Google Git
Sign in
gerrit / homepage / master / . / pages / site / releases / 2.13.md
blob: 911e1f4773cc4846e807cbab29ebc5a87f73d02e [file] [log] [blame] [view]
---
title: "Gerrit 2.13 Release"
permalink: 2.13.html
hide_sidebar: true
hide_navtoggle: true
toc: true
---
Download: **[2.13.14](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.14.war)**
| [2.13.13](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.13.war)
| [2.13.12](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.12.war)
| [2.13.11](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.11.war)
| [2.13.10](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.10.war)
| [2.13.9](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.9.war)
| [2.13.8](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.8.war)
| [2.13.7](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.7.war)
| [2.13.6](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.6.war)
| [2.13.5](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.5.war)
| [2.13.4](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.4.war)
| [2.13.3](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.3.war)
| [2.13.2](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.2.war)
| [2.13.1](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.1.war)
| [2.13](https://gerrit-releases.storage.googleapis.com/gerrit-2.13.war)
Documentation: **[2.13.14](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.14/index.html)**
| [2.13.13](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.13/index.html)
| [2.13.12](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.12/index.html)
| [2.13.11](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.11/index.html)
| [2.13.10](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.10/index.html)
| [2.13.9](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.9/index.html)
| [2.13.8](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.8/index.html)
| [2.13.7](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.7/index.html)
| [2.13.6](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.6/index.html)
| [2.13.5](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.5/index.html)
| [2.13.4](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.4/index.html)
| [2.13.3](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.3/index.html)
| [2.13.2](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.2/index.html)
| [2.13.1](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.1/index.html)
| [2.13](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/index.html)
## Release Highlights
* Suport for multiple database backends for "reviewed" flags (from 2.13.8)
* Support for Large File Storage (LFS)
* Metrics interface
* Hooks plugin
* Secondary index for accounts
* File annotations (blame) in side-by-side diff
## Important Notes
### Schema Changes
This release contains schema changes. To upgrade:
``` sh
java -jar gerrit.war init -d site_path
```
### HTTPS TLS1.1 support discontinued by Maven Central.
As of June 18th 2018, Maven Central
[discontinued support for TLS v1.1 and below](https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/).
When initializing a new site with Java 7, this causes download of third
party dependencies such as the MySQL connector to fail. It is therefore
necessary to explicitly enable TLS v1.2 on the invocation of java:
``` sh
java -Dhttps.protocols=TLSv1.2 gerrit.war init -d site_path
```
This does not affect Java 8, which enables TLS v1.2 by default.
### Workaround for deprecated/removed Bower repository.
In October 2017, Bower
[removed the repository used for binary distributions](https://twitter.com/bower/status/918073147789889536),
which causes clean builds of Gerrit to fail.
To workaround this problem, either cherry-pick
[this commit](https://gerrit-review.googlesource.com/c/gerrit/+/188097), or
add a `.bowerrc` file to the source root directory with the following content:
``` json
{
"registry": "https://registry.bower.io"
}
```
### Manual Schema Update for Reviewed Flags
Sites that have already upgraded to version 2.13 may want to migrate from the
default H2 database to MySQL or PostgreSQL. This can be done using the
[MigrateAccountPatchReviewDb](http://gerrit-documentation.storage.googleapis.com/Documentation/2.13.8/pgm-MigrateAccountPatchReviewDb.html)
program.
Sites that have already upgrade to version 2.13 before 2.13.8 need to manually
migrate the reviewed flags database to change the `file_name` column length.
After stopping Gerrit, enter the H2 console:
``` sh
java -jar /path/to/h2.jar -url jdbc:h2:path/to/review_site/db/account_patch_reviews
```
and then execute the following statement:
``` sql
ALTER TABLE account_patch_reviews ALTER COLUMN file_name VARCHAR(4096) DEFAULT '' NOT NULL
```
Depending on the number of rows, this operation may take some time. For
example, one million rows may take up to 1 minute.
### Online Reindexing
To use online reindexing for the `changes` secondary index when upgrading
to 2.13.x, the server must first be upgraded to 2.8 (or 2.9) and then through
2.10, 2.11 and 2.12. Skipping a version will prevent the online reindexer from
working.
Gerrit 2.13 introduces a new secondary index for accounts, and this must be
indexed offline before starting Gerrit:
``` sh
java -jar gerrit.war reindex --index accounts -d site_path
```
If reindexing will be done offline, you may ignore these warnings and upgrade
directly to 2.13.x using the following command that will reindex both `changes`
and `accounts` secondary indexes:
``` sh
java -jar gerrit.war reindex -d site_path
```
### Hooks Plugin
The server side hooks functionality is moved to a core plugin. Sites
that make use of server side hooks must install this plugin during site init.
## New Features
### Large File Storage (LFS)
Gerrit provides an [extension point](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/dev-plugins.html#lfs-extension)
that enables development of plugins implementing the
[LFS protocol](https://github.com/github/git-lfs/blob/master/docs/api/v1/http-v1-batch.md).
By setting
[`lfs.plugin`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#lfs.plugin)
the administrator can configure the name of the plugin which handles LFS requests.
### Access control for git submodule subscriptions
To prevent potential security breaches as described in
[issue 3311](https://bugs.chromium.org/p/gerrit/issues/detail?id=3311), it is now
only possible for a project to subscribe to a submodule if the submodule
explicitly allows itself to be subscribed.
Please see the
[submodules user guide](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-submodules.html)
for details.
Note that when upgrading from an earlier version of Gerrit, permissions for
any existing subscriptions will be automatically added during the database
schema migration.
### Metrics
Metrics about Gerrit's internal state can be sent to external
monitoring systems.
Plugins can provide implementations of the metrics interface to
report metrics to different monitoring systems. The following
plugins are available:
* [JMX](https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-jmx)
* [Graphite](https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-graphite)
* [Elasticsearch](https://gerrit-review.googlesource.com/#/admin/projects/plugins/metrics-reporter-elasticsearch)
Plugins can also provide their own metrics.
See the
[metrics documentation](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/metrics.html)
for further details.
### Hooks
Server side hooks are moved to the
[hooks plugin](https://gerrit-review.googlesource.com/#/admin/projects/plugins/hooks).
Sites that make use of server side hooks should install this
plugin. After installing the plugin, no additional configuration is needed.
The plugin uses the same configuration settings in `gerrit.config`.
### Secondary Index
* The secondary index now supports indexing of accounts.
The
[reindex program](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/pgm-reindex.html)
by default reindexes all changes and accounts. A new
option allows to explicitly specify whether to reindex changes or accounts.
The `suggest.fullTextSearch`, `suggest.fullTextSearchMaxMatches` and
`suggest.fullTextSearchRefresh` configuration options are removed. Full text
search is supported by default with the account secondary index.
* New ssh command to
[reindex changes](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/cmd-index-changes.html).
### User Interface
* The UI can now be loaded in an iFrame by enabling
[`gerrit.canLoadInIFrame`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#gerrit.canLoadInIFrame)
in the site configuration.
#### Change Screen
* [Issue 106](https://bugs.chromium.org/p/gerrit/issues/detail?id=106):
Allow to select merge commit's parent for diff base in change screen.
* [Issue 3035](https://bugs.chromium.org/p/gerrit/issues/detail?id=3035):
Allow to remove specific votes from a change, while leaving the reviewer on the
change.
* [Issue 3487](https://bugs.chromium.org/p/gerrit/issues/detail?id=3487):
Use 'Ctrl-Alt-e' instead of 'e' to open edit mode.
#### Diff Screens
* Add all syntax highlighting available in CodeMirror.
* Improve search experience in diff screen.
Ctrl-F, Ctrl-G and Shift-Ctrl-G now bind to the search dialog box provided by
CodeMirror's search add-on. Enter and Shift-Enter navigate among the search
results from the CodeMirror search, just like they do in a normal browser
search. Esc now clears the search result.
If the user sets `Render` to `Slow` in the diff preferences and the file is less
than 4000 lines (huge), then Ctrl-F, Ctrl-G and Shift-Ctrl-G fall back to the
browser search.
* [Issue 2968](https://bugs.chromium.org/p/gerrit/issues/detail?id=2968):
Allow to go back to change list by keyboard shortcut from diff screens.
* Blame annotations.
By enabling
[`change.allowBlame`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#change.allowBlame),
blame annotations can be shown in the side-by-side diff
screen gutter.
#### User Preferences
* [Issue 989](https://bugs.chromium.org/p/gerrit/issues/detail?id=989):
New option to control email notifications.
Users can now choose between 'Enabled', 'Disabled' and 'CC Me on Comments I Write'.
* New option to control adding 'Signed-off-by' footer in commit message of new changes
created online.
* New option to control auto-indent width in inline editor.
* [Issue 890](https://bugs.chromium.org/p/gerrit/issues/detail?id=890):
New diff option to control whether to skip unchanged files when navigating to
the previous or the next file.
### Changes
In order to avoid potentially confusing behavior, when submitting changes in a
batch, submit type rules may not be used to mix submit types on a single branch,
and trying to submit such a batch will fail.
### REST API
#### Accounts
* [Issue 3766](https://bugs.chromium.org/p/gerrit/issues/detail?id=3766):
Allow users with the
['ModifyAccount' capability](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/access-control.html#capability_modifyAccount)
to get the preferences for other users via the
[Get User Preferences endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-user-preferences).
* Rename 'Suggest Account' to
['Query Account'](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#query-account)
and add support for arbitrary account queries.
The `_more_accounts` flag is set on the last result when there are more results
than the limit. The `DETAILS` and `ALL_EMAILS` options may be set to control
whether the results should include details (full name, email, username, avatars)
and all emails, respectively.
* New endpoint:
[Get Watched Projects](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-watched-projects).
* New endpoint:
[Set Watched Projects](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#set-watched-projects).
* New endpoint:
[Delete Watched Projects](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#delete-watched-projects).
* New endpoint:
[Get Star Labels from Change](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-stars).
* New endpoint:
[Update Star Labels on Change](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#set-stars).
* New endpoint:
[Get OAuth Access Token](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#get-oauth-token).
* New endpoint:
[List Contributor Agreements](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#list-contributor-agreements).
* New endpoint:
[Sign Contributor Agreement](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-accounts.html#sign-contributor-agreement).
#### Changes
* [Issue 3579](https://bugs.chromium.org/p/gerrit/issues/detail?id=3579):
Append submitted info to ChangeInfo.
* New endpoint:
[Move Change](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-changes.html#move-change).
#### Groups
* Add `-s` as an alias for `--suggest` on the
[Suggest Group endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-groups.html#suggest-group).
#### Projects
* Add `async` option to the
[Run GC endpoint](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#run-gc)
to allow garbage collection to run asynchronously.
* New endpoint:
[List Access Rights](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#get-access).
* New endpoint:
[Add, Update and Delete Access Rights](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#set-access).
* New endpoint:
[Create Tag](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#create-tag).
* New endpoint:
[Get Mergeable Information](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/rest-api-projects.html#get-mergeable-info).
### Plugins
* Secure settings
Plugins may now store secure settings in `etc/$PLUGIN.secure.config` where they
will be decoded by the Secure Store implementation.
* Exported dependencies
Gson is now an exported dependency. Plugins no longer need to explicitly add
a dependency on it.
### Misc
* New project option to reject implicit merge commits.
The 'Reject Implicit Merges' option can be enabled to prevent non-merge commits
from implicitly bringing unwanted changes into a branch. This can happen for
example when a commit is made based on one branch but is mistakenly pushed to
another, for example based on `refs/heads/master` but pushed to `refs/for/stable`.
* New
[Add Patch Set capability](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/access-control.html#category_add_patch_set)
to control who is allowed to upload a new patch set to an existing change.
* [Issue 4015](https://bugs.chromium.org/p/gerrit/issues/detail?id=4015):
Allow setting a
[comment message](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-upload.html#message)
when uploading a change.
* Allow to specify
[who should be notified by email](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/user-upload.html#notify)
when uploading a change.
* [Issue 3220](https://bugs.chromium.org/p/gerrit/issues/detail?id=3220):
Append approval info to every comment-added stream event and hook.
* The `administrateServer` capability can be assigned to groups by setting
[`capability.administrateServer`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#capability.administrateServer)
in the site configuration.
Configuring this option can be a useful fail-safe to recover a server in the
event an administrator removed all groups from the `administrateServer`
capability, or to ensure that specific groups always have administration
capabilities.
* New configuration options to configure JGit repository cache parameters.
[core.repositoryCacheCleanupDelay](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#core.repositoryCacheCleanupDelay)
and [core.repositoryCacheExpireAfter](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#core.repositoryCacheExpireAfter)
can be configured.
* Accept `-b` as an alias of `--batch` in the
[init program](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/pgm-init.html).
## Bugfixes
* Don't add the same SSH key multiple times.
If an already existing SSH key was added, a duplicate entry was added to the
list of user's SSH keys.
* Respect the 'Require a valid contributor agreement to upload' setting
when creating changes via the UI.
If a user had not signed a CLA, it was still possible for them to create a new
change with the 'Revert' or 'Cherry Pick' button.
* Make Lucene index more stable when being interrupted.
* Don't show the `start` and `idle` columns in the `show-connections`
output when the ssh backend is NIO2.
The NIO2 backend doesn't provide the start and idle times, and the
values being displayed were just dummy values. Now these values are
only displayed for the MINA backend.
* [Issue 6965](https://bugs.chromium.org/p/gerrit/issues/detail?id=6965):
Fix 'missing tree' on repos where `git prune` has been run.
* [Issue 4150](https://bugs.chromium.org/p/gerrit/issues/detail?id=4150):
Deleting a draft inline comment no longer causes the change's `Updated` field to
be bumped.
* [Issue 4099](https://bugs.chromium.org/p/gerrit/issues/detail?id=4099):
Fix SubmitWholeTopic does not update subscriptions.
* [Issue 3603](https://bugs.chromium.org/p/gerrit/issues/detail?id=3603):
Fix editing a submodule via inline edit.
* [Issue 4069](https://bugs.chromium.org/p/gerrit/issues/detail?id=4069):
Fix highlights in scrollbar overview ruler not moved when extending the
displayed area.
* [Issue 3446](https://bugs.chromium.org/p/gerrit/issues/detail?id=3446):
Respect the `Skip Deleted` diff preference.
* [Issue 3445](https://bugs.chromium.org/p/gerrit/issues/detail?id=3445):
Respect the `Skip Uncommented` diff preference.
* [Issue 4051](https://bugs.chromium.org/p/gerrit/issues/detail?id=4051):
Fix empty `From` email header.
* [Issue 3423](https://bugs.chromium.org/p/gerrit/issues/detail?id=3423):
Fix intraline diff for added spaces.
* [Issue 1867](https://bugs.chromium.org/p/gerrit/issues/detail?id=1867):
Remove `no changes made` error case when the only difference between a new
commit and the previous patch set of the change is the committer.
* [Issue 3831](https://bugs.chromium.org/p/gerrit/issues/detail?id=3831):
Prevent creating groups with the same name as a system group.
* [Issue 3754](https://bugs.chromium.org/p/gerrit/issues/detail?id=3754):
Fix `View All Accounts` permission to allow accounts REST endpoint to access
email info.
* Make `gitweb.type` default to `disabled` when not explicitly set.
Previously the behavior was not documented and it would default to type
`gitweb`. In cases where there was no gitweb config at all, this would
result in broken links due to `null` being used as the URL.
* [Issue 4488](https://bugs.chromium.org/p/gerrit/issues/detail?id=4488):
Improve error message when `Change-Id` line is missing in commit message.
The error message now includes the sha1 of the commit, so that it is
easier to track down which commit failed validation when multiple commits
are pushed at the same time.
* Don't check mergeability of draft changes.
Draft changes can be deleted but not abandoned so there is no way for
an administrator to get rid of the them on behalf of the users. This can
become a problem when there many draft changes because the mergeability
check can be costly.
The mergeability check is no longer done for draft changes, but will be
done when the draft change is published.
* Fix internal server error when plugin-provided file history weblink
is null.
It is valid for a plugin to provide a null weblink, but doing so resulted
in an internal server error.
## Dependency Updates
* Add dependency on blame-cache 0.1-9
* Add dependency on guava-retrying 2.0.0
* Add dependency on jsr305 3.0.1
* Add dependency on metrics-core 3.1.2
* Upgrade auto-value to 1.3-rc1
* Upgrade commons-net to 3.5
* Upgrade CodeMirror to 5.17.0
* Upgrade Guava to 19.0
* Upgrade Gson to 2.7
* Upgrade Guice to 4.1.0
* Upgrade gwtjsonrpc to 1.9
* Upgrade gwtorm to 1.15
* Upgrade javassist to 3.20.0-GA
* Upgrade Jetty to 9.2.14.v20151106
* Upgrade JGit to 4.5.0.201609210915-r
* Upgrade joda-convert to 1.8.1
* Upgrade joda-time to 2.9.4
* Upgrade Lucene to 5.5.0
* Upgrade mina to 2.0.10
* Upgrade sshd-core to 1.2.0
## Bugfix Releases
### 2.13.14
* **WARNING:** with this release Gerrit requires Java 8.
Gerrit now requires Java Runtime Environment (JRE) version 8. It is no longer
possible to run Gerrit on JRE 7.
Official support for Java 7 was
[discontinued in April 2015](https://www.java.com/en/download/faq/java_7.xml).
* [Issue 10695](https://bugs.chromium.org/p/gerrit/issues/detail?id=10695):
Upgrade JGit to 4.5.7.201904151645-r to fix regression in packfile list
handling.
If `core.trustfolderstat` was set to `false`, an infinite loop could occur
when an object was not found in the packfile.
* Upgrade SSHD to 1.4 and mina core to 2.0.16.
These versions move to Java 8 and fix several bugs.
### 2.13.13
* [Issue 10562](https://bugs.chromium.org/p/gerrit/issues/detail?id=10562):
Upgrade JGit to 4.5.6.201903121547-r to fix corruption of packfile
list due to concurrent access during GC.
See [JGit issue 544199](https://bugs.eclipse.org/bugs/show_bug.cgi?id=544199)
for details.
### 2.13.12
* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
Fix validation of `wants` in `git-upload-pack` for protocol v0 stateless transports.
See the following section for details.
* Upgrade JGit to 4.5.5.201812240535-r.
This upgrade includes several versions since 4.5.2 used in Gerrit
version 2.13.11. Important fixes are summarized below. Please refer to the
corresponding JGit release notes for full details.
* [JGit 4.5.5](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.5):
* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
Fix validation of `wants` in `git-upload-pack` for protocol v0 stateless transports.
AdvertiseRefsHook was not called for `git-upload-pack` in protocol v0
stateless transports, meaning that `wants` were not validated and
a user could fetch anything that is pointed to by any ref (using fetch-by-sha1),
as long as they could guess the object name.
