From 1f1c7c79979124eb78a9d6cc4dd5c37f8e5cda8b Mon Sep 17 00:00:00 2001 From: David Pursehouse Date: Wed, 15 May 2013 10:44:19 +0900 Subject: [PATCH 1/3] Corrections in the 2.5.x release notes Change-Id: I54ee73b3dac1abc2c8015534e182d2858485f052 --- ReleaseNotes/ReleaseNotes-2.5.1.txt | 2 +- ReleaseNotes/ReleaseNotes-2.5.2.txt | 2 +- ReleaseNotes/ReleaseNotes-2.5.3.txt | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ReleaseNotes/ReleaseNotes-2.5.1.txt b/ReleaseNotes/ReleaseNotes-2.5.1.txt index 967d78d148..ba4e204b27 100644 --- a/ReleaseNotes/ReleaseNotes-2.5.1.txt +++ b/ReleaseNotes/ReleaseNotes-2.5.1.txt @@ -7,7 +7,7 @@ link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-full-2.5.1.war There are no schema changes from 2.5, or 2.5.1. -However, if upgrading from anything earlier version, follow the upgrade +However, if upgrading from a version older than 2.5, follow the upgrade procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. Security Fixes diff --git a/ReleaseNotes/ReleaseNotes-2.5.2.txt b/ReleaseNotes/ReleaseNotes-2.5.2.txt index 5e99ebf8ad..ceb23c280b 100644 --- a/ReleaseNotes/ReleaseNotes-2.5.2.txt +++ b/ReleaseNotes/ReleaseNotes-2.5.2.txt @@ -7,7 +7,7 @@ link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-full-2.5.2.war There are no schema changes from 2.5, or 2.5.1. -However, if upgrading from anything earlier version, follow the upgrade +However, if upgrading from a version older than 2.5, follow the upgrade procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. Bug Fixes diff --git a/ReleaseNotes/ReleaseNotes-2.5.3.txt b/ReleaseNotes/ReleaseNotes-2.5.3.txt index 1cbe85f514..60efa7a3a1 100644 --- a/ReleaseNotes/ReleaseNotes-2.5.3.txt +++ b/ReleaseNotes/ReleaseNotes-2.5.3.txt @@ -5,9 +5,9 @@ Gerrit 2.5.3 is now available: link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war] -There are no schema changes from any member of the 2.5.x versions. +There are no schema changes from any of the 2.5.x versions. -However, if upgrading from anything earlier version, follow the upgrade +However, if upgrading from a version older than 2.5, follow the upgrade procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. Security Fixes From 4f6c76e758b3f1b279e720c285332db76cc03abb Mon Sep 17 00:00:00 2001 From: Shawn Pearce Date: Fri, 17 May 2013 09:47:18 -0700 Subject: [PATCH 2/3] Require preferred email to be a verified address Warn the user if they attempt to select a preferred email address that has not been previously verified and stored in the account_external_ids table. This reduces the chances the server will have email notifications bounce because a user subscribed to changes and entered an invalid preferred email address. Change-Id: Ib00fc25fb11445968bc4114a2b16ccb08437a699 --- .../httpd/rpc/account/AccountSecurityImpl.java | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java index b62a10b06a..e3b7408c0c 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java @@ -14,6 +14,7 @@ package com.google.gerrit.httpd.rpc.account; +import com.google.common.base.Strings; import com.google.gerrit.common.ChangeHooks; import com.google.gerrit.common.data.AccountSecurity; import com.google.gerrit.common.data.ContributorAgreement; @@ -22,6 +23,7 @@ import com.google.gerrit.common.errors.InvalidSshKeyException; import com.google.gerrit.common.errors.NameAlreadyUsedException; import com.google.gerrit.common.errors.NoSuchEntityException; import com.google.gerrit.common.errors.NoSuchGroupException; +import com.google.gerrit.common.errors.PermissionDeniedException; import com.google.gerrit.httpd.rpc.BaseServiceImplementation; import com.google.gerrit.httpd.rpc.Handler; import com.google.gerrit.reviewdb.client.Account; @@ -230,12 +232,17 @@ class AccountSecurityImpl extends BaseServiceImplementation implements final ContactInformation info, final AsyncCallback callback) { run(callback, new Action() { public Account run(ReviewDb db) throws OrmException, Failure { - final Account me = db.accounts().get(user.get().getAccountId()); + IdentifiedUser self = user.get(); + final Account me = db.accounts().get(self.getAccountId()); final String oldEmail = me.getPreferredEmail(); if (realm.allowsEdit(Account.FieldName.FULL_NAME)) { - me.setFullName(name != null && !name.isEmpty() ? name : null); + me.setFullName(Strings.emptyToNull(name)); } - me.setPreferredEmail(emailAddr); + if (!Strings.isNullOrEmpty(emailAddr) + && !self.getEmailAddresses().contains(emailAddr)) { + throw new Failure(new PermissionDeniedException("Email address must be verified")); + } + me.setPreferredEmail(Strings.emptyToNull(emailAddr)); if (useContactInfo) { if (ContactInformation.hasAddress(info) || (me.isContactFiled() && ContactInformation.hasData(info))) { From 98100202d5fdf2be8edbbdd99b19392ebac508f2 Mon Sep 17 00:00:00 2001 From: Shawn Pearce Date: Sat, 18 May 2013 12:46:59 -0700 Subject: [PATCH 3/3] Release notes for 2.5.4 Change-Id: Ie14e7253c1cab8e7c6fa5f5f7a33e0fc290bf0ff --- ReleaseNotes/ReleaseNotes-2.5.4.txt | 22 ++++++++++++++++++++++ ReleaseNotes/index.txt | 1 + 2 files changed, 23 insertions(+) create mode 100644 ReleaseNotes/ReleaseNotes-2.5.4.txt diff --git a/ReleaseNotes/ReleaseNotes-2.5.4.txt b/ReleaseNotes/ReleaseNotes-2.5.4.txt new file mode 100644 index 0000000000..1657d9b4fc --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.5.4.txt @@ -0,0 +1,22 @@ +Release notes for Gerrit 2.5.4 +============================== + +Gerrit 2.5.4 is now available: + +link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.4.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.4.war] + +There are no schema changes from any of the 2.5.x versions. + +However, if upgrading from a version older than 2.5, follow the upgrade +procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. + +Bug Fixes +--------- +* Require preferred email to be verified ++ +Some users were able to select a preferred email address that was +not previously verified. This may have allowed the server to send +notifications to an invalid destination, resulting in higher than +usual bounce rates. + +No other changes since 2.5.3. diff --git a/ReleaseNotes/index.txt b/ReleaseNotes/index.txt index 641974a40e..07e6aa5203 100644 --- a/ReleaseNotes/index.txt +++ b/ReleaseNotes/index.txt @@ -4,6 +4,7 @@ Gerrit Code Review - Release Notes [[2_5]] Version 2.5.x ------------- +* link:ReleaseNotes-2.5.4.html[2.5.4] * link:ReleaseNotes-2.5.3.html[2.5.3] * link:ReleaseNotes-2.5.2.html[2.5.2] * link:ReleaseNotes-2.5.1.html[2.5.1]