Bonobo Git Server v6.5.0 Release Notes

Release Date: 2019-04-19 // 5 months ago
  • 17 April 2019

    🔒 Security

    🚀 This is an important security release which addresses two vulnerabilities, and users should upgrade immediately, particularly if they permit anonymous or low-trust users access to any repository.

    🚀 AD users who have been avoiding 6.2.2 or later versions because of problems introduced in that release ⬆️ should be safe to upgrade to this version, which removes that particular troublesome feature.

    🚀 We are grateful to the team at flab.cesnet.cz for the responsible disclosure of the vulnerabilities addressed by this release.

    🛠 Bugfixes

    • Sanitise service name in calls to Git services (CVE-2019-11217)
    • Prevent non-admin users maninpulating role membership (CVE-2019-11218)

Previous changes from v6.2.0

  • 15 May 2017

    🔋 Features

    • Broader search for AD domain #683
    • 🔧 Reintroduce ActiveDirectoryDefaultDomain configuration item (helps #683)

    🛠 Bugfixes

    • ⏪ Revert Jwt library to v4.x to repair ADFS login #681
    • 🔧 Reintroduce ActiveDirectoryDefaultDomain configuration item #685

    Other improvements

    • 🏁 Permissions for unknown Windows users are set more sensibly when using internal membership #687
    • 🌐 pt-BR translation improvements #678
    • 🚚 All logging now moved to new app_data\logs files