Kallithea 0.5.1 released

This release fixes a few reported bugs and shortcomings reported by our users (thanks!). Most notably, fix MySQL support broken in 0.5.0, as well as add support for SSH key formats other than RSA and DSA, like ed25519.

Read More

Kallithea 0.5.0 released

We are pleased to announce Kallithea 0.5.0, with as most important feature support for SSH repository access. This feature means:

  • repository URLs like ssh://

  • when using SSH, all network traffic for both read and write happens over the SSH protocol on port 22, without using HTTPS nor the Kallithea WSGI application

  • encryption and authentication protocols are handled by ssh on the client using the user's public key to connect and authenticate to the server's sshd system service.

  • users can upload their public SSH key (e.g. .ssh/ through the Kallithea web UI, where it is put in the Kallithea system user's .ssh/authorized_keys file, locked down to Kallithea only providing protocol access as that user.

  • in their SSH client configuration, users can configure how the client should control access to their SSH key - without passphrase, with passphrase, and optionally with passphrase caching in the local shell session (ssh-agent). This is standard SSH functionality, not something Kallithea provides or interferes with.

  • network communication between client and server happens in a bidirectional stateful stream, and will in some cases be faster than HTTPS with several stateless round-trips.

Read More

Read More

Kallithea 0.4.0 released

We are very happy to announce Kallithea 0.4.0. This is a major release, including a lot of development since 0.3.0 was released 3 years ago. The release includes several big changes, both in back-end and front-end. These changes are now finished, leaving Kallithea in a better and more consistent state than ever. We consider this release ready for production use, even though it isn't feature complete yet and we would like to make more changes before calling it "1.0".

This also marks the end of the 0.3.x set of releases: any new bug fixes or security fixes will no longer be applied to 0.3.x but only to 0.4.x. We encourage everyone to upgrade to 0.4.0 so they are on a supported track.

Read More

Read More

Kallithea 0.4.0rc1 released

We are happy to announce a release candidate for Kallithea 0.4.0, which will be the next major release after more than 3 years of development. The release notes below are the draft release notes for the final release.

Please try out this release candidate and report any problems you may find. Also, please share your feedback about the release notes proposed below. If there is information missing, confusing, etc. then let us know so we can improve it for the final release.

We hope to create the final release by the end of March.

Read More

Read More

Read More

Kallithea 0.3.5 released

This release is a stable bugfix release, fixing four serious security issues. There are no other changes in this release.

Users should update their Kallithea instances as soon as possible to release 0.3.5. Users that are following the 'default' development branch (instead of official releases) should update to the latest revision.

To detect a possible breach, users should verify the permissions inside Kallithea of all existing repositories, the presence of unexpected newly created repositories and repository groups inside Kallithea, and the presence of newly created repositories on the filesystem outside of the configured Kallithea repository root.

Read More

Read More

Kallithea 0.3.3 released

This release is a stable bugfix release. It brings a number of bug fixes that had already been applied on the stable branch for too long, support for Mercurial 4.2, and a few other minor changes.

Read More

Read More

Kallithea 0.3.1 released

This release is a stable bugfix release. It fixes issues we've discovered since the release 0.3.

Read More

Kallithea 0.3 released

Since 0.2, we have had two stable releases fixing important security and stability issues. This release, 0.3, brings more changes, new functionality, improvements and bugfixes. Thanks to our translators, we've made significant progress in localisation Kallithea, and our French-speaking users can enjoy the complete French translation. The process of transition from YUI to jQuery continues, less and less code depends on the no longer supported YUI toolkit. We have cleaned up our dependencies and bumped the required Mercurial version to 3.5 and Pylons to 1.0.2. The support for IE 8 and hacks for older browsers have been removed, as keeping them proved not worth the effort.

This release also brings numerous security-related changes, including a fix for CVE-2015-5285, an issue reported by Gjoko Krstic of Zero Science Lab. As always, all of our security notices are available on our dedicated Security Notices page.

One more thing that's got significantly improved is our documentation, available at

Read More

Kallithea 0.2.2 released

This release is a stable bugfix release. It fixes issues we've discovered since the release 0.2.1.

Read More

Kallithea 0.2.1 released

This release is a bugfix release. It fixes a security issue we've discovered, and a few minor bugs we found in 0.2.

The summary of the changes since 0.2 release is below.

  • security: Fix HTML and JavaScript injection — CVE-2015-1864
  • style: fix statistics so that the graph fits on the page
  • setup: bump mercurial requirement to 2.9
  • contributors: update list of contributors since last release

Read More

Kallithea 0.2 released

This release brings many changes since 0.1. Notably, pull requests system have been improved, making contributing changes more robust. The visual appearance has also been refined: modern font-based symbolic icons from FontAwesome and GitHub Octicons have replaced the previously used bitmap icons, and revision graphs are now drawn with HiDPI display support. Kallithea now supports Mercurial 3.3 and Dulwich 0.9.9. Several fixes in the database code boosted performance significantly.

We have also updated our Javascript libraries: jQuery, CodeMirror and Mergely. Javascript and CSS code have been cleaned up, with less and less code depending on Yahoo UI library.

Since 0.1 we have discovered two security issues, so all users are strongly recommended to upgrade. For more details on these issues, please see our Security Notices page

Read More

Kallithea 0.1 released

We're still not where we want to be for a 1.0 release, but we'd like to share what we've got so far. Kallithea 0.1 contains a lot of development since the project was announced, including both bug fixes and improvements. Kallithea 0.1 is production ready. The development branch is kept stable and is continuously used in production.

Read More