Redmine 4.1.1 and 4.0.7 released

Added by Jean-Philippe Lang almost 3 years ago

These 2 maintenance releases are available for download, you can review the changes in the Changelog.

Security: these 2 releases include several security fixes, including a fix for a persistent XSS vulnerability in Textile formatting, so upgrading as soon as possible is recommanded.
You can get more details in Security Advisories.

Many thanks to Nakayama Daisuke, Maik Stegemann and Mizuki Ishikawa for reporting these issues to the Redmine security team!

Please note that Redmine 3.x has reached end of life, is not supported any longer and is (as well) vulnerable to these security issues. You should upgrade to Redmine 4 to get security updates.


Added by Federico Vera almost 3 years ago

Amazing work as always! Thanks guys!

Added by Mischa The Evil almost 3 years ago

Thanks to the people who have contributed to these releases and to Jean-Philippe for your continued work on maintaining Redmine.

Note: it might be good to communicate (more) explicitly that – given that the fixes for the security issues are not back-ported to the 3.4-stable branch for a 3.4.14 release and that the links to the 3.x releases in Download and Sidebar have been removed – Redmine 3.x[.x] is now EOL, not supported any longer and (as well) vulnerable to known security issues of moderate to high severity.

Added by QWE RTY almost 3 years ago


Added by Jean-Philippe Lang almost 3 years ago

Thanks Mischa.

Added by Scott Macpherson almost 3 years ago

I've used Redmine pretty much ever working day for 8 years, and I don't recall ever encountering anything other than minor UI bugs. It goes without saying that after so many years I'd now be completely lost with my Redmine installation.

Great work everyone.

Added by Hirofumi Kadoya almost 3 years ago


Added by Jan from Planio almost 3 years ago

Great news, thanks everyone. With a little delay, we have upgraded the *Redmine Security Scanner*. Everybody who has signed up for free email security notifications will already have received an update.

Added by Wojtek Rojek almost 3 years ago

Thanks for the update.
We are using Redmine for 11 years now and with 21000 resolved tickets it still rocking... :)