I inadvertently broke creating new projects with yesterday’s 2.4.8 release. I have deployed a fix on gitorious.org, and just tagged 2.4.9. 2.4.9 also addresses a bug in Gitorious’ log graph visualization.
We made some sweeping changes yesterday, by changing
attr_protected (which was the recent target of a Rails vulnerability) to
attr_accessible – basically changing from black-listing to white-listing in what parameters can be posted to Gitorious and set on DB-backed models. It seems that one case was not covered by automatic tests, and was not discovered immediately.
Sorry for the inconvenience.
To upgrade your Gitorious, follow the regular procedure:
* git fetch origin
* git merge v2.4.9
* git submodule update
* bin/bundle install
* bin/rake assets:clear
* touch tmp/restart.txt (assuming you’re using Passenger. For non-Passenger deployments, restart your application server like you normally do)