Is Redmine 4.0.9 patched?
Current stable (6.1.3): 100/100
Summary iPlain-English security status for Redmine 4.0.9, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Redmine 4.0.9 is part of the 4.0 release line. 6 known vulnerabilities affect it. The 4.0 line reached end-of-life on 2021-04-26, so it no longer receives security patches. The latest supported Redmine release is 6.1.3.
Known issues affecting 4.0.9
Exploited first, then by exploitation probability.
CVE-2021-42326 MEDIUM EPSS 1% → fixed in 4.2.3 CVE-2022-44637 MEDIUM EPSS 0% → fixed in 5.0.4 CVE-2022-44031 MEDIUM EPSS 0% → fixed in 5.0.4 CVE-2023-47259 MEDIUM EPSS 0% → fixed in 5.0.6 CVE-2023-47258 MEDIUM EPSS 0% → fixed in 5.0.6 CVE-2023-47260 MEDIUM EPSS 0% → fixed in 5.0.6Other Redmine versions
Check another release line of Redmine.
Frequently asked
Is Redmine 4.0.9 patched?
Redmine 4.0.9 is end-of-life and no longer receives security patches. Move to 6.1.3.
When does Redmine 4.0 reach end-of-life?
Redmine 4.0 reached end-of-life on 2021-04-26 and no longer receives security patches.
What is the latest version of Redmine?
The latest supported Redmine release is 6.1.3.
Is Redmine 4.0.9 still receiving security updates?
No — Redmine 4.0.9 is on the 4.0 line, which reached end-of-life on 2021-04-26 and no longer receives security updates. Upgrade to 6.1.3 or later to stay supported.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Redmine's official advisory before you patch or upgrade — Redmine official site ↗