##// END OF EJS Templates
permissions: handle more cases for invalidating permission caches...
permissions: handle more cases for invalidating permission caches - invalidate user permissions on chaning the global permissions - invalidate all users in case of creating new object with "copy permissions" flag - invalidate all users permissions in case of repo/repo group renames - invalidate all user permissions in forked repo with copy flag

File last commit:

r2257:9c2fac6d stable
r3411:2e06ebce stable
Show More
release-notes-4.10.5.rst
55 lines | 1.3 KiB | text/x-rst | RstLexer

|RCE| 4.10.5 |RNS|

Release Date

  • 2017-11-23

New Features

General

  • dependencies: pin against rhodecode-tools 0.13.1. Fixes a cleanup-repos bug.

Security

  • Pull requests: security(low), check for permissions on exposure of repo-refs. Prevents exposure of branches/tags on private repositories.
  • Metatags: limit the scope of url => metatag to http, https and / links. Prevents possible JS injection in those types of links which is unsafe.

Performance

Fixes

  • Emails: fixed validation of emails with whitespace in them.
  • Repo groups: fix bad route redirect on check if user tried to revoke permissions on himself.
  • Comments: place the left over comments (outdated/misplaced) to the left or right pane in side-by-side diff.
  • Comments: allow to properly initialize outdated comments that are still attached. Fixes a problem when outdated TODO notes couldn't be properly resolved.
  • Diffs: fixed problem with rendering no newline at the end of file markers. In case of unified diff that would show incorrect diffs in rare cases.
  • Settings: fix potential 500 problem on bad data passed in.

Upgrade notes

  • Fixes regression in nested repository groups update. No upgrade problems should be expected