Bonobo Git Server v6.5.0 Release Notes
Release Date: 2019-04-19 // over 5 years ago-
17 April 2019
๐ Security
๐ This is an important security release which addresses two vulnerabilities, and users should upgrade immediately, particularly if they permit anonymous or low-trust users access to any repository.
๐ AD users who have been avoiding 6.2.2 or later versions because of problems introduced in that release โฌ๏ธ should be safe to upgrade to this version, which removes that particular troublesome feature.
๐ We are grateful to the team at flab.cesnet.cz for the responsible disclosure of the vulnerabilities addressed by this release.
๐ Bugfixes
- Sanitise service name in calls to Git services (CVE-2019-11217)
- Prevent non-admin users maninpulating role membership (CVE-2019-11218)
Previous changes from v6.2.0
-
15 May 2017
๐ Features
- Broader search for AD domain #683
- ๐ง Reintroduce ActiveDirectoryDefaultDomain configuration item (helps #683)
๐ Bugfixes
- โช Revert Jwt library to v4.x to repair ADFS login #681
- ๐ง Reintroduce ActiveDirectoryDefaultDomain configuration item #685
Other improvements
- ๐ Permissions for unknown Windows users are set more sensibly when using internal membership #687
- ๐ pt-BR translation improvements #678
- ๐ All logging now moved to new app_data\logs files