Redmine 4.2.9 and 5.0.4 released
Redmine version:“4.2.9” and version:“5.0.4” have been released and are available for [[download]], you can review the changes in the [[Changelog]].
These new versions contain 4 important security fixes, including an access control issue introduced in Redmine 5.0 that allows an unauthenticated user to download all attachments associated with a WikiContentVersion, so upgrading as soon as possible is highly recommended. You can review the [[Security_Advisories]] for more information.
Many thanks to all contributors that worked on the fixes and to Robert Dick, Frans Rosén, Noriko Totsuka from JPCERT/CC, Shiga Takuma of BroadBand Security, Inc. and Holger Just for reporting the security issues!
点赞0
评论
Thank you to all contributors that made this release possible and especially to you, Marius, for tackling this!
As always when there are security-related updates in a Redmine release, we have updated the Redmine Security Scanner to fully recognize the new versions. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.
由 Vera Federico 在 将近 2 年 之前添加
Thanks guys! congratulations on another job well done!