2019 Week 6 (Early February)

Updated 1,895 Days AgoPublic

Actions

Summary of changes from February 1, 2019 to February 8, 2019.

• These changes were promoted to stable.

General

[] Users may now always log in to their accounts by sending themselves an email login link. Previously, this flow was only available if password auth was enabled, via the "Forgot Password?" link. Now, the login page will always have a link to this workflow (either "Forgot Password?" if password auth is enabled, or "Send a login link to your email address." if password auth is not enabled).

Users may now unlink their last external account. Previously, this was prevented because unlinking your last account may mean you can no longer log in. Since you can always log in via email now, you're permitted to unlink your last account as long as you confirm through a warning about the risk. This is mostly useful to fix accounts that have become linked incorrectly.

[] Owners now supports some additional "Audit" modes. Previously, auditing could be "Disabled" or "Enabled". The "Enabled" option is now called "Audit Commits With No Owner Involvement", and triggers on commits not authored or reviewed by owners (this is substantially identical to the old behavior). New options allow automatic auditing of "Unreviewed Commits", where a corresponding revision does not exist or was not properly "Accepted" before the change landed.

When an Owners Package is a reviewer and that Package-Reviewer accepts a revision, this is now considered "owner involvement" for the purpose of "...With No Owner Involvement" audit rules.

Security

• No notes in this period.

Migrations

"Duration" is the duration for this install, and may not be representative.

Upgrading / Compatibility

• [] owners.edit now accepts string constants for auditing transactions. String constants are now preferred. (For compatibility, "0", "1", and "" are still supported.)
• PhabricatorAuthLoginHandler has been removed. This handler was used to add guidance to the login flow. It is substantially obsoleted by Auth → Customize Messages.
• feed.http-hooks now explicitly warns that it is deprecated.
• The metamta.default-address configuration option is now locked (and has a slightly richer description).
• Very old installs (from before June 2013) with LDAP or OAuth data that have not performed an upgrade since then will no longer be able to upgrade directly to a modern (February 2019) version of Phabricator because a required migration against ancient LDAP/OAuth data no longer functions. If you are affected, you will receive an error when you attempt to upgrade. To move forward, upgrade to an intermediate version of Phabricator first (any version released between June 2013 and February 2019), then upgrade to modern Phabricator. It is likely that the number of installs affected by this is 0 or very close to 0.
• Changing usernames no longer warns users about a need to reset their password, as this should no longer be necessary since January 2018. Users who: set a password on a version of Phabricator from before January 2018; and have never used that password to log in to any version of Phabricator released between January 2018 and January 2019; and have their usernames changed in a version of Phabricator released after January 2019 may still need to reset their password after the username change. They can use the "Forgot Password?" link to do this.

Minor

• Improved handling of EINTR after EPIPE when writing to streams.
• Duo MFA validation is no longer improperly applied to other MFA types.
• Fixed a missing menu in /mail/ on mobile.
• User renames now render more readably in Feed.
• Login and MFA forms now more consistently focus their inputs automatically.
• Fixed an issue where some feed.http-hooks data wasn't constructed properly.
• Fixed an issue where transaction.search would fail against Diff objects with matching transactions.
• Users may now be approved from their "Manage" page.
• Auth no longer raises warnings about registration being too open if no providers actually allow registration.
• [] Improved construction of an Audit query in cases where viewers belong to a very large number of projects and/or packages.
• Minor UI/UX improvements to some payments workflows.
• [] When you override the lock on an object, transactions are now marked with an icon to indicate you might be bending the rules. The existing "MFA" and "Silent" transaction markers are also now more visible.
• It is now more difficult to reach invalid vote states in Slowvote.
• The Duo MFA flow now provides more encouragement.

The [] icon indicates a change backed by support mana.