From 165254202d2625e7eebf3f649e4068124656a5e6 Mon Sep 17 00:00:00 2001 From: Jason Pyeron <jpyeron@pdinc.us> Date: Thu, 06 Sep 2012 17:35:20 -0400 Subject: [PATCH] Merged CVE-2007-450 warning logging from Jason Pyeron (issue 126) --- docs/04_releases.mkd | 18 ++++++++++++++---- 1 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd index 21b47ba..c6fc1b7 100644 --- a/docs/04_releases.mkd +++ b/docs/04_releases.mkd @@ -9,6 +9,18 @@ **%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%) | [war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) | [express](http://code.google.com/p/gitblit/downloads/detail?name=%EXPRESS%) | [fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%) | [manager](http://code.google.com/p/gitblit/downloads/detail?name=%MANAGER%) | [api](http://code.google.com/p/gitblit/downloads/detail?name=%API%)) based on [%JGIT%][jgit] *released %BUILDDATE%* +#### changes + +- Emit a warning in the log file if running on a Tomcat-based servlet container which is unfriendly to %2F forward-slash url encoding AND Gitblit is configured to mount parameters with %2F forward-slash url encoding (Github/jpyeron, issue 126) +- LDAP admin attribute setting is now consistent with LDAP teams setting and admin teams list. +If *realm.ldap.maintainTeams==true* **AND** *realm.ldap.admins* is not empty, then User.canAdmin() is controlled by LDAP administrative team membership. Otherwise, User.canAdmin() is controlled by Gitblit. + +<hr/> + +### Older Releases + +**1.1.0** *released 2012-08-25* + #### fixes - Bypass Wicket's inability to handle direct url addressing of a view-restricted, grouped repository for new, unauthenticated sessions (e.g. click link from email or rss feed without having an active Wicket session) @@ -16,7 +28,7 @@ - Fixed generated urls in Groovy *sendmail* hook script for grouped repositories - Fixed generated urls in RSS feeds for grouped repositories - Fixed nullpointer exception in git servlet security filter (issue 123) -- Eliminated an unnecessary reopsitory enumeration call on the root page which should result in faster page loads (issue 103) +- Eliminated an unnecessary repository enumeration call on the root page which should result in faster page loads (issue 103) - Gitblit could not delete a Lucene index in a working copy on index upgrade - Do not index submodule links (issue 119) - Restore original user or team object on failure to update (issue 118) @@ -25,7 +37,7 @@ - Repository URL now uses `X-Forwarded-Proto` and `X-Forwarded-Port`, if available, for reverse proxy configurations (issue 115) - Output real RAW content, not simulated RAW content (issue 114) - Fixed Lucene charset encoding bug when reindexing a repository (issue 112) -- Fixed search box linking to Lucene page for nested repository on Tomcat (issue 111) +- Fixed search box linking to Lucene page for grouped repository on Tomcat (issue 111) - Fixed null pointer in LdapUserSerivce if account has a null email address (issue 110) - Really fixed failure to update a GO setting from the manager (issue 85) @@ -64,8 +76,6 @@ - Updated Spanish translation <hr/> - -### Older Releases **1.0.0** *released 2012-07-14* -- Gitblit v1.9.1