Show More
@@ -0,0 +1,41 b'' | |||||
|
1 | |RCE| 4.12.2 |RNS| | |||
|
2 | ------------------ | |||
|
3 | ||||
|
4 | Release Date | |||
|
5 | ^^^^^^^^^^^^ | |||
|
6 | ||||
|
7 | - 2018-05-16 | |||
|
8 | ||||
|
9 | ||||
|
10 | New Features | |||
|
11 | ^^^^^^^^^^^^ | |||
|
12 | ||||
|
13 | ||||
|
14 | ||||
|
15 | General | |||
|
16 | ^^^^^^^ | |||
|
17 | ||||
|
18 | - Jenkins: further improve handling of proxied Jenkins server. | |||
|
19 | ||||
|
20 | ||||
|
21 | Security | |||
|
22 | ^^^^^^^^ | |||
|
23 | ||||
|
24 | - SSH: fixed found problem with key-storage that could allow remote logins | |||
|
25 | performed by rhodecode authorized users with specially crafted SSH Keys. | |||
|
26 | ||||
|
27 | ||||
|
28 | Performance | |||
|
29 | ^^^^^^^^^^^ | |||
|
30 | ||||
|
31 | ||||
|
32 | ||||
|
33 | Fixes | |||
|
34 | ^^^^^ | |||
|
35 | ||||
|
36 | ||||
|
37 | ||||
|
38 | Upgrade notes | |||
|
39 | ^^^^^^^^^^^^^ | |||
|
40 | ||||
|
41 | - Unscheduled release addressing found security problem. |
@@ -37,3 +37,4 b' 8fbd8b0c3ddc2fa4ac9e4ca16942a03eb593df2d' | |||||
37 | f0609aa5d5d05a1ca2f97c3995542236131c9d8a v4.11.6 |
|
37 | f0609aa5d5d05a1ca2f97c3995542236131c9d8a v4.11.6 | |
38 | b5b30547d90d2e088472a70c84878f429ffbf40d v4.12.0 |
|
38 | b5b30547d90d2e088472a70c84878f429ffbf40d v4.12.0 | |
39 | 9072253aa8894d20c00b4a43dc61c2168c1eff94 v4.12.1 |
|
39 | 9072253aa8894d20c00b4a43dc61c2168c1eff94 v4.12.1 | |
|
40 | 6a517543ea9ef9987d74371bd2a315eb0b232dc9 v4.12.2 |
@@ -32,7 +32,7 b' New Features' | |||||
32 | prevent problems when connection to LDAP is not stable causing RhodeCode |
|
32 | prevent problems when connection to LDAP is not stable causing RhodeCode | |
33 | instances to freeze waiting on LDAP connections. |
|
33 | instances to freeze waiting on LDAP connections. | |
34 | - User groups: expose public user group profiles. Allows to see members of a user |
|
34 | - User groups: expose public user group profiles. Allows to see members of a user | |
35 |
group |
|
35 | group by other team members, if they have proper permissions. | |
36 | - UI: show pull request page in quick nav menu on my account for quicker access. |
|
36 | - UI: show pull request page in quick nav menu on my account for quicker access. | |
37 | - UI: hidden/outdated comments now have visible markers next to line numbers. |
|
37 | - UI: hidden/outdated comments now have visible markers next to line numbers. | |
38 | This allows access to them without showing all hidden comments. |
|
38 | This allows access to them without showing all hidden comments. | |
@@ -114,7 +114,7 b' Fixes' | |||||
114 | - Pull requests: fixed cases with default expected refs are closed or unavailable. |
|
114 | - Pull requests: fixed cases with default expected refs are closed or unavailable. | |
115 | For Mercurial with closed default branch a compare across forks could fail. |
|
115 | For Mercurial with closed default branch a compare across forks could fail. | |
116 | - Core: properly report 502 errors for gevent and gunicorn. |
|
116 | - Core: properly report 502 errors for gevent and gunicorn. | |
117 |
Gevent w |
|
117 | Gevent with Gunicorn doesn't raise normal pycurl errors. | |
118 | - Auth plugins: fixed problem with cache of settings in multi-worker mode. |
|
118 | - Auth plugins: fixed problem with cache of settings in multi-worker mode. | |
119 | The previous implementation had a bug that cached the settings in each class, |
|
119 | The previous implementation had a bug that cached the settings in each class, | |
120 | caused not refreshing the update of settings in multi-worker mode. |
|
120 | caused not refreshing the update of settings in multi-worker mode. | |
@@ -138,6 +138,7 b' A check and migrate of SVN hooks is requ' | |||||
138 | all SVN hook to latest available version. To migrate single repository only, |
|
138 | all SVN hook to latest available version. To migrate single repository only, | |
139 | please go to the following url: `your-rhodecode-server.com/REPO_NAME/settings/advanced/hooks` |
|
139 | please go to the following url: `your-rhodecode-server.com/REPO_NAME/settings/advanced/hooks` | |
140 |
|
140 | |||
141 |
- Diff caches are turned off by default for backward compatibility. |
|
141 | - Diff caches are turned off by default for backward compatibility. | |
142 | turning them on either individually for bigger repositories or globally for every repository. |
|
142 | We however recommend turning them on either individually for bigger | |
|
143 | repositories or globally for every repository. | |||
143 | This setting can be found in admin > settings > vcs, or repository > settings > vcs |
|
144 | This setting can be found in admin > settings > vcs, or repository > settings > vcs |
@@ -9,6 +9,7 b' Release Notes' | |||||
9 | .. toctree:: |
|
9 | .. toctree:: | |
10 | :maxdepth: 1 |
|
10 | :maxdepth: 1 | |
11 |
|
11 | |||
|
12 | release-notes-4.12.2.rst | |||
12 | release-notes-4.12.1.rst |
|
13 | release-notes-4.12.1.rst | |
13 | release-notes-4.12.0.rst |
|
14 | release-notes-4.12.0.rst | |
14 | release-notes-4.11.6.rst |
|
15 | release-notes-4.11.6.rst |
@@ -835,7 +835,7 b' class UsersView(UserAppView):' | |||||
835 | fingerprint = key.hash_md5() |
|
835 | fingerprint = key.hash_md5() | |
836 |
|
836 | |||
837 | ssh_key = SshKeyModel().create( |
|
837 | ssh_key = SshKeyModel().create( | |
838 |
c.user.user_id, fingerprint, key |
|
838 | c.user.user_id, fingerprint, key.keydata, description) | |
839 | ssh_key_data = ssh_key.get_api_data() |
|
839 | ssh_key_data = ssh_key.get_api_data() | |
840 |
|
840 | |||
841 | audit_logger.store_web( |
|
841 | audit_logger.store_web( |
@@ -98,7 +98,7 b' class MyAccountSshKeysView(BaseAppView, ' | |||||
98 | fingerprint = key.hash_md5() |
|
98 | fingerprint = key.hash_md5() | |
99 |
|
99 | |||
100 | ssh_key = SshKeyModel().create( |
|
100 | ssh_key = SshKeyModel().create( | |
101 |
c.user.user_id, fingerprint, key |
|
101 | c.user.user_id, fingerprint, key.keydata, description) | |
102 | ssh_key_data = ssh_key.get_api_data() |
|
102 | ssh_key_data = ssh_key.get_api_data() | |
103 |
|
103 | |||
104 | audit_logger.store_web( |
|
104 | audit_logger.store_web( |
@@ -84,16 +84,23 b' def _generate_ssh_authorized_keys_file(' | |||||
84 | for user_key in all_active_keys: |
|
84 | for user_key in all_active_keys: | |
85 | username = user_key.user.username |
|
85 | username = user_key.user.username | |
86 | user_id = user_key.user.user_id |
|
86 | user_id = user_key.user.user_id | |
|
87 | # replace all newline from ends and inside | |||
|
88 | safe_key_data = user_key.ssh_key_data\ | |||
|
89 | .strip()\ | |||
|
90 | .replace('\n', ' ') \ | |||
|
91 | .replace('\t', ' ') \ | |||
|
92 | .replace('\r', ' ') | |||
87 |
|
93 | |||
88 | keys_file.write( |
|
94 | line = line_tmpl.format( | |
89 | line_tmpl.format( |
|
|||
90 |
|
|
95 | ssh_opts=ssh_opts or SSH_OPTS, | |
91 |
|
|
96 | wrapper_command=ssh_wrapper_cmd, | |
92 |
|
|
97 | ini_path=ini_path, | |
93 |
|
|
98 | user_id=user_id, | |
94 |
|
|
99 | user=username, | |
95 |
|
|
100 | user_key_id=user_key.ssh_key_id, | |
96 |
|
|
101 | key=safe_key_data) | |
|
102 | ||||
|
103 | keys_file.write(line) | |||
97 | log.debug('addkey: Key added for user: `%s`', username) |
|
104 | log.debug('addkey: Key added for user: `%s`', username) | |
98 | keys_file.close() |
|
105 | keys_file.close() | |
99 |
|
106 |
@@ -8,13 +8,13 b'' | |||||
8 | </p> |
|
8 | </p> | |
9 | <h4>${_('Private key')}</h4> |
|
9 | <h4>${_('Private key')}</h4> | |
10 | <pre> |
|
10 | <pre> | |
11 | # Save the content as |
|
11 | # Save the below content as | |
12 |
# Windows: /Users/ |
|
12 | # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key | |
13 |
# macOS: /Users/ |
|
13 | # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key | |
14 |
# Linux: /home/ |
|
14 | # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key | |
15 |
|
15 | |||
16 | # Change permissions to 0600 to make it secure, and usable. |
|
16 | # Change permissions to 0600 to make it secure, and usable. | |
17 |
e.g chmod 0600 /home/ |
|
17 | e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key | |
18 | </pre> |
|
18 | </pre> | |
19 |
|
19 | |||
20 | <div> |
|
20 | <div> | |
@@ -24,10 +24,10 b' e.g chmod 0600 /home/<username>/.ssh/id_' | |||||
24 |
|
24 | |||
25 | <h4>${_('Public key')}</h4> |
|
25 | <h4>${_('Public key')}</h4> | |
26 | <pre> |
|
26 | <pre> | |
27 | # Save the content as |
|
27 | # Save the below content as | |
28 |
# Windows: /Users/ |
|
28 | # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key | |
29 |
# macOS: /Users/ |
|
29 | # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key | |
30 |
# Linux: /home/ |
|
30 | # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key | |
31 | </pre> |
|
31 | </pre> | |
32 |
|
32 | |||
33 | <input type="text" value="${c.public}" class="large text" size="100"/> |
|
33 | <input type="text" value="${c.public}" class="large text" size="100"/> |
General Comments 0
You need to be logged in to leave comments.
Login now