Page MenuHomePhabricator

2019 Week 1 (Very Early January)
Updated 77 Days AgoPublic

Summary of changes from January 1, 2019 to January 4, 2019.

CodebaseRepositoryHEADActivity
PhabricatorrPrP73e3057c518 commits
ArcanistrARCrARC25c238190 commits
libphutilrPHUrPHUcad19850 commits
Instances (SAAS)rSAASrSAAS46244620 commits
Services (SAAS)rSERVICESrSERVICES019a12a0 commits
Core (SAAS)rCORErCORE477d4652 commits
  • These changes were promoted to stable.

General

This short release mostly contains infrastructure changes to mail that move us toward SMS and improved MFA.

[] Mailer Configuration: Mailer configuration now only recognizes cluster.mailers, introduced in February 2018. See Configuring Outbound Email for guidance.

See below for a detailed list of deprecated mailer configuration options which are no longer supported. This doesn't change any behavior, but you may need to adjust your configuration if you haven't updated it in the last year.

Security

  • Several hashes have been updated from HMAC-SHA1 to HMAC-SHA256. See T12509.

Migrations

MigrationRiskDurationNotes
20190101.sms.01.drop.sql23 ms

"Duration" is the duration for this install, and may not be representative.

Upgrading / Compatibility

See note above about Mailer Configuration.

[] Old SMS Code and Data Removed: Removed old SMS code, including the sms table. SMS is being integrated with Mail instead. See T920. This code was never directly integrated with any Phabricator application.

The related migration will permanently destroy data in the sms table. First-party code never wrote anything important to this table, but if you have third-party code which used the SMS skeleton in the upstream you may be impacted by this change.

[] Configuration: Many configuration options have been removed.

  • twilio.account-sid: Removed without replacement. SMS/Twilio support will return soon, but in the form of mailers.
  • twilio.auth-token: Removed without replacement.
  • metamta.mail-adapter: Replaced by cluster.mailers.
  • amazon-ses.access-key: Replaced by cluster.mailers.
  • amazon-ses.secret-key: Replaced by cluster.mailers.
  • amazon-ses.endpoint: Replaced by cluster.mailers.
  • mailgun.domain: Replaced by cluster.mailers.
  • mailgun.api-key: Replaced by cluster.mailers.
  • phpmailer.mailer: Replaced by cluster.mailers.
  • phpmailer.smtp-host: Replaced by cluster.mailers.
  • phpmailer.smtp-port: Replaced by cluster.mailers.
  • phpmailer.smtp-protocol: Replaced by cluster.mailers.
  • phpmailer.smtp-user: Replaced by cluster.mailers.
  • phpmailer.smtp-password: Replaced by cluster.mailers.
  • phpmailer.smtp-encoding: Replaced by cluster.mailers.
  • sendgrid.api-user: Replaced by cluster.mailers.
  • sendgrid.api-key: Replaced by cluster.mailers.
  • celerity.resource-hash: Removed without replacement. Now hard-coded. We have no evidence any install ever benefited from this option being configurable. Underlying hash upgraded to HMAC-SHA256.
  • celerity.enable-deflate: Now always on in production, always off in development. This was a debugging/development flag which hasn't proven necessary.
  • celerity.minify: Now always on in production, always off in development. This was a debugging/development flag which hasn't proven necessary.
  • metamta.domain: Only used to build Thread-ID values which are not user-visible and generally not important as long as they are properly formatted. Now determined automatically from install domain. This may cause a one-time mail threading break in some clients after upgrading. New mail should thread correctly.
  • metamta.placeholder-to-recipient: Now determined automatically. The next release will tweak this and describe the change in more detail.
  • phabricator.mail-key: Now managed automatically. Underlying hash upgraded to HMAC-SHA256. This will cause a one-time break in "Reply-To" addresses. Old addresses will stop working after the update. Replying to a mail received after the update will work normally.
  • phabricator.csrf-key: Now managed automatically. Underlying hash upgraded to HMAC-SHA256. This will cause a one-time break of pages which were already open in a user's browser when the upgrade started. Users who submit forms on pages they loaded before the upgrade will receive a CSRF exception.
  • metamta.insecure-auth-with-reply-to: Removed without replacement. This was a very niche feature that may have been used by only one install in 2011. We have no evidence any other install has ever enabled it. If you do actually use this, let us know on the forum.

[] Mailers: The PhabricatorMailImplementationAdapter base class has been renamed and its implementation is changing substantially. If you subclass it to implement a custom mailer, you'll need to update for the new API. This will receive more discussion in the next release.

The PhabricatorMailReceiver base class has changed slightly. This will also receive more discussion in the next release.

Minor

  • Fixed a qsprintf() warning when viewing Mail.
  • Added a warning for trying to interact with Conduit using bare application/json blobs. This is not supported today.
  • [] Removed old Twilio API code.
  • [] Added new Twilio API code.
  • Fixed a bug with paging typeahead datasources with more than 100 projects.
  • Fixed a bug with Differential comment previews.
  • [] Fixed a bug where blame could fail to generate if repository identies were incompletely built.

The [] icon indicates a change backed by support mana.

Last Author
epriestley
Last Edited
Jan 5 2019, 12:51 AM

Event Timeline

epriestley created this document.Jan 5 2019, 12:51 AM
epriestley edited the content of this document. (Show Details)