* [JGit 4.5.4](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.4):
* Fix LockFile semantics when running on NFS.
* Honor trustFolderStats also when reading packed-refs.
* [JGit 4.5.3](https://projects.eclipse.org/projects/technology.jgit/releases/4.5.3):
* Fix exception handling for opening bitmap index files.
### 2.13.11
* Upgrade jsch to 0.1.54 to fix [CVE-2016-5725](https://nvd.nist.gov/vuln/detail/CVE-2016-5725):
Directory traversal vulnerability.
Versions of jsch prior to 0.1.54 have a directory traversal vulnerability
on Windows. When the mode is `ChannelSftp.OVERWRITE`, it allows remote SFTP
servers to write to arbitrary files via a `..\` (dot dot backslash) in a
response to a recursive `GET` command.
For other fixes in jsch since 0.1.53, please refer to the
[jsch change log](http://www.jcraft.com/jsch/ChangeLog).
* Fix null pointer exception in event dispatcher when event contains a null account
attribute.
The account attribute can be null for example in the `change-abandoned` event
generated for changes abandoned by Gerrit's auto cleanup.
### 2.13.10
* [Issue 7425](https://bugs.chromium.org/p/gerrit/issues/detail?id=7425):
Add `sshd.waitTimeout` configuration to set `WAIT_FOR_SPACE_TIMEOUT`.
In sshd a new channel property,
[channel-output-wait-for-space-timeout](https://issues.apache.org/jira/browse/SSHD-565),
was introduced with a default value of 30 seconds.
This was not being set, causing any clone operations lasting longer
than 30 seconds to fail.
Administrators may now increase this value by setting
[`sshd.waitTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.13.10/config-gerrit.html#sshd.waitTimeout).
* [Issue 8279](https://bugs.chromium.org/p/gerrit/issues/detail?id=8279):
Always check for `Change-Id` in subject line during commit validation:
A commit with an empty commit message except for a `Change-Id` line in
the subject was only rejected if "Require Change-Id" was enabled.
* [Issue 8280](https://bugs.chromium.org/p/gerrit/issues/detail?id=8280):
Fix validation of `Change-Id` line when creating changes from the UI:
When a change was created via the UI (or via the REST API), the `Change-Id`
footer line was not validated. This resulted in it being possible to
create a change with an invalid `Change-Id`.
* [Issue 8284](https://bugs.chromium.org/p/gerrit/issues/detail?id=8284):
Fix unnecessary addition of `Change-Id` to changes created from the UI:
When a change was created via the UI (or via the REST API), a `Change-Id`
line was added without first checking if one already existed.
* [Issue 8299](https://bugs.chromium.org/p/gerrit/issues/detail?id=8299):
Fix insertion of `Signed-off-by` line after existing footer lines in changes
created from the UI.
When a change was created via the UI (or via the REST API) and the
commit message included a `Change-Id` line or any other footer line,
the `Signed-off-by` footer was appended to the end of the last footer
instead of on a new line.
* Fix parsing of permissions when expanding parameters.
* Keep old timestamps during data migration.
In some cases the "created on" field was updated to the time of the migration
when replacing the "Submitted" state with "New".
* Don't use account index to look up external IDs when authenticating with
OAuth or OpenID.
The account index is not available on slaves, causing authentication
with OAuth and OpenID to fail.
* Replication plugin: Fix replication retries when `maxRetries` is set to 0.
### 2.13.9
* [Issue 6176](https://bugs.chromium.org/p/gerrit/issues/detail?id=6176):
Fix internal server error when old patch set is not found.
* [Issue 6605](https://bugs.chromium.org/p/gerrit/issues/detail?id=6605):
Fix searching for change by Change-Id triplet when project name matches Change-Id pattern.
For projects whose name matched the Change-Id pattern, i.e. named something
like `iabcde`, it was not possible to search for changes using the Change-Id
triplet `project~branch~changeId`.
* [Issue 3345](https://bugs.chromium.org/p/gerrit/issues/detail?id=3345):
Preserve line endings in inline editor.
When a file with Windows line endings was edited all the line ending
characters were replaced by Unix style line endings.
* Fix line wrapping in inline editor.
The line wrapping preference was respected for the diff screens, but not
for the inline editor.
* Fix cyclic dependency when using `site_path` from `system_config` table.
The starting mode where `site_path` is not specified (as a system property)
and Gerrit first connects to the database using the ReviewDb JNDI property
from the servlet container was broken since version 2.13 due to a cyclic
dependency in Guice bindings.
* Extend upload validation interface to allow listening to negotiation start.
This can be used to check rate limits for fetch requests. Rate limits
should be checked before git transport negotation starts to avoid
unnecessary work in case the limit is already reached.
* Allow to set Jetty HTTPD socket timeout.
A new setting [`httpd.idleTimeout`](http://gerrit-documentation.storage.googleapis.com/Documentation/2.13.9/config-gerrit.html#httpd.idleTimeout)
makes the Jetty HTTPD socket timeout configurable so to tailor the socket
and thread consumption to the needs of setups with different latencies and
bandwidth.
* Add metrics for reviewer suggestion.
The metrics `reviewer_suggestion/query_accounts` and `reviewer_suggestion/query_groups`
record the latency of querying accounts and groups for reviewer suggestion.
### 2.13.8
* Improvements in "reviewed" flags cache
* [Issue 5906](https://bugs.chromium.org/p/gerrit/issues/detail?id=5906):
Fix performance regression.
* Fix SQL statements used to clear "reviewed" flags.
The SQL statements were using `+` rather than `=` which resulted in
more entries than expected being deleted.
* Fix `file_name` column length.
* Upgrade JGit to 4.5.2.201704071617-r.
This includes more fixes for handling of invalid packfiles. See
[JGit bug 514170](https://bugs.eclipse.org/bugs/show_bug.cgi?id=514170)
for details.
* [Issue 5817](https://bugs.chromium.org/p/gerrit/issues/detail?id=5817):
Be more consistent about object ids used in ref operation validation.
The `ReceiveCommand` passed to `RefOperationValidationListener` did not
always have the old and new objectd Ids set, which could result in crashes
when dereferenced by plugins.
* Fix potential server error when extracting footer lines from commits.
* Fix merging a merge commit that refers to commits not submitted as changes.
* Fix redundant notifications on change screen.
* Allow project owner to use set-project ssh command.
REST API and UI allow project owner to change the project settings so
inconsistency is fixed by allowing the same in the ssh command.
* Add an `account indexed` extension point.
Similar to the existing `change indexed` extension point, this allows plugins
to be notified when an account has been indexed.
### 2.13.7
* Prevent circular module dependency when running in external container.
Since 2.13 it was not possible to run Gerrit in an external container
due to circular dependency between the database module and the note DB
migration module.
This is fixed, but the site path must be explicitly set in a system
property: `-Dgerrit.site_path=/path/to/gerrit`.
* Use submitter's identity for merge commit in Rebase if Necessary.
When a merge commit was not fast-forward, gerrit created a "merge of merge"
commit with its server identity instead of the submitter's identity.
* [Issue 4637](https://bugs.chromium.org/p/gerrit/issues/detail?id=4637):
Fix "Class not found" errors when running on IBM JDK.
The metrics module had a dependency on com.sun internal classes that
are not available in the JRE from other providers such as IBM, resulting
in ClassNotFound exceptions when initializing the CPU usage metric.
* [Issue 5689](https://bugs.chromium.org/p/gerrit/issues/detail?id=5689):
Fix internal server error when directory in git root is inaccessible.
If a directory in the site's git root was not accessible, an internal
server error prevented the list of projects from being populated.
* [Issue 5652](https://bugs.chromium.org/p/gerrit/issues/detail?id=5652):
reviewnotes plugin: Fix export of review notes.
* [Issue 5190](https://bugs.chromium.org/p/gerrit/issues/detail?id=5190):
Fix email notifications when adding new reviewers.
* [Issue 5055](https://bugs.chromium.org/p/gerrit/issues/detail?id=5055):
Fix cache eviction order when linking new external IDs.
* [Issue 5727](https://bugs.chromium.org/p/gerrit/issues/detail?id=5727):
Fix failure to start when JVM does not support CPU and file descripto metrics.
* Allow to continue reindex despite failures.
If indexing a change failed for some reason, indexing would be stopped
and remaining changes would not be indexed. Now an error message will
be displayed and indexing will continue.
* Allow user with "Maintain Server" permission to find all changes.
Allowing users delegated to maintain the server to find non-visible
changes in the CLI allows them to perform ad-hoc indexing.
* Fix deletion of the last file from config branch.
If the last file was deleted from the config branch, the file was not
actually deleted and the original content was kept. For example this
occurred when deleting all project watches when the `watch.config` file
was the only file on the branch.
* Support at-sign (`@`) in usernames.
Some federated identity systems, such as [Shibboleth](https://shibboleth.net/),
use login names including the at-sign.
* Enable systemd socket activation.
By setting
[`httpd.inheritChannel`](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13/config-gerrit.html#httpd.inheritchannel)
to true, the server can be socket activated by `systemd` or `xinetd`.
* Be more consistent about object ids used in ref operation validation.
In some cases the new and old Ids were not set, which could cause null
pointer exceptions in ref operation validations listeners trying to
dereference them.
* Upgrade JGit to 4.5.1.201703201650-r.
Among other bug fixes, this version includes a fix for packfile list
inconsistency in memory due to temporary lack of system resources during
read, which caused transient "file not found" errors.
### 2.13.6
* Allow Git LFS to authenticate via SSH.
LFS plugins can now provide an implementation of `git-lfs-authenticate`
which allows the Git LFS client to use the SSH protocol to either obtain
the LFS endpoint URL or authorize the following LFS upload/download
operation.
* Allow Git LFS to authenticate via HTTP.
Git LFS requests include the authorization as HTTP Basic but
this was ignored and the user was treated as anonymous.
* Don't require Add Patch Set permission for submit by rebase.
When the submit strategy was Rebase If Necessary and
a rebase was needed for the submit, the submit failed if the user
didn't have the Add Patch Set permission. However for submitting a
change the Submit permission alone should be sufficient.
The behavior is now consistent with the Cherry-Pick submit strategy
which also doesn't require the Add Patch Set permission if a
cherry-pick is done on submit.
* Add a [passwd program](https://gerrit-documentation.storage.googleapis.com/Documentation/2.13.6/pgm-passwd.html)
to set values in the `secure.config` file when a secure store implementation
is used.
* Allow plugins to define their own prefix for metrics reporting.
By setting `plugin.name.metricsPrefix` plugins can set the root
name under which their metrics are reported.
* Allow HTTP password when using LDAP and basic authentication.
It was not possible to use HTTP password to validate git over
HTTP and REST API requests if LDAP was used along with HTTP basic
authentication.
* Allow callers to define notify handling when adding reviewers to a
change by REST API.
* [Issue 4563](https://bugs.chromium.org/p/gerrit/issues/detail?id=4563):
Only send one email when reviewers are added to a change in bulk.
* [Issue 5237](https://bugs.chromium.org/p/gerrit/issues/detail?id=5237):
Don't truncate long lines in diff screens.
* [Issue 5298](https://bugs.chromium.org/p/gerrit/issues/detail?id=5298):
Fix history token in Groups screen's "Members" tab.
* Fix garbled text with Unicode display names obtained from HTTP headers.
* Make error message for rejecting Egit placeholder Change-Id consistent.
* Fix naming and prompt message for password entry in init steps.
* Fix Gitweb review link generation.
* Hooks plugin: emit metrics for hook execution latency, count, and errors.
* Submodule fixes
* Don't use fast-forward to update submodule subscription when superproject
has a merge submit strategy.
* Fix sorting of subscribed branches in submodule update.
* Fix handling of submodule config entries.
* Fix ordering of projects in submodule update.
### 2.13.5
* [Issue 5200](https://bugs.chromium.org/p/gerrit/issues/detail?id=5200):
Ensure that indexes are closed properly on shutdown.
The indexes were not closed on shutdown, which caused data to be lost
due to not being flushed to disk.
* Enable the 'Delete Edit' button for merged changes.
If a merged change has an edit revision, it should still be possible
to delete the edit.
* Do not check visibility of parent project when creating a new project.
A project can be visible to a user but not necessarily its parent. To
be consistent, a user with create-project permission should be able to
create a project with a parent that exists even if the parent is not
visible to the user.
* Fix 'Can't insert change/patch set' error when prior patch set has no
parent, but next patch set has 1 parent.
* [Issue 5179](https://bugs.chromium.org/p/gerrit/issues/detail?id=5179):
Make startup timeout configurable.
By setting `container.startupTimeout` it is possible to configure the
maximum time to wait for the `gerrit.sh start` command to run a new
Gerrit daemon successfully.
* [Issue 4715](https://bugs.chromium.org/p/gerrit/issues/detail?id=4715):
Add missing reviewers visibility check for suggestions from account index.
* Fix Gitweb HTTP URL generation.
The generated Gitweb URL contained an invalid 'p' character, and did
not require authentication for projects not visible to anonymous users.
### 2.13.4
* [Issue 5090](https://bugs.chromium.org/p/gerrit/issues/detail?id=5090):
Fix overwriting of another user's account external Id.
* [Issue 4909](https://bugs.chromium.org/p/gerrit/issues/detail?id=4909):
Fix broken Gitweb weblink for config history on project access page.
* [Issue 4908](https://bugs.chromium.org/p/gerrit/issues/detail?id=4908):
Add back support for parent revision weblinks.
Support for weblinks for the parent revision(s) was removed in 2.13 but
this functionality is still wanted by some users. Support is added back,
by allowing plugins to provide a specific link for parent revisions. For
the built-in Gitweb links, the link template provided by the `revision`
setting is used.
* Add DB connection pool verification.
There was no verification of the connection pool, so a broken connection
would result in an internal server error when trying to read a change
from the database.
* Add support for moving a change's destination branch with the SSH `review`
command.
Version 2.13 introduced the 'move change' REST endpoint, but support via ssh
was omitted.
* Add REST endpoint to reindex a single account.
The new endpoint is useful to manually reindex a single account that has
become stale in the index.
### 2.13.3
* [Issue 4633](https://bugs.chromium.org/p/gerrit/issues/detail?id=4633):
Filter out unrelated projects when getting project watches from index.
* [Issue 4848](https://bugs.chromium.org/p/gerrit/issues/detail?id=4848):
Upgrade Postgresql JDBC driver to 9.4.1211.jre7.
Older versions of Postgresql JDBC driver rely on finalize() methods in
order to avoid leaking unclosed database objects. Given finalize
methods are unpredictable (no guarantee about prompt execution, if at
all), in some high load environments this could lead to a memory leak
with millions of JDBC objects pending finalization.
* [Issue 4841](https://bugs.chromium.org/p/gerrit/issues/detail?id=4841):
Hooks plugin: Make sure `GIT_DIR` environment variable is set in `ref-update`
hook.
* [Issue 4911](https://bugs.chromium.org/p/gerrit/issues/detail?id=4911):
Fix internal server error when providing an invalid Change-Id to the
index ssh command.
* [Issue 4643](https://bugs.chromium.org/p/gerrit/issues/detail?id=4643):
Strip newlines out of ssh public keys.
If an ssh public key contained newlines, each line was migrated to the
git backend as a separate key, each of which was considered invalid. Now,
newlines are stripped out. Note that this fix is not effective for sites
that have already been migrated to 2.13.x from an earlier version.
* Restore the `--format` option on the list plugins REST API endpoint.
Removing the `--format` option from the REST API had the side effect of
also removing it from the corresponding ssh command, which was a breaking
change for some users.
* Fix classpath collision with Servlet API for GWT plugins.
* Hooks plugin: Always return the output from the `ref-update` hook.
The output of the `ref-update` hook is now sent back to the client.
* Fix migration to schema version 127 on case-sensitive file systems.
* Fix internal server error when using `has:draft` search predicate.
* Fix internal server error caused by plugin returning null for
external included-in.
* Fix internal server error in `set-members` command when a group
to be added is not visible to the caller.
* Fix reindexing change by ssh command.
When reindexing a change by ssh, the change was loaded from the
index rather than from the database.
* Export prolog runtime in plugin API.
### 2.13.2
* Allow to delete caches if not empty when initializing site during upgrade.
Caches may be stale during upgrade, so the init program now offers to
delete them.
A new `--delete-caches` option is added to allow force delete of all
caches.
* [Issue 4797](https://bugs.chromium.org/p/gerrit/issues/detail?id=4797):
Fix internal server error in OAuth extension point when E-Mail is not set.
* [Issue 4784](https://bugs.chromium.org/p/gerrit/issues/detail?id=4784):
Allow to edit user name for OAuth providers that don't expose user names.
* [Issue 4627](https://bugs.chromium.org/p/gerrit/issues/detail?id=4627):
Fix internal server error in OAuth extension point when user name is not set.
* [Issue 4466](https://bugs.chromium.org/p/gerrit/issues/detail?id=4466):
Fix deadlock during Lucene index shutdown.
* Index account on account creation
This prevents creation of new accounts on every logout/login sequence.
* Add support for Microsoft Internet Explorer 10 and 11, and Microsoft Edge.
* [Issue 4630](https://bugs.chromium.org/p/gerrit/issues/detail?id=4630):
Fix server error when navigating up to change while 'Working' is displayed.
* [Issue 4631](https://bugs.chromium.org/p/gerrit/issues/detail?id=4631):
Read project watches from database.
Project watches were being read from the git backend by default, but the
migration to git is not yet completed.
* [Issue 4632](https://bugs.chromium.org/p/gerrit/issues/detail?id=4632):
Fix server error when deleting multiple SSH keys from the Web UI.
Attempting to delete multiple keys in parallel resulted in a lock failure
when removing the keys from the git backend.
* [Issue 4645](https://bugs.chromium.org/p/gerrit/issues/detail?id=4645):
Fix malformed account suggestions.
If the query contained several query terms and one of the query terms was
a substring of 'strong', the suggestion was malformed.
* Hooks plugin: Fix incorrect value passed to `--change-url` parameter.
The URL was being generated using the change's Change-Id rather than the
change number.
* Replication plugin: Fix Guava ProvisionException when replicating from slave.
* Check for CLA when creating project config changes from the web UI.
If contributor agreements were enabled and required for a project, and
the user had not signed a CLA, it was still possible to upload changes
for review on `refs/meta/config` by making changes in the project access
editor and pressing 'Save for Review'.
* Fix server errors in 'Set Access' and 'Get Access' REST enpoints.
* Stability improvements in event dispatch mechanism.
### 2.13.1
* [Issue 4618](https://bugs.chromium.org/p/gerrit/issues/detail?id=4618):
Fix internal server error after online reindexing completed.
* Fix internal server error when cloning from slaves and not all refs are
visible.
* Fix JSON deserialization error causing stream event client to no longer receive
events.