Page MenuHomePhabricator

2018 Week 4 (Late January)
Updated 1,178 Days AgoPublic

Summary of changes from January 19, 2018 to January 26, 2018.

PhabricatorrPrP162563d40b80 commits
ArcanistrARCrARC2e0233220 commits
libphutilrPHUrPHU2d8cdda0 commits
Instances (SAAS)rSAASrSAAS301336d0 commits
Services (SAAS)rSERVICESrSERVICESedd96db2 commits
Core (SAAS)rCORErCORE163f9630 commits
  • These changes were promoted to stable.


[] Bulk Editor (T13025) The bulk editor (previously sometimes called the "batch editor") has been rebuilt on top of modern infrastructure (EditEngine) and a number of bugs have been fixed.

You can now modify the set of objects being edited from the editor screen, and a wider range of fields (including "points" and some custom fields) are supported. The bulk editor should also handle edits of workboard columns with large numbers of items more gracefully.

Bulk edits can now be made silently (suppressing notifications, feed stories, and email) with bin/bulk make-silent. The need to run a command-line tool is a little clumsy and is likely to become easier in a future version of Phabricator, but the ability to act silently could help an attacker who compromised an account avoid discovery for an extended period of time.

Edits which were made silently show an icon in the timeline view to make it easier to identify them.

[] Credential Revocation (T13043) The bin/auth revoke tool has been expanded significantly and can now revoke all upstream credential types. You can use bin/auth revoke --list to see a list of available revokers. See Revoking Credentials for documentation.

The "Deactivate" action for SSH keys is now "Revoke", and prevents the same key from being reused. bin/auth revoke can now revoke SSH keys from the CLI.

The two types of upstream password hashes (account passwords and VCS passwords) have been consolidated into more modern shared storage. bin/auth revoke can now revoke passwords. Once revoked, passwords can not be reused.

The bin/accountadmin tool can no longer change passwords. As an alternative, the bin/auth recover tool can now recover access to any user account instead of only administrator user accounts.

Existing VCS and Account passwords use a "perfectly fine" digest step before hashing, but it's more complicated than it needs to be. Going forward, passwords are digested more simply (with HMAC SHA256 and a dedicated salt) before the hashing step. Existing passwords will be upgraded to the newer digest algorithm automatically on next use.

[] Pull Logs (T13046) Pull logs, which record users who fetched or cloned from a repository, are now browsable from the web UI.

Pull logs were historically an internal diagnostic tool with no UI. A bug which prevented pullerPHID from populating correctly has been fixed, and several general improvements have been made to the quality of the logged data. Older logs will have less accurate data, while newer logs will be more accurate.

Pull logs can be exported to CSV, JSON, or text with Use ResultsExport Data. User accounts now also support this export workflow. This pipeline is somewhat rough and primarily aimed at making pull logs more practical to interact with, but see T13049 for additional discussion and future plans.

[] New Herald Action Behavior (T13048) In addition to taking actions "every time" a rule matches or "only the first time" a rule matches, Herald can now be configured to take actions "if the rule did not match last time".

This allows you to write rules which apply side effects (like adding comments) only when the rule starts matching after previously not matching.


This release does not contain any security fixes, but see the "Credential Revocation" change above.


20180119.bulk.01.silent.sql53 ms
20180120.auth.01.password.sql16 ms
20180120.auth.02.passwordxaction.sql38 ms
20180120.auth.03.vcsdata.sql8 ms
20180120.auth.04.vcsphid.php46 ms
20180121.auth.01.vcsnuke.sql8 ms
20180121.auth.02.passsalt.sql23 ms
20180121.auth.03.accountdata.sql632 ms
20180121.auth.04.accountphid.php3,690 ms
20180121.auth.05.accountnuke.sql4,506 ms
20180121.auth.06.legacydigest.sql186 ms
20180121.auth.07.marklegacy.sql128 ms
20180124.herald.01.repetition.sql53 ms

"Duration" is the duration for this install, and may not be representative.

Upgrading / Compatibility

  • The differential.createcomment API method no longer respects the silent flag.
  • The bin/accountadmin tool can no longer set account passwords. See "General" for discussion.
  • "Deactivate SSH Key" is now "Revoke SSH Key", and revokes the key permanently. See "General" for discussion.
  • The algorithm for computing changeset anchors has changed so that it no longer generates hashes with . or _ characters, because these created ambiguity in markup contexts. The new hash is otherwise stable. If you've saved links to specific changesets in revisions (like D123#change-abcdef) they may need to be updated. See T13045 for details.
  • Bulk editor URIs have changed if you were hard-coding them for some bizarre reason.


  • [] External symbol sources now receive repository, path, line, and character information about where the symbol which was clicked appeared. See T13047 for details.
  • [] The "Reviewer" field for Herald commit rules has been marked as deprecated. The value of this field was one of the accepting reviewers, arbitrarily. In essentially all cases, rules should use "Accepting reviewers" instead.
  • [] Herald test console runs against commits now use the acting viewer to execute API calls against Diffusion. This should fix an issue where unprivileged web hosts could fail to retrieve diff content during test runs in a clustered environment.
  • [] Fixed two log warnings around observing and mirroring empty Git repositories.
  • [] The setup check which recommends you install gd is now more helpful.
  • [] Fixed a race condition when undrafting "Draft" revisions that could cause a validation error ("You can not request review of this revision...").
  • [] Some tokenizers in Herald and the bulk editor which should only allow one token now actually only allow one token.
  • Fixed an issue where Diffusion could race against git cat-file and other similar subprocesses and sometimes truncate very large (>4MB) files in the web view to exactly 4MB.
  • [] Most daemon workers now show which object they're associated with in the web UI.
  • [] Fixed a bug where revision feed stories wouldn't publish under certain configurations.
  • Fixed a bug where blame information could fail to generate in Diffusion if one of the blamed revisions existed but the viewer did not have permission to see it.
  • [] Fixed an issue with setting custom fields containing PHID lists via Conduit.
  • [] Herald now supports a "Revision status" field.
  • [] When revisions leave the "Draft" state, the initial mail message is now tagged in a more consistent way.
  • Fixed some compatibility issues with Git 2.16.0 (git grep ., "simple" SSH variant).

The [] icon indicates a change backed by support mana.

Last Author
Last Edited
Jan 26 2018, 11:23 PM