ReleaseNotes/ReleaseNotes-2.10.3.txt - gerrit - Git at Google

 = Release notes for Gerrit 2.10.3

 Download:
 link:https://www.gerritcodereview.com/download/gerrit-2.10.3.war[
 https://www.gerritcodereview.com/download/gerrit-2.10.3.war]

 == Important Notes

 *WARNING:* There are no schema changes from
 link:ReleaseNotes-2.10.2.html[2.10.2], but Bouncycastle was upgraded to 1.51.
 It is therefore important to upgrade the site with the `init` program, rather
 than only copying the .war file over the existing one.

 *WARNING:* When upgrading from version 2.8.4 or older with a site that uses
 Bouncy Castle Crypto, new versions of the libraries will be downloaded. The old
 libraries should be manually removed from site's `lib` folder to prevent the
 startup failure described in
 link:https://code.google.com/p/gerrit/issues/detail?id=3084[Issue 3084].

 It is recommended to run the `init` program in interactive mode. Warnings will
 be suppressed in batch mode.

 ----
   java -jar gerrit.war init -d site_path
 ----

 == New Features

 * Support hybrid OpenID and OAuth2 authentication
 +
 OpenID auth scheme is aware of optional OAuth2 plugin-based authentication.
 This feature is considered to be experimental and hasn't reached full feature set yet.
 Particularly, linking of user identities across protocol boundaries and even from
 one OAuth2 identity to another OAuth2 identity wasn't implemented yet.

 === Configuration

 * Allow to configure
 link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.10.3/config-gerrit.html#sshd.rekeyBytesLimit[
 SSHD rekey parameters].

 == SSH

 * Update SSHD to 0.14.0.
 +
 This fixes link:https://issues.apache.org/jira/browse/SSHD-348[SSHD-348] which
 was causing ssh threads allocated to stream-events clients to get stuck.
 +
 Also update SSHD Mina to 2.0.8 and Bouncycastle to 1.51.

 * link:https://code.google.com/p/gerrit/issues/detail?id=2797[Issue 2797]:
 Add support for ECDSA based public key authentication.

 == Bug Fixes

 * Prevent wrong content type for CSS files.
 +
 The mime-util library contains two content type mappings for .css files:
 `application/x-pointplus` and `text/css`.  Unfortunately, using the wrong one
 will result in most browsers discarding the file as a CSS file.  Ensure we only
 use the correct type for CSS files.

 * link:https://code.google.com/p/gerrit/issues/detail?id=3289[Issue 3289]:
 Prevent NullPointerException in Gitweb servlet.

 === Replication plugin

 * Set connection timeout to 120 seconds for SSH remote operations.
 +
 The creation of a missing Git, before starting replication, is a blocking
 operation. By setting a timeout, we ensure the operation does not get stuck
 forever, essentially blocking all future remote git creation operations.

 === OAuth extension point

 * Respect servlet context path in URL for login token
 +
 On sites with non empty context path, first redirect was broken and ended up
 with 404 Not found.

 * Invalidate OAuth session after web_sessions cache expiration
 +
 After web session cache expiration there is no way to re-sign-in into Gerrit.

 === Daemon

 * Print proper names for tasks in output of `show-queue` command.
 +
 Some tasks were not displayed with the proper name.

 === Web UI

 * link:http://code.google.com/p/gerrit/issues/detail?id=3044[Issue 3044]:
 Remove stripping `#` in login redirect.

 === SSH

 * Prevent double authentication for the same public key.


 == Performance

 * Improved performance when creating a new branch on a repository with a large
 number of changes.


 == Upgrades

 * Update Bouncycastle to 1.51.

 * Update SSHD to 0.14.0.
	= Release notes for Gerrit 2.10.3

	Download:
	link:https://www.gerritcodereview.com/download/gerrit-2.10.3.war[
	https://www.gerritcodereview.com/download/gerrit-2.10.3.war]

	== Important Notes

	WARNING: There are no schema changes from
	link:ReleaseNotes-2.10.2.html[2.10.2], but Bouncycastle was upgraded to 1.51.
	It is therefore important to upgrade the site with the `init` program, rather
	than only copying the .war file over the existing one.

	WARNING: When upgrading from version 2.8.4 or older with a site that uses
	Bouncy Castle Crypto, new versions of the libraries will be downloaded. The old
	libraries should be manually removed from site's `lib` folder to prevent the
	startup failure described in
	link:https://code.google.com/p/gerrit/issues/detail?id=3084[Issue 3084].

	It is recommended to run the `init` program in interactive mode. Warnings will
	be suppressed in batch mode.

	----
	java -jar gerrit.war init -d site_path
	----

	== New Features

	* Support hybrid OpenID and OAuth2 authentication
	+
	OpenID auth scheme is aware of optional OAuth2 plugin-based authentication.
	This feature is considered to be experimental and hasn't reached full feature set yet.
	Particularly, linking of user identities across protocol boundaries and even from
	one OAuth2 identity to another OAuth2 identity wasn't implemented yet.

	=== Configuration

	* Allow to configure
	link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.10.3/config-gerrit.html#sshd.rekeyBytesLimit[
	SSHD rekey parameters].

	== SSH

	* Update SSHD to 0.14.0.
	+
	This fixes link:https://issues.apache.org/jira/browse/SSHD-348[SSHD-348] which
	was causing ssh threads allocated to stream-events clients to get stuck.
	+
	Also update SSHD Mina to 2.0.8 and Bouncycastle to 1.51.

	* link:https://code.google.com/p/gerrit/issues/detail?id=2797[Issue 2797]:
	Add support for ECDSA based public key authentication.

	== Bug Fixes

	* Prevent wrong content type for CSS files.
	+
	The mime-util library contains two content type mappings for .css files:
	`application/x-pointplus` and `text/css`. Unfortunately, using the wrong one
	will result in most browsers discarding the file as a CSS file. Ensure we only
	use the correct type for CSS files.

	* link:https://code.google.com/p/gerrit/issues/detail?id=3289[Issue 3289]:
	Prevent NullPointerException in Gitweb servlet.

	=== Replication plugin

	* Set connection timeout to 120 seconds for SSH remote operations.
	+
	The creation of a missing Git, before starting replication, is a blocking
	operation. By setting a timeout, we ensure the operation does not get stuck
	forever, essentially blocking all future remote git creation operations.

	=== OAuth extension point

	* Respect servlet context path in URL for login token
	+
	On sites with non empty context path, first redirect was broken and ended up
	with 404 Not found.

	* Invalidate OAuth session after web_sessions cache expiration
	+
	After web session cache expiration there is no way to re-sign-in into Gerrit.

	=== Daemon

	* Print proper names for tasks in output of `show-queue` command.
	+
	Some tasks were not displayed with the proper name.

	=== Web UI

	* link:http://code.google.com/p/gerrit/issues/detail?id=3044[Issue 3044]:
	Remove stripping `#` in login redirect.

	=== SSH

	* Prevent double authentication for the same public key.


	== Performance

	* Improved performance when creating a new branch on a repository with a large
	number of changes.


	== Upgrades

	* Update Bouncycastle to 1.51.

	* Update SSHD to 0.14.0.