Add 2.11 file and update release notes for all other versions
Change-Id: I5d60fe3102b5db99c7916165ec3edf26cabe1efe
diff --git a/pages/site/releases/2.11.md b/pages/site/releases/2.11.md
new file mode 100644
index 0000000..23496e0
--- /dev/null
+++ b/pages/site/releases/2.11.md
@@ -0,0 +1,61 @@
+---
+title: "Gerrit 2.11 Release"
+permalink: 2.11.html
+hide_sidebar: true
+hide_navtoggle: true
+toc: true
+---
+Download: **[2.11.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.11.war)**
+| [2.11.10](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.10.war)
+| [2.11.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.9.war)
+| [2.11.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.8.war)
+| [2.11.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.7.war)
+| [2.11.6](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.6.war)
+| [2.11.5](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.5.war)
+| [2.11.4](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.4.war)
+| [2.11.3](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.3.war)
+| [2.11.2](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.2.war)
+| [2.11.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.1.war)
+| [2.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.11.war)
+
+Documentation: **[2.11.11](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.11/index.html)**
+| [2.11.10](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.10/index.html)
+| [2.11.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.9/index.html)
+| [2.11.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.8/index.html)
+| [2.11.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.7/index.html)
+| [2.11.6](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.6/index.html)
+| [2.11.5](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.5/index.html)
+| [2.11.4](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.4/index.html)
+| [2.11.3](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.3/index.html)
+| [2.11.2](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.2/index.html)
+| [2.11.1](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11.1/index.html)
+| [2.11](https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/index.html)
+
+
+## Release Highlights
+* [Issue 505](https://bugs.chromium.org/p/gerrit/issues/detail?id=505):
+Changes can be created and edited directly in the browser.
+* Many improvements in the new change screen.
+* The old change screen is removed.
+* For full details please refer to the [release notes on the old site](http://gerrit-documentation.storage.googleapis.com/ReleaseNotes/ReleaseNotes-2.11.html).
+
+## Bugfix Releases
+
+### 2.11.11
+Upgrade jsch from 0.1.51 to 0.1.54 to get security fixes:
+* [CVE-2015-4000](https://nvd.nist.gov/vuln/detail/CVE-2015-4000): Weak Diffie-Hellman
+vulnerability, AKA "Logjam".
+ The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS
+ connections to 512-bit export-grade cryptography. This allows the attacker to read
+ and modify any data passed over the connection.
+ On February 22, 2018, Github [removed support for weak cryptographic standards](https://githubengineering.com/crypto-removal-notice/).
+ As a result of this, replication to Github over SSH no longer works with
+ diffie-hellman-group1-sha1 or diffie-hellman-group14-sha1 SSH keys.
+* [CVE-2016-5725](https://nvd.nist.gov/vuln/detail/CVE-2016-5725): Directory traversal
+vulnerability.
+ Versions of jsch prior to 0.1.54 have a directory traversal vulnerability
+ on Windows. When the mode is `ChannelSftp.OVERWRITE`, it allows remote SFTP
+ servers to write to arbitrary files via a `..\` (dot dot backslash) in a
+ response to a recursive `GET` command.
+For other fixes in jsch since 0.1.51, please refer to the
+[jsch change log](http://www.jcraft.com/jsch/ChangeLog).
diff --git a/pages/site/releases/2.12.md b/pages/site/releases/2.12.md
index b73f742..78d151c 100644
--- a/pages/site/releases/2.12.md
+++ b/pages/site/releases/2.12.md
@@ -5,8 +5,8 @@
hide_navtoggle: true
toc: true
---
-
-Download: **[2.12.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.7.war)**
+Download: **[2.12.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.8.war)**
+| [2.12.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.7.war)
| [2.12.6](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.6.war)
| [2.12.5](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.5.war)
| [2.12.4](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.4.war)
@@ -15,7 +15,8 @@
| [2.12.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.1.war)
| [2.12](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.war)
-Documentation: **[2.12.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.7/index.html)**
+Documentation: **[2.12.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.8/index.html)**
+| [2.12.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.7/index.html)
| [2.12.6](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.6/index.html)
| [2.12.5](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.5/index.html)
| [2.12.4](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.4/index.html)
@@ -25,16 +26,12 @@
| [2.12](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/index.html)
## Release Highlights
-
* New change submission workflows: 'Submit Whole Topic' and 'Submitted Together'.
-
* Support for GPG Keys and signed pushes.
-
## Important Notes
### Schema Changes
-
This release contains schema changes. To upgrade:
``` sh
@@ -54,7 +51,6 @@
according to the comments in the issue.
#### Manual schema upgrade when updating from 2.12 to 2.12.x
-
When upgrading a site that is already running version 2.12 to 2.12.x, the
`patch_sets` table must be manually migrated using the `gerrit gsql` SSH
command or the `gqsl` site program.
@@ -93,19 +89,16 @@
to 2.12.x.
### Bouncy Castle Upgrade
-
When upgrading from version 2.8.4 or older with a site that uses
Bouncy Castle Crypto, new versions of the libraries will be downloaded. The old
libraries should be manually removed from site's `lib` folder to prevent the
startup failure described in [issue 3084](https://code.google.com/p/gerrit/issues/detail?id=3084).
### Solr Index Support
-
The Solr secondary index is no longer supported. With this release
the only supported secondary index is Lucene.
### `ref-updated` Event Format Change
-
The format of the `ref-updated` event has changed. Users of the
[Jenkins Gerrit Trigger plugin](https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger)
with jobs triggering on `ref-updated` should upgrade to at least
@@ -114,765 +107,525 @@
to change the branch configuration to type `Path` with a pattern like
`refs/*/master` instead of `Plain` and `master`.
-
## New Features
### New Change Submission Workflows
-
* New 'Submit Whole Topic' setting.
-
When the
[`change.submitWholeTopic`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#change.submitWholeTopic)
setting is enabled, all changes belonging to the same
topic will be submitted at the same time.
-
This setting should be considered experimental, and is disabled by default.
-
* Submission of changes may include ancestors.
-
If a change is submitted that has submittable ancestor changes, those changes
will also be submitted.
-
* The merge queue is removed.
-
Changes that cannot be submitted due to missing dependencies will no longer
enter the 'Submitted, Merge Pending' state.
-
### GPG Keys and Signed Pushes
-
Signed push can be enabled by setting
[`receive.enableSignedPush`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.enableSignedPush)
to true. When a client pushes with `git push --signed`, Gerrit ensures that the push
certificate is valid and signed with a valid public key stored in the
`refs/meta/gpg-keys` branch of the `All-Users` repository.
-
When signed push is enabled, and
[`gerrit.editGpgKeys`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#gerrit.editGpgKeys)
is set to true, users may upload their public GPG
key via the REST API or UI. If this setting is not enabled, GPG keys may only be added by administrators
with direct access to the `All-Users` repository.
-
Administrators may also configure
[`receive.certNonceSeed`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.certNonceSeed)
and
[`receive.certNonceSlop`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.certNonceSlop).
### Secondary Index
-
* [Issue 3333](http://code.google.com/p/gerrit/issues/detail?id=3333):
Support searching for changes by author and committer.
-
Changes are indexed by the git author and committer of the latest patch set,
and can be searched with the `author:` and `committer:` operators.
-
Changes are matched on either the exact whole email address, or on parts of the
name or email address.
-
* Add `from:` search operator to match by owner of change or author of comments.
-
* Add `commentby:` search operator to search by author of comments.
-
* Change the `topic:` search operator to search by the exact topic name.
-
* Add `intopic:` search operator to search by topics containing the search term.
-
* [Issue 3291](http://code.google.com/p/gerrit/issues/detail?id=3291):
Add `has:edit` search operator to match changes that have edit revisions on them.
-
* Allow configuration of maximum query size.
-
[`index.maxTerms`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#index.maxTerms)
can be set to limit the number of leaf index terms.
-
* Expose Lucene index writers for plugins.
-
Plugins can now reconfigure various Lucene performance related parameters
at runtime.
-
* Make Lucene index writers auto-commit writers.
-
Plugins can now temporarily turn on auto-committing in situations where it makes
sense to enforce all changes to be written to disk ASAP.
### UI
#### General
-
* Edit and diff preferences can be modified from the user preferences screen.
-
Previously it was only possible to edit these preferences from the actual
diff and edit screens.
-
* Add 'Edits' to the 'My' dashboard menu to list changes on which the user
has an unpublished edit revision.
-
* Support for URL aliases.
-
Administrators may define
[URL aliases](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#urlAlias)
to map plugin screens into the Gerrit URL namespace.
-
Plugins may use user-specific URL aliases to replace certain screens for certain
users.
-
#### Project Screen
-
* New tab to list the project's tags, similar to the branch list.
-
#### Inline Editor
-
* Store and load edit preferences in git.
-
Edit preferences are stored and loaded to/from the `All-Users` repository.
-
* Add 'auto close brackets' feature.
-
* Add 'match brackets' feature.
-
* Make the cursor blink rate customizable.
-
* Add support for Emacs and Vim key maps.
-
#### Change Screen
-
* [Issue 3318](http://code.google.com/p/gerrit/issues/detail?id=3318):
Highlight 'Reply' button if there are draft comments on any patch set.
-
If any patch set of the change has a draft comment by the current user,
the 'Reply' button is highlighted.
The icons depicting draft comments are removed from the revisions drop-down
list.
-
* [Issue 1100](http://code.google.com/p/gerrit/issues/detail?id=1100):
Publish all draft comments when replying to a change.
-
All draft comments, including those on older patch sets, are published when
replying to a change.
-
* Show file size increase/decrease for binary files.
-
* Show uploader if different from change owner.
-
* Show push certificate status.
-
* Show change subject as tooltip on related changes list.
-
This helps to identify changes when the subject is truncated in the list.
-
#### Side-By-Side Diff
-
* [Issue 3293](http://code.google.com/p/gerrit/issues/detail?id=3293):
Add syntax highlighting for Puppet.
-
* [Issue 3447](http://code.google.com/p/gerrit/issues/detail?id=3447):
Add syntax highlighting for VHDL.
-
#### Group Screen
-
* [Issue 1479](http://code.google.com/p/gerrit/issues/detail?id=1479): Group audit log.
-
The group screen now includes an 'Audit Log' panel showing member additions,
removals, and the user who made the change.
### API
-
Several new APIs are added.
#### Accounts
-
* Suggest accounts.
#### Tags
-
* List tags.
-
* Get tag.
-
### REST API
-
New REST API endpoints and new options on existing endpoints.
-
#### Accounts
-
* [Set Username](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#set-username):
Set the username of an account.
-
* [Get Account Details](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#get-detail):
Get the details of an account.
-
In addition to the [AccountInfo](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#account-info)
fields returned by the existing
[Get Account endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#get-account),
the new REST endpoint returns the registration date of the account and the
timestamp of when contact information was filed for this account.
-
#### Changes
-
* [Set Review](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#set-review):
Add an option to omit duplicate comments.
-
* [Download Content](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#get-safe-content):
Download the content of a file from a certain revision, in a
safe format that poses no risk for inadvertent execution of untrusted code.
-
* [Get Submitted Together](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#submitted-together):
Get the list of all changes that will be submitted at
the same time as the change.
-
* [Issue 1100](http://code.google.com/p/gerrit/issues/detail?id=1100):
[Set Review](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#set-review):
Add an option to publish draft comments on all revisions.
#### Config
-
* [Get Server Info](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-config.html#get-info):
Return information about the Gerrit server configuration.
-
* [Confirm Email](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-config.html#confirm-email):
Confirm that the user owns an email address.
-
#### Groups
-
* [List Groups](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-groups.html#list-group):
Add option to suggest groups, allowing group auto-completion to be used in a plugin's UI.
-
* [Get Audit Log](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-groups.html#get-audit-log):
Get the audit log of a Gerrit internal group, showing member
additions, removals, and the user who made the change.
-
#### Projects
-
* [Run GC](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-projects.html#run-gc):
Add `aggressive` option to specify whether or not to run an aggressive
garbage collection.
-
* [List Tags](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-projects.html#list-tags):
Support filtering by substring and regex, and pagination with `--start` and `--end`.
### SSH
-
* Add support for ZLib Compression.
-
To enable compression use the
[`sshd.enableCompression` setting](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#sshd.enableCompression).
-
* Add support for hmac-sha2-256 and hmac-sha2-512 as MACs.
### Plugins
#### General
-
* Gerrit client can now pass JavaScriptObjects to extension panels.
-
* New UI extension point for header bar in change screen.
-
* New UI extension point to password screen.
-
* New UI extension points to project info screen.
-
* New UI extension point for pop down buttons on change screen.
-
* New UI extension point for buttons in header bar on change screen.
-
* New UI extension point at bottom of the user preferences screen.
-
* New UI extension point for the 'Included In' drop-down panel.
-
By implementing the
[Included In interface](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/dev-plugins.html#included-in),
plugins may add entries to the 'Included In' dropdown menu on the change screen.
-
* Plugins can extend Gerrit screens with GWT controls.
-
* Plugins can add custom settings screens.
-
* Referencing groups in `project.config`.
-
Plugins can refer to groups so that when they are renamed, the project
config will also be updated in this section.
-
* API
* Allow to use `CurrentSchemaVersion`.
* Allow to use `InternalChangeQuery.query()`.
* Allow to use `JdbcUtil.port()`.
* Allow to use GWTORM `Key` classes.
-
### Other
-
* [Issue 3401](http://code.google.com/p/gerrit/issues/detail?id=3401):
Add option to
[disable registration of new email addresses](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#sendemail.allowRegisterNewEmail).
-
* [Issue 2061](http://code.google.com/p/gerrit/issues/detail?id=2061):
Add Support for `git-upload-archive`.
-
This allows use the standard `git archive` command to create an archive
of the content of a repository.
-
* Add a background job to automatically abandon inactive changes.
-
The
[changeCleanup](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#changeCleanup)
configuration can be set to periodically check for inactive changes and automatically abandon them.
-
* Add support for the
[DB2 database](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/database-setup.html#createdb_db2).
-
* [Issue 3441](http://code.google.com/p/gerrit/issues/detail?id=3441):
Add support for the
[Apache Derby database](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/database-setup.html#createdb_derby).
-
* Download commands plugin: Use commit IDs for download commands when change refs are hidden.
-
Git has a configuration option to hide refs from the initial advertisement
(`uploadpack.hideRefs`). This option can be used to hide the change refs from
the client. As consequence this prevented fetching changes by change ref from
working.
-
Setting `download.checkForHiddenChangeRefs` in the `gerrit.config` to true
allows the download commands plugin to check for hidden change refs.
-
* Add a new 'Maintain Server' global capability.
-
Members of a group with the 'Maintain Server' capability may view caches, tasks,
and queues, and invoke the index REST API on changes.
## Bugfixes
-
+* Upgrade jsch to 0.1.53 to fix [CVE-2015-4000](https://nvd.nist.gov/vuln/detail/CVE-2015-4000):
+Weak Diffie-Hellman vulnerability, AKA "Logjam".
+ The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS
+ connections to 512-bit export-grade cryptography. This allows the attacker to read
+ and modify any data passed over the connection.
+ On February 22, 2018, Github [removed support for weak cryptographic standards](https://githubengineering.com/crypto-removal-notice/).
+ As a result of this, replication to Github over SSH no longer works with
+ diffie-hellman-group1-sha1 or diffie-hellman-group14-sha1 SSH keys.
* [Issue 3499](http://code.google.com/p/gerrit/issues/detail?id=3499):
Fix syntax highlighting of raw string literals in go.
-
* [Issue 3643](http://code.google.com/p/gerrit/issues/detail?id=3643):
Fix syntax highlighting of ES6 string templating using backticks.
-
* [Issue 3653](http://code.google.com/p/gerrit/issues/detail?id=3653):
Correct timezone in sshd log after DST change.
-
When encountering a DST switch, the timezone wasn't updated until
the server was reloaded.
-
* [Issue 3306](http://code.google.com/p/gerrit/issues/detail?id=3306):
Allow admins to read, push and create on `refs/users/default`.
-
* [Issue 3212](http://code.google.com/p/gerrit/issues/detail?id=3212):
Fix failure to run `init` when `--site-path` option is not explicitly given.
-
* Make email validation case insensitive.
-
While [RFC 5321 section 2.3.11](https://tools.ietf.org/html/rfc5321#section-2.3.11)
allows for the local-part (the part left of the '@') of an email address to be case
sensitive, the domain portion is case insensitive according to
[RFC 1035 section 3.1](https://tools.ietf.org/html/rfc1035#section-3.1),
and in practice, even the local-part is typically case insensitive also.
-
* `commit-msg` hook: Don't add `Change-Id` line on temporary commits.
-
Commits created with `git commit --fixup` or `git commit --squash` are not
intended to be pushed to Gerrit, and don't need a `Change-Id` line.
-
This also prevents changes from being accidentally uploaded, at least for
projects that have the 'Require Change-Id' configuration enabled.
-
* [Issue 3444](http://code.google.com/p/gerrit/issues/detail?id=3444):
download-commands plugin: Fix clone with commit-msg hook when project name
contains '/'.
-
* Use full ref name in `refName` attribute of `ref-updated` events.
-
The [refUpdate attribute](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/json.html#refUpdate)
in `ref-updated` events did not include the full name
of the ref in the `refName` attribute, i.e. `master` was used instead of
`refs/heads/master`.
-
Support for the new format is added in
[version 2.15.1 of the Jenkins Gerrit Trigger plugin](https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger#GerritTrigger-Version2.15.1%28releasedSept142015%29).
-
Users who are unable to upgrade the plugin may instead change the
trigger's branch configuration to type `Path` with a pattern like
`refs/*/master` instead of `Plain` and `master`.
-
* [Issue 3714](https://code.google.com/p/gerrit/issues/detail?id=3714):
Improve visibility of comments on dark themes.
-
* Fix highlighting of search results and trailing whitespaces in intraline
diff chunks.
