ChiliProject 1.5.0 has just been released. This release is a security release to fix a potential XSS bug in the Remote Authorization Sources (e.g. LDAP Authentication). It is suitable for use on production websites and we recommend that all users download the release.
1.5.0 includes 1 security bug fix and 1 small feature.
- Bug #490: XSS in app/views/auth_sources/index.html.erb
- Feature #488: Hook for additional formats on Wiki#show page
Contributors to 1.5.0
I’d like to thank all of the contributors to the 1.5.0 release.
- Eric Davis
- Felix Schäfer
- Jan Schulz-Hofen
- MAEDA, Go
- Tom Kersten
We would also like to especially thank MAEDA, Go for reporting and providing a patch to the potential XSS security vulnerability.
Migrating from Redmine
We have tested migrating several different Redmine sites from and have documented an easy upgrade process on our wiki. This release is also compatible with existing Redmine themes and plugins. If you have any questions or need help with the migration, please come by our IRC channel or forums.
We are working on the final bug fixes for the next release candidate for ChiliProject 2.0.0. If you’re interested in participating or helping out the development, please leave a comment below or post to our forums.