Merge branch 'stable-2.13' into stable-2.14

* stable-2.13:
  Change bouncycastle urls
  ListAccess: Fix incorrect behavior when group appears twice for same rule

Change-Id: I5c5f4522d4297e3b98f880bdbdad519cf5dfb187
diff --git a/.bazelignore b/.bazelignore
new file mode 100644
index 0000000..30f1613
--- /dev/null
+++ b/.bazelignore
@@ -0,0 +1 @@
+eclipse-out
diff --git a/.bazelproject b/.bazelproject
new file mode 100644
index 0000000..41bb27f
--- /dev/null
+++ b/.bazelproject
@@ -0,0 +1,20 @@
+# The project view file (.bazelproject) is used to import Gerrit Bazel packages into the IDE.
+#
+# See: https://ij.bazel.io/docs/project-views.html
+
+directories:
+  .
+  -eclipse-out
+  -contrib
+  -gerrit-package-plugins
+  -logs
+  -./.metadata
+  -./.settings
+  -./.apt_generated
+
+targets:
+  //...:all
+
+java_language_level: 8
+
+workspace_type: java
diff --git a/.bazelrc b/.bazelrc
index 00acd27..bf3aa6c 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -1 +1,17 @@
-build --strategy=Javac=worker
+build --workspace_status_command="python ./tools/workspace_status.py" --strategy=Closure=worker
+build --repository_cache=~/.gerritcodereview/bazel-cache/repository
+build --action_env=PATH
+build --disk_cache=~/.gerritcodereview/bazel-cache/cas
+build --java_toolchain //tools:error_prone_warnings_toolchain
+
+# Enable strict_action_env flag to. For more information on this feature see
+# https://groups.google.com/forum/#!topic/bazel-discuss/_VmRfMyyHBk.
+# This will be the new default behavior at some point (and the flag was flipped
+# shortly in 0.21.0 - https://github.com/bazelbuild/bazel/issues/7026). Remove
+# this flag here once flipped in Bazel again.
+build --incompatible_strict_action_env
+
+test --build_tests_only
+test --test_output=errors
+
+import %workspace%/tools/remote-bazelrc
diff --git a/.bazelversion b/.bazelversion
new file mode 100644
index 0000000..227cea2
--- /dev/null
+++ b/.bazelversion
@@ -0,0 +1 @@
+2.0.0
diff --git a/.buckconfig b/.buckconfig
deleted file mode 100644
index 3ce69da..0000000
--- a/.buckconfig
+++ /dev/null
@@ -1,35 +0,0 @@
-[alias]
-  api = //:api
-  chrome = //:chrome
-  docs = //Documentation:searchfree
-  firefox = //:firefox
-  gerrit = //:gerrit
-  gwtgerrit = //:gwtgerrit
-  headless = //:headless
-  polygerrit = //:polygerrit
-  release = //:release
-  releasenotes = //ReleaseNotes:html
-  safari = //:safari
-  soyc = //gerrit-gwtui:ui_soyc
-  soyc_r = //gerrit-gwtui:ui_soyc_r
-  withdocs = //:withdocs
-
-[buildfile]
-  includes = //tools/default.defs
-
-[java]
-  jar_spool_mode = direct_to_jar
-  src_roots = java, resources, src
-  source_level = 8
-  target_level = 8
-
-[project]
-  ignore = .git, eclipse-out, bazel-gerrit, bin
-  parallel_parsing = true
-
-[cache]
-  mode = dir
-  dir = ~/.gerritcodereview/buck-cache/locally-built-artifacts
-
-[test]
-  excluded_labels = manual
diff --git a/.buckversion b/.buckversion
deleted file mode 100644
index f5fe016..0000000
--- a/.buckversion
+++ /dev/null
@@ -1 +0,0 @@
-e64a2e2ada022f81e42be750b774024469551398
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
new file mode 100644
index 0000000..434dc95
--- /dev/null
+++ b/.git-blame-ignore-revs
@@ -0,0 +1,24 @@
+# git hyper-blame master ignore list.
+#
+# This file contains a list of git hashes of revisions to be ignored by git
+# hyper-blame. These revisions are considered "unimportant" in that they are
+# unlikely to be what you are interested in when blaming.
+#
+# Instructions:
+# - Only large (generally automated) reformatting or renaming commits should be
+#   added to this list. Do not put things here just because you feel they are
+#   trivial or unimportant. If in doubt, do not put it on this list.
+# - Precede each revision with a comment containing the first line of its log.
+#   For bulk work over many commits, place all commits in a block with a single
+#   comment at the top describing the work done in those commits.
+# - Only put full 40-character hashes on this list (not short hashes or any
+#   other revision reference).
+# - Append to the bottom of the file (revisions should be in chronological order
+#   from oldest to newest).
+# - Because you must use a hash, you need to append to this list in a follow-up
+#   commit to the actual reformatting commit that you are trying to ignore.
+
+# Format all Java files with google-java-format
+292fa154c18b5a203c1aa211dce4efd54e6e8e0a
+111168482164db0cbe6a31630908ab607abc9989
+42ace3c4f41363b41486fe6cf8a3519f296ba4f4
diff --git a/.gitignore b/.gitignore
index 0fe7572..b1ad00c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,36 +1,32 @@
+# Keep following lines sorted according to `LC_COLLATE=C sort`
+*.asc
+*.eml
+*.iml
+*.pyc
+*.sublime-*
+*.swp
+*~
+.DS_Store
+.gwt_work_dir
 /.apt_generated
+/.apt_generated_tests
+/.bazel_path
 /.classpath
 /.factorypath
-/.project
-/.settings/org.maven.ide.eclipse.prefs
-/.settings/org.eclipse.m2e.core.prefs
-/.settings/org.eclipse.ltk.core.refactoring.prefs
-/test_site
 /.idea
-*.iml
-*.eml
-*.sublime-*
-/gerrit-package-plugins
-/.bazel_path
-/.buckconfig.local
-/.buckjavaargs
-/.buckd
-/bazel-bin
-/bazel-genfiles
-/bazel-gerrit
-/bazel-out
-/bazel-testlogs
-/buck-cache
-/buck-out
+/.metadata
+/.project
+/.settings/org.eclipse.ltk.core.refactoring.prefs
+/.settings/org.eclipse.m2e.core.prefs
+/.settings/org.maven.ide.eclipse.prefs
+/bazel-*
+/bin/
 /eclipse-out
 /extras
-/local.properties
-*.pyc
+/gerrit-package-plugins
 /gwt-unitCache
-.DS_Store
-*.swp
-*.asc
-/bin/
-*~
-.primary_build_tool
-.gwt_work_dir
+/infer-out
+/local.properties
+/plugins/cookbook-plugin/
+/test_site
+/tools/format
diff --git a/.gitmodules b/.gitmodules
index 6c4d53c..ec8afee 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -3,11 +3,6 @@
 	url = ../plugins/commit-message-length-validator
 	branch = .
 
-[submodule "plugins/cookbook-plugin"]
-	path = plugins/cookbook-plugin
-	url = ../plugins/cookbook-plugin
-	branch = .
-
 [submodule "plugins/download-commands"]
 	path = plugins/download-commands
 	url = ../plugins/download-commands
diff --git a/.mailmap b/.mailmap
index 598d52d..bd4d222 100644
--- a/.mailmap
+++ b/.mailmap
@@ -1,28 +1,45 @@
 Adrian Görler <adrian.goerler@sap.com>                                                      Adrian Goerler <adrian.goerler@sap.com>
 Ahaan Ugale <ahaanugale@gmail.com>                                                          <augale@codeaurora.org>
 Alex Blewitt <alex.blewitt@gmail.com>                                                       <alex.blewitt@gs.com>
+Alex Blewitt <alex.blewitt@gmail.com>                                                       <alex.blewitt@credit-suisse.com>
 Alex Ryazantsev <alex.ryazantsev@gmail.com>                                                 alex <alex.ryazantsev@gmail.com>
 Alex Ryazantsev <alex.ryazantsev@gmail.com>                                                 alex.ryazantsev <alex.ryazantsev@gmail.com>
+Andrew Bonventre <andybons@chromium.org>                                                    <andybons@google.com>
+Becky Siegel <beckysiegel@google.com>                                                       beckysiegel <beckysiegel@google.com>
 Brad Larson <bklarson@gmail.com>                                                            <brad.larson@garmin.com>
-Bruce Zu <bruce.zu@sonymobile.com>                                                          <bruce.zu@sonyericsson.com>
+Bruce Zu <bruce.zu.run10@gmail.com>                                                         <bruce.zu@sonyericsson.com>
+Bruce Zu <bruce.zu.run10@gmail.com>                                                         <bruce.zu@sonymobile.com>
 Carlos Eduardo Baldacin <carloseduardo.baldacin@sonyericsson.com>                           carloseduardo.baldacin <carloseduardo.baldacin@sonyericsson.com>
+Dariusz Luksza <dluksza@collab.net>                                                         <dariusz@luksza.org>
 David Ostrovsky <david@ostrovsky.org>                                                       <d.ostrovsky@gmx.de>
+David Ostrovsky <david@ostrovsky.org>                                                       <david.ostrovsky@gmail.com>
+David Pursehouse <dpursehouse@collab.net>                                                   <david.pursehouse@sonymobile.com>
 Deniz Türkoglu <deniz@spotify.com>                                                          Deniz Türkoglu <deniz@spotify.com>
 Deniz Türkoglu <deniz@spotify.com>                                                          Deniz Turkoglu <deniz@spotify.com>
+Doug Kelly <dougk.ff7@gmail.com>                                                            <doug.kelly@garmin.com>
 Edwin Kempin <ekempin@google.com>                                                           Edwin Kempin <edwin.kempin@gmail.com>
 Edwin Kempin <ekempin@google.com>                                                           Edwin Kempin <edwin.kempin@sap.com>
+Edwin Kempin <ekempin@google.com>                                                           ekempin <ekempin@google.com>
 Eryk Szymanski <eryksz@gmail.com>                                                           <eryksz@google.com>
 Fredrik Luthander <fredrik.luthander@sonymobile.com>                                        <fredrik@gandaraj.com>
 Fredrik Luthander <fredrik.luthander@sonymobile.com>                                        <fredrik.luthander@sonyericsson.com>
-Gustaf Lundh <gustaf.lundh@sonymobile.com>                                                  <gustaf.lundh@sonyericsson.com>
+Gustaf Lundh <gustaflh@axis.com>                                                            <gustaf.lundh@axis.com>
+Gustaf Lundh <gustaflh@axis.com>                                                            <gustaf.lundh@sonyericsson.com>
+Gustaf Lundh <gustaflh@axis.com>                                                            <gustaf.lundh@sonymobile.com>
 Hugo Arès <hugo.ares@ericsson.com>                                                          Hugo Ares <hugo.ares@ericsson.com>
+Jacek Centkowski <jcentkowski@collab.net>                                                   <gemincia.programs@gmail.com>
+Jacek Centkowski <jcentkowski@collab.net>                                                   <geminica.programs@gmail.com>
 Jason Huntley <jhuntley@houghtonassociates.com>                                             jhuntley <jhuntley@houghtonassociates.com>
 Jiří Engelthaler <EngyCZ@gmail.com>                                                         <engycz@gmail.com>
 Joe Onorato <onoratoj@gmail.com>                                                            <joeo@android.com>
+Joel Dodge <dodgejoel@gmail.com>                                                            dodgejoel <dodgejoel@gmail.com>
 Johan Björk <jbjoerk@gmail.com>                                                             Johan Bjork <phb@spotify.com>
+JT Olds <hello@jtolds.com>                                                                  <jtolds@gmail.com>
+Lei Sun <lei.sun01@sap.com>                                                                 LeiSun <lei.sun01@sap.com>
 Lincoln Oliveira Campos Do Nascimento <lincoln.oliveiracamposdonascimento@sonyericsson.com> lincoln <lincoln.oliveiracamposdonascimento@sonyericsson.com>
 Luca Milanesio <luca.milanesio@gmail.com>                                                   <luca@gitent-scm.com>
-Magnus Bäck <baeck@google.com>                                                              <magnus.back@sonyericsson.com>
+Magnus Bäck <magnus.back@axis.com>                                                          <baeck@google.com>
+Magnus Bäck <magnus.back@axis.com>                                                          <magnus.back@sonyericsson.com>
 Mark Derricutt <mark.derricutt@smxemail.com>                                                <mark@talios.com>
 Martin Fick <mfick@codeaurora.org>                                                          <mogulguy10@gmail.com>
 Martin Fick <mfick@codeaurora.org>                                                          <mogulguy@yahoo.com>
@@ -33,12 +50,21 @@
 Peter Jönsson <peter.joensson@gmail.com>                                                    Peter Jönsson <peter.joensson@gmail.com>
 Rafael Rabelo Silva <rafael.rabelosilva@sonyericsson.com>                                   rafael.rabelosilva <rafael.rabelosilva@sonyericsson.com>
 Richard Möhn <richard.moehn@posteo.de>                                                      <richard.moehn@fu-berlin.de>
+Sam Saccone <samccone@google.com>                                                           <samccone@gmail.com>
 Saša Živkov <sasa.zivkov@sap.com>                                                           Sasa Zivkov <sasa.zivkov@sap.com>
 Saša Živkov <sasa.zivkov@sap.com>                                                           Saša Živkov <zivkov@gmail.com>
+Saša Živkov <sasa.zivkov@sap.com>                                                           Sasa Zivkov <zivkov@gmail.com>
+Scott Dial <scott@scottdial.com>                                                            <geekmug@gmail.com>
 Shawn Pearce <sop@google.com>                                                               Shawn O. Pearce <sop@google.com>
+Sixin Li <sixin210@gmail.com>                                                               sixin li <sixin210@gmail.com>
+Sven Selberg <svense@axis.com>                                                              <sven.selberg@axis.com>
+Sven Selberg <svense@axis.com>                                                              <sven.selberg@sonymobile.com>
+Tom Wang <twang10@gmail.com>                                                                Tom <twang10@gmail.com>
 Tomas Westling <thomas.westling@sonyericsson.com>                                           thomas.westling <thomas.westling@sonyericsson.com>
 Ulrik Sjölin <ulrik.sjolin@sonyericsson.com>                                                <ulrik.sjolin@gmail.com>
 Ulrik Sjölin <ulrik.sjolin@sonyericsson.com>                                                Ulrik Sjolin <ulrik.sjolin@gmail.com>
 Ulrik Sjölin <ulrik.sjolin@sonyericsson.com>                                                Ulrik Sjölin <ulrik.sjolin@sonyericsson.com>
 Ulrik Sjölin <ulrik.sjolin@sonyericsson.com>                                                Ulrik Sjolin <ulrik.sjolin@sonyericsson.com>
+Yuxuan 'fishy' Wang <fishywang@google.com>                                                  Yuxuan Wang <fishywang@google.com>
 Zalán Blénessy <zalanb@axis.com>                                                            Zalan Blenessy <zalanb@axis.com>
+飞 李 <lifei@7v1.net>                                                                       lifei <lifei@7v1.net>
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index 828234b..40e022d 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -2,18 +2,22 @@
 org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled
 org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore
 org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull
+org.eclipse.jdt.core.compiler.annotation.nonnull.secondary=
 org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault
+org.eclipse.jdt.core.compiler.annotation.nonnullbydefault.secondary=
 org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable
+org.eclipse.jdt.core.compiler.annotation.nullable.secondary=
 org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.debug.lineNumber=generate
 org.eclipse.jdt.core.compiler.debug.localVariable=generate
 org.eclipse.jdt.core.compiler.debug.sourceFile=generate
 org.eclipse.jdt.core.compiler.doc.comment.support=enabled
+org.eclipse.jdt.core.compiler.problem.APILeak=warning
 org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=ignore
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.autoboxing=ignore
@@ -64,12 +68,14 @@
 org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning
 org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore
 org.eclipse.jdt.core.compiler.problem.nonnullParameterAnnotationDropped=warning
+org.eclipse.jdt.core.compiler.problem.nonnullTypeVariableFromLegacyInvocation=warning
 org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error
 org.eclipse.jdt.core.compiler.problem.nullReference=warning
 org.eclipse.jdt.core.compiler.problem.nullSpecViolation=error
 org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=warning
 org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=warning
 org.eclipse.jdt.core.compiler.problem.parameterAssignment=ignore
+org.eclipse.jdt.core.compiler.problem.pessimisticNullAnalysisForFreeTypeVariables=warning
 org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=warning
 org.eclipse.jdt.core.compiler.problem.potentialNullReference=ignore
 org.eclipse.jdt.core.compiler.problem.potentiallyUnclosedCloseable=ignore
@@ -86,12 +92,16 @@
 org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled
 org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=disabled
 org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore
+org.eclipse.jdt.core.compiler.problem.terminalDeprecation=warning
 org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning
 org.eclipse.jdt.core.compiler.problem.unavoidableGenericTypeProblems=enabled
 org.eclipse.jdt.core.compiler.problem.uncheckedTypeOperation=warning
 org.eclipse.jdt.core.compiler.problem.unclosedCloseable=warning
 org.eclipse.jdt.core.compiler.problem.undocumentedEmptyBlock=ignore
 org.eclipse.jdt.core.compiler.problem.unhandledWarningToken=warning
+org.eclipse.jdt.core.compiler.problem.unlikelyCollectionMethodArgumentType=warning
+org.eclipse.jdt.core.compiler.problem.unlikelyCollectionMethodArgumentTypeStrict=disabled
+org.eclipse.jdt.core.compiler.problem.unlikelyEqualsArgumentType=warning
 org.eclipse.jdt.core.compiler.problem.unnecessaryElse=warning
 org.eclipse.jdt.core.compiler.problem.unnecessaryTypeCheck=warning
 org.eclipse.jdt.core.compiler.problem.unqualifiedFieldAccess=ignore
@@ -113,290 +123,4 @@
 org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning
 org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
 org.eclipse.jdt.core.compiler.processAnnotations=enabled
-org.eclipse.jdt.core.compiler.source=1.7
-org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_assignment=16
-org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
-org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=16
-org.eclipse.jdt.core.formatter.alignment_for_enum_constants=16
-org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
-org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
-org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
-org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_resources_in_try=80
-org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16
-org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_constructor_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_method_declaration=16
-org.eclipse.jdt.core.formatter.alignment_for_union_type_in_multicatch=16
-org.eclipse.jdt.core.formatter.blank_lines_after_imports=1
-org.eclipse.jdt.core.formatter.blank_lines_after_package=1
-org.eclipse.jdt.core.formatter.blank_lines_before_field=0
-org.eclipse.jdt.core.formatter.blank_lines_before_first_class_body_declaration=0
-org.eclipse.jdt.core.formatter.blank_lines_before_imports=0
-org.eclipse.jdt.core.formatter.blank_lines_before_member_type=0
-org.eclipse.jdt.core.formatter.blank_lines_before_method=1
-org.eclipse.jdt.core.formatter.blank_lines_before_new_chunk=1
-org.eclipse.jdt.core.formatter.blank_lines_before_package=0
-org.eclipse.jdt.core.formatter.blank_lines_between_import_groups=1
-org.eclipse.jdt.core.formatter.blank_lines_between_type_declarations=2
-org.eclipse.jdt.core.formatter.brace_position_for_annotation_type_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_anonymous_type_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_array_initializer=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_block=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_block_in_case=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_constructor_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_enum_constant=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_enum_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_lambda_body=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_method_declaration=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_switch=end_of_line
-org.eclipse.jdt.core.formatter.brace_position_for_type_declaration=end_of_line
-org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_block_comment=false
-org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_javadoc_comment=false
-org.eclipse.jdt.core.formatter.comment.format_block_comments=true
-org.eclipse.jdt.core.formatter.comment.format_header=true
-org.eclipse.jdt.core.formatter.comment.format_html=true
-org.eclipse.jdt.core.formatter.comment.format_javadoc_comments=true
-org.eclipse.jdt.core.formatter.comment.format_line_comments=true
-org.eclipse.jdt.core.formatter.comment.format_source_code=true
-org.eclipse.jdt.core.formatter.comment.indent_parameter_description=false
-org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
-org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
-org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=do not insert
-org.eclipse.jdt.core.formatter.comment.line_length=80
-org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
-org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
-org.eclipse.jdt.core.formatter.comment.preserve_white_space_between_code_and_line_comments=false
-org.eclipse.jdt.core.formatter.compact_else_if=true
-org.eclipse.jdt.core.formatter.continuation_indentation=2
-org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
-org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
-org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
-org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
-org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
-org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_type_header=true
-org.eclipse.jdt.core.formatter.indent_breaks_compare_to_cases=true
-org.eclipse.jdt.core.formatter.indent_empty_lines=false
-org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true
-org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true
-org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true
-org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=true
-org.eclipse.jdt.core.formatter.indentation.size=4
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_field=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_method=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_package=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_type=insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_after_type_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_closing_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_else_in_if_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_finally_in_try_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_before_while_in_do_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_annotation_declaration=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_anonymous_type_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_block=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_declaration=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_method_body=insert
-org.eclipse.jdt.core.formatter.insert_new_line_in_empty_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_after_and_in_type_parameter=insert
-org.eclipse.jdt.core.formatter.insert_space_after_assignment_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation_type_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_binary_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_brace_in_block=insert
-org.eclipse.jdt.core.formatter.insert_space_after_closing_paren_in_cast=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_assert=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_case=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_after_colon_in_labeled_statement=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_allocation_expression=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_annotation=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_array_initializer=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_throws=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_constant_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_declarations=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_explicitconstructorcall_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_increments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_inits=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_throws=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_invocation_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_field_declarations=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_local_declarations=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_parameterized_type_reference=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_superinterfaces=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_arguments=insert
-org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_parameters=insert
-org.eclipse.jdt.core.formatter.insert_space_after_ellipsis=insert
-org.eclipse.jdt.core.formatter.insert_space_after_lambda_arrow=insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_cast=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_catch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_for=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_if=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_parenthesized_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_switch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_synchronized=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_try=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_while=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_postfix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_prefix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_question_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_after_question_in_wildcard=do not insert
-org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_try_resources=insert
-org.eclipse.jdt.core.formatter.insert_space_after_unary_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_and_in_type_parameter=insert
-org.eclipse.jdt.core.formatter.insert_space_before_assignment_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_before_at_in_annotation_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_binary_operator=insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_brace_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_cast=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_catch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_for=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_if=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_parenthesized_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_switch=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_synchronized=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_try=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_while=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_assert=insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_case=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_default=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_before_colon_in_labeled_statement=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_throws=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_constant_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_declarations=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_explicitconstructorcall_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_increments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_inits=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_throws=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_invocation_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_field_declarations=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_local_declarations=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_superinterfaces=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_ellipsis=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_lambda_arrow=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_parameterized_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_arguments=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_parameters=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_annotation_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_anonymous_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_array_initializer=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_block=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_constructor_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_constant=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_method_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_switch=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_type_declaration=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation_type_member_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_catch=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_for=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_if=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_parenthesized_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_switch=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_synchronized=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_try=insert
-org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_while=insert
-org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_return=insert
-org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_throw=insert
-org.eclipse.jdt.core.formatter.insert_space_before_postfix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_prefix_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_question_in_conditional=insert
-org.eclipse.jdt.core.formatter.insert_space_before_question_in_wildcard=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_semicolon=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_for=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_try_resources=do not insert
-org.eclipse.jdt.core.formatter.insert_space_before_unary_operator=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_brackets_in_array_type_reference=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_array_initializer=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_brackets_in_array_allocation_expression=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_annotation_type_member_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_constructor_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constant=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert
-org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert
-org.eclipse.jdt.core.formatter.join_lines_in_comments=true
-org.eclipse.jdt.core.formatter.join_wrapped_lines=true
-org.eclipse.jdt.core.formatter.keep_else_statement_on_same_line=false
-org.eclipse.jdt.core.formatter.keep_empty_array_initializer_on_one_line=false
-org.eclipse.jdt.core.formatter.keep_imple_if_on_one_line=true
-org.eclipse.jdt.core.formatter.keep_then_statement_on_same_line=false
-org.eclipse.jdt.core.formatter.lineSplit=80
-org.eclipse.jdt.core.formatter.never_indent_block_comments_on_first_column=false
-org.eclipse.jdt.core.formatter.never_indent_line_comments_on_first_column=false
-org.eclipse.jdt.core.formatter.number_of_blank_lines_at_beginning_of_method_body=0
-org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=3
-org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=false
-org.eclipse.jdt.core.formatter.tabulation.char=space
-org.eclipse.jdt.core.formatter.tabulation.size=2
-org.eclipse.jdt.core.formatter.use_on_off_tags=false
-org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
-org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
-org.eclipse.jdt.core.formatter.wrap_before_or_operator_multicatch=true
-org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
-org.eclipse.jdt.core.javaFormatter=org.eclipse.jdt.core.defaultJavaFormatter
+org.eclipse.jdt.core.compiler.source=1.8
diff --git a/.settings/org.eclipse.jdt.ui.prefs b/.settings/org.eclipse.jdt.ui.prefs
index d990610..3d5f5f6 100644
--- a/.settings/org.eclipse.jdt.ui.prefs
+++ b/.settings/org.eclipse.jdt.ui.prefs
@@ -1,60 +1,5 @@
 eclipse.preferences.version=1
-editor_save_participant_org.eclipse.jdt.ui.postsavelistener.cleanup=true
-formatter_profile=_Google Format
-formatter_settings_version=12
 org.eclipse.jdt.ui.ignorelowercasenames=true
-org.eclipse.jdt.ui.importorder=\#;com.google;com;dk;eu;junit;net;org;java;javax;
 org.eclipse.jdt.ui.ondemandthreshold=99
 org.eclipse.jdt.ui.staticondemandthreshold=99
 org.eclipse.jdt.ui.text.custom_code_templates=<?xml version\="1.0" encoding\="UTF-8" standalone\="no"?><templates/>
-sp_cleanup.add_default_serial_version_id=true
-sp_cleanup.add_generated_serial_version_id=false
-sp_cleanup.add_missing_annotations=false
-sp_cleanup.add_missing_deprecated_annotations=true
-sp_cleanup.add_missing_methods=false
-sp_cleanup.add_missing_nls_tags=false
-sp_cleanup.add_missing_override_annotations=true
-sp_cleanup.add_serial_version_id=false
-sp_cleanup.always_use_blocks=true
-sp_cleanup.always_use_parentheses_in_expressions=false
-sp_cleanup.always_use_this_for_non_static_field_access=false
-sp_cleanup.always_use_this_for_non_static_method_access=false
-sp_cleanup.convert_to_enhanced_for_loop=false
-sp_cleanup.correct_indentation=false
-sp_cleanup.format_source_code=false
-sp_cleanup.format_source_code_changes_only=false
-sp_cleanup.make_local_variable_final=true
-sp_cleanup.make_parameters_final=true
-sp_cleanup.make_private_fields_final=true
-sp_cleanup.make_type_abstract_if_missing_method=false
-sp_cleanup.make_variable_declarations_final=false
-sp_cleanup.never_use_blocks=false
-sp_cleanup.never_use_parentheses_in_expressions=true
-sp_cleanup.on_save_use_additional_actions=true
-sp_cleanup.organize_imports=false
-sp_cleanup.qualify_static_field_accesses_with_declaring_class=false
-sp_cleanup.qualify_static_member_accesses_through_instances_with_declaring_class=true
-sp_cleanup.qualify_static_member_accesses_through_subtypes_with_declaring_class=true
-sp_cleanup.qualify_static_member_accesses_with_declaring_class=false
-sp_cleanup.qualify_static_method_accesses_with_declaring_class=false
-sp_cleanup.remove_private_constructors=true
-sp_cleanup.remove_trailing_whitespaces=true
-sp_cleanup.remove_trailing_whitespaces_all=true
-sp_cleanup.remove_trailing_whitespaces_ignore_empty=false
-sp_cleanup.remove_unnecessary_casts=false
-sp_cleanup.remove_unnecessary_nls_tags=false
-sp_cleanup.remove_unused_imports=false
-sp_cleanup.remove_unused_local_variables=false
-sp_cleanup.remove_unused_private_fields=true
-sp_cleanup.remove_unused_private_members=false
-sp_cleanup.remove_unused_private_methods=true
-sp_cleanup.remove_unused_private_types=true
-sp_cleanup.sort_members=false
-sp_cleanup.sort_members_all=false
-sp_cleanup.use_blocks=false
-sp_cleanup.use_blocks_only_for_return_and_throw=false
-sp_cleanup.use_parentheses_in_expressions=false
-sp_cleanup.use_this_for_non_static_field_access=false
-sp_cleanup.use_this_for_non_static_field_access_only_if_necessary=true
-sp_cleanup.use_this_for_non_static_method_access=false
-sp_cleanup.use_this_for_non_static_method_access_only_if_necessary=true
diff --git a/.watchmanconfig b/.watchmanconfig
deleted file mode 100644
index 4467aec..0000000
--- a/.watchmanconfig
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "ignore_dirs": [
-    "buck-out",
-    "eclipse-out"
-  ],
-  "ignore_vcs": [
-    ".git"
-  ]
-}
diff --git a/0001-Replace-native-http-git-_archive-with-Skylark-rules.patch b/0001-Replace-native-http-git-_archive-with-Skylark-rules.patch
new file mode 100644
index 0000000..3ccf5cd
--- /dev/null
+++ b/0001-Replace-native-http-git-_archive-with-Skylark-rules.patch
@@ -0,0 +1,133 @@
+Date: Wed, 30 May 2018 21:22:18 +0200
+Subject: [PATCH] Replace native {http,git}_archive with Skylark rules
+
+See [1] for more details.
+
+Test Plan:
+
+* Apply this CL on Bazel master: [2] and build bazel
+* Run with this custom built bazel version:
+
+  $ bazel test //javatests/...
+  $ bazel test //closure/...
+
+[1] https://groups.google.com/d/topic/bazel-discuss/dO2MHQLwJF0/discussion
+[2] https://bazel-review.googlesource.com/#/c/bazel/+/55932/
+---
+ closure/repositories.bzl | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/closure/repositories.bzl b/closure/repositories.bzl
+index 9b84a72..2816fb6 100644
+--- closure/repositories.bzl
++++ closure/repositories.bzl
+@@ -14,6 +14,7 @@
+ 
+ """External dependencies for Closure Rules."""
+ 
++load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file")
+ load("//closure/private:java_import_external.bzl", "java_import_external")
+ load("//closure/private:platform_http_file.bzl", "platform_http_file")
+ load("//closure:filegroup_external.bzl", "filegroup_external")
+@@ -405,7 +406,7 @@ def com_google_common_html_types():
+   )
+ 
+ def com_google_common_html_types_html_proto():
+-  native.http_file(
++  http_file(
+       name = "com_google_common_html_types_html_proto",
+       sha256 = "6ece202f11574e37d0c31d9cf2e9e11a0dbc9218766d50d211059ebd495b49c3",
+       urls = [
+@@ -633,7 +634,7 @@ def com_google_javascript_closure_compiler():
+ 
+ def com_google_javascript_closure_library():
+   # After updating: bazel run //closure/library:regenerate -- "$PWD"
+-  native.new_http_archive(
++  http_archive(
+       name = "com_google_javascript_closure_library",
+       urls = [
+           "https://mirror.bazel.build/github.com/google/closure-library/archive/v20180405.tar.gz",
+@@ -658,7 +659,7 @@ def com_google_jsinterop_annotations():
+ 
+ def com_google_protobuf():
+   # Note: Protobuf 3.6.0+ is going to use C++11
+-  native.http_archive(
++  http_archive(
+       name = "com_google_protobuf",
+       strip_prefix = "protobuf-3.5.1",
+       sha256 = "826425182ee43990731217b917c5c3ea7190cfda141af4869e6d4ad9085a740f",
+@@ -669,7 +670,7 @@ def com_google_protobuf():
+   )
+ 
+ def com_google_protobuf_js():
+-  native.new_http_archive(
++  http_archive(
+       name = "com_google_protobuf_js",
+       urls = [
+           "https://mirror.bazel.build/github.com/google/protobuf/archive/v3.5.1.tar.gz",
+@@ -722,7 +723,7 @@ def com_google_template_soy():
+   )
+ 
+ def com_google_template_soy_jssrc():
+-  native.new_http_archive(
++  http_archive(
+       name = "com_google_template_soy_jssrc",
+       sha256 = "c76ab4cb6e46a7c76336640b3c40d6897b420209a6c0905cdcd32533dda8126a",
+       urls = [
+@@ -757,7 +758,7 @@ def com_squareup_javapoet():
+   )
+ 
+ def fonts_noto_hinted_deb():
+-  native.http_file(
++  http_file(
+       name = "fonts_noto_hinted_deb",
+       urls = [
+           "https://mirror.bazel.build/http.us.debian.org/debian/pool/main/f/fonts-noto/fonts-noto-hinted_20161116-1_all.deb",
+@@ -767,7 +768,7 @@ def fonts_noto_hinted_deb():
+   )
+ 
+ def fonts_noto_mono_deb():
+-  native.http_file(
++  http_file(
+       name = "fonts_noto_mono_deb",
+       urls = [
+           "https://mirror.bazel.build/http.us.debian.org/debian/pool/main/f/fonts-noto/fonts-noto-mono_20161116-1_all.deb",
+@@ -801,7 +802,7 @@ def javax_inject():
+   )
+ 
+ def libexpat_amd64_deb():
+-  native.http_file(
++  http_file(
+       name = "libexpat_amd64_deb",
+       urls = [
+           "https://mirror.bazel.build/http.us.debian.org/debian/pool/main/e/expat/libexpat1_2.1.0-6+deb8u3_amd64.deb",
+@@ -811,7 +812,7 @@ def libexpat_amd64_deb():
+   )
+ 
+ def libfontconfig_amd64_deb():
+-  native.http_file(
++  http_file(
+       name = "libfontconfig_amd64_deb",
+       urls = [
+           "https://mirror.bazel.build/http.us.debian.org/debian/pool/main/f/fontconfig/libfontconfig1_2.11.0-6.3+deb8u1_amd64.deb",
+@@ -821,7 +822,7 @@ def libfontconfig_amd64_deb():
+   )
+ 
+ def libfreetype_amd64_deb():
+-  native.http_file(
++  http_file(
+       name = "libfreetype_amd64_deb",
+       urls = [
+           "https://mirror.bazel.build/http.us.debian.org/debian/pool/main/f/freetype/libfreetype6_2.5.2-3+deb8u1_amd64.deb",
+@@ -831,7 +832,7 @@ def libfreetype_amd64_deb():
+   )
+ 
+ def libpng_amd64_deb():
+-  native.http_file(
++  http_file(
+       name = "libpng_amd64_deb",
+       urls = [
+           "https://mirror.bazel.build/http.us.debian.org/debian/pool/main/libp/libpng/libpng12-0_1.2.50-2+deb8u2_amd64.deb",
+-- 
+2.16.3
+
diff --git a/BUCK b/BUCK
deleted file mode 100644
index 9657ff3..0000000
--- a/BUCK
+++ /dev/null
@@ -1,31 +0,0 @@
-include_defs('//tools/build.defs')
-
-gerrit_war(name = 'gerrit')
-gerrit_war(name = 'gwtgerrit',   ui = 'ui_dbg')
-gerrit_war(name = 'headless',    ui = None)
-gerrit_war(name = 'chrome',      ui = 'ui_chrome')
-gerrit_war(name = 'firefox',     ui = 'ui_firefox')
-gerrit_war(name = 'safari',      ui = 'ui_safari')
-gerrit_war(name = 'polygerrit',  ui = 'polygerrit')
-gerrit_war(name = 'withdocs', docs = True)
-gerrit_war(name = 'release',  ui = 'ui_optdbg_r', docs = True, context = ['//plugins:core'],  visibility = ['//tools/maven:'])
-
-API_DEPS = [
-  '//gerrit-acceptance-framework:acceptance-framework',
-  '//gerrit-acceptance-framework:acceptance-framework-src',
-  '//gerrit-acceptance-framework:acceptance-framework-javadoc',
-  '//gerrit-extension-api:extension-api',
-  '//gerrit-extension-api:extension-api-src',
-  '//gerrit-extension-api:extension-api-javadoc',
-  '//gerrit-plugin-api:plugin-api',
-  '//gerrit-plugin-api:plugin-api-src',
-  '//gerrit-plugin-api:plugin-api-javadoc',
-  '//gerrit-plugin-gwtui:gwtui-api',
-  '//gerrit-plugin-gwtui:gwtui-api-src',
-  '//gerrit-plugin-gwtui:gwtui-api-javadoc',
-]
-
-zip_file(
-  name = 'api',
-  srcs = API_DEPS,
-)
diff --git a/BUILD b/BUILD
new file mode 100644
index 0000000..fee80fc
--- /dev/null
+++ b/BUILD
@@ -0,0 +1,70 @@
+load("//tools/bzl:genrule2.bzl", "genrule2")
+load("//tools/bzl:pkg_war.bzl", "pkg_war")
+
+package(default_visibility = ["//visibility:public"])
+
+genrule(
+    name = "gen_version",
+    outs = ["version.txt"],
+    cmd = ("cat bazel-out/volatile-status.txt bazel-out/stable-status.txt | " +
+           "grep STABLE_BUILD_GERRIT_LABEL | cut -d ' ' -f 2 > $@"),
+    stamp = 1,
+)
+
+genrule(
+    name = "LICENSES",
+    srcs = ["//Documentation:licenses.txt"],
+    outs = ["LICENSES.txt"],
+    cmd = "cp $< $@",
+)
+
+pkg_war(name = "gerrit")
+
+pkg_war(
+    name = "headless",
+    ui = None,
+)
+
+pkg_war(
+    name = "polygerrit",
+    ui = "polygerrit",
+)
+
+pkg_war(
+    name = "release",
+    context = ["//plugins:core"],
+    doc = True,
+    ui = "ui_optdbg_r",
+)
+
+pkg_war(
+    name = "withdocs",
+    doc = True,
+)
+
+API_DEPS = [
+    "//gerrit-acceptance-framework:acceptance-framework_deploy.jar",
+    "//gerrit-acceptance-framework:liblib-src.jar",
+    "//gerrit-acceptance-framework:acceptance-framework-javadoc",
+    "//gerrit-extension-api:extension-api_deploy.jar",
+    "//gerrit-extension-api:libapi-src.jar",
+    "//gerrit-extension-api:extension-api-javadoc",
+    "//gerrit-plugin-api:plugin-api_deploy.jar",
+    "//gerrit-plugin-api:plugin-api-sources_deploy.jar",
+    "//gerrit-plugin-api:plugin-api-javadoc",
+    "//gerrit-plugin-gwtui:gwtui-api_deploy.jar",
+    "//gerrit-plugin-gwtui:gwtui-api-source_deploy.jar",
+    "//gerrit-plugin-gwtui:gwtui-api-javadoc",
+]
+
+genrule2(
+    name = "api",
+    testonly = 1,
+    srcs = API_DEPS,
+    outs = ["api.zip"],
+    cmd = " && ".join([
+        "cp $(SRCS) $$TMP",
+        "cd $$TMP",
+        "zip -qr $$ROOT/$@ .",
+    ]),
+)
diff --git a/Documentation/BUCK b/Documentation/BUCK
deleted file mode 100644
index 48ca579..0000000
--- a/Documentation/BUCK
+++ /dev/null
@@ -1,80 +0,0 @@
-include_defs('//Documentation/asciidoc.defs')
-include_defs('//Documentation/config.defs')
-include_defs('//Documentation/license.defs')
-include_defs('//tools/git.defs')
-
-DOC_DIR = 'Documentation'
-
-JSUI_JAVA_DEPS = ['//gerrit-gwtui:ui_module']
-JSUI_NON_JAVA_DEPS = ['//polygerrit-ui/app:polygerrit_ui']
-MAIN_JAVA_DEPS = ['//gerrit-pgm:pgm']
-SRCS = glob(['*.txt'], excludes = ['licenses.txt'])
-
-
-genasciidoc(
-  name = 'html',
-  out = 'html.zip',
-  directory = DOC_DIR,
-  srcs = SRCS + [':licenses.txt'],
-  attributes = documentation_attributes(git_describe()),
-  backend = 'html5',
-  visibility = ['PUBLIC'],
-)
-
-genasciidoc(
-  name = 'searchfree',
-  out = 'searchfree.zip',
-  directory = DOC_DIR,
-  srcs = SRCS + [':licenses.txt'],
-  attributes = documentation_attributes(git_describe()),
-  backend = 'html5',
-  searchbox = False,
-  visibility = ['PUBLIC'],
-)
-
-genlicenses(
-  name = 'licenses.txt',
-  opts = ['--asciidoc'],
-  java_deps = JSUI_JAVA_DEPS + MAIN_JAVA_DEPS,
-  non_java_deps = JSUI_NON_JAVA_DEPS,
-  out = 'licenses.txt',
-)
-
-# Required by Google for gerrit-review.
-genlicenses(
-  name = 'js_licenses.txt',
-  opts = ['--partial'],
-  java_deps = JSUI_JAVA_DEPS,
-  non_java_deps = JSUI_NON_JAVA_DEPS,
-  out = 'js_licenses.txt',
-)
-
-python_binary(
-  name = 'gen_licenses',
-  main = 'gen_licenses.py',
-)
-
-python_binary(
-  name = 'replace_macros',
-  main = 'replace_macros.py',
-  visibility = ['//ReleaseNotes:'],
-)
-
-genrule(
-  name = 'index',
-  cmd = '$(exe //lib/asciidoctor:doc_indexer) ' +
-      '-o $OUT ' +
-      '--prefix "%s/" ' % DOC_DIR +
-      '--in-ext ".txt" ' +
-      '--out-ext ".html" ' +
-      '$SRCS ' +
-      '$(location :licenses.txt)',
-  srcs = SRCS,
-  out = 'index.jar',
-)
-
-prebuilt_jar(
-  name = 'index_lib',
-  binary_jar = ':index',
-  visibility = ['PUBLIC'],
-)
diff --git a/Documentation/BUILD b/Documentation/BUILD
new file mode 100644
index 0000000..edb7e2e
--- /dev/null
+++ b/Documentation/BUILD
@@ -0,0 +1,103 @@
+load("//tools/bzl:asciidoc.bzl", "documentation_attributes", "genasciidoc", "genasciidoc_zip")
+load("//tools/bzl:license.bzl", "license_map")
+
+package(default_visibility = ["//visibility:public"])
+
+exports_files([
+    "replace_macros.py",
+])
+
+filegroup(
+    name = "prettify_files",
+    srcs = [
+        ":prettify.min.css",
+        ":prettify.min.js",
+    ],
+)
+
+genrule(
+    name = "prettify_min_css",
+    srcs = ["//gerrit-prettify:src/main/resources/com/google/gerrit/prettify/client/prettify.css"],
+    outs = ["prettify.min.css"],
+    cmd = "cp $< $@",
+)
+
+genrule(
+    name = "prettify_min_js",
+    srcs = ["//gerrit-prettify:src/main/resources/com/google/gerrit/prettify/client/prettify.js"],
+    outs = ["prettify.min.js"],
+    cmd = "cp $< $@",
+)
+
+filegroup(
+    name = "resources",
+    srcs = glob([
+        "images/*.jpg",
+        "images/*.png",
+    ]) + [
+        ":prettify_files",
+        "//:LICENSES.txt",
+    ],
+)
+
+license_map(
+    name = "licenses",
+    opts = ["--asciidoctor"],
+    targets = [
+        "//gerrit-pgm:pgm",
+        "//gerrit-gwtui:ui_module",
+        "//polygerrit-ui/app:polygerrit_ui",
+    ],
+)
+
+license_map(
+    name = "js_licenses",
+    targets = [
+        "//gerrit-gwtui:ui_module",
+        "//polygerrit-ui/app:polygerrit_ui",
+    ],
+)
+
+DOC_DIR = "Documentation"
+
+SRCS = glob(["*.txt"]) + [":licenses.txt"]
+
+genrule(
+    name = "index",
+    srcs = SRCS,
+    outs = ["index.jar"],
+    cmd = "$(location //lib/asciidoctor:doc_indexer) " +
+          "-o $(OUTS) " +
+          "--prefix \"%s/\" " % DOC_DIR +
+          "--in-ext \".txt\" " +
+          "--out-ext \".html\" " +
+          "$(SRCS)",
+    tools = ["//lib/asciidoctor:doc_indexer"],
+)
+
+# For the same srcs, we can have multiple genasciidoc_zip rules, but only one
+# genasciidoc rule. Because multiple genasciidoc rules will have conflicting
+# output files.
+genasciidoc(
+    name = "Documentation",
+    srcs = SRCS,
+    attributes = documentation_attributes(),
+    backend = "html5",
+)
+
+genasciidoc_zip(
+    name = "html",
+    srcs = SRCS,
+    attributes = documentation_attributes(),
+    backend = "html5",
+    directory = DOC_DIR,
+)
+
+genasciidoc_zip(
+    name = "searchfree",
+    srcs = SRCS,
+    attributes = documentation_attributes(),
+    backend = "html5",
+    directory = DOC_DIR,
+    searchbox = False,
+)
diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt
index 2cc8c05..e55378f 100644
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -442,6 +442,11 @@
 to projects in Gerrit. It can give permission to abandon a specific
 change to a given ref.
 
+The uploader of a change, anyone granted the <<category_owner,`Owner`>>
+permission at the ref or project level, and anyone granted the
+<<capability_administrateServer,`Administrate Server`>>
+permission can also Abandon changes.
+
 This also grants the permission to restore a change if the user also
 has link:#category_push[push permission] on the change's destination
 ref.
@@ -466,7 +471,10 @@
 
 To push lightweight (non-annotated) tags, grant
 `Create Reference` for reference name `+refs/tags/*+`, as lightweight
-tags are implemented just like branches in Git.
+tags are implemented just like branches in Git. To push a lightweight
+tag on a new commit (commit not reachable from any branch/tag) grant
+`Push` permission on `+refs/tags/*+` too. The `Push` permission on
+`+refs/tags/*+` also allows fast-forwarding of lightweight tags.
 
 For example, to grant the possibility to create new branches under the
 namespace `foo`, you have to grant this permission on
@@ -480,6 +488,19 @@
 you grant the users the push force permission to be able to clean up
 stale branches.
 
+[[category_delete]]
+=== Delete Reference
+
+The delete reference category controls whether it is possible to delete
+references, branches or tags. It doesn't allow any other update of
+references.
+
+Deletion of references is also possible if `Push` with the force option
+is granted, however that includes the permission to fast-forward and
+force-update references to exiting and new commits. Being able to push
+references for new commits is bad if bypassing of code review must be
+prevented.
+
 
 [[category_forge_author]]
 === Forge Author
@@ -553,6 +574,12 @@
 `refs/heads/qa/`. See <<project_owners,project owners>> to find
 out more about this role.
 
+For the `All-Projects` root project any `Owner` access right on
+'refs/*' is ignored since this permission would allow users to edit the
+global capabilities, which is the same as being able to administrate
+the Gerrit server (e.g. the user could assign the `Administrate Server`
+capability to the own account).
+
 
 [[category_push]]
 === Push
@@ -575,7 +602,7 @@
 
 * Force option
 +
-Allows an existing branch to be deleted. Since a force push is
+Implies <<category_delete,Delete Reference>>. Since a force push is
 effectively a delete immediately followed by a create, but performed
 atomically on the server and logged, this option also permits forced
 push updates to branches.  Enabling this option allows existing commits
@@ -599,11 +626,10 @@
 a new commit on their local system, so in practice they must also
 have the `Read` access granted to upload a change.
 
-For an open source, public Gerrit installation, it is common to
-grant `Read` and `Push` for `+refs/for/refs/heads/*+`
-to `Registered Users` in the `All-Projects` ACL.  For more
-private installations, its common to simply grant `Read` and
-`Push` for `+refs/for/refs/heads/*+` to all users of a project.
+For an open source, public Gerrit installation, it is common to grant
+`Push` for `+refs/for/refs/heads/*+` to `Registered Users` in the
+`All-Projects` ACL.  For more private installations, its common to
+grant `Push` for `+refs/for/refs/heads/*+` to all users of a project.
 
 * Force option
 +
@@ -644,7 +670,8 @@
 
 
 [[category_push_annotated]]
-=== Push Annotated Tag
+[[category_create_annotated]]
+=== Create Annotated Tag
 
 This category permits users to push an annotated tag object into the
 project's repository.  Typically this would be done with a command line
@@ -671,7 +698,7 @@
 
 To push tags created by users other than the current user (such
 as tags mirrored from an upstream project), `Forge Committer Identity`
-must be also granted in addition to `Push Annotated Tag`.
+must be also granted in addition to `Create Annotated Tag`.
 
 To push lightweight (non annotated) tags, grant
 <<category_create,`Create Reference`>> for reference name
@@ -682,9 +709,16 @@
 option enabled for reference name `+refs/tags/*+`, as deleting a tag
 requires the same permission as deleting a branch.
 
+To push an annotated tag on a new commit (commit not reachable from any
+branch/tag) grant `Push` permission on `+refs/tags/*+` too.
+The `Push` permission on `+refs/tags/*+` does *not* allow updating of annotated
+tags, not even fast-forwarding of annotated tags. Update of annotated tags
+is only allowed by granting `Push` with `force` option on `+refs/tags/*+`.
+
 
 [[category_push_signed]]
-=== Push Signed Tag
+[[category_create_signed]]
+=== Create Signed Tag
 
 This category permits users to push a PGP signed tag object into the
 project's repository.  Typically this would be done with a command
@@ -796,6 +830,15 @@
 the caller needs to have the Submit permission on `refs/for/<ref>`
 (e.g. on `refs/for/refs/heads/master`).
 
+Submitting to the `refs/meta/config` branch is only allowed to project
+owners. Any explicit submit permissions for non-project-owners on this
+branch are ignored. By submitting to the `refs/meta/config` branch the
+configuration of the project is changed, which can include changes to
+the access rights of the project. Allowing this to be done by a
+non-project-owner would open a security hole enabling editing of access
+rights, and thus granting of powers beyond submitting to the
+configuration.
+
 [[category_submit_on_behalf_of]]
 === Submit (On Behalf Of)
 
@@ -838,6 +881,23 @@
 the `Delete Drafts` access right assigned).
 
 
+[[category_delete_own_changes]]
+=== Delete Own Changes
+
+This category permits users to delete their own changes if they are not merged
+yet. This means only own changes that are open or abandoned can be deleted.
+
+[[category_delete_changes]]
+=== Delete Changes
+
+This category permits users to delete other users' changes if they are not merged
+yet. This means only changes that are open or abandoned can be deleted.
+
+Having this permission implies having the link:#category_delete_own_changes[
+Delete Own Changes] permission.
+
+Administrators may always delete changes without having this permission.
+
 [[category_edit_topic_name]]
 === Edit Topic Name
 
@@ -863,6 +923,14 @@
 can always edit or remove hashtags (even without having the `Edit Hashtags`
 access right assigned).
 
+[[category_edit_assigned_to]]
+=== Edit Assignee
+
+This category permits users to set who is assigned to a change that is
+uploaded for review.
+
+The change owner, ref owners, and the user currently assigned to a change
+can always change the assignee.
 
 [[example_roles]]
 == Examples of typical roles in a project
@@ -997,7 +1065,7 @@
 * <<category_push_merge,`Push merge commit`>> to 'refs/heads/*'
 * <<category_forge_committer,`Forge Committer Identity`>> to 'refs/for/refs/heads/*'
 * <<category_create,`Create Reference`>> to 'refs/heads/*'
-* <<category_push_annotated,`Push Annotated Tag`>> to 'refs/tags/*'
+* <<category_create_annotated,`Create Annotated Tag`>> to 'refs/tags/*'
 
 
 [[examples_project-owner]]
@@ -1067,12 +1135,15 @@
 [[block]]
 === 'BLOCK' access rule
 
-The 'BLOCK' rule blocks a permission globally. An inherited 'BLOCK' rule cannot
-be overridden in the inheriting project. Any 'ALLOW' rule, from a different
-access section or from an inheriting project, which conflicts with an
-inherited 'BLOCK' rule will not be honored.  Searching for 'BLOCK' rules, in
-the chain of parent projects, ignores the Exclusive flag that is normally
-applied to access sections.
+The 'BLOCK' rule blocks a permission globally. An inherited 'BLOCK'
+rule cannot be overridden in the inheriting project. Any 'ALLOW' rule
+from an inheriting project, which conflicts with an inherited 'BLOCK'
+rule will not be honored. Searching for 'BLOCK' rules, in the chain
+of parent projects, ignores the Exclusive flag, unless the rule with
+the Exclusive flag is defined on the same project as the 'BLOCK'
+rule. This means within the same project a 'BLOCK' rule can be
+overruled by 'ALLOW' rules on the same access section and 'ALLOW'
+rules with Exclusive flag on access section for more specific refs.
 
 A 'BLOCK' rule that blocks the 'push' permission blocks any type of push,
 force or not. A blocking force push rule blocks only force pushes, but
diff --git a/Documentation/asciidoc.defs b/Documentation/asciidoc.defs
deleted file mode 100644
index 4b17071..0000000
--- a/Documentation/asciidoc.defs
+++ /dev/null
@@ -1,113 +0,0 @@
-# Copyright (C) 2013 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-def genasciidoc_htmlonly(
-    name,
-    out,
-    srcs = [],
-    attributes = [],
-    backend = None,
-    searchbox = True,
-    visibility = []):
-  EXPN = '.' + name + '_expn'
-
-  asciidoc = [
-      '$(exe //lib/asciidoctor:asciidoc)',
-      '-z', '$OUT',
-      '--base-dir', '$SRCDIR',
-      '--tmp', '$TMP',
-      '--in-ext', '".txt%s"' % EXPN,
-      '--out-ext', '".html"',
-  ]
-  if backend:
-    asciidoc.extend(['-b', backend])
-  for attribute in attributes:
-    asciidoc.extend(['-a', attribute])
-  asciidoc.append('$SRCS')
-  newsrcs = []
-  for src in srcs:
-    fn = src
-    # We have two cases: regular source files and generated files.
-    # Generated files are passed as targets ':foo', and ':' is removed.
-    # 1. regular files: cmd = '-s foo', srcs = ['foo']
-    # 2. generated files: cmd = '-s $(location :foo)', srcs = []
-    srcs = [src]
-    passed_src = fn
-    if fn.startswith(':') :
-      fn = src[1:]
-      srcs = []
-      passed_src = '$(location :%s)' % fn
-    ex = fn + EXPN
-
-    genrule(
-      name = ex,
-      cmd = '$(exe //Documentation:replace_macros) --suffix="%s"' % EXPN +
-        ' -s ' + passed_src + ' -o $OUT' +
-        (' --searchbox' if searchbox else ' --no-searchbox'),
-      srcs = srcs,
-      out = ex,
-    )
-
-    newsrcs.append(':%s' % ex)
-
-  genrule(
-    name = name,
-    cmd = ' '.join(asciidoc),
-    srcs = newsrcs,
-    out = out,
-    visibility = visibility,
-  )
-
-def genasciidoc(
-    name,
-    out,
-    directory,
-    srcs = [],
-    attributes = [],
-    backend = None,
-    searchbox = True,
-    resources = True,
-    visibility = []):
-  SUFFIX = '_htmlonly'
-
-  genasciidoc_htmlonly(
-    name = name + SUFFIX if resources else name,
-    srcs = srcs,
-    attributes = attributes,
-    backend = backend,
-    searchbox = searchbox,
-    out = (name + SUFFIX + '.zip') if resources else (name + '.zip'),
-  )
-
-  if resources:
-    genrule(
-      name = name,
-      cmd = 'cd $TMP;' +
-        'mkdir -p %s/images;' % directory +
-        'unzip -q $(location %s) -d %s/;'
-        % (':' + name + SUFFIX, directory) +
-        'for s in $SRCS;do ln -s $s %s/;done;' % directory +
-        'mv %s/*.{jpg,png} %s/images;' % (directory, directory) +
-        'cp $(location %s) LICENSES.txt;' % ':licenses.txt' +
-        'zip -qr $OUT *',
-      srcs = glob([
-          'images/*.jpg',
-          'images/*.png',
-        ]) + [
-          '//gerrit-prettify:prettify.min.css',
-          '//gerrit-prettify:prettify.min.js',
-        ],
-      out = out,
-      visibility = visibility,
-    )
diff --git a/Documentation/cmd-apropos.txt b/Documentation/cmd-apropos.txt
index 31d21c1..2ef71bf 100644
--- a/Documentation/cmd-apropos.txt
+++ b/Documentation/cmd-apropos.txt
@@ -15,7 +15,7 @@
 from the matched documents.
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
diff --git a/Documentation/cmd-create-project.txt b/Documentation/cmd-create-project.txt
index 503bd12..e8c3857 100644
--- a/Documentation/cmd-create-project.txt
+++ b/Documentation/cmd-create-project.txt
@@ -60,7 +60,14 @@
 
 --owner::
 -o::
-	Name of the group(s) which will initially own this repository.
+	Identifier of the group(s) which will initially own this repository.
+
+        This can be:
+
+        * the UUID of the group
+        * the legacy numeric ID of the group
+        * the name of the group if it is unique
+
 	The specified group(s) must already be defined within Gerrit.
 	Several groups can be specified on the command line.
 +
@@ -102,6 +109,7 @@
 * FAST_FORWARD_ONLY: produces a strictly linear history.
 * MERGE_IF_NECESSARY: create a merge commit when required.
 * REBASE_IF_NECESSARY: rebase the commit when required.
+* REBASE_ALWAYS: always rebase the commit including dependencies.
 * MERGE_ALWAYS: always create a merge commit.
 * CHERRY_PICK: always cherry-pick the commit.
 
diff --git a/Documentation/cmd-index-activate.txt b/Documentation/cmd-index-activate.txt
index 418e872..4428d12 100644
--- a/Documentation/cmd-index-activate.txt
+++ b/Documentation/cmd-index-activate.txt
@@ -31,12 +31,13 @@
   Currently supported values:
     * changes
     * accounts
+    * groups
 
 == EXAMPLES
 Activate the latest change index:
 
 ----
-  $ ssh -p 29418 review.example.com gerrit activate changes
+  $ ssh -p 29418 review.example.com gerrit index activate changes
 ----
 
 GERRIT
diff --git a/Documentation/cmd-index-project.txt b/Documentation/cmd-index-project.txt
new file mode 100644
index 0000000..2196a26
--- /dev/null
+++ b/Documentation/cmd-index-project.txt
@@ -0,0 +1,37 @@
+= gerrit index project
+
+== NAME
+gerrit index project - Index all the changes in one or more projects.
+
+== SYNOPSIS
+[verse]
+--
+_ssh_ -p <port> <host> _gerrit index project_ <PROJECT> [<PROJECT> ...]
+--
+
+== DESCRIPTION
+Index all the changes in one or more projects.
+
+== ACCESS
+Caller must have the 'Maintain Server' capability.
+
+== SCRIPTING
+This command is intended to be used in scripts.
+
+== OPTIONS
+<PROJECT>::
+    Required; name of the project to be indexed.
+
+== EXAMPLES
+Index all changes in projects MyProject and NiceProject.
+
+----
+    $ ssh -p 29418 user@review.example.com gerrit index project MyProject NiceProject
+----
+
+GERRIT
+------
+Part of link:index.html[Gerrit Code Review]
+
+SEARCHBOX
+---------
diff --git a/Documentation/cmd-index-start.txt b/Documentation/cmd-index-start.txt
index fbe4f3f..9264999 100644
--- a/Documentation/cmd-index-start.txt
+++ b/Documentation/cmd-index-start.txt
@@ -20,6 +20,8 @@
 Gerrit. This command will not start the indexer if it is already running or if
 the active index is the latest.
 
+The link:cmd-show-queue.html[show-queue] command provides online index status.
+
 == ACCESS
 Caller must be a member of the privileged 'Administrators' group.
 
@@ -32,6 +34,7 @@
   Currently supported values:
     * changes
     * accounts
+    * groups
 
 --force::
   Force an online re-index.
diff --git a/Documentation/cmd-index.txt b/Documentation/cmd-index.txt
index 7af65ce..2880ec7 100644
--- a/Documentation/cmd-index.txt
+++ b/Documentation/cmd-index.txt
@@ -18,12 +18,14 @@
 For more details on how to determine the correct SSH port number,
 see link:user-upload.html#test_ssh[Testing Your SSH Connection].
 
-=== [[client_commands]]Commands
+[[client_commands]]
+=== Commands
 
 link:cmd-cherry-pick.html[gerrit-cherry-pick]::
 	Download and cherry-pick one or more changes (commits).
 
-=== [[client_hooks]]Hooks
+[[client_hooks]]
+=== Hooks
 
 Client hooks can be installed into a local Git repository, improving
 the developer experience when working with a Gerrit Code Review
@@ -47,7 +49,8 @@
 For more details on how to determine the correct SSH port number,
 see link:user-upload.html#test_ssh[Testing Your SSH Connection].
 
-=== [[user_commands]]User Commands
+[[user_commands]]
+=== User Commands
 
 link:cmd-apropos.html[gerrit apropos]::
 	Search Gerrit documentation index.
@@ -103,8 +106,8 @@
 git upload-pack::
 	Standard Git server side command for client side `git fetch`.
 
-[[admin_commands]]Administrator Commands
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+[[admin_commands]]
+=== Administrator Commands
 
 link:cmd-close-connection.html[gerrit close-connection]::
 	Close the specified SSH connection.
@@ -136,6 +139,9 @@
 link:cmd-index-changes.html[gerrit index changes]::
 	Index one or more changes.
 
+link:cmd-index-project.html[gerrit index project]::
+	Index all the changes in one or more projects.
+
 link:cmd-logging-ls-level.html[gerrit logging ls-level]::
 	List loggers and their logging level.
 
diff --git a/Documentation/cmd-ls-groups.txt b/Documentation/cmd-ls-groups.txt
index d8eef8b..6d4bdc5 100644
--- a/Documentation/cmd-ls-groups.txt
+++ b/Documentation/cmd-ls-groups.txt
@@ -23,7 +23,7 @@
 all groups are listed.
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
diff --git a/Documentation/cmd-ls-members.txt b/Documentation/cmd-ls-members.txt
index a6d492c..273451b 100644
--- a/Documentation/cmd-ls-members.txt
+++ b/Documentation/cmd-ls-members.txt
@@ -16,7 +16,7 @@
 shown tab-separated.
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts. Output is either an error
diff --git a/Documentation/cmd-ls-projects.txt b/Documentation/cmd-ls-projects.txt
index e2e71ff..c5d73ca 100644
--- a/Documentation/cmd-ls-projects.txt
+++ b/Documentation/cmd-ls-projects.txt
@@ -14,6 +14,7 @@
   [--format {text | json | json_compact}]
   [--all]
   [--limit <N>]
+  [--prefix | -p <prefix>]
   [--has-acl-for GROUP]
 --
 
@@ -25,7 +26,7 @@
 group, all projects are listed.
 
 == ACCESS
-Any user who has configured an SSH key, or by an user over HTTP.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
@@ -87,6 +88,9 @@
 --limit::
 	Cap the number of results to the first N matches.
 
