Redmine 6.0.4, 5.1.7 and 5.0.12 released (security fixes)
We have released new maintenance updates, Redmine 6.0.4, 5.1.7 and 5.0.12.
These 3 maintenance releases are available for download, you can review the changes in the Changelog.
- 2 XSS vulnerabilities
- Project query leaks details of private projects
- /my/account does not correctly enforce sudo mode
- Update Nokogiri to 1.18.3 to address CVE-2025-24928 and CVE-2024-56171
You can review them in Security Advisories.
Beside the security issues, #42245 is now fixed also on 5.1.7.
Thank you to everyone who contributed to the releases and special thanks to Holger Just for handling all these security issues.
Comments