Project

General

Profile

Redmine 5.1.4 and 5.0.10 released

Added by Marius BÄ‚LTEANU about 2 months ago

Redmine 5.1.4 and 5.0.10 have been released and are now available for download. These are maintenance releases and only include fixes. You can review the list of fixes in the Changelog.

These releases include an important change to watcher permissions. The watchers list in the sidebar is now available only to users with the "View watchers list" permission. Previously, users with just the "Add watchers" permission could see the list, which was a potential data leak. Ruby on Rails has been updated to 6.1.7.10 (#41489), addressing 4 possible ReDoS (Regular expression Denial of Service), more details can be found here

Thanks to everyone who contributed to these releases.


Comments

Added by Holger Just about 2 months ago

Thank you for the release and to all contributors that made this possible!

As usual when there are security-related updates in a Redmine release, we have updated the Redmine Security Scanner with these new versions. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.