Redmine 1.0.5 bug/security fix released

Added by Jean-Philippe Lang almost 4 years ago

Among 11 bug fixes, Redmine 1.0.5 solves the incompatibility with the i18n 0.5.0 gem. The appropriate i18n gem version (0.4.2) is now required, you can install it using:

gem install i18n -v=0.4.2
This release also fixes 3 security issues reported by joernchen of Phenoelit:
  • logged in users may be able to access private data (affected versions: 1.0.x)
  • persistent XSS vulnerability in textile formatter (affected versions: all previous releases)
  • remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x)

All Redmine users are highly recommended to upgrade to this latest release.


Comments

Added by Terence Mill almost 4 years ago

A present right before Christmas. Tx to all contributors!

Added by Thomas Pihl almost 4 years ago

Good job.

Merry Christmas!
BR
Thomas

Added by Deoren Moor almost 4 years ago

Thanks team!