Welcome to the Zikula community
You've reached the Zikula community website, the epicentre of Zikula development. If you're new here, you might find this a little overwhelming, so we recommend you check out www.zikula.org first for some documents explaining what Zikula is, as well as other useful information.
Otherwise, if you'd like to look around, you should register to get the most out of this website.
When using Doctrine in a project it is always a security critical component because it talks directly to your database. As such security is very important to us. In security however, context is important and providing you with query capabilities we have to expose you to the risk of SQL injections.
Doctrine cannot prevent you from building SQL injections into your applications and so can no other DBAL, because it would require hiding SQL completely. But hiding SQL completly is not wanted, because it is such a powerful language.
Therefore it is still your responsibility to make sure that you are using Doctrine correctly when working with SQL.
Read the rest of the article on the Doctrine website. Additional information on security concerns when utilizing Doctrine is now available in the respective repository's
SECURITY.md and also here: DBAL Security and ORM Security.
Zikula Core 1.3.7 is released as of 17 February 2014. This is a security release for the Core 1.3.x series as well as a bug fix release. All users of Core 1.3.0 - 1.3.6 are recommended to update as soon as possible.
In addition to addressing the security issue, the release combines all the recent "patches" that have been floating about in the community which attempted to address certain deficiencies in the 1.3.5/1.3.6 releases. Please update to this official package and discontinue using code from non-official sources.
Installation/Upgrade: (from Core 1.3.6) Be sure to backup files and database before any upgrade is attempted. Simply overwrite the files in your current installation with the new files , add your DB credentials to the config.php file and run the upgrade.php routine.
This release addresses Secunia Advisory SA56274 (article to be updated with link when published).
A full Changelog is available
The main development was occurring in what was originally intended to be a minor release in the 1.3.x series but this has been taking too long. This has required a change in plans.
As of 15 February 2014 the following changes have been made in the Core repository
- The 1.3 branch is renamed to 1.4
- The release-1.3 branch is renamed to 1.3
- The master branch remains intact as is and is intended as a 2.0 branch
The intention is to release Core 1.3.7 soon with all of the minor patches that have been floating out in the community as well as a couple other minor corrections. QA testing should begin on this release soon.
Core 1.4.0 will include many other improvements and fixes over 1.3.x series and also include a Forward Compatibility layer pointing toward the Core 2.0.0 release. There should be very few (if any) Backward Compatibility breaks from the 1.3.x series.
Core 2.0.0 will drop all backward compatibility for the 1.x series and require new extension structures, reliance on only new core technologies (symfony, twig, etc).
Timelines for anything beyond Core 1.3.7 are of course unknown and should not be assumed based on this information.
- eledril created topic »Inserting Ads Into News Categories Pages« 07. Mar
- shaaz_khanz responded to »Linking a custom doctrine 2 based module with non-doctrine based module« 06. Mar
- espaan created topic »Creating Imagine plugin preset during installation of other module« 06. Mar
- MarcPare responded to »RSS Feed Broken« 05. Mar
- krator responded to »MOST table prefix« 04. Mar
- krator responded to »sitemap for zikula 1.3« 25. Feb
- shoshia responded to »CodeCogs and CKEditor« 24. Feb