The release 1.17 was published in January 2022.
This is the last release with support for PHP 7.3 / 7.4.
There have been 10 minor releases between the release 1.16 and this one.
You should use the “watch feature” in the Github repository to be notified ASAP of these updates.
In the meantime 3 new plugins were released:
Translation - translate and/or change the labels of visible UI elements
Invoice - enhanced invoicing features, that should not be part of the core system
Attention before upgrading
This is the last release with support for PHP 7.
If not yet done: please upgrade to PHP 8 soon.
Release 1.15 changed the config structure for LDAP & SAML and also dropped support for PHP 7.2.
Some possible CSRF and XSS attacks were found and patched. Thanks for the disclosure go out to @haxatron and @asura-n and @noobpk.
If you use Kimai in a multi-user environment, you are urged to update as soon as possible.
Thanks to all of you for using and supporting Kimai, especially:
- everyone contributing financially, allowing me to spend so much time with Kimai
- the community for all their input, discussions, feature requests and bug notices
- the developers contributing their knowledge and time
- the translators at Weblate
- the security researcher who privately disclose any issue
Thanks for being part of the Kimai community ❤️
Want to upgrade? Click here to find out how.
This changelist contains all changes between 1.16 and 1.17.
You can find all commits here.
- improve permission handling for quick entry controller #3081
- Invoice events #3079
- Invoice meta fields #3077
- Bugfixes #3078
- shrink prod error messages #3091
- new export template #3082
- Translations update from Hosted Weblate #2951, #3013, #3032, #3048
- weekly hours form: allow to configure the amount of recent activity rows in an empty week #3026
- added comment field to invoice #3045
- improve export permission checks #3027
- new invoice template variables for budgets #3005
- new command to work with translation files #2993
- cleanup duplicate translation ids #3001
- improve translation test #2998
- prevent that lock files will be committed in PRs #2983 and #2992
- allow to delete invoice documents from within kimai #2968
- improve export filename #2958
- include calendar week in week chooser #2933
- bump dependencies #3089
- code improvements #3088
- phpstan improvements #3092
- Import from Kimai v1: This timesheet is already exported #3061
- fix working time widget (dashboard) with “first day of week” = sunday #3047
- Fix projects are not filtered after submit #3016
- Fix invoice budget calculation #3024
- Fix “filter user timesheet” action display #3018
- fix selection of customer/project/activity in multi-step forms #2989
- more csrf protection for invoice and search #2984
- fix invoice create and search #2990
- fix HTML forms (two opening <form> tags) #2972
- fix deleting invoice documents #2980
- CSRF Tokens are not properly refreshed on some form submissions #2947 #2948
- escape data in calendar popover #2960
- make sure that markdown uses safe mode #2961
- improve permission handling in invoice screen #2965
- drop default value to prevent error when server version is not set #2769 #2796 #2943
- Filtering the administrative project list by Visible=Both results in 500 Server Error #2941