This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 249456 - Upgrade JGit to 3.5.3 and fix a security issue
Summary: Upgrade JGit to 3.5.3 and fix a security issue
Status: RESOLVED FIXED
Alias: None
Product: versioncontrol
Classification: Unclassified
Component: Git (show other bugs)
Version: 8.0.2
Hardware: PC Windows 7
: P1 normal (vote)
Assignee: Ondrej Vrabec
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-19 11:58 UTC by Ondrej Vrabec
Modified: 2015-02-16 14:41 UTC (History)
3 users (show)

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ondrej Vrabec 2014-12-19 11:58:12 UTC 
There was a security release of Git [1] and git-related libs - JGit [2] - yesterday. We should upgrade JGit both in Dev and in 8.0.2 in order to include the security fix.

[1] https://github.com/blog/1938-git-client-vulnerability-announced
[2] https://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html
Comment 1 Ondrej Vrabec 2014-12-19 13:38:47 UTC 
should not forget about http://mvnrepository.com/artifact/org.eclipse.jgit/org.eclipse.jgit.java7
Comment 2 Ondrej Vrabec 2014-12-19 13:51:54 UTC 
fix: http://hg.netbeans.org/core-main/rev/14c36244253b
Comment 3 markiewb 2014-12-20 10:10:24 UTC 
Good job Ondrej. Just in this moment I wanted to file an issue for this.
Comment 4 Quality Engineering 2014-12-21 06:07:33 UTC 
Integrated into 'main-silver', will be available in build *201412210001* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)

Changeset: http://hg.netbeans.org/main-silver/rev/14c36244253b
User: Ondrej Vrabec <ovrabec@netbeans.org>
Log: #249456 - Upgrade JGit to 3.5.3 and fix a security issue
Comment 5 Ondrej Vrabec 2015-02-16 14:41:14 UTC 
removing patch-cadidate KW: see #250448