##// END OF EJS Templates
release: merge back stable branch into default
marcink -
r2757:4b0930b4 merge default
parent child Browse files
Show More
@@ -0,0 +1,41 b''
1 |RCE| 4.12.2 |RNS|
2 ------------------
3
4 Release Date
5 ^^^^^^^^^^^^
6
7 - 2018-05-16
8
9
10 New Features
11 ^^^^^^^^^^^^
12
13
14
15 General
16 ^^^^^^^
17
18 - Jenkins: further improve handling of proxied Jenkins server.
19
20
21 Security
22 ^^^^^^^^
23
24 - SSH: fixed found problem with key-storage that could allow remote logins
25 performed by rhodecode authorized users with specially crafted SSH Keys.
26
27
28 Performance
29 ^^^^^^^^^^^
30
31
32
33 Fixes
34 ^^^^^
35
36
37
38 Upgrade notes
39 ^^^^^^^^^^^^^
40
41 - Unscheduled release addressing found security problem.
@@ -37,3 +37,4 b' 8fbd8b0c3ddc2fa4ac9e4ca16942a03eb593df2d'
37 f0609aa5d5d05a1ca2f97c3995542236131c9d8a v4.11.6
37 f0609aa5d5d05a1ca2f97c3995542236131c9d8a v4.11.6
38 b5b30547d90d2e088472a70c84878f429ffbf40d v4.12.0
38 b5b30547d90d2e088472a70c84878f429ffbf40d v4.12.0
39 9072253aa8894d20c00b4a43dc61c2168c1eff94 v4.12.1
39 9072253aa8894d20c00b4a43dc61c2168c1eff94 v4.12.1
40 6a517543ea9ef9987d74371bd2a315eb0b232dc9 v4.12.2
@@ -32,7 +32,7 b' New Features'
32 prevent problems when connection to LDAP is not stable causing RhodeCode
32 prevent problems when connection to LDAP is not stable causing RhodeCode
33 instances to freeze waiting on LDAP connections.
33 instances to freeze waiting on LDAP connections.
34 - User groups: expose public user group profiles. Allows to see members of a user
34 - User groups: expose public user group profiles. Allows to see members of a user
35 groups by other team members, if they have proper permissions.
35 group by other team members, if they have proper permissions.
36 - UI: show pull request page in quick nav menu on my account for quicker access.
36 - UI: show pull request page in quick nav menu on my account for quicker access.
37 - UI: hidden/outdated comments now have visible markers next to line numbers.
37 - UI: hidden/outdated comments now have visible markers next to line numbers.
38 This allows access to them without showing all hidden comments.
38 This allows access to them without showing all hidden comments.
@@ -114,7 +114,7 b' Fixes'
114 - Pull requests: fixed cases with default expected refs are closed or unavailable.
114 - Pull requests: fixed cases with default expected refs are closed or unavailable.
115 For Mercurial with closed default branch a compare across forks could fail.
115 For Mercurial with closed default branch a compare across forks could fail.
116 - Core: properly report 502 errors for gevent and gunicorn.
116 - Core: properly report 502 errors for gevent and gunicorn.
117 Gevent wtih Gunicorn doesn't raise normal pycurl errors.
117 Gevent with Gunicorn doesn't raise normal pycurl errors.
118 - Auth plugins: fixed problem with cache of settings in multi-worker mode.
118 - Auth plugins: fixed problem with cache of settings in multi-worker mode.
119 The previous implementation had a bug that cached the settings in each class,
119 The previous implementation had a bug that cached the settings in each class,
120 caused not refreshing the update of settings in multi-worker mode.
120 caused not refreshing the update of settings in multi-worker mode.
@@ -138,6 +138,7 b' A check and migrate of SVN hooks is requ'
138 all SVN hook to latest available version. To migrate single repository only,
138 all SVN hook to latest available version. To migrate single repository only,
139 please go to the following url: `your-rhodecode-server.com/REPO_NAME/settings/advanced/hooks`
139 please go to the following url: `your-rhodecode-server.com/REPO_NAME/settings/advanced/hooks`
140
140
141 - Diff caches are turned off by default for backward compatibility. We however recommend
141 - Diff caches are turned off by default for backward compatibility.
142 turning them on either individually for bigger repositories or globally for every repository.
142 We however recommend turning them on either individually for bigger
143 repositories or globally for every repository.
143 This setting can be found in admin > settings > vcs, or repository > settings > vcs
144 This setting can be found in admin > settings > vcs, or repository > settings > vcs
@@ -9,6 +9,7 b' Release Notes'
9 .. toctree::
9 .. toctree::
10 :maxdepth: 1
10 :maxdepth: 1
11
11
12 release-notes-4.12.2.rst
12 release-notes-4.12.1.rst
13 release-notes-4.12.1.rst
13 release-notes-4.12.0.rst
14 release-notes-4.12.0.rst
14 release-notes-4.11.6.rst
15 release-notes-4.11.6.rst
@@ -835,7 +835,7 b' class UsersView(UserAppView):'
835 fingerprint = key.hash_md5()
835 fingerprint = key.hash_md5()
836
836
837 ssh_key = SshKeyModel().create(
837 ssh_key = SshKeyModel().create(
838 c.user.user_id, fingerprint, key_data, description)
838 c.user.user_id, fingerprint, key.keydata, description)
839 ssh_key_data = ssh_key.get_api_data()
839 ssh_key_data = ssh_key.get_api_data()
840
840
841 audit_logger.store_web(
841 audit_logger.store_web(
@@ -98,7 +98,7 b' class MyAccountSshKeysView(BaseAppView, '
98 fingerprint = key.hash_md5()
98 fingerprint = key.hash_md5()
99
99
100 ssh_key = SshKeyModel().create(
100 ssh_key = SshKeyModel().create(
101 c.user.user_id, fingerprint, key_data, description)
101 c.user.user_id, fingerprint, key.keydata, description)
102 ssh_key_data = ssh_key.get_api_data()
102 ssh_key_data = ssh_key.get_api_data()
103
103
104 audit_logger.store_web(
104 audit_logger.store_web(
@@ -84,16 +84,23 b' def _generate_ssh_authorized_keys_file('
84 for user_key in all_active_keys:
84 for user_key in all_active_keys:
85 username = user_key.user.username
85 username = user_key.user.username
86 user_id = user_key.user.user_id
86 user_id = user_key.user.user_id
87 # replace all newline from ends and inside
88 safe_key_data = user_key.ssh_key_data\
89 .strip()\
90 .replace('\n', ' ') \
91 .replace('\t', ' ') \
92 .replace('\r', ' ')
87
93
88 keys_file.write(
94 line = line_tmpl.format(
89 line_tmpl.format(
90 ssh_opts=ssh_opts or SSH_OPTS,
95 ssh_opts=ssh_opts or SSH_OPTS,
91 wrapper_command=ssh_wrapper_cmd,
96 wrapper_command=ssh_wrapper_cmd,
92 ini_path=ini_path,
97 ini_path=ini_path,
93 user_id=user_id,
98 user_id=user_id,
94 user=username,
99 user=username,
95 user_key_id=user_key.ssh_key_id,
100 user_key_id=user_key.ssh_key_id,
96 key=user_key.ssh_key_data))
101 key=safe_key_data)
102
103 keys_file.write(line)
97 log.debug('addkey: Key added for user: `%s`', username)
104 log.debug('addkey: Key added for user: `%s`', username)
98 keys_file.close()
105 keys_file.close()
99
106
@@ -8,13 +8,13 b''
8 </p>
8 </p>
9 <h4>${_('Private key')}</h4>
9 <h4>${_('Private key')}</h4>
10 <pre>
10 <pre>
11 # Save the content as
11 # Save the below content as
12 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_priv.key
12 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
13 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_priv.key
13 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
14 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
14 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
15
15
16 # Change permissions to 0600 to make it secure, and usable.
16 # Change permissions to 0600 to make it secure, and usable.
17 e.g chmod 0600 /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
17 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
18 </pre>
18 </pre>
19
19
20 <div>
20 <div>
@@ -24,10 +24,10 b' e.g chmod 0600 /home/<username>/.ssh/id_'
24
24
25 <h4>${_('Public key')}</h4>
25 <h4>${_('Public key')}</h4>
26 <pre>
26 <pre>
27 # Save the content as
27 # Save the below content as
28 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_pub.key
28 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
29 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_pub.key
29 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
30 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_pub.key
30 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
31 </pre>
31 </pre>
32
32
33 <input type="text" value="${c.public}" class="large text" size="100"/>
33 <input type="text" value="${c.public}" class="large text" size="100"/>
General Comments 0
You need to be logged in to leave comments. Login now