Download: 3.11.0-rc2
Documentation: * 3.11.0*
The language level used for Gerrit source code stays on Java 17, however, Gerrit is built and distributed for Java 21, which is the recommended JVM version for running it in production.
It is now possible to enforce project configuration changes for code review, ensuring modifications are reviewed and approved before integration (by setting gerrit.requireChangeForConfigUpdate=true).
This feature, together with a dedicated set of endpoints such as /projects/myproject/access:review, /projects/myproject/labels:review, /projects/myproject/submit_requirements:review and /projects/myproject/config:review, allows to prevent that any project configuration changes is submitted without code review.
Some maintenance operations can be configured in gerrit.config to be executed at a specific time. However, this might not always be wanted or could even lead to issues in setups where multiple Gerrit instances with the same configuration try to perform the operation concurrently.
To work around this problem, for some specific operations, one can now explicitly call dedicated REST API on demand, specifically: Clean up of stale changes and Clean up of stale accounts.
The new receivecommits/reject_count set of metrics to count the number of rejected pushes has been added. This is useful to monitor push errors over time and the reason of their failure.
Additionally one can explicitly set performance.metrics to record latency and counts od specific operations.
Please bear in mind that the above metrics can quickly build up in number, eventually increasing the latency and the size of collecting metrics payloads via to monitoring such as prometheus.
No changes to either the schema or indexes versions.
If you’re upgrading from 3.10, the Lucene index does not need any rebuild. If you’re upgrading from 3.9, the Lucene index is automatically rebuilt upon Gerrit startup after the upgrade.
However, if you’re upgrading from 3.8 or an earlier version, you must use the Offline upgrade steps below, because of the Lucene upgrade mentioned in the 3.8 release notes.
Download the new gerrit.war
Stop Gerrit
Backup the existing indexes in case a rollback is required
Ensure all installed plugins are compatible with the new API
Run init java -jar gerrit.war init -d site_path --batch
If you are upgrading from a 3.9/3.10 versions you don’t need to run reindex (see Online index schema upgrade from 3.10 above).
If you are upgrading from a 3.8 or an earlier version, you must run a reindex of all indexes:
java -jar gerrit.war reindex -d site_path
See the reindex command for other options.
Gerrit v3.11.x supports zero-downtime upgrade from Gerrit v3.10 when configured using either high-availability or multi-site setup.
During the zero-downtime upgrade, Gerrit end-users will not experience any outage or service disruption and will be able to perform any read/write Gerrit operation seamlessly.
The zero-downtime upgrade process for high-availability or multi-site setups consists of the following steps (demo):
Downgrade to Gerrit v3.9 or v3.10 release is possible, but requires the following manual steps:
java -jar gerrit.war init -d site_path --batch
Almalinux distribution updated 9.4.Ubuntu distribution updated to v24.04.Change 435557: Add Option to set HttpOnly flag for cookies.
This option helps to prevent possible XSS-attacks.
Change 435998: Change default of auth.cookieHttpOnly to true.
This makes the auth.cookieHttpOnly cookie more secure by default as there should usually be no need to allow client side javascript to access it.
Change 435960: Don't allow discovery of non-visible groups.
A user could have used the ls-members command to distinguish between a non-existent group and an existent but not visible group. This fixes that.
Change 422518: Record duration of performance events in nanos (instead of in millis).
Performance events shorter than 1ms were being recorded with a duration of 0ms, causing them to be invisible on performance charts and making it unclear whether they were executed or just too fast to be displayed.
Change 434037: Disallowed tracing configs that trigger tracing for too many requests
When using a tracing.<trace-id> subsection in gerrit.config one must now specify at least one of requestUriPattern, account and projectPattern, or otherwise it is ignored.
Change 429818, Change 429819 and Change 429820: Removed etags for change, revision and ListFiles resources.
Any REST clients built expecting that ETags exist and that rely on them for workflows, may require modifications.
Change 430660 Prevent replication plugin start with invalid remotes:
Allow the Gerrit admin to detect early a configuration issue with the remotes. Upon invalid remotes configuration the plugin will not start and an error will be thrown: Unable to start replication plugin because remote.
Issue 320715545 Use SecureStore for reading username/password credentials
Use SecureStore for reading username/password credentials. Existing installations may have used a mix of encrypted and clear text credentials in secure.config, leveraging the replication plugin bug that was not accessing it using the correct API. Introduce a legacy feature flag gerrit.useLegacyCredentials that allow the Gerrit admin to still use the legacy mode.
Change 409734: New REST API endpoint for deactivating stale accounts.
You can now POST /config/server/deactivate.stale.accounts to trigger account deactivation outside the time window scheduled in gerrit.config.
Change 421120: A Blocked Users group that allows admin to block spammers is created automatically during the site initialisation.
This change makes it easier to block spamming users by automatically creating the Blocked Users group with the BLOCK read permissions on refs/*. All admins need to do to block users is adding them to the group.
Issue 317351858: Submitting changes with unresolved comments is blocked for new sites by default
Change 420300: Added REST API to clean old changes.
You can now POST /config/server/cleanup.changes to abandon changes older than some given time outside the time window scheduled in gerrit.config.
Change 247812 and Change 248034: Added support for plugins to block WorkQueue tasks without depriving other tasks of a thread.
Introduces a TaskParker interface allowing selective task parking to control resource usage by deprioritizing certain tasks without blocking other tasks from using resources.
Tasks blocked from running by TaskParker implementations show their state as parked.
Change 425478: Support multiple parents in the Get Patch API.
Now the “Get Patch” API can handle a new parent flag to select which parent to use to generate the patch.
Change 426018: Added highlight support for the epp language.
Change 425804: Added REST API endpoint for creating project config change.
Similar to the access:review endpoint, this allows creating a change for project configuration updates via REST API by PUT /projects/myproject/config:review.
Change 425805: Added REST API endpoint for creating a change for labels update.
Allows CRUD operations on multiple label definitions in this project at once by POST /projects/myproject/labels:review.
Change 425806: Added REST API endpoints for batch updating submit requirements.
Introduced two new endpoints for updating submit requirements. One for updating without a review: POST /projects/myproject/submit_requirements/ Another for creating a change for the update: POST /projects/myproject/submit_requirements:review.
Change 425525: Added API option to apply patches that conflict.
POST /changes/{change-id}/patch:apply now takes a payload that allows an optional allow_conflicts field, to tolerate conflicts and add conflict markers where required.
Change 425807: Added a new config for protecting project config from unreviewed updates.
When gerrit.requireChangeForConfigUpdate is set to true, all attempts to update a project config directly using any REST API are rejected. Instead, users should always use APIs which create a config change (for review).
Change 425808: Save for review button was added into the project config page.
When gerrit.requireChangeForConfigUpdate is set to true a new Save for review is added to the project config page.
Change 429017: Introduce @DynamicItem.Final for allowing immutable dynamic bindings of interfaces to implementations in other plugins.
Change 429823: Add TRIVIAL_REBASE_WITH_MESSAGE_UPDATE ChangeKind to allow automatic vote copy in this case.
Introduce a new ChangeKind type representing a conflict-free merge between the new parent and the prior patch set but having a commit message update.
Change 439642: Report number of documents in the indexes REST API.
This can be useful to observe index size, especially while a new index version is being created.
Change 438704: LockManager as an extension point.
Provides a mechanism for global locks in distributed setups. This allows implementing global locking beyond project creation, such as ensuring only one Gerrit server runs certain tasks at a time (e.g. aut-abandoning, git-gc, account-deactivation and so forth).
Change 439124: Allow applying fixes to different patchsets.
The Apply Provided Fix API now supports applying fixes to older patchsets, enabling users to apply fixes not just to the current patchset.
Change 438424: Add support for Vue code highlighting.
Change 437343: Added screen to browse the server info.
Users can find important properties of the server listed in a new server info page.
Change 436218: Added extension point that allows plugins to provide server metadata.
Change 436318: Allow admins to get the account state of other users via REST API.
Issue 435999: Add method resolveExactIgnoreVisibility for AccountResolver.
This method can be used by plugins to be able to Ignore Visibility when doing exact resolving of an account.
Change 435937: Added extension point that allows plugins to provide account state metadata.
Provide an extension point that enables plugins to supply additional data for account states which are returned from the Get Account State REST endpoint.
Change 435819: Added REST endpoint to retrieve the account state with a single request.
The new GET /accounts/link:#account-id/self/state can now be used Retrieves the superset of all information related to an account, including its permissions.
Change 435559: For users that have the ‘View Access’ global capability return ACL info when request is rejected due to a permission issue.
Change 435017: Plugin provided change-metadata-items can be placed above submit-requirements.
With this change, plugins can choose to place items above the submit requirements.
Change 433022: Added support for configurable performance metrics.
A new performance.metric configuration section can be used in gerrit.config to specify operations for latency and count recording in performance metrics. This is useful to identify slow operations and assess the impact of optimizations.
Change 431638: Added metric to count rejected pushes.
The new receivecommits/reject_count set of metrics count the number of rejected pushes. They are suffixed with the push kind (either direct, for direct pushes, or magic, for pushes to magic refs) and with the reason of the rejection (e.g. branch_not_found, no_new_changes, and so forth), for example: receivecommits_reject_count_magic_branch_for_main_not_found, receivecommits_reject_count_direct_prohibited_by_Gerrit:_not_permitted:_create.
Issue 321784728: Add support for using subsections in passwd.
Fixes a bug whereby the java -jar bin/gerrit.war passwd program couldn't be used to set a subsection config, such as remote.instance.username.
Change 422522: Avoid double loading of change notes when retrieving change without specifying a meta rev ID.
Change 426537: Improve performance of changes queries when using the custom permission backends.
The virtual host module, or other permissions backends, can potentially restrict the visibility of users to a limited set of projects or changes.
Issue 365254275: Don't sync bulk actions details for anonymous user.
This change effectively reduces potential system load and improves overall performance by preventing anonymous users calls from loading unnecessary data.
Change 422039: Fix Cloud Spanner error codes for AccountPatchReviewStore.
Change 429801: Fix evaluation of extra query provided by a permission backend.
Change 430917: Allow Gerrit to open more than 10240 file descriptors on MacOS.
Change 438861: Fixed ls-projects to skip corrupted repositories.
The ls-projects command now logs an error and continues processing other projects if a MissingObjectException occurs due to a corrupted Git repository, rather than stopping execution entirely.
Change 437821: Fixed GET /auth-check.svg error.
Change 436057: Fixed exception in GetMessage REST endpoint when the change contained multiple footers with the same key.
Only the last footer for any footer key is now returned.
Change 435938: AccountResolver:resolveExact can now resolve accounts for usernames.
AccountResolver:resolveExact now supports resolving accounts by exact username matches, avoiding unintended results from fuzzy matching.
Change 434177: Disallowed ref creation when passed object is neither Commit nor a Tag.
Restrict ref creation to only Commit or Tag objects, preventing unintended ref creation for unsupported object types.
Change 425037: gr-watched-projects-editor: improve unsaved changes detection.
Change 425038: gr-email-editor: improve unsaved changes detection.
Change 425857: Made navbar mobile responsive in gr-main-header.
Change 430619: TypeScript API: fix PluginApi exposed type from HTMLElement to PluginElement.
Change 437561: Added new formatted-text-endpoint plugin endpoint.
Change 418578: Make Service Users group that is created on init visible to all users.
Change 420064: Disallow removing votes from merged changes by removing reviewers.
Change 420065: Disallowed removing votes from merged changes.
Change 421177: Do not grant Revert permission to Registered Users by default.
Note, Registered Users can still revert changes via git push, just not via the web UI.
Change 421141: Do not grant direct push permission by default.
Change 427077: Support refs/heads/... as rebase base.
Change 427778: Fixed updating an existing edit via push.
Resolved an issue where attempting to update an existing edit via push was rejected due to non-fast-forward updates being disallowed.
Issue 341288175: Ignore global ACLs query limit for internal user.
Change 431080: Include replication-api.jar in release.war.
Ensures all core plugins, including API jars, are packaged in the release.war, enabling cross-plugin communication via core plugin APIs.
Change 439141: Fix Label documentation mentioning function = MaxWithBlock.
Instead describe how to define a corresponding submit requirement.
Change 439361: Document --reuse option of the offline reindex command.
codemirror-editor updated to e5e9ece112242397f000660c6cee8f5053ca5da5
git log --no-merges --abbrev-commit --oneline 06719abee6c38d17008599f074050db5153bffa3..e5e9ece112242397f000660c6cee8f5053ca5da5
Notable changes are:
e5e9ece Added missing Vue dependencybf8ac0b Added Vue language supportcddb6d8 Show Line Length Indicator at 72 Characters for Commit Messageshooks updated to 4f43f5db6b8aa7f36381f4f9a4c9ec1fc335d949:
git log --no-merges --abbrev-commit --format=oneline f975f914312b258f84957d19f96014c3edd12644..4f43f5db6b8aa7f36381f4f9a4c9ec1fc335d949
Notable changes are:
4f43f5d Print hook stdout/stderr in case of a non-zero exit code:
Hook output is now printed when a non-zero exit code occurs, providing error details without requiring DEBUG logging level.
41c3ad1 Resolve relative hooks.path against $site_path, not cwd of the process
Relative paths for hooks.path are now resolved against $site_path instead of the process's working directory, ensuring consistent path resolution.
plugin-manager updated to 86f7ec61a9785df246f653a1336520b9607399b1:
git log --no-merges --abbrev-commit --format=oneline cdd2d2d69666a70a16ac02bacf8e7fbbf4ca9979..86f7ec61a9785df246f653a1336520b9607399b1
Notable changes are:
86f7ec6 Add replication-api to the list of core plugins53d615a Avoid work in Optional.orElse() callsc67b626 zuul: Fix test dependency on release.warreplication updated to 90c64204e1e27ec245f41b3d08b10f431dd72faf:
git log --no-merges --abbrev-commit --format=oneline 445cd037108a9ad478c187aeb31cb14a8e889a0f..90c64204e1e27ec245f41b3d08b10f431dd72faf
Notable changes are:
5cfb07a synchronizePendingEvents: Fix stuck replaying flag:
Fixed an issue where exceptions during task accumulation could cause the replaying flag to become stuck, potentially blocking future distributor runs.
660fcd4 Destination: use striped lock to reduce lock contention.
Optimized replication throughput by implementing striped locks in the Destination to reduce lock contention across repositories.
3982574 Fix FanoutConfigurationResource update API:
This fixes issue 351843807 where Gerrit changes were no longer syncing to Github.
eac5d4e Delay the fetching of credentials until push time:
Improved replication reliability by delaying credential fetching until push time, allowing dynamically reloaded credentials to be applied even for retried replication tasks.
69c66c8 Improve FanoutConfigurationResource loading performance:
Enhanced loading performance of replication remotes as individual files (under $GERRIT_SITE/etc/replication) by optimizing remote parsing and merging logic, reducing load times for large configurations.
69c0c4d FanoutConfigResourceTest: assert configuration updates being visible:
Fixed an issue where updates to remote configurations persisted on disk but left an outdated in-memory copy, ensuring in-memory consistency after updates.
6b4bc77 Fix updating replication credentials using te ReplicationRemotesApi
Fixed an issue where updated replication credentials were incorrectly saved to replication.config instead of SecureStore.
cc32fe2 Prevent replication plugin start with invalid remotes: See Breaking changes
d1ad7d5 Use SecureStore to access replication credentials:
See Breaking changes
89fc47e Introduce API for retrieving the remote config:
Extended ReplicationRemotesApi to support retrieving configurations for multiple replication remotes.
16ccc30 Allow to update base/override remote configs from MergedConfigResource:
Added a method to update base or override remote configurations in a single call, building on the API for updating replication configurations from other plugins.
gson to 2.10.1com.google.auto:auto-common to 1.2.2SSHD to 2.14.0bouncycastle to 1.74asm version to 9.7