[ANNOUNCE] Gerrit 3.5.6 w/ Security Fixes
82 views
Skip to first unread message
Luca Milanesio
May 9, 2023, 5:18:48 PM5/9/23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gerrit version 3.5.6 is now available.
This release includes a security fix where a user is able
to perform a DoS after uploading a change and downloading its
files as an archive.
See the release notes for more details.
Release Notes:
https://www.gerritcodereview.com/3.5.html#356
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.5.6/index.html
Log of changes since 3.5.5:
https://gerrit.googlesource.com/gerrit/+log/v3.5.5..v3.5.6?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.5.6.war
SHA1:
6343640303f919f1eb95cb178f7efe9dca575c4b
SHA256:
ff116a95b9c92acb037ae5943cbd598e89d06efd95cf6b54584bb58430d74913
MD5:
71aab96e6a65f77d36ad28bef8e45e09
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmRauFUACgkQC0731aK2
mH4oMw/9FhwhuuQxsxKgMrQdDrAssDjVrCtAEP/46K5dlClm42yzdWQspOvI6FXh
QP+Ill9AtaCbH00xvWyOlaCqqm4FKrJZd7+8iwXU0s228G3QnkfNm3Vc+1jSrfDQ
5YtAHWrwIhSVrsHK8fmFIf1Rv+mWZ8kQ/esvUKWRmOuOb023wUI/CT+uhF5zWfLY
dwGOci6vES07Z5d1IQ78uXnWbpN4bF4VPofJcvigLAxpTrGjj6RPsvuiKC3637H0
JZMJVO+ebmLM1U4mf1JKfOZDowQnq5YlASPPS6iHL/Gl7hAgW8WxDxD220CqzBmJ
J6EhkhSO4ivk70mAv3ItEuTGEyacoeET1GMxp0wvFVdzDCsg8f2Dst53BI39vDGU
G0NaVCu6Aqp13B1fwpNmIZgEu9vCTFHmJPdEG44V3iNFJWpRlYs7GrMXDR5C7P9j
o0m7lJ4hmutLZl0eWDtXpGAymKiKMJMZRivHqBTgaqTkUYQ4BMVikIZ+brscc5CE
vOFpeNXwvvg73Pmsn3LXOdcqtt19DhFlHFDTxHg7/Ge48CE2+GVnBojypNtKE5VD
G98nWQ8aHpE+7hilBW2Qz8084FFkxffEKwkNCOq+51LjX0oeI7niGS+mMHb571SL
E5qCZZHAywapwZsTIYTtxN2oIkATUMM+D7CSepxtTONQqA8NQBM=
=/FNQ
-----END PGP SIGNATURE-----
Hash: SHA256
Gerrit version 3.5.6 is now available.
This release includes a security fix where a user is able
to perform a DoS after uploading a change and downloading its
files as an archive.
See the release notes for more details.
Release Notes:
https://www.gerritcodereview.com/3.5.html#356
Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/3.5.6/index.html
Log of changes since 3.5.5:
https://gerrit.googlesource.com/gerrit/+log/v3.5.5..v3.5.6?no-merges
Download:
https://gerrit-releases.storage.googleapis.com/gerrit-3.5.6.war
SHA1:
6343640303f919f1eb95cb178f7efe9dca575c4b
SHA256:
ff116a95b9c92acb037ae5943cbd598e89d06efd95cf6b54584bb58430d74913
MD5:
71aab96e6a65f77d36ad28bef8e45e09
Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmRauFUACgkQC0731aK2
mH4oMw/9FhwhuuQxsxKgMrQdDrAssDjVrCtAEP/46K5dlClm42yzdWQspOvI6FXh
QP+Ill9AtaCbH00xvWyOlaCqqm4FKrJZd7+8iwXU0s228G3QnkfNm3Vc+1jSrfDQ
5YtAHWrwIhSVrsHK8fmFIf1Rv+mWZ8kQ/esvUKWRmOuOb023wUI/CT+uhF5zWfLY
dwGOci6vES07Z5d1IQ78uXnWbpN4bF4VPofJcvigLAxpTrGjj6RPsvuiKC3637H0
