Linkedin, Yahoo vb. sitelerin veritabanına sızınlığını duymuşsunuzdur. Siz de bu durumda endişelenip kendi veritabanınız çalınırsa kullanıcılarınıza ne olacak diye düşünebilirsiniz İyi haber şu ki biz şifreleri olduğu gibi değil de MD5 ile şifreleyerek saklıyoruz.Kötü habere gelirsek MD5 artık kolayca bruteforce ile çözülebiliniyor.
Bu yüzden yaptığımız geliştirmelerle artık şifreler ön tanımlı rastgele bir anahtar üzerinden SHA256 şifrelemesi yapılıyor, farklı hash seçenekleriyle birlike plugin geliştiricilerine de kendi özel şifreleme methodlarını ekleme imkanı sunuyor. Siena ve Genoa kullanıcılarına güncelleme yapmalarını tavsiye ediyoruz. Güncellemeden sonra şifreler halen MD5 kalacak ancak şifreyi değiştirdikleri anda yeni şifreleme methoduna geçiş yapacaklar.
Genoa update 0.6.24 fazladan bir güvenlik yaması daha içeriyor, eğer yabancıların admin panelinize girmesine izin veriyorsanız bu güncellemeyi yapmanızı tavsiye ediyoruz.
Siena update 0.9.11 ise bir çok hatayı gideriyor ve çeşitli konularda iyileştirme içeriyor "Yaz saati uygulaması" vb geliştirmelerde bulunuldu.Detaylar için Sürüm Notlarını okuyun.
You have probably seen the recent news about database leaks at LinkedIn, Yahoo, etc. So you may be worried what happens to your users if your database is stolen somehow. The good news is that passwords are not stored as plain text but are hashed with MD5. The bad news is that MD5 is rather easy to bruteforce.
So, we made some major improvements to the way passwords are hashed in Cotonti and it is now using SHA256 with random salts by default, provides some hashing options and gives plugin developers an opportunity to implement their own hashing methods. An update is recommended to both Siena and Genoa users. After upgrade, existing user passwords will still be hashed with MD5, but as soon as they change their passwords, new hashing functions will be applied.
The Genoa update 0.6.24 includes one more security patch, so it is highly recommended to update if you let strangers enter your Administration panel.
The Siena update 0.9.11 includes lots of bug fixes and enhancements including Daylight Saving Time support. See release notes for more information.
Major security update for password hashing and storage. Multiple hashing algorithms are supported, all new passwords are hashed with salt and sha256 instead of md5 by default. Existing passwords are kept in md5 but it is recommended to change them in future.
New timezone handling including timezone names and daylight saving time (DST) support.
Module subfolders in theme folders.
Added default sorting order option for tag search results.
You have probably read about updates in Cotonti and know how to update the system in general. This article describes extension updates in detail. The word 'extension' means both 'module' and 'plugin' as a more general term in Cotonti.
When extensions are updated
There are 2 cases when extensions are updated:
When you run install.php script to update your system as described here. In this case the update script checks versions of all installed extensions against versions of extension setup files on disk and updates only those, which have been updated on disk (have higher version numbers).
When you click "Update" button in Administration → Extensions → Extension_name. In this case the system attempts to update the extension regardless of installed / available version numbers.
It is highly recommended to use "Update" feature instead of reinstalling extensions. Reinstalls were necessary in Cotonti 0.6.x, but there is no need to do them anymore. Update works a lot smarter.
Update process for a particular extension
For each updated extension Cotonti applies the following procedure:
Calculates difference between installed extension version in the database and available extension version in extension_name.setup.php on disk.
Removes current hook handlers and installs them all again. This is necessary if there are new hook handler parts in the extension or some old parts have been removed or meta-information for some parts (e.g. used hooks) has changed.
Updates configuration. It adds new options if there are any. It removes options which have been removed from the extension. It modifies and resets to default values those options for which option type has been changed. All the rest is left untouched.
The same as step 3 is applied to structure configuration.
Updates permission Auth/Lock masks for 'members' and 'guests' groups.
Applies PHP and SQL patches from extension's 'setup' subfolder in the sequential order, based on the difference between installed and available version.
Updates extension version in the database and clears cache.
You might notice that we had a poll a while ago to pick the best name for 1.0.x branch. The name of Valencia has been the most popular. However, at Cotonti Team we decided to continue using Siena as the name for 1.0.x branch for 2 obvious reasons: a) 1.0.x is fully compatible with 0.9.x; b) rebranding is quite an expensive thing. So we will use those wonderful names of Avila and Valencia later when it is really time for a new branch name.
