Summary of changes from January 8, 2016 to January 15, 2016.
| Codebase | Repository | {icon lock} | HEAD | Activity |
|----------|------------|--|------|----------|
| Phabricator | rP | | rPaadc1b7 | 35 commits |
| Arcanist | rARC | | rARCb871383 | 3 commits |
| libphutil | rPHU | | rPHUc3fd3a8 | 4 commits |
| Instances (SAAS) | rSAAS | {icon lock} | rSAASe9d0909 | 2 commits |
| Services (SAAS) | rSERVICES | {icon lock} | rSERVICESa981a58 | 0 commits |
| Core (SAAS) | rCORE | {icon lock} | rCOREbdfa9de | 2 commits |
- These changes were promoted to `stable`.
- See also [[ /phame/post/view/758/development_notes_2016_week_3/ | Development Notes (2016 Week 3) ]].
General
=======
- No major changes in this period, but see "Upgrading" below for two things
to watch out for.
Security
========
- Two major vulnerabilities in SSH were disclosed this week. They do not
have any special impact on Phabricator, but administrators should be aware
of them. See T10151 for discussion. (These issues have already been
mitigated in the Phacility cluster.)
- Fixed an issue where extended policy filters could have allowed objects
through incorrectly, given complex preconditions not currently present
in the application. This issue was reported to us via HackerOne, and we
awarded a $300 bounty for it.
Migrations
==========
| Migration | Risk | Duration | Notes |
|----|----|----|----|
| 20160110.repo.01.slug.sql | | 33ms | Adds unique repository names.
| 20160110.repo.02.slug.php | | 12ms | Forces names to be sensible/unique!
| 20160111.repo.01.slugx.sql | | 10ms | Converts old transactions.
| 20160112.repo.01.uri.sql | | 17ms | New repository URI index.
| 20160112.repo.02.uri.index.php | | 142ms | Populates index.
| 20160113.propanel.1.storage.sql | | 9ms | Prepares for future work.
| 20160113.propanel.2.xaction.sql | | 7ms | Is mysterious.
//"Duration" is the duration for this install, and may not be representative.//
Upgrading/Compatibility
=======================
- File storage in Amazon S3 has been updated to use the v4 authorization
API. Installs which use S3 will be prompted to make minor configuration
changes after upgrading. See T10114.
- There are changes to how Diffusion handles repository names. The
"Checkout / Clone As" field is now required to be sensible and unique.
See T10115 for discussion.
Phacility (SAAS)
================
- Instance administrators can now configure `uri.allowed-protocols` from
the instance administration console.
Minor
=====
- Fixed an issue where `!!!!!` and similar would not render faithfully.
- The "script and regex" linter can now capture no "line" to indicate that
a message affects an entire file.
- Improved behavior of `bin/files migrate` with chunked engines.
- Fixed an issue where `width` or `height` would conflict with `inline` on
images embedded in Remarkup.
- Added `clear: both` to `<hr />` rules, to allow them to clear floated
content like images.
- It's now easier to confirm bulk jobs later if you don't confirm them
immediately.
- Fixed an issue where Command + Enter (or Control + Enter) would not submit
actions using the new "Stacked Actions" UI.
- Improved behavior of "owners" transaction in "maniphest.edit" endpoint.
- Sending mail to `username@phabricator.domain.com` no longer tries to create
a Conpherence witht that user.
- Certain configuration validation problems which could fatal the setup
process are now reparied and warned about instead.
- Fixed a possible failure when generating a reply to email containing
duplicate headers.
- The `viewerprojects()` function no longer returns results if the viewer
is in no projects.
- Feed stories with custom date fields now render readably.
- Fixed an issue where hashtags inside bold tags wouldn't bold correctly.
- Diffusion now shows Git author time data.