[ANNOUNCE] Gerrit 3.8.9 w/ Security Fixes
82 views
Skip to first unread message
syntonyze
Oct 11, 2024, 3:56:09 PM10/11/24
to Repo and Gerrit Discussion
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Gerrit version 3.8.9 is now available.
Includes security fixes;
please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.8.html#389
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.8.9/index.html
Log of changes since 3.8.8:
https://gerrit.googlesource.com/gerrit/+log/v3.8.8..v3.8.9?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.8.9.war
SHA1:
2ce4018168139e2011f94df234c5fdbd5bafee67
SHA256:
52643ef84473ecc365e34d51d95a5190ac105c0a4787f56c9ade79ec81178053
MD5:
3d5ffa27a51d1e74d10b0876967175b7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEnrHcOvBk7y2NP1rwB095sJ/f5XcFAmcJaJUACgkQB095sJ/f
5Xfm4A//cVzSqq2f1cb41bBfM/Plgug7GTLCG6Fftj9dtRoySJ+hho8tZgYwwo/7
xTgeE/mWrtJNN+Fyx2hWyK4psri5nrikw8rVd7tUvRH+E8vxI2dtYzlAnxVAKKjF
U+cvDlxj0beiDOHrG294kw4YF0BX9FO4XNeQAHBxt073K7g+VMfSgvN1Z8YGfGUt
8f2xXYdsrFLbQW2SfxyZ5hbWEO3ufVSaXaNyBQVzvhnpcNpIkFI827baTK7gisG5
VBnylCqYBkythmvVwaEZr5SGbsTkQuVpI8kyij7Ry2fLv6YG+8dOs+6VSiXKaOkh
BilXGUoWJCKEXwF/3oI1syOYU2xhh6o1yJf1W1ba9CtkbZN7I5ewKKq/P14/T0FW
Ys9F3PpcbR0WankaKfuJpTyYedk7vzTo/dGPEOgCBxbz3JXKf9JDZRIyZ4JvghLg
pKe9IT8WEbWuNLkMPn1KSQPVVo5kfWjkD39V1gCmY2bM/cBE3tjpdWwWxjI7G2XN
0Bi3KY6Om+vs6pgID5j7jStqEZ3OWg4smg0QH26E5WwKyOa3f2VrojShT1jxBxxr
ZplU3+q7Qb9Ywmqu4SKF5IjZfB9T462LdShD+Rxv+zQJZ8kwuicI9em+ksc3G+Kz
3t4lAPmUNIzS89aYZ2jLsv45JnHhZwkhLH4Ctqh/Vs6qD3C3QrY=
=yGNG
-----END PGP SIGNATURE-----
Hash: SHA512
Gerrit version 3.8.9 is now available.
Includes security fixes;
please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.8.html#389
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.8.9/index.html
Log of changes since 3.8.8:
https://gerrit.googlesource.com/gerrit/+log/v3.8.8..v3.8.9?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.8.9.war
SHA1:
2ce4018168139e2011f94df234c5fdbd5bafee67
SHA256:
52643ef84473ecc365e34d51d95a5190ac105c0a4787f56c9ade79ec81178053
MD5:
3d5ffa27a51d1e74d10b0876967175b7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEnrHcOvBk7y2NP1rwB095sJ/f5XcFAmcJaJUACgkQB095sJ/f
5Xfm4A//cVzSqq2f1cb41bBfM/Plgug7GTLCG6Fftj9dtRoySJ+hho8tZgYwwo/7
xTgeE/mWrtJNN+Fyx2hWyK4psri5nrikw8rVd7tUvRH+E8vxI2dtYzlAnxVAKKjF
U+cvDlxj0beiDOHrG294kw4YF0BX9FO4XNeQAHBxt073K7g+VMfSgvN1Z8YGfGUt
8f2xXYdsrFLbQW2SfxyZ5hbWEO3ufVSaXaNyBQVzvhnpcNpIkFI827baTK7gisG5
VBnylCqYBkythmvVwaEZr5SGbsTkQuVpI8kyij7Ry2fLv6YG+8dOs+6VSiXKaOkh
BilXGUoWJCKEXwF/3oI1syOYU2xhh6o1yJf1W1ba9CtkbZN7I5ewKKq/P14/T0FW
Ys9F3PpcbR0WankaKfuJpTyYedk7vzTo/dGPEOgCBxbz3JXKf9JDZRIyZ4JvghLg
pKe9IT8WEbWuNLkMPn1KSQPVVo5kfWjkD39V1gCmY2bM/cBE3tjpdWwWxjI7G2XN
0Bi3KY6Om+vs6pgID5j7jStqEZ3OWg4smg0QH26E5WwKyOa3f2VrojShT1jxBxxr
ZplU3+q7Qb9Ywmqu4SKF5IjZfB9T462LdShD+Rxv+zQJZ8kwuicI9em+ksc3G+Kz
3t4lAPmUNIzS89aYZ2jLsv45JnHhZwkhLH4Ctqh/Vs6qD3C3QrY=
=yGNG
-----END PGP SIGNATURE-----
Luca Milanesio
Oct 12, 2024, 3:27:57 PM10/12/24
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.8.9 have been released
=========================================================================
How to install/upgrade: 3.8.9
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.8.9-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.8.9-1
(on Fedora)
dnf clean all && dnf install gerrit-3.8.9-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published for amd64 and arm64:
3.8.9 => 3.8.9-almalinux9
3.8.9-almalinux9
3.8.9-ubuntu22
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.8.9.pkg
SHA1:
c0b2ffb18a0af760a7e51e2b431dff8bf79a8ae8
SHA256:
0e880967eb6f4d8cc0cb3c9a2e8d8ca52fbb4b45f702ddcf80a856f57100d60f
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmcKzYQACgkQC0731aK2
mH5Q0Q/+NX0P9brWTgR2AqD8JQ2H3CU+z97q/xOPzS1YKLhCnOKyXFEnPtcD04uA
1EFW8ly76kNaOCb8t2GYjSEL20eok9L6IehleFud3bDwiikychZ7+Ifs+sKac8mV
fjXbSYTaYyEGXHXPiKOcS8hSIlvm6GBLAu3ObTM+IWCMfk2u1k9YaPupzIJmogw6
8BtquYLkNAtpt0vCSpLyigYetQsKHI3zaM5Z21awu7W3RjmGvcOZ/ROtEcjuc8f0
Umr12FrXtdofDcWA34YaJZyJSUoPF0Zm0iWxQxCIWedDsdEFkijiMlygQmypopz7
FWFCnuklJoVFZhxKWNSFvuXOXTCLMHeIlSo6L/6OI5NcWNJgpGkMKBtDc/AvvUNF
HmDFFYCjcp35BHIMzP+tpZDLUXhGq6YRd9WK338GCPnMF1/WPHBq7FKVrRCB3KSq
jutZXXG7LI9RvYvu6cH9u80CgAtlYTwTOEoVA8D1XimjC0LwSabpkKwB2HKXHKfJ
XOr6XhFDXxoBN0RhZMpThi1uANVq0ej1XZbnIHEQnAiqXc1QEJl/QesKcxUW9sLP
9j8VuZYZq2ooE2IyPjbMvsbV9kr2TBLyOXoi7mEhyLg6gE9vyU/AvSMimOh4Jk/W
D+TW2uTOyAHfS3TGSQ9Vfw2wHCTVREh+1GqoSX3QEkxeWsw8UnE=
=PTRh
-----END PGP SIGNATURE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.8.9 have been released
=========================================================================
