v1.7.5a

Includes most bug fixes and changes up to v1.7.5

v1.7.4

Version 1.7.4 includes a bug fix for v1.7.3 and earlier's session management on PHP 7, as well as the latest version of the Fat-free framework, which includes several bug fixes and feature enhancements. Upgrading directly to this release instead of v1.7.3 is recommended to avoid session errors.

v1.7.3

Release 1.7.3 fixes an issue with updating older versions to 1.7.2.

v1.7.2

Phproject 1.7.2 includes several bug fixes primarily focused on PHP 7.2 compatibility.

v1.7.1

Phproject 1.7.1 fixes a critical bug in Phproject 1.7. All 1.7 users should upgrade immediately.

v1.7.0

Phproject 1.7 includes several bug fixes, security enhancements, and feature updates.

• Keyboard focus and Esc key handling are improved for quick edits to issues
• Potential XSS vulnerability on dashboard widgets fixed
• Better text to Emoji conversion
• Project overview optimized to load much faster on large projects
• Third-party libraries updated to their latest compatible versions

Full changelog

v1.6.2

Phproject 1.6.2 brings several new features and bug fixes!

• Previous sprints are now sorted with the most recent sprint at the top
• Fixed an issue with password reset links not working
• Cron jobs now work with the new config.php format
• New repeat cycles were added

v1.6.1

Phproject version 1.6.1 fixes an issue with the config.ini to config.php conversion process.

v1.6.0

Phproject version 1.6 includes significant architectural changes and several minor feature changes, bug fixes, and security enhancements.

Note that the v1.6 upgrade can take several minutes on a large site with many issues due to the table structure changes required. A brief planned downtime is recommended for sites with more than 100,000 issues.

Architecture

• Third-party PHP libraries are now included via Composer. This allows us to keep our repository leaner and makes updating to new versions of libraries simpler.
• We've reformatted all PHP files to follow PSR-2 standards, and HTML files now use 4 spaces for indentation for consistency.
• Travis CI test builds have been updated to use the new Trusty platform, and will be updated to include more PHP versions and additional test cases in the future.
• The ping system used to keep sessions alive as a workaround for an old session bug has been completely removed. This results in significantly lower resource usage on sites with many users.
• The unused attribute tables from a long time ago are removed.

Features

• Emoticons previously converted to Icomoon glpyhs are now displayed as native Emoji! 😃
• Textile parsing shows a deprecation warning, to prepare for future removal.
• The Administration page now shows when new releases are available, and the details about the release.
• Basic site statistics are reported to Phproject developers to help us know which things to focus on building in the future. Users can opt out of this stat reporting if desired.

Bug fixes

• Users with an avatar uploaded will no longer see links to Gravatar when editing their profile.
• Native PHP functions are used to write configuration files, which fixes issues with special characters in configuration values.

Security enhancements

• The old config.ini file is no longer used, and will be migrated to a config.php file, that won't require special server configuration to hide. This helps prevent malicious users from finding your database connection information.
• Some previously unvalidated issue values now have validation and foreign key constraints, preventing possible XSS vulnerabilities and malicious functionality breakage.
• A XSS vulnerability on the Browse pages was fixed.
• Non-image files are no longer allowed to be uploaded for user avatars.
• Image thumbnail generation dimensions are now limited to prevent a denial of service attack.

v1.5.2

This update includes fixes for multiple security vulnerabilities, and a minor feature addition.

Security fixes

• XSS vulnerabilities in conditional displaying of issue names - credit to @alienwithin
• XSS vulnerabilities in issue description and comment rendering from Markdown and Textile syntax
• Minor XSS vulnerabilities when displaying data set by an administrator user

New features

• Backlog views now show the total number of story points in each view based on the current filter