Google Git
Sign in
gerrit / homepage / 4a34a386c2415816362fed127af8417dd6a444ba / . / pages / site / releases / 3.1.md
blob: d59a7356abe4eaad3ad8aafc3a9f0a7a9e1667af [file] [log] [blame] [view]
---
title: "Gerrit 3.1.x"
permalink: 3.1.html
hide_sidebar: true
hide_navtoggle: true
toc: true
---
Download: **[3.1.16](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.16.war)**
| [3.1.15](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.15.war)
| [3.1.14](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.14.war)
| [3.1.13](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.13.war)
| [3.1.12](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.12.war)
| [3.1.11](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.11.war)
| [3.1.10](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.10.war)
| [3.1.8](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.8.war)
| [3.1.7](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.7.war)
| [3.1.6](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.6.war)
| [3.1.5](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.5.war)
| [3.1.4](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.4.war)
| [3.1.3](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.3.war)
| [3.1.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.2.war)
| [3.1.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.1.war)
| [3.1.0](https://gerrit-releases.storage.googleapis.com/gerrit-3.1.0.war)
Documentation: **[3.1.16](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.16/index.html)**
| [3.1.15](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.15/index.html)
| [3.1.14](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.14/index.html)
| [3.1.13](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.13/index.html)
| [3.1.12](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.12/index.html)
| [3.1.11](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.11/index.html)
| [3.1.10](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.10/index.html)
| [3.1.8](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.8/index.html)
| [3.1.7](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.7/index.html)
| [3.1.6](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.6/index.html)
| [3.1.5](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.5/index.html)
| [3.1.4](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.4/index.html)
| [3.1.3](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.3/index.html)
| [3.1.2](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.2/index.html)
| [3.1.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.1/index.html)
| [3.1.0](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/index.html)
## Release Highlights
* Support for git protocol v2
* Polymer 2
* Mandatory plugins
* Performance logging and tracing
See the [New Features](#new-features) section for further details.
## Important Notes
### Schema Changes
This release does not contain any schema changes. To upgrade:
``` sh
java -jar gerrit.war init -d site_path
```
The accounts, changes and groups index versions have been increased. To run
off-line reindexing (optional):
```sh
java -jar gerrit.war reindex -d site_path
```
By default indexes are automatically rebuilt upon the Gerrit startup after the
upgrade.
### Breaking Changes
#### The `reviewdb.client` package is renamed to `entities`
Plugins or extensions that import classes from the `com.google.gerrit.reviewdb.client`
package must change the imports to `com.google.gerrit.entities`.
#### Changed APIs for `Id` and `NameKey` classes
Plugins and extensions that instantiate and use classes such as `Account.Id`,
`Change.Id`, `Project.NameKey`, `Branch.NameKey`, etc, must adapt to the following
changes.
* The classes can no longer be instantiated with the `new` operator. Instead they
must be created with static factory methods.
* `new Account.Id(...)` --> `Account.id(...)`
* `new AccountGroup.Id(...)` --> `AccountGroup.id(...)`
* `new AccountGroup.UUID(...)` --> `AccountGroup.uuid(...)`
* `new Branch.NameKey(...)` --> `BranchNameKey.create(...)`
* `new Project.NameKey(...)` --> `Project.nameKey(...)`
* 'Getter' methods are now generated by the auto-value library and no longer have
the `get` prefix.
* `Account.getName()` -> `Account.name()`
* ...etc
#### REST API endpoint implementations must return `Response<T>`
REST API endpoint implementations must now return a `Response` object that
explicitly sets a status code. Plugins that currently only return an `Object`
must be adapted to the new interface.
#### Powermock and Easymock are removed
The Powermock and Easymock libraries are no longer exported in the `acceptance-framework`
artifact, and are replaced by Mockito. Plugins that use Powermock and/or Easymock in their
tests should either add explicit dependencies, or migrate the tests to Mockito.
#### Polymer 2 and Shadow DOM may break JavaScript plugins
The Gerrit frontend has been migrated from Polymer 1 to
[Polymer 2](https://polymer-library.polymer-project.org/2.0/docs/upgrade) and to using
[Shadow DOM](https://polymer-library.polymer-project.org/2.0/docs/devguide/shadow-dom).
This may break JavaScript plugins, e.g. if they use `document.getElementById()` to reach
into the DOM. Instead, plugins will have to use dedicated plugin endpoints together
with calling
[`plugin.registerCustomComponent`](https://gerrit-review.googlesource.com/Documentation/js-api.html#self_registerCustomComponent).
#### Browser Support
Internet Explorer is not supported. Major browsers are supported for the following
versions and newer: Firefox 68, Chrome 76, Safari 12.1.
#### Legacy support for pushing to `refs/drafts/` is removed
The `change.allowDrafts` configuration option is removed, and it is no longer
possible to push new changes or patch sets to `refs/drafts/<branch-name>`.
#### Support for pushing to `refs/changes/` is removed
The `receive.allowPushToRefsChanges` configuration option is removed, and it is
no longer possible to add a new patch set to a change by pushing to
`refs/changes/<change number>`.
#### JGit Configuration is no longer read from system level `.gitconfig`
JGit's configuration options are now read from the `$site/etc/jgit.config`
file rather than the system level `.gitconfig`.
#### New limit on the number of change meta updates
Many NoteDb operations require walking the entire change meta ref and loading
its contents into memory, so changes with arbitrarily many updates may cause
high CPU usage, memory pressure, persistent cache bloat, and other problems.
A new configuration option
[`change.maxUpdates`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/config-gerrit.html#change.maxUpdates)
allows to set the maximum number of updates that are allowed.
#### `container.slave` is renamed to `container.replica`
The `container.slave` option is still recognized as an alias of `container.replica`
but is deprecated and will be removed in a future release.
#### The `MessageOfTheDay` extension point is removed.
The `MessageOfTheDay` functionality was not ported to the PolyGerrit-UI and
the `MessageOfTheDay` extension point was removed with the 3.1.3 release.
However, the JS API provides the `banner` entrypoint for plugins to add messages
to the UI. Plugins that were previously using the `MessageOfTheDay` extension
point have to be adapted accordingly.
#### The `test.submit_rule` and `test.submit_type` REST APIs now require input
In previous versions of Gerrit it was possible to omit the rule from the input
and the project's default submit rule would be tested. Now the rule is required,
and the request will fail with '400 bad request' if the rule is not provided.
