Show More
@@ -0,0 +1,54 b'' | |||||
|
1 | |RCE| 4.9.1 |RNS| | |||
|
2 | ----------------- | |||
|
3 | ||||
|
4 | Release Date | |||
|
5 | ^^^^^^^^^^^^ | |||
|
6 | ||||
|
7 | - 2017-10-26 | |||
|
8 | ||||
|
9 | ||||
|
10 | New Features | |||
|
11 | ^^^^^^^^^^^^ | |||
|
12 | ||||
|
13 | ||||
|
14 | ||||
|
15 | General | |||
|
16 | ^^^^^^^ | |||
|
17 | ||||
|
18 | ||||
|
19 | ||||
|
20 | Security | |||
|
21 | ^^^^^^^^ | |||
|
22 | ||||
|
23 | - security(critical): repo-forks: fix issue when forging fork_repo_id parameter | |||
|
24 | could allow reading other people forks. | |||
|
25 | - security(high): auth: don't expose full set of permissions into channelstream | |||
|
26 | payload. Forged requests could return list of private repositories in the system. | |||
|
27 | - security(medium): general-security: limit the maximum password input length | |||
|
28 | to 72 characters. | |||
|
29 | - security(medium): select2: always escape .text attributes to prevent XSS | |||
|
30 | via branches or tags names. | |||
|
31 | ||||
|
32 | ||||
|
33 | ||||
|
34 | Performance | |||
|
35 | ^^^^^^^^^^^ | |||
|
36 | ||||
|
37 | - git: improve performance and reduce memory usage on large clones. | |||
|
38 | ||||
|
39 | ||||
|
40 | ||||
|
41 | Fixes | |||
|
42 | ^^^^^ | |||
|
43 | ||||
|
44 | ||||
|
45 | - user-groups: fix potential problem with ldap group sync in external auth plugins. | |||
|
46 | ||||
|
47 | ||||
|
48 | ||||
|
49 | Upgrade notes | |||
|
50 | ^^^^^^^^^^^^^ | |||
|
51 | ||||
|
52 | - This release changes the maximum allowed input password to 72 characters. This | |||
|
53 | prevent resource consumption attack. If you need longer password than 72 | |||
|
54 | characters please contact our team. |
General Comments 0
You need to be logged in to leave comments.
Login now