##// END OF EJS Templates
fix(mercurial): fixed httppostargs logic
fix(mercurial): fixed httppostargs logic

File last commit:

r5557:c1a812dd default
r5606:faa7b2f4 default
Show More
release-notes-5.3.0.rst
45 lines | 886 B | text/x-rst | RstLexer

|RCE| 5.3.0 |RNS|

Release Date

  • 2024-09-17

New Features

  • System-info: expose rhodecode config for better visibility of set settings for RhodeCode system.

General

Security

  • Permissions: fixed security problem with apply-to-children from a repo group functionality breaking permissions for private repositories exposing them despite repo being private.
  • Git-lfs: fixed security problem with allowing off-chain attacks to replace OID data without validating hash for already present oids. This allowed to replace an LFS OID content with malicious request tailored to open RhodeCode server.

Performance

Fixes

  • Fixed problems with incorrect user agent errors

Upgrade notes

  • RhodeCode 5.3.0 is unscheduled security release to address some build issues with 5.X images