Finalize Gerrit v2.16.9 release notes
Change-Id: I124e2d129673ced485fcffd165384f12a8cc24f6
diff --git a/pages/site/releases/2.16.md b/pages/site/releases/2.16.md
index 74ea30b..b6d083d 100644
--- a/pages/site/releases/2.16.md
+++ b/pages/site/releases/2.16.md
@@ -543,13 +543,39 @@
## Bugfix Releases
-### 2.16.9 (in development)
+### 2.16.9
-* Replication plugin: Fix internal server error when username or password not
-specified for remote.
+* Improve performance of migration of accounts to schema 146.
- The username and password are both optional, but the replication plugin
- failed with a null pointer exception if either of them were omitted.
+ * Migration of the accounts is parallelized. The default number of threads
+ used is the number of available processors. This can be customized using
+ the `threadcount` system property.
+
+ * Before the migration, `gc --prune=now` is executed.
+
+ * When hosted on `FileRepository`, refs are packed after migration of every
+ 1000 accounts.
+
+ * A progress indicator counts every 100 accounts migrated.
+
+* [Issue 10790](https://bugs.chromium.org/p/gerrit/issues/detail?id=10790):
+Avoid evaluating submit rules twice for open changes.
+
+ Prolog submit rules were evaluated twice per page view for an open change,
+ which caused performance degradation on projects defining complex rules.
+
+* [Issue 10943](https://bugs.chromium.org/p/gerrit/issues/detail?id=10943):
+Set `References:` header on new change notification mail.
+
+ GMail changed the way
+ [emails are grouped in conversation view](https://gsuiteupdates.googleblog.com/2019/03/threading-changes-in-gmail-conversation-view.html),
+ which, combined with the fact that
+ [Amazon SES changes the `Message-ID` header](https://forums.aws.amazon.com/message.jspa?messageID=262855),
+ resulted in the new change notification email not being grouped with
+ subsequent emails related to the same change.
+
+* [Issue 10952](https://bugs.chromium.org/p/gerrit/issues/detail?id=10952):
+Fix definition of `PID` in `gerrit.sh`.
* Don't send "GPG keys added" notification when no GPG keys were added.
@@ -557,25 +583,75 @@
notification email for addition of new keys was always sent, even if the
update only removed keys.
+* Update email notifications on changing security related settings.
+
+ Email notifications are now sent when a GPG or SSH key is removed, and
+ when the HTTP password is deleted or changed.
+
+ An email notification is now always sent when an SSH key is added to an
+ account, even when it was added by an administrator.
+
+ These notifications allow to alert the user if their account is compromised
+ and keys or password are altered by the attacker.
+
+* Remove explicit dependency on protobuf_java.
+
+ The protobuf_java library is now consumed from rules_closure.
+
* Add methods to generate and set the HTTP password on the accounts API.
-* Upgrade elasticsearch-rest-client to 7.0.1.
+* Don't send "GPG keys added" notification when no GPG keys were added.
-* PolyGerrit fixes
+ A GPG key update can include both the addition and removal of GPG keys. The
+ notification email for the addition of new keys was always sent, even if the
+ update only removed keys.
+
+* Add methods to generate and set the HTTP password on the accounts API.
+
+* [Issue 10664](https://bugs.chromium.org/p/gerrit/issues/detail?id=10664):
+Fix duplicate key detection when using MySQL for the patch review store.
+
+ Retrieve the error code number from the SQL exception to
+ correctly detect and ignore a duplicate key error.
+
+* LDAP: support servers that do not allow anonymous browsing.
+
+ Add `ldap.supportAnonymous` configuration setting in gerrit.config to support
+ servers that do not allow anonymous browsing. Default is true per standard and
+ best practice.
+
+* Elasticsearch fixes
+
+ * [Issue 10496](https://bugs.chromium.org/p/gerrit/issues/detail?id=10496) and
+ [Issue 10844](https://bugs.chromium.org/p/gerrit/issues/detail?id=10884):
+ Fix usage of `include_type_name` in index creation.
+
+ * Add support for Elasticsearch 7.1.
+
+ * Upgrade elasticsearch-rest-client to 7.1.1.
+
+* PolyGerrit UI fixes
+
+ * [Issue 10549](https://bugs.chromium.org/p/gerrit/issues/detail?id=10549):
+ Fix single tab indentation in PolyGerrit diff view.
+
+ * [Issue 9409](https://bugs.chromium.org/p/gerrit/issues/detail?id=9409):
+ Fix replacement of file content when navigating between files with `[` and `]`.
+
+ * Upgrade polymer-resin to 2.0.1.
* [Issue 10670](https://bugs.chromium.org/p/gerrit/issues/detail?id=10670):
Fix selection of merge base when navigating between merge commit changes.
- When navigating between merge commit changes, the selection of the merge
- base was not persisted.
+ When navigating between merge commit changes, the selection of the merge base was not persisted.
* Hide overflowing author element content.
- In the case of vertical stacking unicode characters it was possible for
- the text to overflow out of the element and into other elements on the
+ In the case of vertical stacking Unicode characters, it was possible for
+ the text to overflow out of the element and into other details on the
review page.
- This is a partial fix for the problem described in
+ That is a partial fix for the problem described in
[issue 107959]https://bugs.chromium.org/p/gerrit/issues/detail?id=10795).
* [Issue 10744](https://bugs.chromium.org/p/gerrit/issues/detail?id=10744):
@@ -590,15 +666,43 @@
* [Issue 10549](https://bugs.chromium.org/p/gerrit/issues/detail?id=10549):
Fix single tab indentation in diff view.
- * Hide project-aware top menus from header.
+ * Use dom-if instead of CSS when hiding the user's password in the element
+ `gr-http-password`, to prevent users from using CSS to reshow the
+ password screen.
- * Upgrade polymer-resin to 1.2.8.
+ * Hide project-aware top menus from the header.
* Upgrade highlightjs for syntax highlighting fixes:
- * Treat `False`, `None` and `True` as literals in python.
+ - Treat `False`, `None` and `True` as literals in python.
- * Fully support C++11 raw strings in cpp.
+ - Fully support C++11 raw strings in cpp.
+
+* Core plugins
+
+ * Replication plugin: Fix internal server error when username or password not
+ specified for remote.
+
+ The username and password are both optional, but the replication plugin
+ failed with a null pointer exception if either of them was omitted.
+
+ * codemirror-plugin: upgraded to the latest revision on master, which includes
+ the following fixes and improvements:
+
+ - Bazel: Fix lint warning flagged by buildifier
+
+ - Add .mailmap
+
+ - Remove CodeMirror modes that are not supported at Google
+
+* Documentation updates
+
+ * [Issue 10897](https://bugs.chromium.org/p/gerrit/issues/detail?id=10897):
+ Update links to Google individual and corporate CLA pages.
+
+ * Clarify that account must have a username to be able to set HTTP password.
+
+ * Fix formatting in project config documentation.
### 2.16.8