2022 Week 15 (Mid April)
Summary of changes from December 11, 2021 to April 13, 2022.
Codebase | Repository | HEAD | Activity | |
---|---|---|---|---|
Phabricator | rP | rP3125d7a5f4 | 11 commits | |
Arcanist | rARC | rARCf0a2b699 | 1 commit | |
Instances (SAAS) | rSAAS | rSAAS4c4f477 | 9 commits | |
Services (SAAS) | rSERVICES | rSERVICES866e0bb | 5 commits | |
Core (SAAS) | rCORE | rCORE77ac84e | 13 commits | |
- These changes were promoted to stable.
Security
[] This release primarily supports a breaking security fix (for CVE-2022-24765) made in a recent version of Git. See T13673 for discussion.
In some configurations, Phabricator repository read operations (generally, the web UI in Diffusion) will not run under versions of Git that have the fix applied, failing with an error in this vein:
fatal: unsafe repository ('/path/to/some/repo' is owned by someone else) To add an exception for this directory, call: git config --global --add safe.directory ...
If you still receive this error after upgrading Phabricator, you may need to configure phd.user (in Phabricator Config) and modify sudoers (on your system) according to the Phabricator documentation, so that the Phabricator web UI may use sudo to act as the user who owns the repository directories on disk. See:
https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/#configuring-sudo
(As a temporary workaround, you could also roll back to an older version of Git. The Git vulnerability is not likely to impact a Phabricator server.)
Migrations
Migration | Risk | Duration | Notes |
---|---|---|---|
20220401.phameinteract.01.sql | 129 ms | ||
20220401.phameinteract.02.sql | 84 ms | ||
20220401.phameinteract.03.sql | 25 ms | ||
20220401.phameinteract.04.postinteract.sql | 62 ms | ||
"Duration" is the duration for this install, and may not be representative.
Phame
Comments may now be disabled on Phame blog posts. The "Can Interact" policy controls the default behavior for the blog, and comments may be disabled (or enabled) on individual posts by setting the "Can Interact" policy on a post-by-post basis.
Minor
- Some PHP 8.1 behavior has been improved.
- Added a --database flag to bin/storage dump. This primarily supports merging previously partitioned databases.
- [] Improved Mercurial 6.1 compatibility.
The [] icon indicates a change that supports a customer.
The [] icon indicates a contributed change.
- Last Author
- epriestley
- Last Edited
- Apr 13 2022, 7:09 PM