Radiant 0.6.1 - Stone Cutter Release (Security Update)

Posted by John W. Long on Saturday, May 05, 2007 | |

This release contains an important security update. Passwords since 0.5 have been written straight into the log files without filtering of any kind. This could enable a malicious user with read permissions on the log files to discover other users’ passwords. We’ve repaired the problem in 0.6.1. It is recommended that everyone upgrade immediately. You should also delete production.log and development.log.

This release also includes a few minor bug fixes:

For a complete list of what’s new, see the CHANGELOG.

To upgrade:

1. Update the Radiant gem:

gem update radiant

2. Change the RADIANT_GEM_VERSION constant in config/environment.rb to “0.6.1”

3. Run the update rake task:

rake radiant:update

4. Restart the server

Please give the gem a chance to propagate to the RubyForge download servers.