How to install/upgrade: 3.8.9
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.8.9-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.8.9-1
(on Fedora)
dnf clean all && dnf install gerrit-3.8.9-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published for amd64 and arm64:
3.8.9 => 3.8.9-almalinux9
3.8.9-almalinux9
3.8.9-ubuntu22
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.8.9.pkg
SHA1:
c0b2ffb18a0af760a7e51e2b431dff8bf79a8ae8
SHA256:
0e880967eb6f4d8cc0cb3c9a2e8d8ca52fbb4b45f702ddcf80a856f57100d60f
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmcKzYQACgkQC0731aK2
mH5Q0Q/+NX0P9brWTgR2AqD8JQ2H3CU+z97q/xOPzS1YKLhCnOKyXFEnPtcD04uA
1EFW8ly76kNaOCb8t2GYjSEL20eok9L6IehleFud3bDwiikychZ7+Ifs+sKac8mV
fjXbSYTaYyEGXHXPiKOcS8hSIlvm6GBLAu3ObTM+IWCMfk2u1k9YaPupzIJmogw6
8BtquYLkNAtpt0vCSpLyigYetQsKHI3zaM5Z21awu7W3RjmGvcOZ/ROtEcjuc8f0
Umr12FrXtdofDcWA34YaJZyJSUoPF0Zm0iWxQxCIWedDsdEFkijiMlygQmypopz7
FWFCnuklJoVFZhxKWNSFvuXOXTCLMHeIlSo6L/6OI5NcWNJgpGkMKBtDc/AvvUNF
HmDFFYCjcp35BHIMzP+tpZDLUXhGq6YRd9WK338GCPnMF1/WPHBq7FKVrRCB3KSq
jutZXXG7LI9RvYvu6cH9u80CgAtlYTwTOEoVA8D1XimjC0LwSabpkKwB2HKXHKfJ
XOr6XhFDXxoBN0RhZMpThi1uANVq0ej1XZbnIHEQnAiqXc1QEJl/QesKcxUW9sLP
9j8VuZYZq2ooE2IyPjbMvsbV9kr2TBLyOXoi7mEhyLg6gE9vyU/AvSMimOh4Jk/W
D+TW2uTOyAHfS3TGSQ9Vfw2wHCTVREh+1GqoSX3QEkxeWsw8UnE=
=PTRh
-----END PGP SIGNATURE-----
Georg R.
Oct 19, 2024, 6:47:24 AM10/19/24
to Repo and Gerrit Discussion
Is it only me who cannot verify the signed announcement?
gpg: Signature made Fri Oct 11 20:04:05 2024 CEST
gpg: using RSA key 9EB1DC3AF064EF2D8D3F5AF0074F79B09FDFE577
gpg: BAD signature from "Antonio Barone <synt...@gmail.com>" [unknown]
gpg: using RSA key 9EB1DC3AF064EF2D8D3F5AF0074F79B09FDFE577
gpg: BAD signature from "Antonio Barone <synt...@gmail.com>" [unknown]
Cheers,
Georg
Luca Milanesio
Oct 19, 2024, 6:59:47 AM10/19/24
to Repo and Gerrit Discussion, Luca Milanesio, Georg R.
Same here, let me verify all artifacts and re-announce with my PGP signature.
Luca.
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/dde1a843-5e92-4e46-81ad-ab4cc75abc94n%40googlegroups.com.
Luca Milanesio
Oct 19, 2024, 7:01:23 AM10/19/24
to Repo and Gerrit Discussion, Luca Milanesio, Georg R.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.8.9 is now available.
Includes security fixes;
please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.8.html#389
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.8.9/index.html
Log of changes since 3.8.8:
https://gerrit.googlesource.com/gerrit/+log/v3.8.8..v3.8.9?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.8.9.war
SHA1:
2ce4018168139e2011f94df234c5fdbd5bafee67
SHA256:
52643ef84473ecc365e34d51d95a5190ac105c0a4787f56c9ade79ec81178053
MD5:
3d5ffa27a51d1e74d10b0876967175b7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmcTkTMACgkQC0731aK2
mH5q1hAArAWxYX3a3IPAs9u8TxofIqtfpqhTiuTKEr54n+Yy/voBZLsbshulCkxk
e5FiwVSFsDd4+Zlz26skKvWTHnKWJZbe9c5/nPWLkZ3L9X25ilBg691Vk2N3sd8q
E5fPDlwYUvt36eNNHqWBI2ms3/ZFTuFIwBAdfHhqSrOfiIftzlbD+2eQrw2DFCu5
Uy7hlG8L4X5fwR915q/d9TK1Y6Rwozv2T5aUV1Js4ibbT9vMAMd5heF6BwLYcv7V
ZehwXC9fq3H8xh57/qEWZGs3deJXb7j3AqJUaW+Nfb/0ToRJZGXi3MdNOLEKEZcM
NqKJLbPoSGyHFvZq7xlTk2DGt2J6fHvMoeIJf7BWQawehnCH6IHcPUU7r+kVChsz
6RkglBlIwfA97jK5qIlkX3UbU7qrvY4yQ7PrQUbn8rBIlSQy+jtlvVKda0IMnE/7
6HR+7O0W5RNh9ot0qEKj5bn/6fSyZ/YnPZ4Tm/LTDmp32Sus3MupCZOqjSIgfHHs
6KcycYZsBOX+cZksnGIQUEVbp4S2giy/ST2Y/YYCxtOhO1MFxcAZHMqGFMqkiEuT
t90ziIYai/DFUFCP+q3r+CXtTTqYaRpmLuknj9zTV12/kDM+Qbfz/8LxnVTiNoSQ
BCatA1caUjYVtYw8UoL712H+xjIwS2YKt3XMQAfe1XGjEznEhR4=
=mHX/
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.8.9 is now available.
Includes security fixes;
please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.8.html#389
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.8.9/index.html
Log of changes since 3.8.8:
https://gerrit.googlesource.com/gerrit/+log/v3.8.8..v3.8.9?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.8.9.war
SHA1:
2ce4018168139e2011f94df234c5fdbd5bafee67
SHA256:
52643ef84473ecc365e34d51d95a5190ac105c0a4787f56c9ade79ec81178053
MD5:
3d5ffa27a51d1e74d10b0876967175b7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
mH5q1hAArAWxYX3a3IPAs9u8TxofIqtfpqhTiuTKEr54n+Yy/voBZLsbshulCkxk
e5FiwVSFsDd4+Zlz26skKvWTHnKWJZbe9c5/nPWLkZ3L9X25ilBg691Vk2N3sd8q
E5fPDlwYUvt36eNNHqWBI2ms3/ZFTuFIwBAdfHhqSrOfiIftzlbD+2eQrw2DFCu5
Uy7hlG8L4X5fwR915q/d9TK1Y6Rwozv2T5aUV1Js4ibbT9vMAMd5heF6BwLYcv7V
ZehwXC9fq3H8xh57/qEWZGs3deJXb7j3AqJUaW+Nfb/0ToRJZGXi3MdNOLEKEZcM
NqKJLbPoSGyHFvZq7xlTk2DGt2J6fHvMoeIJf7BWQawehnCH6IHcPUU7r+kVChsz
6RkglBlIwfA97jK5qIlkX3UbU7qrvY4yQ7PrQUbn8rBIlSQy+jtlvVKda0IMnE/7
6HR+7O0W5RNh9ot0qEKj5bn/6fSyZ/YnPZ4Tm/LTDmp32Sus3MupCZOqjSIgfHHs
6KcycYZsBOX+cZksnGIQUEVbp4S2giy/ST2Y/YYCxtOhO1MFxcAZHMqGFMqkiEuT
t90ziIYai/DFUFCP+q3r+CXtTTqYaRpmLuknj9zTV12/kDM+Qbfz/8LxnVTiNoSQ
BCatA1caUjYVtYw8UoL712H+xjIwS2YKt3XMQAfe1XGjEznEhR4=
=mHX/
-----END PGP SIGNATURE-----
Georg R.
Oct 19, 2024, 7:13:59 AM10/19/24
to Repo and Gerrit Discussion
Hi Luca,
thanks for the immediate response. YMMD
Georg
Reply all
Reply to author
Forward
0 new messages