New Rails vulnerability affects Redmine 1.4.7

Added by Jean-Philippe Lang almost 2 years ago

A new Rails vulnerability (CVE-2013-0333) has been discovered and affects those who are still using Redmine 1.4.7. In order to upgrade to the Rails version that fixes this vulnerability, you can apply the attached patch (redmine-1.4.7.patch) then run `bundle update rails`.

Redmine 2.1.6 and 2.2.2 are not affected by this vulnerability.

redmine-1.4.7.patch Magnifier (360 Bytes) Jean-Philippe Lang, 2013-01-29 21:56


Comments