Fixed session fixation vulnerability (issue 62)

James Moger

2012-02-09 e7883877a98dfcae3f75f1c1a562120d89aed22a

 docs/04_releases.mkd

@@ -4,6 +4,10 @@


**%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%) | [war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) | [express](http://code.google.com/p/gitblit/downloads/detail?name=%EXPRESS%) | [fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%) | [manager](http://code.google.com/p/gitblit/downloads/detail?name=%MANAGER%) | [api](http://code.google.com/p/gitblit/downloads/detail?name=%API%)) based on [%JGIT%][jgit]   *released %BUILDDATE%*



#### security



- Fixed session fixation vulnerability where the session identifier was not reset during the login process (issue 62)



#### changes



- block pushes to a repository with a working copy (i.e. non-bare repository) (issue-49)