| Release notes for Gerrit 2.5.3 |
| ============================== |
| |
| Gerrit 2.5.3 is now available: |
| |
| link:https://www.gerritcodereview.com/download/gerrit-2.5.3.war[https://www.gerritcodereview.com/download/gerrit-2.5.3.war] |
| |
| There are no schema changes from any of the 2.5.x versions. |
| |
| However, if upgrading from a version older than 2.5, follow the upgrade |
| procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. |
| |
| Security Fixes |
| -------------- |
| * Patch vulnerabilities in OpenID client library |
| + |
| Installations using OpenID for authentication were vulnerable to a |
| number of attacks over the network. The openid4java client library |
| was identified as the entry point. In this release Gerrit updated to |
| the latest 0.9.8 release, which patches the known attack vectors. |
| |
| No other changes since 2.5.2. |