Redmine 0.7.3 released

Added by Jean-Philippe Lang over 9 years ago

Yet another bug fix release. See the Changelog for more details.
As Redmine 0.7.3 fixes several XSS vulnerabilities, users are highly encouraged to upgrade to this new release.

No database migration is needed when upgrading from previous 0.7.x versions.
This release is still running with Rails 2.0.2.

It can be downloaded at Rubyforge.


Comments

Added by Jean-Philippe Lang over 9 years ago

The vulnerability report at JVN: http://jvn.jp/en/jp/JVN00945448/index.html

Added by Mark Gallop over 9 years ago

Jean-Philippe,

Can you please indicate which commit fixes the XSS vulnerabilities? I would like to apply the changes to an custom version of Redmine.

Cheers,
Mark

Added by Jean-Philippe Lang over 9 years ago

See r1612.