Another message from Cotonti headquarters: the developers have shifted their focus from development of new features to stabilization of Siena code, improvements in extension repository and documentation writing. Your input in this direction is highly appreciated.
The option -o says to name the reference to Cotonti repo as "cotonti" rather than "origin" (default in git) to avoid confusion. The point at the end means that it will be checked out into the current directory, replace it with another path if necessary.
Line 1 is connecting to your site's SSH. On lines 2-3 we create a new location for git-sepcific files and initialize a new repo therer. Line 4 creates a script which will automatically apply changes to the site files, replace /path/to/htdocs with an actual path to your Cotonti site on this server. 5th line makes this script executable.
Then you can get back to your local repository and push it to the server:
git remote add site ssh://firstname.lastname@example.org/path/to/site.git
git push site master
Replace "master" with "genoa" or another branch you currently use.
After that you will be able to use synchronization commands described in one of the following sections.
Use Case 2: from existing site to your local copy, then sync with Cotonti repository
In this case we assume that you have already initialized site.git repository for your remote website, for example with a script given in the previous Use Case. If you have initialized a repository on your server alone but you have not added any files there to be monitored by Git, then you should do it by entering your site's htdocs and running "git add" command there:
ssh -l your_login example.com
GIT_DIR=/path/to/site.git git add .
GIT_DIR=/path/to/site.git git commit -q -m "Added site files"
Note: GIT_DIR is necessary in git calls on server because Git files are stored separately from site files on server.
Once your remote site.git repository is filled and up to date, your teammates can clone it to their own local copies:
git clone -o site ssh://email@example.com/path/to/site.git
Specify "-b genoa" argument if using Genoa branch. They can also add a Cotonti's repository to git remote list too:
This site has been moved to a faster server. Google Site Performance analyzer says it now loads faster than 95% of sites on the web. Nice results reinforced by Siena's JS/CSS consolidator tool.
Oh, the updates! Genoa site owners should update their sites to 0.6.17, the patch is really small but won't hurt applying. Siena enthusiasts, head to 0.9.2 - this is a bugfixing update, but a very important one. We apologize for 0.9.1 which had some bugs which made it harder to use than 0.9.0, so we have solved those problems in 0.9.2 and you can have more fun with Siena now!
Community updates include our new Twitter page. Besides the official announcements it also tracks links to useful articles, so follow us there! Another important thing is that we are going to launch a plugin conversion campaign soon and so far we have opened a Wishlist for future conversions.
The following month probably won't bring many major features to the engine, but we plan several helpful community actions, including rewards for support, relaunch of donations and of course the plugin conversion campaign.
This document will guide you through necessary steps for keeping your Cotonti website up2date. It makes a presumption that you have got some experience running a website and using popular tools such as phpMyAdmin, FTP, etc.
It is considered as a good habit if you backup your site files and database before making any major updates to it.
Keeping your Cotonti Siena up to date
Most of updates within Siena branch (0.9.x) are automated. So, if you run a Siena website and there are some updates available for the core, modules or plugins, just follow the steps described below.
Copy the updated files into your site's tree. Overwrite existing files with updated ones.
If you have removed install.php from the root folder after previous installation/update, then restore it there. If you are updating the entire Cotonti package and not just a particular module/plugin, then make your datas/config.php writable by PHP (usually means setting CHMOD 666 or CHMOD 664 on it).
The script will automatically merge changes in config.php, check for SQL patches and update them, check for updates in all installed modules and plugins and apply them if available. If any errors occur, they will be shown on red background. Normal update log is shown on green background. Please ask for support on forums if you encounter errors during update.
After update is finished successfully, you may remove install.php until next update and revoke write access on datas/config.php (CHMOD 644).
Note for extension developers: the update script detects changes in modules and plugins by comparing their version number to version number present in the database. It does not compare actual files or search for patches. So if you update setup of your extension (configuration, default permissions, etc.), change hooks or extension parts, add PHP or SQL patches, then don't forget to increase the version number in extension's setup file for the update script to know that there is some work for it.
Upgrading from Cotonti Genoa
It is possible to upgrade existing Genoa site to Siena. Configuration and database will be converted automatically. And so will be modules and plugins which have been updated for Siena too. Old Genoa and Seditio plugins will be disabled upon upgrade, because they will either require porting to Siena or enabling a special compatibility plugin first.
Make sure you have updated your site to latest Genoa before upgrading it from Genoa to Siena. Otherwise upgrade may fail.
Follow these steps to upgrade your site from Genoa to Siena:
Backup site files and database. This is strongly recommended. If anything goes wrong, you will be able to restore your site from a backup.
Copy Siena files and paste them on top of your existing Genoa tree. Overwrite old files.
After that the site will be converted to Siena. It may take some time depending on how much data your site has. If any errors occur, they will be shown on red background. Normal update log is shown on green background. Please ask for support on forums if you encounter errors during upgrade.
When upgrade is finished successfully, you may remove install.php until next update and revoke write access on datas/config.php (CHMOD 644).
Your site's theme will be switched to Nemesis, the development/fallback theme of Siena. This is because skins are now called themes, they are located in a different folder and you'll need to modify your Genoa skin into Siena theme to use it on site.
Plugins which have not been ported to Siena are disabled upon upgrade. Then if a plugin gets a Siena port, then you can update its files and install it again in Administration => Extensions. If your site depends on Genoa plugins heavily, you can enable partial backwards compatibility by installing Genoa plugin in Administration => Extensions. After that you will be able to install and run Genoa plugins. Their proper functioning is not guaranteed although Cotonti will do its best to provide old APIs to them. It has a performance downside, so use it only as a temporary measure until all necessary plugins are ported to Siena.
Porting Genoa skins and plugins to Siena is beyond the scope of this guide, please refer to specific articles on these topics.
Probably you will need to configure parsers and editors for your site. Read an article about it.
Upgrading from Seditio
Upgrading Seditio to Cotonti Genoa is required first if you want to upgrade a Seditio site to latest Cotonti. This is how you can upgrade Seditio to Cotonti Genoa:
First make sure your Seditio site uses v126 or v130, upgrading from earlier versions is not supported.
Then make sure your Seditio database is converted to UTF-8 character set. Check Seditio documentation or search the web if you need help with it.
Unpack latest Cotonti Genoa files and overwrite Seditio files with them.
Open phpMyAdmin and apply SQL patches in sql folder in the following order:
and so on in ascending order of version numbers in patch-A.B.C-D.E.F.sql
Copy sql/patch-0.6.txt to patch.php in the site root. Run it in a browser window, e.g. http://example.com/patch.php. After that remove patch.php.
Open datas/config-sample.php and datas/config.php, merge necessary changes from config-sample.php to config.php.
After upgrading your site to Genoa and testing it, you will be able to upgrade it to Siena as described in previous chapter.
Surprise! You might not expect it, but we have changed layout of this site. And it is not just layout, we have converted this entire site to the latest beta of Cotonti Siena, reorganized Downloads a bit and there are more changes planned. During the next several days we will be fixing bugs which appear here and there after the site upgrade, tweaking things and converting some plugins to Siena. Then we are going to reorganize the Documentation section and enable content internationalization there. And the brand new core/extension repository will be deployed within next few months.
We are following our previously stated timeline and this day comes as feature freeze on Siena 0.9.0. It means that no new features are accepted for this release from now and during this month we will only get done what we have already started, fix bugs and make obvious enhancements. The next alpha/beta is not ready at the moment, there are some preparations required before the next massive testing and bugfixing stage starts. You will be informed of it either here or on forums.
An important security bug has been detected in Cotonti 0.6.x that might affect some sites with magic_quotes_gpc=Off. That's why today we have released 0.6.9 which fixes this bug and also improves our security and authentication mechanisms as requested by the community. Here are the changes:
An important security fix and improvements for the rc.php static resource compressor
Authentication security and stability improvement backported from Siena
Anti-XSS improvement backported from Siena
Authentication support for multi-domain sites (with "remember me")
This update is strongly recommended, download it now. Note: right after the update all users will have to relogin into the site.
If you wonder about Siena, it is still under heavy development.
Despite the fact Siena is behind the schedule due to amount of work and developer inactivity this Spring, we have made some important decisions and there are some news that haven't been announced before:
The release is scheduled on Summer, currently the date is set on August 1st. The reason is that developer activity will increase in Summer and we will also need some time to test and fix critical bugs.
The version number will be 0.9 instead of 0.7. And it is more than just a version number: 0.9 means that most major core and API changes that have been planned for 1.0 will be done in Siena. Therefore there will be massive changes from 0.6 (with migration tools and compatibility layer for existing Genoa installations provided), but afterwards the API won't change significantly until 1.5 or 2.0. We have made this decision because community members claim that it is easier to make big changes to their plugins once rather than doing it smaller portions every few months.
Cotonti will use HTML as primary markup language and will come with HTML purifier and WYSIWYG-capable editor. BBcode and other markup parsers and editors will still be supported at secondary level.
If you have Polls enabled on your site, it is strongly recommended to update to this version. It contains an important SQL injection vulnerability fix for polls module. Some minor bugs have been fixed during the last month too: