ChiliProject 1.5.1 has just been released. This release is a security release to fix two security bugs in ChiliProject 1.5.0. It contains no other bug fixes or new features and it released for users who are unable to upgrade to ChiliProject 2.1.0. It is suitable for use on production websites running ChiliProject 1.x and we highly recommend that 1.x users download the release.
1.5.1 includes 2 security fixes that were back ported from ChiliProject 2.1.0.
- Bug #536: CSRF Protection
- Bug #544: XSS in app/views/issues/show.rhtml
Contributors to 1.5.1
I’d like to thank all of the contributors to the 1.5.1 release.
- Eric Davis
- Holger Just
- Jan Schulz-Hofen
- Joernchen of Phenoelit
I would especially like to thank Joernchen of Phenoelit and Jan Schulz-Hofen for reporting the security bugs to us through the correct channels.
The 1.x versions of ChiliProject is officially in maintenance mode and will only be getting security update from now on. We recommend upgrading to the current stable version of ChiliProject in order to get general bug fixes and features, currently ChiliProject 2.1.0.