releases/2.14.md

# Gerrit 2.14

Download: **[2.14.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.1.war)**
| [2.14](https://gerrit-releases.storage.googleapis.com/gerrit-2.14.war)

Documentation: **[2.14.1](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14.1/index.html)**
| [2.14](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/index.html)

[TOC]

## Release Highlights

* Changes can be assigned to specific users
* Open and Abandoned changes can be deleted
* HTML emails and new templating framework
* Support for receiving review comments by email
* New [Polymer](https://www.polymer-project.org/) based user interface
* Support for elliptic curve/ed25519 SSH keys
* Secondary index with Elastic Search (experimental)

## Important Notes

### Schema Changes

This release contains schema changes. To upgrade:

``` sh
  java -jar gerrit.war init -d site_path
```

### Java 8

Gerrit now requires Java Runtime Environment (JRE) version 8. It is no longer
possible to run Gerrit on JRE 7.

### Bouncy Castle Libraries

The [Bouncy Castle Crypto API libraries](https://www.bouncycastle.org/) are now
distributed in the Gerrit `.war` file rather than being downloaded during site
initialization. When upgrading from a previous version of Gerrit, previously
downloaded Bouncy Castle `.jar` files remaining in the site's `/lib` folder will
be disabled by appending `.disabled` to the file name.

### HTTP Digest Authentication Removed

Support for HTTP Digest Authentiation is removed.

With the move to NoteDB, the per-account data (including the HTTP password) will
be stored in a branch in the `All-Users` repo, where it is subject to Gerrit ACLs.
Since these are notoriously hard to setup correctly, we want to avoid storing the
password in plaintext.

Existing passwords will be migrated to a hashed password during site initialization
when upgrading from an earlier version of Gerrit.

### Evaluation of BLOCK permission rules has changed

An exclusive ALLOW permission now has priority over a BLOCK permission when
both permissions are defined on the same project.

This means an exclusive ALLOW rule now overrules BLOCK rules on the same
project.

BLOCK rules still cannot be overruled by child projects.

This change makes it possible to allow a permission for a specific ref and to
block the same permission for all other refs. For example, it is now possible to
allow all users to push changes for review, but to block all direct pushes:

---
  [access "refs/*"]
    push = block group Anonymous Users
  [access "refs/for/*"]
    exclusiveGroupPermissions = push
    push = group Registered Users
---

### Deprecation of Velocity Email Templates

This release deprecates the use of Velocity mail templates. In a future release
support will be removed and it will be necessary to upgrade custom mail templates
to Soy files.

### Tag Permissions

The permissions "Push Annotated Tag" and "Push Signed Tag" are renamed to
"Create Annotated Tag" and "Create Signed Tag". Existing project configurations
using the old permission names will be migrated during site initialization.

### Behavior change in ref-update hook

Instead of being invoked on every commit received, the `ref-update` hook is now
invoked before the ref update operation is finalized. The previous behavior of
the `ref-update` hook is moved into a new hook named `commit-received`.

Sites using the `ref-update` hook should rename the hook file to `commit-received`.

## New Features

### Change Assignee

Changes may be assigned to a specific user. This allows a workflow where the
user that is assigned to a change is responsible for reviewing the change and/or
passing the assignment on to another user.

In the UI, changes assigned to the currently logged in user are highlighted.

A new `assignee:` search predicate allows to find changes assigned to a given
user.

### Delete Changes

* [Issue 4509](https://bugs.chromium.org/p/gerrit/issues/detail?id=4509):
Open and Abandoned changes can be deleted by administrators and by users who have
the
[Delete Own Changes](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/access-control.html#category_delete_own_changes)
permission.

### Emails

#### HTML Emails

Gerrit email messages are made easier to read by sending HTML content parts in
addition to the existing text email content. This is enabled by default, and
can be disabled by setting
[`sendemail.html`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/config-gerrit.html#sendemail.html)
to `false`.

Users can opt to always receive plaintext emails by setting the
[Email Format preference](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/intro-user.html#email-format).

#### Closure Templates

Mail templates can now be written using
[Closure Templates (Soy)](https://developers.google.com/closure/templates/). Mail
templates written in Velocity (VTL) are deprecated but still supported. Support
for VTL will be dropped in the next release.

#### Review Comments by Email

Gerrit now supports
[receiving review comments by email](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/intro-user.html#reply-by-email).

### Secondary Index with Elastic Search

It is possible to enable Elastic Search as a secondary index by setting
[`index.type`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/config-gerrit.html#index.type)
to `ELASTICSEARCH` and configuring the
[Elastic Search specific configuration parameters](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/config-gerrit.html#elasticsearch).

Note that the Elastic Search implementation is still considered experimental
and it is not advised to use it for production systems.

### User Interface

* Tags can be created and deleted via the Tags screen in the UI.

* For merge commits, the list of commits that will be merged into the destination
branch is included as the `/MERGE_LIST` magic file which is shown as `Merge List`
in the UI.

### REST API

#### Accounts

* [Get Account Status](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-accounts.html#get-account-status)
* [Set Account Status](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-accounts.html#set-account-status)
* [Get Account External IDs](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-accounts.html#get-account-external-ids)
* [Delete Account External IDs](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-accounts.html#delete-account-external-ids)

#### Changes

* [Get Assignee](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#get-assignee)
* [Get Past Assignees](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#get-past-assignees)
* [Set Assignee](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#set-assignee)
* [Delete Assignee](https://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#delete-assignee)
* [List Change Robot Comments](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#list-change-robot-comments)
* [Create Merge Patch Set](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#create-merge-patch-set-for-change)
* [Get Description](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#get-description)
* [Set Description](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#set-description)
* [Get Merge List](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#get-merge-list)
* [Get Submit Preview](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#submit-preview)
* [List Revision Reviewers](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#list-revision-reviewers)
* [List Revision Votes](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#list-revision-votes)
* [Delete Revision Vote](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#delete-revision-vote)

#### Groups

* [Query Groups](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-groups.html#query-groups)
* [Index Group](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-groups.html#index-group)

#### Projects

* [Delete Tag](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-projects.html#delete-tag)
* [Delete Tags](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-projects.html#delete-tags)

#### Revisions

* [List Robot Comments](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#list-robot-comments)
* [Get Robot Comment](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14/rest-api-changes.html#get-robot-comment)

### New User Interface ("PolyGerrit")

Gerrit now includes a new user interface, referred to as "PolyGerrit", based on
[Polymer](https://www.polymer-project.org/).

The UI can be switched between PolyGerrit and GWT by clicking the "New UI" and
"Old UI" links in the site footer. Alternatively, the UI can be switched by
adding `?polygerrit=1` or `?polygerrit=0` to the URL.

Note that PolyGerrit is still under development. Most use cases are supported,
but there are still some missing features compared to the GWT UI.

### SSHD

* [Issue 4507](https://bugs.chromium.org/p/gerrit/issues/detail?id=4507):
Add support for elliptic curve/ed25519 SSH keys.

## Bugfixes

* [Issue 5234](https://bugs.chromium.org/p/gerrit/issues/detail?id=5234):
Fix SSH GSSAPI authentication.

* [Issue 5739](https://bugs.chromium.org/p/gerrit/issues/detail?id=5739):
Prevent `ref-update` hook from being invoked on every commit when pushing
multiple commits.

  Instead of being invoked on every commit received, the `ref-update` hook
  is now invoked before the ref update operation is finalized. Note that
  the hook is no longer invoked on commits pushed for review or on changes
  that are merged. It is invoked for creation/deletion of refs, and for
  ref updates caused by direct pushes (i.e. bypassing review).

  The previous behavior of the `ref-update` hook is moved into a new hook
  named `commit-received`. A new parameter `--cmdref` is added, and the
  special handling of `refs/for` and `refs/changes` is removed.

  Sites using the `ref-update` hook should rename the hook file to
  `commit-received`.

## Dependency Updates

* Update auto-value to 1.4

* Update Bouncy Castle to 1.56

* Update codemirror to 5.25.0

* Update commons-compress to 1.12

* Update Guava to 21.0

* Update Guice to 4.1.0

* Update GWT to 2.8.0

* Update gwtjsonrpc to 1.11

* Update gwtorm to 1.17

* Update JavaEWAH to 1.1.6

* Update JGit to 4.7.0.201704051617-r

* Update jsch to 0.54

* Update Lucene to 5.5.2

* Update mina to 2.0.16

* Update ow2-asm to 5.1

* Update prolog-cafe to 1.4.2

* Update SSHD to 1.4.0


## Bugfix Releases

### 2.14.1 {#2.14.1}

* Add support for Git LFS locking.

  Plugins implementing LFS may now include support for
  [locking](https://github.com/git-lfs/git-lfs/blob/master/docs/api/locking.md).

* Upgrade JGit to 4.7.1.201706071930-r.

  This includes a fix to make auto GC run in the background.

  In some cases, the auto GC limit is lower than the true number of
  unreachable loose objects, so auto GC will run after every (e.g) fetch
  operation.  This leads to the appearance of poor fetch performance.
  Since these GCs will never make progress (until either the objects
  become referenced, or the two week timeout expires), blocking on them
  simply reduces throughput.

* Allow multiple Servlet filters on Jetty HTTPD.

  It is now possible to specify multiple values for
  [`httpd.filterClass`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.1/config-gerrit.html#httpd.filterClass).

* Add a `group indexed` extension point.

  Similar to the existing `change indexed` and `account indexed `extension points,
  this allows plugins to be notified when a group has been indexed.

* Extend upload validation interface to allow listening to negotiation start.

  This can be used to check rate limits for fetch requests. Rate limits
  should be checked before git transport negotation starts to avoid
  unnecessary work in case the limit is already reached.

* Fix support for ECDSA and ED25519 SSH keys.

  ECDSA and ED25519 SSH host keys were not generated during site initialization
  and were not loaded if they existed.

* Fix initialization failure when removing old Bouncy Castle library fails.

  During initialization, old Bouncy Castle libraries are renamed with a `.backup`
  suffix, but if the destination file already existed the initialization would
  fail with a fatal error. Now a warning is printed and the initialization
  continues.

* [Issue 6278](https://bugs.chromium.org/p/gerrit/issues/detail?id=6278):
Fix internal server error when cloning from slave over HTTP.

* Fix firing change related events for deleted change.

* [Issue 5393](https://bugs.chromium.org/p/gerrit/issues/detail?id=5393):
Improve the performance of reviewer suggestion.

* [Issue 6173](https://bugs.chromium.org/p/gerrit/issues/detail?id=6173):
Fix setting
[`sshd.idleTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.14.1/config-gerrit.html#sshd.idleTimeout)
for nio2 backend.

  The idle timeout was not properly set for the nio2 backend, so connections
  would always time out with the default value (10 minutes).

* Improve error message when publishing an already published change edit.

* Fix ref visibility checks in dashboards.

* Replication plugin: Fix replication retries when `maxRetries` is set to 0.

* Fix autocomplete for Firefox on LDAP login screen.

* Add support for mariadb in AccountPatchReviewStore.

* Fix notifications for comments on draft patch sets.

* Fix internal server error when deleting current patch set and previous patch
set doesn't exist.

* [Issue 6176](https://bugs.chromium.org/p/gerrit/issues/detail?id=6176):
Fix internal server error when old patch set is not found.

* Always use SSL implicitly for POP3 and IMAP.

  If `receiveemail.encryption` is set to TLS/SSL, we always want to use the
  implicit mode to execute the TLS/SSL command right after establishing
  the conection with the mail server. Strict mail servers like Gmail would
  close the connection prematurely otherwise.

* Allow plugins to non-transitively depend on prolog rules.

* [Issue 6367](https://bugs.chromium.org/p/gerrit/issues/detail?id=6367):
Allow to set blocking label range rules in permission rule editor.

* PolyGerrit UI

    * [Issue 6096](https://bugs.chromium.org/p/gerrit/issues/detail?id=6096):
      Add an "up" button to the diff screen.

    * [Issue 6041](https://bugs.chromium.org/p/gerrit/issues/detail?id=6041):
      Display `/MERGE_LIST` and `/COMMIT_MESSAGE` as `Merge List` and
      `Commit Message`.

    * [Issue 6080](https://bugs.chromium.org/p/gerrit/issues/detail?id=6080):
      Allow editing status when full name is not editable.

    * [Issue 6166](https://bugs.chromium.org/p/gerrit/issues/detail?id=6166):
      Fix loading favicon on a prefixed URL.

    * Make sure 'Merge Conflict' displays on change view.

    * Use a default name for accounts that do not have a display name.

### 2.14.2 *(In development)* {#2.14.2}

* [Issue 6472](https://bugs.chromium.org/p/gerrit/issues/detail?id=6472):
Fix online reindexing for plugin-dependent rules.

* [Issue 6473](https://bugs.chromium.org/p/gerrit/issues/detail?id=6473):
Fix display of columns in projects tables.

* [Issue 6099](https://bugs.chromium.org/p/gerrit/issues/detail?id=6099):
Set reflog message and identity when merging changes.

* [Issue 6508](https://bugs.chromium.org/p/gerrit/issues/detail?id=6508):
Fix hook configuration names to match documentation

  Most hooks in the documentation are named with "Hook" suffix, but
  in the code the "Hook" suffix was omitted. This prevented the hook
  from being found when the administrator configured it with the
  documented name.

* Don't index missing accounts.

* Fix title of revision field for creating new tag in the UI.

* Extend `shortSubject` field to 72 characters in soy email template.

* Align lib modules load injector on Jetty and external containers.

  Align the startup of Gerrit with a standalone Jetty container to the
  WebAppInitializer and load the user-provided Guice modules in the
  sysInjector instead of the DbInjector.

  This Allows overriding some of the default bindings of Gerrit
  (e.g. repository manager or permissions backend) with custom-made
  alternate implementations.