[ANNOUNCE] Gerrit 3.8.3 w/ Security Fixes
69 views
Skip to first unread message
Luca Milanesio
Nov 24, 2023, 9:04:30 PM11/24/23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.8.3 is now available.
Includes security fixes for a well-known DoS on Jetty with HTTP/2
(see CVE-2023-36478 and CVE-2023-44487).
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.8.html#383
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.8.3/index.html
Log of changes since 3.8.2:
https://gerrit.googlesource.com/gerrit/+log/v3.8.2..v3.8.3?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.8.3.war
SHA1:
6bfd1fad2c2ecf937843d197ccfd8f92176cec7f
SHA256:
11f5e727ba325ec9c06a350f253981404fe55025bc5e6fe1178f8de81bd7e9f4
MD5:
d4c69b03d834dba77c7ed96060ebd3bd
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVhVd4ACgkQC0731aK2
mH7pKg/+MlDxE3QEFhRt74x65a0hKJ/7pOLB92FfViaTSqHrDkwIj9D7BDKkweJE
7/XfUjuz09AzOQ+0ly5+InuK+TAHMcre6MGxxQ+SIIxmZcL+8w6tfhl0vrs5bQHb
mLvLltZAkp+LpSxWnnwvC59jC4hAA5oymcY7C7/5XtvJI0mxLaBcuof14MXKffoD
d3bnCdwEP5H8N7VGAQD/Jbsw5MP8JcMnR29DA9hLTHy9vkML8eg32VC7i7k0P8PB
bDP666603ieGvTWavwJ4Ja5jlv3EbT/pRbdMOy8QK2B+0uG56UClGNGA62fzch1E
Odx5l+XqLMDibYrgO0iAxHrzNeDJD/b3qnMGrT9IpBdHWcHxs0eJQSxZYiJgcifJ
R6vGErX+6thP4U7y4QQLmM2LS15rBvFr30uRiVj6YQ3D4HjAuEyyT8ZZbomwMN6Z
FvSjTEsa4o/khfVhQlH+e8e+Ge4E0ce/r9l+/GufVQBIN+q4LmWK4pc7LQDRSuWC
1spfxPMpE+H9qlfibfxbBWkD6Mf5qBTN46lXaIvvrYyH5gsb9Yl1HiStRbsgpdvF
mTSb5b5bAEj2ChUJlR3aZQ/zVItSkyc3QsTBj4kU7+0tAl/WDufwtwdrVNmW7LB+
vkHm5ga6rhEDkn2c4b3G2GyIi+KwzzZRTWA/s+aa/LoHadOsoDA=
=DHXq
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.8.3 is now available.
Includes security fixes for a well-known DoS on Jetty with HTTP/2
(see CVE-2023-36478 and CVE-2023-44487).
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.8.html#383
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.8.3/index.html
Log of changes since 3.8.2:
https://gerrit.googlesource.com/gerrit/+log/v3.8.2..v3.8.3?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.8.3.war
SHA1:
6bfd1fad2c2ecf937843d197ccfd8f92176cec7f
SHA256:
11f5e727ba325ec9c06a350f253981404fe55025bc5e6fe1178f8de81bd7e9f4
MD5:
d4c69b03d834dba77c7ed96060ebd3bd
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVhVd4ACgkQC0731aK2
mH7pKg/+MlDxE3QEFhRt74x65a0hKJ/7pOLB92FfViaTSqHrDkwIj9D7BDKkweJE
7/XfUjuz09AzOQ+0ly5+InuK+TAHMcre6MGxxQ+SIIxmZcL+8w6tfhl0vrs5bQHb
mLvLltZAkp+LpSxWnnwvC59jC4hAA5oymcY7C7/5XtvJI0mxLaBcuof14MXKffoD
d3bnCdwEP5H8N7VGAQD/Jbsw5MP8JcMnR29DA9hLTHy9vkML8eg32VC7i7k0P8PB
bDP666603ieGvTWavwJ4Ja5jlv3EbT/pRbdMOy8QK2B+0uG56UClGNGA62fzch1E
Odx5l+XqLMDibYrgO0iAxHrzNeDJD/b3qnMGrT9IpBdHWcHxs0eJQSxZYiJgcifJ
R6vGErX+6thP4U7y4QQLmM2LS15rBvFr30uRiVj6YQ3D4HjAuEyyT8ZZbomwMN6Z
FvSjTEsa4o/khfVhQlH+e8e+Ge4E0ce/r9l+/GufVQBIN+q4LmWK4pc7LQDRSuWC
1spfxPMpE+H9qlfibfxbBWkD6Mf5qBTN46lXaIvvrYyH5gsb9Yl1HiStRbsgpdvF
mTSb5b5bAEj2ChUJlR3aZQ/zVItSkyc3QsTBj4kU7+0tAl/WDufwtwdrVNmW7LB+
vkHm5ga6rhEDkn2c4b3G2GyIi+KwzzZRTWA/s+aa/LoHadOsoDA=
=DHXq
-----END PGP SIGNATURE-----
Luca Milanesio
Nov 24, 2023, 9:08:16 PM11/24/23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.8.3 have been released
Hash: SHA256
=========================================================================
How to install/upgrade: 3.8.3
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.8.3-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.8.3-1
(on Fedora)
dnf clean all && dnf install gerrit-3.8.3-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published for amd64 and arm64:
3.8.3 => 3.8.3-almalinux9
3.8.3-almalinux9
3.8.3-ubuntu22
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.8.3.pkg
SHA1:
9043746f047dfb9996c74d90d0445a427aa2f76c
SHA256:
6a571800bb2f06642dc5f0d2847bdd722303e275b7afaf6cafacac69aad484c4
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmVhVsQACgkQC0731aK2
mH7eow//ZH3iCSLNC3VEujSpm9vhaLEaqd6GFpxVZPKRGV+Hd8JxW81hYQJxi137
JgrjN6wys/3S+BHButfKtWus8UDM7xPKc4H546mjy2KJOQdBLR75iUa5KVQbov2A
k9X+r2g48zSRk2NC8D03kQ4H4+MlEGbW8nmQDqlvoeNj0oaWV/KAY4VsrPYvK4ZP
PmPbhsQy3W+ZheQnB7BTJsEbDG6Xkp33qyNSojsJw/R1tGXhpJpgDQkPzp1e8eg2
bBQIjrOdVH65jVOv2ZnksuVilmGotZCSqmO8+oUAklgmr4g2wbue5PBk2dUUi1XI
CIPmNkoxJvfT1Vc63rFgwxOfkS/ULAzvT0SXFGicBkYUQRtvwALi+1wymTb3T++q
mDw5xDTpEKoCtt847qY1wksBD/LHB3Vp9zt/sZRBUXfJ/8/Qj6Z/sR0fM+k7Ml1i
idhbyXAP2hSpBK1XCD+zeIGrEHNIy0D1+dCvRA7ZBoznTEEQVGmkyrt+8LYOmff4
8z+dffFQW2Xegzl338dVvTDkwcXAyReFL4HtLSm9YicG/d08wU3Nx69CpbafoN8m
tpc1ZQ0SRdAibhqbKSM6jAFzeRdShbBRTDoibISfhgimPA70pagg/xMwpXERbZr3
A6ctmiiprYRHuHcaMX7goLwvndYIfWZHlxqxNDfTa9LHwMf/CtY=
=nYOh
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages