2017 Week 11 (Late March)
Updated 306 Days AgoPublic

Summary of changes from March 11, 2017 to March 17, 2017.

CodebaseRepositoryHEADActivity
PhabricatorrPrP688c120f9f15 commits
ArcanistrARCrARC3b6b523c0 commits
libphutilrPHUrPHU13a200c0 commits
Instances (SAAS)rSAASrSAAS286f9e70 commits
Services (SAAS)rSERVICESrSERVICES772620e0 commits
Core (SAAS)rCORErCOREc1d41b03 commits
  • These changes were promoted to stable.

General

  • See "Security", below, for an important security notice.

Security

IMPORTANT: This release contains an important security fix.

This release fixes an issue where "Show Raw File" in Differential could generate files with permissions that were too open. See T12408 for details and discussion.

Part of the fix involves a migration to destroy cached files with bad permissions. This migration may take a significant amount of time if you have a large number of revisions (approximately 4 minutes on this install, with 17,000 revisions).

This issue was reported to us via HackerOne.

Migrations

MigrationRiskDurationNotes
20170313.reviewers.01.sql17 ms
20170316.rawfiles.01.php204,010 msMay be slow, see "Security".

"Duration" is the duration for this install, and may not be representative.

Upgrading / Compatibility

  • See note in "Security".

Minor

  • Fixed an issue where some Remarkup options were hidden on mobile.
  • Added an "Install Dashboard" workflow.
  • Administrators can now identify users who don't have MFA configured, to ease the process of enabling the security.require-multi-factor-auth option.
  • bin/config set --database ... now resurrects deleted values.
  • In commit messages, "Auditors: author" no longer stalls in the daemon queue.
  • Made some performance improvements to Badges.
  • The deep internals of fetching changes from an observed Git repository may work better, worse, or differently now, and may be faster or slower and use fewer or more resources.
  • Shuffled around the bugs you'll encounter when sending SMTP mail to a thousand recipients.
Last Author
epriestley
Projects
None
Subscribers
jmeador