why we advise you to do backups ;-) I just tested an upgrade from
3.5.0 to 3.5.1 today, and it went very smoothly.
Cheers!
Daniel
-
Hi Daniel,
sigh.
This answer, never mind how often given, doesn't really help me. This (what is described in the manual) is so totally different from what you face with a CPanel setup without shell access that I am not recognizing anything. I didn't even grasp something has to be uploaded, I thought I might have to import something. The commands and descriptions make no sense at all.
Is here no one who can describe the procedure in a shared hosting environment?
Cheers
Andel -
Hi Andel,
> This answer, never mind how often given, doesn't really help me.
We don't provide specific instructions for CPanel at present. It's not a
recommended platform for an enterprise content management system,
because the amount of control offered to the website administrator is
very limited.
> I didn't even grasp something has to be uploaded. The commands
> and descriptions make no sense at all.
You might like to consider buying a managed hosting service if you are
unfamiliar with web server administration.
> Is here no one who can describe the procedure in a shared hosting
> environment?
There are some notes in the wiki which may prove helpful:
http://wiki.sourcefabric.org/display/CS/Install+Newscoop+Und er+Plesk
http://wiki.sourcefabric.org/display/CS/Install+on+Shared+Ho sting+Using+PHP-CGI
Cheers!
Daniel
-
Hi:
in shared hosting:
1.- make a BACKUP first and download to your computer
2.- upload a temporary index.html on your site's main dir
3.- decompress and upload all folders, except: admin-files, bin, conf and templates
4.- open admin-files dir and upload all the content except "lang" dir to your remote admin-files dir
5.- open "bin" and "conf" and upload the content
6.- open your browser and call your site http://yourdomain.com/upgrade.php and follow the directions on screen and you are done.
If something goes wrong, don't worry, that's why you have your site's backup. -
Hi Oscar,
thanks - that's something I understand and will go ahead with
I take it those files which do get uploaded are simply dropped over the old ones to overwrite them?
Cheers
Andel
-
Hi Andel:
Yes, open your FTP software (make sure the transfer mode is binary), and upload the files of new version over the existing ones.
-
Hi Oscar,
Thanks for the help! And that snippet of upgrade description for hosted accounts really should go into the manuals
Cheers
Andel -
Hi:
No problem.
Have fun with Newscoop -
Sounds familiar text and it used be in the manual... ;)
Sanna
- - sent via iPhone - -
On 1.3.2011, at 18.43, Oscar <newscoop-support@lists.sourcefabric.org> wrote:
>
> Hi:
>
> in shared hosting:
>
> 1.- make a BACKUP first and download to your computer
> 2.- upload a temporary index.html on your site's main dir
> 3.- decompress and upload all folders, except: admin-files, bin, conf and templates
> 4.- open admin-files dir and upload all the content except "lang" dir to your remote admin-files dir
> 5.- open "bin" and "conf" and upload the content
> 6.- open your browser and call your site http://yourdomain.com/upgrade.php and follow the directions on screen and you are done.
>
>
> If something goes wrong, don't worry, that's why you have your site's backup.
>
-
Just reporting back - the method Oscar posted worked now just fine on two sites.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions8,397
- Sourcefabric
- ↳ Announcements25
- Newscoop
- ↳ Newscoop Support2,189
- ↳ Newscoop Development722
- ↳ Newscoop Security13
- ↳ Newscoop Documentation17
- ↳ Newscoop Themes69
- Airtime
- ↳ Airtime Support3,139
- ↳ Airtime Development1,286
- ↳ Airtime Français146
- ↳ Airtime Documentation14
- ↳ Airtime Hacks102
- ↳ Promote your station!37
- ↳ Airtime Security11
- Booktype
- ↳ Booktype Support277
- ↳ Booktype Development55
- ↳ Booktype Documentation7
- Superdesk
- ↳ Superdesk Development264
- ↳ Web Publisher21
Poll
No poll attached to this discussion.Top Posters
-
Albert FR
1978
-
Martin Konecny
1860
-
Andrey Podshivalov
1526
-
Voisses Tech
1423
-
John Chewter
899
-
Daniel James
844
-
Roger Wilco
784
-
hoerich
627
-
Paul Baranowski
389
-
Cliff Wang
339