mirror of
https://github.com/opf/openproject.git
synced 2026-06-14 03:30:14 +00:00
Merge remote-tracking branch 'origin/release/17.1' into release/17.2
This commit is contained in:
Oliver Günther
@@ -0,0 +1,47 @@
|
||||
---
|
||||
title: OpenProject 16.6.10
|
||||
sidebar_navigation:
|
||||
title: 16.6.10
|
||||
release_version: 16.6.10
|
||||
release_date: 2026-03-31
|
||||
---
|
||||
|
||||
# OpenProject 16.6.10
|
||||
|
||||
Release date: 2026-03-31
|
||||
|
||||
We released OpenProject [OpenProject 16.6.10](https://community.openproject.org/versions/2290).
|
||||
The release contains several bug fixes and we recommend updating to the newest version.
|
||||
Below you will find a complete list of all changes and bug fixes.
|
||||
|
||||
<!-- BEGIN CVE AUTOMATED SECTION -->
|
||||
|
||||
## Security fixes
|
||||
|
||||
|
||||
|
||||
### CVE-2026-34717 - SQL Injection in Cost Reporting =n Operator via parse_number_string
|
||||
|
||||
The =n operator in cost reports did not appropriately treat user input
|
||||
|
||||
|
||||
|
||||
This vulnerability was reported by user [Ochk0](https://github.com/Ochk0) through a GitHub security advisory. Thank you for responsibly disclosing your findings.
|
||||
|
||||
|
||||
|
||||
For more information, please see the [GitHub advisory #GHSA-5rrm-6qmq-2364](https://github.com/opf/openproject/security/advisories/GHSA-5rrm-6qmq-2364)
|
||||
|
||||
|
||||
<!-- END CVE AUTOMATED SECTION -->
|
||||
|
||||
<!--more-->
|
||||
|
||||
## Bug fixes and changes
|
||||
|
||||
<!-- Warning: Anything within the below lines will be automatically removed by the release script -->
|
||||
<!-- BEGIN AUTOMATED SECTION -->
|
||||
|
||||
|
||||
<!-- END AUTOMATED SECTION -->
|
||||
<!-- Warning: Anything above this line will be automatically removed by the release script -->
|
||||
@@ -0,0 +1,47 @@
|
||||
---
|
||||
title: OpenProject 17.0.7
|
||||
sidebar_navigation:
|
||||
title: 17.0.7
|
||||
release_version: 17.0.7
|
||||
release_date: 2026-03-31
|
||||
---
|
||||
|
||||
# OpenProject 17.0.7
|
||||
|
||||
Release date: 2026-03-31
|
||||
|
||||
We released OpenProject [OpenProject 17.0.7](https://community.openproject.org/versions/2291).
|
||||
The release contains several bug fixes and we recommend updating to the newest version.
|
||||
Below you will find a complete list of all changes and bug fixes.
|
||||
|
||||
<!-- BEGIN CVE AUTOMATED SECTION -->
|
||||
|
||||
## Security fixes
|
||||
|
||||
|
||||
|
||||
### CVE-2026-34717 - SQL Injection in Cost Reporting =n Operator via parse_number_string
|
||||
|
||||
The =n operator in cost reports did not appropriately treat user input
|
||||
|
||||
|
||||
|
||||
This vulnerability was reported by user [Ochk0](https://github.com/Ochk0) through a GitHub security advisory. Thank you for responsibly disclosing your findings.
|
||||
|
||||
|
||||
|
||||
For more information, please see the [GitHub advisory #GHSA-5rrm-6qmq-2364](https://github.com/opf/openproject/security/advisories/GHSA-5rrm-6qmq-2364)
|
||||
|
||||
|
||||
<!-- END CVE AUTOMATED SECTION -->
|
||||
|
||||
<!--more-->
|
||||
|
||||
## Bug fixes and changes
|
||||
|
||||
<!-- Warning: Anything within the below lines will be automatically removed by the release script -->
|
||||
<!-- BEGIN AUTOMATED SECTION -->
|
||||
|
||||
|
||||
<!-- END AUTOMATED SECTION -->
|
||||
<!-- Warning: Anything above this line will be automatically removed by the release script -->
|
||||
@@ -0,0 +1,47 @@
|
||||
---
|
||||
title: OpenProject 17.1.4
|
||||
sidebar_navigation:
|
||||
title: 17.1.4
|
||||
release_version: 17.1.4
|
||||
release_date: 2026-03-31
|
||||
---
|
||||
|
||||
# OpenProject 17.1.4
|
||||
|
||||
Release date: 2026-03-31
|
||||
|
||||
We released OpenProject [OpenProject 17.1.4](https://community.openproject.org/versions/2292).
|
||||
The release contains several bug fixes and we recommend updating to the newest version.
|
||||
Below you will find a complete list of all changes and bug fixes.
|
||||
|
||||
<!-- BEGIN CVE AUTOMATED SECTION -->
|
||||
|
||||
## Security fixes
|
||||
|
||||
|
||||
|
||||
### CVE-2026-34717 - SQL Injection in Cost Reporting =n Operator via parse_number_string
|
||||
|
||||
The =n operator in cost reports did not appropriately treat user input
|
||||
|
||||
|
||||
|
||||
This vulnerability was reported by user [Ochk0](https://github.com/Ochk0) through a GitHub security advisory. Thank you for responsibly disclosing your findings.
|
||||
|
||||
|
||||
|
||||
For more information, please see the [GitHub advisory #GHSA-5rrm-6qmq-2364](https://github.com/opf/openproject/security/advisories/GHSA-5rrm-6qmq-2364)
|
||||
|
||||
|
||||
<!-- END CVE AUTOMATED SECTION -->
|
||||
|
||||
<!--more-->
|
||||
|
||||
## Bug fixes and changes
|
||||
|
||||
<!-- Warning: Anything within the below lines will be automatically removed by the release script -->
|
||||
<!-- BEGIN AUTOMATED SECTION -->
|
||||
|
||||
|
||||
<!-- END AUTOMATED SECTION -->
|
||||
<!-- Warning: Anything above this line will be automatically removed by the release script -->
|
||||
@@ -13,6 +13,27 @@ Stay up to date and get an overview of the new features included in the releases
|
||||
<!--- New release notes are generated below. Do not remove comment. -->
|
||||
<!--- RELEASE MARKER -->
|
||||
|
||||
## 17.1.4
|
||||
|
||||
Release date: 2026-03-31
|
||||
|
||||
[Release Notes](17-1-4/)
|
||||
|
||||
|
||||
## 17.0.7
|
||||
|
||||
Release date: 2026-03-31
|
||||
|
||||
[Release Notes](17-0-7/)
|
||||
|
||||
|
||||
## 16.6.10
|
||||
|
||||
Release date: 2026-03-31
|
||||
|
||||
[Release Notes](16-6-10/)
|
||||
|
||||
|
||||
## 17.2.2
|
||||
|
||||
Release date: 2026-03-17
|
||||
|
||||
Reference in New Issue
Block a user