Merge remote-tracking branch 'origin/release/17.2' into release/17.3

docker/prod/Dockerfile

@@ -141,7 +141,7 @@ ENV PGDATA=/var/openproject/pgdata
 COPY --from=openproject/gosu /go/bin/gosu /usr/local/bin/gosu
 RUN chmod +x /usr/local/bin/gosu && gosu nobody true
 
-COPY --from=openproject/hocuspocus:17.2.2 --chown=$APP_USER:$APP_USER /app /opt/hocuspocus
+COPY --from=openproject/hocuspocus:17.2.3 --chown=$APP_USER:$APP_USER /app /opt/hocuspocus
 # Keep node/npm in all-in-one for bundled hocuspocus even when BIM support is disabled.
 COPY --from=build-base /usr/local/bin/node /usr/local/bin/node
 COPY --from=build-base /usr/local/lib/node_modules /usr/local/lib/node_modules

docs/release-notes/16-6-10/README.md

@@ -0,0 +1,47 @@
+---
+title: OpenProject 16.6.10
+sidebar_navigation:
+    title: 16.6.10
+release_version: 16.6.10
+release_date: 2026-03-31
+---
+
+ # OpenProject 16.6.10
+
+ Release date: 2026-03-31
+
+ We released OpenProject [OpenProject 16.6.10](https://community.openproject.org/versions/2290).
+ The release contains several bug fixes and we recommend updating to the newest version.
+ Below you will find a complete list of all changes and bug fixes.
+
+<!-- BEGIN CVE AUTOMATED SECTION -->
+
+## Security fixes
+
+
+
+### CVE-2026-34717 - SQL Injection in Cost Reporting =n Operator via parse_number_string
+
+The =n operator in cost reports did not appropriately treat user input
+
+
+
+This vulnerability was reported by user [Ochk0](https://github.com/Ochk0) through a GitHub security advisory. Thank you for responsibly disclosing your findings.
+
+
+
+For more information, please see the [GitHub advisory #GHSA-5rrm-6qmq-2364](https://github.com/opf/openproject/security/advisories/GHSA-5rrm-6qmq-2364)
+
+
+<!-- END CVE AUTOMATED SECTION -->
+
+<!--more-->
+
+## Bug fixes and changes
+
+<!-- Warning: Anything within the below lines will be automatically removed by the release script -->
+<!-- BEGIN AUTOMATED SECTION -->
+
+
+<!-- END AUTOMATED SECTION -->
+<!-- Warning: Anything above this line will be automatically removed by the release script -->

docs/release-notes/17-0-7/README.md

@@ -0,0 +1,47 @@
+---
+title: OpenProject 17.0.7
+sidebar_navigation:
+    title: 17.0.7
+release_version: 17.0.7
+release_date: 2026-03-31
+---
+
+ # OpenProject 17.0.7
+
+ Release date: 2026-03-31
+
+ We released OpenProject [OpenProject 17.0.7](https://community.openproject.org/versions/2291).
+ The release contains several bug fixes and we recommend updating to the newest version.
+ Below you will find a complete list of all changes and bug fixes.
+
+<!-- BEGIN CVE AUTOMATED SECTION -->
+
+## Security fixes
+
+
+
+### CVE-2026-34717 - SQL Injection in Cost Reporting =n Operator via parse_number_string
+
+The =n operator in cost reports did not appropriately treat user input
+
+
+
+This vulnerability was reported by user [Ochk0](https://github.com/Ochk0) through a GitHub security advisory. Thank you for responsibly disclosing your findings.
+
+
+
+For more information, please see the [GitHub advisory #GHSA-5rrm-6qmq-2364](https://github.com/opf/openproject/security/advisories/GHSA-5rrm-6qmq-2364)
+
+
+<!-- END CVE AUTOMATED SECTION -->
+
+<!--more-->
+
+## Bug fixes and changes
+
+<!-- Warning: Anything within the below lines will be automatically removed by the release script -->
+<!-- BEGIN AUTOMATED SECTION -->
+
+
+<!-- END AUTOMATED SECTION -->
+<!-- Warning: Anything above this line will be automatically removed by the release script -->

