Project

General

Profile

Actions

Changelog 5 0 » History » Revision 11

« Previous | Revision 11/13 (diff) | Next »
Marius BĂLTEANU, 2024-03-04 20:54
Changelog for 5.0.8


Changelog 5.0.x

5.0.8 (2024-03-04)

[Activity view]

  • Defect #39995: Project Activities and Roadmap views disclose presence of private sub projects

[Code cleanup/refactoring]

  • Patch #39894: Explicitly render a 404 on non-JS requests to watchers#new
  • Patch #39999: Explicitly render a 404 on non-JS requests to messages#quote
  • Patch #40043: Remove year ranges from all copyright headers

[Filters]

  • Defect #39991: Fix "any" operator for text filters to exclude empty text values

[Plugin API]

  • Defect #39862: Attachments functionality for (custom) plugins broken since fix for CVE-2022-44030
  • Feature #39948: Add Redmine::Plugin proxy method for Redmine::Acts::Attachable::ObjectTypeConstraint.register_object_type

[Rails support]

  • Patch #40319: Update Rails to 6.1.7.7

[SEO]

  • Defect #40208: An ActionController::RespondToMismatchError occurred in welcome#robots

[Security]

  • Defect #39875: Mitigate CVE-2023-23913 (rails-ujs)

[Text formatting]

  • Defect #40193: Performance issue with email address auto-linking in the default ("none") formatter
  • Feature #39884: Allow multiple footnotes per single word

[Translations]

  • Defect #39801: Fix typo in Russian translation of text_status_no_workflow

[UI]

  • Defect #39780: User select element on activity sidebar views cutoff when displaying long user names
  • Defect #39802: Fix click event handling in mobile view after closing flyout menu
  • Defect #40237: Error in autocomplete (`ActionController::BadRequest (Invalid query parameters: invalid -encoding ()`)

5.0.7 (2023-11-27)

[Email notifications]

  • Defect #39553: Mention notification is not sent (MENTION_PATTERN / LINKS_RE inconsistency)

[Issues]

  • Defect #39521: Mention autocomplete not displaying for users without "Edit issues" permission

[PDF export]

  • Defect #39534: Error (undefined method) in issue list PDF export

[Text formatting]

  • Defect #38852: ## issue syntax is not kept when selecting an issue from the inline autocomplete

5.0.6 (2023-09-30)

[Code cleanup/refactoring]

  • Defect #38797: Fix incorrect argument format for assert_select

[Custom fields]

  • Defect #38464: Rendering a custom field with a URL pattern set and containing " :" in the value raises Addressable::URI::InvalidURIError

[Gantt]

  • Defect #38728: Correctly escape issue text in Gantt PNG export for ImageMagick convert

[Gems support]

  • Patch #39070: Allow using the latest version of mocha even when using Ruby < 2.7

[Groups]

  • Defect #38443: Cannot add a user to a group if the group is a member without roles in a certain project

[PDF export]

  • Defect #37694: CommonMark Markdown task list item markers are not exported to PDF

[Project settings]

  • Defect #37166: Roles of a project member should not be made empty

[Projects]

  • Defect #38286: "Cannot delete enumeration" error may occur when attempting to delete a project with time entries

[Rails support]

  • Patch #38374: Update Rails to 6.1.7.6

[Ruby support]

  • Defect #38617: Redmine 4.2 on Ruby 2.4 is not compatible with loofah 2.21 or higher

[Security]

  • Defect #38539: Update Nokogiri to 1.15.2 in 5.0-stable and 4.2-stable
  • Defect #38807: XSS in Textile formatter
  • Defect #38806: XSS in Markdown formatter
  • Defect #38417: XSS Vulnerability in Thumbnails

[Text formatting]

  • Defect #38697: Exception during thumbnail macro to image tag conversion in emails

[Time tracking]

  • Defect #39079: NoMethodError when trying to remove the date of an existing time entry

[Translations]

  • Defect #38507: Fix typo in French translation of setting_bulk_download_max_size
  • Patch #38533: Improve the clarity of German translation of label_user_mail_notify_about_high_priority_issues_html

[UI]

