2022 Week 21 (Late May)
2022 Week 21 (Late May)
Summary of changes from April 14, 2022 to May 27, 2022.
| Codebase | Repository | HEAD | Activity | |
|---|---|---|---|---|
| Phabricator | rP | rP809ae81752 | 79 commits | |
| Arcanist | rARC | rARC85c953eb | 13 commits | |
| Instances (SAAS) | rSAAS | rSAAS4c4f477 | 0 commits | |
| Services (SAAS) | rSERVICES | rSERVICES866e0bb | 0 commits | |
| Core (SAAS) | rCORE | rCORE5fe60b2 | 12 commits | |
- These changes were promoted to stable.
IMPORTANT: This release mitigates a significant security issue and all installs are strongly advised to upgrade. See T13683: Security Guidance: References to Files in Remarkup for details.
Security
- Fixed a severe issue with file permissions and references, see above.
- Fixed an issue where global default settings were too broadly editable. This is not generally concerning. This was reported via HackerOne in https://hackerone.com/reports/1563139.
- Removed the feed.publish API for being old, bad, and technically policy-violating. This is not generally concerning. See T13681. This was reported via HackerOne in https://hackerone.com/reports/1566325.
Migrations
| Migration | Risk | Duration | Notes |
|---|---|---|---|
| 20220510.file.01.attach.sql | 53 ms | ||
| 20220519.file.02.migrate.sql | 115,773 ms | ||
| 20220525.slowvote.01.mailkey.php | 116 ms | ||
| 20220525.slowvote.02.mailkey-drop.sql | 40 ms | ||
| 20220525.slowvote.03.response-type.sql | 68 ms | ||
| 20220525.slowvote.04.response-value.sql | 12 ms | ||
| 20220525.slowvote.05.response-xactions.sql | 24 ms | ||
| 20220525.slowvote.06.method-type.sql | 57 ms | ||
| 20220525.slowvote.07.method-value.sql | 6 ms | ||
| 20220525.slowvote.08.status-type.sql | 55 ms | ||
| 20220525.slowvote.09.status-value.sql | 7 ms | ||
| 20220525.slowvote.10.status-xactions.sql | 15 ms | ||
"Duration" is the duration for this install, and may not be representative.
Drydock
- bin/drydock lease now supports --count N, to acquire multiple identical leases.
- bin/drydock release-lease and bin/drydock release-resource now accept --all. (This is for resetting things in development, and could make a huge mess in a production environment!)
- Drydock now properly makes resources that were created or leased in the last 3 minutes exempt from reclamation.
- Drydock no longer throttles pool growth rates to 25% of active resources, and now tracks leases and pending resources more competently. In general, bursty requests for resources should be satisfied far more effectively now.
Upgrading / Compatibility
- Continued to improve PHP 8.1 compatibility.
- Continued to improve support for whitelabeling (i.e., changing the software product names from "Phabricator" to something else) to support forks.
- The Releeph application has been removed. This application was a minimally functional prototype with no known users in the wild.
- The Phragment application has been removed. This application was a minimally functional prototype with no known users in the wild.
- Fixed an issue with viewing revisions with no changesets (usually arising from automatic updates triggered by empty commits).
- Fixed an issue where Herald could fail to properly extract the (empty) content from an empty commit.
- Fixed an issue where certain object references could form a cycle and break object pages. This was reported via HackerOne in https://hackerone.com/reports/1563142.
The [] icon indicates a change that supports a customer.
The [] icon indicates a contributed change.
Tags
None
Referenced Files
None
Subscribers
None
- Last Author
- epriestley
- Last Edited
- May 27 2022, 6:14 PM