+--prefix::
+	Limit the results to those projects that start with the specified prefix.
+
 --has-acl-for::
 	Display only projects on which access rights for this group are
 	directly assigned. Projects which only inherit access rights for
diff --git a/Documentation/cmd-query.txt b/Documentation/cmd-query.txt
index 1faf1b0..90e5cdd 100644
--- a/Documentation/cmd-query.txt
+++ b/Documentation/cmd-query.txt
@@ -108,7 +108,7 @@
 	will be used to cut the result set.
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
diff --git a/Documentation/cmd-receive-pack.txt b/Documentation/cmd-receive-pack.txt
index 798f872..b62b9a9 100644
--- a/Documentation/cmd-receive-pack.txt
+++ b/Documentation/cmd-receive-pack.txt
@@ -37,7 +37,7 @@
 	Deprecated, use `refs/for/branch%cc=address` instead.
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == EXAMPLES
 
diff --git a/Documentation/cmd-review.txt b/Documentation/cmd-review.txt
index 53e2385..8f40d6c 100644
--- a/Documentation/cmd-review.txt
+++ b/Documentation/cmd-review.txt
@@ -63,7 +63,7 @@
 
 --json::
 -j::
-	Read review input from JSON file. See
+	Read review input json from stdin. See
 	link:rest-api-changes.html#review-input[ReviewInput] entity for the
 	format.
 	(option is mutually exclusive with --submit, --restore, --publish, --delete,
@@ -150,7 +150,7 @@
   invocations of the SSH command are required.
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
diff --git a/Documentation/cmd-set-members.txt b/Documentation/cmd-set-members.txt
index ae44843..5fb2bb9 100644
--- a/Documentation/cmd-set-members.txt
+++ b/Documentation/cmd-set-members.txt
@@ -49,7 +49,7 @@
 order: `--remove`, `--exclude`, `--add`, `--include`
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
diff --git a/Documentation/cmd-set-project.txt b/Documentation/cmd-set-project.txt
index 62d6e92..7282e28 100644
--- a/Documentation/cmd-set-project.txt
+++ b/Documentation/cmd-set-project.txt
@@ -53,6 +53,7 @@
 * FAST_FORWARD_ONLY: produces a strictly linear history.
 * MERGE_IF_NECESSARY: create a merge commit when required.
 * REBASE_IF_NECESSARY: rebase the commit when required.
+* REBASE_ALWAYS: always rebase the commit including dependencies.
 * MERGE_ALWAYS: always create a merge commit.
 * CHERRY_PICK: always cherry-pick the commit.
 
diff --git a/Documentation/cmd-set-reviewers.txt b/Documentation/cmd-set-reviewers.txt
index 3d53456..eb4335b 100644
--- a/Documentation/cmd-set-reviewers.txt
+++ b/Documentation/cmd-set-reviewers.txt
@@ -20,7 +20,7 @@
 
 Changes can be specified in the
 link:rest-api-changes.html#change-id[same format] supported by the REST
-API.
+API, as well as with the commit SHA-1 (at least the 7 first characters).
 
 == OPTIONS
 
@@ -47,7 +47,7 @@
 	Display site-specific usage information
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
@@ -77,6 +77,13 @@
 	  Iac6b2ac2
 ----
 
+Add all project owners as reviewers to commit 13dff08acca571b22542ebd2e31acf4572ea0b86.
+----
+	$ ssh -p 29418 review.example.com gerrit set-reviewers \
+	  -a "'Project Owners'" \
+	  13dff08acca571b22542ebd2e31acf4572ea0b86
+----
+
 GERRIT
 ------
 Part of link:index.html[Gerrit Code Review]
diff --git a/Documentation/cmd-show-queue.txt b/Documentation/cmd-show-queue.txt
index 02f1c5b..141f7e2 100644
--- a/Documentation/cmd-show-queue.txt
+++ b/Documentation/cmd-show-queue.txt
@@ -1,7 +1,7 @@
 = gerrit show-queue
 
 == NAME
-gerrit show-queue - Display the background work queues, including replication
+gerrit show-queue - Display the background work queues, including replication and indexing
 
 == SYNOPSIS
 [verse]
diff --git a/Documentation/cmd-stream-events.txt b/Documentation/cmd-stream-events.txt
index 1cfb8b9..1fdf3a8 100644
--- a/Documentation/cmd-stream-events.txt
+++ b/Documentation/cmd-stream-events.txt
@@ -1,5 +1,4 @@
 = gerrit stream-events
-
 == NAME
 gerrit stream-events - Monitor events occurring in real time
 
@@ -59,6 +58,21 @@
 
 [[events]]
 == EVENTS
+=== Assignee Changed
+
+Sent when the assignee of a change has been modified.
+
+type:: "assignee-changed"
+
+change:: link:json.html#change[change attribute]
+
+changer:: link:json.html#account[account attribute]
+
+oldAssignee:: Assignee before it was changed.
+
+eventCreatedOn:: Time in seconds since the UNIX epoch when this event was
+created.
+
 === Change Abandoned
 
 Sent when a change has been abandoned.
@@ -76,6 +90,16 @@
 eventCreatedOn:: Time in seconds since the UNIX epoch when this event was
 created.
 
+== Change Deleted
+
+Sent when a change has been deleted.
+
+type:: "change-deleted"
+
+change:: link:json.html#change[change attribute]
+
+deleter:: link:json.html#account[account attribute]
+
 === Change Merged
 
 Sent when a change has been merged into the git repository.
@@ -241,9 +265,9 @@
 
 patchSet:: link:json.html#patchSet[patchSet attribute]
 
-reviewer:: link:json.html#account[account attribute]
+reviewer:: reviewer that was removed as link:json.html#account[account attribute]
 
-author:: link:json.html#account[account attribute]
+remover:: user that removed the reviewer as link:json.html#account[account attribute]
 
 approvals:: All link:json.html#approval[approval attributes] removed.
 
@@ -267,6 +291,24 @@
 eventCreatedOn:: Time in seconds since the UNIX epoch when this event was
 created.
 
+=== Vote Deleted
+
+Sent when a vote was removed from a change.
+
+type:: "vote-deleted"
+
+change:: link:json.html#change[change attribute]
+
+patchSet:: link:json.html#patchSet[patchSet attribute]
+
+reviewer:: user whose vote was removed as link:json.html#account[account attribute]
+
+remover:: user who removed the vote as link:json.html#account[account attribute]
+
+approvals:: all votes as link:json.html#approval[approval attributes]
+
+comment:: Review comment cover message.
+
 == SEE ALSO
 
 * link:json.html[JSON Data Formats]
diff --git a/Documentation/cmd-version.txt b/Documentation/cmd-version.txt
index cc797cc..85b0491 100644
--- a/Documentation/cmd-version.txt
+++ b/Documentation/cmd-version.txt
@@ -26,7 +26,7 @@
 `<n>` is computed.
 
 == ACCESS
-Any user who has configured an SSH key.
+Any user who has SSH access to Gerrit.
 
 == SCRIPTING
 This command is intended to be used in scripts.
diff --git a/Documentation/config-cla.txt b/Documentation/config-cla.txt
index c07a24f..2234808 100644
--- a/Documentation/config-cla.txt
+++ b/Documentation/config-cla.txt
@@ -37,8 +37,13 @@
 Each `contributor-agreement` section within the `project.config` file must
 have a unique name. The section name will appear in the web UI.
 
-If not already present, add the UUID of the groups used in the
-`autoVerify` and `accepted` variables in the groups file.
+If not already present, add the group(s) used in the `autoVerify` and
+`accepted` variables in the `groups` file:
+----
+    # UUID                                  	Group Name
+    #
+    3dedb32915ecdbef5fced9f0a2587d164cd614d4	CLA Accepted - Individual
+----
 
 Commit the configuration change, and push it back:
 ----
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index e8d504a..3d7b084 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -24,9 +24,9 @@
 
 [[accountPatchReviewDb.url]]accountPatchReviewDb.url::
 +
-The url of accountPatchReviewDb. Supported types are `H2`, `POSTGRESQL`, and
-`MYSQL`. Drop the driver jar in the lib folder of the site path if the Jdbc
-driver of the corresponding Database is not yet in the class path.
+The url of accountPatchReviewDb. Supported types are `H2`, `POSTGRESQL`,
+`MARIADB`, and `MYSQL`. Drop the driver jar in the lib folder of the site path
+if the Jdbc driver of the corresponding Database is not yet in the class path.
 +
 Default is to create H2 database in the db folder of the site path.
 +
@@ -42,6 +42,51 @@
   url = jdbc:postgresql://<host>:<port>/<db_name>?user=<user>&password=<password>
 ----
 
+[[accountPatchReviewDb.poolLimit]]accountPatchReviewDb.poolLimit::
++
+Maximum number of open database connections.  If the server needs
+more than this number, request processing threads will wait up
+to <<accountPatchReviewDb.poolMaxWait, poolMaxWait>> seconds for a
+connection to be released before they abort with an exception.
+This limit must be several units higher than the total number of
+httpd and sshd threads as some request processing code paths may
+need multiple connections.
++
+Default is <<sshd.threads, sshd.threads>>
+ + <<httpd.maxThreads, httpd.maxThreads>> + 2.
++
+
+[[accountPatchReviewDb.poolMinIdle]]database.poolMinIdle::
++
+Minimum number of connections to keep idle in the pool.
+Default is 4.
++
+
+[[accountPatchReviewDb.poolMaxIdle]]accountPatchReviewDb.poolMaxIdle::
++
+Maximum number of connections to keep idle in the pool.  If there
+are more idle connections, connections will be closed instead of
+being returned back to the pool.
+Default is min(<<accountPatchReviewDb.poolLimit, accountPatchReviewDb.poolLimit>>, 16).
++
+
+[[accountPatchReviewDb.poolMaxWait]]accountPatchReviewDb.poolMaxWait::
++
+Maximum amount of time a request processing thread will wait to
+acquire a database connection from the pool.  If no connection is
+released within this time period, the processing thread will abort
+its current operations and return an error to the client.
+Values should use common unit suffixes to express their setting:
++
+* ms, milliseconds
+* s, sec, second, seconds
+* m, min, minute, minutes
+* h, hr, hour, hours
+
++
+If a unit suffix is not specified, `milliseconds` is assumed.
+Default is `30 seconds`.
+
 [[accounts]]
 === Section accounts
 
@@ -90,6 +135,15 @@
 +
 Default is 20.
 
+[[addReviewer.baseWeight]]addReviewer.baseWeight::
++
+The weight that will be applied in the default reviewer ranking algorithm.
+This can be increased or decreased to give more or less influence to plugins.
+If set to zero, the base ranking will not have any effect. Reviewers will then
+be ordered as ranked by the plugins (if there are any).
++
+By default 1.
+
 [[auth]]
 === Section auth
 
@@ -126,7 +180,9 @@
 a user's full name and email address based on information obtained
 from the user's account object in LDAP.  The user's group membership
 is also pulled from LDAP, making any LDAP groups that a user is a
-member of available as groups in Gerrit.
+member of available as groups in Gerrit. Hence the `_LDAP` suffix in
+the name of this authentication type. Gerrit does NOT authenticate
+the user via LDAP.
 +
 * `CLIENT_SSL_CERT_LDAP`
 +
@@ -137,7 +193,8 @@
 into the <review-site>/etc/keystore.
 After the authentication is done Gerrit will obtain basic user
 registration (name and email) from LDAP, and some group memberships.
-Therefore, the "_LDAP" suffix in the name of this authentication type.
+Hence the `_LDAP` suffix in the name of this authentication type.
+Gerrit does NOT authenticate the user via LDAP.
 This authentication type can only be used under hosted daemon mode, and
 the httpd.listenUrl must use https:// as the protocol.
 Optionally, certificate revocation list file can be used
@@ -155,6 +212,14 @@
 directory using either an anonymous request, or the configured
 <<ldap.username,ldap.username>> identity. Gerrit can also use kerberos if
 <<ldap.authentication,ldap.authentication>> is set to `GSSAPI`.
++
+If link:#auth.gitBasicAuthPolicy[`auth.gitBasicAuthPolicy`] is set to `HTTP`,
+the randomly generated HTTP password is used for authentication. On the other hand,
+if link:#auth.gitBasicAuthPolicy[`auth.gitBasicAuthPolicy`] is set to `HTTP_LDAP`,
+the password in the request is first checked against the HTTP password and, if
+it does not match, it is then validated against the LDAP password.
+Service users that only exist in the Gerrit database are authenticated by their
+HTTP passwords.
 
 * `LDAP_BIND`
 +
@@ -178,6 +243,12 @@
 Site owners have to register their application before getting started. Note
 that provider specific plugins must be used with this authentication scheme.
 +
+Git clients may send OAuth 2 access tokens instead of passwords in the Basic
+authentication header. Note that provider specific plugins must be installed to
+facilitate this authentication scheme. If multiple OAuth 2 provider plugins are
+installed one of them must be selected as default with the
+`auth.gitOAuthProvider` option.
++
 * `DEVELOPMENT_BECOME_ANY_ACCOUNT`
 +
 *DO NOT USE*.  Only for use in a development environment.
@@ -293,7 +364,7 @@
 [[auth.httpHeader]]auth.httpHeader::
 +
 HTTP header to trust the username from, or unset to select HTTP basic
-or digest authentication.  Only used if `auth.type` is set to `HTTP`.
+authentication.  Only used if `auth.type` is set to `HTTP`.
 
 [[auth.httpDisplaynameHeader]]auth.httpDisplaynameHeader::
 +
@@ -459,62 +530,39 @@
 the container.
 +
 This parameter only affects git over http traffic. If set to false
-then Gerrit will do the authentication (using DIGEST authentication).
+then Gerrit will do the authentication (using Basic authentication).
 +
 By default this is set to false.
 
-[[auth.gitBasicAuth]]auth.gitBasicAuth::
-+
-If true then Git over HTTP and HTTP/S traffic is authenticated using
-standard BasicAuth. Depending on the configured `auth.type`, credentials
-are validated against the randomly generated HTTP password, against LDAP
-(`auth.type = LDAP`) or against an OAuth 2 provider (`auth.type = OAUTH`).
-+
-This parameter affects git over HTTP traffic and access to the REST
-API. If set to false then Gerrit will authenticate through DIGEST
-authentication and the randomly generated HTTP password in the Gerrit
-database.
-+
-When `auth.type` is `LDAP`, users should authenticate using their LDAP passwords.
-However, if link:#auth.gitBasicAuthPolicy[`auth.gitBasicAuthPolicy`] is set to `HTTP`,
-the randomly generated HTTP password is used exclusively. In the other hand,
-if link:#auth.gitBasicAuthPolicy[`auth.gitBasicAuthPolicy`] is set to `HTTP_LDAP`,
-the password in the request is first checked against the HTTP password and, if
-it does not match, it is then validated against the LDAP password.
-Service users that only exist in the Gerrit database are authenticated by their
-HTTP passwords.
-+
-When `auth.type` is `OAUTH`, Git clients may send OAuth 2 access tokens
-instead of passwords in the Basic authentication header. Note that provider
-specific plugins must be installed to facilitate this authentication scheme.
-If multiple OAuth 2 provider plugins are installed one of them must be
-selected as default with the `auth.gitOAuthProvider` option.
-+
-By default this is set to false.
 
 [[auth.gitBasicAuthPolicy]]auth.gitBasicAuthPolicy::
 +
-When `auth.type` is `LDAP` and BasicAuth (i.e., link:#auth.gitBasicAuth[`auth.gitBasicAuth`]
-is set to true), it allows using either the generated HTTP password, the LDAP
-password or both to authenticate Git over HTTP and REST API requests. The
-supported values are:
+When `auth.type` is `LDAP`, `LDAP_BIND` or `OAUTH`, it allows using either the generated
+HTTP password, the LDAP or OAUTH password, or a combination of HTTP and LDAP
+authentication, to authenticate Git over HTTP and REST API requests.
+The supported values are:
 +
 *`HTTP`
 +
-Only the randomly generated HTTP password is accepted when doing Git over HTTP
-and REST API requests.
+Only the HTTP password is accepted when doing Git over HTTP and REST API requests.
 +
 *`LDAP`
 +
 Only the `LDAP` password is allowed when doing Git over HTTP and REST API
 requests.
 +
+*`OAUTH`
++
+Only the `OAUTH` authentication is allowed when doing Git over HTTP and REST API
+requests.
++
 *`HTTP_LDAP`
 +
 The password in the request is first checked against the HTTP password and, if
 it does not match, it is then validated against the `LDAP` password.
 +
-By default this is set to `LDAP` when link:#auth.type[`auth.type`] is `LDAP`.
+By default this is set to `LDAP` when link:#auth.type[`auth.type`] is `LDAP`
+and `OAUTH` when link:#auth.type[`auth.type`] is `OAUTH`.
 Otherwise, the default value is `HTTP`.
 
 [[auth.gitOAuthProvider]]auth.gitOAuthProvider::
@@ -600,7 +648,7 @@
 allows to limit the memory used by H2 and thus prevent out-of-memory
 caused by the H2 database using too much memory.
 +
-See <<database.h2.cachesize,database.h2.cachesize>> for a detailed discussion.
+See <<database.h2.cacheSize,database.h2.cacheSize>> for a detailed discussion.
 +
 Default is unset, using up to half of the available memory.
 +
@@ -665,6 +713,7 @@
 * `"adv_bases"`: default is `4096`
 * `"diff"`: default is `10m` (10 MiB of memory)
 * `"diff_intraline"`: default is `10m` (10 MiB of memory)
+* `"diff_summary"`: default is `10m` (10 MiB of memory)
 * `"plugin_resources"`: default is 2m (2 MiB of memory)
 
 +
@@ -680,7 +729,10 @@
 grow larger than this during the day, as the size check is only
 performed once every 24 hours.
 +
-Default is 128 MiB per cache.
+Default is 128 MiB per cache, except:
++
+* `"diff_summary"`: default is `1g` (1 GiB of disk space)
+
 +
 If 0, disk storage for the cache is disabled.
 
@@ -752,6 +804,16 @@
 cache.diff.memoryLimit to fit all files users will view in a 1 or 2
 day span.
 
+cache `"diff_summary"`::
++
+Each item caches list of file paths which are different between two
+commits. Gerrit uses this cache to accelerate computing of the list
+of paths of changed files.
++
+Ideally, disk limit of this cache is large enough to cover all changes.
+This should significantly speed up change reindexing, especially
+full offline reindexing.
+
 cache `"git_tags"`::
 +
 If branch or reference level READ access controls are used, this
@@ -827,10 +889,6 @@
 is per-user, so 1024 items translates to 1024 unique user accounts.
 As each individual user account may configure multiple SSH keys,
 the total number of keys may be larger than the item count.
-+
-This cache is based off the `account_ssh_keys` table and the
-`accounts.ssh_user_name` column in the database.  If either is
-modified directly, this cache should be flushed.
 
 cache `"web_sessions"`::
 +
@@ -1034,6 +1092,13 @@
 +
 Default is true.
 
+[[change.showAssigneeInChangesTable]]change.showAssigneeInChangesTable::
++
+Show assignee field in changes table. If set to false, assignees will
+not be visible in changes table.
++
+Default is false.
+
 [[change.submitLabel]]change.submitLabel::
 +
 Label name for the submit button.
@@ -1185,19 +1250,6 @@
 link:#schedule-examples[Schedule examples] can be found in the
 link:#gc[gc] section.
 
-[[changeMerge]]
-=== Section changeMerge
-
-[[changeMerge.checkFrequency]]changeMerge.checkFrequency::
-+
-How often the database should be rescanned for changes that have been
-submitted but not merged due to transient errors. Values can be
-specified using standard time unit abbreviations ('ms', 'sec', 'min',
-etc.). Set to 0 to disable periodic rescanning, only scanning once on
-master node startup.
-+
-Default is 300 seconds (5 minutes).
-
 [[commentlink]]
 === Section commentlink
 
@@ -1538,12 +1590,16 @@
 +
 * `MAXDB`
 +
-Connect to an SAP MaxDb database server.
+Connect to an SAP MaxDB database server.
 +
 * `MYSQL`
 +
 Connect to a MySQL database server.
 +
+* `MARIADB`
++
+Connect to a MariaDB database server.
++
 * `ORACLE`
 +
 Connect to an Oracle database server.
@@ -1827,6 +1883,15 @@
 For this reason `zip` format is always excluded from formats offered
 through the `Download` drop down or accessible in the REST API.
 
+[[download.maxBundleSize]]download.maxBundleSize::
++
+Specifies the maximum size of a bundle in bytes that can be downloaded.
+As bundles are kept in memory this setting is to protect the server
+from a single request consuming too much heap when generating
+a bundle and thereby impacting other users.
++
+Defaults to 100MB.
+
 [[gc]]
 === Section gc
 
@@ -1996,6 +2061,23 @@
 by the system administrator, and might not even be running on the
 same host as Gerrit.
 
+[[gerrit.installModule]]gerrit.installModule::
++
+Repeatable list of class name of additional Guice modules to load at
+Gerrit startup and init phases.
+Classes are resolved using the primary Gerrit class loader, hence the
+class needs to be either declared in Gerrit or an additional JAR
+located under the `/lib` directory.
++
+By default unset.
++
+Example:
+----
+[gerrit]
+  installModule = com.googlesource.gerrit.libmodule.MyModule
+  installModule = com.example.abc.OurSpecialSauceModule
+----
+
 [[gerrit.reportBugUrl]]gerrit.reportBugUrl::
 +
 URL to direct users to when they need to report a bug.
@@ -2034,6 +2116,24 @@
 +
 By default false.
 
+[[gerrit.cdnPath]]gerrit.cdnPath::
++
+Path prefix for PolyGerrit's static resources if using a CDN.
+
+[[gerrit.ui]]gerrit.ui::
++
+Default UI when the user does not request a different preference via argument
+or cookie.
++
+* `GWT` for the old-style Google Web Toolkit-based interface.
+* `POLYGERRIT` for the new Polymer-based HTML5 Web interface.
++
+A sanity check during startup is performed that the value of
+gerrit.ui is an enabled UI.
++
+Defaults to GWT (if GWT is enabled) or POLYGERRIT (if POLYGERRIT is
+enabled and GWT is disabled)
+
 [[gitweb]]
 === Section gitweb
 
@@ -2092,6 +2192,14 @@
 Valid replacements are `${project}` for the project name in Gerrit
 and `${branch}` for the name of the branch.
 
+[[gitweb.tag]]gitweb.tag::
++
+Optional pattern to use for constructing the gitweb URL when pointing
+at a specific tag when `gitweb.type` is set to `custom`.
++
+Valid replacements are `${project}` for the project name in Gerrit
+and `${tag}` for the name of the tag.
+
 [[gitweb.roottree]]gitweb.roottree::
 +
 Optional pattern to use for constructing the gitweb URL when pointing
@@ -2168,6 +2276,29 @@
 +
 By default, false.
 
+[[groups.uuid.name]]groups.<uuid>.name::
++
+Display name for group with the given UUID.
++
+This option is only supported for system groups (scheme 'global').
++
+E.g. this parameter can be used to configure another name for the
+`Anonymous Users` group:
++
+----
+[groups "global:Anonymous-Users"]
+  name = All Users
+----
++
+When setting this parameter it should be verified that there is no
+existing group with the same name (case-insensitive). Configuring an
+ambiguous name makes Gerrit fail on startup. Once set Gerrit ensures
+that it is not possible to create a group with this name. Gerrit also
+keeps the default name reserved so that it cannot be used for new
+groups either. This means there is no danger of ambiguous group names
+when this parameter is removed and the system group uses the default
+name again.
+
 [[http]]
 === Section http
 
@@ -2277,6 +2408,21 @@
 +
 By default, true.
 
+[[httpd.gracefulStopTimeout]]httpd.gracefulStopTimeout::
++
+Set a graceful stop time. If set, the daemon ensures that all incoming
+calls are preserved for a maximum period of time, before starting
+the graceful shutdown process. Sites behind a workload balancer such as
+HAProxy would need this to be set for avoiding serving errors during
+rolling restarts.
++
+Values should use common unit suffixes to express their setting:
++
+* s, sec, second, seconds
+* m, min, minute, minutes
++
+By default, 0 seconds (immediate shutdown).
+
 [[httpd.inheritChannel]]httpd.inheritChannel::
 +
 If true, permits the daemon to inherit its server socket channel
@@ -2430,9 +2576,12 @@
 of an Apache HTTP proxy layer as security enforcement on top of Gerrit
 by returning a trusted username as HTTP Header.
 +
+Allow multiple values to install multiple servlet filters.
++
 Example of using a security library secure.jar under $GERRIT_SITE/lib
-that provides a org.anyorg.MySecureFilter Servlet Filter that enforces
-a trusted username in the `TRUSTED_USER` HTTP Header:
+that provides a org.anyorg.MySecureHeaderFilter Servlet Filter that enforces
+a trusted username in the `TRUSTED_USER` HTTP Header and
+org.anyorg.MySecureIPFilter that performs source IP security filtering:
 
 ----
 [auth]
@@ -2440,7 +2589,8 @@
 	httpHeader = TRUSTED_USER
 
 [httpd]
-	filterClass = org.anyorg.MySecureFilter
+	filterClass = org.anyorg.MySecureHeaderFilter
+	filterClass = org.anyorg.MySecureIPFilter
 ----
 
 [[httpd.idleTimeout]]httpd.idleTimeout::
@@ -2494,6 +2644,12 @@
 +
 A link:http://lucene.apache.org/[Lucene] index is used.
 +
++
+* `ELASTICSEARCH` look into link:#elasticsearch[Elasticsearch section]
++
+An link:https://www.elastic.co/products/elasticsearch[Elasticsearch] index is
+used. Refer to the link:#elasticsearch[Elasticsearch section] for further
+configuration details.
 
 +
 By default, `LUCENE`.
@@ -2533,7 +2689,12 @@
 limit will truncate the list (but will still set `_more_changes` on
 result lists). Set to 0 for no limit.
 +
-Defaults to no limit.
+When `index.type` is set to `ELASTICSEARCH`, this value should not exceed
+the `index.max_result_window` value configured on the Elasticsearch
+server. If a value is not configured during site initialization, defaults to
+10000, which is the default value of `index.max_result_window` in Elasticsearch.
++
+When `index.type` is set to `LUCENE`, defaults to no limit.
 
 [[index.maxPages]]index.maxPages::
 +
@@ -2558,6 +2719,15 @@
 +
 Defaults to 1024.
 
+[[index.autoReindexIfStale]]index.autoReindexIfStale::
++
+Whether to automatically check if a document became stale in the index
+immediately after indexing it. If false, there is a race condition during two
+simultaneous writes that may cause one of the writes to not be reflected in the
+index. The check to avoid this does consume some resources.
++
+Defaults to false.
+
 ==== Lucene configuration
 
 Open and closed changes are indexed in separate indexes named
@@ -2665,6 +2835,75 @@
 
 ----
 
+[[elasticsearch]]
+=== Section elasticsearch
+
+WARNING: Support for Elasticsearch is still experimental and is not recommended
+for production use. For compatibility information, please refer to the
+link:https://www.gerritcodereview.com/elasticsearch.html[project homepage].
+
+When using Elasticsearch versions 2.4 and 5.6, the open and closed changes are
+indexed in a single index, separated into types `open_changes` and `closed_changes`
+respectively. When using version 6.2 or later, the open and closed changes are
+merged into the default `_doc` type. The latter is also used for the accounts and
+groups indices starting with Elasticsearch 6.2.
+
+Note that when Gerrit is configured to use Elasticsearch, the Elasticsearch
+server(s) must be reachable during the site initialization.
+
+[[elasticsearch.prefix]]elasticsearch.prefix::
++
+This setting can be used to prefix index names to allow multiple Gerrit
+instances in a single Elasticsearch cluster. Prefix `gerrit1_` would result in a
+change index named `gerrit1_changes_0001`.
++
+Not set by default.
+
+[[elasticsearch.server]]elasticsearch.server::
++
+Elasticsearch server URI in the form `http[s]://hostname:port`. The `port` is
+optional and defaults to `9200` if not specified.
++
+At least one server must be specified. May be specified multiple times to
+configure multiple Elasticsearch servers.
++
+Note that the site initialization program only allows to configure a single
+server. To configure multiple servers the `gerrit.config` file must be edited
+manually.
+
+[[elasticsearch.maxRetryTimeout]]elasticsearch.maxRetryTimeout::
++
+Sets the maximum timeout to honor in case of multiple retries of the same request.
++
+The value is in the usual time-unit format like `1 m`, `5 m`.
++
+Defaults to `30000 ms`.
+
+==== Elasticsearch Security
+
+When security is enabled in Elasticsearch, the username and password must be provided.
+Note that the same username and password are used for all servers.
+
+For further information about Elasticsearch security, please refer to the documentation:
+
+* link:https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/security.html[Elasticsearch 2.4]
+* link:https://www.elastic.co/guide/en/x-pack/5.6/security-getting-started.html[Elasticsearch 5.6]
+* link:https://www.elastic.co/guide/en/x-pack/6.2/security-getting-started.html[Elasticsearch 6.2]
+* link:https://www.elastic.co/guide/en/elastic-stack-overview/6.3/security-getting-started.html[Elasticsearch 6.3]
+* link:https://www.elastic.co/guide/en/elastic-stack-overview/6.4/security-getting-started.html[Elasticsearch 6.4]
+
+[[elasticsearch.username]]elasticsearch.username::
++
+Username used to connect to Elasticsearch.
++
+If a password is set, defaults to `elastic`, otherwise not set by default.
+
+[[elasticsearch.password]]elasticsearch.password::
++
+Password used to connect to Elasticsearch.
++
+Not set by default.
+
 [[ldap]]
 === Section ldap
 
@@ -2676,9 +2915,9 @@
 An example LDAP configuration follows, and then discussion of
 the parameters introduced here.  Suitable defaults for most
 parameters are automatically guessed based on the type of server
-detected during startup.  The guessed defaults support both
-link:http://www.ietf.org/rfc/rfc2307.txt[RFC 2307] and Active
-Directory.
+detected during startup.  The guessed defaults support
+link:http://www.ietf.org/rfc/rfc2307.txt[RFC 2307], Active
+Directory and link:https://www.freeipa.org[FreeIPA].
 
 ----
 [ldap]
@@ -2693,6 +2932,19 @@
   groupMemberPattern = (&(objectClass=group)(member=${dn}))
 ----
 
+[[ldap.guessRelevantGroups]]ldap.guessRelevantGroups::
++
+Filter the groups found in LDAP by guessing the ones relevant to
+Gerrit and removing the others from list completions and ACL evaluations.
+The guess is based on two elements: the projects most recently
+accessed in the cache and the list of LDAP groups included in their ACLs.
++
+Please note that projects rarely used and thus not cached may be
+temporarily inaccessible by users even with LDAP membership and grants
+referenced in the ACLs.
++
+By default, true.
+
 [[ldap.server]]ldap.server::
 +
 URL of the organization's LDAP server to query for user information
@@ -2782,7 +3034,7 @@
 is `(uid=${username})` or `(cn=${username})`, but the proper
 setting depends on the LDAP schema used by the directory server.
 +
-Default is `(uid=${username})` for RFC 2307 servers,
+Default is `(uid=${username})` for FreeIPA and RFC 2307 servers,
 and `(&(objectClass=user)(sAMAccountName=${username}))`
 for Active Directory.
 
@@ -2800,7 +3052,7 @@
 If set, users will be unable to modify their full name field, as
 Gerrit will populate it only from the LDAP data.
 +
-Default is `displayName` for RFC 2307 servers,
+Default is `displayName` for FreeIPA and RFC 2307 servers,
 and `${givenName} ${sn}` for Active Directory.
 
 [[ldap.accountEmailAddress]]ldap.accountEmailAddress::
@@ -2843,17 +3095,25 @@
 recommended not to make changes to this setting that would cause the
 value to differ, as this will prevent users from logging in.
 +
-Default is `uid` for RFC 2307 servers,
+Default is `uid` for FreeIPA and RFC 2307 servers,
 and `${sAMAccountName.toLowerCase}` for Active Directory.
 
 [[ldap.accountMemberField]]ldap.accountMemberField::
 +
 _(Optional)_ Name of an attribute on the user account object which
 contains the groups the user is part of. Typically used for Active
-Directory servers.
+Directory and FreeIPA servers.
 +
 Default is unset for RFC 2307 servers (disabled)
-and `memberOf` for Active Directory.
+and `memberOf` for Active Directory and FreeIPA.
+
+[[ldap.accountMemberExpandGroups]]ldap.accountMemberExpandGroups::
++
+_(Optional)_ Whether to expand nested groups recursively. This
+setting is used only if `ldap.accountMemberField` is set.
++
+Default is unset for FreeIPA and `true` for RFC 2307 servers
+and Active Directory.
 
 [[ldap.fetchMemberOfEagerly]]ldap.fetchMemberOfEagerly::
 +
@@ -2863,7 +3123,7 @@
 as this will result in a much faster LDAP login.
 +
 Default is unset for RFC 2307 servers (disabled) and `true` for
-Active Directory.
+Active Directory and FreeIPA.
 
 [[ldap.groupBase]]ldap.groupBase::
 +
@@ -2892,7 +3152,7 @@
 `${groupname}` is replaced with the search term supplied by the
 group owner.
 +
-Default is `(cn=${groupname})` for RFC 2307,
+Default is `(cn=${groupname})` for FreeIPA and RFC 2307 servers,
 and `(&(objectClass=group)(cn=${groupname}))` for Active Directory.
 
 [[ldap.groupMemberPattern]]ldap.groupMemberPattern::
@@ -2910,7 +3170,7 @@
 Attributes such as `${dn}` or `${uidNumber}` may be useful.
 +
 Default is `(|(memberUid=${username})(gidNumber=${gidNumber}))` for
-RFC 2307, and unset (disabled) for Active Directory.
+RFC 2307, and unset (disabled) for Active Directory and FreeIPA.
 
 [[ldap.groupName]]ldap.groupName::
 +
@@ -2927,6 +3187,15 @@
 +
 Default is `cn`.
 
+[[ldap.mandatoryGroup]]ldap.mandatoryGroup::
++
+All users must be a member of this group to allow account creation or
+authentication.
++
+Setting mandatoryGroup implies enabling of `ldap.fetchMemberOfEagerly`
++
+By default, unset.
+
 [[ldap.localUsernameToLowerCase]]ldap.localUsernameToLowerCase::
 +
 Converts the local username, that is used to login into the Gerrit
@@ -3076,6 +3345,13 @@
   safe = true
 ----
 
+[[note-db]]
+=== Section noteDb
+
+NoteDb is the next generation of Gerrit storage backend, currently powering
+`googlesource.com`. It is not (yet) recommended for general use, but if you want
+to learn more, see the link:dev-note-db.html[developer documentation].
+
 [[oauth]]
 === Section oauth
 
@@ -3271,7 +3547,7 @@
 from pushing objects which are too large to Gerrit.
 +
 This setting can also be set in the `project.config`
-link:config-project-config.html[receive.maxObjectSizeLimit] in order
+(link:config-project-config.html[receive.maxObjectSizeLimit]) in order
 to further reduce the global setting. The project specific setting is
 only honored when it further reduces the global limit.
 +
@@ -3279,6 +3555,14 @@
 +
 Common unit suffixes of 'k', 'm', or 'g' are supported.
 
+[[receive.inheritProjectMaxObjectSizeLimit]]receive.inheritProjectMaxObjectSizeLimit::
++
+Controls whether the project-level link:config-project-config.html[`receive.maxObjectSizeLimit`]
+value is inherited from the parent project. When `true`, the value is
+inherited, otherwise it is not inherited.
++
+Default is false, the value is not inherited.
+
 [[receive.maxTrustDepth]]receive.maxTrustDepth::
 +
 If signed push validation is link:#receive.enableSignedPush[enabled],
@@ -3371,7 +3655,9 @@
 +
 The default submit type for newly created projects. Supported values
 are `MERGE_IF_NECESSARY`, `FAST_FORWARD_ONLY`, `REBASE_IF_NECESSARY`,
-`MERGE_ALWAYS` and `CHERRY_PICK`.
+`REBASE_ALWAYS`, `MERGE_ALWAYS` and `CHERRY_PICK`.
++
+For more details see link:project-configuration.html#submit_type[Submit Types].
 +
 By default, `MERGE_IF_NECESSARY`.
 
@@ -3449,6 +3735,87 @@
 +
 Default is 1.
 
+[[receiveemail]]
+=== Section receiveemail
+
+[[receiveemail.protocol]]receiveemail.protocol::
++
+Specifies the protocol used for receiving emails. Valid options are
+'POP3', 'IMAP' and 'NONE'. Note that Gerrit will automatically switch between
+POP3 and POP3s as well as IMAP and IMAPS depending on the specified
+link:#receiveemail.encryption[encryption].
++
+Defaults to 'NONE' which means that receiving emails is disabled.
+
+[[receiveemail.host]]receiveemail.host::
++
+The hostname of the mailserver. Example: 'imap.gmail.com'.
++
+Defaults to an empty string which means that receiving emails is disabled.
+
+[[receiveemail.port]]receiveemail.port::
++
+The port the email server exposes for receiving emails.
++
+Defaults to the industry standard for a given protocol and encryption:
+POP3: 110; POP3S: 995; IMAP: 143; IMAPS: 993.
+
+[[receiveemail.username]]receiveemail.username::
++
+Username used for authenticating with the email server.
++
+Defaults to an empty string.
+
+[[receiveemail.password]]receiveemail.password::
++
+Password used for authenticating with the email server.
++
+Defaults to an empty string.
+
+[[receiveemail.encryption]]receiveemail.encryption::
++
+Encryption standard used for transport layer security between Gerrit and the
+email server. Possible values include 'NONE', 'SSL' and 'TLS'.
++
+Defaults to 'NONE'.
+
+[[receiveemail.fetchInterval]]receiveemail.fetchInterval::
++
+Time between two consecutive fetches from the email server. Communication with
+the email server is not kept alive. Examples: 60s, 10m, 1h.
++
+Defaults to 60 seconds.
+
+[[receiveemail.enableImapIdle]]receiveemail.enableImapIdle::
++
+If the IMAP protocol is used for retrieving emails, IMAPv4 IDLE can be used to
+keep the connection with the email server alive and receive a push when a new
+email is delivered to the inbox. In this case, Gerrit will process the email
+immediately and will not have a fetch delay.
++
+Defaults to false.
+
+[[receiveemail.filter.mode]]receiveemail.filter.mode::
++
+A black- and whitelist filter to filter incoming emails.
++
+If `OFF`, emails are not filtered by the list filter.
++
+If `WHITELIST`, only emails where a pattern from
+<<receiveemail.filter.patterns,receiveemail.filter.patterns>>
+matches 'From' will be processed.
++
+If `BLACKLIST`, only emails where no pattern from
+<<receiveemail.filter.patterns,receiveemail.filter.patterns>>
+matches 'From' will be processed.
++
+Defaults to `OFF`.
+
+[[receiveemail.filter.patterns]]receiveemail.filter.patterns::
++
+A list of regular expressions to match the email sender against. This can also
+be a list of addresses when regular expression characters are escaped.
+
 [[sendemail]]
 === Section sendemail
 
@@ -3459,6 +3826,14 @@
 +
 By default, true, allowing notifications to be sent.
 
+[[sendemail.html]]sendemail.html::
++
+If false, Gerrit will only send plain-text emails.
+If true, Gerrit will send multi-part emails with an HTML and
+plain text part.
++
+By default, true, allowing HTML in the emails Gerrit sends.
+
 [[sendemail.connectTimeout]]sendemail.connectTimeout::
 +
 The connection timeout of opening a socket connected to a
@@ -3490,7 +3865,9 @@
 Full Name and Preferred Email.  This may cause messages to be
 classified as spam if the user's domain has SPF or DKIM enabled
 and <<sendemail.smtpServer,sendemail.smtpServer>> is not a trusted
-relay for that domain.
+relay for that domain. You can specify
+<<sendemail.allowedDomain,sendemail.allowedDomain>> to instruct Gerrit to only
+send as USER if USER is from those domains.
 +
 * `MIXED`
 +
@@ -3516,6 +3893,16 @@
 +
 By default, MIXED.
 
+[[sendemail.allowedDomain]]sendemail.allowedDomain::
++
+Only used when `sendemail.from` is set to `USER`.
+List of allowed domains. If user's email matches one of the domains, emails will
+be sent as USER, otherwise as MIXED mode. Wildcards may be specified by
+including `\*` to match any number of characters, for example `*.example.com`
+matches any subdomain of `example.com`.
++
+By default, `*`.
+
 [[sendemail.smtpServer]]sendemail.smtpServer::
 +
 Hostname (or IP address) of a SMTP server that will relay
@@ -3597,10 +3984,29 @@
 +
 By default, unset, so no Expiry-Date header is generated.
 
+[[sendemail.replyToAddress]]sendemail.replyToAddress::
++
+A custom Reply-To address should only be provided if Gerrit is set up to
+receive emails and the inbound address differs from
+<<sendemail.from,sendemail.from>>.
+It will be set as Reply-To header on all types of outgoing email where
+Gerrit can parse back a user's reply.
++
+Defaults to an empty string which adds <<sendemail.from,sendemail.from>> as
+Reply-To if inbound email is enabled and the review's author otherwise.
 
 [[site]]
 === Section site
 
+[[site.allowOriginRegex]]site.allowOriginRegex::
++
+List of regular expressions matching origins that should be permitted
+to use the Gerrit REST API to read content. These should be trusted
+applications as the sites may be able to use the user's credentials.
+Only applies to GET and HEAD requests.
++
+By default, unset, denying all cross-origin requests.
+
 [[site.refreshHeaderFooter]]site.refreshHeaderFooter::
 +
 If true the server checks the site header, footer and CSS files for
@@ -3642,8 +4048,8 @@
 [[sshd.backend]]sshd.backend::
 +
 Starting from version 0.9.0 Apache SSHD project added support for NIO2
-IoSession. To use the new NIO2 session the `backend` option must be set
-to `NIO2`. Otherwise, this option must be set to `MINA`.
+IoSession. To use the old MINA session the `backend` option must be set
+to `MINA`.
 +
 By default, `NIO2`.
 
@@ -3813,10 +4219,24 @@
 to the default ciphers, cipher names starting with `-` are removed
 from the default cipher set.
 +
-Supported ciphers: `aes128-cbc`, `aes128-cbc`, `aes256-cbc`, `blowfish-cbc`,
-`3des-cbc`, `none`.
+Supported ciphers:
++
+* `aes128-ctr`
+* `aes192-ctr`
+* `aes256-ctr`
+* `aes128-cbc`
+* `aes192-cbc`
+* `aes256-cbc`
+* `blowfish-cbc`
+* `3des-cbc`
+* `arcfour128`
+* `arcfour256`
+* `none`
 +
 By default, all supported ciphers except `none` are available.
++
+If your setup allows for it, it's recommended to disable all ciphers except
+the AES-CTR modes.
 
 [[sshd.mac]]sshd.mac::
 +
@@ -3826,8 +4246,14 @@
 are enabled in addition to the default MACs, MAC names starting with
 `-` are removed from the default MACs.
 +
-Supported MACs: `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`,
-`hmac-sha2-256`, `hmac-sha2-512`.
+Supported MACs:
++
+* `hmac-md5`
+* `hmac-md5-96`
+* `hmac-sha1`
+* `hmac-sha1-96`
+* `hmac-sha2-256`
+* `hmac-sha2-512`
 +
 By default, all supported MACs are available.
 
@@ -3861,8 +4287,11 @@
 * `diffie-hellman-group1-sha1`
 
 By default, all supported key exchange algorithms are available.
-Without Bouncy Castle, `diffie-hellman-group1-sha1` is the only
-available algorithm.
+
+It is strongly recommended to disable at least `diffie-hellman-group1-sha1`
+as it's known to be vulnerable (logjam attack). Additionally, if your setup
+allows for it, it is recommended to disable the remaining two `sha1` key
+exchange algorithms.
 --
 
 [[sshd.kerberosKeytab]]sshd.kerberosKeytab::
@@ -3933,11 +4362,11 @@
 [[suggest.from]]suggest.from::
 +
 The number of characters that a user must have typed before suggestions
-are provided. If set to 0, suggestions are always provided.
+are provided. If set to 0, suggestions are always provided. This is only
+used for suggesting accounts when adding members to a group.
 +
 By default 0.
 
-
 [[theme]]
 === Section theme
 
@@ -4224,8 +4653,9 @@
 +
 By default "Anonymous Coward" is used.
 
+[[secure.config]]
+== File `etc/secure.config`
 
-== [[secure.config]]File `etc/secure.config`
 The optional file `'$site_path'/etc/secure.config` overrides (or
 supplements) the settings supplied by `'$site_path'/etc/gerrit.config`.
 The file should be readable only by the daemon process and can be
diff --git a/Documentation/config-gitweb.txt b/Documentation/config-gitweb.txt
index fcfd0e1..d49acfee 100644
--- a/Documentation/config-gitweb.txt
+++ b/Documentation/config-gitweb.txt
@@ -17,8 +17,9 @@
 Linux distributions.
 
 ----
-  git config --file $site_path/etc/gerrit.config gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi
-  git config --file $site_path/etc/gerrit.config --unset gitweb.url
+  git config -f $site_path/etc/gerrit.config gitweb.type gitweb
+  git config -f $site_path/etc/gerrit.config gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi
+  git config -f $site_path/etc/gerrit.config --unset gitweb.url
 ----
 
 Alternatively, if Gerrit is served behind reverse proxy, it can
@@ -28,8 +29,9 @@
 To enable this feature, set both: `gitweb.cgi` and `gitweb.url`.
 
 ----
-  git config --file $site_path/etc/gerrit.config gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi
-  git config --file $site_path/etc/gerrit.config gitweb.url /pretty/path/to/gitweb
+  git config -f $site_path/etc/gerrit.config gitweb.type gitweb
+  git config -f $site_path/etc/gerrit.config gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi
+  git config -f $site_path/etc/gerrit.config gitweb.url /pretty/path/to/gitweb
 ----
 
 After updating `'$site_path'/etc/gerrit.config`, the Gerrit server must
@@ -77,13 +79,13 @@
 On Ubuntu:
 
 ----
-  $ sudo apt-get install gitweb
+  sudo apt-get install gitweb
 ----
 
 With Yum:
 
 ----
-  $ yum install gitweb
+  yum install gitweb
 ----
 
 ===== Configure Gitweb
@@ -125,14 +127,14 @@
 Link gitweb to `/var/www/gitweb`, check `/etc/gitweb.conf` if unsure of paths:
 
 ----
-  $ sudo ln -s /usr/share/gitweb /var/www/gitweb
+  sudo ln -s /usr/share/gitweb /var/www/gitweb
 ----
 
 Add the gitweb directory to the Apache configuration by creating a "gitweb"
 file inside the Apache conf.d directory:
 
 ----
-  $ touch /etc/apache/conf.d/gitweb
+  touch /etc/apache/conf.d/gitweb
 ----
 
 Add the following to /etc/apache/conf.d/gitweb:
@@ -152,7 +154,7 @@
 ===== Restart the Apache Web Server
 
 ----
-  $ sudo /etc/init.d/apache2 restart
+  sudo /etc/init.d/apache2 restart
 ----
 
 Now you should be able to view your repository projects online:
@@ -184,7 +186,7 @@
 following to check:
 
 ----
-$ perl -mCGI -mEncode -mFcntl -mFile::Find -mFile::Basename -e ""
+  perl -mCGI -mEncode -mFcntl -mFile::Find -mFile::Basename -e ""
 ----
 
 You may encounter the following exception:
@@ -220,21 +222,22 @@
 namespace is available.
 
 ----
-$ git config -f $site_path/etc/gerrit.config --unset gitweb.cgi
-$ git config -f $site_path/etc/gerrit.config gitweb.url https://gitweb.corporation.com
+  git config -f $site_path/etc/gerrit.config gitweb.type gitweb
+  git config -f $site_path/etc/gerrit.config --unset gitweb.cgi
+  git config -f $site_path/etc/gerrit.config gitweb.url https://gitweb.corporation.com
 ----
 
-If you're not following the traditional \{projectName\}.git project naming conventions,
+If you're not following the traditional `\{projectName\}.git` project naming conventions,
 you will want to customize Gerrit to read them. Add the following:
 
 ----
-$ git config -f $site_path/etc/gerrit.config gitweb.type custom
-$ git config -f $site_path/etc/gerrit.config gitweb.project ?p=\${project}\;a=summary
-$ git config -f $site_path/etc/gerrit.config gitweb.revision ?p=\${project}\;a=commit\;h=\${commit}
-$ git config -f $site_path/etc/gerrit.config gitweb.branch ?p=\${project}\;a=shortlog\;h=\${branch}
-$ git config -f $site_path/etc/gerrit.config gitweb.roottree ?p=\${project}\;a=tree\;hb=\${commit}
-$ git config -f $site_path/etc/gerrit.config gitweb.file ?p=\${project}\;hb=\${commit}\;f=\${file}
-$ git config -f $site_path/etc/gerrit.config gitweb.filehistory ?p=\${project}\;a=history\;hb=\${branch}\;f=\${file}
+  git config -f $site_path/etc/gerrit.config gitweb.type custom
+  git config -f $site_path/etc/gerrit.config gitweb.project ?p=\${project}\;a=summary
+  git config -f $site_path/etc/gerrit.config gitweb.revision ?p=\${project}\;a=commit\;h=\${commit}
+  git config -f $site_path/etc/gerrit.config gitweb.branch ?p=\${project}\;a=shortlog\;h=\${branch}
+  git config -f $site_path/etc/gerrit.config gitweb.roottree ?p=\${project}\;a=tree\;hb=\${commit}
+  git config -f $site_path/etc/gerrit.config gitweb.file ?p=\${project}\;hb=\${commit}\;f=\${file}
+  git config -f $site_path/etc/gerrit.config gitweb.filehistory ?p=\${project}\;a=history\;hb=\${branch}\;f=\${file}
 ----
 
 After updating `'$site_path'/etc/gerrit.config`, the Gerrit server must
diff --git a/Documentation/config-labels.txt b/Documentation/config-labels.txt
index 1f9dd33..47396ef 100644
--- a/Documentation/config-labels.txt
+++ b/Documentation/config-labels.txt
@@ -11,11 +11,10 @@
 [[label_Code-Review]]
 == Label: Code-Review
 
-The code review label is the second of two default labels that is
-configured upon the creation of a Gerrit instance.  It may have any
-meaning the project desires.  It was originally invented by the Android
-Open Source Project to mean 'I read the code and it seems reasonably
-correct'.
+The Code-Review label is configured upon the creation of a Gerrit
+instance.  It may have any meaning the project desires.  It was
+originally invented by the Android Open Source Project to mean
+'I read the code and it seems reasonably correct'.
 
 The range of values is:
 
@@ -87,8 +86,10 @@
 Project to mean 'compiles, passes basic unit tests'.  Some CI tools
 expect to use the Verified label to vote on a change after running.
 
-Administrators can install the Verified label by adding the following
-text to `project.config`:
+During site initialization the administrator may have chosen to
+configure the default Verified label for all projects.  In case it is
+desired to configure it at a later time, administrators can do this by
+adding the following to `project.config` in `All-Projects`:
 
 ----
   [label "Verified"]
@@ -96,6 +97,7 @@
       value = -1 Fails
       value =  0 No score
       value = +1 Verified
+      copyAllScoresIfNoCodeChange = true
 ----
 
 The range of values is:
@@ -128,9 +130,10 @@
 
 
 [[label_custom]]
-== Your Label Here
+== Customized Labels
 
-Site administrators and project owners can also define their own labels.
+Site administrators and project owners can define their own labels,
+or customize labels inherited from parent projects.
 
 See above for descriptions of how <<label_Verified,`Verified`>>
 and <<label_Code-Review,`Code-Review`>> work, and add your own
@@ -144,15 +147,28 @@
 permission editor web UI.
 
 Labels may be added to any project's `project.config`; the default
-labels are defined in `All-Projects`. Labels are inherited from parent
-projects; a child project may add, override, or remove labels defined in
-its parents.  Overriding a label in a child project overrides all its
-properties and values.  To remove a label in a child project, add an
-empty label with the same name as in the parent.
+labels are defined in `All-Projects`.
 
-Labels are laid out in the order they are specified in project.config,
-with inherited labels appearing first, providing some layout control to
-the administrator.
+[[label_inheritance]]
+=== Inheritance
+
+Labels are inherited from parent projects. A child project may add,
+override, or remove labels defined in its parents.
+
+Overriding a label in a child project overrides all its properties and
+values. It is not possible to modify an inherited label by adding
+properties in the child project's configuration; all properties from
+the parent definition must be redefined in the child.
+
+To remove a label in a child project, add an empty label with the same
+name as in the parent. This will override the parent label with
+a label containing the defaults (`function = MaxWithBlock`,
+`defaultValue = 0` and no further allowed values)
+
+[[label_layout]]
+=== Layout
+
+Labels are laid out in alphabetical order.
 
 [[label_name]]
 === `label.Label-Name`
@@ -230,6 +246,19 @@
 Allowed range of values are 0 (Patch Set Unlocked) to 1 (Patch Set
 Locked).
 
+[[label_allowPostSubmit]]
+=== `label.Label-Name.allowPostSubmit`
+
+If true, the label may be voted on for changes that have already been
+submitted. If false, the label will not appear in the UI and will not
+be accepted when reviewing a closed change.
+
+In either case, voting on a label after submission is only permitted if
+the new vote is at least as high as the old vote by that user. This
+avoids creating the false impression that a post-submit vote can change
+the past and affect submission somehow.
+
+Defaults to true.
 
 [[label_copyMinScore]]
 === `label.Label-Name.copyMinScore`
@@ -246,8 +275,8 @@
 sticky approvals, reducing turn-around for trivial cleanups prior to
 submitting a change. Defaults to false.
 
-[[label_copyAllScoresOnMergeCommitFirstParentUpdate]]
-=== `label.Label-Name.copyAllScoresOnMergeCommitFirstParentUpdate`
+[[label_copyAllScoresOnMergeFirstParentUpdate]]
+=== `label.Label-Name.copyAllScoresOnMergeFirstParentUpdate`
 
 This policy is useful if you don't want to trigger CI or human
 verification again if your target branch moved on but the feature
@@ -288,8 +317,8 @@
 the commit message is different. This can be used to enable sticky
 approvals on labels that only depend on the code, reducing turn-around
 if only the commit message is changed prior to submitting a change.
-For the Verified label that is installed by the link:pgm-init.html[init]
-site program this is enabled by default.
+For the Verified label that is optionally installed by the
+link:pgm-init.html[init] site program this is enabled by default.
 
 Defaults to false.
 
@@ -337,6 +366,8 @@
 parts in `project.config` file. That means from the UI a user can always
 assign permissions for that label on a branch, but this permission is then
 ignored if the label doesn't apply for that branch.
+Additionally, the `branch` modifier has no effect when the submit rule
+is customized in the rules.pl of the project or inherited from parent projects.
 
 [[label_example]]
 === Example
diff --git a/Documentation/config-login-register.txt b/Documentation/config-login-register.txt
index ffeae62..1639c8a 100644
--- a/Documentation/config-login-register.txt
+++ b/Documentation/config-login-register.txt
@@ -135,11 +135,3 @@
 
   user@host:~$
 ----
-
-
-GERRIT
-------
-Part of link:index.html[Gerrit Code Review]
-
-SEARCHBOX
----------
diff --git a/Documentation/config-mail.txt b/Documentation/config-mail.txt
index 51ea9c5..9eb31bf 100644
--- a/Documentation/config-mail.txt
+++ b/Documentation/config-mail.txt
@@ -1,163 +1,167 @@
 = Gerrit Code Review - Mail Templates
 
-Gerrit uses velocity templates for the bulk of the standard mails it sends out.
+Gerrit uses link:https://developers.google.com/closure/templates/[Closure Templates]
+(Soy) for the bulk of the standard mails it sends out.
 There are builtin default templates which are used if they are not overridden.
 These defaults are also provided as examples so that administrators may copy
 them and easily modify them to tweak their contents.
 
+*Compatibility Note:* previously, Velocity Template Language (VTL) was used as
+the template language for Gerrit emails. VTL has now been deprecated in favor of
+Soy, but Velocity templates that modify text emails remain supported for now.
 
-== Template Locations and Extensions:
+== Template Locations and Extensions
 
 The default example templates reside under:  `'$site_path'/etc/mail` and are
-terminated with the double extension `.vm.example`. Modifying these example
+terminated with the double extension `.soy.example`. Modifying these example
 files will have no effect on the behavior of Gerrit.  However, copying an
 example template to an equivalently named file without the `.example` extension
 and modifying it will allow an administrator to customize the template.
 
-
-== Supported Mail Templates:
+== Supported Mail Templates
 
 Each mail that Gerrit sends out is controlled by at least one template.  These
 are listed below.  Change emails are influenced by two additional templates,
 one to set the subject line, and one to set the footer which gets appended to
-all the change emails (see `ChangeSubject.vm` and `ChangeFooter.vm` below.)
+all the change emails (see `ChangeSubject.soy` and `ChangeFooter.soy` below.)
 
-=== Abandoned.vm
+Many types of Gerrit email message support HTML in addition to plain-text. Where
+both are supported, templates to control the HTML part have `...Html` appended
+in their file names. For example, for "Abandoned" emails, the `Abandoned.soy`
+template determines the text part of the message, whereas `AbandonedHtml.soy`
+determines the HTML part.
 
-The `Abandoned.vm` template will determine the contents of the email related
-to a change being abandoned.  It is a `ChangeEmail`: see `ChangeSubject.vm` and
-`ChangeFooter.vm`.
+=== Abandoned.soy and AbandonedHtml.soy
 
-=== AddKey.vm
+The "Abandoned" templates will determine the contents of the email related to a
+change being abandoned.  It is a `ChangeEmail`: see `ChangeSubject.soy` and
+ChangeFooter.
 
-The `AddKey.vm` template will determine the contents of the email related to
-SSH and GPG keys being added to a user account. This notification is not sent
-when the key is administratively added to another user account.
+=== AddKey.soy and AddKeyHtml.soy
 
-=== ChangeFooter.vm
+AddKey templates will determine the contents of the email related to SSH and GPG
+keys being added to a user account. This notification is not sent when the key
+is administratively added to another user account.
 
-The `ChangeFooter.vm` template will determine the contents of the footer
-text that will be appended to emails related to changes (all `ChangeEmail`s).
+=== ChangeFooter.soy and ChangeFooterHtml.soy
 
-=== ChangeSubject.vm
+The ChangeFooter templates will determine the contents of the footer that will
+be appended to emails related to changes (all `ChangeEmail`s).
 
-The `ChangeSubject.vm` template will determine the contents of the email
+=== ChangeSubject.soy
+
+The `ChangeSubject.soy` template will determine the contents of the email
 subject line for ALL emails related to changes.
 
-=== Comment.vm
+=== Comment.soy
 
-The `Comment.vm` template will determine the contents of the email related to
+The `Comment.soy` template will determine the contents of the email related to
 a user submitting comments on changes.  It is a `ChangeEmail`: see
-`ChangeSubject.vm`, `ChangeFooter.vm` and `CommentFooter.vm`.
+`ChangeSubject.soy`, ChangeFooter and CommentFooter.
 
-=== CommentFooter.vm
+=== CommentFooter.soy and CommentFooterHtml.soy
 
-The `CommentFooter.vm` template will determine the contents of the footer
-text that will be appended to emails related to a user submitting comments on
-changes.  See `ChangeSubject.vm`, `Comment.vm` and `ChangeFooter.vm`.
+The CommentFooter templates will determine the contents of the footer text that
+will be appended to emails related to a user submitting comments on changes.
+See `ChangeSubject.soy`, Comment and ChangeFooter.
 
-=== DeleteVote.vm
+=== DeleteVote.soy and DeleteVoteHtml.soy
 
-The `DeleteVote.vm` template will determine the contents of the email related
-to removing votes on changes.  It is a `ChangeEmail`: see `ChangeSubject.vm`
-and `ChangeFooter.vm`.
+The DeleteVote templates will determine the contents of the email related to
+removing votes on changes.  It is a `ChangeEmail`: see `ChangeSubject.soy`
+and ChangeFooter.
 
-=== DeleteReviewer.vm
+=== DeleteReviewer.soy and DeleteReviewerHtml.soy
 
-The `DeleteReviewer.vm` template will determine the contents of the email related
-to a user removing a reviewer (with a vote) from a change.  It is a
-`ChangeEmail`: see `ChangeSubject.vm` and `ChangeFooter.vm`.
+The DeleteReviewer templates will determine the contents of the email related to
+a user removing a reviewer (with a vote) from a change.  It is a
+`ChangeEmail`: see `ChangeSubject.soy` and ChangeFooter.
 
-=== Footer.vm
+=== Footer.soy and FooterHtml.soy
 
-The `Footer.vm` template will determine the contents of the footer text
-appended to the end of all outgoing emails after the ChangeFooter and
-CommentFooter.
+The Footer templates will determine the contents of the footer text appended to
+the end of all outgoing emails after the ChangeFooter and CommentFooter.
 
-=== Merged.vm
+=== Merged.soy and MergedHtml.soy
 
-The `Merged.vm` template will determine the contents of the email related to
-a change successfully merged to the head.  It is a `ChangeEmail`: see
-`ChangeSubject.vm` and `ChangeFooter.vm`.
+The Merged templates will determine the contents of the email related to a
+change successfully merged to the head.  It is a `ChangeEmail`: see
+`ChangeSubject.soy` and ChangeFooter.
 
-=== NewChange.vm
+=== NewChange.soy and NewChangeHtml.soy
 
-The `NewChange.vm` template will determine the contents of the email related
-to a user submitting a new change for review. This includes changes created
-by actions made by the user in the Web UI such as cherry picking a commit or
-reverting a change.  It is a `ChangeEmail`: see `ChangeSubject.vm` and
-`ChangeFooter.vm`.
+The NewChange templates will determine the contents of the email related to a
+user submitting a new change for review. This includes changes created by
+actions made by the user in the Web UI such as cherry picking a commit or
+reverting a change.  It is a `ChangeEmail`: see `ChangeSubject.soy` and
+ChangeFooter.
 
-=== RegisterNewEmail.vm
+=== RegisterNewEmail.soy
 
-The `RegisterNewEmail.vm` template will determine the contents of the email
+The `RegisterNewEmail.soy` template will determine the contents of the email
 related to registering new email accounts.
 
-=== ReplacePatchSet.vm
+=== ReplacePatchSet.soy and ReplacePatchSetHtml.soy
 
-The `ReplacePatchSet.vm` template will determine the contents of the email
-related to a user submitting a new patchset for a change.  This includes
-patchsets created by actions made by the user in the Web UI such as editing
-the commit message, cherry picking a commit, or rebasing a change.  It is a
-`ChangeEmail`: see `ChangeSubject.vm` and `ChangeFooter.vm`.
+The ReplacePatchSet templates will determine the contents of the email related
+to a user submitting a new patchset for a change.  This includes patchsets
+created by actions made by the user in the Web UI such as editing the commit
+message, cherry picking a commit, or rebasing a change.  It is a `ChangeEmail`:
+see `ChangeSubject.soy` and ChangeFooter.
 
-=== Restored.vm
+=== Restored.soy and RestoredHtml.soy
 
-The `Restored.vm` template will determine the contents of the email related
-to a change being restored.  It is a `ChangeEmail`: see `ChangeSubject.vm` and
-`ChangeFooter.vm`.
+The Restored templates will determine the contents of the email related to a
+change being restored.  It is a `ChangeEmail`: see `ChangeSubject.soy` and
+ChangeFooter.
 
-=== Reverted.vm
+=== Reverted.soy and RevertedHtml.soy
 
-The `Reverted.vm` template will determine the contents of the email related
-to a change being reverted.  It is a `ChangeEmail`: see `ChangeSubject.vm` and
-`ChangeFooter.vm`.
+The Reverted templates will determine the contents of the email related to a
+change being reverted.  It is a `ChangeEmail`: see `ChangeSubject.soy` and
+ChangeFooter.
+
+=== SetAssignee.soy and SetAssigneeHtml.soy
+
+The SetAssignee templates will determine the contents of the email related to a
+user being assigned to a change. It is a `ChangeEmail`: see `ChangeSubject.soy`
+and ChangeFooter.
 
 
 == Mail Variables and Methods
 
 Mail templates can access and display objects currently made available to them
-via the velocity context.  While the base objects are documented here, it is
-possible to call public methods on these objects from templates.  Those methods
-are not documented here since they could change with every release.  As these
-templates are meant to be modified only by a qualified sysadmin, it is accepted
-that writing templates for Gerrit emails is likely to require some basic
-knowledge of the class structure to be useful.  Browsing the source code might
-be necessary for anything more than a minor formatting change.
+via the Soy context.
 
 === Warning
 
 Be aware that modifying templates can cause them to fail to parse and therefore
-not send out the actual email, or worse, calling methods on the available
-objects could have internal side effects which would adversely affect the
-health of your Gerrit server and/or data.
+not send out the actual email.
 
 === All OutgoingEmails
 
 All outgoing emails have the following variables available to them:
 
-$email::
+$email.settingsUrl::
 +
-A reference to the class constructing the current `OutgoingEmail`.  With this
-reference it is possible to call any public method on the OutgoingEmail class
-or the current child class inherited from it.
+The URL to view the user's settings in the Gerrit web UI.
+
+$email.gerritHost::
++
+The name of the Gerrit instance.
+
+$email.gerritUrl::
++
+The URL to the Gerrit web UI.
 
 $messageClass::
 +
 A String containing the messageClass.
 
-$StringUtils::
-+
-A reference to the Apache `StringUtils` class.  This can be very useful for
-formatting strings.
-
 === Change Emails
 
-All change related emails have the following additional variables available to them:
-
-$change::
-+
-A reference to the current `Change` object.
+Change related emails have the following template data available to them, in
+addition to what's available to all outgoing emails.
 
 $changeId::
 +
@@ -167,30 +171,65 @@
 +
 The text of the `ChangeMessage`.
 
-$branch::
-+
-A reference to the branch of this change (a `Branch.NameKey`).
-
 $fromName::
 +
 The name of the from user.
 
+$email.unifiedDiff::
++
+The diff of the change.
+
+$email.changeDetail::
++
+The details of the change, including the commit message.
+
+$email.changeUrl::
++
+The URL to the change in the web UI.
+
+$email.includeDiff::
++
+Whether the Gerrit instance is configured to include diffs in emails.
+
+$change.subject::
++
+The subject of the current change.
+
+$change.originalSubject::
++
+The subject corresponding to the first patch set of the current change.
+
+$change.shortSubject::
++
+The subject limited to 72 characters, with an ellipsis if it exceeds that.
+
+$change.ownerEmail::
++
+The email address of the owner of the change.
+
+$branch.shortName::
++
+The name of the branch targeted by the current change.
+
 $projectName::
 +
 The name of this change's project.
 
-$patchSet::
+$shortProjectName::
 +
-A reference to the current `PatchSet`.
+The project name with the path abbreviated.
 
-$patchSetInfo::
+$sshHost::
 +
-A reference to the current `PatchSetInfo`.
+SSH hostname for the Gerrit instance.
 
+$patchSet.patchSetId::
++
+The current patch set number.
 
-== SEE ALSO
-
-* link:http://velocity.apache.org/[velocity]
+$patchSet.refname::
++
+The refname of the patch set.
 
 GERRIT
 ------
diff --git a/Documentation/config-plugins.txt b/Documentation/config-plugins.txt
index b7c1415..a652136 100644
--- a/Documentation/config-plugins.txt
+++ b/Documentation/config-plugins.txt
@@ -121,7 +121,7 @@
 
 link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/review-strategy[
 Project] |
-link:https://gerrit.googlesource.com/plugins/review-strategy/+/master/src/main/resources/Documentation/about.md[
+link:https://gerrit.googlesource.com/plugins/review-strategy/+doc/master/src/main/resources/Documentation/about.md[
 Documentation]
 
 [[singleusergroup]]
@@ -163,6 +163,18 @@
 link:https://gerrit.googlesource.com/plugins/admin-console/+doc/master/src/main/resources/Documentation/about.md[
 Documentation]
 
+[[analytics]]
+=== analytics
+
+Plugin to extract commit and review data from Gerrit projects and
+expose aggregated metrics over REST and SSH API.
+Metrics are extracted in JSON format with one record per line, ready to be
+archived and processed with popular BigData transformation tools such
+Apache Spark or published and visualized in dashboards.
+
+link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/analytics[Project] |
+link:https://gerrit.googlesource.com/plugins/analytics/+doc/master/README.md[Documentation]
+
 [[avatars-external]]
 === avatars-external
 
@@ -281,6 +293,26 @@
 link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/gitiles[
 Project]
 
+[[healthcheck]]
+=== healthcheck
+
+Plugin for monitoring and alerting when Gerrit does not behave properrly.
+
+When Gerrit Server needs to be available 24x7, it is important to know
+*beforehand* if something isn't working correctly: this plugin exposes a
+REST-API that provides the real-time status of the Gerrit internals and can
+be integrated with real-time monitoring systems and paging platforms.
+
+Healthcheck metrics (latency and subsystem healthiness) are published as
+Gerrit internal metrics and can be published to dashboards.
+
+link:https://gerrit-review.googlesource.com/admin/repos/plugins/healthcheck[
+Project] |
+link:https://gerrit.googlesource.com/plugins/healthcheck/+doc/master/src/main/resources/Documentation/about.md[
+Documentation] |
+link:https://gerrit.googlesource.com/plugins/healthcheck/+doc/master/src/main/resources/Documentation/config.md[
+Configuration]
+
 [[imagare]]
 === imagare
 
@@ -475,7 +507,7 @@
 appends `label('Owner-Approval', need(_))` to a provided list.
 
 link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/owners[Project] |
-link:https://gerrit.googlesource.com/plugins/owners/+/refs/heads/master/README.md[Documentation]
+link:https://gerrit.googlesource.com/plugins/owners/+doc/master/README.md[Documentation]
 
 [[project-download-commands]]
 === project-download-commands
@@ -509,6 +541,19 @@
 link:https://gerrit.googlesource.com/plugins/quota/+doc/master/src/main/resources/Documentation/config.md[
 Configuration]
 
+[[readonly]]
+=== readonly
+
+A plugin that makes the Gerrit server read-only by rejecting git pushes,
+blocking HTTP PUT/POST/DELETE requests, and disabling SSH commands.
+
+link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/readonly[
+Project] |
+link:https://gerrit.googlesource.com/plugins/readonly/+doc/master/src/main/resources/Documentation/about.md[
+Documentation] |
+link:https://gerrit.googlesource.com/plugins/readonly/+doc/master/src/main/resources/Documentation/config.md[
+Configuration]
+
 [[ref-protection]]
 === ref-protection
 
@@ -519,7 +564,7 @@
 
 link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/ref-protection[
 Project] |
-link:https://gerrit.googlesource.com/plugins/ref-protection/+/refs/heads/stable-2.11/src/main/resources/Documentation/about.md[
+link:https://gerrit.googlesource.com/plugins/ref-protection/+doc/master/src/main/resources/Documentation/about.md[
 Documentation]
 
 [[reparent]]
@@ -658,7 +703,7 @@
 
 This plugin replaces the built-in Gerrit H2 based websession cache with
 a flatfile based implementation. This implementation is shareable
-amongst multiple Gerrit servers, making it useful for multi-master
+among multiple Gerrit servers, making it useful for multi-master
 Gerrit installations.
 
 link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/websession-flatfile[
diff --git a/Documentation/config-project-config.txt b/Documentation/config-project-config.txt
index 7121265..ed0b151 100644
--- a/Documentation/config-project-config.txt
+++ b/Documentation/config-project-config.txt
@@ -20,6 +20,11 @@
 that you will have to configure push rights for the +refs/meta/config+ name
 space if you'd like to use the possibility to automate permission updates.
 
+== Property inheritance
+
+If a property is set to INHERIT, then the value from the parent project is
+used. If the property is not set in any parent project, the default value is
+FALSE.
 
 [[file-project_config]]
 == The file +project.config+
@@ -79,6 +84,11 @@
 also redefine the text and behavior of the built in label types `Code-Review`
 and `Verified`.
 
+Optionally a +commentlink+ section can be added to define project-specific
+comment links. The +commentlink+ section has the same format as the
+link:config-gerrit.html#commentlink[+commentlink+ section in gerrit.config]
+which is used to define global comment links.
+
 [[project-section]]
 === Project section
 
@@ -126,12 +136,18 @@
 operation will fail. If set to zero then there is no limit.
 +
 Project owners can use this setting to prevent developers from pushing
-objects which are too large to Gerrit. This setting can also be set it
-`gerrit.config` globally link:config-gerrit.html#receive.maxObjectSizeLimit[
-receive.maxObjectSizeLimit].
+objects which are too large to Gerrit. This setting can also be set in
+`gerrit.config` globally (link:config-gerrit.html#receive.maxObjectSizeLimit[
+receive.maxObjectSizeLimit]).
 +
-The project specific setting in `project.config` is only honored when it
-further reduces the global limit.
+The project specific setting in `project.config` may not set a value higher
+than the global limit (if configured). In other words, it is only honored when
+it further reduces the global limit.
++
+When link:config-gerrit.html#receive.inheritProjectMaxObjectSizeLimit[
+`receive.inheritProjectmaxObjectSizeLimit`] is enabled in the global config,
+the value is inherited from the parent project. Otherwise, it is not inherited
+and must be explicitly set per project.
 +
 Default is zero.
 +
@@ -166,9 +182,10 @@
 +
 Controls whether server-side signed push validation is required on the
 project. Only has an effect if signed push validation is enabled on the
-server, and link:#receive.enableSignedPush is set on the project. See
-the link:config-gerrit.html#receive.enableSignedPush[global
-configuration] for details.
+server, and link:#receive.enableSignedPush[`receive.enableSignedPush`] is
+set on the project. See the
+link:config-gerrit.html#receive.enableSignedPush[global configuration]
+for details.
 +
 Default is `INHERIT`, which means that this property is inherited from
 the parent project.
diff --git a/Documentation/config-robot-comments.txt b/Documentation/config-robot-comments.txt
new file mode 100644
index 0000000..cf5de10
--- /dev/null
+++ b/Documentation/config-robot-comments.txt
@@ -0,0 +1,49 @@
+= Gerrit Code Review - Robot Comments
+
+Gerrit has special support for inline comments that are generated by
+automated third-party systems, so called "robot comments". For example
+robot comments can be used to represent the results of code analyzers.
+
+In contrast to regular inline comments which are free-text comments,
+robot comments are more structured and can contain additional data,
+such as a robot ID, a robot run ID and a URL, see
+link:rest-api-changes.html#robot-comment-info[RobotCommentInfo] for
+details.
+
+It is planned to visualize robot comments differently in the web UI so
+that they can be easily distinguished from human comments. Users should
+also be able to use filtering on robot comments, so that only part of
+the robot comments or no robot comments are shown. In addition it is
+planned that robot comments can contain fixes, that users can apply by
+a single click.
+
+== REST endpoints
+
+* Posting robot comments is done by the
+  link:rest-api-changes.html[Set Review] REST endpoint. The
+  link:rest-api-changes.html#review-input[input] for this REST endpoint
+  can contain robot comments in its `robot_comments` field.
+* link:rest-api-changes.html#list-robot-comments[List Robot Comments]
+* link:rest-api-changes.html#get-robot-comment[Get Robot Comment]
+
+== Storage
+
+Robot comments are stored per change in a
+`refs/changes/XX/YYYY/robot-comments` ref, where `XX/YYYY` is the
+sharded change ID.
+
+Robot comments can be dropped by deleting this ref.
+
+== Limitations
+
+* Robot comments are only supported with NoteDb, but not with ReviewDb.
+* Robot comments are not displayed in the web UI yet.
+* There is no support for draft robot comments, but robot comments are
+  always published and visible to everyone who can see the change.
+
+GERRIT
+------
+Part of link:index.html[Gerrit Code Review]
+
+SEARCHBOX
+---------
diff --git a/Documentation/config-sso.txt b/Documentation/config-sso.txt
index 684b87c..7814061 100644
--- a/Documentation/config-sso.txt
+++ b/Documentation/config-sso.txt
@@ -68,14 +68,13 @@
 Merging Gerrit User Accounts] on the Gerrit Wiki for details.
 
 Linking another identity is also useful for users whose primary OpenID provider
-shuts down. For example Google will
+shuts down. For example Google
 link:https://developers.google.com/+/api/auth-migration[shut down their OpenID
-service on 20th April 2015]. Users must add an alternative identity, using another
-OpenID provider, before that shutdown date. User who fail to add an alternative
-identity before that date, and end up with their account only having a disabled
-Google identity, will need to create a separate account with an alternative
-provider and then ask the administrator to merge the accounts using the previously
-mentioned method.
+service on 20th April 2015]. Users who failed to add an alternative identity with
+another OpenID provider before that date will end up with their account only having
+a disabled Google identity. After creating a separate account with an alternative
+provider, they will need to ask the administrator to merge the accounts using the
+previously mentioned method.
 
 To link another identity to an existing account:
 
@@ -88,7 +87,7 @@
 Login using the other identity can only be performed after the linking is
 successful.
 
-== HTTP Basic/Digest Authentication
+== HTTP Basic Authentication
 
 When using HTTP authentication, Gerrit assumes that the servlet
 container or the frontend web server has performed all user
diff --git a/Documentation/config-validation.txt b/Documentation/config-validation.txt
index 2707e5c..c54717b 100644
--- a/Documentation/config-validation.txt
+++ b/Documentation/config-validation.txt
@@ -45,6 +45,18 @@
 If the commit fails the validation, the plugin can throw an exception
 which will cause the merge to fail.
 
+[[on-submit-validation]]
+== On submit validation
+
+
+Plugins implementing the `OnSubmitValidationListener` interface can
+perform additional validation checks against ref operations resulting
+from execution of submit operation before they are applied to any git
+repositories (there could be more than one in case of topic submits).
+
+Plugin can throw an exception which will cause submit operation to be
+aborted.
+
 [[pre-upload-validation]]
 == Pre-upload validation
 
@@ -80,6 +92,13 @@
 E.g. a plugin could use this to enforce a certain name scheme for
 group names.
 
+[[assignee-validation]]
+== Assignee validation
+
+
+Plugins implementing the `AssigneeValidationListener` interface can perform
+validation of assignees before they are assigned to a change.
+
 [[hashtag-validation]]
 == Hashtag validation
 
diff --git a/Documentation/config.defs b/Documentation/config.defs
deleted file mode 100644
index 7f814d3..0000000
--- a/Documentation/config.defs
+++ /dev/null
@@ -1,22 +0,0 @@
-DOCUMENTATION_DEPS = {
-  "install-quick.txt": ["config-login-register.txt"],
-  "install.txt": ["database-setup.txt"],
-}
-
-def documentation_attributes(revision):
-  return [
-    'toc',
-    'newline="\\n"',
-    'asterisk="&#42;"',
-    'plus="&#43;"',
-    'caret="&#94;"',
-    'startsb="&#91;"',
-    'endsb="&#93;"',
-    'tilde="&#126;"',
-    'last-update-label!',
-    'source-highlighter=prettify',
-    'stylesheet=DEFAULT',
-    'linkcss=true',
-    'prettifydir=.',
-    'revnumber="%s"' % revision,
-  ]
diff --git a/Documentation/database-setup.txt b/Documentation/database-setup.txt
index 0f73bd3..2dbec2d 100644
--- a/Documentation/database-setup.txt
+++ b/Documentation/database-setup.txt
@@ -55,6 +55,8 @@
 [[createdb_mysql]]
 === MySQL
 
+Requirements: MySQL version 5.1 or later.
+
 This option is also more complicated than the H2 option. Just as with
 PostgreSQL it's also recommended for larger installations.
 
@@ -66,7 +68,7 @@
   mysql
 
   CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'secret';
-  CREATE DATABASE reviewdb;
+  CREATE DATABASE reviewdb DEFAULT CHARACTER SET 'utf8';
   GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';
   FLUSH PRIVILEGES;
 ----
@@ -74,6 +76,16 @@
 Visit MySQL's link:http://dev.mysql.com/doc/[documentation] for further
 information regarding using MySQL.
 
+[[createdb_mariadb]]
+=== MariaDB
+
+Requirements: MariaDB version 5.5 or later.
+
+Refer to MySQL section above how to create MariaDB database.
+
+Visit MariaDB's link:https://mariadb.com/kb/en/mariadb/[documentation] for further
+information regarding using MariaDB.
+
 [[createdb_oracle]]
 === Oracle
 
@@ -115,7 +127,7 @@
 
 ----
 [database]
-        password = secret_pasword
+        password = secret_password
 ----
 
 [[createdb_maxdb]]
@@ -204,7 +216,7 @@
 
 ----
 [database]
-        password = secret_pasword
+        password = secret_password
 ----
 
 [[createdb_hana]]
@@ -250,11 +262,3 @@
 
 Visit SAP HANA's link:http://help.sap.com/hana_appliance/[documentation] for
 further information regarding using SAP HANA.
-
-
-GERRIT
-------
-Part of link:index.html[Gerrit Code Review]
-
-SEARCHBOX
----------
diff --git a/Documentation/dev-bazel.txt b/Documentation/dev-bazel.txt
new file mode 100644
index 0000000..3cbb609
--- /dev/null
+++ b/Documentation/dev-bazel.txt
@@ -0,0 +1,442 @@
+= Gerrit Code Review - Building with Bazel
+
+[[installation]]
+== Installation
+
+You need to use Python (2 or 3), Java 8, and Node.js for building gerrit.
+
+You can install Bazel from the bazel.io:
+https://www.bazel.io/versions/master/docs/install.html
+
+Alternatively use Bazelisk to use the latest supported Bazel version on
+different stable branches: https://github.com/bazelbuild/bazelisk.
+
+[[build]]
+== Building on the Command Line
+
+=== Gerrit Development WAR File
+
+To build the Gerrit web application that includes the GWT UI and the
+PolyGerrit UI:
+
+----
+  bazel build gerrit
+----
+
+[NOTE]
+PolyGerrit UI may require additional tools (such as npm). Please read
+the polygerrit-ui/README.md for more info.
+
+The output executable WAR will be placed in:
+
+----
+  bazel-bin/gerrit.war
+----
+
+[[release]]
+=== Gerrit Release WAR File
+
+To build the Gerrit web application that includes the GWT UI, the
+PolyGerrit UI and documentation:
+
+----
+  bazel build release
+----
+
+The output executable WAR will be placed in:
+
+----
+  bazel-bin/release.war
+----
+
+=== Headless Mode
+
+To build Gerrit in headless mode, i.e. without the GWT Web UI:
+
+----
+  bazel build headless
+----
+
+The output executable WAR will be placed in:
+
+----
+  bazel-bin/headless.war
+----
+
+=== Extension and Plugin API JAR Files
+
+To build the extension, plugin and GWT API JAR files:
+
+----
+  bazel build api
+----
+
+The output archive that contains Java binaries, Java sources and
+Java docs will be placed in:
+
+----
+  bazel-bin/api.zip
+----
+
+Install {extension,plugin,gwt}-api to the local maven repository:
+
+----
+  tools/maven/api.sh install
+----
+
+Install gerrit.war to the local maven repository:
+
+----
+  tools/maven/api.sh war_install
+----
+
+=== Plugins
+
+----
+  bazel build plugins:core
+----
+
+The output JAR files for individual plugins will be placed in:
+
+----
+  bazel-bin/plugins/<name>/<name>.jar
+----
+
+The JAR files will also be packaged in:
+
+----
+  bazel-bin/plugins/core.zip
+----
+
+To build a specific plugin:
+
+----
+  bazel build plugins/<name>
+----
+
+The output JAR file will be be placed in:
+
+----
+  bazel-bin/plugins/<name>/<name>.jar
+----
+
+Note that when building an individual plugin, the `core.zip` package
+is not regenerated.
+
+To build with all Error Prone warnings activated, run:
+
+----
+  bazel build --java_toolchain //tools:error_prone_warnings_toolchain //...
+----
+
+
+[[IDEs]]
+== Using an IDE.
+
+=== IntelliJ
+
+The Gerrit build works with Bazel's link:https://ij.bazel.io[IntelliJ plugin].
+Please follow the instructions on <<dev-intellij#,IntelliJ Setup>>.
+
+=== Eclipse
+
+==== Generating the Eclipse Project
+
+Create the Eclipse project:
+
+----
+  tools/eclipse/project.py
+----
+
+and then follow the link:dev-eclipse.html#setup[setup instructions].
+
+==== Refreshing the Classpath
+
+If an updated classpath is needed, the Eclipse project can be
+refreshed and missing dependency JARs can be downloaded by running
+`project.py` again. For IntelliJ, you need to click the `Sync Project
+with BUILD Files` button of link:https://ij.bazel.io[IntelliJ plugin].
+
+[[documentation]]
+=== Documentation
+
+To build only the documentation for testing or static hosting:
+
+----
+  bazel build Documentation:searchfree
+----
+
+The html files will be bundled into `searchfree.zip` in this location:
+
+----
+  bazel-bin/Documentation/searchfree.zip
+----
+
+To build the executable WAR with the documentation included:
+
+----
+  bazel build withdocs
+----
+
+The WAR file will be placed in:
+
+----
+  bazel-bin/withdocs.war
+----
+
+[[tests]]
+== Running Unit Tests
+
+----
+  bazel test --build_tests_only //...
+----
+
+Debugging tests:
+
+----
+  bazel test --test_output=streamed --test_filter=com.gerrit.TestClass.testMethod  testTarget
+----
+
+Debug test example:
+
+----
+  bazel test --test_output=streamed --test_filter=com.google.gerrit.acceptance.api.change.ChangeIT.getAmbiguous //gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/change:api_change
+----
+
+To run a specific test group, e.g. the rest-account test group:
+
+----
+  bazel test //gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account:rest_account
+----
+
+To run the tests against NoteDb backend with write
+to NoteDb, but not read from it:
+
+----
+  bazel test --test_env=GERRIT_NOTEDB=WRITE //...
+----
+
+Write and read from NoteDb:
+
+----
+  bazel test --test_env=GERRIT_NOTEDB=READ_WRITE //...
+----
+
+Primary storage NoteDb:
+
+----
+  bazel test --test_env=GERRIT_NOTEDB=PRIMARY //...
+----
+
+Primary storage NoteDb and ReviewDb disabled:
+
+----
+  bazel test --test_env=GERRIT_NOTEDB=DISABLE_CHANGE_REVIEW_DB //...
+----
+
+To run only tests that do not use SSH:
+
+----
+  bazel test --test_env=GERRIT_USE_SSH=NO //...
+----
+
+To exclude tests that have been marked as flaky:
+
+----
+  bazel test --test_tag_filters=-flaky //...
+----
+
+To exclude tests that require a Docker host:
+
+----
+  bazel test --test_tag_filters=-docker //...
+----
+
+To ignore cached test results:
+
+----
+  bazel test --cache_test_results=NO //...
+----
+
+To run one or more specific groups of tests:
+
+----
+  bazel test --test_tag_filters=api,git //...
+----
+
+The following values are currently supported for the group name:
+
+* annotation
+* api
+* docker
+* edit
+* elastic
+* git
+* notedb
+* pgm
+* rest
+* server
+* ssh
+
+[[elasticsearch]]
+=== Elasticsearch
+
+Successfully running the Elasticsearch tests requires Docker, and
+may require setting the local
+link:https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html[virtual memory].
+
+If Docker is not available, the Elasticsearch tests will be skipped.
+Note that Bazel currently does not show
+link:https://github.com/bazelbuild/bazel/issues/3476[the skipped tests].
+
+== Dependencies
+
+Dependency JARs are normally downloaded as needed, but you can
+download everything upfront.  This is useful to enable
+subsequent builds to run without network access:
+
+----
+  bazel fetch //...
+----
+
+When downloading from behind a proxy (which is common in some corporate
+environments), it might be necessary to explicitly specify the proxy that
+is then used by `curl`:
+
+----
+  export http_proxy=http://<proxy_user_id>:<proxy_password>@<proxy_server>:<proxy_port>
+----
+
+Redirection to local mirrors of Maven Central and the Gerrit storage
+bucket is supported by defining specific properties in
+`local.properties`, a file that is not tracked by Git:
+
+----
+  echo download.GERRIT = http://nexus.my-company.com/ >>local.properties
+  echo download.MAVEN_CENTRAL = http://nexus.my-company.com/ >>local.properties
+----
+
+The `local.properties` file may be placed in the root of the gerrit repository
+being built, or in `~/.gerritcodereview/`.  The file in the root of the gerrit
+repository has precedence.
+
+== Building against unpublished Maven JARs
+
+To build against unpublished Maven JARs, like gwtorm or PrologCafe, the custom
+JARs must be installed in the local Maven repository (`mvn clean install`) and
+`maven_jar()` must be updated to point to the `MAVEN_LOCAL` Maven repository for
+that artifact:
+
+[source,python]
+----
+ maven_jar(
+   name = 'gwtorm',
+   artifact = 'gwtorm:gwtorm:42',
+   repository = MAVEN_LOCAL,
+ )
+----
+
+== Building against artifacts from custom Maven repositories
+
+To build against custom Maven repositories, two modes of operations are
+supported: with rewrite in local.properties and without.
+
+Without rewrite the URL of custom Maven repository can be directly passed
+to the maven_jar() function:
+
+[source,python]
+----
+  GERRIT_FORGE = 'http://gerritforge.com/snapshot'
+
+  maven_jar(
+    name = 'gitblit',
+    artifact = 'com.gitblit:gitblit:1.4.0',
+    sha1 = '1b130dbf5578ace37507430a4a523f6594bf34fa',
+    repository = GERRIT_FORGE,
+ )
+----
+
+When the custom URL has to be rewritten, then the same logic as with Gerrit
+known Maven repository is used: Repo name must be defined that matches an entry
+in local.properties file:
+
+----
+  download.GERRIT_FORGE = http://my.company.mirror/gerrit-forge
+----
+
+And corresponding WORKSPACE excerpt:
+
+[source,python]
+----
+  GERRIT_FORGE = 'GERRIT_FORGE:'
+
+  maven_jar(
+    name = 'gitblit',
+    artifact = 'com.gitblit:gitblit:1.4.0',
+    sha1 = '1b130dbf5578ace37507430a4a523f6594bf34fa',
+    repository = GERRIT_FORGE,
+ )
+----
+
+[[consume-jgit-from-development-tree]]
+
+To consume the JGit dependency from the development tree, edit
+`lib/jgit/jgit.bzl` setting LOCAL_JGIT_REPO to a directory holding a
+JGit repository.
+
+[[bazel-local-caches]]
+
+To accelerate builds, several caches are activated per default:
+
+* ~/.gerritcodereview/bazel-cache/downloaded-artifacts
+* ~/.gerritcodereview/bazel-cache/repository
+* ~/.gerritcodereview/bazel-cache/cas
+
+Currently none of these caches have a maximum size limit. See
+link:https://github.com/bazelbuild/bazel/issues/5139[this bazel issue] for
+details. Users should watch the cache sizes and clean them manually if
+necessary.
+
+
+[[RBE]]
+== Google Remote Build Support
+
+The Bazel build can be used with Google's Remote Build Execution.
+
+
+This needs the following setup steps:
+
+```
+gcloud auth application-default login
+gcloud services enable remotebuildexecution.googleapis.com  --project=${PROJECT}
+```
+
+Create a worker pool. The instances should have at least 4 CPUs each
+for adequate performance.
+
+```
+gcloud alpha remote-build-execution worker-pools create default \
+    --project=${PROJECT} \
+    --instance=default_instance \
+    --worker-count=50 \
+    --machine-type=n1-highcpu-4 \
+    --disk-size=200
+```
+
+To use RBE, execute
+
+```
+bazel test --config=remote \
+    --remote_instance_name=projects/${PROJECT}/instances/default_instance \
+    javatests/...
+```
+
+
+
+
+GERRIT
+------
+Part of link:index.html[Gerrit Code Review]
+
+SEARCHBOX
+---------
diff --git a/Documentation/dev-buck.txt b/Documentation/dev-buck.txt
deleted file mode 100644
index dd707f5..0000000
--- a/Documentation/dev-buck.txt
+++ /dev/null
@@ -1,668 +0,0 @@
-= Gerrit Code Review - Building with Buck
-
-
-== Installation
-
-You need to use Java 8 and Node.js for building gerrit.
-
-There is currently no binary distribution of Buck, so it has to be manually
-built and installed.  Apache Ant and gcc are required.  Currently only Linux
-and Mac OS are supported.
-
-Clone the git and build it:
-
-----
-  git clone https://github.com/facebook/buck
-  cd buck
-  git checkout $(cat ../gerrit/.buckversion)
-  ant
-----
-
-If you don't have a `bin/` directory in your home directory, create one:
-
-----
-  mkdir ~/bin
-----
-
-Add the `~/bin` folder to the path:
-
-----
-  PATH=~/bin:$PATH
-----
-
-Note that the buck executable needs to be available in all shell sessions,
-so also make sure it is appended to the path globally.
-
-Add a symbolic link in `~/bin` to the buck and buckd executables:
-
-----
-  ln -s `pwd`/bin/buck ~/bin/
-  ln -s `pwd`/bin/buckd ~/bin/
-----
-
-Verify that `buck` is accessible:
-
-----
-  which buck
-----
-
-To enable autocompletion of buck commands, install the autocompletion
-script from `./scripts/buck-completion.bash` in the buck project.  Refer
-to the script's header comments for installation instructions.
-
-== Prerequisites
-
-Buck requires Python version 2.7 to be installed. The Maven download toolchain
-requires `curl` to be installed.
-
-[[eclipse]]
-== Eclipse Integration
-
-
-=== Generating the Eclipse Project
-
-Create the Eclipse project:
-
-----
-  tools/eclipse/project.py
-----
-
-and then follow the link:dev-eclipse.html#setup[setup instructions].
-
-=== Refreshing the Classpath
-
-If an updated classpath is needed, the Eclipse project can be
-refreshed and missing dependency JARs can be downloaded:
-
-----
-  tools/eclipse/project.py
-----
-
-
-=== Attaching Sources
-
-Source JARs are downloaded by default. This allows Eclipse to show
-documentation or dive into the implementation of a library JAR.
-
-To save time and bandwidth, download of source JARs can be restricted
-to only those that are necessary to compile Java source into JavaScript
-using the GWT compiler:
-
-----
-  tools/eclipse/project.py --no-src
-----
-
-
-[[build]]
-== Building on the Command Line
-
-
-=== Gerrit Development WAR File
-
-To build the Gerrit web application that includes GWT UI and PolyGerrit UI:
-
-----
-  buck build gerrit
-----
-
-[NOTE]
-PolyGerrit UI may require additional tools (such as npm). Please read
-the polygerrit-ui/README.md for more info.
-
-The output executable WAR will be placed in:
-
-----
-  buck-out/gen/gerrit/gerrit.war
-----
-
-To build the Gerrit web application that includes only GWT UI:
-
-----
-  buck build gwtgerrit
-----
-
-The output executable WAR will be placed in:
-
-----
-  buck-out/gen/gwtgerrit/gwtgerrit.war
-----
-
-
-=== Headless Mode
-
-To build Gerrit in headless mode, i.e. without the GWT Web UI:
-
-----
-  buck build headless
-----
-
-The output executable WAR will be placed in:
-
-----
-  buck-out/gen/headless/headless.war
-----
-
-=== Extension and Plugin API JAR Files
-
-To build the extension, plugin and GWT API JAR files:
-
-----
-  buck build api
-----
-
-Java binaries, Java sources and Java docs are generated into corresponding
-project directories in `buck-out/gen`, here as example for plugin API:
-
-----
-  buck-out/gen/gerrit-plugin-api/plugin-api.jar
-  buck-out/gen/gerrit-plugin-api/plugin-api-javadoc/plugin-api-javadoc.jar
-  buck-out/gen/gerrit-plugin-api/plugin-api-src.jar
-----
-
-Install {extension,plugin,gwt}-api to the local maven repository:
-
-----
-  tools/maven/api.sh install
-----
-
-Install gerrit.war to the local maven repository:
-
-----
-  tools/maven/api.sh war_install
-----
-
-=== Plugins
-
-To build all core plugins:
-
-----
-  buck build plugins:core
-----
-
-The output JAR files for individual plugins will be placed in:
-
-----
-  buck-out/gen/plugins/<name>/<name>.jar
-----
-
-The JAR files will also be packaged in:
-
-----
-  buck-out/gen/plugins/core/core.zip
-----
-
-To build a specific plugin:
-
-----
-  buck build plugins/<name>:<name>
-----
-
-The output JAR file will be be placed in:
-
-----
-  buck-out/gen/plugins/<name>/<name>.jar
-----
-
-Note that when building an individual plugin, the `core.zip` package
-is not regenerated.
-
-Additional plugins with BUCK files can be added to the build
-environment by cloning the source repository into the plugins
-subdirectory:
-
-----
-  git clone https://gerrit.googlesource.com/plugins/<name> plugins/<name>
-  echo /plugins/<name> >>.git/info/exclude
-----
-
-Additional plugin sources will be automatically added to Eclipse the
-next time project.py is run:
-
-----
-  tools/eclipse/project.py
-----
-
-
-[[documentation]]
-=== Documentation
-
-To build only the documentation for testing or static hosting:
-
-----
-  buck build docs
-----
-
-The generated html files will NOT come with the search box, and will be
-placed in:
-
-----
-  buck-out/gen/Documentation/searchfree__tmp/Documentation
-----
-
-The html files will also be bundled into `searchfree.zip` in this location:
-
-----
-  buck-out/gen/Documentation/searchfree/searchfree.zip
-----
-
-To build the executable WAR with the documentation included:
-
-----
-  buck build withdocs
-----
-
-The WAR file will be placed in:
-
-----
-  buck-out/gen/withdocs/withdocs.war
-----
-
-[[soyc]]
-=== GWT Compile Report
-
-The GWT compiler can output a compile report (or "story of your compile"),
-describing the size of the JavaScript and which source classes contributed
-to the overall download size.
-
-----
-  buck build soyc
-----
-
-The report will be written as an HTML page to the extras directory, and
-can be opened and viewed in any web browser:
-
-----
-  extras/gerrit_ui/soycReport/compile-report/index.html
-----
-
-Only the "Split Point Report" is created, "Compiler Metrics" are not output.
-
-[[release]]
-=== Gerrit Release WAR File
-
-To build the release of the Gerrit web application, including documentation and
-all core plugins:
-
-----
-  buck build release
-----
-
-The output release WAR will be placed in:
-
-----
-  buck-out/gen/release/release.war
-----
-
-[[tests]]
-== Running Unit Tests
-
-To run all tests including acceptance tests (but not flaky tests):
-
-----
-  buck test --exclude flaky
-----
-
-To exclude flaky and slow tests:
-
-----
-  buck test --exclude flaky slow
-----
-
-To run only a specific group of acceptance tests:
-
-----
-  buck test --include api
-----
-
-The following groups of tests are currently supported:
-
-* acceptance
-* api
-* edit
-* flaky
-* git
-* pgm
-* rest
-* server
-* ssh
-* slow
-
-To run a specific test group, e.g. the rest-account test group:
-
-----
-  buck test //gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account:rest-account
-----
-
-To create test coverage report:
-
-----
-  buck test --code-coverage --code-coverage-format html --no-results-cache
-----
-
-The HTML report is created in `buck-out/gen/jacoco/code-coverage/index.html`.
-
-== Dependencies
-
-Dependency JARs are normally downloaded automatically, but Buck can inspect
-its graph and download any missing JAR files.  This is useful to enable
-subsequent builds to run without network access:
-
-----
-  tools/download_all.py
-----
-
-When downloading from behind a proxy (which is common in some corporate
-environments), it might be necessary to explicitly specify the proxy that
-is then used by `curl`:
-
-----
-  export http_proxy=http://<proxy_user_id>:<proxy_password>@<proxy_server>:<proxy_port>
-----
-
-Redirection to local mirrors of Maven Central and the Gerrit storage
-bucket is supported by defining specific properties in
-`local.properties`, a file that is not tracked by Git:
-
-----
-  echo download.GERRIT = http://nexus.my-company.com/ >>local.properties
-  echo download.MAVEN_CENTRAL = http://nexus.my-company.com/ >>local.properties
-----
-
-The `local.properties` file may be placed in the root of the gerrit repository
-being built, or in `~/.gerritcodereview/`.  The file in the root of the gerrit
-repository has precedence.
-
-== Building against unpublished Maven JARs
-
-To build against unpublished Maven JARs, like gwtorm or PrologCafe, the custom
-JARs must be installed in the local Maven repository (`mvn clean install`) and
-`maven_jar()` must be updated to point to the `MAVEN_LOCAL` Maven repository for
-that artifact:
-
-[source,python]
-----
- maven_jar(
-   name = 'gwtorm',
-   id = 'gwtorm:gwtorm:42',
-   license = 'Apache2.0',
-   repository = MAVEN_LOCAL,
- )
-----
-
-== Building against artifacts from custom Maven repositories
-
-To build against custom Maven repositories, two modes of operations are
-supported: with rewrite in local.properties and without.
-
-Without rewrite the URL of custom Maven repository can be directly passed
-to the maven_jar() function:
-
-[source,python]
-----
-  GERRIT_FORGE = 'http://gerritforge.com/snapshot'
-
-  maven_jar(
-    name = 'gitblit',
-    id = 'com.gitblit:gitblit:1.4.0',
-    sha1 = '1b130dbf5578ace37507430a4a523f6594bf34fa',
-    license = 'Apache2.0',
-    repository = GERRIT_FORGE,
- )
-----
-
-When the custom URL has to be rewritten, then the same logic as with Gerrit
-known Maven repository is used: Repo name must be defined that matches an entry
-in local.properties file:
-
-----
-  download.GERRIT_FORGE = http://my.company.mirror/gerrit-forge
-----
-
-And corresponding BUCK excerpt:
-
-[source,python]
-----
-  GERRIT_FORGE = 'GERRIT_FORGE:'
-
-  maven_jar(
-    name = 'gitblit',
-    id = 'com.gitblit:gitblit:1.4.0',
-    sha1 = '1b130dbf5578ace37507430a4a523f6594bf34fa',
-    license = 'Apache2.0',
-    repository = GERRIT_FORGE,
- )
-----
-
-=== Caching Build Results
-
-Build results can be locally cached, saving rebuild time when
-switching between Git branches. Buck's documentation covers
-caching in link:http://facebook.github.io/buck/concept/buckconfig.html[buckconfig].
-The trivial case using a local directory is:
-
-----
-  cat >.buckconfig.local <<EOF
-  [cache]
-    mode = dir
-    dir = buck-cache
-  EOF
-----
-
-[[clean-cache]]
-=== Cleaning The Buck Cache
-
-The cache for the Gerrit Code Review project is located in
-`~/.gerritcodereview/buck-cache/locally-built-artifacts`.
-
-The Buck cache should never need to be manually deleted. If you find yourself
-deleting the Buck cache regularly, then it is likely that there is something
-wrong with your environment or your workflow.
-
-If you really do need to clean the cache manually, then:
-
-----
- rm -rf ~/.gerritcodereview/buck-cache/locally-built-artifacts
-----
-
-Note that the root `buck-cache` folder should not be deleted as it also contains
-the `downloaded-artifacts` directory, which holds the artifacts that got
-downloaded (not built locally).
-
-[[buck-daemon]]
-=== Using Buck daemon
-
-Buck ships with a daemon command `buckd`, which uses the
-link:https://github.com/martylamb/nailgun[Nailgun] protocol for running
-Java programs from the command line without incurring the JVM startup
-overhead.
-
-Using a Buck daemon can save significant amounts of time as it avoids the
-overhead of starting a Java virtual machine, loading the buck class files
-and parsing the build files for each command.
-
-It is safe to run several buck daemons started from different project
-directories and they will not interfere with each other. Buck's documentation
-covers daemon in http://facebook.github.io/buck/command/buckd.html[buckd].
-
-To use `buckd` the additional
-link:https://facebook.github.io/watchman[watchman] program must be installed.
-
-To disable `buckd`, the environment variable `NO_BUCKD` must be set. It's not
-recommended to put it in the shell config, as it can be forgotten about it and
-then assumed Buck was working as it should when it should be using buckd.
-Prepend the variable to Buck invocation instead:
-
-----
-  NO_BUCKD=1 buck build gerrit
-----
-
-[[watchman]]
-=== Installing watchman
-
-Watchman is used internally by Buck to monitor directory trees and is needed
-for buck daemon to work properly. Because buckd is activated by default in the
-latest version of Buck, it searches for the watchman executable in the
-path and issues a warning when it is not found and kills buckd.
-
-To prepare watchman installation on Linux:
-
-----
-  git clone https://github.com/facebook/watchman.git
-  cd watchman
-  ./autogen.sh
-----
-
-To install it in user home directory (without root privileges):
-
-----
-  ./configure --prefix $HOME/watchman
-  make install
-----
-
-To install it system wide:
-
-----
-  ./configure
-  make
-  sudo make install
-----
-
-Put $HOME/watchman/bin/watchman in path or link to $HOME/bin/watchman.
-
-To install watchman on OS X:
-
-----
-  brew install --HEAD watchman
-----
-
-See the original documentation for more information:
-link:https://facebook.github.io/watchman/docs/install.html[Watchman
-installation].
-
-=== Override Buck's settings
-
-Additional JVM args for Buck can be set in `.buckjavaargs` in the
-project root directory. For example to override Buck's default 1GB
-heap size:
-
-----
-  cat > .buckjavaargs <<EOF
-  -XX:MaxPermSize=512m -Xms8000m -Xmx16000m
-  EOF
-----
-
-== Rerun unit tests
-
-Test execution results are cached by Buck. If a test that was already run
-needs to be repeated, the unit test cache for that test must be removed first:
-
-----
-  rm -rf buck-out/bin/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account/.rest-account/
-----
-
-After clearing the cache, the test can be run again:
-
-----
-  buck test //gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account:rest-account
-  [-] TESTING...FINISHED 12,3s (12 PASS/0 FAIL)
-  RESULTS FOR //gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account:rest-account
-  PASS     970ms  2 Passed   0 Skipped   0 Failed   com.google.gerrit.acceptance.rest.account.CapabilitiesIT
-  PASS     999ms  1 Passed   0 Skipped   0 Failed   com.google.gerrit.acceptance.rest.account.EditPreferencesIT
-  PASS      1,2s  1 Passed   0 Skipped   0 Failed   com.google.gerrit.acceptance.rest.account.GetAccountDetailIT
-  PASS     951ms  2 Passed   0 Skipped   0 Failed   com.google.gerrit.acceptance.rest.account.GetAccountIT
-  PASS      6,4s  2 Passed   0 Skipped   0 Failed   com.google.gerrit.acceptance.rest.account.GetDiffPreferencesIT
-  PASS      1,2s  4 Passed   0 Skipped   0 Failed   com.google.gerrit.acceptance.rest.account.PutUsernameIT
-  TESTS PASSED
-----
-
-An alternative approach is to use Buck's `--filters` (`-f`) option:
-
-----
-  buck test -f 'com.google.gerrit.acceptance.rest.account.CapabilitiesIT'
-  Using buckd.
-  [-] PROCESSING BUCK FILES...FINISHED 1,0s [100%]
-  [-] BUILDING...FINISHED 2,8s [100%] (334/701 JOBS, 110 UPDATED, 5,1% CACHE MISS)
-  [-] TESTING...FINISHED 9,2s (6 PASS/0 FAIL)
-  RESULTS FOR SELECTED TESTS
-  PASS      8,0s  2 Passed   0 Skipped   0 Failed   com.google.gerrit.acceptance.rest.account.CapabilitiesIT
-  PASS    <100ms  4 Passed   0 Skipped   0 Failed   //tools:util_test
-  TESTS PASSED
-----
-
-When this option is used, the cache is disabled per design and doesn't need to
-be explicitly deleted. Note, that this is a known issue, that python tests are
-always executed.
-
-Note that when this option is used, the whole unit test cache is dropped, so
-repeating the
-
-----
-buck test
-----
-
-causes all tests to be executed again.
-
-To run tests without using cached results at all, use the `--no-results-cache`
-option:
-
-----
-buck test --no-results-cache
-----
-
-== Upgrading Buck
-
-The following tests should be executed, when Buck version is upgraded:
-
-* buck build release
-* tools/maven/api.sh install
-* buck test
-* buck build gerrit, change some sources in gerrit-server project,
-  repeat buck build gerrit and verify that gerrit.war was updated
-* install and verify new gerrit site
-* upgrade and verify existing gerrit site
-* reindex existing gerrit site
-* verify that tools/eclipse/project.py produces sane Eclipse project
-* verify that tools/eclipse/project.py --src generates sources as well
-* verify that unit test execution from Eclipse works
-* verify that daemon started from Eclipse works
-* verify that GWT SDM debug session started from Eclipse works
-
-== Known issues and bugs
-
-=== Symbolic links and `watchman`
-
-`Buck` with activated `Watchman` has currently a
-[known bug](https://github.com/facebook/buck/issues/341) related to
-symbolic links. The symbolic links are used very often with external
-plugins, that are linked per symbolic link to the plugins directory.
-With this use case Buck is failing to rebuild the plugin artifact
-after it was built. All attempts to convince Buck to rebuild will fail.
-The only known way to recover is to weep out `buck-out` directory. The
-better workaround is to avoid using Watchman in this specific use case.
-Watchman can either be de-installed or disabled. See
-link:#buck-daemon[Using Buck daemon] section above how to temporarily
-disable `buckd`.
-
-== Troubleshooting Buck
-
-In some cases problems with Buck itself need to be investigated. See for example
-link:https://gerrit-review.googlesource.com/62411[this attempt to upgrade Buck]
-and link:https://github.com/facebook/buck/pull/227[the fix that was needed] to
-make the update possible.
-
-To build Gerrit with a custom version of Buck, the following steps are necessary:
-
-1. In the Buck git apply any necessary changes from pull requests
-2. Compile Buck with `ant`
-3. In the root of the Gerrit project create a `.nobuckcheck` file to prevent Buck
-from updating itself
-4. Replace the sha1 in Gerrit's `.buckversion` file with the required version from
-the custom Buck build
-5. Build Gerrit as usual
-
-GERRIT
-------
-Part of link:index.html[Gerrit Code Review]
-
-SEARCHBOX
----------
diff --git a/Documentation/dev-build-plugins.txt b/Documentation/dev-build-plugins.txt
index 13071df..9bf41e2 100644
--- a/Documentation/dev-build-plugins.txt
+++ b/Documentation/dev-build-plugins.txt
@@ -4,15 +4,15 @@
 From build process perspective there are three types of plugins:
 
 * Maven driven
-* Buck in tree driven
-* Buck standalone driven
+* Bazel tree driven
+* Bazel standalone
 
 These types can be combined: if both files in plugin's root directory exist:
 
-* `BUCK`
+* `BUILD`
 * `pom.xml`
 
-the plugin can be built with both Buck and Maven.
+the plugin can be built with both Bazel and Maven.
 
 
 == Maven driven build
@@ -52,35 +52,101 @@
 Repeat step 1. above.
 
 
-== Buck in tree driven
+== Bazel in tree driven
 
 
-The fact that plugin contains `BUCK` file doesn't mean that building this
-plugin from the plugin directory works. For now it doesn't. Buck in tree driven
-means it can only be built from within Gerrit tree. Clone or link the plugin
-into gerrit/plugins directory:
+The fact that plugin contains `BUILD` file doesn't mean that building this
+plugin from the plugin directory works.
+
+Bazel in tree driven means it can only be built from within Gerrit tree. Clone
+or link the plugin into gerrit/plugins directory:
 
 ----
 cd gerrit
-buck build plugins/<plugin-name>:<plugin-name>
+bazel build plugins/<plugin-name>:<plugin-name>
 ----
 
 The output can be normally found in the following directory:
 
 ----
-buck-out/gen/plugins/<plugin-name>/<plugin-name>.jar
+bazel-bin/plugins/<plugin-name>/<plugin-name>.jar
 ----
 
 Some plugins describe their build process in `src/main/resources/Documentation/build.md`
 file. It may worth checking.
 
-== Buck standalone driven
+=== Plugins with external dependencies ===
+
+If the plugin has external dependencies, then they must be included from Gerrit's
+own WORKSPACE file. This can be achieved by including them in `external_plugin_deps.bzl`.
+During the build in Gerrit tree, this file must be copied over the dummy one in
+`plugins` directory.
+
+Example for content of `external_plugin_deps.bzl` file:
+
+----
+load("//tools/bzl:maven_jar.bzl", "maven_jar")
+
+def external_plugin_deps():
+  maven_jar(
+      name = 'org_apache_tika_tika_core',
+      artifact = 'org.apache.tika:tika-core:1.12',
+      sha1 = '5ab95580d22fe1dee79cffbcd98bb509a32da09b',
+  )
+----
+
+=== Bundle custom plugin in release.war ===
+
+To bundle custom plugin(s) in the link:dev-bazel.html#release[release.war] artifact,
+add them to the CUSTOM_PLUGINS list in `tools/bzl/plugins.bzl`.
+
+Example of `tools/bzl/plugins.bzl` with custom plugin `my-plugin`:
+
+----
+CORE_PLUGINS = [
+    "commit-message-length-validator",
+    "download-commands",
+    "hooks",
+    "replication",
+    "reviewnotes",
+    "singleusergroup",
+]
+
+CUSTOM_PLUGINS = [
+    "my-plugin",
+]
+
+CUSTOM_PLUGINS_TEST_DEPS = [
+    # Add custom core plugins with tests deps here
+]
+----
+
+If the plugin(s) being bundled in the release have external dependencies, include them
+in `plugins/external_plugin_deps`. You should alias `external_plugin_deps()` so it
+can be imported for multiple plugins. For example:
+
+----
+load(":my-plugin/external_plugin_deps.bzl", my_plugin="external_plugin_deps")
+load(":my-other-plugin/external_plugin_deps.bzl", my_other_plugin="external_plugin_deps")
+
+def external_plugin_deps():
+  my_plugin()
+  my_other_plugin()
+----
+
+[NOTE]
+Since `tools/bzl/plugins.bzl` and `plugins/external_plugin_deps.bzl` are part of
+Gerrit's source code and the version of the war is based on the state of the git
+repository that is built; you should commit this change before building, otherwise
+the version will be marked as 'dirty'.
+
+== Bazel standalone driven
 
 Only few plugins support that mode for now:
 
 ----
 cd reviewers
-buck build plugin
+bazel build reviewers
 ----
 
 GERRIT
diff --git a/Documentation/dev-contributing.txt b/Documentation/dev-contributing.txt
index 775fe21..41b718e 100644
--- a/Documentation/dev-contributing.txt
+++ b/Documentation/dev-contributing.txt
@@ -97,6 +97,7 @@
 ====
 
 
+[[git_commit_settings]]
 === A sample good Gerrit commit message:
 ====
   Add sample commit message to guidelines doc
@@ -143,30 +144,31 @@
 link:https://gerrit-review.googlesource.com/#/settings/http-password[HTTP
 Password tab of the user settings page].
 
-
+[[style]]
 === Style
 
-The basic coding style is covered by the tools/GoogleFormat.xml
-doc, see the link:dev-eclipse.html#Formatting[Eclipse Setup]
-for that.
+Gerrit generally follows the
+link:https://google.github.io/styleguide/javaguide.html[Google Java Style
+Guide].
 
-Highlighted/additional styling notes:
+To format Java source code, Gerrit uses the
+link:https://github.com/google/google-java-format[`google-java-format`]
+tool (version 1.7), and to format Bazel BUILD, WORKSPACE and .bzl files the
+link:https://github.com/bazelbuild/buildtools/tree/master/buildifier[`buildifier`]
+tool (version 0.29.0).
+These tools automatically apply format according to the style guides; this
+streamlines code review by reducing the need for time-consuming, tedious,
+and contentious discussions about trivial issues like whitespace.
 
-  * It is generally more important to match the style of the nearby
-    code which you are modifying than it is to match the style
-    in the formatting guidelines.  This is especially true within the
-    same file.
-  * Review your change in Gerrit to see if it highlights
-    mistakenly deleted/added spaces on lines, trailing spaces.
-  * Line length should be 80 or less, unless the code reads
-    better with something slightly longer.  Shorter lines not only
-    help reviewers who may use a tablet to review the code, but future
-    contributors may also like to open several editors side by
-    side while editing new changes.
-  * Use 2 spaces for indent (no tabs)
-  * Use braces in all if/else/for/do/while/catch blocks, spaces before/after
-    if/for/while/catch parens.
-  * Use /** */ style Javadocs for variables.
+You may download and run `google-java-format` on your own, or you may
+run `./tools/setup_gjf.sh` to download a local copy and set up a
+wrapper script. If you run your own copy, please use the same version,
+as there may be slight differences between versions.
+
+When considering the style beyond just formatting rules, it is often
+more important to match the style of the nearby code which you are
+modifying than it is to match the style guide exactly. This is
+especially true within the same file.
 
 Additionally, you will notice that most of the newline spacing
 is fairly consistent throughout the code in Gerrit, it helps to
@@ -175,8 +177,6 @@
 
   * Keep a blank line between all class and method declarations.
   * Do not add blank lines at the beginning or end of class/methods.
-  * Put a blank line between external import sources, but not
-    between internal ones.
 
 When to use `final` modifier and when not (in new code):
 
@@ -194,7 +194,7 @@
 
 Never:
 
-  * local variables: it clutters the code, and make the code less
+  * local variables: it clutters the code, and makes the code less
   readable. When copying old code to new location, finals should
   be removed
   * method parameters: similar to local variables
@@ -210,10 +210,10 @@
   * Define any static interfaces next in your class.
   * Define non static interfaces after static interfaces in your
     class.
-  * Next you should define static types, members, and methods, in
-    decreasing order of visibility (public to private).
-  * Finally instance members, then constructors, and then instance
-    methods.
+  * Next you should define static types, static members, and
+    static methods, in decreasing order of visibility (public to private).
+  * Finally instance types, instance members, then constructors,
+    and then instance methods.
   * Some common exceptions are private helper static methods, which
     might appear near the instance methods which they help (but may
     also appear at the top).
@@ -223,10 +223,6 @@
     should be before the instance members.
   * Annotations should go before language keywords (`final`, `private`, etc) +
     Example: `@Assisted @Nullable final type varName`
-  * The `@Inject`-ed constructor arguments should be listed one per line.
-  * Imports should be mostly alphabetical (uppercase sorts before
-    all lowercase, which means classes come before packages at the
-    same level).
   * Prefer to open multiple AutoCloseable resources in the same
     try-with-resources block instead of nesting the try-with-resources
     blocks and increasing the indentation level more than necessary.
@@ -341,32 +337,12 @@
 * Update to the same GWT version in the `gwtjsonrpc` project, and release a
 new version.
 
-=== Updating to new version of CodeMirror
+=== Finding starter projects to work on
 
-* Clone the git from https://github.com/codemirror/CodeMirror
-* Checkout the version needed
-* If the needed version is not a tagged version, use `git describe` to determine
-the version number:
-+
-----
- git describe --tags
-----
-
-* Create the release zip file:
-+
-----
- git archive --format=zip --prefix=codemirror-4.10.0-6-gd0a2dda/ d0a2dda > codemirror-4.10.0-6-gd0a2dda.zip
-----
-
-* Determine the sha1 hash of the zip file:
-+
-----
- openssl sha1 codemirror-4.10.0-6-gd0a2dda.zip
-----
-
-* Upload the zip file to the
-link:https://console.developers.google.com/project/164060093628/storage/gerrit-maven/[
-gerrit-maven] storage bucket
+We have created a
+link:https://bugs.chromium.org/p/gerrit/issues/list?can=2&q=label%3AStarterProject[StarterProject]
+category in the issue tracker and try to assign easy hack projects to it. If in
+doubt, do not hesitate to ask on the developer mailing list.
 
 GERRIT
 ------
diff --git a/Documentation/dev-eclipse.txt b/Documentation/dev-eclipse.txt
index 4fa542d..810a0ba 100644
--- a/Documentation/dev-eclipse.txt
+++ b/Documentation/dev-eclipse.txt
@@ -33,7 +33,7 @@
 In Eclipse, choose 'Import existing project' and select the `gerrit` project
 from the current working directory.
 
-Expand the `gerrit` project, right-click on the `buck-out` folder, select
+Expand the `gerrit` project, right-click on the `eclipse-out` folder, select
 'Properties', and then under 'Attributes' check 'Derived'.
 
 Note that if you make any changes in the project configuration
@@ -45,17 +45,21 @@
 [[Formatting]]
 == Code Formatter Settings
 
-Import `tools/GoogleFormat.xml` using Window -> Preferences ->
-Java -> Code Style -> Formatter -> Import...
-
-This will define the 'Google Format' profile, which the project
-settings prefer when formatting source code.
-
+To format source code, Gerrit uses the
+link:https://github.com/google/google-java-format[`google-java-format`]
+tool (version 1.7), which automatically formats code to follow the
+style guide. See link:dev-contributing.html#style[Code Style] for the
+instruction how to set up command line tool that uses this formatter.
+The Eclipse plugin is provided that allows to format with the same
+formatter from within the Eclipse IDE. See
+link:https://github.com/google/google-java-format#eclipse[Eclipse plugin]
+for details how to install it. It's important to use the same plugin version
+as the `google-java-format` script.
 
 == Site Initialization
 
 Build once on the command line with
-link:dev-buck.html#build[Buck] and then follow
+link:dev-bazel.html#build[Bazel] and then follow
 link:dev-readme.html#init[Site Initialization] in the
 Developer Setup guide to configure a local site for testing.
 
diff --git a/Documentation/dev-intellij.txt b/Documentation/dev-intellij.txt
new file mode 100644
index 0000000..8bedd08
--- /dev/null
+++ b/Documentation/dev-intellij.txt
@@ -0,0 +1,200 @@
+= Gerrit Code Review - IntelliJ Setup
+
+== Prerequisites
+You need an installation of IntelliJ version 2016.2 or later. The latest version
+might not yet be in-sync with the Bazel plugin for IntelliJ. It usually becomes
+so quite quickly after new IDEA versions get released, though. It should then be
+possible to use the fairly latest IntelliJ release with an updated Bazel plugin.
+
+In addition, Java 8 must be specified on your path or via `JAVA_HOME` so that
+building with Bazel via the Bazel plugin is possible.
+
+TIP: If the synchronization of the project with the BUILD files using the Bazel
+plugin fails and IntelliJ reports the error **Could not get Bazel roots**, this
+indicates that the Bazel plugin couldn't find Java 8.
+
+Bazel must be installed as described by
+<<dev-bazel#installation,Building with Bazel - Installation>>.
+
+== Installation of the Bazel plugin
+
+. Go to *File -> Settings -> Plugins*.
+. Click on *Browse Repositories*.
+. Search for the plugin `IntelliJ with Bazel`.
+. Install it.
+. Restart IntelliJ.
+
+== Creation of IntelliJ project
+
+. Go to *File -> Import Bazel Project*.
+. For *Use existing bazel workspace -> Workspace*, select the directory
+containing the Gerrit source code.
+. Choose *Import from workspace* and select the `.bazelproject` file which is
+located in the top directory of the Gerrit source code.
+. Adjust the path of the project data directory and the name of the project if
+desired.
+
+TIP: The project data directory can be separate from the source code. One
+advantage of this is that project files don't need to be excluded from version
+control.
+
+Unfortunately, the created project seems to have a broken output path. To fix
+it, please complete the following steps:
+
+. Go to *File -> Project Structure -> Project Settings -> Modules*.
+. Switch to the tab *Paths*.
+. Click on *Inherit project compile output path*.
+. Click on *Use module compile output path*.
+
+== Recommended settings
+
+=== Code style
+
+==== google-java-format plugin
+Install the `google-java-format` plugin by following these steps:
+
+. Go to *File -> Settings -> Plugins*.
+. Click on *Browse Repositories*.
+. Search for the plugin `google-java-format`.
+. Install it.
+. Restart IntelliJ.
+
+Every time you start IntelliJ, make sure to use *Code -> Reformat with
+google-java-format* on an arbitrary line of code. This replaces the default
+CodeStyleManager with a custom one. Thus, uses of *Reformat Code* either via
+*Code -> Reformat Code*, keyboard shortcuts, or the commit dialog will use the
+custom style defined by the `google-java-format` plugin.
+
+==== Code style settings
+The `google-java-format` plugin is the preferred way to format the code. As it
+only kicks in on demand, it's also recommended to have code style settings
+which help to create properly formatted code as-you-go. Those settings can't
+completely mimic the format enforced by the `google-java-format` plugin but try
+to be as close as possible. So before submitting code, please make sure to run
+*Reformat Code*.
+
+. Download
+https://raw.githubusercontent.com/google/styleguide/gh-pages/intellij-java-google-style.xml[
+intellij-java-google-style.xml].
+. Go to *File -> Settings -> Editor -> Code Style*.
+. Click on *Manage*.
+. Click on *Import*.
+. Choose `IntelliJ IDEA Code Style XML`.
+. Select the previously downloaded file `intellij-java-google-style.xml`.
+. Make sure that `Google Style` is chosen as *Scheme*.
+
+In addition, the EditorConfig settings (which ensure a consistent style between
+Eclipse, IntelliJ, and other editors) should be applied on top of that. Those
+settings are in the file `.editorconfig` of the Gerrit source code. IntelliJ
+will automatically pick up those settings if the EditorConfig plugin is enabled
+and configured correctly as can be verified by:
+
+. Go to *File -> Settings -> Plugins*.
+. Ensure that the EditorConfig plugin is enabled.
+. Go to *File -> Settings -> Editor -> Code Style*.
+. Ensure that *Enable EditorConfig support* is checked.
+
+NOTE: If IntelliJ notifies you later on that the EditorConfig settings override
+the code style settings, simply confirm that.
+
+=== Copyright
+Copy the folder `$(gerrit_source_code)/tools/intellij/copyright` (not just the
+contents) to `$(project_data_directory)/.idea`. If it already exists, replace
+it.
+
+=== File header
+By default, IntelliJ adds a file header containing the name of the author and
+the current date to new files. To disable that, follow these steps:
+
+. Go to *File -> Settings -> Editor -> File and Code Templates*.
+. Select the tab *Includes*.
+. Select *File Header*.
+. Remove the template code in the right editor.
+
+=== Commit message
+To simplify the creation of commit messages which are compliant with the
+<<dev-contributing#commit-message,Commit Message>> format, do the following:
+
+. Go to *File -> Settings -> Version Control*.
+. Check *Commit message right margin (columns)*.
+. Make sure that 72 is specified as value.
+. Check *Wrap when typing reaches right margin*.
+
+In addition, you should follow the instructions of
+<<dev-contributing#git_commit_settings,this section>> (if you haven't
+done so already):
+
+* Install the Git hook for the `Change-Id` line.
+* Set up the HTTP access.
+
+Setting up the HTTP access will allow you to commit changes via IntelliJ without
+specifying your credentials. The Git hook won't be noticeable during a commit
+as it's executed after the commit dialog of IntelliJ was closed.
+
+== Run configurations
+Run configurations can be accessed on the toolbar. To edit them or add new ones,
+choose *Edit Configurations* on the drop-down list of the run configurations
+or go to *Run -> Edit Configurations*.
+
+=== Pre-configured run configurations
+
+In order to be able to use the pre-configured run configurations, the following
+steps are necessary:
+
+. Make sure that the folder `runConfigurations` exists within
+`$(project_data_directory)/.idea`. If it doesn't exist, create it.
+. Specify the IntelliJ path variable `GERRIT_TESTSITE`. (This configuration is
+shared among all IntelliJ projects.)
+.. Go to *Settings -> Appearance & Behavior -> Path Variables*.
+.. Click on the *+* to add a new path variable.
+.. Specify `GERRIT_TESTSITE` as name and the path to your local test site as
+value.
+
+The copied run configurations will be added automatically to the available run
+configurations of the IntelliJ project.
+
+==== Gerrit Daemon
+WARNING: At the moment running this configuration results in a
+`java.io.FileNotFoundException`. To debug a local Gerrit server with IntelliJ,
+use the instructions of <<dev-readme#run_daemon,Running the Daemon>> in
+combination with <<remote-debug,Debugging a remote Gerrit server>>.
+
+Copy `$(gerrit_source_code)/tools/intellij/gerrit_daemon.xml` to
+`$(project_data_directory)/.idea/runConfigurations/`.
+
+This run configuration starts the Gerrit daemon similarly as
+<<dev-readme#run_daemon,Running the Daemon>>.
+
+NOTE: The <<dev-readme#init,Site Initialization>> has to be completed
+before this run configuration works properly.
+
+=== Unit tests
+To create run configurations for unit tests, run or debug them via a right-click
+on a method, class, file, or package. The created run configuration is a
+temporary one and can be saved to make it permanent.
+
+Normally, this approach generates JUnit run configurations. When the Bazel
+plugin manages a project, it intercepts the creation and creates a Bazel test
+run configuration instead, which can be used just like the standard ones.
+
+TIP: If you would like to execute a test in NoteDb mode, add
+`--test_env=GERRIT_NOTEDB=READ_WRITE` to the *Bazel flags* of your run
+configuration.
+
+[[remote-debug]]
+=== Debugging a remote Gerrit server
+If a remote Gerrit server is running and has opened a debug port, you can attach
+IntelliJ via a `Remote debug configuration`.
+
+. Go to *Run -> Edit Configurations*.
+. Click on the *+* to add a new configuration.
+. Choose *Remote*.
+. Adjust *Configuration -> Settings -> Host* and *Port*.
+. Start this configuration in `Debug` mode.
+
+GERRIT
+------
+Part of link:index.html[Gerrit Code Review]
+
+SEARCHBOX
+---------
diff --git a/Documentation/dev-note-db.txt b/Documentation/dev-note-db.txt
new file mode 100644
index 0000000..dd3b316
--- /dev/null
+++ b/Documentation/dev-note-db.txt
@@ -0,0 +1,137 @@
+= Gerrit Code Review - NoteDb Backend
+
+NoteDb is the next generation of Gerrit storage backend, which replaces the
+traditional SQL backend for change and account metadata with storing data in the
+same repository as code changes.
+
+.Advantages
+- *Simplicity*: All data is stored in one location in the site directory, rather
+  than being split between the site directory and a possibly external database
+  server.
+- *Consistency*: Replication and backups can use a snapshot of the Git
+  repository refs, which will include both the branch and patch set refs, and
+  the change metadata that points to them.
+- *Auditability*: Rather than storing mutable rows in a database, modifications
+  to changes are stored as a sequence of Git commits, automatically preserving
+  history of the metadata. +
+  There are no strict guarantees, and meta refs may be rewritten, but the
+  default assumption is that all operations are logged.
+- *Extensibility*: Plugin developers can add new fields to metadata without the
+  core database schema having to know about them.
+- *New features*: Enables simple federation between Gerrit servers, as well as
+  offline code review and interoperation with other tools.
+
+== Current Status
+
+- Storing change metadata is fully implemented in master, and is live on the
+  servers behind `googlesource.com`. In other words, if you use
+  link:https://gerrit-review.googlesource.com/[gerrit-review], you're already
+  using NoteDb. +
+- Storing some account data, e.g. user preferences, is implemented in releases
+  back to 2.13.
+- Storing the rest of account data is a work in progress.
+- Storing group data is a work in progress.
+
+To match the current configuration of `googlesource.com`, paste the following
+config snippet in your `gerrit.config`:
+
+----
+[noteDb "changes"]
+  write = true
+  read = true
+  primaryStorage = NOTE_DB
+  disableReviewDb = true
+----
+
+
+For an example NoteDb change, poke around at this one:
+----
+  git fetch https://gerrit.googlesource.com/gerrit refs/changes/70/98070/meta \
+      && git log -p FETCH_HEAD
+----
+
+== Configuration
+
+Account and group data is migrated to NoteDb automatically using the normal
+schema upgrade process during updates. The remainder of this section details the
+configuration options that control migration of the change data, which is mostly
+but not fully implemented.
+
+Change migration state is configured in `gerrit.config` with options like
+`noteDb.changes.*`. These options are undocumented outside of this file, and the
+general approach has been to add one new option for each phase of the migration.
+Assume that each config option in the following list requires all of the
+previous options, unless otherwise noted.
+
+- `noteDb.changes.write=true`: During a ReviewDb write, the state of the change
+  in NoteDb is written to the `note_db_state` field in the `Change` entity.
+  After the ReviewDb write, this state is written into NoteDb, resulting in
+  effectively double the time for write operations. NoteDb write errors are
+  dropped on the floor, and no attempt is made to read from ReviewDb or correct
+  errors (without additional configuration, below). +
+  This state allows for a rolling update in a multi-master setting, where some
+  servers can start reading from NoteDb, but older servers are still reading
+  only from ReviewDb.
+- `noteDb.changes.read=true`: Change data is written
+  to and read from NoteDb, but ReviewDb is still the source of truth. During
+  reads, first read the change from ReviewDb, and compare its `note_db_state`
+  with what is in NoteDb. If it doesn't match, immediately "auto-rebuild" the
+  change, copying data from ReviewDb to NoteDb and returning the result.
+- `noteDb.changes.primaryStorage=NOTE_DB`: New changes are written only to
+  NoteDb, but changes whose primary storage is ReviewDb are still supported.
+  Continues to read from ReviewDb first as in the previous stage, but if the
+  change is not in ReviewDb, falls back to reading from NoteDb. +
+  Migration of existing changes is described in the link:#migration[Migration]
+  section below. +
+  Due to an implementation detail, writes to Changes or related tables still
+  result in write calls to the database layer, but they are inside a transaction
+  that is always rolled back.
+- `noteDb.changes.disableReviewDb=true`: All access to Changes or related tables
+  is disabled; reads return no results, and writes are no-ops. Assumes the state
+  of all changes in NoteDb is accurate, and so is only safe once all changes are
+  NoteDb primary. Otherwise, reading changes only from NoteDb might result in
+  inaccurate results, and writing to NoteDb would compound the problem. +
+  Thus it is up to an admin of a previously-ReviewDb site to ensure
+  MigratePrimaryStorage has been run for all changes. Note that the current
+  implementation of the `rebuild-note-db` program does not do this. +
+  In this phase, it would be possible to delete the Changes tables out from
+  under a running server with no effect.
+
+[[migration]]
+== Migration
+
+Once configuration options are set, migration to NoteDb is primarily
+accomplished by running the `rebuild-note-db` program. Currently, this program
+bulk copies ReviewDb data into NoteDb, but leaves primary storage of these
+changes in ReviewDb, so the site is runnable with
+`noteDb.changes.{write,read}=true`, but ReviewDb is still required.
+
+Eventually, `rebuild-note-db` will set primary storage to NoteDb for all
+changes by default, so a site will be able to stop using ReviewDb for changes
+immediately after a successful run.
+
+There is code in `PrimaryStorageMigrator.java` to migrate individual changes
+from NoteDb primary to ReviewDb primary. This code is not intended to be used
+except in the event of a critical bug in NoteDb primary changes in production.
+It will likely never be used by `rebuild-note-db`, and in fact it's not
+recommended to run `rebuild-note-db` until the code is stable enough that the
+reverse migration won't be necessary.
+
+=== Zero-Downtime Multi-Master Migration
+
+Single-master Gerrit sites can use `rebuild-note-db` on an offline site to
+rebuild NoteDb, but this doesn't work in a zero-downtime environment like
+googlesource.com.
+
+Here, the migration process looks like:
+
+- Turn on `noteDb.changes.write=true` to start writing to NoteDb.
+- Run a parallel link:https://research.google.com/pubs/pub35650.html[FlumeJava]
+  pipeline to write NoteDb data for all changes, and update all `note_db_state`
+  fields. (Sorry, this implementation is entirely closed-source.)
+- Turn on `noteDb.changes.read=true` to start reading from NoteDb.
+- Turn on `noteDb.changes.primaryStorage=NOTE_DB` to start writing new changes
+  to NoteDb only.
+- Run a Flume to migrate all existing changes to NoteDb primary. (Also
+  closed-source, but basically just a wrapper around `PrimaryStorageMigrator`.)
+- Turn off access to ReviewDb changes tables.
diff --git a/Documentation/dev-plugins.txt b/Documentation/dev-plugins.txt
index 4d636cbb..3092909 100644
--- a/Documentation/dev-plugins.txt
+++ b/Documentation/dev-plugins.txt
@@ -25,43 +25,19 @@
 [[getting-started]]
 == Getting started
 
-To get started with the development of a plugin there are two
-recommended ways:
+To get started with the development of a plugin clone the sample
+plugin:
 
-. use the Gerrit Plugin Maven archetype to create a new plugin project:
-+
-With the Gerrit Plugin Maven archetype you can create a skeleton for a
-plugin project.
-+
-----
-mvn archetype:generate -DarchetypeGroupId=com.google.gerrit \
-    -DarchetypeArtifactId=gerrit-plugin-archetype \
-    -DarchetypeVersion=2.13.14 \
-    -DgroupId=com.googlesource.gerrit.plugins.testplugin \
-    -DartifactId=testplugin
-----
-+
-Maven will ask for additional properties and then create the plugin in
-the current directory. To change the default property values answer 'n'
-when Maven asks to confirm the properties configuration. It will then
-ask again for all properties including those with predefined default
-values.
-
-. clone the sample plugin:
-+
-This is a project that demonstrates the various features of the
-plugin API. It can be taken as an example to develop an own plugin.
-+
 ----
 $ git clone https://gerrit.googlesource.com/plugins/cookbook-plugin
 ----
-+
+
+This is a project that demonstrates the various features of the
+plugin API. It can be taken as an example to develop an own plugin.
+
 When starting from this example one should take care to adapt the
-`Gerrit-ApiVersion` in the `pom.xml` to the version of Gerrit for which
-the plugin is developed. If the plugin is developed for a released
-Gerrit version (no `SNAPSHOT` version) then the URL for the
-`gerrit-api-repository` in the `pom.xml` needs to be changed to
-`https://gerrit-api.storage.googleapis.com/release/`.
+`Gerrit-ApiVersion` in the `BUILD` to the version of Gerrit for which
+the plugin is developed.
 
 [[API]]
 == API
@@ -156,7 +132,7 @@
 </manifestEntries>
 ----
 
-For Buck driven plugins, the following line must be included in the BUCK
+For Bazel driven plugins, the following line must be included in the BUILD
 configuration file:
 
 [source,python]
@@ -422,6 +398,18 @@
 +
 Update of the account secondary index
 
+* `com.google.gerrit.server.extensions.events.GroupIndexedListener`:
++
+Update of the group secondary index
+
+* `com.google.gerrit.httpd.WebLoginListener`:
++
+User login or logout interactively on the Web user interface.
+
+The event listener is under the Gerrit http package to automatically
+inherit the javax.servlet.http dependencies and allowing to influence
+the login or logout flow with additional redirections.
+
 [[stream-events]]
 == Sending Events to the Events Stream
 
@@ -478,6 +466,14 @@
 Certain operations in Gerrit can be validated by plugins by
 implementing the corresponding link:config-validation.html[listeners].
 
+[[change-message-modifier]]
+== Change Message Modifier
+
+`com.google.gerrit.server.git.ChangeMessageModifier`:
+plugins implementing this can modify commit message of the change being
+submitted by Rebase Always and Cherry Pick submit strategies as well as
+change being queried with COMMIT_FOOTERS option.
+
 [[receive-pack]]
 == Receive Pack Initializers
 
@@ -639,7 +635,7 @@
 ----
 
 [[search_operators]]
-=== Search Operators ===
+== Search Operators
 
 Plugins can define new search operators to extend change searching by
 implementing the `ChangeQueryBuilder.ChangeOperatorFactory` interface
@@ -680,6 +676,43 @@
 }
 ----
 
+[[search_operands]]
+=== Search Operands ===
+
+Plugins can define new search operands to extend change searching.
+Plugin methods implementing search operands (returning a
+`Predicate<ChangeData>`), must be defined on a class implementing
+one of the `ChangeQueryBuilder.ChangeOperandsFactory` interfaces
+(.e.g., ChangeQueryBuilder.ChangeHasOperandFactory).  The specific
+`ChangeOperandFactory` class must also be bound to the `DynamicSet` from
+a module's `configure()` method in the plugin.
+
+The new operand, when used in a search would appear as:
+  operatorName:operandName_pluginName
+
+A sample `ChangeHasOperandFactory` class implementing, and registering, a
+new `has:sample_pluginName` operand is shown below:
+
+====
+  @Singleton
+  public class SampleHasOperand implements ChangeHasOperandFactory {
+    public static class Module extends AbstractModule {
+      @Override
+      protected void configure() {
+        bind(ChangeHasOperandFactory.class)
+            .annotatedWith(Exports.named("sample")
+            .to(SampleHasOperand.class);
+      }
+    }
+
+    @Override
+    public Predicate<ChangeData> create(ChangeQueryBuilder builder)
+        throws QueryParseException {
+      return new HasSamplePredicate();
+    }
+====
+
+
 [[simple-configuration]]
 == Simple Configuration in `gerrit.config`
 
@@ -879,12 +912,15 @@
 
 Plugins can refer to groups so that when they are renamed, the project
 config will also be updated in this section. The proper format to use is
-the string representation of a GroupReference, as shown below.
+the same as for any other group reference in the `project.config`, as shown below.
 
 ----
-Group[group_name / group_uuid]
+group group_name
 ----
 
+The file `groups` must also contains the mapping of the group name and its UUID,
+refer to link:config-project-config.html#file-groups[file groups]
+
 [[project-specific-configuration]]
 == Project Specific Configuration in own config file
 
@@ -1116,6 +1152,10 @@
 +
 Panel will be shown below the related info block.
 
+** `GerritUiExtensionPoint.CHANGE_SCREEN_HISTORY_RIGHT_OF_BUTTONS`:
++
+Panel will be shown in the history bar on the right side of the buttons.
+
 ** The following parameters are provided:
 *** `GerritUiExtensionPoint.Key.CHANGE_INFO`:
 +
@@ -1280,7 +1320,7 @@
       db, project.getNameKey(), user, TimeUtil.nowTs())) {
     bu.addOp(change.getId(), new BatchUpdate.Op() {
       @Override
-      public boolean updateChange(BatchUpdate.ChangeContext ctx) {
+      public boolean updateChange(ChangeContext ctx) {
         return true;
       }
     });
@@ -1318,7 +1358,7 @@
 </manifestEntries>
 ----
 
-or in the `BUCK` configuration file for Buck driven plugins:
+or in the `BUILD` configuration file for Bazel driven plugins:
 
 [source,python]
 ----
@@ -1364,7 +1404,7 @@
 
 [source,java]
 ----
-public class HttpModule extends HttpPluginModule {
+public class HttpModule extends ServletModule {
   @Override
   protected void configureServlets() {
     DynamicSet.bind(binder(), WebUiPlugin.class)
@@ -1383,7 +1423,7 @@
 </manifestEntries>
 ----
 
-or in the `BUCK` configuration file for Buck driven plugins
+or in the `BUILD` configuration file for Bazel driven plugins
 
 [source,python]
 ----
@@ -1414,7 +1454,7 @@
 ----
   curl -X POST -H "Content-Type: application/json" \
     -d '{message: "François", french: true}' \
-    --digest --user joe:secret \
+    --user joe:secret \
     http://host:port/a/changes/1/revisions/1/cookbook~say-hello
   "Bonjour François from change 1, patch set 1!"
 ----
@@ -1454,6 +1494,52 @@
 });
 ----
 
+
+[[action-visitor]]
+=== Action Visitors
+
+In addition to providing new actions, plugins can have fine-grained control
+over the link:rest-api-changes.html#action-info[ActionInfo] map, modifying or
+removing existing actions, including those contributed by core.
+
+Visitors are provided the link:rest-api-changes.html#action-info[ActionInfo],
+which is mutable, along with copies of the
+link:rest-api-changes.html#change-info[ChangeInfo] and
+link:rest-api-changes.html#revision-info[RevisionInfo]. They can modify the
+action, or return `false` to exclude it from the resulting map.
+
+These operations only affect the action buttons that are displayed in the UI;
+the underlying REST API endpoints are not affected. Multiple plugins may
+implement the visitor interface, but the order in which they are run is
+undefined.
+
+For example, to exclude "Cherry-Pick" only from certain projects, and rename
+"Abandon":
+
+[source,java]
+----
+public class MyActionVisitor implements ActionVisitor {
+  @Override
+  public boolean visit(String name, ActionInfo actionInfo,
+      ChangeInfo changeInfo) {
+    if (name.equals("abandon")) {
+      actionInfo.label = "Drop";
+    }
+    return true;
+  }
+
+  @Override
+  public boolean visit(String name, ActionInfo actionInfo,
+      ChangeInfo changeInfo, RevisionInfo revisionInfo) {
+    if (project.startsWith("some-team/") && name.equals("cherrypick")) {
+      return false;
+    }
+    return true;
+  }
+}
+----
+
+
 [[top-menu-extensions]]
 == Top Menu Extensions
 
@@ -1591,30 +1677,11 @@
 }
 ----
 
+
 [[gwt_ui_extension]]
 == GWT UI Extension
 Plugins can extend the Gerrit UI with own GWT code.
 
-The Maven archetype 'gerrit-plugin-gwt-archetype' can be used to
-generate a GWT plugin skeleton. How to use the Maven plugin archetypes
-is described in the link:#getting-started[Getting started] section.
-
-The generated GWT plugin has a link:#top-menu-extensions[top menu] that
-opens a GWT dialog box when the user clicks on it.
-
-In addition to the Gerrit-Plugin API a GWT plugin depends on
-`gerrit-plugin-gwtui`. This dependency must be specified in the
-`pom.xml`:
-
-[source,xml]
-----
-<dependency>
-  <groupId>com.google.gerrit</groupId>
-  <artifactId>gerrit-plugin-gwtui</artifactId>
-  <version>${Gerrit-ApiVersion}</version>
-</dependency>
-----
-
 A GWT plugin must contain a GWT module file, e.g. `HelloPlugin.gwt.xml`,
 that bundles together all the configuration settings of the GWT plugin:
 
@@ -1658,7 +1725,7 @@
 
 [source,java]
 ----
-public class HttpModule extends HttpPluginModule {
+public class HttpModule extends ServletModule {
 
   @Override
   protected void configureServlets() {
@@ -2078,6 +2145,16 @@
 e.g. a plugin can provide a list of servers on which the change was
 deployed.
 
+[[change-report-formatting]]
+== Change Report Formatting
+
+When a change is pushed for review from the command line, Gerrit reports
+the change(s) received with their URL and subject.
+
+By implementing the
+`com.google.gerrit.server.git.ChangeReportFormatter` interface, a plugin
+may change the formatting of the report.
+
 [[links-to-external-tools]]
 == Links To External Tools
 
@@ -2129,6 +2206,8 @@
 
 FileHistoryWebLinks will appear on the access rights screen.
 
+TagWebLinks will appear in the tag list in the last column.
+
 [[lfs-extension]]
 == LFS Storage Plugins
 
@@ -2166,9 +2245,9 @@
 /** Register the LfsApiServlet to listen on the default LFS protocol endpoint */
 import static com.google.gerrit.httpd.plugins.LfsPluginServlet.URL_REGEX;
 
-import com.google.gerrit.httpd.plugins.HttpPluginModule;
+import com.google.inject.servlet.ServletModule;
 
-public class HttpModule extends HttpPluginModule {
+public class HttpModule extends ServletModule {
 
   @Override
   protected void configureServlets() {
@@ -2265,6 +2344,7 @@
 }
 ----
 
+
 [[documentation]]
 == Documentation
 
@@ -2394,18 +2474,18 @@
 shows the error dialog. This means currently plugins cannot do any
 error handling and e.g. ignore expected errors.
 
-In the following example the REST endpoint would return '404 Not Found'
-if there is no HTTP password and the Gerrit core UI would display an
-error dialog for this. However having no HTTP password is not an error
-and the plugin may like to handle this case.
+In the following example the REST endpoint would return '404 Not
+Found' if the user has no username and the Gerrit core UI would
+display an error dialog for this. However having no username is
+not an error and the plugin may like to handle this case.
 
 [source,java]
 ----
-new RestApi("accounts").id("self").view("password.http")
+new RestApi("accounts").id("self").view("username")
     .get(new AsyncCallback<NativeString>() {
 
   @Override
-  public void onSuccess(NativeString httpPassword) {
+  public void onSuccess(NativeString username) {
     // TODO
   }
 
@@ -2417,6 +2497,89 @@
 ----
 
 
+[[reviewer-suggestion]]
+== Reviewer Suggestion Plugins
+
+Gerrit provides an extension point that enables Plugins to rank
+the list of reviewer suggestion a user receives upon clicking "Add Reviewer" on
+the change screen.
+
+Gerrit supports both a default suggestion that appears when the user has not yet
+typed anything and a filtered suggestion that is shown as the user starts
+typing.
+
+Plugins receive a candidate list and can return a `Set` of suggested reviewers
+containing the `Account.Id` and a score for each reviewer. The candidate list is
+non-binding and plugins can choose to return reviewers not initially contained in
+the candidate list.
+
+Server administrators can configure the overall weight of each plugin by setting
+the `addreviewer.pluginName-exportName.weight` value in `gerrit.config`.
+
+[source, java]
+----
+import com.google.gerrit.common.Nullable;
+import com.google.gerrit.extensions.annotations.ExtensionPoint;
+import com.google.gerrit.reviewdb.client.Account;
+import com.google.gerrit.reviewdb.client.Change;
+import com.google.gerrit.reviewdb.client.Project;
+
+import java.util.Set;
+
+public class MyPlugin implements ReviewerSuggestion {
+  public Set<SuggestedReviewer> suggestReviewers(Project.NameKey project,
+      @Nullable Change.Id changeId, @Nullable String query,
+      Set<Account.Id> candidates) {
+    Set<SuggestedReviewer> suggestions = new HashSet<>();
+    // Implement your ranking logic here
+    return suggestions;
+  }
+}
+----
+
+
+[[mail-filter]]
+== Mail Filter Plugins
+
+Gerrit provides an extension point that enables Plugins to discard incoming
+messages and prevent further processing by Gerrit.
+
+This can be used to implement spam checks, signature validations or organization
+specific checks like IP filters.
+
+[source, java]
+----
+import com.google.gerrit.extensions.annotations.ExtensionPoint;
+import com.google.gerrit.server.mail.receive.MailMessage;
+
+public class MyPlugin implements MailFilter {
+  boolean shouldProcessMessage(MailMessage message) {
+    // Implement your filter logic here
+    return true;
+  }
+}
+----
+
+[[ssh-command-interception]]
+== SSH Command Interception
+
+Gerrit provides an extension point that allows a plugin to intercept
+creation of SSH commands and override the functionality with its own
+implementation.
+
+[source, java]
+----
+import com.google.gerrit.sshd.SshCreateCommandInterceptor;
+
+class MyCommandInterceptor implements SshCreateCommandInterceptor {
+  @Override
+  public String intercept(String in) {
+    return pluginName + " mycommand";
+  }
+}
+----
+
+
 == SEE ALSO
 
 * link:js-api.html[JavaScript API]
diff --git a/Documentation/dev-readme.txt b/Documentation/dev-readme.txt
index 4a5c0bd..5c24731 100644
--- a/Documentation/dev-readme.txt
+++ b/Documentation/dev-readme.txt
@@ -1,6 +1,6 @@
 = Gerrit Code Review - Developer Setup
 
-Facebook Buck is needed to compile the code, and an SQL database to
+Google Bazel is needed to compile the code, and an SQL database to
 house the review metadata.  H2 is recommended for development
 databases, as it requires no external server process.
 
@@ -18,12 +18,10 @@
 the core plugins, which are included as git submodules, are also
 cloned.
 
-
+[[compile_project]]
 == Compiling
 
-For details on how to build the source code with Buck, refer to:
-link:dev-buck.html#build[Building on the command line with Buck].
-
+Please refer to <<dev-bazel#,Building with Bazel>>.
 
 == Switching between branches
 
@@ -40,33 +38,24 @@
   git clean -fdx
 ----
 
+CAUTION: If you decide to store your Eclipse/IntelliJ project files in the
+Gerrit source directories, executing `git clean -fdx` will remove them and hence
+screw up your project.
+
 
 == Configuring Eclipse
 
 To use the Eclipse IDE for development, please see
 link:dev-eclipse.html[Eclipse Setup].
 
-For details on how to configure the Eclipse workspace with Buck,
-refer to: link:dev-buck.html#eclipse[Eclipse integration with Buck].
+For details on how to configure the Eclipse workspace with Bazel,
+refer to: link:dev-bazel.html#eclipse[Eclipse integration with Bazel].
 
 
 == Configuring IntelliJ IDEA
 
-To use IntelliJ IDEA for development, the easiest way is to follow
-Eclipse integration and then open it as Eclipse project in IDEA.
-You need the Eclipse plugin activated in IntelliJ IDEA.
-
-Once you start compiling using both buck and your Gerrit project in
-IDEA, you will likely need to mark the below directories as generated
-sources roots. You can do so using the IDEA "Project" view. In the
-context menu of each one of these, use "Mark Directory As" to mark
-them as "Generated Sources Root":
-
-----
-  __auto_value_tests_gen__
-  __httpd_gen__
-  __server_gen__
-----
+Please refer to <<dev-intellij#,IntelliJ Setup>> for detailed
+instructions.
 
 == Mac OS X
 
@@ -83,29 +72,62 @@
 [[init]]
 == Site Initialization
 
-After compiling (above), run Gerrit's 'init' command to create a
-testing site for development use:
+After compiling <<compile_project,(above)>>, run Gerrit's 'init' command to
+create a testing site for development use:
 
 ----
-  java -jar buck-out/gen/gerrit/gerrit.war init -d ../gerrit_testsite
+  $(bazel info output_base)/external/local_jdk/bin/java \
+     -jar bazel-bin/gerrit.war init -d ../gerrit_testsite
 ----
 
-Accept defaults by pressing Enter until 'init' completes, or add
-the '--batch' command line option to avoid them entirely.  It is
-recommended to change the listen addresses from '*' to 'localhost' to
-prevent outside connections from contacting the development instance.
+[[special_bazel_java_version]]
+NOTE: You must use the same Java version that Bazel used for the build.
+This Java version is available at
+`$(bazel info output_base)/external/local_jdk/bin/java`.
 
-The daemon will automatically start in the background and a web
-browser will launch to the start page, enabling login via OpenID.
+During initialization, make two changes to the default settings:
 
-Shutdown the daemon after registering the administrator account
-through the web interface:
+* Change the listen addresses from '*' to 'localhost' to prevent outside
+  connections from contacting the development instance; and
+* Change the auth type from 'OPENID' to 'DEVELOPMENT_BECOME_ANY_ACCOUNT' to
+  allow yourself to create and act as arbitrary test accounts on your
+  development instance.
+
+Continue through init until it completes. The daemon will automatically start in
+the background and a web browser will launch to the start page. From here you
+can sign in as the account created during init, register additional accounts,
+create projects, and more.
+
+When you want to shut down the daemon, simply run:
 
 ----
   ../gerrit_testsite/bin/gerrit.sh stop
 ----
 
 
+[[localdev]]
+== Working with the Local Server
+
+If you need to create additional accounts on your development instance, click
+'become' in the upper right corner, select 'Switch User', and then register
+a new account.
+
+Use the `ssh` protocol to clone from and push to the local server. For
+example, to clone a repository that you've created through the admin
+interface, run:
+
+----
+git clone ssh://username@localhost:29418/projectname
+----
+
+Then you'll be able to create changes the same way users do, with
+
+----
+git push origin HEAD:refs/for/master
+----
+
+
+
 == Testing
 
 
@@ -119,20 +141,35 @@
 started on that site. When the test has finished the Gerrit daemon is
 shutdown.
 
-For instructions on running the integration tests with Buck,
-please refer to:
-link:dev-buck.html#tests[Running integration tests with Buck].
+For instructions on running the integration tests with Bazel,
+please refer to:  <<dev-bazel#tests,Running Unit Tests with Bazel>>.
 
-
+[[run_daemon]]
 === Running the Daemon
 
 The daemon can be directly launched from the build area, without
 copying to the test site:
 
 ----
-  java -jar buck-out/gen/gerrit/gerrit.war daemon -d ../gerrit_testsite
+  $(bazel info output_base)/external/local_jdk/bin/java \
+     -jar bazel-bin/gerrit.war daemon -d ../gerrit_testsite \
+     --console-log
 ----
 
+NOTE: Please refer to <<special_bazel_java_version,this explanation>>
+for details why using `java -jar` isn't sufficient.
+
+If you want to debug the Gerrit server of this test site, you can open a debug
+port (for example port 5005) by inserting
+
+----
+-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005
+----
+
+directly after `-jar` of the previous command. Please refer to
+<<dev-intellij#remote-debug,Debugging a remote Gerrit server>> for instructions
+of how to attach IntelliJ.
+
 === Running the Daemon with Gerrit Inspector
 
 link:dev-inspector.html[Gerrit Inspector] is an interactive scriptable
@@ -149,9 +186,13 @@
 command used to launch the daemon:
 
 ----
-  java -jar buck-out/gen/gerrit/gerrit.war daemon -d ../gerrit_testsite -s
+  $(bazel info output_base)/external/local_jdk/bin/java \
+     -jar bazel-bin/gerrit.war daemon -d ../gerrit_testsite -s
 ----
 
+NOTE: Please refer to <<special_bazel_java_version,this explanation>>
+for details why using `java -jar` isn't sufficient.
+
 Gerrit Inspector examines Java libraries first, then loads
 its initialization scripts and then starts a command line
 prompt on the console:
@@ -176,9 +217,13 @@
 command line.  If the daemon is not currently running:
 
 ----
-  java -jar buck-out/gen/gerrit/gerrit.war gsql -d ../gerrit_testsite
+  $(bazel info output_base)/external/local_jdk/bin/java \
+     -jar bazel-bin/gerrit.war gsql -d ../gerrit_testsite -s
 ----
 
+NOTE: Please refer to <<special_bazel_java_version,this explanation>>
+for details why using `java -jar` isn't sufficient.
+
 Or, if it is running and the database is in use, connect over SSH
 using an administrator user account:
 
diff --git a/Documentation/dev-release-deploy-config.txt b/Documentation/dev-release-deploy-config.txt
index 921244f..d43c863 100644
--- a/Documentation/dev-release-deploy-config.txt
+++ b/Documentation/dev-release-deploy-config.txt
@@ -89,17 +89,15 @@
 
 To upload artifacts to a bucket the user must authenticate with a
 username and password. The username and password need to be retrieved
-from the link:https://console.developers.google.com/project/164060093628[
-Google Developers Console]:
+from the link:https://console.cloud.google.com/storage/settings?project=api-project-164060093628[
+Storage Setting in the Google Cloud Platform Console]:
 
-* In the menu on the left select `Storage` -> `Cloud Storage` >
-> `Storage access`
-* Select the `Interoperability` tab
-* If no keys are listed under `Interoperable storage access keys`, select "Create a new key"
-* Use the `Access Key` as username, and `Secret` as the password
+Select the `Interoperability` tab, and if no keys are listed under
+`Interoperable storage access keys`, select 'Create a new key'.
 
-To make the username and password known to Maven, they must be
-configured in the `~/.m2/settings.xml` file.
+Using `Access Key` as username and `Secret` as the password, add the
+configuration in the `~/.m2/settings.xml` file to make the credentials
+known to Maven:
 
 ----
   <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
@@ -143,10 +141,9 @@
 ----
 
 [NOTE]
-In case of JGit the `pom.xml` already contains a distributionManagement
-section.  Replace the existing distributionManagement section with this snippet
-in order to deploy the artifacts only in the gerrit-maven repository.
-
+In case of JGit the `pom.xml` already contains a `distributionManagement`
+section.  To deploy the artifacts to the `gerrit-maven` repository, replace
+the existing `distributionManagement` section with this snippet.
 
 * Add these two snippets to the `pom.xml` to enable the wagon provider:
 
diff --git a/Documentation/dev-release-jgit.txt b/Documentation/dev-release-jgit.txt
index f6d4d68..1a8b501 100644
--- a/Documentation/dev-release-jgit.txt
+++ b/Documentation/dev-release-jgit.txt
@@ -1,33 +1,44 @@
-= Making a Release of JGit
+= Making a Snapshot Release of JGit
 
 This step is only necessary if we need to create an unofficial JGit
 snapshot release and publish it to the
 link:https://developers.google.com/storage/[Google Cloud Storage].
 
+[[prepare-environment]]
+== Prepare the Maven Environment
+
+First, make sure you have done the necessary
+link:dev-release-deploy-config.html#deploy-configuration-settings-xml[
+configuration in Maven `settings.xml`].
+
+To apply the necessary settings in JGit's `pom.xml`, follow the instructions
+in link:dev-release-deploy-config.html#deploy-configuration-subprojects[
+Configuration for Subprojects in `pom.xml`], or apply the provided diff by
+executing the following command in the JGit workspace:
+
+----
+  git apply /path/to/gerrit/tools/jgit-snapshot-deploy-pom.diff
+----
 
 [[prepare-release]]
 == Prepare the Release
 
-Since JGit has its own release process we do not push any release tags
-for JGit. Instead we will use the output of the `git describe` as the
-version of the current JGit snapshot.
+Since JGit has its own release process we do not push any release tags. Instead
+we will use the output of `git describe` as the version of the current JGit
+snapshot.
+
+In the JGit workspace, execute the following command:
 
 ----
   ./tools/version.sh --release $(git describe)
 ----
 
-
 [[publish-release]]
 == Publish the Release
 
-* Make sure you have done the configuration needed for deployment:
-** link:dev-release-deploy-config.html#deploy-configuration-settings-xml[
-Configuration in Maven `settings.xml`]
-** link:dev-release-deploy-config.html#deploy-configuration-subprojects[
-Configuration for Subprojects in `pom.xml`]
+To deploy the new snapshot, execute the following command in the JGit
+workspace:
 
-* Deploy the new snapshot. From JGit workspace execute:
-+
 ----
   mvn deploy
 ----
diff --git a/Documentation/dev-release.txt b/Documentation/dev-release.txt
index 96695db..2a857b2 100644
--- a/Documentation/dev-release.txt
+++ b/Documentation/dev-release.txt
@@ -83,6 +83,7 @@
 .. link:#push-stable[Push the Stable Branch]
 .. link:#push-tag[Push the Release Tag]
 .. link:#upload-documentation[Upload the Documentation]
+.. link:#finalize-release-notes[Finalize Release Notes]
 .. link:#update-issues[Update the Issues]
 .. link:#announce[Announce on Mailing List]
 . link:#increase-version[Increase Gerrit Version for Current Development]
@@ -110,8 +111,8 @@
 * link:dev-release-subproject.html#prepare-release[Prepare the Release]
 * link:dev-release-subproject.html#publish-release[Publish the Release]
 
-* Update the `id`, `bin_sha1`, and `src_sha1` values in the `maven_jar`
-for the Subproject in `/lib/BUCK` to the released version.
+* Update the `artifact`, `sha1`, and `src_sha1` values in the `maven_jar`
+for the Subproject in `WORKSPACE` to the released version.
 
 [[update-versions]]
 === Update Versions and Create Release Tag
@@ -128,11 +129,6 @@
   ./tools/version.py 2.5
 ----
 
-Also check and update the referenced `archetypeVersion` and the
-`archetypeRepository` in the `Documentation/dev-plugins.txt` file.
-If the referenced `archetypeVersion` will be available in the Maven central,
-delete the line with the `archetypeRepository`.
-
 Commit the changes and create the release tag on the new commit:
 
 ----
@@ -151,8 +147,7 @@
 * Build the Gerrit WAR, API JARs and documentation
 +
 ----
-  buck clean
-  buck build --no-cache release docs
+  bazel build release Documentation:searchfree
   ./tools/maven/api.sh install
 ----
 
@@ -161,11 +156,10 @@
 
 * Verify plugin versions
 +
-Sometimes `buck` doesn't rebuild plugins after they are tagged, and the
-versions don't reflect the tag. Verify the versions:
+Verify the versions:
 +
 ----
-  java -jar ./buck-out/gen/release/release.war init --list-plugins
+  java -jar bazel-bin/release.war init --list-plugins
 ----
 
 [[publish-gerrit]]
@@ -178,7 +172,7 @@
 link:dev-release-deploy-config.html#deploy-configuration-setting-maven-central[
 configuration] for deploying to Maven Central
 
-* Make sure that the version is updated in the `VERSION` file and in
+* Make sure that the version is updated in the `version.bzl` file and in
 the `pom.xml` files as described in the link:#update-versions[Update
 Versions and Create Release Tag] section.
 
@@ -193,21 +187,9 @@
 ----
   ./tools/maven/api.sh deploy
 ----
-+
-If no artifacts are uploaded, clean the `buck-out` folder and retry:
-+
-----
-  buck clean ; rm -rf buck-out
-----
-
-* Push the plugin Maven archetypes to Maven Central:
-+
-----
-  ./tools/plugin_archetype_deploy.sh
-----
 
 * To where the artifacts are uploaded depends on the `GERRIT_VERSION` in
-the `VERSION` file:
+the `version.bzl` file:
 
 ** SNAPSHOT versions are directly uploaded into the Sonatype snapshots
 repository and no further action is needed:
@@ -327,23 +309,24 @@
 [[upload-documentation]]
 ==== Upload the Documentation
 
-* Build the release notes:
-+
-----
-  buck build releasenotes
-----
-
-* Extract the release notes files from the zip file generated from the previous
-step: `buck-out/gen/ReleaseNotes/html/html.zip`.
-
 * Extract the documentation files from the zip file generated from
-`buck build docs`: `buck-out/gen/Documentation/searchfree/searchfree.zip`.
+`bazel build searchfree`: `bazel-bin/Documentation/searchfree.zip`.
 
 * Upload the files manually via web browser to the appropriate folder
 in the
 link:https://console.cloud.google.com/storage/browser/gerrit-documentation/?project=api-project-164060093628[
 gerrit-documentation] storage bucket.
 
+[[finalize-release-notes]]
+=== Finalize the Release Notes
+
+Upload a change on the homepage project to:
+
+* Remove 'In Development' caveat from the relevant section.
+
+* Add links to the released documentation and the .war file, and make the
+latest version bold.
+
 [[update-links]]
 ==== Update homepage links
 
@@ -370,14 +353,14 @@
 
 * Send an email to the mailing list to announce the release, consider
 including some or all of the following in the email:
-** A link to the release and the release notes (if a final release)
+** A link to the release and the release notes
 ** A link to the docs
 ** Describe the type of release (stable, bug fix, RC)
 ** Hash values (SHA1, SHA256, MD5) for the release WAR file.
 +
 The SHA1 and MD5 can be taken from the artifact page on Sonatype. The
 SHA256 can be generated with
-`openssl sha -sha256 buck-out/gen/release/release.war` or an equivalent
+`openssl sha -sha256 bazel-bin/release.war` or an equivalent
 command.
 
 * Update the new discussion group announcement to be sticky
@@ -397,8 +380,7 @@
 next Gerrit release. The Gerrit version should be set to the snapshot version
 for the next release.
 
-Use the `version` tool to set the version in the `VERSION` file and plugin
-archetypes' `pom.xml` files:
+Use the `version` tool to set the version in the `version.bzl` file:
 
 ----
  ./tools/version.py 2.11-SNAPSHOT
diff --git a/Documentation/dev-rest-api.txt b/Documentation/dev-rest-api.txt
index 308d4bd..fec9c97 100644
--- a/Documentation/dev-rest-api.txt
+++ b/Documentation/dev-rest-api.txt
@@ -47,7 +47,7 @@
 Example to set a Gerrit project's link:rest-api-projects.html#set-project-description[description]:
 
 ----
- curl -X PUT --digest --user john:2LlAB3K9B0PF --data-binary @project-desc.txt --header "Content-Type: application/json; charset=UTF-8" http://localhost:8080/a/projects/myproject/description
+ curl -X PUT --user john:2LlAB3K9B0PF --data-binary @project-desc.txt --header "Content-Type: application/json; charset=UTF-8" http://localhost:8080/a/projects/myproject/description
 ----
 
 === Authentication
@@ -56,7 +56,7 @@
 the command line:
 
 ----
- curl --digest --user username:password http://localhost:8080/a/path/to/api/
+ curl --user username:password http://localhost:8080/a/path/to/api/
 ----
 
 This makes it easy to switch users for testing of permissions.
@@ -65,7 +65,7 @@
 file (on Windows, `_netrc`):
 
 ----
- curl --digest -n http://localhost:8080/a/path/to/api/
+ curl -n http://localhost:8080/a/path/to/api/
 ----
 
 In both cases, the password should be the user's link:user-upload.html#http[HTTP password].
@@ -75,7 +75,7 @@
 To verify the headers returned from a REST API call, use `curl` in verbose mode:
 
 ----
-  curl -v -n --digest -X DELETE http://localhost:8080/a/path/to/api/
+  curl -v -n -X DELETE http://localhost:8080/a/path/to/api/
 ----
 
 The headers on both the request and the response will be printed.
diff --git a/Documentation/dev-stars.txt b/Documentation/dev-stars.txt
index dfcbb6f..553ac5b 100644
--- a/Documentation/dev-stars.txt
+++ b/Documentation/dev-stars.txt
@@ -55,9 +55,9 @@
 watch a project will always get the email notifications for the change
 creation. Only then the change can be ignored.
 
-Users that are added as reviewer to a change that they have ignored
-will be notified about this, so that they know about the review
-request. They can the decide to remove the ignore star.
+Users that are added as reviewer or assignee to a change that they have
+ignored will be notified about this, so that they know about the review
+request. They can then decide to remove the ignore star.
 
 The ignore star is represented by the special star label 'ignore'.
 
diff --git a/Documentation/error-no-new-changes.txt b/Documentation/error-no-new-changes.txt
index a5c805c..17422ad 100644
--- a/Documentation/error-no-new-changes.txt
+++ b/Documentation/error-no-new-changes.txt
@@ -40,10 +40,11 @@
 If you need to re-push a commit you may rewrite this commit by
 link:http://www.kernel.org/pub/software/scm/git/docs/git-commit.html[amending] it or doing an interactive link:http://www.kernel.org/pub/software/scm/git/docs/git-rebase.html[git rebase]. By rewriting the
 commit you actually create a new commit (with a new commit ID in
-project scope) which can then be pushed to Gerrit. If the old commit
-contains a Change-Id in the commit message you also need to replace
-it with a new Change-Id (case 1. and 3. above), otherwise the push
-will fail with another error message.
+project scope) which can then be pushed to Gerrit.
+
+If you are pushing the new change to the same destination branch as
+the old commit (case 1 above), you also need to replace it with a new
+Change-Id, otherwise the push will fail with another error message.
 
 == Fast-forward merges
 
diff --git a/Documentation/error-permission-denied.txt b/Documentation/error-permission-denied.txt
index 574818d..879273d 100644
--- a/Documentation/error-permission-denied.txt
+++ b/Documentation/error-permission-denied.txt
@@ -3,15 +3,20 @@
 With this error message an SSH command to Gerrit is rejected if the
 SSH authentication is not successful.
 
-The link:http://en.wikipedia.org/wiki/Secure_Shell[SSH] protocol uses link:http://en.wikipedia.org/wiki/Public-key_cryptography[Public-key Cryptography] for authentication.
-This means for a successful SSH authentication you need your private
-SSH key and the corresponding public SSH key must be known to Gerrit.
+The link:http://en.wikipedia.org/wiki/Secure_Shell[SSH] protocol can use
+link:http://en.wikipedia.org/wiki/Public-key_cryptography[Public-key Cryptography]
+for authentication.
+In general configurations, Gerrit will authenticate you by the public keys
+known to you. Optionally, it can be configured by the administrator to allow
+for link:config-gerrit.html#sshd.kerberosKeytab[kerberos] authentication
+instead.
 
-If you are facing this problem, do the following:
+In any case, verify that you are using the correct username for the SSH command
+and that it is typed correctly (case sensitive). You can look up your username
+in the Gerrit Web UI under 'Settings' -> 'Profile'.
 
-. Verify that you are using the correct username for the SSH command
-  and that it is typed correctly (case sensitive). You can look up
-  your username in the Gerrit Web UI under 'Settings' -> 'Profile'.
+If you are facing this problem and using an SSH keypair, do the following:
+
 . Verify that you have uploaded your public SSH key for your Gerrit
   account. To do this go in the Gerrit Web UI to 'Settings' ->
   'SSH Public Keys' and check that your public SSH key is there. If
@@ -21,6 +26,19 @@
   described below. From the trace you should see which private SSH
   key is used.
 
+Debugging kerberos issues can be quite hard given the complexity of the
+protocol. In case you are using kerberos authentication, do the following:
+
+. Verify that you have acquired a valid initial ticket. On a Linux machine, you
+  can acquire one using the `kinit` command. List all your tickets using the
+  `klist` command. It should list all principals for which you have acquired a
+  ticket and include a principal name corresponding to your Gerrit server, for
+  example `HOST/gerrit.mydomain.tld@MYDOMAIN.TLD`.
+  Note that tickets can expire and require you to re-run `kinit` periodically.
+. Verify that your SSH client is using kerberos authentication. For OpenSSH
+  clients this can be controlled using the `GSSAPIAuthentication` setting.
+  For more information see
+  link:user-upload.html#configure_ssh_kerberos[SSH kerberos configuration].
 
 == Test SSH authentication
 
diff --git a/Documentation/error-prohibited-by-gerrit.txt b/Documentation/error-prohibited-by-gerrit.txt
index 3d9bbad..3e5f23b 100644
--- a/Documentation/error-prohibited-by-gerrit.txt
+++ b/Documentation/error-prohibited-by-gerrit.txt
@@ -17,10 +17,10 @@
    link:access-control.html#category_create['Create Reference'] access
    right on `+refs/heads/*+`
 4. if you push an annotated tag without
-   link:access-control.html#category_push_annotated['Push Annotated Tag']
+   link:access-control.html#category_create_annotated['Create Annotated Tag']
    access right on `+refs/tags/*+`
 5. if you push a signed tag without
-   link:access-control.html#category_push_signed['Push Signed Tag']
+   link:access-control.html#category_create_signed['Create Signed Tag']
    access right on `+refs/tags/*+`
 6. if you push a lightweight tag without the access right link:access-control.html#category_create['Create
    Reference'] for the reference name `+refs/tags/*+`
diff --git a/Documentation/gen_licenses.py b/Documentation/gen_licenses.py
deleted file mode 100755
index 15f470c..0000000
--- a/Documentation/gen_licenses.py
+++ /dev/null
@@ -1,178 +0,0 @@
-#!/usr/bin/env python
-# Copyright (C) 2013 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# TODO(sop): Be more detailed: version, link to Maven Central
-
-from __future__ import print_function
-
-import argparse
-from collections import defaultdict, deque
-import json
-from os import chdir, path
-from shutil import copyfileobj
-from subprocess import Popen, PIPE
-from sys import stdout, stderr
-
-parser = argparse.ArgumentParser()
-parser.add_argument('--asciidoc', action='store_true')
-parser.add_argument('--partial', action='store_true')
-parser.add_argument('targets', nargs='+')
-args = parser.parse_args()
-
-KNOWN_PROVIDED_DEPS = [
-  '//lib/bouncycastle:bcpg',
-  '//lib/bouncycastle:bcpkix',
-  '//lib/bouncycastle:bcprov',
-]
-
-for target in args.targets:
-  if not target.startswith('//'):
-    print('Target must be absolute: %s' % target, file=stderr)
-
-def parse_graph():
-  graph = defaultdict(list)
-  while not path.isfile('.buckconfig'):
-    chdir('..')
-  query = ' + '.join('deps(%s)' % t for t in args.targets)
-  p = Popen([
-      'buck', 'query', query,
-      '--output-attributes=buck.direct_dependencies'], stdout=PIPE)
-  obj = json.load(p.stdout)
-  for target, attrs in obj.iteritems():
-    for dep in attrs['buck.direct_dependencies']:
-
-      if target in KNOWN_PROVIDED_DEPS:
-        continue
-
-      if (args.partial
-          and dep == '//gerrit-gwtexpui:CSS'
-          and target == '//gerrit-gwtui:ui_module'):
-        continue
-
-      graph[target].append(dep)
-  r = p.wait()
-  if r != 0:
-    exit(r)
-  return graph
-
-graph = parse_graph()
-licenses = defaultdict(set)
-
-do_not_distribute = False
-queue = deque(args.targets)
-while queue:
-  target = queue.popleft()
-  for dep in graph[target]:
-    if not dep.startswith('//lib:LICENSE-'):
-      continue
-    if 'DO_NOT_DISTRIBUTE' in dep:
-      do_not_distribute = True
-    licenses[dep].add(target)
-  queue.extend(graph[target])
-
-if do_not_distribute:
-  print('DO_NOT_DISTRIBUTE license found', file=stderr)
-  for target in args.targets:
-    print('...via %s:' % target)
-    Popen(['buck', 'query',
-           'allpaths(%s, //lib:LICENSE-DO_NOT_DISTRIBUTE)' % target],
-          stdout=stderr).communicate()
-  exit(1)
-
-used = sorted(licenses.keys())
-
-if args.asciidoc:
-  print("""\
-= Gerrit Code Review - Licenses
-
-Gerrit open source software is licensed under the <<Apache2_0,Apache
-License 2.0>>.  Executable distributions also include other software
-components that are provided under additional licenses.
-
-[[cryptography]]
-== Cryptography Notice
-
-This distribution includes cryptographic software.  The country
-in which you currently reside may have restrictions on the import,
-possession, use, and/or re-export to another country, of encryption
-software.  BEFORE using any encryption software, please check
-your country's laws, regulations and policies concerning the
-import, possession, or use, and re-export of encryption software,
-to see if this is permitted.  See the
-link:http://www.wassenaar.org/[Wassenaar Arrangement]
-for more information.
-
-The U.S. Government Department of Commerce, Bureau of Industry
-and Security (BIS), has classified this software as Export
-Commodity Control Number (ECCN) 5D002.C.1, which includes
-information security software using or performing cryptographic
-functions with asymmetric algorithms.  The form and manner of
-this distribution makes it eligible for export under the License
-Exception ENC Technology Software Unrestricted (TSU) exception
-(see the BIS Export Administration Regulations, Section 740.13)
-for both object code and source code.
-
-Gerrit includes an SSH daemon (Apache SSHD), to support authenticated
-uploads of changes directly from `git push` command line clients.
-
-Gerrit includes an SSH client (JSch), to support authenticated
-replication of changes to remote systems, such as for automatic
-updates of mirror servers, or realtime backups.
-
-For either feature to function, Gerrit requires the
-link:http://java.sun.com/javase/technologies/security/[Java Cryptography extensions]
-and/or the
-link:http://www.bouncycastle.org/java.html[Bouncy Castle Crypto API]
-to be installed by the end-user.
-
-== Licenses
-""")
-
-for n in used:
-  libs = sorted(licenses[n])
-  name = n[len('//lib:LICENSE-'):]
-  if args.asciidoc:
-    print()
-    print('[[%s]]' % name.replace('.', '_'))
-    print("=== " + name)
-    print()
-  else:
-    print()
-    print(name)
-    print()
-    print('----')
-  for d in libs:
-    if d.startswith('//lib:') or d.startswith('//lib/'):
-      p = d[len('//lib:'):]
-    else:
-      p = d[d.index(':')+1:].lower()
-    if '__' in p:
-      p = p[:p.index('__')]
-    print('* ' + p)
-  if args.asciidoc:
-    print()
-    print('[[%s_license]]' % name.replace('.', '_'))
-    print('----')
-  with open(n[2:].replace(':', '/')) as fd:
-    copyfileobj(fd, stdout)
-  print()
-  print('----')
-
-if args.asciidoc:
-  print("""
-GERRIT
-------
-Part of link:index.html[Gerrit Code Review]
-""")
diff --git a/Documentation/index.txt b/Documentation/index.txt
index f53463c..511f19a 100644
--- a/Documentation/index.txt
+++ b/Documentation/index.txt
@@ -5,7 +5,7 @@
 .. link:intro-quick.html[A Quick Introduction to Gerrit]
 .. link:intro-user.html[User Guide]
 .. link:intro-project-owner.html[Project Owner Guide]
-.. link:http://source.android.com/submit-patches/workflow[Default Android Workflow] (external)
+.. link:http://source.android.com/source/life-of-a-patch[Default Android Workflow] (external)
 . Web
 .. link:user-review-ui.html[Reviewing Changes]
 .. link:user-search.html[Searching Changes]
@@ -45,6 +45,7 @@
 . link:config-hooks.html[Hooks]
 . link:config-mail.html[Mail Templates]
 . link:config-cla.html[Contributor Agreements]
+. link:config-robot-comments.html[Robot Comments]
 
 == Server Administration
 . link:install.html[Installation Guide]
@@ -60,8 +61,9 @@
 == Developer
 . Getting Started
 .. link:dev-readme.html[Developer Setup]
+.. link:dev-bazel.html[Building with Bazel]
 .. link:dev-eclipse.html[Eclipse Setup]
-.. link:dev-buck.html[Building with Buck]
+.. link:dev-intellij.html[IntelliJ Setup]
 .. link:dev-contributing.html[Contributing to Gerrit]
 . Plugin Development
 .. link:dev-plugins.html[Developing Plugins]
@@ -71,6 +73,7 @@
 .. link:dev-stars.html[Starring Changes]
 . link:dev-design.html[System Design]
 . link:i18n-readme.html[i18n Support]
+. link:dev-note-db.html[NoteDb]
 
 == Maintainer
 . link:dev-release.html[Making a Gerrit Release]
diff --git a/Documentation/install-quick.txt b/Documentation/install-quick.txt
index 2623256..3ab2d4b 100644
--- a/Documentation/install-quick.txt
+++ b/Documentation/install-quick.txt
@@ -26,14 +26,14 @@
 
 ----
   $ java -version
-  java version "1.7.0_21"
-  Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
-  Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)
+  openjdk version "1.8.0_72"
+  OpenJDK Runtime Environment (build 1.8.0_72-b15)
+  OpenJDK 64-Bit Server VM (build 25.72-b15, mixed mode)
 ----
 
 If Java isn't installed, get it:
 
-* JDK, minimum version 1.7 http://www.oracle.com/technetwork/java/javase/downloads/index.html[Download]
+* JRE, minimum version 1.8 http://www.oracle.com/technetwork/java/javase/downloads/index.html[Download]
 
 
 [[user]]
@@ -211,7 +211,7 @@
 
 This covers the scope of getting Gerrit started and your first change uploaded.
 It doesn't give any clue as to how the review workflow works, please read
-link:http://source.android.com/submit-patches/workflow[Default Workflow] to
+link:http://source.android.com/source/life-of-a-patch[Default Workflow] to
 learn more about the workflow of Gerrit.
 
 To read more on the installation of Gerrit please see link:install.html[the detailed
diff --git a/Documentation/install.txt b/Documentation/install.txt
index e3fb28d..87d757e 100644
--- a/Documentation/install.txt
+++ b/Documentation/install.txt
@@ -5,7 +5,9 @@
 To run the Gerrit service, the following requirements must be met on
 the host:
 
-* JDK, minimum version 1.7 http://www.oracle.com/technetwork/java/javase/downloads/index.html[Download]
+* JRE, version 1.8 http://www.oracle.com/technetwork/java/javase/downloads/index.html[Download]
++
+Gerrit is not yet compatible with Java 9 or newer at this time.
 
 You'll also need an SQL database to house the review metadata. You have the
 choice of either using the embedded H2 or to host your own MySQL or PostgreSQL.
@@ -172,6 +174,50 @@
 the embedded Jetty server, see
 link:install-j2ee.html[J2EE installation].
 
+[[installation_on_windows]]
+== Installation on Windows
+
+The `ssh-keygen` command must be available during the init phase to
+generate SSH host keys. If you have
+link:https://git-for-windows.github.io/[Git for Windows] installed,
+start Command Prompt and temporary add directory with ssh-keygen to the
+PATH environment variable just before running init command:
+
+====
+  PATH=%PATH%;c:\Program Files\Git\usr\bin
+====
+
+Please note that the path in the above example must not be
+double-quoted.
+
+To run the daemon after site initialization execute:
+
+====
+  cd C:\MY\GERRIT\SITE
+  java.exe -jar bin\gerrit.war daemon --console-log
+====
+
+To stop the daemon press Ctrl+C.
+
+=== Install the daemon as Windows Service
+
+To install Gerrit as Windows Service use the
+link:http://commons.apache.org/proper/commons-daemon/procrun.html[Apache
+Commons Daemon Procrun].
+
+Sample install command:
+
+====
+  prunsrv.exe //IS//Gerrit --DisplayName="Gerrit Code Review" --Startup=auto ^
+        --Jvm="C:\Program Files\Java\jre1.8.0_65\bin\server\jvm.dll" ^
+        --Classpath=C:\MY\GERRIT\SITE\bin\gerrit.war ^
+        --LogPath=C:\MY\GERRIT\SITE\logs ^
+        --StartPath=C:\MY\GERRIT\SITE ^
+        --StartMode=jvm --StopMode=jvm ^
+        --StartClass=com.google.gerrit.launcher.GerritLauncher --StartMethod=daemonStart ^
+        --StopClass=com.google.gerrit.launcher.GerritLauncher --StopMethod=daemonStop ^
+        ++DependsOn=postgresql-x64-9.4
+====
 
 [[customize]]
 == Site Customization
diff --git a/Documentation/intro-project-owner.txt b/Documentation/intro-project-owner.txt
index 7a724f7..38cfeac 100644
--- a/Documentation/intro-project-owner.txt
+++ b/Documentation/intro-project-owner.txt
@@ -70,8 +70,8 @@
 commands:
 
 ----
-  $ git fetch origin refs/meta/config:config
-  $ git checkout config
+  $ git fetch ssh://localhost:29418/project refs/meta/config
+  $ git checkout FETCH_HEAD
   $ git log project.config
 ----
 
@@ -330,7 +330,7 @@
 
 A Prolog submit rule has access to link:prolog-change-facts.html[
 information] about the change for which it is testing the
-submittability. Amongst others the list of the modified files can be
+submittability. Among others the list of the modified files can be
 accessed, which allows special logic if certain files are touched. For
 example, a common practice is to require a vote on an additional label,
 like `Library-Compliance`, if the dependencies of the project are
@@ -424,10 +424,13 @@
 
 As project owner you can administrate the branches of your project in
 the Gerrit Web UI under `Projects` > `List` > <your project> >
-`Branches`. In the Web UI both link:project-configuration.html#branch-creation[
-branch creation] and link:project-configuration.html#branch-deletion[branch
-deletion] are allowed for project owners without requiring any
-additional access rights.
+`Branches`. In the Web UI link:project-configuration.html#branch-creation[
+branch creation] is allowed if you have
+link:access-control.html#category_create[Create Reference] access right and
+link:project-configuration.html#branch-deletion[branch deletion] is allowed if
+you have the link:access-control.html#category_delete[Delete Reference] or the
+link:access-control.html#category_push[Push] access right with the `force`
+option.
 
 By setting `HEAD` on the project you can define its
 link:project-configuration.html#default-branch[default branch]. For convenience
@@ -596,7 +599,7 @@
 +
 ----
   [plugin "project-download-commands"]
-    Build = git fetch ${url} ${ref} && git checkout FETCH_HEAD && buck build ${project}
+    Build = git fetch ${url} ${ref} && git checkout FETCH_HEAD && bazel build ${project}
     Update = git fetch ${url} ${ref} && git checkout FETCH_HEAD && git submodule update
 ----
 +
diff --git a/Documentation/intro-quick.txt b/Documentation/intro-quick.txt
index bb80134..d72c696 100644
--- a/Documentation/intro-quick.txt
+++ b/Documentation/intro-quick.txt
@@ -208,7 +208,7 @@
 can add file comment by double clicking anywhere (not just on the
 "Patch Set" words) in the table header or single clicking on the icon
 in the line-number column header. Once published these comments are
-viewable to all, allowing discussion of the change to take place.
+visible to all, allowing discussion of the change to take place.
 
 .Side By Side Patch View
 image::images/intro-quick-review-line-comment.jpg[Adding a Comment]
@@ -317,8 +317,8 @@
 paste this command and run it in our Gerrit checkout.
 
 ----
-$ git fetch http://gerrithost:8080/p/RecipeBook refs/changes/68/68/2
-From http://gerrithost:8080/p/RecipeBook
+$ git fetch ssh://gerrithost:29418/RecipeBook refs/changes/68/68/2
+From ssh://gerrithost:29418/RecipeBook
  * branch            refs/changes/68/68/2 -> FETCH_HEAD
 $ git checkout FETCH_HEAD
 Note: checking out 'FETCH_HEAD'.
diff --git a/Documentation/intro-user.txt b/Documentation/intro-user.txt
index 9bf6842..86962b9 100644
--- a/Documentation/intro-user.txt
+++ b/Documentation/intro-user.txt
@@ -56,8 +56,8 @@
 and the link:user-upload.html#http[HTTP/HTTPS] protocols.
 
 [NOTE]
-To use SSH you must link:user-upload.html#configure_ssh[generate an SSH
-key pair and upload the public SSH key to Gerrit].
+To use SSH you may need to link:user-upload.html#ssh[configure your SSH public
+key in your `Settings`].
 
 [[code-review]]
 == Code Review Workflow
@@ -470,11 +470,16 @@
 link:user-review-ui.html#project-branch-topic[change screen].
 
 It is also possible to link:user-upload.html#topic[set a topic on
-push].
+push], either by appending `%topic=...` to the ref name or through
+the use of the command line flag `--push-option`, aliased to `-o`,
+followed by `topic=...`.
 
 .Set Topic on Push
 ----
   $ git push origin HEAD:refs/for/master%topic=multi-master
+
+  // this is the same as:
+  $ git push origin HEAD:refs/heads/master -o topic=multi-master
 ----
 
 [[drafts]]
@@ -486,12 +491,15 @@
 changes can also be used to backup unfinished changes.
 
