| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The release process generates a release on Github. The release notes
on Github link to the full release notes on the Gitblit website.
But since gitblit.com/ only has a simple redirect in the index.html to
the Github pages site, a direct link to the releasenotes on gitblit.com
will end up in the outdated pages on Jame's site.
Therefore use www.gitblit.com/ for the link, which we can control and
which leads to the Github pages directly.
|
| |
|
| |
|
|
|
|
| |
Update dependencies after running grype to the fixed versions.
|
|
|
|
|
|
|
|
|
|
| |
When an administrator edits a user entry, the user's password hash is
present on the edit page. This is unnecessary. But it exposes the hash
to an administrator who could choose to try to brute-force the hash and
use the password on other logins of that user.
This is an issue for administrative users who have no access to the
actual database on disk but access to the user edit web page.
|
|
|
|
|
| |
Many thanks to András Veres-Szentkirályi for the report and the support
in understanding and finding the issue.
|
|
|
|
|
| |
Add environment variable that lets us detect that Gitblit is running
under Goss for testing purposes.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This crept in via some left over directory on disk. I guess.
|
|\
| |
| | |
Update dependencies
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace log4j 1.2.17 with reload4j 1.2.25.
log4j 1.x was caught in the fire of the Log4Shell vulnerability, even
though the 1.x line was not affected by the vulnerability. Still, this
looks bad when it shows up in security scanners even though it doesn't
mean it has the Log4Shell vulnerability.
Switch to reload4j instead. This is a drop-in replacement of log4j.
Actually, it is log4j rebooted by the same author. The reload4j 1.x
line fixes security issues that have since surfaced.
At the same time we update to the latest slf4j version, which also
switched to reload4j for the log4j12 line.
|
| |
| |
| |
| |
| |
| |
| | |
Update JSoup to version 1.16.2.
This requires renaming `Whitelist` to `Safelist`,
because the class name was changed in version 1.15.1
in a breaking change.
|
|/
|
|
|
| |
Update dependencies: Mina Core, Guava and commons-compress.
These don't need any other adjustments.
|
|\ |
|
|/ |
|
|\
| |
| | |
Add SHA-256 hash calculation to StringUtils
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The calculation of a MD5 and SHA-1 sum are all message digest implementations.
Instead or replicating the same code over and over again, provide a
common function for message digest calculation which can do this for
different algorithms based on the algorithm name passed as a parameter.
Then replace the existing `getMD5` and `getSHA1` functions by calling
the common function passing the respective algorithm name.
|
|\ \
| |/
|/| |
Fix single quotes in MessageFormat patterns.
|
|/ |
|
|\ |
|
|/
|
|
|
|
|
|
|
|
|
|
| |
The page shown for an empty repository lists suggestions for Git clients,
mostly GUI ones, and links to their web pages.
The TortoiseGit client entry is removed since the URL is no longer valid.
The excellent client Fork is added to the closed source clients
section.
This commit also cleans up some other entries, fixing broken tags,
escaping ampersands and removing outdated or wrong information.
|
|\
| |
| | |
Improve Chinese translation of "fork"
|
|/
|
|
|
|
|
| |
The currently used translation of "fork" is ambiguous, using the same
word as for "branch".
Fixes #1448
|
|
|
|
|
|
|
| |
The CNAME file on the gh-pages branch is used to link the gh-pages
to the gitblit.com domain. So it needs to stay around when updating
the gh-pages branch with new documentation pages.
This is possible since Moxie 0.10.0 with a new `keep` sub-element.
|
|
|
|
| |
This provides changes and new commands used for release.
|
| |
|
| |
|
|
|
|
| |
That was not updated after the 1.9.3 hotfix release.
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the links in NOTICE to the closed down Google Code
(code.google.com) with their Github counterparts where the projects
moved to.
Gitblit used to download dependencies upon first start. This has since
long been changed and everything is bundled with Gitblit now. So reflect
this in the design.mkd document, which still said they would be
downloaded.
|
| |
|
| |
|
|\
| |
| | |
Fix Moxie URL in build.xml (#1441)
|
| |
| |
| |
| |
| | |
Adjust other references to the old 'gitblit' organisation on Github to
point to the new 'gitblit-org' organisation.
|
|/ |
|
|\
| |
| | |
Add support for Jenkins Git plugin access token, fixes #1423
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
The update of JGit broke pushes to tickets. The ReceiveCommand now
requires all three arguments, oldId, newId and name, to be not null.
The ticket code handling pushes to tickets left name and old id as
null in certain cases. This is fixed by always providing values.
|
| |
| |
| |
| | |
The merge step for using `pt` added the wrong text to the copy button.
|
| |
| |
| |
| | |
Donated by @piradix
|