[ANNOUNCE] Gerrit 3.6.8 w/ Security Fixes

[Luca Milanesio]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gerrit version 3.6.8 is now available.

Includes security fixes for a well-known DoS on Jetty with HTTP/2
(see CVE-2023-36478 and CVE-2023-44487).
Please see the release notes for details.

Release Notes:
https://www.gerritcodereview.com/3.6.html#368

Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.6.8/index.html

Log of changes since 3.6.7:
https://gerrit.googlesource.com/gerrit/+log/v3.6.7..v3.6.8?no-merges

Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.6.8.war

SHA1:
83ea127e5260a8766bc54e63aa977106b97190d4

SHA256:
56db3fb1049a5b8e0f6a3e91cae71be6b530db022c973b488afca42e96bf879e

MD5:
f5dd863802c7c4670e4f2997be3ab763

Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVgnVQACgkQC0731aK2
mH6y1A//VD5Vroch5dL/v/+lkzxrbXglOZa8nGCAAPKLfueXiARFe8JA3z+ywwXb
5aE+Gu1ym21ZIVy4v2W49qvMqPuLRgvMLIy6Up7ClplhLPN21TfSojTcS7tCc7cS
U9PhWibN5wACseoouaabJMzi9C2mLLdifkS60DCPfdKlV8BQnzQl+mpqa4BE5eW+
IXttguiy9ydcOF0NkREiQP7P1vMKZfOAPTk7NmJOqCj1q/lhEi5+2FiSSEvN5MW5
CMY31Kk7V8tpF7HM/BHPGJhG7L4B0xHSlwwcxTARD1PkR+MyNeW/EJj4L4ioHzHE
/DhOzcmfR6F8E+CcmUldVe3Yxj14tmXMao/AsZS8q2xdFQSjWAMt3ngV7l0OpfOW
JL2orkR2wMlHJgqtHtr8/O6ipAPmGdiP7frNDYSuTGrbeBxL1AIRQ5ThVR6H4PWE
JYnbJhewJQede0By2XZbxMYHvKGx4h3jN3X6P67z9YLoRI4xVQxq8kUb/gL5NDiv
F+4FDYEkrt8sBEY7806rAcDOUvRcgM29vrTD797u2ozZxZMVAGwH5MnW2/9r0TWS
bMB/RV75C4QTulvziOK+W9K6YEjCfG7uYUBly+UGzniGYdEZeaBwzOltBpM9iaX+
Q8ZyIjOcybrIgbfjUY4nIXUa/bIFv/S2ebAV/U4iKQ7Gmk8clvI=
=0WkX
-----END PGP SIGNATURE-----

[Luca Milanesio]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Binary packages (Deb / Rpm) of Gerrit version 3.6.8 have been released
=========================================================================

How to install/upgrade: 3.6.8
*****************************

If you have a previous version of Gerrit 3.x installed via native packages:

(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.6.8-1

(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.6.8-1

(on Fedora)
dnf clean all && dnf install gerrit-3.6.8-1

If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/

Docker images
*************

Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/

The following tags have been published for amd64 and arm64:
3.6.8 => 3.6.8-almalinux8
3.6.8-almalinux8
3.6.8-ubuntu20

More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit

MacOS native package
********************

MacOS Gerrit native installer is available for download at:

https://gerritforge.com/gerrit/mac/gerrit-installer-3.6.8.pkg

SHA1:
8814513218ce278a564db43c4a5238b616181e8d

SHA256:
dd7e0de70fcf5820c5682ed7aaef9914a9e39773a2705e265b670328fc37fff7

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVgntgACgkQC0731aK2
mH6fUw/7Btm5hws8apYzt0CPMkkW6d/MSJUY5UP3YcX+PS7oKiHlnunUrerArauG
z1wmMErbocskT1o0m4vDLyBpHMBFNZDzlI5CTjLn30vP5AhhB+MuxQNwfp2Ey8Z2
a9CUvYzTpgLAmoq83XcR1kn5RQ5SOq5FehHXMAyzKfEfARQfq2bq7LPFJADvSL+H
ylX2S1Ja+ZnCyy2rt9rzVInLpOuqUqEewy4c0fXtHu9+krUcw/T8Sxd2vgH4mBqr
CP6esUzcRSmhm1cfSeqm5z/yWgLsJclAOg3YKueVvIRR2h/C9IW+0nY7Lrk47h5z
pikA9w0bB7v+ckzMTPz6kx+wb6uj3d6oF7kEobZ4nD4Xx/ybZdt7td/C0MT6r4ag
PPVTJkR+Kem+udtBf6NnyTxgNkS9xqim3H1hUq8H2BilkuvtAu/e9fp5xm86X1ho
XjecByK0XXW8Mj0HUEMIkI66qv0ZYo0x7oL1NiF34laY05VJxONJ1zBBj1Tua0qE
AHkMNMXz2CBCz06CkP3N2XXVzaJLvqWA/BMCkEcgLqQoxHow5WR/NOEcY64AXYeq
EVga4/2g5SIlXHokent9tChKg4J2Lqo+JPzk3gTgnrNDIEc6waw0VCXtEAqwdDDZ
ygTOsSrM++/PxQANxCX5d/HtvRoStCl3wxv1/dXh7UUK6s31fWI=
=mGOX
-----END PGP SIGNATURE-----