Gerrit 2.5.3 is now available:

There are no schema changes from any of the 2.5.x versions.

However, if upgrading from a version older than 2.5, follow the upgrade procedure in the 2.5 Release Notes.

Security Fixes

  • Patch vulnerabilities in OpenID client library

    Installations using OpenID for authentication were vulnerable to a number of attacks over the network. The openid4java client library was identified as the entry point. In this release Gerrit updated to the latest 0.9.8 release, which patches the known attack vectors.

No other changes since 2.5.2.