Gitblit 1.10.0 released

[Florian Zschocke]

Gitblit version 1.10.0 has been released.

Highlights: * Support for ECDSA and Ed25519 SSH keys * Fix vulnerability that allowed SSH authentication to be circumvented * Explicitly disable requesting optional client TLS certificates * Copy-to-clipboard button is back and working * Minimal required Java version is Java 8 Snapshot builds of the current master branch are now available as Docker containers on Docker Hub under the "Nightly" tag.

This release, while updating many dependencies, also includes three security fixes,

so an upgrade to the new version is recommended.

* Fix path traversal vulnerability which allowed access to "/resources//../WEB-INF/".

* Fix exploit circumventing SSH authentication.

* Fix vulnerability exposing user password hashes to administrators.

Get the full change log here

[Zohn Lee]

I'm currently using Gitblit GO 1.9.3. How should I proceed to upgrade to version 1.10.0? I followed the instructions on the official website, but after the upgrade, the service is no longer accessible.