Download: 3.2.5.1 | 3.2.5 | 3.2.3 | 3.2.2 | 3.2.1 | 3.2.0
Documentation: 3.2.5.1 | 3.2.5 | 3.2.3 | 3.2.2 | 3.2.1 | 3.2.0
Polymer 3
File Uploads in frontend
Performance improvements on mergeability check and accounts caching
Support for Java 11
Gerrit is now officially supported on Java 11, in addition to Java 8. Running on Java 11 was already possible from v2.16.13, v3.0.4 and v3.1.0, but not officially supported because of the lack of a CI validation on Java 11 for stable-2.16, stable-3.0 and stable-3.1 branches.
Please note that Java 11 has a number of improvements and breaking changes compared to Java 8. Refer to the Java 11 release notes for more details.
Gerrit v3.2 has been validated with Java 11, with the following known issues:
Issue 11567: Java 11 runtime & startTLS LDAP broken: ‘error code 8 - BindSimple: Transport encryption’.
Issue 12639: WARNING: An illegal reflective access operation has occurred, when starting Gerrit.
This release contains schema changes. To upgrade:
java -jar gerrit.war init -d site_path
The changes index version has been increased. To run off-line reindexing of the changes (optional):
java -jar gerrit.war reindex --index changes -d site_path
By default the changes index is automatically rebuilt upon the Gerrit startup after the upgrade.
PERFORMANCE WARNING: The migration process performs the cleanup of the zombie draft comments in the All-Users.git repository that have been left behind since the introduction of NoteDb. It is highly recommended to perform a git gc --aggressive of the All-Users.git repository BEFORE running the migration. Also the reindex of all the changes can take a significant amount of time for large-scale installations.
Also, make sure that the All-Users.git resides on a fast access local filesystem for minimizing the migration time.
Upgrade the Docker/Ubuntu image to Ubuntu 20.04
Upgrade the Docker/CentOS image to CentOS 8.1.1911
Move to OpenJDK 11
Gerrit v3.2 supports both Java 8 and 11. However, Java 11 is the best choice for large production servers thanks to the introduction of more advanced Garbage Collection strategies and associated tuning for large heaps.
Gerrit supports zero-downtime upgrade from Gerrit v3.1.6 (or later) when configured using a high-availability configuration, when the Git repositories are stored in a shared filesystem such as NFS or similar.
For upgrading with zero-downtime, you should enable the rolling upgrade migration in gerrit.config on both Gerrit masters by setting the gerrit.experimentalRollingUpgrade to true.
During the zero-downtime upgrade, Gerrit end-users would not notice any outage or service disruption. They will be able to perform the normal Gerrit operations on the GUI or using the Git protocol.
The zero-downtime upgrade consists of the following steps:
gerrit.experimentalRollingUpgrade to true in gerrit.config on both Gerrit masters.gerrit.experimentalRollingUpgrade from gerrit.config on both Gerrit masters.NOTE: During the zero-downtime upgrade, the nodes may experience an increase of CPU and memory utilisation due to the online reindexing activity. If testing reveals that the nodes are not able to keep sustained load in conjunction with the online reindexing, then you have to follow the standard migration path.
Issue 12527: Elasticsearch: Support for EOL versions v5.6 and v6.0 to v6.5 is discontinued
Issue 12858: ListGroups: the --query2 option in the groups query REST-API has been renamed to --query
Gerrit metrics associated with H2 disk-statistics are now disabled by default. The disk-statistics can be enabled again by setting cache.enableDiskStatMetrics in gerrit.config.
The number of comments per change are limited to 5000, and their size to 16k. The limits can be customized in gerrit.config using the change.maxComments and change.commentSizeLimit settings.
This release introduces a configuration setting change.mergeabilityComputationBehavior that defines when Gerrit computes the mergability of a change .
Computing the mergability of changes is an expensive operation that can be become a bottleneck for large Gerrit installations. The new setting allows administrators to control this expense. Please refer to the Gerrit documentation for more details about this setting.
The setting change.api.excludeMergeableInChangeInfo is no longer used and may be removed from gerrit.config.
Introduction of a brand-new AccountCache decomposed into smaller chunks that can be cached individually:
refs/users/<sharded-id>)The new structure is cleverly designed to require a lot less I/O when an entry needs to be reloaded and lowering the ratio of cache-miss in case of user’s details updates.
Gerrit can be linked to external user directories like LDAP, providing Gerrit with external users and groups. External groups can be added to Gerrit to restrict access to refs and repos and are mainly used for permissions evaluation.
The following new additional caches have been introduced and can be customized in gerrit.config:
groups_external: Caches all the external groups available to Gerrit.groups_external_persisted: Caches all external groups available to Gerrit at some point in history.File Uploads are now supported in the User Interface or through the REST API.
Introduce a new permission to allow/deny the ability to revert a change through the Gerrit UI.
The permission is automatically added to the Registered Users as part of the schema upgrade. To deny reverts, Gerrit administrators should remove this permission from All-Projects ACL.
Introduce the new is:merge operator for allowing to find changes that are merge commits. This change requires a full reindex of the changes, which may take quite a long time to compute for large-sized installations.
When choosing the on-line reindexing option (default) Gerrit can still operate with the old index version, disabling the is:merge operator until the new index has been successfully rebuilt.
New SSH commands introduced:
gerrit set-topic: set the topic of a change (existing REST-API surfaced via SSH)gerrit sequence show: show the current sequences value from All-Projects.git or All-Users.gitgerrit sequence set: set the next value for sequences in All-Projects.git or All-Users.gitlabel.Label-Name.copyValue on the project.config labels.After a change is created or updated using the ‘cherry-pick’ functionality, the cherry-picked change includes a new field in the change info returned from REST APIs called CherryPickOf with the source change number and the patchset.
instanceIdIntroduce the instanceId configuration for multi-master Gerrit setups. For more details check:
gerrit.config setting suggest.relevantChangesThe Gerrit frontend has been migrated from Polymer 2 to Polymer 3.
Users can now cherry pick entire topics.
Gerrit supports adding display names. Hosts can configure first name or username as default.
The reply dialog now shows the entire comment thread instead of the comment list.
Issue 6293: More self-evident transitions from WIP state. “Start Review” button added to change view.
Issue 8153: Improvements to rebase indicator: display a hover card instead of a tooltip with the icon including the possible rebase action.
Issue 10444: UI for deleting change messages for Gerrit Administrators.
Issue 10890: Repository list: Move “Repository Browser” column left of “Description” column.
Issue 11441: Add in-product reminder to keep discussions respectful.
Some code review discussions can become a bit rough and some people perceived discussions as not always respectful. Add an in-product reminder to keep discussions respectful when a reply is typed, optionally with linking to the code of conduct.
Issue 11493: Add an “Edit” button to the diff view in the PolyGerrit UI.
Issue 11521: Display trace ID in error popup if request failed and server did a trace.
Issue 11522: REST API for review labels in the project configuration.
Issue 11705: Show count of changes in User Dashboard.
Issue 11706: Allow editing the commit message as part of a change edit.
Issue 11973: Add copy-to-clipboard for generated HTTP password.
Issue 12364: Add support for going to a specific line number in the inline editor.
Issue 11594 Merge the repo-vs-git logic into GitDownloadCommand directly.
Created separate “getRepoCommand” and “getCommand” methods for downstream classes to extend with the default “getRepoCommand” defaulting to null.
Issue 11609 “Download patch” UI includes an option for also creating a local branch.
A very standard workflow is to download a change from Gerrit then want to make edits and then repo upload the changes back to Gerrit. Allow developers who are not familiar with the idiosyncrasies of repo, to easily create a local branch when checking out changes.
Allow end-to-end tests to proportionally scale on their expected execution times.
A power_factor environment property was added to the end-to-end tests core framework. Using that optional property, scenario steps can take some more (or less) time prior to expecting proper completion.
The way to set that property locally then depends on the target runtime environment, or SUT latency. The property may be used for either core or plugin scenarios.
FlushProjectsCache related scenarios added to core (and the high-availability plugin).
Support for relative runtime weights in scenarios.
Each scenario can now either weight like any other by default, or override that default with a greater weight value, compared to siblings that are lighter on execution times.
Beside core, make the high-availability and multi-site plugin scenarios reuse this.
Allow scenarios to create and delete Gerrit changes alongside projects.
Add the corresponding core support for an optional http request body to every such GerritSimulation. Either automate or allow environment properties to feed the related input test data.
Beside core, make the high-availability and multi-site plugin scenarios test changes that way. The latter currently has Issue 12693 as a known limitation.
Accounts
display_name field added to all the endpoints returning the account details.
New Set Display Name API for updating the account display name.
New Modify Account global capability is now required for List Accounts Emails, Get Account External IDs and Delete Account External IDs when used to access information that belongs to accounts other than the caller.
Changes
Query Changes API now supports a new no-limit parameter to remove the default limit on queries and return all results. This might not be supported by all index backends. Also, the SKIP_MERGEABLE option for skipping the mergeability flag option is not supported anymore.
Revert Change now truncates the revert message if it exceeds 63 characters, by cutting it down to 59 characters with the ellipsis (…) in the end. Also, the API requires now the new revert permission, otherwise a 403 Forbidden status code is returned.
Revert Submission API for creating a submission-id for grouping multiple changes that belong to the same submission (e.g. topic submission).
Change file content in Change Edit API supports now uploading binary content.
New Preview Fix API for gettings the diffs of all files for a certain fix-id. This is intended to be used in conjunction with robot comments.
New allow_conflicts option in all REST-API that perform a server-side merge or cherry-pick.
Groups
query as parameter for groups filtering, instead of the query2 which was a temporary name given to avoid clashes with an earlier deprecated parameter.Projects
project.config in the refs/meta/config of the repository.Replication plugin fixes
Issue 11672: Change the storage structure of the persisted replication tasks to avoid losing events.
Issue 11745: Fix firing pending “..all..” events on startup.
Issue 11760: Make persistent task keys stable.
Issue 12678: Fix missing replication Id in replication logs.
Issue 12719: Fix replication start --wait to track in-flight collisions and to not fail.
Issue 12731: Don‘t lose state when there’s a pending push to the same ref.
PolyGerrit fixes
Issue 4616: Open commentlinks to changes on the same server in the same tab.
Issue 7083: Stop query from executing if predicate is empty.
Issue 8068: Fix screenreader: In unified mode, stop showing “0 added/removed”.
Issue 9296: Fix wrong diff of commit message between different patch sets of a merge commit.
Issue 11515: Fix Ctrl-Enter on Move Change
Issue 11552: Fix prev/next on diff screen with unchanged files containing only comments.
Issue 11625: Avoid multiple notifications for existing reviewers.
Issue 11697: Fix rendering of commentlinks without leading whitespace.
Issue 11725: Fix diff view file name shown even when the file wasn't changed, but only included because contains a comment.
Issue 11727: Fix blue underline missing from active tabs.
Issue 11782: Fix assignment of CSS style for CodeReview -1 labels within comments.
Issue 11969: Fix tab index in reply dialog.
Issue 11980: Fix handling of LDAP groups containing a dot in the PolyGerrit permissions screen.
Issue 11984: Fix top menu bar on iOS.
Issue 11993: Stop loading fonts from external resources.
Issue 12020: Fix ‘New Contributor Agreement’ screen.
Issue 12024: Fix undefined branch in create-destination-dialog.
Issue 12031: Fix issues with caching edited commit message.
Issue 12067: Fix blank screen after upgrading.
Issue 12108: Add missing ‘Page ...’ on pagination links in the repository list.
Issue 12184: Fix link in blame annotation to link directly to the commit.
Issue 12197: Fix rendering of commentlinks using link in PolyGerrit UI.
Issue 12224: Honor the date format preference when displaying dates.
Issue 12385: Fix memory leak in gr-plugin-endpoints.
Issue 12707: Apply diff preferences immediately after pressing “Save”.
Issue 12726: Fix incorrect highlighting after / character in Javascript.
Issue 12775: Fix parent of previous patch sets not being available.
Other fixes
Issue 3340: Fix internal server errors when setting project access permission with bad regex.
Issue 7645: Fix thread deadlock when loading accounts from the account cache.
Replacing Guava caches with Caffeine reduces the chances of having the deadlocks and improves the cache performance.
Issue 7969: Fix internal server error when diffing MERGE_LIST between different patch sets of a merge commit.
Issue 8952: Do not require explicit “Push Tag” rights to refs/tags/* for pushing an annotated tag over HTTPS.
Issue 10397: Don't send notification email when publishing a change edit on a WIP change.
Issue 11650: Fix reindexing of changes after project is deleted in the delete-project plugin.
Issue 11962: Fix advertisement of refs/meta/config in git protocol v2 when client does not have access to it.
Issue 11986: Fix fetching individual ref with git protocol v2.
Issue 11989: Fix internal server error when pushing over SSH with git protocol v2.
Issue 12070: Fix internal server error on git over HTTP calls when SSHD is enabled.
Issue 12243: Fix unexpected deactivation of service user accounts.
Issue 12246: Fix generation of duplicate ChangeIds when creating a new change via REST.
Issue 12440: Fix the access-path for AbstractGitCommand subclasses.
Issue 12444: Add support for max_result_window in Elasticsearch index configuration.
Issue 12473: Fix broken links in Elasticsearch configuration documentation.
Issue 12606: Fix visibleto predicate for groups.
Issue 12747: Fix change query visibility for internal user.
Issue 12755: Block the removal of the Realm primary external ids.
Upgrade flogger to 0.5.1
Upgrade guava to 29.0
Upgrade guice to 4.2.3
Upgrade jgit to 5.8.0.202005061305-m2
Upgrade mina-sshd to 2.4.0
Upgrade ow2 to 7.2
Upgrade truth to 1.0.1
New Gerrit walkthrough guide for GitHub users for allowing an easier transition for those who are coming from a Pull Request workflow.
New guide on how to backup Gerrit.
Replace the term slave with replica in the Gerrit documentation, for alignment to the new term used in the configuration. The slave term is still supported but deprecated.
Issue 12573: Added documentation of the commit-container PolyGerrit extension endpoint.
Breaking Changes
Bug Fixes
Breaking Changes
Elasticsearch: Support for EOL versions 6.6 and 6.7 is discontinued.
Issue 13184: Logging: --console-log-flag of gerrit.war daemon respects log.textLogging and log.jsonLogging options
Change in the default behaviour of the --console-log flag. Since log.textLogging in the gerrit.config is true by default, using the --console-log-flag now writes logs to the error_log-file in addition to stderr by default. This can be avoided by setting log.textLogging = false.
Issue 13701: X-Forwarded-Proto is now required because of underlying upgrade of the Jetty library, when Gerrit is accessed through an HTTP(/S) reverse-proxy.
Security Fixes
Issue 13621 CVE-2020-8919: Make PermissionBackend#ForRef authoritative.
Fixes a misconception that leads to data being accessible through Gerrit APIs that should be locked down.
Gerrit had two components for determining if a Git ref is visible to a user: (Default)RefFilter and PermissionBackend#ForRef (e.g., RefControl). The former was always capable of providing correct results for all refs. The latter only had logic to decide if a Git ref is visible according to the Gerrit READ permissions. This includes all refs under refs/heads as well as any other ref that isn't a database ref or a Git tag. This component was unaware of Git tags and notedb-related refs. Hence, when asked for a database reference such as refs/changes/xx/yyyyxx/meta, the logic would allow access if the user has READ permissions on any of the ref prefixes (such as the default “read refs/* Anonymous Users”).
That was problematic, because it bypassed documented behavior where a user should only have access to a change if he can see the destination ref. The same goes for other database references.
Issue 13514 CVE-2020-8920: Work around Gitiles bug on All-Users visibility.
Gitiles has a special FilteredRepository wrapper that allows carefully hiding refs based on the project's ACLs. There is however an optimization that skips the filtering in case a user has READ permissions on every ACL pattern(s). When the target repository is All-Users, the optimization turns into a security issue because it allows seeing all personal information associated with all accounts, i.e.:
This fix now blocks Gitiles or any other part of Gerrit to abuse this power when the target repository is All-Users, where nobody can be authorized to skip the ACLs evaluation anyway.
Bug Fixes
Issue 13307: Do not forward events generated by multiple Gerrit servers in high-availability configuration.
Issue 13349: Allow disabling SSH on Gerrit replica, when disabled in gerrit.config.
Issue 13408: ReceiveCommits: potential NPE when auto-closing changes.
Issue 13412: gerrit test-submit is not available when ssh download is disabled.
PolyGerrit Fixes
Issue 11706: Allow editing the commit message as part of change edit.
Issue 13175: Fix gr-hovercard-behavior under Firefox.
Issue 13328: Project dashboard links stored in ‘My’ menu (GWT) lead to ‘cannot load page’ in PolyGerrit.
Issue 13350: Cannot add group to (cc-)review if its UUID is not the internal one.
Issue 13402: Errors not displayed by delete-project plugin, if project deletion fails.
Replication plugin Fixes
End-to-end Tests Improvements
Documentation Updates
New documentation for the GC section in jgit.config with the details of the relevant JGit settings for tuning the repositories GC.
New documentation for the receive section in jgit.config with the documentation of the autogc setting.
Documentation of how to enable Git protocol v2 on jgit.config.
Documentation of Gerrit logs format.
Documentation of the X-Forwarded-For header on HTTP/HTTPS reverse proxy configuration.
New sshd.gracefulStopTimeout setting for allowing incoming SSH connections to drain upon Gerrit shutdown.
Dependency Updates
Caffeine 2.8.5
Jetty 9.4.32.v20200930
JGit v5.8.1.202007141445-r
Google Truth 1.1
Soy 2020-08-24
This minor release has been withdrawn.
Security Fixes
Issue 12846: BadMessageException: 500: Response header too large.
Bump Jetty version to 9.4.30.v20200611 to fix regression introduced in Jetty version: 9.4.27.v20200227.
Response header overflow leads to buffer corruptions Jetty server always allocates maximum response header size.
For more details see also upstream issues:
Bug Fixes
Issue 12813: e2e-tests: Add CheckMasterBranchReplica1 scenarios
Issue 12934: Fix selection on diff with range comments
Issue 12952: Handle duplicate label values on project load and push of config updates
Issue 12959: Submit: Use updated change for response
The response was sent with the change instance from before it got submitted, rather than the updated change. As a result, the response contained the status “NEW” rather than “MERGED”.
Issue 12988: Fix issue with auto registering ssh commands
Issue 13166: Include request latency in httpd_log.json
The latency field was missing in the entries of JSON-formatted http logs.
PolyGerrit Fixes
Issue 12994: Fix toggle on iOS
This works around an issue where by clicking on iOS causes the toggle to act like a double tap, thus switches back off.
Issue 13080: Fix the position of the hovercard
The desired position was ‘right’, but it appeared ‘bottom-right’, because the height of the hovercard was calculated as 2px at the time of updating the position.
Issue 13054: Restore keyboard shortcut for expand all diff context
In gerrit 2.16 release the keyboard shortcuts system was redesigned, but the binding for Shift+x shortcut for expand all diffs was lost. Restore this binding and confirm that it is now listed in the help dialog and works as expected.
Documentation Updates
Replication plugin fixes:
Issue 12779: Only fire the specified pending event URI
Issue 12940: Fix issue with URI lock release after replication task cancellation
Issue 12986: Revert “Get a URI lock before running tasks.”
May still be missing some lock release calls and caused the loss of replication events in queue when backed by the same task storage file.
Dependency Updates
Security Fixes
Bug Fixes
Issue 12680: Run projects reindex after Gerrit init only when needed, speeding up the upgrade process.
Issue 12778: Fix Included In filter not working in the search box.
Issue 12909: Fx missing index creation after Gerrit init.
Issue 12918: Fix missing email notifications for project watches for changes created via cherry-pick.
Issue 12884: DatabasePubKeyAuth: Exclude comment from peer key line if present
PolyGerrit Fixes
Issue 11368: Fix Javascript error if project has incorrect access configuration in Global Capabilities.
Issue 12899: Speedup the rendering of changes with large number of comments by lazy loading them when expanded.
Documentation Updates
Issue 12869: Add documentation on how to move a change across branches.
Issue 12870: Update WIP workflow user guide.
New Features
Support for rolling upgrade.
New interface AccountActivationListener available to plugins for listening to accounts activation status changes.
Security Fixes
Issue 12717: Deny access over HTTP for disabled accounts.
A disabled account was still able to access over HTTP until the existing session expired.
Close active SSH connections associated to an account that has been disabled.
Bug Fixes
PolyGerrit Fixes
Documentation Updates