Redmine 3.2.2 and 3.1.5 released
Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for [[download]].
Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you’re not using a fixed version of ImageMagick.
Note 1: those who don’t have ImageMagick installed on their Redmine server are not exposed to this vulnerability.
Note 2: if you’re not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.
点赞0
评论
由 Moor Deoren 在 超过 8 年 之前添加
Thanks!
Thanks for working on ImageTragick so fast.
Thanks to Jan from Planio who provided the fix.
My pleasure! Thank you for releasing it so fast!
由 Hartmann Fernando 在 超过 8 年 之前添加
Just for note, version#116 is steal open.
由 MARUYAMA Toshi 在 超过 8 年 之前添加
What do you mean “steal open”?
3.2.2 was “still” open here after release, I closed it.
由 Hartmann Fernando 在 超过 8 年 之前添加
“steal open” !!
My bad