Defect #43249: Update REXML gem to version 3.4.2 due to security vulnerability (CVE-2025-58767) - Redmine

Actions

Copy link

Defect #43249

open

Update REXML gem to version 3.4.2 due to security vulnerability (CVE-2025-58767)

Added by Kilian GOËTZ 2 days ago. Updated 1 day ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Gems support

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Affected version:

6.0.7

Description

Greetings,

According to a security advisory from CERT-XMCO, the REXML gem is affected by a security vulnerability referenced as CVE-2025-58767. It is strongly recommended to update the REXML gem to version 3.4.2 in order to address this issue and ensure the security of the application.

Currently, Redmine 6.1.0 is using REXML version 3.3.9.

Reference: https://www.cve.org/CVERecord?id=CVE-2025-58767

Thank you for your time and consideration of this request.
Kind regards, Beladric

History
Notes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #43249

Update REXML gem to version 3.4.2 due to security vulnerability (CVE-2025-58767)

Updated by Pavel Rosický 2 days ago

Updated by Kilian GOËTZ 1 day ago