Add Gerrit 2.16.22 release notes
Change-Id: I3ff5010c06213803727bda1a576ec181faa5723b
diff --git a/pages/site/releases/2.16.md b/pages/site/releases/2.16.md
index 4ee1a85..1ba5e89 100644
--- a/pages/site/releases/2.16.md
+++ b/pages/site/releases/2.16.md
@@ -6,7 +6,8 @@
toc: true
---
-Download: **[2.16.21](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.21.war)**
+Download: **[2.16.22](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.22.war)**
+| [2.16.21](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.21.war)
| [2.16.20](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.20.war)
| [2.16.19](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.19.war)
| [2.16.18](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.18.war)
@@ -29,7 +30,8 @@
| [2.16.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.1.war)
| [2.16](https://gerrit-releases.storage.googleapis.com/gerrit-2.16.war)
-Documentation: **[2.16.21](https://gerrit-documentation.storage.googleapis.com/Documentation/2.16.21/index.html)**
+Documentation: **[2.16.22](https://gerrit-documentation.storage.googleapis.com/Documentation/2.16.22/index.html)**
+| [2.16.21](https://gerrit-documentation.storage.googleapis.com/Documentation/2.16.21/index.html)
| [2.16.20](https://gerrit-documentation.storage.googleapis.com/Documentation/2.16.20/index.html)
| [2.16.19](https://gerrit-documentation.storage.googleapis.com/Documentation/2.16.19/index.html)
| [2.16.18](https://gerrit-documentation.storage.googleapis.com/Documentation/2.16.18/index.html)
@@ -632,6 +634,72 @@
## Bugfix Releases
+### 2.16.22
+
+* Security Fixes
+
+ * [Issue 12846](https://bugs.chromium.org/p/gerrit/issues/detail?id=12846):
+ BadMessageException: 500: Response header too large.
+
+ [CVE-2019-17638](https://nvd.nist.gov/vuln/detail/CVE-2019-17638)
+
+ Bump Jetty version to 9.4.30.v20200611 to fix regression introduced in Jetty
+ version: 9.4.27.v20200227.
+
+ Response header overflow leads to buffer corruptions Jetty server always
+ allocates maximum response header size.
+
+ For more details see also upstream issues:
+
+ [Issue 4936](https://github.com/eclipse/jetty.project/issues/4936)
+ [Issue 4541](https://github.com/eclipse/jetty.project/issues/4541)
+
+* Bug Fixes:
+
+ * Use multiple threads per project when reindexing changes
+
+ To avoid idling threads during reindex operation, split the big projects
+ into smaller parts and let the thread pool index these parts.
+
+ * [Issue 13105](https://bugs.chromium.org/p/gerrit/issues/detail?id=13105):
+ Fix plugin builds on OSX
+
+ This fixes plugin stamping by adding overwrite files without prompting
+ option to unzip command.
+
+ * [Issue 12988](https://bugs.chromium.org/p/gerrit/issues/detail?id=12988):
+ Fix issue with auto registering ssh commands
+
+ AutoRegisterModules and PluginGuiceEnvironment checks if
+ ssh command implements org.apache.sshd.server.Command
+ interface. Correct interface name is org.apache.sshd.server.command.Command.
+
+ * [Issue 12935](https://bugs.chromium.org/p/gerrit/issues/detail?id=12935):
+ Avoid closing System.out after All-Users GC in NoteDB migration
+
+ By using try-with-resource wrappers around System.out for the garbage
+ collection of the `All-Users` repo, System.out got closed when the
+ wrappers got closed after the garbage collection. Due to the closed
+ System.out, the final status messages of the migration got swallowed
+ and did not make it to the screen.
+
+ * [Issue 12918](https://bugs.chromium.org/p/gerrit/issues/detail?id=12918):
+ Honor project watches also for changes created via cherry-pick
+
+ When a change was cherry-picked and a project watch expression from a
+ user matched the newly created change a notification email (because of
+ the project watch) was often not sent.
+
+ Change the default for the CherryPickInput.notify to ALL, the same like
+ in the CreateChangeInput.
+
+ * [Issue 12917](https://bugs.chromium.org/p/gerrit/issues/detail?id=12917):
+ Switching between changes fails and in-line edit returns HTTP status 404.
+
+ Switching between changes in a change series randomly fails.
+ Also, when adding a file to a change using in-line edit fails constantly
+ with an HTTP status 404.
+
### 2.16.21
* Security Fixes
