03e4b477a4
From release announce on 2022-06-21: Redmine 4.2.7 and 5.0.2 have been released and are available for download, you can review the changes in the Changelog. These maintenance releases fixes some important issues and multiple security fixes that were found in the latest Redmine 4.2.* and 5.0.* versions. Security: 1. Updates commonmark gem version to 0.23.4 when Ruby >= 2.6 is used in order to fix a remote code execution vulnerability. Because the fixed version of the gem doesn't support Ruby 2.5, those instances that are using Redmine 5.0.*, Commonmark and Ruby 2.5, it is highly recommended to update Ruby version to at least 2.6 because it's the only way to get the update and the fix. Also, the next major Redmine version (5.1.0) already dropped support for Ruby 2.5 (#37159). 2. Updates jQuery UI to 1.31.1 to fix 3 medium severity XSS vulnerabilities 3. Fixes unauthorised Information Leak in QueryAssociationColumn and QueryAssociationCustomFieldColumn when the user has no permission to view on the associated object Many thanks to Liane Hampe and Felix Schäfer for reporting these security issues and to Holger Just and Felix Schäfer for their work on fixing all these issues.
7 lines
508 B
Text
7 lines
508 B
Text
$NetBSD: distinfo,v 1.10 2022/06/22 15:39:58 taca Exp $
|
|
|
|
BLAKE2s (redmine-4.2.7.tar.gz) = 3e692c8190c896d0f40deb94a709494448622d68a03531323effdc015af0d8ad
|
|
SHA512 (redmine-4.2.7.tar.gz) = 6654aec3981de8b26de416d253c22c91d881dd7df54192ce41e6e99213c6f4b0947ce213fe484c18117f8701d0528ebb23fe3acf335f84638eeddd972b601be9
|
|
Size (redmine-4.2.7.tar.gz) = 3042676 bytes
|
|
SHA1 (patch-Gemfile) = 45289d38e0209c7393c199e5e915afca8f25fb7b
|
|
SHA1 (patch-lib_tasks_initializers.rake) = 73c4594c94abd28e628bbd172565b161f0e54fff
|