Redmine

2015-04-12

23:38 Defect #19577: Open redirect vulnerability with back_url param

Here's an updated version that also prevents something like @?back_url=/attacker.com@ Jan from Planio www.plan.io

11:52 Defect #19547 (Needs feedback): bulk update issues error

Please read [[SubmittingBugs]] and post your error log. Jean-Philippe Lang

11:45 Defect #19544 (Resolved): Malformed SQL query with SQLServer when grouping issues

That should be fixed by r14165. Jean-Philippe Lang

11:17 Defect #19538 (Resolved): Keywords in commit messages: journal entries are created even if nothing was changed

Fixed in r14164. Jean-Philippe Lang

09:55 Defect #19168 (Resolved): Activity: changes made to tickets are shown multiple times

Thanks, fixed in r14163. Jean-Philippe Lang

09:37 Defect #19464 (Resolved): Possible to log time on project without time tracking

Fixed in r14162. Jean-Philippe Lang

07:30 Defect #19486 (Closed): Parent task field isn't preserved when copying issue

I am closing this issue as duplicate of #12893.
Thanks for reporting. Go MAEDA

07:06 Defect #19595: Broken "receiving emails"

Thank you for investigating.
I pasted the workaround on #19485-6. Go MAEDA

06:38 Defect #19595 (Closed): Broken "receiving emails"

Duplicate of #19485. Toshi MARUYAMA

06:03 Defect #19595 (Closed): Broken "receiving emails"

After update 2.6.1 -> 3.0.1 fetching emails from an IMAP server is brokened with error:
> PG::AmbiguousColumn: ERR... Semyon Dubina

07:02 Defect #19485: Column 'address' in where clause may be ambiguous

A workaround by Andrey Sennikov (#19595).... Go MAEDA

06:38 Defect #19485: Column 'address' in where clause may be ambiguous

The same error is reported in #19595 and that issue has a workaround. Go MAEDA

03:00 Defect #13197 (Closed): Don't send password in plain text via email after registration

Since nobody can reproduce it, I am closing this issue. Go MAEDA

2015-04-11

17:13 Patch #19370: Parent projects in project jump dropdown

Sebastian Paluch wrote:
> This reviles parent project names as complained in #888 but entire project hierarchy can b... Toshi MARUYAMA

16:28 Defect #13520: Internal Error (incompatible character encodings: ASCII-8BIT and UTF-8) when accessing Admin/Settings, Account, etc.

anton profit wrote:
> The same problem.
> attachment:123.jpg
Your problem is fixed by #19305. Toshi MARUYAMA

13:45 Defect #19168: Activity: changes made to tickets are shown multiple times

Need to write note.
!journal.png!
!activity.png! Toshi MARUYAMA

10:00 Defect #19168: Activity: changes made to tickets are shown multiple times

I'm not able to reproduce with current trunk. Toshi, were you able to reproduce when you set this ticket as confirmed? Jean-Philippe Lang

09:54 Defect #19580 (Resolved): "Required" and "Read-only" rules on "Fields Permissions" screen are not colored

Fix committed in r14160 with a test, thanks. Jean-Philippe Lang

09:15 Defect #19558 (Resolved): Mail handler should not ignore emails with x-auto-response-suppress header

Patch committed in r14159, thanks for digging into this. Jean-Philippe Lang

09:09 Defect #19553 (Resolved): When create by copying the issue, status can not be changed to default

Fix committed in r14158 with a test. Jean-Philippe Lang

08:12 Defect #19576 (Needs feedback): Ticket subject.strip in recent version not in an old one

Sorry, I don't get what the actual problem is. Could you provide an exemple or maybe a patch that includes a test? Jean-Philippe Lang

08:08 Defect #19581 (Closed): _redmine_session cookie security flaw

This is called "session hijacking":http://en.wikipedia.org/wiki/Session_hijacking and it's not a Redmine or Rails sec... Jean-Philippe Lang

07:30 Feature #16779: Make all kind of URL a html link

Redmine would not support "file://" for security reasons. (#7370) Go MAEDA

07:00 Feature #19591 (Closed): Text formatting (textile/markdown) configurable on a per project basis

This issue seems to be duplicate of #8095. I am closing this as duplicate.
Thank you for submitting. Go MAEDA

06:47 Feature #1624: Issue merging

Christian Zagrodnick wrote:
> A related question is: Could this be sponsored? And if, how much money do we need.
... Go MAEDA

03:56 Defect #19419 (Closed): MinGW Ruby 2.2: NameError: uninitialized constant ActionView::Helpers::ActiveModelHelper

We cannot do anything.
I have updated [[RedmineInstall]] to ver. 235. Toshi MARUYAMA

03:52 Defect #19374: MinGW thin and puma: Internal server error occoures when attachment file name contains non ASCII

Rails 4.2.2 will fix.
https://github.com/rails/rails/commit/4df216cb12e35c09ae5ec271755e581d692d0326#diff-6897a0b59a... Toshi MARUYAMA

