Show More
| @@ -0,0 +1,54 b'' | |||||
|
|
1 | |RCE| 4.9.1 |RNS| | |||
|
|
2 | ----------------- | |||
|
|
3 | ||||
|
|
4 | Release Date | |||
|
|
5 | ^^^^^^^^^^^^ | |||
|
|
6 | ||||
|
|
7 | - 2017-10-26 | |||
|
|
8 | ||||
|
|
9 | ||||
|
|
10 | New Features | |||
|
|
11 | ^^^^^^^^^^^^ | |||
|
|
12 | ||||
|
|
13 | ||||
|
|
14 | ||||
|
|
15 | General | |||
|
|
16 | ^^^^^^^ | |||
|
|
17 | ||||
|
|
18 | ||||
|
|
19 | ||||
|
|
20 | Security | |||
|
|
21 | ^^^^^^^^ | |||
|
|
22 | ||||
|
|
23 | - security(critical): repo-forks: fix issue when forging fork_repo_id parameter | |||
|
|
24 | could allow reading other people forks. | |||
|
|
25 | - security(high): auth: don't expose full set of permissions into channelstream | |||
|
|
26 | payload. Forged requests could return list of private repositories in the system. | |||
|
|
27 | - security(medium): general-security: limit the maximum password input length | |||
|
|
28 | to 72 characters. | |||
|
|
29 | - security(medium): select2: always escape .text attributes to prevent XSS | |||
|
|
30 | via branches or tags names. | |||
|
|
31 | ||||
|
|
32 | ||||
|
|
33 | ||||
|
|
34 | Performance | |||
|
|
35 | ^^^^^^^^^^^ | |||
|
|
36 | ||||
|
|
37 | - git: improve performance and reduce memory usage on large clones. | |||
|
|
38 | ||||
|
|
39 | ||||
|
|
40 | ||||
|
|
41 | Fixes | |||
|
|
42 | ^^^^^ | |||
|
|
43 | ||||
|
|
44 | ||||
|
|
45 | - user-groups: fix potential problem with ldap group sync in external auth plugins. | |||
|
|
46 | ||||
|
|
47 | ||||
|
|
48 | ||||
|
|
49 | Upgrade notes | |||
|
|
50 | ^^^^^^^^^^^^^ | |||
|
|
51 | ||||
|
|
52 | - This release changes the maximum allowed input password to 72 characters. This | |||
|
|
53 | prevent resource consumption attack. If you need longer password than 72 | |||
|
|
54 | characters please contact our team. | |||
General Comments 0
You need to be logged in to leave comments.
Login now