 A draft change is created by pushing to the magic
-`refs/drafts/<target-branch>` ref.
+`refs/drafts/<target-branch>` ref, or by pushing with the 'draft'
+option to `refs/for/<target-branch>%draft`.
 
 .Push a Draft Change
 ----
   $ git commit
   $ git push origin HEAD:refs/drafts/master
+  # or
+  $ git push origin HEAD:refs/for/master%draft
 ----
 
 Draft changes have the state link:user-review-ui.html#draft[Draft] and
@@ -639,6 +647,37 @@
 +
 Email notifications are disabled.
 
+- [[email-format]]`Email Format`:
++
+This setting controls the email format Gerrit sends. Note that this
+setting has no effect if the administrator has disabled HTML emails
+for the Gerrit instance.
++
+** `Plaintext Only`:
++
+Email notifications contain only plaintext content.
++
+** `HTML and Plaintext`:
++
+Email notifications contain both HTML and plaintext content.
+
+- [[default-base-for-merges]]`Default Base For Merges`:
++
+This setting controls which base should be pre-selected in the
+`Diff Against` drop-down list when the change screen is opened for a
+merge commit.
++
+** `Auto Merge`:
++
+Pre-selects `Auto Merge` in the `Diff Against` drop-down list when the
+change screen is opened for a merge commit.
++
+** `First Parent`:
++
+Pre-selects `Parent 1` in the `Diff Against` drop-down list when the
+change screen is opened for a merge commit.
++
+
 - [[diff-view]]`Diff View`:
 +
 Whether the Side-by-Side diff view or the Unified diff view should be
@@ -690,6 +729,105 @@
 menu. This can be used to make the navigation to frequently used
 screens, e.g. configured link:#dashboards[dashboards], quick.
 
+[[reply-by-email]]
+== Reply by Email
+
+Gerrit sends out email notifications to users and supports parsing back replies
+on some of them (when link:config-gerrit.html#receiveemail[configured]).
+
+Gerrit supports replies on these notification emails:
+
+* Notifications about new comments
+* Notifications about new labels that were applied or removed
+
+While Gerrit supports a wide range of email clients, the following ones have
+been tested and are known to work:
+
+* Gmail
+* Gmail Mobile
+
+Gerrit supports parsing back all comment types that can be applied to a change
+via the WebUI:
+
+* Change messages
+* Inline comments
+* File comments
+
+Please note that comments can only be sent in reply to a comment in the original
+notification email, while the change message is independent of those.
+
+Gerrit supports parsing a user's reply from both HTML and plaintext. Please note
+that some email clients extract the text from the HTML email they have received
+and send this back as a quoted reply if you have set the client to plaintext
+mode. In this case, Gerrit only supports parsing a change message. To work
+around this issue, consider setting a <<email-format,User Preference>> to
+receive only plaintext emails.
+
+Example notification:
+----
+Some User has posted comments on this change.
+(https://gerrit-review.googlesource.com/123123 )
+
+Change subject: My new change
+......................................................................
+
+
+Patch Set 3:
+
+Just a couple of smaller things I found.
+
+https://gerrit-review.googlesource.com/#/c/123123/3/MyFile.java
+File
+MyFile.java:
+
+https://gerrit-review.googlesource.com/#/c/123123/3/MyFile@420
+PS3, Line 420:     someMethodCall(param);
+Seems to be failing the tests.
+
+
+--
+To view, visit https://gerrit-review.googlesource.com/123123
+To unsubscribe, visit https://gerrit-review.googlesource.com/settings
+
+(Footers omitted for brevity, must be included in all emails)
+----
+
+Example response from the user:
+----
+Thanks, I'll fix it.
+> Some User has posted comments on this change.
+> (https://gerrit-review.googlesource.com/123123 )
+>
+> Change subject: My new change
+> ......................................................................
+>
+>
+> Patch Set 3:
+>
+> Just a couple of smaller things I found.
+>
+> https://gerrit-review.googlesource.com/#/c/123123/3/MyFile.java
+> File
+> MyFile.java:
+Rename this file to File.java
+>
+> https://gerrit-review.googlesource.com/#/c/123123/3/MyFile@420
+> PS3, Line 420:     someMethodCall(param);
+> Seems to be failing the tests.
+>
+Yeah, I see why, let me try again.
+>
+> --
+> To view, visit https://gerrit-review.googlesource.com/123123
+> To unsubscribe, visit https://gerrit-review.googlesource.com/settings
+>
+> (Footers omitted for brevity, must be included in all emails)
+----
+
+In this case, Gerrit will persist a change message ("Thanks, I'll fix it."),
+a file comment ("Rename this file to File.java") as well as a reply to an
+inline comment ("Yeah, I see why, let me try again.").
+
 
 GERRIT
 ------
diff --git a/Documentation/js-api.txt b/Documentation/js-api.txt
index 8c9950e..8a19720 100644
--- a/Documentation/js-api.txt
+++ b/Documentation/js-api.txt
@@ -701,8 +701,7 @@
 accessed through this name.
 
 [[Gerrit_css]]
-Gerrit.css()
-~~~~~~~~~~~~
+=== Gerrit.css()
 Creates a new unique CSS class and injects it into the document.
 The name of the class is returned and can be used by the plugin.
 See link:#Gerrit_html[`Gerrit.html()`] for an easy way to use
@@ -770,7 +769,7 @@
 ----
 Gerrit.get('/changes/?q=status:open', function (open) {
   for (var i = 0; i < open.length; i++) {
-    console.log(open.get(i).change_id);
+    console.log(open[i].change_id);
   }
 });
 ----
@@ -805,8 +804,7 @@
 The user can return to Gerrit with the back button.
 
 [[Gerrit_html]]
-Gerrit.html()
-~~~~~~~~~~~~~
+=== Gerrit.html()
 Parses an HTML fragment after performing template replacements.  If
 the HTML has a single root element or node that node is returned,
 otherwise it is wrapped inside a `<div>` and the div is returned.
@@ -900,8 +898,7 @@
 ----
 
 [[Gerrit_injectCss]]
-Gerrit.injectCss()
-~~~~~~~~~~~~~~~~~~
+=== Gerrit.injectCss()
 Injects CSS rules into the document by appending onto the end of the
 existing rule list.  CSS rules are global to the entire application
 and must be manually scoped by each plugin.  For an automatic scoping
diff --git a/Documentation/json.txt b/Documentation/json.txt
index ef40aee..fa61d01 100644
--- a/Documentation/json.txt
+++ b/Documentation/json.txt
@@ -155,7 +155,8 @@
 
 oldRev:: The old value of the ref, prior to the update.
 
-newRev:: The new value the ref was updated to.
+newRev:: The new value the ref was updated to. Zero value (`0000000000000000000000000000000000000000`)
+indicates that the ref was deleted.
 
 refName:: Full ref name within project.
 
diff --git a/Documentation/license.defs b/Documentation/license.defs
deleted file mode 100644
index 42dd3eb..0000000
--- a/Documentation/license.defs
+++ /dev/null
@@ -1,29 +0,0 @@
-def genlicenses(
-    name,
-    out,
-    opts = [],
-    java_deps = [],
-    non_java_deps = [],
-    visibility = []):
-  cmd = ['$(exe :gen_licenses)']
-  cmd.extend(opts)
-  cmd.append('>$OUT')
-  cmd.extend(java_deps)
-  cmd.extend(non_java_deps)
-
-  # Must use $(classpath) for Java deps, since transitive dependencies are not
-  # first-order dependencies of the output jar, so changes would not cause
-  # invalidation of the build cache key for the genrule.
-  cmd.extend('; true $(classpath %s)' % d for d in java_deps)
-
-  # Must use $(location) for non-Java deps, since $(classpath) will fail with an
-  # error. This is ok, because transitive dependencies are included in the
-  # output artifacts for everything _except_ Java libraries.
-  cmd.extend('; true $(location %s)' % d for d in non_java_deps)
-
-  genrule(
-    name = name,
-    out = out,
-    cmd = ' '.join(cmd),
-    visibility = visibility,
-  )
diff --git a/Documentation/metrics.txt b/Documentation/metrics.txt
index 1270971..eae33c2 100644
--- a/Documentation/metrics.txt
+++ b/Documentation/metrics.txt
@@ -53,6 +53,29 @@
 * `query/query_latency`: Successful query latency, accumulated over the life
 of the process.
 
+=== Core Queues
+
+The following queues support metrics:
+
+* default `WorkQueue`
+* index batch
+* index interactive
+* receive commits
+* send email
+* ssh batch worker
+* ssh command start
+* ssh interactive worker
+* ssh stream worker
+
+Each queue provides the following metrics:
+
+* `queue/<queue_name>/pool_size`: Current number of threads in the pool
+* `queue/<queue_name>/max_pool_size`: Maximum allowed number of threads in the pool
+* `queue/<queue_name>/active_threads`: Number of threads that are actively executing tasks
+* `queue/<queue_name>/scheduled_tasks`: Number of scheduled tasks in the queue
+* `queue/<queue_name>/total_scheduled_tasks_count`: Total number of tasks that have been scheduled
+* `queue/<queue_name>/total_completed_tasks_count`: Total number of tasks that have completed execution
+
 === SSH sessions
 
 * `sshd/sessions/connected`: Number of currently connected SSH sessions.
@@ -76,6 +99,11 @@
 * `git/upload-pack/phase_writing`: Time spent transferring bytes to client.
 * `git/upload-pack/pack_bytes`: Distribution of sizes of packs sent to clients.
 
+=== BatchUpdate
+
+* `batch_update/execute_change_ops`: BatchUpdate change update latency,
+excluding reindexing
+
 === NoteDb
 
 * `notedb/update_latency`: NoteDb update latency by table.
@@ -90,6 +118,10 @@
 
 * `reviewer_suggestion/query_accounts`: Latency for querying accounts for
 reviewer suggestion.
+* `reviewer_suggestion/recommend_accounts`: Latency for recommending accounts
+for reviewer suggestion.
+* `reviewer_suggestion/load_accounts`: Latency for loading accounts for
+reviewer suggestion.
 * `reviewer_suggestion/query_groups`: Latency for querying groups for reviewer
 suggestion.
 
@@ -102,6 +134,10 @@
 * `plugins/replication/replication_retries`: Number of retries when pushing to
 remote destination.
 
+=== License
+
+* `license/cla_check_count`: Total number of CLA check requests.
+
 GERRIT
 ------
 Part of link:index.html[Gerrit Code Review]
diff --git a/Documentation/pgm-LocalUsernamesToLowerCase.txt b/Documentation/pgm-LocalUsernamesToLowerCase.txt
index 1136ced..03aaabf 100644
--- a/Documentation/pgm-LocalUsernamesToLowerCase.txt
+++ b/Documentation/pgm-LocalUsernamesToLowerCase.txt
@@ -7,9 +7,8 @@
 == SYNOPSIS
 [verse]
 --
-_java_ -jar gerrit.war _LocalUsernamesToLowerCase
+_java_ -jar gerrit.war _LocalUsernamesToLowerCase_
   -d <SITE_PATH>
-  [--threads]
 --
 
 == DESCRIPTION
@@ -29,9 +28,11 @@
 same local username, but with different case. In this case the local
 username for these accounts is not converted to lower case.
 
-This task can run in the background concurrently to the server if the
-database is MySQL or PostgreSQL. If the database is H2, this task
-must be run by itself.
+After all usernames have been migrated, the link:pgm-reindex.html[
+reindex] program is automatically invoked to reindex all accounts.
+
+This task cannot run in the background concurrently to the server;
+it must be run by itself.
 
 == OPTIONS
 
@@ -40,10 +41,6 @@
 	Location of the gerrit.config file, and all other per-site
 	configuration data, supporting libraries and log files.
 
---threads::
-	Number of threads to perform the scan work with.  Defaults to
-	twice the number of CPUs available.
-
 == CONTEXT
 This command can only be run on a server which has direct
 connectivity to the metadata database.
diff --git a/Documentation/pgm-MigrateAccountPatchReviewDb.txt b/Documentation/pgm-MigrateAccountPatchReviewDb.txt
index 5718a8a..c8ab193 100644
--- a/Documentation/pgm-MigrateAccountPatchReviewDb.txt
+++ b/Documentation/pgm-MigrateAccountPatchReviewDb.txt
@@ -27,6 +27,12 @@
 * Migrate data using this command
 * Start Gerrit
 
+[NOTE]
+When using MySQL, the file_name column length in the account_patch_reviews table will be shortened
+from the standard 4096 characters down to 255 characters. This is due to a
+link:https://dev.mysql.com/doc/refman/5.7/en/innodb-restrictions.html[MySQL limitation]
+on the max size of 767 bytes for each column in an index.
+
 == OPTIONS
 
 -d::
diff --git a/Documentation/project-configuration.txt b/Documentation/project-configuration.txt
index d71d19a..7d93c64 100644
--- a/Documentation/project-configuration.txt
+++ b/Documentation/project-configuration.txt
@@ -103,7 +103,8 @@
 link:config-gerrit.html#change.submitWholeTopic[`change.submitWholeTopic`]
 is enabled and depending changes share the same topic. So generally
 submitters must remember to submit changes in the right order when using this
-submit type.
+submit type. If all you want is extra information in the commit message,
+consider using the Rebase Always submit strategy.
 
 [[rebase_if_necessary]]
 * Rebase If Necessary
@@ -117,6 +118,17 @@
 succeed if there is no path conflict.  A path conflict occurs when
 the same file has also been changed on the other side of the merge.
 
+[[rebase_always]]
+* Rebase Always
++
+Basically, the same as Rebase If Necessary, but it creates a new patchset even
+if fast forward is possible AND like Cherry Pick it ensures footers such as
+Change-Id, Reviewed-On, and others are present in resulting commit that is
+merged.
+
+Thus, Rebase Always can be considered similar to Cherry Pick, but with
+the important distinction that Rebase Always does not ignore dependencies.
+
 [[content_merge]]
 If `Allow content merges` is enabled, Gerrit will try
 to do a content merge when a path conflict occurs.
@@ -237,9 +249,7 @@
 
 To be able to create new branches the user must have the
 link:access-control.html#category_create[Create Reference] access
-right. In addition, project owners and Gerrit administrators can create
-new branches from the Web UI or via REST even without having the
-`Create Reference` access right.
+right.
 
 When using the Web UI, the REST endpoint or the SSH command it is only
 possible to create branches on commits that already exist in the
@@ -260,17 +270,22 @@
 - in the Web UI under 'Projects' > 'List' > <project> > 'Branches'
 - via the link:rest-api-projects.html#delete-branch[Delete Branch]
   REST endpoint
-- by using a git client to force push nothing to an existing branch
+- by using a git client
++
+----
+  $ git push origin --delete refs/heads/<branch-to-delete>
+----
++
+another method, by force pushing nothing to an existing branch:
 +
 ----
   $ git push --force origin :refs/heads/<branch-to-delete>
 ----
 
 To be able to delete branches, the user must have the
+link:access-control.html#category_delete[Delete Reference] or the
 link:access-control.html#category_push[Push] access right with the
-`force` option. In addition, project owners and Gerrit administrators
-can delete branches from the Web UI or via REST even without having the
-`Force Push` access right.
+`force` option.
 
 [[default-branch]]
 === Default Branch
diff --git a/Documentation/prolog-change-facts.txt b/Documentation/prolog-change-facts.txt
index cbd4070..11d17b8 100644
--- a/Documentation/prolog-change-facts.txt
+++ b/Documentation/prolog-change-facts.txt
@@ -60,6 +60,9 @@
 
 |`uploader/1`     |`uploader(user(1000000)).`
     |Uploader as `user(ID)` term. ID is the numeric account ID
+
+|`unresolved_comments_count/1`     |`unresolved_comments_count(0).`
+    |The number of unresolved comments as an integer atom
 |=============================================================================
 
 In addition Gerrit provides a set of built-in helper predicates that can be used
diff --git a/Documentation/prolog-cookbook.txt b/Documentation/prolog-cookbook.txt
index cced53e2..78497eb 100644
--- a/Documentation/prolog-cookbook.txt
+++ b/Documentation/prolog-cookbook.txt
@@ -544,6 +544,7 @@
     Author = label('Author-is-John-Doe', need(_)).
 
 submit_rule(submit(Author)) :-
+    A = user(1000000),
     gerrit:commit_author(A, 'John Doe', 'john.doe@example.com'),
     Author = label('Author-is-John-Doe', ok(A)).
 ----
@@ -899,7 +900,10 @@
     findall(X, gerrit:commit_label(label(Category,X),R),Z),
     sum_list(Z, Sum),
     Sum >= Min, !,
-    P = [label(Category,ok(R)) | In].
+    gerrit:commit_label(label(Category, V), U),
+    V >= 1,
+    !,
+    P = [label(Category,ok(U)) | In].
 
 add_category_min_score(In, Category,Min,P) :-
     P = [label(Category,need(Min)) | In].
@@ -998,6 +1002,56 @@
 only_allow_author_to_submit(S1, [label('Only-Author-Can-Submit', need(_)) | S1]).
 ----
 
+=== Example 16: Make change submittable if all comments have been resolved
+In this example we will use the `unresolved_comments_count` fact about a
+change. Our goal is to block the submission of any change with some
+unresolved comments. Basically, it can be achieved by the following rules:
+
+`rules.pl`
+[source,prolog]
+----
+submit_rule(submit(R)) :-
+    gerrit:unresolved_comments_count(0),
+    !,
+    gerrit:commit_author(A),
+    R = label('All-Comments-Resolved', ok(A)).
+
+submit_rule(submit(R)) :-
+    gerrit:unresolved_comments_count(U),
+    U > 0,
+    R = label('All-Comments-Resolved', need(_)).
+----
+
+Suppose currently a change is submittable if it gets `+2` for `Code-Review`
+and `+1` for `Verified`. It can be extended to support the above rules as
+follows:
+
+`rules.pl`
+[source,prolog]
+----
+submit_rule(submit(CR, V, R)) :-
+    base(CR, V),
+    gerrit:unresolved_comments_count(0),
+    !,
+    gerrit:commit_author(A),
+    R = label('All-Comments-Resolved', ok(A)).
+
+submit_rule(submit(CR, V, R)) :-
+    base(CR, V),
+    gerrit:unresolved_comments_count(U),
+    U > 0,
+    R = label('All-Comments-Resolved', need(_)).
+
+base(CR, V) :-
+    gerrit:max_with_block(-2, 2, 'Code-Review', CR),
+    gerrit:max_with_block(-1, 1, 'Verified', V).
+----
+
+Note that a new label as `All-Comments-Resolved` should not be configured.
+It's only used to show `'Needs All-Comments-Resolved'` in the UI to clearly
+indicate to the user that all the comments have to be resolved for the
+change to become submittable.
+
 == Examples - Submit Type
 The following examples show how to implement own submit type rules.
 
diff --git a/Documentation/replace_macros.py b/Documentation/replace_macros.py
index baf08e7..c76d133 100755
--- a/Documentation/replace_macros.py
+++ b/Documentation/replace_macros.py
@@ -229,12 +229,16 @@
 options, _ = opts.parse_args()
 
 try:
-  out_file = open(options.out, 'w')
-  src_file = open(options.src, 'r')
+  try:
+    out_file = open(options.out, 'w', errors='ignore')
+    src_file = open(options.src, 'r', errors='ignore')
+  except TypeError:
+    out_file = open(options.out, 'w')
+    src_file = open(options.src, 'r')
   last_line = ''
   ignore_next_line = False
   last_title = ''
-  for line in src_file.xreadlines():
+  for line in src_file:
     if PAT_GERRIT.match(last_line):
       # Case of "GERRIT\n------" at the footer
       out_file.write(GERRIT_UPLINK)
diff --git a/Documentation/rest-api-access.txt b/Documentation/rest-api-access.txt
index 61ea582..a90ea1a 100644
--- a/Documentation/rest-api-access.txt
+++ b/Documentation/rest-api-access.txt
@@ -132,7 +132,7 @@
         },
         "refs/tags/*": {
           "permissions": {
-            "pushSignedTag": {
+            "createSignedTag": {
               "rules": {
                 "53a4f647a89ea57992571187d8025f830625192a": {
                   "action": "ALLOW"
@@ -142,7 +142,7 @@
                 }
               }
             },
-            "pushTag": {
+            "createTag": {
               "rules": {
                 "53a4f647a89ea57992571187d8025f830625192a": {
                   "action": "ALLOW"
@@ -263,6 +263,7 @@
       ],
       "can_upload": true,
       "can_add": true,
+      "can_add_tags": true,
       "config_visible": true
     },
     "MyProject": {
@@ -279,6 +280,7 @@
       ],
       "can_upload": true,
       "can_add": true,
+      "can_add_tags": true,
       "config_visible": true
     }
   }
@@ -365,6 +367,8 @@
 Whether the calling user can upload to any ref.
 |`can_add`            |not set if `false`|
 Whether the calling user can add any ref.
+|`can_add_tags`       |not set if `false`|
+Whether the calling user can add any tag ref.
 |`config_visible`     |not set if `false`|
 Whether the calling user can see the `refs/meta/config` branch of the
 project.
diff --git a/Documentation/rest-api-accounts.txt b/Documentation/rest-api-accounts.txt
index e784c1c..4409d1f 100644
--- a/Documentation/rest-api-accounts.txt
+++ b/Documentation/rest-api-accounts.txt
@@ -285,6 +285,66 @@
   HTTP/1.1 204 No Content
 ----
 
+[[get-account-status]]
+=== Get Account Status
+--
+'GET /accounts/link:#account-id[\{account-id\}]/status'
+--
+
+Retrieves the status of an account.
+
+.Request
+----
+  GET /accounts/self/status HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  "Available"
+----
+
+If the account does not have a status an empty string is returned.
+
+[[set-account-status]]
+=== Set Account Status
+--
+'PUT /accounts/link:#account-id[\{account-id\}]/status'
+--
+
+Sets the status of an account.
+
+The new account status must be provided in the request body inside
+an link:#account-status-input[AccountStatusInput] entity.
+
+.Request
+----
+  PUT /accounts/self/status HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "status": "Out Of Office"
+  }
+----
+
+As response the new account status is returned.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  "Out Of Office"
+----
+
+If the name was deleted the response is "`204 No Content`".
+
 [[get-username]]
 === Get Username
 --
@@ -396,32 +456,7 @@
   HTTP/1.1 204 No Content
 ----
 
-If the account was already inactive the response is "`404 Not Found`".
-
-[[get-http-password]]
-=== Get HTTP Password
---
-'GET /accounts/link:#account-id[\{account-id\}]/password.http'
---
-
-Retrieves the HTTP password of an account.
-
-.Request
-----
-  GET /accounts/john.doe@example.com/password.http HTTP/1.0
-----
-
-.Response
-----
-  HTTP/1.1 200 OK
-  Content-Disposition: attachment
-  Content-Type: application/json; charset=UTF-8
-
-  )]}'
-  "Qmxlc21ydCB1YmVyIGFsbGVzIGluIGRlciBXZWx0IQ"
-----
-
-If the account does not have an HTTP password the response is "`404 Not Found`".
+If the account was already inactive the response is "`409 Conflict`".
 
 [[set-http-password]]
 === Set/Generate HTTP Password
@@ -968,12 +1003,12 @@
   }
 ----
 
-Administrator that has authenticated with digest authentication:
+Administrator that has authenticated with basic authentication:
 
 .Request
 ----
   GET /a/accounts/self/capabilities HTTP/1.0
-  Authorization: Digest username="admin", realm="Gerrit Code Review", nonce="...
+  Authorization: Basic ABCDECF..
 ----
 
 .Response
@@ -1015,7 +1050,7 @@
 .Request
 ----
   GET /a/accounts/self/capabilities?q=createAccount&q=createGroup HTTP/1.0
-  Authorization: Digest username="admin", realm="Gerrit Code Review", nonce="...
+  Authorization: Basic ABCDEF...
 ----
 
 .Response
@@ -1213,6 +1248,7 @@
     "size_bar_in_change_table": true,
     "review_category_strategy": "ABBREV",
     "mute_common_path_prefixes": true,
+    "default_base_for_merges": "FIRST_PARENT",
     "my": [
       {
         "url": "#/dashboard/self",
@@ -1237,7 +1273,8 @@
       {
         "url": "#/groups/self",
         "name": "Groups"
-      }
+      },
+      change_table: []
     ]
   }
 ----
@@ -1262,6 +1299,7 @@
     "changes_per_page": 50,
     "show_site_header": true,
     "use_flash_clipboard": true,
+    "expand_inline_diffs": true,
     "download_command": "CHECKOUT",
     "date_format": "STD",
     "time_format": "HHMM_12",
@@ -1294,6 +1332,10 @@
         "url": "#/groups/self",
         "name": "Groups"
       }
+    ],
+    "change_table": [
+      "Subject",
+      "Owner"
     ]
   }
 ----
@@ -1312,6 +1354,7 @@
     "changes_per_page": 50,
     "show_site_header": true,
     "use_flash_clipboard": true,
+    "expand_inline_diffs": true,
     "download_command": "CHECKOUT",
     "date_format": "STD",
     "time_format": "HHMM_12",
@@ -1344,6 +1387,10 @@
         "url": "#/groups/self",
         "name": "Groups"
       }
+    ],
+    "change_table": [
+      "Subject",
+      "Owner"
     ]
   }
 ----
@@ -1381,7 +1428,8 @@
     "show_tabs": true,
     "show_whitespace_errors": true,
     "syntax_highlighting": true,
-    "tab_size": 8
+    "tab_size": 8,
+    "font_size": 12
   }
 ----
 
@@ -1412,7 +1460,8 @@
     "show_tabs": true,
     "show_whitespace_errors": true,
     "syntax_highlighting": true,
-    "tab_size": 8
+    "tab_size": 8,
+    "font_size": 12
   }
 ----
 
@@ -1436,7 +1485,8 @@
     "show_tabs": true,
     "show_whitespace_errors": true,
     "syntax_highlighting": true,
-    "tab_size": 8
+    "tab_size": 8,
+    "font_size": 12
   }
 ----
 
@@ -1475,6 +1525,7 @@
     "hide_line_numbers": true,
     "match_brackets": true,
     "line_wrapping": false,
+    "indent_with_tabs": false,
     "auto_close_brackets": true
   }
 ----
@@ -1660,6 +1711,64 @@
   HTTP/1.1 204 No Content
 ----
 
+[[get-account-external-ids]]
+=== Get Account External IDs
+--
+'GET /accounts/link:#account-id[\{account-id\}]/external.ids'
+--
+
+Retrieves the external ids of a user account.
+
+.Request
+----
+  GET /a/accounts/self/external.ids HTTP/1.0
+----
+
+As result the external ids of the user are returned as a list of
+link:#account-external-id-info[AccountExternalIdInfo] entities.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    {
+      "identity": "username:john",
+      "email": "john.doe@example.com",
+      "trusted": true
+    }
+  ]
+----
+
+[[delete-account-external-ids]]
+=== Delete Account External IDs
+--
+'POST /accounts/link:#account-id[\{account-id\}]/external.ids:delete'
+--
+
+Delete a list of external ids for a user account. The target external ids must
+be provided as a list in the request body.
+
+Only external ids belonging to the caller may be deleted.
+
+.Request
+----
+  POST /a/accounts/self/external.ids:delete HTTP/1.0
+  Content-Type: application/json;charset=UTF-8
+
+  {
+    "mailto:john.doe@example.com"
+  }
+----
+
+.Response
+----
+  HTTP/1.1 204 No Content
+----
+
 [[default-star-endpoints]]
 == Default Star Endpoints
 
@@ -2019,6 +2128,22 @@
 registered.
 |=================================
 
+[[account-external-id-info]]
+=== AccountExternalIdInfo
+The `AccountExternalIdInfo` entity contains information for an external id of
+an account.
+
+[options="header",cols="1,^1,5"]
+|============================
+|Field Name        ||Description
+|`identity`        ||The account external id.
+|`email`           |optional|The email address for the external id.
+|`trusted`         |not set if `false`|
+Whether the external id is trusted.
+|`can_delete`      |not set if `false`|
+Whether the external id can be deleted by the calling user.
+|============================
+
 [[account-info]]
 === AccountInfo
 The `AccountInfo` entity contains information about an account.
@@ -2084,6 +2209,18 @@
 If not set or if set to an empty string, the account name is deleted.
 |=============================
 
+[[account-status-input]]
+=== AccountStatusInput
+The `AccountStatusInput` entity contains information for setting a status
+for an account.
+
+[options="header",cols="1,^2,4"]
+|=============================
+|Field Name ||Description
+|`status`   |optional|The new status of the account. +
+If not set or if set to an empty string, the account status is deleted.
+|=============================
+
 [[capability-info]]
 === CapabilityInfo
 The `CapabilityInfo` entity contains information about the global
@@ -2226,6 +2363,8 @@
 If true the line numbers are hidden.
 |`tab_size`                    ||
 Number of spaces that should be used to display one tab.
+|`font_size`                    ||
+Default font size in pixels for change to be displayed in the diff view.
 |'hide_empty_pane'             |not set if `false`|
 Whether empty panes should be hidden. The left pane is empty when a
 file was added; the right pane is empty when a file was deleted.
@@ -2286,8 +2425,12 @@
 True if the line numbers should be hidden.
 |`tab_size`                    |optional|
 Number of spaces that should be used to display one tab.
+|`font_size`                   |optional|
+Default font size in pixels for change to be displayed in the diff view.
 |`line_wrapping`               |optional|
 Whether to enable line wrapping or not.
+|`indent_with_tabs`            |optional|
+Whether to enable indent with tabs or not.
 |===========================================
 
 [[edit-preferences-info]]
@@ -2327,8 +2470,12 @@
 Whether matching brackets should be highlighted.
 |`line_wrapping`               |not set if `false`|
 Whether to enable line wrapping or not.
+|`indent_with_tabs`            |not set if `false`|
+Whether to indent with tabs or not.
 |`auto_close_brackets`         |not set if `false`|
 Whether brackets and quotes should be auto-closed during typing.
+|`show_base`                   |not set if `false`|
+Whether to show the inline edit base version or not.
 |===========================================
 
 [[email-info]]
@@ -2452,14 +2599,15 @@
 Whether the site header should be shown.
 |`use_flash_clipboard`          |not set if `false`|
 Whether to use the flash clipboard widget.
+|`expand_inline_diffs`          |not set if `false`|
+Whether to expand diffs inline instead of opening as separate page
+(PolyGerrit only).
 |`download_scheme`              |optional|
 The type of download URL the user prefers to use. May be any key from
 the `schemes` map in
 link:rest-api-config.html#download-info[DownloadInfo].
 |`download_command`             ||
 The type of download command the user prefers to use.
-|`copy_self_on_email`           |not set if `false`|
-Whether to CC me on comments I write.
 |`date_format`                  ||
 The format to display the date in.
 Allowed values are `STD`, `US`, `ISO`, `EURO`, `UK`.
@@ -2468,24 +2616,27 @@
 Allowed values are `HHMM_12`, `HHMM_24`.
 |`relative_date_in_change_table`|not set if `false`|
 Whether to show relative dates in the changes table.
+|`diff_view`                    ||
+The type of diff view to show.
+Allowed values are `SIDE_BY_SIDE`, `UNIFIED_DIFF`.
 |`size_bar_in_change_table`     |not set if `false`|
 Whether to show the change sizes as colored bars in the change table.
 |`legacycid_in_change_table`    |not set if `false`|
 Whether to show change number in the change table.
+|`review_category_strategy`     ||
+The strategy used to displayed info in the review category column.
+Allowed values are `NONE`, `NAME`, `EMAIL`, `USERNAME`, `ABBREV`.
 |`mute_common_path_prefixes`    |not set if `false`|
 Whether to mute common path prefixes in file names in the file table.
 |`signed_off_by`                |not set if `false`|
 Whether to insert Signed-off-by footer in changes created with the
 inline edit feature.
-|`review_category_strategy`     ||
-The strategy used to displayed info in the review category column.
-Allowed values are `NONE`, `NAME`, `EMAIL`, `USERNAME`, `ABBREV`.
-|`diff_view`                    ||
-The type of diff view to show.
-Allowed values are `SIDE_BY_SIDE`, `UNIFIED_DIFF`.
 |`my`                           ||
 The menu items of the `MY` top menu as a list of
 link:rest-api-config.html#top-menu-item-info[TopMenuItemInfo] entities.
+|`change_table`                           ||
+The columns to display in the change table (PolyGerrit only). The default is
+empty, which will default columns as determined by the frontend.
 |`url_aliases`                  |optional|
 A map of URL path pairs, where the first URL path is an alias for the
 second URL path.
@@ -2495,6 +2646,10 @@
 their own comments. On `DISABLED` the user will not receive any email
 notifications from Gerrit.
 Allowed values are `ENABLED`, `CC_ON_OWN_COMMENTS`, `DISABLED`.
+|`default_base_for_merges`      ||
+The base which should be pre-selected in the 'Diff Against' drop-down
+list when the change screen is opened for a merge commit.
+Allowed values are `AUTO_MERGE` and `FIRST_PARENT`.
 |============================================
 
 [[preferences-input]]
@@ -2512,12 +2667,13 @@
 Whether the site header should be shown.
 |`use_flash_clipboard`          |optional|
 Whether to use the flash clipboard widget.
+|`expand_inline_diffs`          |not set if `false`|
+Whether to expand diffs inline instead of opening as separate page
+(PolyGerrit only).
 |`download_scheme`              |optional|
 The type of download URL the user prefers to use.
 |`download_command`             |optional|
 The type of download command the user prefers to use.
-|`copy_self_on_email`           |optional|
-Whether to CC me on comments I write.
 |`date_format`                  |optional|
 The format to display the date in.
 Allowed values are `STD`, `US`, `ISO`, `EURO`, `UK`.
@@ -2526,24 +2682,27 @@
 Allowed values are `HHMM_12`, `HHMM_24`.
 |`relative_date_in_change_table`|optional|
 Whether to show relative dates in the changes table.
+|`diff_view`                    |optional|
+The type of diff view to show.
+Allowed values are `SIDE_BY_SIDE`, `UNIFIED_DIFF`.
 |`size_bar_in_change_table`     |optional|
 Whether to show the change sizes as colored bars in the change table.
 |`legacycid_in_change_table`    |optional|
 Whether to show change number in the change table.
+|`review_category_strategy`     |optional|
+The strategy used to displayed info in the review category column.
+Allowed values are `NONE`, `NAME`, `EMAIL`, `USERNAME`, `ABBREV`.
 |`mute_common_path_prefixes`    |optional|
 Whether to mute common path prefixes in file names in the file table.
 |`signed_off_by`                |optional|
 Whether to insert Signed-off-by footer in changes created with the
 inline edit feature.
-|`review_category_strategy`     |optional|
-The strategy used to displayed info in the review category column.
-Allowed values are `NONE`, `NAME`, `EMAIL`, `USERNAME`, `ABBREV`.
-|`diff_view`                    |optional|
-The type of diff view to show.
-Allowed values are `SIDE_BY_SIDE`, `UNIFIED_DIFF`.
 |`my`                           |optional|
 The menu items of the `MY` top menu as a list of
 link:rest-api-config.html#top-menu-item-info[TopMenuItemInfo] entities.
+|`change_table`                           ||
+The columns to display in the change table (PolyGerrit only). The default is
+empty, which will default columns as determined by the frontend.
 |`url_aliases`                  |optional|
 A map of URL path pairs, where the first URL path is an alias for the
 second URL path.
@@ -2553,6 +2712,10 @@
 their own comments. On `DISABLED` the user will not receive any email
 notifications from Gerrit.
 Allowed values are `ENABLED`, `CC_ON_OWN_COMMENTS`, `DISABLED`.
+|`default_base_for_merges`      |optional|
+The base which should be pre-selected in the 'Diff Against' drop-down
+list when the change screen is opened for a merge commit.
+Allowed values are `AUTO_MERGE` and `FIRST_PARENT`.
 |============================================
 
 [[query-limit-info]]
diff --git a/Documentation/rest-api-changes.txt b/Documentation/rest-api-changes.txt
index 77feb18..9880d54 100644
--- a/Documentation/rest-api-changes.txt
+++ b/Documentation/rest-api-changes.txt
@@ -10,7 +10,7 @@
 [[create-change]]
 === Create Change
 --
-'POST /changes'
+'POST /changes/'
 --
 
 The change input link:#change-input[ChangeInput] entity must be provided in the
@@ -18,7 +18,7 @@
 
 .Request
 ----
-  POST /changes HTTP/1.0
+  POST /changes/ HTTP/1.0
   Content-Type: application/json; charset=UTF-8
 
   {
@@ -35,7 +35,7 @@
 
 .Response
 ----
-  HTTP/1.1 200 OK
+  HTTP/1.1 201 OK
   Content-Disposition: attachment
   Content-Type: application/json; charset=UTF-8
 
@@ -246,17 +246,17 @@
 
 [[current-files]]
 --
-* `CURRENT_FILES`: list files modified by the commit, including
-  basic line counts inserted/deleted per file. Only valid when
-  the `CURRENT_REVISION` or `ALL_REVISIONS` option is selected.
+* `CURRENT_FILES`: list files modified by the commit and magic files,
+  including basic line counts inserted/deleted per file. Only valid
+  when the `CURRENT_REVISION` or `ALL_REVISIONS` option is selected.
 --
 
 [[all-files]]
 --
-* `ALL_FILES`: list files modified by the commit, including
-  basic line counts inserted/deleted per file. If only the
-  `CURRENT_REVISION` was requested then only that commit's
-  modified files will be output.
+* `ALL_FILES`: list files modified by the commit and magic files,
+  including basic line counts inserted/deleted per file. If only the
+  `CURRENT_REVISION` was requested then only that commit's modified
+  files will be output.
 --
 
 [[detailed-accounts]]
@@ -294,13 +294,19 @@
 --
 * `REVIEWED`: include the `reviewed` field if all of the following are
   true:
-  * the change is open
-  * the caller is authenticated
-  * the caller has commented on the change more recently than the last update
+  - the change is open
+  - the caller is authenticated
+  - the caller has commented on the change more recently than the last update
     from the change owner, i.e. this change would show up in the results of
     link:user-search.html#reviewedby[reviewedby:self].
 --
 
+[[submittable]]
+--
+* `SUBMITTABLE`: include the `submittable` field in link:#change-info[ChangeInfo],
+  which can be used to tell if the change is reviewed and ready for submit.
+--
+
 [[web-links]]
 --
 * `WEB_LINKS`: include the `web_links` field in link:#commit-info[CommitInfo],
@@ -511,6 +517,64 @@
   }
 ----
 
+[[create-merge-patch-set-for-change]]
+=== Create Merge Patch Set For Change
+--
+'POST /changes/link:#change-id[\{change-id\}]/merge'
+--
+
+Update an existing change by using a
+link:#merge-patch-set-input[MergePatchSetInput] entity.
+
+Gerrit will create a merge commit based on the information of
+MergePatchSetInput and add a new patch set to the change corresponding
+to the new merge commit.
+
+.Request
+----
+  POST /changes/test~master~Ic5466d107c5294414710935a8ef3b0180fb848dc/merge  HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "subject": "Merge dev_branch into master",
+    "merge": {
+      "source": "refs/changes/34/1234/1"
+    }
+  }
+----
+
+As response a link:#change-info[ChangeInfo] entity with current revision is
+returned that describes the resulting change.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "id": "test~master~Ic5466d107c5294414710935a8ef3b0180fb848dc",
+    "project": "test",
+    "branch": "master",
+    "hashtags": [],
+    "change_id": "Ic5466d107c5294414710935a8ef3b0180fb848dc",
+    "subject": "Merge dev_branch into master",
+    "status": "NEW",
+    "created": "2016-09-23 18:08:53.238000000",
+    "updated": "2016-09-23 18:09:25.934000000",
+    "submit_type": "MERGE_IF_NECESSARY",
+    "mergeable": true,
+    "insertions": 5,
+    "deletions": 0,
+    "_number": 72,
+    "owner": {
+      "_account_id": 1000000
+    },
+    "current_revision": "27cc4558b5a3d3387dd11ee2df7a117e7e581822"
+  }
+----
+
 [[get-change-detail]]
 === Get Change Detail
 --
@@ -824,6 +888,156 @@
   HTTP/1.1 204 No Content
 ----
 
+[[get-assignee]]
+=== Get Assignee
+--
+'GET /changes/link:#change-id[\{change-id\}]/assignee'
+--
+
+Retrieves the account of the user assigned to a change.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/assignee HTTP/1.0
+----
+
+As a response an link:rest-api-accounts.html#account-info[AccountInfo] entity
+describing the assigned account is returned.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "_account_id": 1000096,
+    "name": "John Doe",
+    "email": "john.doe@example.com",
+    "username": "jdoe"
+  }
+----
+
+If the change has no assignee the response is "`204 No Content`".
+
+[[get-past-assignees]]
+=== Get Past Assignees
+--
+'GET /changes/link:#change-id[\{change-id\}]/past_assignees'
+--
+
+Returns a list of every user ever assigned to a change, in the order in which
+they were first assigned.
+
+[NOTE] Past assignees are only available when NoteDb is enabled.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/past_assignees HTTP/1.0
+----
+
+As a response a list of link:rest-api-accounts.html#account-info[AccountInfo]
+entities is returned.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    {
+      "_account_id": 1000051,
+      "name": "Jane Doe",
+      "email": "jane.doe@example.com",
+      "username": "janed"
+    },
+    {
+      "_account_id": 1000096,
+      "name": "John Doe",
+      "email": "john.doe@example.com",
+      "username": "jdoe"
+    }
+  ]
+
+----
+
+
+[[set-assignee]]
+=== Set Assignee
+--
+'PUT /changes/link:#change-id[\{change-id\}]/assignee'
+--
+
+Sets the assignee of a change.
+
+The new assignee must be provided in the request body inside a
+link:#assignee-input[AssigneeInput] entity.
+
+.Request
+----
+  PUT /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/assignee HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "assignee": "jdoe"
+  }
+----
+
+As a response an link:rest-api-accounts.html#account-info[AccountInfo] entity
+describing the assigned account is returned.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "_account_id": 1000096,
+    "name": "John Doe",
+    "email": "john.doe@example.com",
+    "username": "jdoe"
+  }
+----
+
+[[delete-assignee]]
+=== Delete Assignee
+--
+'DELETE /changes/link:#change-id[\{change-id\}]/assignee'
+--
+
+Deletes the assignee of a change.
+
+
+.Request
+----
+  DELETE /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/assignee HTTP/1.0
+----
+
+As a response an link:rest-api-accounts.html#account-info[AccountInfo] entity
+describing the account of the deleted assignee is returned.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "_account_id": 1000096,
+    "name": "John Doe",
+    "email": "john.doe@example.com",
+    "username": "jdoe"
+  }
+----
+
+If the change had no assignee the response is "`204 No Content`".
+
 [[abandon-change]]
 === Abandon Change
 --
@@ -1272,8 +1486,13 @@
 The listed changes use the same format as in
 link:#list-changes[Query Changes] with the
 link:#labels[`LABELS`], link:#detailed-labels[`DETAILED_LABELS`],
-link:#current-revision[`CURRENT_REVISION`], and
-link:#current-commit[`CURRENT_COMMIT`] options set.
+link:#current-revision[`CURRENT_REVISION`],
+link:#current-commit[`CURRENT_COMMIT`], and
+link:#submittable[`SUBMITTABLE`] options set.
+
+Standard link:#query-options[formatting options] can be specified
+with the `o` parameter, as well as the `submitted_together` specific
+option `NON_VISIBLE_CHANGES`.
 
 .Response
 ----
@@ -1553,13 +1772,21 @@
   HTTP/1.1 204 No Content
 ----
 
-[[delete-draft-change]]
-=== Delete Draft Change
+[[delete-change]]
+=== Delete Change
 --
 'DELETE /changes/link:#change-id[\{change-id\}]'
 --
 
-Deletes a draft change.
+Deletes a change.
+
+New or abandoned changes can be deleted by their owner if the user is granted
+the link:access-control.html#category_delete_own_changes[Delete Own Changes] permission,
+otherwise only by administrators.
+
+Draft changes can only be deleted by their owner or other users who have the
+permissions to view and delete drafts. If the draft workflow is disabled, only
+administrators with those permissions may delete draft changes.
 
 .Request
 ----
@@ -1675,6 +1902,62 @@
   }
 ----
 
+[[list-change-robot-comments]]
+=== List Change Robot Comments
+--
+'GET /changes/link:#change-id[\{change-id\}]/robotcomments'
+--
+
+Lists the robot comments of all revisions of the change.
+
+Return a map that maps the file path to a list of
+link:#robot-comment-info[RobotCommentInfo] entries. The entries in the
+map are sorted by file path.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/robotcomments/ HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java": [
+      {
+        "id": "TvcXrmjM",
+        "line": 23,
+        "message": "unused import",
+        "updated": "2016-02-26 15:40:43.986000000",
+        "author": {
+          "_account_id": 1000110,
+          "name": "Code Analyzer",
+          "email": "code.analyzer@example.com"
+        },
+        "robotId": "importChecker",
+        "robotRunId": "76b1375aa8626ea7149792831fe2ed85e80d9e04"
+      },
+      {
+        "id": "TveXwFiA",
+        "line": 49,
+        "message": "wrong indention",
+        "updated": "2016-02-26 15:40:45.328000000",
+        "author": {
+          "_account_id": 1000110,
+          "name": "Code Analyzer",
+          "email": "code.analyzer@example.com"
+        },
+        "robotId": "styleChecker",
+        "robotRunId": "5c606c425dd45184484f9d0a2ffd725a7607839b"
+      }
+    ]
+  }
+----
+
 [[list-change-drafts]]
 === List Change Drafts
 --
@@ -1829,6 +2112,79 @@
   }
 ----
 
+[[get-hashtags]]
+=== Get Hashtags
+--
+'GET /changes/link:#change-id[\{change-id\}]/hashtags'
+--
+
+Gets the hashtags associated with a change.
+
+[NOTE] Hashtags are only available when NoteDb is enabled.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/hashtags HTTP/1.0
+----
+
+As response the change's hashtags are returned as a list of strings.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    "hashtag1",
+    "hashtag2"
+  ]
+----
+
+[[set-hashtags]]
+=== Set Hashtags
+--
+'POST /changes/link:#change-id[\{change-id\}]/hashtags'
+--
+
+Adds and/or removes hashtags from a change.
+
+[NOTE] Hashtags are only available when NoteDb is enabled.
+
+The hashtags to add or remove must be provided in the request body inside a
+link:#hashtags-input[HashtagsInput] entity.
+
+.Request
+----
+  POST /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/hashtags HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "add" : [
+      "hashtag3"
+    ],
+    "remove" : [
+      "hashtag2"
+    ]
+  }
+----
+
+As response the change's hashtags are returned as a list of strings.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    "hashtag1",
+    "hashtag3"
+  ]
+----
+
 [[edit-endpoints]]
 == Change Edit Endpoints
 
@@ -2135,9 +2491,17 @@
 
 Promotes change edit to a regular patch set.
 
+Options can be provided in the request body as a
+link:#publish-change-edit-input[PublishChangeEditInput] entity.
+
 .Request
 ----
   POST /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/edit:publish HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "notify": "NONE"
+  }
 ----
 
 As response "`204 No Content`" is returned.
@@ -2408,14 +2772,33 @@
 [[delete-reviewer]]
 === Delete Reviewer
 --
-'DELETE /changes/link:#change-id[\{change-id\}]/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]'
+'DELETE /changes/link:#change-id[\{change-id\}]/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]' +
+'POST /changes/link:#change-id[\{change-id\}]/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]/delete'
 --
 
 Deletes a reviewer from a change.
 
+Options can be provided in the request body as a
+link:#delete-reviewer-input[DeleteReviewerInput] entity.
+
 .Request
 ----
   DELETE /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/reviewers/John%20Doe HTTP/1.0
+  POST /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/reviewers/John%20Doe/delete HTTP/1.0
+----
+
+Please note that some proxies prohibit request bodies for DELETE
+requests. In this case, if you want to specify options, use a POST
+request:
+
+.Request
+----
+  POST /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/reviewers/John%20Doe/delete HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "notify": "NONE"
+  }
 ----
 
 .Response
@@ -2456,7 +2839,7 @@
 [[delete-vote]]
 === Delete Vote
 --
-'DELETE /changes/link:#change-id[\{change-id\}]/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]/votes/link:#label-id[\{label-id\}]'
+'DELETE /changes/link:#change-id[\{change-id\}]/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]/votes/link:#label-id[\{label-id\}]' +
 'POST /changes/link:#change-id[\{change-id\}]/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]/votes/link:#label-id[\{label-id\}]/delete'
 --
 
@@ -2545,6 +2928,118 @@
 Adding query parameter `links` (for example `/changes/.../commit?links`)
 returns a link:#commit-info[CommitInfo] with the additional field `web_links`.
 
+[[get-description]]
+=== Get Description
+--
+'GET /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/description'
+--
+
+Retrieves the description of a patch set.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/description HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  "Added Documentation"
+----
+
+If the patch set does not have a description an empty string is returned.
+
+[[set-description]]
+=== Set Description
+--
+'PUT /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/description'
+--
+
+Sets the description of a patch set.
+
+The new description must be provided in the request body inside a
+link:#description-input[DescriptionInput] entity.
+
+.Request
+----
+  PUT /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/description HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "description": "Added Documentation"
+  }
+----
+
+As response the new description is returned.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  "Added Documentation"
+----
+
+[[get-merge-list]]
+=== Get Merge List
+--
+'GET /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/mergelist'
+--
+
+Returns the list of commits that are being integrated into a target
+branch by a merge commit. By default the first parent is assumed to be
+uninteresting. By using the `parent` option another parent can be set
+as uninteresting (parents are 1-based).
+
+The list of commits is returned as a list of
+link:#commit-info[CommitInfo] entities. Web links are only included if
+the `links` option was set.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/7e30d802b890ec8d0be45b1cc2a8ef092bcfc858/mergelist HTTP/1.0
+----
+
+.Response
+----
+HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    {
+      "commit": "674ac754f91e64a0efb8087e59a176484bd534d1",
+      "parents": [
+        {
+          "commit": "1eee2c9d8f352483781e772f35dc586a69ff5646",
+          "subject": "Migrate contributor agreements to All-Projects."
+        }
+      ],
+      "author": {
+        "name": "Shawn O. Pearce",
+        "email": "sop@google.com",
+        "date": "2012-04-24 18:08:08.000000000",
+        "tz": -420
+      },
+      "committer": {
+        "name": "Shawn O. Pearce",
+        "email": "sop@google.com",
+        "date": "2012-04-24 18:08:08.000000000",
+        "tz": -420
+      },
+      "subject": "Use an EventBus to manage star icons",
+      "message": "Use an EventBus to manage star icons\n\nImage widgets that need to ..."
+    }
+  ]
+----
+
 [[get-revision-actions]]
 === Get Revision Actions
 --
@@ -3176,6 +3671,63 @@
 will suggest the browser save the patch as `commitsha1.diff.base64`,
 for later processing by command line tools.
 
+If the `path` parameter is set, the returned content is a diff of the single
+file that the path refers to.
+
+[[submit-preview]]
+=== Submit Preview
+--
+'GET /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/preview_submit'
+--
+Gets a file containing thin bundles of all modified projects if this
+change was submitted. The bundles are named `${ProjectName}.git`.
+Each thin bundle contains enough to construct the state in which a project would
+be in if this change were submitted. The base of the thin bundles are the
+current target branches, so to make use of this call in a non-racy way, first
+get the bundles and then fetch all projects contained in the bundle.
+(This assumes no non-fastforward pushes).
+
+You need to give a parameter '?format=zip' or '?format=tar' to specify the
+format for the outer container. It is always possible to use tgz, even if
+tgz is not in the list of allowed archive formats.
+
+To make good use of this call, you would roughly need code as found at:
+----
+ $ curl -Lo preview_submit_test.sh http://review.example.com:8080/tools/scripts/preview_submit_test.sh
+----
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/current/preview_submit?zip HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Date: Tue, 13 Sep 2016 19:13:46 GMT
+  Content-Disposition: attachment; filename="submit-preview-147.zip"
+  X-Content-Type-Options: nosniff
+  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
+  Pragma: no-cache
+  Expires: Mon, 01 Jan 1990 00:00:00 GMT
+  Content-Type: application/x-zip
+  Transfer-Encoding: chunked
+
+  [binary stuff]
+----
+
+In case of an error, the response is not a zip file but a regular json response,
+containing only the error message:
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  "Anonymous users cannot submit"
+----
+
 [[get-mergeable]]
 === Get Mergeable
 --
@@ -3207,7 +3759,9 @@
 ----
 
 If the `other-branches` parameter is specified, the mergeability will also be
-checked for all other branches.
+checked for all other branches which are listed in the
+link:config-project-config.html#branchOrder-section[branchOrder] section in the
+project.config file.
 
 .Request
 ----
@@ -3611,6 +4165,102 @@
   }
 ----
 
+[[list-robot-comments]]
+=== List Robot Comments
+--
+'GET /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/robotcomments/'
+--
+
+Lists the link:config-robot-comments.html[robot comments] of a
+revision.
+
+As result a map is returned that maps the file path to a list of
+link:#robot-comment-info[RobotCommentInfo] entries. The entries in the
+map are sorted by file path.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/robotcomments/ HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java": [
+      {
+        "id": "TvcXrmjM",
+        "line": 23,
+        "message": "unused import",
+        "updated": "2016-02-26 15:40:43.986000000",
+        "author": {
+          "_account_id": 1000110,
+          "name": "Code Analyzer",
+          "email": "code.analyzer@example.com"
+        },
+        "robotId": "importChecker",
+        "robotRunId": "76b1375aa8626ea7149792831fe2ed85e80d9e04"
+      },
+      {
+        "id": "TveXwFiA",
+        "line": 49,
+        "message": "wrong indention",
+        "updated": "2016-02-26 15:40:45.328000000",
+        "author": {
+          "_account_id": 1000110,
+          "name": "Code Analyzer",
+          "email": "code.analyzer@example.com"
+        },
+        "robotId": "styleChecker",
+        "robotRunId": "5c606c425dd45184484f9d0a2ffd725a7607839b"
+      }
+    ]
+  }
+----
+
+[[get-robot-comment]]
+=== Get Robot Comment
+--
+'GET /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/robotcomments/link:#comment-id[\{comment-id\}]'
+--
+
+Retrieves a link:config-robot-comments.html[robot comment] of a
+revision.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/robotcomments/TvcXrmjM HTTP/1.0
+----
+
+As response a link:#robot-comment-info[RobotCommentInfo] entity is
+returned that describes the robot comment.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "id": "TvcXrmjM",
+    "line": 23,
+    "message": "unused import",
+    "updated": "2016-02-26 15:40:43.986000000",
+    "author": {
+      "_account_id": 1000110,
+      "name": "Code Analyzer",
+      "email": "code.analyzer@example.com"
+    },
+    "robotId": "importChecker",
+    "robotRunId": "76b1375aa8626ea7149792831fe2ed85e80d9e04"
+  }
+----
+
 [[list-files]]
 === List Files
 --
@@ -3624,8 +4274,8 @@
   GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/files/ HTTP/1.0
 ----
 
-As result a map is returned that maps the file path to a list of
-link:#file-info[FileInfo] entries. The entries in the map are
+As result a map is returned that maps the link:#file-id[file path] to a
+link:#file-info[FileInfo] entry. The entries in the map are
 sorted by file path.
 
 .Response
@@ -4107,6 +4757,131 @@
   }
 ----
 
+[[revision-reviewer-endpoints]]
+== Revision Reviewer Endpoints
+
+[[list-revision-reviewers]]
+=== List Revision Reviewers
+--
+'GET /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/reviewers/'
+--
+
+Lists the reviewers of a revision.
+
+Please note that only the current revision is supported.
+
+As result a list of link:#reviewer-info[ReviewerInfo] entries is returned.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/reviewers/ HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    {
+      "approvals": {
+        "Verified": "+1",
+        "Code-Review": "+2"
+      },
+      "_account_id": 1000096,
+      "name": "John Doe",
+      "email": "john.doe@example.com"
+    },
+    {
+      "approvals": {
+        "Verified": " 0",
+        "Code-Review": "-1"
+      },
+      "_account_id": 1000097,
+      "name": "Jane Roe",
+      "email": "jane.roe@example.com"
+    }
+  ]
+----
+
+[[list-revision-votes]]
+=== List Revision Votes
+--
+'GET /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]/votes/'
+--
+
+Lists the votes for a specific reviewer of the revision.
+
+Please note that only the current revision is supported.
+
+.Request
+----
+  GET /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/reviewers/John%20Doe/votes/ HTTP/1.0
+----
+
+As result a map is returned that maps the label name to the label value.
+The entries in the map are sorted by label name.
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json;charset=UTF-8
+
+  )]}'
+  {
+    "Code-Review": -1,
+    "Verified": 1,
+    "Work-In-Progress": 1
+  }
+----
+
+[[delete-revision-vote]]
+=== Delete Revision Vote
+--
+'DELETE /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]
+/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]/votes/link:#label-id[\{label-id\}]' +
+'POST /changes/link:#change-id[\{change-id\}]/revisions/link:#revision-id[\{revision-id\}]
+/reviewers/link:rest-api-accounts.html#account-id[\{account-id\}]/votes/link:#label-id[\{label-id\}]/delete'
+--
+
+Deletes a single vote from a revision. The deletion will be possible only
+if the revision is the current revision. By using this endpoint you can prevent
+deleting the vote (with same label) from a newer patch set by mistake.
+
+Note, that even when the last vote of a reviewer is removed the reviewer itself
+is still listed on the change.
+
+Options can be provided in the request body as a
+link:#delete-vote-input[DeleteVoteInput] entity.
+
+.Request
+----
+  DELETE /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/reviewers/John%20Doe/votes/Code-Review HTTP/1.0
+  POST /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/reviewers/John%20Doe/votes/Code-Review/delete HTTP/1.0
+----
+
+Please note that some proxies prohibit request bodies for DELETE
+requests. In this case, if you want to specify options, use a POST
+request:
+
+.Request
+----
+  POST /changes/myProject~master~I8473b95934b5732ac55d26311a706c9c2bde9940/revisions/674ac754f91e64a0efb8087e59a176484bd534d1/reviewers/John%20Doe/votes/Code-Review/delete HTTP/1.0
+  Content-Type: application/json; charset=UTF-8
+
+  {
+    "notify": "NONE"
+  }
+----
+
+.Response
+----
+  HTTP/1.1 204 No Content
+----
+
 [[ids]]
 == IDs
 
@@ -4141,10 +4916,25 @@
 The name of the label.
 
 [[file-id]]
-\{file-id\}
-~~~~~~~~~~~~
+=== \{file-id\}
 The path of the file.
 
+The following magic paths are supported:
+
+* `/COMMIT_MSG`:
++
+The commit message and headers with the parent commit(s), the author
+information and the committer information.
+
+* `/MERGE_LIST` (for merge commits only):
++
+The list of commits that are being integrated into the destination
+branch by submitting the merge commit.
+
+[[fix-id]]
+=== \{fix-id\}
+UUID of a suggested fix.
+
 [[revision-id]]
 === \{revision-id\}
 Identifier that uniquely identifies one revision of a change.
@@ -4166,17 +4956,20 @@
 The `AbandonInput` entity contains information for abandoning a change.
 
 [options="header",cols="1,^1,5"]
-|===========================
-|Field Name    ||Description
-|`message`     |optional|
+|=============================
+|Field Name      ||Description
+|`message`       |optional|
 Message to be added as review comment to the change when abandoning the
 change.
-|`notify`      |optional|
+|`notify`        |optional|
 Notify handling that defines to whom email notifications should be sent after
 the change is abandoned. +
 Allowed values are `NONE`, `OWNER`, `OWNER_REVIEWERS` and `ALL`. +
 If not set, the default is `ALL`.
-|===========================
+|`notify_details`|optional|
+Additional information about whom to notify about the update as a map
+of recipient type to link:#notify-info[NotifyInfo] entity.
+|=============================
 
 [[action-info]]
 === ActionInfo
@@ -4242,18 +5035,37 @@
 
 [options="header",cols="1,^1,5"]
 |===========================
-|Field Name    ||Description
-|`value`       |optional|
+|Field Name               ||Description
+|`value`                  |optional|
 The vote that the user has given for the label. If present and zero, the
 user is permitted to vote on the label. If absent, the user is not
 permitted to vote on that label.
-|`date`        |optional|
+|`permitted_voting_range` |optional|
+The link:#voting-range-info[VotingRangeInfo] the user is authorized to vote
+on that label. If present, the user is permitted to vote on the label
+regarding the range values. If absent, the user is not permitted to vote
+on that label.
+|`date`                   |optional|
 The time and date describing when the approval was made.
-|`tag`                 |optional|
+|`tag`                    |optional|
 Value of the `tag` field from link:#review-input[ReviewInput] set
 while posting the review.
 NOTE: To apply different tags on on different votes/comments multiple
 invocations of the REST call are required.
+|`post_submit` |not set if `false`|
+If true, this vote was made after the change was submitted.
+|===========================
+
+[[assignee-input]]
+=== AssigneeInput
+The `AssigneeInput` entity contains the identity of the user to be set as assignee.
+
+[options="header",cols="1,^1,5"]
+|===========================
+|Field Name    ||Description
+|`assignee`     ||
+The link:rest-api-accounts.html#account-id[ID] of one account that
+should be added as assignee.
 |===========================
 
 [[blame-info]]
@@ -4340,10 +5152,15 @@
 |`mergeable`          |optional|
 Whether the change is mergeable. +
 Not set for merged changes, or if the change has not yet been tested.
+|`submittable`        |optional|
+Whether the change has been approved by the project submit rules. +
+Only set if link:#submittable[requested].
 |`insertions`         ||
 Number of inserted lines.
 |`deletions`          ||
 Number of deleted lines.
+|`unresolved_comment_count`  |optional|
+Number of unresolved comments. Not set if the current change index doesn't have the data.
 |`_number`            ||The legacy numeric ID of the change.
 |`owner`              ||
 The owner of the change as an link:rest-api-accounts.html#account-info[
@@ -4413,7 +5230,8 @@
 The name of the target branch. +
 The `refs/heads/` prefix is omitted.
 |`subject`            ||
-The subject of the change (header line of the commit message).
+The commit message of the change. Comment lines (beginning with `#`) will
+be removed.
 |`topic`              |optional|The topic to which this change belongs.
 |`status`             |optional, default to `NEW`|
 The status of the change (only `NEW` and `DRAFT` accepted here).
@@ -4424,6 +5242,14 @@
 Allow creating a new branch when set to `true`.
 |`merge`              |optional|
 The detail of a merge commit as a link:#merge-input[MergeInput] entity.
+|`notify`             |optional|
+Notify handling that defines to whom email notifications should be sent
+after the change is created. +
+Allowed values are `NONE`, `OWNER`, `OWNER_REVIEWERS` and `ALL`. +
+If not set, the default is `ALL`.
+|`notify_details`     |optional|
+Additional information about whom to notify about the change creation
+as a map of recipient type to link:#notify-info[NotifyInfo] entity.
 |==================================
 
 [[change-message-info]]
@@ -4455,11 +5281,13 @@
 === CherryPickInput
 The `CherryPickInput` entity contains information for cherry-picking a change to a new branch.
 
-[options="header",cols="1,6"]
+[options="header",cols="1,^1,5"]
 |===========================
-|Field Name    |Description
-|`message`     |Commit message for the cherry-picked change
-|`destination` |Destination branch
+|Field Name         ||Description
+|`message`          ||Commit message for the cherry-picked change
+|`destination`      ||Destination branch
+|`parent`           |optional, defaults to 1|
+Number of the parent relative to which the cherry-pick should be considered.
 |===========================
 
 [[comment-info]]
@@ -4505,6 +5333,10 @@
 while posting the review.
 NOTE: To apply different tags on on different votes/comments multiple
 invocations of the REST call are required.
+|`unresolved`        |optional|
+Whether or not the comment must be addressed by the user. The state of
+resolution of a comment thread is stored in the last comment in that thread
+chronologically.
 |===========================
 
 [[comment-input]]
@@ -4547,6 +5379,10 @@
 Value of the `tag` field. Only allowed on link:#create-draft[draft comment] +
 inputs; for published comments, use the `tag` field in +
 link#review-input[ReviewInput]
+|`unresolved`        |optional|
+Whether or not the comment must be addressed by the user. This value will
+default to false if the comment is an orphan, or the value of the `in_reply_to`
+comment if it is supplied.
 |===========================
 
 [[comment-range]]
@@ -4556,10 +5392,10 @@
 [options="header",cols="1,^1,5"]
 |===========================
 |Field Name    ||Description
-|`start_line`        ||The start line number of the range.
-|`start_character`   ||The character position in the start line.
-|`end_line`          ||The end line number of the range.
-|`end_character`     ||The character position in the end line.
+|`start_line`        ||The start line number of the range. (1-based, inclusive)
+|`start_character`   ||The character position in the start line. (0-based, inclusive)
+|`end_line`          ||The end line number of the range. (1-based, exclusive)
+|`end_character`     ||The character position in the end line. (0-based, exclusive)
 |===========================
 
 [[commit-info]]
@@ -4589,23 +5425,54 @@
 link:#web-link-info[WebLinkInfo] entities.
 |===========================
 
+[[delete-reviewer-input]]
+=== DeleteReviewerInput
+The `DeleteReviewerInput` entity contains options for the deletion of a
+reviewer.
+
+[options="header",cols="1,^1,5"]
+|=============================
+|Field Name      ||Description
+|`notify`        |optional|
+Notify handling that defines to whom email notifications should be sent
+after the reviewer is deleted. +
+Allowed values are `NONE`, `OWNER`, `OWNER_REVIEWERS` and `ALL`. +
+If not set, the default is `ALL`.
+|`notify_details`|optional|
+Additional information about whom to notify about the update as a map
+of recipient type to link:#notify-info[NotifyInfo] entity.
+|=============================
+
 [[delete-vote-input]]
 === DeleteVoteInput
 The `DeleteVoteInput` entity contains options for the deletion of a
 vote.
 
 [options="header",cols="1,^1,5"]
-|=======================
-|Field Name||Description
-|`label`   |optional|
+|=============================
+|Field Name      ||Description
+|`label`         |optional|
 The label for which the vote should be deleted. +
 If set, must match the label in the URL.
-|`notify`  |optional|
+|`notify`        |optional|
 Notify handling that defines to whom email notifications should be sent
 after the vote is deleted. +
 Allowed values are `NONE`, `OWNER`, `OWNER_REVIEWERS` and `ALL`. +
 If not set, the default is `ALL`.
-|=======================
+|`notify_details`|optional|
+Additional information about whom to notify about the update as a map
+of recipient type to link:#notify-info[NotifyInfo] entity.
+|=============================
+
+[[description-input]]
+=== DescriptionInput
+The `DescriptionInput` entity contains information for setting a description.
+
+[options="header",cols="1,6"]
+|===========================
+|Field Name     |Description
+|`description`  |The description text.
+|===========================
 
 [[diff-content]]
 === DiffContent
@@ -4798,6 +5665,37 @@
 a new patch set referring to this commit.
 |==========================
 
+[[fix-suggestion-info]]
+=== FixSuggestionInfo
+The `FixSuggestionInfo` entity represents a suggested fix.
+
+[options="header",cols="1,^1,5"]
+|==========================
+|Field Name         ||Description
+|`fix_id`           |generated, don't set|The <<fix-id,UUID>> of the suggested
+fix. It will be generated automatically and hence will be ignored if it's set
+for input objects.
+|`description`      ||A description of the suggested fix.
+|`replacements`     ||A list of <<fix-replacement-info,FixReplacementInfo>>
+entities indicating how the content of the file on which the comment was placed
+should be modified. They should refer to non-overlapping regions.
+|==========================
+
+[[fix-replacement-info]]
+=== FixReplacementInfo
+The `FixReplacementInfo` entity describes how the content of a file should be
+replaced by another content.
+
+[options="header",cols="1,6"]
+|==========================
+|Field Name      |Description
+|`path`          |The path of the file which should be modified. Modifications
+are only allowed for the file on which the corresponding comment was placed.
+|`range`         |A <<comment-range,CommentRange>> indicating which content
+of the file should be replaced.
+|`replacement`   |The content which should be used instead of the current one.
+|==========================
+
 [[git-person-info]]
 === GitPersonInfo
 The `GitPersonInfo` entity contains information about the
@@ -4821,10 +5719,23 @@
 [options="header",cols="1,6"]
 |==========================
 |Field Name    |Description
-|`id`          |The id of the group.
+|`id`          |The UUID of the group.
 |`name`        |The name of the group.
 |==========================
 
+[[hashtags-input]]
+=== HashtagsInput
+
+The `HashtagsInput` entity contains information about hashtags to add to,
+and/or remove from, a change.
+
+[options="header",cols="1,^1,5"]
+|=======================
+|Field Name||Description
+|`add`     |optional|The list of hashtags to be added to the change.
+|`remove   |optional|The list of hashtags to be removed from the change.
+|=======================
+
 [[included-in-info]]
 === IncludedInInfo
 The `IncludedInInfo` entity contains information about the branches a
@@ -4910,7 +5821,7 @@
 |Field Name      ||Description
 |`submit_type`   ||
 Submit type used for this change, can be `MERGE_IF_NECESSARY`,
-`FAST_FORWARD_ONLY`, `REBASE_IF_NECESSARY`, `MERGE_ALWAYS` or
+`FAST_FORWARD_ONLY`, `REBASE_IF_NECESSARY`, `REBASE_ALWAYS`, `MERGE_ALWAYS` or
 `CHERRY_PICK`.
 |`strategy`     |optional|
 The strategy of the merge, can be `recursive`, `resolve`,
@@ -4936,13 +5847,32 @@
 |Field Name      ||Description
 |`source`   ||
 The source to merge from, e.g. a complete or abbreviated commit SHA-1,
-a complete reference name, a short reference name under refs/heads, refs/tags,
-or refs/remotes namespace, etc.
+a complete reference name, a short reference name under `refs/heads`, `refs/tags`,
+or `refs/remotes` namespace, etc.
 |`strategy`     |optional|
 The strategy of the merge, can be `recursive`, `resolve`,
 `simple-two-way-in-core`, `ours` or `theirs`, default will use project settings.
 |============================
 
+[[merge-patch-set-input]]
+=== MergePatchSetInput
+The `MergePatchSetInput` entity contains information about updating a new
+change by creating a new merge commit.
+
+[options="header",cols="1,^1,5"]
+|==================================
+|Field Name           ||Description
+|`subject`            |optional|
+The new subject for the change, if not specified, will reuse the current patch
+set's subject
+|`inheritParent`      |optional, default to `false`|
+Use the current patch set's first parent as the merge tip when set to `true`.
+Otherwise, use the current branch tip of the destination branch.
+|`merge`              ||
+The detail of the source commit for merge as a link:#merge-input[MergeInput]
+entity.
+|==================================
+
 [[move-input]]
 === MoveInput
 The `MoveInput` entity contains information for moving a change to a new branch.
@@ -4955,6 +5885,23 @@
 A message to be posted in this change's comments
 |===========================
 
+[[notify-info]]
+=== NotifyInfo
+The `NotifyInfo` entity contains detailed information about who should
+be notified about an update. These notifications are sent out even if a
+`notify` option in the request input disables normal notifications.
+`NotifyInfo` entities are normally contained in a `notify_details` map
+in the request input where the key is the recipient type. The recipient
+type can be `TO`, `CC` and `BCC`.
+
+[options="header",cols="1,^1,5"]
+|=======================
+|Field Name||Description
+|`accounts`|optional|
+A list of link:rest-api-accounts.html#account-id[account IDs] that
+identify the accounts that should be should be notified.
+|=======================
+
 [[problem-info]]
 === ProblemInfo
 The `ProblemInfo` entity contains a description of a potential consistency problem
@@ -4974,6 +5921,24 @@
 outcome of the fix.
 |===========================
 
+[[publish-change-edit-input]]
+=== PublishChangeEditInput
+The `PublishChangeEditInput` entity contains options for the publishing of
+change edit.
+
+[options="header",cols="1,^1,5"]
+|=============================
+|Field Name      ||Description
+|`notify`        |optional|
+Notify handling that defines to whom email notifications should be sent
+after the change edit is published. +
+Allowed values are `NONE` and `ALL`. +
+If not set, the default is `ALL`.
+|`notify_details`|optional|
+Additional information about whom to notify about the update as a map
+of recipient type to link:#notify-info[NotifyInfo] entity.
+|=============================
+
 [[push-certificate-info]]
 === PushCertificateInfo
 The `PushCertificateInfo` entity contains information about a push
@@ -5127,6 +6092,9 @@
 |`comments`               |optional|
 The comments that should be added as a map that maps a file path to a
 list of link:#comment-input[CommentInput] entities.
+|`robot_comments`         |optional|
+The robot comments that should be added as a map that maps a file path
+to a list of link:#robot-comment-input[RobotCommentInput] entities.
 |`strict_labels`          |`true` if not set|
 Whether all labels are required to be within the user's permitted ranges
 based on access controls. +
@@ -5141,12 +6109,17 @@
 Allowed values are `DELETE`, `PUBLISH`, `PUBLISH_ALL_REVISIONS` and
 `KEEP`. All values except `PUBLISH_ALL_REVISIONS` operate only on drafts
 for a single revision. +
-If not set, the default is `DELETE`.
+Only `KEEP` is allowed when used in conjunction with `on_behalf_of`. +
+If not set, the default is `DELETE`, unless `on_behalf_of` is set, in
+which case the default is `KEEP` and any other value is disallowed.
 |`notify`                 |optional|
 Notify handling that defines to whom email notifications should be sent
 after the review is stored. +
 Allowed values are `NONE`, `OWNER`, `OWNER_REVIEWERS` and `ALL`. +
 If not set, the default is `ALL`.
+|`notify_details`         |optional|
+Additional information about whom to notify about the update as a map
+of recipient type to link:#notify-info[NotifyInfo] entity.
 |`omit_duplicate_comments`|optional|
 If `true`, comments with the same content at the same place will be omitted.
 |`on_behalf_of`           |optional|
@@ -5179,28 +6152,31 @@
 to a change.
 
 [options="header",cols="1,^1,5"]
-|===========================
-|Field Name    ||Description
-|`reviewer`    ||
+|=============================
+|Field Name      ||Description
+|`reviewer`      ||
 The link:rest-api-accounts.html#account-id[ID] of one account that
 should be added as reviewer or the link:rest-api-groups.html#group-id[
 ID] of one group for which all members should be added as reviewers. +
 If an ID identifies both an account and a group, only the account is
 added as reviewer to the change.
-|`state`       |optional|
+|`state`         |optional|
 Add reviewer in this state. Possible reviewer states are `REVIEWER`
 and `CC`. If not given, defaults to `REVIEWER`.
-|`confirmed`   |optional|
+|`confirmed`     |optional|
 Whether adding the reviewer is confirmed. +
 The Gerrit server may be configured to
 link:config-gerrit.html#addreviewer.maxWithoutConfirmation[require a
 confirmation] when adding a group as reviewer that has many members.
-|`notify`  |optional|
+|`notify`        |optional|
 Notify handling that defines to whom email notifications should be sent
 after the reviewer is added. +
 Allowed values are `NONE`, `OWNER`, `OWNER_REVIEWERS` and `ALL`. +
 If not set, the default is `ALL`.
-|===========================
+|`notify_details`|optional|
+Additional information about whom to notify about the update as a map
+of recipient type to link:#notify-info[NotifyInfo] entity.
+|=============================
 
 [[revision-info]]
 === RevisionInfo
@@ -5258,6 +6234,34 @@
 certificate was provided, it is set to an empty object.
 |===========================
 
+[[robot-comment-info]]
+=== RobotCommentInfo
+The `RobotCommentInfo` entity contains information about a robot inline
+comment.
+
+`RobotCommentInfo` has the same fields as <<comment-info,CommentInfo>>.
+In addition `RobotCommentInfo` has the following fields:
+
+[options="header",cols="1,^1,5"]
+|===========================
+|Field Name       ||Description
+|`robot_id`       ||The ID of the robot that generated this comment.
+|`robot_run_id`   ||An ID of the run of the robot.
+|`url`            |optional|URL to more information.
+|`properties`     |optional|Robot specific properties as map that maps arbitrary
+keys to values.
+|`fix_suggestions`|optional|Suggested fixes for this robot comment as a list of
+<<fix-suggestion-info,FixSuggestionInfo>> entities.
+|===========================
+
+[[robot-comment-input]]
+=== RobotCommentInput
+The `RobotCommentInput` entity contains information for creating an inline
+robot comment.
+
+`RobotCommentInput` has the same fields as
+<<robot-comment-info,RobotCommentInfo>>.
+
 [[rule-input]]
 === RuleInput
 The `RuleInput` entity contains information to test a Prolog rule.
@@ -5301,24 +6305,29 @@
 The `SubmitInput` entity contains information for submitting a change.
 
 [options="header",cols="1,^1,5"]
-|===========================
+|=============================
 |Field Name      ||Description
-|`on_behalf_of`|optional|
+|`on_behalf_of`  |optional|
 If set, submit the change on behalf of the given user. The value may take any
 format link:rest-api-accounts.html#account-id[accepted by the accounts REST
 API]. Using this option requires
 link:access-control.html#category_submit_on_behalf_of[Submit (On Behalf Of)]
 permission on the branch.
-|`notify`|optional|
+|`notify`        |optional|
 Notify handling that defines to whom email notifications should be sent after
 the change is submitted. +
 Allowed values are `NONE`, `OWNER`, `OWNER_REVIEWERS` and `ALL`. +
 If not set, the default is `ALL`.
-|===========================
+|`notify_details`|optional|
+Additional information about whom to notify about the update as a map
+of recipient type to link:#notify-info[NotifyInfo] entity.
+|=============================
 
 [[submit-record]]
 === SubmitRecord
 The `SubmitRecord` entity describes results from a submit_rule.
+Fields in this entity roughly correspond to the fields set by `LABELS`
+in link:#label-info[LabelInfo].
 
 [options="header",cols="1,^1,5"]
 |===========================
@@ -5408,6 +6417,18 @@
 The topic will be deleted if not set.
 |===========================
 
+[[voting-range-info]]
+=== VotingRangeInfo
+The `VotingRangeInfo` entity describes the continuous voting range from min
+to max values.
+
+[options="header",cols="1,6"]
+|======================
+|Field Name|Description
+|`min`     |The minimum voting value.
+|`max`     |The maximum voting value.
+|======================
+
 [[web-link-info]]
 === WebLinkInfo
 The `WebLinkInfo` entity describes a link to an external site.
diff --git a/Documentation/rest-api-config.txt b/Documentation/rest-api-config.txt
index 7b96a1c..a311f0b9 100644
--- a/Documentation/rest-api-config.txt
+++ b/Documentation/rest-api-config.txt
@@ -54,6 +54,14 @@
   {
     "auth": {
       "auth_type": "LDAP",
+      "use_contributor_agreements": true,
+      "contributor_agreements": [
+        {
+          "name": "Individual",
+          "description": "If you are going to be contributing code on your own, this is the one you want. You can sign this one online.",
+          "url": "static/cla_individual.html"
+        }
+      ],
       "editable_account_fields": [
         "FULL_NAME",
         "REGISTER_NEW_EMAIL"
@@ -115,7 +123,10 @@
     "gerrit": {
       "all_projects": "All-Projects",
       "all_users": "All-Users"
-      "doc_search": true
+      "doc_search": true,
+      "web_uis": [
+        "gwt"
+      ]
     },
     "sshd": {},
     "suggest": {
@@ -396,7 +407,7 @@
 +
 Returns the cache names as JSON list.
 +
-The cache names are alphabetically sorted.
+The cache names are lexicographically sorted.
 +
 .Request
 ----
@@ -459,9 +470,9 @@
 E.g. this could be used to flush all caches:
 +
 ----
-  for c in $(curl --digest --user jdoe:TNAuLkXsIV7w http://gerrit/a/config/server/caches/?format=TEXT_LIST | base64 -D)
+  for c in $(curl --user jdoe:TNAuLkXsIV7w http://gerrit/a/config/server/caches/?format=TEXT_LIST | base64 -D)
   do
-    curl --digest --user jdoe:TNAuLkXsIV7w -X POST http://gerrit/a/config/server/caches/$c/flush
+    curl --user jdoe:TNAuLkXsIV7w -X POST http://gerrit/a/config/server/caches/$c/flush
   done
 ----
 
@@ -1226,6 +1237,9 @@
 |`use_contributor_agreements` |not set if `false`|
 Whether link:config-gerrit.html#auth.contributorAgreements[contributor
 agreements] are required.
+|`contributor_agreements`     |not set if `use_contributor_agreements` is `false`|
+List of contributor agreements as link:rest-api-accounts.html#contributor-agreement-info[
+ContributorAgreementInfo] entities.
 |`editable_account_fields`    ||
 List of account fields that are editable. Possible values are
 `FULL_NAME`, `USER_NAME` and `REGISTER_NEW_EMAIL`.
@@ -1256,16 +1270,10 @@
 The link:config-gerrit.html#auth.httpPasswordUrl[URL to obtain an HTTP
 password]. Only set if link:config-gerrit.html#auth.type[authentication
 type] is `CUSTOM_EXTENSION`.
-|`is_git_basic_auth`          |optional, not set if `false`|
-Whether link:config-gerrit.html#auth.gitBasicAuth[basic authentication
-is used for Git over HTTP/HTTPS]. Only set if
-link:config-gerrit.html#auth.type[authentication type] is is `LDAP` or
-`LDAP_BIND`.
 |`git_basic_auth_policy`      |optional|
 The link:config-gerrit.html#auth.gitBasicAuthPolicy[policy] to authenticate
 Git over HTTP and REST API requests when
-link:config-gerrit.html#auth.type[authentication type] is `LDAP` and
-link:config-gerrit.html#auth.gitBasicAuth[basic authentication] is set to true.
+link:config-gerrit.html#auth.type[authentication type] is `LDAP`.
 Can be `HTTP`, `LDAP` or `HTTP_LDAP`.
 |==========================================
 
@@ -1464,6 +1472,9 @@
 |`report_bug_text`   |optional, not set if default|
 link:config-gerrit.html#gerrit.reportBugText[Display text for report
 bugs link].
+|`web_uis`           ||
+List of web UIs supported by the HTTP server. Possible values are `GWT`
+and `POLYGERRIT`.
 |=================================
 
 [[hit-ration-info]]
@@ -1579,7 +1590,7 @@
 GerritInfo] entity.
 |`note_db_enabled`         |not set if `false`|
 Whether the NoteDb storage backend is fully enabled.
-|`plugin `                 ||
+|`plugin`                  ||
 Information about Gerrit extensions by plugins as
 link:#plugin-config-info[PluginConfigInfo] entity.
 |`receive`                 |optional|
@@ -1704,13 +1715,13 @@
 |`counts`       |
 Detailed thread counts as a map that maps a thread kind to a map that
 maps a thread state to the thread count. The thread kinds group the
-counts by threads that have the same name prefix (`HTTP`,
+counts by threads that have the same name prefix (`H2`, `HTTP`,
 `IntraLineDiff`, `ReceiveCommits`, `SSH git-receive-pack`,
 `SSH git-upload-pack`, `SSH-Interactive-Worker`, `SSH-Stream-Worker`,
-`SshCommandStart`). The counts for other threads are available under
-the thread kind `Other`. Counts for the following thread states can be
-included: `NEW`, `RUNNABLE`, `BLOCKED`, `WAITING`, `TIMED_WAITING` and
-`TERMINATED`.
+`SshCommandStart`, `sshd-SshServer`). The counts for other threads are
+available under the thread kind `Other`. Counts for the following thread
+states can be included: `NEW`, `RUNNABLE`, `BLOCKED`, `WAITING`,
+`TIMED_WAITING` and `TERMINATED`.
 |===========================
 
 [[top-menu-entry-info]]
diff --git a/Documentation/rest-api-documentation.txt b/Documentation/rest-api-documentation.txt
index 4c9db2b..0a7ff16 100644
--- a/Documentation/rest-api-documentation.txt
+++ b/Documentation/rest-api-documentation.txt
@@ -6,9 +6,9 @@
 
 Please note that this feature is only usable with documentation built-in.
 You'll need to
-`buck build withdocs`
+`bazel build withdocs`
 or
-`buck build release`
+`bazel build release`
 to test this feature.
 
 [[documentation-endpoints]]
diff --git a/Documentation/rest-api-groups.txt b/Documentation/rest-api-groups.txt
index 23d4c5b..61b746d 100644
--- a/Documentation/rest-api-groups.txt
+++ b/Documentation/rest-api-groups.txt
@@ -120,8 +120,13 @@
 
 ==== Check if a group is owned by the calling user
 By setting the option `owned` and specifying a group to inspect with
-the option `q`, it is possible to find out, if this group is owned by
-the calling user.
+the option `group`/`g`, it is possible to find out if this group is
+owned by the calling user.
+
+[NOTE] Earlier the `group`/`g` option was named `query`/`q`. Using
+`query`/`q` still works, but this option is deprecated and may be
+removed in future. Hence all users should be adapted to use
+`group`/`g` instead.
 
 .Request
 ----
@@ -181,8 +186,8 @@
 When using this option, the `project` or `p` option can be used to
 name the current project, to allow context-dependent suggestions.
 
-Not compatible with `visible-to-all`, `owned`, `user`, `match`, `q`,
-or `S`.
+Not compatible with `visible-to-all`, `owned`, `user`, `match`,
+`group`, or `S`.
 (Attempts to use one of those options combined with `suggest` will
 error out.)
 
@@ -211,6 +216,120 @@
   }
 ----
 
+Substring(m)::
+Limit the results to those groups that match the specified substring.
++
+The match is case insensitive.
++
+List all groups that match substring `test/`:
++
+.Request
+----
+  GET /groups/?m=test%2F HTTP/1.0
+----
++
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "test/test": {
+      "url": "#/admin/groups/uuid-786a95e85f9a2223a96545f10003f396aba871f2",
+      "options": {},
+      "group_id": 15,
+      "owner": "test/test",
+      "owner_id": "786a95e85f9a2223a96545f10003f396aba871f2",
+      "created_on": "2017-07-11 13:56:24.000000000",
+      "id": "786a95e85f9a2223a96545f10003f396aba871f2"
+    }
+  }
+----
+
+[[query-groups]]
+=== Query Groups
+--
+'GET /groups/?query2=<query>'
+--
+
+Queries internal groups visible to the caller. The
+link:user-search-groups.html#_search_operators[query string] must be
+provided by the `query2` parameter. The `start` and `limit` parameters
+can be used to skip/limit results.
+
+As result a list of link:#group-info[GroupInfo] entities is returned.
+
+[NOTE] `query2` is a temporary name and in future this option may be
+renamed to `query`. `query2` was chosen to maintain backwards
+compatibility with the deprecated `query` parameter on the
+link:#list-groups[List Groups] endpoint.
+
+.Request
+----
+  GET /groups/?query2=inname:test HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    {
+      "url": "#/admin/groups/uuid-68236a40ca78de8be630312d8ba50250bc5638ae",
+      "options": {},
+      "description": "Group for running tests on MyProject",
+      "group_id": 20,
+      "owner": "MyProject-Test-Group",
+      "owner_id": "59b92f35489e62c80d1ab1bf0c2d17843038df8b",
+      "id": "68236a40ca78de8be630312d8ba50250bc5638ae"
+    },
+    {
+      "url": "#/admin/groups/uuid-99a534526313324a2667025c3f4e089199b736aa",
+      "options": {},
+      "description": "Testers for ProjectX",
+      "group_id": 17,
+      "owner": "ProjectX-Testers",
+      "owner_id": "59b92f35489e62c80d1ab1bf0c2d17843038df8b",
+      "id": "99a534526313324a2667025c3f4e089199b736aa"
+    }
+  ]
+----
+
+If the number of groups matching the query exceeds either the internal
+limit or a supplied `limit` query parameter, the last group object has
+a `_more_groups: true` JSON field set.
+
+[[group-query-limit]]
+==== Group Limit
+The `/groups/?query2=<query>` URL also accepts a limit integer in the
+`limit` parameter. This limits the results to `limit` groups.
+
+Query the first 25 groups in group list.
+----
+  GET /groups/?query2=<query>&limit=25 HTTP/1.0
+----
+
+The `/groups/` URL also accepts a start integer in the `start`
+parameter. The results will skip `start` groups from group list.
+
+Query 25 groups starting from index 50.
+----
+  GET /groups/?query2=<query>&limit=25&start=50 HTTP/1.0
+----
+
+[[group-query-options]]
+==== Group Options
+Additional fields can be obtained by adding `o` parameters. Each option
+requires more lookups and slows down the query response time to the
+client so they are generally disabled by default. The supported fields
+are described in the context of the link:#group-options[List Groups]
+REST endpoint.
+
 [[get-group]]
 === Get Group
 --
@@ -600,7 +719,7 @@
 
 .Request
 ----
-  PUT /groups/9999c971bb4ab872aab759d8c49833ee6b9ff320/description HTTP/1.0
+  PUT /groups/9999c971bb4ab872aab759d8c49833ee6b9ff320/owner HTTP/1.0
   Content-Type: application/json; charset=UTF-8
 
   {
@@ -714,6 +833,24 @@
   ]
 ----
 
+[[index-group]]
+=== Index Group
+--
+'POST /groups/link:#group-id[\{group-id\}]/index'
+--
+
+Adds or updates the internal group in the secondary index.
+
+.Request
+----
+  POST /groups/fdda826a0815859ab48d22a05a43472f0f55f89a/index HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 204 No Content
+----
+
 [[group-member-endpoints]]
 == Group Member Endpoints
 
@@ -1207,11 +1344,6 @@
 [[ids]]
 == IDs
 
-[[account-id]]
-=== link:rest-api-accounts.html#account-id[\{account-id\}]
---
---
-
 [[group-id]]
 === \{group-id\}
 Identifier for a group.
@@ -1272,8 +1404,11 @@
 |Field Name    ||Description
 |`id`          ||The URL encoded UUID of the group.
 |`name`        |
-not set if returned in a map where the group name is used as map key|
-The name of the group.
+optional, not set if returned in a map where the group name is used as map key|
+The name of the group. +
+For external groups the group name is missing if there is no group
+backend that can resolve the group UUID. E.g. this can happen when a
+plugin that provided a group backend was uninstalled.
 |`url`         |optional|
 URL to information about the group. Typically a URL to a web page that
 permits users to apply to join the group, or manage their membership.
@@ -1282,6 +1417,10 @@
 |`group_id`    |only for internal groups|The numeric ID of the group.
 |`owner`       |only for internal groups|The name of the owner group.
 |`owner_id`    |only for internal groups|The URL encoded UUID of the owner group.
+|`_more_groups`|optional, only for internal groups, not set if `false`|
+Whether the query would deliver more results if not limited. +
+Only set on the last group that is returned by a
+link:#query-groups[group query].
 |`members`     |optional, only for internal groups|
 A list of link:rest-api-accounts.html#account-info[AccountInfo]
 entities describing the direct members. +
@@ -1319,7 +1458,7 @@
 name. +
 If not set, the new group will be self-owned.
 |`members`       |optional|The initial members in a list of +
-link:#account-id[account ids].
+link:rest-api-accounts.html#account-id[account ids].
 |===========================
 
 [[group-options-info]]
@@ -1360,8 +1499,7 @@
 |==========================
 
 [[members-input]]
-MembersInput
-~~~~~~~~~~~
+=== MembersInput
 The `MembersInput` entity contains information about accounts that should
 be added as members to a group or that should be deleted from the group.
 
@@ -1369,11 +1507,11 @@
 |==========================
 |Field Name   ||Description
 |`_one_member`|optional|
-The link:#account-id[id] of one account that should be added or
-deleted.
-|`members`    |optional|
-A list of link:#account-id[account ids] that identify the accounts that
+The link:rest-api-accounts.html#account-id[id] of one account that
 should be added or deleted.
+|`members`    |optional|
+A list of link:rest-api-accounts.html#account-id[account ids] that
+identify the accounts that should be added or deleted.
 |==========================
 
 
diff --git a/Documentation/rest-api-plugins.txt b/Documentation/rest-api-plugins.txt
index dfe9f0e..53f4bb5 100644
--- a/Documentation/rest-api-plugins.txt
+++ b/Documentation/rest-api-plugins.txt
@@ -33,6 +33,32 @@
 
 .Request
 ----
+  GET /plugins/ HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "delete-project": {
+      "id": "delete-project",
+      "index_url": "plugins/delete-project/",
+      "version": "2.9-SNAPSHOT"
+    }
+  }
+----
+
+[[plugin-options]]
+==== Plugin Options
+All(a)::
+List all plugins including those that are disabled.
+
+.Request
+----
   GET /plugins/?all HTTP/1.0
 ----
 
@@ -87,7 +113,7 @@
 following curl command can be used:
 
 ----
-  curl --digest --user admin:TNNuLkWsIV8w -X PUT --data-binary @delete-project-2.8.jar 'http://gerrit:8080/a/plugins/delete-project'
+  curl --user admin:TNNuLkWsIV8w -X PUT --data-binary @delete-project-2.8.jar 'http://gerrit:8080/a/plugins/delete-project'
 ----
 
 As response a link:#plugin-info[PluginInfo] entity is returned that
diff --git a/Documentation/rest-api-projects.txt b/Documentation/rest-api-projects.txt
index 457a287..3d53130 100644
--- a/Documentation/rest-api-projects.txt
+++ b/Documentation/rest-api-projects.txt
@@ -149,6 +149,8 @@
 Limit the results to those projects that start with the specified
 prefix.
 +
+The match is case sensitive. May not be used together with `m` or `r`.
++
 List all projects that start with `platform/`:
 +
 .Request
@@ -182,6 +184,8 @@
 match any projects that start with 'test' and regex '.*test' will match any
 project that end with 'test'.
 +
+The match is case sensitive. May not be used together with `m` or `p`.
++
 List all projects that match regex `test.*project`:
 +
 .Request
@@ -234,6 +238,8 @@
 Substring(m)::
 Limit the results to those projects that match the specified substring.
 +
+The match is case insensitive. May not be used together with `r` or `p`.
++
 List all projects that match substring `test/`:
 +
 .Request
@@ -318,6 +324,33 @@
   }
 ----
 
+All::
+Get all projects, including those whose state is "HIDDEN".
++
+.Request
+----
+GET /projects/?all HTTP/1.0
+----
++
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  {
+    "All-Projects" {
+      "id": "All-Projects",
+      "state": "ACTIVE"
+    },
+    "some-other-project": {
+      "id": "some-other-project",
+      "state": "HIDDEN"
+    }
+  }
+----
+
 [[get-project]]
 === Get Project
 --
@@ -981,6 +1014,7 @@
     ],
     "can_upload": true,
     "can_add": true,
+    "can_add_tags": true,
     "config_visible": true
   }
 ----
@@ -1014,12 +1048,14 @@
 
   {
     "remove": [
-      "refs/*": {
-        "permissions": {
-          "read": {
-            "rules": {
-              "c2ce4749a32ceb82cd6adcce65b8216e12afb41c": {
-                "action": "ALLOW"
+      {
+        "refs/*": {
+          "permissions": {
+            "read": {
+              "rules": {
+                "c2ce4749a32ceb82cd6adcce65b8216e12afb41c": {
+                  "action": "ALLOW"
+                }
               }
             }
           }
@@ -1062,10 +1098,29 @@
     ],
     "can_upload": true,
     "can_add": true,
+    "can_add_tags": true,
     "config_visible": true
   }
 ----
 
+[[index]]
+=== Index all changes in a project
+
+Adds or updates all the changes belonging to a project in the secondary index.
+The indexing task is executed asynchronously in background, so this command
+returns immediately.
+
+.Request
+----
+  POST /projects/MyProject/index HTTP/1.0
+----
+
+.Response
+----
+HTTP/1.1 202 Accepted
+Content-Disposition: attachment
+----
+
 [[branch-endpoints]]
 == Branch Endpoints
 
@@ -1140,7 +1195,7 @@
   ]
 ----
 
-Skip(s)::
+Skip(S)::
 Skip the given number of branches from the beginning of the list.
 +
 .Request
@@ -1165,9 +1220,11 @@
 ----
 
 Substring(m)::
-Limit the results to those projects that match the specified substring.
+Limit the results to those branches that match the specified substring.
 +
-List all projects that match substring `test`:
+The match is case insensitive. May not be used together with `r`.
++
+List all branches that match substring `test`:
 +
 .Request
 ----
@@ -1193,8 +1250,10 @@
 Regex(r)::
 Limit the results to those branches that match the specified regex.
 Boundary matchers '^' and '$' are implicit. For example: the regex 't*' will
-match any branches that start with 'test' and regex '*t' will match any
-branches that end with 'test'.
+match any branches that start with 't' and regex '*t' will match any
+branches that end with 't'.
++
+The match is case sensitive. May not be used together with `m`.
 +
 List all branches that match regex `t.*1`:
 +
@@ -1814,7 +1873,7 @@
   ]
 ----
 
-Skip(s)::
+Skip(S)::
 Skip the given number of tags from the beginning of the list.
 +
 .Request
@@ -1849,6 +1908,87 @@
   ]
 ----
 
+Substring(m)::
+Limit the results to those tags that match the specified substring.
++
+The match is case insensitive.  May not be used together with `r`.
++
+List all tags that match substring `v2`:
+
++
+.Request
+----
+  GET /projects/testproject/tags?m=v2 HTTP/1.0
+----
++
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    {
+      "ref": "refs/tags/v2.0",
+      "revision": "1624f5af8ae89148d1a3730df8c290413e3dcf30"
+    },
+  ]
+----
+
+Regex(r)::
+Limit the results to those tags that match the specified regex.
+Boundary matchers '^' and '$' are implicit. For example: the regex 't*' will
+match any tags that start with 't' and regex '*t' will match any
+tags that end with 't'.
++
+The match is case sensitive.  May not be used together with `m`.
++
+List all tags that match regex `v.*0`:
++
+.Request
+----
+  GET /projects/testproject/tags?r=v.*0 HTTP/1.0
+----
++
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json; charset=UTF-8
+
+  )]}'
+  [
+    {
+      "ref": "refs/tags/v1.0",
+      "revision": "49ce77fdcfd3398dc0dedbe016d1a425fd52d666",
+      "object": "1624f5af8ae89148d1a3730df8c290413e3dcf30",
+      "message": "Annotated tag",
+      "tagger": {
+        "name": "David Pursehouse",
+        "email": "david.pursehouse@sonymobile.com",
+        "date": "2014-10-06 07:35:03.000000000",
+        "tz": 540
+      }
+    },
+    {
+      "ref": "refs/tags/v2.0",
+      "revision": "1624f5af8ae89148d1a3730df8c290413e3dcf30"
+    },
+    {
+      "ref": "refs/tags/v3.0",
+      "revision": "c628685b3c5a3614571ecb5c8fceb85db9112313",
+      "object": "1624f5af8ae89148d1a3730df8c290413e3dcf30",
+      "message": "Signed tag\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niQEcBAABAgAGBQJUMlqYAAoJEPI2qVPgglptp7MH/j+KFcittFbxfSnZjUl8n5IZ\nveZo7wE+syjD9sUbMH4EGv0WYeVjphNTyViBof+stGTNkB0VQzLWI8+uWmOeiJ4a\nzj0LsbDOxodOEMI5tifo02L7r4Lzj++EbqtKv8IUq2kzYoQ2xjhKfFiGjeYOn008\n9PGnhNblEHZgCHguGR6GsfN8bfA2XNl9B5Ysl5ybX1kAVs/TuLZR4oDMZ/pW2S75\nhuyNnSgcgq7vl2gLGefuPs9lxkg5Fj3GZr7XPZk4pt/x1oiH7yXxV4UzrUwg2CC1\nfHrBlNbQ4uJNY8TFcwof52Z0cagM5Qb/ZSLglHbqEDGA68HPqbwf5z2hQyU2/U4\u003d\n\u003dZtUX\n-----END PGP SIGNATURE-----",
+      "tagger": {
+        "name": "David Pursehouse",
+        "email": "david.pursehouse@sonymobile.com",
+        "date": "2014-10-06 09:02:16.000000000",
+        "tz": 540
+      }
+    }
+  ]
+----
 
 [[get-tag]]
 === Get Tag
@@ -1886,6 +2026,55 @@
   }
 ----
 
+[[delete-tag]]
+=== Delete Tag
+--
+'DELETE /projects/link:#project-name[\{project-name\}]/tags/link:#tag-id[\{tag-id\}]'
+--
+
+Deletes a tag.
+
+.Request
+----
+  DELETE /projects/MyProject/tags/v1.0 HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 204 No Content
+----
+
+[[delete-tags]]
+=== Delete Tags
+--
+'POST /projects/link:#project-name[\{project-name\}]/tags:delete'
+--
+
+Delete one or more tags.
+
+The tags to be deleted must be provided in the request body as a
+link:#delete-tags-input[DeleteTagsInput] entity.
+
+.Request
+----
+  POST /projects/MyProject/tags:delete HTTP/1.0
+  Content-Type: application/json;charset=UTF-8
+
+  {
+    "tags": [
+      "v1.0",
+      "v2.0"
+    ]
+  }
+----
+
+.Response
+----
+  HTTP/1.1 204 No Content
+----
+
+If some tags could not be deleted, the response is "`409 Conflict`" and the
+error message is contained in the response body.
 
 [[commit-endpoints]]
 == Commit Endpoints
@@ -1940,6 +2129,35 @@
   }
 ----
 
+[[get-included-in]]
+=== Get Included In
+--
+'GET /projects/link:#project-name[\{project-name\}]/commits/link:#commit-id[\{commit-id\}]/in'
+--
+
+Retrieves the branches and tags in which a change is included. As result
+an link:rest-api-changes.html#included-in-info[IncludedInInfo] entity is returned.
+
+.Request
+----
+  GET /projects/work%2Fmy-project/commits/a8a477efffbbf3b44169bb9a1d3a334cbbd9aa96/in HTTP/1.0
+----
+
+.Response
+----
+  HTTP/1.1 200 OK
+  Content-Disposition: attachment
+  Content-Type: application/json;charset=UTF-8
+
+  )]}'
+  {
+    "branches": [
+      "master"
+    ],
+    "tags": []
+  }
+----
+
 [[get-content-from-commit]]
 === Get Content
 --
@@ -2320,7 +2538,7 @@
 MaxObjectSizeLimitInfo] entity.
 |`submit_type`               ||
 The default submit type of the project, can be `MERGE_IF_NECESSARY`,
-`FAST_FORWARD_ONLY`, `REBASE_IF_NECESSARY`, `MERGE_ALWAYS` or
+`FAST_FORWARD_ONLY`, `REBASE_IF_NECESSARY`, `REBASE_ALWAYS`, `MERGE_ALWAYS` or
 `CHERRY_PICK`.
 |`state`                     |optional|
 The state of the project, can be `ACTIVE`, `READ_ONLY` or `HIDDEN`. +
@@ -2395,7 +2613,7 @@
 If not set, this setting is not updated.
 |`submit_type`                             |optional|
 The default submit type of the project, can be `MERGE_IF_NECESSARY`,
-`FAST_FORWARD_ONLY`, `REBASE_IF_NECESSARY`, `MERGE_ALWAYS` or
+`FAST_FORWARD_ONLY`, `REBASE_IF_NECESSARY`, `REBASE_ALWAYS`, `MERGE_ALWAYS` or
 `CHERRY_PICK`. +
 If not set, the submit type is not updated.
 |`state`                                   |optional|
@@ -2408,8 +2626,7 @@
 |======================================================
 
 [[config-parameter-info]]
-ConfigParameterInfo
-~~~~~~~~~~~~~~~~~~~
+=== ConfigParameterInfo
 The `ConfigParameterInfo` entity describes a project configuration
 parameter.
 
@@ -2523,6 +2740,18 @@
 deleted.
 |==========================
 
+[[delete-tags-input]]
+=== DeleteTagsInput
+The `DeleteTagsInput` entity contains information about tags that should
+be deleted.
+
+[options="header",width="50%",cols="1,6"]
+|==========================
+|Field Name   |Description
+|`tags`       |A list of tag names that identify the tags that should be
+deleted.
+|==========================
+
 [[gc-input]]
 === GCInput
 The `GCInput` entity contains information to run the Git garbage
@@ -2578,16 +2807,17 @@
 |===============================
 |Field Name        ||Description
 |`value`           |optional|
-The effective value of the max object size limit as a formatted string. +
+The effective value in bytes of the max object size limit. +
 Not set if there is no limit for the object size.
 |`configured_value`|optional|
 The max object size limit that is configured on the project as a
 formatted string. +
 Not set if there is no limit for the object size configured on project
 level.
-|`inherited_value` |optional|
-The max object size limit that is inherited as a formatted string. +
-Not set if there is no global limit for the object size.
+|`summary`         |optional|
+A string describing whether the value was inherited or overridden from
+the parent project or global config. +
+Not set if not inherited or overridden.
 |===============================
 
 [[project-access-input]]
@@ -2672,8 +2902,8 @@
 Whether an empty initial commit should be created.
 |`submit_type`               |optional|
 The submit type that should be set for the project
-(`MERGE_IF_NECESSARY`, `REBASE_IF_NECESSARY`, `FAST_FORWARD_ONLY`,
-`MERGE_ALWAYS`, `CHERRY_PICK`). +
+(`MERGE_IF_NECESSARY`, `REBASE_IF_NECESSARY`, `REBASE_ALWAYS`,
+`FAST_FORWARD_ONLY`, `MERGE_ALWAYS`, `CHERRY_PICK`). +
 If not set, `MERGE_IF_NECESSARY` is set as submit type unless
 link:config-gerrit.html#repository.name.defaultSubmitType[
 repository.<name>.defaultSubmitType] is set to a different value.
@@ -2773,6 +3003,11 @@
 the signature.
 |`tagger`|Only set for annotated tags, if present in the tag.|The tagger as a
 link:rest-api-changes.html#git-person-info[GitPersonInfo] entity.
+|`can_delete`|`false` if not set|
+Whether the calling user can delete this tag.
+|`web_links` |optional|
+Links to the tag in external sites as a list of
+link:rest-api-changes.html#web-link-info[WebLinkInfo] entries.
 |=========================
 
 [[tag-input]]
@@ -2806,8 +3041,6 @@
 The path to the `GerritSiteFooter.html` file.
 |=============================
 
-----
-
 GERRIT
 ------
 Part of link:index.html[Gerrit Code Review]
diff --git a/Documentation/rest-api.txt b/Documentation/rest-api.txt
index 7f7e62e..7928512 100644
--- a/Documentation/rest-api.txt
+++ b/Documentation/rest-api.txt
@@ -36,10 +36,8 @@
 `/a/`. For example to authenticate to `/projects/`, request the URL
 `/a/projects/`.
 
-By default Gerrit uses HTTP digest authentication with the HTTP password
-from the user's account settings page. HTTP basic authentication is used
-if link:config-gerrit.html#auth.gitBasicAuth[`auth.gitBasicAuth`] is set
-to true in the Gerrit configuration.
+Gerrit uses HTTP basic authentication with the HTTP password from the
+user's account settings page.
 
 [[preconditions]]
 === Preconditions
diff --git a/Documentation/user-review-ui.txt b/Documentation/user-review-ui.txt
index 838a433..1ddaed0 100644
--- a/Documentation/user-review-ui.txt
+++ b/Documentation/user-review-ui.txt
@@ -271,12 +271,17 @@
 
 ** [[delete]]`Delete Change` / `Delete Revision`:
 +
-Deletes the draft change / the currently viewed draft patch set.
+Deletes the change / the currently viewed draft patch set.
 +
-The `Delete Change` / `Delete Revision` buttons are only available if a
-draft patch set is viewed and the user is the change owner or has the
-link:access-control.html#category_delete_drafts[Delete Drafts] access
-right assigned.
+For open or abandoned changes, the `Delete Change` button will be available
+and if the user is the change owner and is granted the
+link:access-control.html#category_delete_own_changes[Delete Own Changes]
+permission, if they are granted the
+link:access-control.html#category_delete_changes[Delete Changes] permission,
+or if they are an administrator. For draft changes,
+the `Delete Change` / `Delete Revision` buttons will be available if the user is
+the change owner or has the
+link:access-control.html#category_delete_drafts[Delete Drafts] access right assigned.
 
 ** [[plugin-actions]]Further actions may be available if plugins are installed.
 
@@ -297,6 +302,23 @@
 
 image::images/user-review-ui-change-screen-file-list.png[width=800, link="images/user-review-ui-change-screen-file-list.png"]
 
+[[magic-files]]
+In addition to the modified files the file list contains magic files
+that are generated by Gerrit and which don't exist in the repository.
+The magic files contain additional commit data that should be
+reviewable and allow users to comment on this data. The magic files are
+always listed first. The following magic files exist:
+
+* `Commit Message`:
++
+The commit message and headers with the parent commit(s), the author
+information and the committer information.
+
+* `Merge List` (for merge commits only):
++
+The list of commits that are being integrated into the destination
+branch by submitting the merge commit.
+
 [[change-screen-mark-reviewed]]
 The checkboxes in front of the file names allow files to be marked as reviewed.
 
@@ -952,7 +974,7 @@
 - `h` / `j` / `k` / `l` moves the cursor left / down / up / right
 - `0` / `$` moves the cursor to the start / end of the line
 - `gg` / `G` moves to cursor to the start / end of the file
-- `Ctrl-D` / `Ctrl-U` scolls downwards / upwards
+- `Ctrl-D` / `Ctrl-U` scrolls downwards / upwards
 
 Please check the link:http://www.vim.org/docs.php[Vim documentation]
 for further information.
@@ -1110,7 +1132,7 @@
 
 - [[line-wrapping]]`Line Wrapping`:
 +
-Controls weather to enable line wrapping or not.
+Controls whether to enable line wrapping or not.
 +
 If `false` is selected then line wrapping is disabled.
 This is the default option.
diff --git a/Documentation/user-search-accounts.txt b/Documentation/user-search-accounts.txt
index 15d87b0..6bcd18e 100644
--- a/Documentation/user-search-accounts.txt
+++ b/Documentation/user-search-accounts.txt
@@ -1,6 +1,6 @@
 = Gerrit Code Review - Searching Accounts
 
-== Basic Change Search
+== Basic Account Search
 
 Similar to many popular search engines on the web, just enter some
 text and let Gerrit figure out the meaning:
@@ -23,6 +23,11 @@
 returned results. Search can also be performed by typing only a
 text with no operator, which will match against a variety of fields.
 
+[[cansee]]
+cansee:'CHANGE'::
++
+Matches accounts that can see the change 'CHANGE'.
+
 [[email]]
 email:'EMAIL'::
 +
@@ -57,7 +62,7 @@
 is:visible::
 +
 Magical internal flag to prove the current user has access to read
-the change. This flag is always added to any query.
+the account. This flag is always added to any query.
 
 [[is-active-magic]]
 is:active::
diff --git a/Documentation/user-search-groups.txt b/Documentation/user-search-groups.txt
new file mode 100644
index 0000000..fccad65
--- /dev/null
+++ b/Documentation/user-search-groups.txt
@@ -0,0 +1,83 @@
+= Gerrit Code Review - Searching Groups
+
+Group queries only match internal groups. External groups and system
+groups are not included in the query result.
+
+== Basic Group Search
+
+Similar to many popular search engines on the web, just enter some
+text and let Gerrit figure out the meaning:
+
+[options="header"]
+|======================================================
+|Description | Examples
+|Name        | Foo-Verifiers
+|UUID        | 6a1e70e1a88782771a91808c8af9bbb7a9871389
+|Description | deprecated
+|======================================================
+
+[[search-operators]]
+== Search Operators
+
+Operators act as restrictions on the search. As more operators
+are added to the same query string, they further restrict the
+returned results. Search can also be performed by typing only a text
+with no operator, which will match against a variety of fields.
+
+[[description]]
+description:'DESCRIPTION'::
++
+Matches groups that have a description that contains 'DESCRIPTION'
+(case-insensitive).
+
+[[inname]]
+inname:'NAMEPART'::
++
+Matches groups that have a name part that starts with 'NAMEPART'
+(case-insensitive).
+
+[[is]]
+[[is-visibletoall]]
+is:visibletoall::
++
+Matches groups that are in the groups options marked as visible to all
+registered users.
+
+[[name]]
+name:'NAME'::
++
+Matches groups that have the name 'NAME' (case-insensitive).
+
+[[owner]]
+owner:'OWNER'::
++
+Matches groups that are owned by the group whose name best matches
+'OWNER' or that has the UUID 'OWNER'.
+
+[[uuid]]
+uuid:'UUID'::
++
+Matches groups that have the UUID 'UUID'.
+
+== Magical Operators
+
+[[is-visible]]
+is:visible::
++
+Magical internal flag to prove the current user has access to read
+the group. This flag is always added to any query.
+
+[[limit]]
+limit:'CNT'::
++
+Limit the returned results to no more than 'CNT' records. This is
+automatically set to the page size configured in the current user's
+preferences. Including it in a web query may lead to unpredictable
+results with regards to pagination.
+
+GERRIT
+------
+Part of link:index.html[Gerrit Code Review]
+
+SEARCHBOX
+---------
diff --git a/Documentation/user-search.txt b/Documentation/user-search.txt
index b04898e..4207e3f 100644
--- a/Documentation/user-search.txt
+++ b/Documentation/user-search.txt
@@ -4,9 +4,7 @@
 
 Most basic searches can be viewed by clicking on a link along the top
 menu bar.  The link will prefill the search box with a common search
-query, execute it, and present the results.  If exactly one change
-matches the search, the change will be presented instead of a list.
-
+query, execute it, and present the results.
 
 [options="header"]
 |=================================================
@@ -15,7 +13,7 @@
 |All > Merged         | status:merged
 |All > Abandoned      | status:abandoned
 |My > Drafts          | owner:self is:draft
-|My > Watched Changes | status:open is:watched
+|My > Watched Changes | is:watched is:open
 |My > Starred Changes | is:starred
 |My > Draft Comments  | has:draft
 |Open changes in Foo  | status:open project:Foo
@@ -34,9 +32,14 @@
 |Full or abbreviated Change-Id    | Ic0ff33
 |Full or abbreviated commit SHA-1 | d81b32ef
 |Email address                    | user@example.com
-|Approval requirement             | Code-Review>=+2, Verified=1
 |=============================================================
 
+For change searches (i.e. those using a numerical id, Change-Id, or commit
+SHA1), if the search results in a single change that change will be
+presented instead of a list.
+
+For more predictable results, use explicit search operators as described
+in the following section.
 
 [[search-operators]]
 == Search Operators
@@ -61,6 +64,11 @@
 * mon, month, months (`1 month` is treated as `30 days`)
 * y, year, years (`1 year` is treated as `365 days`)
 
+[[assignee]]
+assignee:'USER'::
++
+Changes assigned to the given user.
+
 [[before_until]]
 before:'TIME'/until:'TIME'::
 +
@@ -103,7 +111,9 @@
 [[ownerin]]
 ownerin:'GROUP'::
 +
-Changes originally submitted by a user in 'GROUP'.
+Changes originally submitted by a user in 'GROUP'. When no other index
+predicate is explicitly added in the query, defaults to only include
+changes in status 'OPEN'.
 
 [[query]]
 query:'NAME'::
@@ -118,10 +128,18 @@
 special case of `reviewer:self` will find changes where the caller
 has been added as a reviewer.
 
+[[cc]]
+cc:'USER'::
++
+Changes that have the given user CC'ed on them. The special case of `cc:self`
+will find changes where the caller has been CC'ed.
+
 [[reviewerin]]
 reviewerin:'GROUP'::
 +
-Changes that have been, or need to be, reviewed by a user in 'GROUP'.
+Changes that have been, or need to be, reviewed by a user in 'GROUP'. When
+no other index predicate is explicitly added in the query, defaults to only
+include changes in status 'OPEN'.
 
 [[commit]]
 commit:'SHA1'::
@@ -278,13 +296,25 @@
 +
 True if the change has inline edit created by the current user.
 
+has:unresolved::
++
+True if the change has unresolved comments.
+
 [[is]]
+is:assigned::
++
+True if the change has an assignee.
+
 [[is-starred]]
 is:starred::
 +
 Same as 'has:star', true if the change has been starred by the
 current user with the default label.
 
+is:unassigned::
++
+True if the change does not have an assignee.
+
 is:watched::
 +
 True if this change matches one of the current user's watch filters,
@@ -305,6 +335,11 @@
 True on any change where the current user is a reviewer.
 Same as `reviewer:self`.
 
+is:cc::
++
+True on any change where the current user is in CC.
+Same as `cc:self`.
+
 is:open, is:pending::
 +
 True if the change is open.
@@ -321,11 +356,28 @@
 +
 Same as <<status,status:'STATE'>>.
 
+is:submittable::
++
+True if the change is submittable according to the submit rules for
+the project, for example if all necessary labels have been voted on.
++
+This operator only takes into account one change at a time, not any
+related changes, and does not guarantee that the submit button will
+appear for matching changes. To check whether a submit button appears,
+use the
+link:rest-api-changes.html#get-revision-actions[Get Revision Actions]
+API.
++
+Equivalent to <<submittable,submittable:ok>>.
+
 [[mergeable]]
 is:mergeable::
 +
 True if the change has no merge conflicts and could be merged into its
 destination branch.
++
+Mergeability of abandoned changes is not computed. This operator will
+not find any abandoned but mergeable changes.
 
 [[status]]
 status:open, status:pending::
@@ -394,6 +446,25 @@
 'COMMITTER' may be the committer's exact email address, or part of the name or
 email address.
 
+[[submittable]]
+submittable:'SUBMIT_STATUS'::
++
+Changes having the given submit record status after applying submit
+rules. Valid statuses are in the `status` field of
+link:rest-api-changes.html#submit-record[SubmitRecord]. This operator
+only applies to the top-level status; individual label statuses can be
+searched link:#labels[by label].
+
+[[unresolved]]
+unresolved:'RELATION''NUMBER'::
++
+True if the number of unresolved comments satisfies the given relation for the given number.
++
+For example, unresolved:>0 will be true for any change which has at least one unresolved
+comment while unresolved:0 will be true for any change which has all comments resolved.
++
+Valid relations are >=, >, <=, <, or no relation, which will match if the number of unresolved
+comments is exactly equal.
 
 == Argument Quoting
 
@@ -448,8 +519,10 @@
   ('user=' or 'group=').  If an LDAP group is being referenced make
   sure to use 'ldap/<groupname>'.
 
-A label name must be followed by a score, or an operator and a score.
-The easiest way to explain this is by example.
+A label name must be followed by either a score with optional operator,
+or a label status. The easiest way to explain this is by example.
++
+First, some examples of scores with operators:
 
 `label:Code-Review=2`::
 `label:Code-Review=+2`::
@@ -473,8 +546,20 @@
 `label:Code-Review>=1`::
 +
 Matches changes with either a +1, +2, or any higher score.
++
+Instead of a numeric vote, you can provide a label status corresponding
+to one of the fields in the
+link:rest-api-changes.html#submit-record[SubmitRecord] REST API entity.
+
+`label:Non-Author-Code-Review=need`::
++
+Matches changes where the submit rules indicate that a label named
+`Non-Author-Code-Review` is needed. (See the
+link:prolog-cookbook.html#NonAuthorCodeReview[Prolog Cookbook] for how
+this label can be configured.)
 
 `label:Code-Review=+2,aname`::
+`label:Code-Review=ok,aname`::
 +
 Matches changes with a +2 code review where the reviewer or group is aname.
 
@@ -482,6 +567,14 @@
 +
 Matches changes with a +2 code review where the reviewer is jsmith.
 
+`label:Code-Review=+2,user=owner`::
+`label:Code-Review=ok,user=owner`::
+`label:Code-Review=+2,owner`::
+`label:Code-Review=ok,owner`::
++
+The special "owner" parameter corresponds to the change owner.  Matches
+all changes that have a +2 vote from the change owner.
+
 `label:Code-Review=+1,group=ldap/linux.workflow`::
 +
 Matches changes with a +1 code review where the reviewer is in the
@@ -492,14 +585,17 @@
 Matches changes with either a -1, -2, or any lower score.
 
 `is:open label:Code-Review+2 label:Verified+1 NOT label:Verified-1 NOT label:Code-Review-2`::
+`is:open label:Code-Review=ok label:Verified=ok`::
 +
-Matches changes that are ready to be submitted.
+Matches changes that are ready to be submitted according to one common
+label configuration. (For a more general check, use
+link:#submittable[submittable:ok].)
 
 `is:open (label:Verified-1 OR label:Code-Review-2)`::
+`is:open (label:Verified=reject OR label:Code-Review=reject)`::
 +
 Changes that are blocked from submission due to a blocking score.
 
-
 == Magical Operators
 
 Most of these operators exist to support features of Gerrit Code
diff --git a/Documentation/user-submodules.txt b/Documentation/user-submodules.txt
index 2754b45..a2a080b 100644
--- a/Documentation/user-submodules.txt
+++ b/Documentation/user-submodules.txt
@@ -27,8 +27,8 @@
 .. a url that starts with the link:config-gerrit.html#gerrit.canonicalWebUrl[`gerrit.canonicalWebUrl`]
 
 When a commit in a project is merged, Gerrit checks for superprojects
-that are subscribed to the the project and automatically updates those
-superprojects with a commit that updates the gilink for the project.
+that are subscribed to the project and automatically updates those
+superprojects with a commit that updates the gitlink for the project.
 
 This feature is enabled by default and can be disabled
 via link:config-gerrit.html#submodule.enableSuperProjectSubscriptions[submodule.enableSuperProjectSubscriptions]
diff --git a/Documentation/user-upload.txt b/Documentation/user-upload.txt
index ba3445a..25ab3ca 100644
--- a/Documentation/user-upload.txt
+++ b/Documentation/user-upload.txt
@@ -9,8 +9,8 @@
 All three methods rely on authentication, which must first be configured
 by the uploading user.
 
-Gerrit supports two methods of authenticating the uploading user.  SSH
-public key, and HTTP/HTTPS.
+Gerrit supports two protocols for uploading changes; SSH and HTTP/HTTPS. These
+may not all be available for you, depending on the server configuration.
 
 [[http]]
 == HTTP/HTTPS
@@ -18,10 +18,9 @@
 On Gerrit installations that do not support SSH authentication, the
 user must authenticate via HTTP/HTTPS.
 
-When link:config-gerrit.html#auth.gitBasicAuth[gitBasicAuth] is enabled,
-the user is authenticated using standard BasicAuth. Depending on the value of
-link:#auth.gitBasicAuthPolicy[auth.gitBasicAuthPolicy], credentials are
-validated using:
+The user is authenticated using standard BasicAuth. Depending on the
+value of link:#auth.gitBasicAuthPolicy[auth.gitBasicAuthPolicy],
+credentials are validated using:
 
 * The randomly generated HTTP password on the `HTTP Password` tab
   in the user settings page if `gitBasicAuthPolicy` is `HTTP`.
@@ -29,9 +28,10 @@
 * Both, the HTTP and the LDAP passwords (in this order) if `gitBasicAuthPolicy`
   is `HTTP_LDAP`.
 
-When gitBasicAuthPolicy is not `LDAP`, the user's HTTP credentials can be
-accessed within Gerrit by going to `Settings`, and then accessing the `HTTP
-Password` tab.
+When gitBasicAuthPolicy is not `LDAP`, the user's HTTP credentials can
+be regenerated by going to `Settings`, and then accessing the `HTTP
+Password` tab. Revocation can effectively be done by regenerating the
+password and then forgetting it.
 
 For Gerrit installations where an link:config-gerrit.html#auth.httpPasswordUrl[HTTP password URL]
 is configured, the password can be obtained by clicking on `Obtain Password`
@@ -41,13 +41,15 @@
 [[ssh]]
 == SSH
 
-Each user uploading changes to Gerrit must configure one or more SSH
-public keys.  The per-user SSH key list can be accessed over the web
-within Gerrit by `Settings`, and then accessing the `SSH Public Keys`
-tab.
+To upload changes over SSH, Gerrit supports two forms of authentication: a
+user's public key or kerberos.
 
-[[configure_ssh]]
-=== Configuration
+Unless your Gerrit instance is configured to support
+link:config-gerrit.html#sshd.kerberosKeytab[kerberos] in your domain, only
+public key authentication can be used.
+
+[[configure_ssh_public_keys]]
+=== Public keys
 
 To register a new SSH key for use with Gerrit, paste the contents of
 your `id_rsa.pub` or `id_dsa.pub` file into the text box and click
@@ -79,10 +81,29 @@
 documentation, for more details on configuration of the agent
 process and how to add the private key.
 
+[[configure_ssh_kerberos]]
+=== Kerberos
+
+A kerberos-enabled server configuration allows for zero configuration in an
+existing single-sign-on environment.
+
+Your SSH client should be configured to enable kerberos authentication. For
+OpenSSH clients, this is controlled by the option `GSSAPIAuthentication` which
+should be set to `yes`.
+
+Some Linux distributions have packaged OpenSSH to enable this by default (e.g.
+Debian, Ubuntu). If this is not the case for your distribution, enable it for
+Gerrit with this entry in your local SSH configuration:
+
+----
+  Host gerrit.mydomain.tld
+      GSSAPIAuthentication yes
+----
+
 [[test_ssh]]
 === Testing Connections
 
-To verify your SSH key is working correctly, try using an SSH client
+To verify your SSH authentication is working correctly, try using an SSH client
 to connect to Gerrit's SSHD port.  By default Gerrit runs on
 port 29418, using the same hostname as the web server:
 
@@ -120,6 +141,30 @@
 The returned output from this URL is always `'hostname' SP 'port'`,
 or `NOT_AVAILABLE` if the SSHD server is not currently running.
 
