Add 3.12.3 release notes
Change-Id: I19bd47d98d518969127645bc10376b618b6a8eb4
diff --git a/pages/site/releases/3.12.md b/pages/site/releases/3.12.md
index 003cd20..69c59dd 100644
--- a/pages/site/releases/3.12.md
+++ b/pages/site/releases/3.12.md
@@ -6,11 +6,13 @@
toc: true
---
-Download: **[3.12.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.12.2.war)**
+Download: **[3.12.3](https://gerrit-releases.storage.googleapis.com/gerrit-3.12.3.war)**
+| [3.12.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.12.2.war)
| [3.12.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.12.1.war)
| [3.12.0](https://gerrit-releases.storage.googleapis.com/gerrit-3.12.0.war)
-Documentation: **[3.12.2](https://gerrit-documentation.storage.googleapis.com/Documentation/3.12.2/index.html)**
+Documentation: **[3.12.3](https://gerrit-documentation.storage.googleapis.com/Documentation/3.12.3/index.html)**
+| [3.12.2](https://gerrit-documentation.storage.googleapis.com/Documentation/3.12.2/index.html)
| [3.12.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.12.1/index.html)
| [3.12.0](https://gerrit-documentation.storage.googleapis.com/Documentation/3.12.0/index.html)
@@ -676,6 +678,186 @@
## Bugfix releases
+### 3.12.3
+
+* Bug Fixes
+
+ * [Change 495501](https://gerrit-review.googlesource.com/495501):
+ `sequence set` SSH command now enforces strictly increasing sequence values.
+
+ Attempts to set a sequence (for `changes`, `accounts`, or `groups`) to a value lower than its
+ current value are now rejected immediately.
+
+ * [Issue 439435039](https://issues.gerritcodereview.com/issues/439435039):
+ Check for account existence with username scheme for `HTTP` and `HTTP_LDAP` only.
+
+ Previously, when LDAP authentication was enabled, user lookups were incorrectly performed
+ using the `username` external ID scheme, which could lead to failed logins.
+ This change restricts username-based lookups to `HTTP` and `HTTP_LDAP` authentication
+ protocols only, ensuring `LDAP` uses the correct `gerrit` scheme.
+
+ * [Issue 439859126](https://issues.gerritcodereview.com/issues/439859126):
+ Return `HTTP 401` for any incoming authentication request with a password longer than `71` chars
+
+ Fixed password validation to explicitly fail when a password is longer than 71 characters,
+ matching the Bcrypt limitation. This prevents internal errors and ensures clients receive a
+ proper `HTTP 401 (Unauthorized)` response instead of an internal exception.
+
+ * [Issue 444049514](https://issues.gerritcodereview.com/issues/444049514):
+ Prevent blocking HTTP calls to wait indefinitely.
+
+ Fixed an issue where, under heavy concurrent Git/HTTP load, some worker threads could remain
+ stuck indefinitely due to unbounded blocking in synchronous write callbacks.
+ Blocking callbacks are now properly capped by the configured `httpd.idleTimeout`, ensuring
+ idle or stalled Git/HTTP requests are terminated and threads are released as expected.
+
+ * [Issue 397701289](https://issues.gerritcodereview.com/issues/397701289):
+ Notify reviewers on change edit in UI.
+
+ Restored reviewer notifications when a change is edited through the web UI. This makes
+ notification behavior consistent with other change updates, ensuring reviewers are informed when
+ an edit may require another review.
+
+ * [Change 510442](https://gerrit-review.googlesource.com/510442):
+ Allow WorkQueue to be used with the failsafe.dev library in the `high-availability`
+ plugin to schedule retryable tasks.
+
+ * [Issue 446941362](https://issues.gerritcodereview.com/issues/446941362):
+ Fixed git-upload-pack errors on replicas by skipping unloadable changes.
+
+ Fixed an issue where corrupted or unloadable changes could cause Internal Server Errors during
+ `git-upload-pack` on replicas.
+
+ * [Issue 456521736](https://issues.gerritcodereview.com/issues/456521736):
+ Avoid _"change N missing from ChangeSet[][]"_ error when submitting a change with a stale index
+ entry.
+
+ Fixed an issue where submitting a change could fail if its index entry was out of sync with
+ the underlying NoteDb data. Gerrit can now backfill missing change information directly from
+ the repository when the index is stale, ensuring that valid changes can still be submitted
+ without repeated retries.
+
+ A new configuration option, `change.backfillMergeSuperSet`, controls this behavior.
+ When enabled, Gerrit reloads change data from the repository instead of failing due to a stale
+ index, making change submissions more reliable in setups that use asynchronous indexing or
+ multiple primaries.
+
+ * [Change 497281](https://gerrit-review.googlesource.com/497281):
+ Fixed the name of the operations endpoint latency metric to ensure accurate per-endpoint
+ performance tracking.
+
+ Corrected the name of the operations endpoint latency metric, which was previously using the
+ same name as the general `performance/operations` metric.
+
+ * [Issue 440670678](https://issues.gerritcodereview.com/issues/440670678):
+ Introduce listener hook for project-wide change index deletions.
+
+ Previously, when all changes for a project were deleted from the index, no listener notifications
+ were triggered. This prevented plugins such as `high-availability` and `multi-site` from
+ detecting these deletions and cleaning up related state.
+
+ A new listener hook, `onAllChangesDeletedForProject`, has been added and is now invoked whenever
+ a project’s indexed changes are removed in bulk. This ensures that dependent plugins are
+ notified consistently and can react reliably to project-wide deletions.
+
+* Documentation Updates
+
+ * [Change 500401](https://gerrit-review.googlesource.com/500401):
+ Document the HTTP password limit of `71` chars.
+
+ * [Change 520901](https://gerrit-review.googlesource.com/520901):
+ Document the REST API Get Patch `parent` parameter.
+
+ * [Change 515462](https://gerrit-review.googlesource.com/515462):
+ Remove instructions to build with Java 17.
+
+* UI Fixes
+
+ * [Change 511981](https://gerrit-review.googlesource.com/511981):
+ `gr-access-section`: Fix bug with deleting permissions in handleAddedPermissionRemoved.
+
+ Resolved an issue where removing a permission (e.g., Delete Own Changes) could also
+ unintentionally remove another permission (e.g., `Delete Changes`) and incorrectly display an
+ `undo` option. The UI now correctly tracks and removes only the selected permission, and the
+ undo button appears only for previously saved permissions.
+
+ * [Change 515221](https://gerrit-review.googlesource.com/515221):
+ Allow Change Owners to suggest edits in comments.
+
+ Change owners can now propose suggested edits directly in comments, even if they are not the
+ original authors of the change.
+
+ * [Change 517961](https://gerrit-review.googlesource.com/517961):
+ `gr-permission`: Fix deleting rule in `gr-rule-editor`.
+
+ Resolved a UI issue where deleting a rule could affect the wrong entry due to DOM node reuse.
+
+ * [Change 512922](https://gerrit-review.googlesource.com/512922):
+ Fix rendering of multiple suggested edits when comments contain tabs.
+
+ Previously, only the first suggested edit was shown when a comment contained multiple suggestions.
+ Now, all suggestions are displayed correctly, allowing users to view and apply each one
+ individually.
+
+ * [Change 509501](https://gerrit-review.googlesource.com/509501):
+ `gr-textarea`: Fix `getSelection()` on Safari.
+
+ Resolved an issue in the text area component where pressing `Option + Right Arrow` on Safari
+ did not move the cursor or update the text selection as expected.
+
+ * [Change 509463](https://gerrit-review.googlesource.com/509463):
+ Fix bug with `disabledMenuActions` in `gr-change-actions`.
+
+ Fixed a UI issue where menu actions were not properly disabled when `disabledMenuActions` was
+ set, allowing users to trigger actions multiple times while one was still running.
+
+ * [Issue 445614699](https://issues.gerritcodereview.com/issues/445614699):
+ Fix deleting text under Firefox when selecting all text.
+
+ Resolved a compatibility issue in the text area component where deleting all selected text did
+ not work correctly in Firefox.
+
+ * [Issue 440874371](https://issues.gerritcodereview.com/issues/440874371):
+ Avoid hacking the `GitRepositoryManager` on init, which broke the initialisation of a Gerrit
+ site with `Zookeeper`.
+
+ Resolved an issue that caused Gerrit site initialization to fail when using a global ref
+ database such as `Zookeeper`.
+
+* Enhancements
+
+ * [Issue 440798012](https://issues.gerritcodereview.com/issues/440798012):
+ Add scheduled reindexing of accounts.
+
+ Add scheduled reindexing of accounts. Previously scheduling reindexing was possible only for
+ `Changes`, `Projects` and `Groups`.
+
+* Dependency Updates
+
+ * [Issue 442989229](https://issues.gerritcodereview.com/issues/442989229):
+ Update Jetty to `9.4.57.v20241219`.
+
+ Please refer to the
+ `jetty.project` [changelog](https://github.com/jetty/jetty.project/compare/jetty-9.4.53.v20231009...jetty-9.4.57.v20241219)
+ for details.
+
+* Plugin changes
+
+ * `delete-project` updated to `b1a05c0c2ef2d5fe60f0c4c5863576707540dbbf`
+
+ Notable changes are:
+ * [Issue 440670678](https://issues.gerritcodereview.com/issues/440670678):
+ Use centralized change index deletion when removing a project.
+
+ Updated project deletion to use the higher-level `ChangeIndexer.deleteAllForProject()` API
+ instead of calling low-level index operations directly. This ensures that all project changes
+ are removed from the index in bulk and it triggers the appropriate deletion notifications.
+
+ You can retrieve the full list of changes with:
+ ```shell
+ git log --no-merges --oneline 08035f1ef90258629346ab033af27c454a7fcc2d..b1a05c0c2ef2d5fe60f0c4c5863576707540dbbf
+ ```
+
### 3.12.2
* Bug Fixes
