Page MenuHomePhabricator

2015-03 March
Updated 3,261 Days AgoPublic

General

  • Pink flags are now colored correctly.
  • Differential now supports a unified diff view and defaults to it on narrow screens. This should make code review from phones somewhat less painful. If you prefer unified diffs even on wide screens, you can make them the default in your settings.
  • Differential inline comments have been redesigned.
  • Inline comments now have a "Done" checkbox. This feature is still under development; see T1460 for discussion.

Upgrading and Compatibility

  • If you're running MySQL older than 5.5, you may have to perform a handful of storage adjustments. Strongly consider upgrading to 5.5 or newer.
  • File storage engines have received some changes. In most cases, installs should not be meaningfully impacted. You may want to review the documentation, which has been updated. Broadly, these changes add support for arbitrarily large files.
  • Removed support for Balanced payments. Balanced is shutting down and recommends customers migrate to Stripe.

Security

  • The granularity available for controlling outbound HTTP requests has been increased, and the default settings no longer permit connections to hosts in reserved IP blocks. This is primarily a response to learning that EC2 deploys a link-local HTTP service which may expose credentials and other sensitive information over HTTP. This issue was reported to us via HackerOne and we awarded a $300 bounty for it.
  • We fixed a self-XSS hole with date display formats. This issue was reported to us via HackerOne and we awarded a $300 bounty for it.
  • Mercurial has a command execution issue which is fixed in 3.2.4. We've mitigated it, but users are strongly encouraged to upgrade Mercurial.
  • We received 6 other reports in this period, but none described qualifying vulnerabilities.

Arcanist

  • arc upload will now perform chunked uploads for large files if the server supports it.

Conpherence

  • Non-users can no longer be added to Conpherence threads via the API.
  • Conpherence threads now use the "Z" monogram.
  • Added support for rooms. Rooms are similar to threads, but are browsable, joinable, and have a wider range of policy controls.
  • Username mentions are now rendered with a disabled style if the mentioned user can not see the current thread or room.

Differential

  • Revisions which have missing legal agreements no longer show changes to reviewers until agreements are signed.
  • Improved messaging for new, empty files.
  • Deleting comments now offers "undo" instead of prompting.
  • Added a new "Update Diff" action to make the copy/paste workflow easier.
  • Very large files are no longer highlighted by default.
  • Improved copy detection algorithm for some cases.
  • Differential now only shows recent open revisions affecting the same files.
  • Abandoned revisions now transition to "needs review" when updated.

Diffusion

  • Repositories created through the API now set "importing" correctly.
  • Nonpublishing repositories no longer activate object mentions.
  • Repositories can now be ordered by commit count.
  • Codebase search results are no longer syntax highlighted. In many cases, this is a huge performance improvement.
  • Fixed an issue where Mercurial repositories emitted a warning about TERM.
  • Fixed an issue with moving or copying directories in hosted SVN repositories.

Files

  • Added a chunk storage engine to support very large files.
  • Added a bin/files cat command to view and download files from the CLI.
  • Made most uploads of large files resumable.
  • Storage engine selection is now simpler and more modular.
  • Added a UI element to show storage engine status.

Maniphest

  • Fixed an issue where certain paging queries could fail to progress.
  • Fixed an array of issues related to dragging tasks within a priority level.

Phortune

  • Improved "Add Payment Method" workflow for subscriptions.
  • Improved some policy behaviors in Phortune.
  • Autopay no longer offers expired payment methods.
  • Most Phortune objects no longer support dashboard panels.
  • Fixed an issue where subscriptions could fail to trigger properly.

Miscellaneous

  • Builtin files are no longer created with the wrong policies.
  • File download links no longer lose the download parameter.
  • Removed comments no longer show "View Raw".
  • Users who have not signed "Terms of Service" documents may now view other Legalpad documents.
  • bin/config now raises better errors when trying to set a list or set with the wrong syntax.
  • bin/lipsum works better for Pholio mocks.
  • Added support for ed25519 SSH keys.
  • Fixed a collation issue in old MySQL.
  • Removed help command in global search.
  • File downloads now retain a wider set of characters in filenames.
  • Standard custom "remarkup" fields now show edit details in history.
  • Fixed some edge case parsing issues with project hashtags.
  • Resolved an issue where "Show Older" might not appear on objects with a very large number of transactions.
  • XHProf now works better on devices.
  • Removed Konami code easter egg.
  • Improved behavior of the "Daemons Have Variant Config" warning.
  • LiskDAO can now be forced to a specific connection.
  • MetaMTA now supports raw "From" addresses.
  • Added storage renamespace for mangling database dumps.
  • Fixed a bad button in Owners for packages with open audits.
  • Added a phabricator.silent mode to stop all outbound publishing.
  • Trying to edit policies for an application when you don't have permission now shows the correct error dialog instead of failing silently.
  • Notifications sent to projects are now delivered to users.
Last Author
secanaly
Last Edited
Apr 14 2015, 1:21 PM