2015 Week 38 (Late September)
Updated 1,002 Days AgoPublic

Summary of changes from September 13, 2015 to September 19, 2015.

CodebaseRepositoryHEADActivity
PhabricatorrPrP9c4385312 commits
ArcanistrARCrARC083127c3 commits
libphutilrPHUrPHU880c0fb1 commit
Instances (SAAS)rSAASrSAAS6de67613 commits
Services (SAAS)rSERVICESrSERVICES4828dcd0 commits
Core (SAAS)rCORErCOREbee5f5d9 commits

These changes were promoted to stable.

General

  • No major changes in this period.

Security

  • The dot (Graphviz) remarkup rule has been removed from the upstream because the design of the feature is not secure and a researcher uncovered a material vulnerability which potentially allowed an attacker to disclose some information about the host system. The cowsay and figlet rules have been rewritten to run in-process. See T9408 for discussion in depth. This issue was reported to us via HackerOne, and we awarded a $300 bounty for it.

Upgrading / Compatibility

  • There is an upcoming mandatory migration from old Differential hunk storage to new Differential hunk storage. Installs with a large amount of data and a long history can avoid maintenance downtime by running this migration manually in advance of when it becomes mandatory. Follow T8623 for discussion.

Phacility SAAS

  • Tweaked design of Phacility admin console.

Minor

  • Added bin/auth unlimit for manually clearing user rate limits.
  • Fixed an issue where notifications about macros didn't clear correctly.
  • Fixed an issue where arc patch would try to set credentials twice.
Last Author
epriestley
Projects
None
Subscribers
None