Register

« Tracks 1.5RC1Tracks 1.042 »
Aug 2006 28

Tracks 1.043

Posted by bsag

Version: Tracks 1.043
File:
Subversion URL: http://www.rousette.org.uk/svn/tracks-repos/tags/tracks-1.043
Security fix. Closes the hole reported in ticket 372 for the 1.04x release. This release is recommended for anyone running Tracks on a publicly-accessible server.

There are no other changes from 1.041 or 1.042, so if you’re running 1.041 or 1.042, upgrading is simple. Change the name of your old Tracks directory to (for example) tracks-1041-old. Unzip Tracks 1.043 to a new directory, then copy over config/database.yml, config/environment.rb, and the log directory from tracks-1041-old to the correct locations in your new Tracks directory. If you’re using sqlite or sqlite3, you’ll also need to copy over your sqlite database from the old db directory to the new one. Once you’ve got the new copy of Tracks working, you can delete the old directory.

Filed under: releases

24 Comments

Picture of AlanAlan
Mon, 28 Aug 2006 @ 20:30

Am I right in thinking that this security issue affects only those who might be using multi-user Tracks?

Picture of bsagbsag
Tue, 29 Aug 2006 @ 17:45

Yes. Unless you’ve tinkered with your setup, anyone wanting to exploit this hole maliciously would have to get a user account on your setup, and thus get a valid token and username. If you’re admin on the installation, only you can create users, so that shouldn’t be possible.

Picture of AlanAlan
Wed, 30 Aug 2006 @ 20:57

Ahhh, that’s OK then. Ta!

Picture of VladVlad
Sun, 15 Oct 2006 @ 19:04

Super!

Picture of N00BN00B
Fri, 10 Nov 2006 @ 15:55

Does SVN access need a username/password? If so then how do I get one ?

Thanks!!

Picture of bsagbsag
Fri, 10 Nov 2006 @ 16:10

N00B: For read only SVN access, just use the user/pass guest/guest to check out a copy.

Picture of nicholasnicholas
Tue, 28 Nov 2006 @ 18:12

i tried guest/guest and it didn’t work…

Picture of bsagbsag
Tue, 28 Nov 2006 @ 19:13

nicholas: It should work. The server it’s hosted on has had some problems recently, so you might have caught it at a wobbly moment. Give it another go, and if you still have problems, I’ll check it out.

Picture of WegoseWegose
Fri, 8 Dec 2006 @ 23:44

Thanks a lot for this, I was looking for something like for ages, now let’s it I can make it work.

Picture of TinneyTinney
Fri, 19 Jan 2007 @ 05:56

Ever think about pluggin into gmail?  or sms?

Picture of bsagbsag
Sun, 28 Jan 2007 @ 12:27

Tinney: Yes, we’ve been thinking about things like that, but they’re not trivial to implement.

Picture of MurkMurk
Mon, 12 Feb 2007 @ 12:03

It’s been a while since I’ve looked at my tracks installation. How can I discover which version I am currently running?

Picture of bsagbsag
Thu, 15 Feb 2007 @ 19:54

Murk: I’m afraid that there isn’t any way to tell at the moment, other than looking at the version number mentioned in installation.html. I need to sort something out like that for the next version, so that the version number is displayed in the footer.

Picture of MurkMurk
Thu, 15 Feb 2007 @ 20:08

‘kay, thanks.

How’s the next version coming along? I wish I had the skills to help, I’m eagerly awaiting the next release!

This is a really nice system - the hardest part was finding a webhost with rails available so I could put it somewhere I could access anywhere!

(I tried phpGTD, but I didn’t like the feel)

Whilst I’m here, my biggest four wishes would be, in order:

1) MSIE compatability (for my wife, I use FF everywhere, she only uses FF at home and is forced to use MSIE at work)

2) The ability to add a ‘start date’, i.e. I know that I will need to do an action in the future and want to enter it, but don’t want it cluttering my view yet. (I.e. these would be hidden until that date, unless some special step were taken to reveal it, like a hidden category)

3) Depends upon: i.e. An item depends on another being done first. Don’t show item 2 by default until item 1 is done. Ideally, several items could depend on another (e.g. when I do item 1, items 2a, 2b etc are revealed). In a perfect world, I would be able to have an item depend on multiple other items (e.g. item 1a, 1b, 1c must be done before item 2 is displayed)

4) The ability to assign a task to another user
(the admin would be able to say who on the system can assign tasks to whom, options of ‘everyone’, ‘nobody’ or specific users, similarly there’d be options for who can receive tasks - if it’s possible to assign a task to a user, this is shown on my login screen). One option might be ‘conditional’ e.g. you can ask someone to do a task, but they have to confirm before it goes onto their lists!
In my case, I’d want to be able to assign tasks to the light of my life, and I’m positive that my little fromage frais would want to assign tasks to me!

Anyhow, as I say - thanks for the system, even if it is never updated again (please, no!) it’s already incredibly useful.

Picture of bsagbsag
Fri, 16 Feb 2007 @ 08:29

It’s coming along pretty well (see the Dev site for details), but slowly because we unfortunately have jobs to do too!

Thanks for your suggestions:

1) I think this is a lot better with the current trunk (though I don’t have access to a Windows machine, so I’m going on what others have said.
2) This is already done in the trunk, and will be in the next release.
3) I’d really like to add this, but it quickly gets complicated (in how the feature is presented, rather than the implementation in the database). I’ll do my best.
4) This would certainly be useful, but I don’t think it will make it into the next release. Perhaps the one after that…

Picture of MurkMurk
Tue, 20 Mar 2007 @ 11:03

Cheers,

Can I also suggest that a good future feature would be to have an RSS feed which contained nothing but the current version (and release date). The installation would try and grab this feed.

If a new version was released, then this would be displayed above the tasks. If it had been a while without being able to grab the feed, an error would be announced in it’s place (this could be suppressed).

Nothing would be displayed should the installation version match the latest release.

All the best,

Murk

Picture of DevinDevin
Tue, 27 Mar 2007 @ 05:27

Since we’re talking about suggestions, the thing that I would most like to see is recurring tasks.  I have a list of things that I need to do every day, as well as weekly and monthly, and it is too cumbersome to enter them all every day.  vitalist.com has a good grasp on all of these features - unfortunately, the ads and the slow speed are awful. I’d much rather run my own server.

Picture of heytanheytan
Tue, 24 Apr 2007 @ 01:09

Hi,
I hope this is the right place for my comment…
I have followed the tutorial by Jim Strupp for the installation of both 1.041 and 1.043, and I got stuck when I when I tried to populate the database from command prompt using “rake”.
The message I got was:
`rake` is not recognized as an internal or external comand, operable program or batch file.
Any idea on how to solve this?

Picture of AlegraAlegra
Sun, 16 Sep 2007 @ 22:32

Intresting web good work!

Picture of RyanRyan
Mon, 17 Sep 2007 @ 18:39

When will a new version be coming out? I know there are updates being made and it’s been awhile since a release, just curious. Is there a target date for the next release?

Picture of bsagbsag
Sat, 6 Oct 2007 @ 15:00

@Ryan: No specific date, but we are getting very close!

Picture of RyanRyan
Mon, 17 Dec 2007 @ 18:36

Me again, I love using my version of Tracks, but can’t wait to see what the next version looks like… smile

Picture of leonleon
Sat, 9 Feb 2008 @ 13:51

why don’t you put the user/password(guest/guest) in the post?

I checked the comments to find out this, there must be other people who need it too.

Picture of JayJay
Fri, 29 Feb 2008 @ 22:51

I have been using TaskFreaks but have decided to give Tracks a try. Will let you know how it works out.

Page 1 of 1 pages

Name:

Email (not shown on page):

Location (optional):

URL:

Remember my personal information

Notify me of follow-up comments?