项目

一般

简介

Redmine 3.4.3, 3.3.5 and 3.2.8 released

Lang Jean-Philippe大约 7 年 之前添加

These 3 new maintenance release are available for [[download]].
You can review the changes in the [[Changelog]].

Security: All of these releases include a fix for multiple XSS vulnerabilities. Thanks to Andi Fink and Holger Just who reported them to the Redmine team.


评论

Evil Mischa大约 7 年 之前添加

Thanks to all who were involved in preparing these releases...

As a side note to this release news the following:

It has come to the attention that the version#117 release didn’t include the fixes for the security issues (which were not related to the XSS vulnerabilities fixed in the latest [3.4.3, 3.3.5 and 3.2.8] releases) due to the fact that the related revisions were accidentally not merged into the 3.1-stable branch. This means that Redmine versions version#117 and version#120 remained/remains susceptible for 'persistent XSS vulnerabilities in text formatting (Textile and Markdown) and the project homepage’.

This is only affecting version#117 and subsequent version#120 releases, version#118 and any subsequent releases did include the fixes as they were supposed to.
Now that the 3.1-stable branch is EOL’d for a while now and later vulnerabilities have been found and not fixed in this branch, it is decided not to push another 3.1.x release.

It is advised to upgrade any 3.1.x (or earlier) instance to a safe and supported Redmine release ASAP. The currently supported release-branches are 3.2-stable (3.2.8), 3.3-stable (3.3.5) and the latest 3.4-stable (3.4.3).

Limousine Sapphire大约 7 年 之前添加

Thank you Admin and all who contributed

点赞0