Redmine

Redmine 3.3.3 and 3.2.6 are maintenance releases available for download. You can review the list of changes in the Changelog.

Security: these 2 releases fix several vulnerabilities, including a stored XSS when displaying specifically crafted attachments. Thanks to Nikita and Planio for reporting theses issues.

Redmine 3.3.2 and 3.2.5 are maintenance releases available for download. You can review the list of changes in the Changelog.

Have a happy new year!

Redmine 3.3.1, 3.2.4 and 3.1.7 are maintenance releases that include many fixes and updates (see the Changelog for details).
They are available for download.

I am glad to announce that the new feature release Redmine 3.3.0 is available for download. It brings more than 100 changes, including new features and many fixes and improvements. Most of them were submitted by contributors, big thanks to all of them for sharing their work with the Redmine community! This release celebrates the 10th anniversary of Redmine as 0.1.0 was released on june 25th 2006 :-)

You can review the full list of changes in the changelog and you will find below more details about a few of them.

Tracker role-based permissions¶

This was a long-awaited feature (#285) and it made its way into Redmine 3.3. This feature makes it possible to restrict the list of trackers for which a role can view issues, create, edit, add comments or delete issues. These permissions can be set at the bottom of the existing role form (in Administration / Roles). There's no restrictions by default, so this new feature won't affect the permissions of your existing roles if you don't change anything.

Security notifications¶

Redmine 3.3 sends notifications by email when security related events happen. Users are now informed whenever their password or email address was changed. And Redmine administrators receive a notification when a user gains or loses administration privileges and when the application security settings are changed by another administrator.

New menu item for creating objects (issues, wiki pages and more)¶

A drop-down menu item is added to the main menu and provides shortcuts to create issues, categories, versions, news, documents, wiki pages or files (depending on the user permissions and the modules that are enabled in the project). It comes as a more global solution than the "New issue" menu item which is removed in Redmine 3.3. Note that the "New wiki page" link is a new features on its own as there was no such links in previous Redmine versions (#5536).

Users who still prefer to see the "New issue" menu item can revert back to the previous behaviour. A new setting (Administration / Settings / Display / Project menu tab for creating new objects) lets you control that. You can also choose to hide both of these menu items, as the "New issue" link is also added to the top of the issue list.

Drag and drop order configuration for statuses, trackers, roles...¶

The lists of trackers, issues statuses, roles, custom fields that used to require multiple clicks for reordering items now supports drag and drop for doing this much quicker. You just need to use the green arrow to drag the items.

Bulk addition of watchers¶

The menu that appears when right-clicking on a selection of issues from the issue list now lets you add watchers to all the selected issues at once (right-click the selection then Watchers / Add).

Issue filtering by IDs¶

You can now filter a list of specific issues based on their IDs. To do that, you can use the new "Issue" filter and enter a comma separated list of issue IDs, or make a selection of issues from the issue list and use the new "Filter" link in the right-click menu. It will create the appropriate filter with the IDs of the selected issues and lead you to this list. This list can then be saved like other queries.

Code highlighting toolbar button¶

A new button is added to the Textile toolbar to easily insert highlighted code. It lets you choose the language among the 24 languages for which code highlighting is supported and inserts the appropriate tags in your text.

Redmine 3.2.3 and 3.1.6 are maintenance releases that include a few fixes. They are available for download.

Security: these 2 releases fix several persistent XSS vulnerabilities (reported by Olga Yanushkevich).

Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.

Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.

Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.

Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.

Redmine 3.2.1, 3.1.4 and 2.6.10 are maintenance releases available for download.

Redmine 3.2.1 fixes 20 defects and brings several improvements of the mobile layout introduced in 3.2.0 (Changelog). Please note that Redmine 2.6.10 is the last maintenance release for the 2.6 branch. Those who are still using Redmine 2.6 should consider upgrading to Redmine 3.

• Ability to import Issues from a delimited/CSV file
• Options to display totals for estimated/spent time and numeric custom fields on the issue list
• Option to set a default target version for new issues
• Initial status for new issues is now fully configurable in the workflow setup
• Responsive layout for mobile devices

Thanks to the numerous contributors who helped make this new release!

Redmine 3.1.3, 3.0.7 and 2.6.9 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users (Changelog).

Security: these 3 releases include a fix for a potential data disclosure on an Atom feed.

Redmine 3.1.2, 3.0.6 and 2.6.8 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users.
The list of changes is available in the Changelog.

Security: these 3 releases include a fix for a potential data disclosure on the time logging form.