Page MenuHomePhabricator

2022 Week 21 (Late May)
Updated 661 Days AgoPublic

Summary of changes from April 14, 2022 to May 27, 2022.

CodebaseRepositoryHEADActivity
PhabricatorrPrP809ae8175279 commits
ArcanistrARCrARC85c953eb13 commits
Instances (SAAS)rSAASrSAAS4c4f4770 commits
Services (SAAS)rSERVICESrSERVICES866e0bb0 commits
Core (SAAS)rCORErCORE5fe60b212 commits
  • These changes were promoted to stable.
IMPORTANT: This release mitigates a significant security issue and all installs are strongly advised to upgrade. See T13683: Security Guidance: References to Files in Remarkup for details.

Security

  • Fixed a severe issue with file permissions and references, see above.
  • Fixed an issue where global default settings were too broadly editable. This is not generally concerning. This was reported via HackerOne in https://hackerone.com/reports/1563139.
  • Removed the feed.publish API for being old, bad, and technically policy-violating. This is not generally concerning. See T13681. This was reported via HackerOne in https://hackerone.com/reports/1566325.

Migrations

MigrationRiskDurationNotes
20220510.file.01.attach.sql53 ms
20220519.file.02.migrate.sql115,773 ms
20220525.slowvote.01.mailkey.php116 ms
20220525.slowvote.02.mailkey-drop.sql40 ms
20220525.slowvote.03.response-type.sql68 ms
20220525.slowvote.04.response-value.sql12 ms
20220525.slowvote.05.response-xactions.sql24 ms
20220525.slowvote.06.method-type.sql57 ms
20220525.slowvote.07.method-value.sql6 ms
20220525.slowvote.08.status-type.sql55 ms
20220525.slowvote.09.status-value.sql7 ms
20220525.slowvote.10.status-xactions.sql15 ms

"Duration" is the duration for this install, and may not be representative.

Drydock

  • bin/drydock lease now supports --count N, to acquire multiple identical leases.
  • bin/drydock release-lease and bin/drydock release-resource now accept --all. (This is for resetting things in development, and could make a huge mess in a production environment!)
  • Drydock now properly makes resources that were created or leased in the last 3 minutes exempt from reclamation.
  • Drydock no longer throttles pool growth rates to 25% of active resources, and now tracks leases and pending resources more competently. In general, bursty requests for resources should be satisfied far more effectively now.

Upgrading / Compatibility

  • Continued to improve PHP 8.1 compatibility.
  • Continued to improve support for whitelabeling (i.e., changing the software product names from "Phabricator" to something else) to support forks.
  • The Releeph application has been removed. This application was a minimally functional prototype with no known users in the wild.
  • The Phragment application has been removed. This application was a minimally functional prototype with no known users in the wild.
  • Fixed an issue with viewing revisions with no changesets (usually arising from automatic updates triggered by empty commits).
  • Fixed an issue where Herald could fail to properly extract the (empty) content from an empty commit.
  • Fixed an issue where certain object references could form a cycle and break object pages. This was reported via HackerOne in https://hackerone.com/reports/1563142.

The [] icon indicates a change that supports a customer.
The [] icon indicates a contributed change.

Last Author
epriestley
Last Edited
May 27 2022, 6:14 PM