  • Defect #33502: Issue field labels for fields with descriptions are missing styling on issues show view
  • Defect #38448: The margin below the Submit button on the issue edit page is too narrow
  • Patch #38359: Render numeric axes in charts as Integers

5.0.5 (2023-03-05)

[Code cleanup/refactoring]

  • Patch #38141: Update copyright year to 2023

[Documentation]

  • Defect #38114: Example plugin (extra/sample_plugin) breaks Activity page

[Gems support]

  • Defect #38239: Test failure with Commonmarker 0.23.8
  • Patch #38135: Allow use of Puma 6.0.0 or later
  • Patch #38272: Update RBPDF to 1.21

[Groups]

  • Patch #38144: Refactoring: Use Group.visible instead of manual visibility check in GroupsController

[Importers]

  • Defect #38254: Time Entry Import fails to import custom fields with "User" format

[Issues]

  • Defect #37755: Mentioning users with certain characters renders incorrectly
  • Defect #38217: "Property changes" tab does not appear when all issue journals have both notes and property changes

[PDF export]

  • Defect #32740: Incorrect characters when copying out of a Redmine generated PDF
  • Defect #36452: Infinite loop on PDF export if image included with attributes

[Project settings]

  • Defect #38064: Avoid exception when adding a project without any givable roles defined

[Rails support]

  • Defect #36273: Modifying the source code of a plugin does not reload it after r21295
  • Defect #38199: Fix deprecation warning for db:structure:dump in db:migrate when using sql schema format
  • Patch #38191: Update Rails to 6.1.7.2

[Security]

  • Defect #38063: Avoid double-render error with ApplicationController#find_optional_project
  • Defect #38070: Role#permission_tracker? and related does not consider whether the base permission is (still) set
  • Defect #38133: Update Nokogiri to fix several security issues
  • Defect #38297: Insufficient permission checks when adding attachments to issues

[SEO]

  • Defect #38201: Fix robots.txt to disallow issue lists with a sort or query_id parameter in any position

[Text formatting]

  • Defect #37881: Thumbnails are no longer fetched for all notes of an issue
  • Defect #38073: CommonMark Markdown formatter does not support min-width, max-width, min-height, and max-height CSS properties
  • Defect #38215: Nested CommonMark Markdown task lists are not indented

[Time tracking]

  • Defect #35066: Missing project_id in redirect after clicking "Create and add another" button
  • Defect #38237: Unable to choose any user other than the current user when logging spent time after clicking "Create and add another"

5.0.4 (2022-12-01)

[Activity view]

  • Defect #37875: Unnecessary closing li element when there is no "Next" button on Activity page

[Code cleanup/refactoring]

  • Patch #37938: Unused permission "Mention user"

[Documentation]

  • Defect #37983: Duplicate vertical-align property in wiki_syntax.css

[Gems support]

  • Defect #37884: All system tests fail on 4.2-stable branch with "ArgumentError: unknown keyword: :desired_capabilities"
  • Patch #37867: Limit puma < 6.0.0 to avoid system test error
  • Patch #37883: Limit mocha version to < 2.0.0 when Ruby version is < 2.7 to avoid test error

[Issues]

  • Defect #37958: Groups added to watchers are not shown as links

[Issues workflow]

  • Defect #37685: Read-only field permission for the project field is ignored if the current project has subprojects

[Projects]

  • Defect #37925: Do not allow unkown display_type for query

[Rails support]

  • Defect #37814: Plugins that serialize Date or Time objects cause Psych::DisallowedClass exception

[Security]

  • Defect #37772: Access Control Issue in attachments#download_all
  • Defect #37751: Persistent XSS in textile formatting due to blockquote citation
  • Defect #37767: Redmine contains a cross-site scripting vulnerability
  • Defect #37880: Open Redirect in attachments#download_all

[Translations]

  • Defect #37812: "Yes" and "No" are swapped in Polish translation

5.0.3 (2022-10-02)

[Code cleanup/refactoring]

  • Defect #37609: Remove obsolete remnant public/images/openid-bg.gif
  • Defect #37449: Passing a wrong parameter to `with_settings` in UserTest::test_random_password_include_required_characters

[Filters]

  • Defect #36940: Chained custom field filter doesn't work for User fields
  • Defect #37349: Chained custom field filter for User fields returns 500 internal server error when filtering after a float value

[Issues]

  • Defect #37369: Mention auto-complete not works in bulk-edit comments
  • Defect #37499: Default query should not be applied if the query is not allowed to be set as the default
  • Defect #37473: Focus IssueId not working when linking issues

[Issues list]

  • Defect #37268: Performance problem with Redmine 4.2.7 and 5.0.2

[Rails support]

  • Patch #37452: Update Rails to 6.1.7

[Security]

  • Defect #37492: Update jQuery UI to 1.13.2

[SCM]

  • Defect #33953: Repository tab is not displayed if no repository is set as the main repository
  • Defect #36258: Support revision without any message in Mercurial repositories
  • Defect #37585: Do not show "History" tab for content in Filesystem repository
  • Defect #37626: Diff of a javascript file in repository module is not displayed with layout
  • Defect #37718: Repository browser does not show "+" (plus sign) in filename

[SCM extra]

  • Defect #37562: POST Requests to repository WS fail with "Can't verify CSRF token authenticity"

[Text formatting]

  • Defect #37237: Common Markdown Formatter does not render all properties on HTML elements
  • Patch #37713: Add rel="noopener" to all external links that would open a new tab/window
  • Defect #37379: Thumbnail macro does not work when a file is attached and preview is displayed immediately

[Translations]

  • Defect #37529: Fix mistranslation of label button_create_and_follow in Russian translation
  • Defect #37603: Missing translation for label_default_queries.for_this_user
  • Patch #35613: German translation update of Wiki syntax help for 5.0-stable
  • Patch #37263: Lithuanian translation update for 5.0-stable
  • Patch #37698: Persian translation update for 4.2-stable

[UI]

  • Defect #36901: Jump to project is misaligned in Safari 15.4 and later
  • Defect #37282: Subtask isn't displayed correctly since 4.2.7
  • Defect #37481: Fix the unintentional selection of rows with the context menu
  • Defect #37566: The number of the ordered list in the project description is not displayed and the indentation does not match the unordered list

5.0.2 (2022-06-21)

[Email notifications]

  • Defect #37138: Mentions of users with "@" in their username
  • Patch #37065: When someone is member of watcher group, 'watched_by' may be wrong and incomplete
  • Defect #37162: Missing space between notification sentence and author name when edit a wiki page

[Email receiving]

  • Defect #37187: no-permission-check allows issue creation in closed/archived projects

[Gems support]

  • Defect #35892: Redmine::WikiFormatting::CommonMark::FormatterTest#test_footnotes fails with CommonMarker 0.23.2
  • Defect #37249: Missing rexml gem causes errors in PUT - Adding the gem manually everything works

[Issues]

  • Patch #37155: Issue#last_notes fallback does not respect notes visibility
  • Defect #37151: The done ratio of a parent issue may not be 100% even if all subtasks have a done ratio of 100%
  • Defect #37171: Ability to change the issue category or issue target version with nonexistent value for the specific project

[Performance]

  • Patch #37135: Reduce extra queries in ProjectQuery.default

[REST API]

  • Defect #37157: Internal server error when trying to retrieve AnonymousUser's information via Users API

[Security]

  • Defect #37255: Information Leak in QueryAssociationColumn/QueryAssociationCustomFieldColumn
  • Defect #37256: Medium severity XSS security vulnerabilities (3x) in jQuery UI v1.12.1
  • Defect #37136: Remote code execution vulnerability in commonmarker

[Text formatting]

  • Defect #37130: Wiki notation `attachment:file_name` cannot make a link to a file attached to other journals

[Time tracking]

  • Defect #33914: Even if the default value of Activities (time tracking) is set, it may not be reflected.

