Redmine 3.0.0 and 2.6.2 released
This new version brings several improvements to the search engine (it's now much faster and includes new search options) and many new features: default issue status per tracker, multiple emails per user, ability to edit attachment descriptions and more. It now runs with the latest Rails 4.2.0 and ruby 1.8 is no longer supported. Redmine 3.0.0 requires ruby 1.9.3 or higher (and now supports ruby 2.2).
A bit of cleanup was done in the issues permissions system now that the workflow permission setting gives full control over editable or read-only fields. The `Move issues` permission is gone, you just need to set the project field as read-only if you don't want the users to be able to move issues. The behaviour that allowed users to edit a few issue properties if a status transition is allowed (even if these users don't have the `Edit issues` permission) is also dropped: the `Edit issues` is now required to change an issue status.
Redmine 2.6.2 is a maintenance relase that fixes several issues.
You can review the list of all changes in the Changelog.
Security: these new releases also fix a potential XSS vulnerability in flash messages rendering, discovered by Holger Just. If you're running 2.4, 2.5 or 2.6 and is not able to update, you can manually apply the attached patch that will fix this issue.