Redmine

h1. Changelog 3.2.x

h2. version:3.2.9 (2018-01-08)

h3. [Security]

* Defect #27516: Remote command execution through mercurial adapter

h2. version:3.2.8 (2017-10-15)

h3. [Security]

* Defect #27186: XSS vulnerabilities

h2. version:3.2.7 (2017-07-02)

h3. [Accounts / authentication]

* Patch #25653: Fix NoMethodError on HEAD requests to AccountController#register

h3. [Code cleanup/refactoring]

* Defect #26055: Three issues with Redmine::SyntaxHighlighting::CodeRay.language_supported?

h3. [Gems support]

* Defect #25829: mysql2 0.3 gem doesn't properly close connections

h3. [Importers]

* Patch #25861: CSV Importer - handle UndefinedConversionErrors

h3. [Issues]

* Defect #26072: Set default assignee before validation

h3. [Issues filter]

* Defect #25212: User profile should link to issues assigned to user or his groups

h3. [Security]

* Defect #26183: Use Nokogiri 1.7.2

h3. [Text formatting]

* Defect #25634: Highlight language aliases are no more supported

h3. [Translations]

* Patch #26263: Simplified Chinese translation for 3.2-stable

h3. [UI]

* Defect #25760: Clicking custom field label should not check the first option

h3. [UI - Responsive]

* Patch #25745: Optimize Gantt Charts for mobile screens

h2. version:3.2.6 (2017-04-09)

* Defect #22335: Images with non-ASCII file names are not shown in PDF

* Defect #24271: htmlentities warning

* Defect #24869: Circular inclusion detected when including a wiki page with the same name

* Defect #24875: Issues API does not respect time_entries_visibility

* Defect #24999: Mercurial 4.1 compatibility

* Defect #25371: Git 2.9 compatibility

* Defect #25478: Related to "no open issues" shows all issues

* Patch #20661: Show visible spent time link for users allowed to view time entries.

* Patch #24824: Traditional Chinese translation (to r16179)

* Patch #24886: Japanese translation for 3.2-stable

* Patch #24949: Bulgarian translation for 3.2-stable

* Patch #25458: Portuguese translation for 3.2-stable

* Patch #25505: Russian translation for 3.2-stable

* Patch #25526: Revert API change in spent_hours field in issue#show

* Defect #23793: Information leak when rendering of Wiki links

* Defect #23803: Information leak when rendering Time Entry activities

* Defect #24199: Stored XSS with SVG attachments

* Defect #24307: Redmine.pm doesn't check that the repository module is enabled on project

* Defect #24416: Use redirect to prevent password reset tokens in referers

* Defect #25503: Improper markup sanitization in user content

h2. version:3.2.5 (2017-01-07)

* Defect #14658: Wrong activity timezone on user page

* Defect #22034: Locked users disappear from project settings

* Defect #24092: bundler error: selenium-webdriver requires Ruby version >= 2.0.

* Defect #24156: Redmine might create many AnonymousUser and AnonymousGroup entries

* Defect #24297: Show action not allowed for time entries in closed projects

* Defect #24348: acts_as_versioned use old style (Rails 2.x) of method call for #all

* Defect #24646: X-Sendfile is missing in response headers

* Defect #24693: Spent time on subtasks should also be reassigned when deleting an issue

* Defect #24718: Prevent from reassigning spent time to an issue that is going to be deleted

* Defect #24722: Error when trying to reassign spent time when deleting issues from different projects

* Patch #24283: Validate length of string fields

* Patch #24296: Add tablename to siblings query to prevent AmbiguousColumn errors

h2. version:3.2.4 (2016-10-10)

* Defect #23067: Custom field List Link values to URL breaks on entries with spaces

* Defect #23655: Restricted permissions for non member/anonymous on a given project not working

* Defect #23839: "Invalid query" (Error 500) message with MS SQL when displaying an issue from a list grouped and sorted by fixed version

* Defect #23841: Custom field URL spaces not decoded properly

* Defect #22123: Totals cannot be removed completely if some columns are set in the global settings

