Page MenuHomePhabricator

2018 Week 12 (Late March)
Updated 267 Days AgoPublic

Summary of changes from March 16, 2018 to March 23, 2018.

CodebaseRepositoryHEADActivity
PhabricatorrPrPbba1b185f20 commits
ArcanistrARCrARCdcd7ef660 commits
libphutilrPHUrPHU1ad42490 commits
Instances (SAAS)rSAASrSAASd983b950 commits
Services (SAAS)rSERVICESrSERVICES6b3fb8d0 commits
Core (SAAS)rCORErCORE5c1b3be0 commits
  • These changes were promoted to stable.

General

[] Rich Document Rendering: See T13105. This release adds preliminary support for richer rendering of more document types.

Previously, viewing images, audio, or video in Files would render the document inline.

Support has been expanded to include text files, remarkup, hexdumps, and JSON. PDFs also render somewhat more usefully.

A primitive rendering engine for Jupyter notebooks is also now available. It's probably better than reading the raw JSON, but maybe not by much.

Security

The PDF mime type application/pdf is now included in files.viewable-mime-types by default, which allows it to be served without Content-Disposition: attachment. If you are particularly paranoid about this, you can remove it to force PDFs to download.

When PDF content is served without Content-Disposition: attachment, the response includes a weaker object-src Content-Security-Policy to allow Chrome to render PDFs in the browser.

These changes should generally be safe, but do increase the amount of attack surface area Phabricator exposes on user content.

Migrations

MigrationRiskDurationNotes
20180322.lock.01.identifier.sql625 ms
20180322.lock.02.wait.sql2,252 ms

"Duration" is the duration for this install, and may not be representative.

Upgrading / Compatibility

  • No notes in this period.

Minor

  • Fixed an issue with result ordering in the "Edit Related Objects" dialogs when you have not entered a search query.
  • [] Fixed an issue where DarkConsole had an inline Javascript action in violation of the Content-Security-Policy.
  • [] When you resign from a revision and are not directly subscribed, you are now correctly excluded from the recipient list for notifications, not just for email.
  • [] It is now significantly harder to double-submit many forms, even if you are a quick-clicking champion.
  • [] Clustered repositories now provide more detailed feedback about locks and log more information about lock waits to the push log.

The [] icon indicates a change backed by support mana.

Last Author
epriestley
Last Edited
Mar 23 2018, 9:49 PM

Event Timeline

epriestley created this document.Mar 23 2018, 9:49 PM
epriestley edited the content of this document. (Show Details)