rhodecode-enterprise-ce Files · docs/release-notes/release-notes-4.11.6.rst

svn: fixed case of wrong extracted repository name for SSH backend. In cases...

svn: fixed case of wrong extracted repository name for SSH backend. In cases where we commited to a nested subdirs SVN reported the access path with the subdir paths in it. We couldn't then match that extended name into proper rhodecode repository for ACL checks. - Current implementation gives an slight overhead as we have to lookup all repositories - fixes

marcink - - Load All Authors

File last commit:

r2665:f42f8690 stable


                r4281:5da17e74

default

Download file

             release-notes-4.11.6.rst
        
                    41 lines
            
             | 489 B
            
                | text/x-rst
            
             |
                RstLexer

/ docs / release-notes / release-notes-4.11.6.rst

History | Annotation | Raw |Copy content |Copy permalink

|RCE| 4.11.6 |RNS|
Release Date
2018-03-28


New Features

General

Security
api(high): fixed unauthorized access to repositories using forged api requests.


Performance

Fixes

Upgrade notes
Unscheduled security release addressing found vulnerability in the API that
allows attackers to gain access to repositories in unauthorized way by forging
data in the API request.

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages