[ANNOUNCE] Gerrit 3.12.5 w/ Security Fixes
0 views
Skip to first unread message
Luca Milanesio
3:34 PM (2 hours ago) 3:34 PM
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.12.5 is now available.
Includes a security fix for a critical vulnerability associated with the use of change submission on create/update and change.submitWholeTopic.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.12.html#3125
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.12.5/index.html
Log of changes since 3.12.4:
https://gerrit.googlesource.com/gerrit/+log/v3.12.4..v3.12.5?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.12.5.war
SHA1:
5cb057050a523b0cc863884701871ea33b3e93b1
SHA256:
fe803ae377314ea7fae9775d34b820500aa502c6f8312b58250dd602e2bd4c82
MD5:
0be92ae8882cd672cba7fb0f9a0725c7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnRXgACgkQC0731aK2
mH4hOxAAnH5JG9jPscXgLAYw6iwwAjoq2gbOYIjRPL13hBkMSvQLtwz5XTRAH8AE
XSwZ/YZfx9EbMmIP6BPz+IlIKnyDhEV26Xgtk0x5Xye5KKvXzLHZTKVjRV5M8tCW
4bvtQatEDXbZQjg9MV+AuCUvV8xNdP8mHR0xZzmjjElA72CCSckcCdT67XSUicS7
5mCh9KUG8M4k+GzaAN882IbhhRBZ6WPhRSDBGCO6dKephyD1mpWQhmlb+YAXu6y6
h1kn4JjPRiYOxYrZiSugwRApwLjxfeV+q4JudASEkGekK0lpeJeaPLkdy3AUcz+w
m2UKGikM6a5ITMHzGJKMvj0a/5o/edLVXEzx3cHVaxDKnKSIZZfVHQal/W8PohKL
Xf8OH2eRWaFXsaOadJNwRwyAfwTRHB8cllhAZ84ZcnnVh1xPch/i79rR94nJcMdr
46PkK42BNyrAtLbXzniRr1HQnqstAezJrHGRbg+KwhleTmpQVwsSH+hqgkOCH99o
/whzm1o3dLzRS++xz2+zetXGZ0RLRleFf/htKaUw7qFIV1smgDEARQVHkIvXvYly
xQ9Ec0pa+bJbiL8Z+qVnKLss8bukzrNwwUPnhbfNQUYGXaUSWWuy5RmZJh4UabUB
xcpsF6Ooo6JNf7DJ8QNuKiSVz06EgoQ7pB9ZpEYxM/McANLlWlM=
=XIYm
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.12.5 is now available.
Includes a security fix for a critical vulnerability associated with the use of change submission on create/update and change.submitWholeTopic.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.12.html#3125
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.12.5/index.html
Log of changes since 3.12.4:
https://gerrit.googlesource.com/gerrit/+log/v3.12.4..v3.12.5?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.12.5.war
SHA1:
5cb057050a523b0cc863884701871ea33b3e93b1
SHA256:
fe803ae377314ea7fae9775d34b820500aa502c6f8312b58250dd602e2bd4c82
MD5:
0be92ae8882cd672cba7fb0f9a0725c7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnRXgACgkQC0731aK2
mH4hOxAAnH5JG9jPscXgLAYw6iwwAjoq2gbOYIjRPL13hBkMSvQLtwz5XTRAH8AE
XSwZ/YZfx9EbMmIP6BPz+IlIKnyDhEV26Xgtk0x5Xye5KKvXzLHZTKVjRV5M8tCW
4bvtQatEDXbZQjg9MV+AuCUvV8xNdP8mHR0xZzmjjElA72CCSckcCdT67XSUicS7
5mCh9KUG8M4k+GzaAN882IbhhRBZ6WPhRSDBGCO6dKephyD1mpWQhmlb+YAXu6y6
h1kn4JjPRiYOxYrZiSugwRApwLjxfeV+q4JudASEkGekK0lpeJeaPLkdy3AUcz+w
m2UKGikM6a5ITMHzGJKMvj0a/5o/edLVXEzx3cHVaxDKnKSIZZfVHQal/W8PohKL
Xf8OH2eRWaFXsaOadJNwRwyAfwTRHB8cllhAZ84ZcnnVh1xPch/i79rR94nJcMdr
46PkK42BNyrAtLbXzniRr1HQnqstAezJrHGRbg+KwhleTmpQVwsSH+hqgkOCH99o
/whzm1o3dLzRS++xz2+zetXGZ0RLRleFf/htKaUw7qFIV1smgDEARQVHkIvXvYly
xQ9Ec0pa+bJbiL8Z+qVnKLss8bukzrNwwUPnhbfNQUYGXaUSWWuy5RmZJh4UabUB
xcpsF6Ooo6JNf7DJ8QNuKiSVz06EgoQ7pB9ZpEYxM/McANLlWlM=
=XIYm
-----END PGP SIGNATURE-----
Luca Milanesio
3:50 PM (2 hours ago) 3:50 PM
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.12.5 are now available
Hash: SHA256
==========================================================================
How to install/upgrade: 3.12.5
**********************************
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.12.5-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.12.5-1
(on Fedora)
dnf clean all && dnf install gerrit-3.12.5-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
3.12.5 => 3.12.5-almalinux9
3.12.5-almalinux9
3.12.5-ubuntu24
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit
To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update
To install Gerrit with Homebrew:
brew install ger...@3.12.5
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.12.5.pkg
SHA1:
602d929dcfdb0bede545554427617ace596da665
SHA256:
1b1fc23d35561dffd35a3c25fbbcd984dddcb467252045a2529419e19bdc73c7
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnSWcACgkQC0731aK2
mH5Frg//S59wHm+KSfeZ3SOl+bBhHk/P1jL2QKcNYWDRzYED4cEc+dYYVU8cRbWk
dmpodBK13JblRFEVU2u1LDoYtQE6eqgeY9zJ5iusNZP9nDAozjs4/ewTNdUEaiiO
c+/cY3d9TbtcT5dqQXqBGiy2MJhnDNDgV7Yy0Tg7+mnUqkcUA+3LGTR3EoidS7SD
lKHUJyafo6r06uh4hv4ddV107b9YvE8x+EyEqpo5160mge7L/G8/Qw2VdtKN7ycz
bflk+/q4o2nEJUbtOMEnws6zi2VmVwhkaDr22WZCgRkS//mLFq8SV/St4sHjw/SI
ASAgXDM2K4c+//tnwsRdWmBy6h/h+I/zqwQRaR36YvLxszWUzwvwmF5oJi9CYZWm
yTitoB+dvE2TR9XaeZ7XGnLUL/xsXMNV2Kf/ls7MLhiy3dHPnA9QAfsRdPmsn0iF
PBwih8fGEbphdfEzTGuwTFM2cMFxFvpzOp+DLUgoGGMdNGdSu37Ux+55KH3u+NmH
f9R2nNXSectKh3AK4YnXwBtDUb9HYUbNDIdL9635GrQ5VMXNdCk6PGJv5bbecWhZ
1LtMV/HNfevTZkzVchiqIgRYy+/Zen0UTY2aq4CbmEKWF86FqExZxSC4GJn2uXp1
8sf3CvGMlriiKxF2eA3hxDGI6uq4tFPhdOfA6rc8SodaZ7dwK+4=
=E/DI
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages