Redmine 4.1.1 and 4.0.7 released
These 2 maintenance releases are available for [[download]], you can review the changes in the [[Changelog]].
Security: these 2 releases include several security fixes, including a fix for a persistent XSS vulnerability in Textile formatting, so upgrading as soon as possible is recommanded.
You can get more details in [[Security Advisories]].
Many thanks to Nakayama Daisuke, Maik Stegemann and Mizuki Ishikawa for reporting these issues to the Redmine security team!
Please note that Redmine 3.x has reached end of life, is not supported any longer and is (as well) vulnerable to these security issues. You should upgrade to Redmine 4 to get security updates.
点赞0
评论
由 Vera Federico 在 超过 4 年 之前添加
Amazing work as always! Thanks guys!
Thanks to the people who have contributed to these releases and to Jean-Philippe for your continued work on maintaining Redmine.
Note: it might be good to communicate (more) explicitly that – given that the fixes for the security issues are not back-ported to the 3.4-stable branch for a 3.4.14 release and that the links to the 3.x releases in [[Download]] and [[Sidebar]] have been removed – Redmine 3.x[.x] is now EOL, not supported any longer and (as well) vulnerable to known security issues of moderate to high severity.
由 RTY QWE 在 超过 4 年 之前添加
Thanks
Thanks Mischa.
由 Macpherson Scott 在 超过 4 年 之前添加
I’ve used Redmine pretty much ever working day for 8 years, and I don’t recall ever encountering anything other than minor UI bugs. It goes without saying that after so many years I’d now be completely lost with my Redmine installation.
Great work everyone.
由 Kadoya Hirofumi 在 超过 4 年 之前添加
thanks!
Great news, thanks everyone. With a little delay, we have upgraded the *Redmine Security Scanner*. Everybody who has signed up for free email security notifications will already have received an update.
由 Rojek Wojtek 在 超过 4 年 之前添加
Thanks for the update.
We are using Redmine for 11 years now and with 21000 resolved tickets it still rocking...
WR