Redmine 4.2.9 and 5.0.4 haverelease.Redmine is a free and open source software tool for project management and defect tracking management system with web interface. It integrates all the functions needed for project management: calendar, burndown chart and Gantt chart to help visualize projects and time constraints, issue tracking and version control. In addition, Redmine can also handle multiple projects at the same time.

This update contains 4 important security fixes, including the access control issue introduced in Redmine 5.0, allowing unauthenticated users to download all attachments associated with WikiContentVersion, so the official strongly recommends upgrading as soon as possible.can view Security_Advisories for more information.

download link:https://www.redmine.org/projects/redmine/wiki/Download

The main updates are:

• Unnecessarily closing li elements when there is no “Next” button on the active page
• Duplicated vertical alignment property in wiki_syntax.css
• All system tests fail on the 4.2-stable branch with “ArgumentError: unknown keyword: :desired_capabilities”
• Restrict puma < 6.0.0 to avoid system testing errors
• When Ruby version < 2.7, restrict mocha version to < 2.0.0 to avoid test errors
• If the current project has subprojects, the read-only permission on project fields will be ignored
• query for unknown display_type is not allowed
• Plugins that serialize date or time objects cause Psych::DisallowedClass exceptions
• Persistent XSS in textile formattin due to blockquote quoting
• Redmine contains a cross-site scripting vulnerability

See the Changelog for more details.