-
* Fix server error when listing annotated/signed tag that has no tagger info.
-
* Don't create new account when claimed OAuth identity is unknown.
-
The Claimed Identity feature was enabled to support old Google OpenID accounts,
that cannot be activated anymore. In some corner cases, when for example the URL
is not from the production Gerrit site, for example on a staging instance, the
OpenID identity may deviate from the original one. In case of mismatch, the lookup
of the user for the claimed identity would fail, causing a new account to be
created.
-
* Suggest to upgrade installed plugins per default during site initialization
to new Gerrit version.
-
The default was 'No' which resulted in some sites not upgrading core
plugins and running the wrong versions.
-
* [Issue 3698](https://code.google.com/p/gerrit/issues/detail?id=3698):
Fix creation of the administrator user on databases with pre-allocated
auto-increment column values.
-
When using a database configuration where auto-increment column values are
pre-allocated, it was possible that the 'Administrators' group was created
with an ID other than `1`. In this case, the created admin user was not added
to the correct group, and did not have the correct admin permissions.
-
* [Issue 3018](https://code.google.com/p/gerrit/issues/detail?id=3018):
Fix query for changes using a label with a group operator.
-
The `group` operator was being ignored when searching for changes with labels
because the search index does not contain group information.
-
* Fix online reindexing of changes that don't already exist in the index.
-
Changes are now always reloaded from the database during online reindex.
-
* Fix reading of plugin documentation.
-
Under some circumstances it was possible to fail with an IO error.
## Documentation Updates
-
* [Issue 412](https://code.google.com/p/gerrit/issues/detail?id=412):
Update documentation of `commentlink.match` regular expression to clarify
that the expression is applied to the rendered HTML.
-
* Remove warning about unstable change edit REST API endpoints.
-
These endpoints should be considered stable since version 2.11.
-
* Document that `ldap.groupBase` and `ldap.accountBase` are repeatable.
## Dependency Updates
-
* Upgrade Asciidoctor to 1.5.2
-
* Upgrade AutoValue to 1.1
-
* Upgrade Bouncy Castle to 1.52
-
* Upgrade CodeMirror to 5.7
-
* Upgrade gson to 2.3.1
-
* Upgrade guava to 19.0-RC2
-
* Upgrade gwtorm to 1.14-20-gec13fdc
-
* Upgrade H2 to 1.3.176
-
* Upgrade httpcomponents to 4.4.1
-
* Upgrade Jetty to 9.2.13.v20150730
-
* Upgrade JGit to 4.1.1.201511131810-r
-
* Upgrade joda-time to 2.8
-
* Upgrade JRuby to 1.7.18
-
-* Upgrade jsch to 0.1.53
-
+* Upgrade jsch to 0.1.53 (upgraded to 0.1.54 in 2.12.8)
* Upgrade JUnit to 4.11
-
* Upgrade Lucene to 5.3.0
-
* Upgrade Prolog Cafe 1.4.1
-
* Upgrade servlet API to 8.0.24
-
* Upgrade Truth to version 0.27
## Bugfix Releases
### 2.12.8
-
+* Upgrade jsch to 0.1.54 to fix [CVE-2016-5725](https://nvd.nist.gov/vuln/detail/CVE-2016-5725):
+Directory traversal vulnerability.
+ Versions of jsch prior to 0.1.54 have a directory traversal vulnerability
+ on Windows. When the mode is `ChannelSftp.OVERWRITE`, it allows remote SFTP
+ servers to write to arbitrary files via a `..\` (dot dot backslash) in a
+ response to a recursive `GET` command.
+ For other fixes in jsch since 0.1.53, please refer to the
+ [jsch change log](http://www.jcraft.com/jsch/ChangeLog).
* [Issue 5759](https://bugs.chromium.org/p/gerrit/issues/detail?id=5759):
- Fix `intopic:` search with regular expression.
-
+Fix `intopic:` search with regular expression.
* Fix database connection pool verification.
-
A broken connection could be returned from the connection pool and this
caused an internal server error when trying, for example, to read a change
from the database.
-
* Do not check visibility of parent when creating project.
-
A project can be visible to a user but not necessarily its parent. To
be consistent, a user with create-project permission should be able to
create a project with a parent that exists even if the parent is not
visible to the user.
-
* Fix merging a merge commit that refers to commits not submitted as changes.
-
* Update `commit-msg` hook to Add `Change-Id` line after `Depends-On:` footer.
### 2.12.7
-
* [Issue 4930](https://bugs.chromium.org/p/gerrit/issues/detail?id=4930)
Allow submit of merge commit of a branch that is not a change.
-
A regression introduced in 2.12.6 prevented a merge commit from being
submitted if it merges a branch that is not associated to a change.
-
* Avoid unnecessary group visibility checks in list-groups REST endpoint.
-
The list-groups REST API call checked group visibility even for those
groups which were filtered out. In a system with 10-20K of groups, this
could cause 30-60 seconds delay when checking if the current user can see
a group.
-
* Download Commands plugin: Fix HTTP clone command inconsistency.
-
When cloning a project using HTTP schema, the `/a` in the URL was added
only when choosing to clone without the commit hook. Now the URL is the
same in both cases.
### 2.12.6
-
* [Issue 4158](https://bugs.chromium.org/p/gerrit/issues/detail?id=4158):
Notice merged commits even if they appear on a different branch.
-
If a change was pushed to a topic branch, and then pushed to another
branch for review, merging it did not result in it appearing in the
repository.
-
* [Issue 4887](https://bugs.chromium.org/p/gerrit/issues/detail?id=4887):
Fix submission of multiple changes by cherry-pick.
-
When submitting multiple changes by cherry-pick, update the merge tip
for each change such that each subsequent change is cherry-picked onto
the updated tip of the target branch.
-
* [Issue 4647](https://bugs.chromium.org/p/gerrit/issues/detail?id=4647):
Fix copying text in Internet Explorer.
-
* Prevent double closing of repository when merging changes.
### 2.12.5
-
* New preference to enable line wrapping in diff screen and inline editor.
-
* Fix the diff and edit preference dialogs for smaller screens.
-
On smaller screens the options at the bottom of the dialogs would
get cut off, making it difficult to change them.
-
* [Issue 4521](https://bugs.chromium.org/p/gerrit/issues/detail?id=4521):
Fix internal server error during validation of email addresses.
-
When creating a new account or adding a new email address to an existing
account, the email validation crashed.
-
* Lucene stability improvements.
-
Each Lucene index is now written using a dedicated background thread. Lucene
threads may not be cancelled, to prevent interruptions while writing.
-
* Don't try to change username that is already set.
-
Since Gerrit version 2.1.4 it is not allowed to change the username once
it has been set, and attempting to do so results in an exception.
-
If `ldap.accountSshUserName` is set in the `gerrit.config` using
`${userPrincipalName.localPart}` to initialize the username from the user's
email address, and then the email address is changed, the username gets
resolved to something different and the account manager tried to change it.
As a result, an exception was raised and the user could no longer log in.
-
Instead of trying to change the username, a warning is logged.
-
* [Issue 4006](https://bugs.chromium.org/p/gerrit/issues/detail?id=4006):
Prevent search limit parameter from exceeding maximum integer value.
-
* Fix internal server error when generating task names.
-
* Print proper names for query tasks in the output of the `show-queue` command.
-
* Double-check change status when auto-abandoning changes.
-
It was possible that changes could be updated in the time between the query
results being returned and the change being abandoned.
### 2.12.4
-
* [Issue 4400](https://bugs.chromium.org/p/gerrit/issues/detail?id=4400):
Fix `AlreadyClosedException` in Lucene index.
-
If a Lucene indexing thread was interrupted by an SSH connection being
closed, this would also close file handles being used to read the index.
-
Lucene queries are now executed on background threads to isolate them
from SSH threads.
-
This may also reduce latency for user dashboards on a multi-core system as
each query for the different sections can now run on separate threads and
return results when ready.
-
* [Issue 4249](https://bugs.chromium.org/p/gerrit/issues/detail?id=4249):
Fix 'Duplicate stages not allowed' error during indexing.
-
* [Issue 4238](https://bugs.chromium.org/p/gerrit/issues/detail?id=4238):
Fix 'not found' error when browsing tree in gitweb.
-
The `refs/heads/` prefix was incorrectly being added to `HEAD`, causing a
'404 Not Found' error.
-
* Allow to read repositories that do not end with `.git`.
-
* [Issue 4262](https://bugs.chromium.org/p/gerrit/issues/detail?id=4262):
Fix GPG push certificate for first patch set of new changes.
-
The GPG certificate was not being set for the first patch set of new
changes.
-
* [Issue 4296](https://bugs.chromium.org/p/gerrit/issues/detail?id=4296):
Fix internal error when a query does not contain any token.
-
* [Issue 4241](https://bugs.chromium.org/p/gerrit/issues/detail?id=4241):
Fix 'Cannot format velocity template' error when sending notification emails.
-
* Fix `sshd.idleTimeout` setting being ignored.
-
The `sshd.idleTimeout` setting was not being correctly set on the SSHD
backend, causing idle sessions to not time out.
-
* [Issue 4324](https://bugs.chromium.org/p/gerrit/issues/detail?id=4324):
Set the correct uploader on new patch sets created via the inline editor.
-
* Log a warning instead of failing when invalid commentlinks are configured.
-
* [Issue 4136](https://bugs.chromium.org/p/gerrit/issues/detail?id=4136):
Fix support for `HEAD` requests in the REST API.
-
Sending a `HEAD` request failed with '404 Not Found'.
-
* Return proper error response when trying to confirm an email that is already
used by another user.
-
* [Issue 4318](https://bugs.chromium.org/p/gerrit/issues/detail?id=4318)
Fix 'Rebase if Necessary' merge strategy to prevent introducing a duplicate
commit when submitting a merge commit.
-
* [Issue 4332](https://bugs.chromium.org/p/gerrit/issues/detail?id=4332):
Allow `local` as a valid TLD for outgoing emails.
-
* Bypass hostname verification when `sendemail.sslVerify` is disabled.
-
* [Issue 4398](https://bugs.chromium.org/p/gerrit/issues/detail?id=4398):
Replication: Consider ref visibility when scheduling replication.
-
It was possible for refs to be replicated to remotes despite not being
visible to groups mentioned in the `authGroup` setting.
-
* [Issue 4036](https://bugs.chromium.org/p/gerrit/issues/detail?id=4036):
Fix hanging query when using `is:watched` without authentication.
### 2.12.3
-
* Fix SSL security issue in the SMTP email relay.
-
The hostname of the SSL socket was not verified. This made the read
from the socket insecure since without verifying the hostname it may
be [vulnerable to a man-in-the-middle attack](https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf).
-
* [Issue 3895](https://bugs.chromium.org/p/gerrit/issues/detail?id=3895):
Fix failure to submit with 'Rebase if Necessary' after changes were reordered
with interactive rebase.
-
* [Issue 4052](https://bugs.chromium.org/p/gerrit/issues/detail?id=4052):
Fix failure to start server after upgrade from version 2.9.4.
-
* [Issue 3891](https://bugs.chromium.org/p/gerrit/issues/detail?id=3891):
Fix query with `label:` operator and zero value.
-
* [Issue 4112](https://bugs.chromium.org/p/gerrit/issues/detail?id=4112):
Fix failure to submit changes caused by empty user edit ref.
-
* [Issue 4087](https://bugs.chromium.org/p/gerrit/issues/detail?id=4087):
Fix failure to submit change when a branch is created on the change ref.
-
* [Issue 4155](https://bugs.chromium.org/p/gerrit/issues/detail?id=4155):
Fix tags REST API to correctly return all tags.
-
* [Issue 4154](https://bugs.chromium.org/p/gerrit/issues/detail?id=4154):
Add support for `.team` and several more TLDs in email address validation.
-
Update commons-validator to 1.5.1.
-
* [Issue 4163](https://bugs.chromium.org/p/gerrit/issues/detail?id=4163):
Prevent removal of non-voting reviewers on submit of change.
-
* [Issue 2647](https://bugs.chromium.org/p/gerrit/issues/detail?id=2647):
Fix usage of `CTRL-C` on change screen.
-
* [Issue 4236](https://bugs.chromium.org/p/gerrit/issues/detail?id=4236):
Fix internal error when pushing an amended commit with the `%edit` option.
-
* [Issue 3426](https://bugs.chromium.org/p/gerrit/issues/detail?id=3426):
Fix pushing changes with `%base` option or `newChangeForAllNotInTarget` option.
-
* Show 'Submitted Together' tab for changes with same topic.
-
* Improve submit button tooltip messages shown when change is not submittable.
-
* Fix firing of the `topic-changed` hook.
-
* Remove `--dry-run` option from the `Reindex` site program.
-
The implementation of the option was removed, but the option was mistakenly
added back to the command and did not actually work.
-
* Print proper task names in the output of the `show-queues` command.
-
* Replication plugin: Double check if a ref is missing locally before deleting
from remote.
-
* Show an error message when trying to add a non-existent group to an ACL.
-
### 2.12.2
-
* Upgrade Apache commons-collections to version 3.2.2.
-
Includes a fix for a [remote code execution exploit](https://issues.apache.org/jira/browse/COLLECTIONS-5800).
-
* [Issue 3919](https://code.google.com/p/gerrit/issues/detail?id=3919):
Explicitly set parent project to 'All-Projects' when a project is created
without giving the parent.
-
* Don't add message twice on abandon or restore via ssh review command.
-
When abandoning or reviewing a change via the ssh `review` command, and
providing a message with the `--message` option, the message was added to
the change twice.
-
* Clear the input box after cancelling add reviewer action.
-
When the action was cancelled, the content of the input box was still
there when opening it again.
-
* Fix internal server error when aborting ssh command.
-
* [Issue 3969](https://code.google.com/p/gerrit/issues/detail?id=3969):
Fix internal server error when submitting a change with 'Rebase If Necessary'
strategy.
@@ -880,182 +633,128 @@
### 2.12.1
#### General
-
* Fix column type for signed push certificates.
-
The column type `VARCHAR(255)` was too small, preventing some PGP push
certificates from being stored.
-
* Add the `DRAFT_COMMENTS` option to the list changes REST API endpoint
and mark it as deprecated.
-
It was removed in version 2.12 because it's not needed any more by the UI,
but this caused failures for clients that still use it.
-
Now it is added back, although it does not do anything and is marked as
deprecated.
-
* [Issue 3669](https://code.google.com/p/gerrit/issues/detail?id=3669):
Fix schema migration when migrating to 2.12.x directly from a version
earlier than 2.11.
-
* [Issue 3733](https://code.google.com/p/gerrit/issues/detail?id=3733):
Correctly detect symlinked log directory on startup.
-
If `$site_path/logs` was a symlink, the server would not start.
-
* [Issue 3871](https://code.google.com/p/gerrit/issues/detail?id=3871):
Throw an explicit exception when failing to load a change from the database.
-
If a change could not be loaded from the database, for example if it was
manually removed from the changes table but references to it were remaining
in other tables, a null change was returned which would then lead to an
'Internal Server Error' that was difficult to track down. Now an error is
raised earlier which will help administrators to find the root cause.
-
* [Issue 3743](https://code.google.com/p/gerrit/issues/detail?id=3743):
Use submitter identity as committer when using 'Rebase if Necessary' merge
strategy.
-
When submitting a change that required rebase, the committer was being
set to 'Gerrit Code Review' instead of the name of the submitter.
-
* [Issue 3758](https://code.google.com/p/gerrit/issues/detail?id=3758):
Fix serving of static resources when deployed in application container.
-
When deployed in a container, for example Tomcat, it was not possible to
load the UI because static content could not be loaded from the WAR file.
-
* [Issue 3790](https://code.google.com/p/gerrit/issues/detail?id=3790):
Fix documentation link when deployed in application container.
-
When deployed in a container, for example Tomcat, the 'Documentation' menu
was missing.
-
* [Issue 3786](https://code.google.com/p/gerrit/issues/detail?id=3786):
Fix SQL statement syntax in schema migration.
-
An extra semicolon was preventing migration from 2.11.x to 2.12 when using
an Oracle database.
-
* Send email using email queue instead of the default queue.
-
Some emails sent asynchronously were already being sent using that queue
but some were not. This was confusing for a gerrit administrator because
if there is a build up of `send-email` tasks in the queue, he would
think that increasing `sendemail.threadPoolSize` would help but it did not
because some of the email were sent using the default queue which is
configurable using `execution.defaultThreadPoolSize`.
-
* Fix XSRF token cookie to honor `auth.cookieSecure` setting.
-
* [Issue 3767](https://code.google.com/p/gerrit/issues/detail?id=3767):
Fix replication of first patch set for new changes.
-
When new changes were pushed from the command line, the first patch
set did not get replicated to destinations.
-
* [Issue 3771](https://code.google.com/p/gerrit/issues/detail?id=3771):
Remove `index.defaultMaxClauseCount` configuration option.
-
When `index.maxTerms` was either not set (thus no limit) or set to a value
higher than `index.defaultMaxClauseCount` it was possible that viewing the
related changes tab could cause a 'Too many clauses' error for changes that
have a lot of related changes.
-
The `index.defaultMaxClauseCount` configuration option is removed, and the
existing `index.maxTerms` is reused. The default value of `index.maxTerms`
is reduced from 'no limit' to 1024.
-
* [Issue 3919](https://code.google.com/p/gerrit/issues/detail?id=3919):
Explicitly set parent project to 'All-Projects' when a project is created
without giving the parent.
-
* [Issue 3948](https://code.google.com/p/gerrit/issues/detail?id=3948):
Fix submit of project parent updates on `refs/meta/config`.
-
When submitting a change on `refs/meta/config` to update a project's parent,
the error 'The change must be submitted by a Gerrit administrator' was being
displayed even when the submitter was an admin. The submit was successful
when clicking 'Submit' a second time.
-
* [Issue 3811](https://code.google.com/p/gerrit/issues/detail?id=3811):
Fix submittability of merge commits that resolve merge conflicts.
-
If a series of changes contained a change that conflicted with the destination
branch, but the conflict was solved by a merge commit at the tip of the
series, the series was not submittable.
-
* [Issue 3883](https://code.google.com/p/gerrit/issues/detail?id=3883):
Respect the `core.commentchar` setting from `.gitconfig` in `commit-msg` hook.
#### UI
-
* [Issue 3894](https://code.google.com/p/gerrit/issues/detail?id=3894):
Fix display of 'Related changes' after change is rebased in web UI:
-
* [Issue 3071](https://code.google.com/p/gerrit/issues/detail?id=3071):
Fix display of submodule differences in side-by-side view.
-
* [Issue 3718](https://code.google.com/p/gerrit/issues/detail?id=3718):
Hide avatar images when no avatars are available.
-
The UI was showing a transparent empty image with a border.
-
* [Issue 3731](https://code.google.com/p/gerrit/issues/detail?id=3731):
Fix syntax higlighting of tcl files.
-
* [Issue 3863](https://code.google.com/p/gerrit/issues/detail?id=3863):
Fix display of active row marker in tag list.
-
Clicking on one of the rows would cause the tag name to disappear.
-
* [Issue 1207](https://code.google.com/p/gerrit/issues/detail?id=1207):
Fix keyboard shortcuts for non-US keyboards on side-by-side diff screen.
-
The forward/backward navigation keys `[` and `]` only worked on keyboards where
these characters could be typed without using any modifier key (like CTRL, ALT,
etc..).
-
Note that the problem still exists on the unified diff screen.
-
* Improve tooltip on 'Submit' button when 'Submit whole topic' is enabled
and the topic can't be submitted due to some changes not being ready.
#### Plugins
-
* [Issue 3821](https://code.google.com/p/gerrit/issues/detail?id=3821):
Fix repeated reloading of plugins when running on OpenJDK 8.
-
OpenJDK 8 uses nanotime precision for file modification time on systems that
are POSIX 2008 compatible. This leads to precision incompatibility when
comparing the plugin's JAR file timestamp, resulting in the plugin being
reloaded every minute.
-
* [Issue 3741](https://code.google.com/p/gerrit/issues/detail?id=3741):
Fix handling of merge validation exceptions emitted by plugins.
-
If a plugin raised an exception, it was reported to the user as 'Change is
new', rather than 'Missing dependency'.
-
* Allow plugins to get the caller in merge validation requests.
-
Plugins that implement the `MergeValidationListener` interface now get the
caller (the user who initiated the merge) in the `onPreMerge` method.
-
Existing plugins that implement this interface must be adapted to the new
method signature.
-
* [Issue 3892](https://code.google.com/p/gerrit/issues/detail?id=3892):
Allow plugins to suggest reviewers based on either change or project
resources.
#### Documentation
-
* Update documentation of `commentlink` to reflect changed search URL.
-
* Add missing documentation of valid `database.type` values.
#### Upgrades
-
* Upgrade JGit to 4.1.2.201602141800-r.
diff --git a/pages/site/releases/2.13.md b/pages/site/releases/2.13.md
index 97d6048..fee598a 100644
--- a/pages/site/releases/2.13.md
+++ b/pages/site/releases/2.13.md
@@ -6,7 +6,9 @@
toc: true
---
-Download: **[2.13.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.9.war)**
+Download: **[2.13.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.11.war)**
+| [2.13.10](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.10.war)
+| [2.13.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.9.war)
| [2.13.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.8.war)
| [2.13.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.7.war)
| [2.13.6](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.6.war)
@@ -17,7 +19,9 @@
| [2.13.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.1.war)
| [2.13](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.war)
-Documentation: **[2.13.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.9/index.html)**
+Documentation: **[2.13.11](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.11/index.html)**
+| [2.13.10](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.10/index.html)
+| [2.13.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.9/index.html)
| [2.13.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.8/index.html)
| [2.13.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.7/index.html)
| [2.13.6](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.6/index.html)
@@ -29,7 +33,6 @@
| [2.13](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/index.html)
## Release Highlights
-
* Suport for multiple database backends for "reviewed" flags (from 2.13.8)
* Support for Large File Storage (LFS)
* Metrics interface
@@ -40,13 +43,23 @@
## Important Notes
### Schema Changes
-
This release contains schema changes. To upgrade:
-
``` sh
java -jar gerrit.war init -d site_path
```
+### HTTPS TLS1.1 support discontinued by Maven Central.
+As of June 18th 2018, Maven Central
+[discontinued support for TLS v1.1 and below](https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/).
+When initializing a new site with Java 7, this causes download of third
+party dependencies such as the MySQL connector to fail. It is therefore
+necessary to explicitly enable TLS v1.2 on the invocation of java:
+
+``` sh
+ java -Dhttps.protocols=TLSv1.2 gerrit.war init -d site_path
+```
+
+This does not affect Java 8, which enables TLS v1.2 by default.
### Manual Schema Update for Reviewed Flags
Sites that have already upgraded to version 2.13 may want to migrate from the
@@ -56,7 +69,6 @@
Sites that have already upgrade to version 2.13 before 2.13.8 need to manually
migrate the reviewed flags database to change the `file_name` column length.
-
After stopping Gerrit, enter the H2 console:
``` sh
@@ -73,12 +85,10 @@
example, one million rows may take up to 1 minute.
### Online Reindexing
-
To use online reindexing for the `changes` secondary index when upgrading
to 2.13.x, the server must first be upgraded to 2.8 (or 2.9) and then through
2.10, 2.11 and 2.12. Skipping a version will prevent the online reindexer from
working.
-
Gerrit 2.13 introduces a new secondary index for accounts, and this must be
indexed offline before starting Gerrit:
@@ -95,60 +105,46 @@
```
### Hooks Plugin
-
The server side hooks functionality is moved to a core plugin. Sites
that make use of server side hooks must install this plugin during site init.
## New Features
### Large File Storage (LFS)
-
-Gerrit provides an [extension point](https://gerrit-review.googlesource.com/Documentation/2.13/dev-plugins.html#lfs-extension)
+Gerrit provides an [extension point](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/dev-plugins.html#lfs-extension)
that enables development of plugins implementing the
[LFS protocol](https://github.com/github/git-lfs/blob/master/docs/api/v1/http-v1-batch.md).
-
By setting
[`lfs.plugin`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#lfs.plugin)
the administrator can configure the name of the plugin which handles LFS requests.
### Access control for git submodule subscriptions
-
To prevent potential security breaches as described in
[issue 3311](https://bugs.chromium.org/p/gerrit/issues/detail?id=3311), it is now
only possible for a project to subscribe to a submodule if the submodule
explicitly allows itself to be subscribed.
-
Please see the
[submodules user guide](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-submodules.html)
for details.
-
Note that when upgrading from an earlier version of Gerrit, permissions for
any existing subscriptions will be automatically added during the database
schema migration.
### Metrics
-
Metrics about Gerrit's internal state can be sent to external
monitoring systems.
-
Plugins can provide implementations of the metrics interface to
report metrics to different monitoring systems. The following
plugins are available:
-
* [JMX](https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-jmx)
-
* [Graphite](https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-graphite)
-
-* [Elastic Search](https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-elasticsearch)
-
+* [Elasticsearch](https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-elasticsearch)
Plugins can also provide their own metrics.
-
See the
[metrics documentation](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/metrics.html)
for further details.
### Hooks
-
Server side hooks are moved to the
[hooks plugin](https://gerrit-review.googlesource.com/#/admin/projects/plugins/hooks).
Sites that make use of server side hooks should install this
@@ -156,82 +152,61 @@
The plugin uses the same configuration settings in `gerrit.config`.
### Secondary Index
-
* The secondary index now supports indexing of accounts.
-
The
[reindex program](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/pgm-reindex.html)
by default reindexes all changes and accounts. A new
option allows to explicitly specify whether to reindex changes or accounts.
-
The `suggest.fullTextSearch`, `suggest.fullTextSearchMaxMatches` and
`suggest.fullTextSearchRefresh` configuration options are removed. Full text
search is supported by default with the account secondary index.
-
* New ssh command to
[reindex changes](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/cmd-index-changes.html).
### User Interface
-
* The UI can now be loaded in an iFrame by enabling
[`gerrit.canLoadInIFrame`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#gerrit.canLoadInIFrame)
in the site configuration.
#### Change Screen
-
* [Issue 106](https://bugs.chromium.org/p/gerrit/issues/detail?id=106):
Allow to select merge commit's parent for diff base in change screen.
-
* [Issue 3035](https://bugs.chromium.org/p/gerrit/issues/detail?id=3035):
Allow to remove specific votes from a change, while leaving the reviewer on the
change.
-
* [Issue 3487](https://bugs.chromium.org/p/gerrit/issues/detail?id=3487):
Use 'Ctrl-Alt-e' instead of 'e' to open edit mode.
#### Diff Screens
-
* Add all syntax highlighting available in CodeMirror.
-
* Improve search experience in diff screen.
-
Ctrl-F, Ctrl-G and Shift-Ctrl-G now bind to the search dialog box provided by
CodeMirror's search add-on. Enter and Shift-Enter navigate among the search
results from the CodeMirror search, just like they do in a normal browser
search. Esc now clears the search result.
-
If the user sets `Render` to `Slow` in the diff preferences and the file is less
than 4000 lines (huge), then Ctrl-F, Ctrl-G and Shift-Ctrl-G fall back to the
browser search.
-
* [Issue 2968](https://bugs.chromium.org/p/gerrit/issues/detail?id=2968):
Allow to go back to change list by keyboard shortcut from diff screens.
-
* Blame annotations.
-
By enabling
[`change.allowBlame`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#change.allowBlame),
blame annotations can be shown in the side-by-side diff
- screen gutter. Clicking the annotation opens the relevant change.
+ screen gutter.
#### User Preferences
-
* [Issue 989](https://bugs.chromium.org/p/gerrit/issues/detail?id=989):
New option to control email notifications.
-
Users can now choose between 'Enabled', 'Disabled' and 'CC Me on Comments I Write'.
-
* New option to control adding 'Signed-off-by' footer in commit message of new changes
created online.
-
* New option to control auto-indent width in inline editor.
-
* [Issue 890](https://bugs.chromium.org/p/gerrit/issues/detail?id=890):
New diff option to control whether to skip unchanged files when navigating to
the previous or the next file.
### Changes
-
In order to avoid potentially confusing behavior, when submitting changes in a
batch, submit type rules may not be used to mix submit types on a single branch,
and trying to submit such a batch will fail.
@@ -239,717 +214,538 @@
### REST API
#### Accounts
-
* [Issue 3766](https://bugs.chromium.org/p/gerrit/issues/detail?id=3766):
Allow users with the
['ModifyAccount' capability](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/access-control.html#capability_modifyAccount)
to get the preferences for other users via the
[Get User Preferences endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-user-preferences).
-
* Rename 'Suggest Account' to
['Query Account'](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#query-account)
and add support for arbitrary account queries.
-
The `_more_accounts` flag is set on the last result when there are more results
than the limit. The `DETAILS` and `ALL_EMAILS` options may be set to control
whether the results should include details (full name, email, username, avatars)
and all emails, respectively.
-
* New endpoint:
[Get Watched Projects](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-watched-projects).
-
* New endpoint:
[Set Watched Projects](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#set-watched-projects).
-
* New endpoint:
[Delete Watched Projects](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#delete-watched-projects).
-
* New endpoint:
[Get Star Labels from Change](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-stars).
-
* New endpoint:
[Update Star Labels on Change](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#set-stars).
-
* New endpoint:
[Get OAuth Access Token](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-oauth-token).
-
* New endpoint:
[List Contributor Agreements](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#list-contributor-agreements).
-
* New endpoint:
[Sign Contributor Agreement](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#sign-contributor-agreement).
#### Changes
-
* [Issue 3579](https://bugs.chromium.org/p/gerrit/issues/detail?id=3579):
Append submitted info to ChangeInfo.
-
* New endpoint:
[Move Change](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-changes.html#move-change).
#### Groups
-
* Add `-s` as an alias for `--suggest` on the
[Suggest Group endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-groups.html#suggest-group).
#### Projects
-
* Add `async` option to the
[Run GC endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#run-gc)
to allow garbage collection to run asynchronously.
-
* New endpoint:
[List Access Rights](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#get-access).
-
* New endpoint:
[Add, Update and Delete Access Rights](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#set-access).
-
* New endpoint:
[Create Tag](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#create-tag).
-
* New endpoint:
[Get Mergeable Information](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#get-mergeable-info).
### Plugins
-
* Secure settings
-
Plugins may now store secure settings in `etc/$PLUGIN.secure.config` where they
will be decoded by the Secure Store implementation.
-
* Exported dependencies
-
Gson is now an exported dependency. Plugins no longer need to explicitly add
a dependency on it.
### Misc
-
* New project option to reject implicit merge commits.
-
The 'Reject Implicit Merges' option can be enabled to prevent non-merge commits
from implicitly bringing unwanted changes into a branch. This can happen for
example when a commit is made based on one branch but is mistakenly pushed to
another, for example based on `refs/heads/master` but pushed to `refs/for/stable`.
-
* New
[Add Patch Set capability](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/access-control.html#category_add_patch_set)
to control who is allowed to upload a new patch set to an existing change.
-
* [Issue 4015](https://bugs.chromium.org/p/gerrit/issues/detail?id=4015):
Allow setting a
[comment message](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-upload.html#message)
when uploading a change.
-
* Allow to specify
[who should be notified by email](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-upload.html#notify)
when uploading a change.
-
* [Issue 3220](https://bugs.chromium.org/p/gerrit/issues/detail?id=3220):
Append approval info to every comment-added stream event and hook.
-
* The `administrateServer` capability can be assigned to groups by setting
[`capability.administrateServer`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#capability.administrateServer)
in the site configuration.
-
Configuring this option can be a useful fail-safe to recover a server in the
event an administrator removed all groups from the `administrateServer`
capability, or to ensure that specific groups always have administration
capabilities.
-
* New configuration options to configure JGit repository cache parameters.
-
[core.repositoryCacheCleanupDelay](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#core.repositoryCacheCleanupDelay)
and [core.repositoryCacheExpireAfter](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#core.repositoryCacheExpireAfter)
can be configured.
-
* Accept `-b` as an alias of `--batch` in the
[init program](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/pgm-init.html).
## Bugfixes
-
* Don't add the same SSH key multiple times.
-
If an already existing SSH key was added, a duplicate entry was added to the
list of user's SSH keys.
-
* Respect the 'Require a valid contributor agreement to upload' setting
when creating changes via the UI.
-
If a user had not signed a CLA, it was still possible for them to create a new
change with the 'Revert' or 'Cherry Pick' button.
-
* Make Lucene index more stable when being interrupted.
-
* Don't show the `start` and `idle` columns in the `show-connections`
output when the ssh backend is NIO2.
-
The NIO2 backend doesn't provide the start and idle times, and the
values being displayed were just dummy values. Now these values are
only displayed for the MINA backend.
-
+* [Issue 6965](https://bugs.chromium.org/p/gerrit/issues/detail?id=6965):
+Fix 'missing tree' on repos where `git prune` has been run.
* [Issue 4150](https://bugs.chromium.org/p/gerrit/issues/detail?id=4150):
Deleting a draft inline comment no longer causes the change's `Updated` field to
be bumped.
-
* [Issue 4099](https://bugs.chromium.org/p/gerrit/issues/detail?id=4099):
Fix SubmitWholeTopic does not update subscriptions.
-
* [Issue 3603](https://bugs.chromium.org/p/gerrit/issues/detail?id=3603):
Fix editing a submodule via inline edit.
-
* [Issue 4069](https://bugs.chromium.org/p/gerrit/issues/detail?id=4069):
Fix highlights in scrollbar overview ruler not moved when extending the
displayed area.
-
* [Issue 3446](https://bugs.chromium.org/p/gerrit/issues/detail?id=3446):
Respect the `Skip Deleted` diff preference.
-
* [Issue 3445](https://bugs.chromium.org/p/gerrit/issues/detail?id=3445):
Respect the `Skip Uncommented` diff preference.
-
* [Issue 4051](https://bugs.chromium.org/p/gerrit/issues/detail?id=4051):
Fix empty `From` email header.
-
* [Issue 3423](https://bugs.chromium.org/p/gerrit/issues/detail?id=3423):
Fix intraline diff for added spaces.
-
* [Issue 1867](https://bugs.chromium.org/p/gerrit/issues/detail?id=1867):
Remove `no changes made` error case when the only difference between a new
commit and the previous patch set of the change is the committer.
-
* [Issue 3831](https://bugs.chromium.org/p/gerrit/issues/detail?id=3831):
Prevent creating groups with the same name as a system group.
-
* [Issue 3754](https://bugs.chromium.org/p/gerrit/issues/detail?id=3754):
Fix `View All Accounts` permission to allow accounts REST endpoint to access
email info.
-
* Make `gitweb.type` default to `disabled` when not explicitly set.
-
Previously the behavior was not documented and it would default to type
`gitweb`. In cases where there was no gitweb config at all, this would
result in broken links due to `null` being used as the URL.
-
* [Issue 4488](https://bugs.chromium.org/p/gerrit/issues/detail?id=4488):
Improve error message when `Change-Id` line is missing in commit message.
-
The error message now includes the sha1 of the commit, so that it is
easier to track down which commit failed validation when multiple commits
are pushed at the same time.
-
* Don't check mergeability of draft changes.
-
Draft changes can be deleted but not abandoned so there is no way for
an administrator to get rid of the them on behalf of the users. This can
become a problem when there many draft changes because the mergeability
check can be costly.
-
The mergeability check is no longer done for draft changes, but will be
done when the draft change is published.
-
* Fix internal server error when plugin-provided file history weblink
is null.
-
It is valid for a plugin to provide a null weblink, but doing so resulted
in an internal server error.
## Dependency Updates
-
* Add dependency on blame-cache 0.1-9
-
* Add dependency on guava-retrying 2.0.0
-
* Add dependency on jsr305 3.0.1
-
* Add dependency on metrics-core 3.1.2
-
* Upgrade auto-value to 1.3-rc1
-
* Upgrade commons-net to 3.5
-
* Upgrade CodeMirror to 5.17.0
-
* Upgrade Guava to 19.0
-
* Upgrade Gson to 2.7
-
* Upgrade Guice to 4.1.0
-
* Upgrade gwtjsonrpc to 1.9
-
* Upgrade gwtorm to 1.15
-
* Upgrade javassist to 3.20.0-GA
-
* Upgrade Jetty to 9.2.14.v20151106
-
* Upgrade JGit to 4.5.0.201609210915-r
-
* Upgrade joda-convert to 1.8.1
-
* Upgrade joda-time to 2.9.4
-
* Upgrade Lucene to 5.5.0
-
* Upgrade mina to 2.0.10
-
* Upgrade sshd-core to 1.2.0
-
## Bugfix Releases
-### 2.13.9
+### 2.13.11
+* Upgrade jsch to 0.1.54 to fix [CVE-2016-5725](https://nvd.nist.gov/vuln/detail/CVE-2016-5725):
+Directory traversal vulnerability.
+ Versions of jsch prior to 0.1.54 have a directory traversal vulnerability
+ on Windows. When the mode is `ChannelSftp.OVERWRITE`, it allows remote SFTP
+ servers to write to arbitrary files via a `..\` (dot dot backslash) in a
+ response to a recursive `GET` command.
+ For other fixes in jsch since 0.1.53, please refer to the
+ [jsch change log](http://www.jcraft.com/jsch/ChangeLog).
+* Fix null pointer exception in event dispatcher when event contains a null account
+attribute.
+ The account attribute can be null for example in the `change-abandoned` event
+ generated for changes abandoned by Gerrit's auto cleanup.
+### 2.13.10
+* [Issue 7425](https://bugs.chromium.org/p/gerrit/issues/detail?id=7425):
+Add `sshd.waitTimeout` configuration to set `WAIT_FOR_SPACE_TIMEOUT`.
+ In sshd a new channel property,
+ [channel-output-wait-for-space-timeout](https://issues.apache.org/jira/browse/SSHD-565),
+ was introduced with a default value of 30 seconds.
+ This was not being set, causing any clone operations lasting longer
+ than 30 seconds to fail.
+ Administrators may now increase this value by setting
+ [`sshd.waitTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.13.10/config-gerrit.html#sshd.waitTimeout).
+* [Issue 8279](https://bugs.chromium.org/p/gerrit/issues/detail?id=8279):
+Always check for `Change-Id` in subject line during commit validation:
+ A commit with an empty commit message except for a `Change-Id` line in
+ the subject was only rejected if "Require Change-Id" was enabled.
+* [Issue 8280](https://bugs.chromium.org/p/gerrit/issues/detail?id=8280):
+Fix validation of `Change-Id` line when creating changes from the UI:
+ When a change was created via the UI (or via the REST API), the `Change-Id`
+ footer line was not validated. This resulted in it being possible to
+ create a change with an invalid `Change-Id`.
+* [Issue 8284](https://bugs.chromium.org/p/gerrit/issues/detail?id=8284):
+Fix unnecessary addition of `Change-Id` to changes created from the UI:
+ When a change was created via the UI (or via the REST API), a `Change-Id`
+ line was added without first checking if one already existed.
+* [Issue 8299](https://bugs.chromium.org/p/gerrit/issues/detail?id=8299):
+Fix insertion of `Signed-off-by` line after existing footer lines in changes
+created from the UI.
+ When a change was created via the UI (or via the REST API) and the
+ commit message included a `Change-Id` line or any other footer line,
+ the `Signed-off-by` footer was appended to the end of the last footer
+ instead of on a new line.
+* Fix parsing of permissions when expanding parameters.
+* Keep old timestamps during data migration.
+ In some cases the "created on" field was updated to the time of the migration
+ when replacing the "Submitted" state with "New".
+* Don't use account index to look up external IDs when authenticating with
+OAuth or OpenID.
+ The account index is not available on slaves, causing authentication
+ with OAuth and OpenID to fail.
+* Replication plugin: Fix replication retries when `maxRetries` is set to 0.
+
+### 2.13.9
* [Issue 6176](https://bugs.chromium.org/p/gerrit/issues/detail?id=6176):
Fix internal server error when old patch set is not found.
-
* [Issue 6605](https://bugs.chromium.org/p/gerrit/issues/detail?id=6605):
Fix searching for change by Change-Id triplet when project name matches Change-Id pattern.
-
For projects whose name matched the Change-Id pattern, i.e. named something
like `iabcde`, it was not possible to search for changes using the Change-Id
triplet `project~branch~changeId`.
-
* [Issue 3345](https://bugs.chromium.org/p/gerrit/issues/detail?id=3345):
Preserve line endings in inline editor.
-
When a file with Windows line endings was edited all the line ending
characters were replaced by Unix style line endings.
-
* Fix line wrapping in inline editor.
-
The line wrapping preference was respected for the diff screens, but not
for the inline editor.
-
* Fix cyclic dependency when using `site_path` from `system_config` table.
-
The starting mode where `site_path` is not specified (as a system property)
and Gerrit first connects to the database using the ReviewDb JNDI property
from the servlet container was broken since version 2.13 due to a cyclic
dependency in Guice bindings.
-
* Extend upload validation interface to allow listening to negotiation start.
-
This can be used to check rate limits for fetch requests. Rate limits
should be checked before git transport negotation starts to avoid
unnecessary work in case the limit is already reached.
-
* Allow to set Jetty HTTPD socket timeout.
-
A new setting [`httpd.idleTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.13.9/config-gerrit.html#httpd.idleTimeout)
makes the Jetty HTTPD socket timeout configurable so to tailor the socket
and thread consumption to the needs of setups with different latencies and
bandwidth.
-
* Add metrics for reviewer suggestion.
-
The metrics `reviewer_suggestion/query_accounts` and `reviewer_suggestion/query_groups`
record the latency of querying accounts and groups for reviewer suggestion.
### 2.13.8
-
* Improvements in "reviewed" flags cache
-
* [Issue 5906](https://bugs.chromium.org/p/gerrit/issues/detail?id=5906):
Fix performance regression.
-
* Fix SQL statements used to clear "reviewed" flags.
-
The SQL statements were using `+` rather than `=` which resulted in
more entries than expected being deleted.
-
* Fix `file_name` column length.
-
* Upgrade JGit to 4.5.2.201704071617-r.
-
This includes more fixes for handling of invalid packfiles. See
[JGit bug 514170](https://bugs.eclipse.org/bugs/show_bug.cgi?id=514170)
for details.
-
* [Issue 5817](https://bugs.chromium.org/p/gerrit/issues/detail?id=5817):
Be more consistent about object ids used in ref operation validation.
-
The `ReceiveCommand` passed to `RefOperationValidationListener` did not
always have the old and new objectd Ids set, which could result in crashes
when dereferenced by plugins.
-
* Fix potential server error when extracting footer lines from commits.
-
* Fix merging a merge commit that refers to commits not submitted as changes.
-
* Fix redundant notifications on change screen.
-
* Allow project owner to use set-project ssh command.
-
REST API and UI allow project owner to change the project settings so
inconsistency is fixed by allowing the same in the ssh command.
-
* Add an `account indexed` extension point.
-
Similar to the existing `change indexed` extension point, this allows plugins
to be notified when an account has been indexed.
### 2.13.7
-
* Prevent circular module dependency when running in external container.
-
Since 2.13 it was not possible to run Gerrit in an external container
due to circular dependency between the database module and the note DB
migration module.
-
This is fixed, but the site path must be explicitly set in a system
property: `-Dgerrit.site_path=/path/to/gerrit`.
-
* Use submitter's identity for merge commit in Rebase if Necessary.
-
When a merge commit was not fast-forward, gerrit created a "merge of merge"
commit with its server identity instead of the submitter's identity.
-
* [Issue 4637](https://bugs.chromium.org/p/gerrit/issues/detail?id=4637):
Fix "Class not found" errors when running on IBM JDK.
-
The metrics module had a dependency on com.sun internal classes that
are not available in the JRE from other providers such as IBM, resulting
in ClassNotFound exceptions when initializing the CPU usage metric.
-
* [Issue 5689](https://bugs.chromium.org/p/gerrit/issues/detail?id=5689):
Fix internal server error when directory in git root is inaccessible.
-
If a directory in the site's git root was not accessible, an internal
server error prevented the list of projects from being populated.
-
* [Issue 5652](https://bugs.chromium.org/p/gerrit/issues/detail?id=5652):
reviewnotes plugin: Fix export of review notes.
-
* [Issue 5190](https://bugs.chromium.org/p/gerrit/issues/detail?id=5190):
Fix email notifications when adding new reviewers.
-
* [Issue 5055](https://bugs.chromium.org/p/gerrit/issues/detail?id=5055):
Fix cache eviction order when linking new external IDs.
-
* [Issue 5727](https://bugs.chromium.org/p/gerrit/issues/detail?id=5727):
Fix failure to start when JVM does not support CPU and file descripto metrics.
-
* Allow to continue reindex despite failures.
-
If indexing a change failed for some reason, indexing would be stopped
and remaining changes would not be indexed. Now an error message will
be displayed and indexing will continue.
-
* Allow user with "Maintain Server" permission to find all changes.
-
Allowing users delegated to maintain the server to find non-visible
changes in the CLI allows them to perform ad-hoc indexing.
-
* Fix deletion of the last file from config branch.
-
If the last file was deleted from the config branch, the file was not
actually deleted and the original content was kept. For example this
occurred when deleting all project watches when the `watch.config` file
was the only file on the branch.
-
* Support at-sign (`@`) in usernames.
-
Some federated identity systems, such as [Shibboleth](https://shibboleth.net/),
use login names including the at-sign.
-
* Enable systemd socket activation.
-
By setting
[`httpd.inheritChannel`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#httpd.inheritchannel)
to true, the server can be socket activated by `systemd` or `xinetd`.
-
* Be more consistent about object ids used in ref operation validation.
-
In some cases the new and old Ids were not set, which could cause null
pointer exceptions in ref operation validations listeners trying to
dereference them.
-
* Upgrade JGit to 4.5.1.201703201650-r.
-
Among other bug fixes, this version includes a fix for packfile list
inconsistency in memory due to temporary lack of system resources during
read, which caused transient "file not found" errors.
### 2.13.6
-
* Allow Git LFS to authenticate via SSH.
-
LFS plugins can now provide an implementation of `git-lfs-authenticate`
which allows the Git LFS client to use the SSH protocol to either obtain
the LFS endpoint URL or authorize the following LFS upload/download
operation.
-
* Allow Git LFS to authenticate via HTTP.
-
Git LFS requests include the authorization as HTTP Basic but
this was ignored and the user was treated as anonymous.
-
* Don't require Add Patch Set permission for submit by rebase.
-
When the submit strategy was Rebase If Necessary and
a rebase was needed for the submit, the submit failed if the user
didn't have the Add Patch Set permission. However for submitting a
change the Submit permission alone should be sufficient.
-
The behavior is now consistent with the Cherry-Pick submit strategy
which also doesn't require the Add Patch Set permission if a
cherry-pick is done on submit.
-
* Add a [passwd program](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.6/pgm-passwd.html)
to set values in the `secure.config` file when a secure store implementation
is used.
-
* Allow plugins to define their own prefix for metrics reporting.
-
By setting `plugin.name.metricsPrefix` plugins can set the root
name under which their metrics are reported.
-
* Allow HTTP password when using LDAP and basic authentication.
-
It was not possible to use HTTP password to validate git over
HTTP and REST API requests if LDAP was used along with HTTP basic
authentication.
-
* Allow callers to define notify handling when adding reviewers to a
change by REST API.
-
* [Issue 4563](https://bugs.chromium.org/p/gerrit/issues/detail?id=4563):
Only send one email when reviewers are added to a change in bulk.
-
* [Issue 5237](https://bugs.chromium.org/p/gerrit/issues/detail?id=5237):
Don't truncate long lines in diff screens.
-
* [Issue 5298](https://bugs.chromium.org/p/gerrit/issues/detail?id=5298):
Fix history token in Groups screen's "Members" tab.
-
* Fix garbled text with Unicode display names obtained from HTTP headers.
-
* Make error message for rejecting Egit placeholder Change-Id consistent.
-
* Fix naming and prompt message for password entry in init steps.
-
* Fix Gitweb review link generation.
-
* Hooks plugin: emit metrics for hook execution latency, count, and errors.
-
* Submodule fixes
-
* Don't use fast-forward to update submodule subscription when superproject
has a merge submit strategy.
-
* Fix sorting of subscribed branches in submodule update.
-
* Fix handling of submodule config entries.
-
* Fix ordering of projects in submodule update.
-### 2.13.5
-
+### 2.13.5
* [Issue 5200](https://bugs.chromium.org/p/gerrit/issues/detail?id=5200):
Ensure that indexes are closed properly on shutdown.
-
The indexes were not closed on shutdown, which caused data to be lost
due to not being flushed to disk.
-
* Enable the 'Delete Edit' button for merged changes.
-
If a merged change has an edit revision, it should still be possible
to delete the edit.
-
* Do not check visibility of parent project when creating a new project.
-
A project can be visible to a user but not necessarily its parent. To
be consistent, a user with create-project permission should be able to
create a project with a parent that exists even if the parent is not
visible to the user.
-
* Fix 'Can't insert change/patch set' error when prior patch set has no
parent, but next patch set has 1 parent.
-
* [Issue 5179](https://bugs.chromium.org/p/gerrit/issues/detail?id=5179):
Make startup timeout configurable.
-
By setting `container.startupTimeout` it is possible to configure the
maximum time to wait for the `gerrit.sh start` command to run a new
Gerrit daemon successfully.
-
* [Issue 4715](https://bugs.chromium.org/p/gerrit/issues/detail?id=4715):
Add missing reviewers visibility check for suggestions from account index.
-
* Fix Gitweb HTTP URL generation.
-
The generated Gitweb URL contained an invalid 'p' character, and did
not require authentication for projects not visible to anonymous users.
### 2.13.4
-
* [Issue 5090](https://bugs.chromium.org/p/gerrit/issues/detail?id=5090):
Fix overwriting of another user's account external Id.
-
* [Issue 4909](https://bugs.chromium.org/p/gerrit/issues/detail?id=4909):
Fix broken Gitweb weblink for config history on project access page.
-
* [Issue 4908](https://bugs.chromium.org/p/gerrit/issues/detail?id=4908):
Add back support for parent revision weblinks.
-
Support for weblinks for the parent revision(s) was removed in 2.13 but
this functionality is still wanted by some users. Support is added back,
by allowing plugins to provide a specific link for parent revisions. For
the built-in Gitweb links, the link template provided by the `revision`
setting is used.
-
* Add DB connection pool verification.
-
There was no verification of the connection pool, so a broken connection
would result in an internal server error when trying to read a change
from the database.
-
* Add support for moving a change's destination branch with the SSH `review`
command.
-
Version 2.13 introduced the 'move change' REST endpoint, but support via ssh
was omitted.
-
* Add REST endpoint to reindex a single account.
-
The new endpoint is useful to manually reindex a single account that has
become stale in the index.
### 2.13.3
-
* [Issue 4633](https://bugs.chromium.org/p/gerrit/issues/detail?id=4633):
Filter out unrelated projects when getting project watches from index.
-
* [Issue 4848](https://bugs.chromium.org/p/gerrit/issues/detail?id=4848):
Upgrade Postgresql JDBC driver to 9.4.1211.jre7.
-
Older versions of Postgresql JDBC driver rely on finalize() methods in
order to avoid leaking unclosed database objects. Given finalize
methods are unpredictable (no guarantee about prompt execution, if at
all), in some high load environments this could lead to a memory leak
with millions of JDBC objects pending finalization.
-
* [Issue 4841](https://bugs.chromium.org/p/gerrit/issues/detail?id=4841):
Hooks plugin: Make sure `GIT_DIR` environment variable is set in `ref-update`
hook.
-
* [Issue 4911](https://bugs.chromium.org/p/gerrit/issues/detail?id=4911):
Fix internal server error when providing an invalid Change-Id to the
index ssh command.
-
* [Issue 4643](https://bugs.chromium.org/p/gerrit/issues/detail?id=4643):
Strip newlines out of ssh public keys.
-
If an ssh public key contained newlines, each line was migrated to the
git backend as a separate key, each of which was considered invalid. Now,
newlines are stripped out. Note that this fix is not effective for sites
that have already been migrated to 2.13.x from an earlier version.
-
* Restore the `--format` option on the list plugins REST API endpoint.
-
Removing the `--format` option from the REST API had the side effect of
also removing it from the corresponding ssh command, which was a breaking
change for some users.
-
* Fix classpath collision with Servlet API for GWT plugins.
-
* Hooks plugin: Always return the output from the `ref-update` hook.
-
The output of the `ref-update` hook is now sent back to the client.
-
* Fix migration to schema version 127 on case-sensitive file systems.
-
* Fix internal server error when using `has:draft` search predicate.
-
* Fix internal server error caused by plugin returning null for
external included-in.
-
* Fix internal server error in `set-members` command when a group
to be added is not visible to the caller.
-
* Fix reindexing change by ssh command.
-
When reindexing a change by ssh, the change was loaded from the
index rather than from the database.
-
* Export prolog runtime in plugin API.
-
### 2.13.2
-
* Allow to delete caches if not empty when initializing site during upgrade.
-
Caches may be stale during upgrade, so the init program now offers to
delete them.
-
A new `--delete-caches` option is added to allow force delete of all
caches.
-
* [Issue 4797](https://bugs.chromium.org/p/gerrit/issues/detail?id=4797):
Fix internal server error in OAuth extension point when E-Mail is not set.
-
* [Issue 4784](https://bugs.chromium.org/p/gerrit/issues/detail?id=4784):
Allow to edit user name for OAuth providers that don't expose user names.
-
* [Issue 4627](https://bugs.chromium.org/p/gerrit/issues/detail?id=4627):
Fix internal server error in OAuth extension point when user name is not set.
-
* [Issue 4466](https://bugs.chromium.org/p/gerrit/issues/detail?id=4466):
Fix deadlock during Lucene index shutdown.
-
* Index account on account creation
-
This prevents creation of new accounts on every logout/login sequence.
-
* Add support for Microsoft Internet Explorer 10 and 11, and Microsoft Edge.
-
* [Issue 4630](https://bugs.chromium.org/p/gerrit/issues/detail?id=4630):
Fix server error when navigating up to change while 'Working' is displayed.
-
* [Issue 4631](https://bugs.chromium.org/p/gerrit/issues/detail?id=4631):
Read project watches from database.
-
Project watches were being read from the git backend by default, but the
migration to git is not yet completed.
-
* [Issue 4632](https://bugs.chromium.org/p/gerrit/issues/detail?id=4632):
Fix server error when deleting multiple SSH keys from the Web UI.
-
Attempting to delete multiple keys in parallel resulted in a lock failure
when removing the keys from the git backend.
-
* [Issue 4645](https://bugs.chromium.org/p/gerrit/issues/detail?id=4645):
Fix malformed account suggestions.
-
If the query contained several query terms and one of the query terms was
a substring of 'strong', the suggestion was malformed.
-
* Hooks plugin: Fix incorrect value passed to `--change-url` parameter.
-
The URL was being generated using the change's Change-Id rather than the
change number.
-
* Replication plugin: Fix Guava ProvisionException when replicating from slave.
-
* Check for CLA when creating project config changes from the web UI.
-
If contributor agreements were enabled and required for a project, and
the user had not signed a CLA, it was still possible to upload changes
for review on `refs/meta/config` by making changes in the project access
editor and pressing 'Save for Review'.
-
* Fix server errors in 'Set Access' and 'Get Access' REST enpoints.
-
* Stability improvements in event dispatch mechanism.
-### 2.13.1 {#2.13.1}
-
+### 2.13.1
* [Issue 4618](https://bugs.chromium.org/p/gerrit/issues/detail?id=4618):
Fix internal server error after online reindexing completed.
-
* Fix internal server error when cloning from slaves and not all refs are
visible.
-
* Fix JSON deserialization error causing stream event client to no longer receive
events.
diff --git a/pages/site/releases/2.14.md b/pages/site/releases/2.14.md
index dff5e1c..9351180 100644
--- a/pages/site/releases/2.14.md
+++ b/pages/site/releases/2.14.md
@@ -6,36 +6,64 @@
toc: true
---
-Download: **[2.14.3](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.3.war)**
+
+Download: **[2.14.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.11.war)**
+| [2.14.10](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.10.war)
+| [2.14.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.9.war)
+| [2.14.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.8.war)
+| [2.14.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.7.war)
+| [2.14.6](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.6.war)
+| [2.14.5.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.5.1.war)
+| [2.14.4](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.4.war)
+| [2.14.3](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.3.war)
| [2.14.2](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.2.war)
| [2.14.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.1.war)
| [2.14](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.war)
-Documentation: **[2.14.3](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.3/index.html)**
+Documentation: **[2.14.11](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.11/index.html)**
+| [2.14.10](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.10/index.html)
+| [2.14.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.9/index.html)
+| [2.14.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.8/index.html)
+| [2.14.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.7/index.html)
+| [2.14.6](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.6/index.html)
+| [2.14.5.1](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.5.1/index.html)
+| [2.14.4](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.4/index.html)
+| [2.14.3](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.3/index.html)
| [2.14.2](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.2/index.html)
| [2.14.1](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.1/index.html)
| [2.14](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/index.html)
## Release Highlights
-
* Changes can be assigned to specific users
* Open and Abandoned changes can be deleted
* HTML emails and new templating framework
* Support for receiving review comments by email
* New [Polymer](https://www.polymer-project.org/) based user interface
* Support for elliptic curve/ed25519 SSH keys
-* Secondary index with Elastic Search (experimental)
+* Secondary index for groups
+* Experimental support for Elasticsearch as secondary index **from [2.14.8](#2.14.8)**
## Important Notes
### Schema Changes
This release contains schema changes. To upgrade:
-
``` sh
java -jar gerrit.war init -d site_path
```
+### Reindex for new groups index
+Gerrit 2.14 introduces a new secondary index for groups. The initial version
+of this index must be created by running the offline reindex before starting
+Gerrit:
+
+``` sh
+ java -jar gerrit.war reindex --index groups -d site_path
+```
+Note that it is not necessary to reindex the changes and accounts indexes
+offline. These will automatically be reindexed by the online reindexer
+after starting Gerrit.
+
### Java 8
Gerrit now requires Java Runtime Environment (JRE) version 8. It is no longer
@@ -52,9 +80,9 @@
### HTTP Digest Authentication Removed
Support for HTTP Digest Authentiation is removed.
-
With the move to NoteDB, the per-account data (including the HTTP password) will
be stored in a branch in the `All-Users` repo, where it is subject to Gerrit ACLs.
+
Since these are notoriously hard to setup correctly, we want to avoid storing the
password in plaintext.
@@ -65,12 +93,9 @@
An exclusive ALLOW permission now has priority over a BLOCK permission when
both permissions are defined on the same project.
-
This means an exclusive ALLOW rule now overrules BLOCK rules on the same
project.
-
BLOCK rules still cannot be overruled by child projects.
-
This change makes it possible to allow a permission for a specific ref and to
block the same permission for all other refs. For example, it is now possible to
allow all users to push changes for review, but to block all direct pushes:
@@ -95,13 +120,45 @@
"Create Annotated Tag" and "Create Signed Tag". Existing project configurations
using the old permission names will be migrated during site initialization.
-### Behavior change in ref-update hook
+### Behavior change in `ref-update` hook
-Instead of being invoked on every commit received, the `ref-update` hook is now
-invoked before the ref update operation is finalized. The previous behavior of
-the `ref-update` hook is moved into a new hook named `commit-received`.
+The `ref-update` hook is now only invoked for direct ref updates, i.e. branch
+creation, branch deletion, and updates (fast-forward and non-fastforward) via
+direct push. It is not invoked on commits received for review, or on submit of
+changes.
-Sites using the `ref-update` hook should rename the hook file to `commit-received`.
+A new hook named `commit-received` is added, which is invoked when a commit is
+received for review, and can be used to prevent reviews from being created.
+A new hook named `submit` is added **in [2.14.9](#2.14.9)**, which is invoked
+when a user attempts to submit a change, and can be used to prevent the submit.
+
+Sites using the `ref-update` hook to validate changes pushed for review, or to
+validate submits, should migrate to the `commit-received` and `submit` hooks.
+
+### Updated primary key on JdbcAccountPatchReviewStore {#patch-review-primary-key}
+
+In version 2.14.4 the fields in the JdbcAccountPatchReviewStore primary key
+are reordered to improve performance when clearing the reviewed flag for a
+patch set.
+
+Sites that have already upgraded from an earlier version to 2.13, or to a 2.14.x
+version before 2.14.4, and want to take advantage of this performance improvement,
+should manually drop and recreate the primary key as follows:
+
+```
+ # drop the key
+ ALTER TABLE account_patch_reviews
+ DROP CONSTRAINT primary_key_account_patch_reviews;
+ # recreate the key
+ ALTER TABLE account_patch_reviews
+ ADD CONSTRAINT primary_key_account_patch_reviews
+ PRIMARY KEY (change_id, patch_set_id, account_id, file_name);
+```
+
+Note that this is optional. The site will continue to work without this update.
+The update is not necessary when upgrading directly to 2.14.4 from a version
+earlier than 2.13, as the primary key will be created with the updated order
+anyway.
## New Features
@@ -127,13 +184,11 @@
### Emails
#### HTML Emails
-
Gerrit email messages are made easier to read by sending HTML content parts in
addition to the existing text email content. This is enabled by default, and
can be disabled by setting
[`sendemail.html`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/config-gerrit.html#sendemail.html)
to `false`.
-
Users can opt to always receive plaintext emails by setting the
[Email Format preference](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/intro-user.html#email-format).
@@ -142,27 +197,30 @@
Mail templates can now be written using
[Closure Templates (Soy)](https://developers.google.com/closure/templates/). Mail
templates written in Velocity (VTL) are deprecated but still supported. Support
-for VTL will be dropped in the next release.
+for VTL will be dropped in a future release.
#### Review Comments by Email
Gerrit now supports
[receiving review comments by email](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/intro-user.html#reply-by-email).
-### Secondary Index with Elastic Search
+### Secondary Index with Elasticsearch
-It is possible to enable Elastic Search as a secondary index by setting
+It is possible to enable Elasticsearch as a secondary index by setting
[`index.type`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/config-gerrit.html#index.type)
to `ELASTICSEARCH` and configuring the
-[Elastic Search specific configuration parameters](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/config-gerrit.html#elasticsearch).
+[Elasticsearch specific configuration parameters](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/config-gerrit.html#elasticsearch).
-Note that the Elastic Search implementation is still considered experimental
+Note that the Elasticsearch implementation is still considered experimental
and it is not advised to use it for production systems.
### User Interface
* [Issue 3944](https://bugs.chromium.org/p/gerrit/issues/detail?id=3944):
Tags can be created and deleted via the Tags screen in the UI.
+ Although the [REST API](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-projects.html#create-tag)
+ supports creation of both lightweight and annotated tags from 2.14, the GWT UI
+ allows for annotation with 2.14.4 or later.
* For merge commits, the list of commits that will be merged into the destination
branch is included as the `/MERGE_LIST` magic file which is shown as `Merge List`
@@ -178,7 +236,6 @@
* [Delete Account External IDs](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-accounts.html#delete-account-external-ids)
#### Changes
-
* [Get Assignee](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#get-assignee)
* [Get Past Assignees](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#get-past-assignees)
* [Set Assignee](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#set-assignee)
@@ -212,11 +269,9 @@
Gerrit now includes a new user interface, referred to as "PolyGerrit", based on
[Polymer](https://www.polymer-project.org/).
-
The UI can be switched between PolyGerrit and GWT by clicking the "New UI" and
"Old UI" links in the site footer. Alternatively, the UI can be switched by
adding `?polygerrit=1` or `?polygerrit=0` to the URL.
-
Note that PolyGerrit is still under development. Most use cases are supported,
but there are still some missing features compared to the GWT UI.
@@ -225,378 +280,763 @@
* [Issue 4507](https://bugs.chromium.org/p/gerrit/issues/detail?id=4507):
Add support for elliptic curve/ed25519 SSH keys.
+### Creating Changes for Merged Commits
+
+Normally, changes can be reviewed only before they are being merged. This new
+feature allows for post-submit review of commits by creating a new merged
+change, by using the
+['merged' push option](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/user-upload.html#merged).
+
## Bugfixes
* [Issue 5234](https://bugs.chromium.org/p/gerrit/issues/detail?id=5234):
Fix SSH GSSAPI authentication.
-
* [Issue 5739](https://bugs.chromium.org/p/gerrit/issues/detail?id=5739):
Prevent `ref-update` hook from being invoked on every commit when pushing
multiple commits.
-
Instead of being invoked on every commit received, the `ref-update` hook
is now invoked before the ref update operation is finalized. Note that
the hook is no longer invoked on commits pushed for review or on changes
that are merged. It is invoked for creation/deletion of refs, and for
ref updates caused by direct pushes (i.e. bypassing review).
-
The previous behavior of the `ref-update` hook is moved into a new hook
named `commit-received`. A new parameter `--cmdref` is added, and the
special handling of `refs/for` and `refs/changes` is removed.
-
Sites using the `ref-update` hook should rename the hook file to
`commit-received`.
## Dependency Updates
* Update auto-value to 1.4
-
* Update Bouncy Castle to 1.56
-
* Update codemirror to 5.25.0
-
* Update commons-compress to 1.12
-
-* Update Guava to 21.0
-
+* Update Guava to 21.0 (updated to 22.0 in 2.14.6)
* Update Guice to 4.1.0
-
-* Update GWT to 2.8.0
-
+* Update GWT to 2.8.0 (updated to 2.8.2 in 2.14.6)
* Update gwtjsonrpc to 1.11
-
* Update gwtorm to 1.17
-
* Update JavaEWAH to 1.1.6
-
* Update JGit to 4.7.0.201704051617-r
-
* Update jsch to 0.1.54
-
* Update Lucene to 5.5.2
-
* Update mina to 2.0.16
-
* Update ow2-asm to 5.1
-
* Update prolog-cafe to 1.4.2
-
* Update SSHD to 1.4.0
-
## Bugfix Releases
+### 2.14.11
+
+* Fix display of "Delete Changes" permission in access screen on GWT UI.
+* Fix permission check when deleting a single branch with the "Delete Branches"
+REST endpoint.
+* Include cause in exception when failing to save config in the "Set Config"
+REST endpoint.
+* [Issue 9482](https://bugs.chromium.org/p/gerrit/issues/detail?id=9482):
+Fix staleness checker for URL-encoded project names.
+* [Issue 9153](https://bugs.chromium.org/p/gerrit/issues/detail?id=9153):
+Upgrade JGit to 4.7.2.201807261330-r.
+ This version includes several fixes including a fix for issue 9153 which
+ prevented querying for filenames with special characters, and fixes
+ related to cleaning up ref directories after running GC.
+ It also includes the fix
+ [Honor trustFolderStats also when reading packed-refs](https://git.eclipse.org/r/#/c/112015/).
+ Users should note that for repositories with a high number of references
+ (for example in excess of 300K refs) and in a server with high traffic,
+ this solution may not scale well and should be tested carefully.
+* Upgrade guice to 4.2.0.
+ Guice [version 4.2.0](https://github.com/google/guice/wiki/Guice42)
+ includes performance improvements.
+* Upgrade metrics-core to 4.0.3.
+* Upgrade elasticsearch-rest-client to 6.3.2.
+
+### 2.14.10
+
+* Allow to assign "Delete Own Changes" permission to "Change Owners".
+ It was only possible for a user to delete their own change if they were
+ a member of a group that was assigned the "Delete Own Changes" permission.
+ This was counter-intiuitive as it was necessary to either create a specific
+ group, or assign the permission to "Registered Users".
+ It is now possible to assign this permission to the "Change Owners"
+ virtual group.
+* [Issue 9354](https://bugs.chromium.org/p/gerrit/issues/detail?id=9354):
+Add "Delete Changes" permission.
+ It was only possible for a user to delete another user's change if they
+ were a member of a group that was assigned the "Administrate Server"
+ permission.
+ A new "Delete Changes" permission is added. This permission can be
+ assigned to a group, or to the "Project Owners" virtual group.
+* [Issue 9345](https://bugs.chromium.org/p/gerrit/issues/detail?id=9345):
+Fix creation of plugin log file when `log4j.configuration` is set
+ When the environment variable `log4j.configuration` is set, log files
+ defined by plugins were not created because the appender couldn't be
+ found.
+* Fix repeated `Change-Id` in error message when `Change-Id` line is not
+in the footer.
+* Add `ChangeReportFormatter` extension point for customizing the report output
+from `git push`.
+* [Issue 9373]:(https://bugs.chromium.org/p/gerrit/issues/detail?id=9373):
+Align Elasticsearch connection configuration with Elasticsearch REST client.
+ In 2.14.9 the JEST client was replaced with the native Elasticsearch REST
+ client, but several settings that were only used by JEST were not removed.
+ The following settings are now removed:
+ * `elasticsearch.requestCompression`
+ * `elasticsearch.connectionTimeout`
+ * `elasticsearch.maxConnectionIdleTime`
+ * `elasticsearch.maxReadTimeout`
+ * `elasticsearch.maxTotalConnection`
+ A new setting `elasticsearch.maxRetryTimeout` is added. If not configured,
+ it defaults to 30000 ms which is the default used by the REST client.
+* [Issue 9372](https://bugs.chromium.org/p/gerrit/issues/detail?id=9372):
+Simplify the configuration of Elasticsearch servers.
+ Instead of specifying each server in a separate `[elasticsearch "name"]`
+ section, with separate values `protocol`, `hostname`, and `port`, the
+ servers are now configured as a list of `server` values in the
+ `[elasticsearch]` section.
+ This also fixes [Issue 9383](https://bugs.chromium.org/p/gerrit/issues/detail?id=9383)
+ where a "default" server `http://localhost:9200` would be added by
+ the site initialization even if other servers were already explicitly
+ configured.
+ During startup the list of configured Elasticsearch servers is logged
+ at info level.
+* [Issue 9146](https://bugs.chromium.org/p/gerrit/issues/detail?id=9146) and
+[Issue 9147](https://bugs.chromium.org/p/gerrit/issues/detail?id=9147):
+Fix Elasticsearch queries for results with substrings in keywords.
+ Doing a query that involved the characters "." and "_" from full text fields
+ did not include results with keywords as a substring. This behavior was
+ different from Lucene, where these two characters are mapped to the space
+ character (" ") so that the query returns keywords separated by them.
+* Allow to omit the `elasticsearch.username` setting.
+ If `elasticsearch.password` is specified, the `username` can be omitted and
+ it will default to `elastic` which is the default username configured
+ when running Elasticsearch with security enabled.
+* Upgrade Elasticsearch REST client to 6.3.1.
+* Upgrade commons-io to 2.2.
+ This version is needed by the gitblit plugin.
+
+### 2.14.9
+
+* [Issue 6094](https://bugs.chromium.org/p/gerrit/issues/detail?id=6094)
+and [Issue 9112](https://bugs.chromium.org/p/gerrit/issues/detail?id=9112):
+Add support for Elasticsearch versions 5 and 6.
+ Support is added for Elasticsearch versions 5.6 (tested with versions 5.6.9
+ and 5.6.10), 6.2 (tested with version 6.2.4) and 6.3.0.
+ Version 2.4 is still supported (tested with version 2.4.6).
+ Instead of using the 'Jest' client to communicate with Elasticsearch, the
+ Elasticsearch low level API is now used.
+ Support for Elasticsearch is still considered experimental, and is not
+ recommended for production use.
+* Allow to replace the default H2 persistent cache with a custom implementation.
+ The default H2 persistent cache can be replaced by a module that implements
+ the `CacheImpl` interface.
+ An implementation is provided for postgresql.
+* [Issue 9245](https://bugs.chromium.org/p/gerrit/issues/detail?id=9245):
+Return the correct information in JSON response after moving a change.
+ When moving a change by the REST API, the JSON response contained the
+ branch name of the original destination rather than the new destination.
+* [Issue 8916](https://bugs.chromium.org/p/gerrit/issues/detail?id=8916):
+Improve performance of `ownerin:` predicate for internal groups.
+* Fix omission of 'branch' values when saving project config.
+ The 'branch' values were omitted when saving the config, resulting in them
+ being lost.
+* [Issue 9195](https://bugs.chromium.org/p/gerrit/issues/detail?id=9195):
+Strip comment lines out of commit message when creating change.
+ When a change was created from the UI (or via the 'Create Change' REST
+ API), and the commit message consisted of only a subject beginning with
+ a hash character (`#`), the change was created with a zero Change-Id.
+ This was beause lines beginning with `#` are considered to be comments,
+ and are stripped from the commit message by JGit before computing the
+ Change-Id for the commit.
+ Before attempting to create the change, Gerrit now strips out any comment
+ lines from the commit message and returns an error if this results in
+ the commit message being empty.
+* Fix internal server error when generating email sender name for
+non-existing account.
+* Sanitize values of `user.name` and `user.email` from `gerrit.config`.
+ The `user.name` and `user.email` settings were being read as-is, which
+ would allow them to be configured with values that may interfere with
+ standard email name/address parsing.
+* Fix the default text in the 'Password' field on the 'HTTP Password' screen.
+ The default text said "(click 'generate' to revoke an old password)" but the
+ label of the button is actually "Generate Password".
+* Add reporting of work queue related metrics.
+ Metrics are reported for core work queues. For work queues created by plugins,
+ metrics are not reported.
+* Fix double creation of SSH command execution queues.
+* Don't trim leading whitespace from about.md content.
+ Leading spaces were trimmed, resulting in preformatted code blocks not
+ being rendered properly.
+* Only abort online reindex if more than 50% of projects failed.
+ Reindexing would be aborted if a single project failed, for example if
+ the repository could not be opened.
+* Fix user permission checks in APIs when invoked via the GerritApi.
+ Actions were incorrectly being denied because the user validation
+ was comparing user object instances rather than the account ID that
+ they represented.
+* Various logging improvements.
+* Various documentation improvements.
+* Hooks plugin
+ * [Issue 9015](https://bugs.chromium.org/p/gerrit/issues/detail?id=9015):
+ Add a `submit` hook
+ The `submit` hook is invoked synchronously when a change is submitted. If
+ it returns a non-zero exit status, a `MergeValidationException` is thrown
+ and the submit is prevented.
+ This adds back the ability to block submit by a hook which was removed in
+ version 2.14 due to the reworking of the `ref-update` hook behavior.
+ * Fix repeated instantiation of the `ref-update` and `commit-received` hooks.
+ The hooks were not singletons, which caused new instances to be created
+ on every invocation.
+ * Wrap account ID in quotes when passing as hook argument.
+ * Improve logging to make it easier to track down hook execution problems.
+ When a hook exits with an error status (i.e. non-zero), or times out, an error
+ is now emitted to the log. Previously there was no log on timeout, and the exit
+ status was only logged at debug level.
+ The configured hooks path and resolved path for hook files is logged at info
+ level.
+ When a hook file does not exist, a message is logged at debug level.
+ * Improve documentation
+ * Expand and improve documentation related to debugging hooks.
+ * Restructure the hooks page to separate synchronous and asynchronous hooks, and
+ add a table of contents.
+
+### 2.14.8
+
+* Elasticsearch is now available for early adopters as a secondary index.
+ * The implementation is limited to version 2.4.x of Elasticsearch.
+ * See the list of [fixed issues](#elasticsearch) below for more details.
+* Expose plugin guice injectors in plugin test classes that derived from
+`LightweightPluginDaemonTest` base class.
+* [Issue 5181](https://bugs.chromium.org/p/gerrit/issues/detail?id=5181):
+Limit assignee suggestion to users that can see the change.
+* [Issue 8468](https://bugs.chromium.org/p/gerrit/issues/detail?id=8468):
+Allow plugin configuration to be inherited by merging with parent config.
+ When using the `ProjectLevelConfig.getWithInheritance` method, any config
+ values from the parent are overridden by those of the child. This is not
+ useful for plugins like the reviewers plugin where the child configuration
+ should be merged with the parent's.
+ To solve this, a new variant of the `getWithInheritance` method is added,
+ which merges the configs rather than overriding.
+* [Issue 8557](https://bugs.chromium.org/p/gerrit/issues/detail?id=8557):
+Fix gitweb documentation to clarify that `gitweb.type` must be set to `gitweb`.
+* [Issue 8558](https://bugs.chromium.org/p/gerrit/issues/detail?id=8558):
+Fix internal server error when detecting change kind of root commit.
+* [Issue 8715](https://bugs.chromium.org/p/gerrit/issues/detail?id=8715):
+Fix internal server error when invalid index name is given to the `index start`
+or `index activate` command.
+* [Issue 8731](https://bugs.chromium.org/p/gerrit/issues/detail?id=8731):
+Improve the wording in the revert notification email template.
+* [Issue 8589](https://bugs.chromium.org/p/gerrit/issues/detail?id=8589):
+Remove approval requirement search from basic search documentation.
+ Using approval requirements in basic search, for example `Code-Review=2`
+ without the explicit `label:` predicate can never work as expected because
+ the query is also considered as a comment search, which matches on all
+ changes that have received a vote on that label, regardless of the label
+ score.
+ The section about approval requirements is removed from the basic search
+ documentation to avoid confusion. It is also now recommended to use explicit
+ query predicates when predictable results are desired.
+* [Issue 8597](https://bugs.chromium.org/p/gerrit/issues/detail?id=8597):
+Clarify the behavior of `ownerin:` and `reviwerin:` queries.
+ When the ownerin: or reviewerin: predicate is used in a query without any
+ additional explicit index predicate, it will default to only include changes
+ in status 'OPEN'.
+* Fix internal server error when using the `query:` search with a non-existing
+named query.
+* Fix internal server error when group UUID cannot be resolved when getting audit log.
+* Display group UUID in group audit log if group name is missing.
+ The group name can be missing if there is no group backend that handles the
+ group. This can happen for example if a plugin that handled the group was
+ removed.
+* Allow graceful rolling restarts.
+ Add a new setting, `httpd.gracefulStopTimeout`, which allows to set a
+ maximum period of time for the daemon to preserve incoming connections,
+ before starting the graceful shutdown process.
+* Elasticsearch {#elasticsearch}
+ * [Issue 8523](https://bugs.chromium.org/p/gerrit/issues/detail?id=8523):
+ Fix configuration of elasticsearch during site initialization.
+ When the site was initialized with Elasticsearch as the secondary index,
+ the `elasticsearch.prefix` was not set, and Elasticsearch server-specific
+ settings were not correctly set under `elasticsearch.name.protocol`, etc.
+ * [Issue 8527](https://bugs.chromium.org/p/gerrit/issues/detail?id=8527):
+ Improve documentation of `index.maxLimit` for Elasticsearch.
+ When using Elasticsearch, `index.maxLimit` should not exceed the value
+ of `index.max_result_window` configured on the Elasticsearch server.
+ * [Issue 8553](https://bugs.chromium.org/p/gerrit/issues/detail?id=8553):
+ Fix reindexing of an already initialized site with Elasticsearch.
+ * [Issue 8690](https://bugs.chromium.org/p/gerrit/issues/detail?id=8690):
+ Allow to use the `index start` and `index activate` ssh commands with Elasticsearch.
+ * [Issue 8525](https://bugs.chromium.org/p/gerrit/issues/detail?id=8525):
+ Fix setting of changed lines in the change info.
+ * [Issue 8588](https://bugs.chromium.org/p/gerrit/issues/detail?id=8588):
+ Fix setting the star icon status in the change info.
+ * Change default Elasticsearch prefix to `gerrit_`.
+
+### 2.14.7
+
+* [Issue 7652](https://bugs.chromium.org/p/gerrit/issues/detail?id=7652):
+Avoid intermediate migration state for external IDs.
+ In the 2.14 series the accounts are not completely migrated to the git
+ backend and are written to both the git backend and database backend. This
+ results in risk of the backends getting out of sync.
+* Fix `account_patch_reviews` for mysql.
+ Creation of the `account_patch_reviews` table failed on mysql due to the
+ `file_name` column being too long.
+* [Issue 8053](https://bugs.chromium.org/p/gerrit/issues/detail?id=8053):
+Don't fire `ref-updated` event twice for new patch sets.
+* [Issue 8478](https://bugs.chromium.org/p/gerrit/issues/detail?id=8478):
+Fix "concurrent modification" exception when posting reviews.
+* [Issue 8279](https://bugs.chromium.org/p/gerrit/issues/detail?id=8279):
+Always check for `Change-Id` in subject line during commit validation:
+ A commit with an empty commit message except for a `Change-Id` line in
+ the subject was only rejected if "Require Change-Id" was enabled.
+* [Issue 8280](https://bugs.chromium.org/p/gerrit/issues/detail?id=8280):
+Fix validation of `Change-Id` line when creating changes from the UI:
+ When a change was created via the UI (or via the REST API), the `Change-Id`
+ footer line was not validated. This resulted in it being possible to
+ create a change with an invalid `Change-Id`.
+* [Issue 8284](https://bugs.chromium.org/p/gerrit/issues/detail?id=8284):
+Fix unnecessary addition of `Change-Id` to changes created from the UI:
+ When a change was created via the UI (or via the REST API), a `Change-Id`
+ line was added without first checking if one already existed.
+* [Issue 8299](https://bugs.chromium.org/p/gerrit/issues/detail?id=8299):
+Fix insertion of `Signed-off-by` line after existing footer lines in changes
+created from the UI.
+ When a change was created via the UI (or via the REST API) and the
+ commit message included a `Change-Id` line or any other footer line,
+ the `Signed-off-by` footer was appended to the end of the last footer
+ instead of on a new line.
+* [Issue 8390](https://bugs.chromium.org/p/gerrit/issues/detail?id=8390):
+Fix adding a group as reviewer when group name partially matches a username.
+* Prevent possible internal server error when creating new email.
+* Fix validation of email address when creating new email from a plugin.
+ When a plugin created a new email, the address was not validated.
+* Trim leading and trailing whitespace from email address when adding
+a new email address to an account.
+* Adjust `commit-msg` hook to awk behavior change on Cygwin/MSYS.
+ Awk has stopped automatically stripping `\r` on Windows since
+ version 4.2.0.
+* Improve hooks plugin documentation
+ Add documentation of how to enable debug logging, and how to reload
+ hooks configuration.
+* Print progress information from the `MigrateAccountPatchReviewDb`
+ program.
+* Honor `index.maxTerms` when using group predicate in queries.
+* [Issue 7827](https://bugs.chromium.org/p/gerrit/issues/detail?id=7827):
+Fix submit on push for same commit on multiple branches.
+* [Issue 8301](https://bugs.chromium.org/p/gerrit/issues/detail?id=8301):
+Fix reindexing of stale changes when a change or project is deleted.
+* [Issue 8319](https://bugs.chromium.org/p/gerrit/issues/detail?id=8319):
+Honor the `--threads` option in the offline `reindex` program.
+* [Issue 8381](https://bugs.chromium.org/p/gerrit/issues/detail?id=8381):
+Fix mergeability check during index for changes not visible to owner.
+ If a change becomes no longer visible to its owner, e.g. because the
+ user was removed from a group having exclusive visibility of the change's
+ project, reindexing the change would cause the `mergeable` field to
+ always be set to null in the index. As a result, the change was always
+ shown with "Merge Conflict" status in the change list.
+* [Issue 4889](https://bugs.chromium.org/p/gerrit/issues/detail?id=4889):
+Fix formatting of commit message when updating multiple submodule subscriptions.
+* Prevent concurrent login by disabling form submission.
+ If a user double-clicks when logging in for the first time, it
+ resulted in two accounts being created for the same user.
+* Fix internal server error in reviewer suggestion.
+* Fix registration redirect for new OpenID users.
+ The redirect link included an extra `#` token, which resulted in the
+ link redirecting to a 404 response.
+* Fix line breaks in error dialogs.
+* Fix display of timestamp in `show-connections` command output.
+ When the SSH backend is MINA, the `show-connections` command shows the
+ connection start time. For connections started more than 1 day ago, the
+ start time is supposed to be shown in the format `MMM-dd` but was instead
+ always shown in the format `HH:mm:ss` due to incorrect calculation of the
+ elapsed time.
+* Trim SSH commands' multi-line arguments for task name and SSH log.
+ Multi-line arguments in SSH commands are trimmed to make the the task name
+ and SSH log entries more readable.
+* Allow plugins to intercept creation of SSH commands.
+ By implementing the [SshCreateCommandInterceptor](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.7/dev-plugins.hmtl#ssh-command-interception)
+ interface, a plugin can intercept the creation of SSH commands and override them
+ with a custom implementation.
+* Replication plugin:
+ * Fix creation of missing repository.
+ When replicating to a destination where the repository does not exist,
+ updating the `HEAD` reference failed because the passed reference name was
+ not absolute.
+ * Add documentation of how to exclude repositories from replication.
+ * Fix logging of new project creation and project deletion.
+ The "created" and "deleted" logs were emitted even when the operation
+ failed.
+* Polygerrit UI:
+ * [Issue 6109](https://bugs.chromium.org/p/gerrit/issues/detail?id=6109):
+ Don't open "Your" menu items in a new tab.
+ * [Issue 8373](https://bugs.chromium.org/p/gerrit/issues/detail?id=8373):
+ Fix "Your" menu items when deployed with non-default base URL.
+* Upgrade metrics-core to 4.0.2
+* Upgrade jsinterop-annotations to 1.0.2
+ This is a transitive dependency of GWT and was missed in the previous
+ upgrade of GWT to 2.8.2
+
+### 2.14.6
+
+* [Issue 7562](https://bugs.chromium.org/p/gerrit/issues/detail?id=7562):
+Stop passing `--insecure` to `curl` in download-commands plugin.
+ Validating certs is an important feature of HTTPS that we should not
+ disable, especially when downloading code that is going to be trusted.
+* Disable `ban-commit` ssh command on slaves.
+ Gerrit slaves are supposed to be read-only, but the `ban-commit` command
+ creates a Git note and hence writes to the repository.
+* Fix error message when attempting to delete a branch without permission.
+ Branches can be deleted by a user having the "Push" permission with the
+ force flag set, or the "Delete Reference" permission. However, the error
+ message did not mention "Delete Reference", leading to users unnecessarily
+ requesting administrators to grant the force push permission.
+* Fix status transition when directly pushing an abandoned change.
+ If a change was abandoned, but then directly pushed to the branch, its
+ status was not changed from "Abandoned" to "Merged".
+* Keep old timestamps during data migration.
+ In some cases the "created on" field was updated to the time of the migration
+ when replacing the "Submitted" state with "New".
+* Don't compress live log file `error_log.json`.
+* Don't create GC log file when GC is not configured.
+* Specify new tip of the branch when updating submodules.
+ In Gerrit 2.12, whenever a submodule was updated the corresponding commit
+ in the superproject included the SHA-1 of the new tip of the branch.
+ Restore this behavior to avoid breaking clients that extract this
+ information from the superproject commit message.
+* Don't use account index to look up external IDs when authenticating with
+OAuth or OpenID.
+ The account index is not available on slaves, causing authentication
+ with OAuth and OpenID to fail.
+* [Issue 7647](https://bugs.chromium.org/p/gerrit/issues/detail?id=7647):
+Gracefully handle malformed GPG keys input.
+ Posting a malformed GPG resulted in an internal server error.
+* [Issue 7611](https://bugs.chromium.org/p/gerrit/issues/detail?id=7611):
+Stop the project cache clock and await termination of index executor threads
+on server shutdown.
+* [Issue 5386](https://bugs.chromium.org/p/gerrit/issues/detail?id=5386):
+Fix database connection leak in `suexec` command.
+* Evict idle database connections.
+ Database idle connections in the pool were not evicted which could
+ lead to connections to the database being exhausted.
+ Idle connections are now evicted after 60 seconds.
+* Enable CORS for plugin static files and documentation.
+* Always include `createdOn` in change attribute in events.
+ This allows for aggregating review-time if defined as the timespan
+ between when a change is created and when it is merged.
+* Allow to select and copy text in inline comment boxes.
+* [Issue 7739](https://bugs.chromium.org/p/gerrit/issues/detail?id=7739):
+Only enable the "Require Signed Push" project option for project owners.
+* Upgrade Polymer to version 1.11.0.
+ This version includes a fix for deprecation of HTMLImports in Chrome.
+* Upgrade GWT to version 2.8.2.
+ This version includes various fixes since 2.8.0.
+* Upgrade Guava to version 22.0.
+
+### 2.14.5.1
+* Fix regression introduced in 2.14.5
+ A regression was introduced when fixing the `set-reviewers` command to work
+ with change sha1s. The check for sha1 was done before the check for legacy
+ change number, so if a server had large enough change numbers they would be
+ erroneously interpreted as sha1 resulting in a "change not found" error.
+
+### 2.14.5
+**WARNING: the 2.14.5 release includes a regression. Use 2.14.5.1 instead.**
+* [Issue 7273](https://bugs.chromium.org/p/gerrit/issues/detail?id=7273):
+On account creation evict account from account cache.
+ When an account was created by ssh or REST API, its username and full name
+ were not available until the account cache was flushed (e.g. by restarting
+ the server).
+* [Issue 6885](https://bugs.chromium.org/p/gerrit/issues/detail?id=6885):
+Fix over-eager caching of pages.
+* [Issue 7098](https://bugs.chromium.org/p/gerrit/issues/detail?id=7098):
+Fix diff base gitweb link.
+* [Issue 5897](https://bugs.chromium.org/p/gerrit/issues/detail?id=5897):
+Fix false-positive warning on gitweb requests.
+* [Issue 6657](https://bugs.chromium.org/p/gerrit/issues/detail?id=6657):
+Prevent invalid query operator from invalidating user's web session.
+ If the user entered an invalid query like `has:starss`, the user's web
+ session was invalidated.
+* [Issue 7425](https://bugs.chromium.org/p/gerrit/issues/detail?id=7425):
+Add `sshd.waitTimeout` configuration to set `WAIT_FOR_SPACE_TIMEOUT`.
+ In sshd a new channel property,
+ [channel-output-wait-for-space-timeout](https://issues.apache.org/jira/browse/SSHD-565),
+ was introduced with a default value of 30 seconds.
+ This was not being set, causing any clone operations lasting longer
+ than 30 seconds to fail.
+ Administrators may now increase this value by setting
+ [`sshd.waitTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.5.1/config-gerrit.html#sshd.waitTimeout).
+* Increase the value of `GERRIT_FDS` when an LFS plugin is configured.
+ `GERRIT_FDS` was set to double of `core.packedGitOpenFiles`, which was
+ not sufficient to account for the file descriptors used by Git LFS.
+* [Issue 7357](https://bugs.chromium.org/p/gerrit/issues/detail?id=7357):
+Fix bad rounding of relative dates like '1 year, 12 months ago'.
+ The date should be rounded to '2 years ago'.
+* Fix parsing of permissions when expanding parameters.
+* Skip adding `_moreChanges` when change query result is empty.
+* Fix suppression of log file compression when exception occurs.
+ If any exception occurred, subsequent log compression was not done.
+* Fix scheduling of log file compression.
+ The initial delay for log file compression scheduling was not being
+ calculated correctly, leading to the task's initial run being much
+ later than expected.
+* Fix internal server error when reading changes.
+ When a change was not found, NullPointerException was thrown and this
+ caused the delete-project plugin to fail. Now, ChangeNotFoundException
+ is thrown.
+* Fix parsing of email replies with "gmail_default" as class name.
+ The email parser was rejecting all blocks with a class starting with 'gmail'.
+* Don't show weblinks for 'magic' files.
+ The magic files `/COMMIT_MSG` and `/MERGE_LIST` don't actually exist in the
+ git repository, so any links to them result in 404 on the viewer.
+* Add missing registration of `vote-deleted` event.
+ The missing registration was causing listeners to fail with 'Unknown event type'.
+* Allow to add reviewers to changes by commit sha1 using the `set-reviewers`
+ ssh command.
+* Hooks plugin: Protect against null object IDs in ref updates.
+* Polygerrit UI
+ * Fix avatars when using a URL prefix
+ * Fix redirection of URLs with context to GWT UI
+
+### 2.14.4
+
+* Fix performance issue when clearing reviewed flag for a patch set.
+ Change the order of fields in the primary key of the
+ JdbcAccountPatchReviewStore table, to allow usage of implicit indices when
+ querying rows, improving performance when clearing the reviewed flag for a
+ patch set.
+ Sites that have already upgraded from an earlier version to either 2.13
+ or 2.14 need to manually recreate the primary key as described in the
+ warning [above](#patch-review-primary-key).
+* [Issue 7086](https://bugs.chromium.org/p/gerrit/issues/detail?id=7086):
+Disallow invalid combination of `auth.type` and `auth.gitBasicAuthPolicy`.
+ Update the documentation of [`auth.type`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.4/config-gerrit.html#auth.type)
+ to clarify that the `HTTP_LDAP` and `CLIENT_SSL_CERT_LDAP` types only use
+ LDAP to gather basic information about the user, and not to actually perform
+ the authentication.
+ Also, add checks to make sure the combination of `auth.type` and
+ `auth.gitBasicAuthPolicy` is valid. If an invalid combination is used,
+ this could result in unintentionally disabling authentication, so raise
+ an error during startup.
+* [Issue 7188](https://bugs.chromium.org/p/gerrit/issues/detail?id=7188):
+Fix 'Cannot upgrade schema' during upgrade on Oracle database backend.
+* Fix internal server error when invoking the `stream-events` ssh command
+with the `--help` option.
+* Add support for creating annotated tags from the tags list in the GWT UI.
+ Although the REST API allows to create annotated tags, the UI only supported
+ creating lightweight tags.
+* Consistently use lower case when reading enumerations during initialization.
+ The list of supported options was converted to lower case, but the input
+ prompt did not do the same for the default value.
+
### 2.14.3
* [Issue 6853](https://bugs.chromium.org/p/gerrit/issues/detail?id=6853):
Only attempt to parse `polygerrit` URL parameter on `GET` requests.
-
Attempting to parse the `polygerrit` parameter on all requests caused
failures when sending a `POST` or `PUT` request to the REST API via `curl`.
-
* [Issue 6922](https://bugs.chromium.org/p/gerrit/issues/detail?id=6922):
Fix comparison against edit revision.
-
* [Issue 6745](https://bugs.chromium.org/p/gerrit/issues/detail?id=6745):
Emit an event to the event stream when a vote is removed from a change.
-
When a reviewer was removed from a change, an event was emited to the
event stream, but when only a vote was removed (leaving the reviewer
on the change), no event was emitted
-
* Add user who removed reviewer into event that is emitted when a
reviewer is removed from a change.
-
* Improve error message when failing to create the first user.
-
* Allow to run the server without specifying `gerrit.canonicalWebUrl`.
-
The only situation where the setting is mandatory is when using OAuth
authentication, because the OAuth provider needs to have a fixed callback
URL with a single hostname.
-
* Align group reference from plugin with core group reference.
-
* Fix `PluginConfig.setGroupReference` method.
-
When the group reference was a new one, i.e. not already in the groups
file, it was not added to the groups file when saving the project
config.
-
* Fix support for plugin group reference with inheritance.
-
Group reference was not working when inherited from parent project
config.
-
* Use `-S` instead of `-s` as alias for `--start` in list branches and tags
REST API endpoints.
-
Using an upper case `-S` makes the API consistent with the other list APIs
(changes, groups, projects). This is a breaking change for any clients
that use `-s`.
-
* Allow to configure pool connection settings for patch review store.
-
Previously the pool connection settings were hard-coded. In high
traffic servers this can cause a bottleneck as the transactions start
to be queued when the maximum number of connetions is reached.
-
In the [accountPatchReviewDb section](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.3/config-gerrit.html#accountPatchReviewDb)
of the `gerrit.config` file it is now possible to configure the
`url`, `poolLimit`, `poolMinIdle`, `poolMaxIdle`, and `poolMaxWait`
values.
-
* Polygerrit UI
-
* [Issue 6827](https://bugs.chromium.org/p/gerrit/issues/detail?id=6827):
Fix loading change screen with a slash following the patch set number.
-
* [Issue 6921](https://bugs.chromium.org/p/gerrit/issues/detail?id=6921):
Request all commits in the change detail.
-
* [Issue 5677](https://bugs.chromium.org/p/gerrit/issues/detail?id=5677):
Don't crash on empty diff selection.
-
* Add `:` to autocompleted predicates in search bar.
### 2.14.2
* [Issue 6472](https://bugs.chromium.org/p/gerrit/issues/detail?id=6472):
Fix online reindexing for plugin-dependent rules.
-
* [Issue 6473](https://bugs.chromium.org/p/gerrit/issues/detail?id=6473):
Fix display of columns in projects tables.
-
* [Issue 6099](https://bugs.chromium.org/p/gerrit/issues/detail?id=6099):
Set reflog message and identity when merging changes.
-
* [Issue 6591](https://bugs.chromium.org/p/gerrit/issues/detail?id=6591):
Fix deletion of branches when the `refs/heads/` prefix is omitted.
-
* [Issue 6605](https://bugs.chromium.org/p/gerrit/issues/detail?id=6605):
Fix searching for change by Change-Id triplet when project name matches Change-Id pattern.
-
For projects whose name matched the Change-Id pattern, i.e. named something
like `iabcde`, it was not possible to search for changes using the Change-Id
triplet `project~branch~changeId`.
-
* [Issue 3345](https://bugs.chromium.org/p/gerrit/issues/detail?id=3345):
Preserve line endings in inline editor.
-
* [Issue 6508](https://bugs.chromium.org/p/gerrit/issues/detail?id=6508):
Hooks plugin: Fix hook configuration names to match documentation
-
Most hooks in the documentation are named with "Hook" suffix, but
in the code the "Hook" suffix was omitted. This prevented the hook
from being found when the administrator configured it with the
documented name.
-
* [Issue 6609](https://bugs.chromium.org/p/gerrit/issues/detail?id=6609):
Add "indent with tabs" configuration option in inline editor.
-
* [Issue 6544](https://bugs.chromium.org/p/gerrit/issues/detail?id=6544):
Allow project owners to update project configuration.
-
* [Issue 6527](https://bugs.chromium.org/p/gerrit/issues/detail?id=6527):
Use quoted-printable for SMTP transfer encoding.
-
* [Issue 6205](https://bugs.chromium.org/p/gerrit/issues/detail?id=6205):
Fix internal server error on `/register` with URL prefix.
-
* Fix line wrapping in inline editor.
-
The line wrapping preference was respected for the diff screens, but not
for the inline editor.
-
* Don't index missing accounts.
-
* Disable auto-reindexing if stale during offline Reindex.
-
* Fix title of revision field for creating new tag in the UI.
-
* Suggest `self` before other users in search operator suggestions.
-
For query operators that expect a user, the suggestion included other
users whose name begins with "sel" before "self". Since "self" is
more frequently used, it should be suggested first.
-
* Load external IDs from primary storage (ReviewDb).
-
On sign in we can't access the account index to lookup external IDs
since Gerrit slaves don't have an account index, but Gerrit slaves must
be able to sign in. Instead load the external ID from the primary
storage which is ReviewDb in 2.14.
-
* Extend `shortSubject` field to 72 characters in soy email template.
-
* Align lib modules load injector on Jetty and external containers.
-
Align the startup of Gerrit with a standalone Jetty container to the
WebAppInitializer and load the user-provided Guice modules in the
sysInjector instead of the DbInjector.
-
This Allows overriding some of the default bindings of Gerrit
(e.g. repository manager or permissions backend) with custom-made
alternate implementations.
-
* Fix cyclic dependency when using `site_path` from `system_config` table.
-
The starting mode where `site_path` is not specified (as a system property)
and Gerrit first connects to the database using the ReviewDb JNDI property
from the servlet container was broken since version 2.13 due to a cyclic
dependency in Guice bindings.
-
* Add missing `throws` declarations on `NotImplemented` classes in the
extension API.
-
The `throws` were removed as a cleanup in Gerrit 2.14, but this prevenented
classes that extend `NotImplemented` from throwing the exceptions.
-
* Add support for tag web links.
-
* Reindex accounts after updating external Ids in `LocalUsernamesToLowerCase`
program.
-
* Disallow using both `m` and `r` options together in branch and tag
list filters.
-
* Recognize all parts marked with `multipart/` in inbound emails.
-
Inbound emails would not be parsed when the message was signed and
therefore wrapped in a `multipart/signed` part.
-
* Replication plugin: Fix race condition when scheduling a replication
-
* Replication plugin: Use rescheduleDelay instead of replicationDelay when
rescheduling.
-
* PolyGerrit UI
-
* Add syntax highlighting for kotlin, php, shell, erlang, and puppet.
-
* [Issue 6557](https://bugs.chromium.org/p/gerrit/issues/detail?id=6557):
Enable multiline range comments in Firefox.
-
* [Issue 6062](https://bugs.chromium.org/p/gerrit/issues/detail?id=6062):
Fix register links to use base URL.
-
* [Issue 6693](https://bugs.chromium.org/p/gerrit/issues/detail?id=6693):
Fix back button behavior for hash redirects.
### 2.14.1
* Add support for Git LFS locking.
-
Plugins implementing LFS may now include support for
[locking](https://github.com/git-lfs/git-lfs/blob/master/docs/api/locking.md).
-
* Upgrade JGit to 4.7.1.201706071930-r.
-
This includes a fix to make auto GC run in the background.
-
In some cases, the auto GC limit is lower than the true number of
unreachable loose objects, so auto GC will run after every (e.g) fetch
operation. This leads to the appearance of poor fetch performance.
Since these GCs will never make progress (until either the objects
become referenced, or the two week timeout expires), blocking on them
simply reduces throughput.
-
* Allow multiple Servlet filters on Jetty HTTPD.
-
It is now possible to specify multiple values for
[`httpd.filterClass`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.1/config-gerrit.html#httpd.filterClass).
-
* Allow to set Jetty HTTPD socket timeout.
-
A new setting [`httpd.idleTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.1/config-gerrit.html#httpd.idleTimeout)
makes the Jetty HTTPD socket timeout configurable so to tailor the socket
and thread consumption to the needs of setups with different latencies and
bandwidth.
-
* Add a `group indexed` extension point.
-
Similar to the existing `change indexed` and `account indexed `extension points,
this allows plugins to be notified when a group has been indexed.
-
* Extend upload validation interface to allow listening to negotiation start.
-
This can be used to check rate limits for fetch requests. Rate limits
should be checked before git transport negotation starts to avoid
unnecessary work in case the limit is already reached.
-
* Fix support for ECDSA and ED25519 SSH keys.
-
ECDSA and ED25519 SSH host keys were not generated during site initialization
and were not loaded if they existed.
-
* Fix initialization failure when removing old Bouncy Castle library fails.
-
During initialization, old Bouncy Castle libraries are renamed with a `.backup`
suffix, but if the destination file already existed the initialization would
fail with a fatal error. Now a warning is printed and the initialization
continues.
-
* [Issue 6278](https://bugs.chromium.org/p/gerrit/issues/detail?id=6278):
Fix internal server error when cloning from slave over HTTP.
-
* Fix firing change related events for deleted change.
-
* [Issue 5393](https://bugs.chromium.org/p/gerrit/issues/detail?id=5393):
Improve the performance of reviewer suggestion.
-
* [Issue 6173](https://bugs.chromium.org/p/gerrit/issues/detail?id=6173):
Fix setting
[`sshd.idleTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.1/config-gerrit.html#sshd.idleTimeout)
for nio2 backend.
-
The idle timeout was not properly set for the nio2 backend, so connections
would always time out with the default value (10 minutes).
-
* Improve error message when publishing an already published change edit.
-
* Fix ref visibility checks in dashboards.
-
* Replication plugin: Fix replication retries when `maxRetries` is set to 0.
-
* Fix autocomplete for Firefox on LDAP login screen.
-
* Add support for mariadb in AccountPatchReviewStore.
-
* Fix notifications for comments on draft patch sets.
-
* Fix internal server error when deleting current patch set and previous patch
set doesn't exist.
-
* [Issue 6176](https://bugs.chromium.org/p/gerrit/issues/detail?id=6176):
Fix internal server error when old patch set is not found.
-
* Always use SSL implicitly for POP3 and IMAP.
-
If `receiveemail.encryption` is set to TLS/SSL, we always want to use the
implicit mode to execute the TLS/SSL command right after establishing
the conection with the mail server. Strict mail servers like Gmail would
close the connection prematurely otherwise.
-
* Allow plugins to non-transitively depend on prolog rules.
-
* [Issue 6367](https://bugs.chromium.org/p/gerrit/issues/detail?id=6367):
Allow to set blocking label range rules in permission rule editor.
-
* PolyGerrit UI
-
* [Issue 6096](https://bugs.chromium.org/p/gerrit/issues/detail?id=6096):
Add an "up" button to the diff screen.
-
* [Issue 6041](https://bugs.chromium.org/p/gerrit/issues/detail?id=6041):
Display `/MERGE_LIST` and `/COMMIT_MESSAGE` as `Merge List` and
`Commit Message`.
-
* [Issue 6080](https://bugs.chromium.org/p/gerrit/issues/detail?id=6080):
Allow editing status when full name is not editable.
-
* [Issue 6166](https://bugs.chromium.org/p/gerrit/issues/detail?id=6166):
Fix loading favicon on a prefixed URL.
-
* Make sure 'Merge Conflict' displays on change view.
-
* Use a default name for accounts that do not have a display name.
diff --git a/pages/site/releases/2.15.md b/pages/site/releases/2.15.md
index eb6d208..8f57d8a 100644
--- a/pages/site/releases/2.15.md
+++ b/pages/site/releases/2.15.md
@@ -6,11 +6,13 @@
toc: true
---
-Download: **[2.15.2](https://www.gerrit-releases.storage.googleapis.com/gerrit-2.15.2.war)**
+Download: **[2.15.3](https://www.gerrit-releases.storage.googleapis.com/gerrit-2.15.3.war)**
+| [2.15.2](https://www.gerrit-releases.storage.googleapis.com/gerrit-2.15.2.war)
| [2.15.1](https://www.gerrit-releases.storage.googleapis.com/gerrit-2.15.1.war)
| [2.15](https://www.gerrit-releases.storage.googleapis.com/gerrit-2.15.war)
-Documentation: **[2.15.2](https://gerrit-documentation.storage.googleapis.com/Documentation/2.15.2/index.html)**
+Documentation: **[2.15.3](https://gerrit-documentation.storage.googleapis.com/Documentation/2.15.3/index.html)**
+| [2.15.2](https://gerrit-documentation.storage.googleapis.com/Documentation/2.15.2/index.html)
| [2.15.1](https://gerrit-documentation.storage.googleapis.com/Documentation/2.15.1/index.html)
| [2.15](https://gerrit-documentation.storage.googleapis.com/Documentation/2.15/index.html)
@@ -88,7 +90,7 @@
Starting in the 2.14.x bugfix series, all release JARs and documentations are
signed by the [Gerrit
-maintainers](https://www.gerritcodereview.com/releases/public-keys.md). This
+maintainers](public-keys.md). This
policy will continue for all future releases.
### New URL Scheme
@@ -160,7 +162,7 @@
invalid for the change.
Following [feedback on the 2.15 release](https://groups.google.com/forum/?hl=en#!topic/repo-discuss/nMZo3HMgJSY)
-a new configuration option `change.strictLabels` was introduced in [2.15.2](#2.15.2)
+a new configuration option `change.strictLabels` was introduced in [2.15.2](#2152)
to allow the new strict functionality to be optionally enabled. By default it is
disabled to maintain backwards compatibility with previous release.
@@ -381,91 +383,119 @@
* Update Soy to 2017-04-23
-## Bugfix Releases
-
-### 2.15.3 *(in development)*
+### 2.15.3
* [Issue 8915](https://bugs.chromium.org/p/gerrit/issues/detail?id=8915):
Fix file handle leak when running GC.
-
Upgrade JGit to 4.9.2.201712150930-r.15-g5fe8e31d4 which includes a
[fix](https://git.eclipse.org/r/124285) to prevent the file handle
leak.
-
+* [Issue 8866](https://bugs.chromium.org/p/gerrit/issues/detail?id=8866):
+Add project and account settings to create new changes as WIP by default.
* [Issue 6094](https://bugs.chromium.org/p/gerrit/issues/detail?id=6094)
and [Issue 9112](https://bugs.chromium.org/p/gerrit/issues/detail?id=9112):
Add support for Elasticsearch versions 5 and 6.
-
Support is added for Elasticsearch versions 5.6 (tested with versions 5.6.9
- and 5.6.10), 6.2 (tested with version 6.2.4) and 6.3.0.
-
+ and 5.6.10), 6.2 (tested with version 6.2.4) and 6.3.1.
Version 2.4 is still supported (tested with version 2.4.6).
-
Instead of using the 'Jest' client to communicate with Elasticsearch, the
Elasticsearch low level API is now used.
-
Support for Elasticsearch is still considered experimental, and is not
recommended for production use.
-
+* [Issue 9372](https://bugs.chromium.org/p/gerrit/issues/detail?id=9372):
+Simplify the configuration of Elasticsearch servers.
+ Instead of specifying each server in a separate `[elasticsearch "name"]`
+ section, with separate values `protocol`, `hostname`, and `port`, the
+ servers are now configured as a list of `server` values in the
+ `[elasticsearch]` section.
+ This also fixes [Issue 9383](https://bugs.chromium.org/p/gerrit/issues/detail?id=9383)
+ where a "default" server `http://localhost:9200` would be added by
+ the site initialization even if other servers were already explicitly
+ configured.
+ During startup the list of configured Elasticsearch servers is logged
+ at info level.
+* [Issue 9146](https://bugs.chromium.org/p/gerrit/issues/detail?id=9146) and
+[Issue 9147](https://bugs.chromium.org/p/gerrit/issues/detail?id=9147):
+Fix Elasticsearch queries for results with substrings in keywords.
+ Doing a query that involved the characters "." and "_" from full text fields
+ did not include results with keywords as a substring. This behavior was
+ different from Lucene, where these two characters are mapped to the space
+ character (" ") so that the query returns keywords separated by them.
+* Allow to omit the `elasticsearch.username` setting.
+ If `elasticsearch.password` is specified, the `username` can be omitted and
+ it will default to `elastic` which is the default username configured
+ when running Elasticsearch with security enabled.
+* Allow to assign "Delete Own Changes" permission to "Change Owners".
+ It was only possible for a user to delete their own change if they were
+ a member of a group that was assigned the "Delete Own Changes" permission.
+ This was counter-intiuitive as it was necessary to either create a specific
+ group, or assign the permission to "Registered Users".
+ It is now possible to assign this permission to the "Change Owners"
+ virtual group.
+* [Issue 9354](https://bugs.chromium.org/p/gerrit/issues/detail?id=9354):
+Add "Delete Changes" permission.
+ It was only possible for a user to delete another user's change if they
+ were a member of a group that was assigned the "Administrate Server"
+ permission.
+ A new "Delete Changes" permission is added. This permission can be
+ assigned to a group, or to the "Project Owners" virtual group.
+* [Issue 9345](https://bugs.chromium.org/p/gerrit/issues/detail?id=9345):
+Fix creation of plugin log file when `log4j.configuration` is set
+ When the environment variable `log4j.configuration` is set, log files
+ defined by plugins were not created because the appender couldn't be
+ found.
+* Fix repeated `Change-Id` in error message when `Change-Id` line is not
+in the footer.
* [Issue 9245](https://bugs.chromium.org/p/gerrit/issues/detail?id=9245):
Return the correct information in JSON response after moving a change.
-
When moving a change by the REST API, the JSON response contained the
branch name of the original destination rather than the new destination.
-
* Fix internal error when moving a change to a branch that does not have a label.
-
If a change had a score on a label that was only configured on the
original branch, moving to a destination branch that did not have the
label caused an internal error.
-
* Fix internal error when moving a change without specifying the destination.
-
Omitting the destination branch in the input caused an internal error.
-
* Fix internal error when deleting a comment without providing input.
-
The input is optional on the [Delete Comment](https://gerrit-documentation.storage.googleapis.com/Documentation/2.15/rest-api-changes.html#delete-comment)
REST endpoint, but calling it without input resulted in an internal error.
-
* Fix internal error when rebuilding Note DB and a change is missing from Review DB.
-
* Fix omission of 'branch' values when saving project config.
-
The 'branch' values were omitted when saving the config, resulting in them
being lost.
-
* [Issue 9195](https://bugs.chromium.org/p/gerrit/issues/detail?id=9195):
Strip comment lines out of commit message when creating change.
-
When a change was created from the UI (or via the 'Create Change' REST
API), and the commit message consisted of only a subject beginning with
a hash character (`#`), the change was created with a zero Change-Id.
-
This was because lines beginning with `#` are considered to be comments,
and are stripped from the commit message by JGit before computing the
Change-Id for the commit.
-
Before attempting to create the change, Gerrit now strips out any comment
lines from the commit message and returns an error if this results in
the commit message being empty.
-
+* [Issue 9389](https://bugs.chromium.org/p/gerrit/issues/detail?id=9389):
+Fix support for syntax highlighting of Clojure source files in the Polygerrit UI.
+* [Issue 5316](https://bugs.chromium.org/p/gerrit/issues/detail?id=5316):
+Fix incorrect relative URL paths in Gitiles links in the Polygerrit UI.
* Fix internal server error when generating email sender name for
non-existing account.
-
+* Add `--generate-http-password` option to the ssh `set-account` command.
+ To bring the ssh command more in-line with the REST API for a user, it
+ is now possible to generate a new HTTP password.
+ This allows ordinary users to generate a new HTTP password via ssh when
+ they cannot log in to the web UI (e.g. due to being a service account).
+ Access to the `set-account` command is also relaxed; normal users may
+ use it to set a new password on their own account.
* Sanitize values of `user.name` and `user.email` from `gerrit.config`.
-
The `user.name` and `user.email` settings were being read as-is, which
would allow them to be configured with values that may interfere with
standard email name/address parsing.
-
-* Fix the default text in the 'Password' field on the 'HTTP Password' screen.
-
+* Fix the default text in the 'Password' field on the 'HTTP Password' screen
+in the GWT UI.
The default text said "(click 'generate' to revoke an old password)" but the
label of the button is actually "Generate Password".
-
* Add reporting of work queue related metrics.
-
Metrics are reported for core work queues. For work queues created by plugins,
metrics are not reported.
@@ -473,247 +503,163 @@
* [Issue 8861](https://bugs.chromium.org/p/gerrit/issues/detail?id=8861):
Fix generation of change numbers to prevent duplicates.
-
When migration to NoteDb was aborted, and then started again later,
generated change numbers overlapped with change numbers created in
ReviewDb in the meantime.
-
* [Issue 8931](https://bugs.chromium.org/p/gerrit/issues/detail?id=8931):
Pass the project name to 'change indexed' event listeners.
-
When NoteDb is enabled, the change information is stored in the project's
git repository. Without the project name, plugins were not able to retrieve
the change information.
-
* [Issue 8742](https://bugs.chromium.org/p/gerrit/issues/detail?id=8742):
Fix infinite loop in intraline diff loader.
-
A regression introduced in 2.15.1 caused excessive CPU usage when loading
intraline diffs.
-
* [Issue 8697](https://bugs.chromium.org/p/gerrit/issues/detail?id=8697):
Restore the ability to ignore invalid review labels.
-
In 2.15 the `strict_labels` attribute was removed from the review input
entity, and Gerrit no longer silently ignores invalid label scores. This
caused breakage in CI systems that submit reviews post-merge and don't
have different configurations for if the change is already merged or not.
For example the Gerrit Trigger Plugin was broken, as
[discussed on the Gerrit mailing list](https://groups.google.com/forum/?hl=en#!topic/repo-discuss/nMZo3HMgJSY).
-
A new configuration [`change.strictLabels`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.15.2/config-gerrit.html#change.strict_labels)
is introduced. When enabled, Gerrit will reject invalid labels, otherwise
will silently ignore them. By default it is disabled, for backwards
compatibility with previous releases.
-
* [Issue 8728](https://bugs.chromium.org/p/gerrit/issues/detail?id=8728):
Allow percent encoding in patch set titles.
-
* [Issue 8850](https://bugs.chromium.org/p/gerrit/issues/detail?id=8850):
Fix `reviewerin:` search results when user is added as CC.
-
The `reviewerin:` search should only return users that were added as a
reviewer, but was also including users that were added as CC.
-
* [Issue 8817](https://bugs.chromium.org/p/gerrit/issues/detail?id=8817):
Fix internal server error when listing projects and a repository is not available.
-
The new permission backend was throwing an error when a repository could
not be found. Now it is simply omitted from the project list.
-
* [Issue 8643](https://bugs.chromium.org/p/gerrit/issues/detail?id=8643):
Properly display the status of "Work in Progress" changes.
-
When a change was submittable (i.e. had all the necessary labels) but
was still in the "Work in Progress" state, its status was displayed as
"Merge Conflict" in the change list and the change screen in the GWT UI.
-
* [Issue 8936](https://bugs.chromium.org/p/gerrit/issues/detail?id=8936):
Add missing 'Hashtags' label on the change screen in the GWT UI.
-
* [Issue 8916](https://bugs.chromium.org/p/gerrit/issues/detail?id=8916):
Allow ownerin predicate to be evaluated by the index.
-
* Fix double creation of SSH command execution queues.
-
* Fix timestamp for submodule updates.
-
When a submodule was updated by subscription, the same commit timestamp
was always used due to the server identity being cached.
-
* Allow to include username in servlet response header.
-
By setting `http.addUserAsResponseHeader`, the servlet response includes
a 'User' header that contains the name of the logged in user, enabling
reverse proxies to log the name of the user that issued the http request.
-
* Fix user permission checks in APIs when invoked via the GerritApi.
-
Actions were incorrectly being denied because the user validation
was comparing user object instances rather than the account ID that
they represented.
-
* Allow to replace the default H2 persistent cache with a custom implementation.
-
The default H2 persistent cache can be replaced by a module that implements
the `CacheImpl` interface.
-
An implementation is provided for postgresql.
-
* Various logging improvements.
-
* Hooks plugin
-
* [Issue 9015](https://bugs.chromium.org/p/gerrit/issues/detail?id=9015):
Add a `submit` hook
-
The `submit` hook is invoked synchronously when a change is submitted. If
it returns a non-zero exit status, a `MergeValidationException` is thrown
and the submit is prevented.
-
This adds back the ability to block submit by a hook which was removed in
version 2.14 due to the reworking of the `ref-update` hook behavior.
-
* Fix repeated instantiation of the `ref-update` and `commit-received` hooks.
-
The hooks were not singletons, which caused new instances to be created
on every invocation.
-
* Wrap account ID in quotes when passing as hook argument.
-
* Improve logging to make it easier to track down hook execution problems.
-
When a hook exits with an error status (i.e. non-zero), or times out, an error
is now emitted to the log. Previously there was no log on timeout, and the exit
status was only logged at debug level.
-
The configured hooks path and resolved path for hook files is logged at info
level.
-
When a hook file does not exist, a message is logged at debug level.
-
* Improve documentation
-
* Expand and improve documentation related to debugging hooks.
-
* Restructure the hooks page to separate synchronous and asynchronous hooks, and
add a table of contents.
-
* Polygerrit fixes:
-
* [Issue 8655](https://bugs.chromium.org/p/gerrit/issues/detail?id=8655):
Clear suggestions on autocomplete input change.
-
* [Issue 8237](https://bugs.chromium.org/p/gerrit/issues/detail?id=8237):
Link account chips to owner search rather than user dashboard.
-
* [Issue 8375](https://bugs.chromium.org/p/gerrit/issues/detail?id=8375):
Add reset button to my menu in settings.
-
* [Issue 7815](https://bugs.chromium.org/p/gerrit/issues/detail?id=7815):
Don't curse over files with up/down keys.
-
* [Issue 8722](https://bugs.chromium.org/p/gerrit/issues/detail?id=8722):
Limit assignee suggestion to users that can see the change.
-
This was fixed for the GWT UI in [2.15.1](#2.15.1).
-
* [Issue 8940](https://bugs.chromium.org/p/gerrit/issues/detail?id=8940):
Fix loading change edit on change screen.
-
* [Issue 4552](https://bugs.chromium.org/p/gerrit/issues/detail?id=4552):
Allow some sections of the change list to overflow
-
* Add a link to group page in groups section of settings.
-
* Make sure plugins are not double counted.
-
* Elasticsearch fixes
-
* [Issue 8523](https://bugs.chromium.org/p/gerrit/issues/detail?id=8523):
Fix configuration of elasticsearch during site initialization.
-
When the site was initialized with Elasticsearch as the secondary index,
the `elasticsearch.prefix` was not set, and Elasticsearch server-specific
settings were not correctly set under `elasticsearch.name.protocol`, etc.
-
* [Issue 8527](https://bugs.chromium.org/p/gerrit/issues/detail?id=8527):
- Improve documentation of `index.maxLimit` for Elasticsearch.
-
+Improve documentation of `index.maxLimit` for Elasticsearch.
When using Elasticsearch, `index.maxLimit` should not exceed the value
of `index.max_result_window` configured on the Elasticsearch server.
-
* [Issue 8553](https://bugs.chromium.org/p/gerrit/issues/detail?id=8553):
Fix reindexing of an already initialized site with Elasticsearch.
-
* [Issue 8690](https://bugs.chromium.org/p/gerrit/issues/detail?id=8690):
Allow to use the `index start` and `index activate` ssh commands with Elasticsearch.
-
* [Issue 8525](https://bugs.chromium.org/p/gerrit/issues/detail?id=8525):
Fix setting of changed lines in the change info.
-
* [Issue 8588](https://bugs.chromium.org/p/gerrit/issues/detail?id=8588):
Fix setting the star icon status in the change info.
-
* [Issue 8806](https://bugs.chromium.org/p/gerrit/issues/detail?id=8806):
Fix online reindex to new index version.
-
* Change default Elasticsearch prefix to `gerrit_`.
### 2.15.1
-
* [Issue 8677](https://bugs.chromium.org/p/gerrit/issues/detail?id=8677):
Fix internal error when sending raw input to PUT and POST REST endpoints. In
particular, this caused errors when using the plugin manager to update or
install plugins.
-
* [Issue 5181](https://bugs.chromium.org/p/gerrit/issues/detail?id=5181):
Limit assignee suggestion to users that can see the change.
-
* [Issue 6112](https://bugs.chromium.org/p/gerrit/issues/detail?id=6112):
Add support for "Included In" in the polygerrit change screen.
-
* [Issue 6583](https://bugs.chromium.org/p/gerrit/issues/detail?id=6583):
Fix false negatives for edits due to rebase.
-
* [Issue 8574](https://bugs.chromium.org/p/gerrit/issues/detail?id=8574):
Fix refesh of polygerrit change list with "Shift + R".
-
* [Issue 8703](https://bugs.chromium.org/p/gerrit/issues/detail?id=8703):
Fix false warning in server log when creating a new project.
-
* [Issue 8252](https://bugs.chromium.org/p/gerrit/issues/detail?id=8252):
Improve error message in polygerrit when adding a group member to a group that
does not exist or is not viewable for the current user.
-
* Allow admins to toggle the WIP flag on all changes.
-
* Fix internal server error when group UUID cannot be resolved when getting audit log.
-
* Display group UUID in group audit log if group name is missing.
-
The group name can be missing if there is no group backend that handles the
group. This can happen for example if a plugin that handled the group was
removed.
-
* Fix removal of email/password on external ID update.
-
* Replication plugin:
-
* Fix creation of missing repository.
-
When replicating to a destination where the repository does not exist,
updating the `HEAD` reference failed because the passed reference name was
not absolute.
-
* Add documentation of how to exclude repositories from replication.
-
* Fix logging of new project creation and project deletion.
-
The "created" and "deleted" logs were emitted even when the operation
failed.
-
* Allow graceful rolling restarts
-
Set a graceful stop timeout for allowing Jetty to wait for incoming requests
to be completed before shutting down its sockets.