2017 Week 32 (Mid August)
Updated 159 Days AgoPublic

Summary of changes from August 5, 2017 to August 11, 2017.

CodebaseRepositoryHEADActivity
PhabricatorrPrP45b0fd8f9b25 commits
ArcanistrARCrARC5eda40330 commits
libphutilrPHUrPHU276f6d31 commit
Instances (SAAS)rSAASrSAAS84a242a21 commits
Services (SAAS)rSERVICESrSERVICES08219d60 commits
Core (SAAS)rCORErCORE2e472df0 commits
  • These changes were promoted to stable.

General

IMPORTANT: This release contains a major security fix.

All of Git, Mercurial and Subversion were vulnerable to an issue with mishandling of SSH URIs, until simultaneous releases on August 10th, 2017. This vulnerability could lead to arbitrary code execution.

You should upgrade Phabricator, Git, Mercurial, and Subversion on the server, and Git, Mercurial and Subversion on all clients, immediately.

For additional discussion, see T12961.

Security

  • See "General" for an information on a major security issue.

Migrations

  • No migrations in this period.

Upgrading / Compatibility

  • Phabricator no longer populates or updates Mercurial working copies for observed repositories. This is a partial mitigation for the security issue mentioned above. If you relied on Phabricator to maintain a working copy for you, you'll need to find a different strategy. Phabricator has not populated or updated working copies for hosted Mercurial repositories for at least several years.
  • Removed obsolete bin/files purge workflow.

Minor

  • Fixed an issue where dates prior to 1970 could hang in Javascript.
  • The "Rejected Older Diff" reviewer icon is now red, not grey.
Last Author
epriestley
Projects
None
Subscribers
None