We encountered NullPointerExceptions during hg repository imports. This happened, when neither authentication nor proxy definions had been given. In this case, no hgrc will be created and therefore we get the exception in the clean-up step. Now, the clean-up is only triggered, if the hgrc had been created beforehand.
To prevent further error in the clean-up, we no catch other potential exceptions and log them but do not let them break the import.
Pushed-by: Rene Pfeuffer<rene.pfeuffer@cloudogu.com>
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
With this change,
- logs are only written to console when the server is started in foreground (prevents writing to scm-server.out file)
- the location of the log file is determined correctly, when it is configured with a relative path
- less logs are written to console on startup
- enabling file and console appenders via config.yml
Fix legacy-swc-helpers vulnerability, by reducing the scope of the react-aria library to a minimum
Co-authored-by: Thomas Zerr<thomas.zerr@cloudogu.com>
Pushed-by: Thomas Zerr<thomas.zerr@cloudogu.com>
The BaseReceivePackFactory re-used the GitReceiveHook. The problem is, that the hook is not thread safe. Due to the re-usage, the repository could have been changed during processing post receive hooks. With this, the factory will always create a new receive pack.
Pushed-by: Rene Pfeuffer<rene.pfeuffer@cloudogu.com>
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
Committed-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
This fixes the following security issue: If a user creates a new repository in a namespace this user had no permission to read any repository from, the user gets OWNER permissions on this namespace and all other permissions are removed from this namespace.
Pushed-by: Rene Pfeuffer<rene.pfeuffer@cloudogu.com>
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
Committed-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
A notification will be displayed when an external user
management system is activated to inform that users
created within the SCMM will not be transferred to the
external system.
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
This prevents errors in exporters (like the trace plugin) to escalate. In a specific case it could happen, that due to the cas plugin and the trace plugin the login failed when the trace file for cas was corrupt, because the trace monitor filed to log the cas request and threw an exception due to which the whole login process through cas was blocked.
Pushed-by: Rene Pfeuffer<rene.pfeuffer@cloudogu.com>
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
The sub repositories did not show up in the source view. This fixes python errors for the computation of sub repositories in hg.
Pushed-by: Rene Pfeuffer<rene.pfeuffer@cloudogu.com>
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
