2019 Week 25 (Late June)

Updated 1,762 Days AgoPublic

Actions

Summary of changes from May 27, 2019 to June 22, 2019.

• These changes were promoted to stable.

General

• No notes in this period.

Security

• An upcoming release may change some policy behavior for parent projects and subprojects. See T13323 for initial discussion. If this change happens, it will happen no earlier than 2019 Week 27.
• When a user replies to an email from Phabricator and adds another user on the "To" or "Cc" lines, we attempt to interpret this as an "Add Subscriber" action and subscribe the user to the object so they're looped in on the conversation. We now do this only if the user's email address is verified and unreserved, so malicious or mischievous users adding addresses like noreply@phabricator.domain.com no longer get added as subscribers if users do something like "Reply All" in their mail clients and catch both the "From" and "Reply To" addresses under certain configurations. The old behavior was normally harmless (adding a user as a subscriber does not grant them permission to view objects they can not otherwise see, see T4411), but could be confusing, and isn't consistent with our modern, stricter handling of unverified email addresses.

Migrations

• No migrations in this period.

Upgrading / Compatibility

• Calling msort(), instead of msortv(), on a list of PhutilSortVector objects is now considered an error and msort() will raise an exception.
• [] The made-up word "topographical" has been replaced with the proper academic term "topological" in two internal APIs methods: the getTopographicallySortedNodes() methods are now getNodesInTopologicalOrder().
• The backup documentation now recommends dump ... --compress --output X instead of dump ... | gzip > X. The shell incantation has less robust error handling behavior in the presence of reasonable conditions like "full disk" or "you typed part of the command completely wrong".

Minor

• [] Timezones are now rendered in a more human-readable way ("America/Los Angeles" instead of "America/Los_Angeles") in user-facing UIs. The documentation for phabricator.timezone has also been made more clear.
• [] Valid comments must now contain at least one non-whitespace character.
• [] Tasks and commits now have a new "View Task" / "View Commit" button in HTML mail.
• Fixed several minor issues (related to msort() vs msortv()) where the stability of a sort depended on the PHP version.
• Fixed some adjacent issues with certain transaction sorts being inconsistent or otherwise questionable.
• [] Fixed an issue where audits could trigger incorrectly (as though the associated code was not reviewed) if they raced against revision closure and found a revision in the "Accepted" state rather than the "Published, Previously Accepted" state.
• When a revision is closed (either by discovering a related commit, or by explicit action), it is now always promoted out of "Draft" state. You can still "Abandon" a draft revision to get rid of it without moving it out of "Draft".
• Added a bin/herald rule ... tool to provide an easy operational way to disable any Herald rule.
• [] Remarkup header sizes are now better differentiated.
• [] Herald now includes a basic profiler. Interpreting this profile is somewhat more art than science today, but the most common cause of poor Herald rule performance is users writing rules which include regular expressions which backtrack explosively, and it should be reasonbly effective at identifying rules like this.
• [] bin/files migrate now has options for importing file data from a static dump on disk.
• [] "Sign with MFA" no longer requires the actor be able to edit the object they are viewing. Instead, this is now an "interaction" action like commenting.
• [] Fixed an issue where "Download Raw Diff" could fail under common/reasonable configurations if the diff text is larger than 8MB.
• Users with no access to Spaces may now log out. The software generally considers having users with no access to Spaces to be a configuration error, not a supported state, but this interaction made the damage unduly hard to repair.
• [] Audit is now better at respecting cases where a user pushes a commit with an email address / author string which is associated with their account only via repository identities.
• Fixed an issue where a very old migration could attempt a write which no longer works, as a side effect of a cache fill, as a side effect of a read.
• When bin/repository reparse queues multiple tasks but encounters a permanent failure on one or more, it previously stopped. This kind of failure is routine (e.g., if you try to parse a commit which has become unreachable, the parse will fail permanently), so the script now reports the issue and continues. Previously, --background would effectively accomplish the same goal (attempt each task, independent of other task outcomes).
• The Git read protocol proxy (which is enabled only when prototypes are enabled) now parses "shallow" frames in the protocol.
• When Quicksand is enabled (usually by enabling "Persistent Chat"), clicking links in dialogs now closes the dialog rather than navigating the page underneath the dialog.
• [] When you change the default value of a custom form, the transaction log now shows the details of the change. In some cases these details may be fairly rough for now (raw internal values rather than human-readable values). See T13319 for discussion.
• [] Fixed an issue where certain path edits to Owners packages could show too many effects (including some wrong/misleading effects) in the transaction log.
• [] When an external link to a JIRA or Asana install includes a URI fragment or query parameters, it is now treated as a bare link instead of an external object reference.

The [] icon indicates a change backed by support mana.