Redmine 5.1.2 and 5.0.8 released
On March 4, 2024 (Central European Time), Redmine 5.1.2 and 5.0.8 were released. These releases are primarily maintenance releases focusing on bug fixes, with Redmine 5.1.2 including 27 fixes compared to 5.1.1.
Redmine is an open-source project management software. It can be freely installed in your own environment, such as on-premises servers, and is also available as a cloud service.
Both versions, Redmine 5.1.2 and 5.0.8, include the following important fixes:
- Fix and add functionality for the attachment feature for plugins that stopped working due to the fix made for CVE-2022-44030 (Defect #39862, Feature #39948).
For Redmine 5.1.2, the following important fix is included:
- Fix User API of REST API, where the filter "status=*" stopped working when upgrading from Redmine 5.0 to 5.1 (Defect #40099).
In both versions, Redmine 5.1.2 and 5.0.8, the version of Ruby on Rails has been updated to 6.1.7.7.
Changes
Common changes in 5.1.2 and 5.0.8 (16 changes)
Activity view
- Defect #39995: Project Activities and Roadmap views disclose presence of private sub projects
Private subprojects are displayed on the project's activity and roadmap pages.
Code cleanup/refactoring
- Patch #39894: Explicitly render a 404 on non-JS requests to watchers#new
Return HTTP 404 status when "Add" watchers is accessed without triggering JavaScript. - Patch #39999: Explicitly render a 404 on non-JS requests to messages#quote
Return HTTP 404 status when "Quote" description/notes at issue is accessed without triggering JavaScript. - Patch #40043: Remove year ranges from all copyright headers
Remove year ranges from all copyright headers in source code.
Filters
- Defect #39991: Fix "any" operator for text filters to exclude empty text values
Fix "any" operator for text filters to exclude empty values when searching text field.
Plugin API
- Defect #39862: Attachments functionality for (custom) plugins broken since fix for CVE-2022-44030
Fix attachments functionality for plugins that stopped working due to the modifications for CVE-2022-44030. - Feature #39948: Add Redmine::Plugin proxy method for Redmine::Acts::Attachable::ObjectTypeConstraint.register_object_type
Add proxy method toRedmine::Plugin
forRedmine::Acts::Attachable::ObjectTypeConstraint.register_object_type
.
Rails support
- Patch #40319: Update Rails to 6.1.7.7
Update Ruby on Rails version to 6.1.7.7.
SEO
- Defect #40208: An ActionController::RespondToMismatchError occurred in welcome#robots
Fixwelcome#robots
method to return HTTP status 404 when accessed by anything other than robots.txt.
Security
- Defect #39875: Mitigate CVE-2023-23913 (rails-ujs)
Mitigate the impact of the vulnerability CVE-2023-23913.
Text formatting
- Defect #40193: Performance issue with email address auto-linking in the default ("none") formatter
Fix performance issue for formatting email address in long text. - Feature #39884: Allow multiple footnotes per single word
Allow multiple footnotes per single word when using Textile.
Translations
- Defect #39801: Fix typo in Russian translation of text_status_no_workflow
Fix type in Russian translation oftext_status_no_workflow
.
UI
- Defect #39780: User select element on activity sidebar views cutoff when displaying long user names
Fix the issue that cutoff dropdown menu in sidebar at activity view when it contains long username. - Defect #39802: Fix click event handling in mobile view after closing flyout menu
Fix click event handling when closing flyout menu in mobile view. - Defect #40237: Error in autocomplete (
ActionController::BadRequest (Invalid query parameters: invalid %-encoding (%)
)
Fix the issue that error is logged when entering '%' after '@' at comment.
Changes only in 5.1.2 (11 changes)
Administration
- Defect #40166: Internationalize "Check all / Uncheck all" tooltip in project list for admins
Tooltip text 'Check all/Uncheck all' displayed on Projects Administration screen can be changed for each language.
Code cleanup/refactoring
Defect #39864: Backport fix of random failing integration test for plugin routes
Backport fix of random failing integration test for plugin routes.Defect #40239: Add missing fixtures in Redmine::ApiTest::IssuesTest
Add fixture inRedmine::ApiTest::IssuesTest
Database
- Patch #39865: Extend mysql8? test helper to handle complex version strings
Extend test helper methodmysql8?
to handle complex strings of versions.
Issues
- Defect #39932: Incorrect position of "Edited" mark in issue notes with h4 headings
Fix incorrect position of "Edited" mark in issue notes with h4 headings.
REST API
(Defect #40099).
Defect #40099: User api filtering by status=* broke on upgrade from 5.0 to 5.1
Fix User API of REST API, where the filter "status=*" stopped working when upgrading from Redmine 5.0 to 5.1.
Text formatting
- Defect #39755: CommonMark Markdown help page does not reflect user's language setting
Fix issue that CommonMark Markdown help page does not reflect user's language setting.
Translations
- Patch #39751: Additional translation for Tamil language
Additional and update translation for Tamil language. - Patch #39781: Persian translation update for 5.1-stable
Additional and update translation for Persian language. - Patch #39782: Russian translation update for 5.1-stable
Additional translation for Russian language. - Patch #40240: Catalan translation update for 5.1-stable
Additional translation for Catalan language.