Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Allan Webber <cwebber@dustycloud.org>2015-12-20 09:53:25 -0600
committerChristopher Allan Webber <cwebber@dustycloud.org>2015-12-20 09:53:25 -0600
commit9b9c04e6ac86ad6c8a679ba46ad75c45bd19388b (patch)
treed6953b0363103815c2c0e5ac0baed1290c5159c5
parent86ee2d1a0e9057e26add65807191fc28b0eec568 (diff)
0.8.1 release notesv0.8.1
-rw-r--r--docs/source/siteadmin/relnotes.rst53
1 files changed, 53 insertions, 0 deletions
diff --git a/docs/source/siteadmin/relnotes.rst b/docs/source/siteadmin/relnotes.rst
index 81c5e4a2..d177961e 100644
--- a/docs/source/siteadmin/relnotes.rst
+++ b/docs/source/siteadmin/relnotes.rst
@@ -39,6 +39,59 @@ carefully, or at least skim over it.
git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git
+0.8.1
+=====
+
+This release is a security and bugfix release. We recommend you upgrade as
+soon as possible.
+
+**Do this to upgrade**
+
+0. If you haven't already, switch the git remote URL:
+ ``git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git``
+1. Update to the latest release. If checked out from git, run:
+ ``git fetch && git checkout -q v0.8.1``
+2. Run
+ ``./bootstrap.sh && ./configure && make``
+3. Also run
+ ``./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate``
+
+(Please check intermediate release steps as well if not upgrading from
+0.8.0)
+
+**Bugfixes/improvements:**
+
+Most importantly, there is an **important security fix**:
+
+Quoting here a portion of the
+`release blogpost <http://mediagoblin.org/news/mediagoblin-0.8.1-security-release.html>`_::
+
+ We have had a security problem in our OAuth implementation reported to
+ us privately and have taken steps to address it. The security problem
+ effects all 0.5.0 versions of GNU MediaGoblin. I have created a patch
+ for this and released a minor version 0.8.1. It's strongly advised
+ that everyone upgrade as soon as they can.
+
+ In order to exploit the security issue, an attacker must have had
+ access to a logged in session to your GNU MediaGoblin account. If you
+ have kept your username and password secret, logging in only over
+ HTTPS and you've not left yourself logged in on publicly accessible
+ computers, you should be safe. However it's still advised all users
+ take the following precautions, listed below.
+
+ Users should check their authorized clients. Any client which looks
+ unfamiliar to you, you should deauthorize. To check this:
+
+ 1) Log in to the GNU MediaGoblin instance
+ 2) Click the drop down arrow in the upper right
+ 3) Click "Change account settings"
+ 4) At the bottom click the "Deauthorize applications" link
+
+ If you are unsure of any of these, click "Deauthorize".
+
+There are other bugfixes, but they are fairly minor.
+
+
0.8.0
=====