Download: 2.9.5 | 2.9.4 | 2.9.3 | 2.9.2 | 2.9.1 | 2.9
Documentation: 2.9.5 | 2.9.4 | 2.9.3 | 2.9.2 | 2.9.1 | 2.9
Release Highlights
-
Issue 2065: The new change screen is now the default change screen.
The documentation of the new review UI describes the new screens in detail and highlights the important functionality with screenshots.
Users that are accessing the new change screen for the first time are informed about the new change screen by a welcome popup. The welcome popup links to the review UI documentation and allows users to go back to the old change screen.
-
For full details please refer to the release notes on the old site.
Bugfix Releases
2.9.5
-
Issue 10262: Fix validation of
wants
ingit-upload-pack
for protocol v0 stateless transports.See the following section for details.
-
Upgrade JGit to 4.5.5.201812240535-r.
This upgrade includes several major versions since 3.4.2 used in Gerrit version 2.9.4. Important fixes are summarized below. Please refer to the corresponding JGit release notes for full details.
-
-
Issue 10262: Fix validation of
wants
ingit-upload-pack
for protocol v0 stateless transports.AdvertiseRefsHook was not called for
git-upload-pack
in protocol v0 stateless transports, meaning thatwants
were not validated and a user could fetch anything that is pointed to by any ref (using fetch-by-sha1), as long as they could guess the object name.
-
-
- Fix LockFile semantics when running on NFS.
- Honor trustFolderStats also when reading packed-refs.
-
- Fix exception handling for opening bitmap index files.
-
- Fix pack marked as corrupted even if it isn’t.
-
- Don’t remove Pack when FileNotFoundException is transient.
-
- Handle stale NFS file handles on packed-refs file.
- Use java.io.File instead of NIO to check existence of loose objects in ObjectDirectory to speed up inserting of loose objects.
- Reduce memory consumption when creating bitmaps during writing pack files.
-
- Fix massive performance problem in Gerrit caused by ObjectWalk.markUninteresting marking the root tree as uninteresting.
-
- Provide more details in exceptions thrown when packfile is invalid.
-
-
Issue 3094: Don’t remove pack from pack list for problems which could be transient.
-
Log reason for ignoring pack when IOException occurred.
-
-
- Fix for vulnerability CVE-2014-9390.
-
-
Fix resource exhaustion due to unclosed LDAP connection.
When
auth.type
is set toLDAP
(notLDAP_BIND
), two LDAP connections are made, but one was not being closed. This eventually caused resource exhaustion and LDAP authentications failed.