Redmine 4.2.2 and 4.1.4 released (security fixes)
Security: these 2 releases include an update to Ruby on Rails 5.2.6 version that fixes multiple vulnerability issues. Version 4.2.2 includes a fix for a low severity issue found in the 2FA feature, so upgrading as soon as possible is recommanded.
You can get more details in Security Advisories.
Many thanks to Felix Schäfer and Holger Just for reporting and fixing this security issue!