Redmine 4.2.4 and 4.1.6 released (security fix)

Added by Marius BALTEANU 3 months ago

Redmine 4.1.6 and 4.2.4 have been released and are available for download[1], you can review the changes in the Changelog.

Security: these 2 releases include an update to the latest Ruby on Rails 5.2.* version that fixes CVE-2022-23633.

Thanks to all the contributors who worked on these releases.

1 These releases are not available yet on the releases page from a technical reason, we are sorry for this and we expect to have them uploaded next week. I'll post here an update after we have them uploaded.


Comments

Added by Erik E 3 months ago

Thanks!

Added by Vincent Robert 3 months ago

Thank you for this release. Really appreciated.

Added by Marius BALTEANU 3 months ago

For the record, I've updated the news to include the following note: "These releases are not available yet on the releases page from a technical reason, we are sorry for this and we expected to have them uploaded next week. I'll post here an update after we have them uploaded."

Added by Holger Just 3 months ago

Thank you Marius for your continued efforts with these releases!

As always when there are security fixes, we have updated the Redmine Security Scanner with the new versions and their included fixes. Feel free to subscribe for a regular scan to get email updates whenever the security status of your Redmine changes.

Added by Marius BALTEANU 3 months ago

The releases are now available in the releases page and the Download page was updated to point to them. Sorry for the inconvenience.