Summary of changes from August 5, 2017 to August 11, 2017.
|Instances (SAAS)||rSAAS||rSAAS84a242a||21 commits|
|Services (SAAS)||rSERVICES||rSERVICES08219d6||0 commits|
|Core (SAAS)||rCORE||rCORE2e472df||0 commits|
- These changes were promoted to stable.
All of Git, Mercurial and Subversion were vulnerable to an issue with mishandling of SSH URIs, until simultaneous releases on August 10th, 2017. This vulnerability could lead to arbitrary code execution.
You should upgrade Phabricator, Git, Mercurial, and Subversion on the server, and Git, Mercurial and Subversion on all clients, immediately.
For additional discussion, see T12961.
- See "General" for an information on a major security issue.
- No migrations in this period.
- Phabricator no longer populates or updates Mercurial working copies for observed repositories. This is a partial mitigation for the security issue mentioned above. If you relied on Phabricator to maintain a working copy for you, you'll need to find a different strategy. Phabricator has not populated or updated working copies for hosted Mercurial repositories for at least several years.
- Removed obsolete bin/files purge workflow.
- The "Rejected Older Diff" reviewer icon is now red, not grey.