Opened 3 years ago

Closed 3 years ago

#25 closed defect (fixed)

Piwik 2.14.0

Reported by: chris Owned by: chris
Priority: critical Milestone: Maintenance
Component: piwik Version:
Keywords: Cc: jenny, gillian
Estimated Number of Hours: 0.25 Add Hours to Ticket: 0
Billable?: yes Total Hours: 0.15

Description

A new version of Piwik will be out very soon (probably best to wait for the full release, there is a release candidate out today) which fixes critical security issues - upgrading should take no more than 15 mins, would you like your site upgraded?

Three security issues have been fixed. We are grateful for security researchers who responsibly disclosed these security issues to us: Abdullah Hussam Gazi (CSRF issue) and Dmitriy Shcherbatov (two XSS issues).

https://piwik.org/changelog/piwik-2-14-0/

Change History (2)

comment:1 Changed 3 years ago by gillian 

Hi Chris,
Yes please to upgrade Piwik if it's for critical security issues.

Best,
Gillian

On 24 June 2015 at 09:46, CRIN Trac <trac@trac.crin.org> wrote:

> #25: Piwik 2.14.0
> --------------------------------+-----------------------------------------
>            Reporter:  chris     |                      Owner:  chris
>                Type:  defect    |                     Status:  new
>            Priority:  critical  |                  Milestone:  Maintenance
>           Component:  piwik     |                    Version:
>            Keywords:            |  Estimated Number of Hours:  0.25
> Add Hours to Ticket:  0         |                  Billable?:  1
>         Total Hours:  0         |
> --------------------------------+-----------------------------------------
>  A new version of Piwik will be out very soon (probably best to wait for
>  the full release, there is a release candidate out today) which fixes
>  critical security issues - upgrading should take no more than 15 mins,
>  would you like your site upgraded?
>
>  > Three security issues have been fixed. We are grateful for security
>  researchers who responsibly disclosed these security issues to us:
>  Abdullah Hussam Gazi (CSRF issue) and Dmitriy Shcherbatov (two XSS
>  issues).
>  >
>  > https://piwik.org/changelog/piwik-2-14-0/
>
> --
> Ticket URL: <https://trac.crin.org.archived.website/trac/ticket/25>
> CRIN Trac <https://trac.crin.org.archived.website/trac>
> Trac project for CRIN website and servers.
>



-- 
Gillian Harrow
Organisational Development Manager

*Child Rights International Network - CRIN*
Unit W125-127, Westminster Business Square
1-45 Durham Street
London SE11 5JH
United Kingdom

E: gillian@crin.org
T: +44 (0)20 7401 2257
Website: www.crin.org
Twitter: @CRINwire

comment:2 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0 to 0.15
  • Resolution set to fixed
  • Status changed from new to closed
  • Total Hours set to 0.15

The release version of Piwik 2.14.0 is out, so https://stats.crin.org/ has been upgraded following wiki:Piwik#Upgrades

sudo -i
cd /var/www
vi piwik/config/config.ini.php
export PIWIK="2.14.0"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz.asc"
gpg --verify piwik-$PIWIK.tar.gz.asc
cp piwik/config/config.ini.php .
chown -R piwik:piwik /var/www/piwik/
php /var/www/piwik/console core:update
      *** Update ***
  
      Database Upgrade Required
  
      Your Piwik database is out-of-date, and must be upgraded before you can continue.
  
      Piwik database will be upgraded from version 2.13.1 to the new version 2.14.0.
  
      *** Note: this is a Dry Run ***
  
      DROP TABLE IF EXISTS `site_setting`;
      CREATE TABLE `site_setting` (
                    idsite INTEGER(10) UNSIGNED NOT NULL AUTO_INCREMENT,
                    `setting_name` VARCHAR(255) NOT NULL,
                    `setting_value` LONGTEXT NOT NULL,
                        PRIMARY KEY(idsite, setting_name)
                      ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  
      *** End of Dry Run ***
  
  A database upgrade is required. Execute update? (y/N) y
  
  Starting the database upgrade process now. This may take a while, so please be patient.
  
      *** Update ***
  
      Database Upgrade Required
  
      Your Piwik database is out-of-date, and must be upgraded before you can continue.
  
      Piwik database will be upgraded from version 2.13.1 to the new version 2.14.0.
  
      The database upgrade process may take a while, so please be patient.
  
    Executing DROP TABLE IF EXISTS `site_setting`... Done. [1 / 2]
    Executing CREATE TABLE `site_setting` (
                    idsite INTEGER(10) UNSIGNED NOT NULL AUTO_INCREMENT,
                    `setting_name` VARCHAR(255) NOT NULL,
                    `setting_value` LONGTEXT NOT NULL,
                        PRIMARY KEY(idsite, setting_name)
                      ) ENGINE=InnoDB DEFAULT CHARSET=utf8... Done. [2 / 2]
  
  ****************************************
    Piwik has been successfully updated!  
  ****************************************
vi piwik/config/config.ini.php

The System Check was checked and all looks good.

Note: See TracTickets for help on using tickets.