Redmine 4.1.7

2023-07-07 08:08:27 +02:00 · 2023-07-07 08:08:27 +02:00 · 3ca3c37487
commit 3ca3c37487
parent 55458d3479
103 changed files with 2426 additions and 431 deletions
--- a/doc/CHANGELOG
+++ b/doc/CHANGELOG
@ -1,8 +1,279 @@
 == Redmine changelog

 Redmine - project management software
-Copyright (C) 2006-2019  Jean-Philippe Lang
-http://www.redmine.org/
+Copyright (C) 2006-2021  Jean-Philippe Lang
+https://www.redmine.org/
+
+== 2022-03-28 v4.1.7
+
+=== [Attachments]
+
+* Defect #36013: Paste image mixed with other DataTransferItem
+
+=== [Database]
+
+* Defect #36766: Database migration from Redmine 0.8.7 or earlier fails
+
+=== [Documents]
+
+* Defect #36686: Allow pasting screenshots from clipboard in documents
+
+=== [Issues filter]
+
+* Defect #30924: Filter on Target version's Status in subproject doesn't work on version from top project
+
+=== [Projects]
+
+* Defect #36593: User without permissions to view required project custom fields cannot create new projects
+
+=== [Rails support]
+
+* Patch #36757: Update Rails to 5.2.6.3
+
+== 2022-02-20 v4.1.6
+
+=== [Gantt]
+
+* Defect #35027: Gantt PNG export ignores imagemagick_convert_command
+
+=== [Gems support]
+
+* Defect #35435: Psych 4: aliases in database.yml cause Psych::BadAlias exception
+* Defect #36226: Psych 4: Psych::DisallowedClass exception when unserializing a setting value
+
+=== [Issues]
+
+* Defect #36455: Text custom field values are not aligned with their labels when text formatting is enabled
+
+=== [Rails support]
+
+* Patch #36633: Update Rails to 5.2.6.2
+
+=== [UI]
+
+* Defect #35090: Permission check of the setting button on the issues page mismatches button semantics
+* Defect #36363: Cannot select text in a table with a context menu available
+* Patch #36378: Update copyright year in the footer to 2022
+
+=== [Wiki]
+
+* Defect #36494: WikiContentVersion API returns 500 if author is nil
+* Defect #36561: Wiki revision page does not return 404 if revision does not exist
+
+== 2021-10-10 v4.1.5
+
+=== [Administration]
+
+* Defect #35731: Password and Confirmation fields are marked as required when editing a user
+
+=== [Attachments]
+
+* Defect #35715: File upload fails when run with uWSGI
+
+=== [Issues]
+
+* Defect #35642: Long text custom field values are not aligned with their labels
+
+=== [Issues planning]
+
+* Defect #35669: Prints of Issues Report details are messed-up due to the size of the graphs
+
+=== [Permissions and roles]
+
+* Defect #35634: Attachments deletable even though issue edit not permitted
+
+=== [Security]
+
+* Defect #35789: Redmine is leaking usernames on activities index view
+* Patch #35463: Enforce stricter class filtering in WatchersController
+
+=== [UI]
+
+* Defect #34834: Line breaks in the description of a custom field are ignored in a tooltip
+
+== 2021-08-01 v4.1.4
+
+=== [Accounts / authentication]
+
+* Defect #35226: Add SameSite=Lax to cookies to fix warnings in web browsers
+
+=== [Attachments]
+
+* Defect #33752: Uploading a big file fails with NoMemoryError
+
+=== [Gantt]
+
+* Defect #34694: Progress bar for a shared version on gantt disappears when the tree is collapsed and then expanded
+
+=== [Gems support]
+
+* Defect #35621: Bundler fails to install globalid when using Ruby < 2.6.0
+
+=== [Issues]
+
+* Defect #35134: Change total spent time link to global time entries when issue has subtasks that can be on non descendent projects
+
+=== [Issues filter]
+
+* Defect #35201: Duplicate entries in issue filter values
+
+=== [Rails support]
+
+* Patch #35214: Update Rails to 5.2.6
+
+=== [Time tracking]
+
+* Defect #34856: Time entry error on private issue
+
+== 2021-04-26 v4.1.3
+
+=== [Activity view]
+
+* Defect #34933: Atom feed of the activity page does not contain items after the second page
+
+=== [Email receiving]
+
+* Defect #35100: MailHandler raises NameError exception when generating error message
+
+=== [Gems support]
+
+* Patch #34969: Remove dependency on MimeMagic
+
+=== [Issues]
+
+* Defect #34921: Do not journalize attachments that are added during a "Copy Issue" operation
+
+=== [Performance]
+
+* Patch #35034: Improve loading speed of workflow page
+
+=== [Rails support]
+
+* Patch #34966: Update Rails to 5.2.5
+
+=== [Security]
+
+* Defect #34367: Allowed filename extensions of attachments can be circumvented
+* Defect #34950: SysController and MailHandlerController are vulnerable to timing attack
+* Defect #35045: Mail handler bypasses add_issue_notes permission
+* Defect #35085: Arbitrary file read in Git adapter
+
+=== [Text formatting]
+
+* Defect #34894: User link using @ not working at the end of line
+
+=== [UI]
+
+* Patch #34955: Update copyright year in the footer to 2021
+
+== 2021-03-21 v4.1.2
+
+=== [Accounts / authentication]
+
+* Defect #33926: Rake tasks "db:encrypt" and "db:decrypt" may fail due to validation error
+
+=== [Administration]
+
+* Defect #33310: Warnings while running redmine:load_default_data rake task
+* Defect #33339: Broken layout of the preview tab of "Welcome text" setting due to unexpectedly applied padding-left
+* Defect #33355: TypeError when attempting to update a user with a blank email address
+* Defect #34247: Web browser freezes when displaying workflow page with a large number of issue statuses
+* Patch #32341: Show tooltip when hovering on repeat-value link in Field permission tab
+
+=== [Attachments]
+
+* Defect #33283: Thumbnail support for PDF attachments may not be detected
+* Defect #33459: The order of thumbnails in journals does not match the order of file name list
+* Defect #33639: Cannot paste image from clipboard when copying the image from web browsers or some apps
+* Defect #33769: When creating more than two identical attachments in a single db transaction, the first one always ends up unreadable
+* Patch #34479: Fix possible race condition with parallel, identical file uploads
+
+=== [Custom fields]
+
+* Defect #33275: Possible values field in list format custom field form is not marked as required
+* Defect #33550: Per role visibility settings for spent time custom fields is not properly checked
+
+=== [Documentation]
+
+* Defect #33939: Unnecessary translation of {{toc}} macros in Russian Wiki formatting help
+
+=== [Filters]
+
+* Defect #33281: Totals of custom fields may not be sorted as configured
+* Defect #34375: "is not" operator for Subproject filter incorrectly excludes closed subprojects
+
+=== [Gantt]
+
+* Defect #33140: Gantt bar is not displayed if the due date is the leftmost date or the start date is the rightmost date
+* Defect #33175: Starting or ending marker is not displayed if they are on the leftmost or rightmost boundary of the gantt
+* Defect #33220: Parent task subject column in gantt is not fully displayed when the column is widened
+* Defect #33724: Selected gantt columns are not displayed with MS Edge Legacy
+
+=== [Gems support]
+
+* Defect #33206: Unable to autoload constant Version.table_name if gems uses Version class
+* Defect #33768: Bundler may fail to install stringio if Ruby prior to 2.5 is used
+* Patch #34461: Update Redcarpet to 3.5.1
+* Patch #34619: Update Nokogiri to 1.11
+
+=== [I18n]
+
+* Defect #33452: Untranslated string "diff" in journal detail
+
+=== [Issues]
+
+* Defect #33338: Property changes tab does not show journals with both property changes and notes
+* Defect #33576: Done ratio of a parent issue may be shown as 99% even though all subtasks are completed
+
+=== [Issues list]
+
+* Defect #33273: Total estimated time column shows up as decimal value regardless of time setting
+* Defect #33548: Column header is clickable even when the column is not actually sortable
+* Defect #34297: Subprojects issues are not displayed on main project when all subprojects are closed
+
+=== [Projects]
+
+* Defect #33889: Do not show list for custom fields without list entry on project overview
+* Patch #34595: Filter list of recent projects in the project jump box
+
+=== [REST API]
+
+* Defect #33417: Updating an issue via REST API causes internal server error if invalid project id is specified
+* Defect #34615: 'Search' falsy parameters are not respected
+
+=== [Security]
+
+* Defect #33846: Inline issue auto complete doesn't sanitize HTML tags
+
+=== [SEO]
+
+* Defect #6734: robots.txt: disallow crawling issues list with a query string
+
+=== [Security]
+
+* Defect #33360: Names of private projects are leaked by issue journal details that contain project_id changes
+* Defect #33689: Issues API bypasses add_issue_notes permission
+* Feature #33906: Upgrade Rails to 5.2.4.5
+
+=== [Themes]
+
+* Defect #8251: Classic Theme: Missed base line
+
+=== [Time tracking]
+
+* Defect #33341: Time entry user is shown twice in the User drop-down when editing spent time
+
+=== [Translations]
+
+* Defect #34447: Typo in translation string 'setting_issue_list_default_columns': s//Isuses/Issues
+* Patch #34200: Portuguese (Brazil) translation for 4.1-stable
+* Patch #34439: Spanish translation update for 4.1-stable
+
+=== [UI]
+
+* Defect #33563: File selection buttons are not fully displayed with Google Chrome in some language
+* Feature #34123: System tests for inline auto complete feature
+* Patch #33958: Jump to end of line in editor when starting list or quote

 == 2020-04-06 v4.1.1