Redmine插件中文站

Redmine version:5.1.3 and version:5.0.9 have been released and are now available for [[download]]. These are maintenance releases and only include fixes. You can review the list of fixes in the [[Changelog]].

The most important fix in these releases is for the “LoadError: cannot load such file – blankslate” exception that occurs when using the latest builder gem 3.3.0 (#40802). Additionally, Ruby on Rails has been updated to 6.1.7.8 (#40818), addressing two security vulnerabilities: CVE-2024-32464 and CVE-2024-28103.

Thanks to everyone who contributed to these releases.

Redmine version:“5.0.8” and version:“5.1.2” have been released and are available for [[download]]. These are maintenance releases and you can review the fixes included in the [[Changelog]].

Both versions contain multiple important fixes like #40099 which restores the old behaviour when filters users using API and #39862 and #39948 which add a dedicated proxy for plugins to register models that use acts_as_attachable. Rails was updated to 6.1.7.7 on both versions.

Thanks to everyone who contributed to the releases.

Redmine version:“5.0.7” and version:“5.1.1” have been released and are available for [[download]]. These are maintenance releases and you can review the fixes included in the [[Changelog]].

Redmine version:“5.1.1” contains an important fix for concurrency issues when MySQL > 5.6 is used as database back-end. Beside the update to 5.1.1, an additional MySQL configuration is needed to properly fix those issues, please read [[MySQL_configuration]]. Also, the CI matrix was updated and now all the tests run on MySQL 8 and PostgreSQL 14 ([[Continuous_integration]]).

Thank you to everyone who contributed to the releases and special thanks to Jens Krämer for fixing those old issues.

We are pleased to announce the release of Redmine version:5.1.0. This has a total of 148 new features and bug fixes.

Redmine 5.1.0 is available for download on our [[Download]] page. For a detailed overview of the improvements and fixes, please refer to the [[Changelog]].

With the launch of Redmine 5.1.0, we have concluded the maintenance of the Redmine 4.2 series. Going forward, we will be maintaining the 5.1 and 5.0 series. For those using Redmine 4.2 or earlier versions, we strongly recommend upgrading to Redmine 5.1 not only to benefit from the myriad of features and improvements introduced over recent years but also to keep your Redmine installation secure.

We extend our heartfelt gratitude to everyone who contributed to the development of Redmine 5.1.0, and to all who have been involved in this release.

Highlighted Features:

Administration:

• Re-implement admin project list using ProjectQuery system (#33422)
• Background job and dedicated status for project deletion (#36691)
• Upgrade Admin/Users list to use the query system (#37674)

Calendar:

• Display calendar in vertical list layout on mobile screens (#33682)

Email notifications:

• Auto watch issues on issue creation (#38238)

Filters:

• Multiple issue ids in "Related to" filter (#38301)
• "Any searchable text" filter for issues (#38402)
• "contains any of" operator for text filters to perform OR search of multiple terms (#38435)
• OR search with multiple terms for "starts with" and "ends with" filter operators (#38456)
• New issues filter operators "has been", "has never been", and "changed from" (#38527)

Importers:

• Allow to import time entries for issues in different projects (#36823)

Issues:

• Description for issue statuses (#2568)
• Mark edited journal notes as "Edited" (#31505)
• Add field separator option to CSV export dialog (#37621)

Time tracking:

• Make the only enabled activity in a project the default one for time entry (#10314)
• Add default spent time activity per role (#29286)

Translations:

• Add Tamil language support (#34924)

Important notice regarding Ruby versions:

Redmine 5.1.0 supports Ruby 2.7 to 3.2. Ruby 2.6 and earlier are no longer supported.

Redmine version:“4.2.11” and version:“5.0.6” have been released and are available for [[download]]. These are maintenance releases and contain some security fixes. You can review the fixes included in these maintenance releases in the [[Changelog]].

Security: these 2 maintenance releases fix XSS vulnerabilities. See [[Security Advisories]].

Thank you to everyone who contributed to the releases.

Redmine version:“4.2.10” and version:“5.0.5” have been released and are available for [[download]], you can review the changes in the [[Changelog]].

Security: these 2 maintenance releases contain some security fixes, you can review them in [[Security Advisories]].

Many thanks to all contributors that worked on the fixes!

Redmine version:“4.2.9” and version:“5.0.4” have been released and are available for [[download]], you can review the changes in the [[Changelog]].

These new versions contain 4 important security fixes, including an access control issue introduced in Redmine 5.0 that allows an unauthenticated user to download all attachments associated with a WikiContentVersion, so upgrading as soon as possible is highly recommended. You can review the [[Security_Advisories]] for more information.

Many thanks to all contributors that worked on the fixes and to Robert Dick, Frans Rosén, Noriko Totsuka from JPCERT/CC, Shiga Takuma of BroadBand Security, Inc. and Holger Just for reporting the security issues!

Redmine version:“4.2.8” and version:“5.0.3” have been released and are available for [[download]], you can review the changes in the [[Changelog]].

These new versions contain an important fix for a performance problem found in Redmine 4.2.7 and 5.0.2 (#37268) when database is Postgres and queries are filtered by a custom field value.

• Mention auto-complete not works in bulk-edit comments (#37369)
• Common Markdown Formatter does not render all properties on HTML elements (#37237)
• Updates to latest Rails versions (#37465 - 5.2.8.1 and #37452 - 6.1.7) with security fixes
• Updates to latest jQuery 3.6.1 and jQuery UI 1.13.2 (security fixes)

Many thanks to all contributors that worked on the releases.

Redmine version:“4.2.7” and version:“5.0.2” have been released and are available for [[download]], you can review the changes in the [[Changelog]].

These maintenance releases fixes some important issues and multiple security fixes that were found in the latest Redmine 4.2.* and 5.0.* versions.

1. Updates commonmark gem version to 0.23.4 when Ruby >= 2.6 is used in order to fix a remote code execution vulnerability. Because the fixed version of the gem doesn’t support Ruby 2.5, those instances that are using Redmine 5.0.*, Commonmark and Ruby 2.5, it is highly recommended to update Ruby version to at least 2.6 because it’s the only way to get the update and the fix. Also, the next major Redmine version (version:“5.1.0”) already dropped support for Ruby 2.5 (#37159).
2. Updates jQuery UI to 1.31.1 to fix 3 medium severity XSS vulnerabilities
3. Fixes unauthorised Information Leak in QueryAssociationColumn and QueryAssociationCustomFieldColumn when the user has no permission to view on the associated object

Many thanks to Liane Hampe and Felix Schäfer for reporting these security issues and to Holger Just and Felix Schäfer for their work on fixing all these issues.

Redmine version:“4.2.6” and version:“5.0.1” have been released and are available for [[download]], you can review the changes in the [[Changelog]].

These maintenance releases address some important issues that were found in the latest Redmine version:4.2.5 and version:5.0.0 releases.

• an update to the latest Ruby on Rails 5.2.8 for version:“4.2.6” and Rails 6.1.6 for version:“5.0.1” that fixes CVE-2022-22577 and CVS-2022-27777.
• an update to nokogiri gem that fixes another 2 CVEs: CVE-2021-41098 and CVE-2021-30560

Thanks to A Fora for reporting the nokogiri security issues and all the contributors who worked on these releases!