Redmine

Redmine 6.1.0 is a feature-rich update that brings a number of new features, improvements, and technical changes. This release is a result of implementing nearly 70 issues, from small optimizations to completely new features, designed to improve user workflows and provide administrators with more control. Redmine developers can now use more modern tools from the Rails world.

1. Key features:

• Reactions to content: Users can add reactions to issues, notes, news, and forum posts (#42630).
• Auth2 support: Redmine can now function as an OAuth2 provider (#24808).
• User initials as avatar: A native avatar has been implemented to display user initials as their avatar when Gravatar service is disabled (#29824). For those who use Gravatar service to display user avatars, support has been added for the new "initials" option recently launched by Gravatar (#42623).
• "Progress bar" custom field: A new custom field format has been introduced, which behaves like the existing "Done Ratio" Issue field (#42335).

2. UI improvements:

• Sticky header for issues: The issue subject now remains visible at the top of the screen when scrolling through a long issue page, preventing the mistake of accidentally updating the wrong issue (#42684).
• Copy buttons: API keys and content from pre code blocks can be copied directly to the clipboard (#5953, #29214).
• Icons update: Watch icon has been changed to eye (#31531) and the quote note icon to quotation mark (#31531).
• Journals / comments / replies look and feel update: all three now uses the same structure (#42972) and the look and feel have been updated (#40744) in order to simplify the view.

2. Text formatting improvements:

• Automatic list marker insertion: pressing Enter when editing a text using Markdown or Textile formatting after a list item it will automatically insert the next list marker (#43095).
• CommonMark alert extension enabled: the extension is now enabled and it can be used to highlight text as Note, Tip, Warning, Caution and Important (#42603).
• Improved HiDPI Display: Images inserted into issues and other content will automatically adjust to the correct size on high-pixel-density screens (#38504).
• {{recent_pages}} macro: the new macro displays a list of recently updated Wiki pages (#38501).

3. Enhancements for administrators:

• Configurable columns: The lists of child and related issues can now be customized with configurable columns (#42477).
• Time tracking on closed issues: You can now configure if time entries are allowed after closing an issue (#13596).
• Configurable auto-watch: The default settings for automatically watching issues are now customizable (#42880).
• Disable JavaScript table sorting in wiki content: Administrators can now disable this feature that can be a nuisance in some cases (#40588). Also, the setting is disabled for new installations.
• Improved role deletion: The error message for role deletion now lists the projects where the role is in use, with links to the project settings page (Feature #42441).

4. Rails, Ruby and other technical improvements :

• Ruby 3.4 is now supported (#41976) and support for Ruby 3.1 has been dropped (#42496).
• Stimulus have been added to the core as a modern JavaScript framework (#42510). For now, only a few features have been implemented / modernised using this new framework, but we will continue to adopt it in Redmine 7.
• 14 issues tickets that improve the performance. On top of this, Redmine developers can now use the bullet gem to automatically detect inefficient database queries (#42555).
• Redmine::I18n::Backend has been removed (#42859).
• The task list items provided by the CommoMark uses now the commonmarks tasklist extension. deckar01-task_list gem has been removed.

You can download the new version from Download and you can see the full Changelog.

Many thanks to all contributors that have been made this release possible, especially to Go MAEDA and his team (Katsuya HIDAKA, Mizuki ISHIKAWA) who actively improves Redmine, to Plan.io (Jens Krämer, Holger Just) for their major contributions and many others.

Redmine versions status and releases policy updates:

• as we already announced in Redmine 6.0.7, 5.1.10 and 5.0.14 released, Redmine 5.0 is now end of life.
• Redmine 5.1 is now the legacy version that will receive only security updates.
• Redmine 6 series are the stable versions.
• Redmine 7.0.0 is the next major release.

We are planning to change the release cycle of the major versions in order to match the release cycle of Ruby / Rails and to support quicker the new versions. I hope we can achieve this starting from next year.

Maintenance releases 6.0.7, 5.1.10 and 5.0.14 are now available to Download, bringing a total of 16 bug fixes (Changelog).

