blob: e0d8c12e438af5fa54bc4f9bc463cee6a96a86fb [file] [log] [blame]
Release notes for Gerrit 2.1.2
Gerrit 2.1.2 is now available in the usual location:
Schema Change
*WARNING* This release contains multiple schema changes. To upgrade:
java -jar gerrit.war init -d site_path
* issue 421 Force validation of the author and committer lines
The author line must now match the authenticated user when uploading a
change, and both author and committer must match when pushing directly
into a branch with the Push Branch permission. This is a new
restriction that did not exist in prior versions and was necessary to
close a hole that permitted users to completely forge commits if they
had Push Branch +1 granted.
Project owners may grant the new Forge Identity permission to permit a
user group to forge the author and/or committer lines in commit
objects they are pushing for review, or directly into a branch. To
match prior behavior grant Forge Identity +1 where Read +2 (Upload)
exists, and Forge Identity +2 where Push Branch >= +1 exists.
New Features
UI - Diff Viewer
* issue 169 Highlight line-level (aka word) differences in files
Differences within a replaced line are now highlighted with a
brighter red or green background color. Some heuristics are
applied to identify and highlight reindented blocks in popular
C/C++/Java/C#-like and Python-like languages. The highlighting
algorithm is still simple and could benefit from more fine-tuning,
as its largely driven by a simple Myers O(ND) character difference
over the replaced lines.
The configuration variable cache.diff.intraline can be used to
disable this feature site-wide, if it causes problems.
* Improve side-by-side viewer look-and-feel
The look-and-feel of the side-by-side viewer (and also of the unified
viewer) has been significantly improved in this release. Coloring of
regions is more consistently applied, reducing reader distraction.
Comment boxes use a cleaner display, and take up less space per line.
* Adjustable patch display settings
Users can now set the tab size or number of columns when displaying a
patch. Toggles are also available to enable or disable syntax
coloring, intraline differences, whitespace errors, and visible tabs.
* issue 416 Add download links to side-by-side viewer
The side-by-side viewer now offers links to download the complete file
of either the left or right side. To protect the users from malicious
cross-site scripting attacks, the download links force the content to
be wrapped inside of a ZIP archive with a randomized file name.
Server administrators may use the configuration setting
to avoid this wrapping if they trust users to only upload safe file
* Improve performance of 'Show Full Files'
The 'Show Full File' checkbox in the file viewers no longer requires
an RPC if the file is sufficiently small enough and syntax coloring
was enabled. The browser can update the UI using the cached data it
already has on hand.
* Show old file paths on renamed/copied files
If a file was renamed or copied, the side-by-side viewer now shows the
old file path in the column header instead of the generic header text
'Old Version'.
* Improved character set detection
Gerrit now uses the Mozilla character set detection algorithm when
trying to determine what charset was used to write a text file.
For UTF-8 or ISO-8859-1/ASCII users, there should be no difference
over prior releases. With this change, the server can now also
automatically recognize source files encoded in:
a. Chinese (ISO-2022-CN, BIG5, EUC-TW, GB18030, HZ-GB-23121)
b. Cyrillic (ISO-8859-5, KOI8-R, WINDOWS-1251, MACCYRILLIC, IBM866, IBM855)
c. Greek (ISO-8859-7, WINDOWS-1253)
d. Hebrew (ISO-8859-8, WINDOWS-1255)
e. Japanese (ISO-2022-JP, SHIFT_JIS, EUC-JP)
f. Korean (ISO-2022-KR, EUC-KR)
g. Unicode (UTF-8, UTF-16BE / UTF-16LE, UTF-32BE / UTF-32LE / X-ISO-10646-UCS-4-34121 / X-ISO-10646-UCS-4-21431)
h. WINDOWS-1252
* issue 405 Add canned per-line comment reply of 'Done'
* issue 380 Use N/P to jump to next/previous comments
* Use a tooltip to explain whitespace errors
UI - Other
* issue 408 Show summary of code review, verified on all open changes
The open changes views now show the status summary columns, just like
a user dashboard shows. This requires an extra RPC per page display,
but can save user time when trying to identify which reviews should be
* Only enable 'Delete' button when there are selections
In Settings panels the delete button is enabled only if at least one
row has been selected to be removed.
* SSH commands stop option parsing on \--
Like most POSIX commands, `\--` now signifies the end of options for
any command accessible over SSH.
* Include formatted HTML documentation in WAR
Official release WARs now contain the formatted HTML documentation,
and a 'Documentation' menu will display in the main UI (alongside
'All', 'My', 'Admin') to help users access the local copy rather
than jumping to the remote Google Code project site.
* Enhanced patch set download commands
Download commands for patch sets are now offered as a tabbed panel,
allowing the user to select between 'repo download', 'git pull',
or 'git fetch ... && git cherry-pick' or 'git fetch ... && git
format-patch' styles, as well as to select the transport protocol
used, including anonymous Git or HTTP, or authenticated SSH or HTTP.
The current selections are remembered for signed-in users, permitting
end-users to quickly reuse their preferred method of grabbing a
patch set.
* Theme the web UI with different skin colors
Site administrators can now theme the UI with local site colors
by setting theme variables in gerrit.config.
* issue 60 Change permissions to be branch based
Almost all permissions are now per-branch within each project. This
includes Code Review, Verified, Submit, Push Branch, and even Owner.
Permissions can be set on a specific branch, or on a wildcard that
matches all branches that start with that prefix. Read permission is
still handled at the project level, but future versions should support
per-branch read access as well.
* MaxNoBlock category for advisory review levels
The new MaxNoBlock category function can be used in a custom approval
category for reviews that are performed by automated lint tools.
See link:[access control]
for more details on this function.
Remote Access
* Enable smart HTTP under /p/ URLs
Git 1.6.6 and later support a more efficient HTTP protocol for both
fetch/clone and push, by relying upon Git specific server side logic.
Gerrit Code Review now includes the necessary server side support when
accessing repositories using URLs of the form
Authentication over smart HTTP URLs is performed using standard HTTP
digest authentication, with the username matching the SSH username,
but the password coming from a field that is generated by Gerrit and
accessible to the user on their Settings > SSH Keys tab.
Smart HTTP requests enter the same resource queue as SSH requests,
using the embedded Jetty server to suspend the request and later
resume it when processing resources are available. This ensures HTTP
repository requests don't overtax the server when made concurrently
with SSH requests.
* issue 392 Make hooks/commit-msg available over HTTP
The scp filesystem holding client side tools and hooks is now
available over `'$name'`. User
documentation is updated with example URLs.
* issue 470 Allow /r/I... URLs
Change-Ids can now be searched for by accessing the URL
`'Ichangeid'`, similar to how commits
can be searched by `'commitsha1'`.
* gerrit-sshd: Allow double quoted strings
SSH command arguments may now be quoted with double quotes, in
addition to single quotes. This can make it easier to intermix
quoting styles with the shell that is calling the SSH client .
Server Administration
* issue 383 Add event hook support
Site administrator managed hook scripts can now be invoked at various
points in processing. Currently these scripts are informational only
and cannot influence the outcome of an event. For more details see
* Add stream-events command
The new 'gerrit stream-events' command can be used over SSH by an
end-user to watch a live stream of any visible patch set creation,
comments and change submissions. For more details see
link:[gerrit stream-events].
* Log HTTP activity to $site_path/logs/httpd_log
When httpd.listenUrl is http:// or https://, requests are
logged into `'$site_path'/logs/httpd_log`. This mirrors the
behavior of the SSH daemon, which also logs requests into the
same directory. For proxy URLs HTTP requests aren't logged,
since the front-end server is expected to be performing the
logging. Logging can be forced on, or forced off by setting
* Allow the daemon's host key to authenticate to itself
The SSH daemon's host key can now be used to authenticate as the
magic user `Gerrit Code Review`. This user identity is blessed as
even more powerful than a user in the Administrators group, as using
it requires access to the private half of the host key. For example:
ssh -p 29418 -i site_path/etc/ssh_host_rsa_key 'Gerrit Code Review'@localhost gerrit flush-caches --all
* Allow $site_path/etc/peer_keys to authenticate peer daemons
Additional public keys for the magical 'Gerrit Code Review' user may
be specified in an OpenSSH authorized_keys style file and are
functionally equivalent to authenticating with the daemon's host key.
The keys are primarily intended to be other daemons, most likely
slaves, that share the same set of repositories and database.
* Allow suexec to run any command as any user
The new SSH based suexec command can only be invoked by the magic user
`Gerrit Code Review` and permits executing any other command as any
other registered user account. This forms the foundation of allowing
a slave daemon process to transparently proxy any write request from a
client forward to the current master.
The transparent proxy support is not yet implemented in the slave.
* Support automation of gsql by JSON, -c option
The gsql command now supports JSON as an output format, making
software driven queries over SSH easier. The -c option accepts
one query, executes it, and returns.
* Warn when a commit message isn't wrapped
During receive Gerrit warns the user if their commit messages appears
to be incorrectly formatted, by having lines that aren't hard-wrapped
or that has an extremely long subject line.
* During merge use existing author identity values
When Gerrit creates a merge commit in order to submit a change, the
author information of the merge commit is taken from the submitter.
If all of the commits being submitted were written by the submitter,
the authorship of the merge commit is copied from one of those commits
rather than from the user's preferred account information.
Bug Fixes
* Change "Publish Comments" to "Review"
The term "Publish Comments" was used on two different buttons that
performed two different actions. The first usage was to open the
screen which shows the scoring buttons, provides the cover letter
editor, and shows the in-line comments for final review before
publication. The button that opens that review screen has been
renamed "Review". The second usage of the button was to actually send
out the notification emails, and expose the comments to others. This
button is still called "Publish Comments".
* issue 448 Disable syntax highlighting on unified views
Syntax highlighting in the unified patch view isn't useful if it hides
the added and removed lines red/green text color. Disable it entirely
so the add/remove coloring shows up instead.
* Disable 'Syntax Highlighting' and 'Show Full File' on big files
If the file is really big (over 9000 lines), 'Show Full File' is
actually disabled on the server side, to prevent the client from
being overrun with data. The UI now reflects this by disabling
the checkbox for the user, and adds a tooltip to indicate why its
greyed out.
* Don't try to syntax highlight plain text
Plain text files can't benefit from syntax highlighting, its actually
more confusing than it is useful. Skip highlighting on them.
* issue 251 Fix bad syntax highlighting
Prior versions performed syntax highlighting on a per-line basis,
resulting in confusing or bogus results in multi-line contexts like
C/Java's "/\* ... \*/" style comment. Fixed by performing
highlighting on the entire file contents, even if only some lines are
displayed to meet the user's context setting.
* Ensure vertical tabs are visible
Vertical tab markers are red, which means they can be hidden against a
whitespace error, or deleted region marker. Tabs are now shown as
black against these cases.
* Handle bare CR in the middle of a line
If a CR ("\r") appears in the middle of a line rather than nestled
against an LF as a CRLF pair, its now displayed as a whitespace
error, and the line isn't broken at the CR. This fixes an issue
where a mostly CRLF file with a single malformed line ending caused
the side-by-side display to render incorrectly (or not at all).
* issue 438 Skip gitlink modes as we can't get a content difference
The special gitlink mode inside of a tree points to a commit in the
submodule project. We can't show the content of it inside of the
* issue 456 Support enter to submit on most forms
Enter key on a lot of forms did not activate the reasonable default
action, e.g. add a reviewer to an existing review. Fixed.
* issue 347 Improve handling of files renamed between patch sets
Comment counts in the "history" section of a file viewer were not
displayed when the file was renamed between two different patch sets
of the same change. Fixed.
* Fix the style of the Reviewed column header
The reviewed column header wasn't displaying with the same style as
its siblings. Fixed.
* Fix duplicate "Needed By" pointers between changes
If a change's current patch set was used as the parent for multiple
patch sets of another change, that dependent change showed up more
than once in the "Needed By" list. Fixed.
* Expand group names to be 255 characters
* Update URL for GitHub's SSH key guide
* issue 314 Hide group type choice if LDAP is not enabled
* Send missing dependencies to owners if they are the only reviewer
If the owner of the change is the only reviewer and the change can't
be submitted due to a missing dependency, Gerrit failed to send out an
email notification. Fixed.
