[ANNOUNCE] Gerrit 3.8.4 w/ Security Fixes

[Luca Milanesio]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gerrit version 3.8.4 is now available.

Includes security fixes for SSHD (see CVE-2023-48795).
Please see the release notes for details.

Release Notes:
https://www.gerritcodereview.com/3.8.html#384

Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.8.4/index.html

Log of changes since 3.8.3:
https://gerrit.googlesource.com/gerrit/+log/v3.8.3..v3.8.4?no-merges

Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.8.4.war

SHA1:
496b9c6e14b889c3a253d4e2ff09418c64f2ea0d

SHA256:
273434584415a9d71e5da9d4b4bc14af5df32d0c9b7ea6e76374d8bcf481746f

MD5:
62a4bb53a88246f1573d128ce4836b83

Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmXZM7UACgkQC0731aK2
mH7VwQ//e+cW+r8L7APD4CwcT41r7axZyuYDvElwElF5knXme5OkkXKYEjIfGPNa
sZpPlGpnWiRafCs+WrVQu5yS1CAYJQEAtl+Cxv25Ehx8mozdsCOtkOTMiKjjOmtm
aPD3BEK3AERgJnoa9KgwiBPPZl5/q2I3Cz5+gupbZEOldWSE4PzZ4pWuyAr0RC2K
foQdyiEIm/Dy69rqswHYYPwR3Q2BViyQMf4vgB8u3OGPwe81+Ri9DMwcSvqDWwzX
N4bpPdktOuelI0EX3nyacaeKu5kDaGcSgRbKUZWxVwe3aUfcHpNWvTadjnPBe/Or
iSWqhKxgtJIvGsG2SLltky6zlujWITU7z4gw0Vjf3o41YmIqhzypOBHTPnkigiN3
9dRQVmp9Ta9VgiYnBnaRTHZghn1cR/nv6G25GiU9EUtuXQVpkn/yWmzLOeHq7VH9
hr4k/CgRXIWLN+8KqJy1AdQQKW17HFi9r5YDxTa3XEz+53yZI+/Cuku0FUGKAQbH
QJ5pWUE07Hg7N8LqOZovRiYvflT+pMgZbYTVZJxHL9upHyg8e2hdjLLZYyQ8AchP
etbMcW7NEnYuXOqHmr6xhvgrJI5V8UoCz/eJQIHPE2wOSuqA9SGiwJe0QNJPPXID
HzO21zOZBS4rLkf4z7iuH/HH9wljfanh4xNTya/bgL176/aNYu8=
=msit
-----END PGP SIGNATURE-----

[Luca Milanesio]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Binary packages (Deb / Rpm) of Gerrit version 3.8.4 have been released
=========================================================================

How to install/upgrade: 3.8.4
*****************************

If you have a previous version of Gerrit 3.x installed via native packages:

(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.8.4-1

(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.8.4-1

(on Fedora)
dnf clean all && dnf install gerrit-3.8.4-1

If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/

Docker images
*************

Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/

The following tags have been published for amd64 and arm64:
3.8.4 => 3.8.4-almalinux9
3.8.4-almalinux9
3.8.4-ubuntu22

More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit

MacOS native package
********************

MacOS Gerrit native installer is available for download at:

https://gerritforge.com/gerrit/mac/gerrit-installer-3.8.4.pkg

SHA1:
aa3038f92240f8a26960d5db0dd230a737057813

SHA256:
bb3b97bf136c1dfb46202fb4080cdc4bfd4cf3b089e8d81c9b4cbf975f64a645

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmXZNLEACgkQC0731aK2
mH5Mzg//TNqbn1BuOOUlftMVZjYZPv+1dabV0rMO4UY9dUHxfS1BKHknPOjbP+Ft
vgZ4v1JhDmPA3q3qe1NbuMmnuRmOCiIUE3cZS1mK9+4rPWVGon+B1sniLeH3zfJ4
AfnVqTeKczNgjGSYtzW1uLokuOcHnXSZsTPbsjGpS8ed9a2QfZGY3FQ8hwvQT4Fw
u3bXbvc/FWXctlpxDH9jX58qfCimmvuSl3/5ZpO+gLR8Ub2cKdkWD3cv9/2OswYV
qv03owRg63Qa3mIRwOLXV7YdF6ob1itrRI02lGhSF3Ua7ZmJa0tP6jbO3jsUxYlD
VyU/NFxEVLjqXds5g75P43bscqYpLIifsSq6bwqIiljfSuSjcEFFYq3GaQilRguD
3BW+0KIGnFyDs1ImwvrDIxFdxJmq7cSmty+vGkbr19iunlypphhKRTJqPAPa8ol0
rakJSHT7WbpY8/b59QXUjlLFi4dRWqoABJVQZR3SU+jDgBZvxhUDHXfCNcp8cMjY
4CGGRTbgC9ev2aLlvxPu9GYj+aZptF6Rghh6HfzXxhCH9SId6fnLckROl497icBH
dPpQ3DbqV8e7d8hqM2wlMrvBDKPLbA6D9yKVlvk0xTmoHeRK8/9YeVagGUczSdBe
N39Emd/4BJVdejhqh4gRqIg2jdQ0r2S2iSDv+U6m2DrImpEacMs=
=tz2r
-----END PGP SIGNATURE-----

[Aaron Smith]

On Friday, February 23, 2024 at 4:10:15 PM UTC-8 Luca Milanesio wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gerrit version 3.8.4 is now available.

Includes security fixes for SSHD (see CVE-2023-48795).
Please see the release notes for details.

Many thanks to the Gerrit team for timely releases and a quality product! When do you expect to release 3.9.x version with this CVE fix?

[Luca Milanesio]

On 5 Mar 2024, at 20:24, 'Aaron Smith' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:

On Friday, February 23, 2024 at 4:10:15 PM UTC-8 Luca Milanesio wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gerrit version 3.8.4 is now available.

Includes security fixes for SSHD (see CVE-2023-48795).
Please see the release notes for details.

Many thanks to the Gerrit team for timely releases and a quality product! When do you expect to release 3.9.x version with this CVE fix?

It is on my backlog, now that v3.7.8 is out of the way.

It will be out by the end of this week.

Luca.

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/0e021ed0-3b69-4be2-ab15-9769e4ac310fn%40googlegroups.com.