2016 Week 3 (Mid January)
2016 Week 3 (Mid January)
Summary of changes from January 8, 2016 to January 15, 2016.
| Codebase | Repository | HEAD | Activity | |
|---|---|---|---|---|
| Phabricator | rP | rPaadc1b7 | 35 commits | |
| Arcanist | rARC | rARCb871383 | 3 commits | |
| libphutil | rPHU | rPHUc3fd3a8 | 4 commits | |
| Instances (SAAS) | rSAAS | rSAASe9d0909 | 2 commits | |
| Services (SAAS) | rSERVICES | rSERVICESa981a58 | 0 commits | |
| Core (SAAS) | rCORE | rCOREbdfa9de | 2 commits | |
- These changes were promoted to stable.
- See also Development Notes (2016 Week 3).
General
- No major changes in this period, but see "Upgrading" below for two things to watch out for.
Security
- Two major vulnerabilities in SSH were disclosed this week. They do not have any special impact on Phabricator, but administrators should be aware of them. See T10151 for discussion. (These issues have already been mitigated in the Phacility cluster.)
- Fixed an issue where extended policy filters could have allowed objects through incorrectly, given complex preconditions not currently present in the application. This issue was reported to us via HackerOne, and we awarded a $300 bounty for it.
Migrations
| Migration | Risk | Duration | Notes |
|---|---|---|---|
| 20160110.repo.01.slug.sql | 33ms | Adds unique repository names. | |
| 20160110.repo.02.slug.php | 12ms | Forces names to be sensible/unique! | |
| 20160111.repo.01.slugx.sql | 10ms | Converts old transactions. | |
| 20160112.repo.01.uri.sql | 17ms | New repository URI index. | |
| 20160112.repo.02.uri.index.php | 142ms | Populates index. | |
| 20160113.propanel.1.storage.sql | 9ms | Prepares for future work. | |
| 20160113.propanel.2.xaction.sql | 7ms | Is mysterious. | |
"Duration" is the duration for this install, and may not be representative.
Upgrading/Compatibility
- File storage in Amazon S3 has been updated to use the v4 authorization API. Installs which use S3 will be prompted to make minor configuration changes after upgrading. See T10114.
- There are changes to how Diffusion handles repository names. The "Checkout / Clone As" field is now required to be sensible and unique. See T10115 for discussion.
Phacility (SAAS)
- Instance administrators can now configure uri.allowed-protocols from the instance administration console.
Minor
- Fixed an issue where !!!!! and similar would not render faithfully.
- The "script and regex" linter can now capture no "line" to indicate that a message affects an entire file.
- Improved behavior of bin/files migrate with chunked engines.
- Fixed an issue where width or height would conflict with inline on images embedded in Remarkup.
- Added clear: both to <hr /> rules, to allow them to clear floated content like images.
- It's now easier to confirm bulk jobs later if you don't confirm them immediately.
- Fixed an issue where Command + Enter (or Control + Enter) would not submit actions using the new "Stacked Actions" UI.
- Improved behavior of "owners" transaction in "maniphest.edit" endpoint.
- Sending mail to username@phabricator.domain.com no longer tries to create a Conpherence with that user.
- Certain configuration validation problems which could fatal the setup process are now reparied and warned about instead.
- Fixed a possible failure when generating a reply to email containing duplicate headers.
- The viewerprojects() function no longer returns results if the viewer is in no projects.
- Feed stories with custom date fields now render readably.
- Fixed an issue where hashtags inside bold tags wouldn't bold correctly.
- Diffusion now shows Git author time data.
Tags
None
Referenced Files
None
Subscribers
None
- Last Author
- Luke081515.2
- Last Edited
- Jan 16 2016, 7:06 PM