[ANNOUNCE] Gerrit 3.5.1 w/ Security Fixes
81 views
Skip to first unread message
Luca Milanesio
Mar 18, 2022, 2:11:32 PM3/18/22
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.5.1 is now available.
This release includes a fix to prevent DoS by anonymous users performing
unlimited changes queries. See the release notes for more details.
Release Notes:
https://www.gerritcodereview.com/3.5.html#351
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.5.1/index.html
Log of changes since 3.5.0.1:
https://gerrit.googlesource.com/gerrit/+log/v3.5.0.1..v3.5.1?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.5.1.war
SHA1:
16a6b0cc2244cb5582d2d38c31e90b892cf98dd1
SHA256:
3fb5de878b6470dc8ef65ce22f2709cb8baecb5f16d89497dfaa33a0f33f7920
MD5:
02724d4b46b7e2e33da9214db942ff25
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmI0yfkACgkQC0731aK2
mH4dcxAAgRzq9sK7iBndGnOztTIJZWVZq5PupRyuGeN/GMlKU3GXzRVrI+izGjUB
DZ0n/D4pkx9GGKZPGNlRmhp513UKqv3GFkUl4KGFdG4CSnb1a9QJqV9uHS40JFku
BPi/QF4JtBS/8wyb9X8h31o6JOc7SxigptMkjP+MUosNvNE2c2+H4wjL7vdVD5hB
S2qBz8fGKa014ChrwPXgCnla11gKlycPFmFuXAtqxrCvXtzexhmjMclzMDlBbcQA
YUkp0E8WGQdfI8/wPoc8YEJHSoDw7dgUbewTdYlyhWH2WpsB68l4tEsxkEuYT2+0
vhdwFmdkeLrZaenF+JJhqk9JboUdpX1XRk35ytxyPXB8PP8Jc72X0M/1DjVrrP6E
9lEJP+IZOBRgU/UyrSWYUOexGGhASd1+uDcr2nKSTd+b+zyg72khV5cgVbE3FWEZ
gkX6ZOvrOVq4RnS01oxHOg0EnZtuiNLv81FQLBxoU0QGYX1xzs9ccGjF7wt7lbEp
iKhuSmz75dXbebdzKaYrJzEdtuZiDsxtKzc25PibiVT/ULhM97fRXoHDk7lJi5QB
CwHbX4wxcLesqmRnRZLOBWXgADjLvfkFmsV40ZYIJJgMIxVxnhzSB672JgUpTeZQ
UCD8vYkj0PYu1+MrgrYRF4oLq0yZag08iUEV0zpqONVZRAzgP0c=
=Mz55
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.5.1 is now available.
This release includes a fix to prevent DoS by anonymous users performing
unlimited changes queries. See the release notes for more details.
Release Notes:
https://www.gerritcodereview.com/3.5.html#351
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.5.1/index.html
Log of changes since 3.5.0.1:
https://gerrit.googlesource.com/gerrit/+log/v3.5.0.1..v3.5.1?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.5.1.war
SHA1:
16a6b0cc2244cb5582d2d38c31e90b892cf98dd1
SHA256:
3fb5de878b6470dc8ef65ce22f2709cb8baecb5f16d89497dfaa33a0f33f7920
MD5:
02724d4b46b7e2e33da9214db942ff25
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmI0yfkACgkQC0731aK2
mH4dcxAAgRzq9sK7iBndGnOztTIJZWVZq5PupRyuGeN/GMlKU3GXzRVrI+izGjUB
DZ0n/D4pkx9GGKZPGNlRmhp513UKqv3GFkUl4KGFdG4CSnb1a9QJqV9uHS40JFku
BPi/QF4JtBS/8wyb9X8h31o6JOc7SxigptMkjP+MUosNvNE2c2+H4wjL7vdVD5hB
