Redmine 4.1.1 and 4.0.7 released
These 2 maintenance releases are available for download, you can review the changes in the Changelog.
Security: these 2 releases include several security fixes, including a fix for a persistent XSS vulnerability in Textile formatting, so upgrading as soon as possible is recommanded.
You can get more details in Security Advisories.
Many thanks to Nakayama Daisuke, Maik Stegemann and Mizuki Ishikawa for reporting these issues to the Redmine security team!
Please note that Redmine 3.x has reached end of life, is not supported any longer and is (as well) vulnerable to these security issues. You should upgrade to Redmine 4 to get security updates.
Comments
Amazing work as always! Thanks guys!
Thanks to the people who have contributed to these releases and to Jean-Philippe for your continued work on maintaining Redmine.
Note: it might be good to communicate (more) explicitly that – given that the fixes for the security issues are not back-ported to the 3.4-stable branch for a 3.4.14 release and that the links to the 3.x releases in Download and Sidebar have been removed – Redmine 3.x[.x] is now EOL, not supported any longer and (as well) vulnerable to known security issues of moderate to high severity.
Thanks
Thanks Mischa.
I've used Redmine pretty much ever working day for 8 years, and I don't recall ever encountering anything other than minor UI bugs. It goes without saying that after so many years I'd now be completely lost with my Redmine installation.
Great work everyone.
thanks!
Great news, thanks everyone. With a little delay, we have upgraded the *Redmine Security Scanner*. Everybody who has signed up for free email security notifications will already have received an update.
Thanks for the update.
We are using Redmine for 11 years now and with 21000 resolved tickets it still rocking... :)
WR