pages/site/releases/3.9.md

---
title: "Gerrit 3.9.x"
permalink: 3.9.html
hide_sidebar: true
hide_navtoggle: true
toc: true
---

Download: **[3.9.4](https://gerrit-releases.storage.googleapis.com/gerrit-3.9.4.war)**
| [3.9.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.9.2.war)
| [3.9.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.9.1.war)

Documentation: **[3.9.4](http://gerrit-documentation.storage.googleapis.com/Documentation/3.9.4/index.html)**
| [3.9.2](http://gerrit-documentation.storage.googleapis.com/Documentation/3.9.2/index.html)
| [3.9.1](http://gerrit-documentation.storage.googleapis.com/Documentation/3.9.1/index.html)

## Release highlights

### Java 17

The language level used for Gerrit source code stays on Java 11, however, Gerrit
is built and distributed for Java 17, which is the recommended JVM version for
running it in production.

### New stream events

**batch-refupdate**

Gerrit notifies all the refs of a single batch-refupdate as a single stream
event JSON payload [Issue 40015567](https://crbug.com/gerrit/40015567). The new
`batch-ref-updated` event is controlled by configuration and can be switched off
for backward compatibility with legacy CI/CD systems.

**ref-update** for draft-comments

Gerrit generates the ref-update event for all the additions and removals of
draft comments in the `All-Users`
project ([Change 382819](https://gerrit-review.googlesource.com/382819)). This
is needed for replicating the
`All-Users` project across sites, thanks to the replication plugins being
notified of the updates.

Due to the nature of drafts, on busy installations the amount of `ref-updated`
events created on draft operations could be high, possibly having an impact on
performance.

For this reason this is disabled by default, you can enable it by
configuring `event.stream-events.enableDraftCommentEvents=true`
in `gerrit.config` [Change 385714](https://gerrit-review.googlesource.com/385714)

### New limits

There are new limit definitions which can be used to protect Gerrit from
improper client activity.

- `change.topicLimit`: defines the maximum number of changes in the same
  topic ([Change 381055](https://gerrit-review.googlesource.com/381055).

- `change.maxFileSizeDownload`: prevents memory overload caused by clients
  downloading large files from
  REST-API ([Change 381595](https://gerrit-review.googlesource.com/381595)).

- `change.maxFileSizeDiff`: prevents memory overload caused by rendering large
  files diffs in a browser.

### New diff3 view

A new `change.diff3ConflictView` option allows to enable a richer diff3
rendering of changes with conflict
markers ([Change 382894](https://gerrit-review.googlesource.com/382894)).

### Attention-set improvements

Gerrit can return changes to the original attention set assignment if any of the
new assignees do not provide feedback within a specific
time ([Issue 40015204](https://crbug.com/gerrit/40015204)). The behaviour is
controlled by two new settings, `attentionSet.readdAfter`
and `attentionSet.readdMessage`.

### Indexing improvements

Allow to limit the queries that do not specify a default limit and also can now
reindex changes with an asynchronous process when a change is updated from the
UI, controlled by the `index.indexChangesAsync`.

The new option yields a much more responsive user-experience by releasing UI
elements without waiting for the backend reindex execution to complete.

### Account deletion

Users can now delete their own account, making it possible to be forgotten by
the Gerrit Code Review platform. Please note that existing commits in the
projects will stay and the account's e-mail stored in Git commits will be
preserved beyond account deletion.

### User Suggested Edits

[User Suggested Edits](http://gerrit-documentation.storage.googleapis.com/Documentation/3.9.1/user-suggest-edits.html)
are an easy and fast way for reviewers to suggest code changes that can be
easily applied by the change owner. They were introduced in `3.7.2` as an
experimental feature, disabled by default. With Gerrit `3.9`, this feature
is no longer experimental and _User Suggested Edits_ are now enabled by default.

### Plugin development

#### Custom key/value pairs stored in NoteDb

Plugins may store additional string key/value pairs to change notes in NoteDb.

[Change 372694](https://gerrit-review.googlesource.com/372694) Added APIs to
set/get custom keyed-value change metadata

#### Cross-plugin communication and dependency

Plugins can communicate and declare dependencies to other plugins thanks to the
introduction of
[`Gerrit-ApiModule`](https://gerrit-documentation.storage.googleapis.com/Documentation/3.9.0/dev-plugins.html#_cross_plugin_communication)
Guice modules in plugin
manifest ([Issue 292114807](https://crbug.com/gerrit/292114807)).

#### Lookup changes by change number

[Change 394440](https://gerrit-review.googlesource.com/394440) flagged the API Changes.id(int) as deprecated
to prevent using it from plugins and fail to locate changes imported from Gerrit servers with a different server-id.

## Important notes

### Upgrade from Gerrit v3.9.0 (defective release)

The release of Gerrit v3.9.0 has been impacted by the bad merge of
[Change 394445](https://gerrit-review.googlesource.com/c/gerrit/+/394445)
due to the ["implicit merge on moved changes issue"](https://issues.gerritcodereview.com/issues/40009784)
that has pulled 64 unwanted commits from the master branch.
As a consequence, the version has been declared defective and withdrawn.

The upgrade from 3.9.0 to the following 3.9.\* patch-releases needs to
follow the instructions of the _"Offline upgrade"_ because it contains an
incompatible Lucene Engine that won't be able to read the legacy index data.

### Schema and index changes

This release doesn't contain schema changes.

