---
title: "Gerrit 3.5.x"
permalink: 3.5.html
hide_sidebar: true
hide_navtoggle: true
toc: true
---

Download: **[3.5.6](https://gerrit-releases.storage.googleapis.com/gerrit-3.5.6.war)**
| [3.5.5](https://gerrit-releases.storage.googleapis.com/gerrit-3.5.5.war)
| [3.5.4](https://gerrit-releases.storage.googleapis.com/gerrit-3.5.4.war)
| [3.5.3](https://gerrit-releases.storage.googleapis.com/gerrit-3.5.3.war)
| [3.5.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.5.2.war)
| [3.5.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.5.1.war)
| [3.5.0.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.5.0.1.war)

Documentation: **[3.5.6](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.6/index.html)**
| [3.5.5](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.5/index.html)
| [3.5.4](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.4/index.html)
| [3.5.3](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.3/index.html)
| [3.5.2](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.2/index.html)
| [3.5.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.1/index.html)
| [3.5.0.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0.1/index.html)

## Release highlights

### Case-insensitive usernames

Users can login with mixed case usernames without the risk to create
duplicate accounts.

The change affects the following external ids:
* `gerrit`   (LDAP)
* `username` (login, authenticated REST and git endpoints)

For a new Gerrit setup, usernames are case insensitive by default, while for
existing installations the Gerrit admin can switch the functionality on/off
using the [`auth.userNameCaseInsensitive`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-gerrit.html#auth.userNameCaseInsensitive)
setting in `gerrit.config`.

> **NOTE**: In the All-Users.git repository, the SHA-1 sum of the account
> is computed preserving the case of the external ID. See the full details
> in the [Gerrit config accounts documentation](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-accounts.html#external-ids). Existing accounts can be migrated to
> the new SHA-1 sum using the
> [offline](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/pgm-ChangeExternalIdCaseSensitivity.html)
> or [online](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/externalid-case-insensitivity.html#online-migration) migration tool.

### Request cancellation and execution deadlines

To limit the maximal execution time for requests, administrators can configure
server-side deadlines. More details are available in the
[Gerrit documentation](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/user-request-cancellation-and-deadlines.html).

Any operation in Gerrit can now be subject to a configurable deadline, using
the [`deadline`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-gerrit.html#deadline.id)
section in `gerrit.config`.

> **NOTE**: Deadlines are supported for `REST`, `SSH` and `GIT_RECEIVE`
> requests, but not for `GIT_UPLOAD` requests.

Gerrit commands can define an execution deadline, so that the processing
triggered on the server would be able to end in a definite time, even in case
of network interruption of the connection with the client.

### Removal of external ids

Gerrit external ids, including the username, can now be removed using the
[SSH command](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/cmd-set-account.html)
or [REST API](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/rest-api-accounts.html#delete-account-external-ids).

> **NOTE**: Users that have the __Modify Account__ permission can delete
> external ids that belong to other accounts. External ids in the `username`
> scheme can only be deleted by users that have __Administrate Server__
> or both `Maintain Server` and `Modify Account`. See the
> [documentation](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/rest-api-accounts.html#delete-account-external-ids)
> for further details.

### Copy labels to new patch-sets

Gerrit matches patch set approvals against the provided query
string and, if the query matches, the approval is copied from one patch set
to the next.

The copy label feature is controlled by the
[`label.Label-Name.copyCondition`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-labels.html#label_copyCondition)
in `project.config`.

### New change predicates

It is possible to search for changes by uploader, using the new
[`uploader` and `uploaderin`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/user-search.html#uploader)
predicates.

Hashtags search is improved with the [`inhashtag`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/user-search.html#inhashtag)
predicate which returns all the changes where any hashtag contains a substring,
using a full-text search.

It is now possible to use the new
[`has:attention` and `is:attention` predicates](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/user-search.html#has-attention)
to search for changes having the attention of the current user.

Cherry-picked changes can now be searched using the
[`is:cherrypick`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/user-search.html#cherrypick)
predicate.

The special ["non_uploader" parameter](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/user-search.html#labels)
is now available as parameter for change predicates and matches any
user who's not the uploader of the latest patchset.

### Performance improvements on the change screen

The change screen has been improved by enabling extra caching and disabling
some expensive computation.

A new [`approvals` cache](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-gerrit.html#cache_names)
contains approvals for a given patch set.

The new [`change.conflictsPredicateEnabled`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-gerrit.html#change.conflictsPredicateEnabled)
setting in `gerrit.config` disables the computation of the conflicts section
avoiding a computation of complexity of O(nˆ2), where n is the number of open
changes for the project the change belongs to.
When set to false the GUI will leave the conflict changes section on change
screen empty.

## Important notes

### Support for Java 8 dropped

The Java language level is now set to Java 11 for Gerrit, the support
for Java 8 is dropped.

Gerrit source code may not be compatible with Java 8 anymore.

### Schema and index changes

This release doesn't contain schema changes.

The `changes` index version has been increased to version 71. By default the
index is automatically rebuilt upon the Gerrit startup after the
upgrade.

To run offline reindexing of the changes (optional when upgrading from v3.3.x
or later):

```sh
  java -jar gerrit.war reindex --index changes -d site_path
```

### Zero-downtime upgrade

Gerrit v3.5.x supports zero-downtime upgrade from Gerrit v3.2.x or later when
configured using a [high-availability configuration](https://gerrit.googlesource.com/plugins/high-availability/+/refs/heads/master/README.md),
and the Git repositories are stored in a shared filesystem such as NFS or
similar.

During the zero-downtime upgrade, Gerrit end-users would not notice any outage
or service disruption. They will be able to perform any read/write Gerrit
operation on the GUI or using using any API.

The zero-downtime upgrade consists of the following steps:

1. Have Gerrit servers running v3.2.x or later, in high-availability
   configuration, healthy and able to handle the incoming traffic properly.
2. Set the Gerrit server unhealthy.
3. Shutdown the Gerrit server, update gerrit.war and plugins to v3.5.x and start
   Gerrit again.
4. Verify that the Gerrit server is working properly (e.g. run automated smoke
   tests) and then make it healthy again.
5. Wait for the Gerrit server to start serving traffic normally.
6. Repeat steps 2. to 5. for all the other Gerrit servers.

### Downgrade

Downgrade to any Gerrit v3.3.x or v3.4.x release is possible, but requires the
following manual steps:

1. Shutdown all migrated Gerrit v3.5.x servers
2. Update the gerrit.war and plugins to the previous v3.3.x or v3.4.x version
3. Run offline reindexing using the previous gerrit.war version
3. Startup Gerrit server

> **NOTE**: Downgrading is not always possible in Gerrit and is subject to
> specific restrictions on different releases. Always read the release notes
> carefully and look for the supported downgrade paths.

### Breaking changes

* The support for [ElasticSearch index](https://gerrit-documentation.storage.googleapis.com/Documentation/3.4.1/config-gerrit.html#elasticsearch)
  is removed from Gerrit core. Existing setups can still use ElasticSearch through
  external non-core libModules.

* The "Reply" button label and tooltip cannot be customized anymore: the
  `change.replyLabel` and `change.replyTooltip` are ignored.

* The `repo_download` [`download.scheme`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-gerrit.html#download.scheme)
  is renamed to `repo`.

* The `bower` Bazel rules are removed: all front-end plugins would have to
  migrate to `yarn`.

* REST APIs with incompatible changes

  * [`AccountExternalIdInfo`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/rest-api-accounts.html#account-external-id-info)
    `email` field is renamed to `email_address`.

  * The `/accounts/{account-id}/stars.changes` endpoint
    is removed. Looking for starred changes is still available through the use
    of `is:starred` or `has:star` predicates.

* [Change 323855](https://gerrit-review.googlesource.com/323855) [Change 324115](https://gerrit-review.googlesource.com/324115):
ProjectCache#evict no longer triggers a reindex.

  During offline project reindexing evict() was triggering a duplicate reindex
  on the project when we only wanted to evict the project cache entry. This same
  issue occurred with the HA plugin and could be/been present in other plugins.

  If you have relied on a reindex being done on evict() you need to use
  evictAndReindex() instead. This behavior is now consistent with other evict()
  methods in Gerrit.

### Other changes

* Request tracing can exclude URI patterns, using the
  [`tracing.traceid.excludedRequestUriPattern`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-gerrit.html#tracing.traceid.requestUriPattern)
  setting in `gerrit.config`.

* Git receive-pack can have a grace-period configurable as
[`receive.cancellationTimeout` setting](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/config-gerrit.html#receive.cancellationTimeout)
  for terminating after having received the cancellation signal from the client.

* Attention-set rules can be disabled upon push, using the
  [`--ignore-automatic-attention-set-rules` or `%ias` option](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.0/user-upload.html#ignore-attention-set).

## Plugin changes

* codemirror-editor

  * [Issue 14845](https://crbug.com/gerrit/14845):
  Improve performance in the editor

    Stop setting viewportMargin and instead use the default value.
    Add support for the inbuilt search support within codemirror.

* delete-project

  * Use base url for return url after deleting a repo

* gitiles

  * [Change 305442](https://gerrit-review.googlesource.com/c/gitiles/+/305442):
  Test that Branch Redirect supports having short ref names in gitiles url.

  * [Change 298802](https://gerrit-review.googlesource.com/c/gitiles/+/298802):
  Redirect gitiles url using Repo's branch redirect config when format type is default (not provided in gitiles url).

  * [Change 296662](https://gerrit-review.googlesource.com/c/gitiles/+/296662):
  Fix straggling FQN in LogDetails.soy template call.

  * [Change 292082](https://gerrit-review.googlesource.com/c/gitiles/+/292082):
  Support branch redirect in Gitiles for helping users keep their old URLs working when migrating branch names.

  * [Change 282376](https://gerrit-review.googlesource.com/c/gitiles/+/282376):
  Add support for rendering webp image files, supported for all browsers and Safari 14 or later.

  * [Change 277999](https://gerrit-review.googlesource.com/c/gitiles/+/277999):
  Set correct target url for symlinks, which were calculated incorrectly.

  * [Change 273661](https://gerrit-review.googlesource.com/c/gitiles/+/273661):
  Drop u-pre's font-weight in CSS.

* plugin-manager

  * [Issue 13521](https://crbug.com/gerrit/13521):
  Use relative URL to access Gerrit base URL

    Plugin-manager now works for Gerrit setups
    with a reverse-proxy and a non-root base path.

* replication

  * [Issue 14819](https://crbug.com/gerrit/14819):
  Inherit remote replication events from a common parent.

  * [Issue 14628](https://crbug.com/gerrit/14628):
  Register ProjectDeletion events for gson serialization.

    ProjectDeletion events were not registered event types.
    This caused failures when EventGson tried to serialize/deserialize
    objects having those events as field, Throwing the JsonParseException:

    ```
    Unknown event type: project-deletion-replication-scheduled
    ```

  * [Issue 13216](https://crbug.com/gerrit/13216):
  Add possibility to split large pushes to remote into batches.

  * Add a cluster replication configuration section.

    Add a section describing how to setup more than one primary to cooperate
    for replication and how this can impact cluster scaling and service
    levels.

## Gerrit UI changes

* [Issue 12268](https://crbug.com/gerrit/12268):
Fix spacing between change status chip and change number when logged out.

* [Issue 13471](https://crbug.com/gerrit/13471):
Change diff highlighting colors for dark theme.

* [Issue 13990](https://crbug.com/gerrit/13990):
Fix Uploaded patch set message with votes.

* [Issue 14041](https://crbug.com/gerrit/14041):
Show all comments in Comments Tab if no resolved comments.

* [Issue 14470](https://crbug.com/gerrit/14470):
Remove attention set configuration option (frontend).

* [Issue 14521](https://crbug.com/gerrit/14521):
Fix fully reloading the change view when the new patchset is unknown.

* [Issue 14522](https://crbug.com/gerrit/14522):
Do not process keyboard shortcuts for invisible views.

* [Issue 14769](https://crbug.com/gerrit/14769):
Show tooltip below for diff view options.

* [Issue 14820](https://crbug.com/gerrit/14820):
Fix Normal text mistakenly shown with code block fixed-width formatting.

* [Issue 14828](https://crbug.com/gerrit/14828):
Saving a comment incorrectly closes/discards other unsaved comments.

* [Issue 14854](https://crbug.com/gerrit/14854):
Expand drafts in comment threads by default.

* [Issue 14872](https://crbug.com/gerrit/14872):
Account name misaligned in chip when there is no user avatars enabled.

* [Issue 15105](https://crbug.com/gerrit/15105):
Don't automatically open suggestions dropdown in "Add reviewer" and "Add CC".

## Documentation changes

* PolyGerrit UI screenshots and associated documentation have been updated.

* [Issue 11388](https://crbug.com/gerrit/11388):
Extend the section associated with NoteDb format documentation.

## JGit changes

Update JGit to 60b81c5a9280, which includes the following changes:

* [60b81c5a9](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/60b81c5a9):
Fix RevWalk.getMergedInto() ignores annotated tags.

* [c5b305473](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/c5b305473):
Optimize RevWalk.getMergedInto().

* [847077151](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/847077151):
GitServlet: allow to override default error handlers.

* [35eeab41b](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/35eeab41b):
RevWalk: getMergedInto's result is wrong on the second call.

* [24d6d6053](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/24d6d6053):
Retry loose object read upon "Stale file handle" exception.

* [64b0dee98](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/64b0dee98):
Fix garbage collection failing to delete pack file.

* [64d0aaa2b](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/64d0aaa2b):
Teach independent negotiation (no pack file) using an option "wait-for-done".

* [1788b72d1](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/1788b72d1):
Skip detecting content renames for binary files.

* [c59626ad7](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/c59626ad7):
RepoCommand: Retry commit on LockFailure.

* [0667b8ec4](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/0667b8ec4):
RepoCommand: Do not set 'branch' if the revision is a tag.

* [8bc166b00](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/8bc166b00):
BatchRefUpdate: Skip saving conflicting ref names and prefixes in memory.

* [303dd019d](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/303dd019d):
Optimize RefDirectory.isNameConflicting().

* [003862722](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/003862722):
LockFile: create OutputStream only when needed.

* [e58bf0870](https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/e58bf0870):
Add git config for conflict style merge/diff3.

## Other dependency changes

* Update auto-value-gson-\* to 1.3.1

* Update testcontainers to 1.15.3

* Update flogger to 0.6

* Update docker-java-\* to 3.2.8

* Update lucene-\* to 6.6.5

* Update polymer/decorators to 3.0.0

* Update polymer to 3.4.1

* Update typescript-api to 3.4.4

* Update lit to 2.0.2

## Other core changes

* [Issue 13563](https://crbug.com/gerrit/13563):
Fallback to a single region for incorrect intra-line diffs.

   In some rare cases, intra-line diffs produce incorrect results, which
   confuse users since the light/dark colors of added and removed areas do
   not accurately represent what was added and deleted.

* [Issue 13965](https://crbug.com/gerrit/13965):
commit-msg: simplify generation of a unique hash.

  Refactors the commit-msg hook, changing the random bits of
  data used to generate the value for the Change-Id trailer.

* [Issue 14362](https://crbug.com/gerrit/14362):
Export PluginPushOption for use in plugins.

* [Issue 14556](https://crbug.com/gerrit/14556):
Fix error handling in checks-service.

* [Issue 14772](https://crbug.com/gerrit/14772):
Fix attention set modifications for users with no permissions.

* [Issue 15149](https://crbug.com/gerrit/15149):
Add changeInfo to LabelsChangedCallback in ChangeReplyPluginApi.

## Bugfix releases

### 3.5.6

* Security Fixes

  * [Issue 16890](https://crbug.com/gerrit/16890)
    [CVE-2019-12402](https://nvd.nist.gov/vuln/detail/CVE-2019-12402):
  Fix DoS for Gerrit servers exposing Gitiles with the ability to download source archive

    Bump common:compress version to 1.22 for protecting against an infinite loop
    triggered by downloading a source archive of files with a Unicode filename.

* Bug Fixes

  * [Change 362914](https://gerrit-review.googlesource.com/c/gerrit/+/362914)
  Fix internal server error caused by double flush in BaseCommand.TaskThunk

    Ignore `SshChannelClosedException` when flushing the task's output and error
    streams. JGit commands like `UploadPack` flush these streams already. When
    `TaskThunk` tries to flush them again `SshChannelClosedException` is thrown
    and leads to an internal server error.

  * [Change 364478](https://gerrit-review.googlesource.com/c/gerrit/+/364478):
  AndSource: Run `isVisibleToPredicate` based on its cost

    `isVisible` check can be expensive and always running it ahead of other
    cheaper predicates can increase the query time. Update `AndSource` to treat
    `isVisibleToPredicate` like any other predicate so that it runs based on its
    estimated cost.

  * [Change 364591](https://gerrit-review.googlesource.com/c/gerrit/+/364591)
  Allow to hide download schemes from the UI

    Allow hiding a download scheme in the UI by still allowing to use it.

  * [Issue 16819](https://crbug.com/gerrit/16819):
  Enable LDAP "Remember me" in login form per default

    When users are presented with the LDAP login page, the "Remember me" checkbox
    is disabled by default.  This might be a problem because, if the user doesn't
    explicitly click the checkbox, the session will be tied to the browser
    session.

  * [Issue 16814](https://crbug.com/gerrit/16814):
  Improve `Rebase-SubmitStrategy` performance in some cases

    Set uninteresting branches based on project configuration:
    `create_new_change_for_all_not_in_target`.

  * [Change 369415](https://gerrit-review.googlesource.com/c/gerrit/+/369415):
  Fix metric computation with file paths in metric name.

    Don't fail metric computation due to duplicated metric names.

  * [Change 370354](https://gerrit-review.googlesource.com/c/gerrit/+/370354):
  Improved performance of queries when backend index returns more results than needed

    Matching changes more than the limit is just extra work that is discarded at
    the end when the results are trimmed to match the limit. This can help improve
    performance of queries where a small percentage of changes are filtered in the
    initial page and the remaining results are obtained from the next page.

  * [Change 357834](https://gerrit-review.googlesource.com/c/gerrit/+/357834):
  Improved performance for plugin-provided SSH commands that perform multiple
  permission checks or ref lookups for the same project

    Move creation of `PerThreadCache` to `SshCommand` so that the cache is available
    to most commands, including plugins.

* Download-commands plugin fixes

  * [Issue 15944](hhttps://crbug.com/gerrit/15944):
  Update download-commands to latest master

* Dependency Updates

  * Update jgit to 74fa245b3c3ccf13afcbec7911c7c8459e48527d.

  * [JGit Bug 565854](https://bugs.eclipse.org/bugs/show_bug.cgi?id=565854)
  SshdSession: close channel gracefully

    Close the channel gracefully to give the server a chance to clean up properly on
    its side.

  * Update bouncycastle to 1.72.

  * Update commons-compress to 1.22.

  * Update tukaani-xz to 1.9.

### 3.5.5

* New features

  * [Issue 16565](https://crbug.com/gerrit/16565):
  Introduce cache.threads option to allow custom executors for Caffeine caches.

    The introduction of `cache.threads` in `gerrit.config` allows to configure
    a separate thread pool which can be tuned and decoupled from the
    rest of the JVM common threads.

  * [Change 353177](https://gerrit-review.googlesource.com/c/gerrit/+/353177):
  Add tsconfig-plugins-base.json to Gerrit TypeScript Plugin API.

    Adds `tsconfig-plugins-base.json` to the npm package so downstream plugins
    can easily use the same set of TypeScript settings.

  * [Change 351674](https://gerrit-review.googlesource.com/c/gerrit/+/351674):
  SSH review cmd handles lock failures with retries.

    Retrying on lock failures helps mitigating lock failures when there is
    contention to lock the notedb ref. Retries were already implemented
    in REST API code path at a high enough layer so that it applies for all
    REST APIs.

  * [Change 353594](https://gerrit-review.googlesource.com/c/gerrit/+/353594):
  Inserting new patch-sets is retried on lock failures.

    Mitigates failures when creating new patch-sets fails if the notedb
    ref is locked for another update on the change.

  * [Issue 16445](https://crbug.com/gerrit/16445):
  Add slice number to the change indexing task description.

    To indicate to the administrator each task is indeed doing something
    different, add the slice number if there is more than one slice in
    total.

  * [Change 356215](https://gerrit-review.googlesource.com/c/gerrit/+/356215):
  Support `init --reindex-threads=-1` to skip reindexing after init.

    Admins may wish to run other commands after `init` and before `reindex`, but
    previously would have needed to observe and interrupt the `init` command
    process once it started reindexing in order to do so. Providing an option to
    `init` that skips the reindexing phase simplifies that workflow and makes it
    less error prone.

  * [Change 356234](https://gerrit-review.googlesource.com/c/gerrit/+/356234):
  Add CUDA syntax highlighting.


  * [Change 352534](https://gerrit-review.googlesource.com/352534):
  Introduce `--show-cache-stats`for printing cache stats during `init` and `reindex`,
  disabled by default.

* Bug Fixes

  * [Issue 14686](https://crbug.com/gerrit/14686), [Issue 14779](https://crbug.com/gerrit/14779), [Issue 16030](https://crbug.com/gerrit/16030):

    In [Change 293978](https://gerrit-review.googlesource.com/c/gerrit/+/293978), eTag was
    removed from GetRevisionActions, but not RevisionResource. This resulted
    in the UI to show a stale 'submit' action on the change in the same
    submission chain. The UI now uses RevisionResource eTag, that does not include
    MergeSuperSet (all related changes).

  * [Issue 16409](https://crbug.com/gerrit/16409):
  Report pack protocol errors to the client via smart-HTTP.

    A regression introduced by [JGit Change 1926771](https://git.eclipse.org/r/c/jgit/jgit/+/192677),
    caused pack protocol errors to be reported as 500 Server errors.
    Such situations should be reported to the user as a 200 OK containing the
    details of the failed operation.

  * [Change 351759](https://gerrit-review.googlesource.com/351759):
  Fix `contrib/find-duplicate-usernames.sh` output when usernames contain spaces.

  * [Issue 16449](https://crbug.com/gerrit/16449):
  Fix project root computation in Gitweb servlet.

  * [Change 355196](https://gerrit-review.googlesource.com/355196):
  Fix the ability to configure JSCH as client implementation in `gerrit.config`.

    The JGit's SSH loading of the default session factory may lead to a
    non-deterministic instance if more than one factory is available.
    Make the legacy JSCH implementation explicit to enable configuring
    it instead of the default Apache Mina SSH.

  * [Change 356715](https://gerrit-review.googlesource.com/356715):
  Fixed bug with negated label for queries with external groups.

  * [Change 359176](https://gerrit-review.googlesource.com/359176):
  Fix LabelPredicate group matching for included external groups.

  * [Change 357874](https://gerrit-review.googlesource.com/357874):
  Fixed ownerin/uploaderin for internal groups that include external groups.

  * [Change 355054](https://gerrit-review.googlesource.com/355054):
  Wrap #mobileSearch in a div.

    Fixes an issue on wikimedia where the search button was hidden
    even though the rules executed to make it show.

* Replication plugin fixes

  * [Change 352174](https://gerrit-review.googlesource.com/352174):
  Replication distributor: reduce log level for no-op consolidations.

* Dependency Updates

  * Update jgit to a1901305b26ed5e0116f138bc02837713d2cf5c3.

    Update from stable-6.1 to stable-6.5:

    * Notable enhancements and fixes from [6.2.0](https://projects.eclipse.org/projects/technology.jgit/releases/6.2.0) are:

       * [4dd9a94e](https://git.eclipse.org/r/c/jgit/jgit/+/192433): Better feedback on SSH authentication failure

       * [7b1c8cf14](https://git.eclipse.org/r/c/jgit/jgit/+/191924): Retry reading a file when there are concurrent writes

       * [fed1a5493](https://git.eclipse.org/r/c/jgit/jgit/+/197714): Refresh 'objects' dir and retry if a loose object is not found
         (Fixes cases where a new loose object is not immediately visible on a NFS
         client if it was created on another client)

       * [011c26ff3](https://git.eclipse.org/r/c/jgit/jgit/+/193939): Fix connection leak for smart http connections

       * [ac127a793](https://git.eclipse.org/r/c/jgit/jgit/+/196849): Do not handle internal git errors as an HTTP error

    * Notable enhancements and fixes from [6.3.0](https://projects.eclipse.org/projects/technology.jgit/releases/6.3.0) are:

       * [1a364c49e](https://git.eclipse.org/r/c/jgit/jgit/+/194200): JGit blame very slow for large merge commits that rename
         files
       * [66ace4b9](https://git.eclipse.org/r/c/jgit/jgit/+/193496): Do not check reachability of visible SHA1s in git-upload-pack

       * [035e0e23](https://git.eclipse.org/r/c/jgit/jgit/+/194500): Do not prematurely terminate timer in case of error during git-upload-pack

    * Notable enhancements and fixes from [6.4.0](https://projects.eclipse.org/projects/technology.jgit/releases/6.4.0) are:

