Task #2710
closedSECURITY VULNERABILITY: Upgrade gerrit to 2.13.12
0%
Description
Due to JGIt v0 protocol vulnerability gerrit should be urgently upgraded. All released gerrit versions are affected.
Issue description upstream: https://bugs.chromium.org/p/gerrit/issues/detail?id=10262
Vulnerability announcement: https://groups.google.com/d/topic/repo-discuss/Rk2z59zVtxg/discussion
Patch release 2.13.12 announcement: https://groups.google.com/d/topic/repo-discuss/hT-GPQAoMco/discussion
Note that only JGit version was upgraded compare to 2.13.11, so that we can just upgrade. Also reindex and database schema update is not needed.
Also note, that another security vulnerability was fixed related to OAuth and OpenID authentication schemes in Gerrit.
Issue description upstream: https://bugs.chromium.org/p/gerrit/issues/detail?id=10242
Patch release announcement: https://groups.google.com/d/topic/repo-discuss/PKPScKNP5aw/discussion
Only Gerrit versions starting from 2.14.7 are affected. In case of upgrade to 2.14 release line, it's crucial to use 2.14.8 version (or later) where this vulnerability is fixed.
Updated by Guilhem Moulin over 5 years ago
- Status changed from New to Closed
Upgraded, thx for the poke.
Updated by Florian Effenberger over 5 years ago
Wow, that was fast, thanks a lot! :)