2.3.10
Security:
- Fixed SQL injection issue in project object class
- Fixed XSS issues with select users and select projects widgets
- Upgrade script steps can't be triggered without logging in as administrator
Thanks to http://www.stratsec.net/ for the report.
Bug Fixes:
- Project filter and group options could not be applied both at the same time
- In project exporter corrected ticket ID numbers, links to tasks, added time records from tasks to tickets and checklists
- Fixed missing project grouping options for some users having admin role
Enhancements:
- Backup restore instructions switched from a PHP file with a comment to a text file
- Updated the list of file types whose source can be displayed
