title: “Gerrit 2.11 Release” permalink: 2.11.html hide_sidebar: true hide_navtoggle: true toc: true

Download: 2.11.11 | 2.11.10 | 2.11.9 | 2.11.8 | 2.11.7 | 2.11.6 | 2.11.5 | 2.11.4 | 2.11.3 | 2.11.2 | 2.11.1 | 2.11

Documentation: 2.11.11 | 2.11.10 | 2.11.9 | 2.11.8 | 2.11.7 | 2.11.6 | 2.11.5 | 2.11.4 | 2.11.3 | 2.11.2 | 2.11.1 | 2.11

Release Highlights

  • Issue 505: Changes can be created and edited directly in the browser.
  • Many improvements in the new change screen.
  • The old change screen is removed.
  • For full details please refer to the release notes on the old site.

Bugfix Releases

2.11.11

Upgrade jsch from 0.1.51 to 0.1.54 to get security fixes:

  • CVE-2015-4000: Weak Diffie-Hellman vulnerability, AKA “Logjam”. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. On February 22, 2018, Github removed support for weak cryptographic standards. As a result of this, replication to Github over SSH no longer works with diffie-hellman-group1-sha1 or diffie-hellman-group14-sha1 SSH keys.
  • CVE-2016-5725: Directory traversal vulnerability. Versions of jsch prior to 0.1.54 have a directory traversal vulnerability on Windows. When the mode is ChannelSftp.OVERWRITE, it allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. For other fixes in jsch since 0.1.51, please refer to the jsch change log.