Enforce security on raw blob page (issue 198)

author: James Moger <james.moger@gitblit.com> 2013-03-29 10:02:23 -0400
committer: James Moger <james.moger@gitblit.com> 2013-03-29 10:02:23 -0400
commit: 0f3cb24604e7c3c1a78d5b97f6f4fce6f796b510 (patch)
tree: 89876b69a6e52ca9d7c182757fd3912f86ebf4c0 /releases.moxie
parent: 1e9ddaf8ea3acb07f07151e26508f7f3a165db4e (diff)
download: gitblit-0f3cb24604e7c3c1a78d5b97f6f4fce6f796b510.tar.gz
gitblit-0f3cb24604e7c3c1a78d5b97f6f4fce6f796b510.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/releases.moxie b/releases.moxie
index f03af4d7..cd21ab91 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -5,6 +5,8 @@ r17: {
     title: Gitblit ${project.version} Released
     id: ${project.version}
     date: ${project.buildDate}
+	security:
+	- Raw servlet was insecure. If someone knew the exact repository name and path to a file, the raw blob could be retrieved bypassing security constraints. (issue 198)
     fixes:
      - Could not reset settings with $ or { characters through Gitblit Manager because they are not properly escaped
 	 - Fix NPE when getting user's fork without repository list caching (issue 182)
author	James Moger <james.moger@gitblit.com>	2013-03-29 10:02:23 -0400
committer	James Moger <james.moger@gitblit.com>	2013-03-29 10:02:23 -0400
commit	0f3cb24604e7c3c1a78d5b97f6f4fce6f796b510 (patch)
tree	89876b69a6e52ca9d7c182757fd3912f86ebf4c0 /releases.moxie
parent	1e9ddaf8ea3acb07f07151e26508f7f3a165db4e (diff)
download	gitblit-0f3cb24604e7c3c1a78d5b97f6f4fce6f796b510.tar.gz gitblit-0f3cb24604e7c3c1a78d5b97f6f4fce6f796b510.zip