Changelog 5 0 » History » Version 7
Marius BĂLTEANU, 2022-12-01 16:47
Add missing issue from 5.0.4 changelog.
1 | 1 | Marius BĂLTEANU | h1. Changelog 5.0.x |
---|---|---|---|
2 | |||
3 | 6 | Marius BĂLTEANU | h2. version:5.0.4 (2022-12-01) |
4 | |||
5 | h3. [Activity view] |
||
6 | |||
7 | * Defect #37875: Unnecessary closing li element when there is no "Next" button on Activity page |
||
8 | |||
9 | h3. [Code cleanup/refactoring] |
||
10 | |||
11 | * Patch #37938: Unused permission "Mention user" |
||
12 | |||
13 | h3. [Documentation] |
||
14 | |||
15 | * Defect #37983: Duplicate vertical-align property in wiki_syntax.css |
||
16 | |||
17 | h3. [Gems support] |
||
18 | |||
19 | * Defect #37884: All system tests fail on 4.2-stable branch with "ArgumentError: unknown keyword: :desired_capabilities" |
||
20 | * Patch #37867: Limit puma < 6.0.0 to avoid system test error |
||
21 | * Patch #37883: Limit mocha version to < 2.0.0 when Ruby version is < 2.7 to avoid test error |
||
22 | |||
23 | h3. [Issues] |
||
24 | |||
25 | * Defect #37958: Groups added to watchers are not shown as links |
||
26 | |||
27 | h3. [Issues workflow] |
||
28 | |||
29 | * Defect #37685: Read-only field permission for the project field is ignored if the current project has subprojects |
||
30 | |||
31 | h3. [Projects] |
||
32 | |||
33 | * Defect #37925: Do not allow unkown display_type for query |
||
34 | |||
35 | h3. [Rails support] |
||
36 | |||
37 | * Defect #37814: Plugins that serialize Date or Time objects cause Psych::DisallowedClass exception |
||
38 | |||
39 | h3. [Security] |
||
40 | |||
41 | 7 | Marius BĂLTEANU | * Defect #37772: Access Control Issue in attachments#download_all |
42 | 6 | Marius BĂLTEANU | * Defect #37751: Persistent XSS in textile formatting due to blockquote citation |
43 | * Defect #37767: Redmine contains a cross-site scripting vulnerability |
||
44 | * Defect #37880: Open Redirect in attachments#download_all |
||
45 | |||
46 | h3. [Translations] |
||
47 | |||
48 | * Defect #37812: "Yes" and "No" are swapped in Polish translation |
||
49 | |||
50 | 5 | Marius BĂLTEANU | h2. version:5.0.3 (2022-10-02) |
51 | |||
52 | h3. [Code cleanup/refactoring] |
||
53 | |||
54 | * Defect #37609: Remove obsolete remnant public/images/openid-bg.gif |
||
55 | * Defect #37449: Passing a wrong parameter to `with_settings` in UserTest::test_random_password_include_required_characters |
||
56 | |||
57 | h3. [Filters] |
||
58 | |||
59 | * Defect #36940: Chained custom field filter doesn't work for User fields |
||
60 | * Defect #37349: Chained custom field filter for User fields returns 500 internal server error when filtering after a float value |
||
61 | |||
62 | h3. [Issues] |
||
63 | |||
64 | * Defect #37369: Mention auto-complete not works in bulk-edit comments |
||
65 | * Defect #37499: Default query should not be applied if the query is not allowed to be set as the default |
||
66 | * Defect #37473: Focus IssueId not working when linking issues |
||
67 | |||
68 | h3. [Issues list] |
||
69 | |||
70 | * Defect #37268: Performance problem with Redmine 4.2.7 and 5.0.2 |
||
71 | |||
72 | h3. [Rails support] |
||
73 | |||
74 | * Patch #37452: Update Rails to 6.1.7 |
||
75 | |||
76 | h3. [Security] |
||
77 | |||
78 | * Defect #37492: Update jQuery UI to 1.13.2 |
||
79 | |||
80 | h3. [SCM] |
||
81 | |||
82 | * Defect #33953: Repository tab is not displayed if no repository is set as the main repository |
||
83 | * Defect #36258: Support revision without any message in Mercurial repositories |
||
84 | * Defect #37585: Do not show "History" tab for content in Filesystem repository |
||
85 | * Defect #37626: Diff of a javascript file in repository module is not displayed with layout |
||
86 | * Defect #37718: Repository browser does not show "+" (plus sign) in filename |
||
87 | |||
88 | h3. [SCM extra] |
||
89 | |||
