Now
MAIN commitmail json YAML
pkgsrc/devel/ruby-redmine42/Makefile@1.11
/
diff
pkgsrc/devel/ruby-redmine42/PLIST@1.3 / diff
pkgsrc/devel/ruby-redmine42/distinfo@1.10 / diff
pkgsrc/devel/ruby-redmine42/PLIST@1.3 / diff
pkgsrc/devel/ruby-redmine42/distinfo@1.10 / diff
devel/ruby-redmin42: update to 4.2.7
From release announce on 2022-06-21:
Redmine 4.2.7 and 5.0.2 have been released and are available for download,
you can review the changes in the Changelog.
These maintenance releases fixes some important issues and multiple security
fixes that were found in the latest Redmine 4.2.* and 5.0.* versions.
Security:
1. Updates commonmark gem version to 0.23.4 when Ruby >= 2.6 is used in
order to fix a remote code execution vulnerability. Because the fixed
version of the gem doesn't support Ruby 2.5, those instances that are
using Redmine 5.0.*, Commonmark and Ruby 2.5, it is highly recommended to
update Ruby version to at least 2.6 because it's the only way to get the
update and the fix. Also, the next major Redmine version (5.1.0) already
dropped support for Ruby 2.5 (#37159).
2. Updates jQuery UI to 1.31.1 to fix 3 medium severity XSS vulnerabilities
3. Fixes unauthorised Information Leak in QueryAssociationColumn and
QueryAssociationCustomFieldColumn when the user has no permission to view
on the associated object
Many thanks to Liane Hampe and Felix Sch辰fer for reporting these security
issues and to Holger Just and Felix Sch辰fer for their work on fixing all
these issues.
From release announce on 2022-06-21:
Redmine 4.2.7 and 5.0.2 have been released and are available for download,
you can review the changes in the Changelog.
These maintenance releases fixes some important issues and multiple security
fixes that were found in the latest Redmine 4.2.* and 5.0.* versions.
Security:
1. Updates commonmark gem version to 0.23.4 when Ruby >= 2.6 is used in
order to fix a remote code execution vulnerability. Because the fixed
version of the gem doesn't support Ruby 2.5, those instances that are
using Redmine 5.0.*, Commonmark and Ruby 2.5, it is highly recommended to
update Ruby version to at least 2.6 because it's the only way to get the
update and the fix. Also, the next major Redmine version (5.1.0) already
dropped support for Ruby 2.5 (#37159).
2. Updates jQuery UI to 1.31.1 to fix 3 medium severity XSS vulnerabilities
3. Fixes unauthorised Information Leak in QueryAssociationColumn and
QueryAssociationCustomFieldColumn when the user has no permission to view
on the associated object
Many thanks to Liane Hampe and Felix Sch辰fer for reporting these security
issues and to Holger Just and Felix Sch辰fer for their work on fixing all
these issues.