* issue 387 Use quoted printable strings in outgoing email
Names or subjects with non-ASCII characters were not quoted properly
in the email notification headers. Fixed.
* issue 475 Include the name/email in email body if not in envelope
When the email address from line is a generic server identity,
there is no way to know who wrote a comment or voted on a change.
An additional from line is now injected at the start of the email
body to indicate the actual user.
Remote Access
* issue 385 Delete session cookie when session is expired
If the session expires and the user clicks "Close" in the session
expired popup dialog box, delete the cookie so the user can continue
to use the website as an anonymous user.
* Dequote saved OpenID URLs
Certain OpenID URLs were getting double quotes thrown around them
after being saved in the last identity cookie on the client. The
quotes were loading back into the dialog on a subsequent sign-in
attempt, resulting in an error as double quotes aren't valid in an
HTTP URL. Fixed by dropping the quotes if present.
* Fix NoShell to flush the error before exiting
Sometimes users missed the standard error message that indicated no
shell was available, due to a thread race condition not always
flushing the outgoing buffer. Fixed.
* issue 488 Allow gerrit approve to post comments on closed changes
The 'gerrit approve' command previously refused to work on a closed
change, but the web UI permitted comments to be added anyway.
Fixed by allowing the command line tool to also post comments to
closed changes.
* issue 466 Reject pushing to invalid reference names
Gerrit allowed the invalid `HEAD:/refs/for/master` push refspec
to actually create the branch `refs/heads/refs/for/master`, which
confused any other client trying to push. Fixed.
* issue 485 Trim the username before requesting authentication
LDAP usernames no longer are permitted to start with or end with
whitespace, removing a common source of typos that lead to users
being automatically assigned more than one Gerrit user account.
Server Administration
* daemon: Really allow httpd.listenUrl to end with /
If httpd.listenUrl ended with / the configuration got botched during
init and the site didn't work as expected. Fixed by correctly
handling an optional trailing / in this variable.
* issue 478 Catch daemon startup failures in error_log
Startup errors often went to /dev/null, leaving the admin wondering
why the server didn't launch as expected. Fixed.
* issue 483 Ensure uncaught exceptions are logged
Some exceptions were reaching the top of the stack frame without
being caught and logged, causing the JRE to print the exception to
stderr and then terminate the thread. Since stderr was redirected
to /dev/null by, we usually lost these messages. Exception
handlers are now installed to trap and log any uncaught errors.
* issue 451 Wait until the daemon is serving requests
The script now waits until the daemon is actually running
and able to serve requests before returning to the caller with a
successful exit status code. This makes it easier to then start up
dependent tasks that need the server to be ready before they can run.
* Don't use let, dash doesn't support it
/bin/sh on Debian/Ubuntu systems is dash, not bash. The dash
shell does not support the let command.
* Correct JAVA_HOME behavior
JAVA_HOME now can be overridden by container.javaHome, as the
documentation states.
* init: Only suggest downloading BouncyCastle on new installs
Upgrades of an existing installation which has not installed the
BouncyCastle library shouldn't be encouraged to download and install
the library again. The administrator has already chosen not to use
it, we shouldn't nag them about it.
* issue 389 Catch bad commentlink patterns and report them
A bad commentlink.match pattern could cause the change screen to
simply not load, with no errors in the server log, and nothing
immediately visible on the client. Most bad patterns are now caught
during server startup and are reported in the server error_log.
Certain failures are caught on the client side, and sent to the server
error log over RPC. Bad patterns are simply skipped when logged.
* issue 419 MySQL: Fix account\_group\_members\_audit removed\_on
MySQL has a "feature" which prevented the removed_on column from being
NULL when we meant for it to be NULL. Fixed by using the MySQL
suggested work around, which is non-standard SQL.
* issue 424 WAR truncated during init
init sometimes truncated the WAR file to 0 bytes if it was running
from the destination WAR. Fixed by using JGit's LockFile class which
writes to a temporary file and does an atomic rename to finish.
