rhodecode-enterprise-ce Files · docs/release-notes/release-notes-4.9.1.rst

pull-requests: add merge check that detects WIP marker in title. This will prevent merges in such case....

pull-requests: add merge check that detects WIP marker in title. This will prevent merges in such case. Usually WIP in title means unfinished task that needs still some work. This pattern is present in Gitlab/Github and is already quite common.

marcink - - Load All Authors

File last commit:

r2197:4edcf89e stable


                r4099:c12e69d0

default

Download file

             release-notes-4.9.1.rst
        
                    54 lines
            
             | 1.0 KiB
            
                | text/x-rst
            
             |
                RstLexer
            
             / docs / release-notes / release-notes-4.9.1.rst
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
docs: added release notes for 4.9.1

              r2197
            
      |RCE| 4.9.1 |RNS|

      -----------------

      Release Date

      ^^^^^^^^^^^^

      - 2017-10-26

      New Features

      ^^^^^^^^^^^^

      General

      ^^^^^^^

      Security

      ^^^^^^^^

      - security(critical): repo-forks: fix issue when forging fork_repo_id parameter

        could allow reading other people forks.

      - security(high): auth: don't expose full set of permissions into channelstream

        payload. Forged requests could return list of private repositories in the system.

      - security(medium): general-security: limit the maximum password input length

        to 72 characters.

      - security(medium): select2: always escape .text attributes to prevent XSS

        via branches or tags names.

      Performance

      ^^^^^^^^^^^

      - git: improve performance and reduce memory usage on large clones.

      Fixes

      ^^^^^

      - user-groups: fix potential problem with ldap group sync in external auth plugins.

      Upgrade notes

      ^^^^^^^^^^^^^

      - This release changes the maximum allowed input password to 72 characters. This

        prevent resource consumption attack. If you need longer password than 72

        characters please contact our team.

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink docs: added release notes for 4.9.1	r2197	\|RCE\| 4.9.1 \|RNS\|
		-----------------

		Release Date
		^^^^^^^^^^^^

		- 2017-10-26


		New Features
		^^^^^^^^^^^^



		General
		^^^^^^^



		Security
		^^^^^^^^

		- security(critical): repo-forks: fix issue when forging fork_repo_id parameter
		could allow reading other people forks.
		- security(high): auth: don't expose full set of permissions into channelstream
		payload. Forged requests could return list of private repositories in the system.
		- security(medium): general-security: limit the maximum password input length
		to 72 characters.
		- security(medium): select2: always escape .text attributes to prevent XSS
		via branches or tags names.



		Performance
		^^^^^^^^^^^

		- git: improve performance and reduce memory usage on large clones.



		Fixes
		^^^^^


		- user-groups: fix potential problem with ldap group sync in external auth plugins.



		Upgrade notes
		^^^^^^^^^^^^^

		- This release changes the maximum allowed input password to 72 characters. This
		prevent resource consumption attack. If you need longer password than 72
		characters please contact our team.