Download: | 2.16.10 | 2.16.9 | 2.16.8 | 2.16.7 | 2.16.6 | 2.16.5 | 2.16.4 | 2.16.3 | 2.16.2 | 2.16.1 | 2.16

Documentation: 2.16.10 | 2.16.9 | 2.16.8 | 2.16.7 | 2.16.6 | 2.16.5 | 2.16.4 | 2.16.3 | 2.16.2 | 2.16.1 | 2.16

Release Highlights

  • GWT UI is deprecated, and PolyGerrit is now the default UI.

  • Experimental Dark Mode in PolyGerrit.

  • Inline editing support in PolyGerrit UI.

  • Redesigned UI for PolyGerrit based on material design.

  • New configuration option to ignore self-approval on labels.

  • New CommonMark/Markdown parser.

Important Notes

Known problem with schema upgrade

When a gerrit site older than 2.15 is migrated to 2.16, then schema migration should be first performed to the latest 2.15.x release.

To upgrade to the latest 2.15.x release:

  java -jar gerrit-2.15.latest.war init -d ${site_path}

Known problem with plugins and index

Since 2.14.2 the plugins are loaded before online reindexing is started, so that prolog rules provided by plugins can be invoked during indexing. See issue 6472 for details.

This causes a problem for any plugins that access the index either directly or indirectly (i.e. by accessing a cache), because the index is not yet available when the plugin is loaded during server startup. An example of this is in the replication plugin, which needs to use the group cache when authGroup is used in a destination configuration.

A fix issue 10082 is available since 2.16.3 release.

Migration to NoteDb

NoteDb is now required for accounts (since 2.15) and groups (since 2.16), and is the preferred storage for changes.

In Gerrit 2.15:

  • Account data (with the exception of Group data) was moved to NoteDB (release notes).
  • Change data could be either moved to NoteDB (migration process), or left in ReviewDB.

In Gerrit 2.16:

  • Group data is always moved to NoteDB (it is migrated automatically during the upgrade process, when you run gerrit.war init).

When upgrading to Gerrit v2.16, you are strongly advised to migrate fully (including changes) from ReviewDb to NoteDb.

You should review the documentation on NoteDb, including the information about the migration process:

Although ReviewDb is still technically available on Gerrit v2.16, the upgrade to NoteDb is strongly recommended, although not enforced.

Note that in the next version of Gerrit (v3.0), ReviewDb will not be available.

Schema Changes

This release contains schema changes. To upgrade:

  java -jar gerrit.war init -d ${site_path}

Reindex for new projects index and changed group index

Gerrit 2.16 introduces a new secondary index for projects. The initial version of this index must be created by running the offline reindex before starting Gerrit:

  java -jar gerrit.war reindex --index projects -d ${site_path}

The group index gained two new fields, which Gerrit 2.16 depends on. For this reason, the following command to offline reindex the group index must be executed as well:

  java -jar gerrit.war reindex --index groups -d ${site_path}

The offline reindex for groups should also be run on Gerrit slave hosts.

Note that if you are migrating from v2.15, it is not necessary to reindex the changes and accounts indexes offline. These will automatically be reindexed by the online reindexer after starting Gerrit.

Support for GWT UI is deprecated

From 2.16 GWT UI is deprecated and will be removed in a future version.

Support for Velocity templates removed

In version 2.14 support for Soy templates was added. For backwards compatibility, support for Velocity templates (VTL) was kept.

In version 2.16 support for VTL is completely removed. Site administrators must replace any Velocity templates (.vm files in $site/etc/mail/) with the equivalent Soy templates before upgrading to this version.

Push to refs/changes is deprecated

The possibility to push to refs/changes is now disabled by default. It is still possible to enable it in the gerrit config by setting receive.allowPushToRefsChanges to true.

Legacy /p/ prefix for Git/HTTP projects is removed

The /p/ cannot be used anymore and the /a/ prefix should be used for Git/HTTP with basic authentication.

Some proxies, which are not under client control, prohibit DELETE requests with bodies. DELETE requests with bodies could work on a first attempt, but could fail afterwards because a server they have no control over was updated. In this case, client users could be in trouble if they were not notified.

Therefore, we have decided to no longer recommend sending DELETE requests with bodies. They will continue to work in this release but should be considered as deprecated and will be removed in the next release.

Pegdown is replaced by Flexmark

flexmark-java is a Java implementation of CommonMark 0.28 spec parser using the blocks first, inlines after Markdown parsing architecture.

Its strengths are speed, flexibility, Markdown source element based AST with details of the source position down to individual characters of lexemes that make up the element and extensibility, compared to Pegdown speed that was, in general, less than ideal and for pathological input either hangs or practically hangs during parsing.

SYSTEM_CONFIG table is removed

This table was used to retrieve the site_path directory in unattended setup mode. As a replacement, system property gerrit.site_path should be used.

Git clients older than 2.x are not supported anymore

The Gerrit hook script for adding the Change-Id in every local commit has been simplified and is now using the git-interpret-trailers command. The interpret trailers command is available as of git v2.2.0, released Dec 2014.

Existing cloned repositories that have been cloned before the migration to v2.16 and thus having the old hook for generating the Change-Id will continue to work. However, new clones and hook scripts will need to upgrade your local git client to v2.2.0 or later.

If you have existing older git clients and cannot migrate to v2.2.0 or later, you need to keep serving the old script, copying it to the Gerrit /static directory, and then amend the Gerrit helper instructions to download it.

Example (assuming Gerrit installed on $GERRIT_SITE and available at

$ curl '' > $GERRIT_SITE/static/commit-msg
$ git config -f $GERRIT_SITE/etc/gerrit.config gerrit.installCommitMsgHookCommand 'gitdir=$(git rev-parse --git-dir); curl -o ${gitdir}/hooks/commit-msg ; chmod +x ${gitdir}/hooks/commit-msg'

New Features

‘Read As’ capability

The new ‘Read As’ capability allows users to impersonate any user to see which refs they can see.

Note: the capability was added in 2.16 but only documented since 2.16.1.

Disable log file rotation and compression

On sites where log file rotation and compression is done by an external service such as logrotate, administrators may wish to disable Gerrit’s default log rotation and compression.

This can now be done by setting log.rotate and log.compress to false.

Both settings default to true when not set, to maintain consistent behavior with previous releases.

PolyGerrit enhancements

Repo access view

PolyGerrit UI displays the repository access information and allows editing it.

Inline edit

  • Issue 4437 inline edit is fully implemented using the CodeMirror Editor plugin.

    A new core plugin, codemirror-editor, is available, which uses CodeMirror to provide a rich code editing experience in PolyGerrit.

    When you upgrade Gerrit using init -d, you are given the option to install the codemirror-editor plugin.

Change screen improvements

  • Issue 8213 Follow-Up button is missing on change screen
  • Issue 8218 Open inline diff when clicked on file list row
  • Issue 8241 Change comment threads are interleaved
  • Issue 8260 Submitted together section shows which change is the one currently displayed
  • Issue 8528 Show vote chips in change messages
  • Issue 9111 Add expander icons to messages
  • Issue 9532 Provide CLI assistance for updating Gerrit changes in the change view
  • Issue 9707 Assigned to you section on dashboard
  • Issue 2390 Allow to mark review as read/unread by clicking on some icon and/or button
  • Issue 4528 Indicate what labels a reviewer can vote on
  • Issue 5178 File name as header when viewing a change inline.
  • Issue 5329 Support for the find-owners plugin
  • Issue 5433 Make SHAs selectable in the UI
  • Issue 5452 Make shift-j jump to index if no files remain with comments.
  • Issue 6198 Allow control whitespace diff in the UI
  • Issue 6781 Change/patchset actions have tooltips describing their behavior
  • Issue 6984 “Discard” button on review comments requests confirmation prompt
  • Issue 7698 New popup for “This change has been merged”
  • Issue 7773 Ask for configuration on the submit button

General improvements

  • Issue 8983 Lazy-load gr-avatar images
  • Issue 4915 Support “Show Change Sizes As Colored Bars” setting
  • Issue 7886 TShirt sizing for changes in the dashboard and change-view
  • Issue 7961 Display dividing line for metadata
  • Issue 9000 Fix adding groups created by the singleusergroup plugin
  • Issue 9216 Close the groups editor after submitting

Differences from GWT

  • Writing a cover message on a specific patch set is no longer possible.

    The cover message is always added on the current patch set. This means that any system that relies on notifications being sent for a specific patch set will no longer work.

New logging framework

For logging Gerrit is now using Flogger instead of SLF4J. The logging backend is still LOG4J.

The Flogger LOG4J backend is configured by a system property ( that must be set for logging to work. There is an init step that automatically sets this system property in the gerrit.config file and in addition Gerrit tries to set this system property automatically on startup if it isn’t set yet. However for some setups you may need to do additional actions to make sure that this system property is set.

In addition there is a system property that needs to be set for request tracing ( Also this system property is automatically set in the gerrit.config file by an init step and in addition Gerrit tries to set this system property automatically on startup if it isn’t set yet. However for some setups you may need to do additional actions to make sure that this system property is set.

SLF4J can still be used by plugins, but using SLF4J in plugins is deprecated and with the next Gerrit release SLF4J will no longer be exported as part of the Gerrit plugin API jar. This means from the next release onwards, plugins must either migrate to Flogger or have an own dependency on SLF4J.


There are several new REST endpoints and additions to existing endpoints, as described in the REST API documentation.

See below an overview of the noteworthy changes.

Access Rights Endpoints

  • ProjectAccessInfo has a new field configWebLinks containing a list of URLs that display the history of the configuration file governing this project’s access rights.

Accounts Endpoints

Changes Endpoints

  • New endpoints to lists, get and delete the messages /messages of a change including the detailed account information associated.

  • New endpoint /cherrypick to cherry-pick a specific commit.

Config Endpoints

Groups Endpoints

  • New option ?ownedBy to find groups that are owned by another group

Project Endpoints

Commit Endpoints

  • New endpoint /files to list files associated with a commit.

Request Tracing

If a request is traced the unique trace ID is attached to all logs that are triggered by the request. In addition all logs are enforced regardless of the configured log level. Given the trace ID an administrator can find the trace in the error log and debug issues more easily.

Detailed information about request tracing can be found in the request tracing documentation.

New configuration option to ignore self approval on labels

A new option for Review Labels, label.Label-Name.ignoreSelfApproval, is available.

If true, the label may be voted on by the uploader of the latest patch set, but their approval does not make a change submittable. Instead, a non-uploader who has the right to vote has to approve the change.

It defaults to false, but one possible use case is to set the value to true for the Code-Review label in the All-Projects project. That value will then be inherited by all projects that do not override the Code-Review label settings.

Bug Fixes

  • Issue 10106: Fix internal server error when updating project access via REST API without specifying ‘action’ entity.

Dependency Updates

  • Update args4j to 2.33

  • Update Brics Automaton to 1.12-1

  • Update BouncyCastle to 1.60

  • Update commons-compress to 1.15

  • Update commons-lang3 and commons-net to 3.6

  • Update Dropwizard metrics-core to 3.2.5

  • Update Elasticsearch to 6.4.3 (Updated to 6.5.4 in 2.16.3)

  • Add dependency to flexmark-java 0.34.18

    Flexmark is a CommonMark/Markdown parser for java.

  • Add dependency to flogger 0.3.1

    Flogger is a fluent logging API for Java and Gerrit is using Flogger instead of SLF4J now.

  • Update greenmail to 1.5.5

  • Update gson to 2.8.5

  • Update guice-* to 4.2.1

  • Update JGit to (Updated to in 2.16.8)

  • Update Lucene to 6.6.5

  • Update mime4j to 0.8.1

  • Update OpenID4Java to 1.0.0

  • Update Ow2.asm to 6.2.1

  • Update javax.mail to 1.6.0

  • Update Jetty to 9.4.12.v20180830

  • Update protobuf-java to 3.4.0

  • Update soy to 2018-03-14

  • Update SSHD to 2.0.0 and Mina to 2.0.17

  • Update tomcat-servlet-api to 8.5.23

  • Update tukaani-xz to 1.6

  • Remove dependency on Velocity

  • Remove dependency on joda-time and joda-convert

    NOTE: joda-* dependencies are no longer exported in the Gerrit plugin API. Existing plugins that still rely on them need to be amended to include the explicit dependency on joda-* libraries.

Plugin API changes

Bugfix Releases

2.16.12 (in development)

  • Replication plugin fixes:

    • Issue 11145: Drain replication queue before stopping the plugin.

  • Breaking changes

    • Issue 11216: Remove hard-coded bug tracker URL and use configured value if present.

    • Increase default number of SSHD threads to at least 4.

      The default value of the sshd.threads setting is changed to be either two times the number of available CPU cores, or 4, whichever is greater.

  • New Features

    • Issue 11028: Add support for “Link Another Identity” screen in PolyGerrit

    • CommitApi: Add method to get commit info

    • Issue 10166: Add shortcuts for dashboard and watched changes in PolyGerrit

    • Issue 11201: Add ability to have custom label with a missing text value in PolyGerrit

    • Add a PolyGerrit extension point to show a small banner next to the search bar.

      A plugin or a site theme (gerrit-theme.html) may register a custom Element to be inserted into this endpoint.

    • Expose Gerrit’s GWT client library in the plugin API

    • Issue 5791: Add an extension point to allow setting a site banner.

    • Add an extension point to allow custom site footers.

  • Elasticsearch Updates:

    • Issue 11266: Add support for Elasticsearch 6.8.

    • Issue 11267: Add support for Elasticsearch 7.3.

    • Update elasticsearch-rest-client to 7.3.1.

  • PolyGerrit fixes

    • Issue 11350: Upgrade highlight.js to latest master revision.

      The upgrade solves a rendering bug of Kotlin nested substitutions.

    • Issue 10733: Fix anchors not working at page load on settings page

    • Issue 10062: Fix Polygerrit converting plus (+) to space when calling email.confirm API, and then failing with “invalid token”

    • Issue 11096: Fix page not opening after a couple of times switching between GWT and PolyGerrit UI.

    • Issue 11344: Fix commentlink URL and HTML links when canonical URL includes a base link.

  • Other fixes

    • Issue 11348: Display on error_log the progress of the online migration from ReviewDb to NoteDb.

    • Issue 11083: Set the correct new revision on change-merged events when submitting by push.

      When multiple changes are submitted at the same time by push, the new revision in all the change-merged events should be the revision of the head of the destination branch after all changes are submitted.

    • Issue 11106: Fix missing comment context for left side in email notifications.

    • Adapt script to work on Alpine Linux.

    • Expose Gerrit’s GWT client library in the plugin API.

    • Add a new method on the commit API to get “included in” information.

    • Add methods on the change API to get comments and draft comments as lists.

    • Add back the oneByExternalId method on InternalAccountQuery.

      This was removed in 2.16 but is added back so it can be used by plugins and extensions.

    • Make DefaultChangeReportFormatter extendible by plugins.

    • Make the wording of the “Change Merged” email templates consistent between the HTML and text versions.

    • Add a .gitreview file.

      For developers used to using the git-review tool for interacting with gerrit servers, it’s necessary to have a .gitreview file in the repo in question pointing to where the gerrit is.

    • Reduce log spam of “setting reductionLimit” debug messages of the Prolog engine.

    • Issue 11325: Do not update change set modified date on ReviewDb when a user delete all its draft changes.

    • Fix rebase change REST API returned status code.

      The rebase change REST API returned 422 Unprocessable Entity, instead of 500 Internal Server Error, if the specified base change is missing.

    • Fix detecting changes of parent trees when computing change kind for merge commit.

      A new patch set of a merge change is considered as NO_CHANGE if the commits have the same delta and trees. For merge commits this includes comparing the trees of the parent commits.

    • Catch all exceptions for reporting on Schema_130 migration and display the name of the project that failed the migration.

    • Fix and expand documentation of REST API to get revision files

    • Issue 11235: Fix ls-user-refs reporting wrong results because it was not using the identity of the username given as parameter.

    • Issue 11222: Skip receive.maxBatchCommits when skip-validation option is passed and a commit validator implements shouldValidateAllCommits

    • Issue 10855: Fix standalone GWT plugin builds failing because of a broken transitive load of GWT_PLUGIN_DEPS for in-tree plugin builds

    • Issue 11148: Speedup online reindex migration by skipping evaluation of submit rules for closed changes.

    • Issue 11016: Fix Gerrit slave site init leads to update failure on system_config caused by read-only transaction

    • Issue 11271: Update rules_go to 0.18.6 for compatibility with Bazel 0.27.0

  • Replication plugin fixes:

    • Issue 10852: Fix stale replications caused by in-flight pushes not properly removed when failed.

    • Issue 11204: Fix creation of missing repository when replicating to a Gerrit server over HTTP.

    • Issue 11175: Introduce new ref-filtering extension point for preventing replication of outdated SHA1s, mostly useful in a multi-site scenario to prevent split-brain.

    • Issue 11055: Fix failure to start when re-triggering persisted events

    • Issue 11172: Fix persisted event is removed before all replications to all nodes are completed.

    • When replication plugin is stopped or reloaded, mark all the currently pending replications as cancelled.

    • Allow to configure timeout for SSH connections and SSH commands.

      The timeouts can be configured with gerrit.sshConnectionTimeout and gerrit.sshCommandTimeout, respectively.

    • Make more classes and fields public/protected to ease extensibility.

    • Improve handling of remote repository creation failures.

    • Reintroduce boolean return value of methods in AdminApi.

    • Refactor AdminApiFactory to an interface with a default implementation that gets bound as a dynamic item, which can be replaced by derived implementations.

    • When rescheduling due to in-flight push also log the in-flight task ID.


  • Issue 11016: Fix failure to initialize on slave.

  • Issue 10763: Fix ACLs to allow regexes for tag and ref permissions.

    The documentation states that reference names can also be described with a regular expression by prefixing the reference name with ^, but the UI only showed the creation field when a non-regex name was used.

  • Issue 11082: Close changes oldest first when submitting on push.

  • Issue 11059: Fix setting BLOCK on partial label range in permissions.

  • Issue 10852: Replication plugin: Fix scheduling starvation.

  • Issue 11110: Do not swallow the exceptions that caused REST-API to return with a status >= 400.

  • Issue 11086: When a WIP change is implicitly merged by direct push to the branch, its WIP state is unset.

  • Show submit button with tooltip when not allowed to submit.

    The submit button was hidden when the user did not have permission to submit, or other conditions prevented submit (for example the change being WIP).

  • Allow commit validation listeners to ignore the skip-validation push option.

    Gerrit allows certain users to skip validation of new commits by passing the skip-validation push option.

    A new method shouldValidateAllCommits is added on the CommitValidationListener, to allow plugin implemented validators to override this option and always be invoked for new commits. The new method has a default implementation that returns false meaning that existing implementations don’t need to be modified and will behave the same as before.

  • Optimize commit and ref operation validation for non-ff push.

    On a non-ff push all the commits were validated before the ref operation was validated. On a push with many commits, validating all the commits is wasteful in the case where the ref operation is rejected. The logic is changed so that the ref operation validation is performed before the commit validation.

  • Disallow change index task duplication.

    It was possible for multiple index tasks to be queued for the same change.

  • Fix formatting issues and inconsistencies in soy email templates.

  • Use URL Formatter interface to generate URL in outgoing emails.

  • Fix error message when JRE is not found when starting Gerrit.

    The error message recommended to check for a JRE “>= 1.7”, but Gerrit requires Java 8 minimum.

  • Expose the createProject method of the CreateProject class to plugins.

    This allows plugins to directly invoke the project creation, avoiding the checks that are performed when invking via the apply method.

  • Expose the jsr305 library in the plugin API.

  • PolyGerrit UI fixes:

    • Only display 404 page on initial load.

    • Don’t reload when viewing dashboard.

    • Fix hiding the HTTP password screen.

      It was possible for the HTTP password to be un-hidden using CSS.

    • Add an extension point to allow adding links to the user header.

    • Add extension point to the footer so that users can add links to their Privacy policy or Code of conduct.

    • Fix dialog popup when going to /admin/create-project.

  • Elasticsearch fixes:

    • Support for Elasticsearch 7.2 and and upgrade elasticsearch-rest-client to 7.2.0.

    • Issue 10499: Set default number of shards according to Elasticsearch version.

      In Elasticsearch version 7.0 the default number of shards was reduced from 5 to 1.

      See the Elasticsearch documentation for details.


  • Improve performance of migration of accounts to schema 146.

