Forums » Development »
Query for Redmine vulnerabilities
Added by KUNTAL MONDAL 5 months ago
Hi Redmine Team
Our security team and cone the source code scan for Redmine 5.1.2 .
They have reported below vulnerabilities.
• Code Injection
• Incomplete Regular expressions for hostnames
• SQL query build from user-controlled sources
• Regular expression injection
• Clear text storage of sensitive information
• CSRF projection does not enable
Can you please let us know if there is planning to fix these vulnerabilities in the upcoming releases.
Replies (1)
RE: Query for Redmine vulnerabilities - Added by Holger Just 5 months ago
You can report security vulnerabilities you have found to security(at)redmine.org
. Our security team will have a look and coordinate fixes if required. See Submissions. When reporting vulnerabilities, please be as specific as possible:
- Please include all the minimal information described in Submissions.
- Please describe the issue in sufficient detail to allow us to reproduce it.
- Please ensure that your findings are actual security issues before reporting them. Often, automated scanners produce a large amount of false-positive findings which are not actually security issues.