##// END OF EJS Templates
pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits....
pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits. This is required to increase the versions on each concurrent call. Otherwise we could get into an integrity errors of commitsha+version+repo

File last commit:

r2197:4edcf89e stable
r3408:2a133f7e stable
Show More
release-notes-4.9.1.rst
54 lines | 1.0 KiB | text/x-rst | RstLexer

|RCE| 4.9.1 |RNS|

Release Date

  • 2017-10-26

New Features

General

Security

  • security(critical): repo-forks: fix issue when forging fork_repo_id parameter could allow reading other people forks.
  • security(high): auth: don't expose full set of permissions into channelstream payload. Forged requests could return list of private repositories in the system.
  • security(medium): general-security: limit the maximum password input length to 72 characters.
  • security(medium): select2: always escape .text attributes to prevent XSS via branches or tags names.

Performance

  • git: improve performance and reduce memory usage on large clones.

Fixes

  • user-groups: fix potential problem with ldap group sync in external auth plugins.

Upgrade notes

  • This release changes the maximum allowed input password to 72 characters. This prevent resource consumption attack. If you need longer password than 72 characters please contact our team.