From 8b18ac309bc36c8a16a3d26f088cb168635930d3 Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Sat, 7 Mar 2020 12:01:08 +0100 Subject: docu: Fix typo --- src/site/rpc.mkd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/site') diff --git a/src/site/rpc.mkd b/src/site/rpc.mkd index e51fbaae..ac963a87 100644 --- a/src/site/rpc.mkd +++ b/src/site/rpc.mkd @@ -8,7 +8,7 @@ Gitblit optionally allows a remote client to administer the Gitblit server. Thi web.enableRpcManagement=false web.enableRpcAdministration=false -**https** is strongly recommended because passwords are insecurely transmitted form your browser/rpc client using Basic authentication! +**https** is strongly recommended because passwords are insecurely transmitted from your browser/rpc client using Basic authentication! The Gitblit JSON RPC mechanism, like the Gitblit JGit servlet, syndication/feed servlet, etc, supports request-based authentication. Making an *admin* request will trigger Gitblit's basic authentication mechanism. Listing of repositories, generally, will not trigger this authentication mechanism unless *web.authenticateViewPages=true*. That means its possible to allow anonymous enumeration of repositories that are not *view restricted* or *clone restricted*. Of course, if credentials are provided then all private repositories that are available to the user account will be enumerated in the JSON response. -- cgit v1.2.3 From 275d353f59074f78cfec5786e5989637a5606834 Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Sat, 4 Apr 2020 21:34:30 +0200 Subject: 🏃run: Use quotes around class path in scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While most systems will not need the class path passed to the JVM with the `-cp` parameter to be in quotes, apparently some exist where that will not work without the quotes, e.g. FreeBSD. So always use quotes for the class path in all scripts. Issue #1333 --- src/main/distrib/linux/authority.sh | 2 +- src/main/distrib/linux/migrate-tickets.sh | 2 +- src/main/distrib/linux/reindex-tickets.sh | 2 +- src/site/federation.mkd | 2 +- src/site/setup_go.mkd | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src/site') diff --git a/src/main/distrib/linux/authority.sh b/src/main/distrib/linux/authority.sh index 740f51a8..c5c6c687 100644 --- a/src/main/distrib/linux/authority.sh +++ b/src/main/distrib/linux/authority.sh @@ -1,2 +1,2 @@ #!/bin/bash -java -cp gitblit.jar:ext/* com.gitblit.authority.GitblitAuthority --baseFolder data +java -cp "gitblit.jar:ext/*" com.gitblit.authority.GitblitAuthority --baseFolder data diff --git a/src/main/distrib/linux/migrate-tickets.sh b/src/main/distrib/linux/migrate-tickets.sh index ce746bf9..4f360918 100644 --- a/src/main/distrib/linux/migrate-tickets.sh +++ b/src/main/distrib/linux/migrate-tickets.sh @@ -17,5 +17,5 @@ if [ -z $1 ] || [ -z $2 ]; then exit 1; fi -java -cp gitblit.jar:./ext/* com.gitblit.MigrateTickets $1 --baseFolder $2 +java -cp "gitblit.jar:ext/*" com.gitblit.MigrateTickets $1 --baseFolder $2 diff --git a/src/main/distrib/linux/reindex-tickets.sh b/src/main/distrib/linux/reindex-tickets.sh index 6985d606..42239ea1 100644 --- a/src/main/distrib/linux/reindex-tickets.sh +++ b/src/main/distrib/linux/reindex-tickets.sh @@ -20,5 +20,5 @@ if [ -z $1 ] ; then exit 1; fi -java -cp gitblit.jar:./ext/* com.gitblit.ReindexTickets --baseFolder $1 +java -cp "gitblit.jar:ext/*" com.gitblit.ReindexTickets --baseFolder $1 diff --git a/src/site/federation.mkd b/src/site/federation.mkd index 231a9f35..b802a087 100644 --- a/src/site/federation.mkd +++ b/src/site/federation.mkd @@ -335,6 +335,6 @@ Instead of using `federation.properties` you may directly specify a Gitblit inst java -cp fedclient.jar;"%CD%/ext/*" com.gitblit.FederationClient --url https://go.gitblit.com --mirror --bare --token 123456789 --repositoriesFolder c:/mymirror - java -cp fedclient.jar:ext/* com.gitblit.FederationClient --url https://go.gitblit.com --mirror --bare --token 123456789 + java -cp "fedclient.jar:ext/*" com.gitblit.FederationClient --url https://go.gitblit.com --mirror --bare --token 123456789 --repositoriesFolder /srv/mymirror --daemon --frequency "24 hours" diff --git a/src/site/setup_go.mkd b/src/site/setup_go.mkd index 20b4ba48..e0470f31 100644 --- a/src/site/setup_go.mkd +++ b/src/site/setup_go.mkd @@ -17,7 +17,7 @@ Open `data/gitblit.properties` in your favorite text editor and make sure to rev **NOTE:** You can only have **one** SSL certificate specified for a port. 4. exit the authority app 4. Windows: Execute `gitblit.cmd` or `java -cp gitblit.jar;"%CD%\ext\*" com.gitblit.GitBlitServer --baseFolder data` from a command-line - Linux/OSX: Execute `gitblit.sh` or `java -cp gitblit.jar;ext/* com.gitblit.GitBlitServer --baseFolder data` from a command-line + Linux/OSX: Execute `gitblit.sh` or `java -cp "gitblit.jar:ext/*"" com.gitblit.GitBlitServer --baseFolder data` from a command-line 5. Open your browser to or depending on your chosen configuration. 6. Enter the default administrator credentials: **admin / admin** and click the *Login* button **NOTE:** Make sure to change the administrator username and/or password!! -- cgit v1.2.3 From 34e77ddf09e58ea0a817d31ed74a6bce574bff97 Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Sun, 5 Apr 2020 12:28:58 +0200 Subject: 📖docs: Add update of service scripts in upgrade GO documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also: release notes. --- releases.moxie | 31 +++++++++++++++++++++++++++---- src/site/upgrade_go.mkd | 22 ++++++++++++++++++++++ 2 files changed, 49 insertions(+), 4 deletions(-) (limited to 'src/site') diff --git a/releases.moxie b/releases.moxie index 0b5afadd..b73038de 100644 --- a/releases.moxie +++ b/releases.moxie @@ -5,11 +5,33 @@ r31: { title: ${project.name} ${project.version} released id: ${project.version} date: ${project.buildDate} - note: ~ + note: '' + When you have Gitblit installed as a service under Linux or Windows, you may need to edit your service script/definition. The command line to start Gitblit needs to be different, the classpath and class are speficied now. + + See notes for release 1.9.0. + '' html: ~ - text: ~ + text: '' + !! IMPORTANT BUG FIX FOR PASSWORD HASH UPGRADE !! + + There is a severe bug in version 1.9.0, which can lock users out from their accounts. + When updating from a previous version to 1.9.0, existing stored passwords are rehashed + with a more secure password hash mechanism when a user first logs in after the update. + This happens when the password hashing mechanism was left at default and not specifically + set in the configuration. An error in the implementation will destroy the stored password + instead and the user can no longer log in. + + Only certain circumstances will lead to this wrong behaviour. It will most likely + affect users of the Gitblit Docker container. If you did not encounter any problems, + update to 1.9.1 to be on the safe side. If you were hit by this bug, we are deeply sorry. + There is no way to fix the affected accounts other than to set a new password. + + This is fixed in 1.9.1. Updates of existing installations should be made to 1.9.1, not 1.9.0. + '' security: ~ - fixes: ~ + fixes: + - Fixed broken password hash upgrade destroying existing stored passwords on update. + - Fixed Linux service scripts to use `-cp` parameter instead of `-jar`. changes: ~ additions: ~ dependencyChanges: ~ @@ -36,7 +58,8 @@ r30: { When the `realm.ldap.bindpattern` property is set, GitBlit will only bind as the user to LDAP, not to a manager account or anonymously. - Older password storage mechanisms are deprecated, PBKDF2 is the new default. When you switch from plaintext to a hashed scheme, or from the older hashed to the new PBKDF2 scheme, the stored password of a user will be rehashed with the more secure mechanism when the user logs in. + Older password storage mechanisms are deprecated, PBKDF2 is the new default. When you switch from plaintext to a hashed scheme, or from the older hashed to the new PBKDF2 scheme, the stored password of a user will be rehashed with the more secure mechanism when the user logs in. + !! THIS IS BROKEN IN 1.9.0. DO NOT UPDATE TO 1.9.0. USE 1.9.1 INSTEAD !! '' html: ~ text: '' diff --git a/src/site/upgrade_go.mkd b/src/site/upgrade_go.mkd index a0092588..4bc2272f 100644 --- a/src/site/upgrade_go.mkd +++ b/src/site/upgrade_go.mkd @@ -1,3 +1,25 @@ +## Upgrading Gitblit GO (1.9.1+) + +The command line to start Gitblit has changed from + +``` +java -jar gitblit.jar --baseFolder data +``` + +to + +``` +java -cp "gitblit.jar:ext/*" com.gitblit.GitBlitServer --baseFolder data +``` + +or on Windows to + +``` +java -cp gitblit.jar;"%CD%\ext\*" com.gitblit.GitBlitServer --baseFolder data +``` + +The class path and main class need to be specified now. If you have installed Gitblit as a service you will need to adjust the service scripts or definitions accordingly. + ## Upgrading Gitblit GO (1.7.0+) The default `gitblit.properties` file has been split into two files: `gitblit.properties`, which is the recommended file for setting your configuration, and `defaults.properties` which are Gitblit's default settings. -- cgit v1.2.3