OpenProject 6.0.3 contains an important security fix. It upgrades the Rails version to 126.96.36.199 to address the following CVEs:
The following bugs have been fixed in OpenProject 6.0.3:
- The help and profile dropdown changed rapidly when hovering over them (#23745).
- Safari did not display the pagination buttons on the work package page (#23785).
- The projects-menu did not properly display all projects in some cases (#23774).
- Several design errors have been fixes (#23778, #23801).
- Additionally, the performance on the work package page has been slightly improved (#23781).
We strongly recommend the upgrade.
Thanks a lot to the community, in particular to Mikhail Podshivalin, Frank Schmid and Marc Vollmer, for reporting multiple bugs!