]project-open[ - Project Server / News: Recent posts

My favorite open source project management tools

https://opensource.com/article/21/3/open-source-project-management

If you're managing large and complex projects, try replacing Microsoft Project with an open source option.

https://packetstormsecurity.com/files/157410/Project-Open-CMS-5.0.3-Cross-Site-Scripting-SQL-Injection.html

This is a short notice thatan independen security researcher has found:

1. SQL Injection vulnerabilities - this is critical and
2. XSS (Cross-Site Scripting) vulnerabilites - this is also critical

We confirm this issues in general.
The attacks can be executed remotely and require that attacker is a registered user.
Probably all versions of ]po[ are affected, from 3.3 to 5.0.3.... read more

Dear All,

The ]project-open[ team is proud to announce the availability of ]project-open[ V5.0. This is the first release in more than 4 years and contains more 5 completely new packages: Gantt Editor (similar to Microsoft Project), Task Management, Portfolio Planner, Earned Value Analysis and Milestone Trend Analysis.
Please see the attached "Highlights and features" document for a quick overview of the new features.... read more

We have released ]po[ V5.0.3., which is the release candicate for ]po[ V5.0. You can download the Windows installer and the CentOS virtual machine here on SourceForge: https://sourceforge.net/projects/project-open/files/project-open/V5.0/
We have also updated the CentOS 7 installation instructions for those users who want to do a manual installation: http://www.project-open.net/en/install-centos-7... read more

The ]po[ team has fixed a security hole that exhibits the list of project names together with the names of the project managers to any user who can access the system.

Versions Affected:
* Affected are all ]po[ installations with version V3.3 and higher.

Impact:
* The bug allows attackers to retreive the names of all projects in the system, together with the name of the project manager and the start- and end-date of the project.
* It is not possible for the attacker to change any information.... read more

Dear All,

The ]po[ core team has just released ]po[ V5.0.2.4
as a VMware image and as installers for Windows
and Linux (CentOS, Ubuntu and Debian).
http://www.project-open.net/en/list-installers

This release is very close to the final release of V5.0.
We will still wait a little longer, but this is due to
marketing and PR reasons rather then due to the
product.

Since V5.0.2.3 (beta 4) we have fixed more than 100
bugs. There are still some known issues around, but
these are not critical anymore and will be fixed in the
upcoming weeks. There are about 20 customers
running ]po[ V5.0 in production already.... read more

Impact:
The bug might have an impact on the calulation of translation provider rates.

Details:
Under certain conditions, the system does not not propose the correct provider rate for a given language combination.

Fixes:
Fixes are available for all ]po[ versions >= ]po[ V3.5. The ]po[ team will notify all customers with a support contract and fix the installed systems. Users without support contract may upgrade to the latest version from CVS or contact sales@project-open.com for professional support.... read more

Dear All,

]project-open[ V5.0 is advancing, and we prepare for a
release early next year. We would like to inform you
up-front about this release and ask for your feedback,
before we start a mass mailing to all ]po[ customers.

So What's new?

• New Gantt Editor
• New Portfolio Editor
• New Task Management using Sencha HTML5
• New Earned Value Diagram
• New Mobile Timesheet Logging
• New Rule & Notification Engine
• New CRM Opportunity Tracking... read more

Dear All,

Thanks for the feedback from a community member we have detected a security issue in the ]project-open[ authentication system in ]po[ V4.x and below.

Affected Versions:

This issue affects ]po[ V4.1 and all previous versions over unsecured (HTTP) connections. It does not affect ]po[ V5.0 and higher and does not affect users using exclusively secured (HTTPS) connections.

Impact:

The bug allows a remote attacker to gain access to a ]po[ server by manipulating session identifiers.... read more

iX, Germany's #1 "enterprise IT" magazine writes about alternatives to Microsoft Project Server in it's special open-source edition calling ]project-open[ a "serious alternative". It continues: "]project-open[ excels with import and export options for desktop applications including MS Project, ProjectLibre and GanttProject". The special edition (in German) is available at https://shop.heise.de/katalog/ix-special-open-source-2016. They re-tweeted our statement at https://twitter.com/iX.... read more

Dear All,

Thanks for the feedback from a customer we have today detected and fixed a bug in the ]project-open[ time sheet system.

Impact:

The bug has an impact on the profit & loss calculation of projects and on budget adherence checks. However, the bug does not impact financial documents towards customer, providers or employees. The bug does not apply to normal time sheet logging activities.

Details:... read more

Hi,

Your ]project-open[ server may be affected by ShellShock.
Please continue to read the following discussion thread:
https://sourceforge.net/p/project-open/discussion/295937/thread/17088009/

Bests,
Frank

Hi!

Thanks to a security audit together with one of our customers, we have found that the default SSL configuration of our default VMware installer contains outdated ciphers that should be disabled.

