Redmine

Redmine 6.0.1 has been released and it is now available for Download.

This release includes an important fix for the issue reported in #41729 which prevents users from installing Redmine 6 without development dependencies (bundle install --without development:test fails with the error LoadError: cannot load such file -- svg_sprite (LoadError)).

We recommend that all Redmine 6 users upgrade to this release.

Redmine 6.0.0 has been released and it is available for download on our Download. This version ships 146 new features and bug fixes and some of them being major improvements that will help us continue improving Redmine:

1. Rails and Ruby support:

• Redmine 6 has been upgraded to Rails 7.2 (#36320) which is the latest Rails version
• Ruby 3.3 is now supported (#39761)
• Spport for Ruby 2.7 and 3.0 has been dropped (#38585)

2. Asset pipeline integration using Propshaft has been enabled (#39111):

• Redmine assets have been moved from public to app/assets to comply with the Rails standard
• Assets are automatically recompiled in production mode when updates are found in order to not require an additional command, but you can disable this behavior from configuration (config.assets.redmine_detect_update)
• [breaking change] Themes are now loaded from themes in the project root instead of public/themes, please update your installation accordingly. Being a trivial change, we do not provide any rake task to make this change automatically.

3. Support for Markdown has been removed (#40149):

• All installations using the deprecated Markdown (based on Redcarpet) are switched to CommonMark automatically by a migration
• Since these rendering engines differ slightly, you may need to review and adjust some existing Markdown content to ensure it displays correctly

4. Icons have been replaced with SVG icons provided by Tabler (#23980):

• Icons are served from a sprite file (icons.svg)
• To help render the icons, a new helper class has been added (app/helper/icons_helper.rb). Most of the methods are using svg_sprite method which allows various configurations, settings the size or to render an icon provided by a plugin or from a different sprite file
• Plugins that add items in the menu can also specify the icons from their own sprite file
• Both old images and custom CSS style are still shipped in 6.0.0 to make the transition easier, but it will be removed as follow:
  • CSS styles from app/assets/stylesheets/application.css: in 6.1.0
  • Old icon images: in version 7.0.0
• Please open new issues if you find any icon that is still using the old design, we will ship the updates in the first maintenance release
• rake test (icons:*) has been added to download icons from Tabler based on a configuration file. The task also supports generating a sprite from the downloaded icons.

5. UI tweaks:

• Default font family have been changed to Noto Sans font (#41321)
• Refined UI with updated box styling and border colors (#41298)
• Header design slightly changed (#41266)
• CSS font-size units from px to rem to respect browser font settings (#2499)

6. New features and enhancements, some of them being long awaited features:

• Sidebar is collapsible and the state is saved in browser local storage (#21808)
• Estimated remaining time has been added as query column and in the version page (#38853)
• Quoting an existing text now supports partial quoting in issues and forums (#41294)
• Description can be added now to queries (#9309)
• Add "Author / Previous assignee" group to assignee dropdown in issue form (#16045)
• Support localized decimal separator for hours in the web UI (#21677) and for float values (#22024)
• Adds Last activity date to Project list available columns (#23954). You cannot sort for now by this column

7. API changes:

• updated_on and updated_by added to Journal response
• User status added to User list response (#38948) and auth_source added to User response (#23307)

9. Security improvement: User visibility changed from "all" to "member of visible projects" for new roles and existing builtin roles (#38853):

• We did this to improve the default setting and to decrease the probability to disclose login accounts to the public when a project is public. If you need to get back to previous behavior, you need to explicitly set User visibility back to “All” for the builtin roles.

For a detailed overview of all the improvements and fixes, please refer to the Changelog.

With this release, Redmine 4.2.x became unsupported and Redmine 5.0.11 is the latest version of Redmine 5.0-branch, after that it will receive only important security updates.

I’m very happy that we finally have been able to ship some of the new features that I’ve mentioned. I thank everyone involved in this release for their work and time, especially to Takashi Kato for his work on #36320 and #39111, Go MAEDA and his team for their active development and many other contributors.

Redmine 5.1.4 and 5.0.10 have been released and are now available for download. These are maintenance releases and only include fixes. You can review the list of fixes in the Changelog.

These releases include an important change to watcher permissions. The watchers list in the sidebar is now available only to users with the "View watchers list" permission. Previously, users with just the "Add watchers" permission could see the list, which was a potential data leak. Ruby on Rails has been updated to 6.1.7.10 (#41489), addressing 4 possible ReDoS (Regular expression Denial of Service), more details can be found here

Thanks to everyone who contributed to these releases.