* Defect #23054: Clearing time entry custom fields while bulk editing results in values set to __none__

* Defect #23206: Wrong filters are applied when exporting issues to CSV with blank filter

* Defect #23246: Saving an empty Markdown image tag in Wiki pages causes internal server error

* Defect #23829: Wrong allow-override example in rdm-mailhandler.rb

* Patch #23117: Traditional Chinese textile and markdown help translation

* Patch #23387: Traditional Chinese textile and markdown detailed help translation (to r15723)

* Patch #23764: closed_on field of copied issue is always set to source issue's value

* Patch #22988: Czech translation for 3.2-stable

* Patch #23269: Fix for Error: Unable to autoload constant Redmine::Version when accessing the time report in first request

* Patch #23278: When creating issues by receiving an email, watchers created via CC in the mail don't get an email notification

* Patch #23374: Traditional Chinese translation for 3.2-stable

* Patch #23389: Print Styles get overriden by responsive media query

* Patch #23708: Too long words in subtasks break layout

* Patch #23737: Russian translation for 3.2-stable

* Patch #23883: iOS 10 ignore disabled Zoom

h2. version:3.2.3 (2016-06-05)

* Defect #22808: Malformed SQL query with SQLServer when grouping and sorting by fixed version

* Defect #22912: Selecting a new filter on Activities should not reset the date range

* Defect #22924: Persistent XSS in Markdown parsing

* Defect #22925: Persistent XSS in project homepage field

* Defect #22926: Persistent XSS in Textile parsing

* Defect #22932: "Group by" row from issues listing has the colspan attribute bigger with one than the number of columns from the table

* Patch #22427: pt-BR translation for 3.2.stable

* Patch #22761: Korean translation for 3.2-stable

* Patch #22898: @>image.png@ generates invalid HTML

* Patch #22911: Error raised when importing issue with Key/Value List custom field

h2. version:3.2.2 (2016-05-05)

* Defect #5156: Bulk edit form lacks estimated time field

* Defect #22105: Responsive layout. Change menu selector in responsive.js.

* Defect #22134: HTML markup discrepancy ol and ul at app/views/imports/show.html.erb

* Defect #22196: Improve positioning of issue history and changesets on small screens

* Defect #22305: Highlighting of required and read-only custom fields broken in Workflow editor

* Defect #22331: bundler error: Ruby 1.9.3 = "mime-types-data requires Ruby version >= 2.0."

* Defect #22342: When copying issues to a different project, subtasks /w custom fields not copied over

* Defect #22354: Sort criteria defined in custom queries are not applied when exporting to CSV

* Defect #22583: CSV import delimiter detection broken

* Patch #22278: Revision Graph and Table should work with vertical-align: middle

* Patch #22296: Add collision option to autocomplete initialization

* Patch #22319: Fix German "error_invalid_csv_file_or_settings" typo

* Patch #22336: Revision Table does not scroll horizontally on small screens

* Patch #22721: Check that the file is actually an image before generating the thumbnail

h2. version:3.2.1 (2016-03-13)

* Defect #21588: Simplified Chinese "field_cvs_module" translation has problem

* Defect #21656: Fix Non ASCII attachment filename encoding broken (MOJIBAKE) in Microsoft Edge Explorer

* Defect #22072: Private notes get copied without private flag to Duplicate issues

* Defect #22127: Issues can be assigned to any user

* Defect #21219: Date pickers images for start/due date fields are not shown for issues with subtasks

* Defect #21477: Assign to "Anonymous" doesn't make much sense

* Defect #21488: Don't use past start date as default due date in the date picker

* Defect #21504: IssuePriority.position_name not recalculated every time it should

* Defect #21551: Private note flag disappears in issue update conflict

* Defect #21843: Nokogiri security issue

* Defect #21900: Moving a page with a child raises an error if target wiki contains a page with the same name as the child

* Defect #20988: % done field shown on issue show subtree even if deactivated for that tracker

