Skip to content
  • v1.0-rc9
  • 136c339
  • Compare
    Choose a tag to compare
    Search for a tag
  • v1.0-rc9
  • 136c339
  • Compare
    Choose a tag to compare
    Search for a tag

@peterdd peterdd released this Apr 22, 2019

Changes:

fix french language file which was broken in Flyspray 1.0-rc8

Assets 3
  • v1.0-rc8
  • ca78d2b
  • Compare
    Choose a tag to compare
    Search for a tag
  • v1.0-rc8
  • ca78d2b
  • Compare
    Choose a tag to compare
    Search for a tag

@peterdd peterdd released this Apr 17, 2019

Main Changes:

  • privacy: Recipients of same language of a notification email are now put into Bcc: field, not To: field.
    See 2135612
    (For small internal intimate teams/friends maybe cool to see who else receives a notification, but not public projects. Do a feature request for a config option if there is demand.)
  • security fix: It was possible for a user with view history permission in one project to view history of other projects or global event history. (all previous versions affected)
  • move task to other project now handles all cases (1.0-rc7 was quite strict to reveal possibe inconsistencies to the user, but incomplete to provide solutions)
  • mass operation can now be enabled in admin area. But no check for possible inconsistencies and no notifications will be sent for that operations!
  • several php warnings are fixed (csv export, rss/atom)
  • minimum PHP5.4 (older PHP5.3 may work, but not tested anymore) - PHP7.3
Assets 3
Mar 23, 2019

v

Merge pull request #716 from jdorel/patch-1
Add some missing French translations
  • v1.0-rc7
  • 2778111
  • Compare
    Choose a tag to compare
    Search for a tag
  • v1.0-rc7
  • 2778111
  • Compare
    Choose a tag to compare
    Search for a tag

@peterdd peterdd released this Jul 16, 2018

Main Changes:

  • PHP 7.2 compatible
  • better password hashes using password_hash()
  • also Google reCaptcha configurable
  • a new basic checks tab in admin area
  • more fields chooseable in admin editallusers view
  • last_login field in user table

flyspray-1.0-rc7.tgz has all 3rd party libraries included.

Assets 3

@peterdd peterdd released this Oct 4, 2017

Security release

Several security issues were reported and fixed with this release.

Assets 2

@peterdd peterdd released this Nov 18, 2016 · 2 commits to v1.0-rc4 since this release

security release

  • security fix: XSS was possible on task link attachments and comment link attachments
  • security fix: XSS was possible on task details and task comment when syntax_plugin='none'
Assets 5

@peterdd peterdd released this Oct 4, 2016 · 800 commits to master since this release

Main changes since Flyspray 1.0 RC1

  • security hotfix: deactivated fetch.php of dokuwiki syntax plugin due 2 reported security problems (probably all previous Flyspray versions)
  • bugfix: user with only modify_own_tasks wasn't able to update tasks due too strict form checks (v1.0-rc1 was affected)
  • security improvement: use crypt() instead md5 as default config setting at installation
  • security fix: added missing permission checks for RSS/Atom feeds
  • security fix (3rd library): The .zip contains now ADOdb 5.20.7 .
  • security fix (3rd library): The .zip for php5.6 with 3rd libraries included now contains guzzle in a fixed version after httpoxy . (The others below php5.6 were not affected, because only guzzle since 4.0 was affected by httpoxy vulnerability.)
  • bugfix: better settings possible combined with anonymous task creation feature
  • bugfix: dokuwiki: geshi syntax highlighting working (task description, comments, project and flyspray info boxes)
  • feature: language chinese traditional:taiwan/HongKong added
Assets 2
Oct 4, 2016
switch off mod_speling in .htaccess

@peterdd peterdd released this Apr 10, 2016

Changes since Flyspray 1.0 RC:

  • bugfix: It was possible that quickedit checked user permissions against the default project, not the project of the task.
  • bugfix: accept priority with id 6 again
  • bugfix: 0 effort entries in effort tracking are now ignored and not shown as "in progress"
  • feature: mysqli db connect to a local socket, workaround a missing adodb driver functionality.
  • bugfix: preinstall check for exif extension
  • enhancement: updated finnish translation
Assets 2

@peterdd peterdd released this Mar 23, 2016 · 1008 commits to master since this release

Changes since Flyspray 1.0 Beta2:

Assets 2
You can’t perform that action at this time.