ReleaseNotes/ReleaseNotes-2.0.24.txt - gerrit - Git at Google

 = Release notes for Gerrit 2.0.24, 2.0.24.1, 2.0.24.2

 Gerrit 2.0.24 is now available in the usual location:

 link:https://www.gerritcodereview.com/download/index.html[https://www.gerritcodereview.com/download/index.html]


 == Schema Change

 *WARNING: This version contains a schema change* (since 2.0.21)

 Apply the database specific schema script:
 ----
   java -jar gerrit.war --cat sql/upgrade018_019_postgres.sql | psql reviewdb
   java -jar gerrit.war --cat sql/upgrade018_019_mysql.sql    | mysql reviewdb
 ----


 == LDAP Change

 LDAP groups are now bound via their full distinguished name, and not
 by their common name.  Sites using LDAP groups will need to have the
 site administrator visit every LDAP backed group through the web UI
 (Admin > Groups), search for, and select the underlying LDAP group
 from the directory server.

 This change was made to remove some of the guesswork when it comes
 to setting up an LDAP enabled group, as well as to permit creating
 new LDAP enabled groups completely from the web UI.  It also removes
 an ambiguous case when different parts of the same directory space
 create identically named groups.


 == New Features
 * Check if the user has permission to upload changes
 +
 The new READ +2 permission is required to upload a change to a
 project, while READ +1 permits read but denies uploading a change.
 The schema upgrade script automatically converts READ +1 to +2.

 * Use LDAP DN to match LDAP group to Gerrit group
 * issue 297    Allow admins to search for and bind to LDAP groups
 +
 As noted above, LDAP groups now use the full DN to match to their
 Gerrit database counterpart, rather than just the common name.
 Administrators may now create Gerrit groups and attach them to
 any LDAP group, by performing a query on the LDAP directory for
 matching groups and selecting a result.

 * issue 301    Try to prevent forgotten `git add` during replace
 +
 Users are now stopped from performing a replace of a patch set if
 they have not made a meaningful change (modify a file, or modify
 the commit message).  If only the commit message was modified,
 a warning is printed, but the replace still occurs.

 * issue 126    Link to our issue tracker in the page footer
 +
 The footer now includes a link to the Gerrit project's issue
 tracker, so end-users can more easily report bugs or feature
 requests back to the developers.

 * issue 300    Support SMTP over SSL/TLS
 +
 Encrypted SMTP is now supported natively within Gerrit, see
 link:http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#sendemail.smtpEncryption[sendemail.smtpEncryption]

 == Bug Fixes
 * issue 290    Fix invalid drop index in upgrade017_018_mysql
 +
 Minor syntax error in SQL script.

 * Fixed ActiveDirectory LDAP group support. Allows recu...
 * issue 307    Set proper LDAP defaults for Active Directory
 +
 ActiveDirectory is now better supported out of the box.  Defaults
 for the LDAP configuration settings are automatically guessed at
 startup based upon the type of server configured in ldap.server.
 Recursive groups (group which is a member of a group) is also
 now supported when using an ActiveDirectory server.  Other LDAP
 servers (e.g. OpenLDAP) probably don't support this.

 * "250-AUTH " will be returned if 'AUTH' response does ...
 * Fix: Authentication fail when authTypes is empty
 * Fix a typo that broke the gerrit build
 +
 Outgoing SMTP sometimes failed to authenticate against a
 SMTP server due to slightly incorrect handling of the AUTH
 advertisement.

 * Correct scp commands in documentation to include -p
 +
 Our documentation of how to copy the commit-msg hook down via
 scp did not include the -p option, which is necessary to make
 the client preserve the executable flag on the hook script.

 * issue 291    Suggest latin1 charset for MySQL databases
 +
 Documentation was updated to encourage using latin1 for MySQL
 as MySQL fails with key too long errors during schema creation
 when the database is using the UTF-8 character set.

 * issue 294    Fix OpenID self registration dialog
 +
 OpenID 'Register' hyperlink was broken due to the dialog having
 no content added to it before display.  This bug was fixed by
 using the proper OpenID login dialog.

 * issue 309    Clear message on publish comments screen after submit...
 +
 The publish comments button preserved your last comment, making
 it easy for a user to accidentally publish the same message on
 the same change twice.  The message is now cleared after it has
 been successfully sent.

 * issue 299    Remove the branches table from the database
 * Display current branch SHA-1 in Branches tab
 * issue 299    Display not-yet-born HEAD branch in Branches tab
 +
 The not-yet-born branch in an empty project is now shown in the
 Branches tab.  (This is based on the value of the HEAD symbolic
 reference within the project's Git repository.)
 The branches table was removed from the database.  We now fully
 rely upon the Git repository to determine which branches exist
 and thus permit changes to be uploaded to.

 * issue 296    Make help more friendly over SSH
 +
 `ssh -p 29418 localhost help` is now more user friendly.

 * Don't request registration if the account exists
 * issue 38     Fix OpenID delegate authentication
 +
 OpenID authentication was sometimes asking providers for
 registation data when we already had it on hand, fixed.
 OpenID delegate identities were being stored rather than claimed
 identities when the claimed identity is just a delegate to the
 delegate provider.  We now store both in the account.

 == Fixes in 2.0.24.1
 * Fix unused import in OpenIdServiceImpl
 * dev-readme: Fix formatting of initdb command
 +
 Minor documentation/code fixes with no impact on execution.

 * Fix LDAP account lookup when user not in group
 +
 Fixes a NullPointerException when a user is not in any group
 and the underlying LDAP server is ActiveDirectory.

 * issue 315    Correct sendemail.smtppass
 +
 Fixes sendemail configuration to use the documented smtppass
 variable and not the undocumented smtpuserpass variable.

 == Fixes in 2.0.24.2
 * Fix CreateSchema to create Administrators group
 * Fix CreateSchema to set type of Registered Users group
 * Default AccountGroup instances to type INTERNAL
 * Document the various AccountGroup.Type states better
 +
 CreateSchema was broken in 2.0.24 and 2.0.24.1 due to the default
 groups being misconfigured during insertion.  Fixed.

 * Grant anonymous uses READ +1, registered users READ +...
 +
 Default permissions were a bit confusing, there is no point in an
 anonymous user having READ +2.

 * Use the H2 database for unit tests
 * Unit test for SystemConfigProvider and CreateSchema
 +
 Added unit tests to validate CreateSchema works properly, so we
 don't have a repeat of breakage here.

 == Other Changes
 * Start 2.0.24 development
 * Merge change Ie16b8ca2
 * Switch to the new org.eclipse.jgit package
 * Allow default of $JETTY_HOME in to_jetty.sh
 * LdapRealm: Remove unused throws declaration
 * LdapRealm: Fix missing type parameter warnings
 * Remove dead exists method from AccountManager
 * Document ldap.groupPattern
 * AuthSMTPClient: Fix formatting errors
 * style fixup: remote trailing whitespace from our sour...
 * show-caches: Correct example output in documentation
 * Move server programs section under User Guide
 * Revert "Remove dead exists method from AccountManager"
 * Ensure prior commit body is parsed before comparing m...
 * Gerrit 2.0.24
	= Release notes for Gerrit 2.0.24, 2.0.24.1, 2.0.24.2

	Gerrit 2.0.24 is now available in the usual location:

	link:https://www.gerritcodereview.com/download/index.html[https://www.gerritcodereview.com/download/index.html]


	== Schema Change

	WARNING: This version contains a schema change (since 2.0.21)

	Apply the database specific schema script:
	----
	java -jar gerrit.war --cat sql/upgrade018_019_postgres.sql \| psql reviewdb
	java -jar gerrit.war --cat sql/upgrade018_019_mysql.sql \| mysql reviewdb
	----


	== LDAP Change

	LDAP groups are now bound via their full distinguished name, and not
	by their common name. Sites using LDAP groups will need to have the
	site administrator visit every LDAP backed group through the web UI
	(Admin > Groups), search for, and select the underlying LDAP group
	from the directory server.

	This change was made to remove some of the guesswork when it comes
	to setting up an LDAP enabled group, as well as to permit creating
	new LDAP enabled groups completely from the web UI. It also removes
	an ambiguous case when different parts of the same directory space
	create identically named groups.


	== New Features
	* Check if the user has permission to upload changes
	+
	The new READ +2 permission is required to upload a change to a
	project, while READ +1 permits read but denies uploading a change.
	The schema upgrade script automatically converts READ +1 to +2.

	* Use LDAP DN to match LDAP group to Gerrit group
	* issue 297 Allow admins to search for and bind to LDAP groups
	+
	As noted above, LDAP groups now use the full DN to match to their
	Gerrit database counterpart, rather than just the common name.
	Administrators may now create Gerrit groups and attach them to
	any LDAP group, by performing a query on the LDAP directory for
	matching groups and selecting a result.

	* issue 301 Try to prevent forgotten `git add` during replace
	+
	Users are now stopped from performing a replace of a patch set if
	they have not made a meaningful change (modify a file, or modify
	the commit message). If only the commit message was modified,
	a warning is printed, but the replace still occurs.

	* issue 126 Link to our issue tracker in the page footer
	+
	The footer now includes a link to the Gerrit project's issue
	tracker, so end-users can more easily report bugs or feature
	requests back to the developers.

	* issue 300 Support SMTP over SSL/TLS
	+
	Encrypted SMTP is now supported natively within Gerrit, see
	link:http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#sendemail.smtpEncryption[sendemail.smtpEncryption]

	== Bug Fixes
	* issue 290 Fix invalid drop index in upgrade017_018_mysql
	+
	Minor syntax error in SQL script.

	* Fixed ActiveDirectory LDAP group support. Allows recu...
	* issue 307 Set proper LDAP defaults for Active Directory
	+
	ActiveDirectory is now better supported out of the box. Defaults
	for the LDAP configuration settings are automatically guessed at
	startup based upon the type of server configured in ldap.server.
	Recursive groups (group which is a member of a group) is also
	now supported when using an ActiveDirectory server. Other LDAP
	servers (e.g. OpenLDAP) probably don't support this.

	* "250-AUTH " will be returned if 'AUTH' response does ...
	* Fix: Authentication fail when authTypes is empty
	* Fix a typo that broke the gerrit build
	+
	Outgoing SMTP sometimes failed to authenticate against a
	SMTP server due to slightly incorrect handling of the AUTH
	advertisement.

	* Correct scp commands in documentation to include -p
	+
	Our documentation of how to copy the commit-msg hook down via
	scp did not include the -p option, which is necessary to make
	the client preserve the executable flag on the hook script.

	* issue 291 Suggest latin1 charset for MySQL databases
	+
	Documentation was updated to encourage using latin1 for MySQL
	as MySQL fails with key too long errors during schema creation
	when the database is using the UTF-8 character set.

	* issue 294 Fix OpenID self registration dialog
	+
	OpenID 'Register' hyperlink was broken due to the dialog having
	no content added to it before display. This bug was fixed by
	using the proper OpenID login dialog.

	* issue 309 Clear message on publish comments screen after submit...
	+
	The publish comments button preserved your last comment, making
	it easy for a user to accidentally publish the same message on
	the same change twice. The message is now cleared after it has
	been successfully sent.

	* issue 299 Remove the branches table from the database
	* Display current branch SHA-1 in Branches tab
	* issue 299 Display not-yet-born HEAD branch in Branches tab
	+
	The not-yet-born branch in an empty project is now shown in the
	Branches tab. (This is based on the value of the HEAD symbolic
	reference within the project's Git repository.)
	The branches table was removed from the database. We now fully
	rely upon the Git repository to determine which branches exist
	and thus permit changes to be uploaded to.

	* issue 296 Make help more friendly over SSH
	+
	`ssh -p 29418 localhost help` is now more user friendly.

	* Don't request registration if the account exists
	* issue 38 Fix OpenID delegate authentication
	+
	OpenID authentication was sometimes asking providers for
	registation data when we already had it on hand, fixed.
	OpenID delegate identities were being stored rather than claimed
	identities when the claimed identity is just a delegate to the
	delegate provider. We now store both in the account.

	== Fixes in 2.0.24.1
	* Fix unused import in OpenIdServiceImpl
	* dev-readme: Fix formatting of initdb command
	+
	Minor documentation/code fixes with no impact on execution.

	* Fix LDAP account lookup when user not in group
	+
	Fixes a NullPointerException when a user is not in any group
	and the underlying LDAP server is ActiveDirectory.

	* issue 315 Correct sendemail.smtppass
	+
	Fixes sendemail configuration to use the documented smtppass
	variable and not the undocumented smtpuserpass variable.

	== Fixes in 2.0.24.2
	* Fix CreateSchema to create Administrators group
	* Fix CreateSchema to set type of Registered Users group
	* Default AccountGroup instances to type INTERNAL
	* Document the various AccountGroup.Type states better
	+
	CreateSchema was broken in 2.0.24 and 2.0.24.1 due to the default
	groups being misconfigured during insertion. Fixed.

	* Grant anonymous uses READ +1, registered users READ +...
	+
	Default permissions were a bit confusing, there is no point in an
	anonymous user having READ +2.

	* Use the H2 database for unit tests
	* Unit test for SystemConfigProvider and CreateSchema
	+
	Added unit tests to validate CreateSchema works properly, so we
	don't have a repeat of breakage here.

	== Other Changes
	* Start 2.0.24 development
	* Merge change Ie16b8ca2
	* Switch to the new org.eclipse.jgit package
	* Allow default of $JETTY_HOME in to_jetty.sh
	* LdapRealm: Remove unused throws declaration
	* LdapRealm: Fix missing type parameter warnings
	* Remove dead exists method from AccountManager
	* Document ldap.groupPattern
	* AuthSMTPClient: Fix formatting errors
	* style fixup: remote trailing whitespace from our sour...
	* show-caches: Correct example output in documentation
	* Move server programs section under User Guide
	* Revert "Remove dead exists method from AccountManager"
	* Ensure prior commit body is parsed before comparing m...
	* Gerrit 2.0.24