3.5.12

Security

In a collaboration with GitHub Security Lab (big thanks to @artsploit 🤍) we've managed to resolve 3 vulnerabilities noticed in Reposilite:

• GHSL-2024-072
• GHSL-2024-073
• GHSL-2024-074

It is highly recommended to update your instances as soon as possible to mitigate the risks. For the time being, we're not revealing details on each one of them, but every instance running on versions between 3.3.0 to 3.5.11 should be considered as vulnerable.

We also recommend regenerating your access tokens, because those could be leaked via malicious Javadocs archives. As long as it's unlikely that you were affected, it's a general good practice in such cases.

Other changes

• Fixed invalid SHA checksums generated for files uploaded via the dashboard (thanks @laszlof)
• Bumped dependencies

Sponsors
Thanks to everyone who supported me this month 💜

Active GitHub Sponsors

milkyway0308, andrm, rdehuyss, joshuasing, insertt, GotoFinal, mcebular, Koressi, tipsy, Kamilkime, that-apex, SirEndii, crejk, Rollczi, Jan Bojarczuk

Minimal requirements

• Java 11+
• RAM 32MB

Downloads

• JAR: Reposilite 3.5.12 ~ from Reposilite 3.x based repository ʕ•ᴥ•ʔ
• Docker: Docker Hub - Reposilite $ docker pull dzikoysk/reposilite:3.5.12
• Docker: Docker - GitHub Registry - $ docker pull ghcr.io/dzikoysk/reposilite:3.5.12
• Helm: helm.reposilite.com