[ANNOUNCE] Gerrit 3.11.9 w/ Security Fixes
1 view
Skip to first unread message
Luca Milanesio
3:25 PM (2 hours ago) 3:25 PM
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.11.9 is now available.
Includes a security fix for a critical vulnerability associated with the use of change submission on create/update and change.submitWholeTopic.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.11.html#3119
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.11.9/index.html
Log of changes since 3.11.9:
https://gerrit.googlesource.com/gerrit/+log/v3.11.8..v3.11.9?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.11.9.war
SHA1:
5779d556be54b53621065c09974d35f1541a6de9
SHA256:
4879b0f8907c86531a35481a9099d40cfbb5c1651c20612c15207469d76bc11e
MD5:
90b934e9ff80ba75eb72d0687f4feca7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnQ3AACgkQC0731aK2
mH6R/Q/7BbtS5Oj+NARVGWwTYDDCUec/xkyMw2sCGTEyEZntEXHpPvaRmRJwP9Z/
6MfLp4AI2HtG1HJh03e1EWBjxUUG0Ybex4CrS+NyVmDoljEkIwQSFn0c5Tcke2Zr
1PIcUxwT+P/GpndtWEaoOQN8KVO3wCCP2amHNgkm9ShBwm1k+cvoJdvBksvvr0eF
IZPpr02OgmG7IrO7Tr2XXbrnx3lFbG5DHS4Oa8HeRaapA4w8ZtvjcZdgiLL1a8Sv
24/GzNTi/F2M3B77d5tukvobLZ2zFdo8YX2N5XmAL+zVojEt2IvAJztjcqg7gmPm
pb9tkQBh+c17DUmPCQNF1bR5lHCnzF5Fyd9bzN9vfHnCW2LntTCp82DeIg1Rs20h
B8T0KCxAH1YwuDvzC8XPSH071xxxHMo28x6F01C5zYIPBhdtz1Z45hkAZmnAhhQL
rsYQ2ngbRwrryH8sbMsJ7jwx/l7wpQtD1Ku9Z7mAT423W++LFChaLW1Jj/tfdbr5
ufs2bYY06MGWaYGu9h0ZSGnbLuoi0Y+3E7eqWnrxEzLnAWsOhIzbqZ2uPCABujVq
X0PrwtnBc0qwRBJ3mhoINyTf8fqSrYRMUYzuB1fnkJAzsJuMEnwlq7SEhkyAABIp
JoZy1sOPTPjUHUJ3ogoN5ZaJjZL4fieiUKPoyFvl25mCm0BhXkk=
=dwft
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.11.9 is now available.
Includes a security fix for a critical vulnerability associated with the use of change submission on create/update and change.submitWholeTopic.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.11.html#3119
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.11.9/index.html
Log of changes since 3.11.9:
https://gerrit.googlesource.com/gerrit/+log/v3.11.8..v3.11.9?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.11.9.war
SHA1:
5779d556be54b53621065c09974d35f1541a6de9
SHA256:
4879b0f8907c86531a35481a9099d40cfbb5c1651c20612c15207469d76bc11e
MD5:
90b934e9ff80ba75eb72d0687f4feca7
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnQ3AACgkQC0731aK2
mH6R/Q/7BbtS5Oj+NARVGWwTYDDCUec/xkyMw2sCGTEyEZntEXHpPvaRmRJwP9Z/
6MfLp4AI2HtG1HJh03e1EWBjxUUG0Ybex4CrS+NyVmDoljEkIwQSFn0c5Tcke2Zr
1PIcUxwT+P/GpndtWEaoOQN8KVO3wCCP2amHNgkm9ShBwm1k+cvoJdvBksvvr0eF
IZPpr02OgmG7IrO7Tr2XXbrnx3lFbG5DHS4Oa8HeRaapA4w8ZtvjcZdgiLL1a8Sv
24/GzNTi/F2M3B77d5tukvobLZ2zFdo8YX2N5XmAL+zVojEt2IvAJztjcqg7gmPm
pb9tkQBh+c17DUmPCQNF1bR5lHCnzF5Fyd9bzN9vfHnCW2LntTCp82DeIg1Rs20h
B8T0KCxAH1YwuDvzC8XPSH071xxxHMo28x6F01C5zYIPBhdtz1Z45hkAZmnAhhQL
rsYQ2ngbRwrryH8sbMsJ7jwx/l7wpQtD1Ku9Z7mAT423W++LFChaLW1Jj/tfdbr5
ufs2bYY06MGWaYGu9h0ZSGnbLuoi0Y+3E7eqWnrxEzLnAWsOhIzbqZ2uPCABujVq
X0PrwtnBc0qwRBJ3mhoINyTf8fqSrYRMUYzuB1fnkJAzsJuMEnwlq7SEhkyAABIp
JoZy1sOPTPjUHUJ3ogoN5ZaJjZL4fieiUKPoyFvl25mCm0BhXkk=
=dwft
-----END PGP SIGNATURE-----
Luca Milanesio
3:46 PM (2 hours ago) 3:46 PM
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.11.9 are now available
Hash: SHA256
==========================================================================
How to install/upgrade: 3.11.9
**********************************
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.11.9-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.11.9-1
(on Fedora)
dnf clean all && dnf install gerrit-3.11.9-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
3.11.9 => 3.11.9-almalinux9
3.11.9-almalinux9
3.11.9-ubuntu24
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit
To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update
To install Gerrit with Homebrew:
brew install ger...@3.11.9
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.11.9.pkg
SHA1:
62f9d14488c7e669cff550eee7a2122730a6b4f2
SHA256:
a615d505eaa9bf6038ddf5392d98d4b6e431e08ec9b609da6e18dac772a245fd
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnSDQACgkQC0731aK2
mH59zg/+NSkdtWiDQsv5WKbQvm6D2I0l7tJF7wVvCFr178rResP9WQhENBuJJwzA
dXxl+TBxaIesEQJzZwtlh2T3VG7pwEu2793VWKr1rU1kPrfJheGVB3hCsnpVOn3n
arhneq6cDLGHPyKIWbBXMV9bX9O2zB+HsFoT1UqTGPs3c3tQ0XHPVAp3CZdaBQjZ
+TMjdBS1S+ULXx7KXensy7dZwom1Lc79nWZ0CkaKyDSQDUVwBpEMnf0UR5lBXda4
NUkXAfj7wi3vyAPrkHGxB2AX56Hk11roIP5La1M86ytIdEU9qspengAfuXAQ6RVk
U1ehORNtvAifHmpypA1UMe0LN4y2vDBgSTU8vJuQl8eK62Sz+Q27RTBPSbaU7WUJ
4TWdzVSma613cTecjYen5SyDTEGgDm+Lk92FOq3vdYZym/NKWz1QTEKnxeW/hcy8
hzelVrkY4o9eDlLhCVCs0nyftVtdPOHjds0HbLarvwfQH+T+K8yAFeNfHw0Ypw5g
R9TawTPjSiV2WqqBE03v2ICL3UTU+4QPh0iCAHfv564M15f81MtZfLNHenM6GD5K
pcsF1T4lx+y0uztxqlnlu8G40gISS81A1DzfAKwIcV7lsckg4lLXdOFF98dZbvKC
NWqVj7KxDk4+ZpmrydUjUi4SaVo8DSmYtcADUKjEsiw9jw4zbrk=
=pKoO
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages