Redmine

I am glad to announce that the new feature release Redmine 3.3.0 is available for download. It brings more than 100 changes, including new features and many fixes and improvements. Most of them were submitted by contributors, big thanks to all of them for sharing their work with the Redmine community! This release celebrates the 10th anniversary of Redmine as 0.1.0 was released on june 25th 2006 :-)

You can review the full list of changes in the changelog and you will find below more details about a few of them.

Tracker role-based permissions¶

This was a long-awaited feature (#285) and it made its way into Redmine 3.3. This feature makes it possible to restrict the list of trackers for which a role can view issues, create, edit, add comments or delete issues. These permissions can be set at the bottom of the existing role form (in Administration / Roles). There's no restrictions by default, so this new feature won't affect the permissions of your existing roles if you don't change anything.

Security notifications¶

Redmine 3.3 sends notifications by email when security related events happen. Users are now informed whenever their password or email address was changed. And Redmine administrators receive a notification when a user gains or loses administration privileges and when the application security settings are changed by another administrator.

New menu item for creating objects (issues, wiki pages and more)¶

A drop-down menu item is added to the main menu and provides shortcuts to create issues, categories, versions, news, documents, wiki pages or files (depending on the user permissions and the modules that are enabled in the project). It comes as a more global solution than the "New issue" menu item which is removed in Redmine 3.3. Note that the "New wiki page" link is a new features on its own as there was no such links in previous Redmine versions (#5536).

Users who still prefer to see the "New issue" menu item can revert back to the previous behaviour. A new setting (Administration / Settings / Display / Project menu tab for creating new objects) lets you control that. You can also choose to hide both of these menu items, as the "New issue" link is also added to the top of the issue list.

Drag and drop order configuration for statuses, trackers, roles...¶

The lists of trackers, issues statuses, roles, custom fields that used to require multiple clicks for reordering items now supports drag and drop for doing this much quicker. You just need to use the green arrow to drag the items.

Bulk addition of watchers¶

The menu that appears when right-clicking on a selection of issues from the issue list now lets you add watchers to all the selected issues at once (right-click the selection then Watchers / Add).

Issue filtering by IDs¶

You can now filter a list of specific issues based on their IDs. To do that, you can use the new "Issue" filter and enter a comma separated list of issue IDs, or make a selection of issues from the issue list and use the new "Filter" link in the right-click menu. It will create the appropriate filter with the IDs of the selected issues and lead you to this list. This list can then be saved like other queries.

Code highlighting toolbar button¶

A new button is added to the Textile toolbar to easily insert highlighted code. It lets you choose the language among the 24 languages for which code highlighting is supported and inserts the appropriate tags in your text.

Redmine 3.2.3 and 3.1.6 are maintenance releases that include a few fixes. They are available for download.

Security: these 2 releases fix several persistent XSS vulnerabilities (reported by Olga Yanushkevich).

Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.

Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.

Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.

Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.

Redmine 3.2.1, 3.1.4 and 2.6.10 are maintenance releases available for download.

Redmine 3.2.1 fixes 20 defects and brings several improvements of the mobile layout introduced in 3.2.0 (Changelog). Please note that Redmine 2.6.10 is the last maintenance release for the 2.6 branch. Those who are still using Redmine 2.6 should consider upgrading to Redmine 3.

• Ability to import Issues from a delimited/CSV file
• Options to display totals for estimated/spent time and numeric custom fields on the issue list
• Option to set a default target version for new issues
• Initial status for new issues is now fully configurable in the workflow setup
• Responsive layout for mobile devices

Thanks to the numerous contributors who helped make this new release!

Redmine 3.1.3, 3.0.7 and 2.6.9 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users (Changelog).

Security: these 3 releases include a fix for a potential data disclosure on an Atom feed.

Redmine 3.1.2, 3.0.6 and 2.6.8 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users.
The list of changes is available in the Changelog.

Security: these 3 releases include a fix for a potential data disclosure on the time logging form.

Redmine 3.1.1 is a maintenance release that includes 28 changes (Changelog). 3.0.5 and 2.6.7 are maintenance releases for 3.0.x and 2.6.x users.

Security: these 3 releases all include a fix for a security vulnerability (open redirect vulnerability). Users are encouraged to update to these fixed versions.

• Subtasking: option for independent subtask priority/start date/due date/done ratio (#5490), ability to filter the issue list by parent task or subtasks (#6118)
• Permission to view only your own time logs (#8929)
• Better handling of HTML-only emails (#16962), nokogiri is now used to parse incoming HTML
• Ability to limit the member management permission to certain roles (#19707)
• Security features (optional settings): ability to expire passwords after a configurable number of days (#19458), password re-entry for sensitive actions (#19851)

You can review all the changes in the Changelog.

About the maintenance of previous Redmine versions: 3.0.x maintenance will stop in favor of 3.1.x soon but Redmine 2.6.x will still be maintained until at least the end of 2015.

Redmine 3.0.4 and 2.6.6 are maintenance releases that fix several issues for 3.0.x and 2.6.x users.
You can review the changes in the Changelog.

Redmine 3.0.4 runs with the latest Rails version (4.2.3). Redmine 2.6.6 was upgraded to the latest 3.x Rails (3.2.22) that brings ruby 2.2 compatibility.
These upgrades both include fixes for several Ruby on Rails vulnerabilities (announcement).