Here comes a new Savane release. This release brings no new features but only bugfixes. Most notably, it fixes a cross site scripting bug (XSS -- which means a low security fix) that was introduced in 1.3 release. If you are running Savane 1.3, we urge you to upgrade soon, even if the effects of such flaw are not critical. Previous releases are unaffected.
Thanks a lot to anyone involved in this release, most notably Tobias Toedter for fixing bugs and Karol Nowak for reporting the XSS issue. The release tracking has been made with the task #2686. If you are still running a Savane version older than 1.3, note that we moved to SVN. See https://gna.org/forum/forum.php?forum_id=982 for more details. Obtaining it: ------------- - The GPG-signed tarball is available at <http://download.gna.org/savane/> - You can use apt-get with Debian, adding "deb http://dl.gna.org/savane/debian/ stable/" (without quotes) in your /etc/apt/sources.list Upgrading a running installation: ------------------------------------------ There a no upgrade scripts needed if you are upgrading from 1.3. If you are running an older version than 1.3, you should run the scripts in savane/update for each release you missed, as described in savane/update/README (or shipped with the debian package savane-update). Installing it from scratch: --------------------------------- Just follow INSTALL.verbose. You will probably want to take a look at more completes guides available at <http://download.gna.org/savane-doc/> If you encounter undocumented troubles, please fill a support request at <https://gna.org/support/?group=savane> Release ChangeLog: --------------------------- [SITE SPECIFIC CONTENT] * Added new status 'Orphaned/Unmaintained' in hashes.txt (bug #4811). [FRONTEND] * Cosmetics, typos (bug #4842, bug #4864, bug #5068, bug #5074) * The comparison between $HTTP_HOST and the project's base host is now case-insensitive to avoid infinite redirection loops (bug #4947). * Fixed a security issue with cross site scripting (XSS) during the submission of a new tracker item (bug #5011) * Fixed a bug causing attached files to be ignored during item reassignation (bug #4844). * Fixed a bug causing wrong email addresses to be used when notifying admins after request for membership (bug without effect if /etc/aliases was updated by sv_aliases, bug #4744). * Fixed notification to submitter if assignee changed and submitter is neither new nor old assignee. * License Other filled during submission is now printed as License if "License" is equal to "Other". [BACKEND] * The was a typo in the name of the default theme "emeraud" in sv_update_conf (bug #4975). [INTERNAL] * The PHP frontend can now use unit testing. A few tests are already included. This will be improved with more tests as development goes on. -------------------------- That's all, folks! _______________________________________________ Message posté via/par Gna! http://gna.org/ _______________________________________________ Savane-announce mailing list [email protected] https://mail.gna.org/listinfo/savane-announce _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
