ChiliProject 2.1.0 has just been released. It includes many bug fixes for ChiliProject 2.0.0 as well as two security bugfixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.
2.1.0 includes 4 new features and 15 bug fixes for 2.0.0. The major highights of this release are:
- Fix for a potential XSS vulunerabily on the issue details page
- Stronger protection from CSRF attacks (CVE-2011-0447)
The full list of changes are below:
- Bug #191: Add Next/Previous links to the top of search results
- Bug #467: uninitialized constant Journal::Journaled
- Bug #498: Wrong filters for int and float custom fields
- Bug #511: Encoding of strings coming out of SQLite
- Bug #512: reposman.rb do not work properly in Gentoo Linux.
- Bug #513: Attached files in “comment” no longer link to file
- Bug #514: Multiple emails for each forum post
- Bug #523: Gzipped history of wiki pages is garbeled during an update of an older version to 2.0
- Bug #530: Start date default should consider timezone
- Bug #536: CSRF Protection
- Bug #537: Accessing version of newly created WikiContent results in NoMethodError
- Bug #540: Hook helper_issues_show_detail_after_setting gets different parameters in Chili 1.x and 2.0
- Bug #542: Double initial journal for migrated wiki history
- Bug #543: Journalized touch on journal update causes StaleObjectErrors
- Bug #544: XSS in app/views/issues/show.rhtml
- Feature #499: Due date sort order should sort issues with no due date to the end of the list
- Feature #506: Support for “local” Gemfile – Gemfile.local
- Feature #526: Bulgarian translation
- Feature #539: Remove dead code in IssueHelper
Contributors to 2.1.0
I’d like to thank all of the contributors to the 2.1.0 release.
- Eric Davis
- Felix Schäfer
- Gregor Schmidt
- Holger Just
- Ivan Cenov
- Jan Schulz-Hofen
- Joernchen of Phenoelit
I would especially like to thank Joernchen of Phenoelit and Jan Schulz-Hofen for reporting the security bugs to us through the correct channels.
The upgrading and installation documentation has already been updated for 2.1.0. If you have not yet upgraded to ChiliProject 2.0.0, make sure to follow the upgrading instructions in the release notes.
This is the second release in our 2.0.0 series so we will continue to support it with monthly bugfix releases until around December 2011. Around that time the next major ChiliProject version will be released (3.0.0). The development team is getting ready to work on the major features for ChiliProject 3.0.0 now. The first one I’m going to work on will be a new theme and layout based on the popular theme from Shane and Peter.
If you’re interested in participating or contributing to ChiliProject, please leave a comment below or post to our forums. This time is a great time to start contributing to the project and we would love to have your help with all aspects of ChiliProject.
In closing, go and download ChiliProject 2.1.0 now.