| | |
|---|
| | | note: "The default access restriction has been elevated from NONE to PUSH and anonymous push access has been disabled." |
|---|
| | | html: ~ |
|---|
| | | text: ~ |
|---|
| | | security: ~ |
|---|
| | | security: |
|---|
| | | - ''issue-361: Cookies were not reset on administrative password change of a user account. |
|---|
| | | This allowed accounts with changed passwords to continue authenticating. |
|---|
| | | Cookies are now reset on password changes, they are validated on each page request, |
|---|
| | | AND they will now expire 7 days after generation. |
|---|
| | | '' |
|---|
| | | fixes: |
|---|
| | | - Fixed incorrect tagger attribution in the dashboard (issue-276) |
|---|
| | | - Fixed support for implied SSH urls in web.otherUrls (issue-311) |
|---|
| | |
|---|
| | | - Reversed line links in blob view (issue-309) |
|---|
| | | - Dashboard and Activity pages now obey the web.generateActivityGraph setting (issue-310) |
|---|
| | | - Do not log passwords on failed authentication attempts (issue-316) |
|---|
| | | - Show displayname and username in palettes (issue-364) |
|---|
| | | - Updated default binary and Lucene ignore extensions |
|---|
| | | - Change the WAR baseFolder context parameter to a JNDI env-entry to improve enterprise deployments |
|---|
| | | - Removed internal Gitblit ref exclusions in the upload pack |
|---|
