Project

General

Profile

Changelog 5 0 » History » Version 8

Go MAEDA, 2023-03-06 00:37
Redmine 5.0.5

1 1 Marius BĂLTEANU
h1. Changelog 5.0.x
2
3 8 Go MAEDA
h2. version:5.0.5 (2023-03-05)
4
5
h3. [Code cleanup/refactoring]
6
7
* Patch #38141: Update copyright year to 2023
8
9
h3. [Documentation]
10
11
* Defect #38114: Example plugin (extra/sample_plugin) breaks Activity page
12
13
h3. [Gems support]
14
15
* Defect #38239: Test failure with Commonmarker 0.23.8
16
* Patch #38135: Allow use of Puma 6.0.0 or later
17
* Patch #38272: Update RBPDF to 1.21
18
19
h3. [Groups]
20
21
* Patch #38144: Refactoring: Use Group.visible instead of manual visibility check in GroupsController
22
23
h3. [Importers]
24
25
* Defect #38254: Time Entry Import fails to import custom fields with "User" format
26
27
h3. [Issues]
28
29
* Defect #37755: Mentioning users with certain characters renders incorrectly
30
* Defect #38217: "Property changes" tab does not appear when all issue journals have both notes and property changes
31
32
h3. [PDF export]
33
34
* Defect #32740: Incorrect characters when copying out of a Redmine generated PDF
35
* Defect #36452: Infinite loop on PDF export if image included with attributes
36
37
h3. [Project settings]
38
39
* Defect #38064: Avoid exception when adding a project without any givable roles defined
40
41
h3. [Rails support]
42
43
* Defect #36273: Modifying the source code of a plugin does not reload it after r21295
44
* Defect #38199: Fix deprecation warning for db:structure:dump in db:migrate when using sql schema format
45
* Patch #38191: Update Rails to 6.1.7.2
46
47
h3. [Security]
48
49
* Defect #38063: Avoid double-render error with ApplicationController#find_optional_project
50
* Defect #38070: Role#permission_tracker? and related does not consider whether the base permission is (still) set
51
* Defect #38133: Update Nokogiri to fix several security issues
52
* Defect #38297: Insufficient permission checks when adding attachments to issues
53
54
h3. [SEO]
55
56
* Defect #38201: Fix robots.txt to disallow issue lists with a sort or query_id parameter in any position
57
58
h3. [Text formatting]
59
60
* Defect #37881: Thumbnails are no longer fetched for all notes of an issue
61
* Defect #38073: CommonMark Markdown formatter does not support min-width, max-width, min-height, and max-height CSS properties
62
* Defect #38215: Nested CommonMark Markdown task lists are not indented
63
64
h3. [Time tracking]
65
66
* Defect #35066: Missing project_id in redirect after clicking "Create and add another" button
67
* Defect #38237: Unable to choose any user other than the current user when logging spent time after clicking "Create and add another"
68
69 6 Marius BĂLTEANU
h2. version:5.0.4 (2022-12-01)
70
71
h3. [Activity view]
72
73
* Defect #37875: Unnecessary closing li element when there is no "Next" button on Activity page
74
75
h3. [Code cleanup/refactoring]
76
77
* Patch #37938: Unused permission "Mention user"
78
79
h3. [Documentation]
80
81
* Defect #37983: Duplicate vertical-align property in wiki_syntax.css
82
83
h3. [Gems support]
84
85
* Defect #37884: All system tests fail on 4.2-stable branch with "ArgumentError: unknown keyword: :desired_capabilities"
86
* Patch #37867: Limit puma < 6.0.0 to avoid system test error
87
* Patch #37883: Limit mocha version to < 2.0.0 when Ruby version is < 2.7 to avoid test error
88
89
h3. [Issues]
90
91
* Defect #37958: Groups added to watchers are not shown as links
92
93
h3. [Issues workflow]
94
95
* Defect #37685: Read-only field permission for the project field is ignored if the current project has subprojects
96
97
h3. [Projects]
98
99
* Defect #37925: Do not allow unkown display_type for query
100
101
h3. [Rails support]
102
103
* Defect #37814: Plugins that serialize Date or Time objects cause Psych::DisallowedClass exception
104
105
h3. [Security]
106
107 7 Marius BĂLTEANU
* Defect #37772: Access Control Issue in attachments#download_all
108 6 Marius BĂLTEANU
* Defect #37751: Persistent XSS in textile formatting due to blockquote citation
109
* Defect #37767: Redmine contains a cross-site scripting vulnerability
110
* Defect #37880: Open Redirect in attachments#download_all
111
112
h3. [Translations]
113
114
* Defect #37812: "Yes" and "No" are swapped in Polish translation
115
116 5 Marius BĂLTEANU
h2. version:5.0.3 (2022-10-02)
117
118
h3. [Code cleanup/refactoring]
119
120
* Defect #37609: Remove obsolete remnant public/images/openid-bg.gif
121
* Defect #37449: Passing a wrong parameter to `with_settings` in UserTest::test_random_password_include_required_characters
122
123
h3. [Filters]
124
125
* Defect #36940: Chained custom field filter doesn't work for User fields
126
* Defect #37349: Chained custom field filter for User fields returns 500 internal server error when filtering after a float value
127
128
h3. [Issues]
129
130
* Defect #37369: Mention auto-complete not works in bulk-edit comments
131
* Defect #37499: Default query should not be applied if the query is not allowed to be set as the default
132
* Defect #37473: Focus IssueId not working when linking issues
133
134
h3. [Issues list]
135
136
* Defect #37268: Performance problem with Redmine 4.2.7 and 5.0.2
137
138
h3. [Rails support]
139
140
* Patch #37452: Update Rails to 6.1.7
141
142
h3. [Security]
143
144
* Defect #37492: Update jQuery UI to 1.13.2
145
146
h3. [SCM]
147
148
* Defect #33953: Repository tab is not displayed if no repository is set as the main repository
149
* Defect #36258: Support revision without any message in Mercurial repositories
150
* Defect #37585: Do not show "History" tab for content in Filesystem repository
151
* Defect #37626: Diff of a javascript file in repository module is not displayed with layout
152
* Defect #37718: Repository browser does not show "+" (plus sign) in filename
153
154
h3. [SCM extra]
155
156
* Defect #37562: POST Requests to repository WS fail with "Can't verify CSRF token authenticity"
157
158
h3. [Text formatting]
159
160
* Defect #37237: Common Markdown Formatter does not render all properties on HTML elements
161
* Patch #37713: Add rel="noopener" to all external links that would open a new tab/window
162
* Defect #37379: Thumbnail macro does not work when a file is attached and preview is displayed immediately
163
164
h3. [Translations]
165
166
* Defect #37529: Fix mistranslation of label button_create_and_follow in Russian translation
167
* Defect #37603: Missing translation for label_default_queries.for_this_user
168
* Patch #35613: German translation update of Wiki syntax help for 5.0-stable
169
* Patch #37263: Lithuanian translation update for 5.0-stable
170
* Patch #37698: Persian translation update for 4.2-stable
171
172
h3. [UI]
173
174
* Defect #36901: Jump to project is misaligned in Safari 15.4 and later
175
* Defect #37282: Subtask isn't displayed correctly since 4.2.7
176
* Defect #37481: Fix the unintentional selection of rows with the context menu
177
* Defect #37566: The number of the ordered list in the project description is not displayed and the indentation does not match the unordered list
178
179 4 Marius BĂLTEANU
h2. version:5.0.2 (2022-06-21)
180
181
h3. [Email notifications]
182
183
* Defect #37138: Mentions of users with "@" in their username
184
* Patch #37065: When someone is member of watcher group, 'watched_by' may be wrong and incomplete
185
* Defect #37162: Missing space between notification sentence and author name when edit a wiki page
186
187
h3. [Email receiving]
188
189
* Defect #37187: no-permission-check allows issue creation in closed/archived projects
190
191
h3. [Gems support]
192
193
* Defect #35892: Redmine::WikiFormatting::CommonMark::FormatterTest#test_footnotes fails with CommonMarker 0.23.2
194
* Defect #37249: Missing rexml gem causes errors in PUT - Adding the gem manually everything works
195
196
h3. [Issues]
197
198
* Patch #37155: Issue#last_notes fallback does not respect notes visibility
199
* Defect #37151: The done ratio of a parent issue may not be 100% even if all subtasks have a done ratio of 100%
200
* Defect #37171: Ability to change the issue category or issue target version with nonexistent value for the specific project
201
202
h3. [Performance]
203
204
* Patch #37135: Reduce extra queries in ProjectQuery.default
205
206
h3. [REST API]
207
208
* Defect #37157: Internal server error when trying to retrieve AnonymousUser's information via Users API
209
210
h3. [Security]
211
212
* Defect #37255: Information Leak in QueryAssociationColumn/QueryAssociationCustomFieldColumn
213
* Defect #37256: Medium severity XSS security vulnerabilities (3x) in jQuery UI v1.12.1
214
* Defect #37136: Remote code execution vulnerability in commonmarker
215
216
h3. [Text formatting]
217
218
* Defect #37130: Wiki notation `attachment:file_name` cannot make a link to a file attached to other journals
219
220
h3. [Time tracking]
221
222
* Defect #33914: Even if the default value of Activities (time tracking) is set, it may not be reflected.
223
224
h3. [UI - Responsive]
225
226
* Defect #36453: Issue subject overflow in subtasks and relations tables
227
228 2 Marius BĂLTEANU
h2. version:5.0.1 (2022-05-16)
229
230
h3. [Administration]
231
232
* Defect #36932: Handle nil return of Redmine::Themes.theme(Setting.ui_theme) in Redmine::Info.environment
233
234
h3. [Attachments]
235
236 3 Go MAEDA
* Defect #36887: copyImageFromClipboard function failed to generate a unique file name
237
* Patch #36817: copyImageFromClipboard function targets the first file input of the page and may conflict with other plugins
238 2 Marius BĂLTEANU
* Defect #37053: Attachments are lost when the status of the ticket is changed
239
240
h3. [Documentation]
241
242
* Defect #36862: Duplicate v5.0.0 section in Changelog
243
* Defect #36863: Missing v4.2.5 section in Changelog
244
245
h3. [Email notifications]
246
247
* Defect #36909: Mentions not working if status is changed
248
249
h3. [Email receiving]
250
251
* Defect #37030: Requests fail with "Can't verify CSRF token authenticity" in mail handler
252
253
h3. [Gems support]
254
255
* Defect #36892: Redmine does not start when installed --without markdown
256
257
h3. [I18n]
258
259
* Defect #36998: Revert lazy loading of i18n files introduced in Redmine 5.0
260
261
h3. [Rails support]
262
263
* Patch #36917: Update Rails to 6.1.6
264
265
h3. [Security]
266
267
* Patch #36912: Update Nokogiri versions to fix two critical CVE's
268
269
h3. [Text formatting]
270
271
* Defect #36958: Crafted input breaks CommonMark Markdown formatter
272
273
h3. [Translations]
274
275
* Patch #36905: German translation update for 5.0-stable
276
* Patch #36930: Bulgarian translation update for 5.0-stable
277
* Patch #36934: Russian translation update for 5.0-stable
278
* Patch #37003: Czech translation update for 5.0-stable
279
* Patch #37024: Galician translation update for 5.0-stable
280
* Patch #37025: Polish translation update for 5.0-stable
281
282 1 Marius BĂLTEANU
h2. version:5.0.0 (2022-03-28)
283
284
h3. [Accounts / authentication]
285
286
* Feature #30998: Add an rake task to prune registered users after a certain number of days
287
* Feature #31920: Require 2FA only for certain user groups
288
* Feature #33345: Include an authentication method name in LDAP connection error messages
289
* Feature #35001: Disable API authentication with username and password when two-factor authentication is enabled for the user
290
* Feature #35439: Option to require 2FA only for users with administration rights
291
* Feature #36825: Increase email address length limit from 60 to 254
292
293
h3. [Administration]
294
295
* Defect #35421: Unhandled exception when a YAML syntax error is detected in configuration.yml
296
* Feature #32116: Add configured theme to Redmine::Info
297
* Feature #35562: Show warning in admin/info when there are pending migrations
298
* Feature #35934: Show 2FA status in users list from administration with option to filter
299
* Feature #36391: Change the default value for "Time span format" from "decimal" to "minutes"
300
301
h3. [Attachments]
302
303
* Defect #35539: Race condition (possible filename collision)  in Attachment.disk_filename
304
* Feature #32898: PDF thumbnails support on Windows
305
* Feature #35462: Download all attachments in a journal
306
307
h3. [Code cleanup/refactoring]
308
309
* Defect #31132: Remove unused column trackers.is_in_chlog
310
* Defect #36149: Typo in CSS class for lists expander icon
311
* Defect #36361: IssueRelationsControllerTest#test_bulk_create_should_show_errors randomly fails
312
* Defect #36394: Avoid passing ActionController::Parameters outside of MailHandlerController
313
* Feature #34337: Remove jQuery Migrate
314
* Feature #35259: Output test coverage report to the console
315
* Feature #35671: Move subtasks section on issues show view into a separate partial
316
* Patch #15118: Deprecate and rename rss_* methods to atom_* methods
317
* Patch #31035: Remove redefinition of ActionMailer::LogSubscriber#deliver which is no longer necessary because of the removal of Setting.bcc_recipients
318
* Patch #32922: Reload detached attachments
319
* Patch #33079: Remove unused argument from Redmine::Helpers::TimeReport
320
* Patch #33337: Clean-up workflows controller
321
* Patch #34976: Add missing fixtures to TimeEntryCustomFieldTest
322
* Patch #35024: System test fails in Windows due to "/" path separator
323
* Patch #35026: Remove rake task check_parsing_by_psych
324
* Patch #35031: Remove deprecated code that are supposed to be removed in Redmine 5
325
* Patch #35075: Use named routes in base layout and account sidebar
326
* Patch #35076: Menu manager - generate correct URLs when rendering from a namespaced controller
327
* Patch #35208: Use `Time.use_zone` instead of `Time.zone=`
328
* Patch #35230: Fix typo in ApplicationHelper.html_title comment
329
* Patch #35396: Use base_scope for issue query results
330
* Patch #35466: Rename test/fixtures/configuration/*.yml.example to test/fixtures/files/configuration/*.yml
331
* Patch #35610: Cleanups after Wiki tab removal from project settings (#26579)
332
* Patch #35727: Add missing fixtures to Redmine::ProjectJumpBoxTest
333
* Patch #35773: Move sidebar content on versions index view (roadmap) into a  separate partial
334
* Patch #35952: Explicitly specify text formatting in the test suite
335
* Patch #35975: Add missing fixtures to UserTest
336
* Patch #36005: Adopt 2FA emails to new Mailer interface
337
* Patch #36241: MenuManagerTest randomly fails
338
* Patch #36347: Add missing fixture to IssuesHelperTest
339
* Patch #36358: Use File.exist? instead of deprecated File.exists?
