[ANNOUNCE] Gerrit 3.13.4 w/ Security Fixes
0 views
Skip to first unread message
Luca Milanesio
3:38 PM (2 hours ago) 3:38 PM
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.13.4 is now available.
Includes a security fix for a critical vulnerability associated with the use of change submission on create/update and change.submitWholeTopic.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.13.html#3134
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.13.4/index.html
Log of changes since 3.13.3:
https://gerrit.googlesource.com/gerrit/+log/v3.13.3..v3.13.4?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.13.4.war
SHA1:
e1ee2d9ea4e9c718f55b97fb63f65808224865a2
SHA256:
d82b30824a4a7bc5d1c76e38f7b7536a07f2fa45a22e5b9a73eabd97e5250389
MD5:
7b78f3f194388035bf8e07148777095d
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnRowACgkQC0731aK2
mH4ESA//UgUwX7tsiCjzTerncyX0uVjtfn2TCkKVSNg0JrwDKREUsGlLbZWTD4E1
LVoIA8QkY8EZfAQ0DCVImAbbSPUo3UjekJa2d0oPqedg+ilfyNNpyjRxywVV6XFv
BsrgNBzI9u0lDrFrHfV9DZpNp2uWNZZwpz3oLBhEx+tckUEn0m6u0HI0hFqUJRr6
1Bc7PcRufcBYjJ34vgSYgIr7q9H8BbANv8APinFfHZdLo1lk/8tQEKsasVLNmQFx
mi0yyX5kfidXPk5Kkq8GEQD+KAxmPKVGe8QQio2LCUZDFztx+YwrqKi9+hY9pU7T
7Kw5B9ZXucYSyI0vyDOi5HDjV7g8u+0uJKPRfYmO3rYGEr/Nc9qMUn7qnNenwxTe
WiKS32re0dfQoKbcwIXXrR4fVM1DZ7f148CN6D027pNGYc6SMDmo1M5oAiSB/ADw
79vzZHGDc+vLNjHgYjH6Aq5OK4vT/8iq9Jtyy8HnQw8cPj2ljYaXPvER33gq/WJu
pJOdPgvsvWebJK94ZPNwq433sAQFaOsQujEx1D4+xzfWd6THRaNBJFWjTSzevRUD
/2t7ZTY4d3zQOKkBrpAj8vnNwHNevXKSicy0CJVCsnvTH9a9IdwLEHKBrER+wrPY
n4/qo+X1LxWf7xyPH6a0z7EIjaLopWTk1JaKYI4IHSA7C5OQgwo=
=V0aF
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.13.4 is now available.
Includes a security fix for a critical vulnerability associated with the use of change submission on create/update and change.submitWholeTopic.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.13.html#3134
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.13.4/index.html
Log of changes since 3.13.3:
https://gerrit.googlesource.com/gerrit/+log/v3.13.3..v3.13.4?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.13.4.war
SHA1:
e1ee2d9ea4e9c718f55b97fb63f65808224865a2
SHA256:
d82b30824a4a7bc5d1c76e38f7b7536a07f2fa45a22e5b9a73eabd97e5250389
MD5:
7b78f3f194388035bf8e07148777095d
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnRowACgkQC0731aK2
mH4ESA//UgUwX7tsiCjzTerncyX0uVjtfn2TCkKVSNg0JrwDKREUsGlLbZWTD4E1
LVoIA8QkY8EZfAQ0DCVImAbbSPUo3UjekJa2d0oPqedg+ilfyNNpyjRxywVV6XFv
BsrgNBzI9u0lDrFrHfV9DZpNp2uWNZZwpz3oLBhEx+tckUEn0m6u0HI0hFqUJRr6
1Bc7PcRufcBYjJ34vgSYgIr7q9H8BbANv8APinFfHZdLo1lk/8tQEKsasVLNmQFx
mi0yyX5kfidXPk5Kkq8GEQD+KAxmPKVGe8QQio2LCUZDFztx+YwrqKi9+hY9pU7T
7Kw5B9ZXucYSyI0vyDOi5HDjV7g8u+0uJKPRfYmO3rYGEr/Nc9qMUn7qnNenwxTe
WiKS32re0dfQoKbcwIXXrR4fVM1DZ7f148CN6D027pNGYc6SMDmo1M5oAiSB/ADw
79vzZHGDc+vLNjHgYjH6Aq5OK4vT/8iq9Jtyy8HnQw8cPj2ljYaXPvER33gq/WJu
pJOdPgvsvWebJK94ZPNwq433sAQFaOsQujEx1D4+xzfWd6THRaNBJFWjTSzevRUD
/2t7ZTY4d3zQOKkBrpAj8vnNwHNevXKSicy0CJVCsnvTH9a9IdwLEHKBrER+wrPY
n4/qo+X1LxWf7xyPH6a0z7EIjaLopWTk1JaKYI4IHSA7C5OQgwo=
=V0aF
-----END PGP SIGNATURE-----
Luca Milanesio
3:53 PM (2 hours ago) 3:53 PM
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.13.4 are now available
Hash: SHA256
==========================================================================
How to install/upgrade: 3.13.4
**********************************
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.13.4-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.13.4-1
(on Fedora)
dnf clean all && dnf install gerrit-3.13.4-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
latest => 3.13.4
3.13.4 => 3.13.4-almalinux9
3.13.4-almalinux9
3.13.4-ubuntu24
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit
To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update
To install Gerrit with Homebrew:
brew install ger...@3.13.4
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.13.4.pkg
SHA1:
779381b6dbc6476a28405a51689e81df4f843f45
SHA256:
7ddb5585d99dbbd973594fd9dfe65f6b57947a802032a45bbdb8c8e9bc07872f
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmmnShMACgkQC0731aK2
mH7EmA//cvaG63qVMjZUFekHytAN/vA9SlyZ+RJaNeH8ZgKe2Z6GVIT6mN6ugb/O
Hi0OWbsR76JrmzTI3DsvMuFgO/F3XRaBv8ebkJ4WsLpi6u7smvXkaVTH3licBijx
CeDOk0+GCf3UXcxGqzgQ9APfOTa+MBl4K5G/PCP+pVZsvvDZDdw2ewxzCUE7Ufut
poufHvWN19uqwAxSELuehFa0N8I1U0UKXk8cJpA9bvOm6nyg+BbKy1KcEBrwhPik
xxEF8fHfBEFSjWY+jr7SAqcrY4N36c/v9ZI3UOXaB19nOrVQhz7dEINOcdxWyB4T
0T2W8Zz9S77CNSt5DzaF9mdZVveZrffH1K9MNFUj+cmbuy9Uvr1iTdb1zylH65Oa
2acaem28hTicLHqpE/wRdXF79P8lpRf6rzAL5/gLHs+LL6ujlpK0+IrhalHtHzFe
YWtZDPAlNbXAOOA8rCZsvxbCXiPKCOBUm5UMPV9qSUQgCPNng07gDKjtiwEhBPrd
V+YuZE8bhSTx+ulxbviYLnkq4MXl+eOrjMC/HgMBgQCrnTe5I1CAwr8hcDS4HM/S
Fqlu5xj70qw+Omz2IBNx4E1TLqrJWiK3M1Ep9RdYlPo/lEJpuU9GH3J3OVIWRDoG
LJnYPhxC71dgh9evPcARUkWxZYRp02jCeC5mhcG81HFZQRlq9F4=
=FvR3
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages