Redmine 2.2.1, 2.1.6 and 1.4.6 security releases

Added by Jean-Philippe Lang about 12 years ago

Several security vulnerabilities have been discovered in Ruby on Rails lately (read the announcement) and are fixed in all of these new Redmine releases. These vulnerabilities are considered critical, so upgrading as soon as possible is highly recommended.

These new releases are available at Rubyforge.

Comments

Added by Deoren Moor about 12 years ago

Thanks!

Added by Marcello Lussana about 12 years ago

Thanks!
How can I get Info about this kind of release? Is there a newsletter or an Issue to follow?

Best

Added by Anonymous about 12 years ago

http://www.redmine.org/projects/redmine/news at the bottom of the page click "atom" =)

Added by Denial Dester about 12 years ago

Thank you!

What about redmine version 2.0.4 ?
Does it vulnerable too?
Thanks.

Added by Jakob Skjerning about 12 years ago

Denial Dester, yes. All versions prior to the ones just released are vulnerable.

Added by Lukas Elmer about 12 years ago

Great response time, very nice, thanks!

Added by Dietmar H about 12 years ago

Can you tell me if this vulnerability is relevant for me if access to Redmine is restricted to registered users (no autonomous registration possible) and if this users are trusted?

Added by Jean-Philippe Lang about 12 years ago

As far as I know, it should be OK for you if untrusted users have access to the login form only. Upgrading is still the best option.

Added by Dietmar H about 12 years ago

ok, thx

Added by Anonymous about 12 years ago

Thank you for your fast response time and your software - update worked fine

Project

General

Profile

Redmine