03:48 Defect #19321: MinGW thin and puma: non ASCII wiki page causes "Internal server error"

Rails 4.2.2 will fix.
https://github.com/rails/rails/commit/4df216cb12e35c09ae5ec271755e581d692d0326#diff-6897a0b59a... Toshi MARUYAMA

02:18 Feature #19364: Images and Thumbnail are not interpreted in table while exporting PDF

I have created issue.
https://github.com/naitoh/rbpdf/issues/12 Toshi MARUYAMA

01:12 Feature #19501: Assign issue to <<author>>

a interesting feature will be assign to a project by author, so I can use email-import to create issue from one email... [ Desperados ]

2015-04-10

22:53 Feature #19592 (New): Public/Private or Anonymous/Authenticated/Team access attribute for each project module

It would be useful to be able to further *restrict* access to each project module, in addition to the general permiss... George Notaras

22:34 Feature #19591 (Closed): Text formatting (textile/markdown) configurable on a per project basis

In a true multi-user and multi-project environment, it would make more sense if the text-formating setting could also... George Notaras

20:21 Feature #18342: Enhanced issue filter

+1, we have had to start writing scripts outside of redmine to query & assemble data because of the lack of this feat... Barnaby Court

20:14 Feature #13844: Option to enable HTML emails for issue creation.

This is definitely an issue for our implementation. We have most users submitting tickets by email, and any links are... Aaron Milligan

20:03 Feature #12579: Ability to assign issues to multiple users

Implementing this feature would be very helpful for us too. Omer Arslan

17:48 Defect #19590: Parent not visible unless 'Edit' is clicked

After much more searching we discovered that over the issue title, any parent task titles are also shown in tiny font... Brian Bouterse

17:23 Defect #19590: Parent not visible unless 'Edit' is clicked

+1 this would be very helpful! Barnaby Court

17:10 Defect #19590: Parent not visible unless 'Edit' is clicked

The last sentence should read. "I expect that if a parent ID for a task is set, that it is visible in some way withou... Brian Bouterse

17:09 Defect #19590 (Closed): Parent not visible unless 'Edit' is clicked

0) Create a task A, and a task B.
1) Click Edit on Task B and set the task ID to the ID of task A. Save.
2) Observe... Brian Bouterse

16:45 Defect #19589 (Closed): Email Client (Not Show the images)

It is obviously your mail client issue.
Please use forum for question. Toshi MARUYAMA

16:38 Defect #19589 (Closed): Email Client (Not Show the images)

My situation:
1) I create a new issues with image.
2) I choose the people who need to know the issues.
3) Befo... Ignacio Gutierrez

16:30 Defect #19581: _redmine_session cookie security flaw

Redmine is Rails application.
I think you would better ask Rails community.
http://rubyonrails.org/community/ Toshi MARUYAMA

15:59 Defect #19581: _redmine_session cookie security flaw

Thank you for your answers. The first do not think this solves the problem , but I'll try both and tell them whether ... Marcelo Dalmao

02:50 Defect #19581 (Needs feedback): _redmine_session cookie security flaw

I think it is Rails mater not Redmine.
Try message#41137.
source:config/application.rb#L62
From:... Toshi MARUYAMA

16:23 Defect #19588 (Closed): Invalid column size for language pt-BR

Please contact bitnami team. Toshi MARUYAMA

16:05 Defect #19588 (Closed): Invalid column size for language pt-BR

I installed Redmine 3.0.1 recently with default language pt-BR, no problem during the instalation. However, when logg... José Cavalcanti

16:03 Feature #703: Configurable required fields per tracker/status/role

I'm using the 2.6.3 version and I'm not getting permit requirement for standard field.
How can I do this? Pedro Cainã C Lima

13:11 Feature #5990: Email notification should reflect user language setting

This issue was submitted over 4 years ago and seems it's still have no solution.
As somebody already noted we als... Kostyantyn Didenko

11:49 Feature #9664: CRUD operations for "custom field definitions" (not setting custom fields on issues!)

Just to note, this is useful for another situation than that mentioned in the original description: we have a situati... Ieuan Jenkins

11:22 Feature #19583 (New): Allow restriction of Issue Relations as per other Field Permissions

Currently the only permission configuration for issue relations is either no access or full control.
It would be u... Ieuan Jenkins

11:17 Feature #3972: Translation for field values

+1
Surprisingly this is an important issue for some users.
I have non english users who are completely lost wi... Slawomir CALUCH

09:20 Feature #1624: Issue merging

Christian Zagrodnick wrote:
> A related question is: Could this be sponsored? And if, how much money do we need.
... Leo Gaggl

09:01 Feature #1624: Issue merging

A related question is: Could this be sponsored? And if, how much money do we need. Christian Zagrodnick

08:19 Feature #1624: Issue merging

Any ideas if this will make it onto the roadmap at some stage ? This seems such a long-standing and obvious problem c... Leo Gaggl

01:57 Defect #18834 (Closed): parent_issue_id in REST API request does not work

Thank you for your feedback. Toshi MARUYAMA