ReleaseNotes/ReleaseNotes-2.0.18.txt

= Release notes for Gerrit 2.0.18

Gerrit 2.0.18 is now available in the usual location:

link:https://www.gerritcodereview.com/download/index.html[https://www.gerritcodereview.com/download/index.html]

== Important Notices

Please ensure you read the following important notices about this release; .18 is a much larger release than usual.

* OpenID Configuration
+
If you use OpenID authentication, the `trusted_external_ids`
table has moved from the database to the local gerrit.config
file.  Please ensure you copy any critical patterns to the
`auth.trustedOpenID` setting in gerrit.config before upgrading
your server.  Failure to set a pattern will allow Gerrit
to trust any OpenID provider.  Refer to `auth.trustedOpenID` in
[http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html Configuration] for more details.

* Caches
+
The groups that a user is a member of is no longer stored in the
`groups` cache; it is now part of the `accounts` cache.  If you
use a cron script to update the `account_groups` database table
based upon an external data source (such as LDAP), you will need
to adjust your script to flush the `accounts` cache.
The `diff` cache is no longer written to disk by default.
To enable the disk store again, administrators must explicitly
set `cache.directory` in the gerrit.config file prior to starting
Gerrit.

* SSH Usernames
+
SSH usernames are no longer automatically assigned to the
local part of the user's email address.  With 2.0.18, usernames
must also be unique within the database.  These changes were
implemented to resolve a minor potential security issue with
the SSH authentication system.  More details can be found in the
[http://android.git.kernel.org/?p=tools/gerrit.git;a=commit;h=080b40f7bbe00ac5fc6f2b10a861b63ce63e8add commit message].

== Schema Change

*WARNING: This version contains a schema change* (since 2.0.17)

Important notes about this schema change:

* The schema change may be difficult to undo once applied.
+
Downgrading could be very difficult once the upgrade has been started.
Going back to 2.0.17 may not be possible.

* Do not run the schema change while the server is running.
+
This upgrade changes the primary keys of several tables, an operation
which shouldn't occur while end-users are able to make modifications to
the database.  I _strongly_ suggest a full shutdown, schema upgrade,
then startup approach for this release.
Apply the database specific schema script:
----
  java -jar gerrit.war --cat sql/upgrade015_016_part1_postgres.sql | psql reviewdb
  java -jar gerrit.war --cat sql/upgrade015_016_part1_mysql.sql    | mysql reviewdb
----

After the upgrade is successful, apply the final script to drop dead tables:
----
  java -jar gerrit.war --cat sql/upgrade015_016_part2.sql | psql reviewdb
  java -jar gerrit.war --cat sql/upgrade015_016_part2.sql | mysql reviewdb
----

== New Bugs
* Memory leaks during warm restarts

2.0.18 includes [http://code.google.com/p/google-guice/ Google Guice], which leaves a finalizer thread dangling when the Gerrit web application is halted by the servlet container.  As this thread does not terminate, the web context stays loaded in memory indefinitely, creating a memory leak.  Cold restarting the container in order to restart Gerrit is highly recommended.


== New Features
* GERRIT-104  Allow end-users to select their own SSH username
+
End users may now select their own SSH username through the web interface.  The username must be unique within a Gerrit server installation.  During upgrades from 2.0.17 duplicate users are resolved by giving the username to the user who most recently logged in under it; other users will need to login through the web interface and select a unique username.  This change was necessary to fix a very minor security bug (see above).

* Display supported commands when subcommand is not prov...
+
Running `ssh -p 29418 gerrit.example.com gerrit` now lists the complete set of subcommands recognized by the gerrit top level command.  This (slightly) improves discoverability of the remote command execution facilities.

* Add a Register link in the menu bar when not signed in
+
The Register link in the top right shows up on OpenID based sites when the user is not yet signed in.  This should help discoverability of signing into a Gerrit server to establish your account identity.

* Combine all initial page data into a single object
* Avoid XSRF initialization requests by using one token ...
+
An initial XSRF token is now sent as part of the initial HTTP request, and used for all subsequent RPCs from that browser.  This reduces the initial page load time by cutting out a few round trips that previously were used to bootstrap that XSRF token.

* Redirect /Gerrit#foo to /#foo on the client side
+
Gerrit now favors "/#mine" rather than "/Gerrit#mine" for URLs.  Older style URLs will be redirected to the newer style automatically, for the foreseeable future.

* Sort permissions in project access tab
* Get branches directly from Git rather than database
* Style tab panel headers like our menu bar header
* Narrow tables that don't have to be 100% width
* Cleanup display of external ids in the user settings
+
A few minor UI nits in the Settings and Admin panels.  The new UI is a bit more consistent with the theme, and formats data in a bit more sane way.  Nothing earth shattering.

* Make disk cache completely optional
+
As noted above in the section about cache changes, the disk cache is now completely optional.

== Bug Fixes
* GERRIT-5    Remove PatchSetInfo from database and get it always fr...
+
A very, very old bug.  We no longer mirror the commit data into the SQL database, but instead pull it directly from Git when needed.  Removing duplicated data simplifies the data store model, something that is important as we shift from an SQL database to a Git backed database.

* GERRIT-220  Fix infinite loop in PatchScriptBuilder
+
Under somewhat rare conditions web request threads locked up in an infinite loop while obtaining the data necessary to show a side-by-side or unified patch view to a browser.  The loop doesn't allocate any memory, or perform any database requests, but it still ties up a database connection and a servlet container request processing thread indefinitely.  We found the bug internally at Google when our Gerrit server load average spiked to 32... and we had no more connections in our database connection pool, which was also sized at a max of 32 handles.

* Fix Reviewed-On lines to only include the server URL o...
+
The Reviewed-On lines in cherry-picked commits were duplicating the server URL.

* Set outgoing email header Content-Transfer-Encoding: 8...
+
Emails are sent in UTF-8, which may have the high bit set.  Thus the transfer encoding must always be set as 8bit, to prevent gateways from potentially discarding the high bits and corrupting the UTF-8 message payload.

* Ensure OpenID related responses aren't cached by proxi...
+
Some OpenID related login responses may have sent HTTP headers which were confusing to proxies, potentially allowing a proxy to cache something it should not have cached.  The headers were clarified to better denote no caching is permitted.

* Move ChangeApproval to be a child of PatchSet
+
The database schema changed, adding `patch_set_id` to the approval object, and renaming the approval table to `patch_set_approvals`.  If you have external code writing to this table, uh, sorry, its broken with this release, you'll have to update that code first.  :-\

== Other Changes

This release is really massive because the internal code moved from some really ugly static data variables to doing almost everything through Guice injection.  Nothing user visible, but code cleanup that needed to occur before we started making additional changes to the system.

* Start 2.0.18 development
* Remove bad import of HostPageServlet
* Upgrade GWT to 1.7.0
* Update gwt-maven-plugin to 1.1 release
* Remove dead gwt-maven repository
* Stop including gwt-dev JARs in project classpath
* Remove ConvertSystemConfig utility
* Update SSHD to 1.0-r798139
* Update JGit to 0.5.0-57-g4c5eb17
* Replace our RepositoryCache with JGit's RepositoryCache
* Make missing project descriptions an empty file
* Remove unused imports.
* Move all service implementations into server side code
* Move RpcConstants out of Common class
* Move the CurrentAccountImpl accessor to Gerrit onModul...
* Move workflow function access to CategoryFunction class
* Move ChangeDetail.load to strictly server side code
* Move the workflow package to be strictly server side
* Add Guice 2.0 to our dependencies
* Switch web.xml to Guice based injection
* Use Guice injection to pass GerritServer to HttpServle...
* Use Guice to inject GerritServer into RPC backends
* Move calls to Common.getSchemaFactory to GerritServer....
* Create the EncyptedContactStore during servlet startup
* Move OpenID implementation setup to Guice
* Remove more Common.getSchemaFactory invocations to dir...
* Pass GerritServer down through SSH command factory
* Pass GerritServer instance down through the push queue
* Use Guice to setup the FileTypeRegistery singleton
* Delete unnecessary GerritCacheControlFilter
* Remove pointless Srv subclasses of GerritJsonServlet
* Refactor FileTypeRegsitery to be an interface
* Let Guice inject the ContactStore implementation
* Remove dependency on gwtexpui, gwtjsonrpc and gwtorm p...
* Use Guice to bring up the SSH daemon and its configura...
* Remove unnecessary GerritServer field in Receive comma...
* Move PushQueue and ReplicationQueue to singletons mana...
* Get rid of the GerritServer static singleton
* Provide SchemFactory ReviewDb by Guice and not Gerrit...
* Get the SystemConfig from Guice rather than GerritServ...
* Merge change 10823
* Inject the site path configuration setting directly
* Use FileBasedConfig Config rather than RepositoryConfig
* Correct copyright dates in SitePath support to be 2009
* Load gerrit.config through Guice injection
* Refactor outgoing email to be constructed by Guice
* Move contact store configuration off GerritServer
* Configure Eclipse projects to cleanup trailing whitesp...
* Move PatchSetPublishDetail.load() to server side and i...
* Hide GerritServer.getGerritConfig and use Guice outsid...
* Use Guice to create the per-request GerritCall object
* RegisterNewEmailSender is managed by Guice through Ass...
* AddReviewerSender class is managed by Guice through As...
* Merge change 10856
* Merge change 10858
* FilebasedConfig requires File pointing at config file ...
* CreateChangeSender class is managed by Guice through A...
* AbandonedSender is managed by Guice now.
* Move RegisterNewEmailSender to servlet module
* Move authentication bits out of GerritServer
* Update Ehcache to 1.6.1
* Move Ehcache construction out of GerritServer to Guice
* CommentSender is managed by Guice now.
* MergedSender class is managed by Guice now.
* MergeFailSender is managed by Guice now.
* Make ReplacePatchSetSender managed by Guice.
* Refactor MergeOp to use assisted injection
* Inject the canonicalweburl rather than using GerritSer...
* Use JGit's cached hostname when URL can't give us the ...
* Remove use of PatchSetInfoAccess interface in PatchDet...
* Merge change 10839
* Use member injection for OutgoingEmail related depende...
* Fix CanonicalWebUrl when it is null
* Inject the Provider GerritCall rather than looking it...
* Use assisted injection to create the PushOp instances
* Use PatchSetInfoFactory in OutgoingEmail class.
* Simplify the setup of assisted injection factories
* Inject the WorkQueue via Guice
* Fix ProvisionException catch blocks in GerritServletCo...
* Move system configuration related code to the server.c...
* Move servlets related to UI RPCs into the server.rpc p...
* Reduce CreateSchema dependencies to avoid cache
* Start injectors in production mode
* Isolate SSHD module from web module
* Use ServletContext injection to load files from context
* Refactor SSH commands into their own package
* Support Guice request and session scopes in SSHD
* Cleanup CommandFactory to be session aware
* Refactor CurrentUser to always be request scoped
* Cleanup names of SSH daemon related classes
* Refactor command handling to support subcommands in Gu...
* Refactor command thread creation logic into BaseCommand
* Move command line parsing to BaseCommand
* Avoid duplicate singletons
* Don't inject fields in providers
* Run Gerrit servlet container in PRODUCTION mode
* Make database error reporting more predictable from th...
* Fix duplicate definition of ReviewDb injection
* Cleanup unused imports in client code
* Remove unnecessary references to HttpServletRequest
* Get HttpServletRequest via injection rather than JsonS...
* Get the remote peer address via the @RemotePeer annota...
* Move HTTP related classes to an HTTP specific package
* Drop ServletName in favor a unique annotation object
* Move all URL lookup to the CanonicalUrlProvider
* Only load the OpenID servlets if we are using OpenID a...
* Make the magic "Become" mode for development a normal ...
* Present new users with a registion welcome screen
* Fix SSH daemon in web mode to actually have commands
* Explicitly bind RemoteJsonService implementations to t...
* Use Anchor for become rather than location assignment
* Move the become any account form to a real HTML file
* Document the DEVELOPMENT_BECOME_ANY_ACCOUNT auth.type ...
* Fix upgrade014_015_part1_mysql syntax errors
* Merge change 10972
* Inject most server references to GerritConfig
* Cleanup CacheManagerProvider's construction of the con...
* Make DiffCacheEntryFactory package private
* Cache account ids by email address key in Ehcache
* Rename ReviewDbProvider to ReviewDbDatabaseProvider
* Perform per-request cleanup actions at the end of a re...
* Refactor ChangeDetailService to use injected database ...
* Move ChangeDetailService code to its own package
* Refactor ChangeManageService to use the new Handler st...
* Refactor SSH commands to use request scoped database h...
* Fix docs in BaseCommand
* Mark all of BaseServiceImplementation deprecated
* Refactor SSH command permission checks to use CurrentU...
* Move ProjectCache to server side and rewrite entire pe...
* Make existing BaseServiceImplementation use per-reques...
* Use Project.NameKey in admin panels rather than Projec...
* Change project to use Project.NameKey as the primary k...
* Fix sshdAddress in GerritConfig object sent to clients
* Rename ProjectCache.invalidate to evict
* Rename ChangeDetailModule to ChangeModule
* Move account related RPCs to the account package
* Move patch RPC stuff to the rpc.patch package
* Remove unnecessary injected dependencies from CatServl...
* Document why we abuse the GerritCall in HostPageServlet
* Create a dummy account if the user account no longer e...
* Construct the AgreementInfo only from server code
* Merge change 11021
* Convert GroupCache to be injected by Guice and stored ...
* Remove Common.getAccountId and use Guice injection only
* Remove Common.getSchemaFactory
* Remove Common.getAccountCache
* Consolidate account lookups to the AccountResolver
* Rename GerritServerModule to GerritGlobalModule
* Rename SshDaemonModule to SshModule
* Update documentation on the named caches
* Move trusted_external_ids to auth.trustedOpenID
* Paper bag fix OutgoingEmail initialization
* Paper bag fix submit action
* Fix server error 'Array index out of range' on some pa...
* Merge branch 'maint'
* Move ChangeApproval to be a child of PatchSet
* Make #register alone go to the registration form
* Enable register new email after saving contact informa...
* Bind ApprovalTypes without using GerritConfig
* Remove Common class entirely
* Catch missing BouncyCastle PGP during contact store cr...
* Correct Owner project_rights min_values during upgrade
* Unset use_contributor_agreements if agreements are dis...
* Sort permissions in project access tab
* Get branches directly from Git rather than database
* Style tab panel headers like our menu bar header
* Narrow tables that don't have to be 100% width
* Cleanup display of external ids in the user settings
* Preserve negative approvals when replacing patch sets
* Use gwtjsonrpc 1.1.1
* gerrit 2.0.18