Tag Archives: ChiliProject

Upgrade to ChiliProject 3.1.0

We have upgraded our installation to ChiliProject 3.1.0. Our congratulations go to the people behind ChiliProject.

In short a cite from their release announce:

ChiliProject 3.1.0 includes some new features and bugfixes for ChiliProject 3.0.0 as well as some critical security fixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

What’s included

3.1.0 includes 20 bug fixes including one security fix and 5 new features for 3.0.0.

The security fix addresses several the mass assignment vulnerabilities in ChiliProject. These allowed users to write certain pieces of data which they should not have been allowed to. However users could not grant themselves access to data they can’t normally access. It was also not possible for non-admins to grant users additional rights.

All of the vulnerabilities existed since the start of the project, most going back to the beginning of Redmine itself. To further mitigate the issue, we are going to review the controller code and add additional means to prevent mass-assignment vulnerabilities in the future. As these changes require some architectural changes, we will spread them out over the future releases as part of our migration to Rails 3.

More information about the way mass-assignment works in Rails can be found at Michael Hartl’s tech blog.

You can download ChiliProject 3.1.0 here. A full list of changes can be found in the release announce linked above.

Upgrade to ChiliProject 3.0.0

We have upgraded our installation to Chiliproject 3.0.0. Our congratulations go to the people behind ChiliProject.

What’s new?

  • new design, better look-and-feel
  • a flexible templating system called Liquid
  • a huge stack of smaller improvements making it more flexible, easy and fun to use

What’s included

3.0.0 includes 24 new features and 15 bugfixes over 2.7.0. It includes all bug fixes and features of the 2.7.0 release.

What’s next?

This is the first release in the 3.x series which will be fully supported with monthly bugfix releases until the next major ChiliProject version which is due around July 2012. The big goals for that major release are the upgrade to Rails 3.x and the further modularization of ChiliProject.

Upgrade to ChiliProject 2.6.0

ChiliProject 2.6.0 has just been released. It includes some bugfixes for ChiliProject 2.5.0. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

We will upgrade our Installation today, so please excuse any posbible inconveniences. This should be the last planned upgrade of ChiliProject 2.x. We are planning a Upgrade to ChiliProject 3.0 after test later this month.

What’s included

2.6.0 includes 6 new features and 8 bug fixes for 2.5.0. None of the bug fixes is security related. The major highlights of this release are:

  • ChiliProject is now fully compatible with Ruby 1.9.3
  • Plugins needed by the core and user-provided plugins should now be separated. Users are advised to install their custom plugins into vendor/chiliproject_plugins from now on. This helps to distinguish plugins during updates. Existing installations with all plugins in vendor/plugins will continue to work as they used to be.
  • Admins using LDAP as an authentication backend can now define arbitrary LDAP filters to further narrow down the elements eligible for authentication.
  • rdm-mailhandler.rb which is used for receiving mails is usable again after fixing a regression introduced in 2.5.0
  • Small bug fixes and translation improvements.

Upgrade auf ChiliProject 2.3

Am 04.10.2011 wurde die Version 2.3 von ChiliProject freigegeben.

Nach kurzem Test an 2 kleineren Installationen wurde das Release auch in chili.siduction.org eingespielt. Die Release-Notes findet ihr hier: http://blog.chiliproject.org/releases/chiliproject-2-3-0-released/

Wie erwartet funktionierte das Update reibungslos.

Upgrade auf ChiliProject 2.2

Vor wenigen Stunden wurde die Version 2.2 von ChiliProject freigegeben.

[27.08.2011 19:59:50] <meineerde> Ladys and Gentlemen, we have a release.

Nach kurzem Test an 2 kleineren Installationen wurde das Release auch in chili.siduction.org eingespielt. Die Release-Notes findet ihr hier: http://blog.chiliproject.org/releases/chiliproject-2-2-0-released/

Keine Sorge um die Daten, natürlich hatten wir eine Datensicherung. Frei nach dem Motto von Sledge Hammer: “Vertrauen Sie mir, ich weiss, was ich tue!” habe ich mich an ein Upgrade gewagt und siehe da: Es funkt.

Sicherheitsupdate auf ChiliProject 2.1.1

Kurz nach der Freigabe von ChiliProject 2.1 gab es ein Sicherheitsupdate auf ChiliProject 2.1.1. Dieses habe ich heute nacht eingespielt.

Bei dieser Gelegenheit habe ich auch noch das Plugin Wiki-Extensions eingespielt, das unsere Möglichkeiten ein wenig in die positive Richtung erweitert. Die Erweiterungen werde ich mit Beispielen im Laufe der nächsten Tage dokumentieren.

Upgrade auf ChiliProject 2.1

Pünktlich zum Wochenende wurde ChiliProject 2.1 freigegeben. Natürlich wird die auch sofort eingespielt. Mehr als nicht funktionieren kann es nicht. Diesen Einsatz habe ich sehnsüchtig geplant und vorbereitet. Mit diesem Release schalte ich von git master auf stable um.

Keine Sorgen um die Daten, Datensicherung ist gelaufen, die aktuell gefahrene Version kann also im Zweifel problemlos wieder hergestellt werden. Ich werde mit dem Einsatz von stable nur ein wenig ruhiger schlafen, über 50 User ist nicht mehr ganz ohne.

Falls es also in der nächsten halben Stunde ein wenig hakt, nehmt Euch in Ruhe einen Kaffee und schaut dann wieder rein.