Merge branch 'release/v5.1.8-3'

mathusankann · cesmarvin · commit 81c96d8de279 · 2025-08-06T06:02:56.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v5.1.8-3] - 2025-08-06
+### Security
+- [#155] close CVE GHSA-353f-x4gh-cqq8
+
 ## [v5.1.8-2] - 2025-06-11
 ### Added
 - [#153] add configurable rack query parameter sizes
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM registry.cloudogu.com/official/base:3.19.4-3
 
 LABEL NAME="official/redmine" \
-   VERSION="5.1.8-2" \
+   VERSION="5.1.8-3" \
    maintainer="hello@cloudogu.com"
 
 ENV USER=redmine \
@@ -107,6 +107,8 @@ RUN set -eux -o pipefail \
  && 2>/dev/null 1>&2 gem update --system --quiet \
  # set temporary database configuration for bundle install
  && cp ${WORKDIR}/config/database.yml.tpl ${WORKDIR}/config/database.yml \
+# Patch vulnerable nokogiri version to >= 1.18.9
+&& sed -i '/gem.*nokogiri/ s/1\.18\.3/1.18.9/' ${WORKDIR}/Gemfile \
  # Install rubycas-client
  && wget -O v${RUBYCASVERSION}.tar.gz "https://github.com/cloudogu/rubycas-client/archive/v${RUBYCASVERSION}.tar.gz" \
  && echo "${RUBYCAS_TARGZ_SHA256} *v${RUBYCASVERSION}.tar.gz" | sha256sum -c - \
diff --git a/docs/gui/release_notes_de.md b/docs/gui/release_notes_de.md
@@ -6,6 +6,10 @@ Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https
 
 ## [Unreleased]
 
+## [v5.1.8-3] - 2025-08-06
+### Changed
+* Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
+
 ## [v5.1.8-2] - 2025-06-11
 ### Added
 * Zusätzliche Konfigurationsschlüssel rack/params_limit und rack/bytesize_limit hinzugefügt.
diff --git a/docs/gui/release_notes_en.md b/docs/gui/release_notes_en.md
@@ -6,6 +6,10 @@ Technical details on a release can be found in the corresponding [Changelog](htt
 
 ## [Unreleased]
 
+## [v5.1.8-3] - 2025-08-06
+### Changed
+* We have only made technical changes. You can find more details in the changelogs.
+
 ## [v5.1.8-2] - 2025-06-11
 ### Added 
 *  Added additional config parameters rack/params_limit and rack/bytesize_limit.
diff --git a/dogu.json b/dogu.json
@@ -1,6 +1,6 @@
 {
   "Name": "official/redmine",
-  "Version": "5.1.8-2",
+  "Version": "5.1.8-3",
   "DisplayName": "Redmine",
   "Description": "Redmine is a flexible project management web application",
   "Category": "Development Apps",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"Name": "official/redmine",`
`3`		`- "Version": "5.1.8-2",`
	`3`	`+ "Version": "5.1.8-3",`
`4`	`4`	`"DisplayName": "Redmine",`
`5`	`5`	`"Description": "Redmine is a flexible project management web application",`
`6`	`6`	`"Category": "Development Apps",`