Google Git
Sign in
gerrit / homepage / 4a34a386c2415816362fed127af8417dd6a444ba / . / pages / site / releases / 3.2.md
blob: 1f04ae29a7c8e6186471de23548425ca8a9b87a6 [file] [log] [blame] [view]
---
title: "Gerrit 3.2.x"
permalink: 3.2.html
hide_sidebar: true
hide_navtoggle: true
toc: true
---
Download: **[3.2.14](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.14.war)**
| [3.2.13](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.13.war)
| [3.2.12](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.12.war)
| [3.2.11](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.11.war)
| [3.2.10](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.10.war)
| [3.2.8](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.8.war)
| [3.2.7](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.7.war)
| [3.2.6](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.6.war)
| [3.2.5.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.5.1.war)
| [3.2.5](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.5.war)
| [3.2.3](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.3.war)
| [3.2.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.2.war)
| [3.2.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.1.war)
| [3.2.0](https://gerrit-releases.storage.googleapis.com/gerrit-3.2.0.war)
Documentation: **[3.2.14](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.14/index.html)**
| [3.2.13](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.13/index.html)
| [3.2.12](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.12/index.html)
| [3.2.11](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.11/index.html)
| [3.2.10](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.10/index.html)
| [3.2.8](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.8/index.html)
| [3.2.7](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.7/index.html)
| [3.2.6](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.6/index.html)
| [3.2.5.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5.1/index.html)
| [3.2.5](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5/index.html)
| [3.2.3](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.3/index.html)
| [3.2.2](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.2/index.html)
| [3.2.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.1/index.html)
| [3.2.0](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/index.html)
## Release Highlights
* Polymer 3
* File Uploads in frontend
* Performance improvements on mergeability check and accounts caching
* Support for Java 11
## Important Notes
### Support for Java 11
Gerrit is now officially supported on Java 11, in addition to Java 8.
Running on Java 11 was already possible from v2.16.13, v3.0.4 and v3.1.0, but not officially
supported because of the lack of a CI validation on Java 11 for stable-2.16, stable-3.0
and stable-3.1 branches.
Please note that Java 11 has a number of improvements and breaking changes compared to Java 8.
Refer to the [Java 11 release notes for more details](https://www.oracle.com/technetwork/java/javase/11-relnote-issues-5012449.html).
Gerrit v3.2 has been validated with Java 11, with the following known issues:
* [Issue 11567](https://bugs.chromium.org/p/gerrit/issues/detail?id=11567):
Java 11 runtime & startTLS LDAP broken: 'error code 8 - BindSimple: Transport encryption'.
* [Issue 12639](https://bugs.chromium.org/p/gerrit/issues/detail?id=12639):
WARNING: An illegal reflective access operation has occurred, when starting Gerrit.
### Schema Changes
This release contains schema changes. To upgrade:
``` sh
java -jar gerrit.war init -d site_path
```
The changes index version has been increased. To run off-line reindexing of
the changes (optional):
```sh
java -jar gerrit.war reindex --index changes -d site_path
```
By default the changes index is automatically rebuilt upon the Gerrit startup
after the upgrade.
**PERFORMANCE WARNING**: The migration process performs the cleanup of
the zombie draft comments in the All-Users.git repository that have been
left behind since the introduction of NoteDb. It is highly recommended
to perform a `git gc --aggressive` of the All-Users.git repository *BEFORE*
running the migration. Also the reindex of all the changes can take a
significant amount of time for large-scale installations.
Also, make sure that the All-Users.git resides on
a fast access local filesystem for minimizing the migration time.
## Native packaging
* Upgrade the Docker/Ubuntu image to Ubuntu 20.04
* Upgrade the Docker/CentOS image to CentOS 8.1.1911
* Move to OpenJDK 11
Gerrit v3.2 supports both Java 8 and 11. However, Java 11 is the best choice for
large production servers thanks to the introduction of more advanced Garbage Collection
[strategies and associated tuning for large heaps](https://docs.oracle.com/en/java/javase/11/gctuning/introduction-garbage-collection-tuning.html).
### Zero-downtime Upgrade
Gerrit supports zero-downtime upgrade from Gerrit v3.1.6 (or later) when configured using
a [high-availability configuration](https://gerrit.googlesource.com/plugins/high-availability/+/refs/heads/master/README.md),
when the Git repositories are stored in a shared filesystem such as NFS or similar.
For upgrading with zero-downtime, you should enable the rolling upgrade migration
in `gerrit.config` on both Gerrit masters by setting the
[`gerrit.experimentalRollingUpgrade`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html)
to `true`.
During the zero-downtime upgrade, Gerrit end-users would not notice any outage
or service disruption. They will be able to perform the normal Gerrit operations
on the GUI or using the Git protocol.
The zero-downtime upgrade consists of the following steps:
1. Have Gerrit masters upgraded to v3.1.6 (or later) in high-availability configuration,
healthy and able to handle the incoming traffic properly.
2. Set `gerrit.experimentalRollingUpgrade` to `true` in `gerrit.config` on both Gerrit masters.
3. Set the first Gerrit master unhealthy.
4. Shutdown the first Gerrit master and then upgrade to v3.2.
5. Startup the first Gerrit master and wait for the on-line reindex to complete.
6. Verify that the first Gerrit master is working properly and then make it healthy again.
7. Wait for the first Gerrit master to start serving traffic normally.
8. Repeat steps 3. to 7. for the second Gerrit master.
9. Remove `gerrit.experimentalRollingUpgrade` from `gerrit.config` on both Gerrit masters.
**NOTE**: During the zero-downtime upgrade, the nodes may experience an increase of CPU and memory
utilisation due to the online reindexing activity. If testing reveals that the nodes
are not able to keep sustained load in conjunction with the online reindexing, then you have
to follow the standard migration path.
### Breaking Changes
* [Issue 12527](https://bugs.chromium.org/p/gerrit/issues/detail?id=12527):
Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
v5.6 and v6.0 to v6.5 is discontinued
* [Issue 12858](https://bugs.chromium.org/p/gerrit/issues/detail?id=12858):
ListGroups: the --query2 option in the groups query REST-API has been renamed to
--query
* Gerrit metrics associated with H2 disk-statistics are now disabled by default.
The disk-statistics can be enabled again by setting
[`cache.enableDiskStatMetrics`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html#cache.enableDiskStatMetrics)
in gerrit.config.
* The number of comments per change are limited to 5000, and their size to 16k.
The limits can be customized in `gerrit.config` using the
[change.maxComments](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html#change.maxComments) and
[change.commentSizeLimit](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html#change.commentSizeLimit) settings.
## New Features
### Mergeability behavior and performance
This release introduces a configuration setting `change.mergeabilityComputationBehavior`
that defines when Gerrit computes the mergability of a change .
Computing the mergability of changes is an expensive operation that can be
become a bottleneck for large Gerrit installations. The new setting allows
administrators to control this expense. Please refer to the
[Gerrit documentation](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html#change.mergeabilityComputationBehavior)
for more details about this setting.
The setting
[`change.api.excludeMergeableInChangeInfo`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.1.5/config-gerrit.html#change.api.excludeMergeableInChangeInfo)
is no longer used and may be removed from `gerrit.config`.
### New accounts cache
Introduction of a brand-new AccountCache decomposed into smaller chunks that can be
cached individually:
- External IDs + user name (cached in ExternalIdCache)
- CachedAccountDetails (newly cached)
- Gerrit’s default settings CachedAccountDetails – a new class representing all
information stored under the user’s ref (`refs/users/<sharded-id>`)
The new structure is cleverly designed to require a lot less I/O when an entry needs to be
reloaded and lowering the ratio of cache-miss in case of user’s details updates.
### New external groups cache
Gerrit can be linked to external user directories like LDAP, providing Gerrit with
external users and groups. External groups can be added to Gerrit to restrict access
to refs and repos and are mainly used for permissions evaluation.
The following new additional caches have been introduced and can be customized in
`gerrit.config`:
- `groups_external`: Caches all the external groups available to Gerrit.
- `groups_external_persisted`: Caches all external groups available to Gerrit at
some point in history.
### File Uploads
File Uploads are now supported in the User Interface or through the REST API.
### New Revert permission
Introduce a new permission to allow/deny the ability to revert a change through
the Gerrit UI.
The permission is automatically added to the `Registered Users` as part of the
schema upgrade. To deny reverts, Gerrit administrators should remove this permission
from `All-Projects` ACL.
### New is:merge merge operator for searching changes
Introduce the new `is:merge` operator for allowing to find changes that are
merge commits. This change requires a full reindex of the changes, which may take
quite a long time to compute for large-sized installations.
When choosing the on-line reindexing option (default) Gerrit can still operate
with the old index version, disabling the `is:merge` operator until the new index
has been successfully rebuilt.
### New SSH commands
New SSH commands introduced:
- `gerrit set-topic`: set the topic of a change (existing REST-API surfaced via SSH)
- `gerrit sequence show`: show the current sequences value from All-Projects.git or All-Users.git
- `gerrit sequence set`: set the next value for sequences in All-Projects.git or All-Users.git
### Review labels stickiness
- [Issue 12025](https://bugs.chromium.org/p/gerrit/issues/detail?id=12025)
Allow to configure individual votes as sticky by setting the
[`label.Label-Name.copyValue`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-labels#label_copyValue) on the `project.config` labels.
### New CherryPickOf field for a change
After a change is created or updated using the 'cherry-pick' functionality,
the cherry-picked change includes a new field in the change info returned from REST APIs
called `CherryPickOf` with the source change number and the patchset.
### New Gerrit configuration: `instanceId`
Introduce the `instanceId` configuration for multi-master Gerrit setups.
For more details check:
* [Design doc](../../design-docs/instance-id.html)
* [Configuration](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html#gerrit.instanceId)
* [Trace event origin](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/dev-plugins.html#_trace_event_origin)
### Other performance optimizations
- Ability to configure the number of relevant changes to consider when suggesting
the reviewers on the changes screen, using the `gerrit.config` setting
[`suggest.relevantChanges`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html#suggest.relevantChanges)
### PolyGerrit UI
The Gerrit frontend has been migrated from Polymer 2 to
[Polymer 3](https://polymer-library.polymer-project.org/3.0/docs/upgrade).
* Users can now cherry pick entire topics.
* Gerrit supports adding display names. Hosts can configure first name or username as default.
* The reply dialog now shows the entire comment thread instead of the comment list.
* [Issue 6293](https://bugs.chromium.org/p/gerrit/issues/detail?id=6293):
More self-evident transitions from WIP state. "Start Review" button added to change view.
* [Issue 8153](https://bugs.chromium.org/p/gerrit/issues/detail?id=8153):
Improvements to rebase indicator: display a hover card instead of a tooltip with the icon
including the possible rebase action.
* [Issue 10444](https://bugs.chromium.org/p/gerrit/issues/detail?id=10444):
UI for deleting change messages for Gerrit Administrators.
* [Issue 10890](https://bugs.chromium.org/p/gerrit/issues/detail?id=10890):
Repository list: Move "Repository Browser" column left of "Description" column.
* [Issue 11441](https://bugs.chromium.org/p/gerrit/issues/detail?id=11441):
Add in-product reminder to keep discussions respectful.
Some code review discussions can become a bit rough and some people perceived
discussions as not always respectful.
Add an in-product reminder to keep discussions respectful when a reply is typed,
optionally with linking to the code of conduct.
* [Issue 11493](https://bugs.chromium.org/p/gerrit/issues/detail?id=11493):
Add an "Edit" button to the diff view in the PolyGerrit UI.
* [Issue 11521](https://bugs.chromium.org/p/gerrit/issues/detail?id=11521):
Display trace ID in error popup if request failed and server did a trace.
* [Issue 11522](https://bugs.chromium.org/p/gerrit/issues/detail?id=11522):
REST API for review labels in the project configuration.
* [Issue 11705](https://bugs.chromium.org/p/gerrit/issues/detail?id=11705):
Show count of changes in User Dashboard.
* [Issue 11706](https://bugs.chromium.org/p/gerrit/issues/detail?id=11706):
Allow editing the commit message as part of a change edit.
* [Issue 11973](https://bugs.chromium.org/p/gerrit/issues/detail?id=11973):
Add copy-to-clipboard for generated HTTP password.
* [Issue 12364](https://bugs.chromium.org/p/gerrit/issues/detail?id=12364):
Add support for going to a specific line number in the inline editor.
### Download commands plugin
* [Issue 11594](https://bugs.chromium.org/p/gerrit/issues/detail?id=11594)
Merge the repo-vs-git logic into GitDownloadCommand directly.
Created separate "getRepoCommand" and "getCommand" methods for
downstream classes to extend with the default "getRepoCommand"
defaulting to null.
* [Issue 11609](https://bugs.chromium.org/p/gerrit/issues/detail?id=11609)
"Download patch" UI includes an option for also creating a local branch.
A very standard workflow is to download a change from Gerrit then want
to make edits and then repo upload the changes back to Gerrit.
Allow developers who are not familiar with the idiosyncrasies of repo,
to easily create a local branch when checking out changes.
### End-to-end tests
* Allow end-to-end tests to proportionally scale on their expected execution times.
A `power_factor` [environment property](https://gerrit-review.googlesource.com/Documentation/dev-e2e-tests.html#_environment_properties)
was added to the end-to-end tests core framework. Using that optional property,
scenario steps can take some more (or less) time prior to expecting proper completion.
The way to set that property locally then depends on the target runtime environment,
or SUT latency. The property may be used for either core or plugin scenarios.
* `FlushProjectsCache` related scenarios added to core (and the `high-availability` plugin).
* Support for relative runtime weights in scenarios.
Each scenario can now either weight like any other by default, or override that default
with a greater weight value, compared to siblings that are lighter on execution times.
Beside core, make the `high-availability` and `multi-site` plugin scenarios reuse this.
* Allow scenarios to create and delete Gerrit changes alongside projects.
Add the corresponding core support for an optional `http` request body to every such
`GerritSimulation`. Either automate or allow [environment properties](https://gerrit-review.googlesource.com/Documentation/dev-e2e-tests.html#_environment_properties)
to feed the related input test data.
