Gerrit 2.16 Release

Download: 2.16.28 | 2.16.27 | 2.16.26 | 2.16.25 | 2.16.23 | 2.16.22 | 2.16.21 | 2.16.20 | 2.16.19 | 2.16.18 | 2.16.17 | 2.16.16 | 2.16.15 | 2.16.14 | 2.16.13 | 2.16.12 | 2.16.11.1 | 2.16.10 | 2.16.9 | 2.16.8 | 2.16.7 | 2.16.6 | 2.16.5 | 2.16.4 | 2.16.3 | 2.16.2 | 2.16.1 | 2.16

Documentation: 2.16.28 | 2.16.27 | 2.16.26 | 2.16.25 | 2.16.23 | 2.16.22 | 2.16.21 | 2.16.20 | 2.16.19 | 2.16.18 | 2.16.17 | 2.16.16 | 2.16.15 | 2.16.14 | 2.16.13 | 2.16.12 | 2.16.11.1 | 2.16.10 | 2.16.9 | 2.16.8 | 2.16.7 | 2.16.6 | 2.16.5 | 2.16.4 | 2.16.3 | 2.16.2 | 2.16.1 | 2.16

Release Highlights

• GWT UI is deprecated, and PolyGerrit is now the default UI.

• Experimental Dark Mode in PolyGerrit.

• Inline editing support in PolyGerrit UI.

• Redesigned UI for PolyGerrit based on material design.

• New configuration option to ignore self-approval on labels.

• New CommonMark/Markdown parser.

Important Notes

Known problem with schema upgrade

See the schema changes section for more information.

Known problem with plugins and index

Since 2.14.2 the plugins are loaded before online reindexing is started, so that prolog rules provided by plugins can be invoked during indexing. See issue 6472 for details.

This causes a problem for any plugins that access the index either directly or indirectly (i.e. by accessing a cache), because the index is not yet available when the plugin is loaded during server startup. An example of this is in the replication plugin, which needs to use the group cache when authGroup is used in a destination configuration.

A fix issue 10082 is available since 2.16.3 release.

Other known issues

• Issue 12546: The Change-Id footer is inserted at end of trailers instead of start.

  The commit-msg hook inserts the Change-Id at the end of the trailers, which could result in other trailers such as Signed-off-by being added multiple times.

Migration to NoteDb

NoteDb is now required for accounts (since 2.15) and groups (since 2.16), and is the preferred storage for changes.

In Gerrit 2.15:

• Account data (with the exception of Group data) was moved to NoteDB (release notes).
• Change data could be either moved to NoteDB (migration process), or left in ReviewDB.

In Gerrit 2.16:

• Group data is always moved to NoteDB (it is migrated automatically during the upgrade process, when you run gerrit.war init).

When upgrading to Gerrit v2.16, you are strongly advised to migrate fully (including changes) from ReviewDb to NoteDb.

You should review the documentation on NoteDb, including the information about the migration process:

• On-line migration
• Off-line migration

Although ReviewDb is still technically available on Gerrit v2.16, the upgrade to NoteDb is strongly recommended, although not enforced.

Note that in the next version of Gerrit (v3.0), ReviewDb will not be available.

Schema Changes

2.16.16 and earlier only support upgrading from 2.15.x. Use 2.16.17+ to upgrade directly from 2.11.x or newer. Using the latest 2.16.x version is recommended.

This release contains schema changes. To upgrade:

  java -jar gerrit.war init -d ${site_path}

On large sites, 2.16 schema migration might run for longer durations. To optimize it, one may execute SQL commands to insert the following columns for existing tables on a live running gerrit server at any time before migration work for 2.16 is started (even on really old 2.7 installations).

• work_in_progress, review_started and is_private on changes table.
• post_submit on patch_set_approvals table.
• unresolved on patch_comments table.

To insert these columns run the following SQL:

ALTER TABLE changes ADD is_private CHAR(1) DEFAULT 'N' NOT NULL CHECK (is_private IN ('Y','N')),
                    ADD work_in_progress CHAR(1) DEFAULT 'N' NOT NULL  CHECK (work_in_progress IN ('Y','N')),
                    ADD review_started CHAR(1) DEFAULT 'N' NOT NULL  CHECK (review_started IN ('Y','N'));
ALTER TABLE patch_set_approvals ADD post_submit CHAR(1) DEFAULT 'N' NOT NULL CHECK (post_submit IN ('Y','N'));
ALTER TABLE patch_comments ADD unresolved CHAR(1) DEFAULT 'N' NOT NULL CHECK (unresolved IN ('Y','N'));

Reindex for new projects index and changed group index

Gerrit 2.16 introduces a new secondary index for projects. The initial version of this index must be created by running the offline reindex before starting Gerrit:

  java -jar gerrit.war reindex --index projects -d ${site_path}

The group index gained two new fields, which Gerrit 2.16 depends on. For this reason, the following command to offline reindex the group index must be executed as well:

  java -jar gerrit.war reindex --index groups -d ${site_path}

The offline reindex for groups should also be run on Gerrit slave hosts.

Note that if you are migrating from v2.15, it is not necessary to reindex the changes and accounts indexes offline. These will automatically be reindexed by the online reindexer after starting Gerrit.

Support for GWT UI is deprecated

From 2.16 GWT UI is deprecated and will be removed in a future version.

Discontinued support for Internet Explorer

PolyGerrit no longer officially supports Internet Explorer. It never really worked.

Support for Velocity templates removed

In version 2.14 support for Soy templates was added. For backwards compatibility, support for Velocity templates (VTL) was kept.

In version 2.16 support for VTL is completely removed. Site administrators must replace any Velocity templates (.vm files in $site/etc/mail/) with the equivalent Soy templates before upgrading to this version.

Push to refs/changes is deprecated

The possibility to push to refs/changes is now disabled by default. It is still possible to enable it in the gerrit config by setting receive.allowPushToRefsChanges to true.

Legacy /p/ prefix for Git/HTTP projects is removed

The /p/ cannot be used anymore and the /a/ prefix should be used for Git/HTTP with basic authentication.

DELETE requests with bodies are no longer recommended

Some proxies, which are not under client control, prohibit DELETE requests with bodies. DELETE requests with bodies could work on a first attempt, but could fail afterwards because a server they have no control over was updated. In this case, client users could be in trouble if they were not notified.

Therefore, we have decided to no longer recommend sending DELETE requests with bodies. They will continue to work in this release but should be considered as deprecated and will be removed in the next release.

Pegdown is replaced by Flexmark

flexmark-java is a Java implementation of CommonMark 0.28 spec parser using the blocks first, inlines after Markdown parsing architecture.

Its strengths are speed, flexibility, Markdown source element based AST with details of the source position down to individual characters of lexemes that make up the element and extensibility, compared to Pegdown speed that was, in general, less than ideal and for pathological input either hangs or practically hangs during parsing.

SYSTEM_CONFIG table is removed

This table was used to retrieve the site_path directory in unattended setup mode. As a replacement, system property gerrit.site_path should be used.

Git clients older than 2.x are not supported anymore

The Gerrit commit-msg hook script for adding the Change-Id in every local commit has been simplified and is now using the git-interpret-trailers command. The interpret-trailers command is available as of git v2.2.0, released Dec 2014.

As of Gerrit 2.16.18, the commit-msg hook uses the --where option to the git-interpret-trailers command. This was added in git v2.15.0, released Oct 2017.

Existing cloned repositories that have been cloned before the migration to v2.16 and thus having the old hook for generating the Change-Id will continue to work. However, new clones and hook scripts will need to upgrade your local git client to v2.2.0 or later.

If you have existing older git clients and cannot migrate to v2.2.0 or later, you need to keep serving the old script, copying it to the Gerrit /static directory, and then amend the Gerrit helper instructions to download it.

Example (assuming Gerrit installed on $GERRIT_SITE and available at https://gerrit.mycompany.com):

$ curl 'https://gerrit.googlesource.com/gerrit/+/stable-2.15/gerrit-server/src/main/resources/com/google/gerrit/server/tools/root/hooks/commit-msg?format=TEXT' > $GERRIT_SITE/static/commit-msg
$ git config -f $GERRIT_SITE/etc/gerrit.config gerrit.installCommitMsgHookCommand 'gitdir=$(git rev-parse --git-dir); curl -o ${gitdir}/hooks/commit-msg https://gerrit.mycompany.com/static/commit-msg ; chmod +x ${gitdir}/hooks/commit-msg'

From Gerrit version 2.16.18, users may also download the older version of the hook from the installed Gerrit site without the admin having to copy it to the static folder:

$ scp -p -P 29418 john.doe@review.example.com:hooks/commit-msg-legacy ~/myproject/.git/hooks/commit-msg

Note, however, that with both workarounds mentioned above, the “Clone with commit-msg hook” command in the project view still results in the new hook being downloaded.

current_user predicate is removed from the submit rule evaluator

As a consequence of this, the result of a submittability rule check can no longer depend on the user who is requesting it.

For example, it is no longer possible to define a submit rule that would enforce that only change owners can submit a change. A workaround is to grant the ‘Submit’ permission to the ‘Change Owner’ group in project access controls, although note that this can only be done at ref level and cannot be dynamically applied in the same way that a prolog submit rule could.

startTime in schedule configuration now requires hours to be zero-padded

As a result of replacing JodaTime with the Java 8 Time API, times specified in schedule configurations, for example for the GC schedule, must zero-pad the hours. I.e. 06:00 rather than 6:00.

New Features

‘Read As’ capability

The new ‘Read As’ capability allows users to impersonate any user to see which refs they can see.

Note: the capability was added in 2.16 but only documented since 2.16.1.

Disable log file rotation and compression

On sites where log file rotation and compression is done by an external service such as logrotate, administrators may wish to disable Gerrit’s default log rotation and compression.

This can now be done by setting log.rotate and log.compress to false.

Both settings default to true when not set, to maintain consistent behavior with previous releases.

Support for reloading gerrit.config

The contents of the gerrit.config file are cached at startup by Gerrit. For most configuration properties, if they are modified in this file, Gerrit needs to be restarted before it will use the new values. Some properties now support being reloaded without restart.

A new SSH command reload-config and REST API endpoint are provided to invoke the reloading.

Not all configuration properties support reloading. For those that do, it is mentioned in the documentation.

PolyGerrit enhancements

Repo access view

• Issue 6569 Add repo access view.

PolyGerrit UI displays the repository access information and allows editing it.

Inline edit

• Issue 4437 inline edit is fully implemented using the CodeMirror Editor plugin.

  A new core plugin, codemirror-editor, is available, which uses CodeMirror to provide a rich code editing experience in PolyGerrit.

  When you upgrade Gerrit using init -d, you are given the option to install the codemirror-editor plugin.

Change screen improvements

• Issue 8213 Follow-Up button is missing on change screen
• Issue 8218 Open inline diff when clicked on file list row
• Issue 8241 Change comment threads are interleaved
• Issue 8260 Submitted together section shows which change is the one currently displayed
• Issue 8528 Show vote chips in change messages
• Issue 9111 Add expander icons to messages
• Issue 9532 Provide CLI assistance for updating Gerrit changes in the change view
• Issue 9707 Assigned to you section on dashboard
• Issue 2390 Allow to mark review as read/unread by clicking on some icon and/or button
• Issue 4528 Indicate what labels a reviewer can vote on
• Issue 5178 File name as header when viewing a change inline.
• Issue 5329 Support for the find-owners plugin
• Issue 5433 Make SHAs selectable in the UI
• Issue 5452 Make shift-j jump to index if no files remain with comments.
• Issue 6198 Allow control whitespace diff in the UI
• Issue 6781 Change/patchset actions have tooltips describing their behavior
• Issue 6984 “Discard” button on review comments requests confirmation prompt
• Issue 7698 New popup for “This change has been merged”
• Issue 7773 Ask for configuration on the submit button

General improvements

• Issue 8983 Lazy-load gr-avatar images
• Issue 4915 Support “Show Change Sizes As Colored Bars” setting
• Issue 7886 TShirt sizing for changes in the dashboard and change-view
• Issue 7961 Display dividing line for metadata
• Issue 9000 Fix adding groups created by the singleusergroup plugin
• Issue 9216 Close the groups editor after submitting

Differences from GWT

• Writing a cover message on a specific patch set is no longer possible.

  The cover message is always added on the current patch set. This means that any system that relies on notifications being sent for a specific patch set will no longer work.

New logging framework

For logging Gerrit is now using Flogger instead of SLF4J. The logging backend is still LOG4J.

The Flogger LOG4J backend is configured by a system property (flogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance) that must be set for logging to work. There is an init step that automatically sets this system property in the gerrit.config file and in addition Gerrit tries to set this system property automatically on startup if it isn’t set yet. However for some setups you may need to do additional actions to make sure that this system property is set.

In addition there is a system property that needs to be set for request tracing (flogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance). Also this system property is automatically set in the gerrit.config file by an init step and in addition Gerrit tries to set this system property automatically on startup if it isn’t set yet. However for some setups you may need to do additional actions to make sure that this system property is set.

SLF4J can still be used by plugins, but using SLF4J in plugins is deprecated and with the next Gerrit release SLF4J will no longer be exported as part of the Gerrit plugin API jar. This means from the next release onwards, plugins must either migrate to Flogger or have an own dependency on SLF4J.

REST API

There are several new REST endpoints and additions to existing endpoints, as described in the REST API documentation.

See below an overview of the noteworthy changes.

Access Rights Endpoints

• ProjectAccessInfo has a new field configWebLinks containing a list of URLs that display the history of the configuration file governing this project’s access rights.

Accounts Endpoints

• Query accounts requires the Modify Account permission to return all the emails associated with the account.

• New endpoint /drafts.delete to remove the drafts comments associated with an account.

Changes Endpoints

• New endpoints to lists, get and delete the messages /messages of a change including the detailed account information associated.

• New endpoint /cherrypick to cherry-pick a specific commit.

Config Endpoints

• New endpoint /server/reload to reload Gerrit configuration.

• New endpoint /server/preferences.edit to retrieve and update the global edit preferences for the server.

Groups Endpoints

• New option ?owned-by to find groups that are owned by another group

Project Endpoints

• New option ?state to get all projects with the given state.

