ChiliProject 3.4.0 has just been released. It includes lots of bug fixes for ChiliProject 3.3.0 as well as 3 security fixes. It is suitable for use on production websites and we highly recommend that all users download the release as soon as possible.
3.4.0 includes 3 security fixes for Rails as well as 11 bug fixes for 3.3.0. The security fixes fix two XSS vulnerabilities (CVE-2012-3464, CVE-2012-3465) and a SQL injection vulnerability (CVE-2012-5664) of Rails.
The full list of changes:
- Bug #904: Copy workflow doesn’t work on per-author / per-assigned modifier
- Bug #1087: Document category is not saved properly
- Bug #1090: List of saved queries is not accessible outside of a project
- Bug #1111: use a monospace font in wiki-text
- Security – Bug #1113: Potential XSS Vulnerability in Ruby on Rails
- Security – Bug #1114: XSS Vulnerability in strip_tags
- Bug #1118: Missing caption in file redmine.rb
- Bug #1134: HEAD is not considered a read-only method in Redmine.pm
- Bug #1142: Darcs repository adapter doesn’t work with newer versions (~2.5) of Darcs
- Bug #1144: configuration.yml.example is broken
- Bug #1188: Selecting “Current project and its subprojects” isn’t saving.
- Bug #1194: Problems migrating from chili 2.0.0 to 3.3.0
- Security – Bug #1195: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)
- Bug #1197: Links to new and existing Pages in chili wikis have the same color. Thats boring.
- Task #1192: Add a CONTRIBUTION document
Contributors to 3.4.0
- Alf Gaida
- Carlos Moreira
- Felix Schäfer
- Holger Just
- Jean-Philippe Lang
- Toshi MARUYAMA