##// END OF EJS Templates
ui: changed calls for edit caches to use repo id instead of a name for safer calls to repos which paths have special characters
ui: changed calls for edit caches to use repo id instead of a name for safer calls to repos which paths have special characters

File last commit:

r5557:c1a812dd default
r5646:5f89ea3a default
Show More
release-notes-5.3.0.rst
45 lines | 886 B | text/x-rst | RstLexer
/ docs / release-notes / release-notes-5.3.0.rst
docs: added 5.3.0 release notes
r5557 |RCE| 5.3.0 |RNS|
-----------------
Release Date
^^^^^^^^^^^^
- 2024-09-17
New Features
^^^^^^^^^^^^
- System-info: expose rhodecode config for better visibility of set settings for RhodeCode system.
General
^^^^^^^
Security
^^^^^^^^
- Permissions: fixed security problem with apply-to-children from a repo group functionality breaking
permissions for private repositories exposing them despite repo being private.
- Git-lfs: fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids.
This allowed to replace an LFS OID content with malicious request tailored to open RhodeCode server.
Performance
^^^^^^^^^^^
Fixes
^^^^^
- Fixed problems with incorrect user agent errors
Upgrade notes
^^^^^^^^^^^^^
- RhodeCode 5.3.0 is unscheduled security release to address some build issues with 5.X images