- [Security fix] Fix that AdvertiseRefsHook was not called for git-upload-pack in protocol v0 stateless transports, meaning that in Gerrit using AdvertiseRefsHook for validation wants were not validated and a user could fetch anything that is pointed to by any ref (using fetch-by-sha1), as long as they could guess the object name.
- Retry stale file handles on .git/config file to prevent stale file handle exceptions on NFS
Build and Release Engineering
- Replace Findbugs with Spotbugs
Monday, December 24, 2018
Service release (bug fixes only)