This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 249456

Summary: Upgrade JGit to 3.5.3 and fix a security issue
Product: versioncontrol Reporter: Ondrej Vrabec <ovrabec>
Component: GitAssignee: Ondrej Vrabec <ovrabec>
Status: RESOLVED FIXED    
Severity: normal CC: anebuzelsky, git, mmirilovic
Priority: P1    
Version: 8.0.2   
Hardware: PC   
OS: Windows 7   
Issue Type: DEFECT Exception Reporter:

Description Ondrej Vrabec 2014-12-19 11:58:12 UTC 
There was a security release of Git [1] and git-related libs - JGit [2] - yesterday. We should upgrade JGit both in Dev and in 8.0.2 in order to include the security fix.

[1] https://github.com/blog/1938-git-client-vulnerability-announced
[2] https://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html
Comment 1 Ondrej Vrabec 2014-12-19 13:38:47 UTC 
should not forget about http://mvnrepository.com/artifact/org.eclipse.jgit/org.eclipse.jgit.java7
Comment 2 Ondrej Vrabec 2014-12-19 13:51:54 UTC 
fix: http://hg.netbeans.org/core-main/rev/14c36244253b
Comment 3 markiewb 2014-12-20 10:10:24 UTC 
Good job Ondrej. Just in this moment I wanted to file an issue for this.
Comment 4 Quality Engineering 2014-12-21 06:07:33 UTC 
Integrated into 'main-silver', will be available in build *201412210001* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)

Changeset: http://hg.netbeans.org/main-silver/rev/14c36244253b
User: Ondrej Vrabec <ovrabec@netbeans.org>
Log: #249456 - Upgrade JGit to 3.5.3 and fix a security issue
Comment 5 Ondrej Vrabec 2015-02-16 14:41:14 UTC 
removing patch-cadidate KW: see #250448