[security advisory] http://wiki.nginx.org/Redmine

Gena Makhomed gmm at csdoc.com
Mon Mar 9 15:21:57 UTC 2015

On 09.03.2015 16:48, Edho Arief wrote:

>>> From reading the redmine docs, it looks like the contents of the "root"
>>> directive directory should be whatever is in the distributed redmine
>>> public/ directory; not the entire installation including configuration.

> It's a public wiki, not some official documentation. If there's error
> you can just go ahead and change it.

And it will be silent fixing of security vulnerability in nginx
configuration recommended for redmine, so all previous redmine 
instances, configured by this manual will be vulnerable.

I prefer to report about this vulnerability in nginx mail list,
so all people who configure redmine by this recommended manual
can fix this security vulnerability in their own redmine installs.


Also, I can't fix security vulnerabilities in nginx/1.5.12
used at site http://wiki.nginx.org/ and can't contact with
Cliff Wells by e-mail cliff at nginx.org and other e-mails.

Best regards,

More information about the nginx mailing list