* issue 423 Bind to LDAP using only the end-user identity
Microsoft Active Directory doesn't support anonymous binds, and some
installations might not be able to create a generic role account for
Gerrit Code Review. The new auth.type LDAP_BIND permits Gerrit to
authenticate using only the end-user's credentials, avoiding the need
for an anonymous or role account bind.
* issue 423 Defer LDAP server type discovery until first authentication
Microsoft Active Directory wasn't being detected, because the
anonymous bind during server startup failed. Instead the server
type is detected during the first user authentication, where we
have a valid directory context to query over.
* issue 486 Reload UI if code split fails to download
If the server gets upgraded and the user hasn't reloaded their
browser tab since the upgrade, opening a new section of the UI
sometimes failed. Fixed by executing an implicit reload in these
cases, reducing the number of times a user sees a failure.
* issue 427 Adjust SocketUtilTest to be more likely to pass
Some DNS environments, especially those based on OpenDNS, were failing
this test case during a build because the upstream resolver was
returning back a bogus record for an invalid domain name. The test
was adjusted to use a name that is less likely to be resolved by a
broken upstream resolver.
* Fix /become?user_name=... under GWT debugger
The /become URL now accepts ?user_name=who to authenticate, making
it easier to setup a launch configuration to debug a particular
user account in development.
* Show localhost based SSH URLs
SSH URLs using localhost as the hostname are now visible in the
web UI, making it easier to copy and paste SSH URLs when debugging
fetching of changes.
* issue 490 Try Titlecase class name first when launching programs
Launching daemon or init from the classes directory on a case
insensitive filesystem like Mac OS X HFS+ or Windows NTFS failed.
* Misc. license issues
The CDDL javax.servlet package was replaced by an Apache License 2.0
implementation from the Apache Foundation. The unnecessary OpenXRI
package, which was never even included in the distribution, was
removed from the license file.
Schema Changes in Detail
* Remove Project.Id and use only Project.NameKey
The project_id column was dropped from the projects table, and all
associated subtables, and only the name is now used to link records
in the database. This simplifies the schema for eventual changes
onto less-traditional storage systems.
* Move sshUserName from Account to AccountExternalId
The ssh\_user\_name column in accounts was moved to an additional row
in account\_external\_ids, using external\_id prefix `username:`.
This removes the non-primary key unique index from the table, making
it easier to move to less traditional storage systems.
* Replace all transactions with single row updates
Schema update operations have been reworked to not require multi-row
transaction support in the database. This makes it easier to port
onto a distributed storage system where multi-row atomic updates
aren't possible, or to run on MySQL MyISAM tables.
Other Changes
* Update gwtorm to 1.1.4-SNAPSHOT
* Add unique column ids to every column
* Remove unused byName @SecondaryKey from ApprovalCategory
* Remove @SecondaryKey from AccountGroup
* documentation: Remove mention of mysql_nextval.sql script
* Drop MySQL function nextval_project_id
* documentation: Remove project_id from manual insert
* Update JGit to
* Split the core receive logic out of the SSH code
* Move toProject into PageLinks for reuse
* Correct SSH Username to be just Username
* Don't display the magic username identity on the identities tab
* Show Status column header on the SSH key table
* Queue smart HTTP requests alongside SSH requests
* Add a password field to the account identities
* Authenticate /p/ HTTP and SSH access by password
* Advertise the smart HTTP URLs to references
* Refactor the SSH session state
* Fixing Eclipse settings file
* Add --commit to comment-added as there was previously no way to kno...
* Fix imports inside of
* Fix crash while loading project Access tab
* Replace our own @Nullable with javax.annotation.Nullable.
* Correctly hide delete button on inherited permissions
* Allow per-branch OWN +1 to delegate branch ownership
* Block inheritance by default on per-branch permissions.
