Security problem, there is possible to get a content of commits if known repositories name. Not needed authorized user, access is free!

[gitblit]

Originally reported on Google Code with ID 545

What steps will reproduce the problem?
1. You can try it with fully secured repository in gitblit, that required authentication
for VIEW too.
    http://<gitblit_url:8080|8443>/patch/<repo_name>.git
    Will show content of last commit to gitblit for repo_name.
    The problem is google scan and save commits through gitblit.

2.   example of free access, actually access to repo allowed ONLY for authorized users,
but if you open the link, you can see all content of last commit:

     https://bgate.mellanox.com:8443/patch/ompi.git



What is the expected output? What do you see instead?
   From 429c4b3ad7e07caf5fa20d2ed0ec6ccffc3b2cd4 Mon Sep 17 00:00:00 2001
   From: Ralph Castain <rhc@open-mpi-git-mirror.example.com>
   Date: Wed, 01 Oct 2014 01:27:03 +0300
   Subject: [PATCH] Cover the remaining code paths for Java apps to     define class
path
............. and more

What version of the product are you using? On what operating system?
Gitblit v1.6.2

Please provide any additional information below.

Reported by adm101n on 2015-01-13 07:13:50

[gitblit]

Thanks for discovering this.  I'll get it patched soon.

Reported by James.Moger on 2015-01-15 16:15:15

[gitblit]

Fix pushed.

Reported by James.Moger on 2015-02-26 16:17:51

• Status changed: Queued
• Labels added: Milestone-1.7.0