From: Christopher Allan Webber Date: Sun, 20 Dec 2015 15:53:25 +0000 (-0600) Subject: 0.8.1 release notes X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=9b9c04e6ac86ad6c8a679ba46ad75c45bd19388b;p=mediagoblin.git 0.8.1 release notes --- diff --git a/docs/source/siteadmin/relnotes.rst b/docs/source/siteadmin/relnotes.rst index 81c5e4a2..d177961e 100644 --- a/docs/source/siteadmin/relnotes.rst +++ b/docs/source/siteadmin/relnotes.rst @@ -39,6 +39,59 @@ carefully, or at least skim over it. git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git +0.8.1 +===== + +This release is a security and bugfix release. We recommend you upgrade as +soon as possible. + +**Do this to upgrade** + +0. If you haven't already, switch the git remote URL: + ``git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git`` +1. Update to the latest release. If checked out from git, run: + ``git fetch && git checkout -q v0.8.1`` +2. Run + ``./bootstrap.sh && ./configure && make`` +3. Also run + ``./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate`` + +(Please check intermediate release steps as well if not upgrading from +0.8.0) + +**Bugfixes/improvements:** + +Most importantly, there is an **important security fix**: + +Quoting here a portion of the +`release blogpost `_:: + + We have had a security problem in our OAuth implementation reported to + us privately and have taken steps to address it. The security problem + effects all 0.5.0 versions of GNU MediaGoblin. I have created a patch + for this and released a minor version 0.8.1. It's strongly advised + that everyone upgrade as soon as they can. + + In order to exploit the security issue, an attacker must have had + access to a logged in session to your GNU MediaGoblin account. If you + have kept your username and password secret, logging in only over + HTTPS and you've not left yourself logged in on publicly accessible + computers, you should be safe. However it's still advised all users + take the following precautions, listed below. + + Users should check their authorized clients. Any client which looks + unfamiliar to you, you should deauthorize. To check this: + + 1) Log in to the GNU MediaGoblin instance + 2) Click the drop down arrow in the upper right + 3) Click "Change account settings" + 4) At the bottom click the "Deauthorize applications" link + + If you are unsure of any of these, click "Deauthorize". + +There are other bugfixes, but they are fairly minor. + + 0.8.0 =====