Redmine 2.2.1, 2.1.6 and 1.4.6 security releases
Several security vulnerabilities have been discovered in Ruby on Rails lately (read the announcement) and are fixed in all of these new Redmine releases. These vulnerabilities are considered critical, so upgrading as soon as possible is highly recommended.
These new releases are available at Rubyforge.
点赞0
评论
由 Moor Deoren 在 超过 12 年 之前添加
Thanks!
由 Lussana Marcello 在 超过 12 年 之前添加
Thanks!
How can I get Info about this kind of release? Is there a newsletter or an Issue to follow?
Best
由 Anonymous Anonymous 在 超过 12 年 之前添加
http://www.redmine.org/projects/redmine/news at the bottom of the page click “atom”
由 Dester Denial 在 超过 12 年 之前添加
Thank you!
What about redmine version 2.0.4 ?
Does it vulnerable too?
Thanks.
Denial Dester, yes. All versions prior to the ones just released are vulnerable.
Great response time, very nice, thanks!
由 H Dietmar 在 超过 12 年 之前添加
Can you tell me if this vulnerability is relevant for me if access to Redmine is restricted to registered users (no autonomous registration possible) and if this users are trusted?
As far as I know, it should be OK for you if untrusted users have access to the login form only. Upgrading is still the best option.
由 H Dietmar 在 超过 12 年 之前添加
ok, thx
由 Anonymous Anonymous 在 超过 12 年 之前添加
Thank you for your fast response time and your software - update worked fine