[ANNOUNCE] Gerrit 3.7.7 w/ Security Fixes
79 views
Skip to first unread message
Luca Milanesio
Feb 23, 2024, 1:01:23 PMFeb 23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.7.7 is now available.
Includes security fixes for SSHD (see CVE-2023-48795).
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.7.html#377
Documentation:
https://gerrit-documentation.storage.googleapis.com/Documentation/3.7.7/index.html
Log of changes since 3.7.6:
https://gerrit.googlesource.com/gerrit/+log/v3.7.6..v3.7.7?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.7.7.war
SHA1:
56939fea37be03af64fd4937a7457cf404264714
SHA256:
01ed6b3ba2ac27192d6501e2de80facafec84f514212a92db425a7f00be882a1
MD5:
a885fbcfda21dfb0bce675a9455512ed
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmXY3SgACgkQC0731aK2
mH5cbxAAjtqRMD5r+Pzeo3fe+Ctu7FPJ+w6fip1Ngp2Zx8yAPUgl582szQ8BqmEJ
GPMUoUoL9y7KXF8Q2ZyFmk6qNDQYWA2WYifQjtYyzXrj2G1i/Gowk9S2xTgpJIiY
mYM3gUA7THb0XkIgutFpXhjle73/jTTOsNQOrmEbBRpO/VEowtPxlnHff3bNUWrx
JFRmWTqND4Nl5DtFojhGFHFhoOEhOsOAkY9+o+igBBf2blEhvDMg5gO6q170A0mz
Ve/rCtFz/uDo4ct4JZx1zVVlfWT/egPR3zFQfJ7BzgI1+BNCbqnZve9WPaojnZsU
BIeX0osCGjoWlQMy7SQ/SWzriEo/3vjC9yCs3WfPImjU9gIwUWYdfaImXKszYWK7
0J8AzDYxW5eX6m5HsU2yFQYBv7Q9u1HoR+e6WHHvQXC9lKA+bS0RYdmP5TIrlAz8
eMb6tfS1bxluZcYgM+A0HyyBfuA/g58cHdsX+LIM8L7xr4SXxcYf8CruOcQHiK4Y
hR0Zvq4/SUELDFCil0K3R4Vh8W2rVkE1UMp3MOSgFRyRR/p+pUudNz/YodYZrAOI
7t9knua0zqhsij9aiB4ZGjwgtNv94Kzsf6cktxMRDnw97sCjB3JBT1WVWFVglqRw
tIUV4DhWFBfOJ8yBzd+C8dPVorZlXpMItKiRRkC55r3rrUVfezs=
=DIKl
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.7.7 is now available.
Includes security fixes for SSHD (see CVE-2023-48795).
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.7.html#377
Documentation:
https://gerrit-documentation.storage.googleapis.com/Documentation/3.7.7/index.html
Log of changes since 3.7.6:
https://gerrit.googlesource.com/gerrit/+log/v3.7.6..v3.7.7?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.7.7.war
SHA1:
56939fea37be03af64fd4937a7457cf404264714
SHA256:
01ed6b3ba2ac27192d6501e2de80facafec84f514212a92db425a7f00be882a1
MD5:
a885fbcfda21dfb0bce675a9455512ed
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmXY3SgACgkQC0731aK2
mH5cbxAAjtqRMD5r+Pzeo3fe+Ctu7FPJ+w6fip1Ngp2Zx8yAPUgl582szQ8BqmEJ
GPMUoUoL9y7KXF8Q2ZyFmk6qNDQYWA2WYifQjtYyzXrj2G1i/Gowk9S2xTgpJIiY
mYM3gUA7THb0XkIgutFpXhjle73/jTTOsNQOrmEbBRpO/VEowtPxlnHff3bNUWrx
JFRmWTqND4Nl5DtFojhGFHFhoOEhOsOAkY9+o+igBBf2blEhvDMg5gO6q170A0mz
Ve/rCtFz/uDo4ct4JZx1zVVlfWT/egPR3zFQfJ7BzgI1+BNCbqnZve9WPaojnZsU
BIeX0osCGjoWlQMy7SQ/SWzriEo/3vjC9yCs3WfPImjU9gIwUWYdfaImXKszYWK7
0J8AzDYxW5eX6m5HsU2yFQYBv7Q9u1HoR+e6WHHvQXC9lKA+bS0RYdmP5TIrlAz8
eMb6tfS1bxluZcYgM+A0HyyBfuA/g58cHdsX+LIM8L7xr4SXxcYf8CruOcQHiK4Y
hR0Zvq4/SUELDFCil0K3R4Vh8W2rVkE1UMp3MOSgFRyRR/p+pUudNz/YodYZrAOI
7t9knua0zqhsij9aiB4ZGjwgtNv94Kzsf6cktxMRDnw97sCjB3JBT1WVWFVglqRw
tIUV4DhWFBfOJ8yBzd+C8dPVorZlXpMItKiRRkC55r3rrUVfezs=
=DIKl
-----END PGP SIGNATURE-----
Luca Milanesio
Feb 23, 2024, 5:10:55 PMFeb 23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.7.7 have been released
Hash: SHA256
=========================================================================
How to install/upgrade: 3.7.7
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.7.7-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.7.7-1
(on Fedora)
dnf clean all && dnf install gerrit-3.7.7-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published for amd64 and arm64:
3.7.7 => 3.7.7-almalinux8
3.7.7-almalinux8
3.7.7-ubuntu20
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.7.7.pkg
SHA1:
084a5fd669ecb8b3ff423164af56df9747a12c09
SHA256:
3d14e978428b5c66baff0c77aa71e8c47e0e4b2e5684a32c793a9f339baf22ae
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmXZFmoACgkQC0731aK2
mH6r+A//Qve24RHbIjeRpVA3HZcGGrZBh8moxk/qZzflZYlC2NUMGfSlJAxMWGZD
7xdTyvfAnRJkeCmicdvGRXcDBQVvRGPisA/F+y5pPSU02Yl1kfFoCTvFDYXs79gQ
3lPn1LTBo40k9gsYy7+v5KmcRncqlPTaCP7vr2WPzn6UWDmZXOgmwqbhJUNIdxz6
29ZC29aPpUlcul7OiRHnEJ82SCdghVAS5AqtaDKUpeO2wZd+9p2yIhy7oBzloxvt
wKqhdSgmYH3ifl8gCJXDMjc368Pfk3K8GT4SRgLYiikizU3+RTFzQIiMxP3OiPbP
zbjoigHbxgyJycKBye4xU7oyEMIhjQHUe2FrMCNzRu0tyZyQ37w5JUvbcid0MsOJ
XXNyAj6DjiYxrY6m8Dpl+zz2PwVww73ZtlZeCl5bZlBKOMsudBcOCfDFEZg3lczd
drWodn7vmpYmiJUtHjQ8Ji/gXeBlEnvJU7eEVLmX0pkic3mG8ZJnrvBgMwcwQc/T
sp0jlxx/Bhk/cALLUg8bfDTNRdYYYb/Dh7jj+6W91BrHYrBBdEXNCbnTqJRb216u
oKjGDsx7sEBof4hULqez7fow36tJhz6U32MLxIjTQL86tIDNpcGJdqP0Jdm0qLYr
Yv5BJPtLZz68pCUBkc2hvPMLuTisjuY1sHs9O8xTqGSaitMJQnM=
=yIjm
-----END PGP SIGNATURE-----
lucamilanesio
Feb 27, 2024, 7:25:00 AMFeb 27
to Repo and Gerrit Discussion
Hi all,
the Gerrit v3.7.7 was impacted by an incorrect bump of the JGit module [1], this has now been fixed in stable-3.7 and I will announce tomorrow the release of the fixed version, v3.7.8.
Apologies for any inconvenience caused.
Luca.
Reply all
Reply to author
Forward
0 new messages