diff --git a/ReleaseNotes/ReleaseNotes-2.0.12.txt b/ReleaseNotes/ReleaseNotes-2.0.12.txt index bc3d90dd8d..c82bab0f1b 100644 --- a/ReleaseNotes/ReleaseNotes-2.0.12.txt +++ b/ReleaseNotes/ReleaseNotes-2.0.12.txt @@ -110,7 +110,7 @@ Other Changes * Delete dead CSS bundle code * Always use NpTextBox or NpTextArea to prevent GlobalKe... * Detect cases where system_config has too many rows -* Remove unnecessary warning supressions +* Remove unnecessary warning suppressions * Remove dead code, these aren't used anymore * Fix warnings about potential serialization problems * Fix warning about debug code in OpenIdServiceImpl diff --git a/ReleaseNotes/ReleaseNotes-2.0.18.txt b/ReleaseNotes/ReleaseNotes-2.0.18.txt index 8c3e44b1fa..303690c9ff 100644 --- a/ReleaseNotes/ReleaseNotes-2.0.18.txt +++ b/ReleaseNotes/ReleaseNotes-2.0.18.txt @@ -117,7 +117,7 @@ Bug Fixes --------- * GERRIT-5 Remove PatchSetInfo from database and get it always fr... + -A very, very old bug. We no longer mirror the commit data into the SQL database, but instead pull it directly from Git when needed. Removing duplicated data simplifies the data store model, something that is important as we shift from a SQL database to a Git backed database. +A very, very old bug. We no longer mirror the commit data into the SQL database, but instead pull it directly from Git when needed. Removing duplicated data simplifies the data store model, something that is important as we shift from an SQL database to a Git backed database. * GERRIT-220 Fix infinite loop in PatchScriptBuilder + @@ -314,4 +314,4 @@ This release is really massive because the internal code moved from some really * Cleanup display of external ids in the user settings * Preserve negative approvals when replacing patch sets * Use gwtjsonrpc 1.1.1 -* gerrit 2.0.18 \ No newline at end of file +* gerrit 2.0.18 diff --git a/ReleaseNotes/ReleaseNotes-2.0.19.txt b/ReleaseNotes/ReleaseNotes-2.0.19.txt index 40dd39050f..b6a731b4ab 100644 --- a/ReleaseNotes/ReleaseNotes-2.0.19.txt +++ b/ReleaseNotes/ReleaseNotes-2.0.19.txt @@ -149,7 +149,7 @@ aborts, although it will spew many errors. Uploading commits to a project now requires that the new commits share a common ancestry with the existing commits of that project. This catches and prevents problems caused by a user making a typo -in the project name, and inadverently selecting the wrong project. +in the project name, and inadvertently selecting the wrong project. * Change-Id tags in commit messages to associate commits + diff --git a/ReleaseNotes/ReleaseNotes-2.0.21.txt b/ReleaseNotes/ReleaseNotes-2.0.21.txt index 47ba6542f9..053ec894b3 100644 --- a/ReleaseNotes/ReleaseNotes-2.0.21.txt +++ b/ReleaseNotes/ReleaseNotes-2.0.21.txt @@ -190,7 +190,7 @@ the current row of a file. * Display abbreviated hexy Change-Id in screen titles * Use hexy Change-Id in emails sent from Gerrit + -Change-Id abbreviations are now used throught more of the UI, +Change-Id abbreviations are now used through more of the UI, including emails sent by Gerrit and window/page titles. This change breaks email threading for any existing review emails. That is comments on a change created before the upgrade will diff --git a/ReleaseNotes/ReleaseNotes-2.0.22.txt b/ReleaseNotes/ReleaseNotes-2.0.22.txt index d27fcfffd9..ae6d7dd796 100644 --- a/ReleaseNotes/ReleaseNotes-2.0.22.txt +++ b/ReleaseNotes/ReleaseNotes-2.0.22.txt @@ -60,7 +60,7 @@ especially for multiline `/** ... */` style comments. The following properties may now be configured from LDAP using more complex expressions: accountFullName, accountEmailAddress, accountSshUserName. Property expressions permit forcing -to a lowercase string, or performing string concentation. +to a lowercase string, or performing string concatenation. These features may help some environments to better integrate with their local LDAP server. @@ -118,7 +118,7 @@ SSH usernames were permitted to contain any character, including oddball characters like '\0' and '/'. We really want them to be a restricted subset which won't cause errors when we try to map SSH usernames as file names in a Git repository as we try -to move away from a SQL database. +to move away from an SQL database. * GERRIT-282 Fix reply to comment on left side + @@ -157,4 +157,4 @@ Other Changes * GERRIT-67 Wait for dependencies to submit before claiming merge ... * Move abandonChange to ChangeManageService * Remove trailing whitespace in install.txt -* Gerrit 2.0.22 \ No newline at end of file +* Gerrit 2.0.22 diff --git a/ReleaseNotes/ReleaseNotes-2.0.5.txt b/ReleaseNotes/ReleaseNotes-2.0.5.txt index a17d1c5e76..78389fc59b 100644 --- a/ReleaseNotes/ReleaseNotes-2.0.5.txt +++ b/ReleaseNotes/ReleaseNotes-2.0.5.txt @@ -52,7 +52,7 @@ Other Changes * Show the Web Identities panel when on HTTP authentication * Relabel the "Web Identities" tab as just "Identities * Use an   when showing an empty cell in the identity... -* Simplify the Gerrit install from source procedue to avoi... +* Simplify the Gerrit install from source procedure to avoi... * Support -DgwtStyle=DETAILED to support browser debugging * Don't link to JIRA in our docs, link to our issues page * Use   in the identities table email column when emp... diff --git a/ReleaseNotes/ReleaseNotes-2.1.1.txt b/ReleaseNotes/ReleaseNotes-2.1.1.txt index 5d14b1eb21..5f0214691b 100644 --- a/ReleaseNotes/ReleaseNotes-2.1.1.txt +++ b/ReleaseNotes/ReleaseNotes-2.1.1.txt @@ -102,8 +102,8 @@ other AJAX applications like Gmail. * Use a glass pane behind our dialogs, make most modal + -Error dialogs are now more noticable, and less easily dismissed -by an accidential click. This is especially useful when there +Error dialogs are now more noticeable, and less easily dismissed +by an accidental click. This is especially useful when there is a merge error during submit. Bug Fixes diff --git a/ReleaseNotes/ReleaseNotes-2.1.10.txt b/ReleaseNotes/ReleaseNotes-2.1.10.txt new file mode 100644 index 0000000000..9d43bf47b2 --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.1.10.txt @@ -0,0 +1,13 @@ +Release notes for Gerrit 2.1.10 +=============================== + +There are no schema changes from link:ReleaseNotes-2.1.9.html[2.1.9]. + +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.1.10.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.1.10.war] + +Bug Fixes +--------- +* Fix clone for modern Git clients ++ +The security fix in 2.1.9 broke clone for recent Git clients, +throwing an ArrayIndexOutOfBoundsException. Fixed. diff --git a/ReleaseNotes/ReleaseNotes-2.1.2.txt b/ReleaseNotes/ReleaseNotes-2.1.2.txt index 8652db7fa2..ca69e86f07 100644 --- a/ReleaseNotes/ReleaseNotes-2.1.2.txt +++ b/ReleaseNotes/ReleaseNotes-2.1.2.txt @@ -195,7 +195,7 @@ with SSH requests. * issue 392 Make hooks/commit-msg available over HTTP + The scp filesystem holding client side tools and hooks is now -avaliable over `http://review.example.com/tools/'$name'`. User +available over `http://review.example.com/tools/'$name'`. User documentation is updated with example URLs. * issue 470 Allow /r/I... URLs @@ -252,7 +252,7 @@ it requires access to the private half of the host key. For example: + Additional public keys for the magical 'Gerrit Code Review' user may be specified in an OpenSSH authorized_keys style file and are -functionally equivilent to authenticating with the daemon's host key. +functionally equivalent to authenticating with the daemon's host key. The keys are primarily intended to be other daemons, most likely slaves, that share the same set of repositories and database. @@ -434,7 +434,7 @@ closed changes. * issue 466 Reject pushing to invalid reference names + Gerrit allowed the invalid `HEAD:/refs/for/master` push refspec -to actaully create the branch `refs/heads/refs/for/master`, which +to actually create the branch `refs/heads/refs/for/master`, which confused any other client trying to push. Fixed. * issue 485 Trim the username before requesting authentication @@ -467,7 +467,7 @@ handlers are now installed to trap and log any uncaught errors. * issue 451 gerrit.sh: Wait until the daemon is serving requests + -The gerrit.sh script now waits until the deamon is actually running +The gerrit.sh script now waits until the daemon is actually running and able to serve requests before returning to the caller with a successful exit status code. This makes it easier to then start up dependent tasks that need the server to be ready before they can run. diff --git a/ReleaseNotes/ReleaseNotes-2.1.4.txt b/ReleaseNotes/ReleaseNotes-2.1.4.txt index d4cf741c41..639229ac93 100644 --- a/ReleaseNotes/ReleaseNotes-2.1.4.txt +++ b/ReleaseNotes/ReleaseNotes-2.1.4.txt @@ -21,7 +21,7 @@ Change Management * issue 504 Implement full query operators + -The search box now implments a wide range of operators and boolean +The search box now implements a wide range of operators and boolean expressions, permitting complex queries such as `is:open CodeReview>=1 (has:draft OR is:starred)` to locate open changes that have been code reviewed, but still have unpublished drafts or were starred by the diff --git a/ReleaseNotes/ReleaseNotes-2.1.5.txt b/ReleaseNotes/ReleaseNotes-2.1.5.txt index c87dc42bb4..b55aedf11f 100644 --- a/ReleaseNotes/ReleaseNotes-2.1.5.txt +++ b/ReleaseNotes/ReleaseNotes-2.1.5.txt @@ -5,7 +5,7 @@ Gerrit 2.1.5 is now available: link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.1.5.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.1.5.war] -This is primarly a bug fix release to 2.1.4, but some additional +This is primarily a bug fix release to 2.1.4, but some additional new features were included so its named 2.1.5 rather than 2.1.4.1. Upgrade Instructions @@ -156,7 +156,7 @@ the topic name. The topic is now left as-is during replacement if no new topic was supplied. If a new topic is supplied, it is changed to match the new topic given. -* Allow ; and & to seperate parameters in gitweb +* Allow ; and & to separate parameters in gitweb + gitweb.cgi accepts either ';' or '&' between parameters, but Gerrit Code Review was only accepting the ';' syntax. Fixed diff --git a/ReleaseNotes/ReleaseNotes-2.1.6.txt b/ReleaseNotes/ReleaseNotes-2.1.6.txt index 198a064e7f..d1c63359ef 100644 --- a/ReleaseNotes/ReleaseNotes-2.1.6.txt +++ b/ReleaseNotes/ReleaseNotes-2.1.6.txt @@ -89,7 +89,7 @@ using client SSL certificates. This feature requires using the embedded Jetty web server with SSL enabled, and an LDAP directory to lookup individual account information. -* issue 503 Inactive acounts may be disabled. +* issue 503 Inactive accounts may be disabled. + Administrators can manually update the accounts table, setting inactive = `Y` to mark user accounts inactive. Inactive accounts diff --git a/ReleaseNotes/ReleaseNotes-2.1.7.2.txt b/ReleaseNotes/ReleaseNotes-2.1.7.2.txt index 9172b4a772..802f1c7c36 100644 --- a/ReleaseNotes/ReleaseNotes-2.1.7.2.txt +++ b/ReleaseNotes/ReleaseNotes-2.1.7.2.txt @@ -25,7 +25,7 @@ on a specific file view. This was accidentally broken when the * Fix API breakage on ChangeDetailService + Version 2.1.7 broke the Gerrit Code Review plugin for Mylyn Reviews -due to an accidential signature change of one of the remote JSON +due to an accidental signature change of one of the remote JSON APIs. The ChangeDetailService.patchSetDetail() method is back to the old signature and a new patchSetDetail2() method has been added to handle the newer calling convention used in some contexts of the diff --git a/ReleaseNotes/ReleaseNotes-2.1.7.txt b/ReleaseNotes/ReleaseNotes-2.1.7.txt index 0dba5f9b7e..b12713cbae 100644 --- a/ReleaseNotes/ReleaseNotes-2.1.7.txt +++ b/ReleaseNotes/ReleaseNotes-2.1.7.txt @@ -71,7 +71,7 @@ to compare patch sets against one another and view only the files that differ between two patch sets. This new feature can speed up re-reviewing a change. -* issue 913 Support different color pallete when not signed in +* issue 913 Support different color palette when not signed in + Site administrators can configure a different theme in gerrit.config for the signed-in and signed-out states, making it more obvious to site users @@ -328,7 +328,7 @@ that does not use Change-Ids. * Reject invalid Change-Id lines + -Severly malformed Change-Id lines were previously accepted by the +Severely malformed Change-Id lines were previously accepted by the server. These are now rejected. * Fix error message returned on push to closed change @@ -362,7 +362,7 @@ SSH Commands * issue 814 Evict initial members of group created by SSH * issue 879 Fix replication of initial empty commit in new project * Disallow setting a project as parent for itself -* Autoamtically create user account(s) as necessary +* Automatically create user account(s) as necessary * Move SSH command creation off NioProcessor threads Administration diff --git a/ReleaseNotes/ReleaseNotes-2.1.9.txt b/ReleaseNotes/ReleaseNotes-2.1.9.txt new file mode 100644 index 0000000000..728d7cc901 --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.1.9.txt @@ -0,0 +1,16 @@ +Release notes for Gerrit 2.1.9 +============================== + +There are no schema changes from link:ReleaseNotes-2.1.8.html[2.1.8]. + +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.1.9.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.1.9.war] + +Bug Fixes +--------- +* Patch JGit security hole ++ +The security hole may permit a modified Git client to gain access +to hidden or deleted branches if the user has read permission on +at least one branch in the repository. Access requires knowing a +SHA-1 to request, which may be discovered out-of-band from an issue +tracker or gitweb instance. diff --git a/ReleaseNotes/ReleaseNotes-2.2.1.txt b/ReleaseNotes/ReleaseNotes-2.2.1.txt index 19af06d94a..ff8040e7b0 100644 --- a/ReleaseNotes/ReleaseNotes-2.2.1.txt +++ b/ReleaseNotes/ReleaseNotes-2.2.1.txt @@ -35,7 +35,7 @@ Bug Fixes The name "-- All Projects --.git" is difficult to work with on the UNIX command line, due to tools assuming the name is actually part of a long option. The project has been renamed to remove these -leading hypens, and remove spaces, making it more friendly to work +leading hyphens, and remove spaces, making it more friendly to work with on the command line. * issue 997 Resolve Project Owners when checking access rights @@ -66,7 +66,7 @@ sections added to them, due to a bug in the web UI. Fixed. * Fix API breakage on ChangeDetailService + Version 2.1.7 broke the Gerrit Code Review plugin for Mylyn Reviews -due to an accidential signature change of one of the remote JSON +due to an accidental