Tracks 2.7.1 released

| Comments

Tracks 2.7.1 is primarily a security release. This release fixes a few reflected XSS vulnerabilities (CVE-2024-41805) of moderate severity.

This release of Tracks is tested on Ruby versions 3.0, 3.1, 3.2 and 3.3.

The release changes the way the Dockerfile works, and because of that requires slight changes to Docker build commands. See the documentation for details.

Security advisory CVE-2024-41805 (severity 6.1 / moderate)

This release fixes a few reflected XSS vulnerabilities which enabled execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, possibly allowing retrieval or modification of the current user’s data. The issue is of moderate severity (score 6.1/10) with the CVSS rating CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

I want to thank Alec Romano for reporting the issues.

New features

  • The test suite now uses always the same Dockerfile as the main build.
  • The Dockerfile now supports environment-specific builds via stages. Note: This requires slight changes to docker build commands, see documentation!

Deprecations

  • This will be the last release to support Ruby 3.0, which is already end-of-life.

Bug fixes

  • Lots of dependencies have been updated (including security updates).
  • Fixed Docker build not working on an archive version (ie. one not cloned with Git)
  • An error is shown if the user being created already exists.
  • The TOS error in user creation is now in template.
  • Schema.rb has been updated for Postgres support.

Updated translations

  • Spanish (thanks Gallegonovato!)
  • Finnish (by maintainer Jyri-Petteri ”ZeiP” Paloposki)

You can download the release here. Upgrade instructions can be found in the manual.

Thanks to the contributors of this version listed above. The maintainer of Tracks is Jyri-Petteri “ZeiP” Paloposki.

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.7.0 released

| Comments

Tracks 2.7.0 will be the last release to support Ruby 3.0. It also contains numerous dependency upgrades including security upgrades and fixes some documentation and localisation bugs.

Ruby versions below 3.0 are not supported. This release of Tracks is tested on Ruby versions 3.0, 3.1, 3.2 and 3.3. The base version for the Docker image was updated from Ruby 2.7 to Ruby 3.3.

Removed features

  • Support for Ruby 2.6 and 2.7 were dropped.
  • Support for inbound message handling was dropped due to API changes caused by required Ruby on Rails upgrade. If you need this, comment in the issue.
  • Rubocop is no longer used in the CI due to missing support for Ruby > 2.5.

Deprecations

  • This will be the last release to support Ruby 3.0, which is already end-of-life.

Bug fixes

  • Lots of dependencies have been updated (including security updates).

Updated translations

  • Spanish (thanks Gallegonovato!)
  • Dutch (thanks Ranforingus!)
  • Russian (thanks Alexey Svistunov!)
  • Turkish (thanks Burak Hüseyin Ekseli!)

You can download the release here. Upgrade instructions can be found in the manual.

Thanks to the contributors of this version listed above. The maintainer of Tracks is Jyri-Petteri “ZeiP” Paloposki.

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.6.1 released

| Comments

Tracks 2.6.1 will be the last release to support Ruby 2.6. It also contains numerous dependency upgrades including security upgrades and fixes some documentation and localisation bugs.

Ruby versions below 2.6 are not supported. This release of Tracks is tested on Ruby versions 2.6, 2.7 and 3.0.

Deprecations

  • This will be the last release to support Ruby 2.6, which is already end-of-life.

Bug fixes

  • Lots of dependencies have been updated (including security updates).
  • Fixed some documentation.
  • Updated and added missing Datepicker localisations which caused some locales to fail.
  • Added PostgreSQL documentation (thanks Sean Pappalardo!)
  • URL options can be specified to make autocompletion work behind a proxy (thanks Michal Koutný!)

Updated translations

  • Finnish (by maintainer Jyri-Petteri ”ZeiP” Paloposki)
  • Spanish (thanks Francisco Serrador!)
  • Norwegian Bokmål (thanks Allan Nordhøy!)

You can download the release here. Upgrade instructions can be found in the manual.

Thanks to the contributors of this version:

Maintainer:

  • Jyri-Petteri “ZeiP” Paloposki

Translators:

  • Michal Koutný
  • Allan Nordhøy
  • Sean Pappalardo
  • Fracisco Serrador

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.6.0 released

| Comments

Tracks 2.6.0 ends the support for Ruby 2.5 and brings support for Ruby 3.0. It also contains numerous dependency upgrades including security upgrades and fixes some other bugs.

Ruby versions below 2.6 are not supported. This release of Tracks is tested on Ruby versions 2.6, 2.7 and 3.0.

New features

  • Ruby 3.0 is now supported.
  • Support obsidian links in notes.

Removed features

  • No longer supporting EOL Ruby 2.5.

Bug fixes

  • Fix Docker image functionality in certain cases.
  • Lots of dependencies have been upgraded.
  • Fixed some error messages in import.
  • Fixed import in the Docker image.
  • Footer shows the Git version hash and date in the Docker image

Updated translations

  • Finnish (by maintainer Jyri-Petteri ”ZeiP” Paloposki)
  • Turkish (thanks Burak Ekseli!)
  • Spanish (thanks Francisco Serrador!)

You can download the release here. Upgrade instructions can be found in the manual.

Thanks to the contributors of this version:

Maintainer:

  • Jyri-Petteri “ZeiP” Paloposki

Translators:

  • Fracisco Serrador
  • Burak Hüseyin Ekseli

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.5.2 released

| Comments

Tracks 2.5.2 makes Tracks fully translatable, fixes some minor long-standing bugs and contains a bunch of dependency upgrades.

Ruby versions below 2.5 are not supported. This release of Tracks is tested on Ruby versions 2.5, 2.6 and 2.7.

