references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
106,157 Commits 457 Branches 316 Tags
c59cd7bac90eda7e2edefbbf9dc68313842c8113
Commit Graph

106157 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Oliver Günther c59cd7bac9 Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-06-08 10:02:38 +02:00
Oliver Günther 769063cf4b Bumped version to 17.3.4 
[ci skip]
 2026-06-08 09:59:59 +02:00
Oliver Günther 5ee515c5c8 Update publiccode.yml v17.3.3 2026-06-08 09:59:57 +02:00
Oliver Günther b6bd1c3d7b Update hocuspocus image to openproject/hocuspocus:17.3.3 2026-06-08 09:59:57 +02:00
Oliver Günther 667006bfc5 Add release-notes file 2026-06-08 09:59:55 +02:00
Oliver Günther 96d5947279 Update security fixes 2026-06-08 09:59:54 +02:00
Andrej 0c91f16401 Merge pull request #23560 from opf/fix/docs 
docs-fixes
 2026-06-04 15:02:18 +02:00
as-op 484970898e fence shell code that produces invalid html on rendering 2026-06-04 14:58:01 +02:00
Oliver Günther 2a6412d5ae Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-06-02 16:22:05 +02:00
Oliver Günther bef69b6aaf Parse query params as a separate options hash, not kwargs 2026-06-02 16:21:14 +02:00
Oliver Günther b9d0405c4e Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-06-02 08:54:40 +02:00
Oliver Günther a52d0de5d6 Improve parsing of timestamp values 2026-06-02 08:25:44 +02:00
Oliver Günther ab42a36310 Apply the same uuid check on export of bcf 2026-06-01 15:37:16 +02:00
Oliver Günther 1070b8f7f7 Merge branch 'release/17.3' into release/17.4 2026-06-01 15:17:58 +02:00
Oliver Günther 29383d0985 Disallow turbo-power submit events (#23484) 
* Disallow turbo-power submit events

* Add spec

* Manually register actions we use
 2026-06-01 15:17:45 +02:00
Oliver Günther 38ab5af1ff Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-06-01 13:57:33 +02:00
Oliver Günther 9ed3392dae Better whitelisting of allowed macros and data-attributes 2026-06-01 13:57:18 +02:00
Oliver Günther a74089024d Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-06-01 10:20:50 +02:00
Andrej 1dd837e801 Merge pull request #23433 from opf/chore/backport-ssrf-documentation 
Backport SSRF documentation to live
 2026-05-28 14:31:45 +02:00
Markus Kahl d3a4d2ee74 fix: delay adding role to make migration not crash due to schema errors (#23426) 
* fix: delay adding role to make migration not crash due to schema errors

* update spec to execute part of migration now done in background
 2026-05-28 14:26:01 +02:00
Oliver Günther 9d70b6bdc4 Backport SSRF documentation to live 2026-05-28 14:14:42 +02:00
Andrej 36bc91d2c9 Merge pull request #23416 from opf/fix/link-in-docs 
fix a non working external link
 2026-05-28 11:51:00 +02:00
as-op b8c6999454 fix a non working external link 2026-05-28 11:47:01 +02:00
Andrej 3922c88109 Merge pull request #23398 from opf/docs/fix-old-external-links 
fix some old external links
 2026-05-27 16:20:39 +02:00
as-op 91aec8554b fix some old external links 2026-05-27 16:18:06 +02:00
Oliver Günther ef9bdd4895 Update pre-release notification criteria in README 
Clarified language regarding pre-release notifications for critical and high-risk vulnerabilities.
 2026-05-26 14:07:58 +02:00
Oliver Günther 61cd01b784 Add associated_visible_resource to properly handle undisclosed work packages 2026-05-26 07:09:59 +02:00
Oliver Günther d6d7abea19 Merge pull request #23304 from opf/fix/message-pack-safe-buffer-serialization 
Allow serialization of safebuffer without encoding issues
 2026-05-22 10:35:50 +02:00
Oliver Günther 3b1656565a add missing locale for hy 2026-05-21 13:18:23 +02:00
Jan Sandbrink 5b0a186795 Merge pull request #23258 from opf/non-duplicate-project-folders 
Improve error handling around duplicate project folders
 2026-05-21 11:30:31 +02:00
OpenProject Actions CI c1743289f5 update locales from crowdin [ci skip] 2026-05-21 04:46:20 +00:00
OpenProject Actions CI 82c65d6a27 Merge branch 'release/17.3' into release/17.4 2026-05-20 06:42:24 +00:00
Oliver Günther 6ef24e9075 Merge pull request #23246 from opf/fix/journable-visibility 
Explicitly call journable.visible? on the diff controller
 2026-05-20 08:41:32 +02:00
OpenProject Actions CI 8e6f5861bf update locales from crowdin [ci skip] 2026-05-20 04:35:19 +00:00
Oliver Günther a20c63d9ed Adapt spec to wait for loaded page first 2026-05-19 22:00:43 +02:00
Oliver Günther ad94533f4a Fix merge of release/17.3 into 17.4 2026-05-19 19:55:48 +02:00
Oliver Günther ac4794ad8f Use customizable? to check for non-customizable journables 2026-05-19 18:32:28 +02:00
Oliver Günther 637ec7d10f Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-05-19 18:26:23 +02:00
Oliver Günther 91a8bf7ba8 Use .to_hash on the schema representer before caching 2026-05-19 18:25:37 +02:00
Jan Sandbrink 4bc9b8f22f Merge pull request #23265 from opf/cache-confidentiality 
Introduce and use ConfidentialCache
 2026-05-19 17:02:01 +02:00
Jan Sandbrink e7bee82f9e Introduce and use ConfidentialCache 
It's like OpenProject::Cache, but it encrypts cached
values at rest. Callers that store confidential things in the cache
have been updated to use it, reducing the risk to expose secrets
to an attacker that obtained access to the contents of OpenProject's cache.
 2026-05-19 15:56:53 +02:00
Jan Sandbrink 6b63442c1b Improve error handling around duplicate project folders 
Don't allow to point two project storages to the same project_folder_id
if one of them is automatically managed. This ensures that ownership is
always consistently applied according to one project only.
 2026-05-19 15:18:40 +02:00
Jan Sandbrink 2a52a11f34 Extend interface of OpenProject::Cache 
Also expose the #delete method offered by Rails caches.
Adapt the interface of existing methods to stricter follow
the upstream interface. neither #read nor #write accept passing
a block to them.
 2026-05-19 14:23:10 +02:00
Oliver Günther 84f3b18b13 Clarify SAML request signing and assertion settings 
Updated recommendations for SAML request signing and assertion verification.
 2026-05-19 11:25:55 +02:00
Oliver Günther 0b08d49f0c Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-05-19 11:09:30 +02:00
Oliver Günther ecfe44b22f Add missing msgpack require 2026-05-19 11:08:53 +02:00
Jan Sandbrink e388fccffd Use class << self for class methods 
This makes it easier to add private class methods
and IMHO is slightly more readable.
 2026-05-19 11:05:22 +02:00
Oliver Günther 4e1d5dcb57 Add missing secrets 2026-05-19 10:30:03 +02:00
Oliver Günther 3494170fdf Merge remote-tracking branch 'origin/release/17.3' into release/17.4 2026-05-19 10:27:20 +02:00
Oliver Günther 6d0b39b466 Merge pull request #23251 from opf/fix/use-message-pack-cache-serializer 
Use MessagePack serializer that treats old marshal cache as miss
 2026-05-19 10:26:48 +02:00