Google Git
Sign in
gerrit / homepage / HEAD / . / pages / site / releases / 3.0.md
blob: 80d68bc47999efd5309afdc66348da2683d74537 [file] [log] [blame] [view]
---
title: "Gerrit 3.0.x"
permalink: 3.0.html
hide_sidebar: true
hide_navtoggle: true
toc: true
---
Download: **[3.0.16](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.16.war)**
| [3.0.15](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.15.war)
| [3.0.13](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.13.war)
| [3.0.12](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.12.war)
| [3.0.11](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.11.war)
| [3.0.10](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.10.war)
| [3.0.9](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.9.war)
| [3.0.8](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.8.war)
| [3.0.7](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.7.war)
| [3.0.6](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.6.war)
| [3.0.5](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.5.war)
| [3.0.4](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.4.war)
| [3.0.3](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.3.war)
| [3.0.2](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.2.war)
| [3.0.1](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.1.war)
| [3.0.0](https://gerrit-releases.storage.googleapis.com/gerrit-3.0.0.war)
Documentation: **[3.0.16](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.16/index.html)**
| [3.0.15](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.15/index.html)
| [3.0.13](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/index.html)
| [3.0.12](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.12/index.html)
| [3.0.11](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.11/index.html)
| [3.0.10](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.10/index.html)
| [3.0.9](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.9/index.html)
| [3.0.8](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.8/index.html)
| [3.0.7](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.7/index.html)
| [3.0.6](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.6/index.html)
| [3.0.5](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.5/index.html)
| [3.0.4](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.4/index.html)
| [3.0.3](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.3/index.html)
| [3.0.2](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.2/index.html)
| [3.0.1](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.1/index.html)
| [3.0.0](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.0/index.html)
## Release Highlights
* Removal of GWT UI
The GWT UI is removed and PolyGerrit is now the only UI.
* Removal of ReviewDb
The database backend for changes, accounts, groups and projects ("ReviewDb") is
removed and this metadata is now stored in git ("NoteDb").
A database is still needed for account patch reviews, which stores the 'reviewed'
flag for files in a review per user. The default backend is H2, but MySQL,
PostgreSQL and MariaDb are also supported. See the
[documentation](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.0/config-gerrit.html#accountPatchReviewDb)
for details.
It is also possible for plugins to provide another backend by implementing the
[`AccountPatchReviewStore`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.0/dev-plugins.html#account-patch-review-store)
interface.
* New quota enforcer extension point.
* [Issue 4040](https://bugs.chromium.org/p/gerrit/issues/detail?id=4040):
Support for signed push with GPG subkeys.
* New core plugins: `delete-project`, `gitiles`, `plugin-manager`, and `webhooks`.
## Important Notes
### Schema Changes
This release contains schema changes. To upgrade:
``` sh
java -jar gerrit.war init -d site_path
```
The changes index version has been increased. To run off-line reindexing of
the changes (optional):
```sh
java -jar gerrit.war reindex --index changes -d site_path
```
By default the changes index is automatically rebuilt upon the Gerrit startup
after the upgrade.
### Breaking Changes
#### Reverse DNS lookup is now disabled by default
The `gerrit.disableReverseDnsLookup` option with default value false is replaced
by `gerrit.enableReverseDnsLookp` also with default value false. This means that
reverse DNS lookup is now disabled by default.
#### Private changes will be published (unmarked private) once merged
A warning dialog will be displayed to the user to confirm this on submission
using the UI. When submitted via push, this warning will not be shown. Already
merged changes cannot be marked private any longer.
#### The `urlAlias` configuration settings are removed
The URL rewriting feature introduced in 2.12 via the
[`urlAlias` configuration](https://gerrit-documentation.storage.googleapis.com/Documentation/2.16.12/config-gerrit.html#urlAlias)
was only supported in GWT, and thus removed with the 3.0 release.
See [issue 8054](https://bugs.chromium.org/p/gerrit/issues/detail?id=8054)
for details.
#### The `MessageOfTheDay` extension point is removed
The `MessageOfTheDay` functionality was not ported to the PolyGerrit-UI and
the `MessageOfTheDay` extension point was removed with the 3.0.7 release.
However, the JS API provides the `banner` entrypoint for plugins to add messages
to the UI. Plugins that were previously using the `MessageOfTheDay` extension
point have to be adapted accordingly.
## New Features
* New quota enforcer extension point.
Plugins may implement the
[QuotaEnforcer](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.0/dev-plugins.html#quota-enforcer)
interface to enforce
[quotas](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.0/dev-plugins.html#quota-enforcer).
* [Issue 4040](https://bugs.chromium.org/p/gerrit/issues/detail?id=4040):
Support for signed push with GPG subkeys.
It is now possible to use a GPG subkey when pushing commits with signed push.
* [Issue 6053](https://bugs.chromium.org/p/gerrit/issues/detail?id=6053):
Support for searching on mobile devices.
* [Issue 8535](https://bugs.chromium.org/p/gerrit/issues/detail?id=8535):
Support for plugin config entries in the PolyGerrit UI.
Configuration entries defined by server-side plugins are now displayed
in the UI.
* [Issue 10385](https://bugs.chromium.org/p/gerrit/issues/detail?id=10385):
New [Toggle Work In Progress state](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.12/access-control.html#category_toggle_work_in_progress_state) permission.
This allows for granting the "Toggle Work In Progress state" permission to
arbitrary users. This permission controls who is able to flip the Work In
Progress bit in addition to the three different groups that can do so already:
change owner, server administrator and project owners.
Note that the option was included in 3.0.0 but only documented since 3.0.12.
* New method to get UI top menus in the config API.
* New configuration option
[`change.api.excludeMergeableInChangeInfo`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.0/config-gerrit.html#change.api.excludeMergeableInChangeInfo).
Computing mergeability of open changes becomes very expensive for hosts
that have fast-moving branches and a lot of open changes. Setting this
option to `true` disables it.
* New configuration option
[`change.move`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.3/config-gerrit.html#change.move).
The `change.move` option allows to disable the "Move Change" REST API.
Note that the option was included in 3.0.0 but only documented since 3.0.3.
* New core plugins.
The `delete-project`, `gitiles`, `plugin-manager`, and `webhooks` plugins are
now core plugins bundled with the release, and can be installed during site
initialization.
## Dependency Updates
* Add dependency on resemblejs
* Remove dependency on apache derby
* Remove dependency on gwtjsonrpc
* Remove dependency on gwtorm
* Remove dependency on postgresql
* Upgrade asm to 7.0
* Upgrade auto-value to 1.6.5
* Upgrade codemirror-minified to 5.43.0
* Upgrade commons-lang3 to 3.8.1
* Upgrade gitiles-blame-cache and gitiles-servlet to 0.2-8
* Upgrade guava to 27.0.1-jre
* Upgrade guice to 4.2.2
* Upgrade prolog-cafe to 1.4.4
* Upgrade soy to 2019-03-11
* Upgrade truth to 0.43
## Native packaging
* Upgrade the Docker/Ubuntu image to Ubuntu 18.04
* Upgrade the Docker/CentOS image to CentOS 7.6.1810
* RPM/Deb: Remove Gerrit service start upon package setup.
Gerrit service is no longer started automatically after the package installation,
but requires manual invocation of the `/etc/init.d/gerrit start` command, or
the configuration of the service for auto-start and the reboot of the machine.
* Docker: auto-init the Gerrit site during first start of the container.
Simplify the configuration and management of Docker setups by automatically
detecting if a `$GERRIT_SITE/git/All-Projects.git` exists and, if it doesn't,
invoke the Gerrit init step in batch mode.
## Bugfix Releases
### 3.0.16
* Security Fixes
* [Issue 13858](https://bugs.chromium.org/p/gerrit/issues/detail?id=13858)
[CVE-2021-22553](https://nvd.nist.gov/vuln/detail/CVE-2021-22553):
Fixed memory leak in Git-over-HTTP requests.
Unauthenticated users could exploit this problem in a Denial of Service attack,
causing the server to go out-of-memory.
* Bug Fixes
* [Issue 12287](https://bugs.chromium.org/p/gerrit/issues/detail?id=12287):
Add a warning if submitting a change with an open change edit.
* Dependency Updates
* Update JGit to 5.3.9.202012012026-r.
* Update Jetty to 9.4.33.v20201020.
### 3.0.15
* Security Fixes
* [Issue 13621](https://bugs.chromium.org/p/gerrit/issues/detail?id=13621)
[CVE-2020-8919](https://nvd.nist.gov/vuln/detail/CVE-2020-8919):
Make `PermissionBackend#ForRef` authoritative.
Fixes a misconception that leads to data being accessible through Gerrit
APIs that should be locked down.
Gerrit had two components for determining if a Git ref is visible to a
user: `(Default)RefFilter` and `PermissionBackend#ForRef` (e.g.,
`RefControl`). The former was always capable of providing correct results
for all refs. The latter only had logic to decide if a Git ref is visible
according to the Gerrit `READ` permissions. This includes all refs under
`refs/heads` as well as any other ref that isn't a database ref or a Git
tag. This component was unaware of Git tags and notedb-related refs. Hence,
when asked for a database reference such as `refs/changes/xx/yyyyxx/meta`,
the logic would allow access if the user has `READ` permissions on any of
the ref prefixes (such as the default "read refs/* Anonymous Users").
That was problematic, because it bypassed
[documented behavior](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.15/access-control.html)
where a user should only have access to a change if he can see the
destination ref. The same goes for other database references.
* [Issue 13514](https://bugs.chromium.org/p/gerrit/issues/detail?id=13514)
[CVE-2020-8920](https://nvd.nist.gov/vuln/detail/CVE-2020-8920):
Work around Gitiles bug on `All-Users` visibility.
Gitiles has a special `FilteredRepository` wrapper that allows carefully
hiding refs based on the project's ACLs. There is however an optimization
that skips the filtering in case a user has `READ` permissions on every ACL
pattern(s). When the target repository is `All-Users`, the optimization
turns into a security issue because it allows seeing all personal information
associated with all accounts, i.e.:
* draft comments
* draft edits
* personally identifiable information (PII) of all users
* external ids
This fix now blocks Gitiles or any other part of Gerrit to abuse this power
when the target repository is `All-Users`, where nobody can be authorized
to skip the ACLs evaluation anyway.
### 3.0.14
This minor release has been withdrawn.
### 3.0.13
* Breaking Changes
* Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
6.6 and 6.7 is discontinued.
* [Issue 13184](https://bugs.chromium.org/p/gerrit/issues/detail?id=13184):
Logging: `--console-log`-flag of `gerrit.war daemon` respects `log.textLogging`
and `log.jsonLogging` options.
Change in the default behaviour of the `--console-log` flag. Since
`log.textLogging` in the `gerrit.config` is `true` by default, using the
`--console-log`-flag now writes logs to the `error_log`-file in addition
to stderr by default. This can be avoided by setting `log.textLogging = false`.
* Bug Fixes
* [Issue 11706](https://bugs.chromium.org/p/gerrit/issues/detail?id=11706):
ChangeEdits: Don't wrap `Response.none()` in `Response.ok()`.
Wrapping of edit message modification `Response.none()` in `Response.ok()`
was erroneously added. Revert that part, as it broke the handling of that
specific request.
* [Issue 13175](https://bugs.chromium.org/p/gerrit/issues/detail?id=13175):
Fix `gr-hovercard-behavior` under Firefox.
* [Issue 13328](https://bugs.chromium.org/p/gerrit/issues/detail?id=13328):
Redirect GWT UI project dashboard links to Polygerrit endpoints.
Add a route to the Polygerrit UI router, to redirect such legacy GWT UI
endpoints, so that existing menu links are handled without any modifications.
Otherwise, switching from GWT to Polygerrit resulted in broken links to
project dashboards. This fix also handles bookmarked links.
* [Issue 13350](https://bugs.chromium.org/p/gerrit/issues/detail?id=13350):
Decode group id before using it to add cc-reviewers.
When a group is being suggested for cc-reviewer, its UUID gets encoded
by Gerrit prior to rendering it. That had no impact on Gerrit internal
groups, however external groups were affected. UUID prefixes contained
encoded characters where they shouldn't have. Hitting the Reply button
sent such encoded groups as is, leading to them not being found in Gerrit.
Decoding the URI before sending the group back to the UI fixes the issue.
* [Issue 13372](https://bugs.chromium.org/p/gerrit/issues/detail?id=13372):
Remove obsolete GWT change-related screenshot.
The GWT UI is not included anymore in Gerrit from v3.0 onwards.
* Replication Plugin Fixes
* Fixed synopsis in replication start command documentation.
`--url` is usable with `--all` or projects and on its own.
Update the usage to reflect this.
* [Issue 12769](https://bugs.chromium.org/p/gerrit/issues/detail?id=12769):
Don't wait for pending events to process on startup.
Previously, on large Gerrit installations with many projects and/or many
replication destinations, the replication plugin could take very long
periods of time to startup. This was particularly a problem if the
pending (persisted) event count was large as they all were rescheduled
before the plugin finished initializing.
Change this behavior so that startup merely begins the process of
scheduling the pending events, but does not wait for them to complete.
* End-to-end Tests Improvements
* Support an optional parent in the `CreateProject` scenario.
* Rely on a released version of `gatling-git` in stable branch.
* List of [plugins with scenarios](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-e2e-tests.html#_plugin_scenarios)
updated.
* Documentation for
[Environment properties](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-e2e-tests.html#_environment_properties)
was refactored and augmented with
[replication_delay](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-e2e-tests.html#_replication_delay)
information, as the new `CheckNewProjectReplica1` core scenario was added.
* [Issue 12208](https://bugs.chromium.org/p/gerrit/issues/detail?id=12208):
Add [presentation links](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-e2e-tests.html#_what_is_gatling)
to documentation.
* [Issue 13082](https://bugs.chromium.org/p/gerrit/issues/detail?id=13082):
Add [Eclipse support](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-e2e-tests.html#_eclipse)
for Gatling tests.
* Other Improvements
* Introduced `sshd.gracefulStopTimeout`, documented
[here](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/config-gerrit.html#sshd.gracefulStopTimeout).
* Bumped the Bazel version to `3.5.0`.
* `MigrateToNoteDb` and `NoteDbMigrator` logging improvements.
* Documentation Updates
* Documented how to mitigate a broken
[Eclipse project on macOS](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-eclipse.html#_eclipse_project_on_macos).
* Documented the `X-Forwarded-For` header under a new
[Reverse proxy and client IPs](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/config-reverseproxy.html#_reverse_proxy_and_client_ips)
section.
* Gerrit
[log files and their format](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/logs.html)
added as a new documentation page.
* Updated the
[recommended buildifier version](https://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-contributing.html)
to `3.5.0`.
* Improved parts of the
[release process main documentation page](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.13/dev-release.html).
* Library Updates
* Upgraded Elasticsearch 6 support to `6.8.12` and 7 (elasticsearch-rest-client) to `7.8.1`.
* Upgraded jackson-core to version `2.11.2`.
* Upgraded caffeine to version `2.8.5`.
### 3.0.12
* Security Fixes
* [Issue 12846](https://bugs.chromium.org/p/gerrit/issues/detail?id=12846):
BadMessageException: 500: Response header too large.
[CVE-2019-17638](https://nvd.nist.gov/vuln/detail/CVE-2019-17638)
Bump Jetty version to 9.4.30.v20200611 to fix regression introduced in Jetty
version: 9.4.27.v20200227.
Response header overflow leads to buffer corruptions Jetty server always
allocates maximum response header size.
For more details see also upstream issues:
[Issue 4936](https://github.com/eclipse/jetty.project/issues/4936)
[Issue 4541](https://github.com/eclipse/jetty.project/issues/4541)
* Bug Fixes
* [Issue 13054](https://bugs.chromium.org/p/gerrit/issues/detail?id=13054):
Restore keyboard shortcut for expand all diff context
In gerrit 2.16 release the keyboard shortcuts system was redesigned, but
the binding for Shift+x shortcut for expand all diffs was lost. Restore
this binding and confirm that it is now listed in the help dialog and
works as expected.
* [Issue 12952](https://bugs.chromium.org/p/gerrit/issues/detail?id=12952):
Handle duplicate label values on project load and push of config updates
With the fix a validation error on load of the `project.config` file is
generated, but let the loading succeed and the duplicate value is filtered
out. Hence getting the project info of such a project no longer fails.
* [Issue 13166](https://bugs.chromium.org/p/gerrit/issues/detail?id=13166):
Include request latency in httpd_log.json
The latency field was missing in the entries of JSON-formatted http logs.
### 3.0.11
* Security Fixes
* [Issue 12926](https://bugs.chromium.org/p/gerrit/issues/detail?id=12926):
Allow setting X-Frame-Options response header for preventing
[clickjacking attacks](https://owasp.org/www-community/attacks/Clickjacking).
