From 2fe1e2d109fd84ec7a615c2d3d6740ff001dbf40 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Mar 2013 17:47:44 -0400
Subject: [PATCH] Document SNI workaround for Java-based clients

---
 releases.moxie |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/releases.moxie b/releases.moxie
index 74c6fc1..15c7da9 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -5,24 +5,33 @@
     title: Gitblit ${project.version} Released
     id: ${project.version}
     date: ${project.buildDate}
+	security:
+	- Raw servlet was insecure. If someone knew the exact repository name and path to a file, the raw blob could be retrieved bypassing security constraints. (issue 198)
     fixes:
      - Could not reset settings with $ or { characters through Gitblit Manager because they are not properly escaped
+	 - Added more error checking to blob page and blame page
+	 - Disable SNI extensions for client SSL connections
 	 - Fix NPE when getting user's fork without repository list caching (issue 182)
 	 - Fix internal error on folder history links (issue 192)
 	 - Fixed incorrect icon file name for .doc files (issue 200)
 	 - Do not queue emails with no recipients (issue 201)
 	 - Disable view and blame links for deleted blobs (issue 216)
+	 - Fixed 1.2.x regression with individually symlinked repositories (issue 217)
+	 - Fixed UTF-8 encoding errors in email notifications (issue 218)
+	 - Fixed NPE in 1.2.1 Federation Client (issue 219)
 	 - Fixed extracting Groovy scripts on Express installs (issue 220)
 	 - Ensure Redmine url is properly formatted (issue 223)
 	 - Use standard ServletRequestWrapper instead of custom wrapper (issue 224)
 
     additions: 
+	 - Support --baseFolder parameter in Federation Client
      - Optional periodic LDAP user and team pre-fetching & synchronization
      - Display name and version in Tomcat Manager
      - FogBugz post-receive hook script
      - Implemented multiple repository owners
      - Chinese translation
 	 - Added weblogic.xml to WAR for deployment on WebLogic (issue 199)
+	 - Support username substitution in web.otherUrls (issue 213)
 	 - Option to force client-side basic authentication instead of form-based authentication if web.authenticateViewPages=true (issue 222)
 
     contributors:
@@ -34,6 +43,7 @@
 	- Jay Meyer
 	- John Crygier
 	- Laurens Vrijnsen
+	- Lee Grofit
 	- Martijn Laan
 	- Michael Schaefers
 	- Philip Boutros
@@ -43,8 +53,12 @@
 	- Slawomir Bochenski
 	- Stardrad Yin
 	- Thomas Pummer
+	- Yukihiko Sawanobori
     - github/akquinet
     - github/dapengme
+	
+	dependencyChanges:
+	- JGit 2.3.1.201302201838-r
 }
 
 #

--
Gitblit v1.9.1