Thread

ExpressionEngine version 1.6.6 has been released today, and contains a security update along with a few maintenance items and bug fixes.  A successful exploitation would only lead to an annoying display issue (your data is not compromised), so we even debated including the fix in a normal build update.  However, there’s a bleeding edge scenario with many puzzle pieces (including the use of some third party software) where it could be quite serious.  So, for your safety, we decided to go with a point release, recommending this update for all users in a timely manner.

Our support staff is on hand and ready to assist you with any issues you may encounter while updating.  As always, if you do not skip any steps in our simple step by step update instructions, it should be a breeze and take just a few moments of your time.

Permalink

Any way you could list just the files that were modified? It is a pain to have to go through the entire update process every time there is a point release (and it increases the chance for errors with updating). I know you guys aren’t modifying all the hundreds of files and images…

Thanks in advance.

Sorry brendanc, to do that would mean we’d have to make a list of file changes between each build update and you’d have to compile a list from out each of them between your current build and the latest, which would definitely be more error prone.  If anything, following the same steps every time you update saves you from potential errors.  And if it really matters to you, there are some fabulous file synchronization tools available that will handle it for you directly in your FTP application.

Ugh. So be it.

A simple “stupid” question. My Site is running on EE 1.6.3. Can I update it directly to 1.6.6, or have I to update it first to 1.6.4, then 1.6.5 and so on?

franxx

You need to do it in steps, but EE does all that for you. You just download the latest version, and run update.php—EE will then automatically go to 1.6.4 -> 1.6.5 -> 1.6.6.

Any way you could list just the files that were modified? It is a pain to have to go through the entire update process every time there is a point release (and it increases the chance for errors with updating).

Having done hundreds of updates through the years on EE and other CMS apps, I’m convinced that EE’s /system directory update is much, much easier than trying to update individual files. With perhaps dozens or a hundred files being updated with each new EE update, it’s simpler, easier, and works better to update the /system directory instead. Prepare a new /system folder with the site’s config.php file, upload as /system_NEW, change permissions of the new files, take the site offline, clear caches, change name of old /system directory to /system_OLD, change name of /system_NEW to /system, run update.php, done.

Other than the upload time, two minutes, tops.

Ronnie,

This is only true if you’re:

* not running any third party extensions, plugins, language files, modules
* not using any custom themes for the member pages, control panel, or forums
* haven’t modified any of the source code
* aren’t also running forums or MSM
* haven’t installed any templates, translations or lib files

For those of us who have, upgrading is not as simple—it takes me about an hour to do an upgrade.

(I do agree with you: upgrading EE does seem to be easier than upgrading other CMS systems.  But it’s not two minutes.)

TTFN
Travis

Are there version notes for upgrading to 1.6.6? If not, something like 1.6.2 (i.e. Nothing to report) would be appreciated.

http://expressionengine.com/docs/installation/version_notes_1.6.2.html

TTFN
Travis

Are there version notes for upgrading to 1.6.6? If not, something like 1.6.2 (i.e. Nothing to report) would be appreciated.

http://expressionengine.com/docs/installation/version_notes_1.6.2.html

TTFN
Travis

Yes, indeed, the docs in the download have these; with all of the updates and activity yesterday I forgot to upload the new update.html file and accompanied version notes.  I’ll pop them up right now.

Done, linked from here, of course.

This is only true if you’re:

* not running any third party extensions, plugins, language files, modules
* not using any custom themes for the member pages, control panel, or forums
* haven’t modified any of the source code
* aren’t also running forums or MSM
* haven’t installed any templates, translations or lib files

For those of us who have, upgrading is not as simple—it takes me about an hour to do an upgrade.

(I do agree with you: upgrading EE does seem to be easier than upgrading other CMS systems.  But it’s not two minutes.)

I’m running third party extensions, extra plugins, extra languages files, and 3rd party modules, I have custom themes for member pages and forums, modified source code, do not run MSM, do run forums as templates, and have plenty of templates, et al.

The key is in setting up the new /system directory, and having a checklist for changes. Even my most complex site (all of the above mods) takes a whopping two minutes (not including the /system setup or the upload, of course) to upgrade. I can only imagine the nightmare of having to change out file by file.

I manage a few WordPress sites and I just FTP all the files up (except configs and themes), wait five minutes and it’s done. Mostly. It takes longer to clean up the pieces.

😊

Are all previous versions affected by the security issue?

Yes, all recent versions up and including EE 1.6.5 should update to 1.6.6.