From the 4.1.5 and 4.2.3 release notes: ``` [Security] Defect #35789: Redmine is leaking usernames on activities index view Patch #35463: Enforce stricter class filtering in WatchersController ``` https://www.redmine.org/projects/redmine/wiki/Changelog_4_2 https://www.redmine.org/projects/redmine/wiki/Changelog_4_1
We'll use the other one given it's got the CVE. *** This bug has been marked as a duplicate of bug 817917 ***