Posted by Bryan Larsen | February 25, 2011
One Response
This is a security release. All applications that use the reset password functionality or are on versions of Rails prior to version 2.3.4 should upgrade.
To patch the reset password vulnerability, two changes have been made.
First of all, the lifecycle key hash mechanism has been changed. Existing lifecycle keys will become invalid after you upgrade. Lifecycle keys are typically short lived, so this is unlikely to be a problem for most applications.
Secondly, lifecycle keys are now cleared on every transition to avoid
replay vulnerabilities. This new behaviour may be avoided by added
the :keep_key => true option to a transition.
More information about the vulnerability can be viewed on the bug report.
Other changes:
The text input tag (<textarea>) has a security hole with versions of
Rails prior to 2.3.4. This release makes using textarea safe on old versions of Rails, although it is highly recommended that you upgrade to
Rails 2.3.11 because of other security vulnerabilities.
The “include” automatic scope has been aliased to “includes” to increase future compatibility with Rails 3. Future versions of Hobo will remove support for “include”.
This release increases compatibility with Ruby v1.9.2.
Hobo 1.0.2 introduced a major problem with chained scopes. This has been fixed.
All code changes may viewed on the github log
Posted by Owen | February 4, 2011
No Responses
We just stood up in production a centralized portal for the National Institute of Food and Agriculture (NIFA). The new portal will provide a common authentication and authorization portal for all major reporting applications for NIFA. The Portal was created using Hobo and other open-source tools.
You can read more about the NIFA Reporting Portal and the Leadership Management Dashboard (LMD) here:
http://agile-business-intelligence.com/2011/01/22/new-nifa-reporting-portal-goes-live/
We are now beginning the process of converting to Hobo 1.3 for Rails 3. Bryan is taking the lead on that.
Thanks much to Tom Locke, Father of Hobo, and all the other key contributors to growth of Hobo in the last two years, including Bryan Larsen, Domizio Demichellis, and Matt Jones.
Those that contributed to the NIFA Portal and LMD 4.0 Hobo coding include Tom Locke, Bryan Larsen, Marcelo Giorgi, Gustav Paul, Angus Miller, Venka Ashtakala, and Jack Compton. See my full blog (link above) for a listing of the entire team effort.
BTW, if you are interested in Agriculture research data and trends–apply for an account. You will have access to any public data in the system.
Cheers!
-Owen
Posted by Owen | January 5, 2011
5 Responses
This is just a quick post to wish all of you in the Hobo community the best for 2011.
We are soon approaching the release of Hobo 1.3 for Rails 3 (now at pre-release #25 and hope to have a draft of the PDF book “Rapid Rails 3 with Hobo” completed by the end of January. Thanks much to Domizio for all his hard work on 1.3 and his helpful documentation and edits to the 1.0 versions of “Rapid Rails with Hobo” and “Hobo at Work”, which Venka has incorporated up through Chapter 4 of the new version.
I hope that Hobo, Rails, and Ruby have made your app building more productive and fun.
Cheers!
-Owen
Posted by Bryan Larsen | November 15, 2010
7 Responses
On Friday I released three new Hobo gems: 1.0.2, 1.1.0.pre0 and 1.1.0.pre2. (1.1.0.pre1 was a glitch).
Here are the notes for 1.0.2 from CHANGES.txt:
1.0.2 is almost identical to 1.0.1 except that it updates the version requirements to exclude Rails3. (Rails3 support is being worked on in the 1.3 branch).
This release silences some warnings produced when running with Rails 2.3.10.
This release contains preliminary support for Ruby 1.9.2, although you may encounter problems if you use Single Table Inheritance (STI) models.
A few very minor bug fixes have also been included. See the github log for more details.
1.1.0.pre0 is essentially a packaging of Hobo trunk as it existed a month ago. (So it does not include the improvements added for 1.0.2) This version has been stable for people, and has been known to be used in production use.
The biggest difference between 1.0.X and 1.1.X is that Dryml has been split out into its own gem. There are also some very minor incompatibilities that affect things like CSS class names. The delta between 1.0.2 and 1.1.0.pre2 can be viewed on github
1.1.0.pre2 merges in fixes that have accumulated on several vendor branches of Hobo, as well as the 1.0.2 fixes. 1.1.0.pre2 requires the “–pre” option to be installed:
gem install hobo -v 1.1.0.pre2 --pre
As always when upgrading hobo versions, you will probably want to run
ruby script/generate hobo_rapid
or
rake hobo:symlink_assets
to ensure that you get the latest versions of the javascript and CSS files copied into your application.
Which version of Hobo should you use?
If you are currently using 1.0.0 or 1.0.1 in production, you only need to upgrade to 1.0.2 if you are also upgrading your version of Ruby or Rails or need one of the bugfixes listed here
If you have a Rails 2.3 project currently under active development, we recommend 1.1.0.pre2 (or the github master branch). Hopefully we have 1.1.0 released before you go to production — but even if we don’t, we do not believe that there are any issues that would prevent 1.1.0.pre2 from being usable in production.
If you are developing a new project and/or wish to use Rails 3, the 1.3 branch of Hobo currently being developed by Domizio is definitely stabilizing and becoming useful. The major issues preventing the release of 1.3 are all related to documentation.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
