blob: 55fbb60d6e2bab98f4d6736159b9f66fc2b2ebaf [file] [log] [blame]
  1. Release notes for Gerrit 2.5
  2. ============================
  3. Gerrit 2.5 is now available:
  4. link:[]
  5. Gerrit 2.5 includes the bug fixes done with
  6. link:ReleaseNotes-2.4.1.html[Gerrit 2.4.1] and
  7. link:ReleaseNotes-2.4.2.html[Gerrit 2.4.2]. These bug fixes are *not*
  8. listed in these release notes.
  9. Schema Change
  10. -------------
  11. *WARNING:* This release contains schema changes. To upgrade:
  12. ----
  13. java -jar gerrit.war init -d site_path
  14. ----
  15. *WARNING:* Upgrading to 2.5.x requires the server be first upgraded to 2.1.7 (or
  16. a later 2.1.x version), and then to 2.5.x. If you are upgrading from 2.2.x.x or
  17. newer, you may ignore this warning and upgrade directly to 2.5.x.
  18. Warning on upgrade to schema version 68
  19. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  20. The migration to schema version 68, may result in a warning, which can
  21. be ignored when running init in the interactive mode.
  22. E.g. this warning may look like this:
  23. ----
  24. Upgrading database schema from version 67 to 68 ...
  25. warning: Cannot create index for submodule subscriptions
  26. Duplicate key name 'submodule_subscriptions_access_bySubscription'
  27. Ignore warning and proceed with schema upgrade [y/N]?
  28. ----
  29. This migration is creating an index for the
  30. link:[submodule feature] in
  31. Gerrit. When the submodule feature was introduced the index was only
  32. created when a new site was initialized, but not when Gerrit was
  33. upgraded. This migration tries to create the index, but it will only
  34. succeed if the index does not exist yet. If the index exists already,
  35. the creation of the index will fail. There was no database independent
  36. way to detect this case and this is why this migration leaves it to the
  37. user to decide if a failure should be ignored or not. If from the error
  38. message you can see that the migration failed because the index exists
  39. already (as in the example above), you can safely ignore this warning.
  40. Upgrade Warnings
  41. ----------------
  42. [[replication]]
  43. Replication
  44. ~~~~~~~~~~~
  45. Gerrit 2.5 no longer includes replication support out of the box.
  46. Servers that reply upon `replication.config` to copy Git repository
  47. data to other locations must also install the replication plugin.
  48. Cache Configuration
  49. ~~~~~~~~~~~~~~~~~~~
  50. Disk caches are now backed by individual H2 databases, rather than
  51. Ehcache's own private format. Administrators are encouraged to clear
  52. the `'$site_path'/cache` directory before starting the new server.
  53. The `cache.NAME.diskLimit` configuration variable is now expressed in
  54. bytes of disk used. This is a change from previous versions of Gerrit,
  55. which expressed the limit as the number of entries rather than bytes.
  56. Bytes of disk is a more accurate way to size what is held. Admins that
  57. set this variable must update their configurations, as the old values
  58. are too small. For example a setting of `diskLimit = 65535` will only
  59. store 64 KiB worth of data on disk and can no longer hold 65,000 patch
  60. sets. It is recommended to delete the diskLimit variable (if set) and
  61. rely on the built-in default of `128m`.
  62. The `cache.diff.memoryLimit` and `cache.diff_intraline.memoryLimit`
  63. configuration variables are now expressed in bytes of memory used,
  64. rather than number of entries in the cache. This is a change from
  65. previous versions of Gerrit and gives administrators more control over
  66. how memory is partioned within a server. Admins that set this variable
  67. must update their configurations, as the old values are too small.
  68. For example a setting of `memoryLimit = 1024` now means only 1 KiB of
  69. data (which may not even hold 1 patch set), not 1024 patch sets. It
  70. is recommended to set these to `10m` for 10 MiB of memory, and
  71. increase as necessary.
  72. The `cache.NAME.maxAge` variable now means the maximum amount of time
  73. that can elapse between reads of the source data into the cache, no
  74. matter how often it is being accessed. In prior versions it meant how
  75. long an item could be held without being requested by a client before
  76. it was discarded. The new meaning of elapsed time before consulting
  77. the source data is more useful, as it enables a strict bound on how
  78. stale the cached data can be. This is especially useful for slave
  79. servers account and permission data, or the `ldap_groups` cache, where
  80. updates are often made to the source without telling Gerrit to reload
  81. the cache.
  82. New Features
  83. ------------
  84. Plugins
  85. ~~~~~~~
  86. The Gerrit server functionality can be extended by installing plugins.
  87. Depending on how tightly the extension code is coupled with the Gerrit
  88. server code, there is a distinction between
  89. link:[plugins] and
  90. link:[extensions].
  91. * link:#replication[Move replication logic to replication plugin]
  92. +
  93. This splits all of the replication code out of the core server
  94. and moves it into a standard plugin.
  95. * link:[Documentation about
  96. plugin development] including instructions for:
  97. ** link:[how to get
  98. started with plugin development]
  99. ** link:[plugin
  100. deployment/installation]
  101. * link:[API for plugins and
  102. extensions]
  103. * Support for link:[SSH command
  104. plugins]
  105. +
  106. Allows plugin developers to declare additional SSH commands.
  107. * Enable link:#ssh-alias[aliases for SSH commands]
  108. +
  109. Site administrators can alias SSH commands from a plugin into the
  110. `gerrit` namespace.
  111. +
  112. The aliases are configured statically at server startup, but are
  113. resolved dynamically at invocation time to the currently loaded
  114. version of the plugin. If the plugin is not loaded, or does not
  115. define the command, "not found" is returned to the user.
  116. * Support for link:[HTTP
  117. plugins]
  118. +
  119. Plugins may contribute to the /plugins/NAME/ URL space.
  120. * Automatic registration of plugin bindings
  121. +
  122. If a plugin has no modules declared in the manifest, automatically
  123. generate the modules for the plugin based on the class files that
  124. appear in the plugin and the `@Export` annotations that appear on
  125. these concrete classes.
  126. +
  127. For any non-abstract command that extends SshCommand, plugins may
  128. declare the command with `@Export("name")` to
  129. link:[bind the implementation
  130. as that SSH command].
  131. +
  132. Likewise link:[HTTP servlets
  133. can also be bound to URLs].
  134. * link:[Support a data
  135. directory for plugins on demand]
  136. * Support serving static/ and Documentation/ from plugins
  137. +
  138. The static/ and Documentation/ resource directories of a plugin can be
  139. served over HTTP for any loaded and running plugin, even if it has no
  140. other HTTP handlers. This permits a plugin to supply icons or other
  141. graphics for the web UI, or documentation content to help users learn
  142. how to use the plugin.
  143. * link:[Auto-formatting
  144. of plugin HTTP pages from Markdown files]
  145. +
  146. If Gerrit detects that a requested plugin resource does not exist, but
  147. instead a file with a `.md` extension does exist, Gerrit opens the
  148. `.md` file and reformats it as html.
  149. * Support of link:[macros in
  150. Markdown plugin documentation]
  151. * link:[Automatic
  152. generation of an index for the plugin documentation]
  153. * Support for audit plugins
  154. +
  155. Plugins can implement an `AuditListener` to be informed about auditable
  156. actions:
  157. +
  158. ----
  159. @Listener
  160. public class MyAuditTrail extends AuditListener
  161. ----
  162. +
  163. The plugin must define a plugin module that binds the implementation of
  164. the audit listener in the `configure()` method:
  165. +
  166. ----
  167. DynamicSet.bind(binder(), AuditListener.class).to(MyAuditTrail.class);
  168. ----
  169. * Web UI for plugins
  170. +
  171. Administrators can see the list of installed plugins in the WebUI
  172. under `Admin` > `Plugins`. For each plugin the plugin status is shown
  173. and it is possible to navigate to the plugin documentation.
  174. * Servlet to list plugins
  175. +
  176. Administrators can retrieve plugin information from a REST interface
  177. by loading `<server-url>/a/plugins/`.
  178. * Support SSH commands to
  179. ** link:[list the installed
  180. plugins]
  181. ** link:[install plugins]
  182. ** link:[enable plugins]
  183. ** link:[disable plugins]
  184. ** link:[reload plugins]
  185. * Support installation of core plugin on site initialization
  186. * Automatically load/unload/reload plugins
  187. +
  188. The PluginScanner thread runs every 1 minute by default and loads any
  189. newly created plugins, unloads any deleted plugins, and reloads any
  190. plugins that have been modified.
  191. +
  192. The check frequency can be configured by setting
  193. link:[
  194. plugins.checkFrequency] in the Gerrit config file. By configuration
  195. the scanner can also be disabled.
  196. * link:[Loading of plugins
  197. in own ClassLoader]
  198. * Plugin cleanup in the background
  199. +
  200. When a plugin is stopped, schedule a Plugin Cleaner task to run
  201. 1 minute later to try and clean out the garbage and release the
  202. JAR from `$site_path/tmp`.
  203. * Export `LifecycleListener` as extension point
  204. +
  205. Extensions may need to know when they are starting or stopping.
  206. Export the interface that they can use to learn this information.
  207. * Support injection of `ServerInformation` into extensions and plugins
  208. +
  209. Plugins can take this value by injection and learn the current
  210. server state during their own LifecycleListener. This enables a
  211. plugin to determine if it is loading as part of server startup, or
  212. because it was dynamically installed or reloaded by an administrator.
  213. * link:[Maven
  214. archetype for creating gerrit plugin projects]
  215. * Enables the use of session management in Jetty
  216. +
  217. This enables plugins to make use of servlet sessions.
  218. REST API
  219. ~~~~~~~~
  220. Gerrit now supports a REST like API available over HTTP. The API is
  221. suitable for automated tools to build upon, as well as supporting some
  222. ad-hoc scripting use cases.
  223. * link:[Documentation of the REST API]
  224. * Support REST endpoints to
  225. ** link:[query changes]
  226. ** link:[list projects]
  227. ** link:[suggest
  228. projects]
  229. ** link:[query
  230. the global capabilities of the calling user]
  231. * Support link:[anonymous
  232. and authenticated access] to the REST endpoints
  233. * Support link:[JSON output
  234. format] for the REST endpoints
  235. The new REST API is used from the Gerrit WebUI.
  236. Some of the methods from the old internal JSON-RPC interface were
  237. completely replaced by the new REST API and got deleted:
  238. * `ProjectAdminService.visibleProjects(AsyncCallback<ProjectList>)`
  239. * `ProjectAdminService.suggestParentCandidates(AsyncCallback<List<Project>>)`
  240. * `ChangeListService.myStarredChangeIds(AsyncCallback<Set<Change.Id>>)`
  241. * `ChangeListService.allQueryNext(String, String, int, AsyncCallback<SingleListChangeInfo>)`
  242. * `ChangeListService.allQueryPrev(String, String, int, AsyncCallback<SingleListChangeInfo>)`
  243. * `ChangeListService.forAccount(Account.Id, AsyncCallback<AccountDashboardInfo>)`
  244. [[query-deprecation]]
  245. In addition the `/query` API has been deprecated. By default it is
  246. still available but server administrators may disable it by setting
  247. the link:[
  248. `site.enableDeprecatedQuery`] parameter in the Gerrit config file. This
  249. allows to enforce tools to move to the new API.
  250. Web
  251. ~~~
  252. Change Screen
  253. ^^^^^^^^^^^^^
  254. * Display commit message in a box
  255. +
  256. The commit message on the change screen is now placed in a box with a
  257. title and emphasis on the commit summary. The star icon and the
  258. permalink are displayed in the box header. The header from the change
  259. screen is removed as it only held duplicate information.
  260. * Open the dependency section automatically when the change is needed
  261. by an open change
  262. * Only show a change as needed by if its current patch set depends on
  263. the change
  264. * Show only changes of the same project in the 'Depends On' section
  265. +
  266. If two projects share the same history it can happen that the same
  267. commit is pushed for both projects, resulting in two changes. If now
  268. a successor commit is pushed for one of the projects, the resulting
  269. successor change was wrongly listing both changes in the 'Depends On'
  270. section. Now only the predecessor change of the own project is listed.
  271. * link:[issue 1383]:
  272. Display the approval table on the PublishCommentsScreen.
  273. +
  274. So far the approval table that shows the reviewers and their current
  275. votes was only shown on the ChangeScreen. Now it is also shown on the
  276. PublishCommentScreen. This allows the reviewer to see all existing
  277. votes and reviewers when doing their own voting and publishing of
  278. comments. Seeing the existing votes helps the reviewer in
  279. understanding which votes are still required before the change can be
  280. submitted.
  281. * link:[issue 1380]:
  282. Display time next to change comments
  283. +
  284. When a comment was posted yesterday, or any time older than 1 day but
  285. less than 1 year ago, display the time too. Display "May 2 17:37" rather
  286. than just "May 2".
  287. * Only show "Can Merge" when the change is new or draft
  288. * Allow auto suggesting reviewers to draft changes
  289. +
  290. Auto completing users for draft changes did't work as the other
  291. users didn't have access to the drafts. The visibility check for
  292. the reviewer suggestion is now skipped.
  293. * link:[issue 1294]:
  294. Shorten subject of parent commit for displaying in the UI
  295. +
  296. If the parent commit has a very long subject (> 80 characters) shorten
  297. the subject for displaying it in the Gerrit web UI on the change screen.
  298. This avoids that the 'Parent(s)' cell for the patch set becomes very
  299. wide.
  300. * If subject is shortened for displaying in the UI indicate this by '...'
  301. +
  302. If a commit has a very long subject line (> 80 characters) it is
  303. shortened when it is displayed in the Gerrit Web UI. Indicate to the
  304. user that the subject was shortened by appending '...' to the shortened
  305. subject.
  306. +
  307. Also the subject is now cropped after a whitespace if possible.
  308. * Insert Change-Id for revert commits
  309. +
  310. The 'Revert Change' action on a merged change allows to create a new
  311. change that reverts the merged change. The commit message of the revert
  312. commit now contains a Change-Id.
  313. +
  314. It is convenient if a Change-Id is automatically created and inserted
  315. into the commit message of the revert commit since it makes rebasing of
  316. the revert commit easier.
  317. * Use more gentle shade of red to highlight outdated dependencies
  318. Patch Screens
  319. ^^^^^^^^^^^^^
  320. * New patch screen header
  321. +
  322. A new patch screen header was added that is displayed above both the
  323. side-by-side and unified views. The new header contains actual links to
  324. the available patchsets and shows which patchset is being currently
  325. displayed.
  326. * link:[issue 1192]:
  327. Add download links to the unified diff view
  328. * Improvement of the side-by-side viewer table
  329. +
  330. The line number column for the right side was moved to be on the far
  331. right of the table, so that the layout now looks like this:
  332. +
  333. ----
  334. 1 | foo | bar | 1
  335. 2 | hello | hello | 2
  336. ----
  337. +
  338. This looks nicer when reading a lot of code, as the line numbers are
  339. less relevant than the code itself which is now in the center of the
  340. UI.
  341. +
  342. Line numbers are still links to create comment editors, but they
  343. use a light shade of gray and skip the underline decoration, making
  344. them less visually distracting.
  345. +
  346. Skip lines now use a paler shade of blue and also hide the fact they
  347. contain anchors, until you hover over them and the anchor shows up.
  348. +
  349. The expand before and after are changed to be arrows showing in
  350. which direction the lines will appear above or below the skip
  351. line.
  352. * link:[issue 626]:
  353. Option to display line endings
  354. +
  355. There is a new user preference that allows to display Windows EOL/Cr-Lf.
  356. '\r' is shown in a dotted-line box (similar to how '\r' is displayed in
  357. GitWeb).
  358. * Streamlined review workflow
  359. +
  360. A link was added next to the "Reviewed" checkbox that marks the current
  361. patch as reviewed and goes to the next unreviewed patch.
  362. * Add key commands to mark a patch as reviewed
  363. +
  364. Add key commands
  365. +
  366. . to toggle the reviewed flag for a patch ('m')
  367. +
  368. and
  369. +
  370. . to mark the patch as reviewed and navigate to the next unreviewed
  371. patch ('M').
  372. * Use download icons instead of the `Download` text links
  373. User Dashboard
  374. ^^^^^^^^^^^^^^
  375. * Support for link:[custom
  376. dashboards]
  377. * link:[issue 1407]:
  378. Improve highlighting of unreviewed changes in the user's dashboard
  379. +
  380. A change will be highlighted as unreviewed if
  381. +
  382. . the user is reviewer of the change but hasn't published any change
  383. message for the current patch set
  384. . the user has published a change message for the current patch set,
  385. but afterwards the change owner has published a change message on
  386. the change
  387. * Sort outgoing reviews in the user dashboard by created date
  388. * Sort incoming reviews in the user dashboard by updated date
  389. +
  390. Sorting the incoming reviews by last updated date, descending, places
  391. the most recently updated reviews at the top of the list for a user,
  392. and the oldest stale at the bottom. This may help users to identify
  393. items to take immediate action on, as they appear closer to the top.
  394. Access Rights Screen
  395. ^^^^^^^^^^^^^^^^^^^^
  396. * Display error if modifying access rights for a ref is forbidden
  397. +
  398. If a user is owner of at least one ref he is able to edit the access
  399. rights on a project. If he adds access rights for other refs, these
  400. access rights were silently ignored on save. Instead of this now an
  401. error message is displayed to inform the user that he doesn't have
  402. permissions to do the update for these refs.
  403. +
  404. In case of such an error the project access screen stays in the edit
  405. mode so that the unsaved modifications are not lost. The user may now
  406. propose the changes to the access rights through code review.
  407. * Allow to propose changes to access rights through code review
  408. +
  409. Users that are able to upload changes for code review for the
  410. `refs/meta/config` branch can now propose changes to the project access
  411. rights through code review directly from the ProjectAccessScreen.
  412. +
  413. When editing the project access rights there is a new button
  414. 'Save for Review' which will create a new change for the access
  415. rights modifications. Project owners are automatically added as
  416. reviewer to this change. If a project owner agrees to the access rights
  417. modifications he can simply approve and submit the change.
  418. * Show all access rights in WebUI if user can read `refs/meta/config`
  419. +
  420. Users who can read the `refs/meta/config` branch, can see all access
  421. rights by fetching this branch and looking at the `project.config`
  422. file. Now they can see the same information in the web UI.
  423. * Allow extra group suggestions for project owners
  424. +
  425. When suggesting groups to a user, only groups that are visible to the
  426. user are suggested. These are those group that the user is member of.
  427. For project owners now also groups to which they are not a member are
  428. suggested when editing the access rights of the project.
  429. Other
  430. ^^^^^
  431. * link:[issue 1592]:
  432. Ask user to login if change is not found
  433. +
  434. Accessing a change URL was failing with 'Application Error - The page
  435. you requested was not found, or you do not have permission to view this
  436. page' if the user was not signed in and the change was not visible to
  437. `Anonymous Users`. Instead Gerrit now asks the user to login and
  438. afterwards shows the change to the user if it exists and is visible.
  439. If the change doesn't exist or is not visible, the user will still get
  440. the NotFoundScreen after sign in.
  441. * Link to owner query from user names
  442. +
  443. Instead of linking from a user name to the user's dashboards, link to
  444. a search for changes owned by that user.
  445. * link:[Allow
  446. configuring the `Report Bug` URL]
  447. +
  448. Let site administrators direct users to their own ticket queue, as for
  449. many servers most of the reported bugs are small internal problems like
  450. asking for a repository to be created or updating group memberships.
  451. * On project creation allow choosing the parent project from a popup
  452. +
  453. In the create project UI a user can now browse all projects and select
  454. one as parent for the new project.
  455. * Check for open changes on branch deletion
  456. +
  457. Check for open changes when deleting a branch in the Gerrit WebUI.
  458. Delete a branch only if there are no open changes for this branch.
  459. This makes users aware of open changes when deleting a branch.
  460. * Enable ProjectBranchesScreen for the `All-Projects` project
  461. +
  462. This allows to see the branches of the `All-Projects` project in the
  463. web UI.
  464. * Show for each project in the project list a link to the repository
  465. browser (e.g. GitWeb).
  466. * Move the project listing menu items to a new top-level item
  467. +
  468. Finding the project listing was very opaque to end users. Nobody
  469. expected to look under `Admin` and furthermore, anonymous users were
  470. unable to find that link at all.
  471. +
  472. Introduced a new top-level `Projects` menu that has `List` in it to
  473. take you to the project listing.
  474. +
  475. In addition the `Create new project` link from the top of that listing
  476. was moved to this new menu.
  477. * Move the Groups and Plugins menu items to the top level
  478. +
  479. The top-level Admin menu is removed as it is now unnecessary after the
  480. Projects, Groups and Plugins menu items were moved to the top-level.
  481. * Move form for group creation to own screen
  482. +
  483. Move the form for the group creation from the GroupListScreen to an
  484. own new CreateGroupScreen and add a link to this screen at the
  485. beginning of the GroupListScreen. The link to the CreateGroupScreen is
  486. only visible if the user has the permission to create new groups.
  487. * Drop the `Owners` column from the group list screen
  488. +
  489. The `Owners` column on the group list screen has been dropped in order
  490. to link:#performance-issue-on-showing-group-list[speed up the loading
  491. of the group list screen].
  492. * Drop the `Group Type` column from the group list screen
  493. +
  494. Since link:#migrate-ldap-groups[the LDAP group type was removed] there
  495. is no need to display the group type on the group list screen anymore.
  496. There are only 3 `SYSTEM` groups using well known names, and everything
  497. else has the type `INTERNAL`.
  498. * When adding a user to a group create an account for the user if needed
  499. +
  500. Trying to add a user to a group that doesn't have an account fails with
  501. '... is not a registered user.'. Now adding a user to a group does not
  502. immediately fail if there is no account for the user, but it tries to
  503. authenticate the user and if the authentication is successful a user
  504. account is automatically created, so that the user can be added to the
  505. group. This only works if LDAP is used as user backend.
  506. +
  507. This allows to add users to groups that did not log in into Gerrit
  508. before.
  509. * Differentiate between draft changes and draft comments
  510. +
  511. Show the draft changes of the user when he clicks on `My` > `Drafts`.
  512. The user's draft comments are now available under `My` >
  513. `Draft Comments`.
  514. * Show NotFoundScreen if a user that can't create projects tries to
  515. access the ProjectCreationScreen
  516. * Add Edit, Reload next to non-editable Full Name field
  517. +
  518. If the user database is actually an external system users might need go
  519. to another server to edit their account data, and then re-import their
  520. account data by going through a login cycle. This is highly similar to
  521. LDAP where the directory provides account data and its refreshed every
  522. time the user visits the `/login/` URL handler.
  523. +
  524. The URL for the external system can be configured for the
  525. link:#custom-extension[`CUSTOM_EXTENSION`] auth type.
  526. Access Rights
  527. ~~~~~~~~~~~~~
  528. * Restrict rebasing of a change in the web UI to the change owner and
  529. the submitter
  530. * Add a new link:[
  531. access right to permit rebasing changes in the web UI]
  532. * link:[issue 930]:
  533. Add new link:[
  534. access right for abandoning changes]
  535. * Check if user can upload in order to restore
  536. +
  537. Restoring a change is similar to uploading a new change. If a branch
  538. gets closed by removing the access rights to upload new changes it
  539. shouldn't be possible to restore changes for this branch.
  540. [[hide-config]]
  541. * Make read access to `refs/meta/config` by default exclusive to
  542. project owners
  543. +
  544. When initializing a new site a set of default access rights is
  545. configured on the `All-Projects` project. These default access rights
  546. include read access on `refs/*` for `Anonymous Users` and read access
  547. on `refs/meta/config` for `Project Owners`. Since the read access on
  548. `refs/meta/config` for `Project Owners` was not exclusive,
  549. `Anonymous users` were able to access the `refs/meta/config` branch
  550. which by default should only be accessible by the project owners.
  551. Search
  552. ~~~~~~
  553. * Offer suggestions for the search operators in the search panel
  554. +
  555. There are many search operators and it's difficult to remember all of
  556. them. Now the search operators are suggested as the user types the
  557. query.
  558. * Support alias `self` in queries
  559. +
  560. Writing an expression like "owner:self status:open" will now identify
  561. changes that the caller owns and are still open. This `self` alias
  562. is valid in contexts where a user is expected as an argument to a
  563. query operator.
  564. * Add parent(s) revision information to output of query command
  565. * Add owner username to output of query command
  566. * `/query` API has been link:#query-deprecation[deprecated]
  567. SSH
  568. ~~~
  569. * link:[issue 1095]
  570. link:[SSH command to manage
  571. accounts]
  572. * On link:[account creation] a
  573. password for HTTP can be specified.
  574. * link:[SSH command to manage
  575. project settings]
  576. * link:[SSH command to test
  577. submit rules]
  578. +
  579. The command creates a fresh Prolog environment and loads a Prolog
  580. script from stdin. `can_submit` is then queried and the results are
  581. returned to the user.
  582. * link:[SSH command to ban
  583. commits]
  584. [[ssh-alias]]
  585. * Enable aliases for SSH commands
  586. +
  587. Site administrators can define aliases for SSH commands in the
  588. link:[`ssh-alias` section]
  589. of the Gerrit configuration.
  590. * Add submit records to the output of the
  591. link:[query] SSH command:
  592. +
  593. Add a command line option to the `query` SSH command to include submit
  594. records in the output.
  595. +
  596. This facilitates the querying of information relating to the submit
  597. status from the command line and by API clients, including information
  598. such as whether the change can be submitted as-is, and whether the
  599. submission criteria for each review label has been met.
  600. * Support JSON output format for the
  601. link:[ls-projects] SSH command
  602. * Support creation of multiple branches in
  603. link:[create-project] SSH
  604. command
  605. +
  606. In case if a project has some kind of waterfall automerging
  607. a->b->c it is convenient to create all these branches at the
  608. project creation time.
  609. +
  610. e.g. '.. gerrit create-project -b master -b foo -b bar ...'
  611. * Add verbose output option to
  612. link:[ls-groups] command
  613. +
  614. The verbose mode enabled by the new option makes the ls-groups
  615. command output a tab-separated table containing all available
  616. information about each group (though not its members).
  617. Documentation
  618. ~~~~~~~~~~~~~
  619. Commands
  620. ^^^^^^^^
  621. * document for the link:[`create-group`]
  622. command that for unknown users an account is automatically created if
  623. the LDAP authentication succeeds
  624. * Update documentation and help text for the
  625. link:[`review`] SSH command
  626. +
  627. The review command can be applied to multiple changes, but the
  628. help text was written in singular tense.
  629. +
  630. Add a paragraph in the documentation explaining that the
  631. `--force-message` option will not be effective if the `review` command
  632. fails because the user is not permitted to change the label.
  633. * Clarify that `init --batch` doesn't drop old database objects
  634. * Update the list of unsupported slave commands
  635. * Fix link:[`stream-events`]
  636. documentation
  637. +
  638. Some attributes contained in the events were not described, for a few
  639. others the name was given in a wrong case.
  640. * Fix and complete synopsis of commands
  641. Access Control
  642. ^^^^^^^^^^^^^^
  643. * Clarify the ref format for
  644. link:[`Push
  645. Merge Commit`]
  646. +
  647. Elaborate on the required format of the ref used for `Push Merge Commit`
  648. access right entries to avoid user confusion when granting access to
  649. `refs/heads/*` still doesn't allow them to push any merge commits.
  650. * Document the
  651. link:[
  652. `emailReviewers`] capability
  653. Error
  654. ^^^^^
  655. * Improve documentation of link:[
  656. `change closed` error]
  657. +
  658. The `change closed` error can also occur when trying to submit a
  659. review label with the SSH review command onto a change that has
  660. been closed (submitted and merged, or abandoned) or onto a patchset
  661. that has been replaced by a newer patchset.
  662. * Correct documentation of `invalid author` and `invalid committer`
  663. errors
  664. +
  665. The error messages `you are not committer ...` and `you are not
  666. author ...` were replaced with `invalid author` and `invalid
  667. committer`.
  668. * Describe that the `prohibited by Gerrit` error is returned if pushing
  669. a tag fails because the tagger is somebody else and the `Forge
  670. Committer` access right is not assigned.
  671. Dev
  672. ^^^
  674. +
  675. Pushes are now accepted at the same address as clone/fetch/pull.
  676. * Update link:[contributor
  677. document]
  678. +
  679. We now prefer to use Guava (previously known as Google Collections).
  680. * Fixed broken link to source code
  681. +
  682. Updated the documentation source code links to point to:
  684. * State link:[known issues]
  685. when debugging Gerrit with Eclipse
  686. * Improved the section on
  687. link:[hosted mode
  688. debugging]
  689. +
  690. The existing section on hosted mode debugging left out a couple of
  691. steps, and the requirement to use `DEVELOPMENT_BECOME_ANY_ACCOUNT`
  692. instead of `OpenID` was not mentioned anywhere.
  693. * Add a link:[release preparation
  694. document]
  695. +
  696. Document what it takes to make a Gerrit stable or stable-fix release,
  697. and how to release Gerrit subprojects.
  698. Other
  699. ^^^^^
  700. * Add link:[Cookbook for Prolog
  701. submit rules]
  702. +
  703. A new document providing a step by step introduction into implementing
  704. specific submit policies using Prolog based submit rules was added.
  705. * Describe link:[
  706. `refs/notes/review` and its contents]
  707. * link:[Document `RebasedPatchSet.vm`
  708. and `Reverted.vm` mail templates]
  709. * Specify output file for curl commands in documentation
  710. +
  711. For downloading the `commit-msg` hook and the `gerrit-cherry-pick`
  712. script users can either use scp or curl. Specify the output file for
  713. each curl command so that the result is equal to the matching scp
  714. command.
  715. * Document that user must be in repository root to install `commit-msg`
  716. hook
  717. * Add some clarifications to the
  718. link:[quick installation guide]
  719. * Add missing documentation about
  720. link:[hook configuration]
  721. +
  722. Add documentation of hook config for `change-restored`, `ref-updated`
  723. and `cla-signed` hooks.
  724. * Document that the commit message hook file should be executable
  725. * Mention that also MySQL supports replication, not just Postgres
  726. * Make sorting of release notes consistent so that the release notes
  727. for the newest release is always on top
  728. * Various corrections
  729. +
  730. Correct typos, spelling mistakes, and grammatical errors.
  731. Dev
  732. ~~~
  733. * Add link:[script for
  734. releasing plugin API jars]
  735. * Pushes are now accepted at the same address as clone/fetch/pull
  736. +
  737. To submit patches commits can be pushed to
  739. * Add `-Pchrome`, `-Pwebkit`, `-Pfirefox` aliases for building
  740. +
  741. This makes it easier to build for the browser you want to
  742. test on, rather than remembering what its GWT name is.
  743. * Disable assertions for KeyCommandSet when running in gwtdebug mode
  744. +
  745. The assertions in the KeyCommandSet class cause exceptions when a
  746. KeyCommand is registered several times.
  747. * Add the run profiles to the favorites menu
  748. * Add Intellij IDEA files to ignore list
  749. * Move local Maven repository to Google Cloud Storage
  750. * Make sure asciidoc uses unix line endings in generated HTML.
  751. +
  752. Use an explicit asciidoc attribute to make sure the produced HTML will
  753. always contain unix line endings. This will help in producing build
  754. results that are better comparable by size.
  755. * Remove timestamp from all `org.eclipse.core.resources.prefs` files
  756. +
  757. Eclipse overwrites these files when we import projects using m2e.
  758. Eclipse 3 writes a timestamp at the top of these files making the Git
  759. working tree dirty. Eclipse 4 (Juno) still overwrites these files but
  760. doesn't write the timestamp. This should help to keep the working tree
  761. clean. However, since the timestamp is currently present in these
  762. files, Eclispe 4 would still make them dirty by overwriting and
  763. effectively removing the timestamp.
  764. +
  765. This change removes the timestamp from these files. This helps those
  766. using Eclipse 4 and doesn't make it worse for those still using Eclispe
  767. 3.
  768. * Add Maven profile to skip build of plugin modules
  769. +
  770. Building the plugin modules ('Plugin API' and 'Plugin Archetype') may
  771. take a significant amount of time (since many jars are downloaded).
  772. During development it is not needed to build the plugin modules. A new
  773. Maven profile was added that skips the build of the plugin modules,
  774. so that developers have a faster turnaround. This profile is called
  775. `no-plugins` and it's active by default. To include the plugin modules
  776. into the build activate the `all` profile:
  777. +
  778. ----
  779. mvn clean package -P all
  780. ----
  781. +
  782. The script to make release builds has been adapted to activate the
  783. `all` profile so that the plugin modules are always built for release
  784. builds.
  785. Mail
  786. ~~~~
  787. * Add unified diff to newchange mail template
  788. +
  789. Add `$email.UnifiedDiff` as new macro to the `NewChange.vm` mail
  790. template. This macro is expanded to a unified diff of the patch.
  791. * link:[
  792. sendemail.includeDiff]: Enable `$email.UnifiedDiff` in `NewChange.vm`
  793. +
  794. Instead of making site administrators hack the email template, allow
  795. admins to enable the diff feature by setting a configuration variable
  796. in `gerrit.config`.
  797. * link:[
  798. sendemail.maximumDiffSize]: Limit the size of diffs sent by email
  799. +
  800. If a unified diff included in an email will exceed the limit configured
  801. by the system administrator, only the affected file paths are listed in
  802. the email instead. This gives interested parties some context on the
  803. size and scope of the change, without killing their inbox.
  804. * Catch all exceptions when emailing change update
  805. * Allow unique from address generation
  806. +
  807. Allow the from email address to be a ParameterizedString that handles
  808. the `${userHash}` variable. The value of the variable is the md5 hash
  809. of the user name. This allows unique generation of email addresses, so
  810. GMAIL threads names of users in conversations correctly. For example,
  811. the from pattern for gerrit-review defined in the Gerrit configuration
  812. looks like this:
  813. +
  814. ----
  815. [sendemail]
  816. from = ${user} <noreply-gerritcodereview+${userHash}>
  817. ----
  818. * Show new change URLs in the body of the new change email
  819. +
  820. Some email clients hide the signature section of an email
  821. automatically. If there are no reviewers listed on a new change,
  822. such as when a change is pushed over HTTP and a notification is
  823. automatically sent out to any subscribed watchers, the URL was
  824. hidden inside of the signature and not readily available.
  825. +
  826. Show the URL right away in the body.
  827. Miscellaneous
  828. ~~~~~~~~~~~~~
  829. * Back in-memory caches with Guava, disk caches with H2
  830. +
  831. Instead of using Ehcache for in-memory caches, use Guava. The Guava
  832. cache code has been more completely tested by Google in high load
  833. production environments, and it tends to have fewer bugs. It enables
  834. caches to be built at any time, rather than only at server startup.
  835. +
  836. By creating a Guava cache as soon as it is declared, rather than
  837. during the LifecycleListener.start() for the CachePool, we can promise
  838. any downstream consumer of the cache that the cache is ready to
  839. execute requests the moment it is supplied by Guice. This fixes a
  840. startup ordering problem in the GroupCache and the ProjectCache, where
  841. code wants to use one of these caches during startup to resolve a
  842. group or project by name.
  843. +
  844. Tracking the Gauva backend caches with a DynamicMap makes it possible
  845. for plugins to define their own in-memory caches using CacheModule's
  846. cache() function to declare the cache. It allows the core server to
  847. make the cache available to administrators over SSH with the gerrit
  848. show-caches and gerrit `flush-caches` commands.
  849. +
  850. Persistent caches store in a private H2 database per cache, with a
  851. simple one-table schema that stores each entry in a table row as a
  852. pair of serialized objects (key and value). Database reads are gated
  853. by a BloomFilter, to reduce the number of calls made to H2 during
  854. cache misses. In theory less than 3% of cache misses will reach H2 and
  855. find nothing. Stores happen on a background thread quickly after the
  856. put is made to the cache, reducing the risk that a diff or web_session
  857. record is lost during an ungraceful shutdown.
  858. +
  859. Cache databases are capped around 128M worth of stored data by running
  860. a prune cycle each day at 1 AM local server time. Records are removed
  861. from the database by ordering on the last access time, where last
  862. accessed is the last time the record was moved from disk to memory.
  863. * Add OpenID SSO support.
  864. +
  865. Setting `OPENID_SSO` for
  866. link:[`auth.type`] in the
  867. `gerrit.config` will allow the admin to specify an SSO entry point URL
  868. so that users clicking on "Sign In" are sent directly to that URL.
  869. * Git over HTTP BasicAuth against Gerrit basic auth.
  870. +
  871. Allows the configuration of native Gerrit username/password
  872. authentication scheme used for Git over HTTP BasicAuth, as alternative
  873. of the default DigestAuth scheme against the random generated password
  874. on Gerrit DB.
  875. +
  876. Example setting for link:[
  877. `auth.type`] and link:[
  878. `auth.gitBasicAuth`]:
  879. +
  880. ----
  881. [auth]
  882. type = LDAP
  883. gitBasicAuth = true
  884. ----
  885. +
  886. With this configuration Git over HTTP protocol will be authenticated
  887. using `HTTP-BasicAuth` and credentials checked on LDAP.
  888. * Abstract group systems into GroupBackend interface
  889. +
  890. Group backends are supposed to use unique prefixes to isolate the
  891. namespaces. E.g. the group backend for LDAP is using `ldap/` as prefix
  892. for the group names.
  893. +
  894. This means that to refer to an LDAP group in the WebUI the group name
  895. needs to be prefixed with the `ldap/` string. E.g. if there is a group
  896. in LDAP which is called "Developers", Gerrit will suggest this group
  897. when the user types `ldap/De`.
  898. +
  899. WARNING: External groups are not anymore allowed to be members of
  900. internal groups.
  901. [[migrate-ldap-groups]]
  902. * Migrate existing internal LDAP groups
  903. +
  904. Previously, LDAP groups were mirrored in the AccountGroup table and
  905. given an Id and UUID the same as internal groups. Update these groups
  906. to be backed by only a GroupReference, with a special "ldap:" UUID
  907. prefix. Migrate all existing references to the UUID in ownerGroupUUID
  908. and any `project.config`.
  909. +
  910. This made the LDAP group type obsolete and it was removed.
  911. * link:[issue 548]:
  912. Make commands to download patch sets
  913. link:[configurable]
  914. +
  915. For patch sets on the ChangeScreen different commands for downloading
  916. the patch sets are offered. For some installations not all commands are
  917. needed. Allow Gerrit administrators to configure which download
  918. commands should be offered.
  919. * Add more link:[theme color
  920. options]
  921. +
  922. ** Add a theme option to change outdated background color
  923. ** Add odd/even row background color for tables such as list of open
  924. reviews. This makes them more visible without clicking on them.
  925. * link:[Add `notify` section in
  926. `project.config`]
  927. +
  928. The notify section allows project owners to include emails to users
  929. directly from `project.config`. This removes the need to create fake
  930. user accounts to always BCC a group mailing list.
  931. * Include the contributor agreements in the `project.config` and
  932. migrate contributor agreements to `All-Projects`
  933. +
  934. Update the parsing of `project.config` to support the contributor
  935. agreements.
  936. +
  937. Add a new schema to move the ContributorAgreement, AccountAgreement,
  938. and AccountGroupAgreement information into the `All-Projects`
  939. `project.config`.
  940. * Add `sameGroupVisibility` to `All-Projects` `project.config`
  941. +
  942. The `sameGroupVisiblity` is needed to restrict the visibility of
  943. accounts when `accountVisibility` is `SAME_GROUP`. Namely, this is a
  944. way to make sure the `autoVerify` group in a `contributor-agreements`
  945. section is never suggested.
  946. * Add change topic in hook arguments
  947. +
  948. It was not possible for hook scripts to include topic-specific
  949. behaviour because the topic name was not included in the arguments.
  950. * Add `--is-draft` argument on `patchset-created` hook
  951. +
  952. The `--is-draft` argument will be passed with either `true` if
  953. the patchset is a draft, or `false` otherwise.
  954. +
  955. This can be used by hooks that need to behave differently if the
  956. change is a draft.
  957. * Log sign in failures on info level
  958. +
  959. If for a user signing in into the Gerrit web UI fails, this can have
  960. many reasons, e.g. username is wrong, password is wrong, user is marked
  961. as inactive, user is locked in the user backend etc. In all cases the
  962. user just gets a generic error message 'Incorrect username or
  963. password.'. Gerrit administrators had trouble to find the exact reason
  964. for the sign in problem because the corresponding AccountException was
  965. not logged.
  966. * Do not log 'Object too large' as error with full stacktrace
  967. +
  968. If a user pushes an object which is larger than the configured
  969. `receive.maxObjectSizeLimit` parameter, the push is rejected with an
  970. 'Object too large' error. In addition an error log entry with the full
  971. stacktrace was written into the error log.
  972. +
  973. This is not really a server error, but just a user doing something that
  974. is not allowed, and thus it should not be logged as error. For a Gerrit
  975. administrator it might still be interesting how often the limit is hit.
  976. This is why it makes sense to still log this on info level.
  977. +
  978. For the user pushing a too large object we now do not print the
  979. 'fatal: Unpack error, check server log' message anymore, but only the
  980. 'Object too large' error message.
  981. * Add better explanations to rejection messages
  982. +
  983. Provide information to the user why a certain push was rejected.
  984. * Automatic schema upgrade on Gerrit startup
  985. +
  986. In case when Gerrit administrator(s) don't have a direct access to the
  987. file system where the review site is located it gets difficult to
  988. perform a schema upgrade (run the init program). For such cases it is
  989. convenient if Gerrit performs schema upgrade automatically on its
  990. startup.
  991. +
  992. Since this is a potentially dangerous operation, by default it will not
  993. be performed. The configuration parameter
  994. link:[
  995. site.upgradeSchemaOnStartup] is used to switch on automatic schema
  996. upgrade.
  997. * Shorten column names that are longer than 30 characters
  998. +
  999. Some databases can't deal with column names that are longer than 30
  1000. characters. Examples are MaxDB and
  1001. link:[Oracle].
  1002. +
  1003. Gerrit had two column names in the `accounts` table that exceeded the
  1004. 30 characters: `displayPatchSetsInReverseOrder`,
  1005. `displayPersonNameInReviewCategory`
  1006. +
  1007. These 2 columns were renamed so that their names fit within the 30
  1008. character range.
  1009. * Increase the maximum length for tracking ID's to 32 characters
  1010. +
  1011. So far tracking ID's had a maximum length of only 20 characters.
  1012. * Set `GERRIT_SITE` in Gerrit hooks as environment variable
  1013. +
  1014. Allows development of hooks parametrised on Gerrit location. This can
  1015. be useful to allow hooks to load the Gerrit configuration when needed
  1016. (from `$GERRIT_SITE`) or even store their additional config files under
  1017. `$GERRIT_SITE/etc` and retrieve them at startup.
  1018. * Add an exponentially rolling garbage collection script
  1019. +
  1020. `` is a git garbage collection script aimed specifically
  1021. at reducing exccessive garbage collection and particularly large
  1022. packfile churn for Gerrit installations.
  1023. +
  1024. Excessive garbage collection on "dormant" repos is wasteful of both CPU
  1025. and disk IO. Large packfile churn can lead to heavy RAM and FS usage
  1026. on Gerrit servers when the Gerrit process continues to hold open the
  1027. old delete packfiles. This situation is most detrimental when jgit is
  1028. configured with large caching parameters. Aside from these downsides,
  1029. running git gc often can be very beneficial to performance on servers.
  1030. This script attempts to implement a git gc policy which avoids the
  1031. downsides mentioned above so that git gc can be comfortably run very
  1032. regularly.
  1033. +
  1034. `` uses keep files to manage which files will get
  1035. repacked. It also uses timestamps on the repos to detect dormant repos
  1036. to avoid repacking them at all. The primary packfile objective is to
  1037. keep around a series of packfiles with sizes spaced out exponentially
  1038. from each other, and to roll smaller packfiles into larger ones once
  1039. the smaller ones have grown. This strategy attempts to balance disk
  1040. space usage with avoiding rewriting large packfiles most of the time.
  1041. +
  1042. The exponential packing objective above does not save a large amount of
  1043. time or CPU, but it does prevent the packfile churn. Depending on repo
  1044. usage, however the dormant repo detection and avoidance can result in a
  1045. very large time savings.
  1046. * Automatically flush persistent H2 cache if the existing cache entries
  1047. are incompatible with the cache entry class and thus can't be
  1048. deserialized
  1049. * Unpack JARs for running servers in `$site_path/tmp`
  1050. +
  1051. Instead of unpacking a running server into `~/.gerritcodereview/tmp`
  1052. only use that location for commands like init where there is no active
  1053. site. From always use `$site_path/tmp` for the JARs to
  1054. isolate servers that run on the same host under the same UNIX user
  1055. account.
  1056. [[custom-extension]]
  1057. * Allow for the `CUSTOM_EXTENSION` `auth.type` to configure URLs for
  1058. editing the user name and obtaining an HTTP password
  1059. +
  1060. Allow `CUSTOM_EXTENSION` auth type to supply by `auth.editFullNameUrl`
  1061. a URL in the web UI that links users to the other account system,
  1062. where they can edit their name, and then use another reload URL to
  1063. cycle through the `/login/` step and refresh the data cached by Gerrit.
  1064. +
  1065. Allow `CUSTOM_EXTENSION` auth type to supply by `auth.httpPasswordUrl`
  1066. a URL in the web UI that allows users to obtain an HTTP password.
  1067. +
  1068. Like the rest of the `CUSTOM_EXTENSION` stuff, this is hack that will
  1069. eventually go away when there is proper support for authentication
  1070. plugins.
