Redmine 4.2.6 and 5.0.1 released

Added by Marius BĂLTEANU almost 2 years ago

Redmine 4.2.6 and 5.0.1 have been released and are available for download, you can review the changes in the Changelog.

These maintenance releases address some important issues that were found in the latest Redmine 4.2.5 and 5.0.0 releases.

Security: these releases include two security fixes:

an update to the latest Ruby on Rails 5.2.8 for 4.2.6 and Rails 6.1.6 for 5.0.1 that fixes CVE-2022-22577 and CVS-2022-27777.
an update to nokogiri gem that fixes another 2 CVEs: CVE-2021-41098 and CVE-2021-30560

Thanks to A Fora for reporting the nokogiri security issues and all the contributors who worked on these releases!

Comments

Added by Erik E almost 2 years ago

Thanks!

Added by Holger Just almost 2 years ago

Thank you Marius and all other contributors!

As always when there are security fixes in a release, we have updated the Redmine Security Scanner with the new versions and their included fixes. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.

Added by Darksidds Darksidds almost 2 years ago

Thanks!

Added by Hirofumi Kadoya almost 2 years ago

Thanks!

Project

General

Profile

Redmine