]project-open[

My favorite open source project management tools https://opensource.com/article/21/3/open-source-project-management If you're managing large and complex projects, try replacing Microsoft Project with an open source option.

https://packetstormsecurity.com/files/157410/Project-Open-CMS-5.0.3-Cross-Site-Scripting-SQL-Injection.html This is a short notice thatan independen security researcher has found: SQL Injection vulnerabilities - this is critical and XSS ... [More] (Cross-Site Scripting) vulnerabilites - this is also critical We confirm this issues in general. The attacks can be executed remotely and require that attacker is a registered user. Probably all versions of ]po[ are affected, from 3.3 to 5.0.3. We will fix these issues and let you know about it ASAP. Bests Frank [Less]

Dear All, The ]project-open[ team is proud to announce the availability of ]project-open[ V5.0. This is the first release in more than 4 years and contains more 5 completely new packages: Gantt Editor (similar to Microsoft Project), Task Management ... [More] , Portfolio Planner, Earned Value Analysis and Milestone Trend Analysis. Please see the attached "Highlights and features" document for a quick overview of the new features. Links: - V5.0 Highlights and features: https://www.project-open.net/en/download/file/PO-V5.0-Highlights-Features.pdf - V5.0 Download: https://sourceforge.net/projects/project-open/files/project-open/V5.0/ - V5.0 Public demo server: https://demo.project-open.net/ - Upgrade from V4.0 and earlier to V5.0 is free for customers with support contract or active commnity members: https://www.project-open.com/en/upgrade-40-50 - V5.0 Detailed changelog: https://www.project-open.net/en/version-5-0 - Roadmap for ]po[ V5.1: https://www.project-open.net/en/version-5-1 - Support, consulting, ...: http://www.project-open.com - V5.0 Press release: https://www.project-open.net/en/download/file/PO-Press-Release-V50-en.pdf For questions and suggestions please reply to this post or contact mailto:[email protected]. Best regards Frank [Less]

We have released ]po[ V5.0.3., which is the release candicate for ]po[ V5.0. You can download the Windows installer and the CentOS virtual machine here on SourceForge: https://sourceforge.net/projects/project-open/files/project-open/V5.0/ We have ... [More] also updated the CentOS 7 installation instructions for those users who want to do a manual installation: http://www.project-open.net/en/install-centos-7 Please let us know about any issues you found or proposals for improvement. Also, please let the community know if you have installed ]po[ successfully and for what purpose you want to employe ]project-open[. The ]po[ core team even offers half a day of free consulting or training if agree to publish a success story with us (we will help you with it!): http://www.project-open.net/en/howto-success-story Cheers, Frank [Less]

The ]po[ team has fixed a security hole that exhibits the list of project names together with the names of the project managers to any user who can access the system. Versions Affected: * Affected are all ]po[ installations with version V3.3 and ... [More] higher. Impact: The bug allows attackers to retreive the names of all projects in the system, together with the name of the project manager and the start- and end-date of the project. It is not possible for the attacker to change any information. Solution: * Please update the intranet-reporting-tutorial package to the latest version. or uninstall this package. Credits: * Thanks to Pratik Gandhi for poingint out the issue Vendor Information: ]project-open[ (http://www.project-open.com/) is a project and portfolio management system for companies and departments in the IT, consulting and building sectors, or any organization that runs projects as it's main business. The ]po[ architecture is designed for mission-critical applications with a rock-solid infrastructure and a sophisticated role-based permission system. [Less]

Dear All, The ]po[ core team has just released ]po[ V5.0.2.4 as a VMware image and as installers for Windows and Linux (CentOS, Ubuntu and Debian). http://www.project-open.net/en/list-installers This release is very close to the final release of ... [More] V5.0. We will still wait a little longer, but this is due to marketing and PR reasons rather then due to the product. Since V5.0.2.3 (beta 4) we have fixed more than 100 bugs. There are still some known issues around, but these are not critical anymore and will be fixed in the upcoming weeks. There are about 20 customers running ]po[ V5.0 in production already. Updates from earlier versions of V5.0 are supported for free and semi-automatically by updating the ]po[ product via an "upgrade installer" or CVS. Please see below for upgrades from V4.x or earlier. What's New? HTML5 Sencha ExtJS! The biggest change in V5.0 is the use of the Sencha ExtJS HTML5 library in order to create interactive one-page applications. Apart from supporting the new usage scenarios (Gantt Editor, Portfolio Planner) this techology allows you to customize ]po[ without the need to learn TCL. So any experienced front-end developer will be able to modify and add functionality. We have started to write up tutorials for you to encourage customization: http://www.project-open.com/en/tutorial-sencha-ajax-portlets http://www.project-open.com/en/tutorial-building-sencha-touch-applications Please contact us directly if you are interested in learning Sencha ExtJS. We are prepare a number of free tutorials via GoToMeeting. Upgrades Not Free Anymore As announced in the forum, we have changed our policy towards semiautomatic updates of ]po[. In the past, you could just update the source code of ]po[ and execute a number of "upgrade scripts" to update the data-model without loosing any data or configuration. From V5.0 on, these upgrade scripts require a CVS account which is tied to a support contract or an active partner role. https://sourceforge.net/p/project-open/discussion/295937/thread/1bd5743a/ Please contact us if you plan to upgrade your system or the system of your customers. We'll provide free accounts to partners who participate actively in the development of ]po[, report bugs, contribute patches, translate the system, publish articles etc. However, we will ask for a monetary contribution (a support contract) from everybody else. Best Regards, Frank. ============================================================== V5.0 Changes ============================================================== ]project-open[ V5.0 include several major new packages: - Gantt Editor: A HTML5 editor for Gantt charts, similar to MS-Project, ProjectLibre and GanttProject, but currently without critcial path scheduling. - Task Management: A HTML5 display that shows the tasks assigned to a user in green, yellow or red, depending on execution status of the tasks. - Charts and Diagrams: V5.0 includes several new HTML5 charts and diagrams for visualizing statistics and performance indicators. - Portfolio Planner: A HTML5 editor and scenario planner for project portfolios similar to the Gantt Editor, allowing to simulate the resource load of the assigned users and their departments. - Project Scoring: This package standardizes the assignment of scores (for example: strategic importance, customer relatednesss etc.) based on a survey with predefined questions. - Project Earned Value Diagram: Shows graphically planned work (from the Gantt diagram) vs. actual progress (% done) vs. logged hours. Currently only shows numbers based on hours. - Project Milestone "Slip" Tracker: This diagram shows graphically the slip of project milestones. Platform Changes - PostgreSQL Database: V5.0 supports PG 9.2 or higher. - Application Server: V5.0 supports NaviServer 4.99.8. - OpenACS Community System: V5.0 is now based on OpenACS 5.9 - VMware Linux Version: V5.0 is based on CentOS 7. - HTML5 Libraries: The HTML5 libraries Sencha ExtJS 4.2.1 and Sencha Touch 2.4.2 are now part of the core architecture. These changes are the reason for the release of a major version, meaning that upgrades from previous versions are not automatic. Please see the V4.0 -> V5.0 upgrade instructions for details. Performance - Update to PostgreSQL 9.x and NaviServer 4.99: The update increases performance by up to 50% in typcial application scenarios. - Optimizations for 40.000 Users: We have optimized a number of pages in order to deal with large numbers of customers and customer contacts - Filter options for large organizations: Most pages now contain filter options suitable for organizations with 5.000 active users. Security - Polito Inc., a Virginia based cyber security company has tested ]po[ V5.0 before using it internally and found "no significant vulnerabilities". - OpenACS 5.9 incorporates several important security improvements. - Improved the built-in IDS (Intrusion Detection System) of ]po[ - Fixed header injection issue in redirect code - Fixed a security issue in the 2nd tier defense in util_memoize Other - We never officially released ]po[ V4.1 (please see below), so please continue to read for additional changes. ============================================================== V4.1 Changes ============================================================== ]project-open[ V4.1 is mainly a bug fix release with gradual improvements thanks to several large customer implantation projects. New Packages - Mobile Timesheet Logging (experimental): A Sencha client for mobile devices (issues on Android?). - Rule Engine: Allows you to define actions that are executed once a value of a project, a task or any other business object (future) changes or reaches a certain value. For example, a task reaching 100% could trigger a notification email to the project manager. - CRM Opportunity Tracking: This package maintains a list of opportunities during the qualification and sales cycle (sales pipeline). - Periodic Invoicing (experimental): This new package introduces the notion of a "service contract" with certain parameters including a monthly fee, a number of free service hours and the price per additional service hour. A (semi-) automatic invoicing functionality allows to process many service contracts in "batch mode". - Events & Training Management: This new package is now running in production with one customer. It consists of a new business object "event" that handles resource allocation using a calendar view. Important Features - GUI: Added sub-menus to main tabs - still accepting comments - Absences: Automatically maintaining groups per office in order to allow for bank holidays per office. These bank holidays enter into the resource management calculation algorithm. New Experimental Functionality - Cloud Backup: A new experimental feature allows you to perform backups from your on-premise Windows or Linux installation to a ]project-open[ backup server. In case of an accident we will offer you the option to "resurrect" your machine as a SaaS hosted machine within 24 hours. This is an experimental service. Please let us know if you are interested, in exchange of two years free service. We plan to price this "Cloud Backup" service at EUR 10 per month with standard SaaS charges in case of a restore. - Project Membership based on Groups: A new feature allows you to add groups as "members" to a project, company or other business object. This allows some customers to streamline permission assignment. - Fast-Track Customer Contact Adding: We have included a new option to enter CRM customer contacts + companies including a duplicate check based of fuzzy full-text search. Bugs Fixed - Timesheet Approval Workflow - Localization: Fixed various non-translatable strings - Auto-Login: Fixed behaviour for automatic login from emails sent out by the forum and mailing functionalities. Performance - A large customer with 40.000 users served as a base for a number of performance enhancements that have become part of the product. Small Stuff - CRM Mass-Mailing functionality: You can now send thousands of personalized emails messages to customers of other groups. - Helpdesk: Priority changes now send out better notifications mails. - New reports: Which?? - Fixed Resource Management: - New report(?) - Task Management: ]po[ now allows a user to delete a task in a project, if there are no financial items related to the task. - Workflow Vacation Handling: Users can now specific their replacement when creating a new absence. The absence replacement has the right to process workflow approvals for the absent person during the vacation period. Security - A scurity testing company performed a one week testing on ]po[ and found no major issue. However, there were several minor issues that were fixed in ]po[ V4.1: - Header Injection - Redirect - SQL injection in the category administration section. This bug would have been serious. However, the affected pages are only accessible to the system adminstrator who has the right to perform arbitrary SQL statements anyway. - "util_memoize" Issues: ]po[ contains a two-layered protection against SQL injection attacks. Issues in the use of util_memoize broke the database layer in several pages. However, the second "ad_page_contract" layer prevented actual exploits. - Improved IDS (Intrusion Detection System): ]po[ now includes a series of "sensors" and an integrated reporting functionality to detect unusual activities in the system. [Less]

