[3.11.5]
Update redmine to 6.1.3
Full Changelog
Defect #43951: Bulk attachment download bypasses View files permission for project/version attachments
Defect #44109: PreAuth leak name of private Projects
Defect #44118: Any project member with add_issue_notes permission can add notes to private issues they cannot view, via the MailHandler reply dispatch
Defect #44138: Stored XSS in Textile formatter due to restore_redmine_links
Defect #44145: PostScript execution in Redmine::Thumbnail.generate via %% DSC-comment prefix
Defect #44146: Time-entry API hidden custom-field leak
