From dc6ac495aff03d13f0b830de6cdc29d509534206 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Mar 2013 16:39:16 -0400
Subject: [PATCH] Disable SNI extensions for client SSL connections

---
 releases.moxie |   47 +++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/releases.moxie b/releases.moxie
index 453709c..15c7da9 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -5,25 +5,60 @@
     title: Gitblit ${project.version} Released
     id: ${project.version}
     date: ${project.buildDate}
+	security:
+	- Raw servlet was insecure. If someone knew the exact repository name and path to a file, the raw blob could be retrieved bypassing security constraints. (issue 198)
     fixes:
      - Could not reset settings with $ or { characters through Gitblit Manager because they are not properly escaped
+	 - Added more error checking to blob page and blame page
+	 - Disable SNI extensions for client SSL connections
+	 - Fix NPE when getting user's fork without repository list caching (issue 182)
+	 - Fix internal error on folder history links (issue 192)
+	 - Fixed incorrect icon file name for .doc files (issue 200)
+	 - Do not queue emails with no recipients (issue 201)
+	 - Disable view and blame links for deleted blobs (issue 216)
+	 - Fixed 1.2.x regression with individually symlinked repositories (issue 217)
+	 - Fixed UTF-8 encoding errors in email notifications (issue 218)
+	 - Fixed NPE in 1.2.1 Federation Client (issue 219)
+	 - Fixed extracting Groovy scripts on Express installs (issue 220)
+	 - Ensure Redmine url is properly formatted (issue 223)
+	 - Use standard ServletRequestWrapper instead of custom wrapper (issue 224)
 
     additions: 
-	 - Option to force client-side basic authentication instead of form-based authentication if web.authenticateViewPages=true (issue 222)
+	 - Support --baseFolder parameter in Federation Client
      - Optional periodic LDAP user and team pre-fetching & synchronization
      - Display name and version in Tomcat Manager
      - FogBugz post-receive hook script
      - Implemented multiple repository owners
      - Chinese translation
+	 - Added weblogic.xml to WAR for deployment on WebLogic (issue 199)
+	 - Support username substitution in web.otherUrls (issue 213)
+	 - Option to force client-side basic authentication instead of form-based authentication if web.authenticateViewPages=true (issue 222)
 
     contributors:
-	- github/furinzen
-    - github/mschaefers
-    - github/thefake
-    - github/djschny
+	- Bandarupalli Satyanarayana
+	- Christian Aistleitner
+	- Egbert Teeselink
+	- Hige Maniya
+	- Ikslawek
+	- Jay Meyer
+	- John Crygier
+	- Laurens Vrijnsen
+	- Lee Grofit
+	- Martijn Laan
+	- Michael Schaefers
+	- Philip Boutros
+	- Rafael Cavazin
+	- Ryan Schneider
+	- Sarah Haselbauer
+	- Slawomir Bochenski
+	- Stardrad Yin
+	- Thomas Pummer
+	- Yukihiko Sawanobori
     - github/akquinet
     - github/dapengme
-    - github/yin8086
+	
+	dependencyChanges:
+	- JGit 2.3.1.201302201838-r
 }
 
 #

--
Gitblit v1.9.1