[ANNOUNCE] Gerrit 3.12.8 w/ Security Fixes
26 views
Skip to first unread message
syntonyze
Jun 25, 2026, 9:37:13 AM (5 days ago) Jun 25
to Repo and Gerrit Discussion
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Gerrit version 3.12.8 is now available.
Includes a security fix to mitigate HTTP header spoofing when using
HTTP/HTTP_LDAP authentication behind reverse proxies.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.12.html#3128
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.12.8/index.html
Log of changes since 3.12.7:
https://gerrit.googlesource.com/gerrit/+log/v3.12.7..v3.12.8?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.12.8.war
SHA1:
d0ab03cd01002e469d88abba7109ef25f0b31906
SHA256:
89e3455b3dac87c0292e36cfbd118994aedde72ad480f8add30f32556ceb21d4
MD5:
7b5ae042d32c4720b950a4632339d26e
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEnrHcOvBk7y2NP1rwB095sJ/f5XcFAmo9LgEACgkQB095sJ/f
5Xfb6A/+OV/VGQMOetzL6KZftYn6R4QQDkPb7H0aTXykpWEQTxldc8RpVV5KtQfD
4vptqnzvefSWnGQmQgwUhadpUqJpAIVe4bzXpGdvLVdW3xCcbzl9M6Zhlk0DCTnn
Wyz19jNEA8JrSPXU08VlUKXzkTF270hZQNszVRx0jBRgXIyBKYjE5GBT+9KVKH/k
oZnGsPEhBgJFbfccJplyB5NA5LyLoGiw30WrcpD9mtWT7CNZ9xEEBP/0zHAFfDDw
a+BOVDYeImT2VNkPRJ4PfiGNxlINaGps00BX91Gpzgzkzlv0lN0rwfKX3StFvX0E
X7/oMJWgKojdSkpszBohl01GMc2+53N30VxXfTVYCERBouC5YWWd4UF1MOAY+9Pu
ssYcJDTEe5r8eNouKOAUkFiVdSG31QzbxnaiJRDgHc1uol7GQn/3b5PMZNX2XJpR
hO0OM+ONSVkfNSLRSEG4wgwvnDIp3vizGg7V/+L7B6PFqL4+eUX1PqrUrphcBLGP
xNXicyt+5J3uu6Gxc4XnNjZsKaeVQypcANlJePrLCulYKkDUebb4pYVUtBzLXYC/
1Wdbo+/vWxPVWejGN571Rhcmj1FQNin/mmdLm9xgYgI3W4rzu4ZxoVdNzraeAKPX
D83iW3kIhZNKd8w/itinNJj5AntuLcXxOBYrBDLvKpSq96OraLw=
=SeM/
-----END PGP SIGNATURE-----
Hash: SHA512
Gerrit version 3.12.8 is now available.
Includes a security fix to mitigate HTTP header spoofing when using
HTTP/HTTP_LDAP authentication behind reverse proxies.
Please see the release notes for details.
Release Notes:
https://www.gerritcodereview.com/3.12.html#3128
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.12.8/index.html
Log of changes since 3.12.7:
https://gerrit.googlesource.com/gerrit/+log/v3.12.7..v3.12.8?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.12.8.war
SHA1:
d0ab03cd01002e469d88abba7109ef25f0b31906
SHA256:
89e3455b3dac87c0292e36cfbd118994aedde72ad480f8add30f32556ceb21d4
MD5:
7b5ae042d32c4720b950a4632339d26e
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEnrHcOvBk7y2NP1rwB095sJ/f5XcFAmo9LgEACgkQB095sJ/f
5Xfb6A/+OV/VGQMOetzL6KZftYn6R4QQDkPb7H0aTXykpWEQTxldc8RpVV5KtQfD
4vptqnzvefSWnGQmQgwUhadpUqJpAIVe4bzXpGdvLVdW3xCcbzl9M6Zhlk0DCTnn
Wyz19jNEA8JrSPXU08VlUKXzkTF270hZQNszVRx0jBRgXIyBKYjE5GBT+9KVKH/k
oZnGsPEhBgJFbfccJplyB5NA5LyLoGiw30WrcpD9mtWT7CNZ9xEEBP/0zHAFfDDw
a+BOVDYeImT2VNkPRJ4PfiGNxlINaGps00BX91Gpzgzkzlv0lN0rwfKX3StFvX0E
X7/oMJWgKojdSkpszBohl01GMc2+53N30VxXfTVYCERBouC5YWWd4UF1MOAY+9Pu
ssYcJDTEe5r8eNouKOAUkFiVdSG31QzbxnaiJRDgHc1uol7GQn/3b5PMZNX2XJpR
hO0OM+ONSVkfNSLRSEG4wgwvnDIp3vizGg7V/+L7B6PFqL4+eUX1PqrUrphcBLGP
xNXicyt+5J3uu6Gxc4XnNjZsKaeVQypcANlJePrLCulYKkDUebb4pYVUtBzLXYC/
1Wdbo+/vWxPVWejGN571Rhcmj1FQNin/mmdLm9xgYgI3W4rzu4ZxoVdNzraeAKPX
D83iW3kIhZNKd8w/itinNJj5AntuLcXxOBYrBDLvKpSq96OraLw=
=SeM/
-----END PGP SIGNATURE-----
Luca Milanesio
Jun 25, 2026, 1:00:02 PM (5 days ago) Jun 25
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.12.8 are now available
==========================================================================