    • Migration of the accounts is parallelized. The default number of threads used is the number of available processors. This can be customized using the threadcount system property.

    • Before the migration, gc --prune=now is executed.

    • When hosted on FileRepository, refs are packed after migration of every 1000 accounts.

    • A progress indicator counts every 100 accounts migrated.

  • Issue 10790: Avoid evaluating submit rules twice for open changes.

    Prolog submit rules were evaluated twice per page view for an open change, which caused performance degradation on projects defining complex rules.

  • Issue 10943: Set References: header on new change notification mail.

    GMail changed the way emails are grouped in conversation view, which, combined with the fact that Amazon SES changes the Message-ID header, resulted in the new change notification email not being grouped with subsequent emails related to the same change.

  • Issue 10896: Fix eliding project name without slash in notification emails.

  • Issue 10920: Fix commit date of initial empty commit when creating new project.

    The commit date of the initial commit was the server start time, rather than the date of the actual commit.

  • Issue 10952: Fix definition of PID in

  • Don’t send “GPG keys added” notification when no GPG keys were added.

    A GPG key update can include both addition and removal of GPG keys. The notification email for addition of new keys was always sent, even if the update only removed keys.

  • Update email notifications on changing security related settings.

    Email notifications are now sent when a GPG or SSH key is removed, and when the HTTP password is deleted or changed.

    An email notification is now always sent when an SSH key is added to an account, even when it was added by an administrator.

    These notifications allow to alert the user if their account is compromised and keys or password are altered by the attacker.

  • Remove explicit dependency on protobuf_java.

    The protobuf_java library is now consumed from rules_closure.

  • Add methods to generate and set the HTTP password on the accounts API.

  • Don’t send “GPG keys added” notification when no GPG keys were added.

    A GPG key update can include both the addition and removal of GPG keys. The notification email for the addition of new keys was always sent, even if the update only removed keys.

  • Add methods to generate and set the HTTP password on the accounts API.

  • Issue 10664: Fix duplicate key detection when using MySQL for the patch review store.

    Retrieve the error code number from the SQL exception to correctly detect and ignore a duplicate key error.

  • LDAP: support servers that do not allow anonymous browsing.

    Add ldap.supportAnonymous configuration setting in gerrit.config to support servers that do not allow anonymous browsing. Default is true per standard and best practice.

  • Elasticsearch fixes

    • Issue 10496 and Issue 10844: Fix usage of include_type_name in index creation.

    • Add support for Elasticsearch 7.1.

    • Upgrade elasticsearch-rest-client to 7.1.1.

  • PolyGerrit UI fixes

    • Issue 11020: Add syntax highlighting for mjs files.

    • Issue 10549: Fix single tab indentation in PolyGerrit diff view.

    • Issue 9409: Fix replacement of file content when navigating between files with [ and ].

    • Upgrade polymer-resin to 2.0.1.

    • Issue 10670: Fix selection of merge base when navigating between merge commit changes.

      When navigating between merge commit changes, the selection of the merge base was not persisted.

    • Hide overflowing author element content.

      In the case of vertical stacking Unicode characters, it was possible for the text to overflow out of the element and into other details on the review page.

      That is a partial fix for the problem described in issue 10795.

    • Issue 10744: Fix display of “Show More” after change screen reloaded.

    • Issue 10757: Fix handling of “Automatically mark viewed files reviewed” preference.

      Files were automatically marked as reviewed even when the setting was disabled.

    • Issue 10549: Fix single tab indentation in diff view.

    • Use dom-if instead of CSS when hiding the user’s password in the element gr-http-password, to prevent users from using CSS to reshow the password screen.

    • Hide project-aware top menus from the header.

    • Upgrade highlightjs for syntax highlighting fixes:

      • Treat False, None and True as literals in python.

      • Fully support C++11 raw strings in cpp.

  • Core plugins

    • Replication plugin: Fix internal server error when username or password not specified for remote.

      The username and password are both optional, but the replication plugin failed with a null pointer exception if either of them was omitted.

    • codemirror-plugin: upgraded to the latest revision on master, which includes the following fixes and improvements:

      • Bazel: Fix lint warning flagged by buildifier

      • Add .mailmap

      • Remove CodeMirror modes that are not supported at Google

  • Documentation updates

    • Issue 10897: Update links to Google individual and corporate CLA pages.

    • Clarify that account must have a username to be able to set HTTP password.

    • Fix formatting in project config documentation.


  • Issue 10695: Upgrade JGit to to fix regression in packfile list handling.

    If core.trustfolderstat was set to false, an infinite loop could occur when an object was not found in the packfile.

  • Add support for Elasticsearch 6.7.x and 7.0.x.

    The elasticsearch-rest-client is upgraded to 7.0.0.

  • Don’t abort auto-abandoning if one change failed.

    When failing to query a single change during auto-abandoning, the whole process was aborted. Now the failure is logged and the process continues to attempt to abandon subsequent changes.

  • Issue 10693: Avoid empty item in list of conflicting files on cherry-picking a change.

  • Fix leak of temp files during merge operations.

    TemporaryBuffer instances created during merge operations could leave undeleted temporary files in the file system.

  • Improve logging of invalid schedule values, and clarify documentation.

    When a schedule value, for example gc.startTime or gc.interval, was configured, the error message in the log was not helpful. This is now improved to include more information about what was wrong.

    Additionally, the documentation is updated to clarify that the hour value in times must be zero-padded.

  • Install template example during installation.

    The installation of this template into $site_path/etc/mail was omitted.

  • Upgrade Flogger to version 0.4.

  • Upgrade metrics-core to 4.0.5.

  • Upgrade protobuf-java to 3.7.1.

  • PolyGerrit fixes:

    • Issue 10696: Increase autocomplete limit for repo inheritance in access page to 50.

    • Issue 10703: Highlight Starlark files as Python.

    • Do not show the HTTP credentials screen when auth type is not HTTP.


New Features

  • Issue 5728: Add support for cherry-picking changes with merge conflicts in PolyGerrit.

  • Issue 8081: Add support for “Show Relative Dates in Changes Table” preference in PolyGerrit.

  • Issue 8838: Add support for “Default Base For Merges” preference in PolyGerrit.

Bug fixes

  • Issue 9851: Fix avatars not showing correctly.

  • Issue 8495: Do not show “Patch file” if change does not have a parent.

  • Issue 10494: Fix display of change creation screen on mobile devices.

  • Issue 8678: Fix setting “Automatically mark viewed files reviewed” in user preferences.

  • Issue 10586: Fix syntax highlighting for Verilog/SystemVerilog.

  • Fix that an endpoint cannot be used by two plugins anymore.

    ‘name’ does not exist on the plugin object, so the _initializedPlugins map would store undefined=>true for the first plugin and then not allow any further plugins.

    For example the change-view-integration could not be used by buildbucket and tricium anymore.

  • Issue 10587: Fix setting group visibility.

Other Fixes
  • Issue 10562: Upgrade JGit to to fix corruption of packfile list due to concurrent access during GC.

    See JGit issue 544199 for details.

  • Issue 10591: Fix account and group query with Elasticsearch 6.

    The wrong document type was used in the request URL, causing the query to return no results.

  • Issue 7192: Strip trailing slashes from name when creating repository.

  • Issue 10568: Add is:submittable to search suggestions.

  • Issue 10600: Fix commit-msg hook to abort commit when commit message is empty.

  • Allow the @LogThreshold annotation to be inherited.

  • Fix documentation of hashtag: search predicate.

    The documentation incorrectly stated that the search was an exact match.


New features

  • New configuration option: gerrit.primaryWeblinkName.

    The new configuration option allows to specify the name of the link the UI should use when multiple weblink providers are available but only one single link may be shown on the UI.

  • New configuration option: gerrit.listProjectsFromIndex.

    The new configuration option allows restoring the legacy behavior of using the in-memory cache for rendering the list of projects. When set to true the list of projects is rendered using the secondary index and thus is limited by the queryLimits.

    By default is set to false, the in-memory cache is used as an engine for listing and thus returns all the projects without limits.

PolyGerrit UI changes

  • Gitiles change-weblink with default weblink name (“browse”) is now inline.

    If available a weblink that links to a code-browser is displayed inline on the change screen. Previously weblinks were only considered links to code-browsers if their name was one of “gitweb”,”gitiles”. Weblinks with name “browse” are now also considered to be links to code-browsers and are displayed inline (href of current patchset and parent SHA1s) unless gitweb is available and configured as gerrit.primaryWeblinkName.

Plugins API

  • New annotation @LogThreshold for setting a logging level during the execution of the tests. By default is set to DEBUG for backward compatibility.

Bug fixes

  • Issue 10467: Fix hard-coded title for mark reviewed/unreviewed button.

    The button title was always “Mark as reviewed” even when the change was already marked as reviewed.

  • Issue 10155: Exclude WIP changes from ‘Assigned Changes’ dashboard.

  • Issue 10415: Fix replacement of project name placeholder in download command.

  • Issue 9911: Add dependency on resemblejs.

  • Issue 10344: Fix faulty relative URLs for change weblinks.

  • Issue 10355: Show all change-weblinks considered “code browser” weblinks.

  • Issue 10505: Show border at 72 chars for commit messages in side-by-side view.

  • Fix error in plugin loading.

  • Fix support for xml syntax highlighting.

  • Add commit container gr endpoint for plugins.

  • Fix missing </section> in gr-settings-view.

Other Fixes
  • Issue 10512: Include project name in change URL in Reviewed-on: footer in commit message.

  • Issue 10500: Fix injection of UrlFormatter in plugins.

    In version 2.16.1 the binding of the UrlFormatter interface was changed to use DynamicItem, but several classes were still injecting it directly. As a result, when such a class got injected in a plugin, the plugin would fail to load. It was also not possible for a plugin to provide an alternative implementation of UrlFormatter, and the DefaultChangeReportFormatter always used the DefaultUrlFormatter.

  • Issue 10488: Fix listing of GPG public keys.

    The GPG public keys were truncated in the output of the GPG key REST API endpoints.

  • Fix authentication for LFS over SSH.

  • Add logging of prolog rule reduction limits.

    The configured values of rules.reductionLimit and rules.compileLimit are logged at INFO level at server startup, and the effective value applied to a predicate is logged at DEBUG level.

  • Improve error message when JRE cannot be found during site start.

  • Suggest --no-edit option when Change-Id line is missing.

    When the Change-Id is missing, the commit can be amended without editing.

