Download: 2.15.7 | 2.15.6 | 2.15.5 | 2.15.4 | 2.15.3 | 2.15.2 | 2.15.1 | 2.15
Documentation: 2.15.7 | 2.15.6 | 2.15.5 | 2.15.4 | 2.15.3 | 2.15.2 | 2.15.1 | 2.15
New change workflows for changes not yet ready for full review (formerly Drafts).
The new PolyGerrit UI is mature enough for most uses.
Account data is stored in NoteDb.
NoteDb for change metadata is considered stable, and new sites use it by default.
NoteDb migration for change metadata is available.
Made several improvements and additions to the documentation to help users find the information they need.
This release contains schema changes. To upgrade:
java -jar gerrit.war init -d site_path
Support for draft changes and draft patch sets has been completely removed.
In most cases, the new Work-In-Progress workflow is a suitable replacement. Note that in the Draft workflow, an individual patch set can be a Draft. However, in both the new Work-In-Progress and Private workflows, WIP and Private apply to the whole change, not an individual patch set.
When upgrading from an earlier version, draft changes are migrated. This applies to all draft changes, or changes with draft patch sets (even if the highest patch set is not a draft), as follows:
The upgrade process prompts (once) for what Drafts should be migrated to; either WIP (default) or Private.
The migration means that some draft patch sets, which were previously hidden, might now be visible to some users who could not previously view them.
Change owners can make them private again using the “Mark Private” option in the UI, or using the REST API.
Historically, Gerrit would retroactively change votes on a label when permissions for the voting user changed. For example, if a user voted Code-Review+2, but then later lost permission to vote +2 (for example, was removed from a Maintainers group), all CR+2 votes by that user on open changes would suddenly appear as CR+1. In 2.15, this retroactive behavior no longer applies: the CR+2 votes remain CR+2, even if permissions were changed.
This new behavior makes label permissions more consistent with other permissions: usually, permission changes don‘t apply retroactively (you can’t un-submit a change), and the permission is only checked at the time an action is performed. It also fixes some technical issues and improves performance of reindexing changes.
Starting in the 2.14.x bugfix series, all release JARs and documentations are signed by the Gerrit maintainers. This policy will continue for all future releases.
By default, all Gerrit URLs generated and used by the UI include not just the change number but the project name as well.
https://gerrit.mycompany.com/1234
becomes https://gerrit.mycompany.com/c/some/project/+/1234
https://gerrit.mycompany.com/#/c/1234
becomes https://gerrit.mycompany.com/#/c/some/project/+/1234
https://gerrit.mycompany.com/changes/1234
becomes https://gerrit.mycompany.com/some%2Fproject~1234
In addition to providing more context to humans reading the URL, this new scheme improves performance under NoteDb, and paves the way for load balancing a multi-master installation with repository affinity.
Old URLs will continue to be supported, and simply redirect to the new URLs.
Almost all account data is now stored in NoteDb. The account data is migrated automatically during the upgrade process by running gerrit.war init
.
The only account data not stored in NoteDb proper are the groups (remain in ReviewDb) and the reviewed flags which were moved to an external database (AccountPatchReviewDb) since 2.13.
For Gerrit slaves the branches that contain the account data must be replicated.
With this release, the new Gerrit storage backend, NoteDb, is officially supported for storing change metadata and is the default storage backend for new installations.
For existing sites, migration to the new backend may be done either offline or online in a running server.
Support for ReviewDb will be removed in Gerrit 3.0. Gerrit 3.0 will only support offline migration; to run an online migration, you must use the 2.15.x series.
The setup documentation now recommends setting up a user named gerrit
instead of gerrit2
. This username can be anything; the choice of name doesn't affect any functionality. However, some example commands in the documentation may refer to the new gerrit
user, so admins might need to tweak them to refer to gerrit2
instead.
In 2.15, posting a review including a vote on any labels that does not exist or is outside of the permitted range based on the ACLs will now always result in a failure of the entire operation. Previously, if the “strict labels” option was set to disabled in the review input, votes to any invalid labels would be silently ignored. This option has now been removed from the REST API's ReviewInput as well as the SSH review command.
CI systems that rely on the non-strict behaviour of earlier Gerrit versions may require additional configuration to avoid casting votes to labels which are invalid for the change.
Following feedback on the 2.15 release a new configuration option change.strictLabels
was introduced in 2.15.2 to allow the new strict functionality to be optionally enabled. By default it is disabled to maintain backwards compatibility with previous release.
Gerrit requires Java Runtime Environment (JRE) version 8; it is not compatible with JRE 9 or newer yet. For more information, see Issue 7843.
Implement admin interface (projects, groups and plugins).
Refreshed UI based on material design.
Add hashtag support.
Add support to show uploader on change screen.
Lots of bug fixes.
The draft change feature has been removed, and replaced with two separate features:
Changes can be ignored, or marked as reviewed, to reduce email notifications and keep dashboards cleaner.
When a change is reverted via the “Revert” button, this fact is recorded in the change metadata of the newly-created revert change, not just in the commit message as in the past. A new search operator revertof:
allows for searching for reverts of a given change.
Individual inline comments can be deleted after the fact by site administrators.
Users may be CCed on changes by entering their email address, even if they have not registered an account on the Gerrit server.
This feature is only available when using NoteDb.
When pushing new patch sets on a change or a series of changes, users can configure Gerrit to automatically publish any pending draft comments they have on those changes, avoiding the need to click through the web UI to publish all comments.
When diffing two patch sets of the same change that have different parents, some differences between the patch sets may be due to the rebase, instead of changes between the patch set and its base. These differences are now highlighted in the UI (PolyGerrit only), and are not counted towards the size of diffs.
When a push fails because the user does not have the required permission, the generic message (prohibited by Gerrit)
has been replaced with a detailed message describing the exact permissions required.
With this release, we have updated several sections of the documentation to make it easier for users to find the information they need. These updates include:
We have also made changes to improve navigation throughout the documentation.
ChangeInfo now records the change that this change was a revert of.
ChangeInfo now contains the submitter, for merged changes.
ReviewInput no longer offers the strict_labels
option. It will behave as enabled with earlier versions of Gerrit. The entire operation will now fail if any of the labels used are not within the user's permitted range based on ACLs or if the label is not configured for the project/branch.
created_on
field.New Java API for accessing plugins.
New Java API for accessing custom project dashboards.
New getGroups
method in account API to get a user's group memberships.
New ChangeReportFormatter
extension point for customizing the report output from git push
.
Instances of IdString used to return true when equals
was given a String instance equal to the IdString's URL-encoded value. This violates symmetry, so this behavior was removed: IdStrings now never compare equal to Strings.
It is now possible to replicate directly to another Gerrit instance.
Is is possible to enable replication to different Gerrit instance by using gerrit+ssh://
as the protocol name followed by the hostname of another Gerrit server.
Username parameters are added to hook invocations.
When an account parameter is passed to a hook, it gets formatted as Name (Email)
or just Name
when the account does not have an email address. If the account‘s name is not set, the name is “Anonymous Coward”. From this information it is not easy for a hook to get the account’s username.
All hooks that take an account parameter now automatically also get a corresponding username parameter. For example if the hooks takes the parameter --change-owner Name (Email)
it will automatically also get the parameter --change-owner-username username
Update Apache Commons Codec to 1.10
Update Apache Commons Compress to 1.13
Update Apache Commons Validator to 1.6
Update Apache Mina SSHD to 1.6.0
Update AutoValue to 1.4.1 (updated to 1.6.2 in 2.15.4)
Update Blame Cache to 0.2-5
Update Bouncy Castle to 1.57 (updated to 1.60 in 2.15.7)
Update Dropwizard to 3.2.4
Update GWT to 2.8.1
Update Jetty to 9.3.18.v20170406 (updated to 9.3.24.v20180605 in 2.15.7)
Update JGit to 4.9.0.201710071750-r (updated to 4.9.7.201810191756-r in 2.15.6)
Update Joda-Time to 2.9.9
Update juniversalchardet to 2.0.0
Update Lucene to 5.5.4 (updated to 5.5.5 in 2.15.7)
Update Pegdown to 1.6.0
Update Polymer to 1.11.0
Update Soy to 2017-04-23
Issue 9024: Fix setting PRIVATE
and WIP
for updated changes in console report.
In some cases the private and work-in-progress status indicator for changes updated by push was shown incorrectly.
Issue 9768: Explicitly set the number of shards and replicas for Elasticsearch, and allow them to be configured.
From Elasticsearch version 7 the default number of shards per node will be changed from 5 to 1.
The number of shards and number of replicas are now explicitly set when creating the index.
The new settings elasticsearch.numberOfShards
and elasticsearch.numberOfReplicas
allow the values to be configured. The default values are 5 and 1, respectively, which is the same as the default values used by Elasticsearch prior to version 7.
Issue 10106: Fix incorrect json in the example for the ‘Set Access’ REST endpoint.
Upgrade elasticsearch-rest-client to 6.5.3.
Discontinue support for Elasticsearch 2.4.
Add preliminary support for Elasticsearch 7.
Support for Elasticsearch 7 is added, and tested against the alpha1
release.
Issue 10112: Upgrade rules_closure to make Gerrit buildable with the latest Bazel version.
Issue 9781: Allow to disable the groups relevance filtering for LDAP.
Upgrade jackson-core to 2.9.8.
Add a new method on the account API to set the account name.
Issue 9952: Upgrade dependencies to newer versions to fix CVEs.
Issue 9969: Fix incorrect dependency on httpcore-nio for Elasticsearch.
The Elasticsearch REST client depends on version 4.4.5 of httpcore-nio, but the version provided by Gerrit was 4.4.1.
Remove dependency on httpmime.
httpmime was a dependency of Apache Solr, which was removed from Gerrit some time ago.
Upgrade Elasticsearch REST client to 6.4.3.
Fix logic for updating display name on authentication.
The display name was only being updated in the case when the authentication realm did not allow updates.
Issue 9982: Trigger audit for git over HTTP commands.
git-receive-pack
and git-upload-pack
commands were only audited for git over SSH.
Issue 9974: Fix redirection to documentation index page.
Issue 7306 and Issue 9321: Fix URL routing.
Issue 9836: Fix database connections leaks.
The fix for issue 9823 in 2.15.5 introduced a database connection leak.
Update JGit to 4.9.7.201810191756-r.
.gitmodules
files.Issue 9419: Allow users to remove themselves as reviewer from an abandoned change.
Issue 9880: Fix notifications when a WIP change is reviewed using the review
ssh command.
Instead of only the owner being notified, all reviewers were notified.
Mark cherry-pick change as WIP if source change is WIP.
If a work-in-progress change is cherry-picked to another branch the created cherry-pick change should be marked as work-in-progress too.
Update JGit to 4.9.6.201810051924-r to fix CVE-2018-17456.
This release of JGit implements validation of .gitmodules
files to protect unguarded tools against CVE-2018-17456.
Issue 9823: Fix force push permission check for administrators and project owners over SSH.
It was possible for an administrator or project owner to force push to a project over SSH without having the Force Push permission.
This issue did not affect regular users, or pushes over HTTP.
Update jackson-core to 2.9.7.
There have been several releases since 2.6.6 including many bug fixes and security fixes.
Update elasticsearch-rest-client to 6.4.2.
Issue 9705: Fix blank dropdown for ‘Only serve as parent for other repositories’ option when creating a new repository.
Issue 9610: Add support for showing the ‘effective’ value of the max object size limit setting.
Issue 9787: Fix permission check for toggling WIP flag when posting review.
Issue 9655: Fix support for setting owner of group to a single user.
Issue 7053: Modify search autocompletion to include only email.
Issue 8859: Skip plugin capability check for administrators.
Issue 7896 and Issue 9674: Fix compatibility with MS Edge.
Issue 9642: Fix rendering of ‘Ready’ and ‘Start Review’ buttons.
Issue 8472: Count unresolved message threads within thread groups rather than by leaves.
Issue 7911 and Issue 9506: Fix text overflow.
Issue 8202: Add current patch set to wip-state-changed
and private-state-changed
events.
Issue 9483: Perform fonts preloads in “anonymous” cross-origin mode.
Issue 8582: Turn off autoReindexIfStale by default.
Issue 7750: Fix enforcing of signed push when ‘Require signed push’ is enabled.
Remove unused font files.
Issue 9670: Add support for Elasticsearch 6.4.0.
Issue 9711: Add a change deleted event.
Since 2.14 it is possible to delete changes, however there was no specific event emitted. A new change deleted event is added, which is notified to stream-events
clients. The hooks plugin is updated to support a change-deleted
hook.
Issue 9689: Fix visibility of tag creation form on the project screen (GWT).
The tag creation form was shown when the user had “Create Reference” permission on refs/*
or refs/heads/*
(but not refs/tags/*
).
Issue 9528: Allow project-level receive.maxObjectSizeLimit
to be inherited from parent project.
It is possible to set the limit per project in the project.config
on refs/meta/config
, and at global level in $site/etc/gerrit.config
. The project setting may override the global setting if it is lower. Changing the global setting requires a server restart.
A limitation of this implementation is that we cannot set the limit at a project level and have it inherited to its child projects; it is necessary to explicitly set the limit on each child project.
A new global option receive.inheritProjectMaxObjectSizeLimit
is added, and when this is enabled the project-level setting is inherited from the parent. This new setting is disabled by default to keep backwards compatibility with the original behavior.
Allow more email RFC characters in the username.
It was possible to set a username with an email-address-like string, but only as far as the fact that the @
character was allowed. Most of the other characters allowed by the RFC were not allowed.
Ensure user authentication in AllRequestFilter
filters.
The order of filters made request authentication only work when the HTTP request was issued from the Gerrit UI, but not work when REST API was used.
commit-message-length-validation plugin: Use “warning” prefix to allow colorization of remote output.
From version 2.19 of git, the “warning” keyword will be highlighted in the remote output when color.remote
is enabled in the git config.
Fix display of “Delete Changes” permission in access screen on GWT UI.
Fix permission check when deleting a single branch with the “Delete Branches” REST endpoint.
Include cause in exception when failing to save config in the “Set Config” REST endpoint.
Issue 9482: Fix staleness checker for URL-encoded project names.
Validate connections when sending a request to the database.
In some cases it was possible to attempt to reuse an already closed connection, which resulted in an internal server exception.
Issue 9586 Reload change page to land on the latest patch set after change submission in PolyGerrit.
Upgrade JGit to 4.9.5.201809180939-r.
Issue 9153: Fix querying for filenames with special characters.
Issue 9667: Fix handling of output stream in LFS server.
Fix errors during cleanup after deleting refs.
Fix errors during cleanup after running garbage collection.
Fix atomic lock file creation on NFS.
Honor trustFolderStats also when reading packed-refs.
Users should note that for repositories with a high number of references (for example in excess of 300K refs) and in a server with high traffic, this solution may not scale well and should be tested carefully.
Upgrade guice to 4.2.0.
Guice version 4.2.0 includes performance improvements.
Upgrade elasticsearch-rest-client to 6.4.1.
Upgrade Dropwizard Metrics to 4.0.3.
Upgrade auto-value to 1.6.2.
Upgrade PostgreSQL connector to 42.2.4.
Upgrade MariaDB connector to 2.3.0.
[elasticsearch "name"]
section, with separate values protocol
, hostname
, and port
, the servers are now configured as a list of server
values in the [elasticsearch]
section. This also fixes Issue 9383 where a “default” server http://localhost:9200
would be added by the site initialization even if other servers were already explicitly configured. During startup the list of configured Elasticsearch servers is logged at info level.elasticsearch.username
setting. If elasticsearch.password
is specified, the username
can be omitted and it will default to elastic
which is the default username configured when running Elasticsearch with security enabled.log4j.configuration
is set When the environment variable log4j.configuration
is set, log files defined by plugins were not created because the appender couldn't be found.Change-Id
in error message when Change-Id
line is not in the footer.#
), the change was created with a zero Change-Id. This was because lines beginning with #
are considered to be comments, and are stripped from the commit message by JGit before computing the Change-Id for the commit. Before attempting to create the change, Gerrit now strips out any comment lines from the commit message and returns an error if this results in the commit message being empty.--generate-http-password
option to the ssh set-account
command. To bring the ssh command more in-line with the REST API for a user, it is now possible to generate a new HTTP password. This allows ordinary users to generate a new HTTP password via ssh when they cannot log in to the web UI (e.g. due to being a service account). Access to the set-account
command is also relaxed; normal users may use it to set a new password on their own account.user.name
and user.email
from gerrit.config
. The user.name
and user.email
settings were being read as-is, which would allow them to be configured with values that may interfere with standard email name/address parsing.strict_labels
attribute was removed from the review input entity, and Gerrit no longer silently ignores invalid label scores. This caused breakage in CI systems that submit reviews post-merge and don't have different configurations for if the change is already merged or not. For example the Gerrit Trigger Plugin was broken, as discussed on the Gerrit mailing list. A new configuration change.strictLabels
is introduced. When enabled, Gerrit will reject invalid labels, otherwise will silently ignore them. By default it is disabled, for backwards compatibility with previous releases.reviewerin:
search results when user is added as CC. The reviewerin:
search should only return users that were added as a reviewer, but was also including users that were added as CC.http.addUserAsResponseHeader
, the servlet response includes a ‘User’ header that contains the name of the logged in user, enabling reverse proxies to log the name of the user that issued the http request.CacheImpl
interface. An implementation is provided for postgresql.submit
hook The submit
hook is invoked synchronously when a change is submitted. If it returns a non-zero exit status, a MergeValidationException
is thrown and the submit is prevented. This adds back the ability to block submit by a hook which was removed in version 2.14 due to the reworking of the ref-update
hook behavior.ref-update
and commit-received
hooks. The hooks were not singletons, which caused new instances to be created on every invocation.elasticsearch.prefix
was not set, and Elasticsearch server-specific settings were not correctly set under elasticsearch.name.protocol
, etc.index.maxLimit
for Elasticsearch. When using Elasticsearch, index.maxLimit
should not exceed the value of index.max_result_window
configured on the Elasticsearch server.index start
and index activate
ssh commands with Elasticsearch.gerrit_
.HEAD
reference failed because the passed reference name was not absolute.