Author: René Pfeuffer

We found a potential risk that could reveal details about user passwords in the trace log. Passwords or parts of them have never been logged in plain text, though.

To fix this issue, we released new versions of SCM-Manager:

• 2.46.5 (a fix for a slightly older version)
• 2.48.4 (for those who do not want to update to 3.x yet)
• 3.6.1 (the fix for the latest version)
…

Dear SCM-Manager Community,

today we released the new version of the SCM-Manager 2.48.0 (to be honest, it's 2.48.1 due to a small bug in the ui). For some of you, the most important new feature comes with an new plugin: The Custom Storage Plugin.

Custom Storage Plugin

With…

Dear SCM-Manager Community,

apart from some new features and bugfixes, we focused on the UI performance of SCM-Manager in the last weeks and we would love to get feedback for this. So keep on reading and check out, whether you can improve your experience.

Performance

To be honest, the increased number of plugins slowed down SCM-Manager a bit when there are many repositories to handle. Especially the landing page could take a while to load. So…

Dear SCM-Manager Community,

you haven't heard of us for two months now, but we haven't been idle all the time. Last week, we released version 2.41.0 of SCM-Manager with two features requested by you, our community.

Configurable repository list

Some of you want to change the amount of repositories on the startup page or hide archived repositories. You can do this now with the Landingpage Plugin. If you have not taken a look at it before, now it is the time to do so. Besides the ability to change the page size or to hide archived repositories, it can also show the latest activities, information…

Hi SCM-Manager Community,

with the new release of SCM-Manager we made some significant changes we have to tell you about. Most importantly, if you still use Java 8, now is the time to update your system.

Java 11

From version 2.35.0 on, SCM-Manager has to be run at least with Java…

Hey SCM-Manager Community,

thanks to an attentive user, we got notice of a path traversal vulnerability in SCM-Manager. Affected are all versions from 2.0.0 up to 2.29.0.

We released a hotfix 2.29.1.

Update now!

Your SCM-Manager Team

Hey SCM-Manager Community,

some time has passed since 2.27.0, and the hassle around log4shell brought us some bugfix releases (because we use logback and not log4j, we had some less severe issues in SCM-Manager). But now it is time for a new feature release 2.28.0.

Branch Details

…

Hey SCM-Manager Community,

We're sure you've heard about the vulnerability in log4j called Log4Shell. As far as we can say, SCM-Manager is not affected by this, because log4j is not used in SCM-Manager (for logging, we use Logback).

However, if you have installed plugins from external sources, you can check whether log4j is used somewhere by running this little script using the script plugin…

Hey SCM-Manager Community,

Java 8 has been around for quite a long time now and it has served SCM-Manager quite well. But everything has come to an end.

So today we are here to tell you, that we will quit support for Java 8 in March 2022. We chose this date, because according to Oracle the support for Java 8 will end then, too. So, if you still run SCM-Manager on Java 8, you should start your transition to Java 11, which will…

Hey SCM-Manager Community,

we would like SCM-Manager to be accessible for as many users as possible. We aren't there, yet, but we have taken some major steps. Maybe the most obvious one: You can change your theme.

Accessibility

As well as it might seem so, our first goal was not…