[UI - Responsive]

  • Defect #36453: Issue subject overflow in subtasks and relations tables

5.0.1 (2022-05-16)

[Administration]

  • Defect #36932: Handle nil return of Redmine::Themes.theme(Setting.ui_theme) in Redmine::Info.environment

[Attachments]

  • Defect #36887: copyImageFromClipboard function failed to generate a unique file name
  • Patch #36817: copyImageFromClipboard function targets the first file input of the page and may conflict with other plugins
  • Defect #37053: Attachments are lost when the status of the ticket is changed

[Documentation]

  • Defect #36862: Duplicate v5.0.0 section in Changelog
  • Defect #36863: Missing v4.2.5 section in Changelog

[Email notifications]

  • Defect #36909: Mentions not working if status is changed

[Email receiving]

  • Defect #37030: Requests fail with "Can't verify CSRF token authenticity" in mail handler

[Gems support]

  • Defect #36892: Redmine does not start when installed --without markdown

[I18n]

  • Defect #36998: Revert lazy loading of i18n files introduced in Redmine 5.0

[Rails support]

  • Patch #36917: Update Rails to 6.1.6

[Security]

  • Patch #36912: Update Nokogiri versions to fix two critical CVE's

[Text formatting]

  • Defect #36958: Crafted input breaks CommonMark Markdown formatter

[Translations]

  • Patch #36905: German translation update for 5.0-stable
  • Patch #36930: Bulgarian translation update for 5.0-stable
  • Patch #36934: Russian translation update for 5.0-stable
  • Patch #37003: Czech translation update for 5.0-stable
  • Patch #37024: Galician translation update for 5.0-stable
  • Patch #37025: Polish translation update for 5.0-stable

5.0.0 (2022-03-28)

[Accounts / authentication]

  • Feature #30998: Add an rake task to prune registered users after a certain number of days
  • Feature #31920: Require 2FA only for certain user groups
  • Feature #33345: Include an authentication method name in LDAP connection error messages
  • Feature #35001: Disable API authentication with username and password when two-factor authentication is enabled for the user
  • Feature #35439: Option to require 2FA only for users with administration rights
  • Feature #36825: Increase email address length limit from 60 to 254

[Administration]

  • Defect #35421: Unhandled exception when a YAML syntax error is detected in configuration.yml
  • Feature #32116: Add configured theme to Redmine::Info
  • Feature #35562: Show warning in admin/info when there are pending migrations
  • Feature #35934: Show 2FA status in users list from administration with option to filter
  • Feature #36391: Change the default value for "Time span format" from "decimal" to "minutes"

[Attachments]

  • Defect #35539: Race condition (possible filename collision) in Attachment.disk_filename
  • Feature #32898: PDF thumbnails support on Windows
  • Feature #35462: Download all attachments in a journal

[Code cleanup/refactoring]

  • Defect #31132: Remove unused column trackers.is_in_chlog
  • Defect #36149: Typo in CSS class for lists expander icon
  • Defect #36361: IssueRelationsControllerTest#test_bulk_create_should_show_errors randomly fails
  • Defect #36394: Avoid passing ActionController::Parameters outside of MailHandlerController
  • Feature #34337: Remove jQuery Migrate
  • Feature #35259: Output test coverage report to the console
  • Feature #35671: Move subtasks section on issues show view into a separate partial
  • Patch #15118: Deprecate and rename rss_* methods to atom_* methods
  • Patch #31035: Remove redefinition of ActionMailer::LogSubscriber#deliver which is no longer necessary because of the removal of Setting.bcc_recipients
  • Patch #32922: Reload detached attachments
  • Patch #33079: Remove unused argument from Redmine::Helpers::TimeReport
  • Patch #33337: Clean-up workflows controller
  • Patch #34976: Add missing fixtures to TimeEntryCustomFieldTest
  • Patch #35024: System test fails in Windows due to "/" path separator
  • Patch #35026: Remove rake task check_parsing_by_psych
  • Patch #35031: Remove deprecated code that are supposed to be removed in Redmine 5
  • Patch #35075: Use named routes in base layout and account sidebar
  • Patch #35076: Menu manager - generate correct URLs when rendering from a namespaced controller
  • Patch #35208: Use `Time.use_zone` instead of `Time.zone=`
  • Patch #35230: Fix typo in ApplicationHelper.html_title comment
  • Patch #35396: Use base_scope for issue query results
  • Patch #35466: Rename test/fixtures/configuration/*.yml.example to test/fixtures/files/configuration/*.yml
  • Patch #35610: Cleanups after Wiki tab removal from project settings (#26579)
  • Patch #35727: Add missing fixtures to Redmine::ProjectJumpBoxTest
  • Patch #35773: Move sidebar content on versions index view (roadmap) into a separate partial
  • Patch #35952: Explicitly specify text formatting in the test suite
  • Patch #35975: Add missing fixtures to UserTest
  • Patch #36005: Adopt 2FA emails to new Mailer interface
  • Patch #36241: MenuManagerTest randomly fails
  • Patch #36347: Add missing fixture to IssuesHelperTest
  • Patch #36358: Use File.exist? instead of deprecated File.exists?
  • Patch #36379: Update copyright year in source files to 2022
  • Patch #36716: IssuesControllerTest randomly fails
  • Patch #36730: Replace Member.find_or_new with ActiveRecord's find_or_initialize_by
  • Patch #36770: Fix to use a correct exception class ActiveRecord::IrreversibleMigration in migrations

