Project

General

Profile

New Rails vulnerability affects Redmine 1.4.7

Added by Jean-Philippe Lang almost 12 years ago

A new Rails vulnerability (CVE-2013-0333) has been discovered and affects those who are still using Redmine 1.4.7. In order to upgrade to the Rails version that fixes this vulnerability, you can apply the attached patch (redmine-1.4.7.patch) then run `bundle update rails`.

Redmine 2.1.6 and 2.2.2 are not affected by this vulnerability.

redmine-1.4.7.patch (360 Bytes) redmine-1.4.7.patch Jean-Philippe Lang, 2013-01-29 21:56

Comments