Redmine 1.0.5 bug/security fix released
Among 11 bug fixes, Redmine 1.0.5 solves the incompatibility with the i18n 0.5.0 gem. The appropriate i18n gem version (0.4.2) is now required, you can install it using:
gem install i18n -v=0.4.2This release also fixes 3 security issues reported by joernchen of Phenoelit:
- logged in users may be able to access private data (affected versions: 1.0.x)
- persistent XSS vulnerability in textile formatter (affected versions: all previous releases)
- remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x)
All Redmine users are highly recommended to upgrade to this latest release.