Radiant 0.6.1 - Stone Cutter Release (Security Update)
This release contains an important security update. Passwords since 0.5 have been written straight into the log files without filtering of any kind. This could enable a malicious user with read permissions on the log files to discover other users’ passwords. We’ve repaired the problem in 0.6.1. It is recommended that everyone upgrade immediately. You should also delete production.log and development.log.
This release also includes a few minor bug fixes:
- Migrations have been repaired so that it is easier to upgrade from 0.5.x
- The expanded state of the site map is now preserved more accurately
- The documentation has been corrected for the Radius date tag
For a complete list of what’s new, see the CHANGELOG.
1. Update the Radiant gem:
gem update radiant
2. Change the RADIANT_GEM_VERSION constant in config/environment.rb to “0.6.1”
3. Run the update rake task:
4. Restart the server
Please give the gem a chance to propagate to the RubyForge download servers.