2015-02 February

Updated 3,556 Days AgoPublic

Actions

General

• The daemons have been restructured to use less memory.
• Phabricator now supports email invites.
• Diffusion's default rules around sending mail and creating audits should now better match intent when importing new repositories.

Upgrading / Compatibility

• If you've configured a layer on top of the daemons, it may make assumptions which are no longer valid. Check that it still works properly. We recommend using phd to manage the daemons.
• If you're running MySQL older than 5.5, upgrading will do some exta adjustment work, which may take some time. You may need to use --unsafe to complete these adjustments. Strongly consider upgrading to MySQL 5.5 or newer.
• If you have custom translations, they will need to be updated. Translations have been refactored to be more modular.
• We now issue a setup warning which walks administrators through configuring an alternate file domain or CDN. This improves security and can improve performance.
• The minimum version of Subversion was previously unspecified, but is now 1.5.

Security

• Added support for HSTS.
• We reacted to the GHOST vulnerability, but there was nothing actionable in Phabricator itself.
• We received about 5 reports via HackerOne in this period, but none represented qualifying or actionable vulnerabilities.

Aphlict

• Fixed an issue where listeners were not cleaned up properly.
• Added support for hosting multiple installs on one Aphlict server.

Arcanist

• Improved handling of untracked, unstaged, and uncommitted changes.
• Fixed an issue with arc which --show-base emitting too much output.

Daemons

• Added phd reload to reload daemons in place. This is an advanced workflow.
• We now automatically start the Trigger daemon.
• Merged the GarbageCollector daemon into the Trigger daemon.
• Fixed a bug where we'd identify invalid daemons.
• The daemons now heartbeat over stdout instead of via SIGUSR1.
• Fixed a bug where SIGINT would incorrectly be sent to subproceses when performing a graceful shutdown.
• Added support for autoscaling daemon pools.
• Increased the specificity of the "Daemons and Web Have Different Config" warning.

Diffusion

• Fixed an issue where the PullLocal daemon could retry failing repositories much too quickly.
• Added diffusion.ssh-host for configurations where SSH VCS traffic is load balanced through a different host.
• Improved visibility of credential-related errors in repository import.
• Fixed a race condition where a commit that "Reverts" another commit could incorrectly wipe the "Herald" import step flag.

Legalpad

• Legalpad documents can now be flagged as required by all users (for example, to implement a Terms of Service document).
• Legalpad documents can now have a "No One" signature type (for example, for policy documents which do not require a signature).

OAuth Server

• Users must now be able to see an OAuth application to authenticate with it.
• Improved usability of authentication workflow.
• Added "trusted" application flag to improve usability when an OAuth application is trusted.

Phortune

• Added autopay support to Phortune.
• Added email invoices to Phortune.

Minor / Bug Fixes

• Fixed a handful of longstanding minor issues in policy code.
• Removed some redundant "(authored by X)" attributions.
• Made CDN requests instance-aware.
• Made S3 storage engine instance-aware.
• Added "Auto-Login" support for cases with only one usable provider.
• In Remarkup, inline images now properly render inline.
• Added support for .woff2 font files.
• Added a Conduit method to retrieve public keys.
• The Home application can now be uninstalled. Don't do this.
• Disabled caching of remarkup previews, which was not useful and occasionally consumed significant resources.

Developer / Internal

• Stack traces now report library version information.
• Added methods for getting system memory information.