Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums
  • Feature tour
    Feature tour

Content

You are here:
  1. News

OpenProject version 3.0.3 released

Today we released OpenProject version 3.0.3 which contains important security fixes as well as several bug fixes.

Added by Martin Linkhorst over 10 years ago

We were going to publish a news article yesterday announcing the release of OpenProject 3.0.2 when a critical security issue was fixed in Ruby on Rails. So we skipped 3.0.2 and bring you 3.0.3 with this issue resolved today.

If you want to know more about the vulnerability check out Rafael França’s blog post about the latest Rails release.

In addition we fixed a possible cross-site scripting attack that involved tricking OpenProject with a faked MIME type when uploading attachments.

In conclusion it is strongly recommended to upgrade your 3.0 based deployments to version 3.0.3 as soon as possible. Our branches stable and dev both include the security fixes.

Bug Fixes:

There was a regression in MRI Ruby 2.1.1 that changed some return values on Ruby’s internal class Hash and led to several failing tests. This change is intended for Ruby 2.2 but due to their semantic versioning scheme shouldn’t have been incorporated in 2.1.1. Check out this blog post if you want to know more about it.

From now on we consider version 1 of our API as deprecated. It will be completely removed with the next major release of OpenProject. Please update any client libraries accordingly. As a heads up: we are actively working on version 3 of our API and will deprecate version 2 rather sooner than later as well. So you might want to get as interested in v3 as we are.

We also brought back the ability to use the database to store your session data. Even though the feature was always inside Rails’ source code it was difficult to configure it in OpenProject. You can now use your configuration.yml as well as the respective environment variable to configure the session store. See config/configuration.yml.example if you want to know how to do that exactly.

And here is the full changelog:

## 3.0.3

* Update Rails to 3.2.18 to fix CVE-2014-0130

## 3.0.2

* #1725 Content-sniffing-based XSS for attachments
* #6310 API v1 is now deprecated and will be removed in the next major release of OpenProject
* #7056 Enable Active Record Session Store
* #7177 Fix: Journal not created in connection with deleted note
* #7295 Fix: Regression in Ruby 2.1.1

Cheers,
Martin


Comments

Loading...