Releases for Project issue tracking

This release fixes two security vulnerabilities described in DRUPAL-SA-CONTRIB-2009-002. Sites are urged to upgrade immediately. Other changes since version 5.x-2.2:

Bug fixes

• #209507 by aclight: Fixed critical bug introduced with #188198 where the original poster of an issue wouldn't get notification emails about that issue unless they also commented on it.
• #283332 by hunmonk: {project_issues} table not being created when module is enabled. Removed erroneous default value from original_issue_data text column. No database update is necessary because MySQL simply tosses the default value declaration if it does install the table.
• #272618 by aclight: Fixed bug where 'Create Issue' menu item was visible even when 'create project issues' permission is disabled.
• #11211 by Gabor Hojtsy: proper use of drupal_add_feed().
• #293882 by agentrickard and scor: Fixed broken project lookup in mailhandler code.
• #275323 by aclight and hunmonk: Prevent project_issue_generate_issue_comments() from causing fatal errors in rare cases.

Changes since DRUPAL-5--2-1:

BUGFIXES

• #231713 by dww: Fixed problems with database upgrade path usability.
  Now, if update 5200() is aborted due to missing required modules, when
  the admin visits update.php again, project_issue is set to retry 5200
  automatically, even though the schema_version in {system} says it
  should start with 5201. Unless they read the fine print and set the
  update to start at 5200, they'd end up with major data loss when the
  {project_comments} table is dropped in 5202().
• #236459 by aclight, hunmonk: Issue quicklinks should only appear when comments are set for the node.
• #234255 by aclight: Restored ability to add CCK fields to project-issue
  nodes (fixing regression from #199138).
• #245363 by aclight: Default values of component should be translatable.
• #186259 by hunmonk: reset corrupted array pointer to avoid endless update loop. see http://drupal.org/node/186259#comment-805698 for details.

FEATURES

This release fixes the following critical security vulnerabilities from 4.7.x-2.6 and earlier:

• #216062: SA-2008-012 -- XSS vulnerability in comment summary tables.
• #216063: SA-2008-013 -- Arbitrary file upload.

This is the first official release of the 5.x-2.* series. The major new feature here is that issue followups now use core comments, instead of the previous special-case pseudo comments. This means the project_issue now depends on comment.module, upload.module (for file attachments to the initial issue post), and the comment_upload.module (for file attachments to followup comments).

This release requires Drupal 5.2 or greater.

Users of the 5.x-2.x-dev release should upgrade to this version immediately, since it fixes some critical security flaws:

• #216062: SA-2008-012 -- XSS vulnerability in comment summary tables.
• #216063: SA-2008-013 -- Arbitrary file upload.

Other changes since the 5.x-1.* series:

NOTE: Unless critical bugs are uncovered, this will be the last official release for the 4.7.x-1.* series. All users are strongly encouraged to upgrade to at least 4.7.x-2.*, or better yet, 5.x-1.*, as soon as feasible. Support for this release series is basically over.

Changes since version 4.7.x-1.5:

Changes since version 5.x-1.1:

#180568 (SA-2007-021) by hunmonk: Fix XSS holes in project subscription forms.
#177312 by hunmonk: add project links, fix breakage on issue subscription form.
#168650 by pwolanin, hunmonk: fix improper use of %s

#180568 (SA-2007-021) by hunmonk: Fix XSS holes in project subscription forms.
#177312 by hunmonk: add project links, fix breakage on issue subscription form.
#168650 by pwolanin, hunmonk: fix improper use of %s
#172327 by hunmonk: INSTALL.txt outdated

This release addresses an access bypass security issue, DRUPAL-SA-2007-020. Sites that try to restrict access to issues based on the 'access project issues' or 'access own project issues' permissions should upgrade immediately.

Other changes since 4.7.x-2.3: