Today, we are pleased to announce the availability of new version of Scala based Git centric software development platform GitBucket 4.25.0!

Security improvements

Previous versions of GitBucket have some security issues explained in GitBucket 4.23.1 Unauthenticated Remote Code Execution by Kacper Szurek.

Already remote code execution vulnerability issue had been fixed in GitBucket 4.24.0, and also weakness of security token has been fixed in this release. Precended report from Kacper helped us to fix these issues quickly. Thanks for his work.

Furthermore, for more security improvement, PBKDF2 is used for password hashing instead of SHA-1 since this release.

Show mail address at the profile page

User’s Mail address can be displayed at the profile page. This can be turned on / off by system configuration.

Profile page

Task list on commit comments

Now task list is available on commit comments as well:

Task list on the commit comment

More detailed editing history of issues and pull requests

Editing title is now recorded as the history of issues and pull requests.

Issue history

Expose user public keys

User public keys are exposed at the new endpoint: /{user}.keys

Download repository improvements

Downloading repository contents now has following new abilities:

  • Includes LFS files as well
  • Allows to download a specific directory
  • Until now, the downloaded filename was like {branch}.zip. Now it contains a repository name and a directory name as {repository}-{branch}-{directory}.zip. (If you download a root directory, the filename is {repository}-{branch}.zip.)

In addition, this release contains some improvements and bug fixes. See all closed issues in this release to know details.

Enjoy GitBucket!