## New Features
### Git Protocol V2
Git protocol V2 is now enabled by default. A new permission-aware ref database
ensures that Gerrit only ever returns refs that the calling user has access to.
### Mandatory Plugins
It is possible to
[configure which plugins are mandatory](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/config-gerrit.html#plugins.mandatory).
Gerrit will fail to start if a mandatory plugin cannot be loaded.
Disabling and restarting of a mandatory plugin is rejected, but reloading of a
mandatory plugin is still possible.
### Replication plugin
* [Issue 11196](https://bugs.chromium.org/p/gerrit/issues/detail?id=11196):
Latency metric is now recorded also at a project level, only when
the latency was greater than a configured threshold, configurable in
`replication.config`
### New option to limit options used when rendering internal events.
The new option
[`event.payload.listChangeOptions`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/config-gerrit.html#event.payload.listChangeOptions)
allows to configure which options are used when rendering internal
events. This can be used to reduce performance impact of rendering
many options.
### Performance logging and tracing
See the [documentation](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/config-gerrit.html#tracing)
for full details.
### REST APIs
* Accounts
* The `DETAILS` query option on the
[query accounts](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/rest-api-accounts.html#query-account)
endpoint now includes the `status` and `state` fields in the response.
* Changes
* New [`SKIP_DIFFSTAT`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/rest-api-changes.html#skip_diffstat)
option for the query changes endpoint.
Computation of the `insertions` and `deletions` fields may be expensive for
large trees. The new `SKIP_DIFFSTAT` option allows to omit it from the result.
* New `exclude-groups` option on the
[Suggest Reviewers](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/rest-api-changes.html#suggest-reviewers)
endpoint.
* New optional `commit-message` field on the
[input for cherry-pick endpoints](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/rest-api-changes.html#cherrypick-input).
If the optional message is provided, it is used, otherwise the message from
the cherry-picked change is used.
* New optional `topic` field on the
[input for the revert endpoint](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/rest-api-changes.html#revert-input).
If the optional topic is provided, it is used, otherwise the topic from the
reverted change is used.
* Config
* The value of
[`change.api.excludeMergeableInChangeInfo`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/config-gerrit.html#change.api.excludeMergeableInChangeInfo)
is now included in the response from the
[Get Server Info endpoint](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/rest-api-config.html#get-info).
* Projects
* New endpoint: [Update dashboard](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.0/rest-api-projects.html#update-dashboard).
The new endpoint currently only works for the default dashboard.
## Bug Fixes
* [Issue 5082](https://bugs.chromium.org/p/gerrit/issues/detail?id=5082):
Fix internal server error when getting blame for removed/replaced file.
* [Issue 11918](https://bugs.chromium.org/p/gerrit/issues/detail?id=11918):
Fix internal server error when deleting a ref by git push.
* [Issue 12246](https://bugs.chromium.org/p/gerrit/issues/detail?id=12246):
Fix generation of duplicate `Change-Id`s when creating a new change via REST.
The `Change-Id` was computed from the commit content and the timestamp,
which resulted in the possibility for two changes to get the same `Change-Id`
when two empty changes were created by REST at the same time.
The `Change-Id` is now generated randomly.
## Dependency Updates
* Remove easymock, powermock and javassist from the acceptance framework
* Remove promise-polyfill
* Add mockito in the acceptance framework
* Upgrade Apache sshd and mina-core to 2.3.0
* Upgrade auto-value to 1.7
* Upgrade bouncycastle to 1.61
* Upgrade commons-compress to 1.18
* Upgrade gitiles-servlet and blame-cache to 0.3-6
* Upgrade jetty to 9.4.18.v20190429
* Upgrade JGit to v5.5.1.201910021850-r-152-g63fc6970c
* Upgrade polymer to 2.7.2
* Upgrade polymerelements/iron-autogrow-textarea to 2.2.0
* Upgrade polymerelements/iron-dropdown to 2.2.1
* Upgrade polymerelements/iron-icon to 2.1.0
* Upgrade polymerelements/iron-iconset-svg to 2.2.1
* Upgrade polymerelements/iron-input to 2.1.3
* Upgrade polymerelements/iron-overlay-behavior to 2.3.4
* Upgrade polymerelements/iron-selector to 2.1.0
* Upgrade polymerelements/iron-test-helpers to 2.0.1
* Upgrade polymerelements/test-fixture to 3.0.0
* Upgrade polymerelements/paper-button to 2.1.3
* Upgrade polymerelements/paper-input to 2.2.3
* Upgrade polymerelements/paper-item to 2.1.1
* Upgrade polymerelements/paper-listbox to 2.1.1
* Upgrade polymerelements/paper-tabs to 2.1.1
* Upgrade polymerelements/paper-toggle-button to 2.1.1
* Upgrade visionmedia/page.js to 1.11.4
* Upgrade truth to 1.0
## Bugfix Releases
### 3.1.16
* Security Fixes
* [Issue 14732](https://crbug.com/gerrit/14732):
Commits/IncludedIn exposes branch names without respecting the ACLs on branches
When calling the REST endpoint for listing all branches that a commit SHA1
is part of, the commit is properly checked for visibility against the ACLs
(it is a REST resource) but the branches were not checked.
The included-in may have exposed the list of non-visible branches to a user
that had visibility purely on the SHA1.
* [Issue 7282](https://crbug.com/gerrit/7282):
Hide repository name and description when user has no access
Gitiles did not respect Gerrit's permission and would show the repo name
and description to any user who could guess the name.
The repositories list as well as the content APIs were not affected.
* Bug Fixes
* [Issue 14639](https://crbug.com/gerrit/14639):
Searching repositories by name is case-sensitive
Restore the correct project search that was case-insensitive in 2.16.27,
3.1.3 and 3.3.2.
* [Change 307602](https://gerrit-review.googlesource.com/c/gerrit/+/307602):
Fix NPE while accessing draft refs
* [Change 307482](https://gerrit-review.googlesource.com/c/gerrit/+/307482):
EqualsLabelPredicate: fix bug that prevents matching owner votes
### 3.1.15
* Bug Fixes
* [Issue 14553](https://crbug.com/gerrit/14553):
Gerrit REST-API fails when using /a/ prefix and cookies
Recent fix to support GerritAccount Cookie authentication for Git/HTTP
broke existing Python (or other) scripting when performing automation with
Gerrit REST-API. That is due to the generation of the GerritAccount cookie
in the HTTP response, which Python automatically manages to reuse in
subsequent calls.
* [Issue 13721](https://crbug.com/gerrit/13721):
Don't serve polygerrit assets for git requests
After migration to Polymer UI, PolyGerrit static resources are mounted at
the root of the gerrit URL, and would collide with project namespaces, so that
the project with these prefixes cannot be served with Git over HTTP protocol.
### 3.1.14
* Bug Fixes
* Fix registration redirect on OpenID
* Log when a new SSH connection is rejected due to exceeded limit
When the `sshd.maxConnectionsPerUser` got exceeded for a user, new
connections from that user were rejected but no log entry was reported.
* [Issue 14127](https://crbug.com/gerrit/14127):
Fix binding of DELETE REST calls from plugins.
The processing of the DELETE request actually never reached the
delete-project plugin due to bug in the RestApiServlet which wrongly
delegated the request to a child collection in Gerrit core.
* [Issue 13140](https://crbug.com/gerrit/13140):
OpenID: Remove support for Yahoo! OpenID provider.
Yahoo! discontinued support for OpenID provider:
"OpenID2 will be EOLed on 6/30/20"
* [Issue 14246](https://crbug.com/gerrit/14246):
Creation of internal account does not respect `auth.userNameToLowerCase`.
The CreateAccount SSH command and REST API was able to create accounts
with usernames that contained uppercase letters even if
`auth.userNameToLowerCase` was set to true.
* [Issue 14490](https://crbug.com/gerrit/14490):
Missing LDAP metrics for authentication.
Expose the LDAP metrics in terms of latency and call rates so that any
problem can be highlighted early on and potentially alerted to the Gerrit
admin.
* [Issue 14497](https://crbug.com/gerrit/14497):
Git/HTTP traffic overloads LDAP with duplicate authentication requests.
When authenticating incoming Git calls over HTTP the BasicAuth filter was
called 3 times per call triggering multiple authentications against the
backend.
* [Issue 14508](https://crbug.com/gerrit/14508):
Allow GerritAccount Cookie authentication for Git/HTTP.
Allow to create a Gerrit session from the GerritAccount cookie set on the
Git client, so that only the first HTTP call will actually authenticate
and create a session whilst all the others would just reuse the existing
cookie.
* [Issue 11142](https://crbug.com/gerrit/11142):
ssh to gerrit with no args requires standard input to terminate.
* [JGit Issue 552173](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552173)
Too many open files when fetching repos with lots of refs
JGit update fixes "Too many open files" errors.
* Dependency Updates
* Update JGit to 00386272264f65c41e36406f7c2e9ea6e901276e.
### 3.1.13
* New Features
* [Issue 14091](https://bugs.chromium.org/p/gerrit/issues/detail?id=14091):
Support the highlighting of LaTeX files with .tex extension.
* Breaking Changes
* Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
7.2 and 7.3 is discontinued. Both elasticsearch versions became EOL recently.
* [Issue 13931](https://bugs.chromium.org/p/gerrit/issues/detail?id=13931):
Disallow editing the Change-Id during inline edits.
* Bug Fixes
* [Issue 12443](https://bugs.chromium.org/p/gerrit/issues/detail?id=12443):
Stop generating continuous "logging context is not empty" in error_log.
* [Issue 14097](https://bugs.chromium.org/p/gerrit/issues/detail?id=14097):
Allow enabling of Git GC button for non-local Git repository managers, such
as multi-site repositories.
* [Issue 14118](https://bugs.chromium.org/p/gerrit/issues/detail?id=14118):
Quota management: enforce repository size on pack rather than on object.
* PolyGerrit Fixes
* [Issue 14257](https://bugs.chromium.org/p/gerrit/issues/detail?id=14257):
Fix empty TopMenu drop down list.
* Replication plugin fixes
* [Issue 12754](https://bugs.chromium.org/p/gerrit/issues/detail?id=12754):
Remove replication plugin running tasks after their completion.
* Documentation updates
* Align the recommended buildifier version to v4.0, the same used in the CI.
* Development guidelines: mention that Optional in arguments is discouraged
(use @Nullable instead) but may be used as return type.
* Dependency Updates
* Update highlight.js to 10.6.0.
### 3.1.12
* New Features
* Add change query option allowing administrators to skip visibility filtering.
Add a new REST-API change query option "skip-visibility" to allow administrators
to skip visibility filtering.
* Security Fixes
* [Issue 13858](https://bugs.chromium.org/p/gerrit/issues/detail?id=13858)
[CVE-2021-22553](https://nvd.nist.gov/vuln/detail/CVE-2021-22553):
Fixed memory leak in Git-over-HTTP requests.
Unauthenticated users could exploit this problem in a Denial of Service attack,
causing the server to go out-of-memory.
* PolyGerrit Fixes
* [Issue 11811](https://bugs.chromium.org/p/gerrit/issues/detail?id=11811):
Fix comments on partial text selection on Safari.
* Replication plugin fixes
* Don't check read permission when authgroup isn't set.
Do not check for read permission when authGroup is not set since
the user is a RemoteSiteUser that is-an InternalUser having
read access to everything. This fixes a regression introduced in v3.1.10
that prevented the All-Users.git repository to be fully replicated to
Gerrit replicas.
* Bug Fixes
* [Issue 13803](https://bugs.chromium.org/p/gerrit/issues/detail?id=13803):
Limit number of ambiguous accounts in error message.
Don't list more than 3 ambiguous accounts in error message of
UnresolvableAccountException in order to prevent flooding the log and
displaying a lot of sensitive account data in an error dialog.
* [Issue 13936](https://bugs.chromium.org/p/gerrit/issues/detail?id=13936):
Fix badly formatted error message shown in error dialog.
* [Issue 13884](https://bugs.chromium.org/p/gerrit/issues/detail?id=13884):
Fix 'is:submittable' query on multiple submit records.
* Dependency Updates
* Update highlight.js to 10.5.0.
* Update Jetty to 9.4.35.v20201120.
* Downgrade soy-template to 2019-10-08.
### 3.1.11
* Breaking Changes
* Elasticsearch: Support for [EOL version](https://www.elastic.co/support/eol)
6.8 is discontinued. This was the last supported minor version of
Elasticsearch 6 in Gerrit. From this release, Gerrit no longer supports V6
but only the already supported versions 7.x of Elasticsearch.
* Speaking of which, support for 7.0 and 7.1 is discontinued too, as both
elasticsearch versions also became [EOL](https://www.elastic.co/support/eol)
recently.