  1071. Performance
  1072. ~~~~~~~~~~~
  1073. [[performance-issue-on-showing-group-list]]
  1074. * Fix performance issues on showing the list of groups in the Gerrit
  1075. WebUI
  1076. +
  1077. Loading `Admin` > `Groups` on large servers was very slow. The entire
  1078. group membership database was downloaded to the browser when showing
  1079. just the list of groups.
  1080. +
  1081. Now the amount of data that needs to be downloaded to the browser is
  1082. reduced by using the more leightweight `AccountGroup` type instead of
  1083. the `GroupDetail` type when showing the groups in a list format. As a
  1084. consequence the `Owners` column that showed the name of the owner group
  1085. had been dropped.
  1086. * Add LDAP-cache to minimize number of queries when unnesting groups
  1087. +
  1088. A new cache named "ldap_groups_byinclude" is introduced to help lessen
  1089. the number of queries needed to resolve nested LDAP-groups.
  1090. * Add index for accessing change messages by patch set
  1091. +
  1092. This improves the performance of loading the dashboards.
  1093. * Add a fast path to avoid checking every commit on push
  1094. +
  1095. If a user can forge author, committer and gerrit server identity, and
  1096. can upload merges, don't bother checking the commit history of what is
  1097. being uploaded. This can save time on servers that are trying to accept
  1098. a large project import using the push permission.
  1099. * Improve performance of `ReceiveCommits` by reducing `RevWalk` load
  1100. +
  1101. JGit RevWalk does not perform well when a large number of objects are
  1102. added to the start set by `markStart` or `markUninteresting`. Avoid
  1103. putting existing `refs/changes/` or `refs/tags/` into the `RevWalk` and
  1104. instead use only the `refs/heads` namespace and the name of the branch
  1105. used in the `refs/for/` push line.
  1106. +
  1107. Catch existing changes by looking for their exact commit SHA-1, rather
  1108. than complete ancestory. This should have roughly the same outcome for
  1109. anyone pushing a new commit on top of an existing open change, but
  1110. with lower computional cost at the server.
  1111. * Lookup changes in parallel during `ReceiveCommits`
  1112. +
  1113. If the database has high query latency, the loop that locates existing
  1114. changes on the destination branch given Change-Id can be slow. Start
  1115. all of the queries as commits are discovered, but don't block on
  1116. results until all queries were started.
  1117. +
  1118. If the database can build the `ResultSet` in the background, this may
  1119. hide some of the query latency by allowing the queries to overlap when
  1120. more than one lookup must be performed for a push.
  1121. * Perform change update on multiple threads
  1122. +
  1123. When multiple changes need to be created or updated for a single push
  1124. operation they are now inserted into the database by parallel threads,
  1125. up to the maximum allowed thread count. The current thread is used
  1126. when the thread pool is already fully in use, falling back to the
  1127. prior behavior where each concurrent push operation can do its own
  1128. concurrent database update. The thread pool exists to reduce latency
  1129. so long as there are sufficient threads available.
  1130. +
  1131. This helps push times on databases that are high latency, such as
  1132. database servers that are running on a different machine from the
  1133. Gerrit server itself, e.g.
  1134. +
  1135. The new thread pool is
  1136. link:[
  1137. disabled by default], limiting the overhead to servers that have good
  1138. latency with their database, such as using in-process H2 database, or
  1139. a MySQL or PostgreSQL on the same host.
  1140. * Use `BatchRefUpdate` to execute reference changes
  1141. +
  1142. Some storage backends for JGit are able to update multiple references
  1143. in a single pass efficiently. Take advantage of this by pushing
  1144. any normal reference updates (such as direct push or branch create)
  1145. into a single `BatchRefUpdate` object.
  1146. * Assume labels are correct in ListChanges
  1147. +
  1148. To reduce end-user latency when displaying changes in a search result
  1149. or user dashboard, assume the labels are accurate in the database at
  1150. display time and don't recompute the access privileges of a reviewer.
  1151. * Notify the cache that the git_tags was modified
  1152. +
  1153. The tag cache was updated in-place, which prevented the H2 based
  1154. storage from writing out the updated tag information. This meant
  1155. servers almost never had the right data stored on disk and had to
  1156. recompute it at startup.
  1157. +
  1158. Anytime the value is now modified in place, put it back into the
  1159. cache so it can be saved for use on the next startup.
  1160. * Special case hiding `refs/meta/config` from Git clients
  1161. +
  1162. VisibleRefFilter requires a lot of server CPU to accurately provide
  1163. the correct listing to clients when they cannot read `refs/*`.
  1164. +
  1165. Since the default configuration is now to link:#hide-config[
  1166. hide `refs/meta/config`], use a special case in VisibleRefFilter that
  1167. permits showing every reference except `refs/meta/config` if a user can
  1168. read every other reference in the repository.
  1169. * Avoid second remote call to lookup approvals when loading change
  1170. results
  1171. +
  1172. By using the new link:[`/changes/`]
  1173. REST endpoint the web UI client now obtains the label information
  1174. during the query and avoids a second round trip to lookup the current
  1175. approvals for each displayed change. For most users this should improve
  1176. the way the page renders. The verified and code review columns will be
  1177. populated before the table is made visible, preventing the layout from
  1178. "jumping" the way the old UI did when the 2nd RPC finally finished and
  1179. supplied the label data.
  1180. * Load patch set approvals in parallel
  1181. +
  1182. ResultSet is a future-like interface, the database system is free to
  1183. execute each result set asynchronously in the background if it
  1184. supports that. gwtorm's default SQL backend always runs queries
  1185. immediately and then returns a ListResultSet, so for most installs this
  1186. has no real impact in ordering.
  1187. +
  1188. For the system that runs gerrit-review, each query has a high cost in
  1189. network latency, the system treats ResultSet as a future promise to
  1190. supply the matching rows. Getting all of the necessary ResultSets up
  1191. front allows the database to send all requests to the backend as early
  1192. as possible, allowing the network latency to overlap.
  1193. Upgrades
  1194. --------
  1195. * Update Gson to 2.1
  1196. * Update GWT to 2.4.0
  1197. * Update JGit to
  1198. * Use gwtexpui 1.2.6
  1199. +
  1200. ** Hide superfluous status text from clippy flash widget
  1201. ** Fix diappearance of text in CopyableLabel when clicking on it
  1202. * Update Guava to 12.0.1
  1203. +
  1204. This fixes a performance problem with LoadingCache where the cache's
  1205. inner table did not dynamically resize to handle a larger number
  1206. of cached items, causing O(N) lookup performance for most objects.
  1207. Bug Fixes
  1208. ---------
  1209. Security
  1210. ~~~~~~~~
  1211. * Ensure that only administrators can change the global capabilities
  1212. +
  1213. Only Gerrit server administrators (members of the groups that have
  1214. the `administrateServer` capability) should be able to edit the
  1215. global capabilities because being able to edit the global capabilities
  1216. means being able to assign the `administrateServer` capability.
  1217. +
  1218. Because of this on the `All-Projects` project it is disallowed to assign
  1219. +
  1220. . the `owner` access rights on `refs/*`
  1221. +
  1222. Project owners (members of groups to which the `owner` access right
  1223. is assigned) are able to edit the access control list of the projects
  1224. they own. Hence being owner of the `All-Projects` project would allow
  1225. to edit the global capabilities and assign the `administrateServer`
  1226. capabilitiy without being Gerrit administrator.
  1227. +
  1228. In earlier Gerrit versions (2.1.x) it was already implemented like
  1229. this but the corresponding checks got lost.
  1230. +
  1231. . the 'push' access right on `refs/meta/config`
  1232. +
  1233. Being able to push configuration changes to the `All-Projects` project
  1234. allows to edit the global capabilities and hence a user with this
  1235. access right could assign the `administrateServer` capability without
  1236. being Gerrit administrator.
  1237. +
  1238. From the Gerrit WebUI (ProjectAccessScreen) it is not possible anymore
  1239. to assign on the `All-Projects` project the `owner` access right on
  1240. `refs/*` and the `push` access right on `refs/meta/config`.
  1241. +
  1242. In addition it is ensured that an `owner` access right that is assigned
  1243. for `refs/*` on the `All-Projects` project has no effect and that only
  1244. Gerrit administrators with the `push` access right can push
  1245. configuration changes to the `All-Projects` project.
  1246. +
  1247. It is still possible to assign both access rights (`owner` on `refs/*`
  1248. and `push` on `refs/meta/config`) on the `All-Projects` project by directly
  1249. editing its `project.config` file and pushing to `refs/meta/config`.
  1250. To fix this it would be needed to reject assigning these access rights
  1251. on the `All-Projects` project as invalid configuration, however doing this
  1252. would mean to break existing configurations of the `All-Projects` project
  1253. that assign these access rights. At the moment there is no migration
  1254. framework in place that would allow to migrate `project.config` files.
  1255. Hence this check is currently not done and these access rights in this
  1256. case have simply no effect.
  1257. Web
  1258. ~~~
  1259. * Do not show "Session cookie not available" on sign in
  1260. +
  1261. When LDAP is used for authentication, clicking on the 'Sign In' link
  1262. opens a user/password dialog. In this dialog the "Session cookie not
  1263. available." message was always shown as warning. This warning was
  1264. pretty useless since the user was about to sign in because he had no
  1265. current session.
