gillian — Wed, 24 Jun 2015 11:15:03 GMT

Hi Chris,
Yes please to upgrade Piwik if it's for critical security issues.
Best,
Gillian
On 24 June 2015 at 09:46, CRIN Trac <trac@trac.crin.org> wrote:
> #25: Piwik 2.14.0
> --------------------------------+-----------------------------------------
>            Reporter:  chris     |                      Owner:  chris
>                Type:  defect    |                     Status:  new
>            Priority:  critical  |                  Milestone:  Maintenance
>           Component:  piwik     |                    Version:
>            Keywords:            |  Estimated Number of Hours:  0.25
> Add Hours to Ticket:  0         |                  Billable?:  1
>         Total Hours:  0         |
> --------------------------------+-----------------------------------------
>  A new version of Piwik will be out very soon (probably best to wait for
>  the full release, there is a release candidate out today) which fixes
>  critical security issues - upgrading should take no more than 15 mins,
>  would you like your site upgraded?
>
>  > Three security issues have been fixed. We are grateful for security
>  researchers who responsibly disclosed these security issues to us:
>  Abdullah Hussam Gazi (CSRF issue) and Dmitriy Shcherbatov (two XSS
>  issues).
>  >
>  > https://piwik.org/changelog/piwik-2-14-0/
>
> --
> Ticket URL: <https://trac.crin.org/trac/ticket/25>
> CRIN Trac <https://trac.crin.org/trac>
> Trac project for CRIN website and servers.
>
--
Gillian Harrow
Organisational Development Manager
*Child Rights International Network - CRIN*
Unit W125-127, Westminster Business Square
1-45 Durham Street
London SE11 5JH
United Kingdom
E: gillian@crin.org
T: +44 (0)20 7401 2257
Website: www.crin.org
Twitter: @CRINwire

hours, status changed; resolution, totalhours set

chris — Thu, 09 Jul 2015 09:41:00 GMT

hours changed from 0 to 0.15
status changed from new to closed
resolution set to fixed
totalhours set to 0.15

The release version of Piwik 2.14.0 is out, so https://stats.crin.org/ has been upgraded following wiki:Piwik#Upgrades

sudo -i
cd /var/www
vi piwik/config/config.ini.php
export PIWIK="2.14.0"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz"
wget "https://builds.piwik.org/piwik-$PIWIK.tar.gz.asc"
gpg --verify piwik-$PIWIK.tar.gz.asc
cp piwik/config/config.ini.php .
chown -R piwik:piwik /var/www/piwik/
php /var/www/piwik/console core:update
      *** Update ***
      Database Upgrade Required
      Your Piwik database is out-of-date, and must be upgraded before you can continue.
      Piwik database will be upgraded from version 2.13.1 to the new version 2.14.0.
      *** Note: this is a Dry Run ***
      DROP TABLE IF EXISTS `site_setting`;
      CREATE TABLE `site_setting` (
                    idsite INTEGER(10) UNSIGNED NOT NULL AUTO_INCREMENT,
                    `setting_name` VARCHAR(255) NOT NULL,
                    `setting_value` LONGTEXT NOT NULL,
                        PRIMARY KEY(idsite, setting_name)
                      ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
      *** End of Dry Run ***
  A database upgrade is required. Execute update? (y/N) y
  Starting the database upgrade process now. This may take a while, so please be patient.
      *** Update ***
      Database Upgrade Required
      Your Piwik database is out-of-date, and must be upgraded before you can continue.
      Piwik database will be upgraded from version 2.13.1 to the new version 2.14.0.
      The database upgrade process may take a while, so please be patient.
    Executing DROP TABLE IF EXISTS `site_setting`... Done. [1 / 2]
    Executing CREATE TABLE `site_setting` (
                    idsite INTEGER(10) UNSIGNED NOT NULL AUTO_INCREMENT,
                    `setting_name` VARCHAR(255) NOT NULL,
                    `setting_value` LONGTEXT NOT NULL,
                        PRIMARY KEY(idsite, setting_name)
                      ) ENGINE=InnoDB DEFAULT CHARSET=utf8... Done. [2 / 2]
  ****************************************
    Piwik has been successfully updated!
  ****************************************
vi piwik/config/config.ini.php

The System Check was checked and all looks good.

CRIN Trac: Ticket #25: Piwik 2.14.0

hours, status changed; resolution, totalhours set