====== Changelog ====== Interested in what changes in each Flyspray release? Read on. ===== 0.9.9.5 - 24 February 2008 ===== ==== Fixes ==== * [security] A couple of XSS holes, see [[FSA:3|FSA:3]] * FS#1401 - database connection fails with /:? chars in password * FS#1396 - Expand all bug in roadmap * FS#1400 - Notification options misleading and able to select unconfigured options * Various fixes for postgre compatibility * FS#1414 - Deleting project(w/o moving contents anywhere) does not actualy deletes DB entries. * FS#1421 - notice in setup * Fixed handling numeric user names ==== Changes ==== * Do not show disabled users in assignees * FS#1403 - Alter project list to not require a submit (switch) button * Added option for TLS and SSL (SMTP) ===== 0.9.9.4 - 12 December 2007 ===== ==== Features ==== * less sucking assignee selector (http://forum.flyspray.org/viewtopic.php?id=259) ==== Fixes ==== * [security] Fixed XSS holes, see [[FSA:2|FSA:2]] * setup fix: now prevents table prefixes starting with a number * fixed a redirection error * fixed double slash in themeurl() * FS#1338 - 'comments' field on tasklist is malfunctioning. * fixed not-null jabber ID column * FS#1341 - Crafted url for voting exposes sql * cache-table fix * fixed wrong login URL * fixed error message in schedule.php * FS#1344: Wrong URLs with address_rewriting * fixed two Jabber login bugs * FS#1347 - Jabber connects if no message is to be send * SQL fix for feed.php * FS#1354 - Adding user to notification list in IE: tlp_userselect don't show users list * Fixed missing event in the reports page * FS#1376 - Jabber and email notification not working * Fixes for "saved searches" ==== Changes ==== * updated languages * Manage project permission now "maxes out" all other permissions for a project ===== 0.9.9.3 - 23 August 2007 ===== ==== Features ==== * added mailto-link support ==== Bugs ==== * fixed Postgre SQL error * limited table prefix length for setup to prevent problems * fixed regular expression for emails * FS#1323: Tabindex for WYSIWYG-Icon before textarea hinders usability a bit * FS#1321: User::check_account_ok() may create an endless redirect loop * fixed duplicate RSS feed entries * FS#1320: Mouse overing UserName when in Manage-Project * FS#1312: "double quotes" break the dependency graph * FS#1306: Comments with SQL Statements with URLs in them get unwanted SemiColons * fix: deleting a user and resetting the automincrement value of a table (don't do this!) could grant a new user unwanted permissions * improved attachment notifications and history * fixed SQL error when searching for last edit date without having last edit column enabled * fix for another upgrading bug * made Jabber usable in PHP 5.2.[1|2] as long as no encryption is in place * FS#1272: All Projects: in page title * FS#1274: Error in translation "% of task" * FS#1268: Upgrade script fails due to incorrect error about cgi.fix_pathinfo * corrected dates of the last edit column * make force_baseurl compatibility setting work correctly everywhere * FS#1282: Task list in task details do not work after search * fixed changing old type (crypt-based) passwords ==== Changes ==== * admin users are not restricted anymore setting a user's email address * removed strike through for the task list when searching for closed tasks * single newlines are possible in dokuwiki now as well * reopen-request comments are now copied to the comments tab when accepted ===== 0.9.9.2 - 26 May 2007 ===== ==== Features ==== * temporary account lock when password entered incorrectly too often + user notification * (backported from 1.0) Strike through and disable links for missing attachments * new notification subject parameter: %u for user name * search in task summary only now possible ==== Bugs ==== * fixed anon email not being saved on task submission error * fixed false positive duplicate requests * another fix for duplicate emails * speed up for the "last edited" column, was virtually unusable with non small-sized DBs * fixed dokuwiki creating directories with wrong permissions * FS#1258 - Extension jscalendar doesn't work with polish translation * disabled Jabber notifications in PHP 5.2.1 and 5.2.2 due to a bug (http://bugs.php.net/bug.php?id=41236) which could cause a server to slow down significantly * FS#1249: Switching between projects while editing project's user groups * fixed "members can log in" on new group page for projects * FS#1250 - Notifications::Create does not iterate through $to array * FS#1246 - Categories marked as 'no show' still show up in the new task category list * fixed an issue with older IIS versions * fixed user profile info when viewed in "all projects" * more reliable temp dir detection * fixed that removed notifications did not appear in the history * if user does not exists flyspray wrongly says "user is not enabled to login" . This has been corrected and now shows the correct error message. * fixed a few possible upgrade problems for 0.9.8 to 0.9.9 and 0.9.7 to 0.9.9 * improved SVG with/height parsing for dependency graphs * fixed links on the roadmap page when default entry page is not the task list * FS#1224 - Flyspray generating dot file with syntax error * Flyspray checks writability of the attachments folder now * fixed a problem with swift and emails * fixed upgrader button in IE7 * updated sv-SE, spanish, NL translation * fixed a PHP notice in reports.php * fixed a bug in the Jabber library * fixed task links if both the summary and ID column are disabled ==== Changes ==== * bigger textarea for tasks * changed possibly confusing confirmation codes * minimum password size is 5 chars now * removed email addresses from feeds * the default htaccess file will now disable mod_security * now upgrader will not allow to upgrade from 0.9.6 (too old) ===== 0.9.9.1 - 16 March 2007 ===== ==== Bugs ==== * [security] minor issue: Project summary of private projects can be seen with direct links * [security] major issue: Performing actions as admin possible without password when getting Flyspray to spit out errors before all headers are sent (Thanks to Stefan Esser) see also [[fsa:1 | FSA1]] * fixed upgrade problems with PostgreSQL * fixed a bug regarding adding attachments * fixed a bug related to the task list and update check (undefined index...) * fixed maxlength for user name fields + usernames ar stripped on login the same way as on creation * fixed a problem with time zones * upgraded swift to fix a problem with double dots in emails (hopefully) * fixed two upgrade problems for 0.9.7 to 0.9.9 * fixed "Undefined index: user_pass" with wrong cookies * fixed a typo (hardcoded task ID), which lead to confusing URLs after editing a task * fixed that the template class can use a non-existent themes * fixed language selection if no language is set * fixed FS#1198: Unable to translate into new language with .langedit.php * fixed FS#1194: Restore default task list sort order * fixed "Sort task list by status fails for closed tasks" ==== Changes ==== * updated BG translation * fixed a too low margin on the roadmap page * table cells for task fields now use nowrap * glob_compat() for all PHP installations that have glob() disabled for some pseudo security reasons, some people still secure their systems based in the wrong assumption that safe_mode or open_basedir are safe. * Flyspray now checks if the XML parser is available which is required for setup, otherwise setup might fail for no apparent reason * added replacements for ctype_digit and ctype_alnum which are sometimes missing on borked PHP installations * removed automatically added reminders. It will not be in 1.0 anyway, so you better don't get used to it. * upgrader button can't be pressed twice in a row anymore ===== 0.9.9 - 10 February 2007 ===== The list of changes is so extensive that it's too much work to list them all. Refer to http://blog.flyspray.org/archives/2-Development-status-update.html for a developement summary. ===== 0.9.8 - 23 October 2005 ===== * NEW - Full-featured installer * NEW - Address rewriting for human-readable URLs * NEW - Database table prefixes * NEW - Background daemon to run the scheduler * NEW - Due-by-date field, searchable * NEW - Prev/Next task links * NEW - Operations on multiple tasks from the tasklist * NEW - 'Project' addresses that receive notifications for ALL changes in that project * NEW - Dropdown lists are now set globally and at Project level * NEW - Uses class.jabber.php for Jabber notifications * NEW - Uses class.phpmailer for email notifications * NEW - SMTP for email notifications * NEW - XML-RPC interface for opening/closing tasks, and retriving user details * NEW - New user accounts use MD5 for passwords. * NEW - Attaching multiple files to tasks and comments. * IMPROVED - Reliability of Jabber notifications * IMPROVED - Admin and Project Manager areas are more consistant and easy to navigate * IMPROVED - Layout and rendering * IMPROVED - Speed of changing tabs (uses DHTML instead of a page-reload) * IMPROVED - RSS feed * IMPROVED - Much code has been moved to classes/functions (so is much more re-usable) * IMPROVED - Statusbar is now used for almost all updates, and fades in a very pretty way. * IMPROVED - Now formats dates using strftime() to achieve localised date strings * FIXED - Permissions that were broken in last release * FIXED - Now checks permissions before delivering attachments * FIXED - Re-enabled Project Manager requests, adding a 'deny' link with reason box ===== 0.9.7 - 22 January 2005 ===== * NEW: Easy setup script * NEW: User groups are now global AND project-level * NEW: Group permissions now more fine-grained * NEW: No more intermediate pages after submitting forms - new statusbar instead * NEW: Task dependencies and blocks * NEW: phpMarkdown used in project blurb, task details and comments areas (allows document markup) * NEW: Users can request a link to change their password * NEW: Private tasks * NEW: Icons. Now using an iconset with a compatible licence. * IMPROVED: Notifications no longer get sent to the user making the change * IMPROVED: Method of sending registration confirmation codes * IMPROVED: Anonymous browsing is now a project-level setting * IMPROVED: Bluey theme layout and style. It almost renders in IE! * IMPROVED: Escaping of special characters in form selects * IMPROVED: Detects php magic quotes setting for task display ===== 0.9.6 - 08 October 2004 ===== * NEW: Config settings have been moved from header.php into flyspray.conf.php * NEW: Closure comments * NEW: Configurable date and time formats, global and per-user * NEW: Sub-categories * NEW: Priority * NEW: Dropdown list to show only tasks assigned to me, tasks opened by me, and tasks I watch * NEW: Locking tasks while editing, so no-one else can save over your changes-in-progress * NEW: Referring to a Flyspray task in the format - FS#123 - creates a hyperlink to that task * NEW: Versions are separated into past, present and future * NEW: Per theme custom header.inc.php and footer.inc.php files * NEW: Customisable columns in task list * NEW: 'Remember login' option * NEW: Secondary sort in task list * NEW: Visual indicator on which column is sorted in task list * NEW: Reports. Only two so far, but more to come * NEW: Task history tab * NEW: Scheduled reminders tab * NEW: Admins can change user's passwords for them * NEW: Basic RSS feed script - /scripts/rss.php * IMPROVED: Method of marking tasks 'closed'. * IMPROVED: Task summary is now in notification subject lines * IMPROVED: Admin lists are now one form per page instead of per row * IMPROVED: Projects are now sorted alphabetically in the dropdown lists * FIXED: Changing passwords now works if the cookie salt has been changed * FIXED: Protection against opening duplicate tasks using your browser's 'back' button ===== 0.9.5 - 19 February 2004 ===== * NEW: Multiple projects with different categories etc for each. Default owners, themes etc are now project-specific * NEW: Multiple database support through ADODB * NEW: Postgres port * NEW: Protection from user-submitted data through regular expression filtering * NEW: Attachment deleting * NEW: Changing cookie 'salt' for protection against authentication spoofing * NEW: Double-clicking task details enters Edit Mode * FIXED: No more popup windows! * FIXED: Sort columns by Task Type * FIXED: Registration without confirmation code * FIXED: Minor bugs in notifications * FIXED: Minor CSS layout bugs ===== 0.9.4 - 20 August 2003 ===== * NEW: Each task can now have unlimited related tasks, * NEW: Notifications Tab for each task so that users can be notified when a certain task has changed, * NEW: Categories can now have 'owners' who get notified when a new task is opened in that category, * NEW: Options screen has default category owner for un-owned categories, * NEW: Option to send a confirmation code for new user registrations - to prevent script kiddies signing up multiple accounts for spamming the system, * NEW: Page numbering for task list, * NEW: Option to only allow registered users to view anything, * NEW: Internationalisation support. English, French, German and Dutch translations are included, * NEW: Alternate stylesheet support for Mozilla users, showing all installed themes, * NEW: Comments can now be edited and deleted by members of an Admin group, * NEW: Severities has been moved out of the database into a translatable text file. All user-added severities will be converted to Critical severity by the upgrade script. * NEW: List names are now editable in the admin areas. * FIXED: Users & Groups admin page, which was rendering poorly in MSIE, * FIXED: HTML output now validates as HTML 4.01 Transitional, * FIXED: Scripts now check for empty summary and details prior to adding a task, * FIXED: Some form buttons wouldn't submit when the browser had javascript turned off, * FIXED: "Add another task after this one" didn't work. * IMPROVED: Permissions on file uploads are now set non-executable, * IMPROVED: Default theme stylesheet is much prettier, * IMPROVED: Small layout fixes ===== 0.9.3.1 - 28 July 2003 ===== * FIXED: A critical bug with setting/showing task status, * FIXED: Sorting on column headers to include Task Type search results. ===== 0.9.3 - 25 July 2003 ===== Core features implemented, first public release.