Kallithea 0.3.5 released

This release is a stable bugfix release, fixing four serious security issues. There are no other changes in this release.

Users should update their Kallithea instances as soon as possible to release 0.3.5. Users that are following the 'default' development branch (instead of official releases) should update to the latest revision.

To detect a possible breach, users should verify the permissions inside Kallithea of all existing repositories, the presence of unexpected newly created repositories and repository groups inside Kallithea, and the presence of newly created repositories on the filesystem outside of the configured Kallithea repository root.

Read More

Read More

Kallithea 0.3.3 released

This release is a stable bugfix release. It brings a number of bug fixes that had already been applied on the stable branch for too long, support for Mercurial 4.2, and a few other minor changes.

Read More

Read More

Kallithea 0.3.1 released

This release is a stable bugfix release. It fixes issues we've discovered since the release 0.3.

Read More

Kallithea 0.3 released

Since 0.2, we have had two stable releases fixing important security and stability issues. This release, 0.3, brings more changes, new functionality, improvements and bugfixes. Thanks to our translators, we've made significant progress in localisation Kallithea, and our French-speaking users can enjoy the complete French translation. The process of transition from YUI to jQuery continues, less and less code depends on the no longer supported YUI toolkit. We have cleaned up our dependencies and bumped the required Mercurial version to 3.5 and Pylons to 1.0.2. The support for IE 8 and hacks for older browsers have been removed, as keeping them proved not worth the effort.

This release also brings numerous security-related changes, including a fix for CVE-2015-5285, an issue reported by Gjoko Krstic of Zero Science Lab. As always, all of our security notices are available on our dedicated Security Notices page.

One more thing that's got significantly improved is our documentation, available at

Read More

Kallithea 0.2.2 released

This release is a stable bugfix release. It fixes issues we've discovered since the release 0.2.1.

Read More

Kallithea 0.2.1 released

This release is a bugfix release. It fixes a security issue we've discovered, and a few minor bugs we found in 0.2.

The summary of the changes since 0.2 release is below.

  • security: Fix HTML and JavaScript injection — CVE-2015-1864
  • style: fix statistics so that the graph fits on the page
  • setup: bump mercurial requirement to 2.9
  • contributors: update list of contributors since last release

Read More

Kallithea 0.2 released

This release brings many changes since 0.1. Notably, pull requests system have been improved, making contributing changes more robust. The visual appearance has also been refined: modern font-based symbolic icons from FontAwesome and GitHub Octicons have replaced the previously used bitmap icons, and revision graphs are now drawn with HiDPI display support. Kallithea now supports Mercurial 3.3 and Dulwich 0.9.9. Several fixes in the database code boosted performance significantly.

We have also updated our Javascript libraries: jQuery, CodeMirror and Mergely. Javascript and CSS code have been cleaned up, with less and less code depending on Yahoo UI library.

Since 0.1 we have discovered two security issues, so all users are strongly recommended to upgrade. For more details on these issues, please see our Security Notices page

Read More

Kallithea 0.1 released

We're still not where we want to be for a 1.0 release, but we'd like to share what we've got so far. Kallithea 0.1 contains a lot of development since the project was announced, including both bug fixes and improvements. Kallithea 0.1 is production ready. The development branch is kept stable and is continuously used in production.

Read More