Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 8 and Version 9 of 2.0/announcement

03/04/09 20:56:06 (10 years ago)



  • 2.0/announcement

    v8 v9  
     1== Beta 7 === 
     3TurboGears beta 7 is an urgent security update for Beta 5 and Beta 6 users.   The check for controller wide security did not appropriately call abort() and was therefore not enforcing controller level security restrictions.   Users with production b5 or b6 applications should upgrade imediately.   Fortuantely the upgrade should have no backwards incompatable changes, and should require no changes to your project.  
     5But we take this very seriously even though it happened in a beta, and we are taking steps to assure that it won't happen again.   It turns out that we moved some tests that would have prevented this into another package, and that left one small thing in TG which was no longer tested, and of course that's where our problem was.   We've added several tests to make sure this can't happen again. 
     7In order to make sure that the rapid development of our security stuff has not created any other issues, we'll be holding a security sprint this weekend.  We will be adding additional integration tests, and doing a full audit of all security related packages on Sunday.  
     9There was also another issue that kept the {{{__before__}}} method used by our controller security system from running properly.   Special thanks goes out to Alberto Vargas for contributing fixes to both these critical issues.    
     11Beyond those two changes, Other than that we've added some more tests to the quickstart.  In particular there are tests for the security system built right into the quickstarted project so users can easily see how to assure that their security measures are working the way they expect.  
    114=== Beta 6 ===