CM Bridge now with Mercurial Integration

CM Bridge v4.0 with Mercurial Integration

The most cost effective Subversion multisite solution on the market today which already integrates with Git now also integrates with Mercurial. Prices from £2000.00.

Increased Productivity

• Active-active - developers commit to local repository avoiding wide area network latency.
• Multisite solutions allow companies to utilise development expertise regardless of geographic location.

Increased Reliability

• In contrast to other solutions, active-active local repository communications eliminates dependencies on remote sites and infrastructure.

Reduced Development Costs

• Simple to install, configure and run. Unlike other solutions the CM Bridge does not require complex equipment at each site.
• Connect distributed teams or outsourced partners in minutes.

Scalable

• Multiple bridges - any number of repositories can be connected.
• Ideal for remotes sites with a slow or fragile WAN connection.
• Simple to use for business continuity and disaster recovery.
• Flexible, low cost license - irrespective of the number of users or amount of data.

Flexible

• Allow partial replication of a repository; choose which areas to share with remote sites.
• Replicate between different CM tools e.g ClearCase to Mercurial, ClearCase to Subversion and ClearCase to Git.
• Allow phased migration, avoiding a "big bang" approach.

Free Clearvision Breakfast Event

Project Management and Process for Open Source

Clearvision, BlackDuck Software and Atlassian join forces; learn how to wrap project management, process and control while harnessing the power of open source SCM solutions. Don’t miss out on this exceptional opportunity.

Canary Wharf, London, UK

Wednesday 22nd June 2011

Session One: 8.15am - 9.45am

Session Two: 10.10am - 11.40am

High demand, limited places . . .

New Git Maintenance Release 1.7.5.4 Available NOW

On 1st June 2011 Git v1.7.5.4 was made available for download.

A number of improvements and fixes have been incorporated into Git over the last few months and you can get full details via the release notes here:

The next major release is being prepared 1.7.6 and the draft release notes can be viewed as well.

Clearvision provide Git Consulting, Git Training (including Git eLearning), Git Support for both large and small organisations and also Git related products such as our Application Lifecycle Management interface for Git, AgileSCM.

See Release Note below for details:

The latest maintenance release Git 1.7.5.4 is available at the usual places:

git-1.7.5.4.tar.{gz,bz2} (source tarball)

git-htmldocs-1.7.5.4.tar.{gz,bz2} (preformatted docs)

git-manpages-1.7.5.4.tar.{gz,bz2} (preformatted docs)

The RPM binary packages for a few architectures are found in: RPMS/$arch/git-*-1.7.5.4-1.fc13.$arch.rpm (RPM)

Git v1.7.5.4 Release Notes

Fixes since v1.7.5.3

• The single-key mode of “git add -p” was easily fooled into thinking that it was told to add everthing (a) when up-arrow was pressed by mistake.
• Setting a git command that uses custom configuration via “-c var=val” as an alias caused a crash due to a realloc(3) failure.
• “git diff -C -C” used to disable the rename detection entirely when there are too many copy candidate paths in the tree; now it falls back to “-C” when doing so would keep the copy candidate paths under the rename detection limit.

• “git rerere” did not diagnose a corrupt MERGE_RR file in some cases.

And other minor fixes and documentation updates.

Recommended Security Upgrade - Subversion version 1.6.17

On 1st June 2011 the latest Subversion 1.6 patch was released – version 1.6.17

Subversion 1.6.17 is primarily a bug fix release but is a recommended update as contains three security related fixes for the server:

CVE-2011-1752 – null-pointer dereference vulnerability

CVE-2011-1783 – memory exhaustion DoS vulnerability

CVE-2011-1921 – Unreadable files content leak

Clearvision recommend that this upgrade is performed as soon as possible especially if you have a public facing server.

Another big benefit of this release is the improvement in checkout time on Windows clients in certain scenarios. Performance benchmarks from Subversion committers show a 76% improvement in some cases.

The full list of fixes:

User-visible changes:

• improve checkout speed on Windows (issue #3719)
• make 'blame -g' more efficient on with large mergeinfo (r1094692)
• avoid some invalid handle exceptions on Windows (r1095654)
• preserve log message with a non-zero editor exit (r1072084)
• fix FSFS cache performance on 64-bit platforms (r1103665)
• make svn cleanup tolerate obstructed directories (r1091881)
• fix deadlock in multithreaded servers serving FSFS repositories (r1104093)
• detect very occasional corruption and abort commit (issue #3845)
• fixed: file externals cause non-inheritable mergeinfo (issue #3843)
• fixed: file externals cause mixed-revision working copies (issue #3816)
• fix crash in mod_dav_svn with GETs of baselined resources (r1104126)
• See CVE-2011-1752, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
• fixed: write-through proxy could direcly commit to slave (r917523)
• detect a particular corruption condition in FSFS (r1100213)
• improve error message when clients refer to unkown revisions (r939000)
• bugfixes and optimizations to the DAV mirroring code (r878607)
• fixed: locked and deleted file causes tree conflict (issue #3525)
• fixed: update touches locked file with svn:keywords property (issue #3471)
• fix svnsync handling of directory copyfrom (issue #3641)
• fix 'log -g' excessive duplicate output (issue #3650)
• fix svnsync copyfrom handling bug with BDB (r1036429)
• server-side validation of svn:mergeinfo syntax during commit (issue #3895)
• fix remotely triggerable mod_dav_svn DoS
• See CVE-2011-1783, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
• fix potential leak of authz-protected file contents
• See CVE-2011-1921, and descriptive advisory at http://subversion.apache.org/security/CVE-2011-1921-advisory.txt

• Developer-visible changes:
• fix reporting FS-level post-commit processing errors (r1104098)
• fix JVM recognition on OS X Snow Leopard (10.6) (r1028084)
• allow building on Windows with recent Expat (r1074572)

You can find more information at http://subversion.apache.org/.

You can download Subversion 1.6.17 here: http://subversion.apache.org/packages.html.

You can download the Subversion Source Code here: http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=260&expandFolder=260&folderID=260.

Clearvision provide Subversion training, subversion consulting, subversion support and subversion products including our Subversion Agile Application Lifecycle Management solution AgileSCM, our Migration and Bridging tools Migrate2SVN, CMBridge and the JIRA integration product Change Integration.

Security Alert: Atlassian Confluence version 2.7 to 3.5.2 is affected

We are writing to inform you of several recently discovered security vulnerabilities in Atlassian Confluence. Two of these security vulnerabilities are rated as high; one is rated as medium. None are rated critical. To fix these vulnerabilities, you should follow the instructions in the security advisory below. Enterprise Hosted customers should request an upgrade by raising a support request at http://support.atlassian.com. JIRA Studio is not vulnerable to any of the issues described in this advisory.

For your convenience, we have included the entire security advisory in this email. To view the online version of this security advisory, please go to http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2011-05-31.

If you have any questions or concerns about this security vulnerability or about our policy of disclosure of security vulnerabilities, please visit our page on Atlassian Security Policies (http://confluence.atlassian.com/display/Support/Atlassian+Security+Policies) or raise a support request at http://support.atlassian.com/.

This advisory announces security vulnerabilities that we have found in Confluence and fixed in a recent version of Confluence. We also provide upgraded plugins and patches that you will be able to apply to existing installations of Confluence to fix these vulnerabilities. However, we recommend that you upgrade your complete Confluence installation rather than upgrading only the affected plugins. Enterprise Hosted customers should request an upgrade by raising a support request at http://support.atlassian.com. JIRA Studio is not vulnerable to the issues described in this advisory.

Atlassian is committed to improving product security. The vulnerabilities listed in this advisory have been discovered by Atlassian, unless noted otherwise. The reporter may also have requested that we do not credit them.

Severity -- Atlassian rates the severity level of both these vulnerabilities as high, according to the scale published in http://confluence.atlassian.com/display/DOC/Severity+Levels+for+Security+Issues. The scale allows us to rank the severity as critical, high, medium or low. These vulnerabilities are not critical. This is an independent assessment and you should evaluate its applicability to your own IT environment.

Vulnerability -- The list below describes the Confluence versions and the specific functionality affected by the XSS vulnerabilities.

1. Vulnerability in Login: affects Confluence 3.5 -- 3.5.2; fixed in Confluence 3.5.3. See tracking issue http://jira.atlassian.com/browse/CONF-22402.
2. Vulnerability in Settings Editor: affects Confluence 2.7; fixed in Confluence 3.5.3. See tracking issue http://jira.atlassian.com/browse/CONF-22479.

Our thanks to Marian Ventuneac (http://www.ventuneac.net/) who reported the vulnerabilities mentioned above. We fully support the reporting of vulnerabilities and we appreciate it when people work with us to identify and solve the problem.

Risk Mitigation -- We recommend that you upgrade your Confluence installation to fix these vulnerabilities. Alternatively, if you are not in a position to upgrade immediately and you judge it necessary, you can disable public signup to your wiki until you have applied the necessary patch or upgrade. For even tighter control, you could restrict access to trusted groups.

Fix -- These vulnerabilities (CONF-22402 and CONF-22479) are both fixed in Confluence 3.5.3, and later versions. For a full description of the latest version of Confluence, see the release notes ( http://confluence.atlassian.com/display/DOC/Release+Notes). You can download the latest version of Confluence from the download centre (http://www.atlassian.com/software/confluence/ConfluenceDownloadCenter.jspa). If you cannot upgrade to the latest version of Confluence, you can temporarily patch your existing installation using the patch listed below. We strongly recommend upgrading and not patching.

Patches -- If you are running Confluence 3.5, we highly recommend that you upgrade to Confluence 3.5.3, or later. If you are running Confluence 3.4, you can apply the following patch to fix the CONF-22479 vulnerability. The CONF-22402 vulnerability does not affect Confluence 3.4.

A patch for the security vulnerability in the Settings Editor is available for Confluence 3.4 – 3.4.9 and is attached to tracking issue CONF-22479. The patch is available at: https://jira.atlassian.com/secure/attachment/47916/CONF-22479_patch.zip

Applying the patch -- If you are using Confluence 3.4 – 3.4.9:

1. Download the CONF-22479_patch.zip file that is attached to the CONF-22479 (http://jira.atlassian.com/browse/CONF-22479) issue.
2. Stop Confluence.
3. Make a backup of the directory.
4. Expand the downloaded zip file into , overwriting the existing files.
5. Check that the following files were created:

- confluence/WEB-INF/classes/com/atlassian/confluence/core/ConfluenceActionSupport.properties

- confluence/WEB-INF/classes/com/atlassian/confluence/languages/DefaultLocaleManager.class

- confluence/WEB-INF/classes/com/atlassian/confluence/user/actions/EditMySettingsAction.class

6. Restart Confluence.

Severity -- Atlassian rates the severity level of both this vulnerability as medium, according to the scale published in http://confluence.atlassian.com/display/DOC/Severity+Levels+for+Security+Issues. The scale allows us to rank the severity as critical, high, medium or low. This vulnerability is not critical. This is an independent assessment and you should evaluate its applicability to your own IT environment.

Risk Assessment -- We have identified and fixed a cross-site request forgery (XSRF) vulnerability that may affect Confluence instances, including publicly available instances (that is, Internet-facing servers). XSRF vulnerabilities allow an attacker to trick users into unintentionally adding bookmarks to Confluence spaces. You can read more about XSRF attacks at http://www.cgisecurity.com/csrf-faq.html and other places on the web.

Vulnerability -- The Confluence versions and the specific functionality affected by the XSRF vulnerability is described below.

- Vulnerability in Social Bookmarking plugin: affects Confluence 3.0 -- 3.4.9; fixed in Confluence 3.5. See tracking issue http://jira.atlassian.com/browse/CONF-22565.

Risk Mitigation -- We recommend that you upgrade your Confluence installation to fix these vulnerabilities. Alternatively, if you are not in a position to upgrade immediately and you judge it necessary, you can disable public signup to your wiki until you have applied the necessary patch or upgrade. For even tighter control, you could restrict access to trusted groups.

Fix -- This vulnerability (CONF-22565) is fixed in Confluence 3.5, and later versions. For a full description of the latest version of Confluence, see the ( http://confluence.atlassian.com/display/DOC/Release+Notes). You can download the latest version of Confluence from the download centre (http://www.atlassian.com/software/confluence/ConfluenceDownloadCenter.jspa).If you cannot upgrade to the latest version of Confluence, you can temporarily patch your existing installation using the patch listed below. We strongly recommend upgrading and not patching.

Patches -- If you are running Confluence 3.5, the CONF-22565 vulnerability is already fixed, but we highly recommend that you upgrade to the latest version of Confluence. If you are running Confluence 3.4, you can apply the following patch to fix the CONF-22565 vulnerability.

A patch for the security vulnerability in the Social Bookmarking plugin is available for Confluence 3.4 – 3.4.9 and is attached to tracking issue CONF-22565. The patch is available at https://jira.atlassian.com/secure/attachment/47918/socialbookmarking-1.3.9.jar.

Applying the patch -- If you are using Confluence 3.4 – 3.4.9 use the plugin manager to upgrade the Social Bookmarking plugin to a version equal to or greater than 1.3.9. For details on upgrading Confluence's plugins using the plugin manager, see http://confluence.atlassian.com/display/CONF34/Upgrading+your+Existing+Plugins.

Securely yours,

Atlassian

Clearvision

Clearvision is an official Atlassian partner and provide Atlassian Support to customers throughout the world. Clearvision specialise in Atlassian Jira and Confluence Training, Atlassian Jira and Confluence User Support, Atlassian Products such as our Subversion JIRA integration (JIRA2SVN) and Atlassian Consulting. Clearvision work with all Atlassian products including Atlassian JIRA, Atlassian Confluence, Atlassian Crucible, Atlassian Crowd, Atlassian FishEye, Atlassian Bamboo and Atlassian GreenHopper.

Clearvision Select Winner of Atlassian Summit Pass

This week Clearvision selected a lucky winner of the free pass to the Atlassian Summit San Francisco 2011.

Clearvision will be at the summit in San Francisco (6-8th June) demonstrating a number of our products such as AgileSCM; the Clearvision browser-based Application Lifecycle Management tool that integrates with Jira, Subversion, Git and Mercurial.

The event is an excellent opportunity to meet other Atlassian customers and gain best practices knowledge around the applications you're using today.

Come visit us at the summit, you can find us at booth number 20.