This advisory only affects users who are using SSL encryption via the Pound reverse proxy.

Impact:

Sophisticated attackers will be able to listen to HTTPS protected connections between browsers and the ]po[ server and possibly steal your password.... read more

http://opensource.com/life/13/12/top-open-source-projects-2013

]project-open[ is featured amongst the top 10 open source projects 2013 of Opensource.com. The top 10 list also includes Project Libre which is compatible with ]project-open[ and that can be used as a ]po[ Gantt front-end.

Dear All,

The ]project-open[ team is proud to announce the availability of ]project-open[ V4.0. This is the first major release in 24 month and contains more then 15 new modules. The biggest news however is the bidirectional "round-trip" integration with MS-Project allowing project managers to upload their project schedules and leave the communication and management accounting tasks to ]project-open[.... read more

Hi,

The following tutorial describes a 400 line sample app for listing, editing and creating "notes" using Sencha Touch as a front-end and the the ]project-open[ REST interface as a back-end. All development is done in JavaScript, you don't need to know TCL.

http://www.project-open.org/en/tutorial_building_sencha_touch_applications

Bests,
Frank

Hi,

After a lot of testing and even more fixing we've just uploaded the first V4.0.3 "Beta" version of the Windows installer:

• Download link:
  http://sourceforge.net/projects/project-open/files/project-open/V4.0/project-open-Windows-Community-4.0.3.4.0-beta-01.exe/download

This is the improved version of the last alpha-28 (https://sourceforge.net/p/project-open/discussion/295937/thread/e7a1e4e9/).

Most of the issues listed in the posting above have been fixed, except for:... read more

Hi,

We have just been informed about a security issue in the time sheet
logging functionality that allows any user with access to the HTTP port
to see the names of users logging hours and the names of the tasks
on which they have logged hours. The issue is already fixed in V3.5 and
V4.0 (please see below). Here is the detailed information:

Impact:

The issue is rooted in a non-exiting permission check in a set of time sheet
reports. The issue allows any unauthenticated user to:... read more

Hi,

The ]project-open[ development team is proud to announce a first integration with the Funambol (http://www.funambol.com/) open-source middleware. Funambol allows to synchronize Contacts, Tasks and Calendar items between a number of PIM (Personal Information Managers) running on platforms including:

- Microsoft Office Outlook (2003, 2007)
- Apple iPhone
- Android
- BlackBerry
- Nokia
- etc.... read more

Hi,

We're happy to announce the availability of the ]po[ Localization Mailing List. The mailing list is dedicated to the translators who are working on the different languages for the ]po[ V3.4 launch.

We've been working in the last weeks to prepare the localization efforts for ]po[ and asking around informally, we have received a surprising number of replies from ]po[ users and partners telling us that you are interested to participate in the localization of ]po[. ... read more

Due to missing data, 'Finance' related elements might show zero values when created after 28th. of December 2008. Please do update your 3.2/3.3 server to the most recent version. A free patch is available on our CVS server.

Alternatively you can limit your update to package "intranet-exchange-rate" only.

In case you are not familiar with the update procedure please consult the manuals available at http://www.project-open.org/doc/ ... read more

Hi,

We've just uploaded an "update" release of ]po[ V3.4.0.1."development" in the SourceForge "Support Files" download section. I've chosen this somehow hidden location in order not to confuse those users who are used to "fully functional" software.

Instead, this release contains the bleeding edge of our ]project-open[ ITSM (IT Services Management) development.... read more

Dear All,

The ]project-open[ development team has just finished the first Beta1 "sneak preview" version of V3.3. You can find both a VMware virtual machine and a "package upgrade" at the download area. Both files contain a README explaining how to apply the update.

Version V3.3.Final is scheduled to be released the 22nd of July, 2008. We have chosen a relatively long Beta period in order to test the product well and to be able to inform magazines early.... read more

Overview:

The ]project-open[ team has fixed two security vulnerability that exhibit project information to unprivileged users.

Vulnerability Details:

Issue #1 allows unregistered users via the Internet to find out the names of persons associated with a project and to determine the number of hours logged on the project.

Issue #2 allows registered users without financial permissions to find out about the hourly rates (compound cost rate) of project members. ... read more

]project-open[ V3.2 Integrates With GanttProject to form OSS Business Application Stack

BARCELONA, Spain, May 9th -- The ]project-open[ development team is proud to announce the release of version V3.2. of its project management and project collaboration application. ]po[ is currently ranked #65 at SourceForge.net with >100,000 downloads.

The main feature of the new version is an integration with GanttProject, the no. #1 open-source project management application. Together, the two applications form an integrated open-source based application stack covering the complete project cycle for IT departments and IT companies from definition and planning to execution, tracking and invoicing.... read more