Security fixes:

All versions contain the following security fixes:

• Defect #42998: Username and password stored in login form
• Defect #43083: Information disclosure in Two-Factor Authentication
• Defect #43161: When copying issues, all existing custom values are set to the new issue without sufficient validation

Starting with these versions, a new security measure has been implemented in #42998 to improve how Redmine handles sensitive information. The no-store cache header has been added to following forms: login, lost password, change password, sudo pages, auth_source, user, repository and accounts#register.

Thanks everyone for their contributions.

A Note on the End of Life for Redmine 5.0

With the upcoming release of Redmine 6.1.0 later today, we want to remind everyone that this will mark the end of life for the Redmine 5.0 series. If you are currently using a version in the 5.0 branch, we highly recommend you plan to upgrade soon to continue receiving updates and security patches.

Maintenance releases 6.0.6, 5.1.9 and 5.0.13 are now available to Download, bringing a total of 32 bug fixes (Changelog).

All three releases contain a new version of net-imap gem to address CVE-2025-43857 (#42662) and also some important fixes to improve the compatibility of Redmine with Rack >= 3.1.14 (#42875, #42962). Additionally, the patch for #38529, initially released in version 5.1.0, is now properly fixed and the locales are limited to those defined by Redmine itself.

Thanks everyone for their contributions.

Maintenance releases 6.0.5 and 5.1.8 are now available to Download, bringing a total of 32 bug fixes (Changelog).

Version 6.0.5 also continues the transition to modern SVG icons powered by Tabler, resolves an issue with plugin activity SVG icon paths when multiple plugins are loaded (#42509) and improves the support for RTL languages (#42575, #42465).

Thanks everyone for their contributions.

We have released new maintenance updates, Redmine 6.0.4, 5.1.7 and 5.0.12.
These 3 maintenance releases are available for download, you can review the changes in the Changelog.

All versions contain multiple important security fixes:

• 2 XSS vulnerabilities
• Project query leaks details of private projects
• /my/account does not correctly enforce sudo mode
• Update Nokogiri to 1.18.3 to address CVE-2025-24928 and CVE-2024-56171
  You can review them in Security Advisories.

Beside the security issues, #42245 is now fixed also on 5.1.7.

Thank you to everyone who contributed to the releases and special thanks to Holger Just for handling all these security issues.

We have released Redmine 5.0.11 today, following the releases of Redmine 6.0.3 and 5.1.6 yesterday.

This version backports a critical fix from Redmine 5.1.6 that resolves an issue where the application fails to start when using the concurrent-ruby gem version 1.3.5 or later in Redmine 5.0 and 5.1 series (#42113).

We recommend all users of Redmine 5.0 and 5.1 series update to 5.0.11 or 5.1.6 to avoid startup issues.

The latest maintenance releases are available for download, you can review the changes in the Changelog.

We have released two maintenance updates, Redmine 6.0.3 and 5.1.5.
These 2 maintenance releases are available for download, you can review the changes in the Changelog.

Redmine 6.0.3 addresses a major issue where Redmine fails to start if the database adapter name `mysql` in `config/database.yml` is enclosed in double quotes (#42013). Additionally, it includes several UI fixes.

Redmine 5.1.6 addresses a critical issue preventing Redmine 5.0.x from starting when using concurrent-ruby gem version 1.3.5 or later (#42113).

We appreciate the contributions of everyone who reported and resolved these issues.

These 2 maintenance releases are available for download, you can review the changes in the Changelog.

Version 6.0.2 includes important fixes:

• Time entry API (#41819) and CSV export (#41895) return `hours` as Rational instead of Float
• Projects endpoint ignores offset and limit params and returns list of all projects (#41791)
• Plugin activity cannot show icons after switching to SVG icons (#41880)
• Multiple fixes related to the migration from legacy icons to SVG icons

Both versions include a fix for the following warning during startup: "Unresolved or ambiguous specs during Gem::Specification.reset" (#41749).

We strongly recommend updating to Redmine 6.0.2.

