With the release of version 3.0.12 several security threats in OpenProject are fixed.
These concern user permissions and the visibility of administration settings for logged out users. We advise everybody to update their OpenProject installation.

In addition, an error concerning the API v2 has been solved (#6688) and several usability bug fixes in the meetings and documents plugin are included in 3.0.12:

• Meetings plugin:
  The preview function for the agenda and minutes which produced an internal error has been fixed and works properly now (#15208).

• Documents plugin:
  With 3.0.12 an error in the documents plugin which caused an internal error when opening a user page (#12620) has been fixed. Many thanks to Björn Blissing who reported and fixed this error.

For a complete list of changes, pleas refer to the OpenProject 3.0.12 query.