| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace log4j 1.2.17 with reload4j 1.2.25.
log4j 1.x was caught in the fire of the Log4Shell vulnerability, even
though the 1.x line was not affected by the vulnerability. Still, this
looks bad when it shows up in security scanners even though it doesn't
mean it has the Log4Shell vulnerability.
Switch to reload4j instead. This is a drop-in replacement of log4j.
Actually, it is log4j rebooted by the same author. The reload4j 1.x
line fixes security issues that have since surfaced.
At the same time we update to the latest slf4j version, which also
switched to reload4j for the log4j12 line.
|
|
|
|
|
|
|
| |
Update JSoup to version 1.16.2.
This requires renaming `Whitelist` to `Safelist`,
because the class name was changed in version 1.15.1
in a breaking change.
|
|
|
|
|
| |
Update dependencies: Mina Core, Guava and commons-compress.
These don't need any other adjustments.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This updates Jetty to the latest 9.x version as of writing. The 9.x is
still running on Java 8. The update needs two code changes.
`SessionManager` was replaced with `SessionHandler`. This was documented
in the Jetty documentation.
Adding the `GitblitContext` to the `WebAppContext` will result in two
instances getting created, because the code was changed that prevents
instantiation the same listener class multiple times. (The second time
is when the web.xml is read.) Instead, it must be added to the servlet
handler of the `WebAppContext`. This results in properly adhering to the
changed internal startup flow.
Updating Jetty also resolves #1409.
|
|
|
|
|
|
|
|
| |
Update JGit, and also update other dependencies where the 4.11 JGit
version uses newer versions than we do:
commond-codec updated to 1.9
commons-compress updated to 1.15
gson updated to 2.8.2
|
| |
|
|\
| |
| |
| |
| | |
Fix conflict from earlier JGit update to 4.5
Add updated Eclipse and IntelliJ files.
|
|\|
| |
| |
| |
| | |
Fix conflict in updated slf4j version.
Add updated Eclipse and IntelliJ files.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Update Guice to 5.1.0. This version is compatible with Java 17.
The gitblit patch of the servlet extension was ported to Guice 5.1.0,
too.
The update of Guice requires an update of the Guava version, too.
Thus Guava is updated to 27.0.1-jar.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.
Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master)
# Conflicts:
# .classpath
# build.moxie
# src/test/java/com/gitblit/tests/SshUnitTest.java
|
| | |
|
| |
| |
| |
| | |
This closes #1390
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
This includes a fix in MINA to a CVE.
|
| |
| |
| |
| |
| |
| |
| |
| | |
To support the new PBKDF2 password hashing, the Bouncy Castle provider
needs to be updated to a version that supports PBKDF2 with HMAC SHA265.
The current version doesn't have PBKDF2WithHmacSHA265, and neither does
Java 7, so that under Java 7 it can not be used. This update enables
the new password hashing under Java 7, too.
|
| |
| |
| |
| |
| | |
Update the dependency to the recommended JAF stand-alone
com.sun.activation:javax.activation:1.2.0
|
|/
|
|
| |
thanks to this dependency, one can start gitblit with java 9 without using deprecated internal module --add-modules java.activation
|
|
|
|
| |
This reverts commit 662fb9012fb6897c9b05c939232919797e665f38.
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to read and migrate Lucene indices from old (4.x)
formats to new (5.x) ones, add the `lucene-backward-codecs`
library to the project.
It is added to the `ext` directory and therefore to the classpath.
According to the Lucene documentation, having it in the classpath
can affect performance. But right now the `ext` directory is the
only one available and even for a separate tool for offline
migration the library would be needed.
|
|
|
|
|
|
|
| |
Exclude Lucene dependencies `lucene-spatial` and `lucene-join`.
They were added during the update but are not needed. This patch
excludes them explicitly so that they do not show up in the
generated IDE files and `ext` directory.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use explicit coordinates, and therefor version numbers fro JUnit
in the build.moxie file. It should not be some version that just
happens to be used.
Update JUnit to latest 4.12.
Update JaCoCo to lates 0.7.8, which makes it work under Java 8.
The last used version would fail when tests are run under Java 8.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 55c385e96e6594ec1ac3b5cd41ccd2df6048b696, reversing
changes made to 61bb29d492ca9c34471ec0a119d1445ccde086e9.
|
| |
|
| |
|
|
|
|
|
| |
JGit 4.0.0 fixes a memory leak but introduces a non-compatible change
for closing the RevWalk: before it was release() but now is close()
|
| |
|
| |
|