[Custom fields]

  • Defect #32977: Remove references to deleted user from "user"-Format CustomFields
  • Feature #14275: Add hinting to custom fields

[Database]

  • Feature #35073: Escape values in LIKE statements to prevent injection of placeholders (_ or %)
  • Patch #36416: Cleanup more dependent objects on project delete

[Documentation]

  • Feature #33859: Add a list of supported languages by the code highlighter to the help
  • Feature #34978: Add the list of supported browsers to docs and drop support for IE 11

[Documents]

  • Patch #17924: Structured Document list for more flexible UI design with CSS

[Email notifications]

  • Defect #32199: Security notification is not sent when an admin changes the password of a user
  • Defect #35017: X-Redmine-Issue-Assignee email header field is empty when the assignee of an issue is a group
  • Defect #36393: Mailer.with_synched_deliveries doesn't correctly detect other async Queue adapters
  • Feature #13919: Mention user on issues and wiki pages using user user with autocomplete
  • Feature #30820: Drop setting "Blind carbon copy recipients (bcc)"

[Filters]

  • Defect #36389: Filter parameters of Query string do not work when default query is enabled
  • Feature #5893: Filter issues by notes
  • Feature #34715: Filter issues by file description
  • Feature #35764: Multiple search terms in the "contains" operator of text filters
  • Patch #35312: Gracefully handle invalid operators and associations requested in queries

[Gantt]

  • Defect #33381: Possible double includes in issue query in gantt helper

[Gems support]

  • Patch #35000: Update SimpleCov to 0.21
  • Patch #35025: Update capybara to 3.36
  • Patch #35136: Update RuboCop to 1.25
  • Patch #35142: Update RuboCop Performance to 1.13
  • Patch #35207: Update RuboCop Rails to 2.14
  • Patch #35361: Update CSV to 3.2
  • Patch #35691: Update Nokogiri to 1.13
  • Patch #36325: Update Rouge to 3.28
  • Patch #36355: Update roadie-rails to 3.0
  • Patch #36564: Update I18n to 1.10

[Groups]

  • Feature #12795: View group members by non-admin users

[Hook requests]

  • Defect #34743: Hooks for queries helper

[I18n]

  • Defect #36396: Custom I18n Pluralization rules are not applied correctly
  • Feature #36728: Reintroduce lazy loading of i18n files

[Importers]

  • Defect #36377: Encoding drop-down in the import settings defaults to US-ASCII instead of general_csv_encoding in Korean, Thai, and Shimplified Chinese
  • Feature #34718: Auto guess file encoding when importing CSV file
  • Feature #35137: Reject CSV file without data row when importing
  • Feature #35365: Allow sending account information when importing users

[Issues]