       * [fe9aeb02e6](https://git.eclipse.org/r/c/jgit/jgit/+/196497), [93097f0018](https://git.eclipse.org/r/c/jgit/jgit/+/196323): Receive and parse client [git session-id](https://git-scm.com/docs/gitprotocol-capabilities#_session_idsession_id)

       * [59029aec3](https://git.eclipse.org/r/c/jgit/jgit/+/196905): Add option to allow using JDK's SHA1 implementation

       * [3e7281662](https://git.eclipse.org/r/c/jgit/jgit/+/197151): UploadPackServlet#doPost use try-with-resource to ensure
         UploadPack is closed

       * [1e04046a6](https://git.eclipse.org/r/c/jgit/jgit/+/194411): Fix crashes on rare combination of file names (This issue
         has been seen during offline reindex of changes with specific merge
         commits)

  * Update sshd to 2.9.2

    * [CVE-2022-45047](https://nvd.nist.gov/vuln/detail/CVE-2022-45047): Avoid using Java deserialization to load a serialized java.security.PrivateKey

    * [SSHD-1302](https://issues.apache.org/jira/browse/SSHD-1302): Reading again from exhausted ChannelExec#getInvertedOut() throws IOException instead of returning -1

    * [SSHD-966](https://issues.apache.org/jira/browse/SSHD-966): Deadlock on disconnection at the end of key-exchange

    * [SSHD-1231](https://issues.apache.org/jira/browse/SSHD-1231): Public key authentication: wrong signature algorithm used (ed25519 key with ssh-rsa signature)

    * [SSHD-1257](https://issues.apache.org/jira/browse/SSHD-1257): Shell is not getting closed if the command has already closed the OutputStream it is using.

    * [SSHD-1261](https://issues.apache.org/jira/browse/SSHD-1261): Sometimes async write listener is not called

    * [SSHD-1290](https://issues.apache.org/jira/browse/SSHD-1290): Race condition is logged in ChannelAsyncOutputStream

  * Update mina-core to 2.0.23

* Documentation fixes

  * [Change 353177](https://gerrit-review.googlesource.com/353177):
  Document Gerrit TypeScript Plugin API @gerritcodereview/typescript-api in pg-plugin-dev.

### 3.5.4

* New features

  * [Issue 13930](https://crbug.com/gerrit/13930);
    Support ssh kex server-sig-algs for modern RSA clients.

* Native packaging

  * GerritForge RPM repository updated for arm64 architecture

    [GerritForge RPM v1.4](https://gerritforge.com/gerritforge-repo-1-4.noarch.rpm)
    has been released, including the native packages for arm64 architecutre.

  * DockerHub images for arm64 architecture

    [DockerHub Gerrit images](https://hub.docker.com/r/gerritcodereview/gerrit/tags?page=1&name=3.5.4)
    include images for arm64 architecture.

* Performance Fixes

  * [Change 350577](https://gerrit-review.googlesource.com/c/gerrit/+/350577)
    copy-approvals: use multiple threads for copy-approvals, improve performance

    Split the work into slices of changes and then utilize one thread per slice.
    Also skip unnecessary reindexing. On a large Gerrit site with 1.3 million
    changes, this reduced the time for copy-approvals from 5 hours to 15-20
    minutes.

  * [Change 350236](https://gerrit-review.googlesource.com/c/gerrit/+/350236)
    Optimized change visibilty checking when the project is hidden

    Looping over every change when the whole project isn't readable is a
    waste of CPU. It's a bigger waste to fetch all the change data in the
    first place.

  * [Issue 16379](https://crbug.com/gerrit/16379):
    Remove key locking for disabled caches

    This change also makes the memoryLimit behaviour consistent with the
    diskLimit set to zero means disabling the implementation of the cache.

  * [Change 349895](https://gerrit-review.googlesource.com/c/gerrit/+/349895):
    Add AndCardinalPredicate and OrCardinalPredicate

    Before this change, IndexSource derived cardinality from predicate
    which implement `HasCardinality`. Since `AndPredicate` and `OrPredicate`
    does not return cardinality, IndexSource defaults to 10 when query
    comprises more than one predicate. Due to this behavior, `AndSource`
    chooses IndexSource almost always when query contains more than one
    index predicate.
    This helps `AndSource` to choose the right source more often.

  * [Change 347956](https://gerrit-review.googlesource.com/c/gerrit/+/347956):
    Introduce possibility to define the cardinality so that `AndSource` predicate
    can work more efficiently

    Before this change, cardinality of the IndexSource was always set to
    10. This makes `AndSource` to choose IndexSource over other sources most of
    the time.
    Add a `HasCardinality` interface which can be used by all the predicates
    which implement IndexPredicate to set a cardinality. This helps
    AndSource to choose the right datasource.

  * [Change 347955](https://gerrit-review.googlesource.com/c/gerrit/+/347955):
    Consider cardinality while choosing the data source for `AndSource` predicate

    Before this change, `AndSource` considered cost to choose a datasource.
    Ideally cost should be used to determine which predicate to run
    `#match()` against first, so that queries are faster. Cardinality should
    be used to determine which datasource to be picked so that there are
    fewer changes to process.
    Consider cardinality of the datasource to choose the source and use
    cost when cardinality is same.

  * [Change 349355](https://gerrit-review.googlesource.com/c/gerrit/+/349355):
    Cache repository locations in LocalDiskRepositoryManager

    Obtaining the actual location of a repository using base-path
    and project name can be slow as it involves some guessing to
    locate the repository. Cache the locations once they are
    obtained to avoid repeated work, thereby improving performance
    when opening repositories.

* Bug Fixes

  * [Change 350576](https://gerrit-review.googlesource.com/350576)
    copy-approvals: continue when there are corrupt meta-refs in a project

    If there was a corrupt meta-ref in a project, the copy-approvals
    failed for all changes in that project. Mitigates [Issue 16326].

  * [Change 350575](https://gerrit-review.googlesource.com/350575)
    copy-approvals: don't stop when it fails on one project

    When copying of approvals failed in one project it skipped copying of
    approvals for other projects where it would potentially finish
    successfully.

  * [Change 350414](https://gerrit-review.googlesource.com/c/gerrit/+/350414)
    Fix index rewriter to rewrite all Or/AndPredicates.
    AndSource chooses right source more often

  * [Change 349314](https://gerrit-review.googlesource.com/349314)
    Fix reindex with label copyCondition containing group.

  * [Change 350014](https://gerrit-review.googlesource.com/c/gerrit/+/350014):
    Do not set cherryPickOf on RevertSubmission

    The RevertSubmission internally uses CherryPickChange operation.  It
    creates the 'normal' revert for the first change in the relation chain,
    for each subsequent change it creates a revert commit that is then
    cherry-picked. This cherry-pick is not a cherry-pick of the reverted
    change. This is a cherry-pick of the revert commit of the original
    change.
    This change fixes the bug in the logic that sets cherryPickOf to the
    original (reverted) change, using the CherryPickChange operation.

  * [Change 349894](https://gerrit-review.googlesource.com/c/gerrit/+/349894):
    Don't always rewrite And/OrPredicate to And/OrSource

    Before this change OrPredicate was always rewritten to OrSource. This
    is not the right thing to do as `OrSource#read()` will eventually fail
    when there is at least one non-datasource child. Since
    [Change 347955](https://gerrit-review.googlesource.com/c/gerrit/+/347955),
    `AndSource` picks a source which has the lowest cardinality
    which makes the `OrSource#read()` failures more visible.
    Rewrite `OrPredicate` to `OrSource` only when all the children in the
    predicate are DataSources.

  * [Change 348715](https://gerrit-review.googlesource.com/c/gerrit/+/348715);
    Clarify that a restart is needed before changes to email templates take
    effect

  * [Issue 16182](https://crbug.com/gerrit/16182):
    Reintroduce the Change-Id footer in change screen

    This change reintroduce the Change-Id footer below the commit message on
    the Gerrit UI.

  * [Issue 10168](https://crbug.com/gerrit/10168):
    Fix HTTP 404 when browsing tags on Gitweb

    The Gitweb links to tags have been broken in v2.14.10 onwards.
    Gitweb supports the 'a=tags' rendering action for annotated tags
    only, returning 404 for all lightweight tags.
    Use the generic 'a=shortlog' for Gitweb links to tags which would
    work for both annotated and lightweight ones.

  * [Change 77495](https://gerrit-review.googlesource.com/c/gerrit/+/347495):
    Fix for IllegalStateException during the Gerrit start when
    `cache.projects.refreshAfterWrite` is set to true and prolog rules are used

* Replication plugin fixes

  * [Change 350234](https://gerrit-review.googlesource.com/350234)
    Fix URI double escaping. Stored tasks with (broken) double escaped URIs must be manually removed

  * [Issue 15804](https://crbug.com/gerrit/15804);
    Do not retry replication when local repository not found

* Dependency Updates

  * [Issue 14861](https://crbug.com/gerrit/14861);
  Update jgit to c6b0ee04e49c96e0beec4154196c416abcf2bcc9.
  This update to current stable-5.9 contains the following changes:

  * fed0ab9ba Use FileSnapshot without using configs for FileBasedConfig

  * 5606a5315 FileSnapshot: Lazy load file store attributes cache

  * 6aa29d116 Better git system config finding

  * d160e8a93 Fix missing peel-part in lsRefsV2 for loose annotated tags

  * 5f8c48413 reftable: drop code for truncated reads

  * b4782d74f reftable: pass on invalid object ID in conversion

* Documentation fixes

* Other Fixes

  * [Issue 16322](https://crbug.com/gerrit/16322):
    Limit the number of changes that can be submitted together

    When chaining changes together, the sequence of commits to navigate
    was previously unbound, causing the potential operations explosion.
    The explosion could have also been accidental and caused by the push
    of a change with a non-existent branch, which would have resulted
    in the full scan of the repository for changes.
    Introduce a new Gerrit configuration `change.maxSubmittableAtOnce` with
    a safe default of `1024`, which would allow any use case that would have
    also worked before this change.

  * [Change 347496](https://gerrit-review.googlesource.com/c/gerrit/+/347496):
    Enable project_list cache warmer when `cache.project_list.maxAge` is set

  * [Change 341454](https://gerrit-review.googlesource.com/c/gerrit/+/341454):
    GitwebServlet: Retrieve git path from FileRepository so that it can be used
    with multi-site and cached-refdb modules

  * [Issue 15997](https://crbug.com/gerrit/15997):
    Make DelegateRepository#delegate() method public to allow plugins/modules to
    access it

### 3.5.3

* Security Fixes

  * [Issue 16054](https://crbug.com/gerrit/16054):
  Fix confidentiality leak by users with create ref permission
  using the create branch REST-API

    Any user with create ref permission was able to gain
    access to any SHA1 or refs, including the ones that they would
    not have permission to see.

* Breaking changes

  * [Issue 15941](https://crbug.com/gerrit/15941):
  Fix SSH queries to not show commit-message unless --commit-message is provided

    This issue has existed for several years and should be considered
    breaking as users might expect commit message to be included by
    default in SSH query results.
    Obtaining the commit message is a costly operation as the commit
    data has to be loaded. So, showing it even when --commit-message
    is not provided degrades the performance of SSH queries.

  * [Change 344300](https://gerrit-review.googlesource.com/344300):
  Add missing return values in MetricMaker's `newCallbackMetric` and
  `newConstantMetric`

    When new callback and constant metrics were created the RegistrationHandle
    was not returned, making impossible to de-register them.
    The method signature is now aligned, however, all plugins, including the core ones,
    that were registering callback or constant metrics would need to be rebuilt from
    source or downloaded from the latest build on
    [Gerrit-CI](https://gerrit-ci.gerritforge.com).

* New features

  * [Change 343096](https://gerrit-review.googlesource.com/343096):
  Introduce `index.paginationType=SEARCH_AFTER` configuration for speeding up
  query pagination

  * [Change 343798](https://gerrit-review.googlesource.com/343798):
  Introduce `index.pageSizeMultiplier` configuration to paginate index
  queries with increasing size

  * [Change 344334](https://gerrit-review.googlesource.com/344334):
  Implement `no-limit` queries with multiple pages, make them usable with
  Elasticsearch

  * [Change 345017](https://gerrit-review.googlesource.com/345017):
  Add public `EventTypes.getRegisteredEvents()` for accessing all stream
  event types from plugins

  * [Change 340714](https://gerrit-review.googlesource.com/340714):
  Introduce metrics configuration for different data reservoirs

* Performance Fixes

  * [Change 338154](https://gerrit-review.googlesource.com/338154):
  Lazy load change notes when submit by push
    Improves performance of change submit via push

  * [Change 338614](https://gerrit-review.googlesource.com/338614)
  Optimize SSH queries to avoid loading individual accounts
    This improves performance of SSH queries.

  * [Change 338474](https://gerrit-review.googlesource.com/338474):
  Allow async receive-commits to have a thread-local cache
    Improve caching when merging changes through git push

  * [Change 338574](https://gerrit-review.googlesource.com/338574):
  Cache ProjectControl instances in SSH queries
    A PerThreadCache is used to cache ProjectControl instances to
    improve SSH query performance.

  * [Change 338834](https://gerrit-review.googlesource.com/338834):
  Avoid creating an IdentifiedUser multiple times in a SSH query
    This improves performance of SSH queries.

* Bug Fixes

  * [Change 347474](https://gerrit-review.googlesource.com/347474):
  Fix DefaultMemoryCacheFactory to correctly set refreshAfterWrite
    Setting refreshAfterWrite in gerrit.config now works and does not mistakenly
    set expireAfterAccess

  * [Issue 15997](https://crbug.com/gerrit/15997):
  Make delegate() method public
    git-repo-metrics plugin now works with multi-site setup

  * [Issue 16018](https://crbug.com/gerrit/16018)
  Don't try to mark files as reviewed when not logged in
    Fix marking of reviewed flag when not logged in. "Log in is required to perform that action" popup is no longer seen
    when viewing file diffs unauthenticated.

  * [Issue 16038](https://crbug.com/gerrit/16038):
  Fix "internal error" when pushing to refs/users/xx/xxxx
    Push over HTTP to refs/users/* branch now works and doesn't fail with "error: internal error" / Not Signed In

  * [Issue 16001](https://crbug.com/gerrit/16001):
  AsciiDoctor: skip attribute when looking for title
    Fix documentation search showing :linkattrs: instead of the document title

  * [Issue 15134](https://crbug.com/gerrit/15134):
  Apply the match operator to filter projects
    Next-arrow is now not hidden when searching for repositories in the Repository section

  * [Change 337474](https://gerrit-review.googlesource.com/337474):
  Use sane value for QueryProcessor's effective limit on "--no-limit"
    Fix errors seen when --no-limit query option is used with ES index backend

  * [Change 339754](https://gerrit-review.googlesource.com/339754):
  Fix gerrit review command with branch option

    The gerrit review command was not able to find the commit with branch
    option; ensure "refs/heads/" prefix is present for branch option.

  * [Issue 16106](https://crbug.com/gerrit/16106):
  Fix label operator to work with external groups, which never worked before since
  its addition in v2.10.

  * [Change 331762](https://gerrit-review.googlesource.com/331762):
  Cache permission filtering for All-Projects, allowing a faster ACL evaluation
  to any refs.

  * [Change 343694](https://gerrit-review.googlesource.com/343694):
  Improve performance of queries that check the visibility of changes wrt a non-current user

  * [Change 346254](https://gerrit-review.googlesource.com/346254):
  Fix change queries evaluation of `AND` terms  to run match on predicate whose cost is
  least

    Sort the change queries predicates in `AND` based on cost and cardinality, which
    was broken since [Change 79391]().

    **WARNING**: queries containing predicates with poorly defined costs or cardinalities
    could perform worse now.

* Dependency Updates

  * Update JGit to 035e0e23f251fdb766a6630509bcf342efb8b3ad, including the following fixes
    and improvements:

    * 011c26ff3 - Fix connection leak for smart http connections
    * d67ac798f - Remove stray files (probes or lock files) created by background threads
    * 035e0e23f - UploadPack: don't prematurely terminate timer in case of error
    * 66ace4b9a - UploadPack: do not check reachability of visible SHA1s
    * 8984e1f66 HTTP Smart: set correct HTTP status on error

  * Update SSHD to 2.8.0, including the following fixes and improvements:

    * [SSHD-1163](https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1163):
    Wrong server key signature algorithm chosen in DH group key exchange

    * [SSHD-1197](https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1197):
    A race condition in key exchange fixed.

    * [SSHD-1216](https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1216):
    Server-side implementation of the RFC 8332 server-sig-algs
    extension: the server announces that it prefers the SHA-2 signatures
    for RSA keys.

    Additionally, SSHD 2.8.0 now supports (and prefers) the
    chacha20-poly1305@openssh.com cipher ([SSHD-1017](https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1017)),
    and supports the curve25519 and curve448 KEX algorithms
    ([SSHD-704](https://issues.apache.org/jira/projects/SSHD/issues/SSHD-704)).

* Documentation fixes

  * [Change 340534](https://gerrit-review.googlesource.com/340534)
  Fix link to change.mergeabilityComputationBehavior in user-search.txt

  * [Change 339235](https://gerrit-review.googlesource.com/339235)
  Add copy-approvals SSH command link to the index page

  * [Change 338949](https://gerrit-review.googlesource.com/338949)
  Fix auto-generated documentation header for plugins

  * [Change 337835](https://gerrit-review.googlesource.com/337835)
  rest-api-projects: Fix documentation for #inherited-boolean-info

* Other Fixes

  * [Change 337835](https://gerrit-review.googlesource.com/337835):
  rest-api-projects: Fix documentation for #inherited-boolean-info

  * [Change 340245](https://gerrit-review.googlesource.com/340245)
  Propagate auto flush value to external index module

  * [Change 340534](https://gerrit-review.googlesource.com/340534):
  Fix link to change.mergeabilityComputationBehavior in user-search.txt

### 3.5.2

* Important Notes

This version is a mandatory update before migrating further to v3.6.0.
The following two improvements are available to support the future upgrades:

  * [Change 336883](https://gerrit-review.googlesource.com/336883):
  Make the NoteDb parsing code accept the new label format that is introduced in Gerrit v3.6.0.

  * [Change 337697](https://gerrit-review.googlesource.com/337697):
  Introduce [copy-approvals](https://gerrit-documentation.storage.googleapis.com/Documentation/3.5.2/cmd-copy-approvals.html)
  SSH command for copying votes to the latest patch-sets online

  * [Change 337308](https://gerrit-review.googlesource.com/337308):
  Introduce `copy-approvals` site program for copying votes to the latest patch-sets offline

> **NOTE**: The execution of the `copy-approvals` SSH command (online) or the `java -jar gerrit.war copy-approvals`
> site command (offline) may take a long time to complete due to the full scanning of all projects.

