summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--releases.moxie47
1 files changed, 43 insertions, 4 deletions
diff --git a/releases.moxie b/releases.moxie
index dc20beca..c7a75a92 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -1,7 +1,7 @@
#
# ${project.version} release
#
-r33: {
+r34: {
title: ${project.name} ${project.version} released
id: ${project.version}
date: ${project.buildDate}
@@ -22,6 +22,45 @@ r33: {
}
#
+# 1.9.3 release
+#
+r33: {
+ title: Gitblit 1.9.3 released
+ id: 1.9.3
+ date: 2022-04-09
+ note: ''
+ The 1.9 minor version is the last to support Java 7. From 1.10 on Gitblit will require Java 8.
+ ''
+ html: ~
+ text: ''
+ !! IMPORTANT SECURITY FIX FOR CONFIG USER SERVICE !!
+
+ There is a security vulnerability in version 1.9.2, which allows an attacker to gain
+ elevated access rights. This is present when the Config User Service is used as the
+ user service, which is the default.
+
+ Version 1.9.2 introduced a new implementation to store user data in the user config file
+ which holds user name, password, access rights etc. This was done to solve problems with
+ very large user bases (pr-1364). This new implementation does not properly escape all
+ control characters, like newline and tab. As a result, a normal user, when logged into
+ Gitblit, can edit his profile data and enter values in e.g. the email address that are
+ interpreted as control characters in the text file stored on disk. This allows the malicious
+ user to give themselves e.g. elevated access rights on their account.
+
+ This is fixed in 1.9.3. Updates of existing installations should be made to 1.9.3, not 1.9.2.
+
+ Many thanks to Github user @YYHYlh for finding and reporting this issue (issue-1410).
+ ''
+ security:
+ - Fix escaping control characters in config user service, resolving a security vulnerability. (issue-1410)
+ fixes: ~
+ changes: ~
+ additions: ~
+ dependencyChanges: ~
+ contributors: ~
+}
+
+#
# 1.9.2 release
#
r32: {
@@ -2061,6 +2100,6 @@ r1: {
- James Moger
}
-snapshot: &r33
-release: &r32
-releases: &r[1..32]
+snapshot: &r34
+release: &r33
+releases: &r[1..33]