Last Build Date: Tue, 29 Nov 2016 17:34:13 -0000
Tue, 29 Nov 2016 17:34:13 -0000Dear All, ]project-open[ V5.0 is advancing, and we prepare for a release early next year. We would like to inform you up-front about this release and ask for your feedback, before we start a mass mailing to all ]po[ customers. So What's new? New Gantt Editor New Portfolio Editor New Task Management using Sencha HTML5 New Earned Value Diagram New Mobile Timesheet Logging New Rule & Notification Engine New CRM Opportunity Tracking Non-Functional: V5.0 now includes Sencha ExtJS for HTML5 apps Based on OpenACS 5.9, Naviserver 4.99, CentOS 7 and PostgreSQL 9.x Windows installer now using VirtualBox Performance improvements for up to 40.000 users. Security improvements after a security audit V5.0 Release Status & Download A V5.0.2.beta2 VMware appliance is available for download here on SourceForge: http://sourceforge.net/projects/project-open/files/project-open/V5.0/ It's in production at ~20 customers already. There is a demo server available: http://po50demo.project-open.net We now publish the development status of V5.0 online: http://www.project-open.net/en/version-5-0-2-0-0 In a few weeks we will offer a "Windows installer" which consists of exactly the same CentOS VM image as above, but adds a "VirtualBox" for executing the VM appliance in Windows. The ]po[ V5.0 "final release" will be in the 1st Quarter 2017. However, such a date is more marketing tactical than anything else. The V5.0 "base system" is stable now, and the Gantt Editor and the other HTML5 components will gradually mature until the end of next year or so. HTML5 Sencha ExtJS - No more TCL Development! The biggest change in V5.0 is the use of the Sencha ExtJS HTML5 library in order to create interactive one-page applications. Apart from supporting the new usage scenarios (Gantt Editor, Portfolio Planner) this techology allows you to customize ]po[ without the need to learn TCL. So any experienced front-end developer will be able to modify and add functionality. We have started to write up tutorials for you to encourage customization: http://www.project-open.com/en/tutorial-sencha-ajax-portlets http://www.project-open.com/en/tutorial-building-sencha-touch-applications Please contact us directly if you are interested in learning Sencha ExtJS. We are prepare a number of free tutorials via GoToMeeting. Upgrades Not Free Anymore As announced in the forum, we have changed our policy towards semiautomatic updates of ]po[. In the past, you could just update the source code of ]po[ and execute a number of "upgrade scripts" to update the data-model without loosing any data or configuration. From V5.0 on, these upgrade scripts require a CVS account which is tied to a support contract or an active partner role. https://sourceforge.net/p/project-open/discussion/295937/thread/1bd5743a/ Please contact us if you plan to upgrade your system or the system of your customers. We'll provide free accounts to partners who participate actively in the development of ]po[, report bugs, contribute patches, translate the system, publish articles etc. However, we will ask for a monetary contribution (a support contract) from everybody else. Gantt Editor The biggest functional change in V5.0 is the "Gantt Editor". It's a simple Gantt Editor like GanttProject or ProjectLibre, and without a scheduling engine at the moment. It supports what MS calls "manually scheduled tasks". At the moment we don't recommend it for planning large projects, but it's useful for smaller projects and as a viewer for large projects for users without MS-Project licenses. The Gantt Editor is our highest priority at the moment and we'll start integrating the "Task Juggler" open- source scheduling engine. Please provide us with feedback and contact us directly. We'll fix any bugs ASAP. V5.0 Press Kit, Articles & PR Do you know press or PR people? Do you want to release an article about ]po[? We will prepare a Press Kit (not finished yet) at: www.project-open.net/en/press-v50-kit You can just take this press kit or other material, translate it and offer i[...]
Fri, 19 Aug 2016 12:06:35 -0000
Thanks for the feedback from a community member we have detected a security issue in the ]project-open[ authentication system in ]po[ V4.x and below.
This issue affects ]po[ V4.1 and all previous versions over unsecured (HTTP) connections. It does not affect ]po[ V5.0 and higher and does not affect users using exclusively secured (HTTPS) connections.
The bug allows a remote attacker to gain access to a ]po[ server by manipulating session identifiers.
Please see the following posting for details:
No exploit is known yet and no intrusion attempt has been observed yet.
The issue is fixed in OpenACS 5.9 / ]project-open[ V5.0. Also, the issue disappears if all users communicate with the server via HTTPS. Please contact firstname.lastname@example.org for either installing certificates on your ]po[ server or for an upgrade to ]po[ V5.0.
Wed, 15 Jun 2016 13:44:22 -0000
iX, Germany's #1 "enterprise IT" magazine writes about alternatives to Microsoft Project Server in it's special open-source edition calling ]project-open[ a "serious alternative". It continues: "]project-open[ excels with import and export options for desktop applications including MS Project, ProjectLibre and GanttProject". The special edition (in German) is available at https://shop.heise.de/katalog/ix-special-open-source-2016. They re-tweeted our statement at https://twitter.com/iX.
Being a serious alternative to MS Project Server (and Oracle Primavera and CA Clarity) is our #1 objective for the upcoming V5.0 release (please see the roadmap, and yes, we are late again). New functionality includes a HTML5 Gantt Editor, a HTML5 Portfolio Planner and a number of high-level reports, including the option to create PowerPoint decks with charts etc. directly from within the system.
Please let us know if you want to get involved in the beta phase, we offer free upgrades and support. Otherwise just stay tuned. We'll announce the final release here on SourceForge, on Twitter @projop and on LinkedIn
Wed, 29 Apr 2015 11:15:13 -0000
Thanks for the feedback from a customer we have today detected and fixed a bug in the ]project-open[ time sheet system.
The bug has an impact on the profit & loss calculation of projects and budget adherence. However, the bug does not impact financial documents towards customer, providers or employees. The bug does not apply to normal timesheet logging activities.
When moving hours from one project to another or when modifying the number of hours logged on a project using the /intranet-timesheet2/www/hours/one file as a supervisor, the logged hours will be moved or modified correctly. However, the time sheet cost item was not updated accordingly.
This issue appears only when a supervisor corrects the hours of other employees. It does not appear during normal time sheet logging activities using "Timeshett" -> Log hours for a day.
Fixes are available for all ]po[ versions since ]po[ V3.2. The ]po[ team will notify all customers with a support contract and fix the installed systems. Users without support contract may upgrade to the latest version from CVS or contact email@example.com for a support agreement.
Fri, 26 Sep 2014 13:24:50 -0000
Your ]project-open[ server may be affected by ShellShock.
Please continue to read the following discussion thread:
Tue, 29 Apr 2014 15:08:59 -0000
Thanks to a security audit together with one of our customers, we have found that the default SSL configuration of our default VMware installer contains outdated ciphers that should be disabled.
This advisory only affects users who are using SSL encryption via the Pound reverse proxy.
Sophisticated attackers will be able to listen to HTTPS protected connections between browsers and the ]po[ server and possibly steal your password.
Please edit your /etc/pound.cfg file and add a "Ciphers" statement in the ListenHTTPS section similar to the one below:
ListenHTTPS Address 0.0.0.0 Port 443 Cert "/etc/pound/server.pem" Ciphers "SSLv3:TLSv1:-LOW:-aNULL:-ADH:-EXP:-eNULL" End
Maybe this is also a good moment to check some other security aspects of your ]po[ installation:
Port 22 (SSH): Did you change the default passwords for the users "root" and "projop"? Do you regularly change passwords?
Port 80 (HTTP): Is your port 80 accessible, allowing users to connect to the server without encryption? This may be suitable in protected small company networks, but is not suitable for larger organizations or the Internet because authentication tokens (and during login also your password) are sent in clear text over "the wire".
Port 443 (HTTPS): Do you have a valid certificate in place?
Port 2401 (PostgreSQL): Is PostgreSQL accessible from the outside (disabled by default)? Does your /var/lib/pgsql/data/pg_hba.conf require passwords in a secure way for incoming TCP connections? (http://www.postgresql.org/docs/8.4/static/auth-pg-hba-conf.html)
Are there any other ports open except for 22, 80, 443, 2401 and 8000? Please run "nmap" on your own server.
Please contact firstname.lastname@example.org for questions and professional services concerning these issues.
Tue, 31 Dec 2013 14:00:38 -0000
]project-open[ is featured amongst the top 10 open source projects 2013 of Opensource.com. The top 10 list also includes Project Libre which is compatible with ]project-open[ and that can be used as a ]po[ Gantt front-end.
Fri, 03 May 2013 12:08:51 -0000
The ]project-open[ team is proud to announce the availability of ]project-open[ V4.0. This is the first major release in 24 month and contains more then 15 new modules. The biggest news however is the bidirectional "round-trip" integration with MS-Project allowing project managers to upload their project schedules and leave the communication and management accounting tasks to ]project-open[.
- List of new modules:
- Download - Installers are available for MS-Windows and CentOS Linux on VMware:
- Support, Enterprise Edition,... :
For questions and suggestions please contact our support team at mailto:email@example.com or reply to this announcement.
Tue, 16 Apr 2013 10:35:21 -0000
Fri, 18 Jan 2013 09:33:49 -0000
After a lot of testing and even more fixing we've just uploaded the first V4.0.3 "Beta" version of the Windows installer. This is the improved version of the last alpha-28 (https://sourceforge.net/p/project-open/discussion/295937/thread/e7a1e4e9/).
Most of the issues listed in the posting above have been fixed, except for:
Please help us to test the Beta and tell us if something goes wrong (or if you successfully run the system).