| Shawn Pearce | 7502a46 | 2013-06-22 18:41:28 -0700 | [diff] [blame] | 1 | Release notes for Gerrit 2.4.3 |
| 2 | ============================== |
| 3 | |
| 4 | There are no schema changes from link:ReleaseNotes-2.4.2.html[2.4.2]. |
| 5 | |
| 6 | link:https://gerrit-releases.storage.googleapis.com/gerrit-2.4.3.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.4.3.war] |
| 7 | |
| 8 | Bug Fixes |
| 9 | --------- |
| 10 | * Patch JGit security hole |
| 11 | + |
| 12 | The security hole may permit a modified Git client to gain access |
| 13 | to hidden or deleted branches if the user has read permission on |
| 14 | at least one branch in the repository. Access requires knowing a |
| 15 | SHA-1 to request, which may be discovered out-of-band from an issue |
| 16 | tracker or gitweb instance. |