+[[configure_ssh_host_entry]]
+=== OpenSSH Host entry
+
+If you are frequently uploading changes to the same Gerrit server, consider
+adding an SSH `Host` entry in your OpenSSH client configuration
+(`~/.ssh/config`) for that Gerrit server.  It allows you use a single alias
+defining your username, hostname and port number whenever you're accessing
+this Gerrit server in an SSH context (also command line SSH or SCP).  Use this
+for easier to remember, shorter URLs, e.g.:
+
+----
+  $ cat ~/.ssh/config
+  ...
+  Host mygerrit
+      Hostname git.example.com
+      Port 29418
+      User john.doe
+
+  $ git clone mygerrit:myproject
+
+  $ ssh mygerrit gerrit version
+
+  $ scp -p mygerrit:hooks/commit-msg .git/hooks/
+----
 
 == git push
 
@@ -177,17 +222,39 @@
   git push ssh://bot@git.example.com:29418/kernel/common HEAD:refs/for/master%notify=NONE
 ----
 
+In addition uploaders can explicitly specify accounts that should be
+notified, regardless of the value that is given for the `notify`
+option. To notify a specific account specify it by an
+`notify-to='email'`, `notify-cc='email'` or `notify-bcc='email'`
+option. These options can be specified as many times as necessary to
+cover all interested parties. Gerrit will automatically avoid sending
+duplicate email notifications, such as if one of the specified accounts
+had also requested to receive all new change notifications. The
+accounts that are specified by `notify-to='email'`, `notify-cc='email'`
+and `notify-bcc='email'` will only be notified about this one push.
+They are not added as link:#reviewers[reviewers or CCs], hence they are
+not automatically signed up to be notified on further updates of the
+change.
+
+----
+  git push ssh://bot@git.example.com:29418/kernel/common HEAD:refs/for/master%notify=NONE,notify-to=a@a.com
+----
+
 [[topic]]
 ==== Topic
 
 To include a short tag associated with all of the changes in the
 same group, such as the local topic branch name, append it after
-the destination branch name. In this example the short topic tag
-'driver/i42' will be saved on each change this push creates or
+the destination branch name or add it with the command line flag
+`--push-option`, aliased to `-o`. In this example the short topic
+tag 'driver/i42' will be saved on each change this push creates or
 updates:
 
 ----
   git push ssh://john.doe@git.example.com:29418/kernel/common HEAD:refs/for/experimental%topic=driver/i42
+
+  // this is the same as:
+  git push ssh://john.doe@git.example.com:29418/kernel/common HEAD:refs/for/experimental -o topic=driver/i42
 ----
 
 [[message]]
@@ -243,22 +310,6 @@
 rebase a change edit on the newest patch set when the rebase of the
 change edit in the web UI fails due to conflicts.
 
-If you are frequently uploading changes to the same Gerrit server,
-consider adding an SSH host block in `~/.ssh/config` to remember
-your username, hostname and port number.  This permits the use of
-shorter URLs on the command line, such as:
-
-----
-  $ cat ~/.ssh/config
-  ...
-  Host tr
-    Hostname git.example.com
-    Port 29418
-    User john.doe
-
-  $ git push tr:kernel/common HEAD:refs/for/experimental
-----
-
 [[reviewers]]
 ==== Reviewers
 
@@ -267,7 +318,7 @@
 `reviewer` (or `r`) and `cc` options in the reference:
 
 ----
-  git push tr:kernel/common HEAD:refs/for/experimental%r=a@a.com,cc=b@o.com
+  git push ssh://john.doe@git.example.com:29418/kernel/common HEAD:refs/for/experimental%r=a@a.com,cc=b@o.com
 ----
 
 The `r='email'` and `cc='email'` options may be specified as many
@@ -284,7 +335,7 @@
   $ cat .git/config
   ...
   [remote "exp"]
-    url = tr:kernel/common
+    url = ssh://john.doe@git.example.com:29418/kernel/common
     push = HEAD:refs/for/experimental%r=a@a.com,cc=b@o.com
 
   $ git push exp
@@ -405,11 +456,11 @@
 link:access-control.html#category_push_direct['Push'] with the
 'Force' option ticked.
 
-To push annotated tags, the `Push Annotated Tag` project right must
+To push annotated tags, the `Create Annotated Tag` project right must
 be granted to one (or more) of the user's groups.  There is only
 one level of access in this category.
 
-Project owners may wish to grant themselves `Push Annotated Tag`
+Project owners may wish to grant themselves `Create Annotated Tag`
 only at times when a new release is being prepared, and otherwise
 grant nothing at all.  This ensures that accidental pushes don't
 make undesired changes to the public repository.
@@ -458,6 +509,23 @@
   git push ssh://john.doe@git.example.com:29418/kernel/common HEAD:refs/for/master%base=commit-id1,base=commit-id2
 ----
 
+[[merged]]
+=== Creating Changes for Merged Commits
+
+Normally, changes are only created for commits that have not yet
+been merged into the branch. In some cases, you may want to review a
+change that has already been merged. A new change for a merged commit
+can be created by using the '%merged' argument:
+
+----
+  git push ssh://john.doe@git.example.com:29418/kernel/common my-merged-commit:refs/for/master%merged
+----
+
+This only creates one merged change at a time, corresponding to
+exactly `my-merged-commit`. It doesn't walk all of history up to that
+point, which could be slow and create lots of unintended new changes.
+To create multiple new changes, run push multiple times.
+
 
 == repo upload
 
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..565dd45
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1 @@
+gerritPipeline()
diff --git a/README.md b/README.md
index 020602f..78c8477 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,8 @@
 [Gerrit](https://www.gerritcodereview.com) is a code review and project
 management tool for Git based projects.
 
+[![Build Status](https://gerrit-ci.gerritforge.com/job/Gerrit-master/badge/icon)](https://gerrit-ci.gerritforge.com/job/Gerrit-master/)
+
 ## Objective
 
 Gerrit makes reviews easier by showing changes in a side-by-side display,
@@ -48,10 +50,10 @@
 
 ## Build
 
-Install [Buck](http://facebook.github.io/buck/setup/install.html) and run the following:
+Install [Bazel](https://bazel.build/versions/master/docs/install.html) and run the following:
 
         git clone --recursive https://gerrit.googlesource.com/gerrit
-        cd gerrit && buck build release
+        cd gerrit && bazel build release
 
 ## Install binary packages (Deb/Rpm)
 
@@ -69,5 +71,21 @@
 
         yum clean all && yum install gerrit-<version>[-<release>]
 
+On Fedora run:
+
+        dnf clean all && dnf install gerrit-<version>[-<release>]
+
+## Use pre-built Gerrit images on Docker
+
+Docker images of Gerrit are available on [DockerHub](https://hub.docker.com/u/gerritforge/)
+
+To run a CentOS 7 based Gerrit image:
+
+        docker run -p 8080:8080 gerritforge/gerrit-centos7[:version]
+
+To run a Ubuntu 15.04 based Gerrit image:
+
+        docker run -p 8080:8080 gerritforge/gerrit-ubuntu15.04[:version]
+
 _NOTE: release is optional. Last released package of the version is installed if the release
 number is omitted._
diff --git a/ReleaseNotes/BUCK b/ReleaseNotes/BUCK
deleted file mode 100644
index 0f47808..0000000
--- a/ReleaseNotes/BUCK
+++ /dev/null
@@ -1,19 +0,0 @@
-include_defs('//Documentation/asciidoc.defs')
-include_defs('//ReleaseNotes/config.defs')
-
-DIR = 'ReleaseNotes'
-
-SRCS = glob(['*.txt'])
-
-
-genasciidoc(
-  name = 'html',
-  out = 'html.zip',
-  directory = DIR,
-  srcs = SRCS,
-  attributes = release_notes_attributes(),
-  backend = 'html5',
-  searchbox = False,
-  resources = False,
-  visibility = ['PUBLIC'],
-)
diff --git a/ReleaseNotes/BUILD b/ReleaseNotes/BUILD
new file mode 100644
index 0000000..9083a45
--- /dev/null
+++ b/ReleaseNotes/BUILD
@@ -0,0 +1,23 @@
+load("//tools/bzl:asciidoc.bzl", "genasciidoc", "genasciidoc_zip", "release_notes_attributes")
+
+SRCS = glob(["*.txt"])
+
+genasciidoc(
+    name = "ReleaseNotes",
+    srcs = SRCS,
+    attributes = release_notes_attributes(),
+    backend = "html5",
+    resources = False,
+    searchbox = False,
+    visibility = ["//visibility:public"],
+)
+
+genasciidoc_zip(
+    name = "html",
+    srcs = SRCS,
+    attributes = release_notes_attributes(),
+    backend = "html5",
+    resources = False,
+    searchbox = False,
+    visibility = ["//visibility:public"],
+)
diff --git a/ReleaseNotes/ReleaseNotes-2.12.1.txt b/ReleaseNotes/ReleaseNotes-2.12.1.txt
index e746d6e..8f94810 100644
--- a/ReleaseNotes/ReleaseNotes-2.12.1.txt
+++ b/ReleaseNotes/ReleaseNotes-2.12.1.txt
@@ -1,228 +1,5 @@
 = Release notes for Gerrit 2.12.1
 
-Gerrit 2.12.1 is now available:
-
-link:https://gerrit-releases.storage.googleapis.com/gerrit-2.12.1.war[
-https://gerrit-releases.storage.googleapis.com/gerrit-2.12.1.war]
-
-Gerrit 2.12.1 includes the bug fixes done with
-link:ReleaseNotes-2.11.6.html[Gerrit 2.11.6] and
-link:ReleaseNotes-2.11.7.html[Gerrit 2.11.7]. These bug fixes are *not*
-listed in these release notes.
-
-== Schema Upgrade
-
-*WARNING:* This version includes a manual schema upgrade when upgrading
-from 2.12.
-
-When upgrading a site that is already running version 2.12, the `patch_sets`
-table must be manually migrated using the `gerrit gsql` SSH command or the
-`gqsl` site program.
-
-For the default H2 database, execute the command:
-
-----
-  alter table patch_sets modify push_certficate clob;
-----
-
-For MySQL, execute the command:
-
-----
-  alter table patch_sets modify push_certficate text;
-----
-
-For PostgreSQL, execute the command:
-
-----
-  alter table patch_sets alter column push_certficate type text;
-----
-
-For other database types, execute the appropriate equivalent command.
-
-Note that the misspelled `push_certficate` is the actual name of the
-column.
-
-When upgrading from a version earlier than 2.12, this manual step is not
-necessary and should be omitted.
-
-
-== Bug Fixes
-
-=== General
-
-* Fix column type for signed push certificates.
-+
-The column type `VARCHAR(255)` was too small, preventing some PGP push
-certificates from being stored.
-
-* Add the `DRAFT_COMMENTS` option to the list changes REST API endpoint
-and mark it as deprecated.
-+
-It was removed in version 2.12 because it's not needed any more by the UI,
-but this caused failures for clients that still use it.
-+
-Now it is added back, although it does not do anything and is marked as
-deprecated.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3669[Issue 3669]:
-Fix schema migration when migrating to 2.12.x directly from a version
-earlier than 2.11.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3733[Issue 3733]:
-Correctly detect symlinked log directory on startup.
-+
-If `$site_path/logs` was a symlink, the server would not start.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3871[Issue 3871]:
-Throw an explicit exception when failing to load a change from the database.
-+
-If a change could not be loaded from the database, for example if it was
-manually removed from the changes table but references to it were remaining
-in other tables, a null change was returned which would then lead to an
-'Internal Server Error' that was difficult to track down. Now an error is
-raised earlier which will help administrators to find the root cause.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3743[Issue 3743]:
-Use submitter identity as committer when using 'Rebase if Necessary' merge
-strategy.
-+
-When submitting a change that required rebase, the committer was being
-set to 'Gerrit Code Review' instead of the name of the submitter.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3758[Issue 3758]:
-Fix serving of static resources when deployed in application container.
-+
-When deployed in a container, for example Tomcat, it was not possible to
-load the UI because static content could not be loaded from the WAR file.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3790[Issue 3790]:
-When deployed in a container, for example Tomcat, the 'Documentation' menu
-was missing.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3786[Issue 3786]:
-Fix SQL statement syntax in schema migration.
-+
-An extra semicolon was preventing migration from 2.11.x to 2.12 when using
-an Oracle database.
-
-* Send email using email queue instead of the default queue.
-+
-Some emails sent asynchronously were already being sent using that queue
-but some were not. This was confusing for a gerrit administrator because
-if there is a build up of `send-email` tasks in the queue, he would
-think that increasing `sendemail.threadPoolSize` would help but it did not
-because some of the email were sent using the default queue which is
-configurable using `execution.defaultThreadPoolSize`.
-
-* Fix XSRF token cookie to honor `auth.cookieSecure` setting.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3767[Issue 3767]:
-Fix replication of first patch set for new changes.
-+
-When new changes were pushed from the command line, the first patch
-set did not get replicated to destinations.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3771[Issue 3771]:
-Remove `index.defaultMaxClauseCount` configuration option.
-+
-When `index.maxTerms` was either not set (thus no limit) or set to a value
-higher than `index.defaultMaxClauseCount` it was possible that viewing the
-related changes tab could cause a 'Too many clauses' error for changes that
-have a lot of related changes.
-+
-The `index.defaultMaxClauseCount` configuration option is removed, and the
-existing `index.maxTerms` is reused. The default value of `index.maxTerms`
-is reduced from 'no limit' to 1024.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3919[Issue 3919]:
-Explicitly set parent project to 'All-Projects' when a project is created
-without giving the parent.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3948[Issue 3948]:
-Fix submit of project parent updates on `refs/meta/config`.
-+
-When submitting a change on `refs/meta/config` to update a project's parent,
-the error 'The change must be submitted by a Gerrit administrator' was being
-displayed even when the submitter was an admin. The submit was successful
-when clicking 'Submit' a second time.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3811[Issue 3811]:
-Fix submittability of merge commits that resolve merge conflicts.
-+
-If a series of changes contained a change that conflicted with the destination
-branch, but the conflict was solved by a merge commit at the tip of the
-series, the series was not submittable.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3883[Issue 3883]:
-Respect the `core.commentchar` setting from `.gitconfig` in `commit-msg` hook.
-
-=== UI
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3894[Issue 3894]:
-Fix display of 'Related changes' after change is rebased in web UI:
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3071[Issue 3071]:
-Fix display of submodule differences in side-by-side view.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3718[Issue 3718]:
-Hide avatar images when no avatars are available.
-+
-The UI was showing a transparent empty image with a border.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3731[Issue 3731]:
-Fix syntax higlighting of tcl files.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3863[Issue 3863]:
-Fix display of active row marker in tag list.
-+
-Clicking on one of the rows would cause the tag name to disappear.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=1207[Issue 1207]:
-Fix keyboard shortcuts for non-US keyboards on side-by-side diff screen.
-+
-The forward/backward navigation keys `[` and `]` only worked on keyboards where
-these characters could be typed without using any modifier key (like CTRL, ALT,
-etc..).
-+
-Note that the problem still exists on the unified diff screen.
-
-* Improve tooltip on 'Submit' button when 'Submit whole topic' is enabled
-and the topic can't be submitted due to some changes not being ready.
-
-=== Plugins
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3821[Issue 3821]:
-Fix repeated reloading of plugins when running on OpenJDK 8.
-+
-OpenJDK 8 uses nanotime precision for file modification time on systems that
-are POSIX 2008 compatible. This leads to precision incompatibility when
-comparing the plugin's JAR file timestamp, resulting in the plugin being
-reloaded every minute.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3741[Issue 3741]:
-Fix handling of merge validation exceptions emitted by plugins.
-+
-If a plugin raised an exception, it was reported to the user as 'Change is
-new', rather than 'Missing dependency'.
-
-* Allow plugins to get the caller in merge validation requests.
-+
-Plugins that implement the `MergeValidationListener` interface now get the
-caller (the user who initiated the merge) in the `onPreMerge` method.
-+
-Existing plugins that implement this interface must be adapted to the new
-method signature.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3892[Issue 3892]:
-Allow plugins to suggest reviewers based on either change or project
-resources.
-
-=== Documentation
-
-* Update documentation of `commentlink` to reflect changed search URL.
-
-* Add missing documentation of valid `database.type` values.
-
-== Upgrades
-
-* Upgrade JGit to 4.1.2.201602141800-r.
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.12.md#2.12.1[
+Release notes for Gerrit 2.12.1].
diff --git a/ReleaseNotes/ReleaseNotes-2.12.2.txt b/ReleaseNotes/ReleaseNotes-2.12.2.txt
index 8292eb5..35682ed 100644
--- a/ReleaseNotes/ReleaseNotes-2.12.2.txt
+++ b/ReleaseNotes/ReleaseNotes-2.12.2.txt
@@ -1,70 +1,5 @@
 = Release notes for Gerrit 2.12.2
 
-Gerrit 2.12.2 is now available:
-
-link:https://gerrit-releases.storage.googleapis.com/gerrit-2.12.2.war[
-https://gerrit-releases.storage.googleapis.com/gerrit-2.12.2.war]
-
-== Schema Upgrade
-
-*WARNING:* There are no schema changes from link:ReleaseNotes-2.12.1.html[
-2.12.1] but a manual schema upgrade is necessary when upgrading from 2.12.
-
-When upgrading a site that is already running version 2.12, the `patch_sets`
-table must be manually migrated using the `gerrit gsql` SSH command or the
-`gqsl` site program.
-
-For the default H2 database, execute the command:
-
-----
-  alter table patch_sets modify push_certficate clob;
-----
-
-For MySQL, execute the command:
-
-----
-  alter table patch_sets modify push_certficate text;
-----
-
-For PostgreSQL, execute the command:
-
-----
-  alter table patch_sets alter column push_certficate type text;
-----
-
-For other database types, execute the appropriate equivalent command.
-
-Note that the misspelled `push_certficate` is the actual name of the
-column.
-
-When upgrading from a version earlier than 2.12, or from 2.12.1 having already
-done the migration, this manual step is not necessary and should be omitted.
-
-
-== Bug Fixes
-
-* Upgrade Apache commons-collections to version 3.2.2.
-+
-Includes a fix for a link:https://issues.apache.org/jira/browse/COLLECTIONS-580[
-remote code execution exploit].
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3919[Issue 3919]:
-Explicitly set parent project to 'All-Projects' when a project is created
-without giving the parent.
-
-* Don't add message twice on abandon or restore via ssh review command.
-+
-When abandoning or reviewing a change via the ssh `review` command, and
-providing a message with the `--message` option, the message was added to
-the change twice.
-
-* Clear the input box after cancelling add reviewer action.
-+
-When the action was cancelled, the content of the input box was still
-there when opening it again.
-
-* Fix internal server error when aborting ssh command.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3969[Issue 3969]:
-Fix internal server error when submitting a change with 'Rebase If Necessary'
-strategy.
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.12.md#2.12.2[
+Release notes for Gerrit 2.12.2].
diff --git a/ReleaseNotes/ReleaseNotes-2.12.3.txt b/ReleaseNotes/ReleaseNotes-2.12.3.txt
index f51d739..06b18da 100644
--- a/ReleaseNotes/ReleaseNotes-2.12.3.txt
+++ b/ReleaseNotes/ReleaseNotes-2.12.3.txt
@@ -1,113 +1,5 @@
 = Release notes for Gerrit 2.12.3
 
-Gerrit 2.12.3 is now available:
-
-link:https://gerrit-releases.storage.googleapis.com/gerrit-2.12.3.war[
-https://gerrit-releases.storage.googleapis.com/gerrit-2.12.3.war]
-
-Gerrit 2.12.3 includes the bug fixes done with
-link:ReleaseNotes-2.11.8.html[Gerrit 2.11.8] and
-link:ReleaseNotes-2.11.9.html[Gerrit 2.11.9]. These bug fixes are *not*
-listed in these release notes.
-
-== Schema Upgrade
-
-*WARNING:* There are no schema changes from link:ReleaseNotes-2.12.2.html[
-2.12.2] but a manual schema upgrade is necessary when upgrading from 2.12.
-
-When upgrading a site that is already running version 2.12, the `patch_sets`
-table must be manually migrated using the `gerrit gsql` SSH command or the
-`gqsl` site program.
-
-For the default H2 database, execute the command:
-
-----
-  alter table patch_sets modify push_certficate clob;
-----
-
-For MySQL, execute the command:
-
-----
-  alter table patch_sets modify push_certficate text;
-----
-
-For PostgreSQL, execute the command:
-
-----
-  alter table patch_sets alter column push_certficate type text;
-----
-
-For other database types, execute the appropriate equivalent command.
-
-Note that the misspelled `push_certficate` is the actual name of the
-column.
-
-When upgrading from a version earlier than 2.12, or from 2.12.1 or 2.12.2
-having already done the migration, this manual step is not necessary and
-should be omitted.
-
-
-== Bug Fixes
-
-* Fix SSL security issue in the SMTP email relay.
-+
-The hostname of the SSL socket was not verified. This made the read
-from the socket insecure since without verifying the hostname it may
-be link:https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf[vulnerable
-to a man-in-the-middle attack].
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3895[Issue 3895]:
-Fix failure to submit with 'Rebase if Necessary' after changes were reordered
-with interactive rebase.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4052[Issue 4052]:
-Fix failure to start server after upgrade from version 2.9.4.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3891[Issue 3891]:
-Fix query with `label:` operator and zero value.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4112[Issue 4112]:
-Fix failure to submit changes caused by empty user edit ref.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4087[Issue 4087]:
-Fix failure to submit change when a branch is created on the change ref.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4155[Issue 4155]:
-Fix tags REST API to correctly return all tags.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4154[Issue 4154]:
-Add support for `.team` and several more TLDs in email address validation.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4163[Issue 4163]:
-Prevent removal of non-voting reviewers on submit of change.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=2647[Issue 2647]:
-Fix usage of `CTRL-C` on change screen.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4236[Issue 4236]:
-Fix internal error when pushing an amended commit with the `%edit` option.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3426[Issue 3426]:
-Fix pushing changes with `%base` option or `newChangeForAllNotInTarget` option.
-
-* Show 'Submitted Together' tab for changes with same topic.
-
-* Improve submit button tooltip messages shown when change is not submittable.
-
-* Fix firing of the `topic-changed` hook.
-
-* Remove `--dry-run` option from the `Reindex` site program.
-+
-The implementation of the option was removed, but the option was mistakenly
-added back to the command and did not actually work.
-
-* Print proper task names in the output of the `show-queues` command.
-
-* Replication plugin: Double check if a ref is missing locally before deleting
-from remote.
-
-* Show an error message when trying to add a non-existent group to an ACL.
-
-== Updates
-
-* Update commons-validator to 1.5.1.
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.12.md#2.12.3[
+Release notes for Gerrit 2.12.3].
diff --git a/ReleaseNotes/ReleaseNotes-2.12.4.txt b/ReleaseNotes/ReleaseNotes-2.12.4.txt
index 64252c6..8321efa 100644
--- a/ReleaseNotes/ReleaseNotes-2.12.4.txt
+++ b/ReleaseNotes/ReleaseNotes-2.12.4.txt
@@ -1,128 +1,5 @@
 = Release notes for Gerrit 2.12.4
 
-Gerrit 2.12.4 is now available:
-
-link:https://gerrit-releases.storage.googleapis.com/gerrit-2.12.4.war[
-https://gerrit-releases.storage.googleapis.com/gerrit-2.12.4.war]
-
-== Schema Upgrade
-
-*WARNING:* There are no schema changes from link:ReleaseNotes-2.12.3.html[
-2.12.3] but a manual schema upgrade is necessary when upgrading from 2.12.
-
-When upgrading a site that is already running version 2.12, the `patch_sets`
-table must be manually migrated using the `gerrit gsql` SSH command or the
-`gqsl` site program.
-
-For the default H2 database, execute the command:
-
-----
-  alter table patch_sets modify push_certficate clob;
-----
-
-For MySQL, execute the command:
-
-----
-  alter table patch_sets modify push_certficate text;
-----
-
-For PostgreSQL, execute the command:
-
-----
-  alter table patch_sets alter column push_certficate type text;
-----
-
-For other database types, execute the appropriate equivalent command.
-
-Note that the misspelled `push_certficate` is the actual name of the
-column.
-
-When upgrading from a version earlier than 2.12, or from 2.12.1 or 2.12.2
-having already done the migration, this manual step is not necessary and
-should be omitted.
-
-== Known Issues
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4323[Issue 4323]:
-'value too long for type character varying(255)' in patch_sets table when
-migrating to schema version 108.
-+
-This error may occur under some circumstances when running the schema
-migration from an earlier version of Gerrit.
-+
-On sites where this occurs, it can be fixed with a manual schema update
-according to the comments in the issue.
-
-== Bug Fixes
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4400[Issue 4400]:
-Fix `AlreadyClosedException` in Lucene index.
-+
-If a Lucene indexing thread was interrupted by an SSH connection being
-closed, this would also close file handles being used to read the index.
-+
-Lucene queries are now executed on background threads to isolate them
-from SSH threads.
-+
-This may also reduce latency for user dashboards on a multi-core system as
-each query for the different sections can now run on separate threads and
-return results when ready.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4249[Issue 4249]:
-Fix 'Duplicate stages not allowed' error during indexing.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4238[Issue 4238]:
-Fix 'not found' error when browsing tree in gitweb.
-+
-The `refs/heads/` prefix was incorrectly being added to `HEAD`, causing a
-'404 Not Found' error.
-
-* Allow to read repositories that do not end with `.git`.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4262[Issue 4262]:
-Fix GPG push certificate for first patch set of new changes.
-+
-The GPG certificate was not being set for the first patch set of new
-changes.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4296[Issue 4296]:
-Fix internal error when a query does not contain any token.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4241[Issue 4241]:
-Fix 'Cannot format velocity template' error when sending notification emails.
-
-* Fix `sshd.idleTimeout` setting being ignored.
-+
-The `sshd.idleTimeout` setting was not being correctly set on the SSHD
-backend, causing idle sessions to not time out.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4324[Issue 4324]:
-Set the correct uploader on new patch sets created via the inline editor.
-
-* Log a warning instead of failing when invalid commentlinks are configured.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4136[Issue 4136]:
-Fix support for `HEAD` requests in the REST API.
-+
-Sending a `HEAD` request failed with '404 Not Found'.
-
-* Return proper error response when trying to confirm an email that is already
-used by another user.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4318[Issue 4318]
-Fix 'Rebase if Necessary' merge strategy to prevent introducing a duplicate
-commit when submitting a merge commit.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4332[Issue 4332]:
-Allow `local` as a valid TLD for outgoing emails.
-
-* Bypass hostname verification when `sendemail.sslVerify` is disabled.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4398[Issue 4398]:
-Replication: Consider ref visibility when scheduling replication.
-+
-It was possible for refs to be replicated to remotes despite not being
-visible to groups mentioned in the `authGroup` setting.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4036[Issue 4036]:
-Fix hanging query when using `is:watched` without authentication.
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.12.md#2.12.4[
+Release notes for Gerrit 2.12.4].
diff --git a/ReleaseNotes/ReleaseNotes-2.12.5.txt b/ReleaseNotes/ReleaseNotes-2.12.5.txt
index 12d6870..4199fe0 100644
--- a/ReleaseNotes/ReleaseNotes-2.12.5.txt
+++ b/ReleaseNotes/ReleaseNotes-2.12.5.txt
@@ -1,101 +1,5 @@
 = Release notes for Gerrit 2.12.5
 
-Gerrit 2.12.5 is now available:
-
-link:https://gerrit-releases.storage.googleapis.com/gerrit-2.12.5.war[
-https://gerrit-releases.storage.googleapis.com/gerrit-2.12.5.war]
-
-== Schema Upgrade
-
-*WARNING:* There are no schema changes from link:ReleaseNotes-2.12.4.html[
-2.12.4] but a manual schema upgrade is necessary when upgrading from 2.12.
-
-When upgrading a site that is already running version 2.12, the `patch_sets`
-table must be manually migrated using the `gerrit gsql` SSH command or the
-`gqsl` site program.
-
-For the default H2 database, execute the command:
-
-----
-  alter table patch_sets modify push_certficate clob;
-----
-
-For MySQL, execute the command:
-
-----
-  alter table patch_sets modify push_certficate text;
-----
-
-For PostgreSQL, execute the command:
-
-----
-  alter table patch_sets alter column push_certficate type text;
-----
-
-For other database types, execute the appropriate equivalent command.
-
-Note that the misspelled `push_certficate` is the actual name of the
-column.
-
-When upgrading from a version earlier than 2.12, or from 2.12.1 or 2.12.2
-having already done the migration, this manual step is not necessary and
-should be omitted.
-
-== Known Issues
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4323[Issue 4323]:
-'value too long for type character varying(255)' in patch_sets table when
-migrating to schema version 108.
-+
-This error may occur under some circumstances when running the schema
-migration from an earlier version of Gerrit.
-+
-On sites where this occurs, it can be fixed with a manual schema update
-according to the comments in the issue.
-
-== New Features
-
-* New preference to enable line wrapping in diff screen and inline editor.
-
-== Bug Fixes
-
-* Fix the diff and edit preference dialogs for smaller screens.
-+
-On smaller screens the options at the bottom of the dialogs would
-get cut off, making it difficult to change them.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4521[Issue 4521]:
-Fix internal server error during validation of email addresses.
-+
-When creating a new account or adding a new email address to an existing
-account, the email validation crashed.
-
-* Lucene stability improvements.
-+
-Each Lucene index is now written using a dedicated background thread. Lucene
-threads may not be cancelled, to prevent interruptions while writing.
-
-* Don't try to change username that is already set.
-+
-Since Gerrit version 2.1.4 it is not allowed to change the username once
-it has been set, and attempting to do so results in an exception.
-+
-If `ldap.accountSshUserName` is set in the `gerrit.config` using
-`${userPrincipalName.localPart}` to initialize the username from the user's
-email address, and then the email address is changed, the username gets
-resolved to something different and the account manager tried to change it.
-As a result, an exception was raised and the user could no longer log in.
-+
-Instead of trying to change the username, a warning is logged.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4006[Issue 4006]:
-Prevent search limit parameter from exceeding maximum integer value.
-
-* Fix internal server error when generating task names.
-
-* Print proper names for query tasks in the output of the `show-queue` command.
-
-* Double-check change status when auto-abandoning changes.
-+
-It was possible that changes could be updated in the time between the query
-results being returned and the change being abandoned.
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.12.md#2.12.5[
+Release notes for Gerrit 2.12.5].
diff --git a/ReleaseNotes/ReleaseNotes-2.12.txt b/ReleaseNotes/ReleaseNotes-2.12.txt
index 84644e8..3eae5e4 100644
--- a/ReleaseNotes/ReleaseNotes-2.12.txt
+++ b/ReleaseNotes/ReleaseNotes-2.12.txt
@@ -1,562 +1,5 @@
 = Release notes for Gerrit 2.12
 
-
-Gerrit 2.12 is now available:
-
-link:https://www.gerritcodereview.com/download/gerrit-2.12.war[
-https://www.gerritcodereview.com/download/gerrit-2.12.war]
-
-== Important Notes
-
-*WARNING:* This release contains schema changes.  To upgrade:
-----
-  java -jar gerrit.war init -d site_path
-----
-
-*WARNING:* To use online reindexing when upgrading to 2.12.x, the server must
-first be upgraded to 2.8 (or 2.9) and then through 2.10 and 2.11 to 2.12.x. If
-reindexing will be done offline, you may ignore this warning and upgrade directly
-to 2.12.x.
-
-*WARNING:* When upgrading from version 2.8.4 or older with a site that uses
-Bouncy Castle Crypto, new versions of the libraries will be downloaded. The old
-libraries should be manually removed from site's `lib` folder to prevent the
-startup failure described in
-link:https://code.google.com/p/gerrit/issues/detail?id=3084[issue 3084].
-
-*WARNING:* The Solr secondary index is no longer supported. With this release
-the only supported secondary index is Lucene.
-
-*WARNING:* The format of the `ref-updated` event has changed. Users of the
-link:https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger[
-Jenkins Gerrit Trigger plugin] with jobs triggering on `ref-updated` should
-upgrade to at least
-link:https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger#GerritTrigger-Version2.15.1%28releasedSept142015%29[
-version 2.15.1]. If an upgrade of the plugin is not possible, a workaround is
-to change the branch configuration to type `Path` with a pattern like
-`refs/*/master` instead of `Plain` and `master`.
-
-
-== Release Highlights
-
-This release includes the following new features. See the sections below for
-further details.
-
-* New change submission workflows: 'Submit Whole Topic' and 'Submitted Together'.
-
-* Support for GPG Keys and signed pushes.
-
-
-== New Features
-
-=== New Change Submission Workflows
-
-* New 'Submit Whole Topic' setting.
-+
-When the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#change.submitWholeTopic[
-`change.submitWholeTopic`] setting is enabled, all changes belonging to the same
-topic will be submitted at the same time.
-+
-This setting should be considered experimental, and is disabled by default.
-
-* Submission of changes may include ancestors.
-+
-If a change is submitted that has submittable ancestor changes, those changes
-will also be submitted.
-
-* The merge queue is removed.
-+
-Changes that cannot be submitted due to missing dependencies will no longer
-enter the 'Submitted, Merge Pending' state.
-
-
-=== GPG Keys and Signed Pushes
-
-* Signed push can be enabled by setting
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.enableSignedPush[
-`receive.enableSignedPush`] to true.
-+
-When a client pushes with `git push --signed`, Gerrit ensures that the push
-certificate is valid and signed with a valid public key stored in the
-`refs/meta/gpg-keys` branch of the `All-Users` repository.
-
-* When signed push is enabled, and
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#gerrit.editGpgKeys[
-`gerrit.editGpgKeys`] is set to true, users may upload their public GPG
-key via the REST API or UI.
-+
-If this setting is not enabled, GPG keys may only be added by administrators
-with direct access to the `All-Users` repository.
-
-* Administrators may also configure
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.certNonceSeed[
-`receive.certNonceSeed`] and
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.certNonceSlop[
-`receive.certNonceSlop`].
-
-
-=== Secondary Index
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3333[Issue 3333]:
-Support searching for changes by author and committer.
-+
-Changes are indexed by the git author and committer of the latest patch set,
-and can be searched with the `author:` and `committer:` operators.
-+
-Changes are matched on either the exact whole email address, or on parts of the
-name or email address.
-
-* Add `from:` search operator to match by owner of change or author of comments.
-
-* Add `commentby:` search operator to search by author of comments.
-
-* Change the `topic:` search operator to search by the exact topic name.
-
-* Add `intopic:` search operator to search by topics containing the search term.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3291[Issue 3291]:
-Add `has:edit` search operator to match changes that have edit revisions on them.
-
-* Allow configuration of maximum query size.
-+
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#index.maxTerms[
-`index.maxTerms`] can be set to limit the number of leaf index terms.
-
-* Expose Lucene index writers for plugins.
-+
-Plugins can now reconfigure various Lucene performance related parameters
-at runtime.
-
-* Make Lucene index writers auto-commit writers.
-+
-Plugins can now temporarily turn on auto-committing in situations where it makes
-sense to enforce all changes to be written to disk ASAP.
-
-
-=== UI
-
-==== General
-
-* Edit and diff preferences can be modified from the user preferences screen.
-+
-Previously it was only possible to edit these preferences from the actual
-diff and edit screens.
-
-* Add 'Edits' to the 'My' dashboard menu to list changes on which the user
-has an unpublished edit revision.
-
-* Support for URL aliases.
-+
-Administrators may define
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#urlAlias[
-URL aliases] to map plugin screens into the Gerrit URL namespace.
-+
-Plugins may use user-specific URL aliases to replace certain screens for certain
-users.
-
-
-==== Project Screen
-
-* New tab to list the project's tags, similar to the branch list.
-
-
-==== Inline Editor
-
-* Store and load edit preferences in git.
-+
-Edit preferences are stored and loaded to/from the `All-Users` repository.
-
-* Add 'auto close brackets' feature.
-
-* Add 'match brackets' feature.
-
-* Make the cursor blink rate customizable.
-
-* Add support for Emacs and Vim key maps.
-
-
-==== Change Screen
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3318[Issue 3318]:
-Highlight 'Reply' button if there are draft comments on any patch set.
-+
-If any patch set of the change has a draft comment by the current user,
-the 'Reply' button is highlighted.
-+
-The icons depicting draft comments are removed from the revisions drop-down
-list.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=1100[Issue 1100]:
-Publish all draft comments when replying to a change.
-+
-All draft comments, including those on older patch sets, are published when
-replying to a change.
-
-* Show file size increase/decrease for binary files.
-
-* Show uploader if different from change owner.
-
-* Show push certificate status.
-
-* Show change subject as tooltip on related changes list.
-+
-This helps to identify changes when the subject is truncated in the list.
-
-
-==== Side-By-Side Diff
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3293[Issue 3293]:
-Add syntax highlighting for Puppet.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3447[Issue 3447]:
-Add syntax highlighting for VHDL.
-
-
-==== Group Screen
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=1479[Issue 1479]:
-The group screen now includes an 'Audit Log' panel showing member additions,
-removals, and the user who made the change.
-
-
-=== API
-
-Several new APIs are added.
-
-==== Accounts
-
-* Suggest accounts.
-
-==== Tags
-
-* List tags.
-
-* Get tag.
-
-
-=== REST API
-
-New REST API endpoints and new options on existing endpoints.
-
-
-==== Accounts
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#set-username[
-Set Username]: Set the username of an account.
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#get-detail[
-Get Account Details]: Get the details of an account.
-+
-In addition to the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#account-info[
-AccountInfo] fields returned by the existing
- link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#get-account[
-Get Account] endpoint, the new REST endpoint returns the registration date of
-the account and the timestamp of when contact information was filed for this
-account.
-
-
-==== Changes
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#set-review[
-Set Review]: Add an option to omit duplicate comments.
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#get-safe-content[
-Download Content]: Download the content of a file from a certain revision, in a
-safe format that poses no risk for inadvertent execution of untrusted code.
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#submitted-together[
-Get Submitted Together]: Get the list of all changes that will be submitted at
-the same time as the change.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=1100[Issue 1100]:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#set-review[
-Set Review]: Add an option to publish draft comments on all revisions.
-
-==== Config
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-config.html#get-info[
-Get Server Info]: Return information about the Gerrit server configuration.
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-config.html#confirm-email[
-Confirm Email]: Confirm that the user owns an email address.
-
-
-==== Groups
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-groups.html#list-group[
-List Groups]: Add option to suggest groups.
-+
-This allows group auto-completion to be used in a plugin's UI.
-
-*  link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-groups.html#get-audit-log[
-Get Audit Log]: Get the audit log of a Gerrit internal group, showing member
-additions, removals, and the user who made the change.
-
-
-==== Projects
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-projects.html#run-gc[
-Run GC]: Add `aggressive` option to specify whether or not to run an aggressive
-garbage collection.
-
-* link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-projects.html#list-tags[
-List Tags]: Support filtering by substring and regex, and pagination with
-`--start` and `--end`.
-
-
-=== SSH
-
-* Add support for ZLib Compression.
-+
-To enable compression use the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#sshd.enableCompression[
-`sshd.enableCompression` setting].
-
-* Add support for hmac-sha2-256 and hmac-sha2-512 as MACs.
-
-=== Plugins
-
-==== General
-
-* Gerrit client can now pass JavaScriptObjects to extension panels.
-
-* New UI extension point for header bar in change screen.
-
-* New UI extension point to password screen.
-
-* New UI extension points to project info screen.
-
-* New UI extension point for pop down buttons on change screen.
-
-* New UI extension point for buttons in header bar on change screen.
-
-* New UI extension point at bottom of the user preferences screen.
-
-* New UI extension point for the 'Included In' drop-down panel.
-+
-By implementing the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/dev-plugins.html#included-in[
-Included In interface], plugins may add entries to the 'Included In' dropdown
-menu on the change screen.
-
-* Plugins can extend Gerrit screens with GWT controls.
-
-* Plugins can add custom settings screens.
-
-* Referencing groups in `project.config`.
-+
-Plugins can refer to groups so that when they are renamed, the project
-config will also be updated in this section.
-
-* API
-
-** Allow to use `CurrentSchemaVersion`.
-
-** Allow to use `InternalChangeQuery.query()`.
-
-** Allow to use `JdbcUtil.port()`.
-
-** Allow to use GWTORM `Key` classes.
-
-
-=== Other
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3401[Issue 3401]:
-Add option to
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#sendemail.allowRegisterNewEmail[
-disable registration of new email addresses].
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=2061[Issue 2061]
-Add Support for `git-upload-archive`.
-+
-This allows use the standard `git archive` command to create an archive
-of the content of a repository.
-
-* Add a background job to automatically abandon inactive changes.
-+
-The
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#changeCleanup[
-changeCleanup] configuration can be set to periodically check for inactive
-changes and automatically abandon them.
-
-* Add support for the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/database-setup.html#createdb_db2[
-DB2 database].
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3441[Issue 3441]:
-Add support for the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/database-setup.html#createdb_derby[
-Apache Derby database].
-
-* Download commands plugin: Use commit IDs for download commands when change refs are hidden.
-+
-Git has a configuration option to hide refs from the initial advertisement
-(`uploadpack.hideRefs`). This option can be used to hide the change refs from
-the client. As consequence this prevented fetching changes by change ref from
-working.
-+
-Setting `download.checkForHiddenChangeRefs` in the `gerrit.config` to true
-allows the download commands plugin to check for hidden change refs.
-
-* Add a new 'Maintain Server' global capability.
-+
-Members of a group with the 'Maintain Server' capability may view caches, tasks,
-and queues, and invoke the index REST API on changes.
-
-
-== Bug Fixes
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3499[Issue 3499]:
-Fix syntax highlighting of raw string literals in go.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3643[Issue 3643]:
-Fix syntax highlighting of ES6 string templating using backticks.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3653[Issue 3653]:
-Correct timezone in sshd log after DST change.
-+
-When encountering a DST switch, the timezone wasn't updated until
-the server was reloaded.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3306[Issue 3306]:
-Allow admins to read, push and create on `refs/users/default`.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3212[Issue 3212]:
-Fix failure to run `init` when `--site-path` option is not explicitly given.
-
-* Make email validation case insensitive.
-+
-While link:https://tools.ietf.org/html/rfc5321#section-2.3.11[
-RFC 5321 section 2.3.11] allows for the local-part (the part left of
-the '@') of an email address to be case sensitive, the domain portion is
-case insensitive according to
-link:https://tools.ietf.org/html/rfc1035#section-3.1[RFC 1035 section 3.1].
-And in practice, even the local-part is typically case insensitive also.
-
-* `commit-msg` hook: Don't add `Change-Id` line on temporary commits.
-+
-Commits created with `git commit --fixup` or `git commit --squash` are not
-intended to be pushed to Gerrit, and don't need a `Change-Id` line.
-+
-This also prevents changes from being accidentally uploaded, at least for
-projects that have the 'Require Change-Id' configuration enabled.
-
-* link:http://code.google.com/p/gerrit/issues/detail?id=3444[Issue 3444]:
-download-commands plugin: Fix clone with commit-msg hook when project name
-contains '/'.
-
-* Use full ref name in `refName` attribute of `ref-updated` events.
-+
-The link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/json.html#refUpdate[
-refUpdate attribute] in `ref-updated` events did not include the full name
-of the ref in the `refName` attribute, i.e. `master` was used instead of
-`refs/heads/master`.
-+
-Support for the new format is added in
-link:https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger#GerritTrigger-Version2.15.1%28releasedSept142015%29[
-version 2.15.1 of the Jenkins Gerrit Trigger plugin].
-+
-Users who are unable to upgrade the plugin may instead change the
-trigger's branch configuration to type `Path` with a pattern like
-`refs/*/master` instead of `Plain` and `master`.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3714[Issue 3714]:
-Improve visibility of comments on dark themes.
-
-* Fix highlighting of search results and trailing whitespaces in intraline
-diff chunks.
-
-* Fix server error when listing annotated/signed tag that has no tagger info.
-
-* Don't create new account when claimed OAuth identity is unknown.
-+
-The Claimed Identity feature was enabled to support old Google OpenID accounts,
-that cannot be activated anymore. In some corner cases, when for example the URL
-is not from the production Gerrit site, for example on a staging instance, the
-OpenID identity may deviate from the original one. In case of mismatch, the lookup
-of the user for the claimed identity would fail, causing a new account to be
-created.
-
-* Suggest to upgrade installed plugins per default during site initialization
-to new Gerrit version.
-+
-The default was 'No' which resulted in some sites not upgrading core
-plugins and running the wrong versions.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3698[Issue 3698]:
-Fix creation of the administrator user on databases with pre-allocated
-auto-increment column values.
-+
-When using a database configuration where auto-increment column values are
-pre-allocated, it was possible that the 'Administrators' group was created
-with an ID other than `1`. In this case, the created admin user was not added
-to the correct group, and did not have the correct admin permissions.
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=3018[Issue 3018]:
-Fix query for changes using a label with a group operator.
-+
-The `group` operator was being ignored when searching for changes with labels
-because the search index does not contain group information.
-
-* Fix online reindexing of changes that don't already exist in the index.
-+
-Changes are now always reloaded from the database during online reindex.
-
-* Fix reading of plugin documentation.
-+
-Under some circumstances it was possible to fail with an IO error.
-
-== Documentation Updates
-
-* link:https://code.google.com/p/gerrit/issues/detail?id=412[Issue 412]:
-Update documentation of `commentlink.match` regular expression to clarify
-that the expression is applied to the rendered HTML.
-
-* Remove warning about unstable change edit REST API endpoints.
-+
-These endpoints should be considered stable since version 2.11.
-
-* Document that `ldap.groupBase` and `ldap.accountBase` are repeatable.
-
-== Upgrades
-
-* Upgrade Asciidoctor to 1.5.2
-
-* Upgrade AutoValue to 1.1
-
-* Upgrade Bouncy Castle to 1.52
-
-* Upgrade CodeMirror to 5.7
-
-* Upgrade gson to 2.3.1
-
-* Upgrade guava to 19.0-RC2
-
-* Upgrade gwtorm to 1.14-20-gec13fdc
-
-* Upgrade H2 to 1.3.176
-
-* Upgrade httpcomponents to 4.4.1
-
-* Upgrade Jetty to 9.2.13.v20150730
-
-* Upgrade JGit to 4.1.1.201511131810-r
-
-* Upgrade joda-time to 2.8
-
-* Upgrade JRuby to 1.7.18
-
-* Upgrade jsch to 0.1.53
-
-* Upgrade JUnit to 4.11
-
-* Upgrade Lucene to 5.3.0
-
-* Upgrade Prolog Cafe 1.4.1
-
-* Upgrade servlet API to 8.0.24
-
-* Upgrade Truth to version 0.27
-
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.12.md[
+Release notes for Gerrit 2.12].
diff --git a/ReleaseNotes/ReleaseNotes-2.13.1.txt b/ReleaseNotes/ReleaseNotes-2.13.1.txt
index 958e726..7b27ad3 100644
--- a/ReleaseNotes/ReleaseNotes-2.13.1.txt
+++ b/ReleaseNotes/ReleaseNotes-2.13.1.txt
@@ -1,21 +1,5 @@
 = Release notes for Gerrit 2.13.1
 
-Gerrit 2.13.1 is now available:
-
-link:https://gerrit-releases.storage.googleapis.com/gerrit-2.13.1.war[
-https://gerrit-releases.storage.googleapis.com/gerrit-2.13.1.war]
-
-== Schema Upgrade
-
-There are no schema changes from link:ReleaseNotes-2.13.html[2.13].
-
-== Bug Fixes
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4618[Issue 4618]:
-Fix internal server error after online reindexing completed.
-
-* Fix internal server error when cloning from slaves and not all refs are
-visible.
-
-* Fix JSON deserialization error causing stream event client to no longer receive
-events.
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.13.md#2.13.1[
+Release notes for Gerrit 2.13.1].
diff --git a/ReleaseNotes/ReleaseNotes-2.13.2.txt b/ReleaseNotes/ReleaseNotes-2.13.2.txt
index c7be976..72bd218 100644
--- a/ReleaseNotes/ReleaseNotes-2.13.2.txt
+++ b/ReleaseNotes/ReleaseNotes-2.13.2.txt
@@ -1,46 +1,5 @@
 = Release notes for Gerrit 2.13.2
 
-Gerrit 2.13.2 is now available:
-
-link:https://gerrit-releases.storage.googleapis.com/gerrit-2.13.2.war[
-https://gerrit-releases.storage.googleapis.com/gerrit-2.13.2.war]
-
-== Schema Upgrade
-
-There are no schema changes from link:ReleaseNotes-2.13.1.html[2.13.1].
-
-== Bug Fixes
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4630[Issue 4630]:
-Fix server error when navigating up to change while 'Working' is displayed.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4631[Issue 4631]:
-Read project watches from database.
-+
-Project watches were being read from the git backend by default, but the
-migration to git is not yet completed.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4632[Issue 4632]:
-Fix server error when deleting multiple SSH keys from the Web UI.
-+
-Attempting to delete multiple keys in parallel resulted in a lock failure
-when removing the keys from the git backend.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4645[Issue 4645]:
-Fix malformed account suggestions.
-+
-If the query contained several query terms and one of the query terms was
-a substring of 'strong', the suggestion was malformed.
-
-* Hooks plugin: Fix incorrect value passed to `--change-url` parameter.
-+
-The URL was being generated using the change's Change-Id rather than the
-change number.
-
-* Check for CLA when creating project config changes from the web UI.
-+
-If contributor agreements were enabled and required for a project, and
-the user had not signed a CLA, it was still possible to upload changes
-for review on `refs/meta/config` by making changes in the project access
-editor and pressing 'Save for Review'.
-
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.13.md#2.13.2[
+Release notes for Gerrit 2.13.2].
diff --git a/ReleaseNotes/ReleaseNotes-2.13.txt b/ReleaseNotes/ReleaseNotes-2.13.txt
index 0afca1a..b3e125d 100644
--- a/ReleaseNotes/ReleaseNotes-2.13.txt
+++ b/ReleaseNotes/ReleaseNotes-2.13.txt
@@ -1,471 +1,5 @@
 = Release notes for Gerrit 2.13
 
-
-Gerrit 2.13 is now available:
-
-link:https://www.gerritcodereview.com/download/gerrit-2.13.war[
-https://www.gerritcodereview.com/download/gerrit-2.13.war]
-
-
-== Important Notes
-
-*WARNING:* This release contains schema changes.  To upgrade:
-----
-  java -jar gerrit.war init -d site_path
-----
-
-*WARNING:* To use online reindexing for `changes` secondary index when upgrading
-to 2.13.x, the server must first be upgraded to 2.8 (or 2.9) and then through
-2.10, 2.11 and 2.12. Skipping a version will prevent the online reindexer from
-working.
-
-Gerrit 2.13 introduces a new secondary index for accounts, and this must be
-indexed offline before starting Gerrit:
-----
-  java -jar gerrit.war reindex --index accounts -d site_path
-----
-
-If reindexing will be done offline, you may ignore these warnings and upgrade
-directly to 2.13.x using the following command that will reindex both `changes`
-and `accounts` secondary indexes:
-----
-  java -jar gerrit.war reindex -d site_path
-----
-
-*WARNING:* The server side hooks functionality is moved to a core plugin. Sites
-that make use of server side hooks must install this plugin during site init.
-
-
-== Release Highlights
-
-* Support for Large File Storage (LFS).
-
-* Metrics interface.
-
-* Hooks plugin.
-
-* Secondary index for accounts.
-
-* File annotations (blame) in side-by-side diff.
-
-== New Features
-
-=== Large File Storage (LFS)
-
-Gerrit provides an
-link:https://gerrit-review.googlesource.com/Documentation/2.13/dev-plugins.html#lfs-extension[
-extension point] that enables development of plugins implementing the
-link:https://github.com/github/git-lfs/blob/master/docs/api/v1/http-v1-batch.md[
-LFS protocol].
-
-By setting
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#lfs.plugin[
-`lfs.plugin`] the administrator can configure the name of the plugin
-which handles LFS requests.
-
-=== Access control for git submodule subscriptions
-
-To prevent potential security breaches as described in
-link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3311[issue 3311],
-it is now only possible for a project to subscribe to a submodule if the
-submodule explicitly allows itself to be subscribed.
-
-Please see the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-submodules.html[
-submodules user guide] for details.
-
-Note that when upgrading from an earlier version of Gerrit, permissions for
-any existing subscriptions will be automatically added during the database
-schema migration.
-
-=== Metrics
-
-Metrics about Gerrit's internal state can be sent to external
-monitoring systems.
-
-Plugins can provide implementations of the metrics interface to
-report metrics to different monitoring systems. The following
-plugins are available:
-
-* link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-jmx[
-JMX]
-
-* link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-graphite[
-Graphite]
-
-* link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-elasticsearch[
-Elasticsearch]
-
-Plugins can also provide their own metrics.
-
-See the link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/metrics.html[
-metrics documentation] for further details.
-
-=== Hooks
-
-Server side hooks are moved to the
-link:https://gerrit-review.googlesource.com/#/admin/projects/plugins/hooks[
-hooks plugin]. Sites that make use of server side hooks should install this
-plugin. After installing the plugin, no additional configuration is needed.
-The plugin uses the same configuration settings in `gerrit.config`.
-
-=== Secondary Index
-
-* The secondary index now supports indexing of accounts.
-+
-The link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/pgm-reindex.html[
-reindex program] by default reindexes all changes and accounts. A new
-option allows to explicitly specify whether to reindex changes or accounts.
-+
-The `suggest.fullTextSearch`, `suggest.fullTextSearchMaxMatches` and
-`suggest.fullTextSearchRefresh` configuration options are removed. Full text
-search is supported by default with the account secondary index.
-
-* New ssh command to
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/cmd-index-changes.html[
-reindex changes].
-
-
-=== UI
-
-* The UI can now be loaded in an iFrame by enabling
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#gerrit.canLoadInIFrame[
-gerrit.canLoadInIFrame] in the site configuration.
-
-==== Change Screen
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=106[Issue 106]:
-Allow to select merge commit's parent for diff base in change screen.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3035[Issue 3035]:
-Allow to remove specific votes from a change, while leaving the reviewer on the
-change.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3487[Issue 3487]:
-Use 'Ctrl-Alt-e' instead of 'e' to open edit mode.
-
-==== Diff Screens
-
-* Add all syntax highlighting available in CodeMirror.
-
-* Improve search experience in diff screen
-+
-Ctrl-F, Ctrl-G and Shift-Ctrl-G now bind to the search dialog box provided by
-CodeMirror's search add-on. Enter and Shift-Enter navigate among the search
-results from the CodeMirror search, just like they do in a normal browser
-search. Esc now clears the search result.
-+
-If the user sets `Render` to `Slow` in the diff preferences and the file is less
-than 4000 lines (huge), then Ctrl-F, Ctrl-G and Shift-Ctrl-G fall back to the
-browser search.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=2968[Issue 2968]:
-Allow to go back to change list by keyboard shortcut from diff screens.
-
-==== Side-By-Side Diff Screen
-
-* Blame annotations
-+
-By enabling
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#change.allowBlame[
-`change.allowBlame`], blame annotations can be shown in the side-by-side diff
-screen gutter. Clicking the annotation opens the relevant change.
-
-==== User Preferences
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=989[Issue 989]:
-New option to control email notifications.
-+
-Users can now choose between 'Enabled', 'Disabled' and 'CC Me on Comments I Write'.
-
-* New option to control adding 'Signed-off-by' footer in commit message of new changes
-created online.
-
-* New option to control auto-indent width in inline editor.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=890[Issue 890]:
-New diff option to control whether to skip unchanged files when navigating to
-the previous or the next file.
-
-=== Changes
-
-In order to avoid potentially confusing behavior, when submitting changes in a
-batch, submit type rules may not be used to mix submit types on a single branch,
-and trying to submit such a batch will fail.
-
-=== REST API
-
-==== Accounts
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3766[Issue 3766]:
-Allow users with the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/access-control.html#capability_modifyAccount[
-'ModifyAccount' capability] to get the preferences for other users via the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-user-preferences[
-Get User Preferences] endpoint.
-
-* Rename 'Suggest Account' to
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#query-account[
-'Query Account'] and add support for arbitrary account queries.
-+
-The `_more_accounts` flag is set on the last result when there are more results
-than the limit. The `DETAILS` and `ALL_EMAILS` options may be set to control
-whether the results should include details (full name, email, username, avatars)
-and all emails, respectively.
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-watched-projects[
-Get Watched Projects].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#set-watched-projects[
-Set Watched Projects].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#delete-watched-projects[
-Delete Watched Projects].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-stars[
-Get Star Labels from Change].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#set-stars[
-Update Star Labels on Change].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-oauth-token[
-Get OAuth Access Token].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#list-contributor-agreements[
-List Contributor Agreements].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#sign-contributor-agreement[
-Sign Contributor Agreement].
-
-==== Changes
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3579[Issue 3579]:
-Append submitted info to ChangeInfo.
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-changes.html#move-change[
-Move Change].
-
-==== Groups
-
-* Add `-s` as an alias for `--suggest` on the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-groups.html#suggest-group[
-Suggest Group] endpoint.
-
-==== Projects
-
-* Add `async` option to the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#run-gc[
-Run GC] endpoint to allow garbage collection to run asynchronously.
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#get-access[
-List Access Rights].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#set-access[
-Add, Update and Delete Access Rights].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#create-tag[
-Create Tag].
-
-* New endpoint:
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#get-mergeable-info[
-Get Mergeable Information].
-
-=== Plugins
-
-* Secure settings
-+
-Plugins may now store secure settings in `etc/$PLUGIN.secure.config` where they
-will be decoded by the Secure Store implementation.
-
-* Exported dependencies
-+
-Gson is now an exported dependency. Plugins no longer need to explicitly add
-a dependency on it.
-
-=== Misc
-
-* New project option to reject implicit merge commits.
-+
-The 'Reject Implicit Merges' option can be enabled to prevent non-merge commits
-from implicitly bringing unwanted changes into a branch. This can happen for
-example when a commit is made based on one branch but is mistakenly pushed to
-another, for example based on `refs/heads/master` but pushed to `refs/for/stable`.
-
-* New link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/access-control.html#category_add_patch_set[
-Add Patch Set capability] to control who is allowed to upload a new patch
-set to an existing change.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4015[Issue 4015]:
-Allow setting a
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-upload.html#message[
-comment message] when uploading a change.
-
-* Allow to specify
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-upload.html#notify[
-who should be notified by email] when uploading a change.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3220[Issue 3220]:
-Append approval info to every comment-added stream event and hook.
-
-* The `administrateServer` capability can be assigned to groups by setting
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#capability.administrateServer[
-capability.administrateServer] in the site configuration.
-+
-Configuring this option can be a useful fail-safe to recover a server in the
-event an administrator removed all groups from the `administrateServer`
-capability, or to ensure that specific groups always have administration
-capabilities.
-
-* New configuration options to configure JGit repository cache parameters.
-+
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#core.repositoryCacheCleanupDelay[
-core.repositoryCacheCleanupDelay] and
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#core.repositoryCacheExpireAfter[
-core.repositoryCacheExpireAfter] can be configured.
-
-* Accept `-b` as an alias of `--batch` in the
-link:https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/pgm-init.html[
-init program].
-
-
-== Bug Fixes
-
-* Don't add the same SSH key multiple times.
-+
-If an already existing SSH key was added, a duplicate entry was added to the
-list of user's SSH keys.
-
-* Respect the 'Require a valid contributor agreement to upload' setting
-when creating changes via the UI.
-+
-If a user had not signed a CLA, it was still possible for them to create a new
-change with the 'Revert' or 'Cherry Pick' button.
-
-* Make Lucene index more stable when being interrupted.
-
-* Don't show the `start` and `idle` columns in the `show-connections`
-output when the ssh backend is NIO2.
-+
-The NIO2 backend doesn't provide the start and idle times, and the
-values being displayed were just dummy values. Now these values are
-only displayed for the MINA backend.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4150[Issue 4150]:
-Deleting a draft inline comment no longer causes the change's `Updated` field to
-be bumped.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4099[Issue 4099]:
-Fix SubmitWholeTopic does not update subscriptions.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3603[Issue 3603]:
-Fix editing a submodule via inline edit.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4069[Issue 4069]:
-Fix highlights in scrollbar overview ruler not moved when extending the
-displayed area.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3446[Issue 3446]:
-Respect the `Skip Deleted` diff preference.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3445[Issue 3445]:
-Respect the `Skip Uncommented` diff preference.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4051[Issue 4051]:
-Fix empty `From` email header.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3423[Issue 3423]:
-Fix intraline diff for added spaces.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=1867[Issue 1867]:
-Remove `no changes made` error case when the only difference between a new
-commit and the previous patch set of the change is the committer.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3831[Issue 3831]:
-Prevent creating groups with the same name as a system group.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=3754[Issue 3754]:
-Fix `View All Accounts` permission to allow accounts REST endpoint to access
-email info.
-
-* Make `gitweb.type` default to `disabled` when not explicitly set.
-+
-Previously the behavior was not documented and it would default to type
-`gitweb`. In cases where there was no gitweb config at all, this would
-result in broken links due to `null` being used as the URL.
-
-* link:https://bugs.chromium.org/p/gerrit/issues/detail?id=4488[Issue 4488]:
-Improve error message when `Change-Id` line is missing in commit message.
-+
-The error message now includes the sha1 of the commit, so that it is
-easier to track down which commit failed validation when multiple commits
-are pushed at the same time.
-
-* Don't check mergeability of draft changes.
-+
-Draft changes can be deleted but not abandoned so there is no way for
-an administrator to get rid of the them on behalf of the users. This can
-become a problem when there many draft changes because the mergeability
-check can be costly.
-+
-The mergeability check is no longer done for draft changes, but will be
-done when the draft change is published.
-
-* Fix internal server error when plugin-provided file history weblink
-is null.
-+
-It is valid for a plugin to provide a null weblink, but doing so resulted
-in an internal server error.
-
-== Dependency updates
-
-* Add dependency on blame-cache 0.1-9
-
-* Add dependency on guava-retrying 2.0.0
-
-* Add dependency on jsr305 3.0.1
-
-* Add dependency on metrics-core 3.1.2
-
-* Upgrade auto-value to 1.3-rc1
-
-* Upgrade commons-net to 3.5
-
-* Upgrade CodeMirror to 5.17.0
-
-* Upgrade Guava to 19.0
-
-* Upgrade Gson to 2.7
-
-* Upgrade Guice to 4.1.0
-
-* Upgrade gwtjsonrpc to 1.9
-
-* Upgrade gwtorm to 1.15
-
-* Upgrade javassist to 3.20.0-GA
-
-* Upgrade Jetty to 9.2.14.v20151106
-
-* Upgrade JGit to 4.5.0.201609210915-r
-
-* Upgrade joda-convert to 1.8.1
-
-* Upgrade joda-time to 2.9.4
-
-* Upgrade Lucene to 5.5.0
-
-* Upgrade mina to 2.0.10
-
-* Upgrade sshd-core to 1.2.0
+Release notes have been moved to the project homepage:
+link:https://www.gerritcodereview.com/releases/2.13.md[
+Release notes for Gerrit 2.13].
diff --git a/ReleaseNotes/config.defs b/ReleaseNotes/config.defs
deleted file mode 100644
index 86b7603..0000000
--- a/ReleaseNotes/config.defs
+++ /dev/null
@@ -1,14 +0,0 @@
-def release_notes_attributes():
-  return [
-    'toc',
-    'newline="\\n"',
-    'asterisk="&#42;"',
-    'plus="&#43;"',
-    'caret="&#94;"',
-    'startsb="&#91;"',
-    'endsb="&#93;"',
-    'tilde="&#126;"',
-    'last-update-label!',
-    'stylesheet=DEFAULT',
-    'linkcss=true',
-  ]
diff --git a/ReleaseNotes/index.txt b/ReleaseNotes/index.txt
index bba07dc..79d0827 100644
--- a/ReleaseNotes/index.txt
+++ b/ReleaseNotes/index.txt
@@ -2,18 +2,18 @@
 
 [[s2_13]]
 == Version 2.13.x
-* link:ReleaseNotes-2.13.2.html[2.13.2]
-* link:ReleaseNotes-2.13.1.html[2.13.1]
-* link:ReleaseNotes-2.13.html[2.13]
+* link:https://www.gerritcodereview.com/releases/2.13.md#2.13.2[2.13.2]
+* link:https://www.gerritcodereview.com/releases/2.13.md#2.13.1[2.13.1]
+* link:https://www.gerritcodereview.com/releases/2.13.md[2.13]
 
 [[s2_12]]
 == Version 2.12.x
-* link:ReleaseNotes-2.12.5.html[2.12.5]
-* link:ReleaseNotes-2.12.4.html[2.12.4]
-* link:ReleaseNotes-2.12.3.html[2.12.3]
-* link:ReleaseNotes-2.12.2.html[2.12.2]
-* link:ReleaseNotes-2.12.1.html[2.12.1]
-* link:ReleaseNotes-2.12.html[2.12]
+* link:https://www.gerritcodereview.com/releases/2.12.md#2.12.5[2.12.5]
+* link:https://www.gerritcodereview.com/releases/2.12.md#2.12.4[2.12.4]
+* link:https://www.gerritcodereview.com/releases/2.12.md#2.12.3[2.12.3]
+* link:https://www.gerritcodereview.com/releases/2.12.md#2.12.2[2.12.2]
+* link:https://www.gerritcodereview.com/releases/2.12.md#2.12.1[2.12.1]
+* link:https://www.gerritcodereview.com/releases/2.12.md[2.12]
 
 [[s2_11]]
 == Version 2.11.x
diff --git a/VERSION b/VERSION
deleted file mode 100644
index 8bcf86b..0000000
--- a/VERSION
+++ /dev/null
@@ -1,5 +0,0 @@
-# Maven style API version (e.g. '2.x-SNAPSHOT').
-# Used by :api_install and :api_deploy targets
-# when talking to the destination repository.
-#
-GERRIT_VERSION = '2.13.14'
diff --git a/WORKSPACE b/WORKSPACE
index e9ad5e1..49060bc 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -1,729 +1,1077 @@
-ANTLR_VERS = '3.5.2'
+workspace(name = "gerrit")
 
-maven_jar(
-  name = 'java_runtime',
-  artifact = 'org.antlr:antlr-runtime:' + ANTLR_VERS,
-  sha1 = 'cd9cd41361c155f3af0f653009dcecb08d8b4afd',
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file")
+load("//tools/bzl:maven_jar.bzl", "GERRIT", "MAVEN_LOCAL", "maven_jar")
+load("//plugins:external_plugin_deps.bzl", "external_plugin_deps")
+
+http_archive(
+    name = "bazel_toolchains",
+    sha256 = "88e818f9f03628eef609c8429c210ecf265ffe46c2af095f36c7ef8b1855fef5",
+    strip_prefix = "bazel-toolchains-92dd8a7a518a2fb7ba992d47c8b38299fe0be825",
+    urls = [
+        "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/92dd8a7a518a2fb7ba992d47c8b38299fe0be825.tar.gz",
+        "https://github.com/bazelbuild/bazel-toolchains/archive/92dd8a7a518a2fb7ba992d47c8b38299fe0be825.tar.gz",
+    ],
 )
 
-maven_jar(
-  name = 'stringtemplate',
-  artifact = 'org.antlr:stringtemplate:4.0.2',
-  sha1 = 'e28e09e2d44d60506a7bcb004d6c23ff35c6ac08',
+load("@bazel_toolchains//rules:rbe_repo.bzl", "rbe_autoconfig")
+
+# Creates a default toolchain config for RBE.
+# Use this as is if you are using the rbe_ubuntu16_04 container,
+# otherwise refer to RBE docs.
+rbe_autoconfig(name = "rbe_default")
+
+http_archive(
+    name = "bazel_skylib",
+    sha256 = "2ea8a5ed2b448baf4a6855d3ce049c4c452a6470b1efd1504fdb7c1c134d220a",
+    strip_prefix = "bazel-skylib-0.8.0",
+    urls = ["https://github.com/bazelbuild/bazel-skylib/archive/0.8.0.tar.gz"],
 )
 
-maven_jar(
-  name = 'org_antlr',
-  artifact = 'org.antlr:antlr:' + ANTLR_VERS,
-  sha1 = 'c4a65c950bfc3e7d04309c515b2177c00baf7764',
+http_archive(
+    name = "io_bazel_rules_closure",
+    sha256 = "03c3b16f205085817fd89cfdcb2220a0138647ee7992be9cef291b069dd90301",
+    strip_prefix = "rules_closure-196a45f0ede2faec11dcc6c60fbc5e7471f4bd58",
+    urls = ["https://github.com/bazelbuild/rules_closure/archive/196a45f0ede2faec11dcc6c60fbc5e7471f4bd58.tar.gz"],
 )
 
-maven_jar(
-  name = 'antlr27',
-  artifact = 'antlr:antlr:2.7.7',
-  sha1 = '83cd2cd674a217ade95a4bb83a8a14f351f48bd0',
-)
-
-GUICE_VERS = '4.0'
-
-maven_jar(
-  name = 'guice_library',
-  artifact = 'com.google.inject:guice:' + GUICE_VERS,
-  sha1 = '0f990a43d3725781b6db7cd0acf0a8b62dfd1649',
-)
-
-maven_jar(
-  name = 'guice_assistedinject',
-  artifact = 'com.google.inject.extensions:guice-assistedinject:' + GUICE_VERS,
-  sha1 = '8fa6431da1a2187817e3e52e967535899e2e46ca',
-)
-
-maven_jar(
-  name = 'guice_servlet',
-  artifact = 'com.google.inject.extensions:guice-servlet:' + GUICE_VERS,
-  sha1 = '4503da866f4c402b5090579b40c1c4aaefabb164',
-)
-
-maven_jar(
-  name = 'aopalliance',
-  artifact = 'aopalliance:aopalliance:1.0',
-  sha1 = '0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8',
-)
-
-maven_jar(
-  name = 'javax_inject',
-  artifact = 'javax.inject:javax.inject:1',
-  sha1 = '6975da39a7040257bd51d21a231b76c915872d38',
-)
-
-maven_jar(
-  name = 'servlet_api_3_1',
-  artifact = 'org.apache.tomcat:tomcat-servlet-api:8.0.24',
-  sha1 = '5d9e2e895e3111622720157d0aa540066d5fce3a',
-)
-
-GWT_VERS = '2.8.0'
-
-maven_jar(
-  name = 'user',
-  artifact = 'com.google.gwt:gwt-user:' + GWT_VERS,
-  sha1 = '518579870499e15531f454f35dca0772d7fa31f7',
-)
-
-maven_jar(
-  name = 'dev',
-  artifact = 'com.google.gwt:gwt-dev:' + GWT_VERS,
-  sha1 = 'f160a61272c5ebe805cd2d3d3256ed3ecf14893f',
-)
-
-maven_jar(
-  name = 'javax_validation',
-  artifact = 'javax.validation:validation-api:1.0.0.GA',
-  sha1 = 'b6bd7f9d78f6fdaa3c37dae18a4bd298915f328e',
-)
-
-maven_jar(
-  name = 'jsinterop_annotations',
-  artifact = 'com.google.jsinterop:jsinterop-annotations:1.0.0',
-  sha1 = '23c3a3c060ffe4817e67673cc8294e154b0a4a95',
-)
-
-maven_jar(
-  name = 'ant',
-  artifact = 'ant:ant:1.6.5',
-  sha1 = '7d18faf23df1a5c3a43613952e0e8a182664564b',
-)
-
-maven_jar(
-  name = 'colt',
-  artifact = 'colt:colt:1.2.0',
-  sha1 = '0abc984f3adc760684d49e0f11ddf167ba516d4f',
-)
-
-maven_jar(
-  name = 'tapestry',
-  artifact = 'tapestry:tapestry:4.0.2',
-  sha1 = 'e855a807425d522e958cbce8697f21e9d679b1f7',
-)
-
-maven_jar(
-  name = 'w3c_css_sac',
-  artifact = 'org.w3c.css:sac:1.3',
-  sha1 = 'cdb2dcb4e22b83d6b32b93095f644c3462739e82',
-)
-
-JGIT_VERS = '4.4.1.201607150455-r.105-g81ba2be'
-
-maven_jar(
-  name = 'jgit',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'org.eclipse.jgit:org.eclipse.jgit:' + JGIT_VERS,
-  sha1 = 'c07c9c66da7983095a40945c0bfab211a473c4c5',
-)
-
-maven_jar(
-  name = 'jgit_servlet',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'org.eclipse.jgit:org.eclipse.jgit.http.server:' + JGIT_VERS,
-  sha1 = 'bb01841b74a48abe506c2e44f238e107188e6c8f',
-)
-
-# TODO(davido): Remove this hack when maven_jar supports pulling sources
-# https://github.com/bazelbuild/bazel/issues/308
+# File is specific to Polymer and copied from the Closure Github -- should be
+# synced any time there are major changes to Polymer.
+# https://github.com/google/closure-compiler/blob/master/contrib/externs/polymer-1.0.js
 http_file(
-  name = 'jgit_src',
-  sha256 = '881906cb1e6743cb78df6dd3788cab7e974308fbb98cab4915e6591a62aa9374',
-  url = 'http://gerrit-maven.storage.googleapis.com/org/eclipse/jgit/org.eclipse.jgit/' +
-      '%s/org.eclipse.jgit-%s-sources.jar' % (JGIT_VERS, JGIT_VERS),
+    name = "polymer_closure",
+    downloaded_file_path = "polymer_closure.js",
+    sha256 = "5a589bdba674e1fec7188e9251c8624ebf2d4d969beb6635f9148f420d1e08b1",
+    urls = ["https://raw.githubusercontent.com/google/closure-compiler/775609aad61e14aef289ebec4bfc09ad88877f9e/contrib/externs/polymer-1.0.js"],
+)
+
+# Check Bazel version when invoked by Bazel directly
+load("//tools/bzl:bazelisk_version.bzl", "bazelisk_version")
+
+bazelisk_version(name = "bazelisk_version")
+
+load("@bazelisk_version//:check.bzl", "check_bazel_version")
+
+check_bazel_version()
+
+load("@io_bazel_rules_closure//closure:repositories.bzl", "rules_closure_dependencies", "rules_closure_toolchains")
+
+# Prevent redundant loading of dependencies.
+rules_closure_dependencies(
+    omit_aopalliance = True,
+    omit_args4j = True,
+    omit_bazel_skylib = True,
+    omit_javax_inject = True,
+    omit_rules_cc = True,
 )
 
+rules_closure_toolchains()
+
+# This has to be done after loading of rules_closure, because it loads rules_java
+load("//lib/codemirror:cm.bzl", "CM_VERSION", "DIFF_MATCH_PATCH_VERSION")
+
+ANTLR_VERS = "3.5.2"
+
 maven_jar(
-  name = 'ewah',
-  artifact = 'com.googlecode.javaewah:JavaEWAH:0.7.9',
-  sha1 = 'eceaf316a8faf0e794296ebe158ae110c7d72a5a',
+    name = "java-runtime",
+    artifact = "org.antlr:antlr-runtime:" + ANTLR_VERS,
+    sha1 = "cd9cd41361c155f3af0f653009dcecb08d8b4afd",
 )
 
 maven_jar(
-  name = 'jgit_archive',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'org.eclipse.jgit:org.eclipse.jgit.archive:' + JGIT_VERS,
-  sha1 = 'fc3bc40e070c54198a046fcd3a1f7cac47163961',
+    name = "stringtemplate",
+    artifact = "org.antlr:stringtemplate:4.0.2",
+    sha1 = "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08",
 )
 
 maven_jar(
-  name = 'jgit_junit',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'org.eclipse.jgit:org.eclipse.jgit.junit:' + JGIT_VERS,
-  sha1 = 'b4565ee84a6e1d0952010282b9fcf705ac6171a7',
+    name = "org-antlr",
+    artifact = "org.antlr:antlr:" + ANTLR_VERS,
+    sha1 = "c4a65c950bfc3e7d04309c515b2177c00baf7764",
 )
 
 maven_jar(
-  name = 'gwtjsonrpc',
-  artifact = 'com.google.gerrit:gwtjsonrpc:1.10',
-  sha1 = '25adea6ef102b761993688e80dfc7203e0f5edf0',
+    name = "antlr27",
+    artifact = "antlr:antlr:2.7.7",
+    attach_source = False,
+    sha1 = "83cd2cd674a217ade95a4bb83a8a14f351f48bd0",
 )
 
-http_jar(
-  name = 'gwtjsonrpc_src',
-  sha256 = '009c4c7574eaddf49d2c72dd015cfbd5b495fbeea4c3958c2ec548af2c186733',
-  url = 'http://repo.maven.apache.org/maven2/com/google/gerrit/gwtjsonrpc/1.10/gwtjsonrpc-1.10-sources.jar',
+GUICE_VERS = "4.2.0"
+
+maven_jar(
+    name = "guice-library",
+    artifact = "com.google.inject:guice:" + GUICE_VERS,
+    sha1 = "25e1f4c1d528a1cffabcca0d432f634f3132f6c8",
 )
 
 maven_jar(
-  name = 'gson',
-  artifact = 'com.google.code.gson:gson:2.6.2',
-  sha1 = 'f1bc476cc167b18e66c297df599b2377131a8947',
+    name = "guice-assistedinject",
+    artifact = "com.google.inject.extensions:guice-assistedinject:" + GUICE_VERS,
+    sha1 = "e7270305960ad7db56f7e30cb9df6be9ff1cfb45",
 )
 
 maven_jar(
-  name = 'gwtorm_client',
-  artifact = 'com.google.gerrit:gwtorm:1.15',
-  sha1 = '26a2459f543ed78977535f92e379dc0d6cdde8bb',
+    name = "guice-servlet",
+    artifact = "com.google.inject.extensions:guice-servlet:" + GUICE_VERS,
+    sha1 = "f57581625c36c148f088d9f52a568d5bdf12c61d",
 )
 
-http_jar(
-  name = 'gwtorm_client_src',
-  sha256 = 'e0cf9382ed8c3cd1f0884ab77dabe634a04546676c4960d8b4c4b64a20132ef6',
-  url = 'http://repo.maven.apache.org/maven2/com/google/gerrit/gwtorm/1.15/gwtorm-1.15-sources.jar',
+maven_jar(
+    name = "aopalliance",
+    artifact = "aopalliance:aopalliance:1.0",
+    sha1 = "0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8",
 )
 
 maven_jar(
-  name = 'protobuf',
-  artifact = 'com.google.protobuf:protobuf-java:2.5.0',
-  sha1 = 'a10732c76bfacdbd633a7eb0f7968b1059a65dfa',
+    name = "javax_inject",
+    artifact = "javax.inject:javax.inject:1",
+    sha1 = "6975da39a7040257bd51d21a231b76c915872d38",
 )
 
 maven_jar(
-  name = 'joda_time',
-  artifact = 'joda-time:joda-time:2.8',
-  sha1 = '9f2785d7184b97d005a44241ccaf980f43b9ccdb',
+    name = "servlet-api-3_1",
+    artifact = "org.apache.tomcat:tomcat-servlet-api:8.0.24",
+    sha1 = "5d9e2e895e3111622720157d0aa540066d5fce3a",
 )
 
+GWT_VERS = "2.8.2"
+
 maven_jar(
-  name = 'joda_convert',
-  artifact = 'org.joda:joda-convert:1.2',
-  sha1 = '35ec554f0cd00c956cc69051514d9488b1374dec',
+    name = "user",
+    artifact = "com.google.gwt:gwt-user:" + GWT_VERS,
+    sha1 = "a2b9be2c996a658c4e009ba652a9c6a81c88a797",
 )
 
 maven_jar(
-  name = 'guava',
-  artifact = 'com.google.guava:guava:19.0',
-  sha1 = '6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9',
+    name = "dev",
+    artifact = "com.google.gwt:gwt-dev:" + GWT_VERS,
+    sha1 = "7a87e060bbf129386b7ae772459fb9f87297c332",
 )
 
 maven_jar(
-  name = 'velocity',
-  artifact = 'org.apache.velocity:velocity:1.7',
-  sha1 = '2ceb567b8f3f21118ecdec129fe1271dbc09aa7a',
+    name = "javax-validation",
+    artifact = "javax.validation:validation-api:1.0.0.GA",
+    sha1 = "b6bd7f9d78f6fdaa3c37dae18a4bd298915f328e",
+    src_sha1 = "7a561191db2203550fbfa40d534d4997624cd369",
 )
 
 maven_jar(
-  name = 'jsch',
-  artifact = 'com.jcraft:jsch:0.1.53',
-  sha1 = '658b682d5c817b27ae795637dfec047c63d29935',
+    name = "jsinterop-annotations",
+    artifact = "com.google.jsinterop:jsinterop-annotations:1.0.2",
+    sha1 = "abd7319f53d018e11108a88f599bd16492448dd2",
+    src_sha1 = "33716f8aef043f2f02b78ab4a1acda6cd90a7602",
 )
 
 maven_jar(
-  name = 'juniversalchardet',
-  artifact = 'com.googlecode.juniversalchardet:juniversalchardet:1.0.3',
-  sha1 = 'cd49678784c46aa8789c060538e0154013bb421b',
+    name = "ant",
+    artifact = "ant:ant:1.6.5",
+    attach_source = False,
+    sha1 = "7d18faf23df1a5c3a43613952e0e8a182664564b",
 )
 
-SLF4J_VERS = '1.7.7'
+maven_jar(
+    name = "colt",
+    artifact = "colt:colt:1.2.0",
+    attach_source = False,
+    sha1 = "0abc984f3adc760684d49e0f11ddf167ba516d4f",
+)
 
 maven_jar(
-  name = 'log_api',
-  artifact = 'org.slf4j:slf4j-api:' + SLF4J_VERS,
-  sha1 = '2b8019b6249bb05d81d3a3094e468753e2b21311',
+    name = "tapestry",
+    artifact = "tapestry:tapestry:4.0.2",
+    attach_source = False,
+    sha1 = "e855a807425d522e958cbce8697f21e9d679b1f7",
 )
 
 maven_jar(
-  name = 'log_nop',
-  artifact = 'org.slf4j:slf4j-nop:' + SLF4J_VERS,
-  sha1 = '6cca9a3b999ff28b7a35ca762b3197cd7e4c2ad1',
+    name = "w3c-css-sac",
+    artifact = "org.w3c.css:sac:1.3",
+    sha1 = "cdb2dcb4e22b83d6b32b93095f644c3462739e82",
 )
 
+load("//lib/jgit:jgit.bzl", "jgit_repos")
+
+jgit_repos()
+
 maven_jar(
-  name = 'impl_log4j',
-  artifact = 'org.slf4j:slf4j-log4j12:' + SLF4J_VERS,
-  sha1 = '58f588119ffd1702c77ccab6acb54bfb41bed8bd',
+    name = "javaewah",
+    artifact = "com.googlecode.javaewah:JavaEWAH:1.1.6",
+    attach_source = False,
+    sha1 = "94ad16d728b374d65bd897625f3fbb3da223a2b6",
 )
 
 maven_jar(
-  name = 'jcl_over_slf4j',
-  artifact = 'org.slf4j:jcl-over-slf4j:' + SLF4J_VERS,
-  sha1 = '56003dcd0a31deea6391b9e2ef2f2dc90b205a92',
+    name = "gwtjsonrpc",
+    artifact = "com.google.gerrit:gwtjsonrpc:1.11",
+    sha1 = "0990e7eec9eec3a15661edcf9232acbac4aeacec",
+    src_sha1 = "a682afc46284fb58197a173cb5818770a1e7834a",
 )
 
 maven_jar(
-  name = 'log4j',
-  artifact = 'log4j:log4j:1.2.17',
-  sha1 = '5af35056b4d257e4b64b9e8069c0746e8b08629f',
+    name = "gson",
+    artifact = "com.google.code.gson:gson:2.8.0",
+    sha1 = "c4ba5371a29ac9b2ad6129b1d39ea38750043eff",
 )
 
 maven_jar(
-  name = 'jsonevent_layout',
-  artifact = 'net.logstash.log4j:jsonevent-layout:1.7',
-  sha1 = '507713504f0ddb75ba512f62763519c43cf46fde',
+    name = "gwtorm-client",
+    artifact = "com.google.gerrit:gwtorm:1.18",
+    sha1 = "f326dec463439a92ccb32f05b38345e21d0b5ecf",
+    src_sha1 = "e0b973d5cafef3d145fa80cdf032fcead1186d29",
 )
 
 maven_jar(
-  name = 'json_smart',
-  artifact = 'net.minidev:json-smart:1.1.1',
-  sha1 = '24a2f903d25e004de30ac602c5b47f2d4e420a59',
+    name = "joda-time",
+    artifact = "joda-time:joda-time:2.9.4",
+    sha1 = "1c295b462f16702ebe720bbb08f62e1ba80da41b",
 )
 
 maven_jar(
-  name = 'args4j',
-  artifact = 'args4j:args4j:2.0.26',
-  sha1 = '01ebb18ebb3b379a74207d5af4ea7c8338ebd78b',
+    name = "joda-convert",
+    artifact = "org.joda:joda-convert:1.8.1",
+    sha1 = "675642ac208e0b741bc9118dcbcae44c271b992a",
 )
 
+load("//lib:guava.bzl", "GUAVA_BIN_SHA1", "GUAVA_VERSION")
+
 maven_jar(
-  name = 'commons_codec',
-  artifact = 'commons-codec:commons-codec:1.4',
-  sha1 = '4216af16d38465bbab0f3dff8efa14204f7a399a',
+    name = "guava",
+    artifact = "com.google.guava:guava:" + GUAVA_VERSION,
+    sha1 = GUAVA_BIN_SHA1,
 )
 
 maven_jar(
-  name = 'commons_collections',
-  artifact = 'commons-collections:commons-collections:3.2.2',
-  sha1 = '8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5',
+    name = "j2objc",
+    artifact = "com.google.j2objc:j2objc-annotations:1.1",
+    sha1 = "ed28ded51a8b1c6b112568def5f4b455e6809019",
+)
+
+maven_jar(
+    name = "velocity",
+    artifact = "org.apache.velocity:velocity:1.7",
+    sha1 = "2ceb567b8f3f21118ecdec129fe1271dbc09aa7a",
+)
+
+maven_jar(
+    name = "jsch",
+    artifact = "com.jcraft:jsch:0.1.54",
+    sha1 = "da3584329a263616e277e15462b387addd1b208d",
+)
+
+maven_jar(
+    name = "juniversalchardet",
+    artifact = "com.googlecode.juniversalchardet:juniversalchardet:1.0.3",
+    sha1 = "cd49678784c46aa8789c060538e0154013bb421b",
+)
+
+SLF4J_VERS = "1.7.26"
+
+maven_jar(
+    name = "log-api",
+    artifact = "org.slf4j:slf4j-api:" + SLF4J_VERS,
+    sha1 = "77100a62c2e6f04b53977b9f541044d7d722693d",
+)
+
+maven_jar(
+    name = "log-nop",
+    artifact = "org.slf4j:slf4j-nop:" + SLF4J_VERS,
+    sha1 = "6e211fdfb9a8723677031b95ac075ac54c879a0e",
+)
+
+maven_jar(
+    name = "log-ext",
+    artifact = "org.slf4j:slf4j-ext:" + SLF4J_VERS,
+    sha1 = "31cdf122e000322e9efcb38913e9ab07825b17ef",
+)
+
+maven_jar(
+    name = "impl-log4j",
+    artifact = "org.slf4j:slf4j-log4j12:" + SLF4J_VERS,
+    sha1 = "12f5c685b71c3027fd28bcf90528ec4ec74bf818",
+)
+
+maven_jar(
+    name = "jcl-over-slf4j",
+    artifact = "org.slf4j:jcl-over-slf4j:" + SLF4J_VERS,
+    sha1 = "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e",
+)
+
+maven_jar(
+    name = "log4j",
+    artifact = "log4j:log4j:1.2.17",
+    sha1 = "5af35056b4d257e4b64b9e8069c0746e8b08629f",
+)
+
+maven_jar(
+    name = "jsonevent-layout",
+    artifact = "net.logstash.log4j:jsonevent-layout:1.7",
+    sha1 = "507713504f0ddb75ba512f62763519c43cf46fde",
+)
+
+maven_jar(
+    name = "json-smart",
+    artifact = "net.minidev:json-smart:1.1.1",
+    sha1 = "24a2f903d25e004de30ac602c5b47f2d4e420a59",
+)
+
+maven_jar(
+    name = "args4j",
+    artifact = "args4j:args4j:2.0.26",
+    sha1 = "01ebb18ebb3b379a74207d5af4ea7c8338ebd78b",
+)
+
+maven_jar(
+    name = "commons-codec",
+    artifact = "commons-codec:commons-codec:1.4",
+    sha1 = "4216af16d38465bbab0f3dff8efa14204f7a399a",
+)
+
+maven_jar(
+    name = "commons-collections",
+    artifact = "commons-collections:commons-collections:3.2.2",
+    sha1 = "8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5",
+)
+
+maven_jar(
+    name = "commons-compress",
+    artifact = "org.apache.commons:commons-compress:1.12",
+    sha1 = "84caa68576e345eb5e7ae61a0e5a9229eb100d7b",
+)
+
+maven_jar(
+    name = "commons-lang",
+    artifact = "commons-lang:commons-lang:2.6",
+    sha1 = "0ce1edb914c94ebc388f086c6827e8bdeec71ac2",
+)
+
+maven_jar(
+    name = "commons-dbcp",
+    artifact = "commons-dbcp:commons-dbcp:1.4",
+    sha1 = "30be73c965cc990b153a100aaaaafcf239f82d39",
+)
+
+maven_jar(
+    name = "commons-pool",
+    artifact = "commons-pool:commons-pool:1.5.5",
+    sha1 = "7d8ffbdc47aa0c5a8afe5dc2aaf512f369f1d19b",
+)
+
+maven_jar(
+    name = "commons-net",
+    artifact = "commons-net:commons-net:3.5",
+    sha1 = "342fc284019f590e1308056990fdb24a08f06318",
+)
+
+maven_jar(
+    name = "commons-oro",
+    artifact = "oro:oro:2.0.8",
+    sha1 = "5592374f834645c4ae250f4c9fbb314c9369d698",
 )
 
 maven_jar(
-  name = 'commons_compress',
-  artifact = 'org.apache.commons:commons-compress:1.7',
-  sha1 = 'ab365c96ee9bc88adcc6fa40d185c8e15a31410d',
+    name = "commons-validator",
+    artifact = "commons-validator:commons-validator:1.5.1",
+    sha1 = "86d05a46e8f064b300657f751b5a98c62807e2a0",
 )
 
 maven_jar(
-  name = 'commons_lang',
-  artifact = 'commons-lang:commons-lang:2.6',
-  sha1 = '0ce1edb914c94ebc388f086c6827e8bdeec71ac2',
+    name = "automaton",
+    artifact = "dk.brics.automaton:automaton:1.11-8",
+    sha1 = "6ebfa65eb431ff4b715a23be7a750cbc4cc96d0f",
 )
 
 maven_jar(
-  name = 'commons_dbcp',
-  artifact = 'commons-dbcp:commons-dbcp:1.4',
-  sha1 = '30be73c965cc990b153a100aaaaafcf239f82d39',
+    name = "pegdown",
+    artifact = "org.pegdown:pegdown:1.4.2",
+    sha1 = "d96db502ed832df867ff5d918f05b51ba3879ea7",
 )
 
 maven_jar(
-  name = 'commons_pool',
-  artifact = 'commons-pool:commons-pool:1.5.5',
-  sha1 = '7d8ffbdc47aa0c5a8afe5dc2aaf512f369f1d19b',
+    name = "grappa",
+    artifact = "com.github.parboiled1:grappa:1.0.4",
+    sha1 = "ad4b44b9c305dad7aa1e680d4b5c8eec9c4fd6f5",
 )
 
 maven_jar(
-  name = 'commons_net',
-  artifact = 'commons-net:commons-net:2.2',
-  sha1 = '07993c12f63c78378f8c90de4bc2ee62daa7ca3a',
+    name = "jitescript",
+    artifact = "me.qmx.jitescript:jitescript:0.4.0",
+    sha1 = "2e35862b0435c1b027a21f3d6eecbe50e6e08d54",
 )
 
+GREENMAIL_VERS = "1.5.3"
+
 maven_jar(
-  name = 'commons_oro',
-  artifact = 'oro:oro:2.0.8',
-  sha1 = '5592374f834645c4ae250f4c9fbb314c9369d698',
+    name = "greenmail",
+    artifact = "com.icegreen:greenmail:" + GREENMAIL_VERS,
+    sha1 = "afabf8178312f7f220f74f1558e457bf54fa4253",
 )
 
+MAIL_VERS = "1.5.6"
+
 maven_jar(
-  name = 'commons_validator',
-  artifact = 'commons-validator:commons-validator:1.5.1',
-  sha1 = '86d05a46e8f064b300657f751b5a98c62807e2a0',
+    name = "mail",
+    artifact = "com.sun.mail:javax.mail:" + MAIL_VERS,
+    sha1 = "ab5daef2f881c42c8e280cbe918ec4d7fdfd7efe",
 )
 
+MIME4J_VERS = "0.8.0"
+
 maven_jar(
-  name = 'automaton',
-  artifact = 'dk.brics.automaton:automaton:1.11-8',
-  sha1 = '6ebfa65eb431ff4b715a23be7a750cbc4cc96d0f',
+    name = "mime4j-core",
+    artifact = "org.apache.james:apache-mime4j-core:" + MIME4J_VERS,
+    sha1 = "d54f45fca44a2f210569656b4ca3574b42911c95",
 )
 
 maven_jar(
-  name = 'pegdown',
-  artifact = 'org.pegdown:pegdown:1.4.2',
-  sha1 = 'd96db502ed832df867ff5d918f05b51ba3879ea7',
+    name = "mime4j-dom",
+    artifact = "org.apache.james:apache-mime4j-dom:" + MIME4J_VERS,
+    sha1 = "6720c93d14225c3e12c4a69768a0370c80e376a3",
 )
 
 maven_jar(
-  name = 'grappa',
-  artifact = 'com.github.parboiled1:grappa:1.0.4',
-  sha1 = 'ad4b44b9c305dad7aa1e680d4b5c8eec9c4fd6f5',
+    name = "jsoup",
+    artifact = "org.jsoup:jsoup:1.9.2",
+    sha1 = "5e3bda828a80c7a21dfbe2308d1755759c2fd7b4",
 )
 
+OW2_VERS = "5.1"
+
 maven_jar(
-  name = 'jitescript',
-  artifact = 'me.qmx.jitescript:jitescript:0.4.0',
-  sha1 = '2e35862b0435c1b027a21f3d6eecbe50e6e08d54',
+    name = "ow2-asm",
+    artifact = "org.ow2.asm:asm:" + OW2_VERS,
+    sha1 = "5ef31c4fe953b1fd00b8a88fa1d6820e8785bb45",
 )
 
-OW2_VERS = '5.0.3'
+maven_jar(
+    name = "ow2-asm-analysis",
+    artifact = "org.ow2.asm:asm-analysis:" + OW2_VERS,
+    sha1 = "6d1bf8989fc7901f868bee3863c44f21aa63d110",
+)
 
 maven_jar(
-  name = 'ow2_asm',
-  artifact = 'org.ow2.asm:asm:' + OW2_VERS,
-  sha1 = 'dcc2193db20e19e1feca8b1240dbbc4e190824fa',
+    name = "ow2-asm-commons",
+    artifact = "org.ow2.asm:asm-commons:" + OW2_VERS,
+    sha1 = "25d8a575034dd9cfcb375a39b5334f0ba9c8474e",
 )
 
 maven_jar(
-  name = 'ow2_asm_analysis',
-  artifact = 'org.ow2.asm:asm-analysis:' + OW2_VERS,
-  sha1 = 'c7126aded0e8e13fed5f913559a0dd7b770a10f3',
+    name = "ow2-asm-tree",
+    artifact = "org.ow2.asm:asm-tree:" + OW2_VERS,
+    sha1 = "87b38c12a0ea645791ead9d3e74ae5268d1d6c34",
 )
 
 maven_jar(
-  name = 'ow2_asm_commons',
-  artifact = 'org.ow2.asm:asm-commons:' + OW2_VERS,
-  sha1 = 'a7111830132c7f87d08fe48cb0ca07630f8cb91c',
+    name = "ow2-asm-util",
+    artifact = "org.ow2.asm:asm-util:" + OW2_VERS,
+    sha1 = "b60e33a6bd0d71831e0c249816d01e6c1dd90a47",
 )
 
+AUTO_VALUE_VERSION = "1.6.2"
+
 maven_jar(
-  name = 'ow2_asm_tree',
-  artifact = 'org.ow2.asm:asm-tree:' + OW2_VERS,
-  sha1 = '287749b48ba7162fb67c93a026d690b29f410bed',
+    name = "auto-value",
+    artifact = "com.google.auto.value:auto-value:" + AUTO_VALUE_VERSION,
+    sha1 = "e7eae562942315a983eea3e191b72d755c153620",
 )
 
 maven_jar(
-  name = 'ow2_asm_util',
-  artifact = 'org.ow2.asm:asm-util:' + OW2_VERS,
-  sha1 = '1512e5571325854b05fb1efce1db75fcced54389',
+    name = "auto-value-annotations",
+    artifact = "com.google.auto.value:auto-value-annotations:" + AUTO_VALUE_VERSION,
+    sha1 = "ed193d86e0af90cc2342aedbe73c5d86b03fa09b",
 )
 
 maven_jar(
-  name = 'auto_value',
-  artifact = 'com.google.auto.value:auto-value:1.2',
-  sha1 = '6873fed014fe1de1051aae2af68ba266d2934471',
+    name = "tukaani-xz",
+    artifact = "org.tukaani:xz:1.4",
+    sha1 = "18a9a2ce6abf32ea1b5fd31dae5210ad93f4e5e3",
 )
 
+LUCENE_VERS = "5.5.5"
+
 maven_jar(
-  name = 'tukaani_xz',
-  artifact = 'org.tukaani:xz:1.4',
-  sha1 = '18a9a2ce6abf32ea1b5fd31dae5210ad93f4e5e3',
+    name = "lucene-core",
+    artifact = "org.apache.lucene:lucene-core:" + LUCENE_VERS,
+    sha1 = "c34bcd9274859dc07cfed2a935aaca90c4f4b861",
 )
 
-LUCENE_VERS = '5.4.1'
+maven_jar(
+    name = "lucene-analyzers-common",
+    artifact = "org.apache.lucene:lucene-analyzers-common:" + LUCENE_VERS,
+    sha1 = "e6b3f5d1b33ed24da7eef0a72f8062bd4652700c",
+)
 
 maven_jar(
-  name = 'lucene_core',
-  artifact = 'org.apache.lucene:lucene-core:' + LUCENE_VERS,
-  sha1 = 'c52b2088e2c30dfd95fd296ab6fb9cf8de9855ab',
+    name = "backward-codecs",
+    artifact = "org.apache.lucene:lucene-backward-codecs:" + LUCENE_VERS,
+    sha1 = "d1dee5c7676a313758adb30d7b0bd4c69a4cd214",
 )
 
 maven_jar(
-  name = 'lucene_analyzers_common',
-  artifact = 'org.apache.lucene:lucene-analyzers-common:' + LUCENE_VERS,
-  sha1 = 'c2aa2c4e00eb9cdeb5ac00dc0495e70c441f681e',
+    name = "lucene-misc",
+    artifact = "org.apache.lucene:lucene-misc:" + LUCENE_VERS,
+    sha1 = "bc0eb46ba0377594cac7b0cdaab35562d7877521",
 )
 
 maven_jar(
-  name = 'backward_codecs',
-  artifact = 'org.apache.lucene:lucene-backward-codecs:' + LUCENE_VERS,
-  sha1 = '5273da96380dfab302ad06c27fe58100db4c4e2f',
+    name = "lucene-queryparser",
+    artifact = "org.apache.lucene:lucene-queryparser:" + LUCENE_VERS,
+    sha1 = "6c965eb5838a2ba58b0de0fd860a420dcda11937",
 )
 
 maven_jar(
-  name = 'lucene_misc',
-  artifact = 'org.apache.lucene:lucene-misc:' + LUCENE_VERS,
-  sha1 = '95f433b9d7dd470cc0aa5076e0f233907745674b',
+    name = "mime-util",
+    artifact = "eu.medsea.mimeutil:mime-util:2.1.3",
+    attach_source = False,
+    sha1 = "0c9cfae15c74f62491d4f28def0dff1dabe52a47",
 )
 
+PROLOG_VERS = "1.4.3"
+
+PROLOG_REPO = GERRIT
+
 maven_jar(
-  name = 'lucene_queryparser',
-  artifact = 'org.apache.lucene:lucene-queryparser:' + LUCENE_VERS,
-  sha1 = 'dccd5279bfa656dec21af444a7a66820eb1cd618',
+    name = "prolog-runtime",
+    artifact = "com.googlecode.prolog-cafe:prolog-runtime:" + PROLOG_VERS,
+    attach_source = False,
+    repository = PROLOG_REPO,
+    sha1 = "d5206556cbc76ffeab21313ffc47b586a1efbcbb",
 )
 
 maven_jar(
-  name = 'mime_util',
-  artifact = 'eu.medsea.mimeutil:mime-util:2.1.3',
-  sha1 = '0c9cfae15c74f62491d4f28def0dff1dabe52a47',
+    name = "prolog-compiler",
+    artifact = "com.googlecode.prolog-cafe:prolog-compiler:" + PROLOG_VERS,
+    attach_source = False,
+    repository = PROLOG_REPO,
+    sha1 = "f37032cf1dec3e064427745bc59da5a12757a3b2",
 )
 
-PROLOG_VERS = '1.4.1'
+maven_jar(
+    name = "prolog-io",
+    artifact = "com.googlecode.prolog-cafe:prolog-io:" + PROLOG_VERS,
+    attach_source = False,
+    repository = PROLOG_REPO,
+    sha1 = "d02b2640b26f64036b6ba2b45e4acc79281cea17",
+)
 
 maven_jar(
-  name = 'prolog_runtime',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'com.googlecode.prolog-cafe:prolog-runtime:' + PROLOG_VERS,
-  sha1 = 'c5d9f92e49c485969dcd424dfc0c08125b5f8246',
+    name = "cafeteria",
+    artifact = "com.googlecode.prolog-cafe:prolog-cafeteria:" + PROLOG_VERS,
+    attach_source = False,
+    repository = PROLOG_REPO,
+    sha1 = "e3b1860c63e57265e5435f890263ad82dafa724f",
 )
 
 maven_jar(
-  name = 'prolog_compiler',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'com.googlecode.prolog-cafe:prolog-compiler:' + PROLOG_VERS,
-  sha1 = 'ac24044c6ec166fdcb352b78b80d187ead3eff41',
+    name = "guava-retrying",
+    artifact = "com.github.rholder:guava-retrying:2.0.0",
+    sha1 = "974bc0a04a11cc4806f7c20a34703bd23c34e7f4",
 )
 
 maven_jar(
-  name = 'prolog_io',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'com.googlecode.prolog-cafe:prolog-io:' + PROLOG_VERS,
-  sha1 = 'b072426a4b1b8af5e914026d298ee0358a8bb5aa',
+    name = "jsr305",
+    artifact = "com.google.code.findbugs:jsr305:3.0.1",
+    sha1 = "f7be08ec23c21485b9b5a1cf1654c2ec8c58168d",
 )
 
 maven_jar(
-  name = 'cafeteria',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'com.googlecode.prolog-cafe:prolog-cafeteria:' + PROLOG_VERS,
-  sha1 = '8cbc3b0c19e7167c42d3f11667b21cb21ddec641',
+    name = "blame-cache",
+    artifact = "com/google/gitiles:blame-cache:0.2-1",
+    attach_source = False,
+    repository = GERRIT,
+    sha1 = "da7977e8b140b63f18054214c1d1b86ffa6896cb",
 )
 
+# Keep this version of Soy synchronized with the version used in Gitiles.
 maven_jar(
-  name = 'guava_retrying',
-  artifact = 'com.github.rholder:guava-retrying:2.0.0',
-  sha1 = '974bc0a04a11cc4806f7c20a34703bd23c34e7f4',
+    name = "soy",
+    artifact = "com.google.template:soy:2017-02-01",
+    sha1 = "8638940b207779fe3b75e55b6e65abbefb6af678",
 )
 
 maven_jar(
-  name = 'jsr305',
-  artifact = 'com.google.code.findbugs:jsr305:2.0.2',
-  sha1 = '516c03b21d50a644d538de0f0369c620989cd8f0',
+    name = "html-types",
+    artifact = "com.google.common.html.types:types:1.0.4",
+    sha1 = "2adf4c8bfccc0ff7346f9186ac5aa57d829ad065",
 )
 
 maven_jar(
-  name = 'blame_cache',
-  repository = 'http://gerrit-maven.storage.googleapis.com/',
-  artifact = 'com/google/gitiles:blame-cache:0.1-9',
-  sha1 = '51d35e6f8bbc2412265066cea9653dd758c95826',
+    name = "icu4j",
+    artifact = "com.ibm.icu:icu4j:57.1",
+    sha1 = "198ea005f41219f038f4291f0b0e9f3259730e92",
 )
 
 maven_jar(
-  name = 'dropwizard_core',
-  artifact = 'io.dropwizard.metrics:metrics-core:3.1.2',
-  sha1 = '224f03afd2521c6c94632f566beb1bb5ee32cf07',
+    name = "dropwizard-core",
+    artifact = "io.dropwizard.metrics:metrics-core:4.0.3",
+    sha1 = "bb562ee73f740bb6b2bf7955f97be6b870d9e9f0",
 )
 
-# This version must match the version that also appears in
-# gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config
-BC_VERS = '1.52'
+# When updating Bouncy Castle, also update it in bazlets.
+BC_VERS = "1.60"
+
+maven_jar(
+    name = "bcprov",
+    artifact = "org.bouncycastle:bcprov-jdk15on:" + BC_VERS,
+    sha1 = "bd47ad3bd14b8e82595c7adaa143501e60842a84",
+)
 
 maven_jar(
-  name = 'bcprov',
-  artifact = 'org.bouncycastle:bcprov-jdk15on:' + BC_VERS,
-  sha1 = '88a941faf9819d371e3174b5ed56a3f3f7d73269',
+    name = "bcpg",
+    artifact = "org.bouncycastle:bcpg-jdk15on:" + BC_VERS,
+    sha1 = "13c7a199c484127daad298996e95818478431a2c",
 )
 
 maven_jar(
-  name = 'bcpg',
-  artifact = 'org.bouncycastle:bcpg-jdk15on:' + BC_VERS,
-  sha1 = 'ff4665a4b5633ff6894209d5dd10b7e612291858',
+    name = "bcpkix",
+    artifact = "org.bouncycastle:bcpkix-jdk15on:" + BC_VERS,
+    sha1 = "d0c46320fbc07be3a24eb13a56cee4e3d38e0c75",
 )
 
+# TODO(davido): Remove exlusion of file system provider, when this issue is fixed:
+# https://issues.apache.org/jira/browse/SSHD-736
 maven_jar(
-  name = 'bcpkix',
-  artifact = 'org.bouncycastle:bcpkix-jdk15on:' + BC_VERS,
-  sha1 = 'b8ffac2bbc6626f86909589c8cc63637cc936504',
+    name = "sshd",
+    artifact = "org.apache.sshd:sshd-core:1.4.0",
+    exclude = ["META-INF/services/java.nio.file.spi.FileSystemProvider"],
+    sha1 = "c8f3d7457fc9979d1b9ec319f0229b89793c8e56",
 )
 
 maven_jar(
-  name = 'sshd',
-  artifact = 'org.apache.sshd:sshd-core:1.4.0',
-  sha1 = 'c8f3d7457fc9979d1b9ec319f0229b89793c8e56',
+    name = "eddsa",
+    artifact = "net.i2p.crypto:eddsa:0.1.0",
+    sha1 = "8f5a3b165164e222da048d8136b21428ee0b9122",
 )
 
 maven_jar(
-  name = 'mina_core',
-  artifact = 'org.apache.mina:mina-core:2.0.16',
-  sha1 = 'f720f17643eaa7b0fec07c1d7f6272972c02bba4',
+    name = "mina-core",
+    artifact = "org.apache.mina:mina-core:2.0.16",
+    sha1 = "f720f17643eaa7b0fec07c1d7f6272972c02bba4",
 )
 
 maven_jar(
-  name = 'h2',
-  artifact = 'com.h2database:h2:1.3.176',
-  sha1 = 'fd369423346b2f1525c413e33f8cf95b09c92cbd',
+    name = "h2",
+    artifact = "com.h2database:h2:1.3.176",
+    sha1 = "fd369423346b2f1525c413e33f8cf95b09c92cbd",
 )
 
-HTTPCOMP_VERS = '4.4.1'
+HTTPCOMP_VERS = "4.4.1"
 
 maven_jar(
-  name = 'fluent_hc',
-  artifact = 'org.apache.httpcomponents:fluent-hc:' + HTTPCOMP_VERS,
-  sha1 = '96fb842b68a44cc640c661186828b60590c71261',
+    name = "fluent-hc",
+    artifact = "org.apache.httpcomponents:fluent-hc:" + HTTPCOMP_VERS,
+    sha1 = "96fb842b68a44cc640c661186828b60590c71261",
 )
 
 maven_jar(
-  name = 'httpclient',
-  artifact = 'org.apache.httpcomponents:httpclient:' + HTTPCOMP_VERS,
-  sha1 = '016d0bc512222f1253ee6b64d389c84e22f697f0',
+    name = "httpclient",
+    artifact = "org.apache.httpcomponents:httpclient:" + HTTPCOMP_VERS,
+    sha1 = "016d0bc512222f1253ee6b64d389c84e22f697f0",
+)
+
+maven_jar(
+    name = "httpcore",
+    artifact = "org.apache.httpcomponents:httpcore:" + HTTPCOMP_VERS,
+    sha1 = "f5aa318bda4c6c8d688c9d00b90681dcd82ce636",
 )
 
+# elasticsearch-rest-client explicitly depends on this version
 maven_jar(
-  name = 'httpcore',
-  artifact = 'org.apache.httpcomponents:httpcore:' + HTTPCOMP_VERS,
-  sha1 = 'f5aa318bda4c6c8d688c9d00b90681dcd82ce636',
+    name = "httpasyncclient",
+    artifact = "org.apache.httpcomponents:httpasyncclient:4.1.2",
+    sha1 = "95aa3e6fb520191a0970a73cf09f62948ee614be",
 )
 
+# elasticsearch-rest-client explicitly depends on this version
 maven_jar(
-  name = 'httpmime',
-  artifact = 'org.apache.httpcomponents:httpmime:' + HTTPCOMP_VERS,
-  sha1 = '2f8757f5ac5e38f46c794e5229d1f3c522e9b1df',
+    name = "httpcore-nio",
+    artifact = "org.apache.httpcomponents:httpcore-nio:4.4.5",
+    sha1 = "f4be009e7505f6ceddf21e7960c759f413f15056",
 )
 
 # Test-only dependencies below.
 
 maven_jar(
-  name = 'jimfs',
-  artifact = 'com.google.jimfs:jimfs:1.0',
-  sha1 = 'edd65a2b792755f58f11134e76485a928aab4c97',
+    name = "jimfs",
+    artifact = "com.google.jimfs:jimfs:1.1",
+    sha1 = "8fbd0579dc68aba6186935cc1bee21d2f3e7ec1c",
 )
 
 maven_jar(
-  name = 'junit',
-  artifact = 'junit:junit:4.11',
-  sha1 = '4e031bb61df09069aeb2bffb4019e7a5034a4ee0',
+    name = "junit",
+    artifact = "junit:junit:4.11",
+    sha1 = "4e031bb61df09069aeb2bffb4019e7a5034a4ee0",
 )
 
 maven_jar(
-  name = 'hamcrest_core',
-  artifact = 'org.hamcrest:hamcrest-core:1.3',
-  sha1 = '42a25dc3219429f0e5d060061f71acb49bf010a0',
+    name = "hamcrest-core",
+    artifact = "org.hamcrest:hamcrest-core:1.3",
+    sha1 = "42a25dc3219429f0e5d060061f71acb49bf010a0",
+)
+
+TRUTH_VERS = "0.32"
+
+maven_jar(
+    name = "truth",
+    artifact = "com.google.truth:truth:" + TRUTH_VERS,
+    sha1 = "e996fb4b41dad04365112786796c945f909cfdf7",
 )
 
 maven_jar(
-  name = 'truth',
-  artifact = 'com.google.truth:truth:0.28',
-  sha1 = '0a388c7877c845ff4b8e19689dda5ac9d34622c4',
+    name = "truth-java8-extension",
+    artifact = "com.google.truth.extensions:truth-java8-extension:" + TRUTH_VERS,
+    sha1 = "2862787ce34cb6f385ada891e36ec7f9e7bd0902",
 )
 
 maven_jar(
-  name = 'easymock',
-  artifact = 'org.easymock:easymock:3.4', # When bumping the version
-  sha1 = '9fdeea183a399f25c2469497612cad131e920fa3',
+    name = "easymock",
+    artifact = "org.easymock:easymock:3.1",  # When bumping the version
+    sha1 = "3e127311a86fc2e8f550ef8ee4abe094bbcf7e7e",
 )
 
 maven_jar(
-  name = 'cglib_2_2',
-  artifact = 'cglib:cglib-nodep:2.2.2',
-  sha1 = '00d456bb230c70c0b95c76fb28e429d42f275941',
+    name = "cglib-3_2",
+    artifact = "cglib:cglib-nodep:3.2.0",
+    sha1 = "cf1ca207c15b04ace918270b6cb3f5601160cdfd",
 )
 
 maven_jar(
-  name = 'objenesis',
-  artifact = 'org.objenesis:objenesis:2.2',
-  sha1 = '3fb533efdaa50a768c394aa4624144cf8df17845',
+    name = "objenesis",
+    artifact = "org.objenesis:objenesis:1.3",
+    sha1 = "dc13ae4faca6df981fc7aeb5a522d9db446d5d50",
 )
 
-POWERM_VERS = '1.6.4'
+POWERM_VERS = "1.6.1"
 
 maven_jar(
-  name = 'powermock_module_junit4',
-  artifact = 'org.powermock:powermock-module-junit4:' + POWERM_VERS,
-  sha1 = '8692eb1d9bb8eb1310ffe8a20c2da7ee6d1b5994',
+    name = "powermock-module-junit4",
+    artifact = "org.powermock:powermock-module-junit4:" + POWERM_VERS,
+    sha1 = "ea8530b2848542624f110a393513af397b37b9cf",
 )
 
 maven_jar(
-  name = 'powermock_module_junit4_common',
-  artifact = 'org.powermock:powermock-module-junit4-common:' + POWERM_VERS,
-  sha1 = 'b0b578da443794ceb8224bd5f5f852aaf40f1b81',
+    name = "powermock-module-junit4-common",
+    artifact = "org.powermock:powermock-module-junit4-common:" + POWERM_VERS,
+    sha1 = "7222ced54dabc310895d02e45c5428ca05193cda",
 )
 
 maven_jar(
-  name = 'powermock_reflect',
-  artifact = 'org.powermock:powermock-reflect:' + POWERM_VERS,
-  sha1 = '5532f4e7c42db4bca4778bc9f1afcd4b0ee0b893',
+    name = "powermock-reflect",
+    artifact = "org.powermock:powermock-reflect:" + POWERM_VERS,
+    sha1 = "97d25eda8275c11161bcddda6ef8beabd534c878",
 )
 
 maven_jar(
-  name = 'powermock_api_easymock',
-  artifact = 'org.powermock:powermock-api-easymock:' + POWERM_VERS,
-  sha1 = '5c385a0d8c13f84b731b75c6e90319c532f80b45',
+    name = "powermock-api-easymock",
+    artifact = "org.powermock:powermock-api-easymock:" + POWERM_VERS,
+    sha1 = "aa740ecf89a2f64d410b3d93ef8cd6833009ef00",
 )
 
 maven_jar(
-  name = 'powermock_api_support',
-  artifact = 'org.powermock:powermock-api-support:' + POWERM_VERS,
-  sha1 = '314daafb761541293595630e10a3699ebc07881d',
+    name = "powermock-api-support",
+    artifact = "org.powermock:powermock-api-support:" + POWERM_VERS,
+    sha1 = "592ee6d929c324109d3469501222e0c76ccf0869",
 )
 
 maven_jar(
-  name = 'powermock_core',
-  artifact = 'org.powermock:powermock-core:' + POWERM_VERS,
-  sha1 = '85fb32e9ccba748d569fc36aef92e0b9e7f40b87',
+    name = "powermock-core",
+    artifact = "org.powermock:powermock-core:" + POWERM_VERS,
+    sha1 = "5afc1efce8d44ed76b30af939657bd598e45d962",
 )
 
 maven_jar(
-  name = 'javassist',
-  artifact = 'org.javassist:javassist:3.20.0-GA',
-  sha1 = 'a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0',
+    name = "javassist",
+    artifact = "org.javassist:javassist:3.20.0-GA",
+    sha1 = "a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0",
 )
 
 maven_jar(
-  name = 'derby',
-  artifact = 'org.apache.derby:derby:10.11.1.1',
-  sha1 = 'df4b50061e8e4c348ce243b921f53ee63ba9bbe1',
+    name = "derby",
+    artifact = "org.apache.derby:derby:10.12.1.1",
+    attach_source = False,
+    sha1 = "75070c744a8e52a7d17b8b476468580309d5cd09",
 )
 
-JETTY_VERS = '9.2.14.v20151106'
+JETTY_VERS = "9.3.24.v20180605"
 
 maven_jar(
-  name = 'jetty_servlet',
-  artifact = 'org.eclipse.jetty:jetty-servlet:' + JETTY_VERS,
-  sha1 = '3a2cd4d8351a38c5d60e0eee010fee11d87483ef',
+    name = "jetty-servlet",
+    artifact = "org.eclipse.jetty:jetty-servlet:" + JETTY_VERS,
+    sha1 = "db09c8e226c07c46dc3d84626fc97955ec6bf8bf",
 )
 
 maven_jar(
-  name = 'jetty_security',
-  artifact = 'org.eclipse.jetty:jetty-security:' + JETTY_VERS,
-  sha1 = '2d36974323fcb31e54745c1527b996990835db67',
+    name = "jetty-security",
+    artifact = "org.eclipse.jetty:jetty-security:" + JETTY_VERS,
+    sha1 = "dfc4e2169f3dd91954804e7fdff9c4f67c63f385",
 )
 
 maven_jar(
-  name = 'jetty_servlets',
-  artifact = 'org.eclipse.jetty:jetty-servlets:' + JETTY_VERS,
-  sha1 = 'a75c78a0ee544073457ca5ee9db20fdc6ed55225',
+    name = "jetty-servlets",
+    artifact = "org.eclipse.jetty:jetty-servlets:" + JETTY_VERS,
+    sha1 = "189db52691aacab9e13546429583765d143faf81",
 )
 
 maven_jar(
-  name = 'jetty_server',
-  artifact = 'org.eclipse.jetty:jetty-server:' + JETTY_VERS,
-  sha1 = '70b22c1353e884accf6300093362b25993dac0f5',
+    name = "jetty-server",
+    artifact = "org.eclipse.jetty:jetty-server:" + JETTY_VERS,
+    sha1 = "0e629740cf0a08b353ec07c35eeab8fd06590041",
 )
 
 maven_jar(
-  name = 'jetty_jmx',
-  artifact = 'org.eclipse.jetty:jetty-jmx:' + JETTY_VERS,
-  sha1 = '617edc5e966b4149737811ef8b289cd94b831bab',
+    name = "jetty-jmx",
+    artifact = "org.eclipse.jetty:jetty-jmx:" + JETTY_VERS,
+    sha1 = "aaeda444192a42389d2ac17a786329a1b6f4cf68",
 )
 
 maven_jar(
-  name = 'jetty_continuation',
-  artifact = 'org.eclipse.jetty:jetty-continuation:' + JETTY_VERS,
-  sha1 = '8909d62fd7e28351e2da30de6fb4105539b949c0',
+    name = "jetty-continuation",
+    artifact = "org.eclipse.jetty:jetty-continuation:" + JETTY_VERS,
+    sha1 = "44d7b4a9aef498abef268f3aade92daa459050f6",
 )
 
 maven_jar(
-  name = 'jetty_http',
-  artifact = 'org.eclipse.jetty:jetty-http:' + JETTY_VERS,
-  sha1 = '699ad1f2fa6fb0717e1b308a8c9e1b8c69d81ef6',
+    name = "jetty-http",
+    artifact = "org.eclipse.jetty:jetty-http:" + JETTY_VERS,
+    sha1 = "f3d614a7c82b5ee028df78bdb3cdadb6c3be89bc",
 )
 
 maven_jar(
-  name = 'jetty_io',
-  artifact = 'org.eclipse.jetty:jetty-io:' + JETTY_VERS,
-  sha1 = 'dfa4137371a3f08769820138ca1a2184dacda267',
+    name = "jetty-io",
+    artifact = "org.eclipse.jetty:jetty-io:" + JETTY_VERS,
+    sha1 = "f12a02ab2cb79eb9c3fa01daf28a58e8ea7cbea9",
 )
 
 maven_jar(
-  name = 'jetty_util',
-  artifact = 'org.eclipse.jetty:jetty-util:' + JETTY_VERS,
-  sha1 = '0057e00b912ae0c35859ac81594a996007706a0b',
+    name = "jetty-util",
+    artifact = "org.eclipse.jetty:jetty-util:" + JETTY_VERS,
+    sha1 = "f74fb3f999e658a2ddea397155e20da5b9126b5d",
 )
 
 maven_jar(
-  name = 'openid_consumer',
-  artifact = 'org.openid4java:openid4java:0.9.8',
-  sha1 = 'de4f1b33d3b0f0b2ab1d32834ec1190b39db4160',
+    name = "openid-consumer",
+    artifact = "org.openid4java:openid4java:0.9.8",
+    sha1 = "de4f1b33d3b0f0b2ab1d32834ec1190b39db4160",
 )
 
 maven_jar(
-  name = 'nekohtml',
-  artifact = 'net.sourceforge.nekohtml:nekohtml:1.9.10',
-  sha1 = '14052461031a7054aa094f5573792feb6686d3de',
+    name = "nekohtml",
+    artifact = "net.sourceforge.nekohtml:nekohtml:1.9.10",
+    sha1 = "14052461031a7054aa094f5573792feb6686d3de",
 )
 
 maven_jar(
-  name = 'xerces',
-  artifact = 'xerces:xercesImpl:2.8.1',
-  sha1 = '25101e37ec0c907db6f0612cbf106ee519c1aef1',
+    name = "xerces",
+    artifact = "xerces:xercesImpl:2.8.1",
+    attach_source = False,
+    sha1 = "25101e37ec0c907db6f0612cbf106ee519c1aef1",
 )
+
+maven_jar(
+    name = "postgresql",
+    artifact = "org.postgresql:postgresql:42.2.5",
+    sha1 = "951b7eda125f3137538a94e2cbdcf744088ad4c2",
+)
+
+maven_jar(
+    name = "codemirror-minified",
+    artifact = "org.webjars.npm:codemirror-minified:" + CM_VERSION,
+    sha1 = "f84c178b11a188f416b4380bfb2b24f126453d28",
+)
+
+maven_jar(
+    name = "codemirror-original",
+    artifact = "org.webjars.npm:codemirror:" + CM_VERSION,
+    sha1 = "5a1f6c10d5aef0b9d2ce513dcc1e2657e4af730d",
+)
+
+maven_jar(
+    name = "diff-match-patch",
+    artifact = "org.webjars:google-diff-match-patch:" + DIFF_MATCH_PATCH_VERSION,
+    attach_source = False,
+    sha1 = "0cf1782dbcb8359d95070da9176059a5a9d37709",
+)
+
+maven_jar(
+    name = "commons-io",
+    artifact = "commons-io:commons-io:2.2",
+    sha1 = "83b5b8a7ba1c08f9e8c8ff2373724e33d3c1e22a",
+)
+
+maven_jar(
+    name = "asciidoctor",
+    artifact = "org.asciidoctor:asciidoctorj:1.5.7",
+    sha1 = "8e8c1d8fc6144405700dd8df3b177f2801ac5987",
+)
+
+maven_jar(
+    name = "jruby",
+    artifact = "org.jruby:jruby-complete:9.1.17.0",
+    sha1 = "76716d529710fc03d1d429b43e3cedd4419f78d4",
+)
+
+# When upgrading elasticsearch-rest-client, also upgrade httpcore-nio
+# and httpasyncclient as necessary.
+maven_jar(
+    name = "elasticsearch-rest-client",
+    artifact = "org.elasticsearch.client:elasticsearch-rest-client:6.4.3",
+    sha1 = "5c24325430971ba2fa4769eb446f026b7680d5e7",
+)
+
+JACKSON_VERSION = "2.9.8"
+
+maven_jar(
+    name = "jackson-core",
+    artifact = "com.fasterxml.jackson.core:jackson-core:" + JACKSON_VERSION,
+    sha1 = "0f5a654e4675769c716e5b387830d19b501ca191",
+)
+
+TESTCONTAINERS_VERSION = "1.11.2"
+
+maven_jar(
+    name = "testcontainers",
+    artifact = "org.testcontainers:testcontainers:" + TESTCONTAINERS_VERSION,
+    sha1 = "eae47ed24bb07270d4b60b5e2c3444c5bf3c8ea9",
+)
+
+maven_jar(
+    name = "duct-tape",
+    artifact = "org.rnorth.duct-tape:duct-tape:1.0.7",
+    sha1 = "a26b5d90d88c91321dc7a3734ea72d2fc019ebb6",
+)
+
+maven_jar(
+    name = "visible-assertions",
+    artifact = "org.rnorth.visible-assertions:visible-assertions:2.1.2",
+    sha1 = "20d31a578030ec8e941888537267d3123c2ad1c1",
+)
+
+maven_jar(
+    name = "jna",
+    artifact = "net.java.dev.jna:jna:5.2.0",
+    sha1 = "ed8b772eb077a9cb50e44e90899c66a9a6c00e67",
+)
+
+load("//tools/bzl:js.bzl", "bower_archive", "npm_binary")
+
+npm_binary(
+    name = "bower",
+)
+
+npm_binary(
+    name = "vulcanize",
+    repository = GERRIT,
+)
+
+npm_binary(
+    name = "crisper",
+    repository = GERRIT,
+)
+
+# bower_archive() seed components.
+bower_archive(
+    name = "iron-autogrow-textarea",
+    package = "polymerelements/iron-autogrow-textarea",
+    sha1 = "b9b6874c9a2b5be435557a827ff8bd6661672ee3",
+    version = "1.0.12",
+)
+
+bower_archive(
+    name = "es6-promise",
+    package = "stefanpenner/es6-promise",
+    sha1 = "a3a797bb22132f1ef75f9a2556173f81870c2e53",
+    version = "3.3.0",