u/ewong/rhodecode-enterprise-ce-fork Files · docs/release-notes/release-notes-4.11.6.rst

mercurial: protocol security updates....

mercurial: protocol security updates. - fixes Mercurial CVE for lack of permissions checking on mercurial batch commands - more strict checks for permissions, now default to push instead of pull to be always on safe side. - decypher batch commands and pick top-most permission to be used

marcink - - Load All Authors

File last commit:

r2665:f42f8690 stable


                r2724:7a057a98

default

Download file

             release-notes-4.11.6.rst
        
                    41 lines
            
             | 489 B
            
                | text/x-rst
            
             |
                RstLexer

/ docs / release-notes / release-notes-4.11.6.rst

History | Annotation | Raw |Copy content |Copy permalink

|RCE| 4.11.6 |RNS|
Release Date
2018-03-28


New Features

General

Security
api(high): fixed unauthorized access to repositories using forged api requests.


Performance

Fixes

Upgrade notes
Unscheduled security release addressing found vulnerability in the API that
allows attackers to gain access to repositories in unauthorized way by forging
data in the API request.

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages