git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git
+0.9.0
+=====
+
+This release has a number of improvements, but is also a major
+"plumbing upgrade" release to MediaGoblin. Notably, we now support
+Python 3, which is pretty cool!
+
+**Do this to upgrade**
+
+0. If you haven't already, switch the git remote URL:
+ ``git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git``
+1. Update to the latest release. If checked out from git, run:
+ ``git fetch && git checkout -q v0.9.0``
+2. Run
+ ``./bootstrap.sh && ./configure && make``
+3. Also run
+ ``./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate``
+
+**Bugfixes/improvements:**
+
+- Python 3 is now a first class citizen! We now support both
+ Python 2.7 and Python 3.4 or later.
+- Major updates to internal tooling to pave the way for federation.
+ - Massive overhaul to the database layout (particularly in
+ permitting generic relations)
+ - OAuth updates
+ - Updating how we handle collections
+ - Add a "graveyard" system with tombstones for keeping information
+ about removed objects
+ - Large overhaul to how "comments" work. In federation, many things
+ can reply to many things, so we had to loosen the model.
+- If your user has some collections available, these will be presented
+ as a dropdown option while submitting media.
+- Begin using Alembic for migrations
+- Lots of bugfixes and etc
+ - Many fixes to typos
+ - Some fixes to the blog system
+ - Switch to waitress for development
+ - And more...!
+
+
+0.8.1
+=====
+
+This release is a security and bugfix release. We recommend you upgrade as
+soon as possible.
+
+**Do this to upgrade**
+
+0. If you haven't already, switch the git remote URL:
+ ``git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git``
+1. Update to the latest release. If checked out from git, run:
+ ``git fetch && git checkout -q v0.8.1``
+2. Run
+ ``./bootstrap.sh && ./configure && make``
+3. Also run
+ ``./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate``
+
+(Please check intermediate release steps as well if not upgrading from
+0.8.0)
+
+**Bugfixes/improvements:**
+
+Most importantly, there is an **important security fix**:
+
+Quoting here a portion of the
+`release blogpost <http://mediagoblin.org/news/mediagoblin-0.8.1-security-release.html>`_::
+
+ We have had a security problem in our OAuth implementation reported to
+ us privately and have taken steps to address it. The security problem
+ affects all versions of GNU MediaGoblin since 0.5.0. I have created a patch
+ for this and released a minor version 0.8.1. It's strongly advised
+ that everyone upgrade as soon as they can.
+
+ In order to exploit the security issue, an attacker must have had
+ access to a logged in session to your GNU MediaGoblin account. If you
+ have kept your username and password secret, logging in only over
+ HTTPS and you've not left yourself logged in on publicly accessible
+ computers, you should be safe. However it's still advised all users
+ take the following precautions, listed below.
+
+ Users should check their authorized clients. Any client which looks
+ unfamiliar to you, you should deauthorize. To check this:
+
+ 1) Log in to the GNU MediaGoblin instance
+ 2) Click the drop down arrow in the upper right
+ 3) Click "Change account settings"
+ 4) At the bottom click the "Deauthorize applications" link
+
+ If you are unsure of any of these, click "Deauthorize".
+
+There are other bugfixes, but they are fairly minor.
+
+
0.8.0
=====
projects / mediagoblin.git / blobdiff