OpenProject 12.0.2

Release date: 2021-11-24

We released OpenProject 12.0.2.
The release contains several bug fixes and we recommend updating to the newest version.

Bug fixes and changes

• Fixed: On global work package page all types are shown - even those in projects not accessible to users [#37869]
• Fixed: New email design breaks with some mobile clients [#39821]
• Fixed: Mobile (iOS): Notification center is cut off and scrolls infinitely [#39849]
• Fixed: Broken Logo in Mail [#39906]
• Fixed: Duplicate requests for relations column leading to slow work package table rendering [#39959]
• Fixed: Attribute help text not deleted when custom field is deleted [#40027]
• Fixed: Updating profile hide my mail sets value to invalid number [#40053]
• Fixed: Can't upload BCF files as normal attachments to work packages via FOG [#40112]
• Changed: Improve error logging of SAML [#39899]

Contributions

A big thanks to community members for reporting bugs and helping us identifying and providing fixes.

Special thanks for reporting and finding bugs go to

Various Interactive

OpenProject 12.0.1

Release date: 2021-11-17

We released OpenProject 12.0.1.
The release contains several bug fixes and we recommend updating to the newest version.

Bug fixes and changes

• Fixed: Getting 500 internal server error while clicking the project meeting module [#39853]
• Fixed: Members menu in wrong place (shown above wiki pages) [#39857]
• Fixed: Error message shows every letter as bullet point [#39880]
• Fixed: Updating IFC Models fails. [#39901]

Contributions

A big thanks to community members for reporting bugs and helping us identifying and providing fixes.

Special thanks for reporting and finding bugs go to

Jithin Babu

OpenProject 12.0.0

Release date: 2021-11-15

We released OpenProject 12.0.0.
This release will change the way how you work with OpenProject. We have introduced the concept of in-app notifications. A new notification center in OpenProject will display changes in your projects directly in the application. This reduces the flood of emails in your inbox significantly. Additionally, you can add daily email summaries to keep up to date about latest updates and changes.

Introducing in-app notifications

The new in-app notifications let you never miss a change in your projects again. Now, you receive all important updates directly in the application and don’t get a flood of emails in your inbox anymore. The new bell symbol in the header navigation displays the number of unread notifications.

Go to our user guide to find out how to configure in-app notifications.

Notification center

The new notification center shows all notifications about changes within your projects, including intuitive filter options in the menu on the left, e.g. by reason for notification or by projects. Clicking on the notification will open the details of a work package. you can directly edit it in a split view. The blue elliptical indicates the number of unread notifications about changes within one work package.

Improved notification settings

The improved notification settings now allow to fine-tune for which actions and in which projects you want to receive a notification. With 12.0 you can now even add project-specific settings for changes you want to be notified about and override the default settings.

Email summaries

In addition to the in-app notifications, also email reminders can be configured to receive important updates in a daily (or more often) email summary. These email reminders can be configured to receive also additional notifications about changes in your projects, e.g. new or updated memberships in a project.

Improved work packages auto-completer

The work package auto-completer for relations now also shows additional information (project name, status, …). It is now much easier to identify the respective work package.

Export of the project list

With OpenProject 12.0 it is now possible to export the project list with all project specific information, incl. project custom fields. You can choose between the formats XLS and CSV export.

Chage of roles and permissions settings

With 12.0 we have added more granular rights for projects, for example the addtional right to configure the project overview page. This way you can even better assign certain permissions to a role in a project.

Drop official support for PostgreSQL < 13

OpenProject 12.0 will deprecate PostgreSQL versions < 13. This will result in a warning about the necessary migration to inform users trying to upgrade with an older version. The warning will be shown on startup and on the Administration > Info page. It will not result in a hard error for now but you should upgrade your installation to PostgreSQL 13. We prepared a guide on how to do that with a few steps.

All bug fixes and changes in 12.0

• Changed: Send daily email summaries (email digest) [#1899]
• Changed: Allow author to mute email notification by making him a watcher [#27706]
• Changed: Remove custom fields for "Work package priorities" and "Document categories" [#29419]
• Changed: Allow downloading IFC models [#35272]
• Changed: Show additional information (project name, status, ...) in work package auto completers [#35635]
• Changed: Change content of Project member invitation email [#36175]
• Changed: Dynamic form: Flat model structure (_links) [#37472]
• Changed: Disable author becoming watcher on project copy [#37799]
• Changed: Remove option to get notified about changes that I make myself [#37824]
• Changed: [IAN center] Make In App Notification Center responsive to mobile sizes [#37870]
• Changed: API v3 notifications api bulk confirming notifications [#37872]
• Changed: [IAN center] Clarify current magic limit of 250 items while we have no pagination [#37874]
• Changed: Automatically open the next notification after reading another notification [#38129]
• Changed: Grouping events by work package in notification dashboard [#38137]
• Changed: Link from notifications dashboard to personal notification settings [#38139]
• Changed: Create in-app notifications for the first event and not after the aggregation time of x minutes, [#38333]
• Changed: Work package type is missing in work package auto-completion [#38334]
• Changed: Show unread notifications in Activity tab [#38339]
• Changed: Work packages split view in notifications dashboard [#38340]
• Changed: New update notification reasons to better filter the relevant updates [#38341]
• Changed: Sidebar in Notification center with project filter [#38520]
• Changed: Re-name ordering settings in activity tab to "Oldest first/Newest first" [#38549]
• Changed: Notification main list view [#38592]
• Changed: Migration plan for new notifcation settings and call to action for user to use it [#38595]
• Changed: new images for renamed ordering settings to "Oldest first/Newest first" [#38605]
• Changed: Empty states in notification center [#38610]
• Changed: Involvement filters in the sidebar of notification center [#38642]
• Changed: Loading indicator when loading "all" notifications [#38648]
• Changed: New UI for notification row [#38650]
• Changed: Notification settings: account-level defaults [#38671]
• Changed: Email design - Daily Reminders [#38690]
• Changed: Email design - Mention email [#38692]
• Changed: Scroll to oldest unread activity in the activity tab [#38693]
• Changed: Email reminder settings (user account) [#38700]
• Changed: Highlight selected notification in the center [#38794]
• Changed: Separate between the reason "Assignee" and "Accountable" in notification row (mail and UI) [#38824]
• Changed: BCF API Comments Service [#38833]
• Changed: Show meaningful content on accessing non existing notifications/WorkPackage [#38842]
• Changed: Show banner when new notifications arrived while being in the notifications center [#38933]
• Changed: Consolidate details from notification row in reminder mail [#38948]
• Changed: Avoid sending member update notifications/mails upon copying a project if disabled [#39084]
• Changed: Optimise mobile view of Notification Center [#39148]
• Changed: Reset email footer [#39502]
• Changed: Send out email informing all users of the changes to the notification [#39607]
• Epic: In-app notifications [[#266...

OpenProject 11.4.1

OpenProject 11.4.1

Release date: 2021-10-20

We released OpenProject 11.4.1.
The release contains several bug fixes and we recommend updating to the newest version.

Bug fixes and changes

• Fixed: Today's Date line does not show up on My Page work package tables [#35748]
• Fixed: openproject configure tries to install postgresql 10 on upgrade, while 13 is already deployed [#39086]
• Fixed: Cannot add or remove users from group [#39090]
• Fixed: LDAP groups filter does not save synchronized group [#39120]
• Fixed: LDAP synchronized group finds only case-matching users [#39121]
• Fixed: Unnecessary deprecation warning shown on startup [#39125]
• Fixed: Cannot upload files with less common extensions (content type missing) [#39126]
• Fixed: Attachment whitelist feature not working with direct uploads enabled [#39130]
• Fixed: Revit bridge service in frontend distorts viewpoint data [#39135]
• Fixed: Help text modal text cut off [#39171]
• Fixed: Switching from "viewer" to "viewer and cards" fails to load viewer [#39184]

Contributions

A big thanks to community members for reporting bugs and helping us identifying and providing fixes.

Special thanks for reporting and finding bugs go to

Klaas van Thoor, Evgeniy Belov

OpenProject 11.4.0

Release date: 2021-10-04

We released OpenProject 11.4.0.
The release contains several bug fixes and we recommend updating to the newest version.

Bug fixes and changes

• Fixed: Work package exports fail when column "BCF snapshot" active [#33448]
• Fixed: Regression: On touch devices, Select, Info and Erase buttons don't work. [#38005]
• Fixed: Expired enterprise edition locking users out of OpenProject and all enterprise features [#38588]
• Fixed: Unable to export workpackages - undefined method `bcf_thumbnail' [#38673]
• Fixed: Wiki menu item scrolling does not work with two main wiki items [#38878]
• Fixed: Imminent user limit warning shown prematurely [#38893]
• Fixed: Custom S3 compatible upload providers blocked by CSP [#38900]
• Fixed: [Github Integration] Webhook fails for pull_request event without body [#38919]
• Fixed: IFC upload not working since attachment whitelisting [#38954]
• Fixed: BIM seed are missing snapshots [#39009]
• Fixed: Regression: Typing S while focus in viewer opens the OP global search [#39029]
• Changed: Outgoing webhook for attachment create events [#37891]
• Changed: Amend clipping plane direction [#37894]
• Changed: Refresh button [#38028]
• Changed: BCF module: Change default order to ID DESC. [#38032]
• Changed: Integrate latest Xeokit version v2.3.1 [#38981]

Contributions

A big thanks to community members for reporting bugs and helping us identifying and providing fixes.

Special thanks for reporting and finding bugs go to

pat mac

OpenProject 11.3.5

OpenProject 11.3.5

Release date: 2021-09-13

We released OpenProject 11.3.5.
The release contains several bug fixes and we recommend updating to the newest version.

Bug fixes and changes

• Fixed: User email validation regular expression insufficient [#38325]
• Fixed: Inherited role memberhips are not cleaned up if user is removed from a group via LDAP sync [#38614]
• Fixed: Release notes for 11-3-4 is empty [#38678]

Contributions

A big thanks to community members for reporting bugs and helping us identifying and providing fixes.

Special thanks for reporting and finding bugs go to

Jan Niklas Grieb, Jason Culligan

OpenProject 11.3.4

Release date: 2021-07-29

We released OpenProject 11.3.4.

This release contains only one fix for Centos 7 and Centos 8 packaged installations that are unable to access the PostgeSQL package source.
It does not contain any other fixes

OpenProject 11.3.3

Release date: 2021-07-20

We released OpenProject 11.3.3.
The release contains several bug fixes and we recommend updating to the newest version.

Security issues

CVE-2021-32763: Regular Expression Denial of Service in OpenProject forum messages

An unoptimized regular expression in the quote functionality of the OpenProject forum feature in versions before 11.3.3 allows an attacker to perform a denial of service attack by passing a particularly crafted string to increase the runtime of the regular expression evaluation drastically.

Please see the advisory for CVE-2021-32763 for more information.

CVE-2021-36390: Host Header Injection in unproxied Docker installations

The default ServerName configuration of the all-in-one and docker-compose based Docker containers of OpenProject allow for HOST header injection if they are operated without a proxying web server / load balancer in front of it with a proper ServerName setup.

Operating public facing docker containers is not recommended by OpenProject. The embedded server of the docker containers are not designed to be publicly accessible. Instead, use a proxying or load balancing web server that is bound to your public hostname. If you are using such an external web server, this advisory does not affect you.

Please see the advisory for CVE-2021-36390 for more information.

Bug fixes and changes

• Fixed: Database migration fails on upgrade from 11.2.2 to 11.3.X [#37687]
• Fixed: Renaming a group removes all group members [#38017]
• Fixed: Fix catastrophic backtracking in MessagesController#quote regular expression [#38021]
• Fixed: Public-facing docker AIO container vulnerable to HOST header injection by default [#38067]

Contributions

A big thanks to community members for reporting bugs and helping us identifying and providing fixes.

Special thanks for reporting and finding bugs go to

Rob A, Milad P.

Special thanks for identifying and responsibly disclosing security issues to

RedHunt Labs, https://redhuntlabs.com/

GitHub Security Lab

OpenProject 11.3.2

OpenProject 11.3.2

Release date: 2021-06-10

We released OpenProject 11.3.2.
The release contains several bug fixes and we recommend updating to the newest version.

Bug fixes and changes

• Fixed: Not possible to create or edit projects if relative url root configured [#37571]
• Fixed: Internal server error on custom fields view when using Slovene language [#37607]
• Fixed: Not possible to invite users via modal if relative url root configured [#37618]

Contributions

A big thanks to community members for reporting bugs and helping us identifying and providing fixes.

Special thanks for reporting and finding bugs go to

Christina Vechkanova

OpenProject 11.3.1

Release date: 2021-06-08

We released OpenProject 11.3.1.
The release contains several bug fixes and we recommend updating to the newest version.

Bug fixes and changes

• Fixed: Search autocompleter n+1 loads schemas -> slow [#34884]
• Fixed: "Click here to open [...] in fullscreenview" not working [#37555]
• Fixed: Work package hierarchy breadcrumb links not working [#37575]
• Fixed: UIM: Not enough space in drop down when user already member [#37578]
• Fixed: Error "Identifier is invalid" when creating a project that starts with a digit [#37583]