Google Git
Sign in
gerrit / homepage / master / . / pages / site / releases / 2.12.md
blob: 7339130f32bd1e03418d77b6a6ea2d236558fbf0 [file] [log] [blame] [view]
---
title: "Gerrit 2.12 Release"
permalink: 2.12.html
hide_sidebar: true
hide_navtoggle: true
toc: true
---
Download: **[2.12.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.9.war)**
| [2.12.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.8.war)
| [2.12.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.7.war)
| [2.12.6](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.6.war)
| [2.12.5](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.5.war)
| [2.12.4](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.4.war)
| [2.12.3](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.3.war)
| [2.12.2](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.2.war)
| [2.12.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.1.war)
| [2.12](https://gerrit-releases.storage.googleapis.com/gerrit-2.12.war)
Documentation: **[2.12.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.9/index.html)**
| [2.12.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.8/index.html)
| [2.12.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.7/index.html)
| [2.12.6](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.6/index.html)
| [2.12.5](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.5/index.html)
| [2.12.4](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.4/index.html)
| [2.12.3](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.3/index.html)
| [2.12.2](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.2/index.html)
| [2.12.1](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12.1/index.html)
| [2.12](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/index.html)
## Release Highlights
* New change submission workflows: 'Submit Whole Topic' and 'Submitted Together'.
* Support for GPG Keys and signed pushes.
## Important Notes
### Schema Changes
This release contains schema changes. To upgrade:
``` sh
java -jar gerrit.war init -d site_path
```
#### ‘value too long’ error in schema migration
As described in [Issue 4323](https://bugs.chromium.org/p/gerrit/issues/detail?id=4323),
a ’value too long for type character varying(255)’ error can occur in the
patch_sets table when migrating to schema version 108.
This error may occur under some circumstances when running the schema
migration from an earlier version of Gerrit.
On sites where this occurs, it can be fixed with a manual schema update
according to the comments in the issue.
#### Manual schema upgrade when updating from 2.12 to 2.12.x
When upgrading a site that is already running version 2.12 to 2.12.x, the
`patch_sets` table must be manually migrated using the `gerrit gsql` SSH
command or the `gqsl` site program.
For the default H2 database, execute the command:
``` sql
alter table patch_sets modify push_certficate clob;
```
For MySQL, execute the command:
``` sql
alter table patch_sets modify push_certficate text;
```
For PostgreSQL, execute the command:
``` sql
alter table patch_sets alter column push_certficate type text;
```
For other database types, execute the appropriate equivalent command.
Note that the misspelled `push_certficate` is the actual name of the
column.
When upgrading from a version earlier than 2.12, this manual step is not
necessary and should be omitted.
### Online Reindexing
To use online reindexing when upgrading to 2.12.x, the server must
first be upgraded to 2.8 (or 2.9) and then through 2.10 and 2.11 to 2.12.x. If
reindexing will be done offline, you may ignore this warning and upgrade directly
to 2.12.x.
### Bouncy Castle Upgrade
When upgrading from version 2.8.4 or older with a site that uses
Bouncy Castle Crypto, new versions of the libraries will be downloaded. The old
libraries should be manually removed from site's `lib` folder to prevent the
startup failure described in [issue 3084](https://code.google.com/p/gerrit/issues/detail?id=3084).
### Solr Index Support
The Solr secondary index is no longer supported. With this release
the only supported secondary index is Lucene.
### `ref-updated` Event Format Change
The format of the `ref-updated` event has changed. Users of the
[Jenkins Gerrit Trigger plugin](https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger)
with jobs triggering on `ref-updated` should upgrade to at least
[version 2.15.1](https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger#GerritTrigger-Version2.15.1%28releasedSept142015%29).
If an upgrade of the plugin is not possible, a workaround is
to change the branch configuration to type `Path` with a pattern like
`refs/*/master` instead of `Plain` and `master`.
## New Features
### New Change Submission Workflows
* New 'Submit Whole Topic' setting.
When the
[`change.submitWholeTopic`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#change.submitWholeTopic)
setting is enabled, all changes belonging to the same
topic will be submitted at the same time.
This setting should be considered experimental, and is disabled by default.
* Submission of changes may include ancestors.
If a change is submitted that has submittable ancestor changes, those changes
will also be submitted.
* The merge queue is removed.
Changes that cannot be submitted due to missing dependencies will no longer
enter the 'Submitted, Merge Pending' state.
### GPG Keys and Signed Pushes
Signed push can be enabled by setting
[`receive.enableSignedPush`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.enableSignedPush)
to true. When a client pushes with `git push --signed`, Gerrit ensures that the push
certificate is valid and signed with a valid public key stored in the
`refs/meta/gpg-keys` branch of the `All-Users` repository.
When signed push is enabled, and
[`gerrit.editGpgKeys`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#gerrit.editGpgKeys)
is set to true, users may upload their public GPG
key via the REST API or UI. If this setting is not enabled, GPG keys may only be added by administrators
with direct access to the `All-Users` repository.
Administrators may also configure
[`receive.certNonceSeed`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.certNonceSeed)
and
[`receive.certNonceSlop`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#receive.certNonceSlop).
### Secondary Index
* [Issue 3333](http://code.google.com/p/gerrit/issues/detail?id=3333):
Support searching for changes by author and committer.
Changes are indexed by the git author and committer of the latest patch set,
and can be searched with the `author:` and `committer:` operators.
Changes are matched on either the exact whole email address, or on parts of the
name or email address.
* Add `from:` search operator to match by owner of change or author of comments.
* Add `commentby:` search operator to search by author of comments.
* Change the `topic:` search operator to search by the exact topic name.
* Add `intopic:` search operator to search by topics containing the search term.
* [Issue 3291](http://code.google.com/p/gerrit/issues/detail?id=3291):
Add `has:edit` search operator to match changes that have edit revisions on them.
* Allow configuration of maximum query size.
[`index.maxTerms`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#index.maxTerms)
can be set to limit the number of leaf index terms.
* Expose Lucene index writers for plugins.
Plugins can now reconfigure various Lucene performance related parameters
at runtime.
* Make Lucene index writers auto-commit writers.
Plugins can now temporarily turn on auto-committing in situations where it makes
sense to enforce all changes to be written to disk ASAP.
### UI
#### General
* Edit and diff preferences can be modified from the user preferences screen.
Previously it was only possible to edit these preferences from the actual
diff and edit screens.
* Add 'Edits' to the 'My' dashboard menu to list changes on which the user
has an unpublished edit revision.
* Support for URL aliases.
Administrators may define
[URL aliases](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#urlAlias)
to map plugin screens into the Gerrit URL namespace.
Plugins may use user-specific URL aliases to replace certain screens for certain
users.
#### Project Screen
* New tab to list the project's tags, similar to the branch list.
#### Inline Editor
* Store and load edit preferences in git.
Edit preferences are stored and loaded to/from the `All-Users` repository.
* Add 'auto close brackets' feature.
* Add 'match brackets' feature.
* Make the cursor blink rate customizable.
* Add support for Emacs and Vim key maps.
#### Change Screen
* [Issue 3318](http://code.google.com/p/gerrit/issues/detail?id=3318):
Highlight 'Reply' button if there are draft comments on any patch set.
If any patch set of the change has a draft comment by the current user,
the 'Reply' button is highlighted.
The icons depicting draft comments are removed from the revisions drop-down
list.
* [Issue 1100](http://code.google.com/p/gerrit/issues/detail?id=1100):
Publish all draft comments when replying to a change.
All draft comments, including those on older patch sets, are published when
replying to a change.
* Show file size increase/decrease for binary files.
* Show uploader if different from change owner.
* Show push certificate status.
* Show change subject as tooltip on related changes list.
This helps to identify changes when the subject is truncated in the list.
#### Side-By-Side Diff
* [Issue 3293](http://code.google.com/p/gerrit/issues/detail?id=3293):
Add syntax highlighting for Puppet.
* [Issue 3447](http://code.google.com/p/gerrit/issues/detail?id=3447):
Add syntax highlighting for VHDL.
#### Group Screen
* [Issue 1479](http://code.google.com/p/gerrit/issues/detail?id=1479): Group audit log.
The group screen now includes an 'Audit Log' panel showing member additions,
removals, and the user who made the change.
### API
Several new APIs are added.
#### Accounts
* Suggest accounts.
#### Tags
* List tags.
* Get tag.
### REST API
New REST API endpoints and new options on existing endpoints.
#### Accounts
* [Set Username](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#set-username):
Set the username of an account.
* [Get Account Details](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#get-detail):
Get the details of an account.
In addition to the [AccountInfo](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#account-info)
fields returned by the existing
[Get Account endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-accounts.html#get-account),
the new REST endpoint returns the registration date of the account and the
timestamp of when contact information was filed for this account.
#### Changes
* [Set Review](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#set-review):
Add an option to omit duplicate comments.
* [Download Content](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#get-safe-content):
Download the content of a file from a certain revision, in a
safe format that poses no risk for inadvertent execution of untrusted code.
* [Get Submitted Together](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#submitted-together):
Get the list of all changes that will be submitted at
the same time as the change.
* [Issue 1100](http://code.google.com/p/gerrit/issues/detail?id=1100):
[Set Review](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-changes.html#set-review):
Add an option to publish draft comments on all revisions.
#### Config
* [Get Server Info](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-config.html#get-info):
Return information about the Gerrit server configuration.
* [Confirm Email](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-config.html#confirm-email):
Confirm that the user owns an email address.
#### Groups
* [List Groups](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-groups.html#list-group):
Add option to suggest groups, allowing group auto-completion to be used in a plugin's UI.
* [Get Audit Log](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-groups.html#get-audit-log):
Get the audit log of a Gerrit internal group, showing member
additions, removals, and the user who made the change.
#### Projects
* [Run GC](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-projects.html#run-gc):
Add `aggressive` option to specify whether or not to run an aggressive
garbage collection.
* [List Tags](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/rest-api-projects.html#list-tags):
Support filtering by substring and regex, and pagination with `--start` and `--end`.
### SSH
* Add support for ZLib Compression.
To enable compression use the
[`sshd.enableCompression` setting](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#sshd.enableCompression).
* Add support for hmac-sha2-256 and hmac-sha2-512 as MACs.
### Plugins
#### General
* Gerrit client can now pass JavaScriptObjects to extension panels.
* New UI extension point for header bar in change screen.
* New UI extension point to password screen.
* New UI extension points to project info screen.
* New UI extension point for pop down buttons on change screen.
* New UI extension point for buttons in header bar on change screen.
* New UI extension point at bottom of the user preferences screen.
* New UI extension point for the 'Included In' drop-down panel.
By implementing the
[Included In interface](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/dev-plugins.html#included-in),
plugins may add entries to the 'Included In' dropdown menu on the change screen.
* Plugins can extend Gerrit screens with GWT controls.
* Plugins can add custom settings screens.
* Referencing groups in `project.config`.
Plugins can refer to groups so that when they are renamed, the project
config will also be updated in this section.
* API
* Allow to use `CurrentSchemaVersion`.
* Allow to use `InternalChangeQuery.query()`.
* Allow to use `JdbcUtil.port()`.
* Allow to use GWTORM `Key` classes.
### Other
* [Issue 3401](http://code.google.com/p/gerrit/issues/detail?id=3401):
Add option to
[disable registration of new email addresses](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#sendemail.allowRegisterNewEmail).
* [Issue 2061](http://code.google.com/p/gerrit/issues/detail?id=2061):
Add Support for `git-upload-archive`.
This allows use the standard `git archive` command to create an archive
of the content of a repository.
* Add a background job to automatically abandon inactive changes.
The
[changeCleanup](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/config-gerrit.html#changeCleanup)
configuration can be set to periodically check for inactive changes and automatically abandon them.
* Add support for the
[DB2 database](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/database-setup.html#createdb_db2).
* [Issue 3441](http://code.google.com/p/gerrit/issues/detail?id=3441):
Add support for the
[Apache Derby database](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/database-setup.html#createdb_derby).
* Download commands plugin: Use commit IDs for download commands when change refs are hidden.
Git has a configuration option to hide refs from the initial advertisement
(`uploadpack.hideRefs`). This option can be used to hide the change refs from
the client. As consequence this prevented fetching changes by change ref from
working.
Setting `download.checkForHiddenChangeRefs` in the `gerrit.config` to true
allows the download commands plugin to check for hidden change refs.
* Add a new 'Maintain Server' global capability.
Members of a group with the 'Maintain Server' capability may view caches, tasks,
and queues, and invoke the index REST API on changes.
## Bugfixes
* Upgrade jsch to 0.1.53 to fix [CVE-2015-4000](https://nvd.nist.gov/vuln/detail/CVE-2015-4000):
Weak Diffie-Hellman vulnerability, AKA "Logjam".
The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS
connections to 512-bit export-grade cryptography. This allows the attacker to read
and modify any data passed over the connection.
On February 22, 2018, Github [removed support for weak cryptographic standards](https://githubengineering.com/crypto-removal-notice/).
As a result of this, replication to Github over SSH no longer works with
diffie-hellman-group1-sha1 or diffie-hellman-group14-sha1 SSH keys.
* [Issue 3499](http://code.google.com/p/gerrit/issues/detail?id=3499):
Fix syntax highlighting of raw string literals in go.
* [Issue 3643](http://code.google.com/p/gerrit/issues/detail?id=3643):
Fix syntax highlighting of ES6 string templating using backticks.
* [Issue 3653](http://code.google.com/p/gerrit/issues/detail?id=3653):
Correct timezone in sshd log after DST change.
When encountering a DST switch, the timezone wasn't updated until
the server was reloaded.
* [Issue 3306](http://code.google.com/p/gerrit/issues/detail?id=3306):
Allow admins to read, push and create on `refs/users/default`.
* [Issue 3212](http://code.google.com/p/gerrit/issues/detail?id=3212):
Fix failure to run `init` when `--site-path` option is not explicitly given.
* Make email validation case insensitive.
While [RFC 5321 section 2.3.11](https://tools.ietf.org/html/rfc5321#section-2.3.11)
allows for the local-part (the part left of the '@') of an email address to be case
sensitive, the domain portion is case insensitive according to
[RFC 1035 section 3.1](https://tools.ietf.org/html/rfc1035#section-3.1),
and in practice, even the local-part is typically case insensitive also.
* `commit-msg` hook: Don't add `Change-Id` line on temporary commits.
Commits created with `git commit --fixup` or `git commit --squash` are not
intended to be pushed to Gerrit, and don't need a `Change-Id` line.
This also prevents changes from being accidentally uploaded, at least for
projects that have the 'Require Change-Id' configuration enabled.
* [Issue 3444](http://code.google.com/p/gerrit/issues/detail?id=3444):
download-commands plugin: Fix clone with commit-msg hook when project name
contains '/'.
* Use full ref name in `refName` attribute of `ref-updated` events.
The [refUpdate attribute](https://gerrit-documentation.storage.googleapis.com/Documentation/2.12/json.html#refUpdate)
in `ref-updated` events did not include the full name
of the ref in the `refName` attribute, i.e. `master` was used instead of
`refs/heads/master`.
Support for the new format is added in
[version 2.15.1 of the Jenkins Gerrit Trigger plugin](https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger#GerritTrigger-Version2.15.1%28releasedSept142015%29).
Users who are unable to upgrade the plugin may instead change the
trigger's branch configuration to type `Path` with a pattern like
`refs/*/master` instead of `Plain` and `master`.
* [Issue 3714](https://code.google.com/p/gerrit/issues/detail?id=3714):
Improve visibility of comments on dark themes.
* Fix highlighting of search results and trailing whitespaces in intraline
diff chunks.
* Fix server error when listing annotated/signed tag that has no tagger info.
* Don't create new account when claimed OAuth identity is unknown.
The Claimed Identity feature was enabled to support old Google OpenID accounts,
that cannot be activated anymore. In some corner cases, when for example the URL
is not from the production Gerrit site, for example on a staging instance, the
OpenID identity may deviate from the original one. In case of mismatch, the lookup
of the user for the claimed identity would fail, causing a new account to be
created.
* Suggest to upgrade installed plugins per default during site initialization
to new Gerrit version.
The default was 'No' which resulted in some sites not upgrading core
plugins and running the wrong versions.
* [Issue 3698](https://code.google.com/p/gerrit/issues/detail?id=3698):
Fix creation of the administrator user on databases with pre-allocated
auto-increment column values.
When using a database configuration where auto-increment column values are
pre-allocated, it was possible that the 'Administrators' group was created
with an ID other than `1`. In this case, the created admin user was not added
to the correct group, and did not have the correct admin permissions.
* [Issue 3018](https://code.google.com/p/gerrit/issues/detail?id=3018):
Fix query for changes using a label with a group operator.
The `group` operator was being ignored when searching for changes with labels
because the search index does not contain group information.
* Fix online reindexing of changes that don't already exist in the index.
Changes are now always reloaded from the database during online reindex.
* Fix reading of plugin documentation.
Under some circumstances it was possible to fail with an IO error.
## Documentation Updates
* [Issue 412](https://code.google.com/p/gerrit/issues/detail?id=412):
Update documentation of `commentlink.match` regular expression to clarify
that the expression is applied to the rendered HTML.
* Remove warning about unstable change edit REST API endpoints.
These endpoints should be considered stable since version 2.11.
* Document that `ldap.groupBase` and `ldap.accountBase` are repeatable.
## Dependency Updates
* Upgrade Asciidoctor to 1.5.2
* Upgrade AutoValue to 1.1
* Upgrade Bouncy Castle to 1.52
* Upgrade CodeMirror to 5.7
* Upgrade gson to 2.3.1
* Upgrade guava to 19.0-RC2
* Upgrade gwtorm to 1.14-20-gec13fdc
* Upgrade H2 to 1.3.176
* Upgrade httpcomponents to 4.4.1
* Upgrade Jetty to 9.2.13.v20150730
* Upgrade JGit to 4.1.1.201511131810-r
* Upgrade joda-time to 2.8
* Upgrade JRuby to 1.7.18
* Upgrade jsch to 0.1.53 (upgraded to 0.1.54 in 2.12.8)
* Upgrade JUnit to 4.11
* Upgrade Lucene to 5.3.0
* Upgrade Prolog Cafe 1.4.1
* Upgrade servlet API to 8.0.24
* Upgrade Truth to version 0.27
## Bugfix Releases
### 2.12.9
* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
Fix validation of `wants` in `git-upload-pack` for protocol v0 stateless transports.
See the following section for details.
* Upgrade JGit to 4.5.5.201812240535-r.
This upgrade includes several versions since 4.1.2 used in Gerrit
version 2.12.8. Important fixes are summarized below. Please refer to the
corresponding JGit release notes for full details.
* [JGit 4.5.5](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.5):
* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
Fix validation of `wants` in `git-upload-pack` for protocol v0 stateless transports.
AdvertiseRefsHook was not called for `git-upload-pack` in protocol v0
stateless transports, meaning that `wants` were not validated and
a user could fetch anything that is pointed to by any ref (using fetch-by-sha1),
as long as they could guess the object name.
* [JGit 4.5.4](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.4):
* Fix LockFile semantics when running on NFS.
* Honor trustFolderStats also when reading packed-refs.
* [JGit 4.5.3](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.3):
* Fix exception handling for opening bitmap index files.
* [JGit 4.5.2](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2):
* Fix pack marked as corrupted even if it isn't.
* [JGit 4.5.1](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.2):
* Don't remove Pack when FileNotFoundException is transient.
### 2.12.8
* Upgrade jsch to 0.1.54 to fix [CVE-2016-5725](https://nvd.nist.gov/vuln/detail/CVE-2016-5725):
Directory traversal vulnerability.
Versions of jsch prior to 0.1.54 have a directory traversal vulnerability
on Windows. When the mode is `ChannelSftp.OVERWRITE`, it allows remote SFTP
servers to write to arbitrary files via a `..\` (dot dot backslash) in a
response to a recursive `GET` command.
For other fixes in jsch since 0.1.53, please refer to the
[jsch change log](http://www.jcraft.com/jsch/ChangeLog).
* [Issue 5759](https://bugs.chromium.org/p/gerrit/issues/detail?id=5759):
Fix `intopic:` search with regular expression.
* Fix database connection pool verification.
A broken connection could be returned from the connection pool and this
caused an internal server error when trying, for example, to read a change
from the database.
* Do not check visibility of parent when creating project.
A project can be visible to a user but not necessarily its parent. To
be consistent, a user with create-project permission should be able to
create a project with a parent that exists even if the parent is not
visible to the user.
* Fix merging a merge commit that refers to commits not submitted as changes.
* Update `commit-msg` hook to Add `Change-Id` line after `Depends-On:` footer.
### 2.12.7
* [Issue 4930](https://bugs.chromium.org/p/gerrit/issues/detail?id=4930)
Allow submit of merge commit of a branch that is not a change.
A regression introduced in 2.12.6 prevented a merge commit from being
submitted if it merges a branch that is not associated to a change.
* Avoid unnecessary group visibility checks in list-groups REST endpoint.
The list-groups REST API call checked group visibility even for those
groups which were filtered out. In a system with 10-20K of groups, this
could cause 30-60 seconds delay when checking if the current user can see
a group.
* Download Commands plugin: Fix HTTP clone command inconsistency.
When cloning a project using HTTP schema, the `/a` in the URL was added
only when choosing to clone without the commit hook. Now the URL is the
same in both cases.
### 2.12.6
* [Issue 4158](https://bugs.chromium.org/p/gerrit/issues/detail?id=4158):
Notice merged commits even if they appear on a different branch.
If a change was pushed to a topic branch, and then pushed to another
branch for review, merging it did not result in it appearing in the
repository.
* [Issue 4887](https://bugs.chromium.org/p/gerrit/issues/detail?id=4887):
Fix submission of multiple changes by cherry-pick.
When submitting multiple changes by cherry-pick, update the merge tip
for each change such that each subsequent change is cherry-picked onto
the updated tip of the target branch.
* [Issue 4647](https://bugs.chromium.org/p/gerrit/issues/detail?id=4647):
Fix copying text in Internet Explorer.
* Prevent double closing of repository when merging changes.
### 2.12.5
* New preference to enable line wrapping in diff screen and inline editor.
* Fix the diff and edit preference dialogs for smaller screens.
On smaller screens the options at the bottom of the dialogs would
get cut off, making it difficult to change them.
* [Issue 4521](https://bugs.chromium.org/p/gerrit/issues/detail?id=4521):
Fix internal server error during validation of email addresses.
When creating a new account or adding a new email address to an existing
account, the email validation crashed.
* Lucene stability improvements.
Each Lucene index is now written using a dedicated background thread. Lucene
threads may not be cancelled, to prevent interruptions while writing.
* Don't try to change username that is already set.
Since Gerrit version 2.1.4 it is not allowed to change the username once
it has been set, and attempting to do so results in an exception.
If `ldap.accountSshUserName` is set in the `gerrit.config` using
`${userPrincipalName.localPart}` to initialize the username from the user's
email address, and then the email address is changed, the username gets
resolved to something different and the account manager tried to change it.
As a result, an exception was raised and the user could no longer log in.
Instead of trying to change the username, a warning is logged.
* [Issue 4006](https://bugs.chromium.org/p/gerrit/issues/detail?id=4006):
Prevent search limit parameter from exceeding maximum integer value.
* Fix internal server error when generating task names.
* Print proper names for query tasks in the output of the `show-queue` command.
* Double-check change status when auto-abandoning changes.
It was possible that changes could be updated in the time between the query
results being returned and the change being abandoned.
### 2.12.4
* [Issue 4400](https://bugs.chromium.org/p/gerrit/issues/detail?id=4400):
Fix `AlreadyClosedException` in Lucene index.
If a Lucene indexing thread was interrupted by an SSH connection being
closed, this would also close file handles being used to read the index.
Lucene queries are now executed on background threads to isolate them
from SSH threads.
This may also reduce latency for user dashboards on a multi-core system as
each query for the different sections can now run on separate threads and
return results when ready.
* [Issue 4249](https://bugs.chromium.org/p/gerrit/issues/detail?id=4249):
Fix 'Duplicate stages not allowed' error during indexing.
* [Issue 4238](https://bugs.chromium.org/p/gerrit/issues/detail?id=4238):
Fix 'not found' error when browsing tree in gitweb.
The `refs/heads/` prefix was incorrectly being added to `HEAD`, causing a
'404 Not Found' error.
* Allow to read repositories that do not end with `.git`.
* [Issue 4262](https://bugs.chromium.org/p/gerrit/issues/detail?id=4262):
Fix GPG push certificate for first patch set of new changes.
The GPG certificate was not being set for the first patch set of new
changes.
* [Issue 4296](https://bugs.chromium.org/p/gerrit/issues/detail?id=4296):
Fix internal error when a query does not contain any token.
* [Issue 4241](https://bugs.chromium.org/p/gerrit/issues/detail?id=4241):
Fix 'Cannot format velocity template' error when sending notification emails.
* Fix `sshd.idleTimeout` setting being ignored.
The `sshd.idleTimeout` setting was not being correctly set on the SSHD
backend, causing idle sessions to not time out.
* [Issue 4324](https://bugs.chromium.org/p/gerrit/issues/detail?id=4324):
Set the correct uploader on new patch sets created via the inline editor.
* Log a warning instead of failing when invalid commentlinks are configured.
* [Issue 4136](https://bugs.chromium.org/p/gerrit/issues/detail?id=4136):
Fix support for `HEAD` requests in the REST API.
Sending a `HEAD` request failed with '404 Not Found'.
* Return proper error response when trying to confirm an email that is already
used by another user.
* [Issue 4318](https://bugs.chromium.org/p/gerrit/issues/detail?id=4318)
Fix 'Rebase if Necessary' merge strategy to prevent introducing a duplicate
commit when submitting a merge commit.
* [Issue 4332](https://bugs.chromium.org/p/gerrit/issues/detail?id=4332):
Allow `local` as a valid TLD for outgoing emails.
* Bypass hostname verification when `sendemail.sslVerify` is disabled.
* [Issue 4398](https://bugs.chromium.org/p/gerrit/issues/detail?id=4398):
Replication: Consider ref visibility when scheduling replication.
It was possible for refs to be replicated to remotes despite not being
visible to groups mentioned in the `authGroup` setting.
* [Issue 4036](https://bugs.chromium.org/p/gerrit/issues/detail?id=4036):
Fix hanging query when using `is:watched` without authentication.
### 2.12.3
* Fix SSL security issue in the SMTP email relay.
The hostname of the SSL socket was not verified. This made the read
from the socket insecure since without verifying the hostname it may
be [vulnerable to a man-in-the-middle attack](https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf).
* [Issue 3895](https://bugs.chromium.org/p/gerrit/issues/detail?id=3895):
Fix failure to submit with 'Rebase if Necessary' after changes were reordered
with interactive rebase.
* [Issue 4052](https://bugs.chromium.org/p/gerrit/issues/detail?id=4052):
Fix failure to start server after upgrade from version 2.9.4.
* [Issue 3891](https://bugs.chromium.org/p/gerrit/issues/detail?id=3891):
Fix query with `label:` operator and zero value.
* [Issue 4112](https://bugs.chromium.org/p/gerrit/issues/detail?id=4112):
Fix failure to submit changes caused by empty user edit ref.
* [Issue 4087](https://bugs.chromium.org/p/gerrit/issues/detail?id=4087):
Fix failure to submit change when a branch is created on the change ref.
* [Issue 4155](https://bugs.chromium.org/p/gerrit/issues/detail?id=4155):
Fix tags REST API to correctly return all tags.
* [Issue 4154](https://bugs.chromium.org/p/gerrit/issues/detail?id=4154):
Add support for `.team` and several more TLDs in email address validation.
Update commons-validator to 1.5.1.
* [Issue 4163](https://bugs.chromium.org/p/gerrit/issues/detail?id=4163):
Prevent removal of non-voting reviewers on submit of change.
* [Issue 2647](https://bugs.chromium.org/p/gerrit/issues/detail?id=2647):
Fix usage of `CTRL-C` on change screen.
* [Issue 4236](https://bugs.chromium.org/p/gerrit/issues/detail?id=4236):
Fix internal error when pushing an amended commit with the `%edit` option.
* [Issue 3426](https://bugs.chromium.org/p/gerrit/issues/detail?id=3426):
Fix pushing changes with `%base` option or `newChangeForAllNotInTarget` option.
* Show 'Submitted Together' tab for changes with same topic.
* Improve submit button tooltip messages shown when change is not submittable.
* Fix firing of the `topic-changed` hook.
* Remove `--dry-run` option from the `Reindex` site program.
The implementation of the option was removed, but the option was mistakenly
added back to the command and did not actually work.
* Print proper task names in the output of the `show-queues` command.
* Replication plugin: Double check if a ref is missing locally before deleting
from remote.
* Show an error message when trying to add a non-existent group to an ACL.
### 2.12.2
* Upgrade Apache commons-collections to version 3.2.2.
Includes a fix for a [remote code execution exploit](https://issues.apache.org/jira/browse/COLLECTIONS-5800).
* [Issue 3919](https://code.google.com/p/gerrit/issues/detail?id=3919):
Explicitly set parent project to 'All-Projects' when a project is created
without giving the parent.
* Don't add message twice on abandon or restore via ssh review command.
When abandoning or reviewing a change via the ssh `review` command, and
providing a message with the `--message` option, the message was added to
the change twice.
* Clear the input box after cancelling add reviewer action.
When the action was cancelled, the content of the input box was still
there when opening it again.
* Fix internal server error when aborting ssh command.
* [Issue 3969](https://code.google.com/p/gerrit/issues/detail?id=3969):
Fix internal server error when submitting a change with 'Rebase If Necessary'
strategy.
### 2.12.1
#### General
* Fix column type for signed push certificates.
The column type `VARCHAR(255)` was too small, preventing some PGP push
certificates from being stored.
* Add the `DRAFT_COMMENTS` option to the list changes REST API endpoint
and mark it as deprecated.
It was removed in version 2.12 because it's not needed any more by the UI,
but this caused failures for clients that still use it.
Now it is added back, although it does not do anything and is marked as
deprecated.
* [Issue 3669](https://code.google.com/p/gerrit/issues/detail?id=3669):
Fix schema migration when migrating to 2.12.x directly from a version
earlier than 2.11.
* [Issue 3733](https://code.google.com/p/gerrit/issues/detail?id=3733):
Correctly detect symlinked log directory on startup.
If `$site_path/logs` was a symlink, the server would not start.
* [Issue 3871](https://code.google.com/p/gerrit/issues/detail?id=3871):
Throw an explicit exception when failing to load a change from the database.
If a change could not be loaded from the database, for example if it was
manually removed from the changes table but references to it were remaining
in other tables, a null change was returned which would then lead to an
'Internal Server Error' that was difficult to track down. Now an error is
raised earlier which will help administrators to find the root cause.
* [Issue 3743](https://code.google.com/p/gerrit/issues/detail?id=3743):
Use submitter identity as committer when using 'Rebase if Necessary' merge
strategy.
When submitting a change that required rebase, the committer was being
set to 'Gerrit Code Review' instead of the name of the submitter.
* [Issue 3758](https://code.google.com/p/gerrit/issues/detail?id=3758):
Fix serving of static resources when deployed in application container.
When deployed in a container, for example Tomcat, it was not possible to
load the UI because static content could not be loaded from the WAR file.
* [Issue 3790](https://code.google.com/p/gerrit/issues/detail?id=3790):
Fix documentation link when deployed in application container.
When deployed in a container, for example Tomcat, the 'Documentation' menu
was missing.
* [Issue 3786](https://code.google.com/p/gerrit/issues/detail?id=3786):
Fix SQL statement syntax in schema migration.
An extra semicolon was preventing migration from 2.11.x to 2.12 when using
an Oracle database.
* Send email using email queue instead of the default queue.
Some emails sent asynchronously were already being sent using that queue
but some were not. This was confusing for a gerrit administrator because
if there is a build up of `send-email` tasks in the queue, he would
think that increasing `sendemail.threadPoolSize` would help but it did not
because some of the email were sent using the default queue which is
configurable using `execution.defaultThreadPoolSize`.
* Fix XSRF token cookie to honor `auth.cookieSecure` setting.
* [Issue 3767](https://code.google.com/p/gerrit/issues/detail?id=3767):
Fix replication of first patch set for new changes.
When new changes were pushed from the command line, the first patch
set did not get replicated to destinations.
* [Issue 3771](https://code.google.com/p/gerrit/issues/detail?id=3771):
Remove `index.defaultMaxClauseCount` configuration option.
When `index.maxTerms` was either not set (thus no limit) or set to a value
higher than `index.defaultMaxClauseCount` it was possible that viewing the
related changes tab could cause a 'Too many clauses' error for changes that
have a lot of related changes.
The `index.defaultMaxClauseCount` configuration option is removed, and the
existing `index.maxTerms` is reused. The default value of `index.maxTerms`
is reduced from 'no limit' to 1024.
* [Issue 3919](https://code.google.com/p/gerrit/issues/detail?id=3919):
Explicitly set parent project to 'All-Projects' when a project is created
without giving the parent.
* [Issue 3948](https://code.google.com/p/gerrit/issues/detail?id=3948):
Fix submit of project parent updates on `refs/meta/config`.
When submitting a change on `refs/meta/config` to update a project's parent,
the error 'The change must be submitted by a Gerrit administrator' was being
displayed even when the submitter was an admin. The submit was successful
when clicking 'Submit' a second time.
* [Issue 3811](https://code.google.com/p/gerrit/issues/detail?id=3811):
Fix submittability of merge commits that resolve merge conflicts.
If a series of changes contained a change that conflicted with the destination
branch, but the conflict was solved by a merge commit at the tip of the
series, the series was not submittable.
* [Issue 3883](https://code.google.com/p/gerrit/issues/detail?id=3883):
Respect the `core.commentchar` setting from `.gitconfig` in `commit-msg` hook.
#### UI
* [Issue 3894](https://code.google.com/p/gerrit/issues/detail?id=3894):
Fix display of 'Related changes' after change is rebased in web UI:
* [Issue 3071](https://code.google.com/p/gerrit/issues/detail?id=3071):
Fix display of submodule differences in side-by-side view.
* [Issue 3718](https://code.google.com/p/gerrit/issues/detail?id=3718):
Hide avatar images when no avatars are available.
The UI was showing a transparent empty image with a border.
* [Issue 3731](https://code.google.com/p/gerrit/issues/detail?id=3731):
Fix syntax higlighting of tcl files.
* [Issue 3863](https://code.google.com/p/gerrit/issues/detail?id=3863):
Fix display of active row marker in tag list.
Clicking on one of the rows would cause the tag name to disappear.
* [Issue 1207](https://code.google.com/p/gerrit/issues/detail?id=1207):
Fix keyboard shortcuts for non-US keyboards on side-by-side diff screen.
The forward/backward navigation keys `[` and `]` only worked on keyboards where
these characters could be typed without using any modifier key (like CTRL, ALT,
etc..).
Note that the problem still exists on the unified diff screen.
* Improve tooltip on 'Submit' button when 'Submit whole topic' is enabled
and the topic can't be submitted due to some changes not being ready.
#### Plugins
* [Issue 3821](https://code.google.com/p/gerrit/issues/detail?id=3821):
Fix repeated reloading of plugins when running on OpenJDK 8.
OpenJDK 8 uses nanotime precision for file modification time on systems that
are POSIX 2008 compatible. This leads to precision incompatibility when
comparing the plugin's JAR file timestamp, resulting in the plugin being
reloaded every minute.
* [Issue 3741](https://code.google.com/p/gerrit/issues/detail?id=3741):
Fix handling of merge validation exceptions emitted by plugins.
If a plugin raised an exception, it was reported to the user as 'Change is
new', rather than 'Missing dependency'.
* Allow plugins to get the caller in merge validation requests.
Plugins that implement the `MergeValidationListener` interface now get the
caller (the user who initiated the merge) in the `onPreMerge` method.
Existing plugins that implement this interface must be adapted to the new
method signature.
* [Issue 3892](https://code.google.com/p/gerrit/issues/detail?id=3892):
Allow plugins to suggest reviewers based on either change or project
resources.
#### Documentation
* Update documentation of `commentlink` to reflect changed search URL.
* Add missing documentation of valid `database.type` values.
#### Upgrades
* Upgrade JGit to 4.1.2.201602141800-r.