Redmine 4.2.2 and 4.1.4 released (security fixes)

Added by Marius BĂLTEANU over 2 years ago

These 2 maintenance releases are available for download, you can review the changes in the Changelog.

Security: these 2 releases include an update to Ruby on Rails 5.2.6 version that fixes multiple vulnerability issues. Version 4.2.2 includes a fix for a low severity issue found in the 2FA feature, so upgrading as soon as possible is recommanded.
You can get more details in Security Advisories.

Many thanks to Felix Schäfer and Holger Just for reporting and fixing this security issue!


Added by Hirofumi Kadoya over 2 years ago


Added by Holger Just over 2 years ago

Thank you for this release!

As always when there are security fixes, we have updated the Redmine Security Scanner. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.

Added by Michael Diederich over 2 years ago

holger mareck Just: The scanner says i use 4.2.2 but I don't. Maybe you can check this?

Added by Holger Just over 2 years ago

Michael Mohr Diederich: We use various heuristics to try to detect your current Redmine version as accurately as possible. If there are custom patches to your Redmine (e.g. if you have manually backported some fixes from newer versions), this can sometimes throw of the scanner. We would love to further investigate this. Please get in touch at with more details about your installation.

Added by Fletcher Johnston over 2 years ago

Thanks for all the hard work!