Redmine 4.0.4 and 3.4.11 released (incl. security fix)
These 2 maintenance releases are available for [[download]], you can review the changes in the [[Changelog]].
Security: these 2 release include a fix for a persistent XSS vulnerability found in the Redmine Textile formatter. This issue was discovered and reported to the security team by Глеб Будило and fixed by Holger Just on behalf on Planio. People who uses Textile formatting should upgrade as soon as possible. Those who use Markdown or no text formatting are not vulnerable.
点赞0
评论
由 E Erik 在 超过 5 年 之前添加
Thanks, especially @ Go MAEDA, you are doing a great job!!
Thanks to everyone involved for the quick turnaround on this security release. We have also just updated Planio Security Scanner with the new versions and vulnerabilities.
由 Vera Federico 在 超过 5 年 之前添加
Thanks! Great job!
由 Parker Humphries 在 超过 5 年 之前添加
Thanks for the new information.
由 Chang Harmony 在 超过 5 年 之前添加
Thanks,This is very helpful for our project management.