u/pc/rhodecode-enterprise-ce-fork-pc Files · docs/release-notes/release-notes-4.9.1.rst

pull-requests: handle non-ascii branches from short branch selector via URL

marcink - - Load All Authors

File last commit:

r2197:4edcf89e stable


                r3504:7963a3f6

stable

Download file

             release-notes-4.9.1.rst
        
                    54 lines
            
             | 1.0 KiB
            
                | text/x-rst
            
             |
                RstLexer

/ docs / release-notes / release-notes-4.9.1.rst

History | Annotation | Raw |Copy content |Copy permalink

|RCE| 4.9.1 |RNS|
Release Date
2017-10-26


New Features

General

Security
security(critical): repo-forks: fix issue when forging fork_repo_id parameter
could allow reading other people forks.
security(high): auth: don't expose full set of permissions into channelstream
payload. Forged requests could return list of private repositories in the system.
security(medium): general-security: limit the maximum password input length
to 72 characters.
security(medium): select2: always escape .text attributes to prevent XSS
via branches or tags names.


Performance
git: improve performance and reduce memory usage on large clones.


Fixes
user-groups: fix potential problem with ldap group sync in external auth plugins.


Upgrade notes
This release changes the maximum allowed input password to 72 characters. This
prevent resource consumption attack. If you need longer password than 72
characters please contact our team.

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages