Redmine

Redmine 1.4.7 fixes a Ruby on Rails vulnerability (CVE-2013-0155) that was not fixed in Rails 2.3.15 and Redmine 1.4.6. It is strongly recommended for 1.4.x users to upgrade to this new release. This vulnerability was already fixed in Redmine 2.1.6 and Redmine 2.2.1.

Now that Rails 2.3 is no longer supported by the Rails core team and that security fixes are not guaranteed for this unsupported Rails version, Redmine 1.4.7 is the last 1.4.x release.