Redmine 3.3.10 release (incl. security fix)
A critical security vulnerability has been discovered in Redmine 3.3.x and all prior releases. This vulnerability could be used to read sensitive data from the database. Although the 3.3.x branch was no longer maintained, Redmine 3.3.10 was released today in order to fix this vulnerability. If you are using Redmine <= 3.3.9, you should upgrade as soon as possible (download).
Thank you to Holger Just from www.plan.io for reporting this vulnerability.
Redmine 3.4.x and 4.0.x are not affected by this vulnerability.