In this post, we will show you how to mix our Access Control described here with the beautiful omniauth rack middleware.

The Padrino admin authentication and access control system provides a simple foundation from which you can create your authentication system. Combined with omniauth you can then easily leverage the system to allow authentication through a variety of methods. Read below for more details on how to integrate them.

Since our last 0.11.1 bug fix release, many users and core developers have been continuing to find and fix bugs as well as improve our documentation. Today we release 0.11.2 which is the second bug fix release since our huge 0.11.0 release. We’d like to release another wave of bug fixes again next month since we know we still have a lot of issues to address. The following is a detailed list of fixes in the details.

The last few weeks we have been fielding many issues since our enormous 0.11.0 release. We have had many contributors and have worked hard to fix many of the most severe bugs since the last release. We want to thank everybody for their help. Today we release 0.11.1 which is our first bug fix release to keep up our release momentum. We’d like to release another wave of bug fixes again next month. The following is a detailed list of fixes in the details.

The Padrino team is very pleased to finally be able to announce the 0.11.0 release of the Padrino Framework! We have been working on this release for almost a year now and we have had dozens of contributors helping us stabilize Padrino. We know our release cycle got out whack and this version took too long to release. We all take accountability for that and will work to pick up release momentum and release patch and minor versions more often.

Since our 0.10.7 release, development on Padrino has been moving forward very actively and as such this is probably our biggest release in terms of code modified and issues resolved that we have had in years. We are very proud of this release which includes several major improvements:

1) Totally Redesigned Admin
2) New brand identity on the way
3) Upgraded Sinatra and http_router
4) CSRF Form Protection
5) ActiveSupport::SafeBuffer
6) New Rakefile format
7) Gemified Apps
8) Performance Tools
9) App Namespacing
10) Project Modules
11) Optimized Reloader

and a lot more changes! In the full post below, we will take you through a tour of the biggest changes in this release (for a more compact view, see our changelog).

An vulnerability affecting the json gem has been found. A detailed explanation can be found at the Rails security mailing list .

This is not an isolated Rails issue, as it affects a third-party library. It affects all users of the json gem. This gem might be pulled in as a dependency of other libraries in use. You can check whether you application uses the json gem by running:

bundle show

We strongly urge all users of Padrino to upgrade their applications using:

bundle update json

to at least: 1.7.7, 1.6.8, 1.5.5.

Also, never use JSON.load, but JSON.parse, except when you really know what you are doing.

All Rack users, including all Padrino users, should upgrade their Rack dependency as soon as possible. Multiple severe issues have been found, one of them including a potential remote code execution. This is espcially important if you are using Rack::Session::Cookie, which Padrino activates by default. See the Rack website for details.

To upgrade, use:

bundle update rack

And make sure that you installed any of these versions: 1.5.2, 1.4.5, 1.3.10, 1.2.8, 1.1.6.

Rails and the Ruby community had their fair share of security vulnerabilities in the recent days. Where does that leave Padrino users?

In short: You are safe, unless you explicitely activated some form of parameter parsing that either parses YAML directly or uses XmlMini when accepting requests or parsing responses from backend sources.

One of our core Padrino members DAddYE has moved to San Francisco recently and has joined as a developer at Triggit. The Padrino core team has always been a very distributed team with each of us living in different places until recently.

Since Davide, Josh and I all live in the city now, we thought it would make sense to host our first meetup in San Francisco.

Triggit has graciously agreed to let us use their office for the meetup and some food for you.

Come join us on Thursday, January 24th at 6:30pm to learn more about our plans for Padrino in the coming year as we continue our long journey to 1.0.

Darío Cravero has been helping with Padrino and has been creating useful extensions. Having submitted several pull requests and consistently helping us to keep up with the flow of new issues in our issue tracker he agreed to join the Padrino core team.

Several months ago, Padrino 0.10.6 was released which included HTML5 support, improved stability and compatibility patches. Today after some unfortunate delays, we are releasing Padrino 0.10.7 which is a major bug fix and compatibility release. We investigated all major issues reported since the release of 0.10.6 and have addressed the most important issues including renewed JRuby support, a better reloader, activesupport loading, and many other improvements. Full details for this release are below. We look forward to getting back to a quicker release cycle going forward.