Release notes for Gerrit 2.4 ============================ Gerrit 2.4 is now available: link:https://www.gerritcodereview.com/download/gerrit-2.4.war[https://www.gerritcodereview.com/download/gerrit-2.4.war] Schema Change ------------- *WARNING:* This release contains schema changes. To upgrade: ---- java -jar gerrit.war init -d site_path ---- *WARNING:* Upgrading to 2.4.x requires the server be first upgraded to 2.1.7 (or a later 2.1.x version), and then to 2.4.x. If you are upgrading from 2.2.x.x or newer, you may ignore this warning and upgrade directly to 2.4.x. New Features ------------ Security ~~~~~~~~ * Restrict visibility to arbitrary user dashboards + Administrators have some expectation when using the 'suggest.accounts' visibility restriction feature that users cannot get the names or email addresses for arbitrary accounts. In fact, because account IDs are sequential, it would be easy for an adversary to get personal information of all users on the server by requesting every user's dashboard. + This includes changing the meaning of the 'suggest.accounts' config option to be a boolean indicating whether account suggestion should happen at all, which is now orthogonal to the account visibility restriction policy. We still recognize the old values for 'suggest.accounts', with the slight behavior change that 'suggest.accounts=OFF' now means that users cannot access the dashboards of any other users. Administrators who do not want this behavior can update their configuration. * Indicate that 'not found' may actually be a permission issue Web ~~~ * Add user preference to mark files reviewed automatically or manually + Add a checkbox to the preferences header on the diff screen which allows a user to specify whether they want manual-reviewing enabled or disabled. Previously, every file was auto marked reviewed when a user first displayed it. The new manual mode prevents this auto marking and only marks a file reviewed when the user explicitly clicks on the reviewed checkbox. * Use 'Auto Merge' for merge commit's base comparison + When reviewing a merge commit, the old wording in the version history dropdown of 'Base' doesn't really match Gerrit's behavior. Updating this to use 'Auto Merge' as suggested by Shawn Pearce on IRC. * issue 1035 Add rebase button to the change screen + This change adds a rebase button along with the rest of the action buttons in the change page. When pressing the button, the most recent patch set will be rebased onto the tip of the destination branch or the latest patchset of the change we depend upon. A new patch set containing the rebased commit will be produced and added to the change. + Rebasing of a change in web UI is restricted to change owner, submitter or those with the (new) 'rebase' permission. * Add a new permission 'rebase' to permit rebasing changes in the web UI * Make a user's dashboard visible if any of the changes are visible to the current user. * Change 'Loading ...' to say 'Working ...' as, often, there is more going on than just loading a response. Performance ~~~~~~~~~~~ * Asynchronously send email so it does not block the UI * Optimize queries for open/merged changes by project + branch Git ~~~ * Implement a multi-sub-task progress monitor for ReceiveCommits * Close corresponding change when pushing to 'refs/heads/*' + Gerrit would not close the open changes with matching change-ids, when the user pushes commits directly to 'refs/heads/*'. + This issue could be triggered for two reasons: . It is triggered when Gerrit detects no changes between the pushed commits and the current patchset on the open changes. This patch make sure that the matching open change is always closed when pushing to 'refs/heads/*', even if no visible changes is detected. . The same commit exists on another branch than the destination branch. This could trick gerrit into just "re-closing" the wrong change. * Run ReceiveCommits in a shared thread pool + Since the work to ReceiveCommits may take a long, potentially unbounded amount of time, we would like to have it run in the background so it can be monitored for timeouts and cancelled, and have stalls reported to the user from the main thread. Search ~~~~~~ * Add the '--dependencies' option to the 'query' command. + This option includes information about patch sets which depend on, or are needed by, each patch set. * Branch Operator: Support full branch names + The search operator for branches required the provided value to be the short branch name that is shown in the web interface (without the 'refs/heads/' prefix). Change the branch operator so that it also supports full branch names as value. + It is intuitive that searching with 'branch:master' and searching with 'branch:refs/for/master' deliver the same result. So far 'branch:refs/for/master' was the same as searching with 'refs:refs/heads/refs/heads/master' which is unexpected for most users. * Add comment inclusion via '&comments=true' over HTTP + With this change, we can fetch the comments on a patchset by sending a request to 'https://site/query?comments=true' Access Rights ~~~~~~~~~~~~~ * Added the 'emailReviewers' as a global capability. + This replaces the 'emailOnlyAuthors' flag of account groups. Dev ~~~ * issue 1272 Add scripts to create release notes from git log + These script generates a list of commits from git log between two given commits and outputs the asciidoc format containing list of commits subject and body. * Update URL for m2eclipse + The project is now under the Eclipse Foundation umbrella. * Add missing ignore for m2e prefs in gerrit-ehcache * Add '--issues' and '--issue_numbers' options to the 'gitlog2asciidoc.py' Miscellaneous ~~~~~~~~~~~~~ * Remove perl from 'commit-msg' hook + Removing perl from the commit-msg hook reduces the dependencies gerrit imposes on its users. * updating contrib 'trivial_rebase.py' for 2.2.2.1 Upgrades -------- * Updated to Guice 3.0. * Updated to gwtorm 1.4. * Update JGit to 1.3.0.201202151440-r.75-gff13648 * Update to gwtjsonrpc 1.3 + The change also shrinks the built WAR from 38M to 23M by excluding the now unnecessary GWT server code. Bug Fixes --------- * issue 904 Users who starred a change should receive all the emails about a change. * Fix: 'Diff All Side-by-Side' and 'Diff All Unified' buttons + When pressing the 'Diff All Side-by-Side' or 'Diff All Unified' button on the change screen, the opened browser windows/tabs shows diffs using "Base" as old version and the latest one as active patch set, regardless what has been set using the "Old Version History:" drop down menu and what is currently active patch set. + Gerrit doesn't remember the base patch set in the URL, making it impossible to copy-and-paste the URL to co-workers to show them the same diff a user is looking at. + This change fixes this behavior to make sure that the opened new browser windows shows diffs using the correct old patch set and active patch set. * Fix NPEs looking up groups by UUID in GroupCache * Fix default 'receive.timeout' + This should be in milliseconds, not seconds. Set the default to be 2 minutes in milliseconds and update the documentation to reflect that milliseconds are the default unit of time used here. * Fix 'development_become_any_account' redirects * issue 1299 Allow configuration of optional pattern for gitweb file history link * Use servlet context path during logout * issue 1353 Fix case check for project name so that symlinks work again * Fix merging of access sections * Fix inconsistent behavior when replicating refs/meta/config * Fix duplicated results on status:open project:P branch:B Documentation ------------- Access Rights ~~~~~~~~~~~~~ * Capabilities introduced * Kill and priority capabilities * Administrate server capability * Create account capability * Create group and project capability * Flush caches capability * Capability replication and view caches * Capability view conn. & queue * Example roles introduced * Developer example role * CI system example role * Integrator example role * Project owner example role * Administrator example role Miscellaneous ~~~~~~~~~~~~~ * User upload documentation: Replace changes * Add visible-to-all flag in the documentation for cmd-create-group * Add a contributing guideline for annotations * Add missing header for suggest.accounts documentation * Fix anchors for description of gitweb config parameters * Add missing section name to config-gerrit documentation * Fix documentation of ls-projects