Redmine 3.2.2 and 3.1.5 released
Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.
Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.
Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.
Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.
Comments
Thanks!
Thanks for working on ImageTragick so fast.
Thanks to Jan from Planio who provided the fix.
My pleasure! Thank you for releasing it so fast!
Just for note, 3.2.2 is steal open.
What do you mean "steal open"?
3.2.2 was "still" open here after release, I closed it.
"steal open" !!
My bad :-(