Google Git
Sign in
gerrit / gerrit / 1710a9bc2b7b7b5b663ab5ca829a2533136fb7f5^2..1710a9bc2b7b7b5b663ab5ca829a2533136fb7f5 / .
commit1710a9bc2b7b7b5b663ab5ca829a2533136fb7f5[log] [tgz]
authorShawn Pearce <sop@google.com>Sat May 18 12:43:54 2013 -0700
committerShawn Pearce <sop@google.com>Sat May 18 12:43:54 2013 -0700
tree88fb083e8ba35ef02a856ae2f81b9db6cf059a2b
parent1f1c7c79979124eb78a9d6cc4dd5c37f8e5cda8b [diff]
parent4f6c76e758b3f1b279e720c285332db76cc03abb [diff]
Merge 'preferred-email' into stable-2.5

* preferred-email:
  Require preferred email to be a verified address

diff --git a/ReleaseNotes/ReleaseNotes-2.5.1.txt b/ReleaseNotes/ReleaseNotes-2.5.1.txt
index 967d78d..ba4e204 100644
--- a/ReleaseNotes/ReleaseNotes-2.5.1.txt
+++ b/ReleaseNotes/ReleaseNotes-2.5.1.txt

@@ -7,7 +7,7 @@
 
 There are no schema changes from 2.5, or 2.5.1.
 
-However, if upgrading from anything earlier version, follow the upgrade
+However, if upgrading from a version older than 2.5, follow the upgrade
 procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes].
 
 Security Fixes

diff --git a/ReleaseNotes/ReleaseNotes-2.5.2.txt b/ReleaseNotes/ReleaseNotes-2.5.2.txt
index 5e99ebf..ceb23c2 100644
--- a/ReleaseNotes/ReleaseNotes-2.5.2.txt
+++ b/ReleaseNotes/ReleaseNotes-2.5.2.txt

@@ -7,7 +7,7 @@
 
 There are no schema changes from 2.5, or 2.5.1.
 
-However, if upgrading from anything earlier version, follow the upgrade
+However, if upgrading from a version older than 2.5, follow the upgrade
 procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes].
 
 Bug Fixes

diff --git a/ReleaseNotes/ReleaseNotes-2.5.3.txt b/ReleaseNotes/ReleaseNotes-2.5.3.txt
new file mode 100644
index 0000000..60efa7a
--- /dev/null
+++ b/ReleaseNotes/ReleaseNotes-2.5.3.txt

@@ -0,0 +1,22 @@
+Release notes for Gerrit 2.5.3
+==============================
+
+Gerrit 2.5.3 is now available:
+
+link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war]
+
+There are no schema changes from any of the 2.5.x versions.
+
+However, if upgrading from a version older than 2.5, follow the upgrade
+procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes].
+
+Security Fixes
+--------------
+* Patch vulnerabilities in OpenID client library
++
+Installations using OpenID for authentication were vulnerable to a
+number of attacks over the network.  The openid4java client library
+was identified as the entry point.  In this release Gerrit updated to
+the latest 0.9.8 release, which patches the known attack vectors.
+
+No other changes since 2.5.2.

diff --git a/ReleaseNotes/index.txt b/ReleaseNotes/index.txt
index e2487bc..641974a 100644
--- a/ReleaseNotes/index.txt
+++ b/ReleaseNotes/index.txt

@@ -4,6 +4,7 @@
 [[2_5]]
 Version 2.5.x
 -------------
+* link:ReleaseNotes-2.5.3.html[2.5.3]
 * link:ReleaseNotes-2.5.2.html[2.5.2]
 * link:ReleaseNotes-2.5.1.html[2.5.1]
 * link:ReleaseNotes-2.5.html[2.5]