Radiant 0.6.7 - Mordant Release
Radiant 0.6.7 “Mordant” resolves several security holes and includes enhancements for developers.
- CSRF attacks are now partly mitigated by the built-in Rails helpers.
- Every user account now has its own password salt that remains secret.
- All admin view templates have been converted to use Haml instead of the standard ERb templates.
- The “shards” extension has been folded into the core, allowing flexible manipulation of the administration UI for extensions.
- All pages are now automatically expired from the cache when any page is saved.
- The login system has been enhanced to remember attempted URLs and to automatically redirect away from the login page if you are logged in.
- The
radiant:extensions:update_all
Rake task has been added to simplify copying assets from extensions into thepublic/
folder.
Attention extension developers: If you were using “shards” to modify the user views, please verify that your extension is unaffected. The structure of the partials and regions in the edit view has slightly changed.
Installation
To install use the gem command (with ‘sudo’ as necessary):
$ gem install radiant
Upgrading an existing project/site
1. Change the RADIANT_GEM_VERSION constant in config/environment.rb to “0.6.7” or remove it altogether.
2. Update the Radiant assets in your project:
rake radiant:update
3. Copy your customizations back into config/environment.rb
, if necessary (see below).
4. Migrate the database:
rake production db:migrate
5. Restart the server
Creating a new project/site
1. Invoke the radiant
command with your desired database driver:
$ radiant -d sqlite3 my_project
2. Bootstrap the database:
$ cd my_project
$ rake db:bootstrap
3. Startup the server and try it out!
$ script/server
Internal Changes to config/environment.rb
The 0.6.5 release required a lot of changes to the internal API of Radiant. End-users should be unaffected, but as a result of these requirements, we made significant changes to config/environment.rb
and config/boot.rb
. When updating your existing projects, config/environment.rb
will be copied to config/environment.bak
. You will need to manually copy any customizations, especially config.extensions
and any other libraries, etc. that you require. DO NOT copy config.load_paths
, config.plugin_paths
, or any of those items to the new file; those settings have been internalized in this release. If you have further questions, please address them to the mailing list. THIS BACKUP BEHAVIOR WILL BE REMOVED IN A FEW RELEASES.