• New option ?query for querying projects limited to a maximum of ?limit entries.

• New endpoint /description for updating and deleting the project’s description.

• Check project access endpoint is now a GET API while the POST is still supported by deprecated.

• New endpoint to index a project /index and all the changes /index.changes associated to it.

• New endpoint /check to check project’s consistency.

Commit Endpoints

• New endpoint /files to list files associated with a commit.

Request Tracing

If a request is traced the unique trace ID is attached to all logs that are triggered by the request. In addition all logs are enforced regardless of the configured log level. Given the trace ID an administrator can find the trace in the error log and debug issues more easily.

Detailed information about request tracing can be found in the request tracing documentation.

New configuration option to ignore self approval on labels

A new option for Review Labels, label.Label-Name.ignoreSelfApproval, is available.

If true, the label may be voted on by the uploader of the latest patch set, but their approval does not make a change submittable. Instead, a non-uploader who has the right to vote has to approve the change.

It defaults to false, but one possible use case is to set the value to true for the Code-Review label in the All-Projects project. That value will then be inherited by all projects that do not override the Code-Review label settings.

Bug Fixes

• Issue 10106: Fix internal server error when updating project access via REST API without specifying ‘action’ entity.

Dependency Updates

• Update args4j to 2.33

• Update Brics Automaton to 1.12-1

• Update BouncyCastle to 1.60

• Update commons-compress to 1.15

• Update commons-lang3 and commons-net to 3.6

• Update Dropwizard metrics-core to 3.2.5

• Update Elasticsearch to 6.4.3 (Updated to 6.5.4 in 2.16.3)

• Add dependency to flexmark-java 0.34.18

  Flexmark is a CommonMark/Markdown parser for java.

• Add dependency to flogger 0.3.1

  Flogger is a fluent logging API for Java and Gerrit is using Flogger instead of SLF4J now.

• Update greenmail to 1.5.5

• Update gson to 2.8.5

• Update guice-* to 4.2.1

• Update JGit to 5.1.3.201810200350-r (Updated to 5.1.7.201904200442-r in 2.16.8)

• Update Lucene to 6.6.5

• Update mime4j to 0.8.1

• Update OpenID4Java to 1.0.0

• Update Ow2.asm to 6.2.1

• Update javax.mail to 1.6.0

• Update Jetty to 9.4.12.v20180830

• Update protobuf-java to 3.4.0

• Update soy to 2018-03-14

• Update SSHD to 2.0.0 and Mina to 2.0.17

• Update tomcat-servlet-api to 8.5.23

• Update tukaani-xz to 1.6

• Remove dependency on Velocity

• Remove dependency on joda-time and joda-convert

  NOTE: joda-* dependencies are no longer exported in the Gerrit plugin API. Existing plugins that still rely on them need to be amended to include the explicit dependency on joda-* libraries.

Plugin API changes

• ChangeInfo and RevisionInfo: Update copy methods to copy fields that have been added recently

• Support allow_conflicts option in cherry-pick input on CherryPickInput

• Have common class for entries in DynamicMap/DynamicSet/DynamicItem

• New API for deleting draft comments of a user in AccountApi

• New annotation RemoveAfter for documenting features in Gerrit that can be deprecated

• DynamicSet returns Iterable for entries instead of Iterator

• Support for deleting change message via REST API in ChangeMessageApi

• New common interface for all REST views on collections, RestCollectionModifyView, removing duplicate code in the RestApiServlet. Rest{Create,DeleteMissing}View are renamed to RestCollection{Create,DeleteMissing}View. See the relevant change for more details.

• Support binding a RestView to delete a missing resource through a brand-new DeleteViewBinder. See the relevant change for more details

• New Api and REST endpoint to reindex a project on ProjectApi.

• New RestCollection{Create,Delete,Modify}View that can be bound for POST and DELETE requests on collections via RestApiModule. The AcceptPost interface is not available anymore and existing code making use of it needs to be adapted to use the RestCollectionView.

• Support getting account details in AccountApi.

• New API and REST endpoint for accessing change messages in ChangeApi.

• Add extension API for emails and support setting an email as preferred in AccountApi and EmailApi.

• Add API and REST endpoints to get/set default edit preferences in Server.

• Allow to filter list by project state in Projects.

Bugfix Releases

2.16.28

• New features

  • Change 314702: Introduce flag --migrate-draft-to during init for Schema_159 migration.

  • Issue 14777: Allow per-project on-line notedb migration.

• Reindex performance improvements

  • Change 322935: Fix buggy Index-Interactive Executor.

    Fix index.threads when set to a negative value which was not using a direct executor as mentioned in docs.

  • Change 323215 Change 322296: Disable auto flushing during offline Lucene indexing.

  • Change 322835: Use thread count specified on offline reindex command line.

    Honor the --threads command line option when provided instead of batchThreads property from gerrit.config.

• Gerrit migration performance improvements

  • Change 322436: Avoid creating loose objects in Schema 146.

  • Change 322295: Avoid creating loose objects in schema 167.

  • Change 322435: Fix schemas to use the appropriate ObjectInserter.

  • Change 321115: Update schemas 115,119 to create a desired initial commit.

  • Change 321075: Create initial commit in schema 146 only when necessary.

  • Change 322115 Change 321496 Change 321495 Change 321135 Change 320178: Avoid creating loose objects in schemas 115, 119, 124, 139, 144, and 154.

  • Change 320179: Parallelize inserts into accountPatchReviewDb in schema 127.

    Reduce the migration time on large sites by parallelizing inserts to accountPatchReviewDb. Default number of migration threads is equal to number of CPUs or can be manually configured through system property ‘schema127_threadcount’.

  • Change 320177: Make schema migraitons more efficient by listing repositories only once.

  • Change 321055: Update schemas 115,139,144 to ignore entries not in the ‘accounts’ table.

  • Change 302923: Warm PostgreSQL DB before migration.

  • Change 321635 Change 319997: Parallelize schemas 108,130,131 which perform updates on each repository.

  • Issue 14097: Fix display the GC action on project commands for Gerrit in multi-site configuration.

• Bug Fixes

  • Issue 15262: Prevent infinite loops with GWT UI and HTTP auth.

    Prevent the legacy HTTP form used for redirection with HTTP authentication from generating an invalid request ‘?polygerrit=0login/’ and going into an infinite login loop ‘?polygerrit=0login/login/’.

  • Issue 14963: Fix /access REST APIs returning incorrect rule when group is duplicated for same rule.

  • Change 323095: Add --migrate-draft-to flag on init doc.

  • Change 313561: Handle null account-ids when sending e-mails.

  • Change 313763: Make shuffling project slices optional in notedb migrator.

  • Change 302922: Make GC on repositories optional in notedb migrator.

  • Change 307602: Fix NPE while accessing draft refs.

  • Change 307482: EqualsLabelPredicate: fix bug that prevents matching owner votes.

• Dependency Updates

  • Update JGit to 5.1.16.202106041830-r, which contains the following improvements:

    • Change 180697: BatchRefUpdate: Skip saving conflicting ref names and prefixes in memory.

    • Change 180559: Avoid having to scan over ALL loose refs to determine if the name is nested within or is a container of an existing reference.

