dotProject 2.1.7 addresses several security concerns

November 15th, 2012

We have just released dotProject 2.1.7 which is primarily a security and bug fix release.  A number of XSS and SQL injection vulnerabilities have been reported to us and we have pulled out all stops to ensure they are now fixed.  If you are running any version of dotProject, please consider upgrading as soon as possible.

In addition a number of usability issues have been fixed, and potential problems with upgrades for users on 2.1.1 and prior releases - so there is no excuse for not upgrading!

As usual you can download the release at https://sourceforge.net/projects/dotproject

dotProject 2.1.6 now released

August 14th, 2012

There is now a new version of dotProject available over on SourceForge. This version cleans up quite a few issues that had sneaked in over time.  Some of the wierdness in the 2.1.5 install has been addressed, so upgrades should be much more functional.

A lot of input from the community has been incorporated, including some great localisation fixes from the Brazillian dotProject community.  Those guys and gals always provide inspiration, and I'm truly sorry that our timezone differences make online meetings a problem.

There seems to be a lot of activity in the community at the moment, and it all is to the betterment of the project.

Can you spell entrepreneur?

February 15th, 2011

I'm often asked "Why should I use dotProject instead of <insert project management software of your choice here>.  They tell me it is an upgrade/massive improvement/gift from God".  My answer is always the same.  I don't comment on other projects.  If you want to use their product, fine. If you want to use dotProject, fine.  If you ask me what are the features of dotProject, I am only too happy to tell you.  If you ask me how they compare to another, I'll tell you I can't tell you. This often causes confusion/dismay/anger or a range of emotions in the questioner.

Open source is full of projects of variable quality and purpose.  Which one you choose should be up to you.  In general you can download for free, or try out a demo, and look for plenty of independent assessments on what features map to those of another project.  What you are asking me is to do your homework for you.  What you are expecting is a dispassionate, reasoned set of arguments showing why my project is better or worse than another.  Are you really that naive?  Nobody is dispassionate about their code.  If they were they would not be coding open source.  I cannot give you unbiased advice, and certainly cannot compare my project to another without some level of bias.  So I won't do it.

Now this brings us to those that do proffer comparisons and wax lyrically about their project versus another.  You have to ask yourself why would they be doing this?  To my mind there are only a few options, and they can be summarised as Arrogance, Jealousy, Petulance, and Profit.  Now remember, I'm talking open source here, I don't make any money off of this code, so I don't really have much of an incentive to get heaps of people using it and demanding free support from me unless I have some level of arrogance myself.  I do.  But I try to keep that to myself and not let it influence others.  Those that proselytise have a different sort of arrogance, one that does not extend to respect, only to self interest.   Jealously and Petulance are juvenile reactions to what is seen as the more popular kid in school (or a variation on that theme,) something I've grown out of a long time ago.  Profit is something that I really don't care much about in my open source work.  I don't do it for profit. I do it to scratch an itch.  I don't do it to prove that others are no good, I do it to prove to myself that I am.  If you use my code, great, that validates me.  If you don't, great, that means there are other great programs out there, and great programmers.  But don't do it because the programmer tells you it is great, do it because the software works for you, and you can only determine that by investigation and trial.

dotProject 2.1.5 Released

January 6th, 2011

The 2.1.5 version of dotProject has been released today. This version fixes a number of issues with table prefixing introduced in 2.1.4, and for those using table prefixing, the upgrade is a must.

There have also been some improvements to those in large organisations where staff turnover is an issue. These include being able to easily bulk transfer tasks from one user to another, and to have automated management of the visibility of contact information when users are inactivated.

The ProjectDesigner module has now been made a core module. This makes managing of large projects easier. You can access it from the System Admin -> Modules page.

dotProject 2.1.4 Released!

November 19th, 2010

dotProject 2.1.4 hit the streets today.

We integrated some very large patch sets into this release, and while we've taken every care to get it right, there may be a few rough edges. If you find anything you can always submit a bug. But before you do check that it hasn't already been reported and also make sure you check on our forums.

So, what has changed?

PHP 5.3 support - You can now run with PHP 5.3 and it will still run on earlier versions.

Database Prefix - For those hosting dP, this should make you smile. No need to separate dP out into its own database, as it can share the database with other apps.

XHTML compliance - there has been a lot of work on XHTML compliance.

XSS vulnerabilities - we found a few, and have taken steps to ensure that we don't have any more.

Bug fixes - heaps of them - you can always check the bug repository to see what we've fixed.

Performance gain - There have been patches around to implement a permissions cache to improve permissions performance, and we have now fully integrated this into the official release.

So thanks to all who assisted with bug reports, patches and supporting our users on the forums.

Because of the amount of code changes, and the nature of the patches (which have touched just about every part of the code), we have set aside time to ensure we can get a follow up release out should it be necessary.