New Rails vulnerability affects Redmine 1.4.7

Added by Jean-Philippe Lang about 11 years ago

A new Rails vulnerability (CVE-2013-0333) has been discovered and affects those who are still using Redmine 1.4.7. In order to upgrade to the Rails version that fixes this vulnerability, you can apply the attached patch (redmine-1.4.7.patch) then run `bundle update rails`.

Redmine 2.1.6 and 2.2.2 are not affected by this vulnerability.

redmine-1.4.7.patch (360 Bytes) redmine-1.4.7.patch

Jean-Philippe Lang, 2013-01-29 21:56

Project

General

Profile

Redmine

New Rails vulnerability affects Redmine 1.4.7

Comments