Redmine 4.1.2 release date
Added by Joachim Mathes about 3 years ago
Do you already know when Redmine 4.1.2 will be released?
My question arises from two cross site scripting issues which are currently relevant in version 4.1.1:
- Cross-Site-Scripting
- Redmine 4.1.1 contains jQuery 1.11.1
./javascripts/jquery-1.11.1-ui-1.11.0-ujs-3.1.4.js
- fixed in jQuery >= 3.5.0
- Redmine 4.1.1 contains jQuery 1.11.1
- Cross-Site-Scripting
- Redmine 4.1.1 contains jQuery UI 1.11.0
./javascripts/jquery-1.11.1-ui-1.11.0-ujs-3.1.4.js
- fixed in jQuery UI >= 1.12.0
- Redmine 4.1.1 contains jQuery UI 1.11.0
These issues are already fixed in the main branch (#33383), but haven't been released, yet.
Is it possible to cherry-pick certain commits, to fix the XSSs in Redmine 4.1.1?
Kind regards and thanks for your great work
Jo