docs/release-notes/17-1-4/README.md

@@ -0,0 +1,47 @@
+---
+title: OpenProject 17.1.4
+sidebar_navigation:
+    title: 17.1.4
+release_version: 17.1.4
+release_date: 2026-03-31
+---
+
+ # OpenProject 17.1.4
+
+ Release date: 2026-03-31
+
+ We released OpenProject [OpenProject 17.1.4](https://community.openproject.org/versions/2292).
+ The release contains several bug fixes and we recommend updating to the newest version.
+ Below you will find a complete list of all changes and bug fixes.
+
+<!-- BEGIN CVE AUTOMATED SECTION -->
+
+## Security fixes
+
+
+
+### CVE-2026-34717 - SQL Injection in Cost Reporting =n Operator via parse_number_string
+
+The =n operator in cost reports did not appropriately treat user input
+
+
+
+This vulnerability was reported by user [Ochk0](https://github.com/Ochk0) through a GitHub security advisory. Thank you for responsibly disclosing your findings.
+
+
+
+For more information, please see the [GitHub advisory #GHSA-5rrm-6qmq-2364](https://github.com/opf/openproject/security/advisories/GHSA-5rrm-6qmq-2364)
+
+
+<!-- END CVE AUTOMATED SECTION -->
+
+<!--more-->
+
+## Bug fixes and changes
+
+<!-- Warning: Anything within the below lines will be automatically removed by the release script -->
+<!-- BEGIN AUTOMATED SECTION -->
+
+
+<!-- END AUTOMATED SECTION -->
+<!-- Warning: Anything above this line will be automatically removed by the release script -->

docs/release-notes/17-2-3/README.md

@@ -0,0 +1,47 @@
+---
+title: OpenProject 17.2.3
+sidebar_navigation:
+    title: 17.2.3
+release_version: 17.2.3
+release_date: 2026-03-31
+---
+
+ # OpenProject 17.2.3
+
+ Release date: 2026-03-31
+
+ We released OpenProject [OpenProject 17.2.3](https://community.openproject.org/versions/2287).
+ The release contains several bug fixes and we recommend updating to the newest version.
+ Below you will find a complete list of all changes and bug fixes.
+
+<!-- BEGIN CVE AUTOMATED SECTION -->
+
+## Security fixes
+
+
+
+### CVE-2026-34717 - SQL Injection in Cost Reporting =n Operator via parse_number_string
+
+The =n operator in cost reports did not appropriately treat user input
+
+
+
+This vulnerability was reported by user [Ochk0](https://github.com/Ochk0) through a GitHub security advisory. Thank you for responsibly disclosing your findings.
+
+
+
+For more information, please see the [GitHub advisory #GHSA-5rrm-6qmq-2364](https://github.com/opf/openproject/security/advisories/GHSA-5rrm-6qmq-2364)
+
+
+<!-- END CVE AUTOMATED SECTION -->
+
+<!--more-->
+
+## Bug fixes and changes
+
+<!-- Warning: Anything within the below lines will be automatically removed by the release script -->
+<!-- BEGIN AUTOMATED SECTION -->
+
+
+<!-- END AUTOMATED SECTION -->
+<!-- Warning: Anything above this line will be automatically removed by the release script -->

docs/release-notes/README.md

@@ -13,6 +13,34 @@ Stay up to date and get an overview of the new features included in the releases
 <!--- New release notes are generated below. Do not remove comment. -->
 <!--- RELEASE MARKER -->
 
+## 17.2.3
+
+Release date: 2026-03-31
+
+[Release Notes](17-2-3/)
+
+
+## 17.1.4
+
+Release date: 2026-03-31
+
+[Release Notes](17-1-4/)
+
+
+## 17.0.7
+
+Release date: 2026-03-31
+
+[Release Notes](17-0-7/)
+
+
+## 16.6.10
+
+Release date: 2026-03-31
+
+[Release Notes](16-6-10/)
+
+
 ## 17.2.2
 
 Release date: 2026-03-17

publiccode.yml

@@ -7,8 +7,8 @@ name: OpenProject
 applicationSuite: openDesk
 url: 'https://github.com/opf/openproject'
 roadmap: 'https://www.openproject.org/roadmap'
-releaseDate: '2026-03-17'
-softwareVersion: '17.2.2'
+releaseDate: '2026-03-31'
+softwareVersion: '17.2.3'
 developmentStatus: stable
 softwareType: standalone/web
 logo: 'publiccode_logo.svg'