Redmine 3.4.3, 3.3.5 and 3.2.8 released (2 comments)
Security: All of these releases include a fix for multiple XSS vulnerabilities. Thanks to Andi Fink and Holger Just who reported them to the Redmine team.
This maintenance release addresses a few more issues that were found in the latest Redmine 3.4.x releases.
Thanks to the contributors who reported these defects to the Redmine dev team.
- #26364: Sort is not reflected when exporting issue list to CSV
- #26376: Wrong issue counts and spent time reported on the project overview
It also comes with traditional Chinese and Bulgarian translation updates.
Redmine 3.4.0, 3.3.4 and 3.2.7 released (14 comments)
Redmine 3.3.4 and 3.2.7 are maintenance release for 3.3.x and 3.2.x users.
Redmine 3.3.3 and 3.2.6 released (5 comments)
Security: these 2 releases fix several vulnerabilities, including a stored XSS when displaying specifically crafted attachments. Thanks to Nikita and Planio for reporting theses issues.
Redmine 3.3.2 and 3.2.5 release (9 comments)
Have a happy new year!
Redmine 3.3.1, 3.2.4 and 3.1.7 released (7 comments)
Redmine 3.3.0 released / 10th anniversary (19 comments)
I am glad to announce that the new feature release Redmine 3.3.0 is available for download. It brings more than 100 changes, including new features and many fixes and improvements. Most of them were submitted by contributors, big thanks to all of them for sharing their work with the Redmine community! This release celebrates the 10th anniversary of Redmine as 0.1.0 was released on june 25th 2006 :-)
You can review the full list of changes in the changelog and you will find below more details about a few of them.
Tracker role-based permissions¶
This was a long-awaited feature (#285) and it made its way into Redmine 3.3. This feature makes it possible to restrict the list of trackers for which a role can view issues, create, edit, add comments or delete issues. These permissions can be set at the bottom of the existing role form (in Administration / Roles). There's no restrictions by default, so this new feature won't affect the permissions of your existing roles if you don't change anything.
Redmine 3.3 sends notifications by email when security related events happen. Users are now informed whenever their password or email address was changed. And Redmine administrators receive a notification when a user gains or loses administration privileges and when the application security settings are changed by another administrator.
New menu item for creating objects (issues, wiki pages and more)¶
A drop-down menu item is added to the main menu and provides shortcuts to create issues, categories, versions, news, documents, wiki pages or files (depending on the user permissions and the modules that are enabled in the project). It comes as a more global solution than the "New issue" menu item which is removed in Redmine 3.3. Note that the "New wiki page" link is a new features on its own as there was no such links in previous Redmine versions (#5536).
Users who still prefer to see the "New issue" menu item can revert back to the previous behaviour. A new setting (Administration / Settings / Display / Project menu tab for creating new objects) lets you control that. You can also choose to hide both of these menu items, as the "New issue" link is also added to the top of the issue list.
Drag and drop order configuration for statuses, trackers, roles...¶
The lists of trackers, issues statuses, roles, custom fields that used to require multiple clicks for reordering items now supports drag and drop for doing this much quicker. You just need to use the green arrow to drag the items.
Bulk addition of watchers¶
The menu that appears when right-clicking on a selection of issues from the issue list now lets you add watchers to all the selected issues at once (right-click the selection then Watchers / Add).
Issue filtering by IDs¶
You can now filter a list of specific issues based on their IDs. To do that, you can use the new "Issue" filter and enter a comma separated list of issue IDs, or make a selection of issues from the issue list and use the new "Filter" link in the right-click menu. It will create the appropriate filter with the IDs of the selected issues and lead you to this list. This list can then be saved like other queries.
Code highlighting toolbar button¶
A new button is added to the Textile toolbar to easily insert highlighted code. It lets you choose the language among the 24 languages for which code highlighting is supported and inserts the appropriate tags in your text.
Redmine 3.2.3 and 3.1.6 released (6 comments)
Redmine 3.2.3 and 3.1.6 are maintenance releases that include a few fixes. They are available for download.
Security: these 2 releases fix several persistent XSS vulnerabilities (reported by Olga Yanushkevich).
Redmine 3.2.2 and 3.1.5 released (8 comments)
Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.
Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.
Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.
Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set
config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.
Also available in: Atom