2017 Week 32 (Mid August)
2017 Week 32 (Mid August)
Summary of changes from August 5, 2017 to August 11, 2017.
| Codebase | Repository | HEAD | Activity | |
|---|---|---|---|---|
| Phabricator | rP | rP45b0fd8f9b | 25 commits | |
| Arcanist | rARC | rARC5eda4033 | 0 commits | |
| libphutil | rPHU | rPHU276f6d3 | 1 commit | |
| Instances (SAAS) | rSAAS | rSAAS84a242a | 21 commits | |
| Services (SAAS) | rSERVICES | rSERVICES08219d6 | 0 commits | |
| Core (SAAS) | rCORE | rCORE2e472df | 0 commits | |
- These changes were promoted to stable.
General
IMPORTANT: This release contains a major security fix.
All of Git, Mercurial and Subversion were vulnerable to an issue with mishandling of SSH URIs, until simultaneous releases on August 10th, 2017. This vulnerability could lead to arbitrary code execution.
You should upgrade Phabricator, Git, Mercurial, and Subversion on the server, and Git, Mercurial and Subversion on all clients, immediately.
For additional discussion, see T12961.
Security
- See "General" for an information on a major security issue.
Migrations
- No migrations in this period.
Upgrading / Compatibility
- Phabricator no longer populates or updates Mercurial working copies for observed repositories. This is a partial mitigation for the security issue mentioned above. If you relied on Phabricator to maintain a working copy for you, you'll need to find a different strategy. Phabricator has not populated or updated working copies for hosted Mercurial repositories for at least several years.
- Removed obsolete bin/files purge workflow.
Minor
- Fixed an issue where dates prior to 1970 could hang in Javascript.
- The "Rejected Older Diff" reviewer icon is now red, not grey.
Tags
None
Referenced Files
None
Subscribers
None
- Last Author
- epriestley
- Last Edited
- Aug 11 2017, 1:29 PM