| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace log4j 1.2.17 with reload4j 1.2.25.
log4j 1.x was caught in the fire of the Log4Shell vulnerability, even
though the 1.x line was not affected by the vulnerability. Still, this
looks bad when it shows up in security scanners even though it doesn't
mean it has the Log4Shell vulnerability.
Switch to reload4j instead. This is a drop-in replacement of log4j.
Actually, it is log4j rebooted by the same author. The reload4j 1.x
line fixes security issues that have since surfaced.
At the same time we update to the latest slf4j version, which also
switched to reload4j for the log4j12 line.
|
|
|
|
|
|
|
| |
Update JSoup to version 1.16.2.
This requires renaming `Whitelist` to `Safelist`,
because the class name was changed in version 1.15.1
in a breaking change.
|
|
|
|
|
| |
Update dependencies: Mina Core, Guava and commons-compress.
These don't need any other adjustments.
|
|\ |
|
|/ |
|
|\
| |
| | |
Add SHA-256 hash calculation to StringUtils
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The calculation of a MD5 and SHA-1 sum are all message digest implementations.
Instead or replicating the same code over and over again, provide a
common function for message digest calculation which can do this for
different algorithms based on the algorithm name passed as a parameter.
Then replace the existing `getMD5` and `getSHA1` functions by calling
the common function passing the respective algorithm name.
|
|\ \
| |/
|/| |
Fix single quotes in MessageFormat patterns.
|
|/ |
|
|\ |
|
|/
|
|
|
|
|
|
|
|
|
|
| |
The page shown for an empty repository lists suggestions for Git clients,
mostly GUI ones, and links to their web pages.
The TortoiseGit client entry is removed since the URL is no longer valid.
The excellent client Fork is added to the closed source clients
section.
This commit also cleans up some other entries, fixing broken tags,
escaping ampersands and removing outdated or wrong information.
|
|\
| |
| | |
Improve Chinese translation of "fork"
|
|/
|
|
|
|
|
| |
The currently used translation of "fork" is ambiguous, using the same
word as for "branch".
Fixes #1448
|
|
|
|
|
|
|
| |
The CNAME file on the gh-pages branch is used to link the gh-pages
to the gitblit.com domain. So it needs to stay around when updating
the gh-pages branch with new documentation pages.
This is possible since Moxie 0.10.0 with a new `keep` sub-element.
|
|
|
|
| |
This provides changes and new commands used for release.
|
| |
|
| |
|
|
|
|
| |
That was not updated after the 1.9.3 hotfix release.
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the links in NOTICE to the closed down Google Code
(code.google.com) with their Github counterparts where the projects
moved to.
Gitblit used to download dependencies upon first start. This has since
long been changed and everything is bundled with Gitblit now. So reflect
this in the design.mkd document, which still said they would be
downloaded.
|
| |
|
| |
|
|\
| |
| | |
Fix Moxie URL in build.xml (#1441)
|
| |
| |
| |
| |
| | |
Adjust other references to the old 'gitblit' organisation on Github to
point to the new 'gitblit-org' organisation.
|
|/ |
|
|\
| |
| | |
Add support for Jenkins Git plugin access token, fixes #1423
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
The update of JGit broke pushes to tickets. The ReceiveCommand now
requires all three arguments, oldId, newId and name, to be not null.
The ticket code handling pushes to tickets left name and old id as
null in certain cases. This is fixed by always providing values.
|
| |
| |
| |
| | |
The merge step for using `pt` added the wrong text to the copy button.
|
| |
| |
| |
| | |
Donated by @piradix
|
| |
| |
| |
| |
| | |
This fixes incorrect encodings in the _de language file which makes
the pages crash.
|
| |
| |
| |
| |
| |
| | |
Adding style element `max-width:inherit` as suggested by @piradix, which
makes the access restriction icon be part of the URL box again.
This fixes #1437
|
|\ \
| | |
| | |
| | | |
This replaces clippy.sfw with Javascript for issue #1241
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `clippy.swf` Flash program is no longer needed and can be deleted.
