2017 Week 11 (Late March)

Updated 2,597 Days AgoPublic

Actions

Summary of changes from March 11, 2017 to March 17, 2017.

• These changes were promoted to stable.

General

• See "Security", below, for an important security notice.

Security

This release fixes an issue where "Show Raw File" in Differential could generate files with permissions that were too open. See T12408 for details and discussion.

Part of the fix involves a migration to destroy cached files with bad permissions. This migration may take a significant amount of time if you have a large number of revisions (approximately 4 minutes on this install, with 17,000 revisions).

This issue was reported to us via HackerOne.

Migrations

"Duration" is the duration for this install, and may not be representative.

Upgrading / Compatibility

• See note in "Security".

Minor

• Fixed an issue where some Remarkup options were hidden on mobile.
• Added an "Install Dashboard" workflow.
• Administrators can now identify users who don't have MFA configured, to ease the process of enabling the security.require-multi-factor-auth option.
• bin/config set --database ... now resurrects deleted values.
• In commit messages, "Auditors: author" no longer stalls in the daemon queue.
• Made some performance improvements to Badges.
• The deep internals of fetching changes from an observed Git repository may work better, worse, or differently now, and may be faster or slower and use fewer or more resources.
• Shuffled around the bugs you'll encounter when sending SMTP mail to a thousand recipients.