Defect #12778

Upgrade to Rails 3.2.11

Added by Raphael Kallensee almost 8 years ago. Updated almost 8 years ago.

Status:ClosedStart date:
Priority:UrgentDue date:
Assignee:-% Done:

0%

Category:Rails support
Target version:-
Resolution:Duplicate Affected version:2.2.0

Description

There's a severe vulnerability in all Rails versions. I think it's really important to upgrade Redmine 2.2.0 to Rails 3.2.11 (or push out 2.2.1 soon). I didn't yet check how much Redmine is affected, but the risk seems to be high.

As a quick fix users could upgrade to Rails 3.2.11 manually by changing the version in their Gemfile and do a "bundle update".

An upgrade is also important for the older 2.1.x and 1.4.x versions.

History

#1 Updated by Etienne Massip almost 8 years ago

  • Private changed from No to Yes

#2 Updated by Etienne Massip almost 8 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

#3 Updated by Raphael Kallensee almost 8 years ago

I didn't see any duplicate issue?! But I guess it's there and maybe it's also private?

#4 Updated by Etienne Massip almost 8 years ago

Raphael Kallensee wrote:

I didn't see any duplicate issue?! But I guess it's there and maybe it's also private?

Yes, you guess right =)

The first one has been posted about 15 minutes before by a team member with private flag set, otherwise yours would have been the tracked one.

Thanks for the report anyway!

#5 Updated by Etienne Massip almost 8 years ago

  • Private changed from Yes to No

Also available in: Atom PDF