[ANNOUNCE] Gerrit 3.14.1 w/ Security Fixes
77 views
Skip to first unread message
syntonyze
Jun 25, 2026, 9:37:33 AM (5 days ago) Jun 25
to Repo and Gerrit Discussion
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Gerrit version 3.14.1 is now available.
Includes a security fix to mitigate HTTP header spoofing when using
HTTP/HTTP_LDAP authentication behind reverse proxies.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.14.html#3141
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.14.1/index.html
Log of changes since 3.14.0:
https://gerrit.googlesource.com/gerrit/+log/v3.14.0..v3.14.1?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.14.1.war
SHA1:
1594ef0f7c8d99bb64b1837ce993ae4ec3aae045
SHA256:
02331070619f10a276791d715f36aaa7a6ecf0e4f84babbf1bb6372436c056ed
MD5:
0704a40444f9c154243dfd29f59b0114
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEnrHcOvBk7y2NP1rwB095sJ/f5XcFAmo9LgEACgkQB095sJ/f
5XcLKg/+N41GugQFJjGK2XC13dSnLxzLvglftfupi/iNsxUVS5KI+XUY9h9r2tvr
2H2KYA4rObizf7o0lQBd9OVNlTvhKPKo4iYueb5oA4by1aT+XbX81jxXikzCW3kh
sfEOZN3MWcOT+S3nfbpWIwNTXSsIq6XZa2smz3AjyxBKBp66VUaWddcxlgW2m4TD
XvE8Olp970oyOecajDTxY+geI+2pTHlQFvaR97P6NLBXKefS9x4idEwUmEmU8w47
3bXCuYgpbc3Xcm9u3XDGbOLZt5wYzwm2flsvnVRw89CKLA4Kqe1cDMi/qBldizOW
B09WUaWHWVBrJf6BiqJRePX1ap6F33RLWXpvf334XLWc4dGp6z4UhOJTshncNUzY
GBTCKajWREM/itaJqWP6u/acjl0msLptQyMXKsVpNMRZA+MMB933PF6jBfBqoJAV
x/979mb9zzFbCVhAB6/aeLUzadcHNXBPbJVg717xF6PHOGiUZo9ZItVRFXe684Cq
R+SZ5JS8y6NV6pXR2gOO+fFpEkkkHkZIlRyZQ9PUT7cCrTStBMyrySCObQ2AJy2R
7V0DSqyc5QFdxStkaT5/LMeMrGP6W3m1GIuw8q3OM45KWLLCHJKmeUyNonLAB/VK
kLTzsLQETrSl53s6lpDHBkhIcE2IjF7Xd3ZddfHXR/tiDdIw0Pc=
=orvw
-----END PGP SIGNATURE-----
Hash: SHA512
Gerrit version 3.14.1 is now available.
Includes a security fix to mitigate HTTP header spoofing when using
HTTP/HTTP_LDAP authentication behind reverse proxies.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.14.html#3141
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.14.1/index.html
Log of changes since 3.14.0:
https://gerrit.googlesource.com/gerrit/+log/v3.14.0..v3.14.1?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.14.1.war
SHA1:
1594ef0f7c8d99bb64b1837ce993ae4ec3aae045
SHA256:
02331070619f10a276791d715f36aaa7a6ecf0e4f84babbf1bb6372436c056ed
MD5:
0704a40444f9c154243dfd29f59b0114
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEnrHcOvBk7y2NP1rwB095sJ/f5XcFAmo9LgEACgkQB095sJ/f
5XcLKg/+N41GugQFJjGK2XC13dSnLxzLvglftfupi/iNsxUVS5KI+XUY9h9r2tvr
2H2KYA4rObizf7o0lQBd9OVNlTvhKPKo4iYueb5oA4by1aT+XbX81jxXikzCW3kh
sfEOZN3MWcOT+S3nfbpWIwNTXSsIq6XZa2smz3AjyxBKBp66VUaWddcxlgW2m4TD
XvE8Olp970oyOecajDTxY+geI+2pTHlQFvaR97P6NLBXKefS9x4idEwUmEmU8w47
3bXCuYgpbc3Xcm9u3XDGbOLZt5wYzwm2flsvnVRw89CKLA4Kqe1cDMi/qBldizOW
B09WUaWHWVBrJf6BiqJRePX1ap6F33RLWXpvf334XLWc4dGp6z4UhOJTshncNUzY
GBTCKajWREM/itaJqWP6u/acjl0msLptQyMXKsVpNMRZA+MMB933PF6jBfBqoJAV
x/979mb9zzFbCVhAB6/aeLUzadcHNXBPbJVg717xF6PHOGiUZo9ZItVRFXe684Cq
R+SZ5JS8y6NV6pXR2gOO+fFpEkkkHkZIlRyZQ9PUT7cCrTStBMyrySCObQ2AJy2R
7V0DSqyc5QFdxStkaT5/LMeMrGP6W3m1GIuw8q3OM45KWLLCHJKmeUyNonLAB/VK
kLTzsLQETrSl53s6lpDHBkhIcE2IjF7Xd3ZddfHXR/tiDdIw0Pc=
=orvw
-----END PGP SIGNATURE-----
Luca Milanesio
Jun 25, 2026, 1:16:39 PM (5 days ago) Jun 25
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.14.1 are now available
==========================================================================
How to install/upgrade: 3.14.1
**********************************
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.14.1-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.14.1-1
(on Fedora)
dnf clean all && dnf install gerrit-3.14.1-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
latest => 3.14.1
3.14.1 => 3.14.1-almalinux9
3.14.1-almalinux9
3.14.1-ubuntu24
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
NOTE: GerritForge has packaged an extended Docker image bundled with the ai-review-agent-provider.jar,
a plugin needed to enable the new AI Review Agent view in the Gerrit Change Screen.
See the step-by-step details on GerritForge's DockerHub page:
https://hub.docker.com/r/gerritforge/gerrit-ai
MacOS native package
********************
Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit
To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update
To install Gerrit with Homebrew:
brew install ger...@3.14.1
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.14.1.pkg
SHA1:
7085682b13022a37b4a43d1acdcfcee71cb87ff2
SHA256:
9391d4df3ca6e481f854b8f826d5009401cbbfa6d26f78d3d6d10de6a6aa82d8
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmo9YiQACgkQC0731aK2
mH6Adw/4zPsOYUXxxvw7as0j5h/6GDJN+SNPp9SCz2UzgdeUMX9Lha3p+6K6uc09
2FGOhGitrT+gxyC/JS9utg+V51Hi4138X4AnvAqr3EE8sgSbgSksRG4s/98YtL+D
gsNDHkn3G0wLPYJLJC5NsI6ou1UkteQF1Z7fVJzfKdtdg+5ezy3SDLEioSJWt9pF
aypz9UfOhRDvvQ9rfNfcgOiF0wqFloDalovZP2cl/oUbjmxS2fgxY7/rAgRUpfzE
w/aRYkHyFt42Dp+E3fum90oTzMhwbIJecYZBuRY8B7RRAzOPQEsRqZ1b4aJHUMqB
s2kPYAVPV05LvGE1G6D9MCriUphIpDdZQZjoKPoSn0jYa/yzDo4XnLH8YNwxbaGa
Cvzvkx5V1errqbYY25Bvbin5Q8rE4yvXH0Cn54rJGNMT8IUahGOjvGdMoJeOqIb7
mR3D3PS19FjN9Uq5xgbVHla5Rri0go1vSDU6LETig4WFjDvX8h+4MJ9a8PnaAKF+
zgj0VgA0lkQeLUqRgO25jKmcF61gVekIMJsttKrUL7ORqu/1fmr0wGfDn/kPC9c8
FGi1ezBmDk8iYlM/7HTBmBNcYjhKSqsIJ7n6fWKbjaDvVsDX+Y6fq5fZ/GL2f7p3
muTKJx23gQCzwqRPrH+6gHePuJh9kk8s4DhgvMGk5XpO1Pwleg==
=zQr+
-----END PGP SIGNATURE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.14.1 are now available
==========================================================================
How to install/upgrade: 3.14.1
**********************************
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.14.1-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.14.1-1
(on Fedora)
dnf clean all && dnf install gerrit-3.14.1-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
latest => 3.14.1
3.14.1 => 3.14.1-almalinux9
3.14.1-almalinux9
3.14.1-ubuntu24
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
NOTE: GerritForge has packaged an extended Docker image bundled with the ai-review-agent-provider.jar,
a plugin needed to enable the new AI Review Agent view in the Gerrit Change Screen.
See the step-by-step details on GerritForge's DockerHub page:
https://hub.docker.com/r/gerritforge/gerrit-ai
MacOS native package
********************
Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit
To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update
To install Gerrit with Homebrew:
brew install ger...@3.14.1
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.14.1.pkg
SHA1:
7085682b13022a37b4a43d1acdcfcee71cb87ff2
SHA256:
9391d4df3ca6e481f854b8f826d5009401cbbfa6d26f78d3d6d10de6a6aa82d8
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmo9YiQACgkQC0731aK2
mH6Adw/4zPsOYUXxxvw7as0j5h/6GDJN+SNPp9SCz2UzgdeUMX9Lha3p+6K6uc09
2FGOhGitrT+gxyC/JS9utg+V51Hi4138X4AnvAqr3EE8sgSbgSksRG4s/98YtL+D
gsNDHkn3G0wLPYJLJC5NsI6ou1UkteQF1Z7fVJzfKdtdg+5ezy3SDLEioSJWt9pF
aypz9UfOhRDvvQ9rfNfcgOiF0wqFloDalovZP2cl/oUbjmxS2fgxY7/rAgRUpfzE
w/aRYkHyFt42Dp+E3fum90oTzMhwbIJecYZBuRY8B7RRAzOPQEsRqZ1b4aJHUMqB
s2kPYAVPV05LvGE1G6D9MCriUphIpDdZQZjoKPoSn0jYa/yzDo4XnLH8YNwxbaGa
Cvzvkx5V1errqbYY25Bvbin5Q8rE4yvXH0Cn54rJGNMT8IUahGOjvGdMoJeOqIb7
mR3D3PS19FjN9Uq5xgbVHla5Rri0go1vSDU6LETig4WFjDvX8h+4MJ9a8PnaAKF+
zgj0VgA0lkQeLUqRgO25jKmcF61gVekIMJsttKrUL7ORqu/1fmr0wGfDn/kPC9c8
FGi1ezBmDk8iYlM/7HTBmBNcYjhKSqsIJ7n6fWKbjaDvVsDX+Y6fq5fZ/GL2f7p3
muTKJx23gQCzwqRPrH+6gHePuJh9kk8s4DhgvMGk5XpO1Pwleg==
=zQr+
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages