Redmine

Redmine 3.2.3 and 3.1.6 are maintenance releases that include a few fixes. They are available for download.

Security: these 2 releases fix several persistent XSS vulnerabilities (reported by Olga Yanushkevich).

Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.

Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.

Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.

Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.

Redmine 3.2.1, 3.1.4 and 2.6.10 are maintenance releases available for download.

Redmine 3.2.1 fixes 20 defects and brings several improvements of the mobile layout introduced in 3.2.0 (Changelog). Please note that Redmine 2.6.10 is the last maintenance release for the 2.6 branch. Those who are still using Redmine 2.6 should consider upgrading to Redmine 3.

• Ability to import Issues from a delimited/CSV file
• Options to display totals for estimated/spent time and numeric custom fields on the issue list
• Option to set a default target version for new issues
• Initial status for new issues is now fully configurable in the workflow setup
• Responsive layout for mobile devices

Thanks to the numerous contributors who helped make this new release!

Redmine 3.1.3, 3.0.7 and 2.6.9 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users (Changelog).

Security: these 3 releases include a fix for a potential data disclosure on an Atom feed.

Redmine 3.1.2, 3.0.6 and 2.6.8 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users.
The list of changes is available in the Changelog.

Security: these 3 releases include a fix for a potential data disclosure on the time logging form.

Redmine 3.1.1 is a maintenance release that includes 28 changes (Changelog). 3.0.5 and 2.6.7 are maintenance releases for 3.0.x and 2.6.x users.

Security: these 3 releases all include a fix for a security vulnerability (open redirect vulnerability). Users are encouraged to update to these fixed versions.

• Subtasking: option for independent subtask priority/start date/due date/done ratio (#5490), ability to filter the issue list by parent task or subtasks (#6118)
• Permission to view only your own time logs (#8929)
• Better handling of HTML-only emails (#16962), nokogiri is now used to parse incoming HTML
• Ability to limit the member management permission to certain roles (#19707)
• Security features (optional settings): ability to expire passwords after a configurable number of days (#19458), password re-entry for sensitive actions (#19851)

You can review all the changes in the Changelog.

About the maintenance of previous Redmine versions: 3.0.x maintenance will stop in favor of 3.1.x soon but Redmine 2.6.x will still be maintained until at least the end of 2015.

Redmine 3.0.4 and 2.6.6 are maintenance releases that fix several issues for 3.0.x and 2.6.x users.
You can review the changes in the Changelog.

Redmine 3.0.4 runs with the latest Rails version (4.2.3). Redmine 2.6.6 was upgraded to the latest 3.x Rails (3.2.22) that brings ruby 2.2 compatibility.
These upgrades both include fixes for several Ruby on Rails vulnerabilities (announcement).

Redmine 3.0.3 and 2.6.5 are maintenance releases that fix several issues for 3.0.x and 2.6.x users (Changelog).

Redmine 3.0.3 also fixes a regression introduced in 3.0.2 that prevents users who disabled the % done field from creating/updating issues (issue validation fails with "% done is not valid" error message).