Redmine 3.2.2 and 3.1.5 released

Added by Jean-Philippe Lang 11 months ago

Redmine 3.2.2 and 3.1.5 are maintenance releases available that fix several issues. They are available for download.

Security: these 2 releases include a fix (r15362) that mitigates a critical vulnerability discovered in ImageMagick recently. You should upgrade as soon as possible if you're not using a fixed version of ImageMagick.

Note 1: those who don't have ImageMagick installed on their Redmine server are not exposed to this vulnerability.

Note 2: if you're not able to upgrade now (to a fixed version of Redmine and/or ImageMagick), you should either uninstall ImageMagick from your Redmine server or set imagemagick_convert_command (in config/configuration.yml) to an invalid path so that the affected convert binary cannot be used by Redmine.


Comments

Added by Deoren Moor 11 months ago

Thanks!

Added by Go MAEDA 11 months ago

Thanks for working on ImageTragick so fast.

Added by Jean-Philippe Lang 11 months ago

Thanks to Jan from Planio who provided the fix.

Added by Jan from Planio www.plan.io 11 months ago

My pleasure! Thank you for releasing it so fast!

Added by Fernando Hartmann 11 months ago

Just for note, 3.2.2 is steal open.

Added by Toshi MARUYAMA 11 months ago

What do you mean "steal open"?

Added by Jean-Philippe Lang 11 months ago

3.2.2 was "still" open here after release, I closed it.

Added by Fernando Hartmann 11 months ago

"steal open" !!
My bad :-(