Add release notes for 2.11.12
Change-Id: Id510d929f47ac574eb27e41ac19d4b61d6755866
diff --git a/pages/site/releases/2.11.md b/pages/site/releases/2.11.md
index 23496e0..420397a 100644
--- a/pages/site/releases/2.11.md
+++ b/pages/site/releases/2.11.md
@@ -5,7 +5,8 @@
hide_navtoggle: true
toc: true
---
-Download: **[2.11.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.11.war)**
+Download: **[2.11.12](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.12.war)**
+| [2.11.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.11.war)
| [2.11.10](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.10.war)
| [2.11.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.9.war)
| [2.11.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.8.war)
@@ -18,7 +19,8 @@
| [2.11.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.1.war)
| [2.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.war)
-Documentation: **[2.11.11](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.11/index.html)**
+Documentation: **[2.11.12](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.12/index.html)**
+| [2.11.11](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.11/index.html)
| [2.11.10](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.10/index.html)
| [2.11.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.9/index.html)
| [2.11.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.8/index.html)
@@ -41,6 +43,53 @@
## Bugfix Releases
+### 2.11.12
+
+* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
+Fix validation of `wants` in `git-upload-pack` for protocol v0 bidirectional transports.
+
+ See the following section for details.
+
+* Upgrade JGit to 4.5.5.201812240535-r.
+
+ This upgrade includes several major versions since 4.0.1 used in Gerrit
+ version 2.11.11. Important fixes are summarized below. Please refer to the
+ corresponding JGit release notes for full details.
+
+ * [JGit 4.5.5](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.5):
+
+ * [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
+ Fix validation of `wants` in `git-upload-pack` for protocol v0 bidirectional transports.
+
+ AdvertiseRefsHook was not called for `git-upload-pack` in protocol v0
+ bidirectional transports, meaning that `wants` were not validated and
+ a user could fetch anything that is pointed to by any ref (using fetch-by-sha1),
+ as long as they could guess the object name.
+
+ * [JGit 4.5.4](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.4):
+
+ * Fix LockFile semantics when running on NFS.
+ * Honor trustFolderStats also when reading packed-refs.
+
+ * [JGit 4.5.3](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.3):
+
+ * Fix exception handling for opening bitmap index files.
+
+ * [JGit 4.5.2](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2):
+
+ * Fix pack marked as corrupted even if it isn't.
+
+ * [JGit 4.5.1](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2):
+
+ * Don't remove Pack when FileNotFoundException is transient.
+
+ * [JGit 4.1.0](https://projects.eclipse.org/projects/technology.jgit/releases/4.1.0):
+
+ * Handle stale NFS file handles on packed-refs file.
+ * Use java.io.File instead of NIO to check existence of loose objects in
+ ObjectDirectory to speed up inserting of loose objects.
+ * Reduce memory consumption when creating bitmaps during writing pack files.
+
### 2.11.11
Upgrade jsch from 0.1.51 to 0.1.54 to get security fixes:
* [CVE-2015-4000](https://nvd.nist.gov/vuln/detail/CVE-2015-4000): Weak Diffie-Hellman