  • Fix commit-msg hook to not add a Change-Id when gerrit.createChangeId is disabled.

  • Upgrade elasticsearch-rest-client to 6.6.1.


New features

Allow searching for projects by parent project name, using the ‘parent:foo’ search operator in the query string. See the projects search operator documentation for more details.

Dependency Updates

  • Issue 10024: Upgrade Jetty to 9.4.14.v20181114 This version fixes a bug that prevents the go-import plugin from working

  • Issue 10279: Upgrade highlight.js to 9.14.0 This version fixes highlighting when Dart’s string interpolation feature is used.


  • Add warning that Javascript is required to use PolyGerrit.

  • Issue 10366: Fix loading topics that have unusual characters.

  • Issue 10415: Fix project name in the download-commands screen

  • Issue 4614: Add “verilog” and “SystemVerilog” to the mime list, enabling syntax highlighting.

  • Issue 10309: Support for setting max/min value for “Query Limit” and “Batch Changes” on the project’s access screen.

API Changes
  • Add a method to get revision votes on the revision API.

  • Issue 10380: Use project index to render change list on GWT UI.

    NOTE: As a consequence of this change, the list projects REST-API and project list screen on GWT UI will be subject to the same queryLimit capability settings as in the PolyGerrit UI. The same limit applies to the gerrit ls-projects command.

  • Issue 10382 DefaultMemoryCacheModule/DefaultMemoryCacheFactory are exported again in plugin API.

  • Issue 10401: Reimplement the project children API on top of the projects secondary index, which requires a significantly less amount of heap and CPU.

Other fixes

  • Add support for Elasticsearch 6.6.


Reindex for projects, accounts and groups indexes.

Gerrit 2.16.4 includes a fix to the projects, accounts, and groups secondary indexes. It is very unusual for Gerrit to require a reindex inside a point release. However, this is an exception because it is the only solution to fix the list sorting Issue 10210 reported on PolyGerrit.

The reindex of projects, accounts and groups can be performed either offline or online. For the offline reindex, make sure that Gerrit is not active and run the following commands:

  java -jar gerrit.war reindex --index projects -d ${site_path}
  java -jar gerrit.war reindex --index groups   -d ${site_path}
  java -jar gerrit.war reindex --index accounts -d ${site_path}

The online reindex does not require any commands: upgrade the gerrit.war and restart Gerrit.

NOTE: The online reindex for projects may take quite a long time and require a substantial amount of heap memory to run. During the reindex operation, Gerrit performance may be sluggish and, even after the reindex is complete, it would take quite some time for the memory to be released. It is thus recommended to perform the offline reindex, to avoid impacting the server performance at startup and after the reindex is complete.


  • Issue 8740: Disable deps.js requests in the index template to fix page load delay.

  • Issue 10371: Fix an issue where a saved edit would always restore the same content in subsequent edits of the same file, due to the cache not being erased.

  • Issue 9909: Do not crash PolyGerrit UI if permitted labels array is empty

  • Issue 10324: Allow plugins (e.g. delete-project) to control the cache invalidation and display new content immediately without refreshing the page.

  • Fix broken links in gr-icons.html.

  • Issue 7669, Issue 9614: Fix ‘/’ getting typed in search bar when pressed.

  • Issue 10151: Issue 10019: Fix the “delete” button visibility to allow branch deletion.

  • Issue 10317: Don’t show “Same Topic” for only one change.

    When there is only one change in the topic, it doesn’t add any value to show the “Same Topic” tab/section because it will always only include the currently viewed change.

    The query used to get the changes is modified to exclude the current change. This means that the “Same Topic” tab/section now only shows other changes in the same topic, but never the current change.

Other fixes

  • Issue 10326: Fix excessive heap and CPU usage when listing projects.

  • Create the .git/hooks folder in download commands.

  • Add method to get related changes in the Changes API.

  • Add method to get edit details in the Change Edit API.

    The new method allows to set the base revision, and request to include the files and download commands.

  • Add --skip-project option to the MigrateToNoteDb command.

    This is useful when only a few projects should be skipped but all others should be migrated.


  • Issue 10262: Upgrade JGit to to fix validation of wants in git-upload-pack for protocol v0 stateless transports.

    AdvertiseRefsHook was not called for git-upload-pack in protocol v0 stateless transports, meaning that wants were not validated and a user could fetch anything that is pointed to by any ref (using fetch-by-sha1), as long as they could guess the object name.

  • Issue 10242: Fix regression that allows a user’s account to be taken over when multiple authentication providers are in use.

    A regression introduced in 2.14.7 allowed a user’s account to be taken over by creating an account on a different provider with exactly the same username as the existing Gerrit account.

  • Issue 10082: Decouple online reindex activation from index module.

    Plugins were not loaded before online indexing was triggered, resulting in plugin-contributed submit rules not being evaluated during indexing.

    Online reindex activation is now decoupled from the index module and thus postpones the triggering of online reindexing until after loading of the plugins.

  • Evict group caches on group creation.

    If a group was created after a previous cache miss for its name, Id, or UUID, the cache also did not return the group if it is called immediately after the group was created.

  • Issue 10240: Fix internal server error when cloning a repository from Gerrit slave.

  • Improve error handling if comment note is too large during schema migration.

    During migration to schema 169, comments in NoteDb are migrated to json. If loading the blob for a comment note failed due to being too large (in excess of a hard-coded 25MB limit), the migration would fail.

    The hard-coded limit is now removed. It is still possible that the migration can fail if the blob is excessively large, but the logging of such a failure is improved so that the change that failed can be tracked down.

  • Issue 4278: Fix wrong code snippet in email notifications.

  • Upgrade jackson-core to 2.9.8.

    Version 2.9.8 includes several bug fixes, including security fixes.

  • Upgrade elasticsearch-rest-client to 6.5.4.

  • Issue 10263: Include edit ref in EditInfo element returned by the edit API.

    It was not possible for users of the Java API to get the edit ref.

  • Export the project indexer in the plugin API.

  • Issue 10260: Replication plugin: Fix auto-replay of stored events during config reload.

  • Add a new method on the account API to set the account name.

  • Add new methods on the project API to get/set the project’s HEAD.


  • Issue 9410: Add the GWT hash separator to the GWT url.

  • Merge top menu items contributed by plugins.

    Each plugin contributes a list single of menus, which are expected to be merged in existing top menu entries if they already exist. This was implemented in the GWT UI, but not in PolyGerrit.

  • Issue 10267: Add support for several more MIME types in syntax highlighting.

    Support is added for: powershell, xquery, cmake, coffeescript, crystal, diff, django, dockerfile, ebnf, elm, erlang, fortran, groovy, haml, haxe, ini, julia, latex, less, mathematica, nginx, nsis, postgresql, q, scss, scheme, excel, tcl, twig, vb, vbscript.

  • Issue 10137: Fix alignment of the “By User” column on the group audit screen.


  • SECURITY Issue 10201: Remove support for Git protocol v2, because of a security vulnerability discovered

    The JGit implementation of protocol V2 does not invoke the advertiseRefsHook on fetch and ls-refs, which results in all refs being sent, regardless of the configured ACLs.

  • Issue 9024: Fix setting PRIVATE and WIP for updated changes in console report.

    In some cases the private and work-in-progress status indicator for changes updated by push was shown incorrectly.

  • Issue 10564: Fix case-insensitive searching of hashtags.

    The index field has always been stored lowercase, since we intended hashtag searches to be case-insensitive. However, we never converted the input string to lower case, with the unexpected result that searching for hashtag:ACamelCaseTag would not return results for changes who contain that exact hashtag.

  • Issue 10112: Upgrade rules_closure to make Gerrit buildable with the latest Bazel version.

  • Issue 9781: Fix full ACL evaluation for LDAP groups.

    The LDAP groups have been historically filtered by relevance to the Gerrit ACLs. However, that optimization has the side effect of blocking users to access legitimate projects if they are temporarily not cached in memory. Allow to disable the LDAP filtering optimization for having always a 100% consistent ACL evaluation, regardless of the project’s cache status.

  • Upgrade elasticsearch-rest-client to 6.5.3.

  • Discontinue support for Elasticsearch 2.4.

  • Add preliminary support for Elasticsearch 7.

    Support for Elasticsearch 7 is added, and tested against the alpha1 release.

  • Add a new method on the account API to set the account name.


  • Issue 10018: Fix failure to upgrade schema when migrating from 2.13.

  • Issue 10038: Add support for Elasticsearch 6.5.

  • Issue 10052: Fix invalid requests to Elasticsearch.

  • Issue 10021: Security - Disallow create project to execute arbitrary code on the client by quoting and encoding project names.

  • Fix incorrect json in the example for the ‘Set Access’ REST endpoint.

  • Issue 10143: Fix internal server error when running the kill command.

  • Issue 9768: Explicitly set the number of shards and replicas for Elasticsearch, and allow them to be configured.

    From Elasticsearch version 7 the default number of shards per node will be changed from 5 to 1.

    The number of shards and number of replicas are now explicitly set when creating the index.

    The new settings elasticsearch.numberOfShards and elasticsearch.numberOfReplicas allow the values to be configured. The default values are 5 and 1, respectively, which is the same as the default values used by Elasticsearch prior to version 7.

  • Discontinue support for Elasticsearch 2.4.

  • Add preliminary support for Elasticsearch 7.

    Support for Elasticsearch 7 is added, and tested against the alpha1 release.

  • Fix internal server error when listing reviewers of a change with reviewers by email.

    Reviewers by email don’t have an account ID but formatting reviewers as JSON tried to get account IDs of all reviewers. This failed when the change had any reviewers by email.

  • Do not create index on account_group_members table in postgres database.

    The account_group_members table was deleted, but the postgres setup still tried to create an index on it, which prevented a new site from starting up.

  • Don’t serve PolyGerrit UI when running in headless mode.

  • Don’t serve static resources when running in slave mode.

  • Fix assignee’s status on the change screen.

    The assignee field’s status showed the change owner’s status text.

  • Add missing documentation of the ‘Read As’ capability.

Breaking changes

  • Change-Id: I3752456 Use dynamic binding for UrlFormatter.

    The UrlFormatter interface had a fixed binding to its default implementation, which meant it was not possible for plugins to provide a different implementation but were merely injecting it when needed

    It is now possible to replace the default implementation using a DynamicItem which requires a change in how it is injected and used in plugins.