Redmine 0.8.4 security/bug fix released

Added by Jean-Philippe Lang over 9 years ago

Redmine 0.8.4 fixes a vulnerability related to the 'autologin' feature. This vulnerability may affect people using Redmine with Phusion Passenger (a.k.a. mod_rails/mod_rack) and thus, upgrading is highly recommended. If you're not able to upgrade, you should disable the 'autologin' feature.

This release also fixes a memory consumption on big files upload.

As previous 0.8.x releases, it's still running with Rails 2.1.2.
You can see the list of changes in the Changelog and download this release at Rubyforge.


Comments

Added by Kenn Wilson over 9 years ago

Just a note that, as of about 13 hours after this was posted, 0.8.4 has not yet been tagged Could you please remember to tag these releases for those of us who install/update Redmine via svn checkout/svn switch?

Thanks!

Added by Rachel Me over 9 years ago

+1 Just saw this announcement and was about to use svn to switch but am unable to.

Added by Jean-Philippe Lang over 9 years ago

Tag is added

Added by Kenn Wilson over 9 years ago

Great, thank you!

Added by billy chou over 9 years ago

Nice work!
Keep going, thanks!

Added by Dmitry LZ over 9 years ago

TNX!

Added by der Spinner over 9 years ago

Спасибо!

Added by Vimal George over 9 years ago

Thanks for the tip. Updated to 0.8.4.

Added by Emilio González Montaña over 9 years ago

What's happenning with Redmine?, there is no releases from May, and the closed issues of version 0.8.5 and 0.9 are more or less the same.

Is this a summer problem?, or is there any important problem beyond?.

Added by Richard Bacon over 9 years ago

I'm also interested in the status of this project as it looks ideal for my purposes. Can anyone fill me in?

Added by Emilio González Montaña over 9 years ago

Still no answer... please send us a keep alive ;)