2.16.27

• Bug Fixes

  • Issue 13786: Update of user ssh key doesn’t get replicated to slave.

  • Issue 13931: Inline edit allows the modification of Change-Id across patch-sets.

  • Issue 14013: Gerrit uses ReviewDb even when migrated to NoteDb.

2.16.26

• Security Fixes

  • Issue 13858 CVE-2021-22553: Fixed memory leak in Git-over-HTTP requests.

    Unauthenticated users could exploit this problem in a Denial of Service attack, causing the server to go out-of-memory.

• Dependency Updates

  • Update JGit to 5.1.15.202012011955-r.

  • Update testcontainers to 1.15.0.

2.16.25

• Security Fixes

  • Issue 13621 CVE-2020-8919: Make PermissionBackend#ForRef authoritative.

    Fixes a misconception that leads to data being accessible through Gerrit APIs that should be locked down.

    Gerrit had two components for determining if a Git ref is visible to a user: (Default)RefFilter and PermissionBackend#ForRef (e.g., RefControl). The former was always capable of providing correct results for all refs. The latter only had logic to decide if a Git ref is visible according to the Gerrit READ permissions. This includes all refs under refs/heads as well as any other ref that isn’t a database ref or a Git tag. This component was unaware of Git tags and notedb-related refs. Hence, when asked for a database reference such as refs/changes/xx/yyyyxx/meta, the logic would allow access if the user has READ permissions on any of the ref prefixes (such as the default “read refs/* Anonymous Users”).

    That was problematic, because it bypassed documented behavior where a user should only have access to a change if he can see the destination ref. The same goes for other database references.

  • Issue 13514 CVE-2020-8920: Work around Gitiles bug on All-Users visibility.

    Gitiles has a special FilteredRepository wrapper that allows carefully hiding refs based on the project’s ACLs. There is however an optimization that skips the filtering in case a user has READ permissions on every ACL pattern(s). When the target repository is All-Users, the optimization turns into a security issue because it allows seeing all personal information associated with all accounts, i.e.:

    • draft comments
    • draft edits
    • personally identifiable information (PII) of all users
    • external ids

    This fix now blocks Gitiles or any other part of Gerrit to abuse this power when the target repository is All-Users, where nobody can be authorized to skip the ACLs evaluation anyway.

2.16.24

This minor release has been withdrawn.

2.16.23

• NoteDb Migrator Fixes and Improvements

  • Introduce a new option --force-state-change-with-skip in the NoteDb migrator to force state change of the migration if projects are skipped.

  • Introduce a new option --verbose in the NoteDb migrator to display more information about the migration progress.

  • Log the NoteDb migration progress every 1000 changes.

  • Fix contention on single database connection which all migration threads were competing for. Instead use one database connection per thread.

  • Update noteDb status in chunks to avoid an excessive number of DB connections is used.

  • Use multiple threads per project for improving the performance when there are a lot of changes per project. The impact is negligible on projects with a limited number of changes.

  • Ensure that all exceptions happening during the migration are properly logged.

• PolyGerrit UI Fixes

  • Issue 11706: Enable the ability to modify the commit message as part of change in-line edit.

  • Issue 13328: Project dashboard links stored in ‘My’ menu (GWT) lead to ‘cannot load page’ when switched to PolyGerrit.

  • Issue 13350: Cannot add group to (cc-)review if its UUID is not the internal one.

• Replication plugin Fixes

  • Issue 12769: Pending replication events can delay the Gerrit startup for too long.

• Documentation Updates

  • Introduce the documentation of Gerrit logs format and the meaning of each field.

  • Clarify how to resolve common Bazel issues with Eclipse project generation.

  • Document X-Forwarded-For header in the Gerrit reverse-proxy section.

2.16.22

• Security Fixes

  • Issue 12846: BadMessageException: 500: Response header too large.

    CVE-2019-17638

    Bump Jetty version to 9.4.30.v20200611 to fix regression introduced in Jetty version: 9.4.27.v20200227.

    Response header overflow leads to buffer corruptions Jetty server always allocates maximum response header size.

    For more details see also upstream issues:

    Issue 4936 Issue 4541

• Bug Fixes

  • Use multiple threads per project when reindexing changes

    To avoid idling threads during reindex operation, split the big projects into smaller parts and let the thread pool index these parts.

  • Issue 13105: Fix plugin builds on OSX

    This fixes plugin stamping by adding overwrite files without prompting option to unzip command.

  • Issue 12988: Fix issue with auto registering ssh commands

    AutoRegisterModules and PluginGuiceEnvironment checks if ssh command implements org.apache.sshd.server.Command interface. Correct interface name is org.apache.sshd.server.command.Command.

  • Issue 12935: Avoid closing System.out after All-Users GC in NoteDB migration

    By using try-with-resource wrappers around System.out for the garbage collection of the All-Users repo, System.out got closed when the wrappers got closed after the garbage collection. Due to the closed System.out, the final status messages of the migration got swallowed and did not make it to the screen.

  • Issue 12918: Honor project watches also for changes created via cherry-pick

    When a change was cherry-picked and a project watch expression from a user matched the newly created change a notification email (because of the project watch) was often not sent.

    Change the default for the CherryPickInput.notify to ALL, the same like in the CreateChangeInput.

  • Issue 12917: Switching between changes fails and in-line edit returns HTTP status 404.

    Switching between changes in a change series randomly fails. Also, when adding a file to a change using in-line edit fails constantly with an HTTP status 404.

2.16.21

• Security Fixes

  • Issue 12717: Deny access over HTTP for disabled accounts.

    A disabled account was still able to access over HTTP until the existing session expired.

• Bug Fixes

  • Issue 11707: Support /COMMIT_MSG for change edit REST endpoints.

2.16.20

• New Features

  • Bazel: Add //tools/bzl:always_pass_test rule to avoid boilerplate for running tests during build.

• Bug Fixes

  • Issue 12844: Trim and update Gerrit full name from the one stored in LDAP during login.

• PolyGerrit UI Fixes

  • Issue 12777: Hide the “No Votes” notice for labels created and approved by prolog rules.

• Replication Plugin Fixes

  • Issue 12806: Fix a regression where the project deletion was not propagated to the remote nodes.

2.16.19

• Breaking Changes

  • Elasticsearch: Support for EOL version 6.5 is discontinued.

• New Features

  • Enable to run online noteDb migration using multiple threads.

    The new configuration option notedb.onlineMigrationThreads allows tuning the number of threads the migration can use.

    This helps to speed up online migration at the expense of imposing a higher load on the Gerrit server running at the same time.

  • Add a new metric for monitoring Java deadlocks.

    The metric proc/jvm/thread/num_deadlocked_threads monitors the number of threads that are deadlocked waiting for object monitors or ownable synchronizers.

  • Add support for Elasticsearch 7.7.

• End-to-end Tests Improvements

  • Allow end-to-end tests to proportionally scale on their expected execution times.

    A power_factor environment property was added to the end-to-end tests core framework. Using that optional property, scenario steps can take some more (or less) time prior to expecting proper completion.

    The way to set that property locally then depends on the target runtime environment, or SUT latency. The property may be used for either core or plugin scenarios.

  • FlushProjectsCache related scenarios added to core (and the high-availability plugin).

