Typo official weblog

Making blogging easy

Typo 6.0.9 for Rails 3.0.10 – security fixes

We’re releasing tonight Typo 6.0.9 as Rails 3.0.10 brought many critical security fixes that would affect Typo, which means you really should upgrade now. This version also brings a couple of improvement some bug squashing and Yannick’s usual refactoring and performances tweaking.

You can download Typo as a zip file or a tarball.

The security issues addressed by Rails 3.0.10 are:

  • Filter Skipping bugs
  • SQL Injection issues
  • Parse error in strip_tags
  • UTF-8 escaping vulnerability

Improvements:

It’s now possible to create a new category within the article editor. This quite useful feature brings Thomas back from the dead and this makes us very happy.

Squashed bugs:

Displaying a password protected article within a category would make Typo crash when using the default layouts.

Using Typo standard live search views in a theme would make the application crash.

Issue #42: creating a new user from the administration crashes the application.

Fixes an issue with Redcloth 4.2.7.

Issue #39: Time.parse apparently hiccups when the timestamp string contains “GMT+0000 (UTC)”

Fixes a bug where attachment thumbnails would not be created at upload from the editor and API.

Fixes a bug in the new sanitization module when running under Ruby 1.9.2.

Once again, we want to thank the growing Typo community for their help on improving their favourite blogging engine (at least we hope so), and, in particular Huy Dinh for fixing some too long existing bugs.

Published on 01/09/2011 at 16h53 under .

  • By david 02/09/2011 at 11h17

    Hey Guys!

    Thanks for the awesome work! I realy appreciate your work! But one question, why is the typogarden not working?

    Regards!

  • By Frédéric de Villamil 02/09/2011 at 20h52

    Thank you very much.

    I’ve taken Typogarden offline the time to upgrade it to Typo 6.0.8 and upgrade / discontinue existing themes. That’s lot of work but it should be back very soon.

  • By wxianfeng 10/09/2011 at 13h55

    awesome , but i want more theme , now cant downloading.

  • By sfoop 26/09/2011 at 11h30

    Just curious, is the use of ‘satanizable’ in the code an intentional misspelling? O_o

  • By Frédéric de Villamil 26/09/2011 at 12h14

    Haha, epic typo is epic. I think he meant sanitization, I’ll fix that and move it as a library.

  • By Marius 21/11/2011 at 09h00

    When i’m trying to upload an image with the editor i get: ” NoMethodError in CkeditorController#upload undefined method `original_filename’ for nil:NilClass ” On both linux with ruby 1.9.2p0 and mac with ruby 1.9.2.p280 Anyone? Thx in advance,

    PS: Works with filemanager through

Comment Typo 6.0.9 for Rails 3.0.10 – security fixes

Powered by Typo – Thème Frédéric de Villamil | Photo Glenn