summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Changed tab to space conversionQuentin2022-08-021-1/+8
| | | | | Tabs are not always 4 spaces large. It completes the line to the 4th character.
* Create SECURITY.mdFlorian Zschocke2022-06-201-0/+12
| | | This closes #1418
* doc: Merge release 1.9.3 info into releases.moxieFlorian Zschocke2022-04-091-4/+43
|
* ci: Add debug logging to nightly buildFlorian Zschocke2022-04-091-1/+3
| | | | | For some reason the secret gate doesn't work and the main Gitblit repo also attempts to deploy the nightly to Docker which must fail.
* pages: Fix link for GitExtension, which moved to GithubFlorian Zschocke2022-04-0913-13/+13
|
* doc: Fix download link for fedclient ad api tarFlorian Zschocke2022-04-092-2/+2
| | | | | | It was still pointing to Google Code. This closes #1408
* doc: Fix links for dependencies that moved from Google CodeFlorian Zschocke2022-04-092-6/+6
|
* Merge branch '1410-vulnerability-userdb' into masterFlorian Zschocke2022-03-143-6/+382
|\ | | | | | | | | Merge fix branch from 1.9 mainenance line into master branch.
| * fix: Fix StoredUserConfig not escaping control charactersFlorian Zschocke2022-03-132-3/+191
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `StoredUserConfig` only escaped the escape character, i.e. backslash. But it does not escape control characters like tab or newline. This introduces a vulnerability where an attacker can create new entries in their user account and create new accounts. In addition, other characters are also not properly handled. Field values with a comment character need to be quoted. This only happens for the `#` character and only when the value starts with it. Also the quote is note escaped in values. This change completely rewrites the `escape` method of `StoredUserConfig`. It takes care of properly escaping characters that need escaping for the git configuration file format. This fixes #1410
| * fix: Fix StoredUserConfig handling null subsectionsFlorian Zschocke2022-03-132-2/+65
| | | | | | | | | | | | | | | | | | | | Te `StoredUserConfig` did not handle sections without a subsection. When the subsection did not exist, i.e. was `null`, then the subsection name would be set to the string "null". This is not how the config file format works. It should create a `[SECTIONNAME]` entry instead. This fix handles a `null` subsection correctly, by handling it as a section without a subsection.
| * test: Add exploit test for config user serviceFlorian Zschocke2022-03-121-1/+126
| | | | | | | | | | Add unit tests for exploiting the email address or display name in the config user service by using newlines in the values.
| * Reset build identifiers for next point release cycleFlorian Zschocke2022-03-122-2/+20
| |
* | ide: Adjust IDE project files to javax.mail 1.5.6Florian Zschocke2022-02-063-6/+20
| |
* | Update javax.mail to 1.5.6paladox2022-02-061-1/+1
| |
* | Merge branch 'pr-1219' into masterFlorian Zschocke2022-02-066-31/+36
|\ \ | | | | | | | | | This merges rebased and enhanced pull request #1219
| * | ci: Remove Java 7 buildFlorian Zschocke2022-02-062-22/+24
| | |
| * | build: Comment out option used for Java 7Florian Zschocke2022-02-061-1/+1
| | |
| * | doc: Update documentation for new Java 8 minimumFlorian Zschocke2022-02-062-3/+6
| | |
| * | Update readme for new min java versionpaladox2022-02-061-1/+1
| | |
| * | Bump min java support to 1.8paladox2022-02-061-4/+4
|/ / | | | | Fixes #1218
* | ci: Transition to ICO image labelsFlorian Zschocke2022-02-061-0/+2
| |
* | ci: Allow to force build a nightly versionFlorian Zschocke2022-02-061-1/+1
| | | | | | | | | | | | | | | | | | Enable a switch for manual workflow triggering that overrides the check if a new commits were made since the last build. If the input is set to 'true', a new build is run even when no new commits are present. This is mainly so that changes to the gitblit-docker repo can be included in builds. This could also be automated in the workflow, if need be.
* | ci: Test nightly docker image with Goss before pushing to registryFlorian Zschocke2022-02-061-0/+53
| |
* | ci: Add workflow for a nightly build of docker imageFlorian Zschocke2022-02-061-0/+180
| |
* | Readme: Fix link to nightly docker imageFlorian Zschocke2022-02-051-1/+1
| | | | | | | | | | | | The link to the nightly docker images points to the actual image layer, which is removed when a new nightly is pushed. Instead, we should point to the images page, filtering on the tag 'nightly'.
* | Reset build identifiers for next minor release cycleFlorian Zschocke2022-02-052-2/+20
|/
* Prepare 1.9.2 releasev1.9.2flaix2022-02-052-10/+10
|
* site: Fix awful HTML indentationFlorian Zschocke2022-02-031-18/+18
|
* site: Old packages moved from Bintray to CloudsmithFlorian Zschocke2022-02-032-2/+3
| | | | | | | Since Bintray seized operation, the packages for versions 1.4.0 - 1.8.0 have been uploaded to Cloudsmith. Adjust the links appropriately. An attribution is added to comply with Cloudsmith's OSS hosting policy.
* build: Determine release version with simple grepFlorian Zschocke2022-02-011-6/+9
| | | | | | | | | To determine what the release version is to be, use a simple grep over the moxie.build file and cut off the `-SNAPSHOT` part. The moxie tag command doesn't do anything else, either. But the problem is that when using the moxie tag command on the release branch, where the version has already been set to a release version, it would create a second release version, like so: 1.9.2-1.
* build: Allow for updating an existing draft releaseFlorian Zschocke2022-02-012-30/+366
| | | | | | | | | | | When creating a release draft and uploading assets, provision for the case that a draft release already exists. In that case, instead of creating a release, the existing release (changelog) is edited and the assets are deleted before the new built ones are uploaded. This commit also introduces the `${gh.repo}` property in build.xml, so that the Github project could be chosen dynamically. Not really needed, to be honest, but, yeah, whatever.
* build: Add target to determine and report release versionFlorian Zschocke2022-02-011-2/+30
|
* Build: create macro for creating the release process scriptFlorian Zschocke2022-02-011-27/+60
| | | | | | | | | Refactor the creation of the release process script, from `release.template` into a `macrodef`. Add a new target `releaseScript`, so that the release script can be created after the `tagRelease` target was run. This is helpful if the `tagRelease` target is run by a different, earlier process than the actual release creation process.
* doc: Update release notesFlorian Zschocke2022-02-011-1/+4
|
* Update japanese translationTakehide Morimoto2022-01-156-170/+1271
|
* Detect and report if running in containerFlorian Zschocke2021-12-102-0/+76
| | | | | | | To help with analysis, try to detect if the instance is running inside a container. Some containers are detected, but this is probably not exhaustive. At least a Docker container should be detectable. Report in the runtime manager to the log if a container was detected.
* run: Put variables in quotes in shell scriptsFlorian Zschocke2021-12-093-4/+4
|
* readme: Add shields for license and nightly docker dateFlorian Zschocke2021-12-071-1/+3
|
* pages: Fix repo-relative reference links in markdown docsFlorian Zschocke2021-12-062-15/+40
| | | | | | | | As with explicit links, also for reference links in markdown documents which point to repository-relative files the links are broken. They do not take the path to the repository into account. This fix is related to commit b23269 which fixed issue #1358 for explicit links.
* Merge branch 'fix-864' into masterFlorian Zschocke2021-12-042-5/+734
|\ | | | | | | Merge fix for issue #864.
| * bug: Fix double encoding links in Markdown/Wiki pagesFlorian Zschocke2021-12-041-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | When parsing Markdown or Wiki pages, links get URL encoded. This happened twice for links to other documents. Once explicitly and once by Wicket when it creates a `urlFor` the page. That results in multi-byte characters getting percent escaped, and then the percent character again getting percent escaped. The explicit encoding looks like a forgotten left over, so it gets removed from the code. The Wicket encoding is smarter anyways, knowing what is path and what is parameter. This fixes #864.
| * Add tests for MarkupProcessorFlorian Zschocke2021-12-041-0/+734
|/
* deps: Update to Jetty 9.2.30.v20200428Florian Zschocke2021-12-034-5/+6
| | | | This closes #1390
* Update contributing guidelinesFlorian Zschocke2021-12-022-5/+32
| | | | And, link to the contributing guidelines from the Readme.
* docs: Update release notesFlorian Zschocke2021-12-021-4/+24
|
* docs: Update docker URLFlorian Zschocke2021-11-252-3/+7
| | | | | | | Update the URL to the Gitblit docker image to point to the `gitblit/gitblit` repository, which I now consider the official Docker repository. Also link to the Docker images on the main page.
* docs: Change Ohloh link to Open HubFlorian Zschocke2021-11-251-2/+2
| | | | | Ohloh got acquired by Synopsis and is nor Open Hub. Change the Ohloh link in the links menu to point to Open Hub.
* Change bugtraq link for issues to GithubFlorian Zschocke2021-11-251-1/+1
|
* Fixes external links broken in markdown rendering (#1392)TomaszSzt2021-11-181-0/+16
| | | | | * This commit fixes what was broken in commit https://github.com/gitblit/gitblit/commit/b23269acc0f460f583311c679d751925b8402563 due to #1358 issue
* Fix NPETom2021-11-031-7/+3
| | | | | | | | Although it seems strange to have a RefModel with a referenced object but a null Ref, Gitblit uses such RefModels for instance in JGitUtils.getNotesOnCommit(). Be careful to do something sensible when that Ref is null.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 21:56:20 +0000