Gitorious v2.4.12 is released (security update)

Three new vulnerabilities have been fixed for Ruby on Rails, on which Gitorious is built. Read the original Ruby on Rails sec-list announcements for further details.

The steps for upgrading are, as usual (from within the root gitorious clone/source directory):

git fetch --tags

git merge v2.4.12

git submodule update --init

bundle install

We advise all users running their own Gitorious servers to upgrade immediately. Note that the Gitorious Community Edition installer has also been updated to install v2.4.12 now.

2 Comments

  1. Andrew
    Posted May 22, 2013 at 3:06 pm | Permalink

    Don’t forget to tag these as releases or they won’t show up in the releases list (which is what google takes you to if you search for gitorious release).

    http://gitorious.wordpress.com/category/release/

  2. Aleksey Portnov
    Posted March 21, 2014 at 10:40 am | Permalink

    1) At first, I’ve fetch all objects
    git fetch –all
    Fetching origin
    remote: Counting objects: 7, done.
    remote: Compressing objects: 100% (4/4), done.
    remote: Total 4 (delta 3), reused 0 (delta 0)
    Unpacking objects: 100% (4/4), done.
    From git://gitorious.org/gitorious/mainline
    cac70e7..4071ca6 master -> origin/master

    2) Then made pull
    $ git pull
    U .gitmodules
    M AUTHORS
    U Gemfile
    U Gemfile.lock
    [skiped]
    U test/unit/project_test.rb
    U test/unit/user_test.rb
    Pull is not possible because you have unmerged files.
    Please, fix them up in the work tree, and then use ‘git add/rm ‘
    as appropriate to mark resolution, or use ‘git commit -a’.

    3) Now I’ve got
    $ git status
    # On branch master
    # Your branch is behind ‘origin/master’ by 1 commit, and can be fast-forwarded.
    #
    # Changes to be committed:
    #
    # modified: AUTHORS
    # modified: app/helpers/blobs_helper.rb
    # new file: lib/gitorious/project_xml_serializer.rb
    # modified: lib/tasks/mirrorrepos.rake
    # new file: public/javascripts/lib/bane
    # new file: public/javascripts/spacer.js
    # modified: test/functional/api/graphs_controller_test.rb
    # modified: test/functional/projects_controller_test.rb
    # modified: test/functional/sessions_controller_test.rb
    #
    # Unmerged paths:
    # (use “git add/rm …” as appropriate to mark resolution)
    #
    # both modified: .gitmodules
    # both modified: Gemfile
    # both modified: Gemfile.lock
    # both modified: app/controllers/blobs_controller.rb
    # both modified: app/controllers/groups_controller.rb
    # both modified: app/controllers/projects_controller.rb
    # both modified: app/controllers/sessions_controller.rb
    # both modified: app/controllers/users_controller.rb
    # both modified: app/helpers/application_helper.rb
    # both modified: app/helpers/comments_helper.rb
    # deleted by us: app/helpers/graphs_helper.rb
    # both modified: app/helpers/groups_helper.rb
    # both modified: app/models/comment.rb
    # both modified: app/models/committership.rb
    # both modified: app/models/email.rb
    # both modified: app/models/group.rb
    # deleted by us: app/models/hook.rb
    # both modified: app/models/merge_request.rb
    # both modified: app/models/project.rb
    # both modified: app/models/site.rb
    # both modified: app/models/ssh_key.rb
    # both modified: app/models/user.rb
    # deleted by us: app/models/user_observer.rb
    # both modified: app/processors/push_processor.rb
    # deleted by us: app/processors/web_hook_processor.rb
    # both modified: app/views/groups/index.html.erb
    # deleted by us: app/views/layouts/_common_head.html.erb
    # both modified: app/views/layouts/application.html.erb
    # both modified: app/views/projects/index.html.erb
    # both modified: app/views/repositories/_getting_started.html.erb
    # both modified: app/views/sessions/new.html.erb
    # both modified: app/views/users/show.html.erb
    # both modified: bin/bundle
    # both modified: bin/setup.rb
    # both modified: config/authentication.sample.yml
    # both modified: config/environment.rb
    # both modified: config/gitorious.sample.yml
    # both modified: config/locales/en.rb
    # both modified: config/locales/es.rb
    # both modified: config/locales/fr.rb
    # both modified: config/locales/pt-BR.rb
    # both modified: data/hooks/post-receive
    # both modified: lib/gitorious.rb
    # both modified: lib/gitorious/authentication/configuration.rb
    # both added: lib/gitorious/custom_hook.rb
    # both modified: lib/gitorious/git_shell.rb
    # added by them: lib/gitorious/ssh/pre_receive_guard.rb
    # deleted by us: public/javascripts/gitorious/jquery.js
    # deleted by us: public/javascripts/lib/capillary
    # deleted by us: public/stylesheets/base.css
    # both modified: script/gitorious
    # both modified: test/functional/blobs_controller_test.rb
    # both modified: test/functional/groups_controller_test.rb
    # both modified: test/unit/helpers/application_helper_test.rb
    # both modified: test/unit/helpers/blobs_helper_test.rb
    # deleted by us: test/unit/hook_test.rb
    # deleted by us: test/unit/lib/gitorious/authentication/configuration_test.rb
    # deleted by us: test/unit/lib/gitorious/git_shell_test.rb
    # deleted by us: test/unit/lib/pre_receive_guard_test.rb
    # both modified: test/unit/processors/push_processor_test.rb
    # deleted by us: test/unit/processors/web_hook_processor_test.rb
    # both modified: test/unit/project_test.rb
    # both modified: test/unit/user_test.rb
    #
    # Changes not staged for commit:
    # (use “git add …” to update what will be committed)
    # (use “git checkout — …” to discard changes in working directory)
    #
    # modified: config/boot.rb
    # modified: config/environments/production.rb
    # modified: public/ui3 (new commits)
    #

    4) What should I do now? I did not plan to make changes in your code, I just planned to upgrade to new version.


Post a Comment

Required fields are marked *

*
*

Follow

Get every new post delivered to your Inbox.

Join 728 other followers

%d bloggers like this: