ReleaseNotes/ReleaseNotes-2.4.txt - gerrit - Git at Google

 = Release notes for Gerrit 2.4

 Gerrit 2.4 is now available:

 link:https://www.gerritcodereview.com/download/gerrit-2.4.war[https://www.gerritcodereview.com/download/gerrit-2.4.war]

 == Schema Change
 *WARNING:* This release contains schema changes.  To upgrade:
 ----
   java -jar gerrit.war init -d site_path
 ----

 *WARNING:* Upgrading to 2.4.x requires the server be first upgraded to 2.1.7 (or
 a later 2.1.x version), and then to 2.4.x.  If you are upgrading from 2.2.x.x or
 newer, you may ignore this warning and upgrade directly to 2.4.x.

 == New Features

 === Security

 * Restrict visibility to arbitrary user dashboards
 +
 Administrators have some expectation when using the 'suggest.accounts'
 visibility restriction feature that users cannot get the names or
 email addresses for arbitrary accounts. In fact, because account IDs
 are sequential, it would be easy for an adversary to get personal
 information of all users on the server by requesting every user's
 dashboard.
 +
 This includes changing the meaning of the 'suggest.accounts' config
 option to be a boolean indicating whether account suggestion should
 happen at all, which is now orthogonal to the account visibility
 restriction policy. We still recognize the old values for
 'suggest.accounts', with the slight behavior change that
 'suggest.accounts=OFF' now means that users cannot access the dashboards
 of any other users. Administrators who do not want this behavior can
 update their configuration.

 * Indicate that 'not found' may actually be a permission issue

 === Web

 * Add user preference to mark files reviewed automatically or manually
 +
 Add a checkbox to the preferences header on the diff
 screen which allows a user to specify whether they
 want manual-reviewing enabled or disabled.  Previously,
 every file was auto marked reviewed when a user first
 displayed it.  The new manual mode prevents this auto
 marking and only marks a file reviewed when the user
 explicitly clicks on the reviewed checkbox.

 * Use 'Auto Merge' for merge commit's base comparison
 +
 When reviewing a merge commit, the old wording in the version history dropdown
 of 'Base' doesn't really match Gerrit's behavior.  Updating this to use
 'Auto Merge' as suggested by Shawn Pearce on IRC.

 * issue 1035 Add rebase button to the change screen
 +
 This change adds a rebase button along with the rest of
 the action buttons in the change page. When pressing the
 button, the most recent patch set will be rebased onto
 the tip of the destination branch or the latest patchset
 of the change we depend upon. A new patch set containing
 the rebased commit will be produced and added to the
 change.
 +
 Rebasing of a change in web UI is restricted to change owner, submitter or
 those with the (new) 'rebase' permission.

 * Add a new permission 'rebase' to permit rebasing changes in the web UI

 * Make a user's dashboard visible if any of the changes are visible to the
 current user.

 * Change 'Loading ...' to say 'Working ...' as, often, there is more going on
 than just loading a response.

 === Performance

 * Asynchronously send email so it does not block the UI
 * Optimize queries for open/merged changes by project + branch

 === Git

 * Implement a multi-sub-task progress monitor for ReceiveCommits

 * Close corresponding change when pushing to 'refs/heads/*'
 +
 Gerrit would not close the open changes with matching change-ids,
 when the user pushes commits directly to 'refs/heads/*'.
 +
 This issue could be triggered for two reasons:

 . It is triggered when Gerrit detects no changes between the
 pushed commits and the current patchset on the open changes. This
 patch make sure that the matching open change is always closed when
 pushing to 'refs/heads/*', even if no visible changes is detected.

 . The same commit exists on another branch than the destination
 branch. This could trick gerrit into just "re-closing" the wrong
 change.

 * Run ReceiveCommits in a shared thread pool
 +
 Since the work to ReceiveCommits may take a long, potentially unbounded
 amount of time, we would like to have it run in the background so it
 can be monitored for timeouts and cancelled, and have stalls reported
 to the user from the main thread.

 === Search

 * Add the '--dependencies' option to the 'query' command.
 +
 This option includes information about patch sets which depend on, or are
 needed by, each patch set.

 * Branch Operator: Support full branch names
 +
 The search operator for branches required the provided value to be the
 short branch name that is shown in the web interface (without the
 'refs/heads/' prefix). Change the branch operator so that it also
 supports full branch names as value.
 +
 It is intuitive that searching with 'branch:master' and searching with
 'branch:refs/for/master' deliver the same result. So far
 'branch:refs/for/master' was the same as searching with
 'refs:refs/heads/refs/heads/master' which is unexpected for most users.

 * Add comment inclusion via '&comments=true' over HTTP
 +
 With this change, we can fetch the comments on a patchset by sending a
 request to 'https://site/query?comments=true'

 === Access Rights

 * Added the 'emailReviewers' as a global capability.
 +
 This replaces the 'emailOnlyAuthors' flag of account groups.

 === Dev

 * issue 1272 Add scripts to create release notes from git log
 +
 These script generates a list of commits from git log between two given commits
 and outputs the asciidoc format containing list of commits subject and body.

 * Update URL for m2eclipse
 +
 The project is now under the Eclipse Foundation umbrella.

 * Add missing ignore for m2e prefs in gerrit-ehcache

 * Add '--issues' and '--issue_numbers' options to the 'gitlog2asciidoc.py'

 === Miscellaneous

 * Remove perl from 'commit-msg' hook
 +
 Removing perl from the commit-msg hook reduces the dependencies
 gerrit imposes on its users.

 * updating contrib 'trivial_rebase.py' for 2.2.2.1

 == Upgrades

 * Updated to Guice 3.0.
 * Updated to gwtorm 1.4.
 * Update JGit to 1.3.0.201202151440-r.75-gff13648
 * Update to gwtjsonrpc 1.3
 +
 The change also shrinks the built WAR from 38M to 23M
 by excluding the now unnecessary GWT server code.

 == Bug Fixes

 * issue 904 Users who starred a change should receive all the emails about a change.

 * Fix: 'Diff All Side-by-Side' and 'Diff All Unified' buttons
 +
 When pressing the 'Diff All Side-by-Side' or
 'Diff All Unified' button on the change screen, the
 opened browser windows/tabs shows diffs using "Base"
 as old version and the latest one as active patch set,
 regardless what has been set using the
 "Old Version History:" drop down menu and what is
 currently active patch set.
 +
 Gerrit doesn't remember the base patch set in the URL,
 making it impossible to copy-and-paste the URL to
 co-workers to show them the same diff a user is
 looking at.
 +
 This change fixes this behavior to make sure that
 the opened new browser windows shows diffs using the
 correct old patch set and active patch set.

 * Fix NPEs looking up groups by UUID in GroupCache

 * Fix default 'receive.timeout'
 +
 This should be in milliseconds, not seconds. Set the default to be
 2 minutes in milliseconds and update the documentation to reflect
 that milliseconds are the default unit of time used here.

 * Fix 'development_become_any_account' redirects
 * issue 1299 Allow configuration of optional pattern for gitweb file history link
 * Use servlet context path during logout

 * issue 1353 Fix case check for project name so that symlinks work again
 * Fix merging of access sections
 * Fix inconsistent behavior when replicating refs/meta/config
 * Fix duplicated results on status:open project:P branch:B

 == Documentation

 === Access Rights
 * Capabilities introduced
 * Kill and priority capabilities
 * Administrate server capability
 * Create account capability
 * Create group and project capability
 * Flush caches capability
 * Capability replication and view caches
 * Capability view conn. & queue
 * Example roles introduced
 * Developer example role
 * CI system example role
 * Integrator example role
 * Project owner example role
 * Administrator example role

 === Miscellaneous
 * User upload documentation: Replace changes
 * Add visible-to-all flag in the documentation for cmd-create-group
 * Add a contributing guideline for annotations
 * Add missing header for suggest.accounts documentation
 * Fix anchors for description of gitweb config parameters
 * Add missing section name to config-gerrit documentation
 * Fix documentation of ls-projects
	= Release notes for Gerrit 2.4

	Gerrit 2.4 is now available:

	link:https://www.gerritcodereview.com/download/gerrit-2.4.war[https://www.gerritcodereview.com/download/gerrit-2.4.war]

	== Schema Change
	WARNING: This release contains schema changes. To upgrade:
	----
	java -jar gerrit.war init -d site_path
	----

	WARNING: Upgrading to 2.4.x requires the server be first upgraded to 2.1.7 (or
	a later 2.1.x version), and then to 2.4.x. If you are upgrading from 2.2.x.x or
	newer, you may ignore this warning and upgrade directly to 2.4.x.

	== New Features

	=== Security

	* Restrict visibility to arbitrary user dashboards
	+
	Administrators have some expectation when using the 'suggest.accounts'
	visibility restriction feature that users cannot get the names or
	email addresses for arbitrary accounts. In fact, because account IDs
	are sequential, it would be easy for an adversary to get personal
	information of all users on the server by requesting every user's
	dashboard.
	+
	This includes changing the meaning of the 'suggest.accounts' config
	option to be a boolean indicating whether account suggestion should
	happen at all, which is now orthogonal to the account visibility
	restriction policy. We still recognize the old values for
	'suggest.accounts', with the slight behavior change that
	'suggest.accounts=OFF' now means that users cannot access the dashboards
	of any other users. Administrators who do not want this behavior can
	update their configuration.

	* Indicate that 'not found' may actually be a permission issue

	=== Web

	* Add user preference to mark files reviewed automatically or manually
	+
	Add a checkbox to the preferences header on the diff
	screen which allows a user to specify whether they
	want manual-reviewing enabled or disabled. Previously,
	every file was auto marked reviewed when a user first
	displayed it. The new manual mode prevents this auto
	marking and only marks a file reviewed when the user
	explicitly clicks on the reviewed checkbox.

	* Use 'Auto Merge' for merge commit's base comparison
	+
	When reviewing a merge commit, the old wording in the version history dropdown
	of 'Base' doesn't really match Gerrit's behavior. Updating this to use
	'Auto Merge' as suggested by Shawn Pearce on IRC.

	* issue 1035 Add rebase button to the change screen
	+
	This change adds a rebase button along with the rest of
	the action buttons in the change page. When pressing the
	button, the most recent patch set will be rebased onto
	the tip of the destination branch or the latest patchset
	of the change we depend upon. A new patch set containing
	the rebased commit will be produced and added to the
	change.
	+
	Rebasing of a change in web UI is restricted to change owner, submitter or
	those with the (new) 'rebase' permission.

	* Add a new permission 'rebase' to permit rebasing changes in the web UI

	* Make a user's dashboard visible if any of the changes are visible to the
	current user.

	* Change 'Loading ...' to say 'Working ...' as, often, there is more going on
	than just loading a response.

	=== Performance

	* Asynchronously send email so it does not block the UI
	* Optimize queries for open/merged changes by project + branch

	=== Git

	* Implement a multi-sub-task progress monitor for ReceiveCommits

	* Close corresponding change when pushing to 'refs/heads/*'
	+
	Gerrit would not close the open changes with matching change-ids,
	when the user pushes commits directly to 'refs/heads/*'.
	+
	This issue could be triggered for two reasons:

	. It is triggered when Gerrit detects no changes between the
	pushed commits and the current patchset on the open changes. This
	patch make sure that the matching open change is always closed when
	pushing to 'refs/heads/*', even if no visible changes is detected.

	. The same commit exists on another branch than the destination
	branch. This could trick gerrit into just "re-closing" the wrong
	change.

	* Run ReceiveCommits in a shared thread pool
	+
	Since the work to ReceiveCommits may take a long, potentially unbounded
	amount of time, we would like to have it run in the background so it
	can be monitored for timeouts and cancelled, and have stalls reported
	to the user from the main thread.

	=== Search

	* Add the '--dependencies' option to the 'query' command.
	+
	This option includes information about patch sets which depend on, or are
	needed by, each patch set.

	* Branch Operator: Support full branch names
	+
	The search operator for branches required the provided value to be the
	short branch name that is shown in the web interface (without the
	'refs/heads/' prefix). Change the branch operator so that it also
	supports full branch names as value.
	+
	It is intuitive that searching with 'branch:master' and searching with
	'branch:refs/for/master' deliver the same result. So far
	'branch:refs/for/master' was the same as searching with
	'refs:refs/heads/refs/heads/master' which is unexpected for most users.

	* Add comment inclusion via '&comments=true' over HTTP
	+
	With this change, we can fetch the comments on a patchset by sending a
	request to 'https://site/query?comments=true'

	=== Access Rights

	* Added the 'emailReviewers' as a global capability.
	+
	This replaces the 'emailOnlyAuthors' flag of account groups.

	=== Dev

	* issue 1272 Add scripts to create release notes from git log
	+
	These script generates a list of commits from git log between two given commits
	and outputs the asciidoc format containing list of commits subject and body.

	* Update URL for m2eclipse
	+
	The project is now under the Eclipse Foundation umbrella.

	* Add missing ignore for m2e prefs in gerrit-ehcache

	* Add '--issues' and '--issue_numbers' options to the 'gitlog2asciidoc.py'

	=== Miscellaneous

	* Remove perl from 'commit-msg' hook
	+
	Removing perl from the commit-msg hook reduces the dependencies
	gerrit imposes on its users.

	* updating contrib 'trivial_rebase.py' for 2.2.2.1

	== Upgrades

	* Updated to Guice 3.0.
	* Updated to gwtorm 1.4.
	* Update JGit to 1.3.0.201202151440-r.75-gff13648
	* Update to gwtjsonrpc 1.3
	+
	The change also shrinks the built WAR from 38M to 23M
	by excluding the now unnecessary GWT server code.

	== Bug Fixes

	* issue 904 Users who starred a change should receive all the emails about a change.

	* Fix: 'Diff All Side-by-Side' and 'Diff All Unified' buttons
	+
	When pressing the 'Diff All Side-by-Side' or
	'Diff All Unified' button on the change screen, the
	opened browser windows/tabs shows diffs using "Base"
	as old version and the latest one as active patch set,
	regardless what has been set using the
	"Old Version History:" drop down menu and what is
	currently active patch set.
	+
	Gerrit doesn't remember the base patch set in the URL,
	making it impossible to copy-and-paste the URL to
	co-workers to show them the same diff a user is
	looking at.
	+
	This change fixes this behavior to make sure that
	the opened new browser windows shows diffs using the
	correct old patch set and active patch set.

	* Fix NPEs looking up groups by UUID in GroupCache

	* Fix default 'receive.timeout'
	+
	This should be in milliseconds, not seconds. Set the default to be
	2 minutes in milliseconds and update the documentation to reflect
	that milliseconds are the default unit of time used here.

	* Fix 'development_become_any_account' redirects
	* issue 1299 Allow configuration of optional pattern for gitweb file history link
	* Use servlet context path during logout

	* issue 1353 Fix case check for project name so that symlinks work again
	* Fix merging of access sections
	* Fix inconsistent behavior when replicating refs/meta/config
	* Fix duplicated results on status:open project:P branch:B

	== Documentation

	=== Access Rights
	* Capabilities introduced
	* Kill and priority capabilities
	* Administrate server capability
	* Create account capability
	* Create group and project capability
	* Flush caches capability
	* Capability replication and view caches
	* Capability view conn. & queue
	* Example roles introduced
	* Developer example role
	* CI system example role
	* Integrator example role
	* Project owner example role
	* Administrator example role

	=== Miscellaneous
	* User upload documentation: Replace changes
	* Add visible-to-all flag in the documentation for cmd-create-group
	* Add a contributing guideline for annotations
	* Add missing header for suggest.accounts documentation
	* Fix anchors for description of gitweb config parameters
	* Add missing section name to config-gerrit documentation
	* Fix documentation of ls-projects