* Simplify FunctionState as discussed previously
* Restore delete right checkboxes in wild card project
* issue 393 Require branch deletion permission for pushes over HTTP
* issue 399 Update JGit to
* Add standard eclipse generated files to .gitignore
* Don't reformat the source if the files are identical
* Fix schema 27 upgrade for H2
* Update JGit to
* Manage database connections directly in PatchScriptFactory
* issue 425 Update user documentation to explain branch access control
* Update to gwtjsonrpc 1.2.2-SNAPSHOT
* Allow refs/* pattern on new reference rights
* Trim reference name from user when adding access right
* Execute Git commands with AccessPath.GIT
* Update to GWT 2.0.1
* Update to Ehcache 1.7.2
* Update to mime-util 2.1.3
* Update to H2 1.2.128
* issue 442 Fix IncorrectObjectTypeException on initial commit
* Compute allowed approval categories separately.
* Move new change display to PostReceiveHook
* Drop unused formatLanguage property from patch table
* issue 447 documentation: Improve Apache mod_proxy configuration
* issue 445 Fix whitespace errors with word diff enabled
* issue 439 Move syntax highlighting back to client
* Remove Mozilla Rhino from our build
* Add missing step to add gwtui_dbg configuration
* Remove useless imports from Schema_28
* Fix upgrading H2 from schema 20 to current
* Move release notes into the repository
* issue 454 documentation: Improve bugzilla link example to include #
* Drop unused err PrintWriter in Receive
* documentation: Describe how to do case insensitive commentlink
* Add patch releases to release notes
* Update to gwtorm 1.1.4, gwtjsonrpc 1.2.2, gwtexpui 1.2.1
* Update to GWT 2.0.2
* documentation: Remove stupid ReleaseNotes build rules
* documentation: Use a per-version directory
* Draft 2.1.2 release notes
* documentation: Fix version number to only consider x.y.z format
* Drop XRI related support from our notices list
* documentation: Correct sorting error in notices
* documentation: Add JSR 305 and AOP Alliance to licenses
* documentation: Correct links to the MPL 1.1 license
* Replace CDDL javax.servlet with APLv2 implementation
* documentation: Document database.pool* variables
* Update 2.1.2 release notes to mention juniversalchardet
* Fix whitespace ignore feature
* Fix database connection leak in git-receive-pack
* Delay marking a file reviewed until its displaying
* Simplify patch display to a single RPC
* Fix missing right side border of history, dependency tables
* Cleanup useless leftmost/rightmost CSS classes
* Don't RPC to load the full file if we already have it
* Add Forge Identity +3 to permit pushing filtered history
* Fix source code formatting in RefControl
* Fix combined diffs on merge commits
* Fix SparseFileContent for delete-only patches
* Simplify some CSS rules for side-by-side viewer
* Color entire replace block same background shade
* Cleanup CSS for side-by-side view when there are character differen...
* documentation: Fix typo on the word database
* Always use class wdc on replace line common sections
* Fix side-by-side table header CSS glitch
* Fix file line padding in side-by-side viewer
* Improve the way inline comments are shown
* Fix side by side view column headers to use normal font
* Tweak the intraline difference heuristics
* Refactor and add to streaming events schema
* Documentation schema for stream-events command
* Fix source code formatting errors in MergeOp
* Cleanup display of branches panel when gitweb isn't configured
* Fix "Show Tabs" checkbox
* Update 2.1.2 release notes
* Reorganize 2.1.2 release notes into categories
* Hide syntax highlighting checkbox in unified view
* Change default tab width to 8
* Ensure drafts redisplay when refreshing the page
* issue 473 Don't aggressively coalesce across lines
* Fix intraline difference off-by-one when LF is added
* Mark add or delete regions with darker colors
* Invalidate the diff cache
* Fix build breakage due to missing constants
* Fix editable username when authType is LDAP or HTTP_LDAP
* issue 481 Fix enter with completion in add reviewer box
* Make intraline differences easier to debug
* Avoid "es" replaced by "es = Address"
* Cleanup line insertions joined against indentation change
* Change become to use user_name field
* Stop leaking patch controls CSS to other widgets
* Fix coloring of tab markers in syntax highlighting
* Fix toggling syntax highlighting on partial file
* Permit use of syntax highlighting in unified view
* Use hunk background colors on unified views with syntax highlighting
* Fix source code formatting in
* issue 483 Log the type of a non-task after it executes
* Update to GWT 2.0.3
* issue 489 Drop host name resolution failure test
* issue 483 Remove reliance on afterExecute from WorkQueue