Home » Archives for August 2011

Month: August 2011

ChiliProject 2.2.0 Released

ChiliProject 2.2.0 has just been released. It includes many bug fixes for ChiliProject 2.2.0 as well as a couple of security fixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

Download ChiliProject 2.2.0

What’s included

2.2.0 includes 1 new feature and 9 bug fixes for 2.2.0. The major highlights of this release are:

  • Update to Rails 2.3.14 which contains a couple of security fixes:
    • SQL Injection Vulnerability in quote_table_name: (CVE-2011-2930)
    • XSS Vulnerability in strip_tags helper: (CVE-2011-2931)
    • XSS Vulnerability in the escaping function in Ruby on Rails in Ruby 1.9: (CVE-2011-2931)
    • Response Splitting Vulnerability in Ruby on Rails : (CVE-2011-3186)
  • A smarter algorithm to resolve plugin dependencies

The full list of changes are below:

  • Bug #256: requires_redmine_plugin should defer loading plugins if not all dependencies are met
  • Bug #517: Remove included lib/faster_csv.rb
  • Bug #551: Hardcoded French string in wiki/diff.rhtml
  • Bug #552: Hardcoded English string in RepositoriesHelper
  • Bug #557: Calendar links for previous/next month contains double escaped characters
  • Bug #561: PDF export of issue gives TypeError (can’t convert nil into String)
  • Bug #573: acts_as_searchable definition in WikiPage may be insufficient and cause SQL errors
  • Bug #577: Invalid watcher user error when adding an invalid user as watcher
  • Bug #586: TabularFormBuilder doesn’t work with subforms
  • Feature #275: Implement requires_chiliproject and requires_chiliproject_plugin methods
  • Task #584: Upgrade to Rails 2.3.14

Contributors to 2.2.0

I’d like to thank all of the contributors to the 2.2.0 release.

  • Eric Davis
  • Felix Schäfer
  • Gregor Schmidt
  • Holger Just
  • Jean-Philippe Lang
  • Tom Rochette

The upgrading and installation documentation has already been updated for 2.2.0. If you have not yet upgraded to ChiliProject 2, make sure to follow the upgrading instructions in the release notes.

What’s Next?

This is the fourth release in our 2.0.0 series so we will continue to support it with monthly bugfix releases until around December 2011. Around that time the next major ChiliProject version will be released (3.0.0).

We are working on making ChiliProject leaner by removing custom code and using standard functionality from various gems instead. Based on that we are going to make ChiliProject much easier to install and upgrade. We are also going to introduce the new default theme which — besides looking great — will provide a much better user experience.

If you’re interested in participating or contributing to ChiliProject, please leave a comment below or post to our forums. This time is a great time to start contributing to the project and we would love to have your help with all aspects of ChiliProject.

In closing, go and download ChiliProject 2.2.0 now.

ChiliProject 2.1.1 Released

ChiliProject 2.1.1 has just been released. This release is a security release to fix numerous major security bugs that were discovered in ChiliProject 2.1.1. It contains no other bug fixes or new features. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

Download ChiliProject 2.1.1

What’s included

2.1.1 includes 1 major security fix for a set of XSS vulnerabilities that the core team discovered late last Friday after the release of 2.1.0.

  • Bug #557: Multiple XSS vulnerabilities

Contributors to 2.1.1

I’d like to thank all of the contributors to the 2.1.1 release.

  • Eric Davis
  • Holger Just

If you think you have found a security bug in ChiliProject please report it to the security team privately so we can follow responsible disclosure.

Download ChiliProject 2.1.1

ChiliProject 1.5.2 Released

ChiliProject 1.5.2 has just been released. This release is a security release to fix numerous major security bugs that were discovered in ChiliProject 1.5.1. It contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 2.1.1. It is suitable for use on production websites running ChiliProject 1.x and we highly recommend that 1.x users download the release.

Download ChiliProject 1.5.2

What’s included

1.5.2 includes 1 major security fix that was back ported from ChiliProject 2.1.1.

  • Bug #557: Multiple XSS vulnerabilities

Contributors to 1.5.2

I’d like to thank all of the contributors to the 1.5.2 release.

  • Eric Davis
  • Holger Just

If you think you have found a security bug in ChiliProject please report it to the security team privately so we can follow responsible disclosure.

What’s Next?

The 1.x versions of ChiliProject are officially in maintenance mode and will only be getting security updates from now on. We recommend upgrading to the current stable version of ChiliProject in order to get general bug fixes and features, currently ChiliProject 2.1.1.

Download ChiliProject 1.5.2