340
* Patch #36379: Update copyright year in source files to 2022
341
* Patch #36716: IssuesControllerTest randomly fails
342
* Patch #36730: Replace Member.find_or_new with ActiveRecord's find_or_initialize_by
343
* Patch #36770: Fix to use a correct exception class ActiveRecord::IrreversibleMigration in migrations
344
345
h3. [Custom fields]
346
347
* Defect #32977: Remove references to deleted user from "user"-Format CustomFields
348
* Feature #14275: Add hinting to custom fields
349
350
h3. [Database]
351
352
* Feature #35073: Escape values in LIKE statements to prevent injection of placeholders (_ or %)
353
* Patch #36416: Cleanup more dependent objects on project delete
354
355
h3. [Documentation]
356
357
* Feature #33859: Add a list of supported languages by the code highlighter to the help
358
* Feature #34978: Add the list of supported browsers to docs and drop support for IE 11
359
360
h3. [Documents]
361
362
* Patch #17924: Structured Document list for more flexible UI design with CSS
363
364
h3. [Email notifications]
365
366
* Defect #32199: Security notification is not sent when an admin changes the password of a user
367
* Defect #35017: X-Redmine-Issue-Assignee email header field is empty when the assignee of an issue is a group
368
* Defect #36393: Mailer.with_synched_deliveries doesn't correctly detect other async Queue adapters
369
* Feature #13919: Mention user on issues and wiki pages using @user with autocomplete
370
* Feature #30820: Drop setting "Blind carbon copy recipients (bcc)"
371
372
h3. [Filters]
373
374
* Defect #36389: Filter parameters of Query string do not work when default query is enabled
375
* Feature #5893: Filter issues by notes
376
* Feature #34715: Filter issues by file description
377
* Feature #35764: Multiple search terms in the "contains" operator of text filters
378
* Patch #35312: Gracefully handle invalid operators and associations requested in queries
379
380
h3. [Gantt]
381
382
* Defect #33381: Possible double includes in issue query in gantt helper
383
384
h3. [Gems support]
385
386
* Patch #35000: Update SimpleCov to 0.21
387
* Patch #35025: Update capybara to 3.36
388
* Patch #35136: Update RuboCop to 1.25
389
* Patch #35142: Update RuboCop Performance to 1.13
390
* Patch #35207: Update RuboCop Rails to 2.14
391
* Patch #35361: Update CSV to 3.2
392
* Patch #35691: Update Nokogiri to 1.13
393
* Patch #36325: Update Rouge to 3.28
394
* Patch #36355: Update roadie-rails to 3.0
395
* Patch #36564: Update I18n to 1.10
396
397
h3. [Groups]
398
399
* Feature #12795: View group members by non-admin users
400
401
h3. [Hook requests]
402
403
* Defect #34743: Hooks for queries helper
404
405
h3. [I18n]
406
407
* Defect #36396: Custom I18n Pluralization rules are not applied correctly
408
* Feature #36728: Reintroduce lazy loading of i18n files
409
410
h3. [Importers]
411
412
* Defect #36377: Encoding drop-down in the import settings defaults to US-ASCII instead of general_csv_encoding in Korean, Thai, and Shimplified Chinese
413
* Feature #34718: Auto guess file encoding when importing CSV file
414
* Feature #35137: Reject CSV file without data row when importing
415
* Feature #35365: Allow sending account information when importing users
416
417
h3. [Issues]
418
419
* Defect #15634: Add watching users to a ticket should switch "watch" link to "unwatch" if own user was added
420
* Defect #33521: Use issue path instead of bulk update issues path when using the context menu with only one issue selected
421
* Defect #34641: When editing an issue, the Log time and/or Add notes does not show or hide dynamically
422
* Feature #4347: Contributing to an issue should automatically add the user to the watchers list
423
* Feature #6033: Allow addition/removal of subtasks to show in parent's history
424
* Feature #7360: Issue custom query: default query per instance, project and user
425
* Feature #13099: Issue Summary: add statistics about issues without assignee, version or category
426
* Feature #29076: Add button to "Create and follow" when adding a subtask from the parent issue
