2015 Week 38 (Late September)
2015 Week 38 (Late September)
Summary of changes from September 13, 2015 to September 19, 2015.
| Codebase | Repository | HEAD | Activity | |
|---|---|---|---|---|
| Phabricator | rP | rP9c43853 | 12 commits | |
| Arcanist | rARC | rARC083127c | 3 commits | |
| libphutil | rPHU | rPHU880c0fb | 1 commit | |
| Instances (SAAS) | rSAAS | rSAAS6de6761 | 3 commits | |
| Services (SAAS) | rSERVICES | rSERVICES4828dcd | 0 commits | |
| Core (SAAS) | rCORE | rCOREbee5f5d | 9 commits | |
These changes were promoted to stable.
General
- No major changes in this period.
Security
- The dot (Graphviz) remarkup rule has been removed from the upstream because the design of the feature is not secure and a researcher uncovered a material vulnerability which potentially allowed an attacker to disclose some information about the host system. The cowsay and figlet rules have been rewritten to run in-process. See T9408 for discussion in depth. This issue was reported to us via HackerOne, and we awarded a $300 bounty for it.
Upgrading / Compatibility
- There is an upcoming mandatory migration from old Differential hunk storage to new Differential hunk storage. Installs with a large amount of data and a long history can avoid maintenance downtime by running this migration manually in advance of when it becomes mandatory. Follow T8623 for discussion.
Phacility SAAS
- Tweaked design of Phacility admin console.
Minor
- Added bin/auth unlimit for manually clearing user rate limits.
- Fixed an issue where notifications about macros didn't clear correctly.
- Fixed an issue where arc patch would try to set credentials twice.
Tags
None
Referenced Files
None
Subscribers
None
- Last Author
- epriestley
- Last Edited
- Sep 19 2015, 12:21 PM