| --- |
| title: "Gerrit 3.3.x" |
| permalink: 3.3.html |
| hide_sidebar: true |
| hide_navtoggle: true |
| toc: true |
| --- |
| |
| Download: **[3.3.11](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.11.war)** |
| | [3.3.10](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.10.war) |
| | [3.3.9](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.9.war) |
| | [3.3.8](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.8.war) |
| | [3.3.7](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.7.war) |
| | [3.3.6](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.6.war) |
| | [3.3.5](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.5.war) |
| | [3.3.4](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.4.war) |
| | [3.3.3](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.3.war) |
| | [3.3.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.2.war) |
| | [3.3.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.1.war) |
| | [3.3.0](https://gerrit-releases.storage.googleapis.com/gerrit-3.3.0.war) |
| |
| Documentation: **[3.3.11](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.11/index.html)** |
| | [3.3.10](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.10/index.html) |
| | [3.3.9](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.9/index.html) |
| | [3.3.8](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.8/index.html) |
| | [3.3.7](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.7/index.html) |
| | [3.3.6](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.6/index.html) |
| | [3.3.5](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.5/index.html) |
| | [3.3.4](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.4/index.html) |
| | [3.3.3](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.3/index.html) |
| | [3.3.2](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.2/index.html) |
| | [3.3.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/index.html) |
| | [3.3.0](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.0/index.html) |
| |
| ## Release highlights |
| |
| * Java 11 by default for Gerrit |
| |
| * New logs timestamp format |
| |
| * Attention Set |
| |
| ## Important notes |
| |
| ### Default support for Java 11 |
| |
| The java language level is now set to Java 11 by default for Gerrit. |
| |
| * [Issue 13494](https://bugs.chromium.org/p/gerrit/issues/detail?id=13494); |
| Generate a Java 11 Eclipse project by default |
| |
| * Update dev-{eclipse,intellij} development for Java 11. |
| |
| ### Schema changes |
| |
| This release contains schema changes. To upgrade: |
| |
| ``` sh |
| java -jar gerrit.war init -d site_path |
| ``` |
| |
| Upgrading to this schema version (184) renames the `Non-Interactive Users` |
| group to `Service Users`. |
| |
| ### Zero-downtime upgrade |
| |
| Gerrit supports zero-downtime upgrade from Gerrit v3.2 when configured using |
| a [high-availability configuration](https://gerrit.googlesource.com/plugins/high-availability/+/refs/heads/master/README.md), |
| when the Git repositories are stored in a shared filesystem such as NFS or similar. |
| |
| For upgrading with zero-downtime, you should enable the rolling upgrade migration |
| in `gerrit.config` on both Gerrit servers by setting the |
| [`gerrit.experimentalRollingUpgrade`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.2.0/config-gerrit.html) |
| to `true`. |
| |
| During the zero-downtime upgrade, Gerrit end-users would not notice any outage |
| or service disruption. They will be able to perform any read/write Gerrit operation |
| on the GUI or using the Git protocol. |
| |
| The zero-downtime upgrade consists of the following steps: |
| |
| 1. Have Gerrit servers upgraded to v3.2 in high-availability configuration, |
| healthy and able to handle the incoming traffic properly. |
| 2. Set `gerrit.experimentalRollingUpgrade` to `true` in `gerrit.config` on both Gerrit servers. |
| 3. Set the first Gerrit server unhealthy. |
| 4. Shutdown the first Gerrit server, upgrade to v3.3 and start Gerrit again. |
| 5. Verify that the first Gerrit server is working properly and then make it healthy again. |
| 6. Wait for the first Gerrit server to start serving traffic normally. |
| 7. Repeat steps 3. to 6. for the second Gerrit server. |
| 8. Remove `gerrit.experimentalRollingUpgrade` from `gerrit.config` on both Gerrit servers. |
| |
| **NOTE**: The schema version 184 is tolerated by the Gerrit v3.2 because the group-id |
| of the `Non-Interactive Users` remains the same, hence all existing ACLs are evaluated |
| as expected also when the group is renamed to `Service Users`. During steps 4, 5 and 6, the Gerrit |
| server still running v3.2 will display `Service Users` on the repositories ACLs screen. |
| |
| ### Downgrade |
| |
| Downgrade to any Gerrit v3.2.x release is possible, but requires the following manual steps: |
| |
| 1. Shutdown a migrated Gerrit v3.3.x server |
| 2. Bump the All-Projects.git version (refname: `refs/meta/version`) to `183`: |
| ``` sh |
| git update-ref refs/meta/version $(echo -n 183|git hash-object --stdin) |
| ``` |
| See [git hash-object](https://git-scm.com/docs/git-hash-object) and |
| [git update-ref](https://git-scm.com/docs/git-update-ref). |
| 3. Revert the All-Users.git schema-184 migration commit (refname: `refs/meta/group-names`) |
| 4. Run Gerrit v3.2.x init |
| 5. Startup Gerrit v3.2.x server |
| |
| ### Breaking changes |
| |
| * [New logs timestamp format](http://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/logs.html): |
| |
| The new format supports both ISO-8601 and RFC3339, which means that if you are |
| parsing it as general ISO-8601 it should work as before. However you will be |
| affected if you are parsing the timestamp with a static format. |
| |
| ### ChangeAttributeFactory deprecated and ChangePluginDefinedInfoFactory supported |
| |
| Similar to the ChangeAttributeFactory, a ChangePluginDefinedInfoFactory allows |
| plugins to [provide additional data in change results](http://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/dev-plugins.html#query_attributes). |
| ChangePluginDefinedInfoFactory has the advantage that it allows plugins to know |
| the full set of changes up front so that they can do bulk operations. |
| |
| ChangeAttributeFactory will be removed in the next release. |
| |
| ### JGit auto-configuration |
| |
| #### Auto-disable `receive.autogc` option |
| |
| By JGit's default, `git-receive-pack` will run auto gc after receiving |
| data from git-push and updating refs. |
| |
| Init step is added to auto-disable `receive.autogc` configuration option |
| in `$gerrit_site/etc/jgit.config` file. |
| |
| #### Auto-enable git wire protocol version 2 |
| |
| By JGit's default, git wire protocol version 2 is disabled. Given, that git |
| wire protocol version 2 on the server side is considered to be now very stable, |
| activate it per default in init site program, so that gerrit sites benefit |
| from improved fetch performance. |
| |
| ## Security fixes |
| |
| * [Issue 13621](https://bugs.chromium.org/p/gerrit/issues/detail?id=13621); |
| [CVE-2020-8919](https://nvd.nist.gov/vuln/detail/CVE-2020-8919): |
| Make `PermissionBackend#ForRef` authoritative. |
| |
| Fixes a misconception that leads to data being accessible through Gerrit |
| APIs that should be locked down. |
| |
| Gerrit had two components for determining if a Git ref is visible to a |
| user: `(Default)RefFilter` and `PermissionBackend#ForRef` (e.g., |
| `RefControl`). The former was always capable of providing correct results |
| for all refs. The latter only had logic to decide if a Git ref is visible |
| according to the Gerrit `READ` permissions. This includes all refs under |
| `refs/heads` as well as any other ref that isn't a database ref or a Git |
| tag. This component was unaware of Git tags and notedb-related refs. Hence, |
| when asked for a database reference such as `refs/changes/xx/yyyyxx/meta`, |
| the logic would allow access if the user has `READ` permissions on any of |
| the ref prefixes (such as the default "read refs/* Anonymous Users"). |
| |
| That was problematic, because it bypassed |
| [documented behavior](http://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/access-control.html) |
| where a user should only have access to a change if he can see the |
| destination ref. The same goes for other database references. |
| |
| * [Issue 13514](https://bugs.chromium.org/p/gerrit/issues/detail?id=13514); |
| [CVE-2020-8920](https://nvd.nist.gov/vuln/detail/CVE-2020-8920): |
| Work around Gitiles bug on `All-Users` visibility. |
| |
| Gitiles has a special `FilteredRepository` wrapper that allows carefully |
| hiding refs based on the project's ACLs. There is however an optimization |
| that skips the filtering in case a user has `READ` permissions on every ACL |
| pattern(s). When the target repository is `All-Users`, the optimization |
| turns into a security issue because it allows seeing all personal information |
| associated with all accounts, i.e.: |
| |
| * draft comments |
| * draft edits |
| * personally identifiable information (PII) of all users |
| * external ids |
| |
| This fix now blocks Gitiles or any other part of Gerrit to abuse this power |
| when the target repository is `All-Users`, where nobody can be authorized |
| to skip the ACLs evaluation anyway. |
| |
| * [Issue 12629](https://bugs.chromium.org/p/gerrit/issues/detail?id=12629); |
| Verify hostname when sending emails via SMTP server with `SMTPSClient`. |
| |
| The SMTP server's certificate and hostname must be verified if |
| encryption is enabled with SSL verification in the host settings |
| (`sendemail.smtpEncryption` and `sendemail.sslVerify`). |
| |
| `SMTPSClient` from Apache Commons Net used for SSL processing. |
| It has the following downside: if encryption is not required, |
| `SMTPSClient` is used in 'explicit' mode with the upgrade to TLS |
| never called. Thus, the client is somewhat misused. |
| |
| ## Native packaging |
| |
| * Allow to use init as a param in docker run |
| |
| This allows to easily run the Gerrit image with the `init` argument to explicitly |
| re-run the initialization on an existing or new site. |
| |
| * CentOS docker image upgrade to v8.2.2004 |
| |
| ## New features |
| |
| * [Attention Set](http://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/user-attention-set.html): |
| |
| For every change Gerrit maintains an "Attention Set" with users that are |
| currently expected to act on the change. Both on the dashboard and on the |
| change page, this is expressed by an arrow icon before the user name. |
| |
| Enabled by default. |
| The former assignee feature is therefore now disabled by default. |
| |
| * The reply dialog posts patchset level comments instead of change messages. |
| |
| This is an experiment that is enabled by default. However, it can be |
| disabled by adding 'UiFeature__patchset_comments' as disabled key in |
| [experiments section of gerrit.config](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#experiments). |
| This is useful if your CI system parses back change messages (e.g. |
| "/rerun") and has not been updated yet to parse patchset level |
| comments. The option to revert this behavior will be removed in |
| Gerrit 3.4. Until then, administrators need to have migrated. |
| |
| * [Issue 13670](https://bugs.chromium.org/p/gerrit/issues/detail?id=13670); |
| Introduce cache.openFiles setting in gerrit.config. |
| |
| Persistent caches might require the allocation of additional file |
| descriptors depending on their configuration and backend engine. |
| This new setting allows the gerrit.sh to be aware of that and increase the |
| number of files accordingly before starting Gerrit. |
| |
| E.g. when swapping the default H2 persistent cache implementation with the |
| [chronicle-map implementation](https://gerrit.googlesource.com/modules/cache-chroniclemap/+/refs/heads/stable-3.3) |
| the number of open files needs raising, since the latter is bound to open more |
| file descriptors, mostly due to its usage of memory mapped files. |
| |
| ### REST API changes |
| |
| * Reject REST requests with invalid enum values as bad request |
| |
| * Expose 'Service User' tag on the REST API |
| |
| * Add endpoints to allow enhancement on submit requirements |
| |
| * Add parameter for added reviewers on reply-reviewers endpoint |
| |
| * Add an alternate `CreateChange` endpoint |
| |
| * [Issue 13357](https://bugs.chromium.org/p/gerrit/issues/detail?id=13357); |
| Add the work_in_progress option to the revert and revertSubmission endpoints |
| |
| ## End-to-end tests |
| |
| * [Issue 12208](https://bugs.chromium.org/p/gerrit/issues/detail?id=12208); |
| Add [presentation links](https://www.gerritcodereview.com/presentations.html#list-of-presentations) |
| to [documentation](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/dev-e2e-tests.html#_what_is_gatling) |
| |
| * [Issue 13082](https://bugs.chromium.org/p/gerrit/issues/detail?id=13082); |
| Add Eclipse support for Gatling tests |
| |
| ## Plugin changes |
| |
| ### delete-project |
| |
| * [Issue 13402](https://bugs.chromium.org/p/gerrit/issues/detail?id=13402); |
| Fix event handling on error |
| |
| ### download-commands |
| |
| * New command: "Reset To" |
| |
| Add a new command that allows to reset the current branch to the commit |
| that was fetched. This is useful in cases when the user is working on a |
| local branch and the existing commands are not appropriate: |
| |
| * "Checkout" will check out the FETCH_HEAD, i.e. moving off the current |
| branch and leaving the local repository in 'detached head' state. |
| |
| * "Cherry-Pick" will commit the fetched change again, resulting in a |
| 'new' commit (i.e. changed sha1) which will result in a new patch set |
| if the user creates any commits on top of it and pushes for review. |
| |
| * [Issue 10021](https://bugs.chromium.org/p/gerrit/issues/detail?id=10021); |
| Avoid quoting on basic strings |
| |
| ### plugin-manager |
| |
| * [Issue 12885](https://bugs.chromium.org/p/gerrit/issues/detail?id=12885); |
| Fix loading of core plugins on Windows |
| |
| ### replication |
| |
| * Add method to push changes directly to given replica |
| |
| This makes it possible to push changes directly to given replica |
| instance without sending unnecessary requests to others. |
| |
| The method is intended to be used by other plugins that extend the |
| replication plugin. |
| |
| * Prevent persistent task listing interruptions on IOExceptions |
| |
| Improved the logging by differentiating between failures that are |
| severe versus potentially related to other node actions since in a |
| multi-primary scenario with shared storage, it is common for operations |
| on one node to "interfere" with task listing operations on another node |
| without causing a malfunction. Specifically, improve the exception |
| handling so that the logging in these latter cases have a likely |
| explanation of the listing error, and do not consider these specific |
| filesystem errors operational errors. |
| |
| **NOTE**: The multi-primary replication is still experimental. |
| |
| * [Issue 12769](https://bugs.chromium.org/p/gerrit/issues/detail?id=12769); |
| Fix synopsis in replication start cmd documentation |
| |
| `--url` is usable with `--all` or projects and on its own. |
| Updated the usage to reflect this. |
| |
| * [Issue 12769](https://bugs.chromium.org/p/gerrit/issues/detail?id=12769); |
| Don't wait for pending events to process on startup |
| |
| Previously, on large Gerrit installations with many projects and/or many |
| replication destinations, the replication plugin could take very long |
| periods of time to startup. This was particularly a problem if the |
| pending (persisted) event count was large as they all were rescheduled |
| before the plugin finished initializing. Change this behavior so that |
| startup merely begins the process of scheduling the pending events, but |
| does not wait for them to complete. |
| |
| * [Issue 13480](https://bugs.chromium.org/p/gerrit/issues/detail?id=13480); |
| Don't output directories during task walk |
| |
| ## Polygerrit UI changes |
| |
| * Add comment icon to CR column of the dashboard |
| |
| * Lock scroll for background when reply-dialog open |
| |
| * Fix use of registration dialog instead of overlay |
| |
| * A11y - Add meaningful label for Edit button on change page |
| |
| * Enable download dialog shortcut in diff page |
| |
| * Add title and shortcuts for some links and buttons |
| |
| * Fix titles for buttons |
| |
| * Add help icon to search bar with link to the doc |
| |
| * Fix first and last focusable elements in download and diff pref dialogs |
| |
| * Refine the UX on account chips |
| |
| * Add doc/bug icons to hovercard and change to help-outline icon |
| |
| * Re-use logic for opening up download dialog from 'd' |
| |
| * Update hovercard text to say Your/their turn to take action |
| |
| * Offer an option to hide the file comment button |
| |
| * Update pg-plugin-dev document with polymer 3 examples |
| |
| * Fix broken link/icon to the master build status |
| |
| * Add link icon to messages in change log |
| |
| * A11y - Fix label and navigation for More Actions Button |
| |
| * Disable the 'Send' button when a comment is being edited |
| |
| * Fix the dangling comma after reviewer on dashboard |
| |
| * Fix Shift-A shortcut for hiding the left side of the diff |
| |
| ### UI issues |
| |
| * [Issue 7458](https://bugs.chromium.org/p/gerrit/issues/detail?id=7458); |
| Fix iron-dropdown positioning |
| |
| * [Issue 13080](https://bugs.chromium.org/p/gerrit/issues/detail?id=13080); |
| Fix the position of the hovercard |
| |
| * [Issue 13175](https://bugs.chromium.org/p/gerrit/issues/detail?id=13175); |
| Fix gr-hovercard-behavior under Firefox |
| |
| * [Issue 13328](https://bugs.chromium.org/p/gerrit/issues/detail?id=13328); |
| Redirect GWT links to project dashboard to Polygerit |
| |
| * [Issue 13433](https://bugs.chromium.org/p/gerrit/issues/detail?id=13433); |
| Unlock scroll if hovercard detached |
| |
| * [Issue 13543](https://bugs.chromium.org/p/gerrit/issues/detail?id=13543); |
| Fix navigate back to change page with '[' on first diff. |
| |
| * [Issue 13658](https://bugs.chromium.org/p/gerrit/issues/detail?id=13658); |
| Convert comment counts to comment thread counts around the UI |
| |
| ## Documentation changes |
| |
| * config-reverseproxy.txt: Document X-Forwarded-For header |
| |
| * Document possibility to resume reviews with meetings |
| |
| * Document how to mitigate the issue of broken Eclipse project on MacOS |
| |
| * Clarify documentation about parent project access right |
| |
| * Document [jgit options respected by gerrit gc](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/config-gerrit.html#gc); |
| [receive](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.1/config-gerrit.html#jgit-receive) |
| |
| ## JGit changes |
| |
| * [Issue 13544](https://bugs.chromium.org/p/gerrit/issues/detail?id=13544); |
| Ensure that `GC#deleteOrphans` respects pack lock. |
| |
| If pack or index files are guarded by a pack lock (`.keep` file), |
| `deleteOrphans()` should not touch the respective files protected by the |
| lock file. Otherwise it may interfere with `PackInserter` concurrently |
| inserting a new pack file and its index. |
| |
| * [Issue 13694](https://bugs.chromium.org/p/gerrit/issues/detail?id=13694); |
| Fix the git wire protocol v2 issue on JDK 15 |
| |
| ## Elasticsearch changes |
| |
| * ElasticContainer: Upgrade V6_8 to elasticsearch 6.8.13 |
| |
| * ElasticContainer: Upgrade V7_8 to elasticsearch 7.8.1 |
| |
| * [Issue 12704](https://bugs.chromium.org/p/gerrit/issues/detail?id=12704); |
| Simplify Init for Elasticsearch |
| |
| ## Other dependency changes |
| |
| * Upgrade caffeine to 2.8.5 |
| |
| * Upgrade jackson-core to 2.11.3 |
| |
| * Upgrade metrics-core to 4.1.12.1 |
| |
| * Upgrade soy to 2020-08-24 |
| |
| * [Issue 13474](https://bugs.chromium.org/p/gerrit/issues/detail?id=13474); |
| Upgrade testcontainers to 1.15.0 |
| |
| ## Other core changes |
| |
| * Limit graceful shutdown to SSH sessions serving git requests |
| |
| * NoteDbMigrator: Improve log message when saving ref updates |
| |
| * Explicitly check READ permission when processing a git push |
| |
| * Introduce sshd.gracefulStopTimeout |
| |
| * Fix eclipse project generation |
| |
| * Update instructions for running on Docker |
| |
| * Fix links and file name in emails for patchset-level comments |
| |
| * Add JavaScript style guide |
| |
| ### Core issues |
| |
| * [Issue 11637](https://bugs.chromium.org/p/gerrit/issues/detail?id=11637); |
| Add a process to remove a core plugin |
| |
| * [Issue 11774](https://bugs.chromium.org/p/gerrit/issues/detail?id=11774); |
| Change filtering of messages in experimental ChangeLog |
| |
| * [Issue 12707](https://bugs.chromium.org/p/gerrit/issues/detail?id=12707); |
| Apply diff preferences immediately after clicking save |
| |
| * [Issue 12934](https://bugs.chromium.org/p/gerrit/issues/detail?id=12934); |
| Fix selection on diff with range comments |
| |
| * [Issue 12994](https://bugs.chromium.org/p/gerrit/issues/detail?id=12994); |
| Fix toggle on iOS |
| |
| * [Issue 13014](https://bugs.chromium.org/p/gerrit/issues/detail?id=13014); |
| Clean up disrespectful terms |
| |
| * [Issue 13054](https://bugs.chromium.org/p/gerrit/issues/detail?id=13054); |
| Restore keyboard shortcut for expand all diff context |
| |
| * [Issue 13073](https://bugs.chromium.org/p/gerrit/issues/detail?id=13073); |
| Fix highlight on multi-line range comments |
| |
| * [Issue 13184](https://bugs.chromium.org/p/gerrit/issues/detail?id=13184); |
| Respect log.textLogging and log.jsonLogging using --console-log |
| |
| * [Issue 13266](https://bugs.chromium.org/p/gerrit/issues/detail?id=13266); |
| Allow to use 'Apply fix' several times on the commit message |
| |
| * [Issue 13349](https://bugs.chromium.org/p/gerrit/issues/detail?id=13349); |
| When SSH is disabled, it should also be disabled on replica |
| |
| * [Issue 13350](https://bugs.chromium.org/p/gerrit/issues/detail?id=13350); |
| Decode group id before using it to add [cc-]reviewers |
| |
| * [Issue 13376](https://bugs.chromium.org/p/gerrit/issues/detail?id=13376); |
| Make sure that comment drafts are sorted to the end |
| |
| * [Issue 13464](https://bugs.chromium.org/p/gerrit/issues/detail?id=13464); |
| Use persistent cache provided by libModule for offline reindex |
| |
| * [Issue 13754](https://bugs.chromium.org/p/gerrit/issues/detail?id=13754); |
| Fix NPE with StoredCommentLinkInfoSerializer when enabled is null |
| |
| ## Bugfix releases |
| |
| ### Unreleased changes |
| |
| * Breaking changes |
| |
| * [Issue 15941](https://crbug.com/gerrit/15941) |
| Fix SSH queries to not show commit-message unless --commit-message is provided |
| |
| This issue has existed for several years and should be considered |
| breaking as users might expect commit message to be included by |
| default in SSH query results. |
| |
| Obtaining the commit message is a costly operation as the commit |
| data has to be loaded. So, showing it even when --commit-message |
| is not provided degrades the performance of SSH queries. |
| |
| * Performance Fixes |
| |
| * [Change 338834](https://gerrit-review.googlesource.com/338834) |
| Avoid creating an IdentifiedUser multiple times in a SSH query |
| |
| This improves performance of SSH queries. |
| |
| * [Change 338574](https://gerrit-review.googlesource.com/338574) |
| Cache ProjectControl instances in SSH queries |
| |
| A PerThreadCache is used to cache ProjectControl instances to |
| improve SSH query performance. |
| |
| * [Change 338474](https://gerrit-review.googlesource.com/338474) |
| Allow async receive-commits to have a thread-local cache |
| |
| Improve caching when merging changes through git push |
| |
| * [Change 338154](https://gerrit-review.googlesource.com/338154) |
| Lazy load change notes when submit by push |
| |
| Improves performance of change submit via push |
| |
| * Bug Fixes |
| |
| * [Change 337474](https://gerrit-review.googlesource.com/337474) |
| Use sane value for QueryProcessor's effective limit on "--no-limit" |
| |
| Fix errors seen when --no-limit query option is used with ES index backend |
| |
| ### 3.3.11 |
| |
| * Bug Fixes |
| |
| * [Change 335705](https://gerrit-review.googlesource.com/335705): |
| Fix bazel build on Mac M1 (aarch64) |
| |
| * [Change 334762](https://gerrit-review.googlesource.com/334762): |
| Use original javax.servlet-api instead of tomcat's copy |
| |
| * [Change 334299](https://gerrit-review.googlesource.com/334299): |
| Reject invalid queries with status code 400 on `POST /accounts/<account-identifier>/watched.projects` |
| |
| * [Issue 14109](https://crbug.com/gerrit/14109): |
| Fix NPE with cherry pick REST-API onto an existing change in a different branch |
| |
| * Dependency Updates |
| |
| * Update rules_nodejs version to 5.1.0. |
| |
| ### 3.3.10 |
| |
| * Security Fixes |
| |
| * [Change 333304](https://gerrit-review.googlesource.com/333304): |
| Ignore `--no-limit` query changes option for anonymous users |
| |
| Prevent the use of `no-limit` option with query changes REST API. |
| The option can result in excessive resources usage make Gerrit subject |
| to DoS and DDoS by any remote endpoint without the need to have any |
| Gerrit account or signing in. |
| |
| * Docker Images |
| |
| * [Change 329639](https://gerrit-review.googlesource.com/329639): |
| CentOS 8 AppStream has disappeared: use AlmaLinux 8.5 as replacement for Gerrit image |
| |
| * Bug Fixes |
| |
| * [Issue 14945](https://crbug.com/gerrit/14945): |
| Account cache is not caching the access to the account data refs |
| |
| Account cache in Gerrit v3.3 does not cache the access to the All-Users.git |
| repository because of the refactoring of the cache key, which requires lookup |
| of the All-Users.git refs. Gerrit allows now the refs in-memory caching using |
| the [cached-refs](https://gerrit.googlesource.com/modules/cached-refdb) libModule. |
| |
| * [Issue 14912](https://crbug.com/gerrit/14912): |
| Fix lost watch notifications when attention-set-only is configured |
| |
| * [Issue 15407](https://crbug.com/gerrit/15407): |
| MultiBaseLocalDiskRepositoryManager cannot be overloaded by libModules |
| |
| Allow the replacement of multi-base git repositories through libModules, which |
| wasn't possible before. Allow to use multi-base git repositories with the |
| [multi-site](https://gerrit.googlesource.com/plugins/multi-site/) plugin and the |
| [cached-refs](https://gerrit.googlesource.com/modules/cached-refdb) libModule |
| |
| * [Issue 15500](https://crbug.com/gerrit/15500): |
| Fix java.util.IllegalFormatArgumentIndexException on Java 17 in |
| MergeUtil#mergeWithConflicts |
| |
| * [Issue 15590](https://crbug.com/gerrit/15590): |
| Fix SLF4J binding to Reload4J |
| |
| Use Reload4J-specific binding for SLF4J, fixing the broken MDC |
| since the swap of Log4J with Reload4J done in |
| [Change 328081](https://gerrit-review.googlesource.com/c/gerrit/+/328081). |
| |
| * [Change 330359](https://gerrit-review.googlesource.com/c/gerrit/+/330359): |
| Fix gerrit ls-members --recursive |
| |
| Fix a regression introduced with |
| [Change 134334](https://gerrit-review.googlesource.com/c/gerrit/+/134334) |
| that caused it to ignore the --recursive flag. |
| |
| * Documentation Fixes |
| |
| * [Change 331361](https://gerrit-review.googlesource.com/c/gerrit/+/331361): |
| Fixup old references to Database in documentation |
| |
| * [Change 331360](https://gerrit-review.googlesource.com/c/gerrit/+/331360): |
| Remove leftover receive.changeUpdateThreads references |
| |
| * [Change 290603](https://gerrit-review.googlesource.com/c/gerrit/+/290603): |
| Fix gerrit ls-groups flag `-g` in documentation |
| |
| * Other Fixes |
| |
| * [Issue 15667](https://crbug.com/gerrit/15667): |
| Fix Zuul build with obsolete Python 3.5. |
| |
| * Dependency Updates |
| |
| * Update SLF4J version to 1.7.36. |
| |
| * Replace Log4J with reload4j version 1.2.19. |
| |
| ### 3.3.9 |
| |
| * Security Fixes |
| |
| * [Issue 15481](https://crbug.com/gerrit/15481): |
| Remove support for Elasticsearch versions vulnerable to [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) |
| |
| [Elasticsearch v7.16.2](https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.2.html) |
| includes the fix for the Log4J v2 vulnerability CVE-2021-44228. |
| |
| Remove support in Gerrit for all other vulnerable Elasticsearch versions and keep |
| compatibility with v7.16.2 only. |
| |
| * [Change 325218](https://gerrit-review.googlesource.com/325218): |
| Show the bi-directional Unicode chars as red exclamation marks. |
| |
| Bidirectional Unicode chars can be used to hack code base, as shown |
| in [Trojan Source web-site](https://trojansource.codes/). |
| Gerrit diff-view finds bidirectional unicode and shows them as red |
| exclamation marks. |
| |
| * New Features |
| |
| * [Change 325217](https://gerrit-review.googlesource.com/325217): |
| Soft hyphen are used in localization, show them similarly to tab indicator in diff-view. |
| |
| * Reindexing performance improvements |
| |
| * [Change 325417](https://gerrit-review.googlesource.com/325417): |
| Changes off-line reindex: schedule slices immediately |
| |
| If a site has one huge repository and several small/medium sized repos, |
| then slice creation for the large repo will effectively block other |
| smaller repos from starting to reindex their changes. Schedule slices |
| without waiting for any other slice creation, providing up to 25% |
| performance improvement for large sites. |
| |
| * Bug Fixes |
| |
| * [Change 325299](https://gerrit-review.googlesource.com/325299): |
| Disable cache display stats when initializing new Gerrit sites, as not useful. |
| |
| * Replication Plugin Fixes |
| |
| * [Issue 15315](https://crbug.com/gerrit/15315): |
| Document in the replication plugin that remoteNameStyle might result in a names clashes |
| |
| * [Issue 15318](https://crbug.com/gerrit/15318): |
| Document in the replication plugin that remoteNameStyle is for non-Gerrit remote repos |
| |
| * Gitiles Plugin Fixes |
| |
| * [Issue 15307](https://crbug.com/gerrit/15307): |
| Fix Bazel build on MacOS |
| |
| * [Change 273397](hhttps://gerrit-review.googlesource.com/273397): |
| Load fonts directly from Gerrit instead of 3rd party domains |
| |
| In environments without public Internet access or where tight control |
| of loaded resources is necessary, loading fonts from 3rd party domains |
| might be restricted. Use only the fonts included in the Gerrit war |
| distribution and domain. |
| |
| ### 3.3.8 |
| |
| * Breaking changes |
| |
| * [Change 323855](https://gerrit-review.googlesource.com/323855) [Change 324115](https://gerrit-review.googlesource.com/324115): |
| ProjectCache#evict no longer triggers a reindex. |
| |
| During offline project reindexing evict() was triggering a duplicate reindex |
| on the project when we only wanted to evict the project cache entry. This same |
| issue occurred with the HA plugin and could be/been present in other plugins. |
| |
| If you have relied on a reindex being done on evict() you need to use |
| evictAndReindex() instead. This behavior is now consistent with other evict() |
| methods in Gerrit. |
| |
| * New features |
| |
| * [Change 324095](https://gerrit-review.googlesource.com/324095): |
| Display cache statistics after reindex operation. |
| |
| Help analyzing the cache utilization during reindex command |
| and provide insight into sizing them for optimal performance. |
| |
| * [Change 323786](ttps://gerrit-review.googlesource.com/323786): |
| Allow context-dependent group suggestions in gr-permission. |
| |
| * Reindexing performance improvements |
| |
| * [Change 322935](https://gerrit-review.googlesource.com/322935): |
| Fix buggy Index-Interactive Executor. |
| |
| Fix index.threads when set to a negative value which was not using a |
| direct executor as mentioned in docs. |
| |
| * [Change 323215](https://gerrit-review.googlesource.com/323215) |
| [Change 322296](https://gerrit-review.googlesource.com/322296): |
| Disable auto flushing during offline Lucene indexing. |
| |
| * [Change 322835](https://gerrit-review.googlesource.com/322835): |
| Use thread count specified on offline reindex command line. |
| |
| Honor the "--threads" command line option when provided instead of |
| batchThreads property from `gerrit.config`. |
| |
| * [Change 323396](https://gerrit-review.googlesource.com/323396): |
| Avoid lucene index deletes during offline reindexing. |
| |
| * [Change 324115](https://gerrit-review.googlesource.com/324115): |
| Avoid double indexing work during project reindexing. |
| |
| * Bug Fixes |
| |
| * [Issue 14963](https://crbug.com/gerrit/14963): |
| Fix /access REST APIs returning incorrect rule when group is duplicated for same rule. |
| |
| * [Issue 14097](https://crbug.com/gerrit/14097): |
| Fix GC action not shown in project commands with Gerrit in multi-site configuration. |
| |
| * [Issue 15293](https://crbug.com/gerrit/15293): |
| Fix fetch of group suggestions for projects with a `/` in their name. |
| |
| * [Issue 15251](https://crbug.com/gerrit/15251): |
| Ensure that user without edit permission can't change plugin configuration. |
| |
| * [Change 313561](https://gerrit-review.googlesource.com/313561): |
| Handle null account-ids when sending e-mails. |
| |
| * [Change 307602](https://gerrit-review.googlesource.com/307602): |
| Fix NPE while accessing draft refs. |
| |
| * [Change 307482](https://gerrit-review.googlesource.com/307482): |
| EqualsLabelPredicate: fix bug that prevents matching owner votes. |
| |
| * [Change 323255](https://gerrit-review.googlesource.com/323255): |
| Skip creating slices for projects with no changes during changes off-line reindexing |
| so that empty slices are no longer included in the slice count. |
| |
| ### 3.3.7 |
| |
| * New Features |
| |
| * [Issue 14895](https://bugs.chromium.org/p/gerrit/issues/detail?id=14895): |
| Support author:self and committer:self in change queries |
| |
| It is possible to use `self` for searching own changes (for both author and |
| committer predicates). |
| |
| * [Issue 14930](https://bugs.chromium.org/p/gerrit/issues/detail?id=14930): |
| Include `Command-Status` in the `httpd_log` and the `httpd_log.json` |
| |
| Indicates the overall result of the GIT _command_ over HTTP. |
| |
| Refer to the [docs](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.7/logs.html#_httpd_log) |
| for more details. |
| |
| * Bug Fixes |
| |
| * [Issue 9812](https://crbug.com/gerrit/9812) [Issue 7338](https://crbug.com/gerrit/7338): |
| Merge commit cannot be moved |
| |
| If a merge was targetting branch A, but then it was decided to create |
| a new branch for this merge named B, which starts from A - The merge |
| is still valid for B, and the user has no way to move it without amending |
| and creating a new change. |
| |
| * [Issue 15024](https://crbug.com/gerrit/15024): |
| Gerrit event json formatter produces inconsistent payload for different projects |
| |
| AllProjectsName and AllUsersName were serialised as: {"name":"All-Projects"} and {"name":"All-Users"} |
| while all other projects were serialised as a JSON string. The different JSON |
| payloads were causing issues with the HA configuration using the |
| [high-availability plugin](https://gerrit.googlesource.com/plugins/high-availability). |
| |
| * [Issue 14968](https://crbug.com/gerrit/14968): |
| PluginServletContext does not implement javax.servlet.ServletContext.getVirtualServerName() |
| |
| Remove the noise on error_log of c.g.g.h.p.PluginServletContext does not implement |
| j.s.ServletContext.getVirtualServerName(), when running Gerrit on Tomcat 8.5.69. |
| |
| ### 3.3.6 |
| |
| * Security Fixes |
| |
| * [Issue 14732](https://crbug.com/gerrit/14732): |
| Commits/IncludedIn exposes branch names without respecting the ACLs on branches |
| |
| When calling the REST endpoint for listing all branches that a commit SHA1 |
| is part of, the commit is properly checked for visibility against the ACLs |
| (it is a REST resource) but the branches are not checked. |
| |
| The included-in may expose the list of non-visible branches to a user that |
| has visibility of the SHA1. |
| |
| * [Issue 7282](https://crbug.com/gerrit/7282): |
| Hide repository name and description when user has no access |
| |
| Gitiles did not respect Gerrit's permission and would show the repo name |
| and description to any user who could guess the name. |
| The repositories list as well as the content APIs were not affected. |
| |
| * New Features |
| |
| * Pop up accounts when typing within assignee or attention on the searchbar |
| |
| * Add attention operator for auto-complete on the searchbar |
| |
| * Bug Fixes |
| |
| * [Issue 14726](https://crbug.com/gerrit/14726): |
| Make "conflicts" cache reentrant for preventing deadlocks with concurrent |
| cache loads of change conflicts computation. |
| |
| * [Issue 14785](https://crbug.com/gerrit/14785): |
| Limit returned changes for a triplet without Change-Id |
| |
| Fix a bug where invoking the REST-API /changes/repo~branch~ without |
| mentioning the change-id resulted in the full scan of all changes |
| on a repository/branch causing a high CPU overload and occupying |
| the request threads for a long time. |
| |
| * [Issue 14776](https://crbug.com/gerrit/14776): |
| Prevent removing e-mail associated with OpenID external IDs |
| |
| Gerrit prevents the user from removing the email address |
| associated with their OpenId account. |
| |
| * [Issue 14872](https://crbug.com/gerrit/14872): |
| Disable setting cancelLeftPadding if avatars are not set in the config |
| |
| * [Issue 13745](https://crbug.com/gerrit/13745) |
| [Issue 14173](https://crbug.com/gerrit/14173): |
| Firefox: fix suggested reviewers pop up instantly and not disappearing when out of focus |
| |
| * [Change 312602](https://gerrit-review.googlesource.com/c/gerrit/+/312602): |
| Fix Mariadb status matching for AccountPatchReview |
| |
| Mariadb connector uses SQLException.getSQLState() which returns the ANSI |
| SQLSTATE value, not the MariaDB/mysql error code. |
| Fix the removal of duplicate key detection when an already reviewed file |
| opened up again returned 500 because of the incorrect handling of SQLSTATE |
| value. |
| |
| * [Change 312382](https://gerrit-review.googlesource.com/c/gerrit/+/312382): |
| Fix deleting edits when change is merged |
| |
| Fix the support of deleting a change edit after it has been merged or |
| abandoned. |
| |
| * [Change 313702](https://gerrit-review.googlesource.com/c/gerrit/+/313702): |
| Remove contenteditable="false" from within dragDropArea which caused issues with uploading |
| |
| * Plugins Fixes |
| |
| * [Change 314364](https://gerrit-review.googlesource.com/c/plugins/codemirror-editor/+/314364): |
| codemirror-editor: stop propagation for all keys but exempt the save button |
| |
| This fixes an issue where if using contenteditable (default on mobile) |
| and you typed "/", it would get intercepted within the app. |
| |
| * Dependency Updates |
| |
| * Update CodeMirror to 5.62.2. |
| |
| Fix an issue on mobile where typing causes the keyboard line to go out |
| of sync. |
| |
| ### 3.3.5 |
| |
| * Breaking Changes |
| |
| * Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol) |
| 7.4 and 7.5 is discontinued, as they became EOL earlier this year. |
| |
| * Bug Fixes |
| |
| * [Issue 13955](https://crbug.com/gerrit/13955): |
| Safari 14.1 for Mac OS BigSur 11.3.1: Multi-line code comment broken. |
| |
| * [Issue 14495](https://crbug.com/gerrit/14495): |
| SSH thread leak with authentication exception |
| |
| A show-queue will show tasks in the Batch (or Interactive) queue hanging forever |
| as a consequence of a Git/HTTP thread ended because of an error. |
| |
| * [Issue 14577](https://crbug.com/gerrit/14577): |
| Dedicated mergeable endpoint shouldn't be called if change.mergeabilityComputationBehavior |
| is set to API_REF_UPDATED_AND_CHANGE_REINDEX |
| |
| * [Issue 14600](https://crbug.com/gerrit/14600): |
| Empty registered field on profile settings screen |
| |
| * [Issue 14603](https://crbug.com/gerrit/14603): |
| Attention-set operations count towards change.maxUpdates limit. |
| |
| * [Issue 14613](https://crbug.com/gerrit/14613): |
| Gerrit is killed before the gracefulStopTimeout |
| |
| Avoids gerrit.sh killing the in-flight Git/HTTP just after 30 seconds regardless of |
| the `httpd.gracefulStopTimeout` configuration value. |
| |
| * [Issue 14639](https://crbug.com/gerrit/14639): |
| Searching repositories by name is case-sensitive |
| |
| Restore the correct project search that was case-insensitive in 2.16.27, |
| 3.1.3 and 3.3.2. |
| |
| * [Issue 14645](https://crbug.com/gerrit/14645): |
| Username to lowercase conversion fails with duplicates |
| |
| Duplicated accounts names associated with the same account id was making |
| the conversion to lowercase fail. |
| |
| * [JGit Issue 573791](https://bugs.eclipse.org/bugs/show_bug.cgi?id=573791): |
| Stale file handle raised when loading a collection of notes with a NoteMap over NFS |
| |
| * [Change 307602](https://gerrit-review.googlesource.com/c/gerrit/+/307602): |
| Fix NPE while accessing draft refs |
| |
| * [Change 307482](https://gerrit-review.googlesource.com/c/gerrit/+/307482): |
| EqualsLabelPredicate: fix bug that prevents matching owner votes |
| |
| * Dependency Updates |
| |
| * Update JGit to 24d6d605388c82201092cf1699b51095299380a2. |
| |
| * Update highlightjs version to 10.7.2. |
| |
| ### 3.3.4 |
| |
| * Bug Fixes |
| |
| * [Issue 13721](https://crbug.com/gerrit/13721): |
| Don't serve polygerrit assets for git requests |
| |
| After migration to Polymer UI, PolyGerrit static resources are mounted at |
| the root of the gerrit URL, and would collide with project namespaces, so that |
| the project with these prefixes cannot be served with Git over HTTP protocol. |
| |
| * Fix `EqualsLabelPredicate` to not fail when calling match() from a plugin |
| |
| Calling `match()` on the `EqualsLabelPredicate` returned from |
| `ChangeQueryBuilder.parse()` in a plugin fails when in the context of an |
| HTTP query. |
| |
| * Fix registration redirect on OpenID |
| |
| * Log when a new SSH connection is rejected due to exceeded limit |
| |
| When the `sshd.maxConnectionsPerUser` got exceeded for a user, new |
| connections from that user were rejected but no log entry was reported. |
| |
| * [Issue 14127](https://crbug.com/gerrit/14127): |
| Fix binding of DELETE REST calls from plugins. |
| |
| The processing of the DELETE request actually never reached the |
| delete-project plugin due to bug in the RestApiServlet which wrongly |
| delegated the request to a child collection in Gerrit core. |
| |
| * [Issue 13140](https://crbug.com/gerrit/13140): |
| OpenID: Remove support for Yahoo! OpenID provider. |
| |
| Yahoo! discontinued support for OpenID provider: |
| "OpenID2 will be EOLed on 6/30/20" |
| |
| * [Issue 14246](https://crbug.com/gerrit/14246): |
| Creation of internal account does not respect `auth.userNameToLowerCase`. |
| |
| The CreateAccount SSH command and REST API was able to create accounts |
| with usernames that contained uppercase letters even if |
| `auth.userNameToLowerCase` was set to true. |
| |
| * [Issue 14490](https://crbug.com/gerrit/14490): |
| Missing LDAP metrics for authentication. |
| |
| Expose the LDAP metrics in terms of latency and call rates so that any |
| problem can be highlighted early on and potentially alerted to the Gerrit |
| admin. |
| |
| * [Issue 14497](https://crbug.com/gerrit/14497): |
| Git/HTTP traffic overloads LDAP with duplicate authentication requests. |
| |
| When authenticating incoming Git calls over HTTP the BasicAuth filter was |
| called 3 times per call triggering multiple authentications against the |
| backend. |
| |
| * [Issue 14508](https://crbug.com/gerrit/14508): |
| Allow GerritAccount Cookie authentication for Git/HTTP. |
| |
| Allow to create a Gerrit session from the GerritAccount cookie set on the |
| Git client, so that only the first HTTP call will actually authenticate |
| and create a session whilst all the others would just reuse the existing |
| cookie. |
| |
| * [Issue 14553](https://crbug.com/gerrit/14553): |
| Gerrit REST-API fails when using /a/ prefix and cookies |
| |
| Recent fix to support GerritAccount Cookie authentication for Git/HTTP |
| broke existing Python (or other) scripting when performing automation with |
| Gerrit REST-API. That is due to the generation of the GerritAccount cookie |
| in the HTTP response, which Python automatically manages to reuse in |
| subsequent calls. |
| |
| * [Issue 11142](https://crbug.com/gerrit/11142): |
| ssh to gerrit with no args requires standard input to terminate. |
| |
| * [JGit Issue 552173](https://bugs.eclipse.org/bugs/show_bug.cgi?id=552173) |
| Too many open files when fetching repos with lots of refs |
| |
| JGit update fixes "Too many open files" errors. |
| |
| * Dependency Updates |
| |
| * Update JGit to 73f8acdc5c97e068143c86765995c4fb6923ee91. |
| |
| ### 3.3.3 |
| |
| * New Features |
| |
| * [Issue 12970](https://bugs.chromium.org/p/gerrit/issues/detail?id=12970): |
| Support of patterns to filter input on Browse -> Repositories page (e.g.`a/*/b`) |
| |
| * [Issue 14004](https://bugs.chromium.org/p/gerrit/issues/detail?id=14004): |
| Introduce [`gerrit.installBatchModule`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.3.3/config-gerrit.html#gerrit.installBatchModule) |
| in `gerrit.config` to be used during Gerrit init step. |
| |
| * [Issue 14091](https://bugs.chromium.org/p/gerrit/issues/detail?id=14091): |
| Support the highlighting of LaTeX files with .tex extension. |
| |
| * Breaking Changes |
| |
| * Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol) |
| 7.2 and 7.3 is discontinued. Both elasticsearch versions became EOL recently. |
| |
| * [Issue 13931](https://bugs.chromium.org/p/gerrit/issues/detail?id=13931): |
| Disallow editing the Change-Id during inline edits. |
| |
| * Bug Fixes |
| |
| * [Issue 12443](https://bugs.chromium.org/p/gerrit/issues/detail?id=12443): |
| Stop generating continuous "logging context is not empty" in error_log. |
| |
| * [Issue 12847](https://bugs.chromium.org/p/gerrit/issues/detail?id=12847) |
| [Issue 12862](https://bugs.chromium.org/p/gerrit/issues/detail?id=12862): |
| Fix NPE on trying to send email for user without email address. |
| |
| * [Issue 13899](https://bugs.chromium.org/p/gerrit/issues/detail?id=13899): |
| Shows reviewers column in the user's open changes dashboard. |
| |
| * [Issue 14097](https://bugs.chromium.org/p/gerrit/issues/detail?id=14097): |
| Allow enabling of Git GC button for non-local Git repository managers, such |
| as multi-site repositories. |
| |
| * [Issue 14117](https://bugs.chromium.org/p/gerrit/issues/detail?id=14117): |
| Do not suggest service users as reviewers on changes. |
| |
| * [Issue 14118](https://bugs.chromium.org/p/gerrit/issues/detail?id=14118): |
| Quota management: enforce repository size on pack rather than on object. |
| |
| * [Issue 14193](https://bugs.chromium.org/p/gerrit/issues/detail?id=14193): |
| Ensure InternalUser can parse groups. |
| |
| * PolyGerrit Fixes |
| |
| * [Issue 14035](https://bugs.chromium.org/p/gerrit/issues/detail?id=14035): |
| Change --gr-formatted-text-prose-max-width from 80ch to 120ch. |
| |
| * [Issue 14036](https://bugs.chromium.org/p/gerrit/issues/detail?id=14036): |
| Fix multiline range commenting in Firefox. |
| |
| * [Issue 14104](https://bugs.chromium.org/p/gerrit/issues/detail?id=14104): |
| Decorate the number line element of a blank side, otherwise it won't be affected |
| by the "hide-left" action to hide one side of the diff. |
| |
| * [Issue 14127](https://bugs.chromium.org/p/gerrit/issues/detail?id=14127): |