JZMJVO+ebmLM1U4mf1JKfOZDowQnq5YlASPPS6iHL/Gl7hAgW8WxDxD220CqzBmJ
J6EhkhSO4ivk70mAv3ItEuTGEyacoeET1GMxp0wvFVdzDCsg8f2Dst53BI39vDGU
G0NaVCu6Aqp13B1fwpNmIZgEu9vCTFHmJPdEG44V3iNFJWpRlYs7GrMXDR5C7P9j
o0m7lJ4hmutLZl0eWDtXpGAymKiKMJMZRivHqBTgaqTkUYQ4BMVikIZ+brscc5CE
vOFpeNXwvvg73Pmsn3LXOdcqtt19DhFlHFDTxHg7/Ge48CE2+GVnBojypNtKE5VD
G98nWQ8aHpE+7hilBW2Qz8084FFkxffEKwkNCOq+51LjX0oeI7niGS+mMHb571SL
E5qCZZHAywapwZsTIYTtxN2oIkATUMM+D7CSepxtTONQqA8NQBM=
=/FNQ
-----END PGP SIGNATURE-----
Luca Milanesio
May 9, 2023, 5:28:32 PM5/9/23
to Repo and Gerrit Discussion, Luca Milanesio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Binary packages (Deb / Rpm) of Gerrit version 3.5.6 are now available
Hash: SHA256
=====================================================================
How to install/upgrade: 3.5.6
*****************************
If you have a previous version of Gerrit 3.x installed via native packages:
(on Debian / Ubuntu)
apt-get update && apt-get install gerrit=3.5.6-1
(on AlmaLinux / RedHat)
yum clean all && yum install gerrit-3.5.6-1
(on Fedora)
dnf clean all && dnf install gerrit-3.5.6-1
If it is a new installation and you don't have the GerritForge repositories
configured, or if you are upgrading to ARM-64, please follow the instructions at:
https://gitenterprise.me/2022/11/23/arm-64-welcomes-gerrit-code-review/
Docker images
*************
Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/
The following tags have been published
3.5.6 => 3.5.6-almalinux8
3.5.6-almalinux8
3.5.6-ubuntu20
More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit
MacOS native package
********************
MacOS Gerrit native installer is available for download at:
https://gerritforge.com/gerrit/mac/gerrit-installer-3.5.6.pkg
SHA1:
df936c3dcdb67dad434bad77f465bd051bd39105
SHA256:
285d41065e163addde24daf00cf32c7f8d7b74a0214fad9ab7c4280c2d41aed3
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmCU49QQ43XtIE8giC0731aK2mH4FAmRaurwACgkQC0731aK2
mH5bfA//dxZi4NWIHTqbzPe5Q09Z1UaJ3kiXxD8XKq318j+IqYwnQsJHN6Y6CHGg
ghh9SBLuQfGQ1zi3uTMBOk6OdOg8O+jQtq84t+bw/GsnWfoqPpRmya+UveMhOLLr
WtwhT3d6CAQ7OYh3iE5D20h9epVvAHNg+aH7LL1kba5EYIP0ks+OXpBw1kBXhYIJ
9R20XpWdx16j2QO0ex5MnKjig/TrZDumdy7ihzL3E2vTlTZsd2PL4EcDC7cDKp56
hdcfuXMlOKm6AdHDn8QoFMoFkTmWJsSLPXl8gKwlB2rEe99AQRfIdP9GwipNip38
Td5+WwhdFuQ6dHXCcSRCc5YtZYvvENnMXomXWgqvIoDdpzTLUkhC+309bH+OEyu1
Jqw3sl5zrbMQawSUz5CKf3xtpld+STs63k82HAvd6joDfJVxFxbkm6aDEknFbEXO
42dcifzLtk2G51cnu9W8EKR4Z4ErJHCcTQ1T/0oBv0iIb6L54DvI9jYOjuFc5px6
Jf4JINCaRHhoAzNk7nRpvGZipzBkXktbndIflx5vCLSrCnxRtRXQWbt1sy5Nze6Z
P6rW45EVwzP4AeQkkKh4z+EhVEBe5oGBzDzfCDZiVj/asihWzvKacV1lvzlvEfpb
yolCoxYxxLA7lB5+7X8Xg+03FLwzO9GxM5GahSQTkqDITlY1V4c=
=6UgI
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages