2014-09 September
Updated 877 Days AgoPublic

General

  • Infrastructure is in place to support 4-byte UTF8 characters. For installs that primarily use a language with latin glyphs, this mostly means emoji. For other installs, this may affect a wider range of characters. This needs to bake for a while longer before we enable it for everyone, but is enabled on secure.phabricator.com. It should roll out globally by next month.
  • When you mention an object on another object, a note is now generated on the mentioned object.
  • We renamed "Beta" applications to "Prototype" applications to better communicate that these applications are often in an early stage of development and we don't offer support for them until they leave the prototype phase.
  • Project membership can now be locked, which prevents members from leaving. This may be useful for creating access blacklists.

Upgrading/Compatibility

  • There are a large number of small migrations this month as part of utf8mb4 support. These should complete quickly for all installs.

Security

  • The "Shellshock" Bash vulnerability was recently disclosed. You should patch your systems. You can find information about how it affects Phabricator and our response to the issue in T6185.
  • We received 43 reports via HackerOne in this period, but none of them identified legitimate security issues. These were mostly duplicates, reports which did not follow the program rules, or low-quality reports by a small number of persistent researchers.

Miscellaneous

  • Fixed an issue which reduced the utility of the "Accepted Differential Revision exists" condition in Herald.
  • Improved dragging while scrolling on workboards and in other interfaces.
  • Fixed an issue with parsing URIs like editor://open?arg=value.
  • Passphrase can now store empty secrets (like HTTP credentials with no password).
  • Added a configuration check for memory_limit impacting file uploads.
  • Thumbnail policy checks are now more consistent with file policies.
  • Made it more obvious how to ignore setup issues.
  • Expanded wording of "daemons have out of date configuration" setup issue.
  • Files added to comments by editing comments will now associate with objects correctly.
  • diffusion.querycommits now provides more information.
  • After pasting text, tokenizer inputs now resize.
  • Merging tasks in Maniphest now produces real transactions.
  • Closing revisions now produces real transactions.
  • Added an optional footer for linking to terms and policies.
  • Added a debugging option to make diagnosing hangs easier.
  • bin/repository destroy now supports destroying Pastes.
  • Added support for tel:. Because this protocol is uncommon, it is not enabled by default.
  • Calendars are no longer shown on profiles if the application is not installed.
  • Added support for :emoji:, like 🍕.
Last Author
epriestley
Subscribers
andytruong
Projects
None