ReleaseNotes/ReleaseNotes-2.1.6.txt - gerrit - Git at Google

 = Release notes for Gerrit 2.1.6

 Gerrit 2.1.6 is now available:

 link:https://www.gerritcodereview.com/download/gerrit-2.1.6.war[https://www.gerritcodereview.com/download/gerrit-2.1.6.war]

 == Schema Change

 *WARNING* This release contains multiple schema changes.  To upgrade:
 ----
   java -jar gerrit.war init -d site_path
 ----


 == New Features

 === Web UI
 * issue 312 Abandoned changes can now be restored.
 * issue 698 Make date and time fields customizable
 * issue 556 Preference to display patch sets in reverse order
 * issue 584 Allow deleted and/or uncommented files to be skipped

 * Use HistogramDiff for content differences
 +
 HistogramDiff is an adaptation of Bram Cohen's Patience Difference
 algorithm, and was recently included in the upstream JGit project.
 Patience Difference tends to produce more readable differences for
 source code files, and JGit's HistogramDiff implementation tends to
 run several times faster than the prior Myers O(ND) algorithm.

 * Automatic merge file content during submit
 +
 Project owners can now enable file-level content merge during submit,
 allowing Gerrit to automatically resolve many path conflict cases.
 This is built upon experimental merge code inherited from JGit,
 and is therefore still experimental in Gerrit.

 === Change Query
 * issue 688 Match branch, topic, project, ref by regular expressions
 +
 Similar to other features in Gerrit Code Review, starting any of these
 expressions with \^ will now treat the argument as a regular
 expression instead of an exact string match.

 * Search changes by commit messages with `message:` operator.

 * issue 729 query: Add a \--all-approvals option to queries
 +
 The new flag includes approval information for all patch sets in the
 resulting query output.

