Notes:
This release contains an important security update. Passwords
since 0.5 have been written straight into the log files without
filtering of any kind. This could enable a malicious user with
read permissions on the log files to discover other users'
passwords. We've repaired the problem in 0.6.1. It is
recommended that everyone upgrade immediately. You should
also delete production.log and development.log.
This release also includes a few minor bug fixes.
Changes:
* Fixed a security vulnerability which caused passwords to appear in the logs
* Fixed a bug in the site map code which caused it to forget which rows were
expanded
* The find_by_url method has been optimized to improve performance [Daniel
Sheppard]
* GET requests are now the only requests that are cached [Daniel Sheppard]
* Added rudimentary support for extension depencency specification through
directory prefixing [Daniel Sheppard]
* Fixed syntax error in fixture loading extension [Sean Cribbs]
* Minor documentation fix for date tag [Sean Cribbs]
* Fixed a bug in the migrations that prevented 0.5.x users from upgrading
properly [Sean Cribbs]
|
