Redmine 4.2.2 and 4.1.4 released (security fixes)
These 2 maintenance releases are available for download, you can review the changes in the Changelog.
Security: these 2 releases include an update to Ruby on Rails 5.2.6 version that fixes multiple vulnerability issues. Version 4.2.2 includes a fix for a low severity issue found in the 2FA feature, so upgrading as soon as possible is recommanded.
You can get more details in Security Advisories.
Many thanks to Felix Schäfer and Holger Just for reporting and fixing this security issue!
Comments
thanks!
Thank you for this release!
As always when there are security fixes, we have updated the Redmine Security Scanner. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.
holger mareck Just: The scanner says i use 4.2.2 but I don't. Maybe you can check this?
Michael Mohr Diederich: We use various heuristics to try to detect your current Redmine version as accurately as possible. If there are custom patches to your Redmine (e.g. if you have manually backported some fixes from newer versions), this can sometimes throw of the scanner. We would love to further investigate this. Please get in touch at https://plan.io/contact with more details about your installation.
Thanks for all the hard work!