The 2.20.6 update is a security update, fixing several CVEs in underlying software, fixing a few bugs and applying OS package upgrades.
Security Fixed
- HIGH: OpenSSL has been updated to address CVE-2020-1967.
- HIGH: Git has been updated to address CVE-2020-5260 and CVE-2020-11008. New restrictions prevent malicious repositories from being pushed to the server instance, protecting clients which have not yet been patched.
- LOW: ImageMagick has been updated to address CVE-2019-10131.
Notable Bug Fixes
- The git user lacked permissions to invoke the processes required to convert existing repositories using Subversion from the v4 format to v3 LRS.
- A CODEOWNERS file with a leading UTF-8 Byte Order Mark would cause all codeowner rules to be ignored
We will be applying the patch at 5:00 PM EST on May 1st.