Gerrit version 2.15.5 is now available

Gerrit version 2.15.5 is now available

gerrit.war 歷史版本下載

各個版本的 gerrit.war 下載

鏈接：https://blog.csdn.net/mmh19891113/article/details/81013994

gerrit-releases.storage.googleapis.com

Gerrit version 2.15.5

Gerrit version 2.15.5 is now available. This release includes security fixes for .gitmodules validation (CVE-2018-17456) 
and force push permissions, plus a couple of other fixes. Users of earlier Gerrit releases are recommended to upgrade. 
Please see the release notes for details.

Release Notes:
https://www.gerritcodereview.com/2.15.html#2155

Documentation:
http://gerrit-documentation.storage.googleapis.com/Documentation/2.15.5/index.html

Log of changes since 2.15.4:
https://gerrit.googlesource.com/gerrit/+log/v2.15.4..v2.15.5?no-merges

Download:
https://gerrit-releases.storage.googleapis.com/gerrit-2.15.5.war

SHA1:
7cdcd72a7e4ecdbccc6417b9fa1e403dea6cb13d

SHA256:
e2f0b8f6e3b2a4a165fc132e91be111acc577d6277539457bb4be65083a40cfb

MD5:
fed9307264107b8a9b1ab9ca524a7ce8

Maintainers' public keys:
https://www.gerritcodereview.com/releases/public-keys.md
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEECnaesFM5uTvdiZXtDDr2ZJ/8IQIFAlu8CCYACgkQDDr2ZJ/8
IQKo1g/+JrMy0gtZzV00mHIjcAiRJsXRZann7Qjsh/ieVqdTirfsogXh+wsezGAv
rCXCkPazMff9mbIgGF+INK7TKUWCR9h1zUudv5dUffdTb4exzddzhqc2Hzs/F7r4
Q8QwuEsn3v/bhPrdb7Qea55Bys79dYZFsLwDd/btuBM7ihfSjs84nTArr4I/XQ1H
XcBAQCpZtlAvHsjH5rpaaWQS1txBBLuc14lhfoSqjm5P9fnIbGM5STPxiiq+gK21
K6UrlfSHWDjxREZlJfsQon1V8XgjQ5iVt3QZrAaGCYzHaCbc75wtt/Fh0kQ8tGOt
3DYYx7l+z8cT4j4NjQC4Z+275SyT5e+889xUwVZT5gUbb67evUNWzn5jt+2n3JzX
Q0FrfOlXiCu8ebBItvsEYnOMBQIhyFkgbimCWc7QYzOBqh89PBlCcaUCm4jCON1j
NymeBj6tqIHMnHWYxcRORzecB5cge7xQgt59oRUYPqU0082PX3fgRIMES9T5Y/1j
xGfs2PvMigGpVXKZpmJvED3NvY6QN/vLc3YhKkK+I29fP5tRYApPBatxWU78IIyK
ACZvSnGZQWpWABoeGn5VLbF9dvcolKq72WKd5eGLuoM9NjzA9PWU92oLbpsPMYzb
PtznYxI4va2UANA3Mg2c/Nlej8z0KZaVAe9EQOS1NRUesOCHlgE=
=f0ax
-----END PGP SIGNATURE-----

Binary packages (Deb / Rpm) of Gerrit version 2.15.5 are now available.

How to install/upgrade: 2.15.5
*******************************

If you have a previous version of Gerrit 2.1x installed via native packages:

(on Debian / Ubuntu)
apt-get update & apt-get install gerrit=2.15.5-1

(on CentOS / RedHat)
yum clean all && yum install gerrit-2.15.5-1

(on Fedora)
dnf clean all && dnf install gerrit-2.15.5-1

If it is a new installation and you don't have the GerritForge/BinTray repositories
configured, please follow the instructions at:
http://gitenterprise.me/2015/02/27/gerrit-2-10-rpm-and-debian-packages-available/

Docker images:
**************

Gerrit is distributed on DockerHub at:
https://hub.docker.com/r/gerritcodereview/gerrit/

The following tags have been published
latest => 2.15.5
2.15.5 => 2.15.5-centos7
2.15.5-centos7
2.15.5-ubuntu16

More information on how to use Gerrit Docker image for testing, staging, and production at:
https://gerrit.googlesource.com/docker-gerrit

MacOS native package:
*********************

MacOS Gerrit native installer is available for download at:

https://dl.bintray.com/gerrit/mac/gerrit-installer-2.15.5.pkg
https://gerritforge.com/gerrit/mac/gerrit-installer-2.15.5.pkg

SHA1:
ec72806184d7d9b270b65bd3acf25c50b0adf36a

SHA256:
902ad480472a68eef3c180dc0a6f1b9d782a7237a0885d7b99753ef220f952c7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJbRZYmAAoJEB//ql4Ycfd19DcH/2pcP9xPcadYOVhNMdPLv2nZ
drX3NGuw26Mh959COTYGwlSoax7fLsIECs9b7Td7No0/JeXoVDy9Jr3c1j81W1Oi
EuTmdOGP4zqynQPembeJ0BBijBbi1TvjWLkczIET7r4d74nzvAYxe2zFI0HyJNJz
K0IZ2DmSUISdz+8HuIA99d8egST9Yd8q6/x/5wBcCHT2oa3A0ZmtwF2qZ140AWOs
GvkpXX5HLi1ke4tvF6HCXESWIlcZ8d2XC8b1ba2QBbVEc/dBCBvDcM+RKqG+aLqq
5U6mCyPhBBhdPOTrR8i4HY8NgH6sQ8Sv/43bZXB/u5f8XJzJSMD1JyxDzciPPlI=
=lykC
-----END PGP SIGNATURE-----

Gerrit 2.15.5 Release

2.15.5
Update JGit to 4.9.6.201810051924-r to fix CVE-2018-17456.

This release of JGit implements validation of .gitmodules files to protect unguarded tools against CVE-2018-17456.

Issue 9823: Fix force push permission check for administrators and project owners over SSH.

It was possible for an administrator or project owner to force push to a project over SSH without having the Force Push permission.

This issue did not affect regular users, or pushes over HTTP.

Update jackson-core to 2.9.7.

There have been several releases since 2.6.6 including many bug fixes and security fixes.

Update elasticsearch-rest-client to 6.4.2.

Issue 9705: Fix blank dropdown for ‘Only serve as parent for other repositories’ option when creating a new repository.

Issue 9610: Add support for showing the ‘effective’ value of the max object size limit setting.

Issue 9787: Fix permission check for toggling WIP flag when posting review.

Issue 9655: Fix support for setting owner of group to a single user