90 | * Defect #37562: POST Requests to repository WS fail with "Can't verify CSRF token authenticity" |
||
91 | |||
92 | h3. [Text formatting] |
||
93 | |||
94 | * Defect #37237: Common Markdown Formatter does not render all properties on HTML elements |
||
95 | * Patch #37713: Add rel="noopener" to all external links that would open a new tab/window |
||
96 | * Defect #37379: Thumbnail macro does not work when a file is attached and preview is displayed immediately |
||
97 | |||
98 | h3. [Translations] |
||
99 | |||
100 | * Defect #37529: Fix mistranslation of label button_create_and_follow in Russian translation |
||
101 | * Defect #37603: Missing translation for label_default_queries.for_this_user |
||
102 | * Patch #35613: German translation update of Wiki syntax help for 5.0-stable |
||
103 | * Patch #37263: Lithuanian translation update for 5.0-stable |
||
104 | * Patch #37698: Persian translation update for 4.2-stable |
||
105 | |||
106 | h3. [UI] |
||
107 | |||
108 | * Defect #36901: Jump to project is misaligned in Safari 15.4 and later |
||
109 | * Defect #37282: Subtask isn't displayed correctly since 4.2.7 |
||
110 | * Defect #37481: Fix the unintentional selection of rows with the context menu |
||
111 | * Defect #37566: The number of the ordered list in the project description is not displayed and the indentation does not match the unordered list |
||
112 | |||
113 | 4 | Marius BĂLTEANU | h2. version:5.0.2 (2022-06-21) |
114 | |||
115 | h3. [Email notifications] |
||
116 | |||
117 | * Defect #37138: Mentions of users with "@" in their username |
||
118 | * Patch #37065: When someone is member of watcher group, 'watched_by' may be wrong and incomplete |
||
119 | * Defect #37162: Missing space between notification sentence and author name when edit a wiki page |
||
120 | |||
121 | h3. [Email receiving] |
||
122 | |||
123 | * Defect #37187: no-permission-check allows issue creation in closed/archived projects |
||
124 | |||
125 | h3. [Gems support] |
||
126 | |||
127 | * Defect #35892: Redmine::WikiFormatting::CommonMark::FormatterTest#test_footnotes fails with CommonMarker 0.23.2 |
||
128 | * Defect #37249: Missing rexml gem causes errors in PUT - Adding the gem manually everything works |
||
129 | |||
130 | h3. [Issues] |
||
131 | |||
132 | * Patch #37155: Issue#last_notes fallback does not respect notes visibility |
||
133 | * Defect #37151: The done ratio of a parent issue may not be 100% even if all subtasks have a done ratio of 100% |
||
134 | * Defect #37171: Ability to change the issue category or issue target version with nonexistent value for the specific project |
||
135 | |||
136 | h3. [Performance] |
||
137 | |||
138 | * Patch #37135: Reduce extra queries in ProjectQuery.default |
||
139 | |||
140 | h3. [REST API] |
||
141 | |||
142 | * Defect #37157: Internal server error when trying to retrieve AnonymousUser's information via Users API |
||
143 | |||
144 | h3. [Security] |
||
145 | |||
146 | * Defect #37255: Information Leak in QueryAssociationColumn/QueryAssociationCustomFieldColumn |
||
147 | * Defect #37256: Medium severity XSS security vulnerabilities (3x) in jQuery UI v1.12.1 |
||
148 | * Defect #37136: Remote code execution vulnerability in commonmarker |
||
149 | |||
150 | h3. [Text formatting] |
||
151 | |||
152 | * Defect #37130: Wiki notation `attachment:file_name` cannot make a link to a file attached to other journals |
||
153 | |||
154 | h3. [Time tracking] |
||
155 | |||
156 | * Defect #33914: Even if the default value of Activities (time tracking) is set, it may not be reflected. |
||
157 | |||
158 | h3. [UI - Responsive] |
||
159 | |||
160 | * Defect #36453: Issue subject overflow in subtasks and relations tables |
||
161 | |||
162 | 2 | Marius BĂLTEANU | h2. version:5.0.1 (2022-05-16) |
163 | |||
164 | h3. [Administration] |
||
165 | |||
166 | * Defect #36932: Handle nil return of Redmine::Themes.theme(Setting.ui_theme) in Redmine::Info.environment |
||
167 | |||
168 | h3. [Attachments] |
||
169 | |||
170 | 3 | Go MAEDA | * Defect #36887: copyImageFromClipboard function failed to generate a unique file name |
171 | * Patch #36817: copyImageFromClipboard function targets the first file input of the page and may conflict with other plugins |
||
172 | 2 | Marius BĂLTEANU | * Defect #37053: Attachments are lost when the status of the ticket is changed |
173 | |||
174 | h3. [Documentation] |
||
175 | |||
176 | * Defect #36862: Duplicate v5.0.0 section in Changelog |
||
177 | * Defect #36863: Missing v4.2.5 section in Changelog |
||
178 | |||
179 | h3. [Email notifications] |
||
180 | |||
181 | * Defect #36909: Mentions not working if status is changed |
||
182 | |||
183 | h3. [Email receiving] |
||
184 | |||
185 | * Defect #37030: Requests fail with "Can't verify CSRF token authenticity" in mail handler |
||
186 | |||
187 | h3. [Gems support] |
||
188 | |||
189 | * Defect #36892: Redmine does not start when installed --without markdown |
||
190 | |||
191 | h3. [I18n] |
||
192 | |||
193 | * Defect #36998: Revert lazy loading of i18n files introduced in Redmine 5.0 |
||
194 | |||
195 | h3. [Rails support] |
||
196 | |||
197 | * Patch #36917: Update Rails to 6.1.6 |
||
198 | |||
199 | h3. [Security] |
||
200 | |||
201 | * Patch #36912: Update Nokogiri versions to fix two critical CVE's |
||
202 | |||
203 | h3. [Text formatting] |
||
204 | |||
205 | * Defect #36958: Crafted input breaks CommonMark Markdown formatter |
||
206 | |||
207 | h3. [Translations] |
||
208 | |||
209 | * Patch #36905: German translation update for 5.0-stable |
||
210 | * Patch #36930: Bulgarian translation update for 5.0-stable |
||
211 | * Patch #36934: Russian translation update for 5.0-stable |
||
212 | * Patch #37003: Czech translation update for 5.0-stable |
||
213 | * Patch #37024: Galician translation update for 5.0-stable |
||
214 | * Patch #37025: Polish translation update for 5.0-stable |
||
215 | |||
216 | 1 | Marius BĂLTEANU | h2. version:5.0.0 (2022-03-28) |
217 | |||
218 | h3. [Accounts / authentication] |
||
219 | |||
220 | * Feature #30998: Add an rake task to prune registered users after a certain number of days |
||
221 | * Feature #31920: Require 2FA only for certain user groups |
||
222 | * Feature #33345: Include an authentication method name in LDAP connection error messages |
||
223 | * Feature #35001: Disable API authentication with username and password when two-factor authentication is enabled for the user |
||
224 | * Feature #35439: Option to require 2FA only for users with administration rights |
||
225 | * Feature #36825: Increase email address length limit from 60 to 254 |
||
226 | |||
227 | h3. [Administration] |
||
228 | |||
229 | * Defect #35421: Unhandled exception when a YAML syntax error is detected in configuration.yml |
||
230 | * Feature #32116: Add configured theme to Redmine::Info |
||
231 | * Feature #35562: Show warning in admin/info when there are pending migrations |
||
232 | * Feature #35934: Show 2FA status in users list from administration with option to filter |
||
233 | * Feature #36391: Change the default value for "Time span format" from "decimal" to "minutes" |
||
234 | |||
235 | h3. [Attachments] |
||
236 | |||
237 | * Defect #35539: Race condition (possible filename collision) in Attachment.disk_filename |
||
238 | * Feature #32898: PDF thumbnails support on Windows |
||
239 | * Feature #35462: Download all attachments in a journal |
||
240 | |||
241 | h3. [Code cleanup/refactoring] |
||
242 | |||
243 | * Defect #31132: Remove unused column trackers.is_in_chlog |
||
244 | * Defect #36149: Typo in CSS class for lists expander icon |
||
245 | * Defect #36361: IssueRelationsControllerTest#test_bulk_create_should_show_errors randomly fails |
||
246 | * Defect #36394: Avoid passing ActionController::Parameters outside of MailHandlerController |
||
247 | * Feature #34337: Remove jQuery Migrate |
||
248 | * Feature #35259: Output test coverage report to the console |
||
249 | * Feature #35671: Move subtasks section on issues show view into a separate partial |
||
250 | * Patch #15118: Deprecate and rename rss_* methods to atom_* methods |
||
251 | * Patch #31035: Remove redefinition of ActionMailer::LogSubscriber#deliver which is no longer necessary because of the removal of Setting.bcc_recipients |
||
252 | * Patch #32922: Reload detached attachments |
||
253 | * Patch #33079: Remove unused argument from Redmine::Helpers::TimeReport |
||
254 | * Patch #33337: Clean-up workflows controller |
||
255 | * Patch #34976: Add missing fixtures to TimeEntryCustomFieldTest |
||
256 | * Patch #35024: System test fails in Windows due to "/" path separator |
||
257 | * Patch #35026: Remove rake task check_parsing_by_psych |
||
258 | * Patch #35031: Remove deprecated code that are supposed to be removed in Redmine 5 |
||
259 | * Patch #35075: Use named routes in base layout and account sidebar |
||
260 | * Patch #35076: Menu manager - generate correct URLs when rendering from a namespaced controller |
||
261 | * Patch #35208: Use `Time.use_zone` instead of `Time.zone=` |
||
262 | * Patch #35230: Fix typo in ApplicationHelper.html_title comment |
||
263 | * Patch #35396: Use base_scope for issue query results |
||
264 | * Patch #35466: Rename test/fixtures/configuration/*.yml.example to test/fixtures/files/configuration/*.yml |
||
265 | * Patch #35610: Cleanups after Wiki tab removal from project settings (#26579) |
||
266 | * Patch #35727: Add missing fixtures to Redmine::ProjectJumpBoxTest |
||
267 | * Patch #35773: Move sidebar content on versions index view (roadmap) into a separate partial |
||
268 | * Patch #35952: Explicitly specify text formatting in the test suite |
||
269 | * Patch #35975: Add missing fixtures to UserTest |
||
270 | * Patch #36005: Adopt 2FA emails to new Mailer interface |
||
271 | * Patch #36241: MenuManagerTest randomly fails |
||
272 | * Patch #36347: Add missing fixture to IssuesHelperTest |
||
273 | * Patch #36358: Use File.exist? instead of deprecated File.exists? |
||
274 | * Patch #36379: Update copyright year in source files to 2022 |
||
275 | * Patch #36716: IssuesControllerTest randomly fails |
||
276 | * Patch #36730: Replace Member.find_or_new with ActiveRecord's find_or_initialize_by |
||
277 | * Patch #36770: Fix to use a correct exception class ActiveRecord::IrreversibleMigration in migrations |
||
278 | |||
279 | h3. [Custom fields] |
||
280 | |||
281 | * Defect #32977: Remove references to deleted user from "user"-Format CustomFields |
||
282 | * Feature #14275: Add hinting to custom fields |
||
283 | |||
284 | h3. [Database] |
||
285 | |||
286 | * Feature #35073: Escape values in LIKE statements to prevent injection of placeholders (_ or %) |
||
287 | * Patch #36416: Cleanup more dependent objects on project delete |
||
288 | |||
289 | h3. [Documentation] |
||
290 | |||
291 | * Feature #33859: Add a list of supported languages by the code highlighter to the help |
||
292 | * Feature #34978: Add the list of supported browsers to docs and drop support for IE 11 |
||
293 | |||
294 | h3. [Documents] |
||
295 | |||
296 | * Patch #17924: Structured Document list for more flexible UI design with CSS |
||
297 | |||
298 | h3. [Email notifications] |
||
299 | |||
300 | * Defect #32199: Security notification is not sent when an admin changes the password of a user |
||
301 | * Defect #35017: X-Redmine-Issue-Assignee email header field is empty when the assignee of an issue is a group |
||
302 | * Defect #36393: Mailer.with_synched_deliveries doesn't correctly detect other async Queue adapters |
||
303 | * Feature #13919: Mention user on issues and wiki pages using @user with autocomplete |
