Defect #43249: Update REXML gem to version 3.4.2 due to security vulnerability (CVE-2025-58767) - Redmine

Actions

Copy link

Defect #43249

closed

Update REXML gem to version 3.4.2 due to security vulnerability (CVE-2025-58767)

Added by Kilian GOËTZ about 1 month ago. Updated 10 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Gems support

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Invalid

Affected version:

6.0.7

Description

Greetings,

According to a security advisory from CERT-XMCO, the REXML gem is affected by a security vulnerability referenced as CVE-2025-58767. It is strongly recommended to update the REXML gem to version 3.4.2 in order to address this issue and ensure the security of the application.

Currently, Redmine 6.1.0 is using REXML version 3.3.9.

Reference: https://www.cve.org/CVERecord?id=CVE-2025-58767

Thank you for your time and consideration of this request.
Kind regards, Beladric

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #43249

Update REXML gem to version 3.4.2 due to security vulnerability (CVE-2025-58767)

Updated by Pavel Rosický about 1 month ago

Updated by Kilian GOËTZ about 1 month ago

Updated by Marius BĂLTEANU 10 days ago