Wheelhouse CMS 1.0.17 has just been pushed to the gem servers. To update to this release, simply run bundle update wheelhouse from within your Rails application.

Release Notes

• Audited gem dependencies to ensure versions are pinned to major/minor releases
• Ensure that pages with the NOINDEX meta flag set do not appear in the sitemap.xml
• Add a plugin hook (:editor) to allow plugins to add customizations to the editor JavaScript
• Fixed a bug where will_paginate was not being properly initialized
• Fixed a bug with field values containing double quotation marks
• Fixed a bug with image fields referencing the wrong image within multiple loop fields

Security Notice

A vulnerability in Dragonfly < 0.9.12 potentially allows an attacker to run arbitrary code (see here for details). If you are currently running an affected version of Dragonfly, it is strongly recommended to update as soon as possible.

Updating to Wheelhouse 1.0.17 will ensure that all dependencies are running the sufficient versions with no currently known vulnerabilities. However if you are stil on an older version of Wheelhouse, please run bundle update dragonfly and ensure that Dragonfly is updated to version 0.9.14 or higher.

I apologise for the very late notice of this vulnerability. As part of the gem audit in this release, I am tracking all dependencies closely to ensure that any future security notices are announced here as soon as possible.

Wheelhouse 1.1 Development

This will hopefully be the last release in the 1.0 branch (security updates notwithstanding). Development on the 1.1 branch is coming along nicely and most noteably includes support for Rails 4 as well as some significant UI enhancements. Stay tuned.