* New Features

  * [Change 337231](https://gerrit-review.googlesource.com/337231):
  Expose proto package in plugin API, allowing to reuse the runtime libraries included in Gerrit

* Bug Fixes

  * [Change 335705](https://gerrit-review.googlesource.com/335705):
  Fix bazel build on Mac M1 (aarch64)

  * [Change 334762](https://gerrit-review.googlesource.com/334762):
  Use original javax.servlet-api instead of tomcat's copy

  * [Change 334299](https://gerrit-review.googlesource.com/334299):
  Reject invalid queries with status code 400 on `POST /accounts/<account-identifier>/watched.projects`

  * [Issue 14109](https://crbug.com/gerrit/14109):
  Fix NPE with cherry pick REST-API onto an existing change in a different branch

  * [Issue 15887](https://crbug.com/gerrit/15887):
  Fix the auto-complete on the Gerrit search box

  * [Issue 15889](https://crbug.com/gerrit/15889):
  Remove spams of "Logging context is not empty" in Gerrit's error_log

  * [Issue 15531](https://crbug.com/gerrit/15531):
  Disable tracing.performanceLogging by default because of increase of memory footprint

  * [Change 335194](https://gerrit-review.googlesource.com/335194):
  Fix threading issue in diff cache which caused sporadic Zlib exception making it look like
  the pack file was currupted

* Dependency Updates

  * Update rules_nodejs version to 5.1.0.

  * Update JGit to 78c9b9260a5287d09c87b407e396021590714513.

### 3.5.1

* Security Fixes

  * [Change 333304](https://gerrit-review.googlesource.com/333304):
  Ignore `--no-limit` query changes option for anonymous users

    Prevent the use of `no-limit` option with query changes REST API.
    The option can result in excessive resources usage make Gerrit subject
    to DoS and DDoS by any remote endpoint without the need to have any
    Gerrit account or signing in.

* Breaking changes

  * [Issue 15589](https://crbug.com/gerrit/15589):
  Add SHA-1 hash variable to gitweb file links

    This change necessitates a Gitiles plugin update to
    [v3.5.1](https://gerrit.googlesource.com/plugins/gitiles/+/refs/tags/v3.5.1).

* Docker Images

  * [Change 329639](https://gerrit-review.googlesource.com/329639):
  CentOS 8 AppStream has disappeared: use AlmaLinux 8.5 as replacement for Gerrit image

* Bug Fixes

  * [Issue 14945](https://crbug.com/gerrit/14945):
  Account cache is not caching the access to the account data refs

    Account cache in Gerrit v3.5 does not cache the access to the All-Users.git
    repository because of the refactoring of the cache key, which requires lookup
    of the All-Users.git refs. Gerrit allows now the refs in-memory caching using
    the [cached-refs](https://gerrit.googlesource.com/modules/cached-refdb) libModule.

  * [Issue 14912](https://crbug.com/gerrit/14912):
  Fix lost watch notifications when attention-set-only is configured

  * [Issue 15407](https://crbug.com/gerrit/15407):
  MultiBaseLocalDiskRepositoryManager cannot be overloaded by libModules

    Allow the replacement of multi-base git repositories through libModules, which
    wasn't possible before. Allow to use multi-base git repositories with the
    [multi-site](https://gerrit.googlesource.com/plugins/multi-site/) plugin and the
    [cached-refs](https://gerrit.googlesource.com/modules/cached-refdb) libModule

  * [Issue 15500](https://crbug.com/gerrit/15500):
  Fix java.util.IllegalFormatArgumentIndexException on Java 17 in
  MergeUtil#mergeWithConflicts

  * [Issue 15531](https://crbug.com/gerrit/15531):
  Disable performance metrics by default.

    Performance metrics were introduced in 3.5.
    This caused, for example when upgrading from 3.4 to 3.5,
    a 10X increase of metrics, from thousands to tens of thousands.

    Disabling it by default to avoid an unexpected 10X increase
    of metrics payload, which could lead to an increase of latency
    when returning it.

  * [Issue 15590](https://crbug.com/gerrit/15590):
  Fix SLF4J binding to Reload4J

    Use Reload4J-specific binding for SLF4J, fixing the broken MDC
    since the swap of Log4J with Reload4J done in
    [Change 328081](https://gerrit-review.googlesource.com/c/gerrit/+/328081).


  * [Change 330359](https://gerrit-review.googlesource.com/c/gerrit/+/330359):
  Fix gerrit ls-members --recursive

    Fix a regression introduced with
    [Change 134334](https://gerrit-review.googlesource.com/c/gerrit/+/134334)
    that caused it to ignore the --recursive flag.

  * [Change 327950](https://gerrit-review.googlesource.com/c/gerrit/+/327950):
  PrologRuleEvaluator: Fix endless loop on type error

  * [Change 330579](https://gerrit-review.googlesource.com/c/gerrit/+/330579):
  Restore transition support for cache-automerge refs which point to a tree

    Versions of Gerrit older than v2.13 may have cache-automerge refs
    which point to a tree. These older refs are not considered valid by
    AutoMerger, but are not removed or invalidated.

  * [Change 331379](https://gerrit-review.googlesource.com/c/gerrit/+/331379):
  Improve performance in ACL permissions evaluation by computing project state only when needed

  * [Change 331639](https://gerrit-review.googlesource.com/c/gerrit/+/331639):
  Memoize compiled ref pattern in project cache, known to be expensive

  * [Change 331762](https://gerrit-review.googlesource.com/c/gerrit/+/331762):
  Cache permission filtering for All-Projects

  * [Change 331763](https://gerrit-review.googlesource.com/c/gerrit/+/331763):
  Move ordering of the project access section to the cached value creation for better performance

* Documentation Fixes

  * [Change 331361](https://gerrit-review.googlesource.com/c/gerrit/+/331361):
  Fixup old references to Database in documentation

  * [Change 331360](https://gerrit-review.googlesource.com/c/gerrit/+/331360):
  Remove leftover receive.changeUpdateThreads references

  * [Change 290603](https://gerrit-review.googlesource.com/c/gerrit/+/290603):
  Fix gerrit ls-groups flag `-g` in documentation

* Other Fixes

  * [Issue 15667](https://crbug.com/gerrit/15667):
  Fix Zuul build with obsolete Python 3.5.

* Dependency Updates

  * Update SLF4J version to 1.7.36.

  * Replace Log4J with reload4j version 1.2.19.