S2qBz8fGKa014ChrwPXgCnla11gKlycPFmFuXAtqxrCvXtzexhmjMclzMDlBbcQA
YUkp0E8WGQdfI8/wPoc8YEJHSoDw7dgUbewTdYlyhWH2WpsB68l4tEsxkEuYT2+0
vhdwFmdkeLrZaenF+JJhqk9JboUdpX1XRk35ytxyPXB8PP8Jc72X0M/1DjVrrP6E
9lEJP+IZOBRgU/UyrSWYUOexGGhASd1+uDcr2nKSTd+b+zyg72khV5cgVbE3FWEZ
gkX6ZOvrOVq4RnS01oxHOg0EnZtuiNLv81FQLBxoU0QGYX1xzs9ccGjF7wt7lbEp
iKhuSmz75dXbebdzKaYrJzEdtuZiDsxtKzc25PibiVT/ULhM97fRXoHDk7lJi5QB
CwHbX4wxcLesqmRnRZLOBWXgADjLvfkFmsV40ZYIJJgMIxVxnhzSB672JgUpTeZQ
UCD8vYkj0PYu1+MrgrYRF4oLq0yZag08iUEV0zpqONVZRAzgP0c=
=Mz55
-----END PGP SIGNATURE-----
Luca Milanesio
Mar 18, 2022, 2:12:07 PM3/18/22
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.5.1 are now available
Hash: SHA256
=====================================================================
How to install/upgrade: 3.5.1
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update & apt-get install gerrit=3.5.1-1
(on CentOS / RedHat)
yum clean all && yum install gerrit-3.5.1-1
(on Fedora)
dnf clean all && dnf install gerrit-3.5.1-1
If it is a new installation and you don't have the GerritForge repositories
configured, please follow the instructions at:
http://gitenterprise.me/2015/02/27/gerrit-2-10-rpm-and-debian-packages-available/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
latest => 3.5.1
3.5.1 => 3.5.1-almalinux8
3.5.1-almalinux8
3.5.1-ubuntu20
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
NOTE: CentOS 8 AppStream has disappeared; AlmaLinux 8.5 is used as replacement for the Gerrit image.
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.5.1.pkg
SHA1:
f972bd54fa23688bcf4d3d37ea32f6d017080e04
SHA256:
63d1ae340a6a95c7f2d12a73f4b251da774c8894df67a31fb436556aaa8a221f
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmI0ypgACgkQC0731aK2
mH6FMBAAj8pm9/KZK9VGFK+2yA3YRiVll+/WQHBJRW4381k55OXP/lNQpUofUgna
J9vG3xgVDnS/nPiNGlm01L0AjS5HhAse09hyKHPf/ogCxnzaETqfMCj4d9YRwvne
a3IFF063dqGyXf5Alhe/PgZylPhmRXkl106xOn8URIp326D+AG9oIKjsYyEeKtBe
U8UXf8op+LHXmzvbSmtQ9oavBFdpr1TdzJAz/Q6cRVVMnLOzgKWr2xHZG3HpKBbo
Mx5wm8VNQ+rRjGWewEbgp+7vOVznBw027lZuxtrTjWKhlTabQFXpa/gB+zyUB8Id
LQePjPmUko8E068JMNquUcgk5Hg3vbBkwsU2Yej5UtBPBn4f2h0cgBDrSAIkx+rM
Az+ZTHQ+yKutEG1DF5+iPBAwIpEKR4r1lxpC9Zk27CpIXrHndPCPIQvPbkK6p3z+
2XKimdTpdAK+91r9/z4t0AMK8vMiiiGf3dLX5Pt2Alqr4tcIXsa5va+Rf7qU1sb7
2bJw06OuEF6rbnqVgoaPPddNkcJkUeYU2n7xU271xS0/S+Vi1AUbPScO5MR6SfNT
CgUsZiNFMp2VTbAOszBaGERVVsr2DrcLO62eWBYCsSMPF/HF/Ii07MOqxDowwOZH
MrqPqgrZrBbaeNw9E8dLf00mBjp7et/1PoM41Lwhk+NCAgDMSJw=
=hfqV
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages