Redmine

h1. Changelog 6.0.x

h2. version:6.0.9 (2026-03-16)

h3. [Code cleanup/refactoring]

* Patch #43872: Update GitHub Actions workflow dependencies

h3. [Database]

* Patch #43668: Serialize address limit checks during email_addresses#create

h3. [Issues]

* Feature #43837: Add a hint to the issue relation add form that clarifies multiple comma-separated issue IDs are accepted

h3. [Issues filter]

* Patch #43736: author.group filter test fix

h3. [Issues list]

* Defect #31972: An empty group_count badge is displayed when grouped with created_on

h3. [Permissions and roles]

* Feature #43659: Set minimum width for Permission column in permission report

h3. [Security]

* Defect #43661: Unsafe eval usage in AttachmentsHelper

* Defect #43690: Directory Traversal via Backslash-Separated Paths in Filesystem SCM

* Defect #43691: DOM (Stored) XSS in @mention autocomplete via unescaped user name

* Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter)

* Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query Filter Generation

* Defect #43830: User who is allowed to view only their own time entries can retrieve other users’ time entry details by directly specifying the TimeEntry ID via the REST API

* Defect #43840: Update Nokogiri to 1.19.1

h3. [Text formatting]

* Defect #40918: Wiki "Edit this section" does not extract SeText headings correctly in CommonMark Markdown

h3. [UI]

* Defect #43804: Custom field preview does not work on bulk issue edit

* Defect #43869: Default assignee selected by category is not shown in UI

h2. version:6.0.8 (2026-01-05)

h3. [Code cleanup/refactoring]

* Defect #43441: Fix failures in test/system/issues_test.rb

* Patch #43638: Update copyright year to 2026

h3. [Custom fields]

* Defect #43521: Saving a custom field fails with 500 when regular expression is invalid

h3. [Gems support]

* Defect #43609: Tests fail with minitest 6.0

h3. [Issues list]

* Defect #43283: Overdue due date text does not turn light gray when issue is selected

h3. [No category]

* Patch #43275: Remove continue-on-error: true from the system test job in GitHub CI

h3. [Rails support]

* Patch #43633: Update Rails to 7.2.3

h3. [Security]

* Defect #43451: PostScript disguised as PDF can lead to arbitrary file operations via thumbnail generation

* Defect #43634: Authorization bypass in Redmine allows modification of attachment metadata on invisible issues

* Defect #43635: Authorization bypass in Redmine allows deletion of attachment on invisible issues external

h3. [SCM]

* Defect #43525: "label_added" is not translated in the repository revision view legend

h3. [Text formatting]

* Defect #43612: Inline code rendering does not preserve multiple spaces

h3. [Translations]

* Patch #43490: Japanese translation update (jstoolbar-ja.js) for 6.0-stable

h3. [UI]

* Defect #43378: Column headers are slightly shifted to the right in tables in list views

* Defect #43527: Login and Email columns are unexpectedly center-aligned on the Users page since Redmine 5.1

h2. version:6.0.7 (2025-09-21)

h3. [Administration]

* Defect #43174: CookieOverflow error when deleting a tracker used by many projects

h3. [Code cleanup/refactoring]

* Patch #43035: Remove empty rubyonrails.yml on 6.0-stable branch

h3. [Documentation]

* Defect #43204: Adds missing documentation for issue macro to fr and ru languages

h3. [Gantt]

* Defect #43014: Content in selected columns overflows to the right in Gantt chart

h3. [Importers]

* Defect #42957: Incorrect "for" attribute in labels of issue relations import

h3. [Issues]

* Defect #43192: Done ratio interval in issue context menu does not respect Done Ratio Interval setting

h3. [Rails support]

* Patch #43141: Update Rails to 7.2.2.2

h3. [Security]

* Defect #42998: Username and password stored in login form

* Defect #43083: Information disclosure in Two-Factor Authentication

* Defect #43161: When copying issues, all existing custom values are set to the new issue without sufficient validation

h3. [SCM]

* Defect #43002: RepositoriesSubversionControllerTest fails in 5.1-stable due to missing foo.js in test repository

h3. [Translations]

* Patch #42971: Italian translation update for 6.0-stable

h3. [UI]

* Defect #43004: Watchers list is not properly displayed in Gantt table

* Defect #43175: Fix some issues with missing or misplaced html tags

* Patch #43008: Display icon-actions on hover with the same color as links

* Patch #43196: Improve spacing of checkboxes in CSV export options dialog

h2. version:6.0.6 (2025-07-07)

h3. [Attachments]

* Defect #42920: Missing icon in attachments upload form

h3. [Code cleanup/refactoring]

* Defect #42687: Fix random failures in several system tests with Chrome 133 and later

* Patch #42422: Use Capybara's assert_current_path in "log_user" steps to wait for page in ApplicationSystemTestCase

* Patch #42600: Suppress "Change your password" popup for stable system tests

* Patch #42756: Update tests for rails-dom-testing 2.3.0 whitespace collapsing

h3. [Database]

* Defect #42622: Joining both atom_token and api_token on the User model causes an error due to the ambiguous column name "action"

h3. [Documentation]

* Defect #42644: Noto Sans fonts are not applied on Wiki syntax help pages

* Defect #42657: Update documentation links and fix config flag typo

* Patch #42618: Add missing allowed CSS properties to the CommonMark Markdown help

h3. [Email receiving]

* Defect #42962: Mail handler fails to create issues from emails over 4MB on Rack >= 3.1.14

h3. [Gems support]

* Defect #42606: RuboCop warning about deprecated `EnsureNode#body` with rubocop-ast >= 1.41

h3. [I18n]

* Defect #42815: Limit available locales to those defined by Redmine itself no longer works

h3. [Issues list]

* Defect #42807: Progress Bar in issues list has a border above it

h3. [Issues workflow]

* Defect #42875: "Page not found" error when saving workflows with many statuses on Rack >= 3.1.14

h3. [No category]

* Patch #42688: Run system tests on GitHub CI

h3. [Performance]

* Defect #42933: Fix N+1 query issue in Wiki history page when loading authors of  Wiki content versions

h3. [SCM]

* Defect #42839: Downloading .js files from the repository browser fails with a 422 error due to ActionController::InvalidCrossOriginRequest

* Patch #42597: Skip some Mercurial tests when using Mercurial 5.1 or later in Redmine 6.0 or 5.1

h3. [Security]

* Patch #42662: Require net-imap gem 0.2.5, 0.3.9, 0.4.20, 0.5.7, or later to address CVE-2025-43857

h3. [Text formatting]

* Defect #42332: "Edit this section" button is missing for headings rendered as multiline HTML

* Defect #42648: Wiki/CommonMark: Broken references for multiple footnote usage

h3. [Translations]

* Patch #42739: Persian translate update for 6.0-stable

* Patch #42754: Swedish translation update for 6.0-stable

h3. [UI]

* Defect #42640: Query totals overlaps query buttons when an RTL language is used

* Defect #42654: Text in project jump box is vertically misaligned

* Defect #42773: Padding in the Preview tab is larger than in the actual rendered content

* Defect #42786: "Clear" button for custom queries has incorrect styling inside the flyout menu

* Defect #42797: Loading and waiting icons use legacy icons and overlap filename when attaching files

* Defect #42953: Replace legacy other download icon with SVG icon

* Patch #42641: Improve SVG contrast when an item is selected in administration sidebar

* Patch #42794: Hide irrelevant information when printing

h3. [Wiki]

* Defect #42558: JPEG images are not shown in exported PDF files

h2. version:6.0.5 (2025-04-20)

h3. [Administration]

* Defect #42584: NoMethodError when creating a user with an invalid email address and domain restrictions are enabled

h3. [Attachments]

* Defect #42394: Inconsistent behaviour between attachment download routes with and without filename

h3. [Code cleanup/refactoring]

* Patch #42562: Fix random test failure in ProjectAdminQueryTest due to missing language setting

* Patch #42572: Fix random test failure in MemberTest#test_update_roles_with_inherited_roles due to non-deterministic ordering

h3. [Custom fields]

* Defect #42342: Missing thousands separator in Integer and Float custom field totals

* Patch #41935: Add "editable" attribute in the custom fields API response

h3. [Gantt]

* Defect #42145: MiniMagick (> 5) removed cli_path, result crash when supplied imagemagick_convert_command

h3. [Issues]

* Defect #42458: "For all projects" checkbox should be disabled when editing an existing query in which the checkbox is already checked

h3. [Performance]

* Defect #40728: Slow loading of global spent time list in MySQL

* Feature #42574: Optimize autocomplete issue listing triggered by typing "##" by eager loading trackers

h3. [Plugin API]

* Defect #42509: Plugin activity icons broken when multiple plugins are loaded

h3. [Projects]

* Patch #42440: Fix project selector focus by explicitly targeting the first selected item

h3. [SCM]

* Patch #42500: Skip repository tests when the SCM client command is unavailable

h3. [Text formatting]

* Defect #42545: Commit message in issue history might be rendered in incorrect context

h3. [UI]

* Defect #41828: In mobile view, delete relation svg icon in 'Related Issues' on an issue page, overflow text

* Defect #41833: Tabs left / right buttons use legacy icons

* Defect #41947: Collapse arrow shows the wrong direction at /workflows/edit

* Defect #41952: Flash notice icons use the legacy icons 

* Defect #41967: Replace SCM action legacy icons with SVG icons in the tree view of the repository browser

* Defect #42181: Project jump box uses legacy caret icons

* Defect #42285: Icon expanded for closed fixed versions missing

* Defect #42286: Context menu right arrow uses the legacy icon

* Defect #42369: Expander icons not switch in Collapse all/Expand all 

* Defect #42465: Improve SVG icon compatibility with RTL languages

* Defect #42487: Improve SVG contrast when a row is selected on table list

* Defect #42520: PNG icon displayed instead of SVG in subtasks list when viewing all tasks

* Defect #42532: Expander icon not working in repository tree

* Defect #42575: Fix sidebar switch button display in RTL language

* Defect #42576: Newly attached files are displayed using the legacy icons

* Patch #42497: Adjust the position of the news comment delete button

* Patch #42577: Replace legacy Atom icon with SVG icon

* Patch #42596: Do not show user icon in add watchers modal when gravatar is disabled

h2. version:6.0.4 (2025-03-10)

h3. [Administration]

* Feature #42008: Expose default Rails health check endpoint "/up" for load balancers and uptime monitoring

h3. [Code cleanup/refactoring]

* Defect #42200: InlineAutocompleteSystemTest login test fails randomly

* Patch #42244: Fix random failures in IssuesTest#test_bulk_copy due to StaleElementReferenceError

h3. [Custom fields]

* Defect #42233: Float custom values with ',' as decimal separator are not converted to '.' and cause SQL errors when sorting or summing

h3. [Gems support]

* Defect #42245: 5.1-stable: Redmine fails to start with error: Unknown database adapter `"mysql2"` found in config/database.yml

h3. [No category]

* Feature #30069: Use GitHub Actions as a secondary CI solution to run tests through the existing mirroring

h3. [Project settings]

* Defect #42192: Project settings members tab may raise ArgumentError if orphaned member records exist

h3. [Security]

* Defect #42238: Stored Cross-Site Scripting (XSS) in custom query

* Defect #42326: Stored Cross-Site Scripting (XSS) in macros

* Defect #42352: ProjectQuery leaks details of private projects

* Defect #42194: /my/account does not correctly enforce sudo mode

* Patch #42333: Update Nokogiri to 1.18.3

h3. [Time tracking]

* Defect #42172: `format_hours` method produces incorrect output for negative time values when `Setting.timespan_format` is "minutes"

h3. [Translations]

* Defect #42170: Fix Turkish translation of field_assignable

* Patch #42239: Czech translation update for 6.0-stable

h3. [UI]

* Defect #42229: Latest news box on home page misses icons

h3. [UI - Responsive]

* Defect #42182: Poor color contrast of icons on flyout menu

h2. version:6.0.3 (2025-01-29)

h3. [Accounts / authentication]

* Defect #41930: Redirection after signing in fails when the back_url includes a port number

h3. [Activity view]

* Defect #42003: Misalignment of icons and titles in Activity view

* Defect #42070: Whitespace missing after hyphen between project name and event title in Activity view

* Feature #42038: Improve readability by adjusting font sizes and colors in activity view and search results

h3. [Attachments]

* Defect #42084: Placeholder icon for non-existent thumbnail flickers rapidly on hover

h3. [Code cleanup/refactoring]

* Defect #42088: Fix incorrect syntax in application.css on 6.0-stable

* Patch #41961: Use `fixtures :all` to ensure consistent test data and improve test reliability

* Patch #42089: Fix Lint workflow error on 6.0-stable due to unsupported ruby/setup-ruby on Ubuntu 24.04

* Patch #42140: Update footer copyright year to 2025

h3. [Gantt]

* Defect #41925: Context menu submenus close unexpectedly on Gantt chart due to z-index conflict

h3. [Gems support]

* Defect #42013: Redmine fails to start with error: Unknown database adapter `"mysql2"` found in config/database.yml

h3. [Issues]

* Defect #42066: NoMethodError exception occurs in IssuePriority#high and #low when both default and active priorities are absent

h3. [Permissions and roles]

* Defect #42106: Member roles are incorrectly added when a user's memberships are updated

h3. [Rails support]

* Defect #42113: Redmine 5.x not starting with ActiveSupport Logger error

* Patch #41970: Updates Rails to 7.2.2.1

h3. [UI]

* Defect #42023: Search results page uses legacy icons

* Defect #42051: "Font used for text areas" setting causes inconsistent font size

* Defect #42117: Key-value list reorder icon uses legacy icon

* Defect #42126: The member table layout breaks due to .icon class on td elements

* Defect #42130: Multiselect toggle uses legacy icons

* Feature #42005: Improve readability of error pages by updating fonts and layout

* Feature #42072: Adjust font size for breadcrumb and subtitle to improve readability and consistency

h2. version:6.0.2 (2024-12-11)

h3. [Accounts / authentication]

* Feature #41927: Enable browser autocomplete for 2FA input fields

* Feature #41937: Enable browser autocomplete for login input fields

h3. [Code cleanup/refactoring]

* Defect #41795: Missing fixture: a test does not pass if the 'issue_categories' fixtures are not already loaded

* Patch #41623: Fix tests that randomly failed due to required fixtures not being loaded

* Patch #41861: Add License URLs to Icons Credits

* Patch #41881: Improper deletion of custom fields in IssueNestedSetConcurrencyTest causes test failures of other tests

* Patch #41889: Fix random test failures in Redmine::Acts::MentionableTest due to unsorted mentioned_users

* Patch #41894: Fix random test failure by ensuring WatchersController#find_objects_from_params returns results in consistent order

* Patch #41901: Fix random test failure in DestroyProjectsJobTest due to unsorted @projects

* Patch #41902: Fix class name to match file name in keyboard_shortcuts_test.rb

* Patch #41914: Fix random test failure in UserTest#test_validate_password_complexity due to missing explicit language setting

* Patch #41931: Fix random failures in IssueRelationTest#test_create_with_initialized_journals due to ambiguous conditions for retrieving the expected detail

* Patch #41934: Fix random test failure in ProjectsControllerTest::test_post_copy_should_copy_requested_items due to missing :issue_categories fixture

* Patch #41951: Fix random test failure in IssueTest due to unsorted expected_statuses

h3. [Documentation]

* Feature #41754: Add asset precompilation instructions to doc/INSTALL and doc/UPGRADING

h3. [Email receiving]

* Defect #41737: Deprecation warning for IMAP4 email receiving: "Call Net::IMAP.new with keyword options"

h3. [Gantt]

* Defect #41786: Long subject may not be displayed in Gantt chart with narrow column width

h3. [Gems support]

* Defect #41749: Warning during startup: "Unresolved or ambiguous specs during Gem::Specification.reset"

* Defect #41860: FrozenError when using SQLite3 gem version 2.0.0 or later

h3. [Issues]

* Defect #40301: Error when create a version with custom field of "File" type from Issue page

h3. [Plugin API]

* Defect #41880: Plugin activity icons broken after switching to SVG icons

h3. [REST API]

* Defect #41791: Projects endpoint returns list of all projects

* Defect #41819: Time entry API returning `hours` as Rational instead of Float

h3. [SCM]

* Patch #41775: Adjust the vertical alignment of icons in the tree view of the repository browser

h3. [Time tracking]

* Defect #41895: Spent time CSV report returning `hours` as Rational instead of Float

h3. [Translations]

* Patch #41736: Update Turkish translation of label_description from "Yorum" to "Açıklama"

* Patch #41945: Bulgarian translation update for 6.0-stable

h3. [UI]

* Defect #41714: Replace search and magnifier icons with SVG icon

* Defect #41756: An unnecessary scroll bar is displayed on the user's profile page

* Defect #41778: Name field in custom query creation/edit form is not marked as required

* Defect #41779: Restore `margin-top` for `#sidebar h3`

* Defect #41780: Unnecessary indentation for "Completed versions" in the Roadmap sidebar

* Defect #41789: HTML syntax broken for sidebar-wrapper

* Defect #41818: Redundant tooltip appearing after clicking the ellipsis button in the action menus

* Defect #41821: Icons shrink in the Activity view when event titles are long

* Defect #41853: Group icons in watchers and membership modals are using a mix of legacy and SVG icons

* Defect #41864: Report tab of Spent time page still displays deprecated raster icons instead of SVGs

* Defect #41873: Table layout breaks due to .icon class on td elements

* Defect #41883: Download button in issue comments still uses deprecated raster icon

* Defect #41918: Replaces warning icon with SVG in watcher list and workflow warnings

* Defect #41957: Remove nesting selectors because are not support in old browsers

* Feature #41748: Optimize font loading by replacing variable fonts with specific weights for Noto Sans

h3. [UI - Responsive]

* Defect #41822: First icon on the Activity page is replaced with chevrons-left or chevrons-right in responsive mode

h2. version:6.0.1 (2024-11-12)

h3. [Gems support]

* Defect #41729: Installing Redmine 6.0.0 may cause a LoadError for svg_sprite

* Patch #41728: Update Rouge gem to 4.5

h3. [Issues list]

* Defect #40303: Layout distortion in issue list descriptions with code blocks

h2. version:6.0.0 (2024-11-10)

h3. [Accounts / authentication]

* Defect #28243: Principal.not_member_of scope does not accept ActiveRecord::Relation

* Feature #37279: Reject passwords that are the same as login, first name, last name, or email

* Feature #38853: Changes user visibility from "all" to "member of visible projects" for new roles and existing builtin roles

* Feature #39500: Change the default notification option for users to "Only for things I watch or I am assigned to"

h3. [Administration]

* Feature #12521: Improve tracker deletion error message to display projects containing issues under the tracker 

* Feature #40913: Add bulk lock/unlock feature to user list context menu

h3. [Attachments]

* Defect #38966: Attachment custom fields not removed when issue is deleted

* Feature #37530: Add timeout for thumbnail generation process

h3. [Calendar]

* Patch #41509: Replace "even" and "odd" CSS classes with "this-month" and "other-month" for calendar days

h3. [Code cleanup/refactoring]

* Defect #31507: Test fails if trailing whitespaces are removed

* Defect #31831: Back url parse in validation

* Defect #32985: Remove unnecessary use of instance variables in CSV and Atom response handlers

* Defect #37730: Missing copyright headers in source files

* Defect #39527: Deprecate unused ApplicationHelper#render_if_exist

* Defect #40205: ThemesTest may fail if a third-party theme having theme.js is installed

* Feature #39111: Enable Asset Pipeline Integration using Propshaft

* Feature #40190: Stop appending the utf8 checkmark parameter to form URLs

* Patch #27510: Introduce active? method to Group via Principal model

* Patch #32523: Replace `for` loops with `forEach` in buildFilterRow function

* Patch #35217: Replace use of Digest::MD5 / Digest::SHA1 with ActiveSupport::Digest

* Patch #36806: Remove rss_* deprecated methods

* Patch #38975: Use ApplicationRecord instead of ActiveRecord::Base

* Patch #39110: Replacing request_store with ActiveSupport::CurrentAttributes

* Patch #39380: Replace hardcoded issues count check with `limit` variable in IssuesController#retrieve_previous_and_next_issue_ids

* Patch #39558: Remove deprecated methods in Repository and AbstractAdapter

* Patch #39777: Remove useless method #run_in_request? from db/migrate/20221214173537_add_select_project_publicity_permission.rb

* Patch #39971: Remove specific platform constraints for database adapter gems

* Patch #40087: Rewrite ApplicationHelper#favicon_url method using image_url

* Patch #40124: Remove deprecated empty status param to get all users from API

* Patch #40210: Remove overrides that inserts a non-breaking space (nbsp) to empty option elements

* Patch #40211: Remove appveyor.yml

* Patch #40506: Remove redundant ApplicationHelper inclusions

* Patch #40513: Fix initial_page_content method to avoid referencing @page instance variable in wiki formatting helpers

* Patch #40652: Replace MD5 with SHA256 when creating the hash for gravatar URL

* Patch #40691: Remove ambiguity in queries utilizing a Project scope

* Patch #40801: Add missing fixture journal_details to JournalsHelperTest

* Patch #40882: Remove unused "label_browse" from all locales

* Patch #41023: Set default age parameter for User.prune to 30 days

* Patch #41142: Add missing assertion in Redmine::MenuManager::MapperTest#test_push_onto_root

* Patch #41188: Refactor Calendar#first_wday method for improved readability and efficiency

* Patch #41238: Fix test failure in IssuesSystemTest due to incorrect attachment count expectation

* Patch #41287: Add .vscode to svn:ignore, .gitignore, and .hgignore

* Patch #41402: Remove Internet Explorer-specific CSS rules and vendor prefixes

h3. [Custom fields]

* Defect #27543: Key/value-pair custom field type not available to all customisable contents

* Feature #39997: Add an option to render values of Integer- and Float-format custom fields with thousands delimiters

h3. [Database]

* Feature #35014: Review and update supported database engines and versions 

* Patch #34218: Increase size of value field in settings

h3. [Documentation]

* Feature #40681: Dynamic generation of supported code highlighting languages in help section

* Patch #40202: Add LICENSE.txt in the root directory

* Patch #41011: Add more configuration examples to config/additional_environment.rb.example

* Patch #41469: Update helps and docs to use HTTPS links instead of HTTP

h3. [Email notifications]

* Feature #13359: Add project identifier to List-Id header in notification emails for better Gmail filtering

* Feature #40569: Add an option to send email notification when an attachment is added

* Feature #41450: Include attachment filename in "File added" email notification subject

h3. [Feeds]

* Feature #34025: Raise the maximum length of the title element in the Atom feed from 100 to 300 characters

h3. [Forums]

* Defect #41234: Forum message's subject field overflows beyond container

h3. [Gems support]

* Patch #37258: Switch default backend of ActiveSupport::XmlMini from rexml to Nokogiri

* Patch #39547: Prevent automatic requiring of unnecessary gems at runtime

* Patch #39887: Update RuboCop to 1.68

* Patch #39888: Update RuboCop Performance to 1.22

* Patch #39889: Update RuboCop Rails to 2.27

* Patch #39972: Update Nokogiri to 1.16.0

* Patch #39985: Update SQLite3 gem to 1.7

* Patch #40685: Update roadie-rails to 3.2.0

* Patch #41312: Update MiniMagick to 5.0

h3. [Hook requests]

* Feature #41044: Add view hooks in My page

h3. [I18n]

* Feature #21677: Support localized decimal separator for hours in the web UI

* Feature #22024: Support localized decimal separators for float values

* Feature #29208: Support email addresses with IDN (internationalized domain names) in user accounts

* Patch #39879: Fix hardcoded string on user preferences page

h3. [Importers]

* Defect #41464: CSV file encoding auto-detection may fail with multibyte characters

* Feature #39511: Auto-detection of field wrapper type when importing CSV file

h3. [Issues]

* Defect #41572: `updated_by_id` in Journal retains deleted user id instead of being set to `User.anonymous`

* Feature #691: Add column totals to Issues Summary Report

* Feature #9309: Add description field to custom queries

* Feature #16045: Add "Author / Previous assignee" group to assignee dropdown in issue form

* Feature #31756: Introduce setting for done ratio options interval

* Feature #36197: Add configurable setting for copying attachments when copying an issue

* Feature #41202: Change the default CSV export encoding to UTF-8

h3. [Issues filter]

* Feature #7867: Add filters for "Author's group" and "Author's role" to issues list

* Feature #39805: Extend "contains" operator in "Parent task" filter to support multiple issue IDs

h3. [Issues list]

* Feature #29894: View watchers on the issue list

* Feature #37862: Estimated time remaining issue query column

h3. [Performance]

* Patch #23328: Optimize Project#notified_users to improve issue create/update speed

* Patch #39835: Optimize repository menu visibility check

* Patch #39837: Optimize query models by replacing `map` with `pluck`

* Patch #39840: Optimize `Issue#relations` method to fetch both `relations_from` and `relations_to` using a single query

* Patch #39847: Cache the result of `Journal#attachments`

* Patch #39849: Optimize IssueCategory SQL queries when showing an issue

* Patch #39852: Optimize queries visibility check

* Patch #39857: Optimize users visibility check

* Patch #39993: Optimize loading of journals, relations, and allowed_statuses in IssuesController#show for API requests

* Patch #40000: Optimize gantt chart rendering for issues without subtasks

* Patch #40008: Replace String#sub with delete_prefix / delete_suffix

* Patch #40010: Replace regular expression matches with String#start_with? / end_with?

* Patch #40775: Reduce an extra SQL query in IssuesController#retrieve_default_query

* Patch #40798: Optimize Version model

h3. [Projects]

* Feature #23954: Shows the date of the last activity on Projects administration

* Feature #40829: Expose project updated_on column and filter in project query

h3. [REST API]

* Feature #23307: Include auth_source field in User API response

* Feature #38948: Add user status to users list API

* Feature #40449: Add updated_on and updated_by fields to Issues API journal response

h3. [Rails support]

* Defect #38155: RuntimeError when reloading Rails console

* Feature #36320: Migrate to Rails 7.2

* Feature #40092: Drop FastCGI support

h3. [Roadmap]

* Defect #4682: Completed version with wrong progress bar status

* Defect #24457: Progress of version should be calculated the same way as parent tasks

h3. [Ruby support]

* Feature #38585: Drop Ruby 2.7 and 3.0 support

* Feature #39761: Ruby 3.3 support

h3. [SCM]

* Defect #39747: Diff of a javascript file in repository module is not displayed with layout 

* Defect #40020: ScmData.binary? incorrectly considers UTF-8 text as binary

* Feature #39238: Redirect to repositories#show after repositories#fetch_changesets to avoid the user-visible browser URL

h3. [Search engine]

* Feature #38446: Support multiple multi-word phrases in the search engine

h3. [Text formatting]

* Defect #34473: Displaying the table of content on the right causes wrong position

* Defect #40515: Displaying issue descriptions in the issues list ignores CommonMark table alignment

* Defect #40650: Fix duplicate alt and title attributes when alt text is specified for attached images in Textile formatter

* Defect #41467: Unexpected font size on CommonMark Markdown help pages due to missing doctype declaration

* Feature #20620: Add data-text-formatting attribute for selected markup language to body tag

* Feature #36594: Relax rouge version dependency in Gemfile

* Feature #40149: Drop deprecated Redcarpet based Markdown formatter

* Patch #40014: Add support for quoted arguments containing commas in wiki macros

* Patch #40939: Add "underline" button to jsToolbar for CommonMark Markdown formatting

h3. [Themes]

* Defect #26778: Invalid "theme-*" CSS class in body element when theme name contains spaces

h3. [Third-party libraries]

* Feature #40853: Upgrade jQuery to 3.7.1

* Feature #40864: Upgrade jQuery UI to 1.13.3

h3. [Time tracking]

* Defect #36897: The minutes part of a time entry is displayed as 60 instead of being carried over

* Defect #40914: Fix precision issues in TimeEntry#hours calculation by returning Rational instead of Float

* Defect #41401: Hours column in "Details" tab of Spent time is not right-aligned

* Feature #41053: Add "User's group" and "User's role" filters to Spent time list

h3. [UI]

* Defect #37390: Extraneous whitespace when selecting and copying issue number on Chrome/Windows

* Defect #38915: Duplicate spacer id in jsToolBar

* Defect #39795: Fix improper error highlighting for description field in issue form

* Feature #2464: Add placeholder "h:mm" to hours field for better user guidance

* Feature #2499: Change CSS font-size units from px to rem to respect browser font settings

* Feature #21808: Make the Sidebar collapsible, stateful

* Feature #23980: Replace icon images with Tabler SVG icons

* Feature #40901: Disable custom query links while loading to prevent multiple requests

* Feature #41266: Improve header design with gradient background

* Feature #41272: Improve tooltip positioning for thumbnails

* Feature #41294: Partial quoting feature for Issues and Forums

* Feature #41298: Refine UI with updated box styling and border colors

* Feature #41321: Improve readability by refining font sizes and switching to Noto Sans font

* Feature #41475: Improve table readability by adding row borders

* Feature #41500: Swap odd and even table row background colors

* Patch #33638: Add informative default welcome text for new installations

h3. [UI - Responsive]

* Feature #39806: Improve filter rendering on narrow screens by replacing the layout tables with a flex layout