[ANNOUNCE] Gerrit 3.7.6 w/ Security Fixes
64 views
Skip to first unread message
Luca Milanesio
Nov 24, 2023, 8:52:32 PM11/24/23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.7.6 is now available.
Includes security fixes for a well-known DoS on Jetty with HTTP/2
(see CVE-2023-36478 and CVE-2023-44487).
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.7.html#376
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.7.6/index.html
Log of changes since 3.7.5:
https://gerrit.googlesource.com/gerrit/+log/v3.7.5..v3.7.6?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.7.6.war
SHA1:
1ee606e0e7d10f38af24ce2988129d408f6bcc24
SHA256:
5833591a7da002846917a5e7990400f8b75fa48d5c2e2448fd2eb61df46acae6
MD5:
7b0fc8ce870ef2335048c78338940b85
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVhUxkACgkQC0731aK2
mH7laBAAo6r9ZRbPsHKaVJYFLLzVX102Lww7+mxRdleDTOSRoOvQMGFHEo0Y0F4R
ohiZLeIOAt8C0HM15QfGIY1HBjoIF0qt323jRzYK8Jm44FM90ZM8rjLqNvivQQwe
/xOEwz9XqCmX3b/aovcmNRgc2R257gvka5Eul6tH8Z25UbFv92DaRT8QihA6v8gg
V0+7tiKqZGNNKYwY2HZyO6BvXRnb2KxKeY8zZuJFSKZipgzUKVEKpRRVMalwc/s9
RpvcXjWWbAFMLGMOR4Ndw0tnts9aYGGiR/O7nmZtjE3JmSoXWenJeiKLn7irw2T0
jpoEhPFnF2AsxfKU3SHWeB8WG0KmbLqpu8VWizZAgqghJ91a4xMyOFYl1Q4UiFFg
DSnHWwpfVOfuP+ojemmmbcUnEZZWvtTACFcIKWXCXcIXi04xTduYlQwm8KdPxzl0
m89w7DAchHU7SqsDFhVjolqNEVOP6jLCT9WwH/ihy0d2nMMPu0N/fKTgP7a6mB7Y
9po71Yf8At9N3PLIxY7KnWQEVhpaw1E5ZqfLDAhEBhs1pDOETVqeTZRlkK9WNdiS
LbWes7l/8Qbkp+cbGhg2lNJZtAjapdyovLlhokmxTal2ch+zWLnK2jPoXwMs/PnH
wFLNC1006MCuDK1vVXRBB8QdnL/IiDRvP8OwcbzKIlfClX7mp4I=
=+KxB
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.7.6 is now available.
Includes security fixes for a well-known DoS on Jetty with HTTP/2
(see CVE-2023-36478 and CVE-2023-44487).
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.7.html#376
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.7.6/index.html
Log of changes since 3.7.5:
https://gerrit.googlesource.com/gerrit/+log/v3.7.5..v3.7.6?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.7.6.war
SHA1:
1ee606e0e7d10f38af24ce2988129d408f6bcc24
SHA256:
5833591a7da002846917a5e7990400f8b75fa48d5c2e2448fd2eb61df46acae6
MD5:
7b0fc8ce870ef2335048c78338940b85
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVhUxkACgkQC0731aK2
mH7laBAAo6r9ZRbPsHKaVJYFLLzVX102Lww7+mxRdleDTOSRoOvQMGFHEo0Y0F4R
ohiZLeIOAt8C0HM15QfGIY1HBjoIF0qt323jRzYK8Jm44FM90ZM8rjLqNvivQQwe
/xOEwz9XqCmX3b/aovcmNRgc2R257gvka5Eul6tH8Z25UbFv92DaRT8QihA6v8gg
V0+7tiKqZGNNKYwY2HZyO6BvXRnb2KxKeY8zZuJFSKZipgzUKVEKpRRVMalwc/s9
RpvcXjWWbAFMLGMOR4Ndw0tnts9aYGGiR/O7nmZtjE3JmSoXWenJeiKLn7irw2T0
jpoEhPFnF2AsxfKU3SHWeB8WG0KmbLqpu8VWizZAgqghJ91a4xMyOFYl1Q4UiFFg
DSnHWwpfVOfuP+ojemmmbcUnEZZWvtTACFcIKWXCXcIXi04xTduYlQwm8KdPxzl0
m89w7DAchHU7SqsDFhVjolqNEVOP6jLCT9WwH/ihy0d2nMMPu0N/fKTgP7a6mB7Y
9po71Yf8At9N3PLIxY7KnWQEVhpaw1E5ZqfLDAhEBhs1pDOETVqeTZRlkK9WNdiS
LbWes7l/8Qbkp+cbGhg2lNJZtAjapdyovLlhokmxTal2ch+zWLnK2jPoXwMs/PnH
wFLNC1006MCuDK1vVXRBB8QdnL/IiDRvP8OwcbzKIlfClX7mp4I=
=+KxB
-----END PGP SIGNATURE-----
Luca Milanesio
Nov 24, 2023, 8:59:39 PM11/24/23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.7.6 have been released
Hash: SHA256
=========================================================================
How to install/upgrade: 3.7.6
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.7.6-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.7.6-1
(on Fedora)
dnf clean all && dnf install gerrit-3.7.6-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published for amd64 and arm64:
3.7.6 => 3.7.6-almalinux8
3.7.6-almalinux8
3.7.6-ubuntu20
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.7.6.pkg
SHA1:
29b0d7351f3f04dd142fa0615ffb41c801e081f8
SHA256:
24669691b3795d94ed4f7743c6d2bc079826017f1e28b640a0faca3acdd7395e
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVhVNQACgkQC0731aK2
mH5zbA/8DqNuK9T6YRKv7h3yaDKFY5BzqdIseVovpGis3XuCz0gwf1z29KfQL9N5
32+IbfjzU8SS+VO90Q/VF/0H/Yw7zqqOw2o5RLIJ2XvvnKRa5TH7Ka9J9Dv84QMk
KKpIwms3UZZamJ7Sl7muaw+dfPlCGt10T9CAabusmPfyU0IJdTkajILVx1yJLBiw
dolSAboLcXgT/CHOjOYyLFAPe7wCRCOtTMeUS4piQLC1YZ7vdkdEHrvlpxrCwau5
qMi1pd5BuaqM6ymFI94KVDzxzBCeU/Rk5ffUCj39xMa/usJpr+53UXV0LRW7NEOL
NEWXGp2lDzpnk7yV32EqTNsy2p+6OTq+emyIWI3KI0Y+ulkTA+4J5UcsTwf4sFGH
qsvJpE7U9Q0GJtEFkAAoXUMSRZ7tGsqKHHXD2OAN0evtKDDIWoP99Yd2xnM1U8ZC
i8kCONWp3HWiHAdEbDB2dhkisuWtHGuGFaXjvGtVDyuhqZE9/1vrB4iblOwlK9NQ
JuGGFN6MVtQTKFele4zvRH+awTtlKdrxXMtUaRWy/S3kA5aBg/c/h7YhKTu9Vwxl
sXoKJl8FzJaAneRdO7Pv4GG5p3HSrmKFDOwcuC+GIkoIH9mpjbg4zS49nkgRfKkQ
eOG9TkEOaxkkM5mB6kLrJikUFuaVM3tzOh/EPy3XGOsF22/V+kQ=
=2SoY
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages