Google Git
Sign in
gerrit/gerrit/c67fbf4228092f3db174ef8010abf4e1a4abfc3c^1..c67fbf4228092f3db174ef8010abf4e1a4abfc3c/.
commit
c67fbf4228092f3db174ef8010abf4e1a4abfc3c
[log]
author
Shawn Pearce <sop@google.com>
Tue May 14 18:35:20 2013 -0700
committer
Shawn Pearce <sop@google.com>
Tue May 14 18:35:20 2013 -0700
tree
23ed6e733135a63640b4215ce9b7e444ece08261
parent
7f3c1e69e0fbb84a6e3aec4964026406d020613f [diff]
parent
62b82de590a26fae600b15c3fd12c5190925a3cf [diff]
Merge branch 'stable-2.7'

* stable-2.7:
  Release notes for 2.5.3

diff --git a/ReleaseNotes/ReleaseNotes-2.5.3.txt b/ReleaseNotes/ReleaseNotes-2.5.3.txt
new file mode 100644
index 0000000..1cbe85f
--- /dev/null
+++ b/ReleaseNotes/ReleaseNotes-2.5.3.txt

@@ -0,0 +1,22 @@
+Release notes for Gerrit 2.5.3
+==============================
+
+Gerrit 2.5.3 is now available:
+
+link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.5.3.war]
+
+There are no schema changes from any member of the 2.5.x versions.
+
+However, if upgrading from anything earlier version, follow the upgrade
+procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes].
+
+Security Fixes
+--------------
+* Patch vulnerabilities in OpenID client library
++
+Installations using OpenID for authentication were vulnerable to a
+number of attacks over the network.  The openid4java client library
+was identified as the entry point.  In this release Gerrit updated to
+the latest 0.9.8 release, which patches the known attack vectors.
+
+No other changes since 2.5.2.

diff --git a/ReleaseNotes/index.txt b/ReleaseNotes/index.txt
index 26ccae7..5479101 100644
--- a/ReleaseNotes/index.txt
+++ b/ReleaseNotes/index.txt

@@ -9,6 +9,7 @@
 [[2_5]]
 Version 2.5.x
 -------------
+* link:ReleaseNotes-2.5.3.html[2.5.3]
 * link:ReleaseNotes-2.5.2.html[2.5.2]
 * link:ReleaseNotes-2.5.1.html[2.5.1]
 * link:ReleaseNotes-2.5.html[2.5]