New features

  • Whole Tracks is now translatable.
  • New Finnish locale by the maintainer Jyri-Petteri ”ZeiP” Paloposki.
  • Update last login field when validating an existing login.
  • Show more users in the user list and allow changing the order criteria.

Bug fixes

  • Fix tag-specific task lists to work in a multi-user environment.
  • Fix setting the due date in the calendar view.
  • Fix a bug causing 500 errors for users with different locales.
  • Lots of dependencies have been upgraded.
  • Better CI tests.
  • Code style fixes.
  • Small style issues.

You can download the release here. Upgrade instructions can be found in the manual.

Thanks to the contributors of this version:

Maintainer:

  • Jyri-Petteri “ZeiP” Paloposki

Contributors:

  • Matt Rogers

Translators:

  • J. Lavoie
  • Milo Ivir
  • Artem
  • Алексей Свистунов
  • Åke Engelbrektson
  • Чтабс
  • Burak Hüseyin Ekseli

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.5.1 released

| Comments

Tracks 2.5.1 includes bug fixes for a couple of long-standing UI issues and some dependency upgrades. See also the release notes for 2.5.0 for major changes since 2.4.

Ruby versions below 2.5 are not supported. This release of Tracks is tested on Ruby versions 2.5, 2.6 and 2.7.

Security issue disclosure

Joe Thorpe from Secarma disclosed an XSS issue that was inadvertently fixed in 2.5.0 by another bug fix. Tracks previously rendered XSS content in the user’s own data. The content is only shown to the user themself, which mitigates the vulnerability in the normal use case where a single user account is only used by one person. The CVSS rating for self-XSS is debatable and thus is not published for this issue.

I want to thank Joe for reporting the issue and for the insightful discussion regarding the issue. Thanks to the disclosure there is now also a written security policy for the project.

Bug fixes

  • Editing a due date in the calendar view fixed
  • Adding actions in the context view fixed
  • Fixed the recurring todo UI

You can download the release here. Upgrade instructions can be found in the manual.

Thanks to the contributors of this version:

Maintainer:

  • Jyri-Petteri “ZeiP” Paloposki

Contributors:

  • Dan Rice and
  • Greg Sutcliffe

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.5.0 released

| Comments

Tracks 2.5.0 has finally been released! This new version brings a new default color scheme, dependency upgrades and smaller changes to the UI along with some bug fixes.

Tracks is now running on Rails 6.0. Ruby versions below 2.5 are no longer supported. This release of Tracks is fully tested on Ruby 2.6.

Other changes:

  • .skip-docker file has been replaced with .use-docker, see upgrading.md for details.
  • Added email, last login, creation and update time to the user model.
  • Added terms of service and email fields to the signup form. The TOS link is defined in site.yml, see config/site.yml.tmpl.
  • New, lighter default color scheme. The black color scheme is also available for selection in the user preferences. Default theme can be set in site.yml.
  • Added a help page to the ? menu linking to online help assets.
  • Allow the user to remove their own account.

You can download the release here. Upgrade instructions can be found in the manual.

Thanks to the contributors of this version:

Maintainer:

  • Jyri-Petteri “ZeiP” Paloposki

Contributors:

  • Matt Rogers,
  • Michal Koutný,
  • Usman Iqbal,
  • Jan-Yves Ruzicka,
  • Misho and
  • Utsav Sethi

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.4.1 released

| Comments

The version 2.4.1 is a quick release to fix a migration issue affecting 2.4.0.

Tracks 2.4.1 has finally been released! This new version brings Charts.js-based stats and smaller changes to the UI along with many bug fixes and some major under-the-hood upgrades and refactors.

Tracks is now running on Rails 5.2. Ruby versions below 2.4 are no longer supported, but this release of Tracks is fully tested on Ruby 2.4 and 2.5.

Other changes:

  • All tags now belong to a user. Existing tags are migrated to users based on the taggings and duplicated as necessary.
  • All REST APIs now also accept user token as password.
  • A Docker environment is used unless the .skip-docker file exists.
  • Numerous bug fixes

You can download the release here. Upgrade instructions can be found in the manual.

The project is again worked on by multiple contributors, and it is expected to stay more active than in the last couple of years.

Thanks to the contributors of this version:

Maintainers:

  • Matt Rogers,
  • Jyri-Petteri “ZeiP” Paloposki,
  • Dan Rice,
  • Eric Moon and
  • Reinier Balt

Contributors:

  • Carsten Otto,
  • Steven R. Baker,
  • Matteo Giaccone,
  • Heiner Wohner,
  • Ryan Truran,
  • Robin Dickson,
  • Jan-Yves Ruzicka,
  • Jaime Martín Jiménez, and
  • Mateusz Konieczny

We gladly welcome any contributions and help you can offer. Get started!

Tracks 2.3.0 released

| Comments

Tracks 2.3.0 has been released! This version brings a few small changes to the UI, many bug fixes, and some major under-the-hood upgrades and refactors.

Tracks is now running on Rails 4.1. Ruby 1.8.7 is no longer supported, but this release of Tracks is fully tested on Ruby 1.9.3, 2.0.0, and 2.1.

Other changes:

  • You can select to group todos on the home page by context or by project (using the view menu). This also works for tag page, the project page, the tickler and the context page
  • You can now change the state of a context to closed
  • Czech locale has been renamed from cz to cs to follow ISO standards
  • Added Russian locale (@AlexStein)
  • The toggle-notes and toggle-collapsed-containers have been moved into the view menu.
  • Numerous bug fixes

You can download the release here. Upgrade instructions can be found in the manual.

Tracks 2.2.3 released

| Comments

Hi all,

Tracks 2.2.3 is being released today with several bug fixes.

This is expected to be the last version of Tracks to support Ruby 1.8.7.

You can download the release here. Upgrade instructions can be found in the manual