  • Support for relative runtime weights in scenarios.

    Each scenario can now either weight like any other by default, or override that default with a greater weight value, compared to siblings that are lighter on execution times.

    Beside core, make the high-availability and multi-site plugin scenarios reuse this.

  • Allow scenarios to create and delete Gerrit changes alongside projects.

    Add the corresponding core support for an optional http request body to every such GerritSimulation. Either automate or allow environment properties to feed the related input test data.

    Beside core, make the high-availability and multi-site plugin scenarios test changes that way. The latter currently has Issue 12693 as a known limitation.

• Bug Fixes

  • Issue 12637: Fix SQL connection timeout during migration to schema 146 and 154.

    A full GC is run at the beginning of the migration, after every 100k accounts, and at the end of the migration. Additionally, bitmap index generation is disabled during the migration.

  • Issue 12606: Fix visibleto predicate for groups.

    If a group name was used in the visibleto predicate, changes were not returned even if the group had permission to see them.

  • Issue 12747: Fix change query visibility for internal user.

  • Issue 12755: Block the removal of the Realm primary external ids.

    It was possible to remove the email address associated with the primary id of a Realm, effectively resulting in the account being removed.

  • Isssue 12786: Fix wrong status returned when auth backend couldn’t be reached.

    The response 401 was returned when the auth backend could not be reached, instead of the response 503.

  • Fix internal server error on parsing commit message during receive commits.

  • Add autocomplete="off" to LDAP login form.

    Some security tools will flag the absence of the autocomplete flag as a possible security issue, as it could allow for passwords to be saved and automatically filled in on shared computers.

  • Issue 12646: Fix incorrect highlighting of diffs in the GWT UI.

    In some cases the highlighting was shown on an adjacent line rather than on the line that was actually changed. This happened in both the side-by-side and unified diff views in the GWT UI.

  • Issue 12667: Fix unwanted expansion of common lines at the bottom of a diff in the GWT UI.

  • Accept --ownedby as an alias of --owned-by in the groups REST API.

    The option was incorrectly documented as --ownedBy which resulted in an error “not a valid option” if anyone tried to use it.

    The documentation is fixed, and --ownedby is added as an alias so that it also works for anyone still referring to the old documentation.

  • Fix various misuses of the Flogger API causing exception details to be omitted in the log output.

    Exceptions were not properly passed to the logger which would cause the details to be omitted, or in some cases the message “ERROR: UNUSED LOG ARGUMENTS” to be emitted.

    • When a project migration fails in the migration to schema 169
    • When an invalid PAPE response is received during OpenID authentication
    • When a plugin config is invalid and cannot be loaded
    • When an error occurs while migrating a change metadata entry to JSON
    • When there is an unsupported charset in a patch text

  • Issue 12673: Fix emitting debug logs while running tests.

• PolyGerrit UI Fixes

  • Issue 12707: Apply diff preferences immediately after pressing “Save”.

  • Issue 12690: Only show the “Edit” button for open changes in the diff view.

  • Issue 12726: Fix incorrect highlighting after / character in Javascript.

  • Issue 12775: Fix parent of previous patch sets not being available.

• Replication Plugin Fixes

  • Issue 12678: Fix missing replication Id in replication logs.

    The migration to use Flogger in 2.16.17 caused a regression in the logging, where the replication Id was omitted from the logs. This is fixed by reverting back to slf4j logging for the replication log.

  • Issue 12719: Fix replication start --wait to track in-flight collisions and to not fail.

  • Issue 12731: Don’t lose state when there’s a pending push to the same ref.

    If there was already a pending push (not an in-flight push) to the same endpoint, the start for the push would be dropped when adding the push to the Destination. This meant that a replication start --wait command would never complete when one of its pushes was pending since its state would never receive the completion notification for that push.

  • Issue 11745: Fix firing pending “..all..” events on startup.

  • Issue 11760: Make persistent task keys stable.

  • Fix URL matching to match real URLs in addition to templated URLs.

  • Log when skipping deletion of a ref when pushing to a remote in mirror mode.

  • Improve logging of push failures caused by a lock failure on the remote.

  • Improve logging of refs to be pushed.

• Library Upgrades

  • Upgrade jackson-core to 2.11.0

  • Upgrade jetty to 9.4.27.v20200227

  • Upgrade testcontainers to 1.14.2

2.16.18

• Breaking Changes

  • Issue 12527: Elasticsearch: Support for EOL versions v5.6 and v6.0 to v6.4 is discontinued

  • Plugin API: Deprecated methods related to the draft workflow and change edits are removed

    • ChangeApi.getEdit()
    • ChangeApi.publish()
    • RevisionApi.delete()
    • RevisionApi.publish()

  • Metrics: Cache disk stat metric computation is disabled by default

    Calculation of the cache disks stat metrics for persistent caches is disabled by default because it is a very expensive operation that can block a thread for several minutes on larger installations.

    Installations that still want to use this metric must explicitly enable it with the cache.enableDiskStatMetrics configuration option.

• New Features

  • Make legacy version of the commit-msg hook available

    Make the older version of the commit-msg hook from gerrit 2.15.x, which does not use git-intepret-trailers, available from the site so that users who have an older client can download it.

• Bug Fixes

  • Fix handling of ambiguous name in visibleto search predicate

    If the visibleto search predicate was used with a display name that resolved to more than one account, the first account in the result was arbitrarily used. Now, this case will result in an error.

  • Issue 11625: Avoid multiple notifications for existing reviewers.

• PolyGerrit UI Fixes

  • Issue 12385: Fix memory leak in gr-plugin-endpoints.

• Library Upgrades

  • Upgrade rules_closure to forked version

    This fixes the “-parameters is not supported for target value 1.7. Use 1.8 or later.” warning when building. See PR 478.

  • Issue 12448: Upgrade Guice to 4.2.3 and switch to using no-AOP Guice distribution

    This allows to more easily support newer JDK versions.

  • Upgrade asm to 7.2

  • Issue 14242: Upgrade gwtjsonrpc to 1.12

    This fixes email token verification failures caused by non-URL-encoded characters.

• Security Fixes

  • Issue 8952: Do not require explicit “Push Tag” rights to refs/tags/* for pushing an annotated tag over HTTPS.

• Replication Plugin Fixes

  • Improve logging of why a project or ref is not replicated.

2.16.17

• Breaking Changes

  • The LogThreshold annotation is removed.

    The default log level for tests has been changed from DEBUG to INFO, and this annotation is no longer needed. It was originally introduced to allow classes to explicitly set their log level at level other than DEBUG.

    Plugins that use this annotation must be adjusted.

  • EnumSet replaced with Set in all plugin API

    All the plugins API have been amended to avoid the use of concrete class EnumSet in their method signatures. Source-level compatibility is preserved because Set is a super-class of EnumSet. However, existing plugins would fail with NoSuchMethodException unless they are rebuilt against the new APIs.

• New Features

  • Add support for Elasticsearch 7.6.x.

  • Include upload-pack metrics in the sshd log.

    In order to enable detailed performance and problem analysis, upload-pack metrics are now included in the sshd log.

  • Add new configuration setting core.packedGitUseStrongRefs.

