opendev/gerrit
Code Issues Proposed changes
12,541 Commits 1 Branch 360 Tags
c055d46280a314ad5912af3cb734c10e383e917c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
David Ostrovsky c055d46280 Close security hole allowing normal user to become admin 
Icc105c39e introduced severe security problem, allowing non admin
users that was granted modifyAccount capability to modify SSH keys
of all users, including administrators. But that means such a user
can change the authentication of an existing administrator and then
impersonate the admin to elevate their own account status to that
of an admin.

Rectify it but restricting changing of SSH keys for a user only to
members of administrators group.

Change-Id: If82965391369121b282b969e7072a2bfa3074be9
2014-10-03 09:53:34 +00:00
.settings
Eclipse: Bump java source and target level to 7
2013-11-29 00:15:50 +01:00
bucklets
gerrit_plugin: Allow to co-exist in tree and standalone plugins
2014-09-25 15:41:10 +02:00
contrib
Allow to download reposize.sh script from Gerrit
2014-05-09 16:20:51 +02:00
Documentation
Close security hole allowing normal user to become admin
2014-10-03 09:53:34 +00:00
gerrit-acceptance-tests
Notedb: Fix wrong patch set id on upload new patch set
2014-09-24 19:34:50 +00:00
gerrit-antlr
Buck: Remove usage of genfile()
2014-06-10 07:14:18 +00:00
gerrit-cache-h2
Honor expireAfterWrite in the H2CacheImpl
2014-09-15 16:37:53 +02:00
gerrit-common
Remove the generateHttpPassword capability
2014-09-29 15:21:06 -07:00
gerrit-extension-api
Add setHashtags method on the change API
2014-09-16 19:43:09 +09:00
gerrit-gwtdebug
Delete GWT DevMode launcher
2014-09-11 10:08:36 +00:00
gerrit-gwtexpui
Organize ALL the imports
2014-08-20 10:23:06 +09:00
gerrit-gwtui
Added quotations to hashtags searches
2014-09-22 07:41:36 +00:00
gerrit-gwtui-common
Buck: Rename gwtxml to gwt_xml in gwt_module()
2014-05-19 12:26:50 -07:00
gerrit-httpd
Fix javadoc warning for non-fully-qualified class link
2014-09-24 12:52:19 -07:00
gerrit-launcher
Apply "type inference for generic instance creation" Java 7 feature
2014-04-26 15:27:57 +02:00
gerrit-lucene
Lucene: Fix deprecated IndexWriter.close() call
2014-09-05 15:30:51 -07:00
gerrit-main
Build Main for Java 1.2
2013-11-30 01:53:00 -08:00
gerrit-openid
Fix deprecation warnings caused by Guava upgrade
2014-09-08 16:25:45 +02:00
gerrit-patch-commonsnet
Replace 'for' loop with 'foreach'
2013-12-04 01:02:53 +04:00
gerrit-patch-jgit
Organize ALL the imports
2014-08-20 10:23:06 +09:00
gerrit-pgm
Add User to the http request attributes
2014-09-24 12:33:52 -04:00
gerrit-plugin-api
Bump version to 2.11-SNAPSHOT
2014-07-23 12:05:35 +09:00
gerrit-plugin-archetype
Bump version to 2.11-SNAPSHOT
2014-07-23 12:05:35 +09:00
gerrit-plugin-gwt-archetype
Bump version to 2.11-SNAPSHOT
2014-07-23 12:05:35 +09:00
gerrit-plugin-gwtui
Organize ALL the imports
2014-08-20 10:23:06 +09:00
gerrit-plugin-js-archetype
Bump version to 2.11-SNAPSHOT
2014-07-23 12:05:35 +09:00
gerrit-prettify
Buck: Rename gwtxml to gwt_xml in gwt_module()
2014-05-19 12:26:50 -07:00
gerrit-reviewdb
Add diff pref whether the diff table header should be auto hidden
2014-09-17 16:03:59 +02:00
gerrit-server
Close security hole allowing normal user to become admin
2014-10-03 09:53:34 +00:00
gerrit-solr
Solr: Remove deprecated Analyzer constructor call
2014-09-05 15:29:41 -07:00
gerrit-sshd
Close security hole allowing normal user to become admin
2014-10-03 09:53:34 +00:00
gerrit-util-cli
Organize ALL the imports
2014-08-20 10:23:06 +09:00
gerrit-util-ssl
Remove unused .gitignore
2013-11-28 22:56:51 -08:00
gerrit-war
Add User to the http request attributes
2014-09-24 12:33:52 -04:00
lib
Move httpcomponents libraries out of lib/commons to lib/httpcomponents
2014-09-17 17:55:17 +09:00
plugins
Update cookbook plugin with example of hashtag validator
2014-09-14 16:42:35 +09:00
ReleaseNotes
Merge branch 'stable-2.10'
2014-09-11 16:48:34 +02:00
tools
Merge "Add an option to create eclipse projects also for plugins"
2014-09-24 07:57:18 +00:00
website/releases
Exclude gerrit-snapshot-* from releases page
2014-02-19 05:56:00 +00:00
.buckconfig
Add buck rule to generate docs for static hosting.
2014-09-05 14:19:15 -07:00
.buckversion
Update buck
2014-09-11 11:08:11 +02:00
.gitignore
Merge branch 'stable-2.9'
2014-05-27 09:58:38 +09:00
.gitmodules
Add singleusergroup plugin
2013-11-09 07:45:00 +01:00
.pydevproject
Set python version back to 2.6.5 in .pydevproject
2013-05-20 11:36:08 +09:00
.watchmanconfig
Watchman: Add buck-out dir to ignored directories
2014-08-21 07:32:37 +02:00
BUCK
Update Buck and use gwt_binary()
2014-05-19 11:41:31 -07:00
COPYING
Initial project setup of Gerrit 2
2008-11-14 16:59:34 -08:00
INSTALL
Remove Gerrit 1.x to 2.x import tools
2009-03-27 20:20:10 -07:00
SUBMITTING_PATCHES
Update push URL in SUBMITTING_PATCHES
2012-03-29 00:57:14 -04:00
VERSION
Bump version to 2.11-SNAPSHOT
2014-07-23 12:05:35 +09:00
Description
RETIRED, Gerrit as used by OpenStack
120 MiB