signature change of one of the remote JSON APIs. The ChangeDetailService.patchSetDetail() method is back to the old signature and a new patchSetDetail2() method has been added to handle the newer calling convention used in some contexts of the diff --git a/ReleaseNotes/ReleaseNotes-2.2.2.2.txt b/ReleaseNotes/ReleaseNotes-2.2.2.2.txt index db5d7505a6..f7c299eb98 100644 --- a/ReleaseNotes/ReleaseNotes-2.2.2.2.txt +++ b/ReleaseNotes/ReleaseNotes-2.2.2.2.txt @@ -21,4 +21,4 @@ All-Projects and be accessed before the project that has the same section name as All-Projects. This is an unlikely scenario for most servers, as Gerrit does not normally set inheritFrom equal to All-Projects. The usual behavior is to not supply this property in -project.config, and permit the implicit inheritence to take place. +project.config, and permit the implicit inheritance to take place. diff --git a/ReleaseNotes/ReleaseNotes-2.2.2.txt b/ReleaseNotes/ReleaseNotes-2.2.2.txt index ddfe323043..2c14fa13d8 100644 --- a/ReleaseNotes/ReleaseNotes-2.2.2.txt +++ b/ReleaseNotes/ReleaseNotes-2.2.2.txt @@ -172,7 +172,7 @@ zoom on double click) on a patch by simply clicking on the line number. * Add a "Save" button to the PatchScriptSettingsPanel + -The "Update" button now only updates the display. Addittionally, +The "Update" button now only updates the display. Additionally, for logged in users, a "Save" button now behaves the way that "Update" used to behave for logged in users. @@ -427,9 +427,9 @@ cheaper. * Refactor how permissions are matched by ProjectControl, RefControl + More aggressively cache many of the auth objects at a cost of memory, -but this should be an improvement in response timse. +but this should be an improvement in response times. -* Substantialy speed up pushing changes for review +* Substantially speed up pushing changes for review + Pushing a new change for review checks if the change is related to the branch it's destined for. It used to do this in a way that diff --git a/ReleaseNotes/ReleaseNotes-2.3.1.txt b/ReleaseNotes/ReleaseNotes-2.3.1.txt index 324a3c1446..c37fbe4f82 100644 --- a/ReleaseNotes/ReleaseNotes-2.3.1.txt +++ b/ReleaseNotes/ReleaseNotes-2.3.1.txt @@ -21,4 +21,4 @@ All-Projects and be accessed before the project that has the same section name as All-Projects. This is an unlikely scenario for most servers, as Gerrit does not normally set inheritFrom equal to All-Projects. The usual behavior is to not supply this property in -project.config, and permit the implicit inheritence to take place. +project.config, and permit the implicit inheritance to take place. diff --git a/ReleaseNotes/ReleaseNotes-2.3.txt b/ReleaseNotes/ReleaseNotes-2.3.txt index 965c8e3749..cf371c80b5 100644 --- a/ReleaseNotes/ReleaseNotes-2.3.txt +++ b/ReleaseNotes/ReleaseNotes-2.3.txt @@ -220,7 +220,7 @@ parameter 'ldap.accountSshUserName' is set to This helps prevent a very slow LDAP server from blocking all SSH command creation threads. -* Introduce a git maxObjectSizeLimit in the [recieve] config +* Introduce a git maxObjectSizeLimit in the [receive] config + This limits the size of uploaded files @@ -294,7 +294,7 @@ required to push commits with gitlinks when they are created * Allow Realm to participate when linking an account identity + -When linking a new user identity to an exisiting account, permit the +When linking a new user identity to an existing account, permit the Realm to observe the new incoming identity and the current account, and to alter the request. This enables a Realm to observe when a user verifies a new email address link. @@ -401,7 +401,7 @@ Bug Fixes If a project inherits from a non existing parent, prevent a StringIndexOutOfBoundsException. -* Fix: Supress "Error on refs/cache-automerge" warnings. +* Fix: Suppress "Error on refs/cache-automerge" warnings. * Don't allow registering for cleanup after cleanup runs + diff --git a/ReleaseNotes/ReleaseNotes-2.4.2.txt b/ReleaseNotes/ReleaseNotes-2.4.2.txt index afa1d96cb3..9ae9fd7985 100644 --- a/ReleaseNotes/ReleaseNotes-2.4.2.txt +++ b/ReleaseNotes/ReleaseNotes-2.4.2.txt @@ -21,4 +21,4 @@ All-Projects and be accessed before the project that has the same section name as All-Projects. This is an unlikely scenario for most servers, as Gerrit does not normally set inheritFrom equal to All-Projects. The usual behavior is to not supply this property in -project.config, and permit the implicit inheritence to take place. +project.config, and permit the implicit inheritance to take place. diff --git a/ReleaseNotes/ReleaseNotes-2.4.3.txt b/ReleaseNotes/ReleaseNotes-2.4.3.txt new file mode 100644 index 0000000000..c9c2d2cb2e --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.4.3.txt @@ -0,0 +1,16 @@ +Release notes for Gerrit 2.4.3 +============================== + +There are no schema changes from link:ReleaseNotes-2.4.2.html[2.4.2]. + +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.4.3.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.4.3.war] + +Bug Fixes +--------- +* Patch JGit security hole ++ +The security hole may permit a modified Git client to gain access +to hidden or deleted branches if the user has read permission on +at least one branch in the repository. Access requires knowing a +SHA-1 to request, which may be discovered out-of-band from an issue +tracker or gitweb instance. diff --git a/ReleaseNotes/ReleaseNotes-2.4.4.txt b/ReleaseNotes/ReleaseNotes-2.4.4.txt new file mode 100644 index 0000000000..de9e2cba38 --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.4.4.txt @@ -0,0 +1,13 @@ +Release notes for Gerrit 2.4.4 +============================== + +There are no schema changes from link:ReleaseNotes-2.4.4.html[2.4.4]. + +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.4.4.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.4.4.war] + +Bug Fixes +--------- +* Fix clone for modern Git clients ++ +The security fix in 2.4.3 broke clone for recent Git clients, +throwing an ArrayIndexOutOfBoundsException. Fixed. diff --git a/ReleaseNotes/ReleaseNotes-2.4.txt b/ReleaseNotes/ReleaseNotes-2.4.txt index 82f3ed4a2d..6f10c0b8b2 100644 --- a/ReleaseNotes/ReleaseNotes-2.4.txt +++ b/ReleaseNotes/ReleaseNotes-2.4.txt @@ -131,7 +131,7 @@ short branch name that is shown in the web interface (without the 'refs/heads/' prefix). Change the branch operator so that it also supports full branch names as value. + -It is intuive that searching with 'branch:master' and searching with +It is intuitive that searching with 'branch:master' and searching with 'branch:refs/for/master' deliver the same result. So far 'branch:refs/for/master' was the same as searching with 'refs:refs/heads/refs/heads/master' which is unexpected for most users. @@ -154,7 +154,7 @@ Dev * issue 1272 Add scripts to create release notes from git log + These script generates a list of commits from git log between two given commits -and outputs the asciidoc format containting list of commits subject and body. +and outputs the asciidoc format containing list of commits subject and body. * Update URL for m2eclipse + @@ -223,7 +223,7 @@ that milliseconds are the default unit of time used here. * issue 1353 Fix case check for project name so that symlinks work again * Fix merging of access sections -* Fix inconsistent behaviour when replicating refs/meta/config +* Fix inconsistent behavior when replicating refs/meta/config * Fix duplicated results on status:open project:P branch:B Documentation diff --git a/ReleaseNotes/ReleaseNotes-2.5.2.txt b/ReleaseNotes/ReleaseNotes-2.5.2.txt index 08b4f86f02..f87328e0bc 100644 --- a/ReleaseNotes/ReleaseNotes-2.5.2.txt +++ b/ReleaseNotes/ReleaseNotes-2.5.2.txt @@ -124,9 +124,9 @@ The link to the repo command reference in the 'repo upload' section of the 'Uploading Changes' documentation was broken. * link:http://code.google.com/p/gerrit/issues/detail?id=1569[issue 1569]: -Fix unexpected behaviour in the commit-msg hook caused by `GREP_OPTIONS` +Fix unexpected behavior in the commit-msg hook caused by `GREP_OPTIONS` + -If `GREP_OPTIONS` was set, it caused unexpected behaviour in the +If `GREP_OPTIONS` was set, it caused unexpected behavior in the commit-msg hook. For example if it included a setting like `--exclude=".git/*"` it caused a new `Change-Id` line to be appended to the commit message on every amend. diff --git a/ReleaseNotes/ReleaseNotes-2.5.5.txt b/ReleaseNotes/ReleaseNotes-2.5.5.txt new file mode 100644 index 0000000000..57b6d248ab --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.5.5.txt @@ -0,0 +1,16 @@ +Release notes for Gerrit 2.5.5 +============================== + +There are no schema changes from link:ReleaseNotes-2.5.4.html[2.5.4]. + +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.5.5.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.5.5.war] + +Bug Fixes +--------- +* Patch JGit security hole ++ +The security hole may permit a modified Git client to gain access +to hidden or deleted branches if the user has read permission on +at least one branch in the repository. Access requires knowing a +SHA-1 to request, which may be discovered out-of-band from an issue +tracker or gitweb instance. diff --git a/ReleaseNotes/ReleaseNotes-2.5.6.txt b/ReleaseNotes/ReleaseNotes-2.5.6.txt new file mode 100644 index 0000000000..2e9e88869e --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.5.6.txt @@ -0,0 +1,13 @@ +Release notes for Gerrit 2.5.6 +============================== + +There are no schema changes from link:ReleaseNotes-2.5.6.html[2.5.6]. + +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.5.6.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.5.6.war] + +Bug Fixes +--------- +* Fix clone for modern Git clients ++ +The security fix in 2.5.4 broke clone for recent Git clients, +throwing an ArrayIndexOutOfBoundsException. Fixed. diff --git a/ReleaseNotes/ReleaseNotes-2.5.txt b/ReleaseNotes/ReleaseNotes-2.5.txt index 023b4bf096..cdef554dd9 100644 --- a/ReleaseNotes/ReleaseNotes-2.5.txt +++ b/ReleaseNotes/ReleaseNotes-2.5.txt @@ -80,7 +80,7 @@ The `cache.diff.memoryLimit` and `cache.diff_intraline.memoryLimit` configuration variables are now expressed in bytes of memory used, rather than number of entries in the cache. This is a change from previous versions of Gerrit and gives administrators more control over -how memory is partioned within a server. Admins that set this variable +how memory is partitioned within a server. Admins that set this variable must update their configurations, as the old values are too small. For example a setting of `memoryLimit = 1024` now means only 1 KiB of data (which may not even hold 1 patch set), not 1024 patch sets. It @@ -1014,7 +1014,7 @@ startup ordering problem in the GroupCache and the ProjectCache, where code wants to use one of these caches during startup to resolve a group or project by name. + -Tracking the Gauva backend caches with a DynamicMap makes it possible +Tracking the Guava backend caches with a DynamicMap makes it possible for plugins to define their own in-memory caches using CacheModule's cache() function to declare the cache. It allows the core server to make the cache available to administrators over SSH with the gerrit @@ -1129,7 +1129,7 @@ section is never suggested. * Add change topic in hook arguments + It was not possible for hook scripts to include topic-specific -behaviour because the topic name was not included in the arguments. +behavior because the topic name was not included in the arguments. * Add `--is-draft` argument on `patchset-created` hook + @@ -1202,7 +1202,7 @@ So far tracking ID's had a maximum length of only 20 characters. * Set `GERRIT_SITE` in Gerrit hooks as environment variable + -Allows development of hooks parametrised on Gerrit location. This can +Allows development of hooks parameterized on Gerrit location. This can be useful to allow hooks to load the Gerrit configuration when needed (from `$GERRIT_SITE`) or even store their additional config files under `$GERRIT_SITE/etc` and retrieve them at startup. @@ -1210,7 +1210,7 @@ be useful to allow hooks to load the Gerrit configuration when needed * Add an exponentially rolling garbage collection script + `git-exproll.sh` is a git garbage collection script aimed specifically -at reducing exccessive garbage collection and particularly large +at reducing excessive garbage collection and particularly large packfile churn for Gerrit installations. + Excessive garbage collection on "dormant" repos is wasteful of both CPU @@ -1275,7 +1275,7 @@ group membership database was downloaded to the browser when showing just the list of groups. + Now the amount of data that needs to be downloaded to the browser is -reduced by using the more leightweight `AccountGroup` type instead of +reduced by using the more lightweight `AccountGroup` type instead of the `GroupDetail` type when showing the groups in a list format. As a consequence the `Owners` column that showed the name of the owner group had been dropped. @@ -1305,9 +1305,9 @@ instead use only the `refs/heads` namespace and the name of the branch used in the `refs/for/` push line. + Catch existing changes by looking for their exact commit SHA-1, rather -than complete ancestory. This should have roughly the same outcome for +than complete ancestry. This should have roughly the same outcome for anyone pushing a new commit on top of an existing open change, but -with lower computional cost at the server. +with lower computational cost at the server. * Lookup changes in parallel during `ReceiveCommits` + @@ -1408,7 +1408,7 @@ Upgrades * Use gwtexpui 1.2.6 + ** Hide superfluous status text from clippy flash widget -** Fix diappearance of text in CopyableLabel when clicking on it +** Fix disappearance of text in CopyableLabel when clicking on it * Update Guava to 12.0.1 + @@ -1436,7 +1436,7 @@ Project owners (members of groups to which the `owner` access right is assigned) are able to edit the access control list of the projects they own. Hence being owner of the `All-Projects` project would allow to edit the global capabilities and assign the `administrateServer` -capabilitiy without being Gerrit administrator. +capability without being Gerrit administrator. + In earlier Gerrit versions (2.1.x) it was already implemented like this but the corresponding checks got lost. @@ -1503,7 +1503,7 @@ side viewer. * Dependencies were lost in the ChangeScreen's "Needed By" table + -Older patchsets are now iterated for decendents, so that the dependency +Older patchsets are now iterated for descendants, so that the dependency chain does not break on new upstream patchsets. * link:http://code.google.com/p/gerrit/issues/detail?id=1442[issue 1442]: @@ -1712,7 +1712,7 @@ returned as author. * Fix the `export-review-notes` command's Guice bindings + -The `export-review-notes` command was broken becasue of the CachePool +The `export-review-notes` command was broken because of the CachePool class being bound twice. The startup of the command failed because of that. @@ -1751,7 +1751,7 @@ still broken) rely on the context path of the application instead. Replication ~~~~~~~~~~~ -* Fix inconsistent behaviour when replicating `refs/meta/config` +* Fix inconsistent behavior when replicating `refs/meta/config` + In `replication.config`, if `authGroup` is set to be used together with `mirror = true`, refs blocked through the `authGroup` are deleted from diff --git a/ReleaseNotes/ReleaseNotes-2.6.1.txt b/ReleaseNotes/ReleaseNotes-2.6.1.txt new file mode 100644 index 0000000000..e163b43de7 --- /dev/null +++ b/ReleaseNotes/ReleaseNotes-2.6.1.txt @@ -0,0 +1,16 @@ +Release notes for Gerrit 2.6.1 +============================== + +There are no schema changes from link:ReleaseNotes-2.6.html[2.6]. + +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.6.1.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.6.1.war] + +Bug Fixes +--------- +* Patch JGit security hole ++ +The security hole may permit a modified Git client to gain access +to hidden or deleted branches if the user has read permission on +at least one branch in the repository. Access requires knowing a +SHA-1 to request, which may be discovered out-of-band from an issue +tracker or gitweb instance. diff --git a/ReleaseNotes/ReleaseNotes-2.6.2.txt b/ReleaseNotes/ReleaseNotes-2.6.2.txt deleted file mode 100644 index cf963c243f..0000000000 --- a/ReleaseNotes/ReleaseNotes-2.6.2.txt +++ /dev/null @@ -1,43 +0,0 @@ -Release notes for Gerrit 2.6.2 -============================== - -Gerrit 2.6.2 is now available: - -link:https://gerrit-releases.storage.googleapis.com/gerrit-2.6.2.war[ -https://gerrit-releases.storage.googleapis.com/gerrit-2.6.2.war] - -There are no schema changes from 2.6.1. - -However, if upgrading from a version older than 2.6, follow the upgrade -procedure in the 2.6 link:ReleaseNotes-2.6.html[Release Notes]. - - -Bug Fixes ---------- - - -* Fix null-pointer exception when dashboard title is not specified. -+ -If the title is not specified, the path of the dashboard config file -is used as title. - -* link:https://code.google.com/p/gerrit/issues/detail?id=2010[Issue 2010]: -Fix null-pointer exception when searching for changes with the query -`owner:self`. - -* Properly handle double-click on external group in GroupTable. -+ -Double-clicking on an external group opens the group's URL (if it -is provided). - -* link:https://code.google.com/p/gerrit/issues/detail?id=1872[Issue 1872]: -Fix tab expansion in diff screens when syntax coloring is on. - -* link:https://code.google.com/p/gerrit/issues/detail?id=1904[Issue 1904]: -Fix diff screens for files with CRLF line endings. - -* Allow label values to be configured with no text. - - -No other changes since 2.6.1. - diff --git a/ReleaseNotes/ReleaseNotes-2.6.txt b/ReleaseNotes/ReleaseNotes-2.6.txt index 0c21182691..a000a62e58 100644 --- a/ReleaseNotes/ReleaseNotes-2.6.txt +++ b/ReleaseNotes/ReleaseNotes-2.6.txt @@ -3,7 +3,7 @@ Release notes for Gerrit 2.6 Gerrit 2.6 is now available: -link:http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.6.war[http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.6.war] +link:https://gerrit-releases.storage.googleapis.com/gerrit-2.6.war[https://gerrit-releases.storage.googleapis.com/gerrit-2.6.war] Gerrit 2.6 includes the bug fixes done with link:ReleaseNotes-2.5.1.html[Gerrit 2.5.1], @@ -439,7 +439,7 @@ running MSIE 6 or 7, but those are ancient and users should upgrade. + Enable this on the REST API responses because we sometimes send back text/plain results that are really just plain text. Existing JSON -responses are protected from accidential sniffing and treatment as +responses are protected from accidental sniffing and treatment as HTML thanks to Gson encoding HTML control characters using Unicode character escapes within JSON strings. @@ -870,13 +870,13 @@ number of objects is marked as uninteresting. * PatchSet.isRef()-optimizations. + PatchSet.isRef() is used extensively when preparing for a ref -advertisment and the regular expression used by isRefs() was notably +advertisement and the regular expression used by isRefs() was notably costly in these circumstances, especially since it could not be pre-compiled. + The regular expression is removed and the check is now directly implemented. As result the performance of `git ls-remote` could be -increased upto 15%. +increased by up to 15%. * New config option `receive.checkReferencedObjectsAreReachable` + @@ -898,11 +898,11 @@ initial page load for most users. * Caching of changes + -During Ref Advertisments (via VisibleRefFilter), all changes need to +During Ref Advertisements (via VisibleRefFilter), all changes need to be fetched from the database to allow Gerrit to figure out which change refs are visible and should be advertised to the user. To reduce database traffic a cache for changes was introduced. This cache is -disabled by default since it can mess-up multi-server setups. +disabled by default since it can mess up multi-server setups. Misc ~~~~ @@ -1140,13 +1140,13 @@ the 'Projects' menu was not selected. + ** Sometimes a second comment editor was shown instead of using the existing comment editor. -** Fix doublicated border line between comments. +** Fix duplicated border line between comments. ** Sometimes the parts of the border were missing when a comment was expanded. ** Fix displaying the blue line that marks the current line when there are several published comments. ** Sometimes on discard of a comment some frames of the comment editor - stayed and some border lines of neighbour comments disappeared. + stayed and some border lines of neighbor comments disappeared. * In diff view don't let arrow column accept clicks. @@ -1178,7 +1178,7 @@ when switching pages, leaving the help text visible. + The provided suggestions should highlight the part that the user has already typed as bold text. This only worked for the first operator. -For suggestions of any further operator no hightlighting was done. +For suggestions of any further operator no highlighting was done. * Fix style of hint text in search box on initial page load + @@ -1335,7 +1335,7 @@ message saying that it couldn't be merged because the destination branch doesn't exist anymore. + In addition Gerrit was writing an error into the error log if a change -couldn't be merged because the destination branch wass missing. +couldn't be merged because the destination branch was missing. That was not really a server error and is not logged anymore. * Fix NPE when pushing a patch with an invalid author with @@ -1612,7 +1612,7 @@ load the Gerrit WAR. Instead package the Jetty runtime and the servlet API in a new `WEB-INF/pgm-lib` directory. * link:https://code.google.com/p/gerrit/issues/detail?id=1822[Issue 1822]: - Verify session matches container authentiation header + Verify session matches container authentication header + If the user alters their identity in the container invalidate the Gerrit user session and force a new one to begin. diff --git a/ReleaseNotes/index.txt b/ReleaseNotes/index.txt index 974d4db904..b656be2331 100644 --- a/ReleaseNotes/index.txt +++ b/ReleaseNotes/index.txt @@ -9,12 +9,14 @@ Version 2.7.x [[2_6]] Version 2.6.x ------------- -* link:ReleaseNotes-2.6.2.html[2.6.2] +* link:ReleaseNotes-2.6.1.html[2.6.1] * link:ReleaseNotes-2.6.html[2.6] [[2_5]] Version 2.5.x ------------- +* link:ReleaseNotes-2.5.6.html[2.5.6] +* link:ReleaseNotes-2.5.5.html[2.5.5] * link:ReleaseNotes-2.5.4.html[2.5.4] * link:ReleaseNotes-2.5.3.html[2.5.3] * link:ReleaseNotes-2.5.2.html[2.5.2] @@ -24,6 +26,8 @@ Version 2.5.x [[2_4]] Version 2.4.x ------------- +* link:ReleaseNotes-2.4.4.html[2.4.4] +* link:ReleaseNotes-2.4.3.html[2.4.3] * link:ReleaseNotes-2.4.2.html[2.4.2] * link:ReleaseNotes-2.4.1.html[2.4.1] * link:ReleaseNotes-2.4.html[2.4] @@ -46,6 +50,8 @@ Version 2.2.x [[2_1]] Version 2.1.x ------------- +* link:ReleaseNotes-2.1.10.html[2.1.10] +* link:ReleaseNotes-2.1.9.html[2.1.9] * link:ReleaseNotes-2.1.8.html[2.1.8] * link:ReleaseNotes-2.1.7.2.html[2.1.7.2] * link:ReleaseNotes-2.1.7.html[2.1.7] diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/patches/AbstractPatchContentTable.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/patches/AbstractPatchContentTable.java index a0789ec72a..c07783dc42 100644 --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/patches/AbstractPatchContentTable.java +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/patches/AbstractPatchContentTable.java @@ -250,7 +250,7 @@ public abstract class AbstractPatchContentTable extends NavigationTable } protected boolean hasDifferences(PatchScript script) { - return hasEdits(script) || hasMeta(script); + return hasEdits(script) || hasMeta(script) || hasComments(script); } public boolean isPureMetaChange(PatchScript script) { @@ -267,6 +267,12 @@ public abstract class AbstractPatchContentTable extends NavigationTable return false; } + // True if one of the two patch sets has comments + private boolean hasComments(PatchScript script) { + return !script.getCommentDetail().getCommentsA().isEmpty() + || !script.getCommentDetail().getCommentsB().isEmpty(); + } + // True if this change is a mode change or a pure rename/copy private boolean hasMeta(PatchScript script) { return !script.getPatchHeader().isEmpty();