Hello all,
While Redmine has been available over HTTPS for a while, we didn’t enforce it. Since today we do! Please report any issues you have. This also means you may need to update any scripts that don’t follow redirects.
We also set the HSTS header but with a timeout of 1 day. This should give us a reasonable way back if we have issues. If there aren’t issues, we can extend this to a long period (6 months or 1 year).