Beside core, make the `high-availability` and `multi-site` plugin scenarios test changes
that way. The latter currently has [Issue 12693](https://bugs.chromium.org/p/gerrit/issues/detail?id=12693)
as a known limitation.
### REST APIs
* Accounts
* `display_name` field added to all the endpoints returning the account details.
* [New Set Display Name](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-accounts.html#set-display-name) API for updating the account display name.
* New [Modify Account](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/access-control.html#capability_modifyAccount)
global capability is now required for
[List Accounts Emails](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-accounts.html#list-account-emails),
[Get Account External IDs](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-accounts.html#get-account-external-ids) and
[Delete Account External IDs](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-accounts.html#delete-account-external-ids)
when used to access information that belongs to accounts other than the caller.
* Changes
* [Query Changes](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-changes.html#list-changes)
API now supports a new `no-limit` parameter to remove the default limit on queries and return
all results. This might not be supported by all index backends.
Also, the `SKIP_MERGEABLE` option for skipping the mergeability flag option is not supported anymore.
* [Revert Change](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-changes.html#revert-change)
now truncates the revert message if it exceeds 63 characters, by cutting it down to 59 characters
with the ellipsis (`…​`) in the end.
Also, the API requires now the new revert permission, otherwise a `403 Forbidden` status code is returned.
* [Revert Submission](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-changes.html#revert-submission)
API for creating a submission-id for grouping multiple changes that belong to the same submission
(e.g. topic submission).
* [Change file content in Change Edit](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-changes.html#put-edit-file)
API supports now uploading binary content.
* New [Preview Fix](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-changes.html#preview-fix)
API for gettings the diffs of all files for a certain fix-id. This is intended to be used in conjunction
with robot comments.
* New `allow_conflicts` option in all REST-API that perform a server-side merge or cherry-pick.
* Groups
* [Query Groups](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-groups.html#query-groups)
API accepts the `query` as parameter for groups filtering, instead of the `query2` which was
a temporary name given to avoid clashes with an earlier deprecated parameter.
* Projects
* Brand-new set of [Label Endpoints](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/rest-api-projects.html#label-endpoints)
API for managing the project review labels in a programmatic way, without having
to directly modify directly the `project.config` in the `refs/meta/config` of
the repository.
## Bug Fixes
* Replication plugin fixes
* [Issue 11672](https://bugs.chromium.org/p/gerrit/issues/detail?id=11672):
Change the storage structure of the persisted replication tasks to avoid losing events.
* [Issue 11745](https://bugs.chromium.org/p/gerrit/issues/detail?id=11745):
Fix firing pending "..all.." events on startup.
* [Issue 11760](https://bugs.chromium.org/p/gerrit/issues/detail?id=11760):
Make persistent task keys stable.
* [Issue 12678](https://bugs.chromium.org/p/gerrit/issues/detail?id=12678):
Fix missing replication Id in replication logs.
* [Issue 12719](https://bugs.chromium.org/p/gerrit/issues/detail?id=12719):
Fix `replication start --wait` to track in-flight collisions and to not fail.
* [Issue 12731](https://bugs.chromium.org/p/gerrit/issues/detail?id=12731):
Don't lose state when there's a pending push to the same ref.
* PolyGerrit fixes
* [Issue 4616](https://bugs.chromium.org/p/gerrit/issues/detail?id=4616):
Open commentlinks to changes on the same server in the same tab.
* [Issue 7083](https://bugs.chromium.org/p/gerrit/issues/detail?id=7083):
Stop query from executing if predicate is empty.
* [Issue 8068](https://bugs.chromium.org/p/gerrit/issues/detail?id=8068):
Fix screenreader: In unified mode, stop showing "0 added/removed".
* [Issue 9296](https://bugs.chromium.org/p/gerrit/issues/detail?id=9296):
Fix wrong diff of commit message between different patch sets of a merge commit.
* [Issue 11515](https://bugs.chromium.org/p/gerrit/issues/detail?id=11515):
Fix Ctrl-Enter on Move Change
* [Issue 11552](https://bugs.chromium.org/p/gerrit/issues/detail?id=11552):
Fix prev/next on diff screen with unchanged files containing only comments.
* [Issue 11625](https://bugs.chromium.org/p/gerrit/issues/detail?id=11625):
Avoid multiple notifications for existing reviewers.
* [Issue 11697](https://bugs.chromium.org/p/gerrit/issues/detail?id=11697):
Fix rendering of commentlinks without leading whitespace.
* [Issue 11725](https://bugs.chromium.org/p/gerrit/issues/detail?id=11725):
Fix diff view file name shown even when the file wasn't changed, but only included because
contains a comment.
* [Issue 11727](https://bugs.chromium.org/p/gerrit/issues/detail?id=11727):
Fix blue underline missing from active tabs.
* [Issue 11782](https://bugs.chromium.org/p/gerrit/issues/detail?id=11782):
Fix assignment of CSS style for CodeReview -1 labels within comments.
* [Issue 11969](https://bugs.chromium.org/p/gerrit/issues/detail?id=11969):
Fix tab index in reply dialog.
* [Issue 11980](https://bugs.chromium.org/p/gerrit/issues/detail?id=11980):
Fix handling of LDAP groups containing a dot in the PolyGerrit permissions screen.
* [Issue 11984](https://bugs.chromium.org/p/gerrit/issues/detail?id=11984):
Fix top menu bar on iOS.
* [Issue 11993](https://bugs.chromium.org/p/gerrit/issues/detail?id=11993):
Stop loading fonts from external resources.
* [Issue 12020](https://bugs.chromium.org/p/gerrit/issues/detail?id=12020):
Fix 'New Contributor Agreement' screen.
* [Issue 12024](https://bugs.chromium.org/p/gerrit/issues/detail?id=12024):
Fix undefined branch in create-destination-dialog.
* [Issue 12031](https://bugs.chromium.org/p/gerrit/issues/detail?id=12031):
Fix issues with caching edited commit message.
* [Issue 12067](https://bugs.chromium.org/p/gerrit/issues/detail?id=12067):
Fix blank screen after upgrading.
* [Issue 12108](https://bugs.chromium.org/p/gerrit/issues/detail?id=12108):
Add missing 'Page ...' on pagination links in the repository list.
* [Issue 12184](https://bugs.chromium.org/p/gerrit/issues/detail?id=12184):
Fix link in blame annotation to link directly to the commit.
* [Issue 12197](https://bugs.chromium.org/p/gerrit/issues/detail?id=12197):
Fix rendering of commentlinks using `link` in PolyGerrit UI.
* [Issue 12224](https://bugs.chromium.org/p/gerrit/issues/detail?id=12224):
Honor the date format preference when displaying dates.
* [Issue 12385](https://bugs.chromium.org/p/gerrit/issues/detail?id=12385):
Fix memory leak in `gr-plugin-endpoints`.
* [Issue 12707](https://bugs.chromium.org/p/gerrit/issues/detail?id=12707):
Apply diff preferences immediately after pressing "Save".
* [Issue 12726](https://bugs.chromium.org/p/gerrit/issues/detail?id=12726):
Fix incorrect highlighting after `/` character in Javascript.
* [Issue 12775](https://bugs.chromium.org/p/gerrit/issues/detail?id=12775):
Fix parent of previous patch sets not being available.
* Other fixes
* [Issue 3340](https://bugs.chromium.org/p/gerrit/issues/detail?id=3340):
Fix internal server errors when setting project access permission with bad regex.
* [Issue 7645](https://bugs.chromium.org/p/gerrit/issues/detail?id=7645):
Fix thread deadlock when loading accounts from the account cache.
Replacing Guava caches with Caffeine reduces the chances of having the
deadlocks and improves the cache performance.
* [Issue 7969](https://bugs.chromium.org/p/gerrit/issues/detail?id=7969):
Fix internal server error when diffing `MERGE_LIST` between different patch sets
of a merge commit.
* [Issue 8952](https://bugs.chromium.org/p/gerrit/issues/detail?id=8952):
Do not require explicit "Push Tag" rights to `refs/tags/*` for pushing an
annotated tag over HTTPS.
* [Issue 10397](https://bugs.chromium.org/p/gerrit/issues/detail?id=10397):
Don't send notification email when publishing a change edit on a WIP change.
* [Issue 11650](https://bugs.chromium.org/p/gerrit/issues/detail?id=11650):
Fix reindexing of changes after project is deleted in the `delete-project` plugin.
* [Issue 11962](https://bugs.chromium.org/p/gerrit/issues/detail?id=11962):
Fix advertisement of `refs/meta/config` in git protocol v2 when client does
not have access to it.
* [Issue 11986](https://bugs.chromium.org/p/gerrit/issues/detail?id=11986):
Fix fetching individual ref with git protocol v2.
* [Issue 11989](https://bugs.chromium.org/p/gerrit/issues/detail?id=11989):
Fix internal server error when pushing over SSH with git protocol v2.
* [Issue 12070](https://bugs.chromium.org/p/gerrit/issues/detail?id=12070):
Fix internal server error on git over HTTP calls when SSHD is enabled.
* [Issue 12243](https://bugs.chromium.org/p/gerrit/issues/detail?id=12243):
Fix unexpected deactivation of service user accounts.
* [Issue 12246](https://bugs.chromium.org/p/gerrit/issues/detail?id=12246):
Fix generation of duplicate ChangeIds when creating a new change via REST.
* [Issue 12440](https://bugs.chromium.org/p/gerrit/issues/detail?id=12440):
Fix the access-path for AbstractGitCommand subclasses.
* [Issue 12444](https://bugs.chromium.org/p/gerrit/issues/detail?id=12444):
Add support for `max_result_window` in Elasticsearch index configuration.
* [Issue 12473](https://bugs.chromium.org/p/gerrit/issues/detail?id=12473):
Fix broken links in Elasticsearch configuration documentation.
* [Issue 12606](https://bugs.chromium.org/p/gerrit/issues/detail?id=12606):
Fix `visibleto` predicate for groups.
* [Issue 12747](https://bugs.chromium.org/p/gerrit/issues/detail?id=12747):
Fix change query visibility for internal user.
* [Issue 12755](https://bugs.chromium.org/p/gerrit/issues/detail?id=12755):
Block the removal of the Realm primary external ids.
## Dependency Updates
* Upgrade flogger to 0.5.1
* Upgrade guava to 29.0
* Upgrade guice to 4.2.3
* Upgrade jgit to 5.8.0.202005061305-m2
* Upgrade mina-sshd to 2.4.0
* Upgrade ow2 to 7.2
* Upgrade truth to 1.0.1
## Documentation updates
* New [Gerrit walkthrough guide for GitHub users](https://gerrit-review.googlesource.com/Documentation/intro-gerrit-walkthrough-github.html)
for allowing an easier transition for those who are coming from a Pull Request workflow.
* New guide on [how to backup Gerrit](https://gerrit-review.googlesource.com/Documentation/backup.html).
* Replace the term `slave` with `replica` in the Gerrit documentation, for alignment to the
new term used in the configuration. The `slave` term is still supported but deprecated.
* [Issue 12573](https://bugs.chromium.org/p/gerrit/issues/detail?id=12573):
Added documentation of the commit-container PolyGerrit extension endpoint.
## Bugfix Releases
### 3.2.14
* Breaking changes
* [Change 323855](https://gerrit-review.googlesource.com/323855) [Change 324115](https://gerrit-review.googlesource.com/324115):
ProjectCache#evict no longer triggers a reindex.
During offline project reindexing evict() was triggering a duplicate reindex
on the project when we only wanted to evict the project cache entry. This same
issue occurred with the HA plugin and could be/been present in other plugins.
If you have relied on a reindex being done on evict() you need to use
evictAndReindex() instead. This behavior is now consistent with other evict()
methods in Gerrit.
* New features
* [Change 324095](https://gerrit-review.googlesource.com/324095):
Display cache statistics after reindex operation.
Help analyzing the cache utilization during reindex command
and provide insight into sizing them for optimal performance.
* [Change 323786](ttps://gerrit-review.googlesource.com/323786):
Allow context-dependent group suggestions in gr-permission.
* Reindexing performance improvements
* [Change 323297](https://gerrit-review.googlesource.com/323297):
Avoid scanning for change refs for each project slices when reindexing all changes.
Avoiding the duplicate work brings down the reindex time from 45 mins to 15 mins
for a test-site with 160k changes across 4 repos on NFS.
* [Change 323395](https://gerrit-review.googlesource.com/323395):
Parallelize project slice creation when reindexing all changes.
Slice creation can become an overhead for repositories on NFS with
many loose refs. Bring down the overall reindexing time by
creating projects slices in parallel.
* [Change 323215](https://gerrit-review.googlesource.com/323215)
[Change 322296](https://gerrit-review.googlesource.com/322296):
Disable auto flushing during offline Lucene indexing.
Flushing of Lucene index entries happens only based on
[ramBufferSize](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.14/config-gerrit.html#index.name.ramBufferSize) and
[maxBufferedDocs](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.14/config-gerrit.html#index.name.maxBufferedDocs)
settings instead of every index call.
* [Change 322835](https://gerrit-review.googlesource.com/322835):
Use thread count specified on offline reindex command line.
Honor the `--threads` command line option when provided instead of
batchThreads property from `gerrit.config`.
* [Change 323396](https://gerrit-review.googlesource.com/323396):
Avoid lucene index deletes during offline reindexing.
When running offline reindexing, the first operation is the removal
of the index, hence the Lucene index updates are not needed: use the
add document Lucene primitive, avoiding removals from the index during
flushes. This reduces the number of Lucene flushes even if
[ramBufferSize](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.14/config-gerrit.html#index.name.ramBufferSize)
is not big enough.
* [Change 324115](https://gerrit-review.googlesource.com/324115):
Avoid double indexing work during project reindexing.
* Bug Fixes
* [Issue 14963](https://crbug.com/gerrit/14963):
Fix /access REST APIs returning incorrect rule when group is duplicated for same rule.
* [Issue 14097](https://crbug.com/gerrit/14097):
Fix GC action not shown in project commands with Gerrit in multi-site configuration.
* [Issue 15293](https://crbug.com/gerrit/15293):
Fix fetch of group suggestions for projects with a `/` in their name.
* [Issue 15251](https://crbug.com/gerrit/15251):
Ensure that user without edit permission can't change plugin configuration.
