Redmine 3.2.2 and 3.1.5 released

Added by Jean-Philippe Lang about 1 year ago

Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.

Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.

Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.

Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.


Comments

Added by Deoren Moor about 1 year ago

Thanks!

Added by Go MAEDA about 1 year ago

Thanks for working on ImageTragick so fast.

Added by Jean-Philippe Lang about 1 year ago

Thanks to Jan from Planio who provided the fix.

Added by Jan from Planio www.plan.io about 1 year ago

My pleasure! Thank you for releasing it so fast!

Added by Fernando Hartmann about 1 year ago

Just for note, 3.2.2 is steal open.

Added by Toshi MARUYAMA about 1 year ago

What do you mean "steal open"?

Added by Jean-Philippe Lang about 1 year ago

3.2.2 was "still" open here after release, I closed it.

Added by Fernando Hartmann about 1 year ago

"steal open" !!
My bad :-(