Redmine

Redmine 3.1.3, 3.0.7 and 2.6.9 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users (Changelog).

Security: these 3 releases include a fix for a potential data disclosure on an Atom feed.

Redmine 3.1.2, 3.0.6 and 2.6.8 are maintenance releases for 3.1.x, 3.0.x and 2.6.x users.
The list of changes is available in the Changelog.

Security: these 3 releases include a fix for a potential data disclosure on the time logging form.

Redmine 3.1.1 is a maintenance release that includes 28 changes (Changelog). 3.0.5 and 2.6.7 are maintenance releases for 3.0.x and 2.6.x users.

Security: these 3 releases all include a fix for a security vulnerability (open redirect vulnerability). Users are encouraged to update to these fixed versions.

• Subtasking: option for independent subtask priority/start date/due date/done ratio (#5490), ability to filter the issue list by parent task or subtasks (#6118)
• Permission to view only your own time logs (#8929)
• Better handling of HTML-only emails (#16962), nokogiri is now used to parse incoming HTML
• Ability to limit the member management permission to certain roles (#19707)
• Security features (optional settings): ability to expire passwords after a configurable number of days (#19458), password re-entry for sensitive actions (#19851)

You can review all the changes in the Changelog.

About the maintenance of previous Redmine versions: 3.0.x maintenance will stop in favor of 3.1.x soon but Redmine 2.6.x will still be maintained until at least the end of 2015.

Redmine 3.0.4 and 2.6.6 are maintenance releases that fix several issues for 3.0.x and 2.6.x users.
You can review the changes in the Changelog.

Redmine 3.0.4 runs with the latest Rails version (4.2.3). Redmine 2.6.6 was upgraded to the latest 3.x Rails (3.2.22) that brings ruby 2.2 compatibility.
These upgrades both include fixes for several Ruby on Rails vulnerabilities (announcement).

Redmine 3.0.3 and 2.6.5 are maintenance releases that fix several issues for 3.0.x and 2.6.x users (Changelog).

Redmine 3.0.3 also fixes a regression introduced in 3.0.2 that prevents users who disabled the % done field from creating/updating issues (issue validation fails with "% done is not valid" error message).

Redmine 3.0.2 and 2.6.4 are maintenance releases that fix several issues for 3.0.x and 2.6.x users (Changelog).

Redmine 3.0.1 and 2.6.3 are maintenance releases that fix several issues for 3.0.x and 2.6.x users (Changelog).

I'm pleased to announce that the new feature release Redmine 3.0.0 is available for download.

This new version brings several improvements to the search engine (it's now much faster and includes new search options) and many new features: default issue status per tracker, multiple emails per user, ability to edit attachment descriptions and more. It now runs with the latest Rails 4.2.0 and ruby 1.8 is no longer supported. Redmine 3.0.0 requires ruby 1.9.3 or higher (and now supports ruby 2.2).

A bit of cleanup was done in the issues permissions system now that the workflow permission setting gives full control over editable or read-only fields. The `Move issues` permission is gone, you just need to set the project field as read-only if you don't want the users to be able to move issues. The behaviour that allowed users to edit a few issue properties if a status transition is allowed (even if these users don't have the `Edit issues` permission) is also dropped: the `Edit issues` is now required to change an issue status.

Redmine 2.6.2 is a maintenance relase that fixes several issues.

You can review the list of all changes in the Changelog.

Security: these new releases also fix a potential XSS vulnerability in flash messages rendering, discovered by Holger Just. If you're running 2.4, 2.5 or 2.6 and is not able to update, you can manually apply the attached patch that will fix this issue.

Redmine 2.6.1 is a maintenance release available for download.

It includes many fixes and several translations updates. You can review the list of changes in the Changelog.