2015 Week 38 (Late September)
2015 Week 38 (Late September)
Summary of changes from September 13, 2015 to September 19, 2015.
Codebase | Repository | HEAD | Activity | |
---|---|---|---|---|
Phabricator | rP | rP9c43853 | 12 commits | |
Arcanist | rARC | rARC083127c | 3 commits | |
libphutil | rPHU | rPHU880c0fb | 1 commit | |
Instances (SAAS) | rSAAS | rSAAS6de6761 | 3 commits | |
Services (SAAS) | rSERVICES | rSERVICES4828dcd | 0 commits | |
Core (SAAS) | rCORE | rCOREbee5f5d | 9 commits | |
These changes were promoted to stable.
General
- No major changes in this period.
Security
- The dot (Graphviz) remarkup rule has been removed from the upstream because the design of the feature is not secure and a researcher uncovered a material vulnerability which potentially allowed an attacker to disclose some information about the host system. The cowsay and figlet rules have been rewritten natively. See T9408 for discussion in depth. This issue was reported to us via HackerOne, and we awarded a $300 bounty for it.
Upgrading / Compatibility
- There is an upcoming mandatory migration from old Differential hunk storage to new Differential hunk storage. Installs with a large amount of data and a long history can avoid maintenance downtime by running this migration manually in advance of when it becomes mandatory. Follow T8623 for discussion.
Phacility SAAS
- Tweaked design of Phacility admin console.
Minor
- Added bin/auth unlimit for manually clearing user rate limits.
- Fixed an issue where notifications about macros didn't clear correctly.
- Fixed an issue where arc patch would try to set credentials twice.
Tags
None
Referenced Files
None
Subscribers
None
- Last Author
- epriestley
- Last Edited
- Sep 19 2015, 12:20 PM