427
* Feature #31278: Change Delete button name to Delete issue
428
* Feature #35559: Query links for related issues on issue page
429
430
h3. [Issues list]
431
432
* Feature #34932: "Copy link" feature for issues list
433
434
h3. [OpenID]
435
436
* Feature #35755: Drop OpenID support
437
438
h3. [PDF export]
439
440
* Feature #35683: PDF rendering improvements when exporting an issue or a list of issues
441
442
h3. [Performance]
443
444
* Feature #29041: Update session token only once per minute
445
* Feature #35324: Preload principal and roles in members#index
446
* Feature #35374: Reduce amount of work on projects show API
447
* Feature #36294: Lazy load inline images
448
* Feature #36505: Reduce database queries when rendering Custom fields box in the project settings tab
449
* Feature #36696: Improve performance of adding or removing members of a group
450
451
h3. [Permissions and roles]
452
453
* Defect #34029: 403 Forbidden error when non-member try to upload a file
454
455
h3. [Plugin API]
456
457
* Defect #35455: Require redmine/sort_criteria globally
458
459
h3. [Project settings]
460
461
* Defect #13199: "Edit" misaligned in project members view
462
* Defect #36318: Saving time tracking activities without any change may turn a system activity into a project activity
463
464
h3. [Projects]
465
466
* Feature #35795: Settings for global and user default custom ProjectQuery
467
468
h3. [REST API]
469
470
* Feature #10171: Updating journal notes via REST API
471
* Feature #15855: Add information about whether an issue is open or closed to Issues API response
472
* Feature #24976: Include new statuses allowed by workflow in Issues REST API
473
* Feature #34766: Better error message when no API format is recognised
474
* Feature #34857: Add total estimated hours, spent hours, total spent hours for issues to issue list API
475
* Feature #35420: API to archive/unarchive projects
476
* Feature #35505: Add enabled core fields to /trackers API response
477
* Feature #35507: API to close/reopen projects
478
* Feature #36303: Include avatar URL in Users API
479
480
h3. [Rails support]
481
482
* Feature #29914: Migrate to Rails 6.1 with Zeitwerk autoloading
483
* Feature #35030: Allow parallel testing
484
* Patch #35081: Update config/environments/*.rb for Rails 6.1
485
* Patch #36317: Set default protect from forgery true
486
487
h3. [Roadmap]
488
489
* Feature #6432: Allow unchecking all trackers in Roadmap view sidebar
490
491
h3. [Ruby support]
492
493
* Feature #31128: Drop Ruby < 2.5 support
494
* Feature #34992: Ruby 3.0 support
495
* Feature #36205: Ruby 3.1 support
496
497
h3. [SCM]
498
499
* Feature #5242: Display source project for cross-project associated revisions for issues
500
* Feature #16849: Render Textile and Markdown files in the repository browser
501
502
h3. [Text formatting]
503
504
* Defect #36580: Fix code copying in common browsers
505
* Feature #20511: Comments for Textile text formatting
506
* Feature #32424: CommonMark Markdown Text Formatting
507
* Feature #35677: Preserve leading white space when quoting using the JS toolbar
508
* Feature #35742: Enable task list items for CommonMark text formatting
509
* Patch #35104: Code blocks - consistent rendering and retaining user-supplied language name in rendered HTML
510
511
h3. [Third-party libraries]
512
513
* Feature #36701: Update Chart.js to 3.7.1
514
* Patch #35729: Update jQuery to 3.6.0
515
516
h3. [Time tracking]
517
518
* Defect #21056: Project specific TimeEntryActivity name not updating properly
519
520
h3. [UI]
521
522
* Defect #36524: Query Links on Issues and Time Logs Import Sidebars broken
523
* Feature #34494: Rename the save, edit and delete buttons on the query form to clarify the scope
524
* Feature #35770: Change "Edit" label in the context menu to "Bulk Edit" when multiple issues are selected
525
* Patch #30448: Remove wrapper2 and wrapper3 wrapping containers
526
* Patch #36429: Make issue tabs DOM more consistent
527
528
h3. [Wiki]
529
530
* Feature #7652: Ability to add watchers to Wiki pages