Radiant 0.6.7 - Mordant Release

Radiant 0.6.7 “Mordant” resolves several security holes and includes enhancements for developers.

• CSRF attacks are now partly mitigated by the built-in Rails helpers.
• Every user account now has its own password salt that remains secret.
• All admin view templates have been converted to use Haml instead of the standard ERb templates.
• The “shards” extension has been folded into the core, allowing flexible manipulation of the administration UI for extensions.
• All pages are now automatically expired from the cache when any page is saved.
• The login system has been enhanced to remember attempted URLs and to automatically redirect away from the login page if you are logged in.
• The radiant:extensions:update_all Rake task has been added to simplify copying assets from extensions into the public/ folder.

Attention extension developers: If you were using “shards” to modify the user views, please verify that your extension is unaffected. The structure of the partials and regions in the edit view has slightly changed.

Installation

To install use the gem command (with ‘sudo’ as necessary):

$ gem install radiant

Upgrading an existing project/site

1. Change the RADIANT_GEM_VERSION constant in config/environment.rb to “0.6.7” or remove it altogether.

2. Update the Radiant assets in your project:

rake radiant:update

3. Copy your customizations back into config/environment.rb, if necessary (see below).

4. Migrate the database:

rake production db:migrate

5. Restart the server

Creating a new project/site

1. Invoke the radiant command with your desired database driver:

$ radiant -d sqlite3 my_project

2. Bootstrap the database:

$ cd my_project
$ rake db:bootstrap

3. Startup the server and try it out!

$ script/server

Internal Changes to config/environment.rb

The 0.6.5 release required a lot of changes to the internal API of Radiant. End-users should be unaffected, but as a result of these requirements, we made significant changes to config/environment.rb and config/boot.rb. When updating your existing projects, config/environment.rb will be copied to config/environment.bak. You will need to manually copy any customizations, especially config.extensions and any other libraries, etc. that you require. DO NOT copy config.load_paths, config.plugin_paths, or any of those items to the new file; those settings have been internalized in this release. If you have further questions, please address them to the mailing list. THIS BACKUP BEHAVIOR WILL BE REMOVED IN A FEW RELEASES.

Radiant CMS was created by John W. Long, extended by Sean Cribbs, and has been continuously improved by a team of core committers with dozens of additional contributions from the Radiant community.

This site is made with Ruby and powered by Radiant. Hosting is graciously provided by the kind folks at AVLUX.

Web Site Design, Logo, Etc. Copyright © 2006–2019, John W. Long. All Rights Reserved.