2018 Week 12 (Late March)
Summary of changes from March 16, 2018 to March 23, 2018.
Codebase | Repository | HEAD | Activity | |
---|---|---|---|---|
Phabricator | rP | rPbba1b185f | 20 commits | |
Arcanist | rARC | rARCdcd7ef66 | 0 commits | |
libphutil | rPHU | rPHU1ad4249 | 0 commits | |
Instances (SAAS) | rSAAS | rSAASd983b95 | 0 commits | |
Services (SAAS) | rSERVICES | rSERVICES6b3fb8d | 0 commits | |
Core (SAAS) | rCORE | rCORE5c1b3be | 0 commits | |
- These changes were promoted to stable.
General
[] Rich Document Rendering: See T13105. This release adds preliminary support for richer rendering of more document types.
Previously, viewing images, audio, or video in Files would render the document inline.
Support has been expanded to include text files, remarkup, hexdumps, and JSON. PDFs also render somewhat more usefully.
A primitive rendering engine for Jupyter notebooks is also now available. It's probably better than reading the raw JSON, but maybe not by much.
Security
The PDF mime type application/pdf is now included in files.viewable-mime-types by default, which allows it to be served without Content-Disposition: attachment. If you are particularly paranoid about this, you can remove it to force PDFs to download.
When PDF content is served without Content-Disposition: attachment, the response includes a weaker object-src Content-Security-Policy to allow Chrome to render PDFs in the browser.
These changes should generally be safe, but do increase the amount of attack surface area Phabricator exposes on user content.
Migrations
Migration | Risk | Duration | Notes |
---|---|---|---|
20180322.lock.01.identifier.sql | 625 ms | ||
20180322.lock.02.wait.sql | 2,252 ms | ||
"Duration" is the duration for this install, and may not be representative.
Upgrading / Compatibility
- No notes in this period.
Minor
- Fixed an issue with result ordering in the "Edit Related Objects" dialogs when you have not entered a search query.
- [] Fixed an issue where DarkConsole had an inline Javascript action in violation of the Content-Security-Policy.
- [] When you resign from a revision and are not directly subscribed, you are now correctly excluded from the recipient list for notifications, not just for email.
- [] It is now significantly harder to double-submit many forms, even if you are a quick-clicking champion.
- [] Clustered repositories now provide more detailed feedback about locks and log more information about lock waits to the push log.
The [] icon indicates a change backed by support mana.
- Last Author
- epriestley
- Last Edited
- Mar 23 2018, 9:49 PM