title: “Gerrit 2.11 Release” permalink: 2.11.html hide_sidebar: true hide_navtoggle: true toc: true
Download: 2.11.11 | 2.11.10 | 2.11.9 | 2.11.8 | 2.11.7 | 2.11.6 | 2.11.5 | 2.11.4 | 2.11.3 | 2.11.2 | 2.11.1 | 2.11
Documentation: 2.11.11 | 2.11.10 | 2.11.9 | 2.11.8 | 2.11.7 | 2.11.6 | 2.11.5 | 2.11.4 | 2.11.3 | 2.11.2 | 2.11.1 | 2.11
Release Highlights
- Issue 505: Changes can be created and edited directly in the browser.
- Many improvements in the new change screen.
- The old change screen is removed.
- For full details please refer to the release notes on the old site.
Bugfix Releases
2.11.11
Upgrade jsch from 0.1.51 to 0.1.54 to get security fixes:
- CVE-2015-4000: Weak Diffie-Hellman vulnerability, AKA “Logjam”. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. On February 22, 2018, Github removed support for weak cryptographic standards. As a result of this, replication to Github over SSH no longer works with diffie-hellman-group1-sha1 or diffie-hellman-group14-sha1 SSH keys.
- CVE-2016-5725: Directory traversal vulnerability. Versions of jsch prior to 0.1.54 have a directory traversal vulnerability on Windows. When the mode is
ChannelSftp.OVERWRITE
, it allows remote SFTP servers to write to arbitrary files via a ..\
(dot dot backslash) in a response to a recursive GET
command. For other fixes in jsch since 0.1.51, please refer to the jsch change log.