John W. Long
2007-May-06 00:27 UTC
[ANN] Radiant CMS 0.6.1 - Stone Cutter (Security Update)
Looks like it''s time for another release of Radiant: http://radiantcms.org/download/ This release contains an important security update. Passwords since 0.5 have been written straight into the log files without filtering of any kind. This could enable a malicious user with read permissions on the log files to discover other users'' passwords. We''ve repaired the problem in 0.6.1. It is recommended that everyone upgrade immediately. You should also delete production.log and development.log. This release also includes a few minor bug fixes. WHAT IS RADIANT CMS? Radiant is a no-fluff content management system made for designers and programmers and is ideal for use on small teams. It is similar to Movable Type or Textpattern, but is much more than a blogging engine. Radiant features: * An elegant user interface * The ability to arrange pages in a hierarchy * Flexible templating with layouts, snippets, page parts, and a custom tagging language (Radius: http://radius.rubyforge.org) * A dynamic extension system * A simple user management/permissions system * Support for Markdown and Textile as well as traditional HTML (it''s easy to create other filters) * Operates in two modes: dev and production depending on the URL * A caching system which expires pages every 5 minutes * Built using Ruby on Rails (which means that extending Radiant is as easy as any other Rails application) * Licensed under the MIT-License * And much more... There''s even a live demo over on the project Web site: http://radiantcms.org/demo/ WHAT''S NEW IN THIS RELEASE? * Fixed a security vulnerability which caused passwords to appear in the logs * Fixed a bug in the site map code which caused it to forget which rows were expanded * The find_by_url method has been optimized to improve performance [Daniel Sheppard] * GET requests are now the only requests that are cached [Daniel Sheppard] * Added rudimentary support for extension depencency specification through directory prefixing [Daniel Sheppard] * Fixed syntax error in fixture loading extension [Sean Cribbs] * Minor documentation fix for date tag [Sean Cribbs] * Fixed a bug in the migrations that prevented 0.5.x users from upgrading properly [Sean Cribbs] INSTALLATION We''ve worked hard to make it easy to install Radiant. For starters you can download it with Ruby Gems: % gem install --include-dependencies radiant Once the Radiant gem is installed you have access to the `radiant` command. The `radiant` command is similar to the `rails` command (if you are from the Rails world. It''s how you generate a new Radiant project for a website. So `cd` to the directory where you would like your instance to be installed and type: % radiant -d [mysql|postgres|sqlite3] . Next, edit config/database.yml to taste. Then run the rake bootstrap task: % rake production db:bootstrap And start up the test server: % script/server -e production Finally, hit the /admin/ URL and you should be off to the races. See the README file in the release for additional details. If you are interested in other download options, visit the download page: http://radiantcms.org/download/. UPGRADING FROM 0.6.0 1. Update the Radiant gem: % gem update radiant 2. Change the RADIANT_GEM_VERSION constant in config/environment.rb to "0.6.1". 3. Run the update rake task: rake radiant:update 4. Restart the server UPGRADING FROM 0.5.x The upgrade process changed significantly from last release, so listen up! To upgrade an existing installation, BACKUP YOUR DATABASE, update the gem, and create a new Radiant project using the instructions above. Then point Radiant to the right database by editing config/database.yml and execute the following command in your project directory: % rake db:migrate If you have problems during the upgrade, please let us know. CONTRIBUTORS Radiant wouldn''t be possible without the help of some fine people. The following people have made contributions to this release: * Alexander Horn * Sean Cribbs Thanks guys! If you''d like to hop on the development band wagon head on over to our dev site (http://dev.radiantcms.org/). SUPPORT The best place to get support is definitely on the Radiant mailing list. There''s a crowd of people there who have been hanging around for many moons now. Newbie questions are welcome! To sign up, go to: http://radiantcms.org/mailing-list/ The Radiant mailing list is also accessible via Ruby forum: http://www.ruby-forum.com/forum/21 Enjoy! -- John Long http://wiseheartdesign.com http://radiantcms.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---