##// END OF EJS Templates
release: merge back stable branch into default
marcink -
r2202:a5ea97da merge default
parent child Browse files
Show More
@@ -0,0 +1,54 b''
1 |RCE| 4.9.1 |RNS|
2 -----------------
3
4 Release Date
5 ^^^^^^^^^^^^
6
7 - 2017-10-26
8
9
10 New Features
11 ^^^^^^^^^^^^
12
13
14
15 General
16 ^^^^^^^
17
18
19
20 Security
21 ^^^^^^^^
22
23 - security(critical): repo-forks: fix issue when forging fork_repo_id parameter
24 could allow reading other people forks.
25 - security(high): auth: don't expose full set of permissions into channelstream
26 payload. Forged requests could return list of private repositories in the system.
27 - security(medium): general-security: limit the maximum password input length
28 to 72 characters.
29 - security(medium): select2: always escape .text attributes to prevent XSS
30 via branches or tags names.
31
32
33
34 Performance
35 ^^^^^^^^^^^
36
37 - git: improve performance and reduce memory usage on large clones.
38
39
40
41 Fixes
42 ^^^^^
43
44
45 - user-groups: fix potential problem with ldap group sync in external auth plugins.
46
47
48
49 Upgrade notes
50 ^^^^^^^^^^^^^
51
52 - This release changes the maximum allowed input password to 72 characters. This
53 prevent resource consumption attack. If you need longer password than 72
54 characters please contact our team.
@@ -20,3 +20,4 b' 7198bdec29c2872c974431d55200d0398354cdb1'
20 20 bd1c8d230fe741c2dfd7100a0ef39fd0774fd581 v4.7.2
21 21 9731914f89765d9628dc4dddc84bc9402aa124c8 v4.8.0
22 22 c5a2b7d0e4bbdebc4a62d7b624befe375207b659 v4.9.0
23 d9aa3b27ac9f7e78359775c75fedf7bfece232f1 v4.9.1
@@ -9,6 +9,7 b' Release Notes'
9 9 .. toctree::
10 10 :maxdepth: 1
11 11
12 release-notes-4.9.1.rst
12 13 release-notes-4.9.0.rst
13 14 release-notes-4.8.0.rst
14 15 release-notes-4.7.2.rst
General Comments 0
You need to be logged in to leave comments. Login now