We’re releasing tonight Typo 6.0.9 as Rails 3.0.10 brought many critical security fixes that would affect Typo, which means you really should upgrade now. This version also brings a couple of improvement some bug squashing and Yannick’s usual refactoring and performances tweaking.
The security issues addressed by Rails 3.0.10 are:
- Filter Skipping bugs
- SQL Injection issues
- Parse error in strip_tags
- UTF-8 escaping vulnerability
It’s now possible to create a new category within the article editor. This quite useful feature brings Thomas back from the dead and this makes us very happy.
Displaying a password protected article within a category would make Typo crash when using the default layouts.
Using Typo standard live search views in a theme would make the application crash.
Issue #42: creating a new user from the administration crashes the application.
Fixes an issue with Redcloth 4.2.7.
Issue #39: Time.parse apparently hiccups when the timestamp string contains “GMT+0000 (UTC)”
Fixes a bug where attachment thumbnails would not be created at upload from the editor and API.
Fixes a bug in the new sanitization module when running under Ruby 1.9.2.
Once again, we want to thank the growing Typo community for their help on improving their favourite blogging engine (at least we hope so), and, in particular Huy Dinh for fixing some too long existing bugs.