Summary of changes from December 9, 2018 to December 14, 2018.
| Codebase | Repository | {icon lock} | HEAD | Activity |
|----------|------------|--|------|----------|
| Phabricator | rP | | rP54b952df5 | 31 commits |
| Arcanist | rARC | | rARCeb732555 | 1 commit |
| libphutil | rPHU | | rPHUcad1985 | 1 commit |
| Instances (SAAS) | rSAAS | {icon lock} | rSAAS1f72228 | 0 commits |
| Services (SAAS) | rSERVICES | {icon lock} | rSERVICES019a12a | 0 commits |
| Core (SAAS) | rCORE | {icon lock} | rCOREfe57659 | 0 commits |
- These changes were promoted to `stable`.
General
=======
[{icon tint, color=sky}] **Create Subtask** now prompts you to select between forms. By default, you will be offered a choice between all available "Create" forms. The available forms can be customized in `maniphest.subtypes` (see the configuration option for documentation). If only one form is available to the user, they'll be taken directly to that form.
[{icon tint, color=sky}] The session key digest algorithm has been updated from HMAC-SHA1 to HMAC-SHA256. Existing sessions will be upgraded transparently when they are used. At some point in the future (at least several months from now) the HMAC-SHA1 support will be removed and sessions will no longer upgrade on their own, which may create a minor inconvenience by logging users out if their sessions have not been upgraded in the meantime.
Security
========
- //No notes in this period.//
Migrations
==========
| Migration | Risk | Duration | Notes |
|-----------|------|----------|-------|
| 20181213.auth.01.sessionphid.sql | | 45 ms |
| 20181213.auth.02.populatephid.php | | 115 ms |
| 20181213.auth.03.phidkey.sql | | 18 ms |
| 20181213.auth.04.longerhashes.sql | | 38 ms |
| 20181213.auth.05.longerloghashes.sql | | 635 ms |
//"Duration" is the duration for this install, and may not be representative.//
Upgrading / Compatibility
=========================
- The default behavior of "Create Subtask" has changed slightly (see above). It can be configured to behave in the old way with `maniphest.subtypes`.
- The `loadOneRelative()` and `loadRelatives()` methods on `LiskDAO` have been removed. These were very old approaches to tackling the "N+1 Query Problem", but became less attractive as Phabricator's policy model evolved and had very few modern callsites and a dim future. Generally, these calls can be transformed into `loadOneWhere()` and `loadAllWhere()` to get the same effect, but may suffer a performance penalty. In most cases, using a `Query` class with the `needAttachmentThing(true)` pattern is the most modern approach to problems these methods solved.
- See note above about session digests.
Minor
=====
- Fixed several straggling `qsprintf()` callsites from T13217.
- Made some optional `phriction.edit` parameters actually optional.
- [{icon tint, color=sky}] In Differential, marking an inline you authored as "Done" no longer counts when generating the "alice marked 6 inlines as done." story in the transaction log. This primarily reduces noise around authors leaving inlines for themselves and reviewers leaving pre-marked inlines. Effectively, this is now an "alice marked 6 inlines [authored by other users] as done." story.
- Fixed an Aphlict startup issue on newer versions of Node.
- [{icon tint, color=sky}] Test notifications no longer appear in feed.
- [{icon tint, color=sky}] Test notifications can now be sent from the command line with `bin/aphlict notify`.
- Fixed a bug where tasks created directly into a workboard column wouldn't stick to the column properly.
- Timezones that are offset by a non-integer number of hours (e.g., UTC+9:30) now render the minute offset correctly.
- Users can now be approved with `user.edit`.
- Users can now be renamed with `user.edit`.
//The [{icon tint, color=sky}] icon indicates a change backed by support mana.//