Redmine 4.2.9 and 5.0.4 released
Redmine 4.2.9 and 5.0.4 have been released and are available for download, you can review the changes in the Changelog.
These new versions contain 4 important security fixes, including an access control issue introduced in Redmine 5.0 that allows an unauthenticated user to download all attachments associated with a WikiContentVersion, so upgrading as soon as possible is highly recommended. You can review the Security_Advisories for more information.
Many thanks to all contributors that worked on the fixes and to Robert Dick, Frans Rosén, Noriko Totsuka from JPCERT/CC, Shiga Takuma of BroadBand Security, Inc. and Holger Just for reporting the security issues!
Comments
Thank you to all contributors that made this release possible and especially to you, Marius, for tackling this!
As always when there are security-related updates in a Redmine release, we have updated the Redmine Security Scanner to fully recognize the new versions. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.
Thanks guys! congratulations on another job well done!