[ANNOUNCE] CGIT v1.2.1 Released
Jason A. Donenfeld
Jason at zx2c4.com
Fri Aug 3 17:12:29 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi folks,
CGit 1.2.1 is now available. It contains an important security fix and
everybody should update immediately.
== CGit on the Web ==
* homepage: https://git.zx2c4.com/cgit/about/
* git repository: https://git.zx2c4.com/cgit/
* git clone: git://git.zx2c4.com/cgit
* mailing list: cgit at lists.zx2c4.com
* mailing list subscribe: https://lists.zx2c4.com/mailman/listinfo/cgit
== ChangeLog v1.2.1 ==
6 files changed, 465 insertions(+), 39 deletions(-)
Notable Changes:
* The authentication filters have been revamped, and a new one using
file-based access lists has been added.
* A bug fix for the cached rc file for the snapshot-prefix.
* A fix for a critical directory traversal vulnerability, when
`enable-http-clone=1` is not turned off, discovered by Jann Horn.
This is pretty nasty and all users must update immediately.
This release contains commits from: Jason A. Donenfeld and Konstantin
Ryabitsev.
== Downloading ==
This release is available in compressed tarball form here:
https://git.zx2c4.com/cgit/snapshot/cgit-1.2.1.tar.xz
SHA2-256: 3c547c146340fb16d4134326e7524bfb28ffa681284f1e3914bde1c27a9182bf
BLAKE2b-256: f6c9a6fe59d3f157da835c6bc36d58f9389cc6cdbc7bbbf6bfa65be0c5ad323c
A PGP signature of that file decompressed is available here:
https://git.zx2c4.com/cgit/snapshot/cgit-1.2.1.tar.asc
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
Enjoy,
Jason
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAltkcI4QHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4Drr+tD/9+yR0QQfQtJiEBFEyDUsjMdRX/kcaMh7TV
mj4B00LH+JF9MWgR2PDh7QeiSrVa/L3TaT9VmqyU3GyKuLzNOowuNGKErlve9w9a
ylW/mFuksoTylkWaty4fYj8r+ZMiyaZNhVDG5fw8LdYsx2ltwhXAzkTooYqWEA9y
G02G2VbslvOZzG+etvUWrDFlkO/LLdkyaN/ezhIETBI6WCA8B6CQw57829NSp9AA
DEysh4cIOBihbSEya95l/5U5kZ2rnpqmmbbdUYkoVW0uKuhDKz+X3oyDvZuZctQ1
UbbruPa2s9K1z5bSL5aPTFayr7i26qDTyYVsdx8gkJVv24xDuVWwu70KqJC54Bhm
ZHJNb5iQ1LnCIsrj74z4TU1bcqvKy7t/Kk3aW0+KE2koFew2KelMS3oGcEMTTSl2
Skr5GZGuHgSq3XpZZ5bPbJj/wZ9a/+FzEkFgGzwHRiBwXHoMFPVdADiUYhl+fcgj
W23Iewe/qh5Ygsj2KH3p4J5WWqfLwCJ3aXQsDu+qijuXFo5ye1U/SoEjqIjTRIF1
cqT+d5IW/aSp2JaIjb/LVs1j0iNqU2jNgRyKx+RtVALProLwWvg0NGY3rf8RUVff
sY5OEXGWnLQBVuY/ttuEqWtfTGVi/pa8pSCJ2rWpOHtbLFJX8WCcCZYJvltYGMSk
rKvAEIc8Gw==
=D1Bi
-----END PGP SIGNATURE-----
More information about the CGit
mailing list