- Notifications now use WebSockets instead of Flash. The `bin/aphlict`
server has changed behavior slightly. For more information, see
- Updated the appearance of some UI elements and icons, and adjusted the
design of project and user profile pages.
- Phabricator can now use another Phabricator instance as a login provider.
- Application email (like a `firstname.lastname@example.org` address that
users can send mail to in order to create tasks) is now configured in
- Applications can have more than one mailing address, and Herald can
execute rules based on which address mail was sent to.
- Mentioning projects with `#project` will no longer automatically associate
projects with an object.
- Replaced perfectly satisfactory scrollbar with a bad, glitchy one.
- Removed long-deprecated `maniphest.find` call. Use `maniphest.query`.
- The `scripts/repository/reparse.php` script has moved to
- If you run the notification server, you may need to start it manually and
make adjustments if it runs into errors.
- We received about 15 reports this month via HackerOne, but none
represented actionable vulnerabilities.
- The "GHOST" vulnerability was disclosed recently. It does not specifically
impact Phabricator, but you should make sure your servers are up to date.
Almanac, Clusters and Instances
These changes support running a Phabricator cluster. Cluster configurations
are still in a prototyping phase.
- Added `bin/almanac register` for registering cluster devices.
- Added `cluster.addresses` config option.
- Added `cluster.instance` config option.
- Added `phd.variant-config` config option.
- The Auth application now has a "Manage Providers" capability.
- The People application now has a "Create Users" capability.
- Application policies can now be locked in configuration.
- Added a "ClusterDatabase" Almanac service type.
- Added support for routing HTTP, SSH and Conduit requests in a cluster
- We now pass instance identity everywhere.
Phortune and Subscriptions
- Implemented clock-based triggers for scheduling events.
- Implemented subscriptions in Phortune, which allow applications to bill
an account periodically. This capability is not yet used by any upstream
- Added modern policy support.
- Improved handling of secrets.
- OAuth servers can now be destroyed.
- Fixed some issues where strings truncation could be insufficiently
aggressive with unicode strings.
- Improved the `Fixes T123` interaction between commits and tasks.
- Uninstalled applications no longer render with dead links on the
- After logging in explicitly, users are now redirected to the page they
logged in from.
- Logged out users can now use "View Raw" on visible comments.
- Slowvote description changes now diff properly.
- Comment history no longer shows a nonfunctional dropdown menu.
- `bin/storage adjust` no longer purges caches.
- Added a `bin/storage shell` command.
- We now do a better job of parsing Mercurial version numbers.
- Differential now supports defining a mail address where users can send
- Made a handful of old queries properly policy-aware.
- Fixed inconsistent names of many classes.
- Fixed inconsistent visiblity of many methods.
- Moved all remaining edges to `EdgeType`.
- Improved behavior of incorrectly translated strings.
- HTTPSFuture now supports raw HTTP bodies.
- Improved top-level exception handling.
- Fixed an issue where cookies might not clear correctly with a prefix set.