||
304 | * Feature #30820: Drop setting "Blind carbon copy recipients (bcc)" |
||
305 | |||
306 | h3. [Filters] |
||
307 | |||
308 | * Defect #36389: Filter parameters of Query string do not work when default query is enabled |
||
309 | * Feature #5893: Filter issues by notes |
||
310 | * Feature #34715: Filter issues by file description |
||
311 | * Feature #35764: Multiple search terms in the "contains" operator of text filters |
||
312 | * Patch #35312: Gracefully handle invalid operators and associations requested in queries |
||
313 | |||
314 | h3. [Gantt] |
||
315 | |||
316 | * Defect #33381: Possible double includes in issue query in gantt helper |
||
317 | |||
318 | h3. [Gems support] |
||
319 | |||
320 | * Patch #35000: Update SimpleCov to 0.21 |
||
321 | * Patch #35025: Update capybara to 3.36 |
||
322 | * Patch #35136: Update RuboCop to 1.25 |
||
323 | * Patch #35142: Update RuboCop Performance to 1.13 |
||
324 | * Patch #35207: Update RuboCop Rails to 2.14 |
||
325 | * Patch #35361: Update CSV to 3.2 |
||
326 | * Patch #35691: Update Nokogiri to 1.13 |
||
327 | * Patch #36325: Update Rouge to 3.28 |
||
328 | * Patch #36355: Update roadie-rails to 3.0 |
||
329 | * Patch #36564: Update I18n to 1.10 |
||
330 | |||
331 | h3. [Groups] |
||
332 | |||
333 | * Feature #12795: View group members by non-admin users |
||
334 | |||
335 | h3. [Hook requests] |
||
336 | |||
337 | * Defect #34743: Hooks for queries helper |
||
338 | |||
339 | h3. [I18n] |
||
340 | |||
341 | * Defect #36396: Custom I18n Pluralization rules are not applied correctly |
||
342 | * Feature #36728: Reintroduce lazy loading of i18n files |
||
343 | |||
344 | h3. [Importers] |
||
345 | |||
346 | * Defect #36377: Encoding drop-down in the import settings defaults to US-ASCII instead of general_csv_encoding in Korean, Thai, and Shimplified Chinese |
||
347 | * Feature #34718: Auto guess file encoding when importing CSV file |
||
348 | * Feature #35137: Reject CSV file without data row when importing |
||
349 | * Feature #35365: Allow sending account information when importing users |
||
350 | |||
351 | h3. [Issues] |
||
352 | |||
353 | * Defect #15634: Add watching users to a ticket should switch "watch" link to "unwatch" if own user was added |
||
354 | * Defect #33521: Use issue path instead of bulk update issues path when using the context menu with only one issue selected |
||
355 | * Defect #34641: When editing an issue, the Log time and/or Add notes does not show or hide dynamically |
||
356 | * Feature #4347: Contributing to an issue should automatically add the user to the watchers list |
||
357 | * Feature #6033: Allow addition/removal of subtasks to show in parent's history |
||
358 | * Feature #7360: Issue custom query: default query per instance, project and user |
||
359 | * Feature #13099: Issue Summary: add statistics about issues without assignee, version or category |
||
360 | * Feature #29076: Add button to "Create and follow" when adding a subtask from the parent issue |
||
361 | * Feature #31278: Change Delete button name to Delete issue |
||
362 | * Feature #35559: Query links for related issues on issue page |
||
363 | |||
364 | h3. [Issues list] |
||
365 | |||
366 | * Feature #34932: "Copy link" feature for issues list |
||
367 | |||
368 | h3. [OpenID] |
||
369 | |||
370 | * Feature #35755: Drop OpenID support |
||
371 | |||
372 | h3. [PDF export] |
||
373 | |||
374 | * Feature #35683: PDF rendering improvements when exporting an issue or a list of issues |
||
375 | |||
376 | h3. [Performance] |
||
377 | |||
378 | * Feature #29041: Update session token only once per minute |
||
379 | * Feature #35324: Preload principal and roles in members#index |
||
380 | * Feature #35374: Reduce amount of work on projects show API |
||
381 | * Feature #36294: Lazy load inline images |
||
