Summary of changes from January 19, 2018 to January 26, 2018.
| Codebase | Repository | {icon lock} | HEAD | Activity |
|----------|------------|--|------|----------|
| Phabricator | rP | | rP162563d40b | 80 commits |
| Arcanist | rARC | | rARC2e023322 | 0 commits |
| libphutil | rPHU | | rPHU2d8cdda | 0 commits |
| Instances (SAAS) | rSAAS | {icon lock} | rSAAS301336d | 0 commits |
| Services (SAAS) | rSERVICES | {icon lock} | rSERVICESedd96db | 2 commits |
| Core (SAAS) | rCORE | {icon lock} | rCORE163f963 | 0 commits |
- These changes were promoted to `stable`.
General
=======
[{icon tint, color=sky}] **Bulk Editor** (T13025) The bulk editor (previously sometimes called the "batch editor") has been rebuilt on top of modern infrastructure (`EditEngine`) and a number of bugs have been fixed.
You can now modify the set of objects being edited from the editor screen, and a wider range of fields (including "points" and some custom fields) are supported. The bulk editor should also handle edits of workboard columns with large numbers of items more gracefully.
Bulk edits can now be made silently (suppressing notifications, feed stories, and email) with `bin/bulk make-silent`. The need to run a command-line tool is a little clumsy and is likely to become easier in a future version of Phabricator, but the ability to act silently could help an attacker who compromised an account avoid discovery for an extended period of time.
Edits which were made silently show an icon in the timeline view to make it easier to identify them.
[{icon tint, color=sky}] **Credential Revocation** (T13043) The `bin/auth revoke` tool has been expanded significantly and can now revoke all upstream credential types. You can use `bin/auth revoke --list` to see a list of available revokers. See @{article:Revoking Credentials} for documentation.
The "Deactivate" action for SSH keys is now "Revoke", and prevents the same key from being reused. `bin/auth revoke` can now revoke SSH keys from the CLI.
The two types of upstream password hashes (account passwords and VCS passwords) have been consolidated into more modern shared storage. `bin/auth revoke` can now revoke passwords. Once revoked, passwords can not be reused.
The `bin/accountadmin` tool can no longer change passwords. As an alternative, the `bin/auth recover` tool can now recover access to any user account instead of only administrator user accounts.
Existing VCS and Account passwords use a "perfectly fine" digest step before hashing, but it's more complicated than it needs to be. Going forward, passwords are digested more simply (with HMAC SHA256 and a dedicated salt) before the hashing step. Existing passwords will be upgraded to the newer digest algorithm automatically on next use.
[{icon tint, color=sky}] **Pull Logs** (T13046) Pull logs, which record users who fetched or cloned from a repository, are now browsable from the web UI.
Pull logs were historically an internal diagnostic tool with no UI. A bug which prevented `pullerPHID` from populating correctly has been fixed, and several general improvements have been made to the quality of the logged data. Older logs will have less accurate data, while newer logs will be more accurate.
Pull logs can be exported to CSV, JSON, or text with {nav Use Results > Export Data}. User accounts now also support this export workflow. This pipeline is somewhat rough and primarily aimed at making pull logs more practical to interact with, but see T13049 for additional discussion and future plans.
[{icon tint, color=sky}] **New Herald Action Behavior** (T13048) In addition to taking actions "every time" a rule matches or "only the first time" a rule matches, Herald can now be configured to take actions "if the rule did not match last time".
This allows you to write rules which apply side effects (like adding comments) only when the rule //starts// matching after previously not matching.
Security
========
This release does not contain any security fixes, but see the "Credential Revocation" change above.
Migrations
==========
| Migration | Risk | Duration | Notes |
|-----------|------|----------|-------|
| 20180119.bulk.01.silent.sql | | 53 ms |
| 20180120.auth.01.password.sql | | 16 ms |
| 20180120.auth.02.passwordxaction.sql | | 38 ms |
| 20180120.auth.03.vcsdata.sql | | 8 ms |
| 20180120.auth.04.vcsphid.php | | 46 ms |
| 20180121.auth.01.vcsnuke.sql | | 8 ms |
| 20180121.auth.02.passsalt.sql | | 23 ms |
| 20180121.auth.03.accountdata.sql | | 632 ms |
| 20180121.auth.04.accountphid.php | | 3,690 ms |
| 20180121.auth.05.accountnuke.sql | | 4,506 ms |
| 20180121.auth.06.legacydigest.sql | | 186 ms |
| 20180121.auth.07.marklegacy.sql | | 128 ms |
| 20180124.herald.01.repetition.sql | | 53 ms |
//"Duration" is the duration for this install, and may not be representative.//
Upgrading / Compatibility
=========================
- The `differential.createcomment` API method no longer respects the `silent` flag.
- The `bin/accountadmin` tool can no longer set account passwords. See "General" for discussion.
- "Deactivate SSH Key" is now "Revoke SSH Key", and revokes the key permanently. See "General" for discussion.
- The algorithm for computing changeset anchors has changed so that it no longer generates hashes with `.` or `_` characters, because these created ambiguity in markup contexts. The new hash is otherwise stable. If you've saved links to specific changesets in revisions (like `D123#change-abcdef`) they may need to be updated. See T13045 for details.
- Bulk editor URIs have changed if you were hard-coding them for some bizarre reason.
Minor
=====
- [{icon tint, color=sky}] External symbol sources now receive repository, path, line, and character information about where the symbol which was clicked appeared. See T13047 for details.
- [{icon tint, color=sky}] The "Reviewer" field for Herald commit rules has been marked as deprecated. The value of this field was one of the accepting reviewers, arbitrarily. In essentially all cases, rules should use "Accepting reviewers" instead.
- [{icon tint, color=sky}] Herald test console runs against commits now use the acting viewer to execute API calls against Diffusion. This should fix an issue where unprivileged web hosts could fail to retrieve diff content during test runs in a clustered environment.
- [{icon tint, color=sky}] Fixed two log warnings around observing and mirroring empty Git repositories.
- [{icon tint, color=sky}] The setup check which recommends you install `gd` is now more helpful.
- [{icon tint, color=sky}] Fixed a race condition when undrafting "Draft" revisions that could cause a validation error ("You can not request review of this revision...").
- [{icon tint, color=sky}] Some tokenizers in Herald and the bulk editor which should only allow one token now actually only allow one token.
- Fixed an issue where Diffusion could race against `git cat-file` and other similar subprocesses and sometimes truncate very large (>4MB) files in the web view to exactly 4MB.
- [{icon tint, color=sky}] Most daemon workers now show which object they're associated with in the web UI.
- [{icon tint, color=sky}] Fixed a bug where revision feed stories wouldn't publish under certain configurations.
- Fixed a bug where blame information could fail to generate in Diffusion if one of the blamed revisions existed but the viewer did not have permission to see it.
- [{icon tint, color=sky}] Fixed an issue with setting custom fields containing PHID lists via Conduit.
- [{icon tint, color=sky}] Herald now supports a "Revision status" field.
- [{icon tint, color=sky}] When revisions leave the "Draft" state, the initial mail message is now tagged in a more consistent way.
- Fixed some compatibility issues with Git 2.16.0 (`git grep .`, "simple" SSH variant).
//The [{icon tint, color=sky}] icon indicates a change backed by support mana.//