  • Defect #15634: Add watching users to a ticket should switch "watch" link to "unwatch" if own user was added
  • Defect #33521: Use issue path instead of bulk update issues path when using the context menu with only one issue selected
  • Defect #34641: When editing an issue, the Log time and/or Add notes does not show or hide dynamically
  • Feature #4347: Contributing to an issue should automatically add the user to the watchers list
  • Feature #6033: Allow addition/removal of subtasks to show in parent's history
  • Feature #7360: Issue custom query: default query per instance, project and user
  • Feature #13099: Issue Summary: add statistics about issues without assignee, version or category
  • Feature #29076: Add button to "Create and follow" when adding a subtask from the parent issue
  • Feature #31278: Change Delete button name to Delete issue
  • Feature #35559: Query links for related issues on issue page

[Issues list]

  • Feature #34932: "Copy link" feature for issues list

[OpenID]

  • Feature #35755: Drop OpenID support

[PDF export]

  • Feature #35683: PDF rendering improvements when exporting an issue or a list of issues

[Performance]

  • Feature #29041: Update session token only once per minute
  • Feature #35324: Preload principal and roles in members#index
  • Feature #35374: Reduce amount of work on projects show API
  • Feature #36294: Lazy load inline images
  • Feature #36505: Reduce database queries when rendering Custom fields box in the project settings tab
  • Feature #36696: Improve performance of adding or removing members of a group

[Permissions and roles]

  • Defect #34029: 403 Forbidden error when non-member try to upload a file

[Plugin API]

  • Defect #35455: Require redmine/sort_criteria globally

[Project settings]

  • Defect #13199: "Edit" misaligned in project members view
  • Defect #36318: Saving time tracking activities without any change may turn a system activity into a project activity

[Projects]

  • Feature #35795: Settings for global and user default custom ProjectQuery

[REST API]

  • Feature #10171: Updating journal notes via REST API
  • Feature #15855: Add information about whether an issue is open or closed to Issues API response
  • Feature #24976: Include new statuses allowed by workflow in Issues REST API
  • Feature #34766: Better error message when no API format is recognised
  • Feature #34857: Add total estimated hours, spent hours, total spent hours for issues to issue list API
  • Feature #35420: API to archive/unarchive projects
  • Feature #35505: Add enabled core fields to /trackers API response
  • Feature #35507: API to close/reopen projects
  • Feature #36303: Include avatar URL in Users API

[Rails support]

  • Feature #29914: Migrate to Rails 6.1 with Zeitwerk autoloading
  • Feature #35030: Allow parallel testing
  • Patch #35081: Update config/environments/*.rb for Rails 6.1
  • Patch #36317: Set default protect from forgery true

[Roadmap]

  • Feature #6432: Allow unchecking all trackers in Roadmap view sidebar

[Ruby support]

  • Feature #31128: Drop Ruby < 2.5 support
  • Feature #34992: Ruby 3.0 support
  • Feature #36205: Ruby 3.1 support

[SCM]

  • Feature #5242: Display source project for cross-project associated revisions for issues
  • Feature #16849: Render Textile and Markdown files in the repository browser

[Text formatting]

  • Defect #36580: Fix code copying in common browsers
  • Feature #20511: Comments for Textile text formatting
  • Feature #32424: CommonMark Markdown Text Formatting
  • Feature #35677: Preserve leading white space when quoting using the JS toolbar
  • Feature #35742: Enable task list items for CommonMark text formatting
  • Patch #35104: Code blocks - consistent rendering and retaining user-supplied language name in rendered HTML

[Third-party libraries]

  • Feature #36701: Update Chart.js to 3.7.1
  • Patch #35729: Update jQuery to 3.6.0

[Time tracking]

  • Defect #21056: Project specific TimeEntryActivity name not updating properly

[UI]

  • Defect #36524: Query Links on Issues and Time Logs Import Sidebars broken
  • Feature #34494: Rename the save, edit and delete buttons on the query form to clarify the scope
  • Feature #35770: Change "Edit" label in the context menu to "Bulk Edit" when multiple issues are selected
  • Patch #30448: Remove wrapper2 and wrapper3 wrapping containers
  • Patch #36429: Make issue tabs DOM more consistent

[Wiki]

  • Feature #7652: Ability to add watchers to Wiki pages

Updated by Marius BĂLTEANU 9 months ago · 11 revisions locked