A new Rails vulnerability (CVE-2013-0333) has been discovered and affects those who are still using Redmine 1.4.7. In order to upgrade to the Rails version that fixes this vulnerability, you can apply the attached patch (redmine-1.4.7.patch) then run
`bundle update rails`.
Redmine 2.1.6 and 2.2.2 are not affected by this vulnerability.
Redmine 2.2.2 maintenance release (2 comments)
Redmine 1.4.7 fixes a Ruby on Rails vulnerability (CVE-2013-0155) that was not fixed in Rails 2.3.15 and Redmine 1.4.6. It is strongly recommended for 1.4.x users to upgrade to this new release. This vulnerability was already fixed in Redmine 2.1.6 and Redmine 2.2.1.
Now that Rails 2.3 is no longer supported by the Rails core team and that security fixes are not guaranteed for this unsupported Rails version, Redmine 1.4.7 is the last 1.4.x release.
Redmine 2.2.1, 2.1.6 and 1.4.6 security releases (10 comments)
Several security vulnerabilities have been discovered in Ruby on Rails lately (read the announcement) and are fixed in all of these new Redmine releases. These vulnerabilities are considered critical, so upgrading as soon as possible is highly recommended.
These new releases are available at Rubyforge.
Redmine 2.2.0 and 2.1.5 released (3 comments)
- Private comments in issues
- Ability to allow subtasks in subprojects or other projects (can be turned on/off with a configurable scope)
- Issue relations improvements:
- Precedes/Follows relations take care of non working days when rescheduling issues (non working days can be configured in the application settings)
- Precedes/Follows relations now also move following issues when rescheduling an issue earlier
- A new relation "Copied from/to" is automatically added when copying issues
- You can now filter issues against their relations
- Relations can be displayed on the issue list
- Issue list improvements:
- The order of the group column can now be set
- An option lets you display the full issue descriptions on the issue list
- REST API additions: wiki pages, roles, priorities, user Impersonation
Thanks to all contributors!
Redmine 2.1.4 released (1 comment)
Redmine 2.1.3 and 1.4.5 released (1 comment)
Redmine 2.1.0 and 2.0.4 released (11 comments)
- Issues and workflow improvements: you can now configure required and read-only issue fields per role, tracker and status. You can also disable core fields that you don't use on a per tracker basis.
- Issue list and filters: issues can now be filtered by custom fields defined on your projects (eg. say you have a "Customer" custom fields on your projects, you will be able to filter issues for a given customer across all projects)
- Thumbnails: you can enable the automatic display of thumbnails for images attached to an issue. And a new macro lets you add clickable thumbnails of an attached image in any formatted text (eg. wiki page, news...).
- Closed projects: a new permission is added to let project members close/reopen projects. Unlike archived projects, closed projects are still visible but the project and all its data (issues, wiki...) is read-only.
- Subtaks copy: when copying an issue, an option lets you copy subtasks too.
- REST API: Groups can now be managed through the resp API. And the REST API now supports JSONP in order to retrieve data from a server in a different domain
- Macros: macros can now accept an optional block of text, making it easy to define custom text processors.
- Internals: Redmine now uses JQuery instead of Prototype + scriptaculous
You can review the full list of changes and fixes in the changelog.
Redmine 2.0.4 is a last maintenance release for the 2.0.x branch. Redmine 1.4.x will be maintained for security updates until the end of 2012.
Redmine 2.0.3 and 1.4.4 released (6 comments)
New maintenance releases are available for both 2.0.x and 1.4.x series. They include several bug fixes and a security updates for some new vulnerabilities found in all prior Rails versions.
- Redmine 2.0.3 (Changelog) is upgraded to the latest Rails 3.2.6.
- Redmine 1.4.4 (Changelog) includes a backported fix for these vulnerabilities (Rails 2.3.x is no longer maintained by the Rails team).
They can be downloaded at Rubyforge.
Also available in: Atom