Redmine 5.1.3 and 5.0.9 have been released and are now available for download. These are maintenance releases and only include fixes. You can review the list of fixes in the Changelog.

The most important fix in these releases is for the "LoadError: cannot load such file -- blankslate" exception that occurs when using the latest builder gem 3.3.0 (#40802). Additionally, Ruby on Rails has been updated to 6.1.7.8 (#40818), addressing two security vulnerabilities: CVE-2024-32464 and CVE-2024-28103.

Thanks to everyone who contributed to these releases.

Redmine 5.0.8 and 5.1.2 have been released and are available for download. These are maintenance releases and you can review the fixes included in the Changelog.

Both versions contain multiple important fixes like #40099 which restores the old behaviour when filters users using API and #39862 and #39948 which add a dedicated proxy for plugins to register models that use acts_as_attachable. Rails was updated to 6.1.7.7 on both versions.

Thanks to everyone who contributed to the releases.

Redmine 5.0.7 and 5.1.1 have been released and are available for download. These are maintenance releases and you can review the fixes included in the Changelog.

Redmine 5.1.1 contains an important fix for concurrency issues when MySQL > 5.6 is used as database back-end. Beside the update to 5.1.1, an additional MySQL configuration is needed to properly fix those issues, please read MySQL_configuration. Also, the CI matrix was updated and now all the tests run on MySQL 8 and PostgreSQL 14 (Continuous_integration).

Thank you to everyone who contributed to the releases and special thanks to Jens Krämer for fixing those old issues.

We are pleased to announce the release of Redmine 5.1.0. This has a total of 148 new features and bug fixes.

Redmine 5.1.0 is available for download on our Download page. For a detailed overview of the improvements and fixes, please refer to the Changelog.

With the launch of Redmine 5.1.0, we have concluded the maintenance of the Redmine 4.2 series. Going forward, we will be maintaining the 5.1 and 5.0 series. For those using Redmine 4.2 or earlier versions, we strongly recommend upgrading to Redmine 5.1 not only to benefit from the myriad of features and improvements introduced over recent years but also to keep your Redmine installation secure.

We extend our heartfelt gratitude to everyone who contributed to the development of Redmine 5.1.0, and to all who have been involved in this release.

Highlighted Features:

Administration:

• Re-implement admin project list using ProjectQuery system (#33422)
• Background job and dedicated status for project deletion (#36691)
• Upgrade Admin/Users list to use the query system (#37674)

Calendar:

• Display calendar in vertical list layout on mobile screens (#33682)

Email notifications:

• Auto watch issues on issue creation (#38238)

Filters:

• Multiple issue ids in "Related to" filter (#38301)
• "Any searchable text" filter for issues (#38402)
• "contains any of" operator for text filters to perform OR search of multiple terms (#38435)
• OR search with multiple terms for "starts with" and "ends with" filter operators (#38456)
• New issues filter operators "has been", "has never been", and "changed from" (#38527)

Importers:

• Allow to import time entries for issues in different projects (#36823)

Issues:

• Description for issue statuses (#2568)
• Mark edited journal notes as "Edited" (#31505)
• Add field separator option to CSV export dialog (#37621)

Time tracking:

• Make the only enabled activity in a project the default one for time entry (#10314)
• Add default spent time activity per role (#29286)

Translations:

• Add Tamil language support (#34924)

Important notice regarding Ruby versions:

Redmine 5.1.0 supports Ruby 2.7 to 3.2. Ruby 2.6 and earlier are no longer supported.

Redmine 4.2.11 and 5.0.6 have been released and are available for download. These are maintenance releases and contain some security fixes. You can review the fixes included in these maintenance releases in the Changelog.

Security: these 2 maintenance releases fix XSS vulnerabilities. See Security Advisories.

Thank you to everyone who contributed to the releases.

Redmine 4.2.10 and 5.0.5 have been released and are available for download, you can review the changes in the Changelog.

Security: these 2 maintenance releases contain some security fixes, you can review them in Security Advisories.

Many thanks to all contributors that worked on the fixes!

Redmine 4.2.9 and 5.0.4 have been released and are available for download, you can review the changes in the Changelog.

These new versions contain 4 important security fixes, including an access control issue introduced in Redmine 5.0 that allows an unauthenticated user to download all attachments associated with a WikiContentVersion, so upgrading as soon as possible is highly recommended. You can review the Security_Advisories for more information.

Many thanks to all contributors that worked on the fixes and to Robert Dick, Frans Rosén, Noriko Totsuka from JPCERT/CC, Shiga Takuma of BroadBand Security, Inc. and Holger Just for reporting the security issues!