News and posts from the SCM-Manager team

XML-Parser Expat (CVE-2022-23852)

Posted on 2022-02-02 by Eduard Heimbuch

Hey SCM-Manager Community,

Maybe you have heard about a new vulnerability regarding Expat which is likely as dangerous as Log4Shell.

The SCM-Manager is only affected if you have the PlantUML-Plugin installed. We highly recommend uninstalling this plugin until we can provide a fixed version. If your SCM-Manager is running inside the Cloudogu Ecosystem you also need to take down the PlantUML Dogu

Posted in scm-manager, security

SCM-Manager 2.30.0

Posted on 2022-01-24 by Eduard Heimbuch

Hey SCM-Manager Community,

you may have read our last blog post warning you about a Path Traversal vulnerability in SCM-Manager. If you haven't already, please update your instance to the latest SCM-Manager version as soon as possible to fix this issue.


We have already…

Posted in scm-manager, release, security

Path Traversal Vulnerability

Posted on 2022-01-17 by René Pfeuffer

Hey SCM-Manager Community,

thanks to an attentive user, we got notice of a path traversal vulnerability in SCM-Manager. Affected are all versions from 2.0.0 up to 2.29.0.

We released a hotfix 2.29.1.

Update now!

Your SCM-Manager Team

Posted in scm-manager, release, security

SCM-Manager - Recap 2021

Posted on 2022-01-03 by Eduard Heimbuch

Hey SCM-Manager Community,

It's the first Monday of the new year, and we just started working on the next major features to improve your SCM-Manager experience. But before going forward we wanted to do a little recap and share our SCM-Manager highlights of 2021.


We had 1…

Posted in scm-manager, release

SCM-Manager 2.28.0

Posted on 2021-12-23 by René Pfeuffer

Hey SCM-Manager Community,

some time has passed since 2.27.0, and the hassle around log4shell brought us some bugfix releases (because we use logback and not log4j, we had some less severe issues in SCM-Manager). But now it is time for a new feature release 2.28.0.

Branch Details

Posted in scm-manager, release


Posted on 2021-12-13 by René Pfeuffer

Hey SCM-Manager Community,

We're sure you've heard about the vulnerability in log4j called Log4Shell. As far as we can say, SCM-Manager is not affected by this, because log4j is not used in SCM-Manager (for logging, we use Logback).

However, if you have installed plugins from external sources, you can check whether log4j is used somewhere by running this little script using the script plugin

Posted in scm-manager, security, release

SCM-Manager 2.27.0

Posted on 2021-11-17 by Eduard Heimbuch

Hey SCM-Manager Community,

once again we improved the accessibility by cleaning up our html structure and improve the screen reader support. Besides, we also created two new plugins which may be useful for your workflows with SCM-Manager.

Gotenberg Plugin

Some weeks ago we learned about Gotenberg as an easy-setup, powerful server to convert office binary files like docx, xlsx and pptx to pdf. We created the Gotenberg Plugin to integrate this…

Posted in scm-manager, release

Java 11

Posted on 2021-11-11 by René Pfeuffer

Hey SCM-Manager Community,

Java 8 has been around for quite a long time now and it has served SCM-Manager quite well. But everything has come to an end.

So today we are here to tell you, that we will quit support for Java 8 in March 2022. We chose this date, because according to Oracle the support for Java 8 will end then, too. So, if you still run SCM-Manager on Java 8, you should start your transition to Java 11, which will…

Posted in scm-manager, administration

SCM-Manager 2.26.0

Posted on 2021-11-05 by René Pfeuffer

Hey SCM-Manager Community,

we would like SCM-Manager to be accessible for as many users as possible. We aren't there, yet, but we have taken some major steps. Maybe the most obvious one: You can change your theme.


As well as it might seem so, our first goal was not…

Posted in scm-manager, release

SCM-Manager v1 Plugin Center

Posted on 2021-10-27 by Sebastian Sdorra

Hello SCM-Manager Community,

On June 04, 2020 we released SCM Manager v2 in the first stable version. That was 510 days ago. Today we decided to shutdown the PluginCenter for version 1 on April 30, 2022, and we also disabled access via http today.

What does this mean for running…

Posted in scm-manager, plugin-center, v1