Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 50 million developers.Sign up
- privacy: Recipients of same language of a notification email are now put into Bcc: field, not To: field.
(For small internal intimate teams/friends maybe cool to see who else receives a notification, but not public projects. Do a feature request for a config option if there is demand.)
- security fix: It was possible for a user with view history permission in one project to view history of other projects or global event history. (all previous versions affected)
- move task to other project now handles all cases (1.0-rc7 was quite strict to reveal possibe inconsistencies to the user, but incomplete to provide solutions)
- mass operation can now be enabled in admin area. But no check for possible inconsistencies and no notifications will be sent for that operations!
- several php warnings are fixed (csv export, rss/atom)
- minimum PHP5.4 (older PHP5.3 may work, but not tested anymore) - PHP7.3
- PHP 7.2 compatible
- better password hashes using password_hash()
- also Google reCaptcha configurable
- a new basic checks tab in admin area
- more fields chooseable in admin editallusers view
- last_login field in user table
flyspray-1.0-rc7.tgz has all 3rd party libraries included.
- security fix: XSS was possible on task link attachments and comment link attachments
- security fix: XSS was possible on task details and task comment when syntax_plugin='none'
Main changes since Flyspray 1.0 RC1
- security hotfix: deactivated fetch.php of dokuwiki syntax plugin due 2 reported security problems (probably all previous Flyspray versions)
- bugfix: user with only modify_own_tasks wasn't able to update tasks due too strict form checks (v1.0-rc1 was affected)
- security improvement: use crypt() instead md5 as default config setting at installation
- security fix: added missing permission checks for RSS/Atom feeds
- security fix (3rd library): The .zip contains now ADOdb 5.20.7 .
- security fix (3rd library): The .zip for php5.6 with 3rd libraries included now contains guzzle in a fixed version after httpoxy . (The others below php5.6 were not affected, because only guzzle since 4.0 was affected by httpoxy vulnerability.)
- bugfix: better settings possible combined with anonymous task creation feature
- bugfix: dokuwiki: geshi syntax highlighting working (task description, comments, project and flyspray info boxes)
- feature: language chinese traditional:taiwan/HongKong added
Changes since Flyspray 1.0 RC:
- bugfix: It was possible that quickedit checked user permissions against the default project, not the project of the task.
- bugfix: accept priority with id 6 again
- bugfix: 0 effort entries in effort tracking are now ignored and not shown as "in progress"
- feature: mysqli db connect to a local socket, workaround a missing adodb driver functionality.
- bugfix: preinstall check for exif extension
- enhancement: updated finnish translation
Changes since Flyspray 1.0 Beta2:
- bugfix: notifications were sent to all users under some circumstances
- bugfix: search filters couldn't be deleted