All Versions
Latest Version
Avg Release Cycle
113 days
Latest Release
104 days ago

Changelog History
Page 2

  • v9.0.0 Changes

    July 29, 2017

    ๐Ÿš€ This is a major release and brings big changes to Publify. First of all, Publify now uses Rails 5.0. Moving ahead to Rails 5.1 will come in Publify 9.1, but for now this smaller step should make it easier to migrate any customizations.

    Second, Publify has been split up into several Rails engines (publify_core, publify_amazon_sidebar and publify_textfilter_code). This should allow easier re-use and customization. For now, the core engine still contains many parts that can be considerd optional. These may be extracted into their own gems at a later stage.

    Apart from those two large changes, there are some smaller potentially breaking changes:

    • Publify now uses Rails' default method of setting secret_key_base in production: Through an environment variable. This means you will have to update your production environment so this variable is actually set.
    • ๐Ÿ‘Œ Support for Ruby 2.1 is dropped.
    • Automigration is dropped. You will need to run db:migrate yourself.
    • ๐Ÿ‘Œ Support for using feedburner is dropped.
    • Trackbacks and pingbacks are no longer sent. Trackbacks are no longer accepted.
    • 0๏ธโƒฃ Full-page caching is dropped in favor of default Rails' Russian-doll partial caching.

    ๐Ÿ”Š All the little details can be read in the change logs:

    โฌ†๏ธ As always, ensure you have your database backed up before upgrading!

  • v9.0.0.pre6

    December 23, 2016
  • v9.0.0.pre5

    December 17, 2016
  • v9.0.0.pre4

    November 27, 2016
  • v9.0.0.pre3

    November 26, 2016
  • v9.0.0.pre2

    November 18, 2016
  • v9.0.0.pre1

    November 13, 2016
  • v8.3.3 Changes

    November 03, 2016

    ๐Ÿš€ Alvaro Folgado identified several security issues in Publify that are fixed in this release:

    • ๐Ÿš… Rails' protection from CSRF was not active for all actions. This was fixed.
    • ๐Ÿ”ง Devise' password recovery feature was configured to behave differently for existing and non-existing email addresses. This has been changed to use Devise' 'paranoid' mode.
    • Publify was vulnerable to CVE-2016โ€“3714, a vulnerability in ImageMagick, on servers that have affected versions of ImageMagick installed. It now checks the mime type of uploaded files based on their content before processing with ImageMagick.
    • ๐Ÿš… Publify used Rails' cookie session store, making it possible to effectively log back in by using an older value of the session cookie. Publify now stores the session data in the database.
    • The blog name was not properly escaped in the views used for Devise.

    โž• Additionally, the following small bugs were fixed:

    • ๐Ÿ—„ There was an error on the sign-in due to the use of a deprecated method in Devise.
    • Failed resource uploads were reported as succesful.

    ๐Ÿš€ It is recommended you update to this release as soon as possible.

  • v8.3.2 Changes

    • ๐Ÿ—„ Replace deprecated count-with-conditions (mvz)
    • โšก๏ธ Loosen/update dependencies (mvz)
    • ๐Ÿ›  Fix google sitemap (mvz)
    • โช Restore theme helper loading (mvz)
    • ๐Ÿ›  Fix password edit form (jetware)
  • v8.3.1 Changes

    • ๐Ÿ›  Fix live search (mvz)
    • Introduce SidebarRegistry to avoid need to preload all sidebars (mvz)
    • Avoid use of String#html_safe (mvz)
    • ๐Ÿ›  Fix several cases of double-escaped HTML (mvz)
    • Avoid ambiguous field reference in feedback scopes (apsheronets)
    • โœ‚ Remove spurious error message when starting a new article (mvz)
    • Replace bundled bootstrap with bootstrap-sass gem (mvz)
    • ๐Ÿ”— Link Resource directly to Blog in order to make upload of images to media library work again (mvz)
    • ๐Ÿ›  Fix comment order and other feedback scopes (mvz)
    • ๐Ÿ›  Fix autosave (mvz)
    • ๐Ÿ‘Œ Improve russian translation (apsheronets)
    • ๐Ÿ›  Fix note publication date entry (mvz)
    • โšก๏ธ Ensure settings update flash has the correct language (mvz)