Redmine 5.1.4 and 5.0.10 released
Redmine 5.1.4 and 5.0.10 have been released and are now available for download. These are maintenance releases and only include fixes. You can review the list of fixes in the Changelog.
These releases include an important change to watcher permissions. The watchers list in the sidebar is now available only to users with the "View watchers list" permission. Previously, users with just the "Add watchers" permission could see the list, which was a potential data leak. Ruby on Rails has been updated to 6.1.7.10 (#41489), addressing 4 possible ReDoS (Regular expression Denial of Service), more details can be found here
Thanks to everyone who contributed to these releases.
Comments
Thank you for the release and to all contributors that made this possible!
As usual when there are security-related updates in a Redmine release, we have updated the Redmine Security Scanner with these new versions. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.