| = Release notes for Gerrit 2.4.2 |
| |
| Gerrit 2.4.2 is now available: |
| |
| link:https://www.gerritcodereview.com/download/gerrit-2.4.2.war[https://www.gerritcodereview.com/download/gerrit-2.4.2.war] |
| |
| There are no schema changes from 2.4, or 2.4.1. |
| |
| However, if upgrading from anything earlier, follow the upgrade |
| procedure in the 2.4 link:ReleaseNotes-2.4.html[ReleaseNotes]. |
| |
| == Security Fixes |
| * Some access control sections may be ignored |
| + |
| Gerrit sometimes ignored an access control section in a project |
| if the exact same section name appeared in All-Projects. The bug |
| required an unrelated project to have access.inheritFrom set to |
| All-Projects and be accessed before the project that has the same |
| section name as All-Projects. This is an unlikely scenario for |
| most servers, as Gerrit does not normally set inheritFrom equal to |
| All-Projects. The usual behavior is to not supply this property in |
| project.config, and permit the implicit inheritance to take place. |