Thanks for the feedback from a community member we have detected a security issue in the ]project-open[ authentication system in ]po[ V4.x and below.
This issue affects ]po[ V4.1 and all previous versions over unsecured (HTTP) connections. It does not affect ]po[ V5.0 and higher and does not affect users using exclusively secured (HTTPS) connections.
The bug allows a remote attacker to gain access to a ]po[ server by manipulating session identifiers.... read more
iX, Germany's #1 "enterprise IT" magazine writes about alternatives to Microsoft Project Server in it's special open-source edition calling ]project-open[ a "serious alternative". It continues: "]project-open[ excels with import and export options for desktop applications including MS Project, ProjectLibre and GanttProject". The special edition (in German) is available at https://shop.heise.de/katalog/ix-special-open-source-2016. They re-tweeted our statement at https://twitter.com/iX.... read more
Thanks for the feedback from a customer we have today detected and fixed a bug in the ]project-open[ time sheet system.
The bug has an impact on the profit & loss calculation of projects and on budget adherence checks. However, the bug does not impact financial documents towards customer, providers or employees. The bug does not apply to normal time sheet logging activities.
Details:... read more
Your ]project-open[ server may be affected by ShellShock.
Please continue to read the following discussion thread:
Thanks to a security audit together with one of our customers, we have found that the default SSL configuration of our default VMware installer contains outdated ciphers that should be disabled.
This advisory only affects users who are using SSL encryption via the Pound reverse proxy.
Sophisticated attackers will be able to listen to HTTPS protected connections between browsers and the ]po[ server and possibly steal your password.... read more
]project-open[ is featured amongst the top 10 open source projects 2013 of Opensource.com. The top 10 list also includes Project Libre which is compatible with ]project-open[ and that can be used as a ]po[ Gantt front-end.
The ]project-open[ team is proud to announce the availability of ]project-open[ V4.0. This is the first major release in 24 month and contains more then 15 new modules. The biggest news however is the bidirectional "round-trip" integration with MS-Project allowing project managers to upload their project schedules and leave the communication and management accounting tasks to ]project-open[.... read more
After a lot of testing and even more fixing we've just uploaded the first V4.0.3 "Beta" version of the Windows installer:
This is the improved version of the last alpha-28 (https://sourceforge.net/p/project-open/discussion/295937/thread/e7a1e4e9/).
Most of the issues listed in the posting above have been fixed, except for:... read more
We have just been informed about a security issue in the time sheet
logging functionality that allows any user with access to the HTTP port
to see the names of users logging hours and the names of the tasks
on which they have logged hours. The issue is already fixed in V3.5 and
V4.0 (please see below). Here is the detailed information:
The issue is rooted in a non-exiting permission check in a set of time sheet
reports. The issue allows any unauthenticated user to:... read more
The ]project-open[ development team is proud to announce a first integration with the Funambol (http://www.funambol.com/) open-source middleware. Funambol allows to synchronize Contacts, Tasks and Calendar items between a number of PIM (Personal Information Managers) running on platforms including:
- Microsoft Office Outlook (2003, 2007)
- Apple iPhone
- etc.... read more
We're happy to announce the availability of the ]po[ Localization Mailing List. The mailing list is dedicated to the translators who are working on the different languages for the ]po[ V3.4 launch.
We've been working in the last weeks to prepare the localization efforts for ]po[ and asking around informally, we have received a surprising number of replies from ]po[ users and partners telling us that you are interested to participate in the localization of ]po[. ... read more
Due to missing data, 'Finance' related elements might show zero values when created after 28th. of December 2008. Please do update your 3.2/3.3 server to the most recent version. A free patch is available on our CVS server.
Alternatively you can limit your update to package "intranet-exchange-rate" only.
We've just uploaded an "update" release of ]po[ V18.104.22.168."development" in the SourceForge "Support Files" download section. I've chosen this somehow hidden location in order not to confuse those users who are used to "fully functional" software.
Instead, this release contains the bleeding edge of our ]project-open[ ITSM (IT Services Management) development.... read more
The ]project-open[ development team has just finished the first Beta1 "sneak preview" version of V3.3. You can find both a VMware virtual machine and a "package upgrade" at the download area. Both files contain a README explaining how to apply the update.