How to install/upgrade: 3.12.8
**********************************
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.12.8-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.12.8-1
(on Fedora)
dnf clean all && dnf install gerrit-3.12.8-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
3.12.8 => 3.12.8-almalinux9
3.12.8-almalinux9
3.12.8-ubuntu24
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit
To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update
To install Gerrit with Homebrew:
brew install ger...@3.12.8
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.12.8.pkg
SHA1:
7d5b2902abdaeb04fe5e988ac3fb9162d8aa5446
SHA256:
b470ecfdc5d019397ba587cd1ecf6d816ec6b19eabaf28b41b1c4f2383c5b535
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmo9XgYACgkQC0731aK2
mH7hRw/9GIGYk6AouoVSJeHT3nGBwfmIdPF2eOhpOI9r4EtkzZF8FFI9/9inMFHy
4qlC0+iaDxwmANdEu3M71+i/bGFhCM93sqt17rV34DmNDjiHweMAIj+2oFmwv+9x
HSG1oiBx+gaDjOdGy/9MA1tp5Wt0Zebv9dQGqTM20Fr06k//UGE9nYB0Q7TTQ2Am
32J9tbdEKaU0aycPg8X2h3uzd/zuEws6k8GejrWCG8h9H6yjEcoUUr4zuiWcbWbg
YBs6T1r7o7R19N0yKrwlRmQ6Ihhkzcd1kU4fPCyrxYXwf3tv6oLGLUsWdvns15Y5
ZCKqgGU8wyVKKSIOqQ2Id9/4C3+yuR66t6Wal83UOPhbBLdyats6bXkOlXjjoHat
hXmLYOeGNy7kYYYcTqcl1sU9Oyw0oD8HEdTv2SVKazu6LE4bOjLhpCSQiynoMR8v
IJ00JDIGZ/FTtNt+7pdmthmKrPOBQeuFEZ8ToakClXwBjpM7dekorrAQesHCQ4oT
fM1aCnT4RZveEAvvSd4dA3NubIlmnoFDAu0tye0vaxG2TVavJF7ohYpfLibsa1xZ
kYgL9C7U+zHhu16R9QiTBvlmUbjSeOA1lM4xIGwDyrhA9ONgZzGiw1Fptu0TY7ux
/YhcO49Oei3m7J0/k+IDzqBW9MyM0ffdky+OCtC68zWYndQ70J8=
=PoDL
-----END PGP SIGNATURE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.12.8 are now available
==========================================================================
How to install/upgrade: 3.12.8
**********************************
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.12.8-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.12.8-1
(on Fedora)
dnf clean all && dnf install gerrit-3.12.8-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
3.12.8 => 3.12.8-almalinux9
3.12.8-almalinux9
3.12.8-ubuntu24
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
Gerrit is now available as Homebrew tap:
https://github.com/GerritCodeReview/homebrew-gerrit
To install or update the tap:
brew tap GerritCodeReview/gerrit
OR
brew update
To install Gerrit with Homebrew:
brew install ger...@3.12.8
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.12.8.pkg
SHA1:
7d5b2902abdaeb04fe5e988ac3fb9162d8aa5446
SHA256:
b470ecfdc5d019397ba587cd1ecf6d816ec6b19eabaf28b41b1c4f2383c5b535
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmo9XgYACgkQC0731aK2
mH7hRw/9GIGYk6AouoVSJeHT3nGBwfmIdPF2eOhpOI9r4EtkzZF8FFI9/9inMFHy
4qlC0+iaDxwmANdEu3M71+i/bGFhCM93sqt17rV34DmNDjiHweMAIj+2oFmwv+9x
HSG1oiBx+gaDjOdGy/9MA1tp5Wt0Zebv9dQGqTM20Fr06k//UGE9nYB0Q7TTQ2Am
32J9tbdEKaU0aycPg8X2h3uzd/zuEws6k8GejrWCG8h9H6yjEcoUUr4zuiWcbWbg
YBs6T1r7o7R19N0yKrwlRmQ6Ihhkzcd1kU4fPCyrxYXwf3tv6oLGLUsWdvns15Y5
ZCKqgGU8wyVKKSIOqQ2Id9/4C3+yuR66t6Wal83UOPhbBLdyats6bXkOlXjjoHat
hXmLYOeGNy7kYYYcTqcl1sU9Oyw0oD8HEdTv2SVKazu6LE4bOjLhpCSQiynoMR8v
IJ00JDIGZ/FTtNt+7pdmthmKrPOBQeuFEZ8ToakClXwBjpM7dekorrAQesHCQ4oT
fM1aCnT4RZveEAvvSd4dA3NubIlmnoFDAu0tye0vaxG2TVavJF7ohYpfLibsa1xZ
kYgL9C7U+zHhu16R9QiTBvlmUbjSeOA1lM4xIGwDyrhA9ONgZzGiw1Fptu0TY7ux
/YhcO49Oei3m7J0/k+IDzqBW9MyM0ffdky+OCtC68zWYndQ70J8=
=PoDL
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages