6d7ebc6318
Change-Id: Ibd0aa9a14f533771986cc1d43a712716457d424c
96 lines
3.7 KiB
Plaintext
96 lines
3.7 KiB
Plaintext
Release notes for Gerrit 2.5.1
|
|
==============================
|
|
|
|
Gerrit 2.5.1 is now available:
|
|
|
|
link:https://www.gerritcodereview.com/download/gerrit-full-2.5.1.war[https://www.gerritcodereview.com/download/gerrit-full-2.5.1.war]
|
|
|
|
There are no schema changes from 2.5, or 2.5.1.
|
|
|
|
However, if upgrading from a version older than 2.5, follow the upgrade
|
|
procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes].
|
|
|
|
Security Fixes
|
|
--------------
|
|
* Correctly identify Git-over-HTTP operations
|
|
+
|
|
Git operations over HTTP should be classified as using AccessPath.GIT
|
|
and not WEB_UI. This ensures RefControl will correctly test for Create,
|
|
Push or Delete access on a reference instead of Owner.
|
|
+
|
|
E.g. without this fix project owners are able to force push commits
|
|
via HTTP that are already in the history of the target branch, even
|
|
without having any Push access right assigned.
|
|
|
|
* Make sure only Gerrit admins can change the parent of a project
|
|
+
|
|
Only Gerrit administrators should be able to change the parent of a
|
|
project because by changing the parent project access rights and BLOCK
|
|
rules which are configured on a parent project can be avoided.
|
|
+
|
|
The `set-project-parent` SSH command already verifies that the caller
|
|
is a Gerrit administrator, however project owners can change the parent
|
|
project by modifying the `project.config` file and pushing to the
|
|
`refs/meta/config` branch.
|
|
+
|
|
This fix ensures that changes to the `project.config` file that change
|
|
the parent project can only be pushed/submitted by Gerrit
|
|
administrators.
|
|
+
|
|
In addition it is now no longer possible to
|
|
+
|
|
** set a non-existing project as parent (as this would make the project
|
|
be orphaned)
|
|
** set a parent project for the `All-Projects` root project (the root
|
|
project by definition has no parent)
|
|
by pushing changes of the `project.config` file to `refs/meta/config`.
|
|
|
|
Bug Fixes
|
|
---------
|
|
* Fix RequestCleanup bug with Git over HTTP
|
|
+
|
|
Decide if a continuation is going to be used early, before the filter
|
|
that will attempt to cleanup a RequestCleanup. If so don't allow
|
|
entering the RequestCleanup part of the system until the request is
|
|
actually going to be processed.
|
|
+
|
|
This fixes the IllegalStateException `Request has already been cleaned
|
|
up` that occurred when running on Jetty and pushing over HTTP for URLs
|
|
where the path starts with `/p/`.
|
|
|
|
* Match all git fetch/clone/push commands to the command executor
|
|
+
|
|
Route not just `/p/` but any Git access to the same thread pool as the
|
|
SSH server is using, allowing all requests to compete fairly for
|
|
resources.
|
|
|
|
* Fix auto closing of changes on direct push
|
|
+
|
|
When a commit is directly pushed into a repository (bypassing code
|
|
review) and this commit has a Change-Id in its commit message then the
|
|
corresponding change is automatically closed if it is open.
|
|
|
|
* Allow assigning `Push` for `refs/meta/config` on `All-Projects`
|
|
+
|
|
The `refs/meta/config` branch of the `All-Projects project` should only
|
|
be modified by Gerrit administrators because being able to do
|
|
modifications on this branch means that the user could assign himself
|
|
administrator permissions.
|
|
+
|
|
In addition to being administrator we already require that the
|
|
administrator has the `Push` access right for `refs/meta/config` in
|
|
order to be able to modify it (just as with all other branches
|
|
administrators do not have edit permissions by default).
|
|
+
|
|
The problem was that assigning the `Push` access right for
|
|
`refs/meta/config` on the `All-Projects` project was not allowed.
|
|
+
|
|
Having the `Push` access right for `refs/meta/config` on the
|
|
`All-Projects` project without being administrator already has no
|
|
effect.
|
|
+
|
|
Prohibiting to assign the Push access right for `refs/meta/config` on
|
|
the `All-Project` project was anyway pointless since it was e.g.
|
|
possible to assign the `Push` access right on `refs/meta/*`.
|
|
|