The setting [`gerrit.canLoadInIFrame`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.11/config-gerrit.html#gerrit.canLoadInIFrame),
previously used by the GWT UI, is now honoured by the PolyGerrit UI.
* Bug Fixes
* [Issue 12680](https://bugs.chromium.org/p/gerrit/issues/detail?id=12680):
Run projects reindex after Gerrit init only when needed, speeding up the upgrade process.
* [Issue 12909](https://bugs.chromium.org/p/gerrit/issues/detail?id=12909):
Fx missing index creation after Gerrit init.
* [Issue 12918](https://bugs.chromium.org/p/gerrit/issues/detail?id=12918):
Fix missing email notifications for project watches for changes created via cherry-pick.
* [Issue 12935](https://bugs.chromium.org/p/gerrit/issues/detail?id=12935):
Fix the output of the migrate-to-note-db program swallowing messaages after garbage collecting All-Users.
* PolyGerrit Fixes
* [Issue 12899](https://bugs.chromium.org/p/gerrit/issues/detail?id=12899):
Speedup the rendering of changes with large number of comments by lazy loading them when expanded.
* Documentation Updates
* [Issue 12869](https://bugs.chromium.org/p/gerrit/issues/detail?id=12869):
Add documentation on how to move a change across branches.
### 3.0.10
* Security Fixes
* [Issue 12717](https://bugs.chromium.org/p/gerrit/issues/detail?id=12717):
Deny access over HTTP for disabled accounts.
A disabled account was still able to access over HTTP until the existing
session expired.
* Bug Fixes
* [Issue 12777](https://bugs.chromium.org/p/gerrit/issues/detail?id=12777):
Hide "No Votes" notice for for labels added and approved by rules.
* [Issue 12844](https://bugs.chromium.org/p/gerrit/issues/detail?id=12844):
Update account full name when it changes in LDAP.
* [Issue 12850](https://bugs.chromium.org/p/gerrit/issues/detail?id=12850):
Ignore WIP changes in "CCed on" dashboard section.
* [Issue 11707](https://bugs.chromium.org/p/gerrit/issues/detail?id=11706):
Support `/COMMIT_MSG` for change edit REST endpoints.
* Do not fail for invalid change refs in `DefaultRefFilter`.
* Library Updates
* Upgrade elasticsearch-rest-client to 7.7.1.
* Documentation Updates
* Added missing documentation of
[notedb.changes.sequenceBatchSize](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.10/config-gerrit.html#notedb.changes.sequenceBatchSize)
### 3.0.9
* New Features
* Add a new metric for monitoring Java deadlocks.
The metric `proc/jvm/thread/num_deadlocked_threads` monitors the number of
threads that are deadlocked waiting for object monitors or ownable synchronizers.
* Add support for Elasticsearch 7.7.
* Breaking Changes
* Metrics: Cache disk stat metric computation is disabled by default
Calculation of the cache disks stat metrics for persistent caches is disabled
by default because it is a very expensive operation that can block a thread for
several minutes on larger installations.
Installations that still want to use this metric must explicitly enable it with the
[cache.enableDiskStatMetrics](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.9/config-gerrit.html#cache.enableDiskStatMetrics)
configuration option.
* Plugin API: Deprecated methods related to the draft workflow and change edits are removed
* `ChangeApi.getEdit()`
* `ChangeApi.publish()`
* `RevisionApi.delete()`
* `RevisionApi.publish()`
* [Issue 12527](https://bugs.chromium.org/p/gerrit/issues/detail?id=12527):
Elasticsearch: Support for [EOL versions](https://www.elastic.co/support/eol)
v5.6 and v6.0 to v6.5 is discontinued
* End-to-end Tests Improvements
* Allow end-to-end tests to proportionally scale on their expected execution times.
A `power_factor` [environment property](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.9/dev-e2e-tests.html#_environment_properties)
was added to the end-to-end tests core framework. Using that optional property,
scenario steps can take some more (or less) time prior to expecting proper completion.
The way to set that property locally then depends on the target runtime environment,
or SUT latency. The property may be used for either core or plugin scenarios.
* `FlushProjectsCache` related scenarios added to core (and the `high-availability` plugin).
* Support for relative runtime weights in scenarios.
Each scenario can now either weight like any other by default, or override that default
with a greater weight value, compared to siblings that are lighter on execution times.
Beside core, make the `high-availability` and `multi-site` plugin scenarios reuse this.
* Allow scenarios to create and delete Gerrit changes alongside projects.
Add the corresponding core support for an optional `http` request body to every such
`GerritSimulation`. Either automate or allow [environment properties](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.9/dev-e2e-tests.html#_environment_properties)
to feed the related input test data.
Beside core, make the `high-availability` and `multi-site` plugin scenarios test changes
that way. The latter currently has [Issue 12693](https://bugs.chromium.org/p/gerrit/issues/detail?id=12693)
as a known limitation.
* Bug Fixes
* [Issue 12606](https://bugs.chromium.org/p/gerrit/issues/detail?id=12606):
Fix `visibleto` predicate for groups.
If a group name was used in the `visibleto` predicate, changes were
not returned even if the group had permission to see them.
* [Issue 12747](https://bugs.chromium.org/p/gerrit/issues/detail?id=12747):
Fix change query visibility for internal user.
* [Issue 12755](https://bugs.chromium.org/p/gerrit/issues/detail?id=12755):
Block the removal of the Realm primary external ids.
It was possible to remove the email address associated with the primary
id of a Realm, effectively resulting in the account being removed.
* [Isssue 12786](https://bugs.chromium.org/p/gerrit/issues/detail?id=12786):
Fix wrong status returned when auth backend couldn't be reached.
The response 401 was returned when the auth backend could not be
reached, instead of the response 503.
* [Issue 14242](https://bugs.chromium.org/p/gerrit/issues/detail?id=12424):
Fix email token verification failures caused by non-URL-encoded characters.
* [Issue 11625](https://bugs.chromium.org/p/gerrit/issues/detail?id=11625):
Avoid multiple notifications for existing reviewers.
* Fix internal server error on parsing commit message during receive commits.
* Add `autocomplete="off"` to LDAP login form.
Some security tools will flag the absence of the autocomplete flag as a
possible security issue, as it could allow for passwords to be saved and
automatically filled in on shared computers.
* Accept `--ownedby` as an alias of `--owned-by` in the groups REST API.
The option was incorrectly documented as `--ownedBy` which resulted in an
error "not a valid option" if anyone tried to use it.
The documentation is fixed, and `--ownedby` is added as an alias so that it
also works for anyone still referring to the old documentation.
* Fix various misuses of the Flogger API causing exception details to be omitted
in the log output.
Exceptions were not properly passed to the logger which would cause the
details to be omitted, or in some cases the message "ERROR: UNUSED LOG ARGUMENTS"
to be emitted.
* When an invalid PAPE response is received during OpenID authentication
* When a plugin config is invalid and cannot be loaded
* When an error occurs while migrating a change metadata entry to JSON
* When there is an unsupported charset in a patch text
* [Issue 12673](https://bugs.chromium.org/p/gerrit/issues/detail?id=12673):
Fix emitting debug logs while running tests.
* PolyGerrit UI Fixes
* [Issue 12707](https://bugs.chromium.org/p/gerrit/issues/detail?id=12707):
Apply diff preferences immediately after pressing "Save".
* [Issue 12690](https://bugs.chromium.org/p/gerrit/issues/detail?id=12690):
Only show the "Edit" button for open changes in the diff view.
* [Issue 12726](https://bugs.chromium.org/p/gerrit/issues/detail?id=12726):
Fix incorrect highlighting after `/` character in Javascript.
* [Issue 12775](https://bugs.chromium.org/p/gerrit/issues/detail?id=12775):
Fix parent of previous patch sets not being available.
* [Issue 12385](https://bugs.chromium.org/p/gerrit/issues/detail?id=12385):
Fix memory leak in `gr-plugin-endpoints`.
* Replication Plugin Fixes
* [Issue 12678](https://bugs.chromium.org/p/gerrit/issues/detail?id=12678):
Fix missing replication Id in replication logs.
The migration to use Flogger in 2.16.17 caused a regression in the logging,
where the replication Id was omitted from the logs. This is fixed by reverting
back to slf4j logging for the replication log.
* [Issue 12719](https://bugs.chromium.org/p/gerrit/issues/detail?id=12719):
Fix `replication start --wait` to track in-flight collisions and to not fail.
* [Issue 12731](https://bugs.chromium.org/p/gerrit/issues/detail?id=12731):
Don't lose state when there's a pending push to the same ref.
If there was already a pending push (not an in-flight push) to the same endpoint,
the start for the push would be dropped when adding the push to the Destination.
This meant that a `replication start --wait` command would never complete when
one of its pushes was pending since its state would never receive the completion
notification for that push.
* [Issue 11745](https://bugs.chromium.org/p/gerrit/issues/detail?id=11745):
Fix firing pending "..all.." events on startup.
* [Issue 11760](https://bugs.chromium.org/p/gerrit/issues/detail?id=11760):
Make persistent task keys stable.
* Fix URL matching to match real URLs in addition to templated URLs.
* Log when skipping deletion of a ref when pushing to a remote in mirror mode.
* Improve logging of push failures caused by a lock failure on the remote.
* Improve logging of refs to be pushed.
* Library Upgrades
* Upgrade rules_closure to forked version
This fixes the "-parameters is not supported for target value 1.7. Use 1.8 or later."
warning when building. See [PR 478](https://github.com/bazelbuild/rules_closure/pull/478).
* [Issue 12448](https://bugs.chromium.org/p/gerrit/issues/detail?id=12448):
Upgrade Guice to 4.2.3 and switch to using no-AOP Guice distribution
This allows to more easily support newer JDK versions.
* Upgrade asm to 7.2
* Upgrade jackson-core to 2.11.0
* Upgrade jetty to 9.4.27.v20200227
### 3.0.8
* Breaking Changes
* The `LogThreshold` annotation is removed.
The default log level for tests has been changed from DEBUG to INFO,
and this annotation is no longer needed. It was originally introduced
to allow classes to explicitly set their log level at level other than
DEBUG.
Plugins that use this annotation must be adjusted.
* New Features
* Add support for Elasticsearch 7.6.x.
* Include `upload-pack` metrics in the sshd log.
In order to enable detailed performance and problem analysis,
`upload-pack` metrics are now included in the sshd log.
* Add new configuration setting `core.packedGitUseStrongRefs`.
When set to true, this option enables using strong references to reference
packfile pages cached in the WindowCache. If this option is set Java gc can
no longer flush the WindowCache to free memory if the used heap comes close
to the maximum heap size. On the other hand this provides more predictable
performance.
* Add new configuration setting `sendemail.denyrcpt`.
This new setting works alongside the existing `sendemail.allowrcpt`, and
allows to configure email addresses or domains that Gerrit may not send to.
* Allow to format HTTP and SSH logs in JSON format.
When `log.jsonLogging` is enabled, the HTTP and SSH logs are formatted
as JSON, making it easier for them to be parsed. Note that the error log
was already formatted in JSON when this option was enabled.
* Add new metrics.
Metrics are added for:
* Jetty connections
* JGit WindowCache and total load time for block cache entries
* Available number of cores
* Average system load for the last minute
Refer to the metrics documentation for full details.
* [Issue 11493](https://bugs.chromium.org/p/gerrit/issues/detail?id=11493):
Add an "Edit" button to the diff view in the PolyGerrit UI.
* Add support for fsharp in highlighting syntax in the PolyGerrit UI.
* [Issue 12364](https://bugs.chromium.org/p/gerrit/issues/detail?id=12364):
Add support for going to a specific line number in the inline editor.
* Add prolog predicate to determine number of parents.
The new predicate `commit_parent_count` can be used to detect merge
commits.
* Add `NamedFluentLogger`.
`NamedFluentLogger` is an extension to Flogger that allows to create
a logger with a given name rather than the name of the enclosing class.
* [Issue 12444](https://bugs.chromium.org/p/gerrit/issues/detail?id=12444):
Add support for `max_result_window` in Elasticsearch index configuration.
* Add a Code Coverage layer and plugin API in the PolyGerrit UI.
See [Chromium issue 939904](https://bugs.chromium.org/p/chromium/issues/detail?id=939904)
for details.
* Library Upgrades
* Upgrade gitiles-servlet and blame-cache to 0.2-12
* Upgrade jackson-core to 2.10.3
* Upgrade Jetty to 9.4.24.v20191120, including a fix for supporting IPv6.
* Upgrade rules_closure to forked version.
This fixes the "-parameters is not supported for target value 1.7. Use 1.8 or later."
warning when building. See [PR 478](https://github.com/bazelbuild/rules_closure/pull/478).
* Security Fixes
* [Issue 12440](https://bugs.chromium.org/p/gerrit/issues/detail?id=12440):
Fix the access-path for AbstractGitCommand subclasses.
The access path for the Receive.currentUser in the receive-pack command
was wrongly set to SSH_COMMAND instead of to GIT.
This allowed project owners to force-update a ref using git-over-SSH
without having en explicit permission for that.
* Bug Fixes
* Fix size explosion of `All-Users` caused by draft comment removal.
Modify draft comments generation so that, when removed, they to point to an
empty parent.
* [Issue 11772](https://bugs.chromium.org/p/gerrit/issues/detail?id=11772):
Cancel deprecation of change identifiers that was planned since 2.16.
Since 2.16 the documentation of change identifiers states that the
identifiers other than `<project>~<numericid>` are deprecated and will
be removed in a future release. Since then the identifiers have still
not been removed and there is no clear plan to do so.
It is likely that "deprecated" identifiers are still used in links in
places where they can't be updated, for example in emails and forum
posts. Due to this, and since continuing to support all of the types
does not add any technical burden, ESC decided that the deprecation
should be cancelled.
The `change.api.allowedIdentifier` configuration setting is now
obsolete and has been removed.
* [Issue 3340](https://bugs.chromium.org/p/gerrit/issues/detail?id=3340):
Fix internal server errors when setting project access permission with bad regex.
* Fix removal of stale metrics from the metrics registry.
* [Issue 12349](https://bugs.chromium.org/p/gerrit/issues/detail?id=12349):
Fix time attribute of file entries in plugin artifacts.
* Make assumption on number of query results explicit for change Id arguments.
When a change Id passed as argument was resolved to multiple changes,
the first returned change was arbitrarily used. Now an error will be raised
and logged.
* download-commands plugin: Set SSH default port to 22.
* Document dependency from account deactivator to autoUpdateAccountActiveStatus
and log a warning if the account deactivation task is configured but will not
be scheduled.
* Fix handling of ambiguous name in `visibleto` search predicate.
If the `visibleto` search predicate was used with a display name that
resolved to more than one account, the first account in the result was
arbitrarily used. Now, this case will result in an error.
* Fix a dependency injection runtime error in DeleteZombieDrafts program.
* [Issue 12473](https://bugs.chromium.org/p/gerrit/issues/detail?id=12473):
Fix broken links in Elasticsearch configuration documentation.
* PolyGerrit UI Fixes
* [Issue 4616](https://bugs.chromium.org/p/gerrit/issues/detail?id=4616):
Open commentlinks to changes on the same server in the same tab.
* [Issue 12031](https://bugs.chromium.org/p/gerrit/issues/detail?id=12031):
Fix issues with caching edited commit message.
* Remove `target=_self` from commentlinks.
* Replication Plugin Fixes
* Add method to push changes directly to given replica; intended to be used
by other plugins that extend the replication plugin.
* Check nulls in firePendingEvents at startup.
After a sudden reboot (for unknown reason) Gerrit at startup couldn't
load because of NullPointerException.
* Change default for the `replicateOnStartup` to false.
* Don't lose `ref-updated` events on plugin restart.
When a `ref-updated` event is received, persist the event in the directory
defined by the `replication.eventsDirectory`. When the updated ref is
replicated delete the persisted event.
* Packaging Fixes
* [Issue 12355](https://bugs.chromium.org/p/gerrit/issues/detail?id=12355):
Do not overwirte /etc/default/gerritcodereview upon upgrade.
* Other Fixes
* Fix various minor coding issues reported by Error Prone and Sonar Lint.
* Reduce log spam of 'Repository not found' stack traces.
* [Issue 11953](https://bugs.chromium.org/p/gerrit/issues/detail?id=11953):
Reduce log spam during tests by reducing the default log level to INFO.
The log level can now be explicitly set by the `GERRIT_LOG_LEVEL` system
variable.
The `LogThreshold` annotation is removed.
### 3.0.7
* New Features
* Include request description in HTTP thread names.
The HTTP worker threads had generic names like `HTTP-100`, `HTTP-101`,
etc. While we could conclude from the stack trace what this thread was
doing, we missed some important information like repository name, user name,
etc.
The HTTP threads now have descriptive names. For example, if there is an
ongoing git-fetch operation we will see a thread named like:
`HTTP POST /a/myProject/git-upload-pack (johndoe from 10.87.75.169)`.
This makes the naming consistent with SSHD threads, which are named like:
`SSH git-upload-pack /myProject (johndoe)`.
* New metrics for Jetty threadpool.
The new metrics are exposed under `http/server/jetty/*`.
* Utility program to delete zombie draft comment refs.
Deletion of draft comment refs was broken until 2.16.14, resulting in
draft comment refs not getting deleted properly. Although it has been fixed,
it's still possible that zombie refs exist from previous versions. The
new site program `DeleteZombieCommentsRefs` can be used to remove them.
* Highlight `WORKSPACE` and `BUILD.bazel` files as Python in the PolyGerrit UI.
* Breaking Changes
* The `MessageOfTheDay` extension point was removed.
The `MessageOfTheDay` functionality was not ported to the PolyGerrit-UI and
the `MessageOfTheDay` extension point was removed with the 3.0.7 release.
However, the JS API provides the `banner` entrypoint for plugins to add messages
to the UI. Plugins that were previously using the `MessageOfTheDay` extension
point have to be adapted accordingly.
* Bug Fixes
* [Issue 12246](https://bugs.chromium.org/p/gerrit/issues/detail?id=12246):
Fix generation of duplicate `Change-Id`s when creating a new change via REST.
The `Change-Id` was computed from the commit content and the timestamp,
which resulted in the possibility for two changes to get the same `Change-Id`
when two empty changes were created by REST at the same time.
The `Change-Id` is now generated randomly.
* [Issue 12097](https://bugs.chromium.org/p/gerrit/issues/detail?id=12097):
Fix migration to NoteDb when orphan changes exist.
In the case where a change belonged to a repository that did not exist,
the migration failed.
* [Issue 9296](https://bugs.chromium.org/p/gerrit/issues/detail?id=9296):
Fix wrong diff of commit message between different patch sets of a merge commit.
* [Issue 7969](https://bugs.chromium.org/p/gerrit/issues/detail?id=7969):
Fix internal server error when diffing `MERGE_LIST` between different patch sets
of a merge commit.
* [Issue 10397](https://bugs.chromium.org/p/gerrit/issues/detail?id=10397):
Don't send notification email when publishing a change edit on a WIP change.
* [Issue 12243](https://bugs.chromium.org/p/gerrit/issues/detail?id=12243):
Fix unexpected deactivation of service user accounts.
* Fix editing name and email for service user accounts.
* Fix internal server error when a change edit includes an invalid file path.
Invalid file paths are now rejected as '400 Bad Request'.
* Don't check for conflicting refs when deleting a ref; improve performance of
migration to schema 167.
The migration to schema 167 involves deletion of refs. The performance was
poor for large installations (for example 30k user refs and 20k groups)
because the ref deletion implementation was doing an unnecessary check for
conflicting refs.
* Fix setting `_moreChanges` to the wrong value in change query REST results.
* Upgrade highlight-js to get various fixes in source code highlighting:
* fix(makefile) fix double relevance for assignments
* (xml) expand and improve document type highlighting
* fix(kotlin): fix termination of """ string literals
* (cpp) Add additional keywords
* Backslash is not used to escape in strings in standard SQL
* (javascript) fix jsx self-closing tag issues
* enh(ini) support arrays and much cleaner grammar
* (javascript) support jsx fragments
* PolyGerrit UI Fixes
* [Issue 11980](https://bugs.chromium.org/p/gerrit/issues/detail?id=11980):
Fix handling of LDAP groups containing a dot in the PolyGerrit permissions screen.
* [Issue 12197](https://bugs.chromium.org/p/gerrit/issues/detail?id=12197):
Fix rendering of commentlinks using `link`.
* Other Changes
* Upgrade jackson-core dependency to 2.10.2
* Improve logging when a metadata update fails.
* Update [external Ids documentation](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.7/config-accounts.html#external-ids)
with information on how to find the sha1 of an external Id and how to show the
corresponding change note.
### 3.0.6
* New Features
* Include thread name in the HTTPD and SSHD logs.
Having thread name in the HTTPD and SSHD logs makes it easier to match entries
from the error log. The error log entries already contain the thread name, so
with the thread name included in each entry in the HTTPD and SSHD logs, we have
more data to match an error to a request than just the timestamp.
* PolyGerrit UI Fixes
* [Issue 12067](https://bugs.chromium.org/p/gerrit/issues/detail?id=12067):
Fix blank screen after upgrading.
* Other Fixes
* [Issue 12070](https://bugs.chromium.org/p/gerrit/issues/detail?id=12070):
Fix internal server error on git over HTTP calls when SSHD is enabled.
Double cleanup of the request context caused an internal server error on
push or fetch via git over HTTP.
* Fix generation of SSH keys with empty passphrase.
The `-N` option of `ssh-keygen` was correctly used for generation of RSA keys,
but for other types `-P` was used.
* Extend documentation of external Ids to include examples of how to generate
the sha1 of an external Id and how to show the git note of the Id.
### 3.0.5
* New Features
* [Issue 11973](https://bugs.chromium.org/p/gerrit/issues/detail?id=11973):
Add copy-to-clipboard for generated HTTP password.
* Add support for doctag in PolyGerrit UI syntax highlighter.
* Add an event interface in the PolyGerrit API.
* Add support for Elasticsearch 7.5.
* Add documentation of how to perform backups of Gerrit.
* Breaking Changes
* The default and minimum value of `execution.defaultThreadPoolSize` is
increased to 2.
* PolyGerrit UI Fixes
* [Issue 11993](https://bugs.chromium.org/p/gerrit/issues/detail?id=11993):
Stop loading fonts from external resources.
* [Issue 11984](https://bugs.chromium.org/p/gerrit/issues/detail?id=11984):
Fix top menu bar on iOS.
* [Issue 8282](https://bugs.chromium.org/p/gerrit/issues/detail?id=8282):
Avoid browser caching for diff on edit patch.
* [Issue 9444](https://bugs.chromium.org/p/gerrit/issues/detail?id=9444):
Fix syntax highlighting for multi-char char constants.
* [Issue 12020](https://bugs.chromium.org/p/gerrit/issues/detail?id=12020):
Fix 'New Contributor Agreement' screen.
* Fix `gr-syntax-params` css class.
* Fix overflow of branch name in change list.
* Other Fixes
* [Issue 7645](https://bugs.chromium.org/p/gerrit/issues/detail?id=7645):
Fix thread deadlock when loading accounts from the account cache.
Replacing Guava caches with Caffeine reduces the chances of having the
deadlocks and improves the cache performance.
* [Issue 11918](https://bugs.chromium.org/p/gerrit/issues/detail?id=11918):
Fix internal server error when deleting a tag or branch by git push.
* [Issue 5082](https://bugs.chromium.org/p/gerrit/issues/detail?id=5082):
Upgrade gitiles blame-cache to 0.2-11 to fix internal server error when getting
blame for file.
* [Issue 11650](https://bugs.chromium.org/p/gerrit/issues/detail?id=11650):
Fix reindexing of changes after project is deleted in the `delete-project` plugin.
* Disallow deleting the `refs/meta/config` branch via the 'Delete Branches'
REST API.
* Disallow deleting the `HEAD` ref via the 'Delete Branches' REST API.
* Allow empty base revision in the 'Create Branch' and 'Create Tag'
REST APIs.
* Fix deletion of draft comment refs.
In some situations, draft comment refs were not properly deleted
but left empty. This resulted in unused draft refs persisting in
the `All-Users` repository, polluting the namespace. Published draft
comments as well as deleted draft comments were kept in the history
of the draft ref, keeping them alive for GC, and causing a steady
increase of repository size.
* Use correct content type `text/plain` instead of `plain/text` in 'Create SSH Key'
REST API.
* Fix handling of interactive/batch users in the QoS filter.
For the git-over-http requests this filter didn't work properly because the
basic authentication happened later in the filter chain and at the moment when
the QoS filter was invoked the current user was not yet set.
* Add project name to headers of outgoing change emails.
* Fix and expand documentation of `ref-update` and `commit-received` hooks
in the hooks plugin.
* Upgrade jackson-core to 2.10.1.
### 3.0.4
* New features:
* Add a method on `ProjectConfig` to read from the repository.
Add a method that allows to read the config from the repository without
having to provide a `MetaDataUpdate` instance.
* New syntax highlighting files format supported.
Highlight handlebars, Jinja2, Jenkinsfile, Soy and VHDL formats;
associate cproj, xaml and svg as xml.
* New `getConfig()` method in the PolyGerrit Plugin RestApi interface.
Make the PolyGerrit RestApi interface to retrieve the server config and to cache it,
accessible to plugins.
* Add "readOnly" endpoint parameter to repo-config endpoint in PolyGerrit Plugin RestApi.
* PolyGerrit UI Fixes:
* Hide "HTTP Credentials" if auth is not `HTTP` or `HTTP_LDAP`.
* [Issue 11782](https://bugs.chromium.org/p/gerrit/issues/detail?id=11782):
Fix assignment of CSS style for CodeReview -1 labels within comments.
* [Issue 7083](https://bugs.chromium.org/p/gerrit/issues/detail?id=7083):
Stop query from executing if predicate is empty.
* [Issue 8513](https://bugs.chromium.org/p/gerrit/issues/detail?id=8513):
Add the SHA hash of each patchset in dropdown menu as it was in the old GWT UI.
* [Issue 11715](https://bugs.chromium.org/p/gerrit/issues/detail?id=11715):
Fix total additions/deletions counters when viewing diff against parent 1 on merge commit.
* [Issue 11682](https://bugs.chromium.org/p/gerrit/issues/detail?id=11682):
Fix some corner-cases in the diff view where the download file feature did not work for
added, renamed and deleted files.
* [Issue 10047](https://bugs.chromium.org/p/gerrit/issues/detail?id=10047):
Add shortcut to copy ssh-rsa public key.
* [Issue 7867](https://bugs.chromium.org/p/gerrit/issues/detail?id=7867):
Allow downloading a regular file from the patch set, from both base version
and specific patch set version. It is implemented as a dropdown.
* Elasticsearch Updates:
* Add support for Elasticsearch 7.4.
* Update elasticsearch-rest-client to 7.4.2.
* JGit Updates:
* Upgrade JGit to 5.3.6.201910020505-r.
This JGit version brings significant performance improvement in the case when
Gerrit loads all external-ids from NoteDb. This happens whenever the
external_ids_map cache gets invalidated or expires.
* Other fixes:
* Fix internal server error when non-existing base revision is given in input
to Cherry Pick Change REST API.
* Remove error log when user tried to delete current branch with the Delete Branch
REST API endpoint.
* Fix the response status code when an error occurred in the Delete Branch/Tag REST API
endpoint.
The endpoint returned "409 Conflict" but should return "500 Internal Server Error".
* Fix the response status code then an error occurred in the Update/Delete GPG Keys
REST API endpoint.
The endpoint returned "409 Conflict" but should return "500 Internal Server Error".
* [Issue 9001](https://bugs.chromium.org/p/gerrit/issues/detail?id=9001):
Fix external-id consistency checker e-mail validation.
Do not enforce emails on external IDs to be globally unique but allow the same e-mail
repeated multiple times as long as it associated to the same account id.
* Fix change message when automatically abandoning a change for a project
that has been deleted.
The change message and the message tag were inverted.
* Fix commit message subject when updating project description by REST API.
The tense of the commit message subject was inconsistent with other similar
messages.
* Fix commit timestamp when updating project configurations.
For some REST API operations that update the project configuration, the
commit that does the update on `refs/meta/config` had the wrong timestamp.
Rather than being the time of the actual commit, it was always the time
of the server startup.
This was the case for the following operations:
- Updating the description.
- Setting the parent project.
- Updating group names while getting access settings.
* Upgrade jackson-core to 2.10.0.
This version includes a fix for [CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384).
* Add more detailed debug logging when not sending an outgoing email.
There are several conditions that could cause sending of an outgoing
email to be skipped. These are now logged at debug level.
* Increase severity to error for logging of exceptions during site initialization.
* [Issue 4824](https://bugs.chromium.org/p/gerrit/issues/detail?id=4824):
Handle multiple `httpd.listenUrl` values.
Per the [documentation](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.4/config-gerrit.html#httpd.listenUrl),
multiple values are supported, but if multiple values were specified Gerrit
would fail to start.
* Do not overwrite `httpd.listenUrl` during init, until the input has been checked as valid.
Fix a bug where during the Gerrit init in interactive mode the input was
invalid for the HTTP daemon settings, but still written to the configuration file.
* Add `adder` in the `reviewer-added` event.
### 3.0.3
* Breaking Changes
* The `weblinksOnly` option is removed from the `Get Diff` REST API endpoint.
This option was only used by the GWT UI which has been removed. This is a
breaking change for any other clients that are using it.
* New Features
* [Issue 6029](https://bugs.chromium.org/p/gerrit/issues/detail?id=6029):
Add support for downloading binary files.
* [Issue 11205](https://bugs.chromium.org/p/gerrit/issues/detail?id=11205):
Allow Gerrit admins to reindex a change even when Read access is not allowed
on its target branch.
* Extend the [`addMenuLink` method](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.3/pg-plugin-admin-api.html#_addmenulink)
in the PolyGerrit plugin API to allow plugins to specify a capability that
users must have in order to view a top menu item provided by the plugin.
* Utility script `remove-notedb-refs.sh` which can be used to remove all refs
created for NoteDb in case of rollback to ReviewDb.
* [Issue 11356](https://bugs.chromium.org/p/gerrit/issues/detail?id=11356):
Allow to override auto-detected Lucene index configuration.
The new settings
[`index.name.maxMergeCount`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.3/config-gerrit.html#index.name.maxMergeCount),
[`index.name.maxThreadCount`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.3/config-gerrit.html#index.name.maxThreadCount) and
[`index.name.enableAutoIOThrottle`](http://gerrit-documentation.storage.googleapis.com/Documentation/3.0.3/config-gerrit.html#index.name.enableAutoIOThrottle)
allow to manually configure the Lucene index, rather than using auto-detected
values, to improve performance.
* PolyGerrit UI Fixes
* [Issue 10166](https://bugs.chromium.org/p/gerrit/issues/detail?id=10166):
Add shortcuts for dashboard and watched changes in PolyGerrit.
* [Issue 11592](https://bugs.chromium.org/p/gerrit/issues/detail?id=11592):
Replace `${project}` in a `foreach` query for project dashboards.
* [Issue 10047](https://bugs.chromium.org/p/gerrit/issues/detail?id=10047):
Add missing copy buttons for SSH and GPG keys.
* [Issue 11623](https://bugs.chromium.org/p/gerrit/issues/detail?id=11623):
Remove leftover handling of GWT's change edit identifiers.
* [Issue 11562](https://bugs.chromium.org/p/gerrit/issues/detail?id=11562):
Fix handling of the "Send feedback" conditional display.
* Fix regular expression in link text parsing.
* [Issue 11682](https://bugs.chromium.org/p/gerrit/issues/detail?id=11682):
Fix edge cases in the download dropdown.
- Fix support for file addition, deletion and rename.
- Fix left side content URL when diffing against non base revision, e.g. `2..3`.
* Various improvements of the UX with colors in dark theme.
See [issue 11224](https://bugs.chromium.org/p/gerrit/issues/detail?id=11224),
[issue 11213](https://bugs.chromium.org/p/gerrit/issues/detail?id=11213), and
[issue 11004](https://bugs.chromium.org/p/gerrit/issues/detail?id=11004).
* Upgrade highlight.js to get various syntax highlighting improvements.
- [Issue 11666](https://bugs.chromium.org/p/gerrit/issues/detail?id=11666):
Improved support for dart keywords.
- SVG is added as an alias to xml.js and highlighted as XML.
- JavaScript supports big number syntax now.
- cpp syntax highlighting improved.
- JSON gains support for highlighting comments.
- C++ gains more keywords.
- YAML improves matching keys.
* Elasticsearch Updates
* Add support for Elasticsearch 7.4.
* Update elasticsearch-rest-client to 7.4.0.
* Other Fixes
* Various fixes in the 'Create Change' REST API endpoint:
- Fix internal server error when creating a merge commit fails with
`NoMergeBaseException`.
- Reject creation of a merge commit on a non-existing branch.
- Fail with the correct error message when destination branch does not
exist.
- Fix internal server error when target branch does not exist and the
parent option is given.
- Fix internal server error when base commit does not exist.
* [Issue 11644](https://bugs.chromium.org/p/gerrit/issues/detail?id=11644):
Fix setting project description when creating a project by REST API and setting
plugin configs at the same time.
* [Issue 11374](https://bugs.chromium.org/p/gerrit/issues/detail?id=11374):
Fix handling of plugin capabilities on modification of child collections.
* Fix init to not overwrite `httpd.listenUrl` until the input has been validated.
* [Issue 11246](https://bugs.chromium.org/p/gerrit/issues/detail?id=11246):
Allow duplicate email addresses to be associated to the same user account.
* [Issue 11367](https://bugs.chromium.org/p/gerrit/issues/detail?id=11367):
Fix querying inactive user changes.
* [Issue 11491](https://bugs.chromium.org/p/gerrit/issues/detail?id=11491):
Fix git clone/fetch/pull over SSH in high-latency network ending with
`SSH_MSG_CHANNEL_WINDOW_ADJUST` error.
* [Issue 11442](https://bugs.chromium.org/p/gerrit/issues/detail?id=11442):
Fix push failing with internal server error sporadically when
`notedb.changes.read=True` is configured.
* [Issue 11444](https://bugs.chromium.org/p/gerrit/issues/detail?id=11444):
Fix the wrong progress output during online migration in error_log and use
the correct charset conversion.
* Fix change message when automatically abandoning a change for a project
that has been deleted.
The change message and the message tag were inverted.
* [Issue 11137](https://bugs.chromium.org/p/gerrit/issues/detail?id=11137):
Remove the `gerrit.reportBugText` configuration option.
This option was only used in GWT, which has been removed.
* Upgrade JGit to 5.3.5.201909031855-r.
This version includes a fix for racy atomic ref updates.
* Replication Plugin Fixes
* [Issue 11145](https://bugs.chromium.org/p/gerrit/issues/detail?id=11145):
Drain replication queue before stopping the plugin.
* [Issue 11424](https://bugs.chromium.org/p/gerrit/issues/detail?id=11424):
Fix ReplicationTasksStorage exceptions in error_log when triggering replication
of all refs.
* [Issue 11573](https://bugs.chromium.org/p/gerrit/issues/detail?id=11573):
Fix dropping events during plugin restart.
* Singleusergroup Plugin Fixes
* [Issue 11498](https://bugs.chromium.org/p/gerrit/issues/detail?id=11498):
Fix group resolution for all numeric usernames.
### 3.0.2
* **Breaking Changes**
* Increase default number of SSHD threads to at least 4.
The default value of the `sshd.threads` setting is changed to be either two
times the number of available CPU cores, or 4, whichever is greater.
* [Issue 11216](https://bugs.chromium.org/p/gerrit/issues/detail?id=11216):
Remove hard-coded bug tracker URL and use configured value if present.
* New Features
* [Issue 11201](https://bugs.chromium.org/p/gerrit/issues/detail?id=11201):
Add ability to have custom label with a missing text value in PolyGerrit
* Add a PolyGerrit extension point to show a small banner next to the search bar.
A plugin or a site theme (gerrit-theme.html) may register a custom
Element to be inserted into this endpoint.
* Expose Gerrit's GWT client library in the plugin API
* [Issue 5791](https://bugs.chromium.org/p/gerrit/issues/detail?id=5791):
Add an extension point to allow setting a site banner.
* Add an extension point to allow custom site footers.
* Extend QuotaBackend and QuotaEnforcer extension points.
* Introduce repository size quota enforcer.
Introduce "/repository:size" quota group that gets examined
when commits get pushed to the repository.
* [Issue 11028](https://bugs.chromium.org/p/gerrit/issues/detail?id=11028):
Add support for "Link Another Identity" screen in PolyGerrit
* CommitApi: Add method to get commit info
* Allow to set content type in the PolyGerrit plugin REST API interface
* Add `changeCleanup.cleanupAccountPatchReview` configuration parameter to
wipe out AccountPatchReview data when change gets auto-abandoned.
* Elasticsearch Updates
* [Issue 11266](https://bugs.chromium.org/p/gerrit/issues/detail?id=11266):
Add support for Elasticsearch 6.8.
* [Issue 11267](https://bugs.chromium.org/p/gerrit/issues/detail?id=11267):
Add support for Elasticsearch 7.3.
* Update elasticsearch-rest-client to 7.3.1.
* PolyGerrit UI Fixes
* [Issue 11350](https://bugs.chromium.org/p/gerrit/issues/detail?id=11350):
Upgrade highlight.js to latest master revision.
* [Issue 11096](https://bugs.chromium.org/p/gerrit/issues/detail?id=11096):
Fix page not opening after a couple of times switching between GWT and PolyGerrit UI.
* Fix dialog popup when going to /admin/create-project.
* Add support for /groups
* Redirect /groups/self to /settings/#Groups
* [Issue 10733](https://bugs.chromium.org/p/gerrit/issues/detail?id=10733):
Fix anchors not working at page load on settings page
* [Issue 10062](https://bugs.chromium.org/p/gerrit/issues/detail?id=10062):
Fix Polygerrit converting plus (+) to space when calling email.confirm API,
and then failing with "invalid token"
* [Issue 11344](https://bugs.chromium.org/p/gerrit/issues/detail?id=11344):
Fix commentlink URL and HTML links when canonical URL includes a base link.
* Other Fixes
* [Issue 11348](https://bugs.chromium.org/p/gerrit/issues/detail?id=11348):
Display on error_log the progress of the online migration from ReviewDb to NoteDb.
* [Issue 11235](https://bugs.chromium.org/p/gerrit/issues/detail?id=11235):
Fix ls-user-refs reporting wrong results because it was not using the identity of the username
given as parameter.
* [Issue 11222](https://bugs.chromium.org/p/gerrit/issues/detail?id=11222):
Skip receive.maxBatchCommits when skip-validation option is passed and a commit validator implements
shouldValidateAllCommits
* [Issue 11083](https://bugs.chromium.org/p/gerrit/issues/detail?id=11083):
Set the correct new revision on change-merged events when submitting by push.
When multiple changes are submitted at the same time by push, the new revision
in all the change-merged events should be the revision of the head of the
destination branch after all changes are submitted.
* Adapt `gerrit.sh` script to work on Alpine Linux.
* [Issue 10855](https://bugs.chromium.org/p/gerrit/issues/detail?id=10855):
Fix standalone GWT plugin builds failing because of a broken transitive load of GWT_PLUGIN_DEPS for in-tree plugin builds
* [Issue 11148](https://bugs.chromium.org/p/gerrit/issues/detail?id=11148):
Speedup online reindex migration by skipping evaluation of submit rules for closed changes.
* [Issue 11016](https://bugs.chromium.org/p/gerrit/issues/detail?id=11016):
Fix Gerrit slave site init leads to update failure on system_config caused by read-only transaction
* [Issue 11106](https://bugs.chromium.org/p/gerrit/issues/detail?id=11106):
Fix missing comment context for left side in email notifications.
* [Issue 11110](https://bugs.chromium.org/p/gerrit/issues/detail?id=11110):
Do not swallow the exceptions that caused REST-API to return with a status >= 400.
* [Issue 11086](https://bugs.chromium.org/p/gerrit/issues/detail?id=11086):
When a WIP change is implicitly merged by direct push to the branch, its WIP
state is unset.
* [Issue 11082](https://bugs.chromium.org/p/gerrit/issues/detail?id=11082):
Close changes oldest first when submitting on push.
* Submit: Fix wrong conflict resolution
* Add methods on the change API to get comments and draft comments as lists.
* Make DefaultChangeReportFormatter extendible by plugins.
* Add back the oneByExternalId method on InternalAccountQuery.
This was removed in 2.16 but is added back so it can be used by plugins
and extensions.
* Fix and expand documentation of REST API to get revision files
* Fix detecting changes of parent trees when computing change kind for merge
commit.
A new patch set of a merge change is considered as NO_CHANGE if the
commits have the same delta and trees. For merge commits this includes
comparing the trees of the parent commits.
* Reduce log spam of "setting reductionLimit" debug messages of the Prolog
engine.
* [Issue 11325](https://bugs.chromium.org/p/gerrit/issues/detail?id=11325):
Do not update change set modified date on ReviewDb when a user delete all its
draft changes.
* Fix rebase change REST API returned status code.
The rebase change REST API return 422 Unprocessable Entity, instead of 500
Internal Server Error, If the specified base change is missing
* Catch all exceptions for reporting on Schema_130 migration and display the
name of the project that failed the migration.
* [Issue 11271](https://bugs.chromium.org/p/gerrit/issues/detail?id=11271)
Update rules_go to 0.18.6 for compatibility with Bazel 0.27.0
* [Issue 11248](https://bugs.chromium.org/p/gerrit/issues/detail?id=11248):
Ensures that a newly added label in a parent project is available in the ACL
configuration of a child project.
* Replication Plugin Fixes
* [Issue 10852](https://bugs.chromium.org/p/gerrit/issues/detail?id=10852):
Fix stale replications caused by in-flight pushes not properly removed when failed.
* [Issue 11204](https://bugs.chromium.org/p/gerrit/issues/detail?id=11204):
Fix creation of missing repository when replicating to a Gerrit server over HTTP.
* [Issue 11175](https://bugs.chromium.org/p/gerrit/issues/detail?id=11175):
Introduce new ref-filtering extension point for preventing replication of outdated SHA1s,
mostly useful in a multi-site scenario to prevent split-brain.
* [Issue 11055](https://bugs.chromium.org/p/gerrit/issues/detail?id=11055):
Fix failure to start when re-triggering persisted events
* [Issue 11172](https://bugs.chromium.org/p/gerrit/issues/detail?id=11172):
Fix persisted event is removed before all replications to all nodes are completed.
* When replication plugin is stopped or reloaded, mark all the currently pending replications as cancelled.
* Allow to configure timeout for SSH connections and SSH commands.
The timeouts can be configured with `gerrit.sshConnectionTimeout` and
`gerrit.sshCommandTimeout`, respectively.
* Make more classes and fields public/protected to ease extensibility.
* Improve handling of remote repository creation failures.
* Reintroduce boolean return value of methods in AdminApi.
* Refactor AdminApiFactory to an interface with a default implementation that
gets bound as a dynamic item, which can be replaced by derived implementations.
* When rescheduling due to in-flight push also log the in-flight task ID.
* Hooks Plugin Fixes
* [Issue 10823](https://bugs.chromium.org/p/gerrit/issues/detail?id=10823):
Allow to configure the number of hook execution workers.
By setting `hooks.executorThreads` the number of workers can be configured.
If not set, it defaults to 1 which was the previously fixed value.
### 3.0.1
* Upgrade JGit to 5.3.1.201904271842-r.
* [Issue 10858](https://bugs.chromium.org/p/gerrit/issues/detail?id=10858):
Fix starting Gerrit under Tomcat 8.
* [Issue 10664](https://bugs.chromium.org/p/gerrit/issues/detail?id=10664):
Fix duplicate key detection in MySQL patch review database.
* [Issue 11016](https://bugs.chromium.org/p/gerrit/issues/detail?id=11016):
Fix failure to initialize on slave.
* [Issue 10763](https://bugs.chromium.org/p/gerrit/issues/detail?id=10763):
Fix ACLs to allow regexes for tag and ref permissions.
The documentation states that reference names can also be described with
a regular expression by prefixing the reference name with `^`, but the UI
only showed the creation field when a non-regex name was used.
* [Issue 11082](https://bugs.chromium.org/p/gerrit/issues/detail?id=11082):
Close changes oldest first when submitting on push.
* [Issue 11059](https://bugs.chromium.org/p/gerrit/issues/detail?id=11059):
Fix setting `BLOCK` on partial label range in permissions.
* [Issue 10790](https://bugs.chromium.org/p/gerrit/issues/detail?id=10790):
Avoid evaluating submit rules twice for open changes.
Prolog submit rules were evaluated twice per page view for an open change,
which caused performance degradation on projects defining complex rules.
* [Issue 10943](https://bugs.chromium.org/p/gerrit/issues/detail?id=10943):
Set `References:` header on new change notification mail.
GMail changed the way
[emails are grouped in conversation view](https://gsuiteupdates.googleblog.com/2019/03/threading-changes-in-gmail-conversation-view.html),
which, combined with the fact that
[Amazon SES changes the `Message-ID` header](https://forums.aws.amazon.com/message.jspa?messageID=262855),
resulted in the new change notification email not being grouped with
subsequent emails related to the same change.
* [Issue 10952](https://bugs.chromium.org/p/gerrit/issues/detail?id=10952):
Fix definition of `PID` in `gerrit.sh`.
* [Issue 10852](https://bugs.chromium.org/p/gerrit/issues/detail?id=10852):
Replication plugin: Fix scheduling starvation.
* [Issue 10896](https://bugs.chromium.org/p/gerrit/issues/detail?id=10896):
Fix eliding project name without slash in notification emails.
* [Issue 10359](https://bugs.chromium.org/p/gerrit/issues/detail?id=10359):
LDAP: support servers that do not allow anonymous browsing.
Add `ldap.supportAnonymous` configuration setting in gerrit.config to support
servers that do not allow anonymous browsing. Default is true per standard and
best practice.
* Show submit button with tooltip when not allowed to submit.
The submit button was hidden when the user did not have permission to submit,
or other conditions prevented submit (for example the change being WIP).
* Don't send "GPG keys added" notification when no GPG keys were added.
A GPG key update can include both addition and removal of GPG keys. The
notification email for addition of new keys was always sent, even if the
update only removed keys.
* Update email notifications on changing security related settings.
Email notifications are now sent when a GPG or SSH key is removed, and
when the HTTP password is deleted or changed.
An email notification is now always sent when an SSH key is added to an
account, even when it was added by an administrator.
These notifications allow to alert the user if their account is compromised
and keys or password are altered by the attacker.
* Remove explicit dependency on protobuf_java.
The protobuf_java library is now consumed from rules_closure.
* Improve performance of migration of accounts to schema 146.
* Migration of the accounts is parallelized. The default number of threads
used is the number of available processors. This can be customized using
the `threadcount` system property.
* Before the migration, `gc --prune=now` is executed.
* When hosted on `FileRepository`, refs are packed after migration of every
1000 accounts.
* A progress indicator counts every 100 accounts migrated.
* Allow commit validation listeners to ignore the `skip-validation` push option.
Gerrit allows certain users to skip validation of new commits by passing
the `skip-validation` push option.
A new method `shouldValidateAllCommits` is added on the
`CommitValidationListener`, to allow plugin implemented validators to
override this option and always be invoked for new commits. The new
method has a default implementation that returns `false` meaning that
existing implementations don't need to be modified and will behave the
same as before.
* Optimize commit and ref operation validation for non-ff push.
On a non-ff push all the commits were validated before the ref operation
was validated. On a push with many commits, validating all the commits is
wasteful in the case where the ref operation is rejected. The logic is
changed so that the ref operation validation is performed before the commit
validation.
* Disallow change index task duplication.
It was possible for multiple index tasks to be queued for the same change.
* Fix formatting issues and inconsistencies in soy email templates.
* Use URL Formatter interface to generate URL in outgoing emails.
* Fix error message when JRE is not found when starting Gerrit.
The error message recommended to check for a JRE ">= 1.7", but Gerrit requires
Java 8 minimum.
* Expose the `createProject` method of the `CreateProject` class to plugins.
This allows plugins to directly invoke the project creation, avoiding the
checks that are performed when invoking via the `apply` method.
* Expose the jsr305 library in the plugin API.
* Upgrade gitiles to 0.2-10.
Includes a fix for rendering of metalinks in the navigation bar.
* Elasticsearch Fixes
* [Issue 10499](https://bugs.chromium.org/p/gerrit/issues/detail?id=10499):
Set default number of shards according to Elasticsearch version.
In Elasticsearch version 7.0 the default number of shards was reduced from
5 to 1.
See the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-concepts.html#getting-started-shards-and-replicas)
for details.
* [Issue 10496](https://bugs.chromium.org/p/gerrit/issues/detail?id=10496) and
[Issue 10844](https://bugs.chromium.org/p/gerrit/issues/detail?id=10884):
Fix usage of `include_type_name` in index creation.
* Add support for Elasticsearch 7.1.
* Upgrade elasticsearch-rest-client to 7.1.1.
* PolyGerrit UI Fixes
* Only display 404 page on initial load.
* Don't reload when viewing dashboard.
* Fix hiding the HTTP password screen.
It was possible for the HTTP password to be un-hidden using CSS.
* Add an extension point to allow adding links to the user header.
* Documentation Updates
* [Issue 10897](https://bugs.chromium.org/p/gerrit/issues/detail?id=10897):
Update links to Google individual and corporate CLA pages.
* Clarify that account must have a username to be able to set HTTP password.
* Fix formatting in project config documentation.