Radiant 0.6.7 - Mordant Release
Radiant 0.6.7 “Mordant” resolves several security holes and includes enhancements for developers.
- CSRF attacks are now partly mitigated by the built-in Rails helpers.
- Every user account now has its own password salt that remains secret.
- All admin view templates have been converted to use Haml instead of the standard ERb templates.
- The “shards” extension has been folded into the core, allowing flexible manipulation of the administration UI for extensions.
- All pages are now automatically expired from the cache when any page is saved.
- The login system has been enhanced to remember attempted URLs and to automatically redirect away from the login page if you are logged in.
radiant:extensions:update_allRake task has been added to simplify copying assets from extensions into the
Attention extension developers: If you were using “shards” to modify the user views, please verify that your extension is unaffected. The structure of the partials and regions in the edit view has slightly changed.
To install use the gem command (with ‘sudo’ as necessary):
$ gem install radiant
Upgrading an existing project/site
1. Change the RADIANT_GEM_VERSION constant in config/environment.rb to “0.6.7” or remove it altogether.
2. Update the Radiant assets in your project:
3. Copy your customizations back into
config/environment.rb, if necessary (see below).
4. Migrate the database:
rake production db:migrate
5. Restart the server
Creating a new project/site
1. Invoke the
radiant command with your desired database driver:
$ radiant -d sqlite3 my_project
2. Bootstrap the database:
$ cd my_project $ rake db:bootstrap
3. Startup the server and try it out!
Internal Changes to
The 0.6.5 release required a lot of changes to the internal API of Radiant. End-users should be unaffected, but as a result of these requirements, we made significant changes to
config/boot.rb. When updating your existing projects,
config/environment.rb will be copied to
config/environment.bak. You will need to manually copy any customizations, especially
config.extensions and any other libraries, etc. that you require. DO NOT copy
config.plugin_paths, or any of those items to the new file; those settings have been internalized in this release. If you have further questions, please address them to the mailing list. THIS BACKUP BEHAVIOR WILL BE REMOVED IN A FEW RELEASES.