Bonobo Git Server v6.5.0 Release Notes

Release Date: 2019-04-19 // over 2 years ago
  • 17 April 2019

    ๐Ÿ”’ Security

    ๐Ÿš€ This is an important security release which addresses two vulnerabilities, and users should upgrade immediately, particularly if they permit anonymous or low-trust users access to any repository.

    ๐Ÿš€ AD users who have been avoiding 6.2.2 or later versions because of problems introduced in that release โฌ†๏ธ should be safe to upgrade to this version, which removes that particular troublesome feature.

    ๐Ÿš€ We are grateful to the team at flab.cesnet.cz for the responsible disclosure of the vulnerabilities addressed by this release.

    ๐Ÿ›  Bugfixes

    • Sanitise service name in calls to Git services (CVE-2019-11217)
    • Prevent non-admin users maninpulating role membership (CVE-2019-11218)

Previous changes from v6.2.0

  • 15 May 2017

    ๐Ÿ”‹ Features

    • Broader search for AD domain #683
    • ๐Ÿ”ง Reintroduce ActiveDirectoryDefaultDomain configuration item (helps #683)

    ๐Ÿ›  Bugfixes

    • โช Revert Jwt library to v4.x to repair ADFS login #681
    • ๐Ÿ”ง Reintroduce ActiveDirectoryDefaultDomain configuration item #685

    Other improvements

    • ๐Ÿ Permissions for unknown Windows users are set more sensibly when using internal membership #687
    • ๐ŸŒ pt-BR translation improvements #678
    • ๐Ÿšš All logging now moved to new app_data\logs files