Impact: The bug might have an impact on the calulation of translation provider rates. Details: Under certain conditions, the system does not not propose the correct provider rate for a given language combination. Fixes: Fixes are available for all ... [More] ]po[ versions >= ]po[ V3.5. The ]po[ team will notify all customers with a support contract and fix the installed systems. Users without support contract may upgrade to the latest version from CVS or contact [email protected] for professional support. Patches: The following patches can be applied to fix the issue =================================================================== RCS file: /home/cvsroot/intranet-freelance-invoices/www/new-2-postgresql.xql,v retrieving revision 1.3 retrieving revision 1.4 diff --context -r1.3 -r1.4 *** new-2-postgresql.xql 7 Apr 2006 23:07:40 -0000 1.3 --- new-2-postgresql.xql 6 Apr 2017 17:58:40 -0000 1.4 *************** *** 62,68 **** (select im_trans_prices_calc_relevancy ( p.company_id, :provider_id, ! p.task_type_id, :task_type_id, p.subject_area_id, :subject_area_id, p.target_language_id, :target_language_id, p.source_language_id, :source_language_id --- 62,68 ---- (select im_trans_prices_calc_relevancy ( p.company_id, :provider_id, ! p.task_type_id, :po_task_type_id, p.subject_area_id, :subject_area_id, p.target_language_id, :target_language_id, p.source_language_id, :source_language_id =================================================================== RCS file: /home/cvsroot/intranet-freelance-invoices/www/new-2.tcl,v retrieving revision 1.25 retrieving revision 1.26 diff --context -r1.25 -r1.26 *** new-2.tcl 17 Nov 2015 18:07:19 -0000 1.25 --- new-2.tcl 10 Apr 2017 15:59:22 -0000 1.26 *************** *** 572,577 **** --- 572,581 ---- set file_type_id "" } + if { ![info exists po_task_type_id] } { + set po_task_type_id $task_type_id + } + # Check if a material for the select parameter combination exists # or create new material set material_id [im_material_create_from_parameters -material_uom_id $task_uom_id -material_type_id [im_material_type_translation]] [Less]