* Defect #21263: Wiki lists in the sidebar are broken

* Defect #21453: LDAP account creation fails when first name/last name contain non ASCII

* Defect #21531: rdm-mailhandler with project-from-subaddress fails

* Defect #21534: Backtrace cleaner should not clean plugin paths

* Defect #21535: Moving a custom field value in the order switches in the edit view

* Defect #21775: Field "Done" from issue subtasks table overlaps the layout in responsive mode, width 400

* Defect #22108: Issues filter for CSV Export are not applied

* Defect #22178: Grouping issues by key/value custom field raises error 500

* Feature #21447: Option to show email adresses by default

* Patch #21650: Simplified Chinese translation of wiki formating for 2.6-stable

* Patch #21881: Russian wiki translation for 2.6-stable

* Patch #21898: Catalan wiki translation for 2.6-stable

* Patch #21456: Simplified Chinese translation of wiki formating for 3.1-stable

* Patch #21686: Russian translation for 3.1-stable

* Patch #21687: German translations for 3.1-stable

* Patch #21689: Turkish translation for 3.1-stable

* Patch #21882: Russian wiki translation for 3.1-stable

* Patch #21899: Catalan wiki translation for 3.1-stable

* Patch #22131: German translations for 3.1-stable

* Patch #22139: Japanese wiki syntax (Markdown) translation for 3.1-stable

* Patch #21436: Prevent admins from sending themselves their own password

* Patch #21454: Simplified Chinese translation for 3.2.0

* Patch #21487: Larger font for email notifications

* Patch #21521: Updated Spanish and Spanish Panama Translations

* Patch #21522: Simplified Chinese translation for r14976

* Patch #21527: Russian translation for 3.2.0

* Patch #21593: Add class to contextual edit button that relates to heading on wiki pages

* Patch #21620: Turkish translation for 3.2-stable

* Patch #21635: German translations for 3.2

* Patch #21740: Fixes misspelled word "RMagcik" in configuration.yml.example

* Patch #21847: Let mobile header be fixed

* Patch #21867: Add column `estimated_hours` for CSV import.

* Patch #21883: Russian wiki translation for 3.2-stable

* Patch #22009: Japanese wiki syntax (Markdown) translation for 3.2-stable

* Patch #22074: Prevent username from overlapping in mobile menu

* Patch #22101: Set max-with to 100% for input, select and textea

* Patch #22104: Prevent font scaling in landscape mode on webkit

* Patch #22128: Attachment form too wide on small screens

* Patch #22132: German translations for 3.2-stable

h2. version:3.2.0 (2015-12-06)

* Defect #17403: Unknown file size while downloading attachment

* Defect #18223: Table renders wrong if a trailing space is after | symbol

* Defect #19017: Wiki PDF Export: < pre > not rendered with monospaced font

* Defect #19271: Configuration of which versions are shown in version-format custom fields should not affect issue query filter

* Defect #19304: <a> tag without attributes in description results in undefined method + for nil:NilClass

* Defect #19403: Mistake in Polish Translation file.

* Defect #19657: Can't reorder activities after disabling activities on a project

* Defect #20117: Activities set as inactive missing in spent time report filter

* Defect #20296: Double full stops in Japanese

* Defect #20361: Project copy does not update custom field of version type values

* Defect #20438: Subject filter doesn't work with non ASCII uppercase symbols

* Defect #20463: Internal error when moving an issue to a project without selected trackers and active issue tracking

* Defect #20501: Empty divs when there are no custom fields on the issue form

* Defect #20543: Mail handler: don't allow override of some attributes by default

* Defect #20551: Typo "coma" (correct: "comma")

* Defect #20565: Search and get a 404 page when adding a new project

* Defect #20583: Setting Category/Version as a required field causes error in projects without categories/versions

* Defect #20995: Automatic done ratio calculation in issue tree is wrong in some cases

* Defect #21012: Link custom fields with long URLs are distorting issue detail view

* Defect #21069: Hard-coded label for hour

* Defect #21074: When changing the tracker of an existing issue, new custom fields are not initialized with their default value

* Defect #21175: Unused strings: label_(start|end)_to_(start|end)

* Defect #21182: Project.uniq.visible raises an SQL error under certain conditions

* Defect #21226: Some log messages are missing the "MailHandler" prefix

* Defect #21382: Watcher deletion of inactive user not possible for non-admin users

* Feature #950: Import Issues from delimited/CSV file

* Feature #1159: Allow issue description to be searchable as a filter

* Feature #1561: Totals for estimated/spent time and numeric custom fields on the issue list

* Feature #1605: Activity page to remember user's selection of activities

* Feature #1828: Default target version for new issues

* Feature #3034: Add day numbers to gantt

* Feature #3398: Link to assigned issues on user profiles

* Feature #4285: Add cancel button during edition of the wiki

* Feature #5816: New issue initial status should be settable in workflow

* Feature #7346: Allow a default version to be set on the command line for incoming emails

* Feature #8335: Email styles inline

* Feature #10672: Extend Filesize in the attachments table for files with size > 2147483647 bytes

* Feature #13429: Include attachment thumbnails in issue history

* Feature #13946: Add tracker name to Redmine issue link titles

* Feature #16072: Markdown footnote support

* Feature #16621: Ability to filter issues blocked by any/no open issues

* Feature #16941: Do not clear category on project change if category with same exists

* Feature #17618: Upgrade net-ldap version to 0.12.0

* Feature #19097: Responsive layout for mobile devices

* Feature #19885: Raise time entries comments limit to 1024

* Feature #19886: Raise wiki edits comments limit to 1024

* Feature #20008: Files upload Restriction by files extensions

* Feature #20221: Time entry query : column week

* Feature #20388: Removing attachment after commit transaction

* Feature #20929: Raise maximum length of LDAP filter

* Feature #20933: Options for shorter session maximum lifetime

* Feature #20935: Set autologin cookie as secure by default when using https

* Feature #20991: Raise maximum length of category name to 60

* Feature #21042: Check "Hide my email address" by default for new users

* Feature #21058: Keep track of valid user sessions

* Feature #21060: Custom field format with possible values stored as records

* Feature #21148: Remove "Latest Projects" from Home page

* Feature #21361: Plugins ui tests rake task

* Patch #20271: Fix for multiple tabs on the same page

* Patch #20288: Finalize CodeRay 1.1.0 upgrade

* Patch #20298: "div" tag around revision details

* Patch #20338: Turkish "activity" translation change

* Patch #20368: Make corners rounded

* Patch #20369: Use String#casecmp for case insensitive comparison

* Patch #20370: Lighter colors for journal details in issue history

* Patch #20411: Change Japanese translation for "view"

* Patch #20413: Use a table instead of an unordered list in "Issue tracking" box

* Patch #20496: Change Japanese translation for "time tracking"

* Patch #20506: redmine I18n autoload instead of require

* Patch #20507: ThemesHelper reopening ApplicationHelper is problem with autoloading

* Patch #20508: Required file lib/redmine/hook.rb is patching autoloaded ApplicationHelper

* Patch #20589: Activate sudo mode after password based login

* Patch #20720: Traditional Chinese "issue" translation change

* Patch #20732: MailHandler: Select project by subaddress (redmine+project@example.com)

* Patch #20740: Confusing name: test public query called "private"

* Patch #21033: Polish translation change

* Patch #21110: Keep anchor (i.e. to a specific issue note) throughout login

* Patch #21119: Give numbers in query sort criteria consistent width for non-monospaced fonts

* Patch #21126: Change Japanese translation for "List"

* Patch #21137: Rescue network level errors with LDAP auth

* Patch #21159: Hide empty <ul> on project overview

* Patch #21169: Use config.relative_url_root as the default path for session and autologin cookies

* Patch #21176: Japanese translation change (Blocks / Blocked by)

* Patch #21258: Use <ul> to do pagination, styling in a GitHub like manner with improved handling in responsive mode

* Patch #21280: Change Japanese translation for text_user_wrote