##// END OF EJS Templates
mercurial: protocol security updates....
mercurial: protocol security updates. - fixes Mercurial CVE for lack of permissions checking on mercurial batch commands - more strict checks for permissions, now default to push instead of pull to be always on safe side. - decypher batch commands and pick top-most permission to be used

File last commit:

r1167:c0cc2e45 default
r2724:7a057a98 default
Show More
release-notes-4.4.2.rst
41 lines | 766 B | text/x-rst | RstLexer

|RCE| 4.4.2 |RNS|

Release Date

  • 2016-10-17

New Features

General

  • Packaging: pinned against rhodecode-tools 0.10.1

Security

  • Integrations: fix 500 error on integrations page when delegated admin tried to access integration page after adding some integrations. Permission checks were to strict for delegated admins.

Performance

Fixes

  • Vcsserver: make sure we correctly ping against bundled HG/GIT/SVN binaries. This should fix a problem where system binaries could be used accidentally by the RhodeCode.
  • LDAP: fixed email extraction issues. Empty email addresses from LDAP server will no longer take precedence over those stored inside RhodeCode database.