Blog

News and posts from the SCM-Manager team

LDAP plugin account hijacking vulnerability

Posted on 2025-05-22 by Anna Vetcininova


Hello SCM-Manager Community,

In our previous post, we addressed a vulnerability in the CAS plugin. During our follow-up review, we discovered the same issue in the LDAP plugin.

We’ve released an update that not only patches this vulnerability but also enhances overall access…


Posted in scm-manager, security


CAS plugin account hijacking vulnerability

Posted on 2025-05-21 by Florian Scholdei


Hey SCM-Manager Community,

we have discovered a vulnerability in the CAS plugin that could potentially lead to unauthorized access to user accounts. Under certain conditions, it would have been possible to perform actions on behalf of other users. We immediately reworked the…


Posted in scm-manager, security


SCM-Manager 3.8.0

Posted on 2025-04-17 by Thomas Zerr


Dear SCM-Manager Community,

today we released version 3.8.0 of the SCM-Manager. In this release cycle, we focused on finishing the implementation for the SQLite support mentioned in our previous blog post here. We also reimplemented parts of the Pushlog Plugin, so it now uses…


Posted in scm-manager, release, plugins


JWT Configuration and SQLite Support

Posted on 2025-03-11 by Florian Scholdei


With the next minor release, we are introducing some exciting changes, particularly regarding JWT (JSON Web Token) configuration and Javadoc. We would also like to give you an outlook on what lies ahead regarding SQLite.

JWT – Flexible Lifetime Configuration

You will be able to…


Posted in scm-manager


SCM-Manager 3.7.0

Posted on 2025-01-24 by Thomas Zerr


Dear SCM-Manager Community,

today we released the new version of the SCM-Manager 3.7.0. In this release cycle, we focused on improving the handling of git repositories by optimizing the performance of git modifications via UI and enabling the usage of partial clones and fetches…


Posted in scm-manager, release, plugins


Potential leak of password details in trace log

Posted on 2025-01-17 by René Pfeuffer


We found a potential risk that could reveal details about user passwords in the trace log. Passwords or parts of them have never been logged in plain text, though.

To fix this issue, we released new versions of SCM-Manager:

  • 2.46.5 (a fix for a slightly older version)
  • 2.48.4 (for those who do not want to update to 3.x yet)
  • 3.6.1 (the fix for the latest version)

Posted in release, security, scm-manager


SCM-Manager 3.6.0

Posted on 2024-12-06 by Thomas Zerr


Dear SCM-Manager Community,

today we released the new version of the SCM-Manager 3.6.0. In this release cycle, we focused on improving upon already implemented features. For example, we worked on the layout of the changeset and diff view, the editing experience of markdown…


Posted in scm-manager, release, plugins


SCM-Manager 3.5.0

Posted on 2024-10-10 by Thomas Zerr


Dear SCM-Manager Community,

today we released the new version of the SCM-Manager 3.5.0. In this release cycle, we continued on improving the user experience of working with pull requests and changesets. Furthermore, this release also provides new features and bugfixes in the core…


Posted in scm-manager, release, plugins


SCM-Manager 3.4.0

Posted on 2024-08-22 by Thomas Zerr


Dear SCM-Manager Community,

today we released the new version of the SCM-Manager 3.4.0. In this release cycle we put a huge emphasis on improving the user experience of working with pull requests and changesets. Additionally this release contains multiple new features and various…


Posted in scm-manager, release, plugins


SCM-Manager 3.3.0 and an important vulnerability bugfix

Posted on 2024-07-08 by Thomas Zerr


Dear SCM-Manager Community,

today we released the new version of the SCM-Manager 3.3.0. This release focuses primarily on an important vulnerability bugfix, that prevents users from escalating their privileges in a namespace of repositories. Additionally, some new features and…


Posted in scm-manager, release, security