4d7ac775c2
Change-Id: Ieea1e0703f8b1814eee55a19f3af5890ca2ecd0b
381 lines
16 KiB
Plaintext
381 lines
16 KiB
Plaintext
Release notes for Gerrit 2.0.19, 2.0.19.1, 2.0.19.2
|
|
===================================================
|
|
|
|
Gerrit 2.0.19.2 is now available in the usual location:
|
|
|
|
link:http://code.google.com/p/gerrit/downloads/list[http://code.google.com/p/gerrit/downloads/list]
|
|
|
|
Important Notices
|
|
-----------------
|
|
|
|
* Prior User Sessions
|
|
+
|
|
The cookie used to identify a signed-in user has been changed. All users
|
|
will be automatically signed-out during this upgrade, and will need to
|
|
sign-in again after the upgrade is complete.
|
|
Users who try to use a web session from before the upgrade may receive the
|
|
obtuse error message "Invalid xsrfKey in request". Prior web clients are
|
|
misinterpreting the error from the server. Users need to sign-out and
|
|
sign-in again to pick up a new session.
|
|
This change was necessary to close GERRIT-83, see below.
|
|
|
|
* Preserving Sessions Across Restarts
|
|
+
|
|
Administrators who wish to preserve user sessions across server restarts must
|
|
set [http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#cache.directory cache.directory] in gerrit.config. This allows Gerrit to flush the set
|
|
of active sessions to disk during shutdown, and load them back during startup.
|
|
|
|
Schema Change
|
|
-------------
|
|
|
|
*WARNING: This version contains a schema change* (since 2.0.18)
|
|
|
|
Important notes about this schema change:
|
|
|
|
* Do not run the schema change while the server is running.
|
|
+
|
|
This upgrade adds a new required column to the changes table, something
|
|
which cannot be done while users are creating records. Like .18, I _strongly_
|
|
suggest a full shutdown, schema upgrade, then startup approach.
|
|
Apply the database specific schema script:
|
|
----
|
|
java -jar gerrit.war --cat sql/upgrade016_017_postgres.sql | psql reviewdb
|
|
java -jar gerrit.war --cat sql/upgrade016_017_mysql.sql | mysql reviewdb
|
|
----
|
|
|
|
|
|
New Features
|
|
------------
|
|
* New ssh create-project command
|
|
+
|
|
Thanks to Ulrik Sjölin we now have `gerrit create-project`
|
|
available over SSH, to construct a new repository and database
|
|
record for a project. Documentation has also been updated to
|
|
reflect that the command is now available.
|
|
|
|
* Be more liberal in accepting Signed-off-by lines
|
|
+
|
|
The "Require Signed-off-by line" feature in a project is now
|
|
more liberal. Gerrit now requires that the commit be signed off
|
|
by either the author or the committer. This was relaxed because
|
|
kernel developers often cherry-pick in patches signed off by
|
|
the author and by Linus Torvalds, but not by the committer who
|
|
did the backport cherry-pick.
|
|
|
|
* Allow cache.name.diskLimit = 0 to disable on disk cache
|
|
+
|
|
Setting cache.name.diskLimit to 0 will disable the disk for
|
|
that cache, even though cache.directory was set. This allows
|
|
sites to set cache.diff.diskLimit to 0 to avoid caching the diff
|
|
records on disk, but still allow caching web_sessions to disk,
|
|
so that live sessions are maintained across server restarts.
|
|
This is a change in behavior, the prior meaning of diskLimit =
|
|
0 was "unlimited", which is not very sane given how Ehcache
|
|
manages the on disk cache files.
|
|
|
|
* Allow human-readable units in config.name.maxage
|
|
+
|
|
Timeouts for any cache.name.maxAge may now be specified in human
|
|
readable units, such as "12 days" or "3 hours". The server will
|
|
automatically convert them to minutes during parsing. If no
|
|
unit is specified, minutes are assumed, to retain compatibility
|
|
with prior releases.
|
|
|
|
* Add native LDAP support to Gerrit
|
|
+
|
|
Gerrit now has native LDAP support. Setting auth.type to
|
|
HTTP_LDAP and then configuring the handful of ldap properties
|
|
in gerrit.config will allow Gerrit to load group membership
|
|
directly from the organization's LDAP server. This replaces
|
|
the need for the sync-groups script posted in the wiki. See:
|
|
link:http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#ldap[http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#ldap]
|
|
If you use the sync-groups script from the wiki page, you would
|
|
also need to delete the group members after upgrading, to remove
|
|
unnecessary records in your database:
|
|
{{{
|
|
DELETE FROM account_group_members
|
|
WHERE group_id IN (
|
|
SELECT group_id FROM account_groups
|
|
WHERE automatic_membership = 'Y');
|
|
}}}
|
|
|
|
* Don't allow users to edit their name if it comes from LDAP
|
|
+
|
|
User information loaded from LDAP, such as full name or SSH
|
|
username, cannot be modified by the end-user. This allows the
|
|
Gerrit site administrator to require that users conform to the
|
|
standard information published by the organization's directory
|
|
service. Updates in LDAP are automatically reflected in Gerrit
|
|
the next time the user signs-in.
|
|
|
|
* Remembers anchor during HTTP logins
|
|
+
|
|
When using an HTTP SSO product, clicking on a Gerrit link received
|
|
out-of-band (e.g. by email or IM) often required clicking the
|
|
link twice. On the first click Gerrit redirect you to the
|
|
organization's single-sign-on authentication system, which upon
|
|
success redirected to your dashboard. The actual target of the
|
|
link was often lost, so a second click was required.
|
|
With .19 and later, if the administrator changes the frontend web
|
|
server to perform authentication only for the /login/ subdirectory
|
|
of Gerrit, this can be avoided. For example with Apache:
|
|
----
|
|
<Location "/login/">
|
|
AuthType Basic
|
|
AuthName "Gerrit Code Review"
|
|
Require valid-user
|
|
...
|
|
</Location>
|
|
----
|
|
During a request for an arbitrary URL, such as '/#change,42',
|
|
Gerrit realizes the user is not logged in. Instead of sending an
|
|
immediate redirect for authentication, Gerrit sends JavaScript
|
|
to save the target token (the part after the '#' in the URL)
|
|
by redirecting the user to '/login/change,42'. This enters
|
|
the secured area, and performs the authentication. When the
|
|
authenticated user returns to '/login/change,42' Gerrit sends
|
|
a redirect back to the original URL, '/#change,42'.
|
|
|
|
|
|
* Create check_schema_version during schema creation
|
|
+
|
|
Schema upgrades for PostgreSQL now validate that the current
|
|
schema version matches the expected schema version at the start
|
|
of the upgrade script. If the schema does not match, the script
|
|
aborts, although it will spew many errors.
|
|
|
|
* Reject disconnected ancestries when creating changes
|
|
+
|
|
Uploading commits to a project now requires that the new commits
|
|
share a common ancestry with the existing commits of that project.
|
|
This catches and prevents problems caused by a user making a typo
|
|
in the project name, and inadvertently selecting the wrong project.
|
|
|
|
* Change-Id tags in commit messages to associate commits
|
|
+
|
|
Gerrit now looks for 'Change-Id: I....' in the footer area of a
|
|
commit message and uses this to identify a change record within
|
|
the project.
|
|
If the listed Change-Id has not been seen before, a new change
|
|
record is created. If the Change-Id is already known, Gerrit
|
|
updates the change with the new commit. This simplifies updating
|
|
multiple changes at once, such as might happen when rebasing an
|
|
entire series of commits that are still being reviewed.
|
|
A commit-msg hook can be installed to automatically generate
|
|
these Change-Id lines during initial commit:
|
|
{{{
|
|
scp -P 29418 review.example.com:hooks/commit-msg .git/hooks/
|
|
}}}
|
|
Using this hook ensures that the Change-Id is predicatable once
|
|
the commit is uploaded for review.
|
|
For more details, please see the docs:
|
|
link:http://gerrit.googlecode.com/svn/documentation/2.0/user-changeid.html[http://gerrit.googlecode.com/svn/documentation/2.0/user-changeid.html]
|
|
|
|
Bug Fixes
|
|
---------
|
|
* Fix yet another ArrayIndexOutOfBounds during side-by-s...
|
|
+
|
|
We found yet another bug with the side-by-side view failing
|
|
under certain conditions. I think this is the last bug.
|
|
|
|
* Apply URL decoding to parameter of /cat/
|
|
* Fix old image when shown inline in unified diff
|
|
+
|
|
Images weren't displaying correctly, even though
|
|
mimetype.image/png.safe was true in gerrit.config.
|
|
Turned out to be a problem with the parameter decoding of the
|
|
/cat/ servlet, as well as the link being generated wrong.
|
|
|
|
* Fix high memory usage seen in `gerrit show-caches`
|
|
+
|
|
In Gerrit 2.0.18 JGit had a bug where the repository wasn't being
|
|
reused in memory. This meant that we were constantly reloading
|
|
the repository data in from disk, so the server was always maxed
|
|
out at core.packedGitLimit and core.packedGitOpenFiles, as no
|
|
data was being reused from the cache. Fixed in this release.
|
|
|
|
* Fix display of timeouts in `gerrit show-caches`
|
|
+
|
|
Timeouts were not always shown correctly, sometimes 12 hours
|
|
was showing up as 2.5 days, which is completely wrong. Fixed.
|
|
|
|
* GERRIT-261 Fix reply button when comment is on the last line
|
|
+
|
|
The "Reply" button didn't work if the comment was on the last
|
|
line of the file, the browser caught an array index out of
|
|
bounds exception as we walked off the end of the table looking
|
|
for where to insert the new editor box.
|
|
|
|
* GERRIT-83 Make sign-out really invalidate the user's session
|
|
+
|
|
The sign-out link now does more than delete the cookie from the
|
|
user's browser, it also removes the token from the server side.
|
|
By removing it from the server, we prevent replay attacks where
|
|
an attacker has observed the user's cookie and then later tries
|
|
to issue their own requests with the user's cookie. Note that
|
|
this sort of attack is difficult if SSL is used, as the attacker
|
|
would have a much more difficult time of sniffing the user's
|
|
cookie while it was still live.
|
|
|
|
* Evict account record after changing SSH username
|
|
+
|
|
Changing the SSH username on the web immediately affected the
|
|
SSH daemon, but the web still showed the old username. This
|
|
was due to the change operation not flushing the cache that
|
|
the web code was displaying from. Fixed.
|
|
|
|
* Really don't allow commits to replace in wrong project
|
|
+
|
|
It was possible for users to upload replacement commits to the
|
|
wrong project, e.g. uploading a replacement commit to project
|
|
B while picking a change number from project A. Fixed.
|
|
|
|
=Fixes in 2.0.19.1=
|
|
-------------------
|
|
|
|
* Fix NPE during direct push to branch closing a change
|
|
+
|
|
Closing changes by pushing their commits directly into the branch didn't
|
|
always work as expected, due to some data not being initialized correctly.
|
|
|
|
* Ignore harmless "Pipe closed" in scp command
|
|
+
|
|
scp command on the server side threw exceptions when a client aborted the
|
|
data transfer. We typically don't care to log such cases.
|
|
|
|
* Refactor user lookup during permission checking
|
|
* GERRIT-264 Fix membership in Registered Users group
|
|
+
|
|
Users were not a member of "Registered Users", this was a rather serious
|
|
bug in the code as it meant many users lost their access rights.
|
|
|
|
* GERRIT-265 Correctly catch "Invalid xsrfKey in request" error as ...
|
|
+
|
|
Above I mentioned we should handle this error as "Not Signed In", only
|
|
the pattern match wasn't quite right. Fixed.
|
|
|
|
* GERRIT-263 Fix --re=bob to match bob@example.com when using HTTP_LDAP
|
|
+
|
|
HTTP_LDAP broke using local usernames to match an account. Fixed.
|
|
|
|
=Fixes in 2.0.19.2=
|
|
-------------------
|
|
* Don't line wrap project or group names in admin panels
|
|
+
|
|
Line wrapping group names like "All Users" when the description column
|
|
has a very long name in it is ugly.
|
|
|
|
* GERRIT-267 Don't add users to a change review if they cannot access
|
|
+
|
|
If a user cannot access a change, let the owner know when they try to
|
|
add the user as a reviewer, or CC them on it.
|
|
|
|
* commit-msg: Do not insert Change-Id if the message is ...
|
|
+
|
|
The commit-msg hook didn't allow users to abort accidental git commit
|
|
invocations, as it still modified the file, making git commit think
|
|
that the end-user wanted to make a commit. Anyone who has a copy of
|
|
the hook should upgrade to the new hook, if possible.
|
|
|
|
* Support recursive queries against LDAP directories
|
|
* Fix parsing of LDAP search scope properties
|
|
+
|
|
As reported on repo-discuss, recursive search is sometimes necessary,
|
|
and is now the default.
|
|
|
|
Removed Features
|
|
----------------
|
|
|
|
* Remove support for /user/email style URLs
|
|
+
|
|
I decided to remove this URL, its a pain to support and not
|
|
discoverable. Its unlikely anyone is really using it, but if
|
|
they are, they could try using "#q,owner:email,n,z" instead.
|
|
|
|
Other Changes
|
|
-------------
|
|
|
|
* Start 2.0.19 development
|
|
* Document the Failure and UnloggedFailure classes in Ba...
|
|
* Merge change 11109
|
|
* Document gerrit receive-pack is alias for git receive-...
|
|
* Define a simple query language for Gerrit
|
|
* Create new projects on remote systems with mkdir -p
|
|
* Set the GIT_DIR/description file during gerrit create-...
