Release 0.8

From Habari Project

Jump to: navigation, search

Contents

Introduction

Welcome to Habari Version 0.8!

This latest release of Habari contains security fixes, major improvements, and feature changes. You should read the Upgrading page before you upgrade.

This is also our first release from Github. Have a look at how to install Habari from Github.

Issues Addressed

Security

  • Don't let admin pages be loaded in an iframe d8a544eb85
  • Protect Habari Silo uploads from CSRF 04cd07adfc, 85940b8d8f
  • Filter the page string of requested admin pages to remove a non-persistent XSS hole a0f34009aa
  • Prevent direct loading of config files 5eb87a12ca

Thanks again to Mauro Gentile for working with us on these security issues, his contributions are greatly appreciated, as is his patience in waiting for this release before revealing these bugs!

Bugs

A complete list of all the bugs fixed is near impossible. Here are a selected few, and the rest can be found in the commit logs.

  • Remove a call to a PHP 5.3+ method on the admin logs page when filtering by date. r5125 fixes #1447.
  • Many strings that had translation values available but were not using them now will show localized text.
  • Fix errors displayed when using Charcoal. 9a18afb6 fixes #221.
  • Use signed values for moving taxonomy terms. 35735ae fixes #229.
  • Wrong date in entry dash module. 7041fc62 fixes #208.
  • Prevent direct access to files. 64089ee3.

Enhancements

  • Add initial support for child themes, wherein a child theme can use all of the templates of its parent, overriding only templates and styles that it intends to augment.
  • Improve the consistency of rewrite rule names, which may break plugins using those rules. The rule update_entries has been renamed update_posts.
  • Change the default behavior of theme functions from echo to return.
  • Add support for gzip and deflate compression to both SocketRequestProcessor and CurlRequestProcessor, so that any external HTTP requests will be seamlessly compressed to save bandwidth, 5e20c9f3b7 and 3687139d57

Other Changes

  • The k2 theme has been removed. It can now be found in habari-extras.

Upgrade Notes

Please read about upgrading to version 0.8. All users will be affected by the change in theme functions and many will want to remove a potential path disclosure issue. Now that it has been removed from the Habari installation, users of the k2 theme will need to manually include it.

Known Bugs

Many bug fixes and improvements have been made since the last release, but as with any piece of software issues and enhancement requests remain. For full details see Habari's change management system.

Credits

These release notes were compiled by the Habari Community.

On behalf of the community, we give our warmest thanks to the developers and contributors who made this Habari release possible.

Personal tools