* [Change 313561](https://gerrit-review.googlesource.com/313561):
Handle null account-ids when sending e-mails.
* [Change 307602](https://gerrit-review.googlesource.com/307602):
Fix NPE while accessing draft refs.
* [Change 307482](https://gerrit-review.googlesource.com/307482):
EqualsLabelPredicate: fix bug that prevents matching owner votes.
* [Change 322935](https://gerrit-review.googlesource.com/322935):
Fix buggy Index-Interactive Executor.
Fix index.threads when set to a negative value which was not using a
direct executor as mentioned in docs.
* [Change 323255](https://gerrit-review.googlesource.com/323255):
Skip creating slices for projects with no changes during changes off-line reindexing
so that empty slices are no longer included in the slice count.
* Plugin API fixes
* [Change 314962](https://gerrit-review.googlesource.com/314962):
Fix DynamicOptions to invoke listeners registered to BeanParseListener.
* Dependency Updates
* Update JGit to 5.1.16.202106041830-r, which contains the following
improvements:
* [Change 180697](https://git.eclipse.org/r/180697):
BatchRefUpdate: Skip saving conflicting ref names and prefixes in memory.
* [Change 180559](https://git.eclipse.org/r/180559):
Avoid having to scan over ALL loose refs to determine if the name is nested
within or is a container of an existing reference.
### 3.2.13
* New Features
* [Issue 14930](https://bugs.chromium.org/p/gerrit/issues/detail?id=14930):
Include `Command-Status` in the `httpd_log` and the `httpd_log.json`
Indicates the overall result of the GIT _command_ over HTTP.
Refer to the [docs](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.13/logs.html#_httpd_log)
for more details.
* Bug Fixes
* [Issue 9812](https://crbug.com/gerrit/9812) [Issue 7338](https://crbug.com/gerrit/7338):
Merge commit cannot be moved
If a merge was targetting branch A, but then it was decided to create
a new branch for this merge named B, which starts from A - The merge
is still valid for B, and the user has no way to move it without amending
and creating a new change.
* [Issue 15024](https://crbug.com/gerrit/15024):
Gerrit event json formatter produces inconsistent payload for different projects
AllProjectsName and AllUsersName were serialised as: {"name":"All-Projects"} and {"name":"All-Users"}
while all other projects were serialised as a JSON string. The different JSON
payloads were causing issues with the HA configuration using the
[high-availability plugin](https://gerrit.googlesource.com/plugins/high-availability).
* [Issue 14968](https://crbug.com/gerrit/14968):
PluginServletContext does not implement javax.servlet.ServletContext.getVirtualServerName()
Remove the noise on error_log of c.g.g.h.p.PluginServletContext does not implement
j.s.ServletContext.getVirtualServerName(), when running Gerrit on Tomcat 8.5.69.
### 3.2.12
* Security Fixes
* [Issue 14732](https://crbug.com/gerrit/14732):
Commits/IncludedIn exposes branch names without respecting the ACLs on branches
When calling the REST endpoint for listing all branches that a commit SHA1
is part of, the commit is properly checked for visibility against the ACLs
(it is a REST resource) but the branches are not checked.
The included-in may expose the list of non-visible branches to a user that
has visibility of the SHA1.
* [Issue 7282](https://crbug.com/gerrit/7282):
Hide repository name and description when user has no access
Gitiles did not respect Gerrit's permission and would show the repo name
and description to any user who could guess the name.
The repositories list as well as the content APIs were not affected.
* Bug Fixes
* [Issue 14785](https://crbug.com/gerrit/14785):
Limit returned changes for a triplet without Change-Id
Fix a bug where invoking the REST-API /changes/repo~branch~ without
mentioning the change-id resulted in the full scan of all changes
on a repository/branch causing a high CPU overload and occupying
the request threads for a long time.
* [Issue 14776](https://crbug.com/gerrit/14776):
Prevent removing e-mail associated with OpenID external IDs
Gerrit prevents the user from removing the email address
associated with their OpenId account.
* [Change 312602](https://gerrit-review.googlesource.com/c/gerrit/+/312602):
Fix Mariadb status matching for AccountPatchReview
Mariadb connector uses SQLException.getSQLState() which returns the ANSI
SQLSTATE value, not the MariaDB/mysql error code.
Fix the removal of duplicate key detection when an already reviewed file
opened up again returned 500 because of the incorrect handling of SQLSTATE
value.
* [Change 312382](https://gerrit-review.googlesource.com/c/gerrit/+/312382):
Fix deleting edits when change is merged
Fix the support of deleting a change edit after it has been merged or
abandoned.
### 3.2.11
* Breaking Changes
* Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
7.4 and 7.5 is discontinued, as they became EOL earlier this year.
* Bug Fixes
* [Issue 14495](https://crbug.com/gerrit/14495):
SSH thread leak with authentication exception
A show-queue will show tasks in the Batch (or Interactive) queue hanging forever
as a consequence of a Git/HTTP thread ended because of an error.
* [Issue 14577](https://crbug.com/gerrit/14577):
Dedicated mergeable endpoint shouldn't be called if change.mergeabilityComputationBehavior
is set to API_REF_UPDATED_AND_CHANGE_REINDEX
* [Issue 14600](https://crbug.com/gerrit/14600):
Empty registered field on profile settings screen
* [Issue 14613](https://crbug.com/gerrit/14613):
Gerrit is killed before the gracefulStopTimeout
Avoids gerrit.sh killing the in-flight Git/HTTP just after 30 seconds regardless of
the `httpd.gracefulStopTimeout` configuration value.
* [Issue 14639](https://crbug.com/gerrit/14639):
Searching repositories by name is case-sensitive
Restore the correct project search that was case-insensitive in 2.16.27,
3.1.3 and 3.3.2.
* [Issue 14645](https://crbug.com/gerrit/14645):
Username to lowercase conversion fails with duplicates
Duplicated accounts names associated with the same account id was making
the conversion to lowercase fail.
* [Change 307602](https://gerrit-review.googlesource.com/c/gerrit/+/307602):
Fix NPE while accessing draft refs
* [Change 307482](https://gerrit-review.googlesource.com/c/gerrit/+/307482):
EqualsLabelPredicate: fix bug that prevents matching owner votes
* Dependency Updates
* Update JGit to 73f8acdc5c97e068143c86765995c4fb6923ee91.
### 3.2.10
* Bug Fixes
* [Issue 14553](https://crbug.com/gerrit/14553):
Gerrit REST-API fails when using /a/ prefix and cookies
Recent fix to support GerritAccount Cookie authentication for Git/HTTP
broke existing Python (or other) scripting when performing automation with
Gerrit REST-API. That is due to the generation of the GerritAccount cookie
in the HTTP response, which Python automatically manages to reuse in
subsequent calls.
* [Issue 13721](https://crbug.com/gerrit/13721):
Don't serve polygerrit assets for git requests
After migration to Polymer UI, PolyGerrit static resources are mounted at
the root of the gerrit URL, and would collide with project namespaces, so that
the project with these prefixes cannot be served with Git over HTTP protocol.
### 3.2.9 (withdrawn)
* Fix `EqualsLabelPredicate` to not fail when calling match() from a plugin
Calling `match()` on the `EqualsLabelPredicate` returned from
`ChangeQueryBuilder.parse()` in a plugin fails when in the context of an
HTTP query.
* Fix registration redirect on OpenID
* Log when a new SSH connection is rejected due to exceeded limit
When the `sshd.maxConnectionsPerUser` got exceeded for a user, new
connections from that user were rejected but no log entry was reported.
* [Issue 14127](https://crbug.com/gerrit/14127):
Fix binding of DELETE REST calls from plugins.
The processing of the DELETE request actually never reached the
delete-project plugin due to bug in the RestApiServlet which wrongly
delegated the request to a child collection in Gerrit core.
* [Issue 13140](https://crbug.com/gerrit/13140):
OpenID: Remove support for Yahoo! OpenID provider.
Yahoo! discontinued support for OpenID provider:
"OpenID2 will be EOLed on 6/30/20"
* [Issue 14246](https://crbug.com/gerrit/14246):
Creation of internal account does not respect `auth.userNameToLowerCase`.
The CreateAccount SSH command and REST API was able to create accounts
with usernames that contained uppercase letters even if
`auth.userNameToLowerCase` was set to true.
* [Issue 14490](https://crbug.com/gerrit/14490):
Missing LDAP metrics for authentication.
Expose the LDAP metrics in terms of latency and call rates so that any
problem can be highlighted early on and potentially alerted to the Gerrit
admin.
* [Issue 14497](https://crbug.com/gerrit/14497):
Git/HTTP traffic overloads LDAP with duplicate authentication requests.
When authenticating incoming Git calls over HTTP the BasicAuth filter was
called 3 times per call triggering multiple authentications against the
backend.
* [Issue 14508](https://crbug.com/gerrit/14508):
Allow GerritAccount Cookie authentication for Git/HTTP.
Allow to create a Gerrit session from the GerritAccount cookie set on the
Git client, so that only the first HTTP call will actually authenticate
and create a session whilst all the others would just reuse the existing
cookie.
* [Issue 11142](https://crbug.com/gerrit/11142):
ssh to gerrit with no args requires standard input to terminate.
* [JGit Issue 552173](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552173)
Too many open files when fetching repos with lots of refs
JGit update fixes "Too many open files" errors.
* Dependency Updates
* Update JGit to f2e5bace4841758927d47db7d20e4a6f7353ce57.
### 3.2.8
* New Features
* [Issue 14091](https://bugs.chromium.org/p/gerrit/issues/detail?id=14091):
Support the highlighting of LaTeX files with .tex extension.
* Breaking Changes
* Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
7.2 and 7.3 is discontinued. Both elasticsearch versions became EOL recently.
* [Issue 13931](https://bugs.chromium.org/p/gerrit/issues/detail?id=13931):
Disallow editing the Change-Id during inline edits.
* Bug Fixes
* [Issue 12443](https://bugs.chromium.org/p/gerrit/issues/detail?id=12443):
Stop generating continuous "logging context is not empty" in error_log.
* [Issue 12847](https://bugs.chromium.org/p/gerrit/issues/detail?id=12847)
[Issue 12862](https://bugs.chromium.org/p/gerrit/issues/detail?id=12862):
Fix NPE on trying to send email for user without email address.
* [Issue 14097](https://bugs.chromium.org/p/gerrit/issues/detail?id=14097):
Allow enabling of Git GC button for non-local Git repository managers, such
as multi-site repositories.
* [Issue 14118](https://bugs.chromium.org/p/gerrit/issues/detail?id=14118):
Quota management: enforce repository size on pack rather than on object.
* [Issue 14193](https://bugs.chromium.org/p/gerrit/issues/detail?id=14193):
Ensure InternalUser can parse groups.
* PolyGerrit Fixes
* [Issue 14035](https://bugs.chromium.org/p/gerrit/issues/detail?id=14035):
Change --gr-formatted-text-prose-max-width from 80ch to 120ch.
* [Issue 14104](https://bugs.chromium.org/p/gerrit/issues/detail?id=14104):
Decorate the number line element of a blank side, otherwise it won't be affected
by the "hide-left" action to hide one side of the diff
* [Issue 14257](https://bugs.chromium.org/p/gerrit/issues/detail?id=14257):
Fix empty TopMenu drop down list.
* Documentation updates
* Align the recommended buildifier version to v4.0, the same used in the CI.
* Development guidelines: mention that Optional in arguments is discouraged
(use @Nullable instead) but may be used as return type.
* Dependency Updates
* Update highlight.js to 10.6.0.
### 3.2.7
* New Features
* Add change query option allowing administrators to skip visibility filtering.
Add a new REST-API change query option "skip-visibility" to allow administrators
to skip visibility filtering.
* Security Fixes
* [Issue 13858](https://bugs.chromium.org/p/gerrit/issues/detail?id=13858)
[CVE-2021-22553](https://nvd.nist.gov/vuln/detail/CVE-2021-22553):
Fixed memory leak in Git-over-HTTP requests.
Unauthenticated users could exploit this problem in a Denial of Service attack,
causing the server to go out-of-memory.
* PolyGerrit Fixes
* [Issue 11811](https://bugs.chromium.org/p/gerrit/issues/detail?id=11811):
Fix comments on partial text selection on Safari.
* [Issue 13870](https://bugs.chromium.org/p/gerrit/issues/detail?id=13870):
Polygerrit: Remove license headers in minified gr-app.js.
* Replication plugin fixes
* Don't check read permission when authgroup isn't set.
Do not check for read permission when authGroup is not set since
the user is a RemoteSiteUser that is-an InternalUser having
read access to everything. This fixes a regression introduced in v3.1.10
that prevented the All-Users.git repository to be fully replicated to
Gerrit replicas.
* Bug Fixes
* [Issue 13803](https://bugs.chromium.org/p/gerrit/issues/detail?id=13803):
Limit number of ambiguous accounts in error message.
Don't list more than 3 ambiguous accounts in error message of
UnresolvableAccountException in order to prevent flooding the log and
displaying a lot of sensitive account data in an error dialog.
* [Issue 13936](https://bugs.chromium.org/p/gerrit/issues/detail?id=13936):
Fix badly formatted error message shown in error dialog.
* [Issue 13884](https://bugs.chromium.org/p/gerrit/issues/detail?id=13884):
Fix 'is:submittable' query on multiple submit records.
* Dependency Updates
* Update highlight.js to 10.5.0.
* Update Jetty to 9.4.35.v20201120.
* Downgrade soy-template to 2019-10-08.
### 3.2.6
* Breaking Changes
* Elasticsearch: Support for [EOL version](https://www.elastic.co/support/eol)
6.8 is discontinued. This was the last supported minor version of
Elasticsearch 6 in Gerrit. From this release, Gerrit no longer supports V6
but only the already supported versions 7.x of Elasticsearch.
* Speaking of which, support for 7.0 and 7.1 is discontinued too, as both
elasticsearch versions also became [EOL](https://www.elastic.co/support/eol)
recently.
* Security Fixes
* [Issue 12629](https://bugs.chromium.org/p/gerrit/issues/detail?id=12629):
Verify hostname when sending emails via SMTP server with SMTPSClient.
The SMTP server's certificate and hostname must be verified if
encryption is enabled with SSL verification in the host settings
(`sendemail.smtpEncryption` and `sendemail.sslVerify`).
* PolyGerrit Fixes
* Add a warning if submitting a change with an open change edit.
* Bug Fixes
* [Issue 13544](https://bugs.chromium.org/p/gerrit/issues/detail?id=13544)
Ensure that GC#deleteOrphans respects pack lock:
If pack or index files are guarded by a pack lock (.keep file)
deleteOrphans() should not touch the respective files protected by the
lock file.
* [Issue 13775](https://bugs.chromium.org/p/gerrit/issues/detail?id=13775)
Honor `toogleWipState` permission for `%ready` `%wip` push options:
* [Issue 13781](https://bugs.chromium.org/p/gerrit/issues/detail?id=13781)
Compact the REST-API output JSON unconditionally:
The output JSON was initially compacted only when
the Accept header was set to `application/json`: the compaction is now
done unconditionally, unless the `pp=1` query parameter is specified.
* [Issue 13786](https://bugs.chromium.org/p/gerrit/issues/detail?id=13786)
ForRef#check should permit internal users to read all refs:
[Make `PermissionBackend#ForRef` authoritative change](https://gerrit-review.googlesource.com/c/gerrit/+/288925)
introduced a regression where gerrit `internal users` (e.g. plugins) were
not taken into consideration when checking READ permission. As consequence
the `All-Users.git` repository did not get any of the user's refs replicated
to the slaves. After the upgrade it is required to trigger a forced replication
of the `All-Users.git` repository manually.
* Avoid logging ssh exception for __stream is already closed__ when length=0
if present in the stacktrace.
* Documentation Updates
* Clarify that 'm' push option sets patch set description.
* Clarify that disk cache metrics require `cache.enableDiskStatMetrics`.
* Dependency Updates
* Upgrade Bazel toolchain to 3.1.0.
* Upgrade testcontainers to 1.15.1.
* Upgrade Jetty to 9.4.33.v20201020.
### 3.2.5.1
* Bug Fixes
* [Issue 13698](https://bugs.chromium.org/p/gerrit/issues/detail?id=13698):
Java runtime mismatch on Java 8 since after upgrading to v3.2.5.
### 3.2.5
* Breaking Changes
* Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
6.6 and 6.7 is discontinued.
* [Issue 13184](https://bugs.chromium.org/p/gerrit/issues/detail?id=13184):
Logging: `--console-log`-flag of `gerrit.war daemon` respects `log.textLogging`
and `log.jsonLogging` options
Change in the default behaviour of the `--console-log` flag. Since
`log.textLogging` in the `gerrit.config` is `true` by default, using the
`--console-log`-flag now writes logs to the `error_log`-file in addition
to stderr by default. This can be avoided by setting `log.textLogging = false`.
* [Issue 13701](https://bugs.chromium.org/p/gerrit/issues/detail?id=13701):
X-Forwarded-Proto is now required because of underlying upgrade of the Jetty library,
when Gerrit is accessed through an HTTP(/S) reverse-proxy.
* Security Fixes
* [Issue 13621](https://bugs.chromium.org/p/gerrit/issues/detail?id=13621)
[CVE-2020-8919](https://nvd.nist.gov/vuln/detail/CVE-2020-8919):
Make `PermissionBackend#ForRef` authoritative.
Fixes a misconception that leads to data being accessible through Gerrit
APIs that should be locked down.
Gerrit had two components for determining if a Git ref is visible to a
user: `(Default)RefFilter` and `PermissionBackend#ForRef` (e.g.,
`RefControl`). The former was always capable of providing correct results
for all refs. The latter only had logic to decide if a Git ref is visible
according to the Gerrit `READ` permissions. This includes all refs under
`refs/heads` as well as any other ref that isn't a database ref or a Git
tag. This component was unaware of Git tags and notedb-related refs. Hence,
when asked for a database reference such as `refs/changes/xx/yyyyxx/meta`,
the logic would allow access if the user has `READ` permissions on any of
the ref prefixes (such as the default "read refs/* Anonymous Users").
That was problematic, because it bypassed
[documented behavior](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5/access-control.html)
where a user should only have access to a change if he can see the
destination ref. The same goes for other database references.
* [Issue 13514](https://bugs.chromium.org/p/gerrit/issues/detail?id=13514)
[CVE-2020-8920](https://nvd.nist.gov/vuln/detail/CVE-2020-8920):
Work around Gitiles bug on `All-Users` visibility.
Gitiles has a special `FilteredRepository` wrapper that allows carefully
hiding refs based on the project's ACLs. There is however an optimization
that skips the filtering in case a user has `READ` permissions on every ACL
pattern(s). When the target repository is `All-Users`, the optimization
turns into a security issue because it allows seeing all personal information
associated with all accounts, i.e.:
* draft comments
* draft edits
* personally identifiable information (PII) of all users
* external ids
This fix now blocks Gitiles or any other part of Gerrit to abuse this power
when the target repository is `All-Users`, where nobody can be authorized
to skip the ACLs evaluation anyway.
* Bug Fixes
* [Issue 13307](https://bugs.chromium.org/p/gerrit/issues/detail?id=13307):
Do not forward events generated by multiple Gerrit servers in high-availability
configuration.
* [Issue 13349](https://bugs.chromium.org/p/gerrit/issues/detail?id=13349):
Allow disabling SSH on Gerrit replica, when disabled in gerrit.config.
* [Issue 13408](https://bugs.chromium.org/p/gerrit/issues/detail?id=13408):
ReceiveCommits: potential NPE when auto-closing changes.
* [Issue 13412](https://bugs.chromium.org/p/gerrit/issues/detail?id=13412):
`gerrit test-submit` is not available when ssh download is disabled.
* PolyGerrit Fixes
* [Issue 11706](https://bugs.chromium.org/p/gerrit/issues/detail?id=11706):
Allow editing the commit message as part of change edit.
* [Issue 13175](https://bugs.chromium.org/p/gerrit/issues/detail?id=13175):
Fix `gr-hovercard-behavior` under Firefox.
* [Issue 13328](https://bugs.chromium.org/p/gerrit/issues/detail?id=13328):
Project dashboard links stored in 'My' menu (GWT) lead to 'cannot load page'
in PolyGerrit.
* [Issue 13350](https://bugs.chromium.org/p/gerrit/issues/detail?id=13350):
Cannot add group to (cc-)review if its UUID is not the internal one.
* [Issue 13402](https://bugs.chromium.org/p/gerrit/issues/detail?id=13402):
Errors not displayed by delete-project plugin, if project deletion fails.
* Replication plugin Fixes
* [Issue 12769](https://bugs.chromium.org/p/gerrit/issues/detail?id=12769):
Pending replication events can delay the Gerrit startup for too long.
* End-to-end Tests Improvements
* [Issue 13082](https://bugs.chromium.org/p/gerrit/issues/detail?id=13082):
Add Eclipse support for Gatling-based development of the end-to-end tests.
* Documentation Updates
* New documentation for the GC section in
[jgit.config](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5.1/config-gerrit.html#jgit-gc)
with the details of the relevant JGit settings for tuning the repositories GC.
* New documentation for the receive section in
[jgit.config](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5.1/config-gerrit.html#jgit-receive)
with the documentation of the `autogc` setting.
* Documentation of how to enable Git protocol v2 on
[jgit.config](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5.1/config-gerrit.html#jgit-protocol).
* Documentation of Gerrit [logs format](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5.1/logs.html).
* Documentation of the `X-Forwarded-For` header on HTTP/HTTPS reverse proxy configuration.
* New [sshd.gracefulStopTimeout](https://gerrit-documentation.storage.googleapis.com/Documentation/3.2.5.1/config-gerrit.html#sshd.gracefulStopTimeout)
setting for allowing incoming SSH connections to drain upon Gerrit shutdown.
* Dependency Updates
* Caffeine 2.8.5
* Jetty 9.4.32.v20200930
* JGit v5.8.1.202007141445-r
* Google Truth 1.1
* Soy 2020-08-24
### 3.2.4
This minor release has been withdrawn.
### 3.2.3
* Security Fixes
* [Issue 12846](https://bugs.chromium.org/p/gerrit/issues/detail?id=12846):
BadMessageException: 500: Response header too large.
[CVE-2019-17638](https://nvd.nist.gov/vuln/detail/CVE-2019-17638)
Bump Jetty version to 9.4.30.v20200611 to fix regression introduced in Jetty
version: 9.4.27.v20200227.
Response header overflow leads to buffer corruptions Jetty server always
allocates maximum response header size.
For more details see also upstream issues:
[Issue 4936](https://github.com/eclipse/jetty.project/issues/4936)
[Issue 4541](https://github.com/eclipse/jetty.project/issues/4541)
* Bug Fixes
* [Issue 12813](https://bugs.chromium.org/p/gerrit/issues/detail?id=12813):
e2e-tests: Add CheckMasterBranchReplica1 scenarios
* [Issue 12934](https://bugs.chromium.org/p/gerrit/issues/detail?id=12934):
Fix selection on diff with range comments
* [Issue 12952](https://bugs.chromium.org/p/gerrit/issues/detail?id=12952):
Handle duplicate label values on project load and push of config updates
* [Issue 12959](https://bugs.chromium.org/p/gerrit/issues/detail?id=12959):
Submit: Use updated change for response
The response was sent with the change instance from before it
got submitted, rather than the updated change. As a result, the
response contained the status "NEW" rather than "MERGED".
* [Issue 12988](https://bugs.chromium.org/p/gerrit/issues/detail?id=12988):
Fix issue with auto registering ssh commands
* [Issue 13166](https://bugs.chromium.org/p/gerrit/issues/detail?id=13166):
Include request latency in httpd_log.json
The latency field was missing in the entries of JSON-formatted http logs.
* PolyGerrit Fixes
* [Issue 12994](https://bugs.chromium.org/p/gerrit/issues/detail?id=12994):
Fix toggle on iOS
This works around an issue where by clicking on iOS causes the toggle
to act like a double tap, thus switches back off.
* [Issue 13080](https://bugs.chromium.org/p/gerrit/issues/detail?id=13080):
Fix the position of the hovercard
The desired position was 'right', but it appeared 'bottom-right',
because the height of the hovercard was calculated as 2px at the time
of updating the position.
* [Issue 13054](https://bugs.chromium.org/p/gerrit/issues/detail?id=13054):
Restore keyboard shortcut for expand all diff context
In gerrit 2.16 release the keyboard shortcuts system was redesigned, but
the binding for Shift+x shortcut for expand all diffs was lost. Restore
this binding and confirm that it is now listed in the help dialog and
works as expected.
* Documentation Updates
* [Issue 10385](https://bugs.chromium.org/p/gerrit/issues/detail?id=10385):
Document "Toggle Work In Progress state" permission
* Replication plugin fixes:
* [Issue 12779](https://bugs.chromium.org/p/gerrit/issues/detail?id=12779):
Only fire the specified pending event URI
* [Issue 12940](https://bugs.chromium.org/p/gerrit/issues/detail?id=12940):
Fix issue with URI lock release after replication task cancellation
* [Issue 12986](https://bugs.chromium.org/p/gerrit/issues/detail?id=12986):
Revert "Get a URI lock before running tasks."
May still be missing some lock release calls and caused the loss of
replication events in queue when backed by the same task storage file.
* Dependency Updates
* JGit v5.8.1.202007141445-r
### 3.2.2
* Security Fixes
* [Issue 12926](https://bugs.chromium.org/p/gerrit/issues/detail?id=12926):
Allow setting X-Frame-Options response header for preventing
[clickjacking attacks](https://owasp.org/www-community/attacks/Clickjacking).
* Bug Fixes
* [Issue 12680](https://bugs.chromium.org/p/gerrit/issues/detail?id=12680):
Run projects reindex after Gerrit init only when needed, speeding up the upgrade process.
* [Issue 12778](https://bugs.chromium.org/p/gerrit/issues/detail?id=12778):
Fix `Included In` filter not working in the search box.
* [Issue 12909](https://bugs.chromium.org/p/gerrit/issues/detail?id=12909):
Fx missing index creation after Gerrit init.
* [Issue 12918](https://bugs.chromium.org/p/gerrit/issues/detail?id=12918):
Fix missing email notifications for project watches for changes created via cherry-pick.
* [Issue 12884](https://bugs.chromium.org/p/gerrit/issues/detail?id=12884):
DatabasePubKeyAuth: Exclude comment from peer key line if present
* PolyGerrit Fixes
* [Issue 11368](https://bugs.chromium.org/p/gerrit/issues/detail?id=11368):
Fix Javascript error if project has incorrect access configuration in `Global Capabilities`.
* [Issue 12899](https://bugs.chromium.org/p/gerrit/issues/detail?id=12899):
Speedup the rendering of changes with large number of comments by lazy loading them when expanded.
* Documentation Updates
* [Issue 12869](https://bugs.chromium.org/p/gerrit/issues/detail?id=12869):
Add documentation on how to move a change across branches.
* [Issue 12870](https://bugs.chromium.org/p/gerrit/issues/detail?id=12870):
Update WIP workflow user guide.
### 3.2.1
* New Features
* Support for [rolling upgrade](http://gerrit-documentation.storage.googleapis.com/Documentation/3.1.6/config-gerrit.html#gerrit.experimentalRollingUpgrade).
* New interface `AccountActivationListener` available to plugins for listening
to accounts activation status changes.
* Security Fixes
* [Issue 12717](https://bugs.chromium.org/p/gerrit/issues/detail?id=12717):
Deny access over HTTP for disabled accounts.
A disabled account was still able to access over HTTP until the existing
session expired.
* Close active SSH connections associated to an account that has been disabled.
* Bug Fixes
* [Issue 12850](https://bugs.chromium.org/p/gerrit/issues/detail?id=12850):
Ignore WIP changes in "CCed on" dashboard section.
* PolyGerrit Fixes
* [Issue 11706](https://bugs.chromium.org/p/gerrit/issues/detail?id=11706):
Support commit message modification as part of the inline edit session.
* Documentation Updates
* Added missing documentation of
[notedb.changes.sequenceBatchSize](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.1/config-gerrit.html#notedb.changes.sequenceBatchSize)