RedMica 1.2.2 brings 17 fixes and minor improvements over RedMica 1.2.1.
This release includes the following security fixes. Please update to 1.2.2 as soon as possible:
- Defect redmine-34367: Allowed filename extensions of attachments can be circumvented
- Defect redmine-34950: SysController and MailHandlerController are vulnerable to timing attack
- Defect redmine-35045: Mail handler bypasses add_issue_notes permission
- Defect redmine-35085: Arbitrary file read in Git adapter
- Patch redmine-35214: Update Rails to 5.2.6
You can see the full list of changes in the CHANGELOG.