blob: 8e9db0c402ef0f01fce46da6c74b0e50d320ffa6 [file] [log] [blame]
Release notes for Gerrit 2.5.3
Gerrit 2.5.3 is now available:
There are no schema changes from any of the 2.5.x versions.
However, if upgrading from a version older than 2.5, follow the upgrade
procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes].
Security Fixes
* Patch vulnerabilities in OpenID client library
Installations using OpenID for authentication were vulnerable to a
number of attacks over the network. The openid4java client library
was identified as the entry point. In this release Gerrit updated to
the latest 0.9.8 release, which patches the known attack vectors.
No other changes since 2.5.2.