From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Fri, 3 Aug 2018 17:12:29 +0200
Subject: [ANNOUNCE] CGIT v1.2.1 Released
In-Reply-To: <153100f1c232fcdc@frisell.zx2c4.com>
References: <153100f1c232fcdc@frisell.zx2c4.com>
Message-ID: <CAHmME9pno68VMG+sHdujC5RoHLmdTGA-s3BgAQKcVK4ffEjeSg@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi folks,

CGit 1.2.1 is now available. It contains an important security fix and
everybody should update immediately.

== CGit on the Web ==

* homepage: https://git.zx2c4.com/cgit/about/
* git repository: https://git.zx2c4.com/cgit/
* git clone: git://git.zx2c4.com/cgit
* mailing list: cgit at lists.zx2c4.com
* mailing list subscribe: https://lists.zx2c4.com/mailman/listinfo/cgit

== ChangeLog v1.2.1  ==

6 files changed, 465 insertions(+), 39 deletions(-)

Notable Changes:

* The authentication filters have been revamped, and a new one using
  file-based access lists has been added.

* A bug fix for the cached rc file for the snapshot-prefix.

* A fix for a critical directory traversal vulnerability, when
  `enable-http-clone=1` is not turned off, discovered by Jann Horn.
  This is pretty nasty and all users must update immediately.

This release contains commits from: Jason A. Donenfeld and Konstantin
Ryabitsev.

== Downloading ==

This release is available in compressed tarball form here:
https://git.zx2c4.com/cgit/snapshot/cgit-1.2.1.tar.xz
SHA2-256: 3c547c146340fb16d4134326e7524bfb28ffa681284f1e3914bde1c27a9182bf
BLAKE2b-256: f6c9a6fe59d3f157da835c6bc36d58f9389cc6cdbc7bbbf6bfa65be0c5ad323c

A PGP signature of that file decompressed is available here:
https://git.zx2c4.com/cgit/snapshot/cgit-1.2.1.tar.asc
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

Enjoy,
Jason
-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAltkcI4QHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4Drr+tD/9+yR0QQfQtJiEBFEyDUsjMdRX/kcaMh7TV
mj4B00LH+JF9MWgR2PDh7QeiSrVa/L3TaT9VmqyU3GyKuLzNOowuNGKErlve9w9a
ylW/mFuksoTylkWaty4fYj8r+ZMiyaZNhVDG5fw8LdYsx2ltwhXAzkTooYqWEA9y
G02G2VbslvOZzG+etvUWrDFlkO/LLdkyaN/ezhIETBI6WCA8B6CQw57829NSp9AA
DEysh4cIOBihbSEya95l/5U5kZ2rnpqmmbbdUYkoVW0uKuhDKz+X3oyDvZuZctQ1
UbbruPa2s9K1z5bSL5aPTFayr7i26qDTyYVsdx8gkJVv24xDuVWwu70KqJC54Bhm
ZHJNb5iQ1LnCIsrj74z4TU1bcqvKy7t/Kk3aW0+KE2koFew2KelMS3oGcEMTTSl2
Skr5GZGuHgSq3XpZZ5bPbJj/wZ9a/+FzEkFgGzwHRiBwXHoMFPVdADiUYhl+fcgj
W23Iewe/qh5Ygsj2KH3p4J5WWqfLwCJ3aXQsDu+qijuXFo5ye1U/SoEjqIjTRIF1
cqT+d5IW/aSp2JaIjb/LVs1j0iNqU2jNgRyKx+RtVALProLwWvg0NGY3rf8RUVff
sY5OEXGWnLQBVuY/ttuEqWtfTGVi/pa8pSCJ2rWpOHtbLFJX8WCcCZYJvltYGMSk
rKvAEIc8Gw==
=D1Bi
-----END PGP SIGNATURE-----