A Git/Mercurial security vulnerability was released today. Issue deals with path normalization and character folding. It isn't clear that deploying 3.2.3 to the server will prevent malicious pushes. But having 3.2.3 on the server is still a good idea, to prevent us from client-side exposure to the issue.
hg.mozilla.org is now running 3.2.3. That was easy.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.