Summary of changes from June 24, 2016 to July 1, 2016.
| Codebase | Repository | {icon lock} | HEAD | Activity |
|----------|------------|--|------|----------|
| Phabricator | rP | | rPceb395e | 35 commits |
| Arcanist | rARC | | rARC4d4d16f | 1 commit |
| libphutil | rPHU | | rPHUdde2f74 | 3 commits |
| Instances (SAAS) | rSAAS | {icon lock} | rSAAS82ab2a7 | 2 commits |
| Services (SAAS) | rSERVICES | {icon lock} | rSERVICES9cc774e | 0 commits |
| Core (SAAS) | rCORE | {icon lock} | rCORE35d7495 | 0 commits |
- These changes were promoted to `stable`.
IMPORTANT: This release fixes a serious security issue (stored XSS in repositories). See T11257 for details.
General
=======
- All tokens have been replaced with boars. :boar:
- Relationship editing actions (like "Edit Parent Tasks") have been retouched in all applications.
- The "Table of Contents", "Local Commits", "Revision Update History" and "Other Open Revisions Affecting these Files" sections in Differential have been merged into a single tab panel.
A new "Stack" tab has been added to Differential. This tab shows parent and child revisions and their statuses:
{F1708578, size=full}
A new "Task Graph" panel has been added to Maniphest, replacing the lists of blocked and blocking tasks:
{F1708583, size=full}
Security
========
IMPORTANT: This release fixes a stored XSS issue in Diffusion. Attackers require write access to a repository to exploit it, but there is no way to mitigate the attack in configuration. All installs are advised to upgrade. See T11257 for details.
Migrations
==========
- //No migrations in this period.//
Upgrading / Compatibility
=========================
The indexers for Pholio Mocks and Diffusion Commits have been updated, so you may optionally want to rebuild the search indexes for these objects:
```
phabricator/ $ ./bin/search index --background --type Mock
phabricator/ $ ./bin/search index --background --type Commit
```
Rebuilding the commit index may take a substantial amount of time. The primary benefit of rebuilding these indexes is that the new {nav Edit Commits} actions in Maniphest and Differential will work better, so this may not be worthwhile.
Going forward, newly created and edited objects will index fully on their own whether you do this or not.
Phacility
=========
- Large instance pricing now stops increasing at $1,000/month. [[ http://blog.phacility.com/post/2/pricing_changes_costs_now_stop_increasing_at_50_users/ | Learn More ]].
Minor
=====
- We now censor credentials with `********` instead of `xxxxx`.
- Improved handling of unusual URIs passed to `arc install-certificate`.
- Blogs and Badges are now more destructible.
- Embedding pastes inside inline comments generates less padding.
- Documented the `---` rule.
- Fixed a bad CSRF token when adding email addressses.
- We now detect the MIME type of large files properly.
- Fixed some redirect issues when editing bot API tokens.
- Phame posts are now more searchable.