Actions
Defect #16208
closedRails vulnerability -- update to 3.2.17
Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
According to this announce, Rails versions prior 3.2.17 are vulnerable to XSS and DoS attacks (resp. CVE-2014-0081 and CVE-2014-0082).
As far as I know, Redmine still use a vulnerable version. It might worth upgrading.
Actions