##// END OF EJS Templates
docs: added release notes for 4.9.1
marcink -
r2197:4edcf89e stable
parent child Browse files
Show More
@@ -0,0 +1,54 b''
1 |RCE| 4.9.1 |RNS|
2 -----------------
3
4 Release Date
5 ^^^^^^^^^^^^
6
7 - 2017-10-26
8
9
10 New Features
11 ^^^^^^^^^^^^
12
13
14
15 General
16 ^^^^^^^
17
18
19
20 Security
21 ^^^^^^^^
22
23 - security(critical): repo-forks: fix issue when forging fork_repo_id parameter
24 could allow reading other people forks.
25 - security(high): auth: don't expose full set of permissions into channelstream
26 payload. Forged requests could return list of private repositories in the system.
27 - security(medium): general-security: limit the maximum password input length
28 to 72 characters.
29 - security(medium): select2: always escape .text attributes to prevent XSS
30 via branches or tags names.
31
32
33
34 Performance
35 ^^^^^^^^^^^
36
37 - git: improve performance and reduce memory usage on large clones.
38
39
40
41 Fixes
42 ^^^^^
43
44
45 - user-groups: fix potential problem with ldap group sync in external auth plugins.
46
47
48
49 Upgrade notes
50 ^^^^^^^^^^^^^
51
52 - This release changes the maximum allowed input password to 72 characters. This
53 prevent resource consumption attack. If you need longer password than 72
54 characters please contact our team.
@@ -9,6 +9,7 b' Release Notes'
9 9 .. toctree::
10 10 :maxdepth: 1
11 11
12 release-notes-4.9.1.rst
12 13 release-notes-4.9.0.rst
13 14 release-notes-4.8.0.rst
14 15 release-notes-4.7.2.rst
General Comments 0
You need to be logged in to leave comments. Login now