Version 1 vs 2
Version 1 vs 2
Edits
Edits
- Edit by epriestley, Version 2
- Nov 12 2018 7:11 PM
- Edit by epriestley, Version 1
- Nov 12 2018 7:06 PM
Original Change | Most Recent Change |
Edit Older Version 1... | Edit Current Version 2... |
Content Changes
Content Changes
Summary of changes from November 3, 2018 to November 12, 2018.
| Codebase | Repository | {icon lock} | HEAD | Activity |
|----------|------------|--|------|----------|
| Phabricator | rP | | rP315d857a8 | 16 commits |
| Arcanist | rARC | | rARC3534d2ba | 1 commit |
| libphutil | rPHU | | rPHU335a9f8 | 1 commit |
| Instances (SAAS) | rSAAS | {icon lock} | rSAAS9528817 | 0 commits |
| Services (SAAS) | rSERVICES | {icon lock} | rSERVICES019a12a | 0 commits |
| Core (SAAS) | rCORE | {icon lock} | rCOREb6e9b09 | 1 commit |
- These changes were promoted to `stable`.
General
=======
The name of the project has officially changed from "Phabricator" to "[[ https://twitter.com/evanpriestley/status/1059906805164199936 | Hey, Jeff, got a sec?]]". We'll update strings and documentation over time, but you can begin using the new name immediately.
Security
========
- Fixed an issue where you could vote for one or more invalid options in Slowvote and see poll responses for a "Require Votes to See Responses" poll without your vote actually being visible to other suers. This is not exactly a security issue but was somewhat security-shaped. This issue was reported to us via HackerOne, see <https://hackerone.com/reports/434116> for discussion.
- We previously generated 80-bit TOTP secrets. Although the math suggests these are likely "secure enough" against any possible attacker today, they're shorter than recommended. We now generate 160-bit TOTP secrets. For now, we aren't forcing an upgrade since this would be disruptive and no practical attack against exists 80-bit secrets, but you can cycle your token if you want a longer secret. Upcoming changes may expand on this somewhat. This issue was reported to us via HackerOne, see <https://hackerone.com/reports/435648> for discussion.
- We no longer allow users to select exceptionally poor passwords based on their username or the install's domain name. This is more about getting security researchers to stop reporting this than because we have any evidence real users actually do this or it meaningfully impacts security. See D19776. On this install, a significant fraction of users with their username as their password are themselves security researchers.
Migrations
==========
| Migration | Risk | Duration | Notes |
|-----------|------|----------|-------|
| 20181106.repo.01.sync.sql | | 13 ms |
| 20181106.repo.02.hook.sql | | 811 ms |
//"Duration" is the duration for this install, and may not be representative.//
Upgrading / Compatibility
=========================
- [{icon tint, color=sky}] The behavior of `bin/repository thaw` when bindings are disabled has changed slightly, and there is updated guidance around how to react to loss of //every// device in a repository cluster (previously, guidance focused on a loss of only a strict subset of devices). See D19793 for some details. If you reference this material in a runbook, you may want to review the updates.
Minor
=====
- [{icon tint, color=sky}] Improved the performance of `{meme ...}` with no text.
- [{icon tint, color=sky}] The commit hook rejection ASCII art has been updated.
- [{icon tint, color=sky}] Push logs now include a `hookWait`, which records how long commit hooks ran for.
- [{icon tint, color=sky}] A new "Sync Log" records intracluster synchronization events for clustered repositories.
//The [{icon tint, color=sky}] icon indicates a change backed by support mana.//
Summary of changes from November 3, 2018 to November 12, 2018.
| Codebase | Repository | {icon lock} | HEAD | Activity |
|----------|------------|--|------|----------|
| Phabricator | rP | | rP315d857a8 | 16 commits |
| Arcanist | rARC | | rARC3534d2ba | 1 commit |
| libphutil | rPHU | | rPHU335a9f8 | 1 commit |
| Instances (SAAS) | rSAAS | {icon lock} | rSAAS9528817 | 0 commits |
| Services (SAAS) | rSERVICES | {icon lock} | rSERVICES019a12a | 0 commits |
| Core (SAAS) | rCORE | {icon lock} | rCOREb6e9b09 | 1 commit |
- These changes were promoted to `stable`.
General
=======
The name of the project has officially changed from "Phabricator" to "[[ https://twitter.com/evanpriestley/status/1059906805164199936 | Hey, Jeff, got a sec?]]". We'll update strings and documentation over time, but you can begin using the new name immediately.
Security
========
- Fixed an issue where you could vote for one or more invalid options in Slowvote and see poll responses for a "Require Votes to See Responses" poll without your vote actually being visible to other suers. This is not exactly a security issue but was somewhat security-shaped. This issue was reported to us via HackerOne, see <https://hackerone.com/reports/434116> for discussion.
- We previously generated 80-bit TOTP secrets. Although the math suggests these are likely "secure enough" against any possible attacker today, they're shorter than recommended. We now generate 160-bit TOTP secrets. For now, we aren't forcing an upgrade since this would be disruptive and no practical attack against exists 80-bit secrets, but you can cycle your token if you want a longer secret. Upcoming changes may expand on this somewhat. This issue was reported to us via HackerOne, see <https://hackerone.com/reports/435648> for discussion.
