blob: 627fba5f23ca49869faca00ec1029036edbcfafe [file] [log] [blame]
= Release notes for Gerrit 2.3.1
Gerrit 2.3.1 is now available:
link:https://www.gerritcodereview.com/download/gerrit-2.3.1.war[https://www.gerritcodereview.com/download/gerrit-2.3.1.war]
There are no schema changes from 2.3.
However, if upgrading from anything earlier, follow the upgrade
procedure in the 2.3 link:ReleaseNotes-2.3.html[ReleaseNotes].
== Security Fixes
* Some access control sections may be ignored
+
Gerrit sometimes ignored an access control section in a project
if the exact same section name appeared in All-Projects. The bug
required an unrelated project to have access.inheritFrom set to
All-Projects and be accessed before the project that has the same
section name as All-Projects. This is an unlikely scenario for
most servers, as Gerrit does not normally set inheritFrom equal to
All-Projects. The usual behavior is to not supply this property in
project.config, and permit the implicit inheritance to take place.