Project

General

Profile

Redmine 4.1.1 and 4.0.7 released

Added by Jean-Philippe Lang over 4 years ago

These 2 maintenance releases are available for download, you can review the changes in the Changelog.

Security: these 2 releases include several security fixes, including a fix for a persistent XSS vulnerability in Textile formatting, so upgrading as soon as possible is recommanded.
You can get more details in Security Advisories.

Many thanks to Nakayama Daisuke, Maik Stegemann and Mizuki Ishikawa for reporting these issues to the Redmine security team!

Please note that Redmine 3.x has reached end of life, is not supported any longer and is (as well) vulnerable to these security issues. You should upgrade to Redmine 4 to get security updates.


Comments

Added by Federico Vera over 4 years ago

Amazing work as always! Thanks guys!

Added by Mischa The Evil over 4 years ago

Thanks to the people who have contributed to these releases and to Jean-Philippe for your continued work on maintaining Redmine.

Note: it might be good to communicate (more) explicitly that – given that the fixes for the security issues are not back-ported to the 3.4-stable branch for a 3.4.14 release and that the links to the 3.x releases in Download and Sidebar have been removed – Redmine 3.x[.x] is now EOL, not supported any longer and (as well) vulnerable to known security issues of moderate to high severity.

Added by QWE RTY over 4 years ago

Thanks

Added by Jean-Philippe Lang over 4 years ago

Thanks Mischa.

Added by Scott Macpherson over 4 years ago

I've used Redmine pretty much ever working day for 8 years, and I don't recall ever encountering anything other than minor UI bugs. It goes without saying that after so many years I'd now be completely lost with my Redmine installation.

Great work everyone.

Added by Hirofumi Kadoya over 4 years ago

thanks!

Added by Jan from Planio www.plan.io over 4 years ago

Great news, thanks everyone. With a little delay, we have upgraded the *Redmine Security Scanner*. Everybody who has signed up for free email security notifications will already have received an update.

Added by Wojtek Rojek over 4 years ago

Thanks for the update.
We are using Redmine for 11 years now and with 21000 resolved tickets it still rocking... :)
WR