Project

General

Profile

Actions
Copy link

Task #2710

closed

SECURITY VULNERABILITY: Upgrade gerrit to 2.13.12

Added by David Ostrovsky over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Guilhem Moulin
Category:
Gerrit
Target version:
-
Start date:
Due date:
% Done:

0%

Tags:
URL:

Description

Due to JGIt v0 protocol vulnerability gerrit should be urgently upgraded. All released gerrit versions are affected.

Issue description upstream: https://bugs.chromium.org/p/gerrit/issues/detail?id=10262

Vulnerability announcement: https://groups.google.com/d/topic/repo-discuss/Rk2z59zVtxg/discussion
Patch release 2.13.12 announcement: https://groups.google.com/d/topic/repo-discuss/hT-GPQAoMco/discussion

Note that only JGit version was upgraded compare to 2.13.11, so that we can just upgrade. Also reindex and database schema update is not needed.

Also note, that another security vulnerability was fixed related to OAuth and OpenID authentication schemes in Gerrit.

Issue description upstream: https://bugs.chromium.org/p/gerrit/issues/detail?id=10242
Patch release announcement: https://groups.google.com/d/topic/repo-discuss/PKPScKNP5aw/discussion

Only Gerrit versions starting from 2.14.7 are affected. In case of upgrade to 2.14 release line, it's crucial to use 2.14.8 version (or later) where this vulnerability is fixed.

Actions
Copy link
 #1

Updated by Guilhem Moulin over 5 years ago

  • Status changed from New to Closed

Upgraded, thx for the poke.

Actions
Copy link
 #2

Updated by Florian Effenberger over 5 years ago

Wow, that was fast, thanks a lot! :)

Actions
Copy link

Also available in: Atom PDF