Redmine 0.8.7 security release
This release adds protection against potential CSRF attacks.
Migration is done as usual but you need to generate a secret before restarting the application.
From your Redmine directory, simply run the following command once:
This release fixes a few bugs as well.
If you are not able to upgrade to 0.8.7 but want a fix for this security issue, you can install the following plugin from Eric Davis:
http://github.com/edavis10/redmine_security_4216 (Redmine 0.8.x required)