Show More
| @@ -0,0 +1,54 b'' | |||
|
|
1 | |RCE| 4.9.1 |RNS| | |
|
|
2 | ----------------- | |
|
|
3 | ||
|
|
4 | Release Date | |
|
|
5 | ^^^^^^^^^^^^ | |
|
|
6 | ||
|
|
7 | - 2017-10-26 | |
|
|
8 | ||
|
|
9 | ||
|
|
10 | New Features | |
|
|
11 | ^^^^^^^^^^^^ | |
|
|
12 | ||
|
|
13 | ||
|
|
14 | ||
|
|
15 | General | |
|
|
16 | ^^^^^^^ | |
|
|
17 | ||
|
|
18 | ||
|
|
19 | ||
|
|
20 | Security | |
|
|
21 | ^^^^^^^^ | |
|
|
22 | ||
|
|
23 | - security(critical): repo-forks: fix issue when forging fork_repo_id parameter | |
|
|
24 | could allow reading other people forks. | |
|
|
25 | - security(high): auth: don't expose full set of permissions into channelstream | |
|
|
26 | payload. Forged requests could return list of private repositories in the system. | |
|
|
27 | - security(medium): general-security: limit the maximum password input length | |
|
|
28 | to 72 characters. | |
|
|
29 | - security(medium): select2: always escape .text attributes to prevent XSS | |
|
|
30 | via branches or tags names. | |
|
|
31 | ||
|
|
32 | ||
|
|
33 | ||
|
|
34 | Performance | |
|
|
35 | ^^^^^^^^^^^ | |
|
|
36 | ||
|
|
37 | - git: improve performance and reduce memory usage on large clones. | |
|
|
38 | ||
|
|
39 | ||
|
|
40 | ||
|
|
41 | Fixes | |
|
|
42 | ^^^^^ | |
|
|
43 | ||
|
|
44 | ||
|
|
45 | - user-groups: fix potential problem with ldap group sync in external auth plugins. | |
|
|
46 | ||
|
|
47 | ||
|
|
48 | ||
|
|
49 | Upgrade notes | |
|
|
50 | ^^^^^^^^^^^^^ | |
|
|
51 | ||
|
|
52 | - This release changes the maximum allowed input password to 72 characters. This | |
|
|
53 | prevent resource consumption attack. If you need longer password than 72 | |
|
|
54 | characters please contact our team. | |
General Comments 0
You need to be logged in to leave comments.
Login now