[ANNOUNCE] Gerrit 3.13.7 w/ Security Fixes

35 views
Skip to first unread message

syntonyze

unread,
Jun 25, 2026, 9:37:25 AM (6 days ago) Jun 25
to Repo and Gerrit Discussion
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Gerrit version 3.13.7 is now available.

Includes a security fix to mitigate HTTP header spoofing when using
HTTP/HTTP_LDAP authentication behind reverse proxies.

Please see the release notes for details.

Release Notes:
https://www.gerritcodereview.com/3.13.html#3137

Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.13.7/index.html

Log of changes since 3.13.6:
https://gerrit.googlesource.com/gerrit/+log/v3.13.6..v3.13.7?no-merges

Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.13.7.war

SHA1:
76d35e0300a5e73dd5452255074f36d5c9d42fcd

SHA256:
541bbd805082f7614efeb2333ff902bb9b33b7f6cdaab091b3984c530cb2b23b

MD5:
fde0a08f8e40aada8b7d56b49e1d2af7

Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnrHcOvBk7y2NP1rwB095sJ/f5XcFAmo9LgEACgkQB095sJ/f
5XfE2w/9HdtYZGwnUZz9aVEygxzmoFLS4WyTSBsghinPmQKTqKhFNIfcXckmFsE+
3bwtt7Mi0H6mMsuxsVR6ZOBzifD5vzah9NjmNh7B/k04WYOWjOMmf1H2jKjdUSpc
kGovk5brX6TFI9B5e6CbGnC4yAtrKwPq977FO+DT13vE866r0qgETYNyRiBov9Ci
KCYBxC0pWO1w3saj4c0tznauqrFAbCbQLVF68m+bjXDC+Uw8xuY3lmlh6KVeD3H0
UZbpbTFBxJqMPJ1ToG4tmt9p8r7F6urDMBR5MQyAytf0EjNomFwTDRUmTbQGcicc
SjB3HsASTjBfRjnGnf6A2/0sxr9SlpfMt4XnkZGxaUQ20pFLqHDVclGVTZ33+uW2
TUpPAYYDYv1CeQbOEo2ChL4BmUnfyPMzeFYs9jzbhCCPaAeF2y/nQRYwhRGakKOR
++nGMGV4VWxjMxLldaB4jEOXLZsSdmfQLmfDrW8G68RX0ZXRYBqAC1AbwrHp4oZk
yi2f8K37T4Bo3vrWF6tLvJw1Fv675NNMlFyGR9HBOf5Fk7P4Su1/xnZUscWu3ONx
x2G7Lf5wWzBPwT5QNbraoW2Pc7UoJLeKLgjf73LZHfiSNTqtcfCDv6ElSxVKrX0l
+0rqnA5Sk4VOMeHbO6fcPSV/Jukt7+NRPUk2/OCxys96SPK35D0=
=Xq9/
-----END PGP SIGNATURE-----

Luca Milanesio

unread,
Jun 25, 2026, 1:07:27 PM (5 days ago) Jun 25
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Binary packages (Deb / Rpm) of Gerrit version 3.13.7 are now available
==========================================================================

How to install/upgrade: 3.13.7
**********************************

(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.13.7-1

(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.13.7-1

(on Fedora)
dnf clean all && dnf install gerrit-3.13.7-1

If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/

Docker images
*************

Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/

The following tags have been published
3.13.7 => 3.13.7-almalinux9
3.13.7-almalinux9
3.13.7-ubuntu24

More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit

MacOS native package
********************

Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit

To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update

To install Gerrit with Homebrew:
brew install ger...@3.13.7

MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.13.7.pkg

SHA1:
04380bf9c8f88269dd83c068e6a0fead0db535f1

SHA256:
5ac25aa21995a931ab5710d8d07bd100737a3172654f377d0dfe46f40ad8564b

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmo9YA4ACgkQC0731aK2
mH5paw//aMoUFhbGa+M5UyxBiKNbakeC0GxPlGAZ6siWQvOo9NK5ExAJA26sKSGX
wlEGqDwPZK1EsvBjoWyBtoBfSSTFtIcBqvfB7+sSLtkgHI3Spc/2CrjGFZZFDY8t
Z+CJC0v7S85QiIMt1rI0Cc+fRAU8O64GhGOJTOzfFMlx+pHTiLsvgPvEZPd6YbDD
WHeKvqL/OsN8+CIfaE8RYqEwFbR0Dtu3i7vqk2LSREVpTYSQb3XpoZWRKZ890Y5V
5t38JqZgj6c6Bod2xAP70ocxOLMiB8teTVmEQ/JVXk/lHvkU4SBu54/AP/MsIQZC
4vuh/o/tEXyW+xiH1wkIzHRvR/PWInMG7c2tU9Geqj9SpuNN3xkzN0dGb6U64pdm
ZGxcdvGuIHi39Z8zhT65F8hsSDOs2ndO2L10qwHfVdU9DO75mUJzeFD7eKIxi99H
OLSJv/laulI21rNYyTMBlGGz0pbnrGy7YLVl38YcDQ5He/DqW7dFDFfv9NaMVzhx
hhIkETGYhuErZIhmJrXK+KDkj599bwdMzGkRdUYefHzV63ThlAiqrvHGEz/gFWqP
LyeGeULXElUHjJTbrubQJ3Ap8Mal6GVGJo5ZqqU7GiNOmCYGhaFfnQjdXfUUXev2
jgVeKP99snY9XHItrGWpp5JK/X6m6NWHsfQjcxOSHbS8a7gV/go=
=Gj/i
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages