Poodle SSLv3 Schwachstelle

Nach Heartbleed und Shellshock folgt jetzt Poodle. Die Veröffentlichung gravierender Schwachstellen, die insbesondere populäre Anwendungen oder Protokolle von im Internet exponierten Diensten betreffen, nehmen kein Ende.

Wir bei Versionshelf beobachten diese Bekanntmachungen sehr genau, die Sicherheit von Versionshelf steht bei uns an oberster Stelle! Bei der Poodle getauften Schwachstelle, können SSLv3 Verbindungen angegriffen werden. Da SSLv3 ein veralteter Standard ist und seit mehr als 15 Jahren von TLS 1.0 abgelöst ist, haben wir als Konsequenz die Unterstützung dieses veralteten Standards deaktiviert.

Probleme sind nicht zu erwarten, alle Browser - außer dem Internet Explorer 6 - sowie die gängigen Git, Subversion oder Mercurial Clients unterstützen die neuen TLS Standards. Falls doch ein Fehler beim Verbindungsaufbau eures Clients mit dem Versionshelf Server auftaucht, prüft bitte ob ihr auch die aktuellste Version im Einsatz habt. So steht zum Beispiel für TortoiseHg ein Update auf Version 3.1.2 zur Verfügung. Eine weitere Problemquelle ist ein veraltetes Java, auch hier empfiehlt es sich die aktuellste Version einzuspielen.

Für den interessierten Leser beschreibt Heise in einem Artikel wie auch auf Browserseite die Unterstützung von SSLv3 deaktiviert werden kann.

Bei Fragen rund um die Sicherheit von Versionshelf meldet euch einfach unter info@versionshelf.com, wir antworten euch umgehend!

Die aktuelle Debatte um Prism und die Überwachung des Internets geht auch an Versionshelf nicht spurlos vorbei. Was speichert Versionshelf, ist mein Sourcecode sicher?

Fakt ist: Versionshelf hostet nur auf eigenen Servern in Deutschland. Das bedeutet die Daten auf den Servern unterliegen den deutschen Datenschutzbestimmungen und Gesetzen.

Auch tun wir alles um die Sicherheit unserer Services und Dienste zu gewährleisten. So akzeptieren wir nur über HTTPS verschlüsselte Verbindungen zu den Repositories und kümmern uns um regelmäßige Backups. Geplant ist auch ein Audit durch eine externe Sicherheitsfirma, hier hätten wir gerne euer Feedback was ihr davon haltet.

Doch was ist mit Verschlüsselung der Repositories auf den Servern? Hier wird es schwierig, denn nur bei unverschlüsselten Repositories funktionieren alle Versionshelf Dienste wie der Code Browser. Ein Problem über das wir durchaus nachdenken. So gibt es Möglichkeiten auch Repositories zu verschlüsseln, git-encrypt ist nur ein Beispiel. , und wir versprechen uns darüber Gedanken zu machen.

Wir bei Versionshelf werden auch zukünftig alle Server ausschließlich in Deutschland betreiben.

Versionshelf - sicheres Git, Subversion und Mercurial Hosting - “Made in Germany”

Secure hosted version control

The current debate on Prism and the monitoring of the inernet does not leave Versionshelf entirely unaffected. The question arises is your source code safe at Versionshelf?

Fact is that Versionshelf hosts only on servers in Germany. That means that the data on the servers are subject to German data protection regulations and laws.

Furthermore, we do our utmost to ensure our service‘s security. Therefore, we only accept connections which are encrypted with HTTPS to the repositories and do backups regularly. An audit hosted by an external security company is scheduled as well. Concerning this audit we’d like to get your feedback first.

But what about the encryption of the repositories on the servers? This is where it gets a little bit iffy since it is only possible to run all Versionshelf services such as the code browser when the repositories are unencrypted; a problem we definitely take into consideration. There are ways to encrypt repositories such as git-encrypt, to name only one example. and we promise to think about it carefully.

The Versionshelf team will definitely run all servers in Germany only. Now and in the future as well.

We used the last couple of months to enhance Versionshelf.

To name the most important aspects: Git Integration, better Performance, unified Code Browser and German localization are now implemented.

Git support
Due to the popularity of distributed version control systems, Versionshelf offers you the possibility to use Git. As with the other repository types, it is now possible to just select Git as repository type on repository creation. Integration is identical to the other vcs types. There is the code browser, external integrations with hooks and the activity overview.

Unified Code Browser
The code browser is now the same for all three repository types: git, subversion and mercurial. Usage of revision diffs, source code highlighting, source browsing, blame and all the other stuff is now unified. With the new browser we also refactored the syntax highlighting to use pygments. So you can now view beautifully highlighted code for more than a 100 configuration file types, programming languages and markup languages. This gives Versionshelf a much better user experience and look’n’feel.

German localization
Sie können Versionshelf jetzt komplett in Deutscher Sprache nutzen. Jeder Benutzer kann seine bevorzugte Sprache in den Einstellungen wählen.

Further enhancements will follow. .

We take care of version control, you take care of your code.

May the source be with you!

If you are not already a Versionshelf user you may have a look at our plans and features.

We are proud to finally release our in-house issue tracker Bugshelf to the public.

Bugshelf Project Screen

Initially created to coordinate the development efforts at The Coding Monkeys, we decided that our bug tracker might also be of great use for other independent software vendors.

Combined with the post commit hooks we integrated into our Subversion and Mercurial hosting service Versionshelf you get a nicely integrated package: just reference an issue by its number in a commit message and a comment with a backlink to the changeset gets automatically added to the issue. Even better you can also close issues with a simple commit.

Beyond its standard features like tagging, inline editing, powerful search, useful reports, attachments with image previews and lots of more stuff we are especially proud of the built in realtime awareness. With realtime awareness you and your team mates never miss changes to the filed issues. Each time someone changes any part of an issue you get a realtime notification. Relevant parts of the page automatically reload so you never look at outdated data.

Even better if you work on a Mac you can use the great Fluid site specific browser (blog post about Fluid pending). Combined with Growl you even get realtime notifications right to your desktop!

Growl Notification

A click on the growl notification takes you straight to the changed issue. We are even thinking about implementing some kind of chat based on the message bus technology we used to implement realtime awareness.

If you want to find out how Bugshelf really feels and if its useful to you, just head over to the Bugshelf site and sign up to one of our affordable plans. The first 30 days are free so it’s no risk to take the plunge and try Bugshelf.

If something does not work or you have ideas you would like to see implemented, please share your thoughts with us by just filing an issue at https://shelfcloud.bugshelf.com/ – our Bugshelf instance.

Versionshelf: Mercurial support

An important upgrade has happened – Mercurial Support for Versionshelf!

With the updated server infrastructure we also introduced a significant new feature: Mercurial Support. Mercurial is one of the emerging Distributed Version Control Systems. Used by great projects like Sun OpenSolaris or the Python language it has proven to be one of the best of its breed – and to us even more important: we love it!

Usage is quite similar to Subversion, but follows the more and more popular approach of distributed version control systems: every working copy is also the complete repository with the whole history. Commits go to your local repository – even when you are not online. To keep your repository in sync with others you push and pull to/from a central repository.

To make collaboration in your projects an easy experience, Versionshelf now supplies the central place for Mercurial repositories.

Beyond Mercurial Support we also made existing features even better: post commit hooks and the activity view.

We hope you enjoy these changes!

If you are not already a Versionshelf user you may have a look at our plans and features.

Today we upgraded our subversion servers to the latest version – 1.6.1.
The new subversion features like tree conflict resolution and enhanced merge tracking are therefore finally available to our customers (Release Notes 1.5, 1.6).

Existing repositories have not been updated automatically to make sure that older clients and tools keep working. To take advantage of the new features you should upgrade all your clients to their latest versions.

If you would like to update your repositories, just login as admin to your Versionshelf. There you find the upgrade notification with a link that allows you to upgrade all your repositories with a single click.

All new repositories are created with the new 1.6.1 subversion repository format.

If you experience any problems, please don’t hesitate to contact us at support [at] versionshelf.com!

Today we increased the basic data of all our plans by quite some magnitude:

  • Personal Plan
    Storage +500MB, Repositories +4
  • Basic Plan
    Storage +2.5GB, Repositories +10, Accounts +10
  • Plus Plan
    Storage +6GB, Repositories +10, Accounts +25
  • Premium Plan
    Storage +10GB

Hopefully you find the increased specs useful and many thanks for being our customers!
If you are not already a Versionshelf user you may have a look at our plans and features.

A hidden feature that is implemented for some time now but never officially announced is rendering of textile, markdown and rdoc documents in our subversion repository browser.

Textile, Markdown and RDoc allow you to format text with a lightweight and easy to use markup language.

As with syntax highlighting it just seems more natural to see textile and markdown documents rendered as they should. See the two screenshots below:


The first picture shows the rendered textile content, the other the regular source view.

Let’s say you have a textile formatted README file in your project and want it to be rendered as html in the repository browser, you just need to add an svn property named vsrender to the file. Eg. execute svn propset vsrender textile README in your shell.

We support Textile, Markdown, RDoc and a simple text view. The corresponding vsrender-properties are named as follows:

  • textile
  • markdown
  • rdoc
  • simple_format

If you would like to see the actual source of the rendered file you can just switch to the regular source view as shown below:

Textile - show source view link Raw - show textile view link

With this feature our repository browser can almost be used as a simple wiki (which was our initial intention :)!

New Feature: colored source code

Our Versionshelf svn browser can now display source code with syntax highlighting.

The screenshot below shows the syntax highlighting of a java file.
Syntax Highlighting

So far we support syntax highlighting for the following source types:

  • C
  • C++
  • Java
  • PHP
  • Ruby
  • HTML
  • Javascript

Due to popular demand we made the sender address of the notification email post commit hook editable.

email notification hook settings

If you leave the sender address field blank, the sender email address is automatically set to the one of the receiver.