| Fix binding of DELETE REST calls from plugins which impacted the ability the delete |
| projects using the delete-project plugin. |
| |
| * [Issue 14257](https://bugs.chromium.org/p/gerrit/issues/detail?id=14257): |
| Fix empty TopMenu drop down list. |
| |
| * Documentation updates |
| |
| * Align the recommended buildifier version to v4.0, the same used in the CI. |
| |
| * Development guidelines: mention that Optional in arguments is discouraged |
| (use @Nullable instead) but may be used as return type. |
| |
| * New configuration setting [`suggest.skipServiceUsers`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.3/config-gerrit.html#suggest.skipServiceUsers) |
| for preventing the suggestion of service users as reviewers. |
| |
| * New configuration setting [`gerrit.installBatchModule`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.3.3/config-gerrit.html#gerrit.installBatchModule) |
| for adding additional Guice modules to Gerrit init command. |
| |
| * Remove the now obsolete section about Java configuration for Strong Cryptography. |
| |
| * Dependency Updates |
| |
| * Update highlight.js to 10.6.0. |
| |
| ### 3.3.2 |
| |
| * New Features |
| |
| * Add change query option allowing administrators to skip visibility filtering. |
| |
| Add a new REST-API change query option "skip-visibility" to allow administrators |
| to skip visibility filtering. |
| |
| * Security Fixes |
| |
| * [Issue 13858](https://bugs.chromium.org/p/gerrit/issues/detail?id=13858) |
| [CVE-2021-22553](https://nvd.nist.gov/vuln/detail/CVE-2021-22553): |
| Fixed memory leak in Git-over-HTTP requests. |
| |
| Unauthenticated users could exploit this problem in a Denial of Service attack, |
| causing the server to go out-of-memory. |
| |
| * PolyGerrit Fixes |
| |
| * [Issue 11811](https://bugs.chromium.org/p/gerrit/issues/detail?id=11811): |
| Fix comments on partial text selection on Safari. |
| |
| * [Issue 13870](https://bugs.chromium.org/p/gerrit/issues/detail?id=13870): |
| Polygerrit: Remove license headers in minified gr-app.js. |
| |
| * Replication plugin fixes |
| |
| * Don't check read permission when authgroup isn't set. |
| |
| Do not check for read permission when authGroup is not set since |
| the user is a RemoteSiteUser that is-an InternalUser having |
| read access to everything. This fixes a regression introduced in v3.1.10 |
| that prevented the All-Users.git repository to be fully replicated to |
| Gerrit replicas. |
| |
| * Bug Fixes |
| |
| * [Issue 13803](https://bugs.chromium.org/p/gerrit/issues/detail?id=13803): |
| Limit number of ambiguous accounts in error message. |
| |
| Don't list more than 3 ambiguous accounts in error message of |
| UnresolvableAccountException in order to prevent flooding the log and |
| displaying a lot of sensitive account data in an error dialog. |
| |
| * [Issue 13936](https://bugs.chromium.org/p/gerrit/issues/detail?id=13936): |
| Fix badly formatted error message shown in error dialog. |
| |
| * [Issue 13884](https://bugs.chromium.org/p/gerrit/issues/detail?id=13884): |
| Fix 'is:submittable' query on multiple submit records. |
| |
| * Dependency Updates |
| |
| * Update highlight.js to 10.5.0. |
| |
| * Update codemirror-minified to 5.59.1. |
| |
| * Update Jetty to 9.4.35.v20201120. |
| |
| * Downgrade soy-template to 2019-10-08. |
| |
| ### 3.3.1 |
| |
| * Breaking changes |
| |
| * Elasticsearch: support for [EOL version](https://www.elastic.co/support/eol) |
| 6.8 is discontinued. This was the last supported minor version of |
| Elasticsearch 6 in Gerrit. From this release, Gerrit no longer supports V6 |
| but only the already supported versions 7.x of Elasticsearch. |
| |
| * Speaking of which, support for 7.0 and 7.1 is discontinued too, as both |
| elasticsearch versions also became [EOL](https://www.elastic.co/support/eol) |
| recently. |
| |
| * Security Fixes |
| |
| * [Issue 12629](https://bugs.chromium.org/p/gerrit/issues/detail?id=12629): |
| Verify hostname when sending emails via SMTP server with SMTPSClient. |
| |
| The SMTP server's certificate and hostname must be verified if |
| encryption is enabled with SSL verification in the host settings |
| (`sendemail.smtpEncryption` and `sendemail.sslVerify`). |
| |
| * PolyGerrit Fixes |
| |
| * Remove requesting DETAILED_LABELS for the dashboard. |
| |
| * [Issue 13785](https://bugs.chromium.org/p/gerrit/issues/detail?id=13785) |
| Add z-index to gr-main-header to avoid the box shadows being hidden behind the content. |
| |
| * Bug Fixes |
| |
| * [Issue 13544](https://bugs.chromium.org/p/gerrit/issues/detail?id=13544) |
| Ensure that GC#deleteOrphans respects pack lock: |
| |
| If pack or index files are guarded by a pack lock (.keep file) |
| deleteOrphans() should not touch the respective files protected by the |
| lock file. |
| |
| * [Issue 13775](https://bugs.chromium.org/p/gerrit/issues/detail?id=13775) |
| Honor `toogleWipState` permission for `%ready` `%wip` push options: |
| |
| * [Issue 13781](https://bugs.chromium.org/p/gerrit/issues/detail?id=13781) |
| Compact the REST-API output JSON unconditionally: |
| |
| The output JSON was initially compacted only when |
| the Accept header was set to `application/json`: the compaction is now |
| done unconditionally, unless the `pp=1` query parameter is specified. |
| |
| * [Issue 13786](https://bugs.chromium.org/p/gerrit/issues/detail?id=13786) |
| ForRef#check should permit internal users to read all refs: |
| |
| [Make `PermissionBackend#ForRef` authoritative change](https://gerrit-review.googlesource.com/c/gerrit/+/288925) |
| introduced a regression where gerrit `internal users` (e.g. plugins) were |
| not taken into consideration when checking READ permission. As consequence |
| the `All-Users.git` repository did not get any of the user's refs replicated |
| to the slaves. After the upgrade it is required to trigger a forced replication |
| of the `All-Users.git` repository manually. |
| |
| * Avoid logging ssh exception for __stream is already closed__ when length=0 |
| if present in the stacktrace. |
| |
| * Adapt Bazel/RBE build to produce Java 11 language level. |
| |
| * Make UI experiments configurable from gerrit.config. |
| |
| Allows users who upgrade Gerrit to make use of experimental features or |
| temporarily revert to previous behavior in case the new behavior breaks them |
| (e.g. turn off patch-set-level comments in 3.3 which breaks some CI workflows). |
| |
| * [Issue 13800](https://bugs.chromium.org/p/gerrit/issues/detail?id=13800) |
| Expose patch set level comment in stream event. |
| |
| * Documentation Updates |
| |
| * Clarify that 'm' push option sets patch set description. |
| |
| * Clarify that disk cache metrics require `cache.enableDiskStatMetrics`. |
| |
| * Dependency Updates |
| |
| * Upgrade commons-io to 2.4. |
| |
| * Upgrade testcontainers to 1.15.1. |