Redmine 3.2.2 and 3.1.5 released

Added by Jean-Philippe Lang over 1 year ago

Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.

Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.

Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.

Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.


Comments

Added by Deoren Moor over 1 year ago

Thanks!

Added by Go MAEDA over 1 year ago

Thanks for working on ImageTragick so fast.

Added by Jean-Philippe Lang over 1 year ago

Thanks to Jan from Planio who provided the fix.

Added by Jan from Planio www.plan.io over 1 year ago

My pleasure! Thank you for releasing it so fast!

Added by Fernando Hartmann over 1 year ago

Just for note, 3.2.2 is steal open.

Added by Toshi MARUYAMA over 1 year ago

What do you mean "steal open"?

Added by Jean-Philippe Lang over 1 year ago

3.2.2 was "still" open here after release, I closed it.

Added by Fernando Hartmann over 1 year ago

"steal open" !!
My bad :-(