Bonobo Git Server v6.5.0 Release NotesRelease Date: 2019-04-19 // about 1 year ago
17 April 2019
🚀 This is an important security release which addresses two vulnerabilities, and users should upgrade immediately, particularly if they permit anonymous or low-trust users access to any repository.
🚀 AD users who have been avoiding 6.2.2 or later versions because of problems introduced in that release ⬆️ should be safe to upgrade to this version, which removes that particular troublesome feature.
🚀 We are grateful to the team at flab.cesnet.cz for the responsible disclosure of the vulnerabilities addressed by this release.
- Sanitise service name in calls to Git services (CVE-2019-11217)
- Prevent non-admin users maninpulating role membership (CVE-2019-11218)
Previous changes from v6.2.0
15 May 2017
- Broader search for AD domain #683
- 🔧 Reintroduce ActiveDirectoryDefaultDomain configuration item (helps #683)
- ⏪ Revert Jwt library to v4.x to repair ADFS login #681
- 🔧 Reintroduce ActiveDirectoryDefaultDomain configuration item #685
- 🏁 Permissions for unknown Windows users are set more sensibly when using internal membership #687
- 🌐 pt-BR translation improvements #678
- 🚚 All logging now moved to new app_data\logs files