All Versions
30
Latest Version
Avg Release Cycle
157 days
Latest Release
960 days ago

Changelog History
Page 1

  • v6.5.0 Changes

    April 19, 2019

    17 April 2019

    ๐Ÿ”’ Security

    ๐Ÿš€ This is an important security release which addresses two vulnerabilities, and users should upgrade immediately, particularly if they permit anonymous or low-trust users access to any repository.

    ๐Ÿš€ AD users who have been avoiding 6.2.2 or later versions because of problems introduced in that release โฌ†๏ธ should be safe to upgrade to this version, which removes that particular troublesome feature.

    ๐Ÿš€ We are grateful to the team at flab.cesnet.cz for the responsible disclosure of the vulnerabilities addressed by this release.

    ๐Ÿ›  Bugfixes

    • Sanitise service name in calls to Git services (CVE-2019-11217)
    • Prevent non-admin users maninpulating role membership (CVE-2019-11218)
  • v6.4.0 Changes

    ๐Ÿš€ 13 November 2017 (unreleased)

    ๐Ÿ›  Bugfixes

    • โœ‚ Removed #710 feature introduced in 6.2.2 as it has proved unreliable

    Other improvements

    • โž• Added IE-Edge meta tag #740 @CatStarwind
  • v6.3.0 Changes

    5 September 2017

    ๐Ÿ”‹ Features

    • ๐Ÿ‘ Allow named users to browse anonymous repos for which they don't have explicit permission #708
    • ๐Ÿ‘ Allow custom CSS files #705

    ๐Ÿ›  Bugfixes

    • ๐Ÿ›  Fix regression in 6.2.2 for certain domain configurations #731/#733

    Other improvements

    • โšก๏ธ Update compiler used for pages #702
  • v6.2.2 Changes

    28 August 2017

    ๐Ÿ”‹ Features

    • ๐Ÿ‘ Allow anonymous users to browse repos without credentials where permitted #710 / @jeffgaroutte

    ๐Ÿ›  Bugfixes

    • Don't unescape Git passwords/usernames unnecessarily #704
    • ๐Ÿ‘Œ Improvements to AD domain handling #706

    Other improvements

    • Enable README display for all folders #713
    • ๐ŸŒ Turkish translation improvements #722
  • v6.2.1 Changes

    22 May 2017

    ๐Ÿ— This is identical to 6.2.0, but with corrected version numbering in the appveyor build.

  • v6.2.0 Changes

    May 15, 2017

    15 May 2017

    ๐Ÿ”‹ Features

    • Broader search for AD domain #683
    • ๐Ÿ”ง Reintroduce ActiveDirectoryDefaultDomain configuration item (helps #683)

    ๐Ÿ›  Bugfixes

    • โช Revert Jwt library to v4.x to repair ADFS login #681
    • ๐Ÿ”ง Reintroduce ActiveDirectoryDefaultDomain configuration item #685

    Other improvements

    • ๐Ÿ Permissions for unknown Windows users are set more sensibly when using internal membership #687
    • ๐ŸŒ pt-BR translation improvements #678
    • ๐Ÿšš All logging now moved to new app_data\logs files
  • v6.1.0

    April 18, 2017
  • v6.0.0 Changes

    March 29, 2017

    29 March 2017

    Compatibility issues

    • This version adds column to several tables in the database. This makes it incompatible with previous versions of Bonobo. Please ensure that you have a โšก๏ธ backup of your App_Data folder before you update.

    ๐Ÿ”‹ Features

    • A new global option allows a repository to be created by pushing at a non-existent repo name #504
    • Repositories do not need to have an explicit repository administator #505
    • ๐Ÿ‘ Allow push for anonymous user can now be set on a per repo basis
    • Repository details screen now has copy-to-clipboard buttons for Git URLs #453
    • 'Rescan' button on Repository index screen allows new file-system repos to be discovered without restarting application #454
    • *.ts and *.json formatting support for file display #455
    • ๐Ÿ†• New diagnostic page at /home/diagnostics to help with support
    • Claims names are now more consistent with typical ADFS usage #488
    • ๐Ÿ‘‰ Added following environment variables: AUTH_USER_TEAMS, AUTH_USER_ROLES, and AUTH_USER_DISPLAYNAME. See the FAQ for more information. #495
    • The linkify option for commit messages can now be set on a per repo basis
    • Verifies that username, repository and team names are unique as you type them
    • Verifies as you type regex entered for linkification
    • โž• Added icons to repository listing indicating anonymous push/pull status

    ๐Ÿ›  Bugfixes

    • NullReferenceException in EFRepositoryPermissionService HasPermission #441
    • Inconsistent repo name case-sensitivity (now consistently case-insensitve) #443
    • Correct error reported to Git clients for access to non-existent repo #447
    • ๐Ÿ”ง Bonobo can start enough to allow access to settings if git directory is mis-configured #451
    • Bonobo doesn't run on systems with particular machine.config RoleManager settings #486
    • The repository logo was not visible in all views
    • ๐Ÿ›  Fixed inability to browse folders in branches other then master #541

    Code improvements

    • โž• Addition of automated test framework for testing web application
    • Rework of repository permissions Code #492
    • Abort startup if BinaryGUID=False is not set in Sqlite connections.
    • ๐Ÿ‘Œ Improved exception handling in GitController #444
    • โฌ†๏ธ Upgrade all web.config files to MVC5 #457
    • โšก๏ธ Password salt now randomly generated at password update #462
    • ๐Ÿ’… Resharper settings provided so that Resharper suggested style matches project #465
    • ๐Ÿ‘‰ UserModel and User entity class name properties made more consistent #470
    • Far fewer catch-all claueses silently swallowing exceptions
    • โšก๏ธ Updated jQuery and associated js code to 1.12.4 #586
  • v5.2 Changes

    March 16, 2016

    17 March 2016

    ๐Ÿ”’ Security

    ๐Ÿš€ This is an important security release adding a CSRF protection to POST actions in the app. Also, it fixes a token validation on password reset function and adds the CSRF protection there as well.

    • โž• add form antiforgery protection - Will Dean
  • v5.1.1 Changes

    March 09, 2016

    12 January 2016

    ๐Ÿ› Bug Fixes

    • โž• add Sqlite.Interop.dll to the project so it is part of the release