Version V3.3.Final is scheduled to be released the 22nd of July, 2008. We have chosen a relatively long Beta period in order to test the product well and to be able to inform magazines early.... read more
The ]project-open[ team has fixed two security vulnerability that exhibit project information to unprivileged users.
Issue #1 allows unregistered users via the Internet to find out the names of persons associated with a project and to determine the number of hours logged on the project.
Issue #2 allows registered users without financial permissions to find out about the hourly rates (compound cost rate) of project members. ... read more
]project-open[ V3.2 Integrates With GanttProject to form OSS Business Application Stack
BARCELONA, Spain, May 9th -- The ]project-open[ development team is proud to announce the release of version V3.2. of its project management and project collaboration application. ]po[ is currently ranked #65 at SourceForge.net with >100,000 downloads.
The main feature of the new version is an integration with GanttProject, the no. #1 open-source project management application. Together, the two applications form an integrated open-source based application stack covering the complete project cycle for IT departments and IT companies from definition and planning to execution, tracking and invoicing.... read more
The ]project-open[ team is proud to announce the availability of ]project-open[ V3.2. A VMware image will be available on May 2nd. RPM installers for OpenSuSE, Fedora and CentOS will follow this week. A Win32 installer will be available until end of May, so we urge Windows users to consider the VMware installer meanwhile.
V3.2 includes a vast number of extensions and improvements compared with V3.1., most importantly an integration with the GanttProject open-source Gantt editor (http://sourceforge.net/projects/ganttproject/). This integration allows project managers to define and modify ]po[ projects using a graphical editor and to perform basic resource planning. ... read more
We've just released a VMware image with V3.2.Beta5 with a few fixes for issues from V3.2.Beta4. The rest ist the same, so I just copy the annoucement of V3.2.Beta4 below. RPM installer will be available tomorrow afternoon CET.
The ]project-open[ development team is proud to announce the availability of ]project-open[. V3.2.Beta4 is the first release candidate for V3.2 and includes a vast amount of extensions and improvements. ... read more
The ]project-open[ development team is proud to announce the availability of ]project-open[. V3.2.Beta4 is the first release candidate for V3.2 and includes a vast amount of extensions and improvements.
The V3.2.Beta4 release is based on a VMware virtual machine with SuSE 9.3 Linux. RPM installers for OpenSuSE, Fedora and CentOS will follow this week. A Win32 installer will come out in Q3 2007, so we urge Windows users to consider the VMware installer meanwhile.... read more
We (the "]project-open[ core team" in Barcelona) are looking for several TCL software developers and experienced ]po[ consultants around the world to help us deal with projects of various sizes.
Please let us know if you feel that you fit one (or both) of the profiles below.
TCL Developer: You receive a (more or less) complete specifications for new functionality or for the modification of an existing module. You plan and develop the solution and help the customer to install it in his system. You can count on some help from us in your first projects.... read more
The ]project-open[ team has identified a vulnerability in ]project-open[ that allows attackers to shortcut the login process with information gained from other ]po[ instances.
The vulnerability consists of a weak configuration in the "preconfigured" demo system of the V3.1.2 installer. Your system is not affected if you have installed your server "from scratch".... read more
The ]project-open[ development team has just released the first Beta1 "sneak preview" version of V3.2. You can find the pcdev32.v32.beta1.tar.bz in the "Support Files" section.
The file contains a zip of our /web/pcdev32/ development server plus a README. The README tells you how to continue. People familiar with ]po[ will know how to proceed. Please wait for a proper release if you are not. Please use a staging or development server for testing and DON'T install in a production server.... read more
Recently there were reports at the AOLServer mailing list (http://www.aolserver.com/) about incidents with AOLServer 3.3.1. This version is the base of most ]project-open[ installations, so this is a serious incident and we recommend you to upgrade your installation.
Windows installations are not affected.
The error seems to occur due to a kind of "Year 2000" issue with the 32 bit Unix date format. As a result AOLServer will try to allocate a large quantity of virtual memory, which will fail and lead to a failure and then to a restart of AOLServer.... read more
We have finally agreed with stakeholders and customers on a schedule for V3.2 of ]project-open[.
Please see our Roadmap (http://www.project-open.org/roadmap.html) for details.
New features include:
- An improved GUI
- Integration with GanttProject
- Resource Assignments and Resource Planning
- Integration of "Petri-Net Workflow"
- Expenses and Travel Costs
- An Integration API (XML-RPC and ODBC)... read more