News

New Rails vulnerability affects Redmine 1.4.7

Added by Jean-Philippe Lang over 3 years ago

A new Rails vulnerability (CVE-2013-0333) has been discovered and affects those who are still using Redmine 1.4.7. In order to upgrade to the Rails version that fixes this vulnerability, you can apply the attached patch (redmine-1.4.7.patch) then run `bundle update rails`.

Redmine 2.1.6 and 2.2.2 are not affected by this vulnerability.

Redmine 2.2.2 maintenance release (2 comments)

Added by Jean-Philippe Lang over 3 years ago

Redmine 2.2.2 is a maintenance release that fixes a few issues (Changelog). It's available for download at Rubyforge.

Redmine 1.4.7 security release

Added by Jean-Philippe Lang over 3 years ago

Redmine 1.4.7 fixes a Ruby on Rails vulnerability (CVE-2013-0155) that was not fixed in Rails 2.3.15 and Redmine 1.4.6. It is strongly recommended for 1.4.x users to upgrade to this new release. This vulnerability was already fixed in Redmine 2.1.6 and Redmine 2.2.1.

Now that Rails 2.3 is no longer supported by the Rails core team and that security fixes are not guaranteed for this unsupported Rails version, Redmine 1.4.7 is the last 1.4.x release.

Redmine 2.2.1, 2.1.6 and 1.4.6 security releases (10 comments)

Added by Jean-Philippe Lang over 3 years ago

Several security vulnerabilities have been discovered in Ruby on Rails lately (read the announcement) and are fixed in all of these new Redmine releases. These vulnerabilities are considered critical, so upgrading as soon as possible is highly recommended.

These new releases are available at Rubyforge.

Redmine 2.2.0 and 2.1.5 released (3 comments)

Added by Jean-Philippe Lang over 3 years ago

I am proud to announce that the new feature release Redmine 2.2.0 is available for download at Rubyforge. Here are the highlights:

  • Private comments in issues
  • Ability to allow subtasks in subprojects or other projects (can be turned on/off with a configurable scope)
  • Issue relations improvements:
    • Precedes/Follows relations take care of non working days when rescheduling issues (non working days can be configured in the application settings)
    • Precedes/Follows relations now also move following issues when rescheduling an issue earlier
    • A new relation "Copied from/to" is automatically added when copying issues
    • You can now filter issues against their relations
    • Relations can be displayed on the issue list
  • Issue list improvements:
    • The order of the group column can now be set
    • An option lets you display the full issue descriptions on the issue list
  • REST API additions: wiki pages, roles, priorities, user Impersonation

You can review all the changes in the Changelog. Redmine 2.1.5 is a maintenance release for the 2.1.x branch.

Thanks to all contributors!

Redmine 2.1.4 released (1 comment)

Added by Jean-Philippe Lang almost 4 years ago

Redmine 2.1.4 fixes 7 defects including an IE8 compatiblity issue. You can see the full list of changes in the Changelog and download this release at Rubyforge.

Redmine 2.1.3 and 1.4.5 released (1 comment)

Added by Jean-Philippe Lang almost 4 years ago

Redmine 2.1.3 (Changelog) and Redmine 1.4.5 (Changelog) are new maintenance releases for 2.1.x and 1.4.x series. They include several bug fixes and can be downloaded at Rubyforge.

Redmine 2.1.2 released

Added by Jean-Philippe Lang almost 4 years ago

Redmine 2.1.2 is a maintenance release that fixes 12 defects and a XSS vulnerability discovered in Redmine 2.1.0 (Changelog).
It's available for download at Rubyforge.

Redmine 2.1.0 and 2.0.4 released (11 comments)

Added by Jean-Philippe Lang almost 4 years ago

Redmine 2.1.0 is the new feature release and is available for download at Rubyforge. It includes major and exclusive new features as well as many improvements and fixes. Here are the highlights:

fields_permissions.png

  • Issues and workflow improvements: you can now configure required and read-only issue fields per role, tracker and status. You can also disable core fields that you don't use on a per tracker basis.
  • Issue list and filters: issues can now be filtered by custom fields defined on your projects (eg. say you have a "Customer" custom fields on your projects, you will be able to filter issues for a given customer across all projects)
  • Thumbnails: you can enable the automatic display of thumbnails for images attached to an issue. And a new macro lets you add clickable thumbnails of an attached image in any formatted text (eg. wiki page, news...).
  • Closed projects: a new permission is added to let project members close/reopen projects. Unlike archived projects, closed projects are still visible but the project and all its data (issues, wiki...) is read-only.
  • Subtaks copy: when copying an issue, an option lets you copy subtasks too.
  • REST API: Groups can now be managed through the resp API. And the REST API now supports JSONP in order to retrieve data from a server in a different domain
  • Macros: macros can now accept an optional block of text, making it easy to define custom text processors.
  • Internals: Redmine now uses JQuery instead of Prototype + scriptaculous

You can review the full list of changes and fixes in the changelog.

Redmine 2.0.4 is a last maintenance release for the 2.0.x branch. Redmine 1.4.x will be maintained for security updates until the end of 2012.

Redmine 2.0.3 and 1.4.4 released (6 comments)

Added by Jean-Philippe Lang about 4 years ago

New maintenance releases are available for both 2.0.x and 1.4.x series. They include several bug fixes and a security updates for some new vulnerabilities found in all prior Rails versions.

  • Redmine 2.0.3 (Changelog) is upgraded to the latest Rails 3.2.6.
  • Redmine 1.4.4 (Changelog) includes a backported fix for these vulnerabilities (Rails 2.3.x is no longer maintained by the Rails team).

They can be downloaded at Rubyforge.

1 2 3 4 5 6 ... 11 (31-40/108)

Also available in: Atom