The `accounts` index version has been increased to version _13_.
The `changes` index version has been increased to version _84_.
The `groups` index version has been increased to version _10_.
The `projects` index version has been increased to version _8_.

### Online index schema upgrade from 3.7/3.8

By default, if you're upgrading from 3.7/3.8, the index is automatically rebuilt
upon Gerrit startup after the upgrade.

If you're upgrading from 3.6 or an earlier version, you must use the Offline
upgrade steps below.

### Offline upgrade

1. Download the new gerrit.war
2. Stop Gerrit
3. Ensure all installed plugins are compatible with the new API
4. Run init

```sh
  java -jar gerrit.war init -d site_path --batch
```

5. Reindex

* If you are upgrading from a 3.7/3.8 versions you don't need to run reindex (see
  `Online index schema upgrade from 3.7/3.8` above). If you still want to you will
  need to run reindex:

    ```sh
    java -jar gerrit.war reindex -d site_path
    ```

* If you are upgrading from a 3.6 or an earlier version, you must run a
  reindex of all indexes:

   ```sh
   java -jar gerrit.war reindex -d site_path
   ```

See
the [reindex](https://gerrit-documentation.storage.googleapis.com/Documentation/3.9.0/pgm-reindex.html)
program for other options.

6. Start Gerrit

### Online upgrade with zero-downtime

Gerrit v3.9.x supports zero-downtime upgrade from Gerrit v3.7 or later when
configured using
a [high-availability configuration](https://gerrit.googlesource.com/plugins/high-availability/+/refs/heads/master/README.md)
, and the Git repositories are stored in a shared filesystem such as NFS or
similar.

During the zero-downtime upgrade, Gerrit end-users would not notice any outage
or service disruption. They will be able to perform any read/write Gerrit
operation on the GUI or using any API.

The zero-downtime upgrade consists of the following steps:

1. Have Gerrit servers running v3.7 or later, in high-availability
   configuration, healthy and able to handle the incoming traffic properly.
2. Set `gerrit.experimentalRollingUpgrade` to `true` in `gerrit.config` on both
   Gerrit primaries.
3. Set one of the Gerrit servers to unhealthy.
4. Shutdown the Gerrit server, update gerrit.war and plugins to v3.9.x and start
   Gerrit again.
5. Verify that the Gerrit server is working properly (e.g. run automated smoke
   tests) and then make it healthy again.
6. Wait for the Gerrit server to start serving traffic normally.
7. Repeat steps 3. to 6. for all the other Gerrit servers.
8. Remove `gerrit.experimentalRollingUpgrade` from `gerrit.config` on both
   Gerrit primaries.

### Downgrade

Downgrade to any Gerrit v3.7/v3.8 release is possible, but requires the following
manual steps:

1. Shutdown all migrated Gerrit servers
2. Update the gerrit.war and plugins to the previous v3.7/v3.8 version
3. Run offline change reindexing using the previous gerrit.war version

```sh
  java -jar gerrit.war init -d site_path --batch
  java -jar gerrit.war reindex -d site_path
```

4. Startup Gerrit server

### Native packaging

### Breaking changes

* [Change 369234](https://gerrit-review.googlesource.com/369234)
Return 400 BAD_REQUEST when a reviewer cannot be added by email

  When trying to add a user that cannot be added as a reviewer on a change, the
  API was returning a 200 Status Code with an error message.

* [Change 379475](https://gerrit-review.googlesource.com/379475)
  Don't call Java gc explicitly, remove --gc option from show-caches ssh command
  and REST API /config/server/summary

* [Change 378638](https://gerrit-review.googlesource.com/378638)
Remove `change.stars` field from `ChangeInfo`

  Remove the `stars` field from the `ChangeInfo` response. You should check
  whether you were relying on this field when using any REST endpoint returning
  `ChangeInfo`.

* [Change 373780](https://gerrit-review.googlesource.com/373780)
  removed all `performance/operations/*` metrics because of the performance
  issues introduced ([details](https://crbug.com/gerrit/40014513))

* [Change 371198](https://gerrit-review.googlesource.com/371198)
Add option to populate 'starred' field for change queries

  `star` option can must now be provided to include the `starred` field in
  `ChangeInfo`, which indicates if the change is starred by the current user or
  not.

* [Change 387435](https://gerrit-review.googlesource.com/387435)
`refreshAfterWrite` and `maxAge` settings in gerrit config are now honored for
  both persistent and in-memory caches.

  Previously these settings were erroneously ignored for persistent caches. If
  you rely on them for persistent caches you should be aware they will be
  honoured now.

* [Change 379154](https://gerrit-review.googlesource.com/379154)
New patch sets will prefer the previous patch set's committer email

  If one of the user's secondary emails was used as the committer email in
  previous patchset, continue using it instead of preferred email.

* [Change 390986](https://gerrit-review.googlesource.com/390986)
Update `mockito` to `5.6.0` and `bytebuddy` to `1.14.9`

  Mockito framework was upgraded from `3.3.3` to `5.6.0`, hence if you have some
  custom plugins your test code might require some minor refactoring. Please
  refer to the mockito [documentation](https://javadoc.io/doc/org.mockito/mockito-core/5.6.0/org/mockito/Mockito.html)
  and the [release notes](https://github.com/mockito/mockito/compare/v3.3.3...v5.6.0)

### Other changes

* [Change 394435](https://gerrit-review.googlesource.com/c/gerrit/+/394435):
Support listing of patch-set files also for imported changes from other Gerrit server-ids

* [Change 377699](https://gerrit-review.googlesource.com/c/gerrit/+/377699):
Allow generating safe local-only documentation, without reference to external fonts in CSS

* [Change 394654](https://gerrit-review.googlesource.com/394654):
Fix documentation attributes bug

* [Change 392517](https://gerrit-review.googlesource.com/392517):
Added 'm' alias for the 'message' operator

* [Change 392515](https://gerrit-review.googlesource.com/392515)
Groups Audit Log API - Gerrit now parses all commits in refs/groups/... branch

* [Change 392514](https://gerrit-review.googlesource.com/392514)
Support tracing requests that match a header

  Gerrit supports tracing requests that match a configured trace configuration.
  With this change we add a new parameter to the tracing configuration that
  allows matching requests by a header. E.g. this allows matching requests that
  are sent with a certain user agent (e.g. headerPattern = User-Agent=foo-.\*).

* [Change 392518](https://gerrit-review.googlesource.com/392518)
Change `.scl` files to be highlighted as python

* [Change 392175](https://gerrit-review.googlesource.com/392175)
  Reviewer's votes are not restored back after the reviewer is deleted and added
  back

  When a reviewer votes for the patchset and then the reviewer is removed,
  Gerrit removes votes from this reviewer too. However if the reviewer is added
  back (to the same patchset) previous votes are restored back.

  This change ensures that after a reviewer is deleted, all votes from this
  reviewer are permanently removed.

* [Change 390897](https://gerrit-review.googlesource.com/390897)
Option to skip projects during change reindexing

  Introduce `index.excludeProjectFromChangeReindex`: A list of projects that
  will be excluded from reindexing. This can be used to exclude projects which
  are expensive to reindex to prioritize the other projects.

* [Change 390895](https://gerrit-review.googlesource.com/390895)
The revert UI now defaults to Revert^2 instead of "Revert "Revert "..."

* [Change 390614](https://gerrit-review.googlesource.com/390614)
Users can now upload changes to group refs except changes to group files

* [Change 389115](https://gerrit-review.googlesource.com/389115)
Improved error message when change cannot be submitted due to a missing
  dependency

* [Change 388914](https://gerrit-review.googlesource.com/388914)
Changing preferred email does not result in duplicate email

* [Change 368335](https://gerrit-review.googlesource.com/368335)
Rebase can be performed with a secondary email using REST API

* [Change 388336](https://gerrit-review.googlesource.com/388336)
Added 'description', 'd' aliases for the 'message' operator

* [Change 388554](https://gerrit-review.googlesource.com/388554)
`committer_email` field is removed from topic cherry-pick payload

* [Change 392534](https://gerrit-review.googlesource.com/392534)
Return approver/rejector for a label if DETAILED_LABELS is passed

* [Change 388054](https://gerrit-review.googlesource.com/388054)
Eliminated startup warning for plugins whose SshModule only provides Ssh*
  CommandInterceptors

* [Change 387217](https://gerrit-review.googlesource.com/387217)
Fixed case where an exception in change visibility checking could break
  visibility of all refs in that repo

* [Change 377154](https://gerrit-review.googlesource.com/377154)
REST API supports cherry-pick using a registered secondary email

* [Change 387055](https://gerrit-review.googlesource.com/387055)
SSH set-topic cmd is fixed to consider edit topic permission

* [Change 387103](https://gerrit-review.googlesource.com/387103)
Avoid NullPointerException when deleting a single ref

* [Change 387216](https://gerrit-review.googlesource.com/387216)
Fixed potential OOM due to SubmitRuleEvaluator creating new metrics whenever
  an instance was created

* [Change 387017](https://gerrit-review.googlesource.com/387017)
Fix NPE when `auth.httpDisplaynameHeader` is configured but header is unset

* [Change 387054](https://gerrit-review.googlesource.com/387054)
`force topic edit`'` permission is fixed to work with change owner rule

* [Change 386976](https://gerrit-review.googlesource.com/386976)
Fixed potential OOM due to \*QueryProcessor classes creating new metrics
  whenever an instance was provided

* [Change 386974](https://gerrit-review.googlesource.com/386974)
SSH command `set-reviewers` now handles lock failures with retries

* [Change 386994](https://gerrit-review.googlesource.com/386994)
Fixed InactiveAccountDisconnector NPE due to race condition

* [Change 386777](https://gerrit-review.googlesource.com/386777)
Allow modules to provide different logic for the HTTP canonicalWebUrl

  This is useful to allow adding some logic to the way the canonical Web URL is
  computed. A use-case for this need is the `virtualhost` module, where the
  canonical Web URL is replaced by a virtual host name instead [Change 386616](https://gerrit-review.googlesource.com/c/modules/virtualhost/+/386616)

* [Change 383334](https://gerrit-review.googlesource.com/383334)
Allow to set instance ID from java system property

* [Change 385556](https://gerrit-review.googlesource.com/385556)
Allow pagination using continuation token for 'list branches'

* [Issue 295457464](https://crbug.com/gerrit/295457464)
SSH queries now show copied approvals on respective patch-sets

* [Change 383955](https://gerrit-review.googlesource.com/383955)
Allow SubmitRequirement errors to be HTTP 500 errors

* [Change 384096](https://gerrit-review.googlesource.com/384096)
Exposed default branch in GerritInfo

* [Issue 296889346](https://crbug.com/gerrit/296889346)
Added placeholder text for "Default Branch" field in the create repo wizard

* [Change 383034](https://gerrit-review.googlesource.com/383034)
List/Query projects: Set flag in last returned project when result is limited

  If the number of projects matching a query exceeds either the internal limit
  or a supplied `limit` query parameter, the last project object has a
  `_more_projects: true` JSON field set now.

* [Change 382557](https://gerrit-review.googlesource.com/382557)
Added support for searching projects by substring

  The new `substring:SUBSTRING` predicate matches projects that have a name that
  contains `SUBSTRING` (case-insensitive).

* [Change 382295](https://gerrit-review.googlesource.com/382295)
Added support for querying projects by prefix.

  the new `prefix:PREFIX` predicate matches projects that have a name that
  starts with `PREFIX`.

* [Change 381915](https://gerrit-review.googlesource.com/381915)
Added support for matching all project by an empty project query

* [Change 382258](https://gerrit-review.googlesource.com/382258)
Fixed setting parent field in project index for direct children of
  All-Projects

* [Change 381594](https://gerrit-review.googlesource.com/381594)
Added `response_format_options` param to `/review` API

  Allow specifying a list of formatting options to the
  the `/changes/{change-id}/revisions/{revision-id}/review` endpoint.

  If `response_format_options` was provided, the response payload will contain a
  new `change_info` field showing post-update change information formatted
  by `response_format_options`.

* [Change 380914](https://gerrit-review.googlesource.com/380914)
Fixed NPE when submitting changes

* [Change 380916](https://gerrit-review.googlesource.com/380916)
Fixed ThreadMXBeanSun to only report allocated bytes when supported by the JVM

* [Change 379054](https://gerrit-review.googlesource.com/379054)
Fixed create merge patch-set API to use identity of caller as committer

* [Change 380314](https://gerrit-review.googlesource.com/380314)
Named queries are now supported on group refs

  You can now use `group` with the `query` predicate: `query:group="GROUP"`

* [Change 379714](https://gerrit-review.googlesource.com/379714)
Named destinations are now supported on group refs

  You can now use `group` with the `destination`
  predicate: `destination:group="GROUP"`

* [Change 379513](https://gerrit-review.googlesource.com/379513)
  Add `CustomKeyedValues` field to change index, requires schema upgrade

* [Change 378999](https://gerrit-review.googlesource.com/37899)
Fail 'Get Diff' requests for file sizes that exceed 50Mb

* [Change 378899](https://gerrit-review.googlesource.com/378899)
ApplyPatch: Do not fail with 500 ISE if no patch is provided

* [Change 378535](https://gerrit-review.googlesource.com/378535)
Added config option that allows to disable change ID link footers

  Introduce the `receive.enableChangeIdLinkFooters` configuration to enables a
  `Link` footer to be used as an alternative `Change-Id` footer.

* [Change 376877](https://gerrit-review.googlesource.com/376877)
Add a new `parents_data` field in `RevisionInfo`

  The new field is a list of ParentInfo entities and provides more information
  about the parent commit of the patch-set.

* [Change 377174](https://gerrit-review.googlesource.com/377174)
Add `branch` as a new field in `RevisionInfo`

  The name of the target branch that this revision is set to be merged into.

* [Change 375155](https://gerrit-review.googlesource.com/375155)
Fix GetRelated if multiple changes for the same commit exist

* [Change 356465](https://gerrit-review.googlesource.com/356465)
Add API method for deleting self account

* [Change 374995](https://gerrit-review.googlesource.com/374995)
  Adding GET and POST requests for custom_keyed_values

* [Change 374695](https://gerrit-review.googlesource.com/374695)
Add verbose version output

  provide noteDb and index versions, in addition to the Gerrit version

* [Change 373997](https://gerrit-review.googlesource.com/373997)
Return 500 when a request is canceled due to an exceeded server deadline

* [Change 373854](https://gerrit-review.googlesource.com/373854)
The commit-msg hook now detects existing `Link` trailers.

  An additional `$` was making detection of Link trailers to fail, causing Link
  trailers to repeatedly be added when amending a commit.

* [Change 370194](https://gerrit-review.googlesource.com/370194)
Add merge strategy to rebase REST API

  The strategy of the merge, can be `recursive`, `resolve`,
  `simple-two-way-in-core`, `ours` or `theirs`, default will use project
  settings.

* [Change 362774](https://gerrit-review.googlesource.com/362774)
Adds a new footer for changes for key-value storage.

  These can be used to store metadata on a change. The format on the
  change-message is for a given `<key>` `<value>`
  is: `Custom-Values: <key>=<value>`

* [Change 366776](https://gerrit-review.googlesource.com/366776)
Provide change number to patch set link plugins

## Test framework changes

* [Change 392474](https://gerrit-review.googlesource.com/392474)
Add session support in FakeHttpServletRequest for tests

* [Change 392454](https://gerrit-review.googlesource.com/392454)
Include HTTP testutil package in the Gerrit acceptance framework

* [Change 392455](https://gerrit-review.googlesource.com/392455)
Fix FakeHttpServletRequest getRequestURI() returning query string

* [Change 385115](https://gerrit-review.googlesource.com/385115)
Fixed updating and publishing draft comment on old patch set

## Plugin changes

## Performance changes

* [Issue 309849905](https://crbug.com/gerrit/309849905):
Account external IDs are updated in a single commit

* [Change 390919](https://gerrit-review.googlesource.com/390919)
Skip already reindexed changes during reindexing

  During online reindexing after an upgrade, all changes were reindexed, even if
  they were already present in the new index. If the Gerrit instance was
  restarted before the index was ready, this caused a lot of repeated indexing.

  Now, changes that are already present in the newest index version won't be
  reindexed anymore. However, they will still be checked for staleness and
  reindexed if necessary.

* [Change 376094](https://gerrit-review.googlesource.com/376094)
Add cache to speedup ref advertisements (particularly on replicas) and
  receive-pack

* [Change 224772](https://gerrit-review.googlesource.com/224772)
Reduced memory and storage needs for TagSet

* [Change 377814](https://gerrit-review.googlesource.com/377814)
Bloom filters are no longer built during offline reindex

* [Change 380594](https://gerrit-review.googlesource.com/380594)
Reduced memory and storage needs for TagSet by using RoaringBitmaps

## Gerrit UI changes

* [Change 389894](https://gerrit-review.googlesource.com/389894)
Track diff page sidebar state as a user preference

* [Change 389700](https://gerrit-review.googlesource.com/389700)
Add a user preference for sidebar on the diff page

* [Change 376934](https://gerrit-review.googlesource.com/376934)
Rebase can be performed using a secondary email via UI

  updates the UI to show a list of relevant emails to choose from when rebasing
  a change.

* [Issue 303075739](https://crbug.com/gerrit/303075739)
New frontend extension point: auth-link

* [Change 387695](https://gerrit-review.googlesource.com/387695)
Show diff as User Suggested Edit Preview instead of code block

* [Issue 301481564](https://crbug.com/gerrit/301481564)
Fix the repository configuration loading and rendering when switching tabs

* [Change 382555](https://gerrit-review.googlesource.com/382555)
Introduce "showdiff" plugin event

  Any listeners are notified any time a diff is shown on the screen.

* [Change 379095](https://gerrit-review.googlesource.com/379095)
Add diff page sidebar for plugins

* [Change 378634](https://gerrit-review.googlesource.com/378634)
Experimental plugin endpoint for diff hover events

* [Change 378436](https://gerrit-review.googlesource.com/378436)
Fix copying Change-Id in dropdown

* [Change 373477](https://gerrit-review.googlesource.com/373477)
Fire `SHOW_CHANGE` event to plugins from diff page

* [Change 394834](https://gerrit-review.googlesource.com/394834)
Fix auto-completion of suggested accounts for imported changes

## Documentation changes

* [Change 391858](https://gerrit-review.googlesource.com/c/gerrit/+/391858):
Document `ChecksApi.updateResult()` in PolyGerrit plugins checks API

* [Change 391696](https://gerrit-review.googlesource.com/c/gerrit/+/391696):
Document `check-result-expanded` plugin endpoint in PolyGerrit plugins checks API

* [Change 390454](https://gerrit-review.googlesource.com/390454)
Document gerrit `set-head` SSH command and fix old UI references

* [Change 388936](https://gerrit-review.googlesource.com/388936)
Explain in `ls-projects` SSH API when the "parent" field is "?-N"

* [Change 388936](https://gerrit-review.googlesource.com/388530)
Explain in `/projects/` REST API when the "parent" field is "?-N"

* [Change 387736](https://gerrit-review.googlesource.com/387736)
Be more explicit about using Bazelisk in dev docs

* [Change 382794](https://gerrit-review.googlesource.com/382794)
Update blurb for `ldap.accountFullName`

* [Change 378094](https://gerrit-review.googlesource.com/378094)
Add example for `GerritSiteHeader.html`

* [Change 372854](https://gerrit-review.googlesource.com/372854)
Add example to blurb for `ldap.mandatoryGroup`

## JGit changes

* [Change 387495](https://gerrit-review.googlesource.com/387495)
Bump JGit version to b6b1e0a0a. You can retrieve the full list of changes
  with:

  ```shell
  git log --no-merges --format=oneline 74fa245b3c3ccf13afcbec7911c7c8459e48527d..b6b1e0a0adda605f7a62c915d1aef606b961e36f
  ```

  notable changes are:

    * a2bce029a WorkingTreeIterator: directly filter input stream
    * 642f16023 Use ShutdownHook to gracefully handle JVM shutdown
    * d4d6c2b5a Add ShutdownHook to cleanup FileLocks on graceful JVM shutdown
    * f94be665f Unregister ShutdownHook when GC#PidLock is closed
    * 82c6638c7 RevertCommand: support for inserting a Gerrit change ID
    * 7baa5a157 DfsPackFile: Record index loads only in one place
    * 30427485d DfsPackfile: Emit the index load with the index object
    * ba1653162 Ensure home directory not null before using in
      Sshdsessionfactory
    * 4f5afe9d7 CommitGraphWriter: Make the list of chunks immutable
    * f90f0717a CommitGraphWriter: Assert written bytes
    * c024cb23d Remove unused API problem filters
    * 13c8dacae CommitGraphWriter: throw exception on unknown chunk
    * fb51a2234 Document commit-graph options supported by JGit
    * a2f326b76 Handle global git config $XDG_CONFIG_HOME/git/config
    * e7a09e316 Introduce core.packedIndexGitUseStrongRefs config key
    * 551ca93cc DfsGarbageCollector: provide commit graph stats
    * 6f7333693 DfsGarbageCollector: put only GC commits into the commit graph
    * b4b8f05ee DfsReader: Expose when indices are loaded
    * 3a6eec9bb Express the explicit intention of creating bitmaps in GC
    * ac8d7838f GC: prune all packfiles after the loosen phase
    * c353645a0 Move footer-line parsing methods from RevCommit to FooterLine
    * c8f5a3f99 RevCommitCG: Read changed-path-filters directly from commit
      graph
    * ec3d919aa Identify a commit that generates a diffEntry on a rename Event.
    * f196c7a0e Pack: open reverse index from file if present
    * 000e7caf5 PackReverseIndexV1: reverse index parsed from version 1 file
    * 2eba4e5b4 PackReverseIndex: open file if present otherwise compute
    * 8123dcd69 PackReverseIndex: verify checksums
    * 7d2669587 ComputedPackReverseIndex: Clarify custom bucket sort algorithm
    * 3b77e33ad CommitGraphWriter: add option for writing/using bloom filters
    * 77aec6214 CommitGraphWriter: reuse changed path filters
    * d3b40e72a RevWalk: use changed path filters
    * ff0f7c174 CommitGraphLoader: read changed-path filters
    * 49beb5ae5 CommitGraphWriter: write changed-path filters
    * 23758d7a6 ssh: PKCS#11 support
    * db08835c6 GC: Remove handling of extra pack for RefTree
    * 760bdd09b DfsPackParser: Create object indices if config says so
    * cb99ff5bb DfsInserter: generate object size index if config says so
    * 4d2a003b9 DfsInserter: populate full size on object insertion
    * 12a4a4cca DFSGarbargeCollector: Write object size indices
    * 9dace2e6d DfsReader/PackFile: Implement isNotLargerThan using the obj size
      idx
    * 79b46a0ef Fix S3Repository getSize to handle larger object sizes
    * 8e6197162 PackReverseIndex: separate out the computed implementation
    * 74547f4a6 PackReverseIndex: use static builder instead of constructor
    * 181b629f7 Gc#writePack: write the reverse index file to disk
    * 6b3b2b33a GraphObjectIndex: fix search in findGraphPosition
    * 2cbf0c177 Also add suppressed exception if unchecked exception occurs in
      finally
    * d0564cf8a UploadPack: Record negotiation stats on fetchV2 call
    * ce88e62ed PackWriter: write the PackReverseIndex file

## Other dependency changes

* [Change 388177](https://gerrit-review.googlesource.com/388177)
Update error_prone_annotations to 2.22.0

* [Change 372276](https://gerrit-review.googlesource.com/372276)
Update guice version to 6.0.0

* [Change 388038](https://gerrit-review.googlesource.com/388038)
Add java-prettify as git submodule

* [Change 387998](https://gerrit-review.googlesource.com/387998)
Update gitiles version to 1.3.0

* [Change 387999](https://gerrit-review.googlesource.com/387999)
Update SSHD version to 2.10.0

* [Issue 302090044](https://crbug.com/gerrit/302090044):
Update plugins/download-commands
    - 4eb9ae135 Add `--recurse-submodules` flag to supporting commands

* [Change 336947](https://gerrit-review.googlesource.com/336947)
Upgrade guava to 32.1-jre

* [Change 384754](https://gerrit-review.googlesource.com/384754)
Update plugins/replication
    - f447543ba5 Avoid opportunity to inadvertently block the distributor
    - 082c710e28 Reduced log level for Task deletion errors in MP setups

* [Change 378434](https://gerrit-review.googlesource.com/378434)
Update Resemble to 5.0

* [Change 219455](https://gerrit-review.googlesource.com/219455)
Update Lucene version to 8.11.2

## Other core changes

* [Change 327739](https://gerrit-review.googlesource.com/327739)
  Update Java language level to Java 17 per default

## Bugfix releases

### 3.9.4

* Security Fixes

  * [Issue 321784734](https://gerrit-review.googlesource.com/q/bug:321784734):
  Fix endless loop when using "is:watched" in project watches.

    Previous setting up email notification with `is:watched` predicate would
    create an infinite loop that would take a CPU offline.

* Breaking changes

  * [Change 416278](https://gerrit-review.googlesource.com/c/gerrit/+/416278):
  Validate and reject SSH keys with invalid or mismatched algorithm

    Verify that the OpenSSH key algorithm matches the one associated with the
    public key. Throw a new specific InvalidKeyAlgorithmException if the two
    algorithms do not match.

    Make SshKeyCacheImpl tolerant to existing keys stored in the accounts'
    profile, otherwise Gerrit may start flagging keys that have been previously
    stored as invalid, resulting in random authentication failures by existing
    users.

    Existing invalid keys are reported in the error_log with the associated
    exceptions and automatically fixed, removing the invalid key from the accounts
    profile and adjusting the key algorithm with the one associated with the public
    key.

* Bug Fixes

  * [Issue 330195358](https://issues.gerritcodereview.com/issues/330195358):
  Fix paginationType NONE to stop querying when there are no more results

  * [Change 416560](https://gerrit-review.googlesource.com/c/gerrit/+/416560):
  Ensure that clearing reviewed flags is performed on correct change when it
  is imported from another instance

  * [Issue 325309573](https://issues.gerritcodereview.com/issues/325309573):
  Prevent starred changes clashes between local and imported changes having
  the same change number.

  * [Issue 325309574](https://issues.gerritcodereview.com/issues/3253095744):
  Assign draft comments to the correct change when there is ambiguity due to
  imported changes having the same change number.

  * [Change 411279](https://gerrit-review.googlesource.com/c/gerrit/+/411279):
  Fix change staleness check for changes with drafts and stars

  * [Issue 325821304](https://issues.gerritcodereview.com/issues/325821304):
  Fix change id parsing in SSH commands

    SSH commands did not support anything but simply the change number as
    change id. They are now able to interpret all the standard format of
    changeIds like project~changeNumber.

  * [Issue 40014889](https://issues.gerritcodereview.com/issues/40014889):
  Fix WIP changes being always considered as in conflict.

  * [Change 410458](https://gerrit-review.googlesource.com/c/gerrit/+/410458):
  ReviewCommand identify change with project,change-number if project is
  provided as parameter in the command line

  * [Issue 324462734](https://issues.gerritcodereview.com/issues/324462734):
  Prevent reload of plugins with ApiModule

* JGit changes

  * [Change 415557](https://gerrit-review.googlesource.com/c/gerrit/+/415557):
    Update JGit to c0b415fb0

    * 21f7fdff7 Introduce core.trustLooseRefStat config
    * a44b9e8bf Support public key in IdentityFile
    * 906c2bebe RebaseCommand: fix stopping on root commit conflicts
    * 788487316 BasePackFetchConnection: Skip object/ref lookups if local repo is empty
    * faa50c683 LooseObjects: Use File#exists when possible
    * ab132937f FooterLine: Protect from ill-formed message
    * 5e563e1ba PackWriter: store the objects with bitmaps in the statistics
    * 340cc787a Improve footer parsing to allow multiline footers.
    * aab75dba7 BitmapIndex: Add interface to track bitmaps found (or not)
    * 3937300f3 Optimise Git protocol v2 `ref-prefix` scanning
    * 5f563e386 UploadPack: use want-refs as advertised set in fetch v2
    * 093bde518 BasePackFetchConnection: Avoid full clone with useNegotiationTip
    * f103a1d5c Add support for git config repack.packKeptObjects
    * f5f4bf0ad Do not exclude objects in locked packs from bitmap processing
    * fb51a2234 Document commit-graph options supported by JGit
    * e29834a77 Fix some tests in ConfigTest
    * e7a09e316 Introduce core.packedIndexGitUseStrongRefs config key
    * 551ca93cc DfsGarbageCollector: provide commit graph stats
    * 6f7333693 DfsGarbageCollector: put only GC commits into the commit graph
    * b4b8f05ee DfsReader: Expose when indices are loaded
    * 462c57ec8 Merge: Add diff3 style merge conflict formatter.
    * f196c7a0e Pack: open reverse index from file if present
    * db08835c6 GC: Remove handling of extra pack for RefTree
    * ac8d7838f GC: prune all packfiles after the loosen phase
    * 6b3b2b33a GraphObjectIndex: fix search in findGraphPosition
    * 913e6cf3f Switch to Apache MINA sshd 2.10.0
    * d0564cf8a UploadPack: Record negotiation stats on fetchV2 call
    * 8c0c96e0a Support rebasing independent branches
    * 8bc13fb79 Support cherry-picking a root commit
    * 032eef5b1 Parse pull.rebase=preserve as alias for pull.rebase=merges
    * 96d9e3eb1 Prevent infinite loop rescanning the pack list on PackMismatchException
    * e06ce5960 Add protocol configuration to Amazon S3 transport
    * 060dcf1cc ListTagCommand: implement git tag --contains
    * 5cc9ecde8 RevWalk: use generation number to optimize getMergedInto()
    * 23b9693a7 DirCache: support option index.skipHash

### 3.9.3 (Withdrawn)

### 3.9.2

* Breaking changes

  * [Change 404018](https://gerrit-review.googlesource.com/c/gerrit/+/404018):
  Add option to populate 'starred' field for change queries.

    A `star` option must now be provided to include the `starred` field in
    `ChangeInfo`, which indicates if the change is starred by the current user or
    not.

* New Features

  * [Change 406237](https://gerrit-review.googlesource.com/c/gerrit/+/406237):
  Add metrics for `git/upload-pack/bitmap_index_misses_count` and a separate one for
  missing bitmap indexes.

    JGit packer tracks the number of times that an object was not
    found in the bitmap index or if the bitmap index was completely
    missing.
    Added the `git/upload-pack/bitmap_index_misses_count` for being used
    in performance graphs, while the `git/upload-pack/no_bitmap_index`
    should be more suitable for alerts.

  * [Change 406004](https://gerrit-review.googlesource.com/c/gerrit/+/406004):
  Add timer for git/upload-pack/phase_searching_for_* phases.

    Add metrics for the "Finding sources" phase, which is critical for an optimal
    Git/HTTP performance.

  * [Change 402497](https://gerrit-review.googlesource.com/c/gerrit/+/402497):
  Introduce configurable shutdown timeout

    Added `container.shutdownTimeout` to configure the maximum time (in seconds)
    to wait before terminating Gerrit.

  * [Change 404718](https://gerrit-review.googlesource.com/c/gerrit/+/404718):
  Add timer for `git/upload-pack/phase_negotiating`.