- We no longer allow users to select exceptionally poor passwords based on their username or the install's domain name. This is more about getting security researchers to stop reporting this than because we have any evidence real users actually do this or it meaningfully impacts security. See D19776. On this install, a significant fraction of users with their username as their password are themselves security researchers.
Migrations
==========
| Migration | Risk | Duration | Notes |
|-----------|------|----------|-------|
| 20181106.repo.01.sync.sql | | 13 ms |
| 20181106.repo.02.hook.sql | | 811 ms |
//"Duration" is the duration for this install, and may not be representative.//
Upgrading / Compatibility
=========================
- [{icon tint, color=sky}] The behavior of `bin/repository thaw` when bindings are disabled has changed slightly, and there is updated guidance around how to react to loss of //every// device in a repository cluster (previously, guidance focused on a loss of only a strict subset of devices). See D19793 for some details. If you reference this material in a runbook, you may want to review the updates.
- Some `qsprintf/queryfx()` semantics will change in a future version of Phabricator. If you run custom extensions, you may want to begin evaluating these changes. See T13217 for details.
Minor
=====
- [{icon tint, color=sky}] Improved the performance of `{meme ...}` with no text.
- [{icon tint, color=sky}] The commit hook rejection ASCII art has been updated.
- [{icon tint, color=sky}] Push logs now include a `hookWait`, which records how long commit hooks ran for.
- [{icon tint, color=sky}] A new "Sync Log" records intracluster synchronization events for clustered repositories.
//The [{icon tint, color=sky}] icon indicates a change backed by support mana.//
Summary of changes from November 3, 2018 to November 12, 2018.
| Codebase | Repository | {icon lock} | HEAD | Activity |
|----------|------------|--|------|----------|
| Phabricator | rP | | rP315d857a8 | 16 commits |
| Arcanist | rARC | | rARC3534d2ba | 1 commit |
| libphutil | rPHU | | rPHU335a9f8 | 1 commit |
| Instances (SAAS) | rSAAS | {icon lock} | rSAAS9528817 | 0 commits |
| Services (SAAS) | rSERVICES | {icon lock} | rSERVICES019a12a | 0 commits |
| Core (SAAS) | rCORE | {icon lock} | rCOREb6e9b09 | 1 commit |
- These changes were promoted to `stable`.
General
=======
The name of the project has officially changed from "Phabricator" to "[[ https://twitter.com/evanpriestley/status/1059906805164199936 | Hey, Jeff, got a sec?]]". We'll update strings and documentation over time, but you can begin using the new name immediately.
Security
========
- Fixed an issue where you could vote for one or more invalid options in Slowvote and see poll responses for a "Require Votes to See Responses" poll without your vote actually being visible to other suers. This is not exactly a security issue but was somewhat security-shaped. This issue was reported to us via HackerOne, see <https://hackerone.com/reports/434116> for discussion.
- We previously generated 80-bit TOTP secrets. Although the math suggests these are likely "secure enough" against any possible attacker today, they're shorter than recommended. We now generate 160-bit TOTP secrets. For now, we aren't forcing an upgrade since this would be disruptive and no practical attack against exists 80-bit secrets, but you can cycle your token if you want a longer secret. Upcoming changes may expand on this somewhat. This issue was reported to us via HackerOne, see <https://hackerone.com/reports/435648> for discussion.
- We no longer allow users to select exceptionally poor passwords based on their username or the install's domain name. This is more about getting security researchers to stop reporting this than because we have any evidence real users actually do this or it meaningfully impacts security. See D19776. On this install, a significant fraction of users with their username as their password are themselves security researchers.
Migrations
==========
| Migration | Risk | Duration | Notes |
|-----------|------|----------|-------|
| 20181106.repo.01.sync.sql | | 13 ms |
| 20181106.repo.02.hook.sql | | 811 ms |
//"Duration" is the duration for this install, and may not be representative.//
Upgrading / Compatibility
=========================
- [{icon tint, color=sky}] The behavior of `bin/repository thaw` when bindings are disabled has changed slightly, and there is updated guidance around how to react to loss of //every// device in a repository cluster (previously, guidance focused on a loss of only a strict subset of devices). See D19793 for some details. If you reference this material in a runbook, you may want to review the updates.
- Some `qsprintf/queryfx()` semantics will change in a future version of Phabricator. If you run custom extensions, you may want to begin evaluating these changes. See T13217 for details.
Minor
=====
- [{icon tint, color=sky}] Improved the performance of `{meme ...}` with no text.
- [{icon tint, color=sky}] The commit hook rejection ASCII art has been updated.
- [{icon tint, color=sky}] Push logs now include a `hookWait`, which records how long commit hooks ran for.
- [{icon tint, color=sky}] A new "Sync Log" records intracluster synchronization events for clustered repositories.
//The [{icon tint, color=sky}] icon indicates a change backed by support mana.//