From 37fa664c58df034607edf2485a1414b3417b2755 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 03 Dec 2012 16:59:17 -0500
Subject: [PATCH] Consolidate authentication techniques and support container principals (issue-68)

---
 docs/04_releases.mkd |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd
index 9165793..bf57d11 100644
--- a/docs/04_releases.mkd
+++ b/docs/04_releases.mkd
@@ -12,6 +12,7 @@
 
 #### fixes
 
+- Fixed incorrect links on history page for files not in the current/active commit (issue 166)
 - Empty repository page failed to handle missing repository (issue 160)
 - Fixed broken ticgit urls (issue 157)
 - Exclude submodules from zip downloads (issue 151)
@@ -47,13 +48,20 @@
     **New:** *git.garbageCollectionHour = 0*  
     **New:** *git.defaultGarbageCollectionThreshold = 500k*  
     **New:** *git.defaultGarbageCollectionPeriod = 7 days*
-- Added support for X509 client certificate authentication (github/kevinanderson1).  
+- Added support for X509 client certificate authentication (github/kevinanderson1).  (issue 106)  
 You can require all git servlet access be authenticated by a client certificate.  You may also specify the OID fingerprint to use for mapping a certificate to a username.  It should be noted that the user account MUST already exist in Gitblit for this authentication mechanism to work; this mechanism can not be used to automatically create user accounts from a certificate.  
     **New:** *git.requireClientCertificates = false*  
     **New:** *git.enforceCertificateValidity = true*  
     **New:** *git.certificateUsernameOIDs = CN*
+- Revised clean install certificate generation to create a Gitblit GO Certificate Authority certificate; an SSL certificate signed by the CA certificate; and to create distinct server key and server trust stores.  <u>The store files have been renamed!</u>
+- Added support for Gitblit GO to require usage of client certificates to access the entire server.  
+This is extreme and should be considered carefully since it affects every https access.  The default is to **want** client certificates.  Setting this value to *true* changes that to **need** client certificates.  
+    **New:** *server.requireClientCertificates = false*
+- Added Gitblit Certificate Authority, an X509 certificate generation tool for Gitblit GO to encourage use of client certificate authentication.
 - Added setting to control length of shortened commit ids  
     **New:** *web.shortCommitIdLength=8*  
+- Added alternate compressed download formats: tar.gz, tar.xz, tar.bzip2 (issue 174)  
+    **New:** *web.compressedDownloads = zip gz*
 - Added simple project pages.  A project is a subfolder off the *git.repositoriesFolder*.
 - Added support for X-Forwarded-Context for Apache subdomain proxy configurations (issue 135)
 - Delete branch feature (issue 121, Github/ajermakovics)
@@ -64,6 +72,9 @@
 
 #### changes
 
+- All access restricted servlets (e.g. DownloadZip, RSS, etc) will try to authenticate using X509 certificates, container principals, cookies, and BASIC headers, in that order.
+- Added *groovy* and *scala* to *web.prettyPrintExtensions*
+- Added short commit id column to log and history tables (issue 168)
 - Teams can now specify the *admin*, *create*, and *fork* roles to simplify user administration
 - Use https Gravatar urls to avoid browser complaints
 - Added frm to default pretty print extensions (issue 156)
@@ -72,16 +83,20 @@
 - Emit a warning in the log file if running on a Tomcat-based servlet container which is unfriendly to %2F forward-slash url encoding AND Gitblit is configured to mount parameters with %2F forward-slash url encoding (Github/jpyeron, issue 126)
 - LDAP admin attribute setting is now consistent with LDAP teams setting and admin teams list.  
 If *realm.ldap.maintainTeams==true* **AND** *realm.ldap.admins* is not empty, then User.canAdmin() is controlled by LDAP administrative team membership.  Otherwise, User.canAdmin() is controlled by Gitblit.
+- Support servlet container authentication for existing UserModels (issue 68)
 
 #### dependency changes
 
-- updated to Jetty 7.6.7
+- updated to Jetty 7.6.8
 - updated to JGit 2.1.0.201209190230-r
 - updated to Groovy 1.8.8
 - updated to Wicket 1.4.21
 - updated to Lucene 3.6.1
 - updated to BouncyCastle 1.47
-
+- updated to MarkdownPapers 1.3.2
+- added JCalendar 1.3.2
+- added Commons-Compress 1.4.1
+- added XZ for Java 1.0
 <hr/>
 
 ### Older Releases

--
Gitblit v1.9.1