1.4 release notes

The Aegir team is happy to release the fifth stable release in the 1.x branch.

This release fixes the security vulnerability as announced by the Drupal Security Team

This release contains no other fixes or changes: this is simply a hotfix release to fix the security vulnerability.

We strongly recommend you upgrade your Aegir system.

Note that this security issue affects the Eldir theme only. The security issue does not affect your hosted sites that are managed by Aegir, and no re-verification of sites or platforms is necessary.

1. A special note for users of the Debian packages

Please note that due to resource issues, we have not been able to release new Debian packages for this fix yet. We will at the start of October, but we didn't want to wait before getting this security release out.

For users that have installed or switched to Aegir using the Debian packages (apt-get install aegir), you will need to manually apply a hotfix patch to your system for now. We recommend patching as opposed to switching to the manual upgrade process (tarballs etc.) so that you can stay on track with Debian packages in the future. Make sure you have updated to Aegir 1.3 using the Debian packages before following these hotfix instructions.

To apply the hotfix, download and apply the patch as follows:

Become the aegir user by running the following command:

su -s /bin/sh - aegir

(Note you must run this as root or prefix with sudo).

Navigate to the aegir user's home directory:

cd ~

Download the patch, using wget:

wget -O hostmaster-sa-20110921.patch http://drupalcode.org/project/hostmaster.git/patch/9bc096ad5f9b6544cb39c69f797f9b03d408d311

Run the following to cd to the hostmaster profile directory:

cd `drush @hostmaster dd`/profiles/hostmaster

(Note that those: ` are backticks)

Now you can apply the patch:

git apply -v ~/hostmaster-sa-20110921.patch

Git should report that it 'Applied patch themes/eldir/template.php cleanly' or similar.

Your hostmaster installation is now secure, and you have exactly the same code as anyone else running Aegir 1.4.

2. Installing and upgrading

NOTE: For this release you should not use the Automated Debian Packaging installation steps, as we have not yet packaged debs for this release. Use the Manual installation.

The canonical source of installation documentation is on the community site at:

http://community.aegirproject.org/installing

In a similar fashion, the upgrade documentation is:

http://community.aegirproject.org/upgrading

Within those sections you'll find step-by-step instructions for performing both manual and automatic upgrade processes.

It is still imperative that you read the the upgrade path and version-specific information and follow all version-specific upgrade instructions before trying to run the upgrade script or manual upgrade. This especially applies to users upgrading from releases prior to 0.4-alpha8, including 0.3.

For users coming from the 0.4 betas or recent rc releases, there are unlikely to be any version-specific manual steps required to upgrade, but you should make a habit of reading them anyway just to make sure. No-one likes a nasty surprise!

2. Need help?

If you struggle to install or upgrade your Aegir system, you have a number of options available to you for getting help.

Consult this page for more information: http://community.aegirproject.org/help

Thanks to our awesome community for their help, support and encouragement as always! Enjoy the new release :)

3. Bugfixes

4. Known issues

See also the 1.0 release notes for known issues in the 1.x serie.