Summary of changes from September 13, 2015 to September 19, 2015.
|Instances (SAAS)||rSAAS||rSAAS6de6761||3 commits|
|Services (SAAS)||rSERVICES||rSERVICES4828dcd||0 commits|
|Core (SAAS)||rCORE||rCOREbee5f5d||9 commits|
These changes were promoted to stable.
- No major changes in this period.
- The dot (Graphviz) remarkup rule has been removed from the upstream because the design of the feature is not secure and a researcher uncovered a material vulnerability which potentially allowed an attacker to disclose some information about the host system. The cowsay and figlet rules have been rewritten to run in-process. See T9408 for discussion in depth. This issue was reported to us via HackerOne, and we awarded a $300 bounty for it.
- There is an upcoming mandatory migration from old Differential hunk storage to new Differential hunk storage. Installs with a large amount of data and a long history can avoid maintenance downtime by running this migration manually in advance of when it becomes mandatory. Follow T8623 for discussion.
- Tweaked design of Phacility admin console.
- Added bin/auth unlimit for manually clearing user rate limits.
- Fixed an issue where notifications about macros didn't clear correctly.
- Fixed an issue where arc patch would try to set credentials twice.