diff options
author | Shawn Pearce <sop@google.com> | 2013-05-14 18:33:35 -0700 |
---|---|---|
committer | Shawn Pearce <sop@google.com> | 2013-05-14 18:33:35 -0700 |
commit | 5534ada343dccfdd52ce10e4049a3b650cbc56d7 (patch) | |
tree | 5c9dbb421f47256d42b4b8dddabca9233db042e0 | |
parent | af5d1dc36ed40828dad1ec5d9b1ed3126c0df165 (diff) |
Release notes for 2.5.3
Change-Id: I419c39f4b5593bdc800a0db71731b2032eb161cc
-rw-r--r-- | ReleaseNotes/ReleaseNotes-2.5.3.txt | 22 | ||||
-rw-r--r-- | ReleaseNotes/index.txt | 1 |
2 files changed, 23 insertions, 0 deletions
diff --git a/ReleaseNotes/ReleaseNotes-2.5.3.txt b/ReleaseNotes/ReleaseNotes-2.5.3.txt new file mode 100644 index 0000000000..1cbe85f514 --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.5.3.txt @@ -0,0 +1,22 @@ +Release notes for Gerrit 2.5.3 +============================== + +Gerrit 2.5.3 is now available: + +link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war] + +There are no schema changes from any member of the 2.5.x versions. + +However, if upgrading from anything earlier version, follow the upgrade +procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. + +Security Fixes +-------------- +* Patch vulnerabilities in OpenID client library ++ +Installations using OpenID for authentication were vulnerable to a +number of attacks over the network. The openid4java client library +was identified as the entry point. In this release Gerrit updated to +the latest 0.9.8 release, which patches the known attack vectors. + +No other changes since 2.5.2. diff --git a/ReleaseNotes/index.txt b/ReleaseNotes/index.txt index e2487bc9e3..641974a40e 100644 --- a/ReleaseNotes/index.txt +++ b/ReleaseNotes/index.txt @@ -4,6 +4,7 @@ Gerrit Code Review - Release Notes [[2_5]] Version 2.5.x ------------- +* link:ReleaseNotes-2.5.3.html[2.5.3] * link:ReleaseNotes-2.5.2.html[2.5.2] * link:ReleaseNotes-2.5.1.html[2.5.1] * link:ReleaseNotes-2.5.html[2.5] |