Redmine

Redmine 2.3.3 is a maintenance release available for download at Rubyforge. You can review the list of changes in the Changelog.

Redmine 2.3.2 is a maintenance release that fixes a few detects (Changelog) and brings some translation updates (many thanks from the Redmine team to all translators!). As usual, it's available for download at Rubyforge.

Redmine 2.3.1 is a maintenance release that fixes a few detects (Changelog). It's available for download at Rubyforge.

The new feature release Redmine 2.3.0 is available for download at Rubyforge. Here are the highlights:

• Spent time list and report: improved filtering system, ability to choose columns (including custom fields)
• Gantt chart: issue relations and progress line can now be displayed
• AJAX upload of attachments with drag and drop support and progress bar
• Optional membership inheritance in subprojects
• Bulk watch/unwatch issues from the context menu
• Ruby 2.0 and JRuby support
• Microsoft SQLServer support (2008 and higher)

You can review all the changes in the Changelog. Redmine 2.2.4 is a maintenance release for the 2.2.x branch that fixes a few issues. Redmine 2.3.0 and 2.2.4 are upgraded to Rails 3.2.13 which fixes several security vulnerabilities. Upgrading as soon as possible is recommended.

Thanks to all committers and contributors!

Mastering Redmine is a comprehensive guide with tips, tricks and best practices for using Redmine, written by Andriy Lesyuk and published by Packt publishing. It's available as eBook or print book and you can order it at: http://www.packtpub.com/mastering-redmine/book

Redmine 2.2.3 fixes a few detects and was upgraded to Ruby on Rails 3.2.12 which fixes several vulnerabilities.
You can read the Changelog and download it at Rubyforge.

A new Rails vulnerability (CVE-2013-0333) has been discovered and affects those who are still using Redmine 1.4.7. In order to upgrade to the Rails version that fixes this vulnerability, you can apply the attached patch (redmine-1.4.7.patch) then run `bundle update rails`.

Redmine 2.1.6 and 2.2.2 are not affected by this vulnerability.

Redmine 2.2.2 is a maintenance release that fixes a few issues (Changelog). It's available for download at Rubyforge.

Redmine 1.4.7 fixes a Ruby on Rails vulnerability (CVE-2013-0155) that was not fixed in Rails 2.3.15 and Redmine 1.4.6. It is strongly recommended for 1.4.x users to upgrade to this new release. This vulnerability was already fixed in Redmine 2.1.6 and Redmine 2.2.1.

Now that Rails 2.3 is no longer supported by the Rails core team and that security fixes are not guaranteed for this unsupported Rails version, Redmine 1.4.7 is the last 1.4.x release.

Several security vulnerabilities have been discovered in Ruby on Rails lately (read the announcement) and are fixed in all of these new Redmine releases. These vulnerabilities are considered critical, so upgrading as soon as possible is highly recommended.

These new releases are available at Rubyforge.