[ANNOUNCE] Gerrit 3.3.10 w/ Security Fixes
24 views
Skip to first unread message
Luca Milanesio
Mar 18, 2022, 1:55:33 PM3/18/22
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.3.10 is now available.
This release includes a fix to prevent DoS by anonymous users performing
unlimited changes queries. See the release notes for more details.
Release Notes:
https://www.gerritcodereview.com/3.3.html#3310
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.3.10/index.html
Log of changes since 3.3.9:
https://gerrit.googlesource.com/gerrit/+log/v3.3.9..v3.3.10?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.3.10.war
SHA1:
ce32d0361ddceba5ca89a1d092e95d27878a824e
SHA256:
627533f3fd4da1296e5ceed8940a0c0f1522265f979ec35523781476f83a92ec
MD5:
e8987b5c8ac55aad0d8e7a9ec1bd5974
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmI0w8MACgkQC0731aK2
mH6wCBAAn/1JQOffW8gX3vPvEyQF20p9BIG00m2t4+tb/mX/3QZ8WJMSJe0ng+h7
Jx4XVA9ZrqU+AsRVow+U1dwnbgUhPL3UFXPIQTWrb4OObG/YwhMPmee8nzD5J5l7
5fDDqOSqYhOdUNO6GEWyW7ws4NKTcktAnOlEsGtvuOE27Kqf70gNMs6/x4ALnMNI
d+h9AEaKljXGbe7eHgUgzFh6fkCzoalCFpRo721IZkdbr9lsXCfgA8Jjlp5WudmJ
xq2+Qf93FvNFRoehXzhAjN9BGp7u75LoH3R8pdLUm/1OrtOW8MfZmvLU9SAj2bVA
hKyRd3D+tL4+I0r0VFJ8lD/aA8rFpTezKBN9s5MJyKiKN1UJmGBjKoQOg/ep4H8T
jPbHFysWNfhrKdfeYqwnfco1lxkMP39H4twqGlKfP/FaOTLRGZsZojEq58rYA3X/
eIr45mvsjZQ5vpkbpi2+O/7PUJYq/CEYCrt6j8Lnmp0dYARADcM2/iS1yuKQ7H/I
+NvTZ7XFqAsJj3dgZ8iNdj7qhPsUX+z+ZrZ30rN7zftZ1AslQEGhdvuEnEBtkQ0F
uBJy41ZVX1SZa/o9Bd79tHCGCxavqr+VjZ0kdS8xP8v4Hm48j9PqJ/lwiucudEhz
yNhhHFaz0Pcvu5VVgro6pP8b6H3BdNXjmYKBlJLMhVFHwhRZe1o=
=dxxa
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.3.10 is now available.
This release includes a fix to prevent DoS by anonymous users performing
unlimited changes queries. See the release notes for more details.
Release Notes:
https://www.gerritcodereview.com/3.3.html#3310
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.3.10/index.html
Log of changes since 3.3.9:
https://gerrit.googlesource.com/gerrit/+log/v3.3.9..v3.3.10?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.3.10.war
SHA1:
ce32d0361ddceba5ca89a1d092e95d27878a824e
SHA256:
627533f3fd4da1296e5ceed8940a0c0f1522265f979ec35523781476f83a92ec
MD5:
e8987b5c8ac55aad0d8e7a9ec1bd5974
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmI0w8MACgkQC0731aK2
mH6wCBAAn/1JQOffW8gX3vPvEyQF20p9BIG00m2t4+tb/mX/3QZ8WJMSJe0ng+h7
Jx4XVA9ZrqU+AsRVow+U1dwnbgUhPL3UFXPIQTWrb4OObG/YwhMPmee8nzD5J5l7
5fDDqOSqYhOdUNO6GEWyW7ws4NKTcktAnOlEsGtvuOE27Kqf70gNMs6/x4ALnMNI
d+h9AEaKljXGbe7eHgUgzFh6fkCzoalCFpRo721IZkdbr9lsXCfgA8Jjlp5WudmJ
xq2+Qf93FvNFRoehXzhAjN9BGp7u75LoH3R8pdLUm/1OrtOW8MfZmvLU9SAj2bVA
hKyRd3D+tL4+I0r0VFJ8lD/aA8rFpTezKBN9s5MJyKiKN1UJmGBjKoQOg/ep4H8T
jPbHFysWNfhrKdfeYqwnfco1lxkMP39H4twqGlKfP/FaOTLRGZsZojEq58rYA3X/
eIr45mvsjZQ5vpkbpi2+O/7PUJYq/CEYCrt6j8Lnmp0dYARADcM2/iS1yuKQ7H/I
+NvTZ7XFqAsJj3dgZ8iNdj7qhPsUX+z+ZrZ30rN7zftZ1AslQEGhdvuEnEBtkQ0F
uBJy41ZVX1SZa/o9Bd79tHCGCxavqr+VjZ0kdS8xP8v4Hm48j9PqJ/lwiucudEhz
yNhhHFaz0Pcvu5VVgro6pP8b6H3BdNXjmYKBlJLMhVFHwhRZe1o=
=dxxa
-----END PGP SIGNATURE-----
Luca Milanesio
Mar 18, 2022, 1:56:15 PM3/18/22
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.3.10 are now available
Hash: SHA256
=====================================================================
How to install/upgrade: 3.3.10
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update & apt-get install gerrit=3.3.10-1
(on CentOS / RedHat)
yum clean all && yum install gerrit-3.3.10-1
(on Fedora)
dnf clean all && dnf install gerrit-3.3.10-1
If it is a new installation and you don't have the GerritForge repositories
configured, please follow the instructions at:
http://gitenterprise.me/2015/02/27/gerrit-2-10-rpm-and-debian-packages-available/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
3.3.10 => 3.3.10-almalinux8
3.3.10-almalinux8
3.3.10-ubuntu20
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
NOTE: CentOS 8 AppStream has disappeared; AlmaLinux 8.5 is used as replacement for the Gerrit image.
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.3.10.pkg
SHA1:
02d2439c7ced68cdc61008b43d99f6f78e78b19a
SHA256:
11d21f6fae986ea258d4aea83fbb849bbb18f0904b64b37e15aaf36982efee1f
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmI0xzUACgkQC0731aK2
mH67lg//c9z9rR+VtCpzOGt6bXYmOw3kbAu7hwnm8lAmCy9GlSYtVJ7pHES+/vVZ
LvPVU6cYejWBUnac+DEX+1ewjWH+pCiy8K8L1KjsenYBecfQq2fGYw/dqu11zgPe
5PQHuW8ABp6ClRlIf+MmWHrQaEkT3m9DVniFSfWUYS2accSCuabOdqgc4Puqgj/Z
04cESixAPBvGIAjWXVcaJGnIdsOi3SoaXw3zOqUDnTunImKpTDtkEm69ug6ycuqn
YMW6/VBBklQkUCxkbV7xwMCxyUdHiX328BKcLUqwpZKy1Exyn330gZl/YSx4SB7u
+xK3LdFlzc/e35XlwXeGE+zpKkmPndZ3q6Df0AkgfY//Bg+slwSc2IA9GXUPEi+W
1E2z9uma5luYnSa9x7rVVFoeZ24QA79a1vD4QSnHje2LUpbl5JbLBPOw/S5ayCOq
sNEOjtaOgJL+rqolEDVMVbVjZ+5T1zSy1qXvl3vx13PcDXBTEQpxwLZGypBW68NN
C32FcwP9+Lz2mItf7dK0d4/0kV6ctUj06L9t7a6jPmZgsLVMMq9qjxArMWQRNXFE
mcXrqnoUnJciu+gyH1ysjnLyiS1njRQSNBBRYRHg7PC8iI/J4KeYN+Mpb5q4jJxI
Mrvsk19SGKe4sULCbv4Lp9QiraX8hO1yqqPRlOxR2XqPs6HPHRQ=
=uM+W
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages