Joomla! 3.4.7 major bugs

Joomla! 3.4.7 has major bugs which cause core Joomla! and third party extensions (like ours) to fail randomly. Please read this article for more information. TL;DR: OOPS, JOOMLA! HAS SCREWED UP. We do everything we can to work around it but you need to do some stuff too. Easy fixes next to the Resolution headers below.

UPDATE December 24th: Upgrade to Joomla! 3.4.8  as soon as it's available, around the evening of December 24th.

Update – December 24th, 2015 11:47 GMT.

Fixes for all the bugs explained herein have been submitted by our company's staff to the Joomla! project after pulling a massive death march (8am to 2am, non-stop). The fixes are already accepted, tested and merged.

Upgrade to Joomla! 3.4.8 as soon as it's available (around the evening of December 24th)

IMPORTANT: You may have to log out and back into your site to install Joomla! 3.4.8 (if you had already updated to Joomla! 3.4.7, that is).

Short history of the issue

On the night of Monday, December 21st, 2015 Joomla! 3.4.7 was released with an important security fix for a PHP issue affecting mostly old versions of PHP and installations using the default settings in their php.ini files. The fix was originally developed for the (yet unpublished) Joomla! 3.5 and was backported to Joomla! 3.4 by the Joomla! core team. Unfortunately the backporting was botched, introducing severe MAJOR BUGS.

Bug #1: Session data migration breaks backups (unless you logout and log back in)

Reference: Public ticket 24027

Symptom: You get a page reading something like this:
An error has occured.
0 AkeebaModelProfiles::setId()

Explanation: Even though we explicitly warned the Joomla! security team that trying to migrate existing session data would cause problems they chose to ignore us. Guess what? We were right. Again. Joomla! 3.4.7 tries to migrate existing session data the first time you access a page / log in to your site after updating to 3.4.7. Unfortunately this doesn't work and you end up being logged in to your site but have no authority to perform any action. This includes simple things like editing articles or complex things like accessing Akeeba Backup to run a backup.

Resolution: Log out of your site and then log back in.

Alternatively, if you have Admin Tools Core or Professional, use the Purge Session feature to forcibly reset all stored sessions. This logs you and everybody else out, forcing Joomla! to behave correctly upon logging back in.

Bug #2: Session initialisation failure leading to CLI (CRON) scripts not working

ReferenceJoomla! Issue Tracker #8755

Symptom: Akeeba Backup and Akeeba Ticket System CLI (CRON) scripts no longer work.

Explanation: A botched backporting of the security fix led to the core Joomla! API "JSession" throwing a PHP Fatal Error when accessed from CLI scripts. Since this happens inside Joomla!'s own code every single time you use the official Joomla! API to check the parameters of a user, it kills Akeeba Backup's and Akeeba Ticket System's CLI scripts.

Resolution: We released new versions of all of our software on December 22nd, 2015 working around Joomla!'s issue with CLI scripts.

Bug #3: Fatal Error when the MySQL connection goes away or the database connection failed

Reference: Joomla! Issue Tracker #8762

Symptom: Error message "PHP Fatal error: Call to a member function stat() on a non-object in /var/www/[...]/libraries/joomla/database/driver/mysqli.php on line 202" when using Akeeba Backup. Also see public ticket 24203 on our site.

Explanation: An erroneous change in JDatabaseDriverMysqli tries to access the MySQLi connection object without checking if it, in fact, exists and is valid. Because of that Joomla!'s internal code throws a PHP Fatal Error whenever a database connection to a MySQL server using the "mysqli" driver is closed by the database server or wasn't created as the result of wrong connection details.

This will usually get triggered when backup steps run for a long time. This typically happens when:

  • you are on a slow, overloaded server; or
  • you are using lengthy post-processing such as uploading to a remote FTP server, Amazon S3 etc

Resolution: Due to the nature of the issue we can't work around it programmatically. However there are two easy fixes you can try:

  1. Go to Global Configuration and change the database type from mysqli (with a trailing i) to mysql (WITHOUT a trailing i). Some servers may not give you that option.
  2. Downgrade to Joomla! 3.4.6.

We generally would not recommend downgrading to 3.4.6 because Joomla! 3.4.7 works around a PHP security issue. However, considering that a. exploitation of said PHP security issue is currently purely theoretical (nobody has a working proof of concept yet) and b. the Joomla! bug is screwing up your backups, exposing your site to immediate risk we conclude that downgrading to Joomla! 3.4.6 is, in fact, the safest solution.

It goes without saying that we are actively contributing to solving these issues in Joomla! itself. We have already spent over 20 man hours addressing these issues, paid for out of our own pocket. Availability of Joomla! 3.4.8 –which will address those issues– is not up to us, though. UPDATE: Thanks to Joomla! maintainer extraordinaire George Wilson the Joomla! 3.4.8 update will be available on Christmas Eve, around the evening.

Cookies Notification - Action required

This website uses cookies to provide user authentication and improve your user experience. Please indicate whether you consent to our site placing these cookies on your device. You can change your preference later, from the controls which will be made available to you at the bottom of every page of our site.