Rails vulnerability -- update to 3.2.17
According to this announce, Rails versions prior 3.2.17 are vulnerable to XSS and DoS attacks (resp. CVE-2014-0081 and CVE-2014-0082).
As far as I know, Redmine still use a vulnerable version. It might worth upgrading.