Redmine 4.2.2 and 4.1.4 released (security fixes)

Added by Marius BALTEANU about 1 month ago

These 2 maintenance releases are available for download, you can review the changes in the Changelog.

Security: these 2 releases include an update to Ruby on Rails 5.2.6 version that fixes multiple vulnerability issues. Version 4.2.2 includes a fix for a low severity issue found in the 2FA feature, so upgrading as soon as possible is recommanded.
You can get more details in Security Advisories.

Many thanks to Felix Schäfer and Holger Just for reporting and fixing this security issue!


Comments

Added by Hirofumi Kadoya about 1 month ago

thanks!

Added by Holger Just about 1 month ago

Thank you for this release!

As always when there are security fixes, we have updated the Redmine Security Scanner. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.

Added by Michael Diederich about 1 month ago

@Holger Just: The scanner says i use 4.2.2 but I don't. Maybe you can check this?

Added by Holger Just about 1 month ago

@Michael Diederich: We use various heuristics to try to detect your current Redmine version as accurately as possible. If there are custom patches to your Redmine (e.g. if you have manually backported some fixes from newer versions), this can sometimes throw of the scanner. We would love to further investigate this. Please get in touch at https://plan.io/contact with more details about your installation.

Added by Fletcher Johnston about 1 month ago

Thanks for all the hard work!