Inform about fixed Rack-Cache Session Crossing Bug in 1.1.1 #361

Open
jfahrenkrug opened this Issue Feb 6, 2013 · 5 comments

Comments

Projects
None yet
2 participants
Member

jfahrenkrug commented Feb 6, 2013

Hi,

It took me a little while to track down a weird bug in my install of Radiant 1.0.1: A fellow developer reported that he was magically logged in as a different user. That's the kind of thing that ruins your day as a developer :)

After lots of research, I found these two tickets: rails/rails#476 and rtomayko/rack-cache#52

Finally, I found the rack-cache 1.2 release notes: https://github.com/rtomayko/rack-cache/blob/master/CHANGES

And then I found that Radiant 1.1.1 has bumped up the rack-cache dependency to 1.2, thus fixing the session crossing bug.

I hadn't updated to 1.1.1 yet, because I wasn't aware that it was such a critical update. So to cut a long story short: We should definitely inform our users about this critical bug that has been fixed and that it's vital to upgrade to 1.1.1. We should at least keep the changelog up to date and include this important change in the notes for 1.1.1.

If everyone agrees, I'd be more than happy to update the release notes (please let me know what else to include for 1.1.1).

Thanks, guys!

  • Johannes
Owner

saturnflyer commented Feb 7, 2013

Thanks for this @jfahrenkrug! Please update whatever is necessary.

Member

jfahrenkrug commented Feb 7, 2013

@saturnflyer I'm afraid I'll need your help. I just noticed that Radiant 1.1.2 has been released. There's nothing in the changelog for 1.1.1, though. Could you help me update the changelog, so it reflects what was new in 1.1.1 and what has changed from 1.1.1 to 1.1.2? I think it's vital we keep these up to date and also post announcements on the blog or at least on the mailing list to inform users about new versions and about what's new in them and why or if it is important to update :) Thanks :)

Owner

saturnflyer commented Feb 7, 2013

Absolutely! I'll be announcing that. The release had to bump rails versions
for a security patch.

On Thu, Feb 7, 2013 at 4:47 AM, Johannes Fahrenkrug <
notifications@github.com> wrote:

@saturnflyer https://github.com/saturnflyer I'm afraid I'll need your
help. I just noticed that Radiant 1.1.2 has been released. There's nothing
in the changelog for 1.1.1, though. Could you help me update the changelog,
so it reflects what was new in 1.1.1 and what has changed from 1.1.1 to
1.1.2? I think it's vital we keep these up to date and also post
announcements on the blog or at least on the mailing list to inform users
about new versions and about what's new in them and why or if it is
important to update :) Thanks :)


Reply to this email directly or view it on GitHubhttps://github.com/radiant/radiant/issues/361#issuecomment-13228551.

Write intention revealing code #=> http://www.clean-ruby.com

Jim Gay
Saturn Flyer LLC
571-403-0338

Member

jfahrenkrug commented Feb 7, 2013

Thanks Jim :) How about this: you update the changelog file with whatever changed in 1.1.1 and 1.1.2 und I'll add the info about the session crossing bug. Sounds good?

Owner

saturnflyer commented Feb 9, 2013

Thanks Johannes! Working on it in the 1.1.3 branch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment