commit f7136ec5df8c4776e207839f11fba96413a795c7
author David Pursehouse <dpursehouse@collab.net> Mon Jan 07 10:09:52 2019 +0900
committer David Pursehouse <dpursehouse@collab.net> Thu Jan 10 21:27:55 2019 +0900
tree 6b5b2eeb4c1c43418eee43f57315e935b3a42173
parent 93f5142ea971fcbce19b3feb1fce5c00b8abb5ec

Add release notes for 2.12.9

Change-Id: Ieb0beeccb38dd407201e3e053365e3134bec862b

pages/site/releases/2.12.md

diff --git a/pages/site/releases/2.12.md b/pages/site/releases/2.12.md
index 78d151c..cb405db 100644
--- a/pages/site/releases/2.12.md
+++ b/pages/site/releases/2.12.md
@@ -5,7 +5,8 @@
 hide_navtoggle: true
 toc: true
 ---
-Download: **[2.12.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.8.war)**
+Download: **[2.12.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.9.war)**
+| [2.12.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.8.war)
 | [2.12.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.7.war)
 | [2.12.6](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.6.war)
 | [2.12.5](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.5.war)
@@ -15,7 +16,8 @@
 | [2.12.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.1.war)
 | [2.12](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.war)
 
-Documentation: **[2.12.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.8/index.html)**
+Documentation: **[2.12.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.9/index.html)**
+| [2.12.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.8/index.html)
 | [2.12.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.7/index.html)
 | [2.12.6](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.6/index.html)
 | [2.12.5](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.5/index.html)
@@ -441,6 +443,46 @@
 
 ## Bugfix Releases
 
+### 2.12.9
+
+* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
+Fix validation of `wants` in `git-upload-pack` for protocol v0 bidirectional transports.
+
+  See the following section for details.
+
+* Upgrade JGit to 4.5.5.201812240535-r.
+
+  This upgrade includes several versions since 4.1.2 used in Gerrit
+  version 2.12.8. Important fixes are summarized below. Please refer to the
+  corresponding JGit release notes for full details.
+
+  * [JGit 4.5.5](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.5):
+
+    * [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
+    Fix validation of `wants` in `git-upload-pack` for protocol v0 bidirectional transports.
+
+      AdvertiseRefsHook was not called for `git-upload-pack` in protocol v0
+      bidirectional transports, meaning that `wants` were not validated and
+      a user could fetch anything that is pointed to by any ref (using fetch-by-sha1),
+      as long as they could guess the object name.
+
+  * [JGit 4.5.4](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.4):
+
+    * Fix LockFile semantics when running on NFS.
+    * Honor trustFolderStats also when reading packed-refs.
+
+  * [JGit 4.5.3](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.3):
+
+    * Fix exception handling for opening bitmap index files.
+
+  * [JGit 4.5.2](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2):
+
+    * Fix pack marked as corrupted even if it isn't.
+
+  * [JGit 4.5.1](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2):
+
+    * Don't remove Pack when FileNotFoundException is transient.
+
 ### 2.12.8
 * Upgrade jsch to 0.1.54 to fix [CVE-2016-5725](https://nvd.nist.gov/vuln/detail/CVE-2016-5725):
 Directory traversal vulnerability.