Redmine 4.2.2 and 4.1.4 released (security fixes)
These 2 maintenance releases are available for [[download]], you can review the changes in the [[Changelog]].
Security: these 2 releases include an update to Ruby on Rails 5.2.6 version that fixes multiple vulnerability issues. Version version:4.2.2 includes a fix for a low severity issue found in the 2FA feature, so upgrading as soon as possible is recommanded.
You can get more details in [[Security Advisories]].
Many thanks to Felix Schäfer and Holger Just for reporting and fixing this security issue!
点赞0
评论
由 Kadoya Hirofumi 在 超过 3 年 之前添加
thanks!
Thank you for this release!
As always when there are security fixes, we have updated the Redmine Security Scanner. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.
@Holger Just: The scanner says i use 4.2.2 but I don’t. Maybe you can check this?
@Lin Michael Diederich: We use various heuristics to try to detect your current Redmine version as accurately as possible. If there are custom patches to your Redmine (e.g. if you have manually backported some fixes from newer versions), this can sometimes throw of the scanner. We would love to further investigate this. Please get in touch at https://plan.io/contact with more details about your installation.
由 Johnston Fletcher 在 超过 3 年 之前添加
Thanks for all the hard work!