Tag Archives: Upgrade

Upgrade to ChiliProject 3.1.0

We have upgraded our installation to ChiliProject 3.1.0. Our congratulations go to the people behind ChiliProject.

In short a cite from their release announce:

ChiliProject 3.1.0 includes some new features and bugfixes for ChiliProject 3.0.0 as well as some critical security fixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

What’s included

3.1.0 includes 20 bug fixes including one security fix and 5 new features for 3.0.0.

The security fix addresses several the mass assignment vulnerabilities in ChiliProject. These allowed users to write certain pieces of data which they should not have been allowed to. However users could not grant themselves access to data they can’t normally access. It was also not possible for non-admins to grant users additional rights.

All of the vulnerabilities existed since the start of the project, most going back to the beginning of Redmine itself. To further mitigate the issue, we are going to review the controller code and add additional means to prevent mass-assignment vulnerabilities in the future. As these changes require some architectural changes, we will spread them out over the future releases as part of our migration to Rails 3.

More information about the way mass-assignment works in Rails can be found at Michael Hartl’s tech blog.

You can download ChiliProject 3.1.0 here. A full list of changes can be found in the release announce linked above.

KDE-Next Repository

Since KDE SC 4.7 transition ist still blocked in Debian, preventing 4.7.4 moving from experimental to unstable, this leaves unstable users with an unsatisfying KDE SC 4.6.5. For our first release, we had used the debian-qt-kde repository, which at the time had KDE SC 4.7.2. Soon after, KDE SC 4.7.4 got uploaded to experimental. Instead of also updating the qt-kde repo, it was emptied and is dead in the water at the moment. The god thing about the qt-kde repo is, that it needs on very basic 3 lines of pinning.

As things look right now, we will see KDE SC 4.7.x in Debian 7 Wheezy. As the freeze for that is not so far away, that could mean, that KDE SC 4.8 will not enter any debian repo for a while, because in freeze RC-Bugs have priority. Even though 1 guy is working on KDE SC 4.8, there might not be enough time and manpower, once freeze hits us.

For a user to use KDE SC 4.7.4 from debian experimental, user needs a preferences file, pinning every package, resulting in a list as long as my arm. To resolve the situation, we have decided to set up a repository calles kde-next, which, at the moment, holds the KDE SC 4.7.4 packages. Adding this repo to your sources.list.d will update your kde-version to KDE SC 4.7.4 with your next dist-upgrade. No need for pinning. The upgrade from KDE SC 4.7.2 to 4.7.4 is, as can be expected, a breeze. Should you want to upgrade from KDE SC 4.6.5, or – behold – even older, please be careful and read what apt wants to do.

The lines to add are:

  • deb http://packages.siduction.org/kdenext unstable main
  • deb-src http://packages.siduction.org/kdenext unstable main

After an apt-get update your package-manager is introduced to the repository and you are good to go.

Upgrade to ChiliProject 3.0.0

We have upgraded our installation to Chiliproject 3.0.0. Our congratulations go to the people behind ChiliProject.

What’s new?

  • new design, better look-and-feel
  • a flexible templating system called Liquid
  • a huge stack of smaller improvements making it more flexible, easy and fun to use

What’s included

3.0.0 includes 24 new features and 15 bugfixes over 2.7.0. It includes all bug fixes and features of the 2.7.0 release.

What’s next?

This is the first release in the 3.x series which will be fully supported with monthly bugfix releases until the next major ChiliProject version which is due around July 2012. The big goals for that major release are the upgrade to Rails 3.x and the further modularization of ChiliProject.

Upgrade to ChiliProject 2.6.0

ChiliProject 2.6.0 has just been released. It includes some bugfixes for ChiliProject 2.5.0. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

We will upgrade our Installation today, so please excuse any posbible inconveniences. This should be the last planned upgrade of ChiliProject 2.x. We are planning a Upgrade to ChiliProject 3.0 after test later this month.

What’s included

2.6.0 includes 6 new features and 8 bug fixes for 2.5.0. None of the bug fixes is security related. The major highlights of this release are:

  • ChiliProject is now fully compatible with Ruby 1.9.3
  • Plugins needed by the core and user-provided plugins should now be separated. Users are advised to install their custom plugins into vendor/chiliproject_plugins from now on. This helps to distinguish plugins during updates. Existing installations with all plugins in vendor/plugins will continue to work as they used to be.
  • Admins using LDAP as an authentication backend can now define arbitrary LDAP filters to further narrow down the elements eligible for authentication.
  • rdm-mailhandler.rb which is used for receiving mails is usable again after fixing a regression introduced in 2.5.0
  • Small bug fixes and translation improvements.