The configuration property is now incorrectly named, but we keep the
name and update the documentation. Maybe it could be completely deleted
one day, when the clipboard.js solution is known to work and be universally
supported.
|
| | |
| | |
| | |
| | |
| | | |
The ticket page also has some copy-to-clipboard buttons, which get
updated to work with JS instead of SWF.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is not the ideal version, since the height is too low for the tooltip
used for the drop-down menus. Probably has something to do with the
container or something. But at least something is there now, even if
not the most beautiful.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Shockwave Flash is dead. But Gitblit still uses it to copy the repository
URLs to the clip board. Which doesn't work anymore since no browser uses
Flash anymore, so this has degraded disgracefully.
Instead, we can use JavaScript to copy directly to the clipboard, now
that there are APIs for it. So replace the use of clippy.swf on the
repository page with clipboard.js[1]. This right now only has the
functionality to copy to clipboard but now visual feedback, yet.
This addresses GH issue #1241.
[1] https://clipboardjs.com
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adding Ed25519 keys brings the problem that with the library currently
used, the PublicKey instance of that key is not serialisable. This
results in an exception when wicket tries to cache the UsersPage.
So change the SshKeysPanel so that the PublicKey object is removed
from the `SshKey` when the panel is detached. It can be regenerated from
the raw key data.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This updates Jetty to the latest 9.x version as of writing. The 9.x is
still running on Java 8. The update needs two code changes.
`SessionManager` was replaced with `SessionHandler`. This was documented
in the Jetty documentation.
Adding the `GitblitContext` to the `WebAppContext` will result in two
instances getting created, because the code was changed that prevents
instantiation the same listener class multiple times. (The second time
is when the web.xml is read.) Instead, it must be added to the servlet
handler of the `WebAppContext`. This results in properly adhering to the
changed internal startup flow.
Updating Jetty also resolves #1409.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Jetty 9.3 changed the `setHandler` on the ServletContextHandler to no
longer automatically detect SecurityHandler, SessionHandler, etc. It
simply passes on the setHandler request to the ContextHandler class
(with a warning logged). So make sure to explicitly use the method
`setSecurityHandler` to set the ContraintSecurityHandler responsible
for the http -> https redirection.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This branch mostly records the commit from PR #1253, so we have it in
the code base. The changes are immediately undone, because the update
to JGit version 4.8.0, as proposed in PR #1252, renders the whole
patching of JGit obsolete.
The update is done now, against reservations in that PR, because we
guess that potential issues have been found and fixed by now. JGit
is updated to the last version on the major version 4 line: 4.11.9.
Also, since upstream JGit is at v6 by now, more updates will have to
happen later on anyways.
To make the protection against illegal character sets complete, an
additional fix for Bugtraq is included, that protects against exceptions
from bugtraq should it encounter an `encoding` that cannot be handled.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update JGit, and also update other dependencies where the 4.11 JGit
version uses newer versions than we do:
commond-codec updated to 1.9
commons-compress updated to 1.15
gson updated to 2.8.2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Catch all exceptions, and not just IOExceptions, from bugtraq formatter.
If an exception is caught, ignore the bugtraq handling of the commit
message and show the plain message. Way better then not showing anything
just because something broke in bugtraq.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reading the encoding of a commit can result in a Unsupported- or
IllegalCharsetException. This happens when for whatever reason the
commit has an encoding recorded that the system doesn't understand.
Instead of completely failing, fallback to UTF-8.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Updating JGit fixed the issue that a commit in a repo with an unknown
character set throws an exception. This would crash the RepositoryManager.
The extra handling, which patches JGit classes during runtime is completely
removed.
|
|/ /
| |
| |
| |
| | |
Unknown encodings may cause gitblit to fail to start. This modification
injects a wrapper class in the JGit internal to fake a valid return value.
|
| |
| |
| |
| |
| |
| | |
Leave the artefact until after the container has been built and tested.
In case the test fails the artefact can be still downloaded to analyse
what might have caused the container build or test to fail.
|