| Yuxuan 'fishy' Wang | 4f5ad9d | 2016-05-03 16:18:58 -0700 | [diff] [blame] | 1 | = Release notes for Gerrit 2.5.3 |
| Shawn Pearce | 5534ada | 2013-05-14 18:33:35 -0700 | [diff] [blame] | 2 | |
| 3 | Gerrit 2.5.3 is now available: |
| 4 | |
| Shawn Pearce | 6d7ebc6 | 2015-06-12 16:34:42 -0700 | [diff] [blame] | 5 | link:https://www.gerritcodereview.com/download/gerrit-2.5.3.war[https://www.gerritcodereview.com/download/gerrit-2.5.3.war] |
| Shawn Pearce | 5534ada | 2013-05-14 18:33:35 -0700 | [diff] [blame] | 6 | |
| David Pursehouse | 1f1c7c7 | 2013-05-15 10:44:19 +0900 | [diff] [blame] | 7 | There are no schema changes from any of the 2.5.x versions. |
| Shawn Pearce | 5534ada | 2013-05-14 18:33:35 -0700 | [diff] [blame] | 8 | |
| David Pursehouse | 1f1c7c7 | 2013-05-15 10:44:19 +0900 | [diff] [blame] | 9 | However, if upgrading from a version older than 2.5, follow the upgrade |
| Shawn Pearce | 5534ada | 2013-05-14 18:33:35 -0700 | [diff] [blame] | 10 | procedure in the 2.5 link:ReleaseNotes-2.5.html[Release Notes]. |
| 11 | |
| Yuxuan 'fishy' Wang | 4f5ad9d | 2016-05-03 16:18:58 -0700 | [diff] [blame] | 12 | == Security Fixes |
| Shawn Pearce | 5534ada | 2013-05-14 18:33:35 -0700 | [diff] [blame] | 13 | * Patch vulnerabilities in OpenID client library |
| 14 | + |
| 15 | Installations using OpenID for authentication were vulnerable to a |
| 16 | number of attacks over the network. The openid4java client library |
| 17 | was identified as the entry point. In this release Gerrit updated to |
| 18 | the latest 0.9.8 release, which patches the known attack vectors. |
| 19 | |
| 20 | No other changes since 2.5.2. |
