commit 714adcdc7f676fe4e2f5c56b6105eb9777b1b6e7
author David Pursehouse <dpursehouse@collab.net> Tue Jan 08 12:08:27 2019 +0900
committer David Pursehouse <dpursehouse@collab.net> Thu Jan 10 21:27:56 2019 +0900
tree 267f861ff5c8790ee6298fa62fe684499edd5a9d
parent 9f9a843a4975bbcde950b718d0ec6a7a33057aa5

Update 2.16.3 release notes

Change-Id: I9867a70811a3ea3ff2d2dc9f2741259b8b1ccf37

pages/site/releases/2.16.md

diff --git a/pages/site/releases/2.16.md b/pages/site/releases/2.16.md
index 6ee3f72..3360636 100644
--- a/pages/site/releases/2.16.md
+++ b/pages/site/releases/2.16.md
@@ -408,7 +408,7 @@
 
 * Update guice-* to 4.2.1
 
-* Update JGit to 5.1.3.201810200350-r
+* Update JGit to 5.1.3.201810200350-r (Updated to 5.1.5.201812261915-r in 2.16.3)
 
 * Update Lucene to 6.6.5
 
@@ -488,6 +488,23 @@
 
 ### 2.16.3
 
+* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
+Upgrade JGit to 5.1.5.201812261915-r to fix validation of `wants` in
+`git-upload-pack` for protocol v0 bidirectional transports.
+
+  AdvertiseRefsHook was not called for `git-upload-pack` in protocol v0
+  bidirectional transports, meaning that `wants` were not validated and
+  a user could fetch anything that is pointed to by any ref (using fetch-by-sha1),
+  as long as they could guess the object name.
+
+* [Issue 10242](https://bugs.chromium.org/p/gerrit/issues/detail?id=10242):
+Fix regression that allows a user's account to be taken over when multiple
+authentication providers are in use.
+
+  A regression introduced in 2.14.7 allowed a user's account to be taken
+  over by creating an account on a different provider with exactly the same
+  username as the existing Gerrit account.
+
 * [Issue 10082](https://bugs.chromium.org/p/gerrit/issues/detail?id=10082):
 Decouple online reindex activation from index module.