2015-02 February
Updated 1,115 Days AgoPublic


  • The daemons have been restructured to use less memory.
  • Phabricator now supports email invites.
  • Diffusion's default rules around sending mail and creating audits should now better match intent when importing new repositories.

Upgrading / Compatibility

  • If you've configured a layer on top of the daemons, it may make assumptions which are no longer valid. Check that it still works properly. We recommend using phd to manage the daemons.
  • If you're running MySQL older than 5.5, upgrading will do some exta adjustment work, which may take some time. You may need to use --unsafe to complete these adjustments. Strongly consider upgrading to MySQL 5.5 or newer.
  • If you have custom translations, they will need to be updated. Translations have been refactored to be more modular.
  • We now issue a setup warning which walks administrators through configuring an alternate file domain or CDN. This improves security and can improve performance.
  • The minimum version of Subversion was previously unspecified, but is now 1.5.


  • Added support for HSTS.
  • We reacted to the GHOST vulnerability, but there was nothing actionable in Phabricator itself.
  • We received about 5 reports via HackerOne in this period, but none represented qualifying or actionable vulnerabilities.


  • Fixed an issue where listeners were not cleaned up properly.
  • Added support for hosting multiple installs on one Aphlict server.


  • Improved handling of untracked, unstaged, and uncommitted changes.
  • Fixed an issue with arc which --show-base emitting too much output.


  • Added phd reload to reload daemons in place. This is an advanced workflow.
  • We now automatically start the Trigger daemon.
  • Merged the GarbageCollector daemon into the Trigger daemon.
  • Fixed a bug where we'd identify invalid daemons.
  • The daemons now heartbeat over stdout instead of via SIGUSR1.
  • Fixed a bug where SIGINT would incorrectly be sent to subproceses when performing a graceful shutdown.
  • Added support for autoscaling daemon pools.
  • Increased the specificity of the "Daemons and Web Have Different Config" warning.


  • Fixed an issue where the PullLocal daemon could retry failing repositories much too quickly.
  • Added diffusion.ssh-host for configurations where SSH VCS traffic is load balanced through a different host.
  • Improved visibility of credential-related errors in repository import.
  • Fixed a race condition where a commit that "Reverts" another commit could incorrectly wipe the "Herald" import step flag.


  • Legalpad documents can now be flagged as required by all users (for example, to implement a Terms of Service document).
  • Legalpad documents can now have a "No One" signature type (for example, for policy documents which do not require a signature).

OAuth Server

  • Users must now be able to see an OAuth application to authenticate with it.
  • Improved usability of authentication workflow.
  • Added "trusted" application flag to improve usability when an OAuth application is trusted.


  • Added autopay support to Phortune.
  • Added email invoices to Phortune.

Minor / Bug Fixes

  • Fixed a handful of longstanding minor issues in policy code.
  • Removed some redundant "(authored by X)" attributions.
  • Made CDN requests instance-aware.
  • Made S3 storage engine instance-aware.
  • Added "Auto-Login" support for cases with only one usable provider.
  • In Remarkup, inline images now properly render inline.
  • Added support for .woff2 font files.
  • Added a Conduit method to retrieve public keys.
  • The Home application can now be uninstalled. Don't do this.
  • Disabled caching of remarkup previews, which was not useful and occasionally consumed significant resources.

Developer / Internal

  • Stack traces now report library version information.
  • Added methods for getting system memory information.
Last Author