Changelog History
Page 1
-
v6.5.0 Changes
April 19, 201917 April 2019
๐ Security
๐ This is an important security release which addresses two vulnerabilities, and users should upgrade immediately, particularly if they permit anonymous or low-trust users access to any repository.
๐ AD users who have been avoiding 6.2.2 or later versions because of problems introduced in that release โฌ๏ธ should be safe to upgrade to this version, which removes that particular troublesome feature.
๐ We are grateful to the team at flab.cesnet.cz for the responsible disclosure of the vulnerabilities addressed by this release.
๐ Bugfixes
- Sanitise service name in calls to Git services (CVE-2019-11217)
- Prevent non-admin users maninpulating role membership (CVE-2019-11218)
-
v6.4.0 Changes
๐ 13 November 2017 (unreleased)
๐ Bugfixes
- โ Removed #710 feature introduced in 6.2.2 as it has proved unreliable
Other improvements
- โ Added IE-Edge meta tag #740 @CatStarwind
-
v6.3.0 Changes
5 September 2017
๐ Features
- ๐ Allow named users to browse anonymous repos for which they don't have explicit permission #708
- ๐ Allow custom CSS files #705
๐ Bugfixes
- ๐ Fix regression in 6.2.2 for certain domain configurations #731/#733
Other improvements
- โก๏ธ Update compiler used for pages #702
-
v6.2.2 Changes
28 August 2017
๐ Features
- ๐ Allow anonymous users to browse repos without credentials where permitted #710 / @jeffgaroutte
๐ Bugfixes
- Don't unescape Git passwords/usernames unnecessarily #704
- ๐ Improvements to AD domain handling #706
Other improvements
- Enable README display for all folders #713
- ๐ Turkish translation improvements #722
-
v6.2.1 Changes
22 May 2017
๐ This is identical to 6.2.0, but with corrected version numbering in the appveyor build.
-
v6.2.0 Changes
May 15, 201715 May 2017
๐ Features
- Broader search for AD domain #683
- ๐ง Reintroduce ActiveDirectoryDefaultDomain configuration item (helps #683)
๐ Bugfixes
- โช Revert Jwt library to v4.x to repair ADFS login #681
- ๐ง Reintroduce ActiveDirectoryDefaultDomain configuration item #685
Other improvements
- ๐ Permissions for unknown Windows users are set more sensibly when using internal membership #687
- ๐ pt-BR translation improvements #678
- ๐ All logging now moved to new app_data\logs files
-
v6.1.0
April 18, 2017 -
v6.0.0 Changes
March 29, 201729 March 2017
Compatibility issues
- This version adds column to several tables in the database. This makes it incompatible with previous versions of Bonobo. Please ensure that you have a โก๏ธ backup of your App_Data folder before you update.
๐ Features
- A new global option allows a repository to be created by pushing at a non-existent repo name #504
- Repositories do not need to have an explicit repository administator #505
- ๐ Allow push for anonymous user can now be set on a per repo basis
- Repository details screen now has copy-to-clipboard buttons for Git URLs #453
- 'Rescan' button on Repository index screen allows new file-system repos to be discovered without restarting application #454
- *.ts and *.json formatting support for file display #455
- ๐ New diagnostic page at /home/diagnostics to help with support
- Claims names are now more consistent with typical ADFS usage #488
- ๐ Added following environment variables:
AUTH_USER_TEAMS
,AUTH_USER_ROLES
, andAUTH_USER_DISPLAYNAME
. See the FAQ for more information. #495 - The linkify option for commit messages can now be set on a per repo basis
- Verifies that username, repository and team names are unique as you type them
- Verifies as you type regex entered for linkification
- โ Added icons to repository listing indicating anonymous push/pull status
๐ Bugfixes
- NullReferenceException in EFRepositoryPermissionService HasPermission #441
- Inconsistent repo name case-sensitivity (now consistently case-insensitve) #443
- Correct error reported to Git clients for access to non-existent repo #447
- ๐ง Bonobo can start enough to allow access to settings if git directory is mis-configured #451
- Bonobo doesn't run on systems with particular machine.config RoleManager settings #486
- The repository logo was not visible in all views
- ๐ Fixed inability to browse folders in branches other then master #541
Code improvements
- โ Addition of automated test framework for testing web application
- Rework of repository permissions Code #492
- Abort startup if
BinaryGUID=False
is not set in Sqlite connections. - ๐ Improved exception handling in GitController #444
- โฌ๏ธ Upgrade all web.config files to MVC5 #457
- โก๏ธ Password salt now randomly generated at password update #462
- ๐ Resharper settings provided so that Resharper suggested style matches project #465
- ๐ UserModel and User entity class name properties made more consistent #470
- Far fewer catch-all claueses silently swallowing exceptions
- โก๏ธ Updated jQuery and associated js code to 1.12.4 #586
-
v5.2 Changes
March 16, 201617 March 2016
๐ Security
๐ This is an important security release adding a CSRF protection to POST actions in the app. Also, it fixes a token validation on password reset function and adds the CSRF protection there as well.
- โ add form antiforgery protection - Will Dean
-
v5.1.1 Changes
March 09, 201612 January 2016
๐ Bug Fixes
- โ add Sqlite.Interop.dll to the project so it is part of the release