Page MenuHomePhabricator

2022 Week 15 (Mid April)
Updated 715 Days AgoPublic

Version 3 of 3: You are viewing the current published version of this document.

Summary of changes from December 11, 2021 to April 13, 2022.

CodebaseRepositoryHEADActivity
PhabricatorrPrP3125d7a5f411 commits
ArcanistrARCrARCf0a2b6991 commit
Instances (SAAS)rSAASrSAAS4c4f4779 commits
Services (SAAS)rSERVICESrSERVICES866e0bb5 commits
Core (SAAS)rCORErCORE77ac84e13 commits
  • These changes were promoted to stable.

Security

[] This release primarily supports a breaking security fix (for CVE-2022-24765) made in a recent version of Git. See T13673 for discussion.

In some configurations, Phabricator repository read operations (generally, the web UI in Diffusion) will not run under versions of Git that have the fix applied, failing with an error in this vein:

fatal: unsafe repository ('/path/to/some/repo' is owned by someone else) To add an exception for this directory, call: git config --global --add safe.directory ...

If you still receive this error after upgrading Phabricator, you may need to configure phd.user (in Phabricator Config) and modify sudoers (on your system) according to the Phabricator documentation, so that the Phabricator web UI may use sudo to act as the user who owns the repository directories on disk. See:

https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/#configuring-sudo

(As a temporary workaround, you could also roll back to an older version of Git. The Git vulnerability is not likely to impact a Phabricator server.)

Migrations

MigrationRiskDurationNotes
20220401.phameinteract.01.sql129 ms
20220401.phameinteract.02.sql84 ms
20220401.phameinteract.03.sql25 ms
20220401.phameinteract.04.postinteract.sql62 ms

"Duration" is the duration for this install, and may not be representative.

Phame

Comments may now be disabled on Phame blog posts. The "Can Interact" policy controls the default behavior for the blog, and comments may be disabled (or enabled) on individual posts by setting the "Can Interact" policy on a post-by-post basis.

Minor

  • Some PHP 8.1 behavior has been improved.
  • Added a --database flag to bin/storage dump. This primarily supports merging previously partitioned databases.
  • [] Improved Mercurial 6.1 compatibility.

The [] icon indicates a change that supports a customer.
The [] icon indicates a contributed change.

Last Author
epriestley
Last Edited
Apr 13 2022, 7:09 PM