Summary of changes from April 2, 2017 to April 7, 2017.
|Instances (SAAS)||rSAAS||rSAASb9effb5||1 commit|
|Services (SAAS)||rSERVICES||rSERVICES772620e||0 commits|
|Core (SAAS)||rCORE||rCORE3eebdfc||0 commits|
- These changes were promoted to stable.
Files now support integrity hashes. This defuses some obscure attacks which could allow adversaries with a substantial level of access to replace safe file data on disk (trustworthy.exe) with unsafe data (evil.exe).
Additionally, we have removed internal use of SHA1 and started moving away from HMAC+SHA1. See T12515 for detailed discussion of these issues.
After upgrading, installs are encouraged to run this command to backfill integrity hashes for existing file data:
phabricator/ $ ./bin/files integrity --compute --all
This command can be run while Phabricator is online and serving requests.
- See note about Files integrity hashes above.
"Duration" is the duration for this install, and may not be representative.
- No notes in this period.
- Fixed a bug where "sticky accept" wasn't sticky.
- Fixed a bug where "force accept" didn't need to be checked to apply.
- The differential.revision.search API method now supports a reviewers attachment.
- Added a new file.search method to the Conduit API.
- arc upload now uses SHA256.
- arc download now uses file.search if avialable.
- Fixed several bugs with Range HTTP header handling.
- The file.uploadhash API method has been deprecated.
- Fixed some minor bugs with relative/absolute TTLs for temporary files.
- Fixed some typos, missing strings, and untranslatable strings.
- robots.txt now forbids /source/ in addition to /diffusion/.
- The PullLocal daemon now attempts to sleep long enough to hibernate.