GForge Advanced Server 6.0.1 Released!

We are releasing GForge Advanced Server 6.0.1 today which is a security and bugfix release which all customers are strongly encouraged to upgrade to.  To help aid customers in receiving timely information about security related issues and releases we have started a new mailing list you can you can subscribe to. We’ll continue to post information about all releases here but the mailing list will allow customers to receive timely updates about security updates without having to explicitly check our blog.

Here are the changes:

  • [#7368] On Docman, the default behaviour when the ‘Allow Unprivileged Upload’ setting doesn’t exists in the db is to deny uploads, however the plugin settings admin page will display that setting as enabled
  • [#7373] MyStuff keeps showing tracker data after the user has been removed from the (private) project
  • [#7393] In the front page, the news/blog posts are shown even if the plugin is disabled on a given project.
  • [#7401] SELinux prevents loading of ioncube when running install-gforge-1-deps.php
  • [#7413] Newer versions of git show “fatal: This operation must be run in a work tree” on the post-commit trigger
  • [#7419] FRS: Sorting list of files by package name could corrupt the rendering of the table
  • [#7425] Short php tags in plugins/userblog/wwwlib/index.php
  • [#7427] Docman: Setting a folder as public lets you download documents even if the project is private
  • [#7428] git: When deleting a remote branch, the deletion will succeed but an error message is shown
  • [#7450] Sanitize $_GET, $_REQUEST, $_POST and $_COOKIE parameters
  • [#7451] Gantt chart shows the arrows for dependent items backwards
  • [#7457] Git: commits are stored in the database with the push date instead of the commit date
  • [#7517] git: seems like pushing a new branch to the master repository re-parses the whole commit history
  • [#7521] Default user name regexp allows for backslashes to be used in user name
  • [#7522] The old SOAP api seems populate projects without checking permissions
  • [#7523] git: Tracker item -> commits tab shows whole commit hash
  • [#7541] Fatal error when deleting a user from a project
  • [#7544] Option for editing/deleting snippets only shows for site admin
  • [#7545] Make git commit email show the diff for the commit
  • [#7574] The query for not approved forum messages in the My page is inefficient
  • [#7638] svn’s pre_commit_checks script doesn’t output an error message on ACL error
  • [#7983] In sql update file 20111122.sql we use DROP TABLE IF EXISTS, which is only support starting from postgresql 8.2
  • [#8054] Unauthorized access to 250 usernames
  • [#8056] Unauthorized access to last 50 user login information
  • [#8057] Fix Vulnerability: SQL Query discloses database table, column information and password hash
  • [#8058] Fix Vulnerability: Cross-Site Scripting reported by Mateusz Krzeszowiec via Secunia SVCRP
  • [#8059] Login to application possible without administrators approval
  • [#8085] In centos6 php has been updated to 5.3.3, php eaccelerator has been compiled for php 5.3.2