blob: 146fd40f7db93d475e9e851c3888afc63aed4f91 [file] [log] [blame]
Release notes for Gerrit 2.5.5
==============================
There are no schema changes from link:ReleaseNotes-2.5.4.html[2.5.4].
link:https://www.gerritcodereview.com/download/gerrit-2.5.5.war[https://www.gerritcodereview.com/download/gerrit-2.5.5.war]
Bug Fixes
---------
* Patch JGit security hole
+
The security hole may permit a modified Git client to gain access
to hidden or deleted branches if the user has read permission on
at least one branch in the repository. Access requires knowing a
SHA-1 to request, which may be discovered out-of-band from an issue
tracker or gitweb instance.