Redmine 1.0.5 bug/security fix released

Added by Jean-Philippe Lang almost 10 years ago

Among 11 bug fixes, Redmine 1.0.5 solves the incompatibility with the i18n 0.5.0 gem. The appropriate i18n gem version (0.4.2) is now required, you can install it using:

gem install i18n -v=0.4.2
This release also fixes 3 security issues reported by joernchen of Phenoelit:
  • logged in users may be able to access private data (affected versions: 1.0.x)
  • persistent XSS vulnerability in textile formatter (affected versions: all previous releases)
  • remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x)

All Redmine users are highly recommended to upgrade to this latest release.


Comments

Added by Terence Mill almost 10 years ago

A present right before Christmas. Tx to all contributors!

Added by Thomas Pihl almost 10 years ago

Good job.

Merry Christmas!
BR
Thomas

Added by Deoren Moor almost 10 years ago

Thanks team!