    Added the `git/upload-pack/phase_negotiating` so that the Gerrit admin
    can graph how these are performing and spot any potential issues.
    JGit packer tracks time spent in the negotiation phase.
    This statistic was only exposed in the sshd_log and is not available
    when the client uses Git/HTTP.

  * [Change 393037](https://gerrit-review.googlesource.com/c/gerrit/+/393037):
  Bazel: Add support for BuildBuddy RBE provider.

    BuildBuddy provides an open-core suite of enterprise features for Bazel.

* Performance Fixes

  * [Change 392634](https://gerrit-review.googlesource.com/c/gerrit/+/392634):
  Improved performance for conflicts: operator and other mergeability
  checks when submit type is `Merge-If-Necessary`.

* Bug Fixes

   * [Issue 325537222](https://issues.gerritcodereview.com/issues/325537222)
   Force Bazel to separate /tmp between JVMs when running test

   * [Issue 319671265](https://issues.gerritcodereview.com/issues/319671265)
   Fix x-plugin communication with multiple ApiModules

    Fixes plugin load failure when multiple plugins were declaring ApiModules for cross
    communication.

   * [Change 395016](https://gerrit-review.googlesource.com/c/gerrit/+/395016)
   Fixed NPE when submitting changes.

    Fixes potential NullPointerException when `ignoreSelfApproval` magic label is used.

  * [Issue 314113030](https://issues.gerritcodereview.com/issues/314113030):
  Fail the change reindex operation upon StorageException(s).

    Allows some of the indexing operations to fail, so that if a change indexing
    throws a `StorageException`, so that the change does not disappear
    from the index.

  * [Change 395741](https://gerrit-review.googlesource.com/c/gerrit/+/395741):
  Fix event parse exception when changing repository HEAD.

    Explicitly registered a type and class for `ProjectHeadUpdatedEvent` in `EventType`
    in order to successfully deserialize events.

  * [Issue 318745940](https://issues.gerritcodereview.com/issues/318745940):
  Fix serverId in identity parsing for imported human comments.

    Remapping of account-ids correctly adapts the comment's author account-ids
    and `serverId` fixing the inconsistent identity of the comments.

  * [Change 400997](https://gerrit-review.googlesource.com/400997)
  Reduce email spam, by not notifying existing reviewers when new ones are added

  * [Issue 318079520](https://issues.gerritcodereview.com/issues/318079520)
  Fix comments rendering with imported changes

    Fixes a bug when comments posted on changes imported from another Gerrit instance were not
    rendered in the UI.

  * [Issue 40014889](https://issues.gerritcodereview.com/issues/40014889)
  Fixed WIP changes always showing Merge Conflict in searches

    Fixes the work-in-progress changes always shown as having a merge conflict when
    `change.mergeabilityComputationBehaviour` was set to value other than `NEVER`.

  * [Issue 312895375](https://issues.gerritcodereview.com/issues/312895375)
  Fix comment directly link pointing to a change imported from other Gerrit
  server-ids

    Fixes direct links to a comment on a change imported from another Gerrit instance returning
    HTTP status 404.

  * [Change 404937](https://gerrit-review.googlesource.com/c/gerrit/+/404937):
  Fix copyable change links when base URL has a path.

    Removed extra base URL prefix in `gr-copy-links`. The links are crafted from
    createChangeUrl which already returns an URL with the base URL.

  * [Issue 311925527](https://issues.gerritcodereview.com/issues/311925527):
  Fix canonical web url binding in Git over HTTP.

    Fix a problem encountered in the `virtualhost` plugin, where
    despite proper configuration for tenant canonical web URL, the git push
    output would use the value of `gerrit.canonicalWebUrl` configuration option.

* Dependency Updates

  * [Change 409781](https://gerrit-review.googlesource.com/409781)
  Update download-commands to ed214d6f

  * [Change 403721](https://gerrit-review.googlesource.com/c/gerrit/+/403721):
  Bump SSHD version to 2.12.0 with security fix for [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795)

* JGit changes

  * [Change 409279](https://gerrit-review.googlesource.com/409279)
  Update jgit to bf70c9f4c (stable-6.7)
    You can retrieve the full list of changes with:

    ```shell
    git log --no-merges --oneline b6b1e0a0ad..bf70c9f4c2
    ```

    notable changes are:

    * acf21c0bc RefDirectory: Do not unlock until after deleting loose ref
    * 86ef2d531 Add missing javadoc description for declared exception
    * 29c89d1f0 SnapshottingRefDirectory: Invalidate snapshot after locking ref for update
    * 8197cab33 SnapshottingRefDir: Replace lambas with method refs
    * 8b49e01ab SnapshottingRefDir: Reduce casts with overrides
    * 747618358 Improve handling of NFS stale handle errors
    * ca54c5176 Fix handling of missing pack index file
    * 60af389b4 Add tests for handling pack files removal during fetch
    * b4c66104f Introduce a PriorityQueue sorting RevCommits by commit timestamp
    * 2d52df154 Remove org.eclipse.jgit.benchmark/.factorypath
    * 10c5c17eb Update jmh to 1.37 for org.eclipse.jgit.benchmark
    * 2177bed9a Silence API warnings
    * e712b4716 Make sure ref to prune is in packed refs
    * 170244d05 Checkout: better directory handling
    * 4d6671b4c PackConfig: fix @since tags
    * 244165fc5 Remove unused API problem filters
    * f103a1d5c Add support for git config repack.packKeptObjects
    * f5f4bf0ad Do not exclude objects in locked packs from bitmap processing