2015-01 January
2015-01 January
General
- Notifications now use WebSockets instead of Flash. The bin/aphlict server has changed behavior slightly. For more information, see T6903.
- Updated the appearance of some UI elements and icons, and adjusted the design of project and user profile pages.
- Phabricator can now use another Phabricator instance as a login provider.
- Application email (like a bugs@phabricator.company.com address that users can send mail to in order to create tasks) is now configured in application options.
- Applications can have more than one mailing address, and Herald can execute rules based on which address mail was sent to.
- Mentioning projects with #project will no longer automatically associate projects with an object.
- Replaced perfectly satisfactory scrollbar with a bad, glitchy one.
Upgrading/Compatibility
- Removed long-deprecated maniphest.find call. Use maniphest.query.
- The scripts/repository/reparse.php script has moved to bin/repository reparse.
- If you run the notification server, you may need to start it manually and make adjustments if it runs into errors.
Security
- We received about 15 reports this month via HackerOne, but none represented actionable vulnerabilities.
- The "GHOST" vulnerability was disclosed recently. It does not specifically impact Phabricator, but you should make sure your servers are up to date.
Almanac, Clusters and Instances
These changes support running a Phabricator cluster. Cluster configurations are still in a prototyping phase.
- Added bin/almanac register for registering cluster devices.
- Added cluster.addresses config option.
- Added cluster.instance config option.
- Added phd.variant-config config option.
- The Auth application now has a "Manage Providers" capability.
- The People application now has a "Create Users" capability.
- Application policies can now be locked in configuration.
- Added a "ClusterDatabase" Almanac service type.
- Added support for routing HTTP, SSH and Conduit requests in a cluster configuration.
- We now pass instance identity everywhere.
Phortune and Subscriptions
- Implemented clock-based triggers for scheduling events.
- Implemented subscriptions in Phortune, which allow applications to bill an account periodically. This capability is not yet used by any upstream application.
OAuthServer
- Added modern policy support.
- Improved handling of secrets.
- OAuth servers can now be destroyed.
Misc
- Fixed some issues where strings truncation could be insufficiently aggressive with unicode strings.
- Improved the Fixes T123 interaction between commits and tasks.
- Uninstalled applications no longer render with dead links on the application launcher.
- After logging in explicitly, users are now redirected to the page they logged in from.
- Logged out users can now use "View Raw" on visible comments.
- Slowvote description changes now diff properly.
- Comment history no longer shows a nonfunctional dropdown menu.
- bin/storage adjust no longer purges caches.
- Added a bin/storage shell command.
- We now do a better job of parsing Mercurial version numbers.
- Differential now supports defining a mail address where users can send diffs.
- Made a handful of old queries properly policy-aware.
Developer
- Fixed inconsistent names of many classes.
- Fixed inconsistent visiblity of many methods.
- Moved all remaining edges to EdgeType.
- Improved behavior of incorrectly translated strings.
- HTTPSFuture now supports raw HTTP bodies.
- Improved top-level exception handling.
- Fixed an issue where cookies might not clear correctly with a prefix set.
- Last Author
- epriestley
- Last Edited
- Feb 2 2015, 9:56 PM