From f5d66fd3867f0d6e3551b362445d15c6d19e43a0 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Jul 24 2017 12:21:16 +0000
Subject: Release 3.3


---

diff --git a/UPGRADING.rst b/UPGRADING.rst
index 3fac462..b95c1a2 100644
--- a/UPGRADING.rst
+++ b/UPGRADING.rst
@@ -1,6 +1,23 @@
 Upgrading Pagure
 ================
 
+From 3.2 to 3.3
+---------------
+
+[SECURITY FIX]: The 3.3 release contains an important security fix.
+If you are using the private project feature of pagure, the gitolite
+configuration generated was still granting access to the private projects. This
+made the private projects visible and accessible.
+After updating to 3.3, ensure your gitolite configuration gets re-generated
+(pagure-admin refresh-gitolite can help you with this).
+
+
+The 3.3 release brings some adjustments to the database scheme.
+
+* Update the database schame using alembic: ``alembic upgrade head``
+
+
+
 From 3.1 to 3.2
 ---------------
 
diff --git a/doc/contributors.rst b/doc/contributors.rst
index 34506f9..afed912 100644
--- a/doc/contributors.rst
+++ b/doc/contributors.rst
@@ -3,18 +3,18 @@ Contributors to pagure
 
 Pagure would be nothing without its contributors.
 
-On July 14, 2017 (release 3.2.1), the list looks as follow:
+On July 24, 2017 (release 3.3), the list looks as follow:
 
 =================  ===========
 Number of commits  Contributor
 =================  ===========
-  5334              Pierre-Yves Chibon <pingou@pingoured.fr>
+  5335              Pierre-Yves Chibon <pingou@pingoured.fr>
    191              Ryan Lerch <rlerch@redhat.com>
    143              Vivek Anand <vivekanand1101@gmail.com>
    139              farhaanbukhsh <farhaan.bukhsh@gmail.com>
    126              Patrick Uiterwijk <puiterwijk@redhat.com>
     77              Farhaan Bukhsh <farhaan.bukhsh@gmail.com>
-    65              Clement Verna <cverna@tutanota.com>
+    66              Clement Verna <cverna@tutanota.com>
     59              Johan Cwiklinski <johan@x-tnd.be>
     47              Mark Reynolds <mreynolds@redhat.com>
     32              Pradeep CE (cep) <breathingcode@gmail.com>
@@ -88,6 +88,7 @@ Number of commits  Contributor
      1              Snehal Karale <skarale@redhat.com>
      1              Stanislav Laznicka <slaznick@redhat.com>
      1              Stanislav Ochotnicky <sochotnicky@redhat.com>
+     1              Stefan Bühler <stbuehler@web.de>
      1              Stephen Gallagher <sgallagh@redhat.com>
      1              Tiago M. Vieira <tiago@tvieira.com>
      1              Vyacheslav Anzhiganov <vanzhiganov@ya.ru>
diff --git a/files/pagure.spec b/files/pagure.spec
index 55a6289..5042acd 100644
--- a/files/pagure.spec
+++ b/files/pagure.spec
@@ -2,7 +2,7 @@
 %distutils.sysconfig import get_python_lib; print (get_python_lib())")}
 
 Name:               pagure
-Version:            3.2.1
+Version:            3.3
 Release:            1%{?dist}
 Summary:            A git-centered forge
 
@@ -384,6 +384,11 @@ install -m 644 pagure-loadjson/pagure_loadjson.service \
 
 
 %changelog
+* Mon Jul 24 2017 Pierre-Yves Chibon <pingou@pingoured.fr> - 3.3-1
+- [SECURITY FIX] block private repo (read) access via ssh due to a bug on how we
+  generated the gitolite config - CVE-2017-1002151 (Stefan Bühler)
+- Add the date_modified to projects (Clement Verna)
+
 * Fri Jul 14 2017 Pierre-Yves Chibon <pingou@pingoured.fr> - 3.2.1-1
 - Fix a syntax error on the JS in the wait page
 
diff --git a/pagure/__init__.py b/pagure/__init__.py
index 821d2e2..a7afee0 100644
--- a/pagure/__init__.py
+++ b/pagure/__init__.py
@@ -12,7 +12,7 @@
 __requires__ = ['SQLAlchemy >= 0.8', 'jinja2 >= 2.4']
 import pkg_resources  # noqa: E402,F401
 
-__version__ = '3.2.1'
+__version__ = '3.3'
 __api_version__ = '0.15'