Rails - May 2007 - Radiant CMS 0.6.1 - Stone Cutter (Security Update)

Looks like it''s time for another release of Radiant:

    http://radiantcms.org/download/

This release contains an important security update. Passwords since 0.5
have been written straight into the log files without filtering of any
kind. This could enable a malicious user with read permissions on the
log files to discover other users'' passwords. We''ve repaired
the problem
in 0.6.1. It is recommended that everyone upgrade immediately. You
should also delete production.log and development.log.

This release also includes a few minor bug fixes.


WHAT IS RADIANT CMS?

Radiant is a no-fluff content management system made for designers and
programmers and is ideal for use on small teams. It is similar to
Movable Type or Textpattern, but is much more than a blogging engine.

Radiant features:

   * An elegant user interface
   * The ability to arrange pages in a hierarchy
   * Flexible templating with layouts, snippets, page parts, and a
     custom tagging language (Radius: http://radius.rubyforge.org)
   * A dynamic extension system
   * A simple user management/permissions system
   * Support for Markdown and Textile as well as traditional HTML
     (it''s easy to create other filters)
   * Operates in two modes: dev and production depending on the URL
   * A caching system which expires pages every 5 minutes
   * Built using Ruby on Rails (which means that extending Radiant is
     as easy as any other Rails application)
   * Licensed under the MIT-License
   * And much more...

There''s even a live demo over on the project Web site:

    http://radiantcms.org/demo/


WHAT''S NEW IN THIS RELEASE?

* Fixed a security vulnerability which caused passwords to appear in the
   logs
* Fixed a bug in the site map code which caused it to forget which rows
   were expanded
* The find_by_url method has been optimized to improve performance
   [Daniel Sheppard]
* GET requests are now the only requests that are cached [Daniel
   Sheppard]
* Added rudimentary support for extension depencency specification
   through directory prefixing [Daniel Sheppard]
* Fixed syntax error in fixture loading extension [Sean Cribbs]
* Minor documentation fix for date tag [Sean Cribbs]
* Fixed a bug in the migrations that prevented 0.5.x users from
   upgrading properly [Sean Cribbs]


INSTALLATION

We''ve worked hard to make it easy to install Radiant. For starters you
can download it with Ruby Gems:

% gem install --include-dependencies radiant

Once the Radiant gem is installed you have access to the `radiant`
command. The `radiant` command is similar to the `rails` command (if you
are from the Rails world. It''s how you generate a new Radiant project
for a website. So `cd` to the directory where you would like your
instance to be installed and type:

% radiant -d [mysql|postgres|sqlite3] .

Next, edit config/database.yml to taste. Then run the rake bootstrap task:

% rake production db:bootstrap

And start up the test server:

% script/server -e production

Finally, hit the /admin/ URL and you should be off to the races. See the
README file in the release for additional details.

If you are interested in other download options, visit the download
page: http://radiantcms.org/download/.


UPGRADING FROM 0.6.0

1. Update the Radiant gem:

    % gem update radiant

2. Change the RADIANT_GEM_VERSION constant in config/environment.rb
    to "0.6.1".

3. Run the update rake task:

    rake radiant:update

4. Restart the server


UPGRADING FROM 0.5.x

The upgrade process changed significantly from last release, so listen
up! To upgrade an existing installation, BACKUP YOUR DATABASE, update
the gem, and create a new Radiant project using the instructions above.
Then point Radiant to the right database by editing config/database.yml
and execute the following command in your project directory:

% rake db:migrate

If you have problems during the upgrade, please let us know.


CONTRIBUTORS

Radiant wouldn''t be possible without the help of some fine people. The
following people have made contributions to this release:

* Alexander Horn         * Sean Cribbs

Thanks guys! If you''d like to hop on the development band wagon head on
over to our dev site (http://dev.radiantcms.org/).


SUPPORT

The best place to get support is definitely on the Radiant mailing list.
There''s a crowd of people there who have been hanging around for many
moons now. Newbie questions are welcome! To sign up, go to:

http://radiantcms.org/mailing-list/

The Radiant mailing list is also accessible via Ruby forum:

http://www.ruby-forum.com/forum/21


Enjoy!

--
John Long
http://wiseheartdesign.com
http://radiantcms.org


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---