Redmine 0.8.7 security release
This release adds protection against potential CSRF attacks.
Migration is done as usual but you need to generate a secret before restarting the application.
From your Redmine directory, simply run the following command once:
rake config/initializers/session_store.rb
This release fixes a few bugs as well.
Download 0.8.7.
If you are not able to upgrade to 0.8.7 but want a fix for this security issue, you can install the following plugin from Eric Davis:
http://github.com/edavis10/redmine_security_4216 (Redmine 0.8.x required)
点赞0
评论
Trunk was fixed as well in r3051.
I wanted to give credit to p0deje for disclosing this problem to the maintainers through the proper channels. If anyone notices a potential security issue, please report it to us via email at: security AT redmine DOT org.
由 Ammer Henrik 在 大约 15 年 之前添加
I want to give credit to the developers. Having been a Trac user where almost nothing happens when you add a ticket to come to this product with great developers eager to fix bugs and add new features constantly is such a difference.
Keep up your really great work people!
Good work, people!
由 Ltda. Bionexo 在 大约 15 年 之前添加
We’re totaly happy with this solution. Redmine simplify our work, control and have works fine with our Scrum process.
Thanks a lot for all!
由 spaeth ulf 在 大约 15 年 之前添加
I am not able to update with the patch.