Security Advisories » History » Version 4

« Previous - Version 4/38 (diff) - Next » - Current version
Jean-Philippe Lang, 2012-03-13 11:55

Redmine Security Advisories

This page lists the security vulnerabilities that were fixed in Redmine releases, starting from 1.3.0. If you think that you've found a security vulnerability, please report it by sending an email to: security(at)

Severity Details Affected versions
Fixed in Redmine 1.3.2
High Persistent XSS vulnerability (JVN#93406632) All prior releases
Moderate Mass-assignemnt vulnerability that would allow an attacker to bypass part of the security checks All prior releases
Fixed in Redmine 1.3.0
High Vulnerability that would allow an attacker to bypass the CSRF protection All prior releases