* Security Fixes
* [Issue 12629](https://bugs.chromium.org/p/gerrit/issues/detail?id=12629):
Verify hostname when sending emails via SMTP server with SMTPSClient.
The SMTP server's certificate and hostname must be verified if
encryption is enabled with SSL verification in the host settings
(`sendemail.smtpEncryption` and `sendemail.sslVerify`).
* PolyGerrit Fixes
* Add a warning if submitting a change with an open change edit.
* Bug Fixes
* [Issue 13781](https://bugs.chromium.org/p/gerrit/issues/detail?id=13781)
Compact the REST-API output JSON unconditionally.
The output JSON was initially compacted only when
the Accept header was set to `application/json`: the compation is now
done unconditionally, unless the `pp=1` query parameter is specified.
* [Issue 13786](https://bugs.chromium.org/p/gerrit/issues/detail?id=13786)
ForRef#check should permit internal users to read all refs:
[Make `PermissionBackend#ForRef` authoritative change](https://gerrit-review.googlesource.com/c/gerrit/+/288925)
introduced a regression where gerrit `internal users` (e.g. plugins) were
not taken into consideration when checking READ permission. As consequence
the `All-Users.git` repository did not get any of the user's refs replicated
to the slaves. After the upgrade it is required to trigger a forced replication
of the `All-Users.git` repository manually.
* Documentation Updates
* Clarify that 'm' push option sets patch set description.
* Clarify that disk cache metrics require `cache.enableDiskStatMetrics`.
* Dependency Updates
* Upgrade testcontainers to 1.15.1.
* Upgrade Jetty to 9.4.33.v20201020.
### 3.1.10
* Breaking Changes
* Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
6.6 and 6.7 is discontinued.
* Logging: `--console-log`-flag of `gerrit.war daemon` respects `log.textLogging`
and `log.jsonLogging` options
Change in the default behaviour of the `--console-log` flag. Since
`log.textLogging` in the `gerrit.config` is `true` by default, using the
`--console-log`-flag now writes logs to the `error_log`-file in addition
to stderr by default. This can be avoided by setting `log.textLogging = false`.
* Security Fixes
* [Issue 13621](https://bugs.chromium.org/p/gerrit/issues/detail?id=13621)
[CVE-2020-8919](https://nvd.nist.gov/vuln/detail/CVE-2020-8919):
Make `PermissionBackend#ForRef` authoritative.
Fixes a misconception that leads to data being accessible through Gerrit
APIs that should be locked down.
Gerrit had two components for determining if a Git ref is visible to a
user: `(Default)RefFilter` and `PermissionBackend#ForRef` (e.g.,
`RefControl`). The former was always capable of providing correct results
for all refs. The latter only had logic to decide if a Git ref is visible
according to the Gerrit `READ` permissions. This includes all refs under
`refs/heads` as well as any other ref that isn't a database ref or a Git
tag. This component was unaware of Git tags and notedb-related refs. Hence,
when asked for a database reference such as `refs/changes/xx/yyyyxx/meta`,
the logic would allow access if the user has `READ` permissions on any of
the ref prefixes (such as the default "read refs/* Anonymous Users").
That was problematic, because it bypassed
[documented behavior](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.10/access-control.html)
where a user should only have access to a change if he can see the
destination ref. The same goes for other database references.
* [Issue 13514](https://bugs.chromium.org/p/gerrit/issues/detail?id=13514)
[CVE-2020-8920](https://nvd.nist.gov/vuln/detail/CVE-2020-8920):
Work around Gitiles bug on `All-Users` visibility.
Gitiles has a special `FilteredRepository` wrapper that allows carefully
hiding refs based on the project's ACLs. There is however an optimization
that skips the filtering in case a user has `READ` permissions on every ACL
pattern(s). When the target repository is `All-Users`, the optimization
turns into a security issue because it allows seeing all personal information
associated with all accounts, i.e.:
* draft comments
* draft edits
* personally identifiable information (PII) of all users
* external ids
This fix now blocks Gitiles or any other part of Gerrit to abuse this power
when the target repository is `All-Users`, where nobody can be authorized
to skip the ACLs evaluation anyway.
### 3.1.9
This minor release has been withdrawn.
### 3.1.8
* Security Fixes
* [Issue 12846](https://bugs.chromium.org/p/gerrit/issues/detail?id=12846):
BadMessageException: 500: Response header too large.
[CVE-2019-17638](https://nvd.nist.gov/vuln/detail/CVE-2019-17638)
Bump Jetty version to 9.4.30.v20200611 to fix regression introduced in Jetty
version: 9.4.27.v20200227.
Response header overflow leads to buffer corruptions Jetty server always
allocates maximum response header size.
For more details see also upstream issues:
[Issue 4936](https://github.com/eclipse/jetty.project/issues/4936)
[Issue 4541](https://github.com/eclipse/jetty.project/issues/4541)
* Bug Fixes
* [Issue 12959](https://bugs.chromium.org/p/gerrit/issues/detail?id=12959):
Submit: Use updated change for response
The response was sent with the change instance from before it
got submitted, rather than the updated change. As a result, the
response contained the status "NEW" rather than "MERGED".
* [Issue 13166](https://bugs.chromium.org/p/gerrit/issues/detail?id=13166):
Include request latency in httpd_log.json
The latency field was missing in the entries of JSON-formatted http logs.
* [Issue 12917](https://bugs.chromium.org/p/gerrit/issues/detail?id=12917):
Switching between changes fails and in-line edit returns HTTP status 404.
Switching between changes in a change series randomly fails.
Also, when adding a file to a change using in-line edit fails constantly
with an HTTP status 404.
### 3.1.7
* Security Fixes
* [Issue 12926](https://bugs.chromium.org/p/gerrit/issues/detail?id=12926):
Allow setting X-Frame-Options response header for preventing
[clickjacking attacks](https://owasp.org/www-community/attacks/Clickjacking).
* Bug Fixes
* [Issue 12680](https://bugs.chromium.org/p/gerrit/issues/detail?id=12680):
Run projects reindex after Gerrit init only when needed, speeding up the upgrade process.
* [Issue 12778](https://bugs.chromium.org/p/gerrit/issues/detail?id=12778):
Fix `Included In` filter not working in the search box.
* [Issue 12909](https://bugs.chromium.org/p/gerrit/issues/detail?id=12909):
Fx missing index creation after Gerrit init.
* [Issue 12918](https://bugs.chromium.org/p/gerrit/issues/detail?id=12918):
Fix missing email notifications for project watches for changes created via cherry-pick.
* PolyGerrit Fixes
* [Issue 11368](https://bugs.chromium.org/p/gerrit/issues/detail?id=11368):
Fix Javascript error if project has incorrect access configuration in `Global Capabilities`.
* [Issue 12899](https://bugs.chromium.org/p/gerrit/issues/detail?id=12899):
Speedup the rendering of changes with large number of comments by lazy loading them when expanded.
* Documentation Updates
* [Issue 12869](https://bugs.chromium.org/p/gerrit/issues/detail?id=12869):
Add documentation on how to move a change across branches.
### 3.1.6
* New Features
* Support for [rolling upgrade](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.6/config-gerrit.html#gerrit.experimentalRollingUpgrade)
to Gerrit v3.2.0.
* New interface `AccountActivationListener` available to plugins for listening
to accounts activation status changes.
* Security Fixes
* [Issue 12717](https://bugs.chromium.org/p/gerrit/issues/detail?id=12717):
Deny access over HTTP for disabled accounts.
A disabled account was still able to access over HTTP until the existing
session expired.
* Close active SSH connections associated to an account that has been disabled.
* Bug Fixes
* [Issue 12844](https://bugs.chromium.org/p/gerrit/issues/detail?id=12844):
Update account full name when it changes in LDAP.
* [Issue 12850](https://bugs.chromium.org/p/gerrit/issues/detail?id=12850):
Ignore WIP changes in "CCed on" dashboard section.
* Replication plugin fixes
* [Issue 12806](https://bugs.chromium.org/p/gerrit/issues/detail?id=12806):
Fix replication of the project deletions to remote replicas.
* PolyGerrit Fixes
* [Issue 11706](https://bugs.chromium.org/p/gerrit/issues/detail?id=11706):
Support commit message modification as part of the inline edit session.
* Documentation Updates
* Added missing documentation of
[notedb.changes.sequenceBatchSize](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.6/config-gerrit.html#notedb.changes.sequenceBatchSize)
### 3.1.5
* New Features
* Add a new metric for monitoring Java deadlocks.
The metric `proc/jvm/thread/num_deadlocked_threads` monitors the number of
threads that are deadlocked waiting for object monitors or ownable synchronizers.
* Add support for Elasticsearch 7.7.
* Breaking Changes
* Metrics: Cache disk stat metric computation is disabled by default
Calculation of the cache disks stat metrics for persistent caches is disabled
by default because it is a very expensive operation that can block a thread for
several minutes on larger installations.
Installations that still want to use this metric must explicitly enable it with the
[cache.enableDiskStatMetrics](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.5/config-gerrit.html#cache.enableDiskStatMetrics)
configuration option.
* Plugin API: Deprecated methods related to the draft workflow and change edits are removed
* `ChangeApi.getEdit()`
* `ChangeApi.publish()`
* `RevisionApi.delete()`
* `RevisionApi.publish()`
* [Issue 12527](https://bugs.chromium.org/p/gerrit/issues/detail?id=12527):
Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
v5.6 and v6.0 to v6.5 is discontinued
* End-to-end Tests Improvements
* Allow end-to-end tests to proportionally scale on their expected execution times.
A `power_factor` [environment property](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.5/dev-e2e-tests.html#_environment_properties)
was added to the end-to-end tests core framework. Using that optional property,
scenario steps can take some more (or less) time prior to expecting proper completion.
The way to set that property locally then depends on the target runtime environment,
or SUT latency. The property may be used for either core or plugin scenarios.
* `FlushProjectsCache` related scenarios added to core (and the `high-availability` plugin).
* Support for relative runtime weights in scenarios.
Each scenario can now either weight like any other by default, or override that default
with a greater weight value, compared to siblings that are lighter on execution times.
Beside core, make the `high-availability` and `multi-site` plugin scenarios reuse this.
* Allow scenarios to create and delete Gerrit changes alongside projects.
Add the corresponding core support for an optional `http` request body to every such
`GerritSimulation`. Either automate or allow [environment properties](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.5/dev-e2e-tests.html#_environment_properties)
to feed the related input test data.
Beside core, make the `high-availability` and `multi-site` plugin scenarios test changes
that way. The latter currently has [Issue 12693](https://bugs.chromium.org/p/gerrit/issues/detail?id=12693)
as a known limitation.
* Bug Fixes
* [Issue 12606](https://bugs.chromium.org/p/gerrit/issues/detail?id=12606):
Fix `visibleto` predicate for groups.
If a group name was used in the `visibleto` predicate, changes were
not returned even if the group had permission to see them.
* [Issue 12747](https://bugs.chromium.org/p/gerrit/issues/detail?id=12747):
Fix change query visibility for internal user.
* [Issue 12755](https://bugs.chromium.org/p/gerrit/issues/detail?id=12755):
Block the removal of the Realm primary external ids.
It was possible to remove the email address associated with the primary
id of a Realm, effectively resulting in the account being removed.
* [Isssue 12786](https://bugs.chromium.org/p/gerrit/issues/detail?id=12786):
Fix wrong status returned when auth backend couldn't be reached.
The response 401 was returned when the auth backend could not be
reached, instead of the response 503.
* [Issue 14242](https://bugs.chromium.org/p/gerrit/issues/detail?id=12424):
Fix email token verification failures caused by non-URL-encoded characters.
* [Issue 11625](https://bugs.chromium.org/p/gerrit/issues/detail?id=11625):
Avoid multiple notifications for existing reviewers.
* Fix internal server error on parsing commit message during receive commits.
* Add `autocomplete="off"` to LDAP login form.
Some security tools will flag the absence of the autocomplete flag as a
possible security issue, as it could allow for passwords to be saved and
automatically filled in on shared computers.
* Accept `--ownedby` as an alias of `--owned-by` in the groups REST API.
The option was incorrectly documented as `--ownedBy` which resulted in an
error "not a valid option" if anyone tried to use it.
The documentation is fixed, and `--ownedby` is added as an alias so that it
also works for anyone still referring to the old documentation.
* Fix various misuses of the Flogger API causing exception details to be omitted
in the log output.
Exceptions were not properly passed to the logger which would cause the
details to be omitted, or in some cases the message "ERROR: UNUSED LOG ARGUMENTS"
to be emitted.
* When an invalid PAPE response is received during OpenID authentication
* When a plugin config is invalid and cannot be loaded
* When an error occurs while migrating a change metadata entry to JSON
* When there is an unsupported charset in a patch text
* [Issue 12673](https://bugs.chromium.org/p/gerrit/issues/detail?id=12673):
Fix emitting debug logs while running tests.
* PolyGerrit UI Fixes
* [Issue 12707](https://bugs.chromium.org/p/gerrit/issues/detail?id=12707):
Apply diff preferences immediately after pressing "Save".
* [Issue 12690](https://bugs.chromium.org/p/gerrit/issues/detail?id=12690):
Only show the "Edit" button for open changes in the diff view.
* [Issue 12726](https://bugs.chromium.org/p/gerrit/issues/detail?id=12726):
Fix incorrect highlighting after `/` character in Javascript.
* [Issue 12775](https://bugs.chromium.org/p/gerrit/issues/detail?id=12775):
Fix parent of previous patch sets not being available.
* [Issue 12385](https://bugs.chromium.org/p/gerrit/issues/detail?id=12385):
Fix memory leak in `gr-plugin-endpoints`.
* Replication Plugin Fixes
* [Issue 12678](https://bugs.chromium.org/p/gerrit/issues/detail?id=12678):
Fix missing replication Id in replication logs.
The migration to use Flogger in 2.16.17 caused a regression in the logging,
where the replication Id was omitted from the logs. This is fixed by reverting
back to slf4j logging for the replication log.
* [Issue 12719](https://bugs.chromium.org/p/gerrit/issues/detail?id=12719):
Fix `replication start --wait` to track in-flight collisions and to not fail.
* [Issue 12731](https://bugs.chromium.org/p/gerrit/issues/detail?id=12731):
Don't lose state when there's a pending push to the same ref.
If there was already a pending push (not an in-flight push) to the same endpoint,
the start for the push would be dropped when adding the push to the Destination.
This meant that a `replication start --wait` command would never complete when
one of its pushes was pending since its state would never receive the completion
notification for that push.
* [Issue 11745](https://bugs.chromium.org/p/gerrit/issues/detail?id=11745):
Fix firing pending "..all.." events on startup.
* [Issue 11760](https://bugs.chromium.org/p/gerrit/issues/detail?id=11760):
Make persistent task keys stable.
* Fix URL matching to match real URLs in addition to templated URLs.
* Log when skipping deletion of a ref when pushing to a remote in mirror mode.
* Improve logging of push failures caused by a lock failure on the remote.
* Improve logging of refs to be pushed.
* Library Upgrades
* Upgrade rules_closure to forked version
This fixes the "-parameters is not supported for target value 1.7. Use 1.8 or later."
warning when building. See [PR 478](https://github.com/bazelbuild/rules_closure/pull/478).
* [Issue 12448](https://bugs.chromium.org/p/gerrit/issues/detail?id=12448):
Upgrade Guice to 4.2.3 and switch to using no-AOP Guice distribution
This allows to more easily support newer JDK versions.
* Upgrade asm to 7.2
* Upgrade jackson-core to 2.11.0
* Upgrade jetty to 9.4.27.v20200227
### 3.1.4
* Breaking Changes
* The `LogThreshold` annotation is removed.
The default log level for tests has been changed from DEBUG to INFO,
and this annotation is no longer needed. It was originally introduced
to allow classes to explicitly set their log level at level other than
DEBUG.
Plugins that use this annotation must be adjusted.
* New Features
* Add support for Elasticsearch 7.6.x.
* Include `upload-pack` metrics in the sshd log.
In order to enable detailed performance and problem analysis,
`upload-pack` metrics are now included in the sshd log.
* Add new configuration setting `core.packedGitUseStrongRefs`.
When set to true, this option enables using strong references to reference
packfile pages cached in the WindowCache. If this option is set Java gc can
no longer flush the WindowCache to free memory if the used heap comes close
to the maximum heap size. On the other hand this provides more predictable
performance.
* Add new configuration setting `sendemail.denyrcpt`.
This new setting works alongside the existing `sendemail.allowrcpt`, and
allows to configure email addresses or domains that Gerrit may not send to.
* Allow to format HTTP and SSH logs in JSON format.
When `log.jsonLogging` is enabled, the HTTP and SSH logs are formatted
as JSON, making it easier for them to be parsed. Note that the error log
was already formatted in JSON when this option was enabled.
* Add new metrics.
Metrics are added for:
* Jetty connections
* JGit WindowCache and total load time for block cache entries
* Available number of cores
* Average system load for the last minute
Refer to the metrics documentation for full details.
* [Issue 11493](https://bugs.chromium.org/p/gerrit/issues/detail?id=11493):
Add an "Edit" button to the diff view in the PolyGerrit UI.
* Add support for fsharp in highlighting syntax in the PolyGerrit UI.
* [Issue 12364](https://bugs.chromium.org/p/gerrit/issues/detail?id=12364):
Add support for going to a specific line number in the inline editor.
* Add prolog predicate to determine number of parents.
The new predicate `commit_parent_count` can be used to detect merge
commits.
* Add `NamedFluentLogger`.
`NamedFluentLogger` is an extension to Flogger that allows to create
a logger with a given name rather than the name of the enclosing class.
* [Issue 12444](https://bugs.chromium.org/p/gerrit/issues/detail?id=12444):
Add support for `max_result_window` in Elasticsearch index configuration.
* Add a Code Coverage layer and plugin API in the PolyGerrit UI.
See [Chromium issue 939904](https://bugs.chromium.org/p/chromium/issues/detail?id=939904)
for details.
* Allow customizing the Gerrit httpd.listenUrl configuration in Docker using
the HTTPD_LISTEN_URL environment variable.
* Library Upgrades
* Upgrade jackson-core to 2.10.3
* Upgrade Jetty to 9.4.24.v20191120, including a fix for supporting IPv6.
* Upgrade JGit to v5.6.1.202002131546-r-15-g241557137
* Upgrade rules_closure to forked version.
This fixes the "-parameters is not supported for target value 1.7. Use 1.8 or later."
warning when building. See [PR 478](https://github.com/bazelbuild/rules_closure/pull/478).
* Security Fixes
* [Issue 12440](https://bugs.chromium.org/p/gerrit/issues/detail?id=12440):
Fix the access-path for AbstractGitCommand subclasses.
The access path for the Receive.currentUser in the receive-pack command
was wrongly set to SSH_COMMAND instead of to GIT.
This allowed project owners to force-update a ref using git-over-SSH
without having en explicit permission for that.
* Bug Fixes
* Fix size explosion of `All-Users` caused by draft comment removal.
Modify draft comments generation so that, when removed, they to point to an
empty parent.
* [Issue 11772](https://bugs.chromium.org/p/gerrit/issues/detail?id=11772):
Cancel deprecation of change identifiers that was planned since 2.16.
Since 2.16 the documentation of change identifiers states that the
identifiers other than `<project>~<numericid>` are deprecated and will
be removed in a future release. Since then the identifiers have still
not been removed and there is no clear plan to do so.
It is likely that "deprecated" identifiers are still used in links in
places where they can't be updated, for example in emails and forum
posts. Due to this, and since continuing to support all of the types
does not add any technical burden, ESC decided that the deprecation
should be cancelled.
The `change.api.allowedIdentifier` configuration setting is now
obsolete and has been removed.
* [Issue 3340](https://bugs.chromium.org/p/gerrit/issues/detail?id=3340):
Fix internal server errors when setting project access permission with bad regex.
* Fix removal of stale metrics from the metrics registry.
* [Issue 12349](https://bugs.chromium.org/p/gerrit/issues/detail?id=12349):
Fix time attribute of file entries in plugin artifacts.
* Make assumption on number of query results explicit for change Id arguments.
When a change Id passed as argument was resolved to multiple changes,
the first returned change was arbitrarily used. Now an error will be raised
and logged.
* download-commands plugin: Set SSH default port to 22.
* Document dependency from account deactivator to autoUpdateAccountActiveStatus
and log a warning if the account deactivation task is configured but will not
be scheduled.
* Fix handling of ambiguous name in `visibleto` search predicate.
If the `visibleto` search predicate was used with a display name that
resolved to more than one account, the first account in the result was
arbitrarily used. Now, this case will result in an error.
* Fix a dependency injection runtime error in DeleteZombieDrafts program.
* [Issue 12473](https://bugs.chromium.org/p/gerrit/issues/detail?id=12473):
Fix broken links in Elasticsearch configuration documentation.
* PolyGerrit UI Fixes
* [Issue 4616](https://bugs.chromium.org/p/gerrit/issues/detail?id=4616):
Open commentlinks to changes on the same server in the same tab.
* [Issue 12031](https://bugs.chromium.org/p/gerrit/issues/detail?id=12031):
Fix issues with caching edited commit message.
* Remove `target=_self` from commentlinks.
* Replication Plugin Fixes
* Check nulls in firePendingEvents at startup.
After a sudden reboot (for unknown reason) Gerrit at startup couldn't
load because of NullPointerException.
* Change default for the `replicateOnStartup` to false.
* [Issue 12559](https://bugs.chromium.org/p/gerrit/issues/detail?id=12559):
replicateOnStartup not loaded and always considered as false.
### 3.1.3
* New Features
* Include request description in HTTP thread names.
The HTTP worker threads had generic names like `HTTP-100`, `HTTP-101`,
etc. While we could conclude from the stack trace what this thread was
doing, we missed some important information like repository name, user name,
etc.
The HTTP threads now have descriptive names. For example, if there is an
ongoing git-fetch operation we will see a thread named like:
`HTTP POST /a/myProject/git-upload-pack (johndoe from 10.87.75.169)`.
This makes the naming consistent with SSHD threads, which are named like:
`SSH git-upload-pack /myProject (johndoe)`.
* New metrics for Jetty threadpool.
The new metrics are exposed under `http/server/jetty/*`.
* Utility program to delete zombie draft comment refs.
Deletion of draft comment refs was broken until 2.16.14, resulting in
draft comment refs not getting deleted properly. Although it has been fixed,
it's still possible that zombie refs exist from previous versions. The
new site program `DeleteZombieCommentsRefs` can be used to remove them.
* Highlight `WORKSPACE` and `BUILD.bazel` files as Python in the PolyGerrit UI.
* Breaking Changes
* The `MessageOfTheDay` extension point is removed.
The `MessageOfTheDay` functionality was not ported to the PolyGerrit-UI and
the `MessageOfTheDay` extension point was removed with the 3.1.3 release.
However, the JS API provides the `banner` entrypoint for plugins to add messages
to the UI. Plugins that were previously using the `MessageOfTheDay` extension
point have to be adapted accordingly.
* Bug Fixes
* [Issue 12097](https://bugs.chromium.org/p/gerrit/issues/detail?id=12097):
Fix migration to NoteDb when orphan changes exist.
In the case where a change belonged to a repository that did not exist,
the migration failed.
* [Issue 9296](https://bugs.chromium.org/p/gerrit/issues/detail?id=9296):
Fix wrong diff of commit message between different patch sets of a merge commit.
* [Issue 7969](https://bugs.chromium.org/p/gerrit/issues/detail?id=7969):
Fix internal server error when diffing `MERGE_LIST` between different patch sets
of a merge commit.
* [Issue 10397](https://bugs.chromium.org/p/gerrit/issues/detail?id=10397):
Don't send notification email when publishing a change edit on a WIP change.
* [Issue 12243](https://bugs.chromium.org/p/gerrit/issues/detail?id=12243):
Fix unexpected deactivation of service user accounts.
* Fix editing name and email for service user accounts.
* Fix internal server error when a change edit includes an invalid file path.
Invalid file paths are now rejected as '400 Bad Request'.
* Fix internal server error when giving an invalid merge strategy to the
'Create Merge Patch Set' REST endpoint.
* Fix a resource leak in the 'Get Patch' REST endpoint.
* Don't check for conflicting refs when deleting a ref; improve performance of
migration to schema 167.
The migration to schema 167 involves deletion of refs. The performance was
poor for large installations (for example 30k user refs and 20k groups)
because the ref deletion implementation was doing an unnecessary check for
conflicting refs.
* Fix setting `_moreChanges` to the wrong value in change query REST results.
* Upgrade highlight-js to get various fixes in source code highlighting:
* fix(makefile) fix double relevance for assignments
* (xml) expand and improve document type highlighting
* fix(kotlin): fix termination of """ string literals
* (cpp) Add additional keywords
* Backslash is not used to escape in strings in standard SQL
* (javascript) fix jsx self-closing tag issues
* enh(ini) support arrays and much cleaner grammar
* (javascript) support jsx fragments
* PolyGerrit UI Fixes
* [Issue 11980](https://bugs.chromium.org/p/gerrit/issues/detail?id=11980):
Fix handling of LDAP groups containing a dot in the PolyGerrit permissions screen.
* [Issue 12197](https://bugs.chromium.org/p/gerrit/issues/detail?id=12197):
Fix rendering of commentlinks using `link`.
* [Issue 11697](https://bugs.chromium.org/p/gerrit/issues/detail?id=11697):
Fix rendering of commentlinks without leading whitespace.
* [Issue 12224](https://bugs.chromium.org/p/gerrit/issues/detail?id=12224):
Honor the date format preference when displaying dates.
* [Issue 12184](https://bugs.chromium.org/p/gerrit/issues/detail?id=12184):
Fix link in blame annotation to link directly to the commit.
* [Issue 12108](https://bugs.chromium.org/p/gerrit/issues/detail?id=12108):
Add missing 'Page ...' on pagination links in the repository list.
* Fix the size of the commit message box.
* Fix a parse error on the repository list.
* Fix multiple triggers when `shift-r` is held.
* Wrap filenames onto two lines in the file list if the filename is too long.
* Add a right margin to the search bar.
This creates some space between the search bar and the `header-browse-source`
endpoint where you often see a 'Repositories' link.
* Replace 'Menlo' font with 'SF Mono'.
'Menlo' was replaced by 'SF Mono' from Mac OS 10.11, and 'Menlo' does not render
symbols and characters correctly.
* Other Changes
* Upgrade JGit to v5.6.0.201912101111-r-31-g3d59d1b80.
* Upgrade jackson-core dependency to 2.10.2
* Improve logging when a metadata update fails.
* Update [external Ids documentation](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.3/config-accounts.html#external-ids)
with information on how to find the sha1 of an external Id and how to show the
corresponding change note.
### 3.1.2
* New Features
* Include thread name in the HTTPD and SSHD logs.
Having thread name in the HTTPD and SSHD logs makes it easier to match entries
from the error log. The error log entries already contain the thread name, so
with the thread name included in each entry in the HTTPD and SSHD logs, we have
more data to match an error to a request than just the timestamp.
* PolyGerrit UI Fixes
* [Issue 12067](https://bugs.chromium.org/p/gerrit/issues/detail?id=12067):
Fix blank screen after upgrading.
* Other Fixes
* [Issue 12070](https://bugs.chromium.org/p/gerrit/issues/detail?id=12070):
Fix internal server error on git over HTTP calls when SSHD is enabled.
Double cleanup of the request context caused an internal server error on
push or fetch via git over HTTP.
* Fix generation of SSH keys with empty passphrase.
The `-N` option of `ssh-keygen` was correctly used for generation of RSA keys,
but for other types `-P` was used.
* Extend documentation of external Ids to include examples of how to generate
the sha1 of an external Id and how to show the git note of the Id.
### 3.1.1
* New Features
* [Issue 11973](https://bugs.chromium.org/p/gerrit/issues/detail?id=11973):
Add copy-to-clipboard for generated HTTP password.
* Add support for doctag in PolyGerrit UI syntax highlighter.
* Add an event interface in the PolyGerrit API.
* Add support for Elasticsearch 7.5.
* Add documentation of how to perform backups of Gerrit.
* PolyGerrit UI Fixes
* [Issue 12024](https://bugs.chromium.org/p/gerrit/issues/detail?id=12024):
Fix undefined branch in create-destination-dialog.
* [Issue 11969](https://bugs.chromium.org/p/gerrit/issues/detail?id=11969):
Fix tab index in reply dialog.
* [Issue 11993](https://bugs.chromium.org/p/gerrit/issues/detail?id=11993):
Stop loading fonts from external resources.
* [Issue 11984](https://bugs.chromium.org/p/gerrit/issues/detail?id=11984):
Fix top menu bar on iOS.
* [Issue 8282](https://bugs.chromium.org/p/gerrit/issues/detail?id=8282):
Avoid browser caching for diff on edit patch.
* [Issue 9444](https://bugs.chromium.org/p/gerrit/issues/detail?id=9444):
Fix syntax highlighting for multi-char char constants.
* [Issue 12020](https://bugs.chromium.org/p/gerrit/issues/detail?id=12020):
Fix 'New Contributor Agreement' screen.
* Fix `gr-syntax-params` css class.
* Fix overflow of branch name in change list.
* Other Fixes
* [Issue 11989](https://bugs.chromium.org/p/gerrit/issues/detail?id=11989):
Fix internal server error when pushing over SSH with git protocol v2.
* [Issue 11962](https://bugs.chromium.org/p/gerrit/issues/detail?id=11962):
Fix advertisement of `refs/meta/config` in git protocol v2 when client does
not have access to it.
* [Issue 11986](https://bugs.chromium.org/p/gerrit/issues/detail?id=11986):
Fix fetching individual ref with git protocol v2.
* [Issue 7645](https://bugs.chromium.org/p/gerrit/issues/detail?id=7645):
Fix thread deadlock when loading accounts from the account cache.
Replacing Guava caches with Caffeine reduces the chances of having the
deadlocks and improves the cache performance.
* [Issue 11918](https://bugs.chromium.org/p/gerrit/issues/detail?id=11918):
Fix internal server error when deleting a tag or branch by git push.
* [Issue 11650](https://bugs.chromium.org/p/gerrit/issues/detail?id=11650):
Fix reindexing of changes after project is deleted in the `delete-project` plugin.
* Disallow deleting the `refs/meta/config` branch via the 'Delete Branches'
REST API.
* Disallow deleting the `HEAD` ref via the 'Delete Branches' REST API.
* Allow empty base revision in the 'Create Branch' and 'Create Tag'
REST APIs.
* Fix deletion of draft comment refs.
In some situations, draft comment refs were not properly deleted
but left empty. This resulted in unused draft refs persisting in
the `All-Users` repository, polluting the namespace. Published draft
comments as well as deleted draft comments were kept in the history
of the draft ref, keeping them alive for GC, and causing a steady
increase of repository size.
* Use correct content type `text/plain` instead of `plain/text` in 'Create SSH Key'
REST API.
* Fix handling of interactive/batch users in the QoS filter.
For the git-over-http requests this filter didn't work properly because the
basic authentication happened later in the filter chain and at the moment when
the QoS filter was invoked the current user was not yet set.
* Add project name to headers of outgoing change emails.
* Fix and expand documentation of `ref-update` and `commit-received` hooks
in the hooks plugin.
* Upgrade JGit to v5.6.0.201912041214-rc1