Project

General

Profile

Actions

Defect #16208

closed

Rails vulnerability -- update to 3.2.17

Added by Guillaume Perréal almost 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

According to this announce, Rails versions prior 3.2.17 are vulnerable to XSS and DoS attacks (resp. CVE-2014-0081 and CVE-2014-0082).

As far as I know, Redmine still use a vulnerable version. It might worth upgrading.

Actions #1

Updated by Toshi MARUYAMA almost 11 years ago

  • Status changed from New to Closed

2.4.4 and 2.5.0 was released yesterday.

Actions

Also available in: Atom PDF