Change Details

General ========= - Notifications now use WebSockets instead of Flash. The `bin/aphlict` server has changed behavior slightly. For more information, see <https://secure.phabricator.com/T6903>. - Updated the appearance of some UI elements and icons, and adjusted the design of project and user profile pages. - Phabricator can now use another Phabricator instance as a login provider. - Application email (like a `bugs@phabricator.company.com` address that users can send mail to in order to create tasks) is now configured in application options. - Applications can have more than one mailing address, and Herald can execute rules based on which address mail was sent to. - Mentioning projects with `#project` will no longer automatically associate projects with an object. - Replaced perfectly satisfactory scrollbar with a bad, glitchy one. Upgrading/Compatibility ========= - Removed long-deprecated `maniphest.find` call. Use `maniphest.query`. - The `scripts/repository/reparse.php` script has moved to `bin/repository reparse`. - If you run the notification server, you may need to start it manually and make adjustments if it runs into errors. Security ========= - We received about 15 reports this month via HackerOne, but none represented actionable vulnerabilities. - The "GHOST" vulnerability was disclosed recently. It does not specifically impact Phabricator, but you should make sure your servers are up to date. Almanac, Clusters and Instances ========= These changes support running a Phabricator cluster. Cluster configurations are still in a prototyping phase. - Added `bin/almanac register` for registering cluster devices. - Added `cluster.addresses` config option. - Added `cluster.instance` config option. - Added `phd.variant-config` config option. - The Auth application now has a "Manage Providers" capability. - The People application now has a "Create Users" capability. - Application policies can now be locked in configuration. - Added a "ClusterDatabase" Almanac service type. - Added support for routing HTTP, SSH and Conduit requests in a cluster configuration. - We now pass instance identity everywhere. Phortune and Subscriptions =========== - Implemented clock-based triggers for scheduling events. - Implemented subscriptions in Phortune, which allow applications to bill an account periodically. This capability is not yet used by any upstream application. OAuthServer =========== - Added modern policy support. - Improved handling of secrets. - OAuth servers can now be destroyed. Misc ==== - Fixed some issues where strings truncation could be insufficiently aggressive with unicode strings. - Improved the `Fixes T123` interaction between commits and tasks. - Uninstalled applications no longer render with dead links on the application launcher. - After logging in explicitly, users are now redirected to the page they logged in from. - Logged out users can now use "View Raw" on visible comments. - Slowvote description changes now diff properly. - Comment history no longer shows a nonfunctional dropdown menu. - `bin/storage adjust` no longer purges caches. - Added a `bin/storage shell` command. - We now do a better job of parsing Mercurial version numbers. - Differential now supports defining a mail address where users can send diffs. - Made a handful of old queries properly policy-aware. Developer ========= - Fixed inconsistent names of many classes. - Fixed inconsistent visiblity of many methods. - Moved all remaining edges to `EdgeType`. - Improved behavior of incorrectly translated strings. - HTTPSFuture now supports raw HTTP bodies. - Improved top-level exception handling. - Fixed an issue where cookies might not clear correctly with a prefix set.

General ========= - Notifications now use WebSockets instead of Flash. The `bin/aphlict` server has changed behavior slightly. For more information, see <https://secure.phabricator.com/T6903>. - Updated the appearance of some UI elements and icons, and adjusted the design of project and user profile pages. - Phabricator can now use another Phabricator instance as a login provider. - Application email (like a `bugs@phabricator.company.com` address that users can send mail to in order to create tasks) is now configured in application options. - Applications can have more than one mailing address, and Herald can execute rules based on which address mail was sent to. - Mentioning projects with `#project` will no longer automatically associate projects with an object. - Replaced perfectly satisfactory scrollbar with a bad, glitchy one. Upgrading/Compatibility ========= - Removed long-deprecated `maniphest.find` call. Use `maniphest.query`. - The `scripts/repository/reparse.php` script has moved to `bin/repository reparse`. - If you run the notification server, you may need to start it manually and make adjustments if it runs into errors. Security ========= - We received about 15 reports this month via HackerOne, but none represented actionable vulnerabilities. - The "GHOST" vulnerability was disclosed recently. It does not specifically impact Phabricator, but you should make sure your servers are up to date. Almanac, Clusters and Instances ========= These changes support running a Phabricator cluster. Cluster configurations are still in a prototyping phase. - Added `bin/almanac register` for registering cluster devices. - Added `cluster.addresses` config option. - Added `cluster.instance` config option. - Added `phd.variant-config` config option. - The Auth application now has a "Manage Providers" capability. - The People application now has a "Create Users" capability. - Application policies can now be locked in configuration. - Added a "ClusterDatabase" Almanac service type. - Added support for routing HTTP, SSH and Conduit requests in a cluster configuration. - We now pass instance identity everywhere. Phortune and Subscriptions =========== - Implemented clock-based triggers for scheduling events. - Implemented subscriptions in Phortune, which allow applications to bill an account periodically. This capability is not yet used by any upstream application. OAuthServer =========== - Added modern policy support. - Improved handling of secrets. - OAuth servers can now be destroyed. Misc ==== - Fixed some issues where strings truncation could be insufficiently aggressive with unicode strings. - Improved the `Fixes T123` interaction between commits and tasks. - Uninstalled applications no longer render with dead links on the application launcher. - After logging in explicitly, users are now redirected to the page they logged in from. - Logged out users can now use "View Raw" on visible comments. - Slowvote description changes now diff properly. - Comment history no longer shows a nonfunctional dropdown menu. - `bin/storage adjust` no longer purges caches. - Added a `bin/storage shell` command. - We now do a better job of parsing Mercurial version numbers. - Differential now supports defining a mail address where users can send diffs. - Made a handful of old queries properly policy-aware. Developer ========= - Fixed inconsistent names of many classes. - Fixed inconsistent visiblity of many methods. - Moved all remaining edges to `EdgeType`. - Improved behavior of incorrectly translated strings. - HTTPSFuture now supports raw HTTP bodies. - Improved top-level exception handling. - Fixed an issue where cookies might not clear correctly with a prefix set.

General ========= - Notifications now use WebSockets instead of Flash. The `bin/aphlict` server has changed behavior slightly. For more information, see <https://secure.phabricator.com/T6903>. - Updated the appearance of some UI elements and icons, and adjusted the design of project and user profile pages. - Phabricator can now use another Phabricator instance as a login provider. - Application email (like a `bugs@phabricator.company.com` address that users can send mail to in order to create tasks) is now configured in application options. - Applications can have more than one mailing address, and Herald can execute rules based on which address mail was sent to. - Mentioning projects with `#project` will no longer automatically associate projects with an object. - Replaced perfectly satisfactory scrollbar with a bad, glitchy one. Upgrading/Compatibility ========= - Removed long-deprecated `maniphest.find` call. Use `maniphest.query`. - The `scripts/repository/reparse.php` script has moved to `bin/repository reparse`. - If you run the notification server, you may need to start it manually and make adjustments if it runs into errors. Security ========= - We received about 15 reports this month via HackerOne, but none represented actionable vulnerabilities. - The "GHOST" vulnerability was disclosed recently. It does not specifically impact Phabricator, but you should make sure your servers are up to date. Almanac, Clusters and Instances ========= These changes support running a Phabricator cluster. Cluster configurations are still in a prototyping phase. - Added `bin/almanac register` for registering cluster devices. - Added `cluster.addresses` config option. - Added `cluster.instance` config option. - Added `phd.variant-config` config option. - The Auth application now has a "Manage Providers" capability. - The People application now has a "Create Users" capability. - Application policies can now be locked in configuration. - Added a "ClusterDatabase" Almanac service type. - Added support for routing HTTP, SSH and Conduit requests in a cluster configuration. - We now pass instance identity everywhere. Phortune and Subscriptions =========== - Implemented clock-based triggers for scheduling events. - Implemented subscriptions in Phortune, which allow applications to bill an account periodically. This capability is not yet used by any upstream application. OAuthServer =========== - Added modern policy support. - Improved handling of secrets. - OAuth servers can now be destroyed. Misc ==== - Fixed some issues where strings truncation could be insufficiently aggressive with unicode strings. - Improved the `Fixes T123` interaction between commits and tasks. - Uninstalled applications no longer render with dead links on the application launcher. - After logging in explicitly, users are now redirected to the page they logged in from. - Logged out users can now use "View Raw" on visible comments. - Slowvote description changes now diff properly. - Comment history no longer shows a nonfunctional dropdown menu. - `bin/storage adjust` no longer purges caches. - Added a `bin/storage shell` command. - We now do a better job of parsing Mercurial version numbers. - Differential now supports defining a mail address where users can send diffs. - Made a handful of old queries properly policy-aware. Developer ========= - Fixed inconsistent names of many classes. - Fixed inconsistent visiblity of many methods. - Moved all remaining edges to `EdgeType`. - Improved behavior of incorrectly translated strings. - HTTPSFuture now supports raw HTTP bodies. - Improved top-level exception handling. - Fixed an issue where cookies might not clear correctly with a prefix set.