diff options
| author | Christopher Allan Webber <cwebber@dustycloud.org> | 2015-12-20 09:53:25 -0600 |
|---|---|---|
| committer | Christopher Allan Webber <cwebber@dustycloud.org> | 2015-12-20 09:53:25 -0600 |
| commit | 9b9c04e6ac86ad6c8a679ba46ad75c45bd19388b (patch) | |
| tree | d6953b0363103815c2c0e5ac0baed1290c5159c5 /docs/source | |
| parent | 86ee2d1a0e9057e26add65807191fc28b0eec568 (diff) | |
| download | mediagoblin-9b9c04e6ac86ad6c8a679ba46ad75c45bd19388b.tar.lz mediagoblin-9b9c04e6ac86ad6c8a679ba46ad75c45bd19388b.tar.xz mediagoblin-9b9c04e6ac86ad6c8a679ba46ad75c45bd19388b.zip | |
0.8.1 release notes
Diffstat (limited to 'docs/source')
| -rw-r--r-- | docs/source/siteadmin/relnotes.rst | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/docs/source/siteadmin/relnotes.rst b/docs/source/siteadmin/relnotes.rst index 81c5e4a2..d177961e 100644 --- a/docs/source/siteadmin/relnotes.rst +++ b/docs/source/siteadmin/relnotes.rst @@ -39,6 +39,59 @@ carefully, or at least skim over it. git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git +0.8.1 +===== + +This release is a security and bugfix release. We recommend you upgrade as +soon as possible. + +**Do this to upgrade** + +0. If you haven't already, switch the git remote URL: + ``git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git`` +1. Update to the latest release. If checked out from git, run: + ``git fetch && git checkout -q v0.8.1`` +2. Run + ``./bootstrap.sh && ./configure && make`` +3. Also run + ``./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate`` + +(Please check intermediate release steps as well if not upgrading from +0.8.0) + +**Bugfixes/improvements:** + +Most importantly, there is an **important security fix**: + +Quoting here a portion of the +`release blogpost <http://mediagoblin.org/news/mediagoblin-0.8.1-security-release.html>`_:: + + We have had a security problem in our OAuth implementation reported to + us privately and have taken steps to address it. The security problem + effects all 0.5.0 versions of GNU MediaGoblin. I have created a patch + for this and released a minor version 0.8.1. It's strongly advised + that everyone upgrade as soon as they can. + + In order to exploit the security issue, an attacker must have had + access to a logged in session to your GNU MediaGoblin account. If you + have kept your username and password secret, logging in only over + HTTPS and you've not left yourself logged in on publicly accessible + computers, you should be safe. However it's still advised all users + take the following precautions, listed below. + + Users should check their authorized clients. Any client which looks + unfamiliar to you, you should deauthorize. To check this: + + 1) Log in to the GNU MediaGoblin instance + 2) Click the drop down arrow in the upper right + 3) Click "Change account settings" + 4) At the bottom click the "Deauthorize applications" link + + If you are unsure of any of these, click "Deauthorize". + +There are other bugfixes, but they are fairly minor. + + 0.8.0 ===== |