Release notes for Gerrit 2.5.1 ============================== Gerrit 2.5.1 is now available: link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-full-2.5.1.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-full-2.5.1.war] There are no schema changes from 2.5, or 2.5.1. However, if upgrading from a version older than 2.5, follow the upgrade procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. Security Fixes -------------- * Correctly identify Git-over-HTTP operations + Git operations over HTTP should be classified as using AccessPath.GIT and not WEB_UI. This ensures RefControl will correctly test for Create, Push or Delete access on a reference instead of Owner. + E.g. without this fix project owners are able to force push commits via HTTP that are already in the history of the target branch, even without having any Push access right assigned. * Make sure only Gerrit admins can change the parent of a project + Only Gerrit administrators should be able to change the parent of a project because by changing the parent project access rights and BLOCK rules which are configured on a parent project can be avoided. + The `set-project-parent` SSH command already verifies that the caller is a Gerrit administrator, however project owners can change the parent project by modifying the `project.config` file and pushing to the `refs/meta/config` branch. + This fix ensures that changes to the `project.config` file that change the parent project can only be pushed/submitted by Gerrit administrators. + In addition it is now no longer possible to + ** set a non-existing project as parent (as this would make the project be orphaned) ** set a parent project for the `All-Projects` root project (the root project by definition has no parent) by pushing changes of the `project.config` file to `refs/meta/config`. Bug Fixes --------- * Fix RequestCleanup bug with Git over HTTP + Decide if a continuation is going to be used early, before the filter that will attempt to cleanup a RequestCleanup. If so don't allow entering the RequestCleanup part of the system until the request is actually going to be processed. + This fixes the IllegalStateException `Request has already been cleaned up` that occurred when running on Jetty and pushing over HTTP for URLs where the path starts with `/p/`. * Match all git fetch/clone/push commands to the command executor + Route not just `/p/` but any Git access to the same thread pool as the SSH server is using, allowing all requests to compete fairly for resources. * Fix auto closing of changes on direct push + When a commit is directly pushed into a repository (bypassing code review) and this commit has a Change-Id in its commit message then the corresponding change is automatically closed if it is open. * Allow assigning `Push` for `refs/meta/config` on `All-Projects` + The `refs/meta/config` branch of the `All-Projects project` should only be modified by Gerrit administrators because being able to do modifications on this branch means that the user could assign himself administrator permissions. + In addition to being administrator we already require that the administrator has the `Push` access right for `refs/meta/config` in order to be able to modify it (just as with all other branches administrators do not have edit permissions by default). + The problem was that assigning the `Push` access right for `refs/meta/config` on the `All-Projects` project was not allowed. + Having the `Push` access right for `refs/meta/config` on the `All-Projects` project without being administrator already has no effect. + Prohibiting to assign the Push access right for `refs/meta/config` on the `All-Project` project was anyway pointless since it was e.g. possible to assign the `Push` access right on `refs/meta/*`.