[ANNOUNCE] Gerrit 2.16.3 w/ JGit security fix

[Luca Milanesio]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerrit version 2.16.3 is now available. This release includes security fixes for git-upload-pack. Please see the release notes for details.

Release Notes:
https://www.gerritcodereview.com/2.16.html#2163

Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/2.16.3/index.html

Log of changes since 2.16.2:
https://gerrit.googlesource.com/gerrit/+log/v2.16.2..v2.16.3?no-merges

Download:
https://gerrit-releases.storage.googleapis.com/gerrit-2.16.3.war

SHA1:
9d12fdcc957be9138bdc60f26a3448a83eb6eb54

SHA256:
cd5b177509d3eab9e3b49f287fa1e51584df11d5d3fc8fbc912a01e2581dbb3a

MD5:
6e85f7007c4323049c10e257713bb81d

Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJcOKMyAAoJEB//ql4Ycfd1MIgH/3pQ6AHkVE0lkPhxv5l65+CM
hkVjSBJc+WWZ2X+bbjA0WmZ/qFCSHv5brhNFXY8QVepvNaSUcmHxnK0ehtpdyqXA
i2h0B0dLWLvbm+pFS/4NyXdBmAJsB1BAUqX9ApcJPFFCAokGOAUSKyl9/OZTcaNB
Ps1rn63s6n+2AF6bgaAxfLGGH1XskvkMD3cTENmaNFvzaOkXcXwTmuw/Ut91Ge+e
SV5XVRu3f5UPP8+hl4ZDjAn6UOUy7PExln19imZo5hmQZE6SECnA7zIyKN5WEOCy
CqmTQj0Mw9czpovQXajoyyRE6rhXGVYkNOosSrgO3dn694i4xsJn6AWZaO7ihyA=
=fHPP
-----END PGP SIGNATURE-----

[Luca Milanesio]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Binary packages (Deb / Rpm) of Gerrit version 2.16.3 are now available.
=======================================================================

How to install/upgrade: 2.16.3
******************************

If you have a previous version of Gerrit 2.1x installed via native packages:

(on Debian / Ubuntu)
apt-get update & apt-get install gerrit=2.16.3-1

(on CentOS / RedHat)
yum clean all && yum install gerrit-2.16.3-1

(on Fedora)
dnf clean all && dnf install gerrit-2.16.3-1

If it is a new installation and you don't have the GerritForge/BinTray repositories
configured, please follow the instructions at:
http://gitenterprise.me/2015/02/27/gerrit-2-10-rpm-and-debian-packages-available/

Docker images:
**************

Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/

The following tags have been published
latest => 2.16.3
2.16.3 => 2.16.3-centos7
2.16.3-centos7
2.16.3-ubuntu16

More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit

MacOS native package:
*********************

MacOS Gerrit native installer is available for download at:

https://dl.bintray.com/gerrit/mac/gerrit-installer-2.16.3.pkg
https://gerritforge.com/gerrit/mac/gerrit-installer-2.16.3.pkg

SHA1:
b0ca44ddd77585269eb08ee29b77448aed021c21

SHA256:
6ea9f21519349d3ab7ca78be962ce858da3f433a3240356eee8932c79acff389

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJcOd0IAAoJEB//ql4Ycfd1fEMIAIuFEpwrf3LzBeoLjuwGR9BQ
zCwyjNpshZ3R0M9xvOUGygHg7eIYY4K9fS4sftV1xMP5z0isOU7TyShTLNRlG6A+
jK9NQXqZmysHNnzMeS5t3WmPRbBVn9/wtC2Iy77jYFjpUuFjHWaovLrYGszz7Jwn
fTLPQ45XgUkyo1vCTTUfTpAl3MBCmCdzmD3NI7y8OC75cLOcjsLYMVbCqG3ikx6A
cmj0vnwvJp5dkch0Pczse2w/jJGBH/iwKLs5OJwV+V8h0zhnVSTJsg4Wx8EfgjgD
uNh1bVhJELzeWFy/rqWvKKF1SNnXaoAbuG/SA3g79tewnwDEo3lK+wvVNDBxmac=
=SgW0
-----END PGP SIGNATURE-----

[Fabio Porcedda]

Il giorno venerdì 11 gennaio 2019 15:08:58 UTC+1, lucamilanesio ha scritto:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerrit version 2.16.3 is now available. This release includes security fixes for git-upload-pack. Please see the release notes for details.

Release Notes:
https://www.gerritcodereview.com/2.16.html#2163

Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/2.16.3/index.html

Log of changes since 2.16.2:
https://gerrit.googlesource.com/gerrit/+log/v2.16.2..v2.16.3?no-merges

Download:
https://gerrit-releases.storage.googleapis.com/gerrit-2.16.3.war

The https://www.gerritcodereview.com and https://www.gerritcodereview.com/2.16.html pages still have only urls up to 2.16.2, the 2.16.3 urls are missing from those pages.

 

[Luca Milanesio]

Re-publishing it now ...

Luca.

 

-- 
-- 
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Luca Milanesio]

On 22 Jan 2019, at 17:11, Luca Milanesio <Luca.Mi...@gmail.com> wrote:

On 22 Jan 2019, at 17:07, Fabio Porcedda <fabio.p...@gmail.com> wrote:

Il giorno venerdì 11 gennaio 2019 15:08:58 UTC+1, lucamilanesio ha scritto:

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 

Gerrit version 2.16.3 is now available. This release includes security fixes for git-upload-pack. Please see the release notes for details. 

Release Notes: 
https://www.gerritcodereview.com/2.16.html#2163 

Documentation: 
http://gerrit-documentation.storage.googleapis.com/Documentation/2.16.3/index.html 

Log of changes since 2.16.2: 
https://gerrit.googlesource.com/gerrit/+log/v2.16.2..v2.16.3?no-merges 

Download: 
https://gerrit-releases.storage.googleapis.com/gerrit-2.16.3.war 

The https://www.gerritcodereview.com and https://www.gerritcodereview.com/2.16.html pages still have only urls up to 2.16.2, the 2.16.3 urls are missing from those pages.

Re-publishing it now ...

Luca.

Found the problem actually:  the 2.16.3 notes are there, but they are not linked.

https://www.gerritcodereview.com/2.16.html#2163

Will post the fix to the homepage.

[Luca Milanesio]

On 22 Jan 2019, at 17:14, Luca Milanesio <Luca.Mi...@gmail.com> wrote:

On 22 Jan 2019, at 17:11, Luca Milanesio <Luca.Mi...@gmail.com> wrote:

On 22 Jan 2019, at 17:07, Fabio Porcedda <fabio.p...@gmail.com> wrote:

Il giorno venerdì 11 gennaio 2019 15:08:58 UTC+1, lucamilanesio ha scritto:

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 

Gerrit version 2.16.3 is now available. This release includes security fixes for git-upload-pack. Please see the release notes for details. 

Release Notes: 
https://www.gerritcodereview.com/2.16.html#2163 

Documentation: 
http://gerrit-documentation.storage.googleapis.com/Documentation/2.16.3/index.html 

Log of changes since 2.16.2: 
https://gerrit.googlesource.com/gerrit/+log/v2.16.2..v2.16.3?no-merges 

Download: 
https://gerrit-releases.storage.googleapis.com/gerrit-2.16.3.war 

The https://www.gerritcodereview.com and https://www.gerritcodereview.com/2.16.html pages still have only urls up to 2.16.2, the 2.16.3 urls are missing from those pages.

Re-publishing it now ...

Luca.

Found the problem actually:  the 2.16.3 notes are there, but they are not linked.

https://www.gerritcodereview.com/2.16.html#2163

Will post the fix to the homepage.

Fix is here for review.

https://gerrit-review.googlesource.com/c/homepage/+/211182

Luca.

[Luca Milanesio]

On 22 Jan 2019, at 17:17, Luca Milanesio <luca.mi...@gmail.com> wrote:

On 22 Jan 2019, at 17:14, Luca Milanesio <Luca.Mi...@gmail.com> wrote:

On 22 Jan 2019, at 17:11, Luca Milanesio <Luca.Mi...@gmail.com> wrote:

On 22 Jan 2019, at 17:07, Fabio Porcedda <fabio.p...@gmail.com> wrote:

Il giorno venerdì 11 gennaio 2019 15:08:58 UTC+1, lucamilanesio ha scritto:

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 

Gerrit version 2.16.3 is now available. This release includes security fixes for git-upload-pack. Please see the release notes for details. 

Release Notes: 
https://www.gerritcodereview.com/2.16.html#2163 

Documentation: 
http://gerrit-documentation.storage.googleapis.com/Documentation/2.16.3/index.html 

Log of changes since 2.16.2: 
https://gerrit.googlesource.com/gerrit/+log/v2.16.2..v2.16.3?no-merges 

Download: 
https://gerrit-releases.storage.googleapis.com/gerrit-2.16.3.war 

The https://www.gerritcodereview.com and https://www.gerritcodereview.com/2.16.html pages still have only urls up to 2.16.2, the 2.16.3 urls are missing from those pages.

Re-publishing it now ...

Luca.

Found the problem actually:  the 2.16.3 notes are there, but they are not linked.

https://www.gerritcodereview.com/2.16.html#2163

Will post the fix to the homepage.

Fix is here for review.

https://gerrit-review.googlesource.com/c/homepage/+/211182

And published :-)

@Fabio thanks for the feedback, much appreciated.

Luca.

[Fabio Porcedda]

Il giorno mar 22 gen 2019 alle ore 18:55 Luca Milanesio
<luca.mi...@gmail.com> ha scritto:

You fixed it in a flash.

Thanks
--
Fabio Porcedda