 Notifications
 ~~~~~~~~~~~~
 * Customize email notification templates
 +
 Email notifications are now driven by the Velocity template engine,
 and may be modified by the site administrator by editing a template
 file under `'$site_path'/etc/mail`.

 * issue 311 Clarify email texts/subject
 +
 The default email notification formatting was changed to make the
 subject lines and message bodies more consistent, and easier to
 understand.

 * issue 204 Add project list popup under Settings > Watched Projects
 +
 The project list panel makes it easier for users to browse all
 projects they have at least READ +1 access to, and add them to their
 watched project set so notifications can be configured.

 * stream-event support for all ref-update events
 +
 Whenever a ref is updated via either a direct push to a branch or a
 Gerrit change submission, Gerrit will now send a new "ref-updated"
 event to the event stream.

 === User Management
 * SSO via client SSL certificates
 +
 A new auth.type of CLIENT_SSL_CERT_LDAP supports authenticating users
 using client SSL certificates.  This feature requires using the
 embedded Jetty web server with SSL enabled, and an LDAP directory to
 lookup individual account information.

 * issue 503 Inactive accounts may be disabled.
 +
 Administrators can manually update the accounts table, setting
 inactive = `Y` to mark user accounts inactive.  Inactive accounts
 cannot sign-in, cannot be added as a reviewer, and cannot be added
 to a group.

 * Improve the no-interactive-shell error message over SSH
 +
 Instead of giving a short 'no shell available' error, Gerrit Code
 Review now prints a banner letting the user know they have
 authenticated successfully, interactive shells are disabled, and how
 to clone a hosted project:
 +
 ----
 $ ssh -p 29418 review.example.com

   ****    Welcome to Gerrit Code Review    ****

   Hi A. U. Thor, you have successfully connected over SSH.

   Unfortunately, interactive shells are disabled.
   To clone a hosted Git repository, use:

   git clone ssh://author@review.example.com:29418/REPOSITORY_NAME.git

 Connection to review.example.com closed.
 ----

 * Configure SSHD maxAuthTries, loginGraceTime, maxConnectionsPerUser
 +
 The internal SSH daemon now supports additional configuration
 settings to reduce the risk of abuse.

 === Administration
 * issue 558 Allow Access rights to be edited by clicking on them.

 * New 'Project Owner' system group to define default rights
 +
 The new system group 'Project Owners' can be used in access
 rights to mean any user that is a member of any group that
 has the 'Owner' access category granted within that project.
 This system group is primarily useful in higher level projects
 such as '\-- All Projects \--' to define standard access rights
 for all project owners.

 * issue 557 Allow rejection of changes without Change-Id line.
 +
 Project owners can set a flag to require all commits to include
 the Gerrit specific 'Change-Id: I...' line during initial upload,
 reducing the risk of confusion when amends need to occur to
 incorporate reviewer feedback.

 * issue 613 create-project: Add --permissions-only option
 +
 The new flag skips creating the associated Git repository, making the
 new project suitable for use as a parent to inherit permissions from.

 * create-project: Optionally create empty initial commit
 +
 The `repo` tool used by Android doesn't like to clone an empty Git
 repository, making it difficult to setup a review for the initial file
 contents.  create-project can now optionally create an empty initial
 commit, permitting repo to sync the empty project.

 * Block off commands on a server for certain user groups.
 +
 The upload.allowGroup and receive.allowGroup settings in gerrit.config
 can be used to restrict which users can perform git clone/fetch or git
 push on this server.  This can be useful if clone/fetch should be
 limited to only site administrators, while normal users are supposed
 to use to less expensive mirror servers.

 * issue 685 Define gerrit.replicateOnStartup to control replication
 +
 The automatic replicate every project action that occurs during server
 startup can now be disabled by setting replicateOnStartup = false.
 This is primarily useful for sites with extremely large numbers of
 projects and replication targets, but runs the risk of having a target
 be out of date relative to the master server.

 * New non-blocking function category "NoBlock"
 +
 Site defined approval categories may now use the function "NoBlock"
 to permit scoring without blocking submission.  This is mostly
 useful for automated tools to provide optional feedback on a change.

 * Ability to reject commits from entering repository
 +
 The Git-note style branch `refs/meta/reject-commits` can be created
 by the project owner or site administrator to define a list of
 commits that must not be pushed into the repository.  This can be
 useful after performing a project-wide filter-branch operation to
 prevent the older (pre-filter-branch) history from being reintroduced
 into the repository.

 == Bug Fixes

 === Web UI
 * issue 498 Enable Keyboard navigation after change submit
 * issue 691 Make ']' on last file go up to change
 * issue 741 Make ENTER work for 'Create Group'
 * issue 622 Denote a symbolic link in side-by-side viewer
 * issue 612 Display empty branch list when project has no repository
 * issue 672 Fix deleting exclusive branch level rights
 * issue 645 Display 'No difference' between unchanged patchsets
 * Display groups as links to group information
 * Remove ctrl-d keybinding to discard comment, honor browser default
 * Do not auto enable save buttons, wait for changes to be made
 * Disable 'Create Group' button if group name not entered
 * Show commit message in PatchScreen if old patch sets are compared
 * Fixed a number of focus and shortcut bugs in Firefox, Chrome

 * issue 487 Work around buggy MyersDiff by killing threads
 +
 MyersDiff sometimes locked up in an infinite loop when computing
 the intraline difference information for a file.  These threads
 are now killed after an administrator specified timeout
 (cache.diff_intraline.timeout, default is 5 seconds).  If the
 timeout is reached the file content is displayed without intraline
 differences.  This offers reduced functionality to the end-user, but
 prevents the "path of death" which usually took down a Gerrit server.

 * Hide access rights not visible to user
 +
 Users were able to view access rights for branches they didn't
 actually have READ +1 permission on.  This may have leaked
 information about branches and/or groups to users that shouldn't
 know about code names contained within either string.  Users that
 are not project owners may now only view access rights for branches
 they have at least READ +1 permission on.

 === Change Query
 * issue 689 Fix age:4days to parse correctly
 * Make branch: operator slightly less ambiguous

 === Push Support
 * issue 695 Permit changing only the author of a commit
 +
 Correcting only the author of a change failed to upload the new patch
 set onto the existing change, as neither the message nor the files
 were modified.  Fixed.

 * issue 576 Allow Push Branch +3 to force replace a tag
 +
 Previously it was not possible to replace a tag object, even if
 `git push \--force` was used.  Fixed.

 * issue 690 Refuse to run receive-pack if refs/for/branch exists
 +
 If a server repository was corrupted by an administrator manually
 creating a reference within the magical refs/for/ namespace, Gerrit
 became confused when changes were uploaded for review.  If this case
 occurs push now aborts very early, with a clear error message
 indicating the problem.  To recover an administrator must clear the
 refs/for/ namespace manually.

 * Allow receive-pack without Read +2 but with Push Head +1
 +
 Users who had direct branch push permission but lacked the ability to
 create changes for review were unable to push to a project.  Fixed.
 This (finally) makes Gerrit a replacement for Gitosis or Gitolite.

 === Replication
 * issue 683 Don't assume authGroup = "Registered Users" in replication
 +
 Previously a misconfigured authGroup in replication.config may have
 caused the server to assume "Registered Users" instead of the group(s)
 admin actually wanted.  This may have caused the replication to see
 (or not see) the correct set of projects.

 * issue 482 Upon replication fail, automatically retry later
 +
 If replication fails (for example due to temporary network
 connectivity problems), other pending replication events to the
 same server are deferred and retried later until successful.

 * Replicate all refs received from push
 +
 Replication now replicates all references, not just those that
 appear under `refs/heads`, `refs/tags`, or `refs/changes`.  This
 fix may be relevant if the server supports user-private sandboxes
 such as `refs/dev/'$\{username\}'/*`.

 * issue 658 Allow refspec shortcuts (push = master) for replication

 === User Management
 * Ensure proper escaping of LDAP group names
 +
 Some special characters may appear in LDAP group names, these must be
 escape when looking up the group information from JNDI, otherwise the
 lookup fails.  Fixed by applying the necessary escape sequences.

 * Let login fail if user name cannot be set
 +
 If the user name for a new account is supposed to import from LDAP
 but cannot because it is already in use by another user on this
 server, the new account won't be created.

 === Administration
 * gerrit.sh: actually verify running processes
 +
 Previously `gerrit.sh check` claimed a server was running if the
 pid file was present, even if the process itself was dead.  It now
 checks `ps` for the process before claiming it is running.

 * Don't allow exclusive branch rights to block Owner inheritance
 +
 Exclusive branch level rights prevented the a higher level branch
 owner from managing the branch rights, unless they had an additional
 access right for the exclusive rights.  Now Owner inheritance cannot
 be blocked, ensuring that the higher level owner can manage their
 entire namespace.

 * Allow overriding permissions from parent project
 +
 Permissions in the parent project could not be overridden in the
 child project.  Permissions can now be overidden if the category,
 group name and reference name all match.

 == Version
 ef16a1816f293d00c33de9f90470021e2468a709
	= Release notes for Gerrit 2.1.6

	Gerrit 2.1.6 is now available:

	link:https://www.gerritcodereview.com/download/gerrit-2.1.6.war[https://www.gerritcodereview.com/download/gerrit-2.1.6.war]

	== Schema Change

	WARNING This release contains multiple schema changes. To upgrade:
	----
	java -jar gerrit.war init -d site_path
	----


	== New Features

	=== Web UI
	* issue 312 Abandoned changes can now be restored.
	* issue 698 Make date and time fields customizable
	* issue 556 Preference to display patch sets in reverse order
	* issue 584 Allow deleted and/or uncommented files to be skipped

	* Use HistogramDiff for content differences
	+
	HistogramDiff is an adaptation of Bram Cohen's Patience Difference
	algorithm, and was recently included in the upstream JGit project.
	Patience Difference tends to produce more readable differences for
	source code files, and JGit's HistogramDiff implementation tends to
	run several times faster than the prior Myers O(ND) algorithm.

	* Automatic merge file content during submit
	+
	Project owners can now enable file-level content merge during submit,
	allowing Gerrit to automatically resolve many path conflict cases.
	This is built upon experimental merge code inherited from JGit,
	and is therefore still experimental in Gerrit.

	=== Change Query
	* issue 688 Match branch, topic, project, ref by regular expressions
	+
	Similar to other features in Gerrit Code Review, starting any of these
	expressions with \^ will now treat the argument as a regular
	expression instead of an exact string match.

	* Search changes by commit messages with `message:` operator.

	* issue 729 query: Add a \--all-approvals option to queries
	+
	The new flag includes approval information for all patch sets in the
	resulting query output.

	Notifications
	~~~~~~~~~~~~
	* Customize email notification templates
	+
	Email notifications are now driven by the Velocity template engine,
	and may be modified by the site administrator by editing a template
	file under `'$site_path'/etc/mail`.

	* issue 311 Clarify email texts/subject
	+
	The default email notification formatting was changed to make the
	subject lines and message bodies more consistent, and easier to
	understand.

	* issue 204 Add project list popup under Settings > Watched Projects
	+
	The project list panel makes it easier for users to browse all
	projects they have at least READ +1 access to, and add them to their
	watched project set so notifications can be configured.

	* stream-event support for all ref-update events
	+
	Whenever a ref is updated via either a direct push to a branch or a
	Gerrit change submission, Gerrit will now send a new "ref-updated"
	event to the event stream.

	=== User Management
	* SSO via client SSL certificates
	+
	A new auth.type of CLIENT_SSL_CERT_LDAP supports authenticating users
	using client SSL certificates. This feature requires using the
	embedded Jetty web server with SSL enabled, and an LDAP directory to
	lookup individual account information.

	* issue 503 Inactive accounts may be disabled.
	+
	Administrators can manually update the accounts table, setting
	inactive = `Y` to mark user accounts inactive. Inactive accounts
	cannot sign-in, cannot be added as a reviewer, and cannot be added
	to a group.

	* Improve the no-interactive-shell error message over SSH
	+
	Instead of giving a short 'no shell available' error, Gerrit Code
	Review now prints a banner letting the user know they have
	authenticated successfully, interactive shells are disabled, and how
	to clone a hosted project:
	+
	----
	$ ssh -p 29418 review.example.com

	** Welcome to Gerrit Code Review **

	Hi A. U. Thor, you have successfully connected over SSH.

	Unfortunately, interactive shells are disabled.
	To clone a hosted Git repository, use:

	git clone ssh://author@review.example.com:29418/REPOSITORY_NAME.git

	Connection to review.example.com closed.
	----

	* Configure SSHD maxAuthTries, loginGraceTime, maxConnectionsPerUser
	+
	The internal SSH daemon now supports additional configuration
	settings to reduce the risk of abuse.

	=== Administration
	* issue 558 Allow Access rights to be edited by clicking on them.

	* New 'Project Owner' system group to define default rights
	+
	The new system group 'Project Owners' can be used in access
	rights to mean any user that is a member of any group that
	has the 'Owner' access category granted within that project.
	This system group is primarily useful in higher level projects
	such as '\-- All Projects \--' to define standard access rights
	for all project owners.

	* issue 557 Allow rejection of changes without Change-Id line.
	+
	Project owners can set a flag to require all commits to include
	the Gerrit specific 'Change-Id: I...' line during initial upload,
	reducing the risk of confusion when amends need to occur to
	incorporate reviewer feedback.

	* issue 613 create-project: Add --permissions-only option
	+
	The new flag skips creating the associated Git repository, making the
	new project suitable for use as a parent to inherit permissions from.

	* create-project: Optionally create empty initial commit
	+
	The `repo` tool used by Android doesn't like to clone an empty Git
	repository, making it difficult to setup a review for the initial file
	contents. create-project can now optionally create an empty initial
	commit, permitting repo to sync the empty project.

	* Block off commands on a server for certain user groups.
	+
	The upload.allowGroup and receive.allowGroup settings in gerrit.config
	can be used to restrict which users can perform git clone/fetch or git
	push on this server. This can be useful if clone/fetch should be
	limited to only site administrators, while normal users are supposed
	to use to less expensive mirror servers.

	* issue 685 Define gerrit.replicateOnStartup to control replication
	+
	The automatic replicate every project action that occurs during server
	startup can now be disabled by setting replicateOnStartup = false.
	This is primarily useful for sites with extremely large numbers of
	projects and replication targets, but runs the risk of having a target
	be out of date relative to the master server.

	* New non-blocking function category "NoBlock"
	+
	Site defined approval categories may now use the function "NoBlock"
	to permit scoring without blocking submission. This is mostly
	useful for automated tools to provide optional feedback on a change.

	* Ability to reject commits from entering repository
	+
	The Git-note style branch `refs/meta/reject-commits` can be created
	by the project owner or site administrator to define a list of
	commits that must not be pushed into the repository. This can be
	useful after performing a project-wide filter-branch operation to
	prevent the older (pre-filter-branch) history from being reintroduced
	into the repository.

	== Bug Fixes

	=== Web UI
	* issue 498 Enable Keyboard navigation after change submit
	* issue 691 Make ']' on last file go up to change
	* issue 741 Make ENTER work for 'Create Group'
	* issue 622 Denote a symbolic link in side-by-side viewer
	* issue 612 Display empty branch list when project has no repository
	* issue 672 Fix deleting exclusive branch level rights
	* issue 645 Display 'No difference' between unchanged patchsets
	* Display groups as links to group information
	* Remove ctrl-d keybinding to discard comment, honor browser default
	* Do not auto enable save buttons, wait for changes to be made
	* Disable 'Create Group' button if group name not entered
	* Show commit message in PatchScreen if old patch sets are compared
	* Fixed a number of focus and shortcut bugs in Firefox, Chrome

	* issue 487 Work around buggy MyersDiff by killing threads
	+
	MyersDiff sometimes locked up in an infinite loop when computing
	the intraline difference information for a file. These threads
	are now killed after an administrator specified timeout
	(cache.diff_intraline.timeout, default is 5 seconds). If the
	timeout is reached the file content is displayed without intraline
	differences. This offers reduced functionality to the end-user, but
	prevents the "path of death" which usually took down a Gerrit server.

	* Hide access rights not visible to user
	+
	Users were able to view access rights for branches they didn't
	actually have READ +1 permission on. This may have leaked
	information about branches and/or groups to users that shouldn't
	know about code names contained within either string. Users that
	are not project owners may now only view access rights for branches
	they have at least READ +1 permission on.

	=== Change Query
	* issue 689 Fix age:4days to parse correctly
	* Make branch: operator slightly less ambiguous

	=== Push Support
	* issue 695 Permit changing only the author of a commit
	+
	Correcting only the author of a change failed to upload the new patch
	set onto the existing change, as neither the message nor the files
	were modified. Fixed.

	* issue 576 Allow Push Branch +3 to force replace a tag
	+
	Previously it was not possible to replace a tag object, even if
	`git push \--force` was used. Fixed.

	* issue 690 Refuse to run receive-pack if refs/for/branch exists
	+
	If a server repository was corrupted by an administrator manually
	creating a reference within the magical refs/for/ namespace, Gerrit
	became confused when changes were uploaded for review. If this case
	occurs push now aborts very early, with a clear error message
	indicating the problem. To recover an administrator must clear the
	refs/for/ namespace manually.

	* Allow receive-pack without Read +2 but with Push Head +1
	+
	Users who had direct branch push permission but lacked the ability to
	create changes for review were unable to push to a project. Fixed.
	This (finally) makes Gerrit a replacement for Gitosis or Gitolite.

	=== Replication
	* issue 683 Don't assume authGroup = "Registered Users" in replication
	+
	Previously a misconfigured authGroup in replication.config may have
	caused the server to assume "Registered Users" instead of the group(s)
	admin actually wanted. This may have caused the replication to see
	(or not see) the correct set of projects.

	* issue 482 Upon replication fail, automatically retry later
	+
	If replication fails (for example due to temporary network
	connectivity problems), other pending replication events to the
	same server are deferred and retried later until successful.

	* Replicate all refs received from push
	+
	Replication now replicates all references, not just those that
	appear under `refs/heads`, `refs/tags`, or `refs/changes`. This
	fix may be relevant if the server supports user-private sandboxes
	such as `refs/dev/'$\{username\}'/*`.

	* issue 658 Allow refspec shortcuts (push = master) for replication

	=== User Management
	* Ensure proper escaping of LDAP group names
	+
	Some special characters may appear in LDAP group names, these must be
	escape when looking up the group information from JNDI, otherwise the
	lookup fails. Fixed by applying the necessary escape sequences.

	* Let login fail if user name cannot be set
	+
	If the user name for a new account is supposed to import from LDAP
	but cannot because it is already in use by another user on this
	server, the new account won't be created.

	=== Administration
	* gerrit.sh: actually verify running processes
	+
	Previously `gerrit.sh check` claimed a server was running if the
	pid file was present, even if the process itself was dead. It now
	checks `ps` for the process before claiming it is running.

	* Don't allow exclusive branch rights to block Owner inheritance
	+
	Exclusive branch level rights prevented the a higher level branch
	owner from managing the branch rights, unless they had an additional
	access right for the exclusive rights. Now Owner inheritance cannot
	be blocked, ensuring that the higher level owner can manage their
	entire namespace.

	* Allow overriding permissions from parent project
	+
	Permissions in the parent project could not be overridden in the
	child project. Permissions can now be overidden if the category,
	group name and reference name all match.

	== Version
	ef16a1816f293d00c33de9f90470021e2468a709