##// END OF EJS Templates
config: updated header limits on gunicorn
config: updated header limits on gunicorn

File last commit:

r2257:9c2fac6d stable
r3527:57fb7c38 default
Show More
release-notes-4.10.5.rst
55 lines | 1.3 KiB | text/x-rst | RstLexer

|RCE| 4.10.5 |RNS|

Release Date

  • 2017-11-23

New Features

General

  • dependencies: pin against rhodecode-tools 0.13.1. Fixes a cleanup-repos bug.

Security

  • Pull requests: security(low), check for permissions on exposure of repo-refs. Prevents exposure of branches/tags on private repositories.
  • Metatags: limit the scope of url => metatag to http, https and / links. Prevents possible JS injection in those types of links which is unsafe.

Performance

Fixes

  • Emails: fixed validation of emails with whitespace in them.
  • Repo groups: fix bad route redirect on check if user tried to revoke permissions on himself.
  • Comments: place the left over comments (outdated/misplaced) to the left or right pane in side-by-side diff.
  • Comments: allow to properly initialize outdated comments that are still attached. Fixes a problem when outdated TODO notes couldn't be properly resolved.
  • Diffs: fixed problem with rendering no newline at the end of file markers. In case of unified diff that would show incorrect diffs in rare cases.
  • Settings: fix potential 500 problem on bad data passed in.

Upgrade notes

  • Fixes regression in nested repository groups update. No upgrade problems should be expected