382 | * Feature #36505: Reduce database queries when rendering Custom fields box in the project settings tab |
||
383 | * Feature #36696: Improve performance of adding or removing members of a group |
||
384 | |||
385 | h3. [Permissions and roles] |
||
386 | |||
387 | * Defect #34029: 403 Forbidden error when non-member try to upload a file |
||
388 | |||
389 | h3. [Plugin API] |
||
390 | |||
391 | * Defect #35455: Require redmine/sort_criteria globally |
||
392 | |||
393 | h3. [Project settings] |
||
394 | |||
395 | * Defect #13199: "Edit" misaligned in project members view |
||
396 | * Defect #36318: Saving time tracking activities without any change may turn a system activity into a project activity |
||
397 | |||
398 | h3. [Projects] |
||
399 | |||
400 | * Feature #35795: Settings for global and user default custom ProjectQuery |
||
401 | |||
402 | h3. [REST API] |
||
403 | |||
404 | * Feature #10171: Updating journal notes via REST API |
||
405 | * Feature #15855: Add information about whether an issue is open or closed to Issues API response |
||
406 | * Feature #24976: Include new statuses allowed by workflow in Issues REST API |
||
407 | * Feature #34766: Better error message when no API format is recognised |
||
408 | * Feature #34857: Add total estimated hours, spent hours, total spent hours for issues to issue list API |
||
409 | * Feature #35420: API to archive/unarchive projects |
||
410 | * Feature #35505: Add enabled core fields to /trackers API response |
||
411 | * Feature #35507: API to close/reopen projects |
||
412 | * Feature #36303: Include avatar URL in Users API |
||
413 | |||
414 | h3. [Rails support] |
||
415 | |||
416 | * Feature #29914: Migrate to Rails 6.1 with Zeitwerk autoloading |
||
417 | * Feature #35030: Allow parallel testing |
||
418 | * Patch #35081: Update config/environments/*.rb for Rails 6.1 |
||
419 | * Patch #36317: Set default protect from forgery true |
||
420 | |||
421 | h3. [Roadmap] |
||
422 | |||
423 | * Feature #6432: Allow unchecking all trackers in Roadmap view sidebar |
||
424 | |||
425 | h3. [Ruby support] |
||
426 | |||
427 | * Feature #31128: Drop Ruby < 2.5 support |
||
428 | * Feature #34992: Ruby 3.0 support |
||
429 | * Feature #36205: Ruby 3.1 support |
||
430 | |||
431 | h3. [SCM] |
||
432 | |||
433 | * Feature #5242: Display source project for cross-project associated revisions for issues |
||
434 | * Feature #16849: Render Textile and Markdown files in the repository browser |
||
435 | |||
436 | h3. [Text formatting] |
||
437 | |||
438 | * Defect #36580: Fix code copying in common browsers |
||
439 | * Feature #20511: Comments for Textile text formatting |
||
440 | * Feature #32424: CommonMark Markdown Text Formatting |
||
441 | * Feature #35677: Preserve leading white space when quoting using the JS toolbar |
||
442 | * Feature #35742: Enable task list items for CommonMark text formatting |
||
443 | * Patch #35104: Code blocks - consistent rendering and retaining user-supplied language name in rendered HTML |
||
444 | |||
445 | h3. [Third-party libraries] |
||
446 | |||
447 | * Feature #36701: Update Chart.js to 3.7.1 |
||
448 | * Patch #35729: Update jQuery to 3.6.0 |
||
449 | |||
450 | h3. [Time tracking] |
||
451 | |||
452 | * Defect #21056: Project specific TimeEntryActivity name not updating properly |
||
453 | |||
454 | h3. [UI] |
||
455 | |||
456 | * Defect #36524: Query Links on Issues and Time Logs Import Sidebars broken |
||
457 | * Feature #34494: Rename the save, edit and delete buttons on the query form to clarify the scope |
||
458 | * Feature #35770: Change "Edit" label in the context menu to "Bulk Edit" when multiple issues are selected |
||
459 | * Patch #30448: Remove wrapper2 and wrapper3 wrapping containers |
||
460 | * Patch #36429: Make issue tabs DOM more consistent |
||
461 | |||
462 | h3. [Wiki] |
||
463 | |||
464 | * Feature #7652: Ability to add watchers to Wiki pages |