    When set to true, this option enables using strong references to reference packfile pages cached in the WindowCache. If this option is set Java gc can no longer flush the WindowCache to free memory if the used heap comes close to the maximum heap size. On the other hand this provides more predictable performance.

  • Add new configuration setting sendemail.denyrcpt.

    This new setting works alongside the existing sendemail.allowrcpt, and allows to configure email addresses or domains that Gerrit may not send to.

  • Allow to format HTTP and SSH logs in JSON format.

    When log.jsonLogging is enabled, the HTTP and SSH logs are formatted as JSON, making it easier for them to be parsed. Note that the error log was already formatted in JSON when this option was enabled.

  • Add new metrics.

    Metrics are added for:

    • Jetty connections
    • JGit WindowCache and total load time for block cache entries
    • Available number of cores
    • Average system load for the last minute

    Refer to the metrics documentation for full details.

  • Issue 11493: Add an “Edit” button to the diff view in the PolyGerrit UI.

  • Add support for fsharp in highlighting syntax in the PolyGerrit UI.

  • Issue 12364: Add support for going to a specific line number in the inline editor.

  • Add prolog predicate to determine number of parents.

    The new predicate commit_parent_count can be used to detect merge commits.

  • Add NamedFluentLogger

    NamedFluentLogger is an extension to Flogger that allows to create a logger with a given name rather than the name of the enclosing class.

  • Issue 12444: Add support for max_result_window in Elasticsearch index configuration.

• Library Upgrades

  • Upgrade jackson-core to 2.10.3.

  • Upgrade Jetty to 9.4.24.v20191120, including a fix for supporting IPv6.

  • Upgrade JGit to 5.1.13.202002110435-r.

• Security Fixes

  • Issue 12440: Fix the access-path for AbstractGitCommand subclasses.

    The access path for the Receive.currentUser in the receive-pack command was wrongly set to SSH_COMMAND instead of to GIT. This allowed project owners to force-update a ref using git-over-SSH without having en explicit permission for that.

• Bug Fixes

  • Issue 11772: Cancel deprecation of change identifiers that was planned since 2.16.

    Since 2.16 the documentation of change identifiers states that the identifiers other than <project>~<numericid> are deprecated and will be removed in a future release. Since then the identifiers have still not been removed and there is no clear plan to do so.

    It is likely that “deprecated” identifiers are still used in links in places where they can’t be updated, for example in emails and forum posts. Due to this, and since continuing to support all of the types does not add any technical burden, ESC decided that the deprecation should be cancelled.

    The change.api.allowedIdentifier configuration setting is now obsolete and has been removed.

  • Issue 3340: Fix internal server errors when setting project access permission with bad regex.

  • Issue 10397: Don’t send notification email when publishing a change edit on a WIP change.

  • Fix removal of stale metrics from the metrics registry.

  • Issue 12349: Fix time attribute of file entries in plugin artifacts.

  • Make assumption on number of query results explicit for change Id arguments.

    When a change Id passed as argument was resolved to multiple changes, the first returned change was arbitrarily used. Now an error will be raised and logged.

  • download-commands plugin: Set SSH default port to 22.

  • Issue 10248: Allow direct upgrade from v2.14, adding created_on column if it doesn’t exist.

  • Document dependency from account deactivator to autoUpdateAccountActiveStatus and log a warning if the account deactivation task is configured but will not be scheduled.

  • Modify draft comments generation so that, when removed, they to point to an empty parent, so that All-Users can avoid size explosion.

  • Issue 12473: Fix broken links in Elasticsearch configuration documentation.

• PolyGerrit UI Fixes

  • Issue 4616: Open commentlinks to changes on the same server in the same tab.

  • Issue 12031: Fix issues with caching edited commit message.

  • Remove target=_self from commentlinks.

• Replication plugin fixes

  • Add method to push changes directly to given replica; intended to be used by other plugins that extend the replication plugin.

  • Check nulls in firePendingEvents at startup.

    After a sudden reboot (for unknown reason) Gerrit at startup couldn’t load because of NullPointerException.

  • Change default for the replicateOnStartup to false.

  • Don’t lose ref-updated events on plugin restart.

    When a ref-updated event is received, persist the event in the directory defined by the replication.eventsDirectory. When the updated ref is replicated delete the persisted event.

• Packaging Fixes

  • Issue 12355: Do not overwirte /etc/default/gerritcodereview upon upgrade.

• Other Fixes

  • Fix various minor coding issues reported by Error Prone and Sonar Lint.

  • Reduce log spam of ‘Repository not found’ stack traces.

  • Issue 11953: Reduce log spam during tests by reducing the default log level to INFO.

    The log level can now be explicitly set by the GERRIT_LOG_LEVEL system variable.

    The LogThreshold annotation is removed.

2.16.16

• New Features

  • Include request description in HTTP thread names.

    The HTTP worker threads had generic names like HTTP-100, HTTP-101, etc. While we could conclude from the stack trace what this thread was doing, we missed some important information like repository name, user name, etc.

    The HTTP threads now have descriptive names. For example, if there is an ongoing git-fetch operation we will see a thread named like: HTTP POST /a/myProject/git-upload-pack (johndoe from 10.87.75.169).

    This makes the naming consistent with SSHD threads, which are named like: SSH git-upload-pack /myProject (johndoe).

  • New metrics for Jetty threadpool.

    The new metrics are exposed under http/server/jetty/*.

  • Utility program to delete zombie draft comment refs.

    Deletion of draft comment refs was broken until 2.16.14, resulting in draft comment refs not getting deleted properly. Although it has been fixed, it’s still possible that zombie refs exist from previous versions. The new site program DeleteZombieCommentsRefs can be used to remove them.

  • Highlight WORKSPACE and BUILD.bazel files as Python in the PolyGerrit UI.

• Bug Fixes

  • Issue 12246: Fix generation of duplicate ChangeIds when creating a new change via REST.

    The Change-Id was computed from the commit content and the timestamp, which resulted in the possibility for two changes to get the same Change-Id when two empty changes were created by REST at the same time.

    The Change-Id is now generated randomly.

  • Issue 12097: Fix migration to NoteDb when orphan changes exist.

    In the case where a change belonged to a repository that did not exist, the migration failed.

  • Issue 12171: Upgrade rules_closure to the latest version to fix build breakage.

    Maven Central now requires HTTPS when downloading artifacts and returns “501 HTTPS Required” when a request is done over plain HTTP. This caused the build of Gerrit to fail when done in a completely clean environment because the version of rules_closure was still using HTTP.

  • Issue 12243: Fix unexpected deactivation of service user accounts.

  • Fix editing name and email for service user accounts.

  • Don’t check for conflicting refs when deleting a ref; improve performance of migration to schema 167.

    The migration to schema 167 involves deletion of refs. The performance was poor for large installations (for example 30k user refs and 20k groups) because the ref deletion implementation was doing an unnecessary check for conflicting refs.

  • Fix setting _moreChanges to the wrong value in change query REST results.