  1266. +
  1267. This problem was discussed on the
  1268. link:!topic/repo-discuss/j-t77m8-7I0/discussion[
  1269. Gerrit mailing list].
  1270. * Reject restoring a change if its destination branch does not exist
  1271. anymore
  1272. * Reject submitting a change if its destination branch does not exist
  1273. anymore
  1274. +
  1275. If a branch got deleted and there was an open change for this branch,
  1276. it was still possible to submit this open change. As result the
  1277. destination branch was implicitly recreated, even if the user
  1278. submitting the change had no privileges to create branches.
  1279. * link:[issue 1352]:
  1280. Don't display "Download" link for `/COMMIT_MSG`
  1281. +
  1282. The commit message file is special, it doesn't actually exist and
  1283. cannot be downloaded. Don't offer the download link in the side by
  1284. side viewer.
  1285. * Dependencies were lost in the ChangeScreen's "Needed By" table
  1286. +
  1287. Older patchsets are now iterated for decendents, so that the dependency
  1288. chain does not break on new upstream patchsets.
  1289. * link:[issue 1442]:
  1290. Only show draft change dependency if current user is owner or reviewer
  1291. +
  1292. In the change screen, the dependencies panel was showing draft changes
  1293. in the "Depends On" and "Needed By" lists for all users, and when there
  1294. was no user logged in.
  1295. * link:[issue 1558]:
  1296. Create a draft patch set when a draft patch set is rebased
  1297. +
  1298. Rebasing a draft patch set created a non-draft patch set. It was
  1299. unexpected that rebasing a draft patch set published the modifications
  1300. done in the draft patch set.
  1301. * link:[issue 1176]:
  1302. Fix disappearance of download command in Firefox
  1303. +
  1304. Clicking on the download command for a patch set in Firefox made the
  1305. download command disappear.
  1306. * link:[issue 1587]:
  1307. Fix disappearance of action buttons when selecting the last patch set
  1308. as `Old Version History`
  1309. * Fix updating patch list when `Old Version History` is changed
  1310. +
  1311. If a collapsed patch set panel was expanded and re-closed it's patch
  1312. list wasn't updated anymore when the selection for `Old Version History`
  1313. was changed.
  1314. * link:[issue 1523]:
  1315. Update diff base to match old version history
  1316. +
  1317. When changing the diff base in the `Old Version History` on the change
  1318. screen and then entering the Side-By-Side view for a file, clicking on
  1319. the back button in the browser (reentering the change screen) was
  1320. causing the files to be wrongly compared with `Base` again.
  1321. * Don't NPE if current patch set is not available
  1322. +
  1323. Broken changes may have the current patch set field incorrectly
  1324. specified, causing currentPatchSet to be unable to locate the
  1325. correct data and return it. When this happens don't NPE, just
  1326. claim the change is not reviewed.
  1327. * link:[issue 1555]:
  1328. Fix displaying of file diff if draft patch has been deleted
  1329. +
  1330. Displaying any file diff for a patch set failed if the change had any
  1331. gaps in its patch set history. Patch sets can be missing, if they
  1332. have been drafts and were deleted.
  1333. * link:[issue 856]:
  1334. Fix displaying of comments on deleted files
  1335. +
  1336. Published and draft comments that are posted on deleted files were not
  1337. loaded and displayed.
  1338. * link:[issue 735]:
  1339. Fix `ArrayIndexOutOfBoundsException` on navigation to next/previous
  1340. patch
  1341. +
  1342. An `ArrayIndexOutOfBoundsException` could occur when navigating from
  1343. one patch to the next/previous patch if the next/previous patch was a
  1344. newly added binary file. The exception occurred if the user was not
  1345. signed in or if the user was signed in and had `Syntax Coloring` in the
  1346. preferences enabled.
  1347. * link:[issue 816]:
  1348. Fix wrong file indention in Side-by-Sie diff viewer on right side
  1349. * Only set reviewed attribute on open changes
  1350. +
  1351. If a change is merged or abandoned, do not consider the reviewed
  1352. property for the calling user, so that the change is not highlighted
  1353. as unreviewed on the user's dashboard.
  1354. * Change PatchTable pointer when loading patch
  1355. +
  1356. This patch fixes an issue with the "file list" table displayed by
  1357. clicking on the "Files" sub-menu when viewing a diff.
  1358. +
  1359. Originally when navigating between patch screens the highlighted row
  1360. (pointer) of the file list table would not change when not directly
  1361. interacting with the table e.g. by clicking on the previous or next
  1362. file link.
  1363. +
  1364. This patch updates the file list table whenever a new patch screen is loaded
  1365. so that the pointer corresponds to the current patch being displayed.
  1366. * Don't hyperlink non-internal groups
  1367. +
  1368. When an external group (such as LDAP) is used in a permission rule,
  1369. don't attempt to link to the group in the internal account system UI.
  1370. The group won't load successfully. Instead just display the name and
  1371. put the UUID into a tooltip to show the full DN.
  1372. * Fix: Popup jumps back to original position when resizing screen
  1373. +
  1374. On 'Watched Projects' screen, the 'Browse' button displays a popup
  1375. window. If the user moves it and then resizes the screen, it won't snap
  1376. back to the original position.
  1377. * link:[issue 1457]:
  1378. Prevent groups from being renamed to empty string
  1379. * Fixed AccountGroupInfoScreen search callback
  1380. +
  1381. If the search returned no results, the search button would not be
  1382. enabled and the status panel was not shown. Fixed the panel and button
  1383. to always be enabled.
  1384. * Fix NullPointerException on `/p/`
  1385. +
  1386. Requesting just `/p/` caused a NullPointerException as the redirection
  1387. logic had no project name to form a URL from. Detect requests for `/p/`
  1388. and redirect to 'Admin' > 'Projects' to show the projects the caller
  1389. has access to.
  1390. Mail
  1391. ~~~~
  1392. * Fix: Rebase did not mail all reviewers
  1393. * Fix email showing in AccountLink instead of names
  1394. +
  1395. Prefer the full name for the display text of the link.
  1396. * Fix signature delimiter for e-mail messages
  1397. +
  1398. Make sure the signature delimiter is "-- " (two dashes and a space).
  1399. * link:[issue 1397]:
  1400. Don't wait for banner message from SMTP server after STARTTLS
  1401. negotiation
  1402. +
  1403. According to RFC 2847 section 5.2, SMTP server won't send the banner
  1404. message again after STARTTLS negotiation. The original code will hang
  1405. until SMTP server kicks it off due to timeout and can't send email with
  1406. STARTTLS enabled, aka. `sendemail.smtpEncryption = tls`.
  1407. * Extract all mail templates during site init
  1408. +
  1409. The example mail templates `RebasedPatchSet.vm`, `Restored.vm` and
  1410. `Reverted.vm` were not extracted during the initialization of a new
  1411. site.
  1412. SSH
  1413. ~~~
  1414. * Fix reject message if bypassing code review is not allowed
  1415. +
  1416. If a user is not allowed to bypass code review, but tries to push a
  1417. commit directly, Gerrit rejected this push with the error message
  1418. "can not update the reference as a fast forward". This message was
  1419. confusing to the user since the push only failed due to missing
  1420. access rights. Go back to the old message that says "prohibited
  1421. by Gerrit".
  1422. * Fix reject message if pushing tag is rejected because tagger is
  1423. somebody else
  1424. +
  1425. Pushing a tag that has somebody else as tagger requires the `Forge
  1426. Committer` access right. If this access right was missing Gerrit
  1427. was rejecting the push with "can not create new references". This error
  1428. message was misleading because the user may have thought that the
  1429. `Create Reference` access right was missing which was actually assigned.
  1430. +
  1431. The same reject message was also returned on push of an annotated tag
  1432. if the `Push Annotated Tag` access right was missing. Also in this case
  1433. the error message was not ideal.
  1434. +
  1435. Go back to the old more generic message which says `prohibited by
  1436. Gerrit`.
  1437. * link:[issue 1437]:
  1438. Send event to stream when draft change is published
  1439. +
  1440. When a change is uploaded as a draft, a `patchset-created` event is
  1441. sent to the event stream, but since drafts are private to the owner,
  1442. the event is not publicly visible. When the draft is later published,
  1443. no publicly visible event was sent. As result of this external tools
  1444. that rely on the event stream to detect new changes didn't receive
  1445. events for any changes that were first uploaded as draft.
  1446. +
  1447. There is now a new event, `draft-published`, which is sent to the
  1448. event stream when a draft change is published. The content of this
  1449. event is the same as `patchset-created`.
  1450. * Fix: Wrong ps/rev in `change-merged` stream-event
  1451. +
  1452. When using cherry-pick as merge strategy, the wrong ref was set in the
  1453. `change-merged` stream-event.
  1454. +
  1455. The issue stems from Gerrit would not acknowledge the resulting new
  1456. pachset (the actual cherry-pick).
  1457. * Fix NullPointerException in `query` SSH command
  1458. +
  1459. Running the `query` SSH command with the options `--comments` and
  1460. `--format=JSON` failed with a NullPointerException if a change had a
  1461. message without author. Change messages have no author if they were
  1462. created by Gerrit. For such messages now the Gerrit Server identity is
  1463. returned as author.
  1464. * Fix the `export-review-notes` command's Guice bindings
  1465. +
  1466. The `export-review-notes` command was broken becasue of the CachePool
  1467. class being bound twice. The startup of the command failed because of
  1468. that.
  1469. * Fix sorting of SSH help text
  1470. +
  1471. Commands were displaying in random order, sort commands before output.
  1472. * `replicate` command: Do not log errors for wrong user input
  1473. +
  1474. If the user provided an invalid combination of command options or an
  1475. non existing project name this was logged in the `error.log` but
  1476. printing the error out to the user is sufficient.
  1477. Authentication
  1478. ~~~~~~~~~~~~~~
  1479. * Fix NPE in LdapRealm caused by non-LDAP users
  1480. +
  1481. Servers that are connected to LDAP but have non-LDAP user accounts
  1482. created by `gerrit create-account` (e.g. batch role accounts for
  1483. build systems) were crashing with a NullPointerException when the
  1484. LdapRealm tried to discover which LDAP groups the non-LDAP user
  1485. was a member of in the directory.
  1486. * Fix domain field of HTTP digest authentication
  1487. +
  1488. Per RFC 2617 the domain field is optional. If it is not present,
  1489. the digest token is valid on any URL on the server. When set it
  1490. must be a path prefix describing the URLs that the password would
  1491. be valid against.
  1492. +
  1493. When a canonical URL is known, supply that as the only domain that
  1494. is valid. When the URL is missing (e.g. because the provider is
  1495. still broken) rely on the context path of the application instead.
  1496. Replication
  1497. ~~~~~~~~~~~
  1498. * Fix inconsistent behaviour when replicating `refs/meta/config`
  1499. +
  1500. In `replication.config`, if `authGroup` is set to be used together with
  1501. `mirror = true`, refs blocked through the `authGroup` are deleted from
  1502. the slave/mirror. The same correctly applies if the `authGroup` is used
  1503. to block `refs/meta/config`.
  1504. +
  1505. However, if `replicatePermission` was set to `false`, Gerrit was
  1506. refusing to clean up `refs/meta/config` on the slave/mirror.
  1507. * Fix bug with member assignment order in PushReplication.
  1508. +
  1509. The groupCache was being used before it was set in the class. Fix the
  1510. ordering of the assignment.
  1511. Approval Categories
  1512. ~~~~~~~~~~~~~~~~~~~
  1513. * Make `NoBlock` and `NoOp` approval category functions work
  1514. +
  1515. The approval category functions `NoBlock` and `NoOp` have not worked
  1516. since the integration of Prolog.
  1517. +
  1518. `MAY` was introduced as a new submit record status to complement `OK`,
  1519. `REJECT`, `NEED`, and `IMPOSSIBLE`. This allows the expression of
  1520. approval categories (labels) that are optional, i.e. could either be
  1521. set or unset without ever influencing whether the change could be
  1522. submitted. Previously there was no way to express this property in
  1523. the submit record.
  1524. +
  1525. This enables the `NoBlock` and `NoOp` approval category functions to
  1526. work as they now emit may() terms from the Prolog rules. Previously
  1527. they returned ok() terms lacking a nested user term, leading to
  1528. exceptions in code that expected a user context if the label was `OK`.
  1529. * Fix category block status without negative score
  1530. +
  1531. Categories without blocking or approval scores will result in the
  1532. blocking/approved image appearing in the category column after changes
  1533. are merged should the score by the reviewer match the minimum or
  1534. maximum value respectively.
  1535. +
  1536. A check to ignore "No Score" values of 0 was added.
  1537. * Don't remove dashes from approval category name
  1538. +
  1539. If an approval category name contained a dash, it was removed by
  1540. Gerrit. On the other side a space in an approval category name is
  1541. converted to a dash. This was confusing for writing Prolog submit
  1542. rules. If, for example, one defined a new category named `X-Y`, then in
  1543. the Prolog code the proper name for that category would have been `XY`
  1544. which was unintuitive.
  1545. * Fix NPE in `PRED__load_commit_labels_1`
  1546. +
  1547. If a change query uses reviewer information and loads the approvals
  1548. map, but there are no approvals for a given patch set available, the
  1549. collection came out null, which cannot be iterated. Make it always be
  1550. an empty list.
  1551. Other
  1552. ~~~~~
  1553. * link:[issue 1554]:
  1554. Fix cloning of new projects from slave servers
  1555. +
  1556. If a new project is created in Gerrit the replication creates the
  1557. repository for this new project directly in the filesystem of the slave
  1558. server. The slave server was not discovering this new repository and as
  1559. result any attempt to clone the corresponding project from the slave
  1560. server failed.
  1561. * link:[issue 1548]:
  1562. Create a ref for the patch set that is created when a change is
  1563. cherry-picked and trigger the replication for it:
  1564. +
  1565. If Cherry Pick is chosen as submit type, on submit a new commit is
  1566. created by the cherry-pick. For this commit a new patch set is created
  1567. which is added to the change. Using any of the download commands to
  1568. fetch this new patch set failed with 'Couldn't find remote ref' because
  1569. no ref for the new patch set was created.
  1570. * link:[issue 1626]:
  1571. Fix NullPointerException on cherry-pick if `changeMerge.test` is enabled
  1572. * link:[issue 1491]:
  1573. Fix nested submodule updates
  1574. * Set link:[transfer
  1575. timeout] for pushes through HTTP
  1576. +
  1577. The transfer timeout was only set when pushing via SSH.
  1578. * link:[
  1579. Limit maximum Git object size] when pushing through HTTP
  1580. +
  1581. The limit for the maximum object size was only set when pushing via SSH.
  1582. * Fix units of `httpd.maxwait`
  1583. +
  1584. The default unit here is minutes, but Jetty wants to get milliseconds
  1585. from the maxWait field. Convert the minutes returned by getTimeUnit to
  1586. be milliseconds, matching what Jetty expects.
  1587. +
  1588. This should resolve a large number of 503 errors for Git over HTTP.
  1589. * link:[issue 1493]:
  1590. Fix wrong "change ... closed" message on direct push
  1591. +
  1592. Pushing a commit directly into the central repository with bypassing
  1593. code review wrongly resulted in a "change ... closed" message if the
  1594. commit was already pushed for review and if a Change-Id was included in
  1595. the commit message. Despite of the error message the push succeeded and
  1596. the corresponding change got closed. Now the message is not printed
  1597. anymore.
  1598. * Fix NPE that can hide guice CreationException on site init
  1599. +
  1600. Note that the `--show-stack-trace` option is needed to print the stack
  1601. trace when a program stops with a Die exception.
  1602. * Do not automatically add author/committer as reviewer to drafts
  1603. * Do not automatically add reviewers from footer lines to drafts
  1604. * Fix NullPointerException in MergeOp
  1605. +
  1606. The body of the commit object may have been discarded earlier to
  1607. save memory, so ensure it exists before asking for the author.
  1608. * link:[issue 1396]:
  1609. Initialize the submodule commit message buffer
  1610. * Fix file name matching in `commit_delta` to perform substring
  1611. matching
  1612. +
  1613. The `commit_delta` predicate was matching the entire file name against
  1614. the given regular expression while other predicates (`commit_edits`,
  1615. `commit_message_matches`) performed substring matching. It was
  1616. inconsistent that for `commit_delta` it was needed to write something
  1617. like:
  1618. +
  1619. ----
  1620. commit_delta('.*\.java')
  1621. ----
  1622. +
  1623. to match all `*.java` files, while for `commit_edits` it was:
  1624. +
  1625. ----
  1626. commit_edits('\.java$', '...')
  1627. ----
  1628. +
  1629. to match the same set of (Java) files.
  1630. * Create index for submodule subscriptions on site upgrade
  1631. * Fix URL to Jetty XML DTDs so they can be properly validated
  1632. * Fix resource leak when `changeMerge.test` is `true`
  1633. * Fix possible synchronization issue in TaskThunk
  1634. * Fix possible NPEs in `ReplaceRequest.cmd` usage in `ReceiveCommits`
  1635. +
  1636. The `cmd` field is populated by `validate(boolean)`. If this method
  1637. fails, results on some `ReplaceRequests` may not be set. Guard the
  1638. attempt to access the field with a null check.
  1639. * Match no labels if current patch set is not available
  1640. +
  1641. If the current patch set cannot be loaded from `ChangeData`, assume no
  1642. label information. This works around an NullPointerException inside of
  1643. `ChangeControl` where the `PatchSet` is otherwise required.
  1644. * Create new patch set references before database records
  1645. +
  1646. Ensure the commit used by a new change or replacement patch set
  1647. always exists in the Git repository by writing the reference first
  1648. as part of the overall `BatchRefUpdate`, then inserting the database
  1649. records if all of the references stored successfully.
  1650. * Fix rebase patch set and revert change to update Git first
  1651. +
  1652. Update the Git reference before writing to the database. This way the
  1653. repository cannot be corrupted if the server goes down between the two
  1654. actions.
  1655. * Make sure we use only one type of NoteMerger for review notes creation
  1656. * Fix generation of owner group in GroupDetail
  1657. +
  1658. Set the GroupDetail.ownerGroup to the AccountGroup.ownerGroupUUID
  1659. instead of the groupUUID.
  1660. * Ensure that ObjectOutputStream in H2CacheImpl is closed
  1661. * Ensure that RevWalk in SubmoduleOp is released