diff options
Diffstat (limited to 'releases.moxie')
| -rw-r--r-- | releases.moxie | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/releases.moxie b/releases.moxie index f03af4d7..cd21ab91 100644 --- a/releases.moxie +++ b/releases.moxie @@ -5,6 +5,8 @@ r17: { title: Gitblit ${project.version} Released
id: ${project.version}
date: ${project.buildDate}
+ security:
+ - Raw servlet was insecure. If someone knew the exact repository name and path to a file, the raw blob could be retrieved bypassing security constraints. (issue 198)
fixes:
- Could not reset settings with $ or { characters through Gitblit Manager because they are not properly escaped
- Fix NPE when getting user's fork without repository list caching (issue 182)
|