pure java git solution
APACHE-2.0 License
Bot releases are hidden (Show)
The 1.9 minor version is the last to support Java 7. From 1.10 on Gitblit will require Java 8.
!! IMPORTANT SECURITY FIX FOR CONFIG USER SERVICE !!
There is a security vulnerability in version 1.9.2, which allows an attacker to gain
elevated access rights. This is present when the Config User Service is used as the
user service, which is the default.
Version 1.9.2 introduced a new implementation to store user data in the user config file
which holds user name, password, access rights etc. This was done to solve problems with
very large user bases (PR #1364). This new implementation does not properly escape all
control characters, like newline and tab. As a result, a normal user, when logged into
Gitblit, can edit his profile data and enter values in e.g. the email address that are
interpreted as control characters in the text file stored on disk. This allows the malicious
user to give themselves e.g. elevated access rights on their account.
This is fixed in 1.9.3. Updates of existing installations should be made to 1.9.3, not 1.9.2.
Many thanks to Github user @YYHYlh for finding and reporting this issue (issue #1410).
Published by flaix over 2 years ago
The 1.9 minor version is the last to support Java 7. From 1.10 on Gitblit will require Java 8.
Published by flaix over 4 years ago
When you have Gitblit installed as a service under Linux or Windows, you may need to edit your service script/definition. The command line to start Gitblit needs to be different, the classpath and class are speficied now.
See notes for release 1.9.0.
!! IMPORTANT BUG FIX FOR PASSWORD HASH UPGRADE !!
There is a severe bug in version 1.9.0, which can lock users out from their accounts.
When updating from a previous version to 1.9.0, existing stored passwords are rehashed
with a more secure password hash mechanism when a user first logs in after the update.
This happens when the password hashing mechanism was left at default and not specifically
set in the configuration. An error in the implementation will destroy the stored password
instead and the user can no longer log in.
Only certain circumstances will lead to this wrong behaviour. It will most likely
affect users of the Gitblit Docker container. If you did not encounter any problems,
update to 1.9.1 to be on the safe side. If you were hit by this bug, we are deeply sorry.
There is no way to fix the affected accounts other than to set a new password.
This is fixed in 1.9.1. Updates of existing installations should be made to 1.9.1, not 1.9.0.
-cp
parameter instead of -jar
.Published by flaix over 4 years ago
Gitblit uses Servlet 3.0 and thus drops support for Tomcat 6. Run on Tomcat 6 at your own risk.
With the update to Lucene 5.5.2 reindexing of the tickets is necessary. This is done automatically during the first server start after an upgrade. Depending on the amount of tickets you have, this could take a little while. The old index is kept, so that a downgrade is still possible without losing information. The old index can be deleted, when a downgrade is no longer required.
The interface for the ITicketService changed. If you have your own derived implementation, rename start
to onStart
. (see commit 63dbdfda)
To support Java 9+, Gitblit can no longer load JARs from the 'ext' folder by itself. In order to include the folder, it needs to be added to the classpath explicitly by changing the command line. Check the new start scripts to see the new required command line.
The 1.9 minor version will be the last to support Java 7. From 1.10 on Gitblit will require Java 8.
When the realm.ldap.bindpattern
property is set, GitBlit will only bind as the user to LDAP, not to a manager account or anonymously.
Older password storage mechanisms are deprecated, PBKDF2 is the new default. When you switch from plaintext to a hashed scheme, or from the older hashed to the new PBKDF2 scheme, the stored password of a user will be rehashed with the more secure mechanism when the user logs in.
Highlights:
* Collapsible and nested repository groups on the repositories page
* Runs on Java 11
* Retrieve SSH keys from LDAP
* User language preference
* Option to merge ticket branches fast-forward or with merge commit
ext
directory to the classpath on the command-line to start Gitblit and related programs.clone.bundle
is unsupported instead of simply failingPublished by gitblit about 11 years ago
Release highlights include:
Gitblit GO for Windows: gitblit-1.3.2.zip
Gitblit GO for Linux/OSX: gitblit-1.3.2 tar.gz
Gitblit WAR for your servlet container: gitblit-1.3.2.war
Gitblit Express for RedHat OpenShift cloud hosting: express-1.3.2.zip
Gitblit Manager is a Java/Swing app for remote administration of your server: manager-1.3.2.zip
Gitblit API is a library package for integrating Gitblt administration into your own app: gbapi-1.3.2.zip
Published by gitblit about 11 years ago
Release highlights include:
Gitblit GO for Windows: gitblit-1.3.1.zip
Gitblit GO for Linux/OSX: gitblit-1.3.1.tar.gz
Gitblit WAR for your servlet container: gitblit-1.3.1.war
Gitblit Express for RedHat OpenShift cloud hosting: express-1.3.1.zip
Gitblit Manager is a Java/Swing app for remote administration of your server: manager-1.3.1.zip
Gitblit API is a library package for integrating Gitblt administration into your own app: gbapi-1.3.1.zip
Published by gitblit over 11 years ago
Release highlights include:
Gitblit GO for Windows: gitblit-1.3.0.zip
Gitblit GO for Linux/OSX: gitblit-1.3.0.tar.gz
Gitblit WAR for your servlet container: gitblit-1.3.0.war