ChiliProject 2.3.0 has just been released. It includes some bugfixes for ChiliProject 2.2.0 as well as one security fix. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.
Users of the old 1.x release branch, please check the 1.5.3 release which includes the security fix.
2.3.0 includes 3 new feature and 4 bug fixes for 2.2.0. The major highlights of this release are:
- Our Gemfile is more compatible to Windows deployments.
- The bundled Redmine.pm adapter for connection Subversion repositories to ChiliProjects Authentication and Authorization model now checks that the anonymous user has the actual browser_repository right on public projects. This should only affect very few people. It exposed repositories of public projects where the anonymous user has not given the browse_repository right read-access. Non-public projects were not affected and their content was not exposed.
The full list of changes are below:
- Bug #594: Wiki Diff somehow off
- Bug #617: Gemfile: Missing database related platform block for Windows + RubyInstaller
- Bug #619: Redmine.pm allows anonymous read access to repositories even if Anonymous role prohibits it
- Bug #633: Update from 1.x to 2.x impossible under rare but valid circumstances
- Feature #355: Turn on/off the if the start date will autofill by default
- Feature #566: The “Watcher” filter should show all users.
- Feature #644: Add Check/Uncheck all links to project form
Contributors to 2.3.0
- Felix Schäfer
- Gregor Schmidt
- Holger Just
- Igor Zubkov
- Jan Schulz-Hofen
- Nick Peelman
A special thanks goes out to Jan Schulz-Hofen for finding and responsibly disclosing the Redmine.pm issue.
In closing, go and download ChiliProject 2.3.0 now.