Redmine 5.1.2 and 5.0.8 released

2024-03-15  •  Tags: , ,  • 

On March 4, 2024 (Central European Time), Redmine 5.1.2 and 5.0.8 were released. These releases are primarily maintenance releases focusing on bug fixes, with Redmine 5.1.2 including 27 fixes compared to 5.1.1.


Redmine is an open-source project management software. It can be freely installed in your own environment, such as on-premises servers, and is also available as a cloud service.

Both versions, Redmine 5.1.2 and 5.0.8, include the following important fixes:

  • Fix and add functionality for the attachment feature for plugins that stopped working due to the fix made for CVE-2022-44030 (Defect #39862, Feature #39948).

For Redmine 5.1.2, the following important fix is included:

  • Fix User API of REST API, where the filter "status=*" stopped working when upgrading from Redmine 5.0 to 5.1 (Defect #40099).

In both versions, Redmine 5.1.2 and 5.0.8, the version of Ruby on Rails has been updated to 6.1.7.7.

Changes

Common changes in 5.1.2 and 5.0.8 (16 changes)

Activity view

  • Defect #39995: Project Activities and Roadmap views disclose presence of private sub projects
    Private subprojects are displayed on the project's activity and roadmap pages.

Code cleanup/refactoring

  • Patch #39894: Explicitly render a 404 on non-JS requests to watchers#new
    Return HTTP 404 status when "Add" watchers is accessed without triggering JavaScript.
  • Patch #39999: Explicitly render a 404 on non-JS requests to messages#quote
    Return HTTP 404 status when "Quote" description/notes at issue is accessed without triggering JavaScript.
  • Patch #40043: Remove year ranges from all copyright headers
    Remove year ranges from all copyright headers in source code.

Filters

  • Defect #39991: Fix "any" operator for text filters to exclude empty text values
    Fix "any" operator for text filters to exclude empty values when searching text field.

Plugin API

  • Defect #39862: Attachments functionality for (custom) plugins broken since fix for CVE-2022-44030
    Fix attachments functionality for plugins that stopped working due to the modifications for CVE-2022-44030.
  • Feature #39948: Add Redmine::Plugin proxy method for Redmine::Acts::Attachable::ObjectTypeConstraint.register_object_type
    Add proxy method to Redmine::Plugin for Redmine::Acts::Attachable::ObjectTypeConstraint.register_object_type.

Rails support

  • Patch #40319: Update Rails to 6.1.7.7
    Update Ruby on Rails version to 6.1.7.7.

SEO

  • Defect #40208: An ActionController::RespondToMismatchError occurred in welcome#robots
    Fix welcome#robots method to return HTTP status 404 when accessed by anything other than robots.txt.

Security

  • Defect #39875: Mitigate CVE-2023-23913 (rails-ujs)
    Mitigate the impact of the vulnerability CVE-2023-23913.

Text formatting

  • Defect #40193: Performance issue with email address auto-linking in the default ("none") formatter
    Fix performance issue for formatting email address in long text.
  • Feature #39884: Allow multiple footnotes per single word
    Allow multiple footnotes per single word when using Textile.

Translations

  • Defect #39801: Fix typo in Russian translation of text_status_no_workflow
    Fix type in Russian translation of text_status_no_workflow.

UI

  • Defect #39780: User select element on activity sidebar views cutoff when displaying long user names
    Fix the issue that cutoff dropdown menu in sidebar at activity view when it contains long username.
  • Defect #39802: Fix click event handling in mobile view after closing flyout menu
    Fix click event handling when closing flyout menu in mobile view.
  • Defect #40237: Error in autocomplete (ActionController::BadRequest (Invalid query parameters: invalid %-encoding (%))
    Fix the issue that error is logged when entering '%' after '@' at comment.

Changes only in 5.1.2 (11 changes)

Administration

  • Defect #40166: Internationalize "Check all / Uncheck all" tooltip in project list for admins
    Tooltip text 'Check all/Uncheck all' displayed on Projects Administration screen can be changed for each language.

Code cleanup/refactoring

  • Defect #39864: Backport fix of random failing integration test for plugin routes
    Backport fix of random failing integration test for plugin routes.

  • Defect #40239: Add missing fixtures in Redmine::ApiTest::IssuesTest
    Add fixture in Redmine::ApiTest::IssuesTest

Database

  • Patch #39865: Extend mysql8? test helper to handle complex version strings
    Extend test helper method mysql8? to handle complex strings of versions.

Issues

  • Defect #39932: Incorrect position of "Edited" mark in issue notes with h4 headings
    Fix incorrect position of "Edited" mark in issue notes with h4 headings.

REST API

  • (Defect #40099).

  • Defect #40099: User api filtering by status=* broke on upgrade from 5.0 to 5.1
    Fix User API of REST API, where the filter "status=*" stopped working when upgrading from Redmine 5.0 to 5.1.

Text formatting

  • Defect #39755: CommonMark Markdown help page does not reflect user's language setting
    Fix issue that CommonMark Markdown help page does not reflect user's language setting.

Translations

  • Patch #39751: Additional translation for Tamil language
    Additional and update translation for Tamil language.
  • Patch #39781: Persian translation update for 5.1-stable
    Additional and update translation for Persian language.
  • Patch #39782: Russian translation update for 5.1-stable
    Additional translation for Russian language.
  • Patch #40240: Catalan translation update for 5.1-stable
    Additional translation for Catalan language.

Related information

Created: 2024-03-15  •  Tags: , ,