Gerrit 2.2.2.2 is now available:

There are no schema changes from 2.2.2, or 2.2.2.1.

However, if upgrading from anything earlier, follow the upgrade procedure in the 2.2.2 ReleaseNotes.

Security Fixes

  • Some access control sections may be ignored

    Gerrit sometimes ignored an access control section in a project if the exact same section name appeared in All-Projects. The bug required an unrelated project to have access.inheritFrom set to All-Projects and be accessed before the project that has the same section name as All-Projects. This is an unlikely scenario for most servers, as Gerrit does not normally set inheritFrom equal to All-Projects. The usual behavior is to not supply this property in project.config, and permit the implicit inheritance to take place.