Tag Archives: ChiliProject

Upgrade to ChiliProject 3.1.0

We have upgraded our installation to ChiliProject 3.1.0. Our congratulations go to the people behind ChiliProject.

In short a cite from their release announce:

ChiliProject 3.1.0 includes some new features and bugfixes for ChiliProject 3.0.0 as well as some critical security fixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

What’s included

3.1.0 includes 20 bug fixes including one security fix and 5 new features for 3.0.0.

The security fix addresses several the mass assignment vulnerabilities in ChiliProject. These allowed users to write certain pieces of data which they should not have been allowed to. However users could not grant themselves access to data they can’t normally access. It was also not possible for non-admins to grant users additional rights.

All of the vulnerabilities existed since the start of the project, most going back to the beginning of Redmine itself. To further mitigate the issue, we are going to review the controller code and add additional means to prevent mass-assignment vulnerabilities in the future. As these changes require some architectural changes, we will spread them out over the future releases as part of our migration to Rails 3.

More information about the way mass-assignment works in Rails can be found at Michael Hartl’s tech blog.

You can download ChiliProject 3.1.0 here. A full list of changes can be found in the release announce linked above.

Upgrade to ChiliProject 3.0.0

We have upgraded our installation to Chiliproject 3.0.0. Our congratulations go to the people behind ChiliProject.

What’s new?

  • new design, better look-and-feel
  • a flexible templating system called Liquid
  • a huge stack of smaller improvements making it more flexible, easy and fun to use

What’s included

3.0.0 includes 24 new features and 15 bugfixes over 2.7.0. It includes all bug fixes and features of the 2.7.0 release.

What’s next?

This is the first release in the 3.x series which will be fully supported with monthly bugfix releases until the next major ChiliProject version which is due around July 2012. The big goals for that major release are the upgrade to Rails 3.x and the further modularization of ChiliProject.

Upgrade to ChiliProject 2.6.0

ChiliProject 2.6.0 has just been released. It includes some bugfixes for ChiliProject 2.5.0. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

We will upgrade our Installation today, so please excuse any posbible inconveniences. This should be the last planned upgrade of ChiliProject 2.x. We are planning a Upgrade to ChiliProject 3.0 after test later this month.

What’s included

2.6.0 includes 6 new features and 8 bug fixes for 2.5.0. None of the bug fixes is security related. The major highlights of this release are:

  • ChiliProject is now fully compatible with Ruby 1.9.3
  • Plugins needed by the core and user-provided plugins should now be separated. Users are advised to install their custom plugins into vendor/chiliproject_plugins from now on. This helps to distinguish plugins during updates. Existing installations with all plugins in vendor/plugins will continue to work as they used to be.
  • Admins using LDAP as an authentication backend can now define arbitrary LDAP filters to further narrow down the elements eligible for authentication.
  • rdm-mailhandler.rb which is used for receiving mails is usable again after fixing a regression introduced in 2.5.0
  • Small bug fixes and translation improvements.