Thanks everyone for the effort to report and fix all these issues.

Redmine 6.0.1 has been released and it is now available for Download.

This release includes an important fix for the issue reported in #41729 which prevents users from installing Redmine 6 without development dependencies (bundle install --without development:test fails with the error LoadError: cannot load such file -- svg_sprite (LoadError)).

We recommend that all Redmine 6 users upgrade to this release.

Redmine 6.0.0 has been released and it is available for download on our Download. This version ships 146 new features and bug fixes and some of them being major improvements that will help us continue improving Redmine:

1. Rails and Ruby support:

• Redmine 6 has been upgraded to Rails 7.2 (#36320) which is the latest Rails version
• Ruby 3.3 is now supported (#39761)
• Spport for Ruby 2.7 and 3.0 has been dropped (#38585)

2. Asset pipeline integration using Propshaft has been enabled (#39111):

• Redmine assets have been moved from public to app/assets to comply with the Rails standard
• Assets are automatically recompiled in production mode when updates are found in order to not require an additional command, but you can disable this behavior from configuration (config.assets.redmine_detect_update)
• [breaking change] Themes are now loaded from themes in the project root instead of public/themes, please update your installation accordingly. Being a trivial change, we do not provide any rake task to make this change automatically.

3. Support for Markdown has been removed (#40149):

• All installations using the deprecated Markdown (based on Redcarpet) are switched to CommonMark automatically by a migration
• Since these rendering engines differ slightly, you may need to review and adjust some existing Markdown content to ensure it displays correctly

4. Icons have been replaced with SVG icons provided by Tabler (#23980):

• Icons are served from a sprite file (icons.svg)
• To help render the icons, a new helper class has been added (app/helper/icons_helper.rb). Most of the methods are using svg_sprite method which allows various configurations, settings the size or to render an icon provided by a plugin or from a different sprite file
• Plugins that add items in the menu can also specify the icons from their own sprite file
• Both old images and custom CSS style are still shipped in 6.0.0 to make the transition easier, but it will be removed as follow:
  • CSS styles from app/assets/stylesheets/application.css: in 6.1.0
  • Old icon images: in version 7.0.0
• Please open new issues if you find any icon that is still using the old design, we will ship the updates in the first maintenance release
• rake test (icons:*) has been added to download icons from Tabler based on a configuration file. The task also supports generating a sprite from the downloaded icons.

5. UI tweaks:

• Default font family have been changed to Noto Sans font (#41321)
• Refined UI with updated box styling and border colors (#41298)
• Header design slightly changed (#41266)
• CSS font-size units from px to rem to respect browser font settings (#2499)

6. New features and enhancements, some of them being long awaited features:

• Sidebar is collapsible and the state is saved in browser local storage (#21808)
• Estimated remaining time has been added as query column and in the version page (#38853)
• Quoting an existing text now supports partial quoting in issues and forums (#41294)
• Description can be added now to queries (#9309)
• Add "Author / Previous assignee" group to assignee dropdown in issue form (#16045)
• Support localized decimal separator for hours in the web UI (#21677) and for float values (#22024)
• Adds Last activity date to Project list available columns (#23954). You cannot sort for now by this column

7. API changes:

• updated_on and updated_by added to Journal response
• User status added to User list response (#38948) and auth_source added to User response (#23307)

9. Security improvement: User visibility changed from "all" to "member of visible projects" for new roles and existing builtin roles (#38853):

• We did this to improve the default setting and to decrease the probability to disclose login accounts to the public when a project is public. If you need to get back to previous behavior, you need to explicitly set User visibility back to “All” for the builtin roles.

For a detailed overview of all the improvements and fixes, please refer to the Changelog.

With this release, Redmine 4.2.x became unsupported and Redmine 5.0.11 is the latest version of Redmine 5.0-branch, after that it will receive only important security updates.

I’m very happy that we finally have been able to ship some of the new features that I’ve mentioned. I thank everyone involved in this release for their work and time, especially to Takashi Kato for his work on #36320 and #39111, Go MAEDA and his team for their active development and many other contributors.