|
|
* Remove unnecessary toLowerCase calls in AdminCreatePro...
|
|
* Remove unnecessary exception from AdminCreateProject
|
|
* Remove unused import from AccountExternalId
|
|
* Abstract out account creation and simplify sign-on for...
|
|
* Implement server side sign-out handling
|
|
* Cleanup private keys in system_config table
|
|
* Remove dead max_session_age field from system_config
|
|
* Report 'Invalid xsrfKey' as 'Not Signed In'
|
|
* Update gerrit flush-caches documentation about web_ses...
|
|
* Update documentation on cache "web_sessions" configura...
|
|
* Add getSchemeRest to AccountExternalId
|
|
* Cleanup ContactStore and WebModule injection
|
|
* Catch Bouncy Castle Crypto not installed when loading ...
|
|
* Declare caches in Guice rather than hardcoded in Cache...
|
|
* Remove old commented out cache configuration code
|
|
* Don't NPE in SSH keys panel when SSHD is bound to loca...
|
|
* Don't send users to #register,register,mine
|
|
* Document the new LDAP support
|
|
* Cleanup section anchors to be more useful
|
|
* Put anchors on every configuration variable section
|
|
* Add missing AOSP copyright header to WebSession
|
|
* Fix short header lines in gerrit-config.txt
|
|
* Update documentation about system_config private key f...
|
|
* Fetch groups from LDAP during user authentication
|
|
* Actually honor cache.ldap_groups.maxage
|
|
* Add enum parsing support to ConfigUtil
|
|
* Rename LoginType to AuthType
|
|
* Support loading the sshUserName from LDAP
|
|
* Change ldap.accountDisplayName to ldap.accountFullName
|
|
* Fix parsing set-to-nothing options in ldap section
|
|
* Report more friendly errors from gwtjsonrpc
|
|
* Ensure dialog box displays correctly on network failure
|
|
* Document how setting LDAP properties disables web UI
|
|
* Ensure the commit body is parsed before getting the co...
|
|
* Cleanup more section anchors
|
|
* Make documentation table of contents anchors human rea...
|
|
* Remove notes about HTML 5 offline support
|
|
* Fix typo in LegacyGerritServlet javadoc
|
|
* Use subList in server side change query code
|
|
* Remove unsupported /all_unclaimed
|
|
* Rewrite UrlRewriteFilter in terms of Guice bindings
|
|
* Create a commit-msg hook to generate Change-Id tags
|
|
* Add change_key to changes table in database
|
|
* Allow searching for changes by Change-Id strings
|
|
* Display the change key, aka Change-ID in the informati...
|
|
* Display abbreviated change ids in change lists
|
|
* Change javax.security AccountNotFoundException to NoSu...
|
|
* Automatically update existing changes during refs/for/...
|
|
* Automatically close changes when pushing into a branch...
|
|
* Document the new commit-msg hook supplied by Gerrit
|
|
* Correct title of "Command Line Tools" documentation pa...
|
|
* Correct URL example used in Google Analytics Integrati...
|
|
* Correct comment about customizing categories and caches
|
|
* Fix formatting of remote.name.timeout section in docum...
|
|
* Add anchors for remote settings in replication.config ...
|
|
* Widen the search panel now that Change-Ids are 41 char...
|
|
* Revert "Ensure dialog box displays correctly on networ...
|
|
* Allow searches for Change-Ids starting with lowercase ...
|
|
* Fix line wrapped formatting in ChangeListServiceImpl
|
|
* Move Change.Key abbreviation to Change.Key class
|
|
* Format change ids in listing tables with a fixed with ...
|
|
* Cleanup documentation of the commit-msg hook
|
|
* Cleanup the command line tool index page
|
|
* Correct stale documentation section about SSH authenti...
|
|
* Correct access control documentation about project own...
|
|
* Quote the current directory when running asciidoc
|
|
* Move the Default Workflow link into the top of the Use...
|
|
* Correct formatting of usage in gerrit-cherry-pick docu...
|
|
* Document how Gerrit uses Change-Id lines
|
|
* Add Change-Id lines during cherry-pick if not already ...
|
|
* Fix "no common ancestry" bug
|
|
* Fix commit-msg hook to handle first lines like "foo: f...
|
|
* Add a link to Gerrit's project to the top of gerrit-ch...
|
|
* Add full ASLv2 copyright notice to commit-msg hook
|
|
* Embed Gerrit's version number into shell scripts copie...
|
|
* Don't drop max_session_age column in transaction durin...
|
|
* gerrit 2.0.19 |