Project

General

Profile

Redmine 4.0.4 and 3.4.11 released (incl. security fix)

Added by Jean-Philippe Lang over 5 years ago

These 2 maintenance releases are available for download, you can review the changes in the Changelog.

Security: these 2 release include a fix for a persistent XSS vulnerability found in the Redmine Textile formatter. This issue was discovered and reported to the security team by Глеб Будило and fixed by Holger Just on behalf on Planio. People who uses Textile formatting should upgrade as soon as possible. Those who use Markdown or no text formatting are not vulnerable.


Comments

Added by Erik E over 5 years ago

Thanks, especially @ Go MAEDA, you are doing a great job!!

Added by Jan from Planio www.plan.io over 5 years ago

Thanks to everyone involved for the quick turnaround on this security release. We have also just updated Planio Security Scanner with the new versions and vulnerabilities.

Added by Federico Vera over 5 years ago

Thanks! Great job!

Added by Humphries Parker over 5 years ago

Thanks for the new information.

Added by Harmony Chang over 5 years ago

Thanks,This is very helpful for our project management.