Project

General

Profile

PDF Download in "time entries" gone after update to 3.4.3

Added by Thomas Dettmann over 6 years ago

Hello Everybody.

Our current Redmine System has Version 3.3.2.stable

With this version we have under time entries the option to download the table with pdf. Sadly that is not functional and only give a white page.

I know update on 3.4.3.stable.

Update worked so far, but the pdf button in time entry is gone.

Cause I'm not the original designer and administrator, i has a few questions.

1. Is the pdf download a standard feature on redmine or is it a plugin?

2. Is it intended that you cant generate a pdf from time entries?

3. Is there a way to reactivate it, if its a redmine feature?

I would be very happy to get some answers. :)


Replies (4)

RE: PDF Download in "time entries" gone after update to 3.4.3 - Added by Guillermo ML over 6 years ago

We have 3.1.1.stable and we don't have any PDF download option at time entries (only Atom and csv), maybe it was a plugin as you said.

RE: PDF Download in "time entries" gone after update to 3.4.3 - Added by Mischa The Evil over 6 years ago

Guillermo ML wrote:

We have 3.1.1.stable [...]

Here is just my free advice. Please decommission this Redmine instance as soon as possible. The Redmine version you are running is known to be vulnerable (AF) via 13 security advisories (1 critical, 3 high, 8 moderate and 1 low severity) referencing ~15 CVE's and the 3.1.x-release branch itself is EOL'ed a year ago or so and even the last 3.1.x releases contained issues (see eg. my comment on Redmine 3.4.3, 3.3.5 and 3.2.8 released). I can't tell with the current info if you are vulnerable to each of them specifically yes or no, but can you at the moment? This is only just the first layer of potential danger. If this Redmine is that outdated, what about Redmine plugins? Or what about the whole underlying stack? All the gems; that is the whole dependency tree. Your Ruby? More basic: what about OS package updates? If eg. an old, vulnerable ImageMagick was installed on your server using system package(s), also never updated (anymore), running in combination with your Redmine 3.1.1, well, this could potentially be a way to gain root access on your machine.
If this instance is/was in any way connected to an outside/the internet/etc., I wouldn't trust it to be clean and un-compromised in any way before I had thoroughly inspected it in an offline setting and preferably in some kind of sand-boxed environment with some kind of replication/monitoring options. Any Logs? Usage baselines? Any monitoring? Do you provide SCM commit-access through Redmine facilities? If so, my suspicion would quickly be extended to the SCM system including its data. But that wouldn't matter any more if they already got root access.
Anyways, if you think you are unaffected after all, I'd still recommend you to reinstall a new system (with supported versions) from scratch and restore only the inspected data that you've approved clean.

TL;DR: pull the plug (power/network, your choice:).

Anywhere I refer to you/your, I'm talking to the one in charge of maintaining your particular Redmine instance on that particular machine with that particular set of software.

HTH.

RE: PDF Download in "time entries" gone after update to 3.4.3 - Added by Guillermo ML over 6 years ago

Thanks for the advice, but I typed it wrong: we have Redmine 3.3.1.stable.

Looking at your link we are still vulnerable to XSS vulnerabilities labeled as high, we'll have to upgrade.

RE: PDF Download in "time entries" gone after update to 3.4.3 - Added by Mischa The Evil over 6 years ago

Thomas Eccard Dettmann: core Redmine never had/nor has a PDF-export feature for timelogs as already suggested by Guillermo (not the report: only CSV nor the details: Atom and CSV). So it was either a plugin (which stopped working) or a custom modification (which was altered due to the upgrade).

@Guillermo: that's slightly better, but still...;) Good luck.

    (1-4/4)