ChiliProject 3.4.0 has just been released. It includes lots of bug fixes for ChiliProject 3.3.0 as well as 3 security fixes. It is suitable for use on production websites and we highly recommend that all users download the release as soon as possible.

Download ChiliProject 3.4.0

What’s included

3.4.0 includes 3 security fixes for Rails as well as 11 bug fixes for 3.3.0. The security fixes fix two XSS vulnerabilities (CVE-2012-3464, CVE-2012-3465) and a SQL injection vulnerability (CVE-2012-5664) of Rails.

The full list of changes:

• Bug #904: Copy workflow doesn’t work on per-author / per-assigned modifier
• Bug #1087: Document category is not saved properly
• Bug #1090: List of saved queries is not accessible outside of a project
• Bug #1111: use a monospace font in wiki-text
• Security – Bug #1113: Potential XSS Vulnerability in Ruby on Rails
• Security – Bug #1114: XSS Vulnerability in strip_tags
• Bug #1118: Missing caption in file redmine.rb
• Bug #1134: HEAD is not considered a read-only method in Redmine.pm
• Bug #1142: Darcs repository adapter doesn’t work with newer versions (~2.5) of Darcs
• Bug #1144: configuration.yml.example is broken
• Bug #1188: Selecting “Current project and its subprojects” isn’t saving.
• Bug #1194: Problems migrating from chili 2.0.0 to 3.3.0
• Security – Bug #1195: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
• Bug #1197: Links to new and existing Pages in chili wikis have the same color. Thats boring.
• Task #1192: Add a CONTRIBUTION document

Contributors to 3.4.0

• Alf Gaida
• Carlos Moreira
• Felix Schäfer
• Holger Just
• Jean-Philippe Lang
• Toshi MARUYAMA