Update 3.3.0-rc7 with some more changes since rc6
Include the recent security fix verifying hostname when sending emails
via SMTP server with SMTPSClient.
Change-Id: I45d31bdd9b9294d93f37d1f358cf8d83843e8903
diff --git a/pages/site/releases/3.3.md b/pages/site/releases/3.3.md
index fbefe1d..4574ee4 100644
--- a/pages/site/releases/3.3.md
+++ b/pages/site/releases/3.3.md
@@ -102,6 +102,18 @@
when the target repository is `All-Users`, where nobody can be authorized
to skip the ACLs evaluation anyway.
+* [Issue 12629](https://bugs.chromium.org/p/gerrit/issues/detail?id=12629);
+ Verify hostname when sending emails via SMTP server with `SMTPSClient`.
+
+ The SMTP server's certificate and hostname must be verified if
+ encryption is enabled with SSL verification in the host settings
+ (`sendemail.smtpEncryption` and `sendemail.sslVerify`).
+
+ `SMTPSClient` from Apache Commons Net used for SSL processing.
+ It has the following downside: if encryption is not required,
+ `SMTPSClient` is used in 'explicit' mode with the upgrade to TLS
+ never called. Thus, the client is somewhat misused.
+
## Native packaging
* Allow to use init as a param in docker run
@@ -299,6 +311,8 @@
* Fix the dangling comma after reviewer on dashboard
+* Fix Shift-A shortcut for hiding the left side of the diff
+
### UI issues
* [Issue 7458](https://bugs.chromium.org/p/gerrit/issues/detail?id=7458);
