diff --git a/docs/api/apiv3/paths/programs.yml b/docs/api/apiv3/paths/programs.yml index cbe324a8de0..d984e8af021 100644 --- a/docs/api/apiv3/paths/programs.yml +++ b/docs/api/apiv3/paths/programs.yml @@ -17,7 +17,7 @@ get: required: false description: |- JSON specifying filter conditions. - Accepts the same format as returned by the [queries](https://www.openprogram.org/docs/api/endpoints/queries/) endpoint. + Accepts the same format as returned by the [queries](https://www.openproject.org/docs/api/endpoints/queries/) endpoint. Currently supported filters are: + active: based on the active property of the program diff --git a/docs/api/apiv3/tags/programs.yml b/docs/api/apiv3/tags/programs.yml index f28e7440347..25c6fde708d 100644 --- a/docs/api/apiv3/tags/programs.yml +++ b/docs/api/apiv3/tags/programs.yml @@ -36,7 +36,7 @@ description: |- Note, that the parent and ancestor links may contain the "undisclosed uri" `urn:openprogram-org:api:v3:undisclosed` in case an ancestor program is defined but the client lacks permission to see it. See the - [general introduction into links' properties](https://www.openprogram.org/docs/api/basic-objects/#local-properties) for more information. + [general introduction into links' properties](https://www.openproject.org/docs/api/basic-objects/#local-properties) for more information. ## Local Properties diff --git a/docs/development/code-review-guidelines/README.md b/docs/development/code-review-guidelines/README.md index 1aca23eadad..7b389298cd5 100644 --- a/docs/development/code-review-guidelines/README.md +++ b/docs/development/code-review-guidelines/README.md @@ -10,7 +10,7 @@ We try to adhere to the [Ruby community style guide](https://github.com/bbatsov/ Due to the age of our codebase, a lot of our code might not yet adhere to these style guides, but we want all new code to adhere to it. You do not have to improve existing code when making changes, but we encourage it. If you do, please do all improvements in a separate commit from the actual change, so the improvements do not hide your actual code changes in a diff. -Before committing, please run your new code through [Rubocop](https://github.com/bbatsov/rubocop). It detects deviations from a lot of things in the style guide and things that are bad practice in general. You obviously do not have to fix issues with existing code. There is a [list of editor plugins](https://docs.rubocop.org/rubocop/1.31/integration_with_other_tools.html#editor-integration) in the Rubocop docs. You can also use `bin/dirty-rubocop` to test them. Pull requests are being linted automatically through a GitHub action. +Before committing, please run your new code through [Rubocop](https://github.com/bbatsov/rubocop). It detects deviations from a lot of things in the style guide and things that are bad practice in general. You obviously do not have to fix issues with existing code. There is a [list of editor plugins](https://docs.rubocop.org/rubocop/integration_with_other_tools.html#editor-integration) in the Rubocop docs. You can also use `bin/dirty-rubocop` to test them. Pull requests are being linted automatically through a GitHub action. The same is true for eslint. Your editor will likely have support for eslint checks, and allows you to correct them before committing. diff --git a/docs/development/testing/running-tests-locally/README.md b/docs/development/testing/running-tests-locally/README.md index 57060b4e9dc..4cef77d2196 100644 --- a/docs/development/testing/running-tests-locally/README.md +++ b/docs/development/testing/running-tests-locally/README.md @@ -256,7 +256,6 @@ To easily change the RSpec examples being run without relaunching `watchexec` ev ## Manual acceptance tests * Sometimes you want to test things manually. Always remember: If you test something more than once, write an automated test for it. -* Assuming you do not have a version of Edge already installed on your computer, you can grab a VM with preinstalled IE's directly from [Microsoft](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/) ### Accessing a local OpenProject instance from a VM or mobile phone diff --git a/docs/installation-and-operations/installation-faq/README.md b/docs/installation-and-operations/installation-faq/README.md index f8bde7d3b31..1c92c85779f 100644 --- a/docs/installation-and-operations/installation-faq/README.md +++ b/docs/installation-and-operations/installation-faq/README.md @@ -46,7 +46,7 @@ Alternatively, you could use OpenProject [as cloud version](https://www.openproj ### Why don't you support Windows? -Ruby support on Windows is notoriously difficult, however you might be able to run the Docker image, or use the unofficial Windows stack provided by [Bitnami](https://bitnami.com/stack/openproject/installer). We would welcome feedback and reported experiences on running OpenProject on Windows, please reach out to us if you can contribute some information. +Ruby support on Windows is notoriously difficult, however you might be able to run the Docker image. We would welcome feedback and reported experiences on running OpenProject on Windows, please reach out to us if you can contribute some information. ### Can I install OpenProject on my Mac? @@ -82,7 +82,7 @@ Older installations of OpenProject are likely installed with a MySQL installatio Please follow these steps: 1. Make a dump of your Bitnami database to export your data. You can refer to the [Bitnami documentation](https://docs.bitnami.com/general/infrastructure/mysql/administration/backup-restore-mysql-mariadb/). -1. Make a dump of files you might have uploaded. You can refer to the [Bitnami documentation](https://docs.bitnami.com/general/apps/openproject/) to perform a full dump. +1. Make a dump of files you might have uploaded. 1. Copy both dumps to the server you want to install OpenProject on. 1. Install OpenProject using the packaged installation. 1. By default, this will allow you to install a PostgreSQL database, which we recommend. You can migrate your data from MySQL using [pgloader](https://pgloader.io) diff --git a/docs/installation-and-operations/jira-migration/README.md b/docs/installation-and-operations/jira-migration/README.md index d2cf6c9f6c5..c235a69e9cc 100644 --- a/docs/installation-and-operations/jira-migration/README.md +++ b/docs/installation-and-operations/jira-migration/README.md @@ -54,7 +54,7 @@ Use the [OpenProject REST API](https://www.openproject.org/docs/api) to migrate ### 3. Excel synchronization -The [Excel synchronization integration](https://www.openproject.org/docs/system-admin-guide/integrations/excel-synchronization) allows you to import and export tabular data between JIRA, Confluence, and OpenProject using spreadsheets. +The [Excel synchronization integration](../../system-admin-guide/integrations/excel-synchronization) allows you to import and export tabular data between JIRA, Confluence, and OpenProject using spreadsheets. This method is suitable for small- to medium-sized migrations and provides an opportunity to review and clean data manually before import. ### 4. Confluence → Markdown → Wiki diff --git a/docs/release-notes/14/14-0-0/README.md b/docs/release-notes/14/14-0-0/README.md index a8b08cde9ee..aead8e50a22 100644 --- a/docs/release-notes/14/14-0-0/README.md +++ b/docs/release-notes/14/14-0-0/README.md @@ -125,7 +125,7 @@ OpenProject's [(Dynamic) Meetings](../../../user-guide/meetings/) have been upda With OpenProject 14.0, admins now get email notifications when a file storage (e.g. Nextcloud) is unhealthy. To avoid sending unwanted messages, we also added the option to deactivate these health status notifications for a storage. -Read more about file storage troubleshooting in our [documentation](https://www.openproject.com/docs/system-admin-guide/file-storages/file-storage-troubleshooting/). +Read more about file storage troubleshooting in our [documentation](../../../system-admin-guide/files/external-file-storages/health-status/). ### OneDrive/SharePoint: Copying template projects including automatically managed project folders diff --git a/docs/release-notes/16-6-2/README.md b/docs/release-notes/16-6-2/README.md index d7a31b9a398..9e028661748 100644 --- a/docs/release-notes/16-6-2/README.md +++ b/docs/release-notes/16-6-2/README.md @@ -17,6 +17,8 @@ Below you will find a complete list of all changes and bug fixes. The reported vulnerabilities have been reported as part of a Pentest by [Mantodea Security GmbH](https://mantodeasecurity.de/). Thank you for your cooperation and responsible disclosure of the vulnerabilities +## CVEs + ### CVE-2026-22601 - Code Execution in E-Mail function For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. diff --git a/docs/release-notes/16-6-3/README.md b/docs/release-notes/16-6-3/README.md index 4c224e06094..63ac26307ce 100644 --- a/docs/release-notes/16-6-3/README.md +++ b/docs/release-notes/16-6-3/README.md @@ -14,6 +14,8 @@ We released OpenProject [OpenProject 16.6.3](https://community.openproject.org/v The release contains security relevant bug fixes and we strongly urge updating to the newest version. Below you will find a complete list of all changes and bug fixes. +## CVEs + ### CVE-2026-22605 - Insecure Direct Object Reference in Meetings OpenProject versions <= 16.6.2 allows users with the View Meetings permission on any project, to access meeting agenda and section titles, notes, and text outcomes of meetings that belonged to projects, the user does not have access to. Linked work packages to projects the user is not allowed to see, are not affected. diff --git a/docs/release-notes/16-6-4/README.md b/docs/release-notes/16-6-4/README.md index e748d492e6a..1e934b1505d 100644 --- a/docs/release-notes/16-6-4/README.md +++ b/docs/release-notes/16-6-4/README.md @@ -15,6 +15,8 @@ We released OpenProject [OpenProject 16.6.4](https://community.openproject.org/v The release contains security relevant bug fixes and we strongly urge updating to the newest version. Below you will find a complete list of all changes and bug fixes. +## CVEs + ### CVE-2026-22600 - Arbitrary File Read via ImageMagick SVG Coder A Local File Read (LFR) vulnerability exists in the work package PDF export functionality of OpenProject < 16.6.4 . By uploading a specially crafted SVG file (disguised as a PNG) as a work package attachment, an attacker can exploit the backend image processing engine (ImageMagick). When the work package is exported to PDF, the backend attempts to resize the image, triggering the ImageMagick text: coder. This allows an attacker to read arbitrary local files that the application user has permissions to access (e.g., /etc/passwd, all project configuration files, private project data, etc.) diff --git a/docs/release-notes/3/3-0-11/README.md b/docs/release-notes/3/3-0-11/README.md index 6c0c8c7d987..352fb9a1245 100644 --- a/docs/release-notes/3/3-0-11/README.md +++ b/docs/release-notes/3/3-0-11/README.md @@ -13,7 +13,7 @@ The release 3.0.11 of OpenProject fixes a couple of security threats and [#14782](https://community.openproject.org/work_packages/14782 "Disable redirection to a different subdirectory after login (closed)")) and raises the Rails version to -[3.2.19](https://weblog.rubyonrails.org/2014/7/2/Rails_3_2_19_4_0_7_and_4_1_3_have_been_released/). +[3.2.19](https://rubyonrails.org/2014/7/2/Rails_3_2_19_4_0_7_and_4_1_3_have_been_released). So we advise everybody to update their OpenProject installation. When doing so you also benefit from a couple of usability bugfixes. Most diff --git a/docs/release-notes/3/3-0-3/README.md b/docs/release-notes/3/3-0-3/README.md index 23c0112ab93..537b73fbb9b 100644 --- a/docs/release-notes/3/3-0-3/README.md +++ b/docs/release-notes/3/3-0-3/README.md @@ -15,7 +15,7 @@ with this issue resolved. If you want to know more about the vulnerability check out Rafael França's -[blog post](https://weblog.rubyonrails.org/2014/5/6/Rails_3_2_18_4_0_5_and_4_1_1_have_been_released/) +[blog post](https://rubyonrails.org/2014/5/6/Rails_3_2_18_4_0_5_and_4_1_1_have_been_released) about the Rails release. In addition we fixed a possible cross-site scripting attack that diff --git a/docs/release-notes/4/4-0-11/README.md b/docs/release-notes/4/4-0-11/README.md index f5a35f79e49..1a6604bc842 100644 --- a/docs/release-notes/4/4-0-11/README.md +++ b/docs/release-notes/4/4-0-11/README.md @@ -12,7 +12,7 @@ OpenProject 4.0.11 has been released. It contains an important security fix. OpenProject 4.0.11 contains a [security fix for -Ruby-on-Rails](https://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/) +Ruby-on-Rails](https://rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more) which is an important part of the software stack used by OpenProject ([#20469](https://community.openproject.org/work_packages/20469)). diff --git a/docs/release-notes/4/4-1-3/README.md b/docs/release-notes/4/4-1-3/README.md index ec6015377e9..297361f9ef7 100644 --- a/docs/release-notes/4/4-1-3/README.md +++ b/docs/release-notes/4/4-1-3/README.md @@ -9,7 +9,7 @@ release_date: 2015-06-17 # OpenProject 4.1.3 OpenProject 4.1.3 contains a -[security fix for Ruby-on-Rails](https://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/) +[security fix for Ruby-on-Rails](https://rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more) which is an important part of the software stack used by OpenProject ([#20470](https://community.openproject.org/work_packages/20470)). diff --git a/docs/release-notes/5/5-0-11/README.md b/docs/release-notes/5/5-0-11/README.md index c2769b81f34..c2a8f653d24 100644 --- a/docs/release-notes/5/5-0-11/README.md +++ b/docs/release-notes/5/5-0-11/README.md @@ -13,7 +13,7 @@ which fixes several security vulnerabilities ([#22574](https://community.openproject.org/work_packages/22574)). For further information, take a look at the [Rails release -notes](https://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/). +notes](https://rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released). For further information on the release, please refer to the [Changelog v.5.0.11](https://community.openproject.org/versions/798) diff --git a/docs/release-notes/8/8-3-1/README.md b/docs/release-notes/8/8-3-1/README.md index 1b7cd9642f1..94884ae81ae 100644 --- a/docs/release-notes/8/8-3-1/README.md +++ b/docs/release-notes/8/8-3-1/README.md @@ -15,7 +15,7 @@ updating to the newest version. ## Rails security fixes This upgrade include Rails 5.2.2.1 with fixes for -[CVE-2019-5418, CVE-2019-5419 and CVE-2019-5420](https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/). +[CVE-2019-5418, CVE-2019-5419 and CVE-2019-5420](https://rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released). ## Bug fixes and changes diff --git a/docs/system-admin-guide/integrations/nextcloud/oidc-sso/README.md b/docs/system-admin-guide/integrations/nextcloud/oidc-sso/README.md index 7000b907fac..74b14f68397 100644 --- a/docs/system-admin-guide/integrations/nextcloud/oidc-sso/README.md +++ b/docs/system-admin-guide/integrations/nextcloud/oidc-sso/README.md @@ -189,7 +189,7 @@ on the command line: occ config:system:set user_oidc --type boolean --value="true" oidc_provider_bearer_validation ``` -General information about running OCC commands [can be found in the Nextcloud documentation](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/occ_command.html). +General information about running OCC commands [can be found in the Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/occ_command.html). This wraps up the configuration of this authentication method using Nextcloud Hub. For details on the next step continue with the [general setup instructions](../#4-automatically-managed-project-folders).