This release contains no new features and 3 other bug fixes. It is suitable for use on production websites running ChiliProject 3.x. While the issue can only be exploited for DoS attacks, we urge all ChiliProject administrators to update their installation immediately.
Users of the old 2.x release branch, please check the ChiliProject 2.11.0 release which includes the security fixes. Users still running an old 1.x install are strongly encouraged to update to a more recent version as that branch is not supported any more and doesn’t receive any updates.
3.8.0 contains a security fix for Rails (CVE-2013-1854) which is handled by enforcing an updated version of this dependency to ChiliProject. For details on the issues, please refer to the linked post on the Ruby On Rails security mailing list and the corresponding Rails 2.3.18 announcement on the Ruby on Rails blog.
In addition, this release corrects 3 bugs, including a bug where the datepickers on the start and due dates for new issues would disappear when changing the tracker.
The corresponding ChiliProject bugs are:
- Bug #1121: Date Picker Icons disappear when changing the Tracker
- Bug #1164: Error in “rake db:migrate:down VERSION=20100714111652”
- Bug #1248: Routing issue
- Security – Bug #1252: Update Rails to 2.3.18
How to upgrade
Please follow the Upgrade Guide in our Wiki. Make sure to run
bundle update during the upgrade procedure to install the new version of Rails. If you omit this step, you will receive an error message instructing you to update the bundle and ChiliProject will refuse to start.