Dear All, ]project-open[ V5.0 is advancing, and we prepare for a release early next year. We would like to inform you up-front about this release and ask for your feedback, before we start a mass mailing to all ]po[ customers. So What's new? New ... [More] Gantt Editor New Portfolio Editor New Task Management using Sencha HTML5 New Earned Value Diagram New Mobile Timesheet Logging New Rule & Notification Engine New CRM Opportunity Tracking Non-Functional: V5.0 now includes Sencha ExtJS for HTML5 apps Based on OpenACS 5.9, Naviserver 4.99, CentOS 7 and PostgreSQL 9.x Windows installer now using VirtualBox Performance improvements for up to 40.000 users. Security improvements after a security audit V5.0 Release Status & Download A V5.0.2.beta2 VMware appliance is available for download here on SourceForge: http://sourceforge.net/projects/project-open/files/project-open/V5.0/ It's in production at ~20 customers already. There is a demo server available: http://po50demo.project-open.net We now publish the development status of V5.0 online: http://www.project-open.net/en/version-5-0-2-0-0 In a few weeks we will offer a "Windows installer" which consists of exactly the same CentOS VM image as above, but adds a "VirtualBox" for executing the VM appliance in Windows. The ]po[ V5.0 "final release" will be in the 1st Quarter 2017. However, such a date is more marketing tactical than anything else. The V5.0 "base system" is stable now, and the Gantt Editor and the other HTML5 components will gradually mature until the end of next year or so. HTML5 Sencha ExtJS - No more TCL Development! The biggest change in V5.0 is the use of the Sencha ExtJS HTML5 library in order to create interactive one-page applications. Apart from supporting the new usage scenarios (Gantt Editor, Portfolio Planner) this techology allows you to customize ]po[ without the need to learn TCL. So any experienced front-end developer will be able to modify and add functionality. We have started to write up tutorials for you to encourage customization: http://www.project-open.com/en/tutorial-sencha-ajax-portlets http://www.project-open.com/en/tutorial-building-sencha-touch-applications Please contact us directly if you are interested in learning Sencha ExtJS. We are prepare a number of free tutorials via GoToMeeting. Upgrades Not Free Anymore As announced in the forum, we have changed our policy towards semiautomatic updates of ]po[. In the past, you could just update the source code of ]po[ and execute a number of "upgrade scripts" to update the data-model without loosing any data or configuration. From V5.0 on, these upgrade scripts require a CVS account which is tied to a support contract or an active partner role. https://sourceforge.net/p/project-open/discussion/295937/thread/1bd5743a/ Please contact us if you plan to upgrade your system or the system of your customers. We'll provide free accounts to partners who participate actively in the development of ]po[, report bugs, contribute patches, translate the system, publish articles etc. However, we will ask for a monetary contribution (a support contract) from everybody else. Gantt Editor The biggest functional change in V5.0 is the "Gantt Editor". It's a simple Gantt Editor like GanttProject or ProjectLibre, and without a scheduling engine at the moment. It supports what MS calls "manually scheduled tasks". At the moment we don't recommend it for planning large projects, but it's useful for smaller projects and as a viewer for large projects for users without MS-Project licenses. The Gantt Editor is our highest priority at the moment and we'll start integrating the "Task Juggler" open- source scheduling engine. Please provide us with feedback and contact us directly. We'll fix any bugs ASAP. V5.0 Press Kit, Articles & PR Do you know press or PR people? Do you want to release an article about ]po[? We will prepare a Press Kit (not finished yet) at: www.project-open.net/en/press-v50-kit You can just take this press kit or other material, translate it and offer it to your local press contacts. Please contact us if you need help or support. V5.0 Localization Please help us to improve the translation of ]po[ into your language! You can participate as an “editor” (just providing comments and final QA) or take a more active role as a first or second translator. Please contact us if you are interested. V5.0 Translation Vertical Functionality for translation agencies is not part of the standard ]po[ V5.0 installer anymore, because it it is confusing for the large majority of customers. Instead, we will release a dedicated VMware for translation companies some time after the official release. Links to Other Packages Please see these links for additional information on the new packages and features in ]po[ V5.0: Gantt Editor www.project-open.net/en/package-intranet-gantt-editor New Portfolio Editor www.project-open.net/en/package-intranet-portfolio-planner New Task Management using Sencha HTML5 www.project-open.net/en/package-intranet-task-management New Earned Value Diagram in community edition www.project-open.net/en/package-intranet-earned-value-management New Mobile Timesheet Logging www.project-open.net/en/package-senchatouch-timesheet New Rule & Notification Engine www.project-open.net/en/package-intranet-rule-engine New CRM Opportunity Tracking www.project-open.net/en/package-intranet-crm-opportunities Best Regards, Frank [Less]

Dear All, Thanks for the feedback from a community member we have detected a security issue in the ]project-open[ authentication system in ]po[ V4.x and below. Affected Versions: This issue affects ]po[ V4.1 and all previous versions over unsecured ... [More] (HTTP) connections. It does not affect ]po[ V5.0 and higher and does not affect users using exclusively secured (HTTPS) connections. Impact: The bug allows a remote attacker to gain access to a ]po[ server by manipulating session identifiers. Details: Please see the following posting for details: https://sourceforge.net/p/project-open/discussion/295937/thread/d62fce3e/ Exploitation status: No exploit is known yet and no intrusion attempt has been observed yet. Fixes: The issue is fixed in OpenACS 5.9 / ]project-open[ V5.0. Also, the issue disappears if all users communicate with the server via HTTPS. Please contact [email protected] for either installing certificates on your ]po[ server or for an upgrade to ]po[ V5.0. Best regards Frank [Less]

iX, Germany's #1 "enterprise IT" magazine writes about alternatives to Microsoft Project Server in it's special open-source edition calling ]project-open[ a "serious alternative". It continues: "]project-open[ excels with import and export options ... [More] for desktop applications including MS Project, ProjectLibre and GanttProject". The special edition (in German) is available at https://shop.heise.de/katalog/ix-special-open-source-2016. They re-tweeted our statement at https://twitter.com/iX. Being a serious alternative to MS Project Server (and Oracle Primavera and CA Clarity) is our #1 objective for the upcoming V5.0 release (please see the roadmap, and yes, we are late again). New functionality includes a HTML5 Gantt Editor, a HTML5 Portfolio Planner and a number of high-level reports, including the option to create PowerPoint decks with charts etc. directly from within the system. Please let us know if you want to get involved in the beta phase, we offer free upgrades and support. Otherwise just stay tuned. We'll announce the final release here on SourceForge, on Twitter @projop and on LinkedIn [Less]