2.4.9 fixes regression in 2.4.8

I inadvertently broke creating new projects with yesterday’s 2.4.8 release. I have deployed a fix on gitorious.org, and just tagged 2.4.9. 2.4.9 also addresses a bug in Gitorious’ log graph visualization.

We made some sweeping changes yesterday, by changing attr_protected (which was the recent target of a Rails vulnerability) to attr_accessible – basically changing from black-listing to white-listing in what parameters can be posted to Gitorious and set on DB-backed models. It seems that one case was not covered by automatic tests, and was not discovered immediately.

Sorry for the inconvenience.

To upgrade your Gitorious, follow the regular procedure:

* git fetch origin
* git merge v2.4.9
* git submodule update
* bin/bundle install
* bin/rake assets:clear
* touch tmp/restart.txt (assuming you’re using Passenger. For non-Passenger deployments, restart your application server like you normally do)

One Trackback

  1. […] Skip to content « 2.4.9 fixes regression in 2.4.8 […]

Follow

Get every new post delivered to your Inbox.

Join 865 other followers

%d bloggers like this: