We’ve closed a number of recent security issues related to Ruby and Rails (which Gitorious depends on). The Community Edition Installer has lagged behind a bit but is, as of today, upgraded to install the latest version of Gitorious (v2.4.9). The update also includes our current recommended default settings plus some improvements to the installer itself.
Short story: following the steps outlined at http://getgitorious.com/installer on a fresh CentOS 6 server will ensure that you end up with the latest version of Gitorious installed.
Already running on an older version of Gitorious and need to upgrade? Follow the standard installation procedure outlined here.
Please let us know if you run into any issues with the installer: the Gitorious team can be reached at firstname.lastname@example.org
Changelog for the installer:
Update to Gitorious v2.4.9 & improve installer Brings the installer up to Gitorious v2.4.9, uses the current most sensible default settings for that version, fixes recent Rails and Ruby-related security issues and improves the installer itself. Breakdown: - Using resque instead of ActiveMq - Using nginx+unicorn instead of apache+passenger - Use latest version of Gitorious - Includes fixes for recent Ruby/Rails security issues - Using thinking sphinx instead of ultrasphinx - Installer no longer nukes existing Ruby/Rubygems - Installer logs puppet operations - More robust puppet apply operation - Truly random generated db/rails passwords - Only create random db password on first run - Remove unneeded git proxy, use git daemon directly