Upgrade to Rails 3.2.11
There's a severe vulnerability in all Rails versions. I think it's really important to upgrade Redmine 2.2.0 to Rails 3.2.11 (or push out 2.2.1 soon). I didn't yet check how much Redmine is affected, but the risk seems to be high.
As a quick fix users could upgrade to Rails 3.2.11 manually by changing the version in their Gemfile and do a "bundle update".
An upgrade is also important for the older 2.1.x and 1.4.x versions.
#4 Updated by Etienne Massip almost 8 years ago
Raphael Kallensee wrote:
I didn't see any duplicate issue?! But I guess it's there and maybe it's also private?
Yes, you guess right =)
The first one has been posted about 15 minutes before by a team member with private flag set, otherwise yours would have been the tracked one.
Thanks for the report anyway!