  • Upgrade highlight-js to get various fixes in source code highlighting:

    • fix(makefile) fix double relevance for assignments
    • (xml) expand and improve document type highlighting
    • fix(kotlin): fix termination of “”” string literals
    • (cpp) Add additional keywords
    • Backslash is not used to escape in strings in standard SQL
    • (javascript) fix jsx self-closing tag issues
    • enh(ini) support arrays and much cleaner grammar
    • (javascript) support jsx fragments

• PolyGerrit UI Fixes

  • Issue 11980: Fix handling of LDAP groups containing a dot in the PolyGerrit permissions screen.

  • Issue 12197: Fix rendering of commentlinks using link in PolyGerrit UI.

  • Add MessageOfTheDay entries to ServerInfo.

    Messages registered to the MessageOfTheDay extension point are added to the ServerInfo, which is fetched via REST API and displayed in a PolyGerrit UI element.

• Other Changes

  • Upgrade jackson-core dependency to 2.10.2

  • Improve logging when a metadata update fails.

  • Replace documentation of gerrit.ui with gerrit.enableGwtUi.

    Since 2.16 the gerrit.ui setting is no longer recognized. PolyGerrit is the default UI and this cannot be changed. The GWT UI can be enabled by setting the gerrit.enableGwtUi flag; PolyGerrit is still the default but users may switch to GWT if they prefer.

  • Update external Ids documentation with information on how to find the sha1 of an external Id and how to show the corresponding change note.

2.16.15

• New Features

  • Include thread name in the HTTPD and SSHD logs.

    Having thread name in the HTTPD and SSHD logs makes it easier to match entries from the error log. The error log entries already contain the thread name, so with the thread name included in each entry in the HTTPD and SSHD logs, we have more data to match an error to a request than just the timestamp.

• Bug Fixes

  • Issue 12070: Fix internal server error on git over HTTP calls when SSHD is enabled.

    Double cleanup of the request context caused an internal server error on push or fetch via git over HTTP.

2.16.14

• New Features

  • Issue 11973: Add copy-to-clipboard for generated HTTP password.

  • Add support for doctag in PolyGerrit UI syntax highlighter.

  • Add an event interface in the PolyGerrit API.

  • Add support for Elasticsearch 7.5.

  • Add documentation of how to perform backups of Gerrit.

• Breaking Changes

  • The default and minimum value of execution.defaultThreadPoolSize is increased to 2.

• PolyGerrit UI Fixes

  • Issue 11993: Stop loading fonts from external resources.

  • Issue 11984: Fix top menu bar on iOS.

  • Issue 8282: Avoid browser caching for diff on edit patch.

  • Issue 9444: Fix syntax highlighting for multi-char char constants.

  • Issue 12020: Fix ‘New Contributor Agreement’ screen.

  • Fix gr-syntax-params css class.

  • Fix overflow of branch name in change list.

• Other Fixes

  • Issue 7645: Fix thread deadlock when loading accounts from the account cache.

    Replacing Guava caches with Caffeine reduces the chances of having the deadlocks and improves the cache performance.

  • Disallow deleting the refs/meta/config branch via the ‘Delete Branches’ REST API.

  • Disallow deleting the HEAD ref via the ‘Delete Branches’ REST API.

  • Allow empty base revision in the ‘Create Branch’ and ‘Create Tag’ REST APIs.

  • Fix deletion of draft comment refs.

    In some situations, draft comment refs were not properly deleted but left empty. This resulted in unused draft refs persisting in the All-Users repository, polluting the namespace. Published draft comments as well as deleted draft comments were kept in the history of the draft ref, keeping them alive for GC, and causing a steady increase of repository size.

  • Use correct content type text/plain instead of plain/text in ‘Create SSH Key’ REST API.

  • Fix handling of interactive/batch users in the QoS filter.

    For the git-over-http requests this filter didn’t work properly because the basic authentication happened later in the filter chain and at the moment when the QoS filter was invoked the current user was not yet set.

  • Add project name to headers of outgoing change emails.

  • Fix and expand documentation of ref-update and commit-received hooks in the hooks plugin.

  • Upgrade gitiles blame-cache to 0.2-7.1.

  • Upgrade jackson-core to 2.10.1.

2.16.13

• New features:

  • Add a method on ProjectConfig to read from the repository.

    Add a method that allows to read the config from the repository without having to provide a MetaDataUpdate instance.

  • New syntax highlighting files format supported.

    Highlight Jinja2, Jenkinsfile, Soy and VHDL formats; associate cproj, xaml and svg as xml.

  • New getConfig() method in the PolyGerrit Plugin RestApi interface.

    Make the PolyGerrit RestApi interface to retrieve the server config and to cache it, accessible to plugins.

  • Add “readOnly” endpoint parameter to repo-config endpoint in PolyGerrit Plugin RestApi.

• PolyGerrit UI Fixes

  • Hide “HTTP Credentials” if auth is not HTTP or HTTP_LDAP.

  • Issue 11782: Fix assignment of CSS style for CodeReview -1 labels within comments.

  • Issue 7083: Stop query from executing if predicate is empty.

  • Issue 8513: Add the SHA hash of each patchset in dropdown menu as it was in the old GWT UI.

  • Issue 11715: Fix total additions/deletions counters when viewing diff against parent 1 on merge commit.

  • Issue 11682: Fix some corner-cases in the diff view where the download file feature did not work for added, renamed and deleted files.

  • Issue 10047: Add shortcut to copy ssh-rsa public key.

  • Issue 7867: Allow downloading the complete diff file as in the old GWT UI.

• Elasticsearch Updates:

  • Add support for Elasticsearch 7.4.

  • Update elasticsearch-rest-client to 7.4.2.

• Replication plugin Fixes

  • Issue 11573: Fix dropping events during plugin restart.

• JGit Updates:

  • Upgrade JGit to 5.1.12.201910011832-r.

    This JGit version brings significant performance improvement in the case when Gerrit loads all external-ids from NoteDb. This happens whenever the external_ids_map cache gets invalidated or expires.

• Other Fixes

  • Issue 11246: Fix login failures “email <> is already assigned to account <> …” after upgrading to v2.16.

    Fix a recurring issue after the migration of external ids from ReviewDb to NoteDb failing with the error ‘Email <> is already assigned to account <>’ and thus failing LDAP authentication.

  • Issue 9001: Fix external-id consistency checker e-mail validation.

    Do not enforce emails on external IDs to be globally unique but allow the same e-mail repeated multiple times as long as it associated to the same account id.

  • Fix change message when automatically abandoning a change for a project that has been deleted.

    The change message and the message tag were inverted.

  • Fix commit message subject when updating project description by REST API.

    The tense of the commit message subject was inconsistent with other similar messages.

  • Fix commit timestamp when updating project configurations.

    For some REST API operations that update the project configuration, the commit that does the update on refs/meta/config had the wrong timestamp. Rather than being the time of the actual commit, it was always the time of the server startup.

    This was the case for the following operations:

    • Updating the description.
    • Setting the parent project.
    • Updating group names while getting access settings.

  • Upgrade jackson-core to 2.10.0.

    This version includes a fix for CVE-2019-12384.

  • Add more detailed debug logging when not sending an outgoing email.

    There are several conditions that could cause sending of an outgoing email to be skipped. These are now logged at debug level.

  • Increase severity to error for logging of exceptions during site initialization.

  • Issue 4824: Handle multiple httpd.listenUrl values.

    Per the documentation, multiple values are supported, but if multiple values were specified Gerrit would fail to start.

  • Do not overwrite httpd.listenUrl during init, until the input has been checked as valid.

    Fix a bug where during the Gerrit init in interactive mode the input was invalid for the HTTP daemon settings, but still written to the configuration file.

2.16.12

• New features

  • Issue 11356: Allow to override auto-detected Lucene index configuration.

    The new settings index.name.maxMergeCount, index.name.maxThreadCount and index.name.enableAutoIOThrottle allow to manually configure the Lucene index, rather than using auto-detected values, to improve performance.

• PolyGerrit UI Fixes

  • Add “Delete Changes” permission to the access editor.

  • Remove obsolete “Delete Drafts” and “View Drafts” permissions from the access editor.

  • Use –header-text-color css variable for some classes in gr-main-header

• Elasticsearch Updates:

  • Upgrade elasticsearch-rest-client to 7.3.2.

• Other fixes

  • Issue 11491: Fix git clone/fetch/pull over SSH in high-latency network ending with SSH_MSG_CHANNEL_WINDOW_ADJUST error.

  • Issue 11442: Fix push failing with internal server error sporadically when notedb.changes.read=True is configured.

  • Issue 11205: Allow Gerrit admins to reindex a change even when Read access is not allowed on its target branch.

  • Issue 11444: Fix the wrong progress output during online migration in error_log and use the correct charset conversion.

  • Upgrade JGit to 5.1.11.201909031202-r.

    This version includes a fix for racy atomic ref updates.

• Replication plugin Fixes

  • Issue 11145: Drain replication queue before stopping the plugin.

  • Issue 11424: Fix ReplicationTasksStorage exceptions in error_log when triggering replication of all refs.

• Singleusergroup plugin Fixes

  • Issue 11498: Fix group resolution for all numeric usernames.

2.16.11.1

• Breaking changes

  • Issue 11216: Remove hard-coded bug tracker URL and use configured value if present.

  • Increase default number of SSHD threads to at least 4.

    The default value of the sshd.threads setting is changed to be either two times the number of available CPU cores, or 4, whichever is greater.

• New Features

  • Issue 11028: Add support for “Link Another Identity” screen in PolyGerrit

  • CommitApi: Add method to get commit info

  • Issue 10166: Add shortcuts for dashboard and watched changes in PolyGerrit

  • Issue 11201: Add ability to have custom label with a missing text value in PolyGerrit

  • Add a PolyGerrit extension point to show a small banner next to the search bar.

    A plugin or a site theme (gerrit-theme.html) may register a custom Element to be inserted into this endpoint.

  • Expose Gerrit’s GWT client library in the plugin API

  • Issue 5791: Add an extension point to allow setting a site banner.

  • Add an extension point to allow custom site footers.

• Elasticsearch Updates:

  • Issue 11266: Add support for Elasticsearch 6.8.

  • Issue 11267: Add support for Elasticsearch 7.3.

  • Update elasticsearch-rest-client to 7.3.1.

• PolyGerrit fixes

  • Issue 11350: Upgrade highlight.js to latest master revision.

    The upgrade solves a rendering bug of Kotlin nested substitutions.

  • Issue 10733: Fix anchors not working at page load on settings page

  • Issue 10062: Fix Polygerrit converting plus (+) to space when calling email.confirm API, and then failing with “invalid token”

  • Issue 11096: Fix page not opening after a couple of times switching between GWT and PolyGerrit UI.

  • Issue 11344: Fix commentlink URL and HTML links when canonical URL includes a base link.

• Other fixes

  • Issue 11348: Display on error_log the progress of the online migration from ReviewDb to NoteDb.

  • Issue 11083: Set the correct new revision on change-merged events when submitting by push.

    When multiple changes are submitted at the same time by push, the new revision in all the change-merged events should be the revision of the head of the destination branch after all changes are submitted.

  • Issue 11106: Fix missing comment context for left side in email notifications.

  • Adapt gerrit.sh script to work on Alpine Linux.

  • Expose Gerrit’s GWT client library in the plugin API.

  • Add a new method on the commit API to get “included in” information.

  • Add methods on the change API to get comments and draft comments as lists.

  • Add back the oneByExternalId method on InternalAccountQuery.

    This was removed in 2.16 but is added back so it can be used by plugins and extensions.

  • Make DefaultChangeReportFormatter extendible by plugins.

  • Make the wording of the “Change Merged” email templates consistent between the HTML and text versions.

  • Add a .gitreview file.

    For developers used to using the git-review tool for interacting with gerrit servers, it’s necessary to have a .gitreview file in the repo in question pointing to where the gerrit is.

  • Reduce log spam of “setting reductionLimit” debug messages of the Prolog engine.

  • Issue 11325: Do not update change set modified date on ReviewDb when a user delete all its draft changes.

  • Fix rebase change REST API returned status code.

    The rebase change REST API returned 422 Unprocessable Entity, instead of 500 Internal Server Error, if the specified base change is missing.

  • Fix detecting changes of parent trees when computing change kind for merge commit.

    A new patch set of a merge change is considered as NO_CHANGE if the commits have the same delta and trees. For merge commits this includes comparing the trees of the parent commits.

  • Catch all exceptions for reporting on Schema_130 migration and display the name of the project that failed the migration.

  • Fix and expand documentation of REST API to get revision files

  • Issue 11235: Fix ls-user-refs reporting wrong results because it was not using the identity of the username given as parameter.

  • Issue 11222: Skip receive.maxBatchCommits when skip-validation option is passed and a commit validator implements shouldValidateAllCommits

  • Issue 10855: Fix standalone GWT plugin builds failing because of a broken transitive load of GWT_PLUGIN_DEPS for in-tree plugin builds

  • Issue 11148: Speedup online reindex migration by skipping evaluation of submit rules for closed changes.

  • Issue 11016: Fix Gerrit slave site init leads to update failure on system_config caused by read-only transaction

  • Issue 11271: Update rules_go to 0.18.6 for compatibility with Bazel 0.27.0

• Replication plugin Fixes

  • Issue 10852: Fix stale replications caused by in-flight pushes not properly removed when failed.

  • Issue 11204: Fix creation of missing repository when replicating to a Gerrit server over HTTP.

  • Issue 11175: Introduce new ref-filtering extension point for preventing replication of outdated SHA1s, mostly useful in a multi-site scenario to prevent split-brain.

  • Issue 11055: Fix failure to start when re-triggering persisted events

  • Issue 11172: Fix persisted event is removed before all replications to all nodes are completed.

  • When replication plugin is stopped or reloaded, mark all the currently pending replications as cancelled.

  • Allow to configure timeout for SSH connections and SSH commands.

    The timeouts can be configured with gerrit.sshConnectionTimeout and gerrit.sshCommandTimeout, respectively.

  • Make more classes and fields public/protected to ease extensibility.

  • Improve handling of remote repository creation failures.

  • Reintroduce boolean return value of methods in AdminApi.

  • Refactor AdminApiFactory to an interface with a default implementation that gets bound as a dynamic item, which can be replaced by derived implementations.

  • When rescheduling due to in-flight push also log the in-flight task ID.

2.16.10

• Issue 11016: Fix failure to initialize on slave.

• Issue 10763: Fix ACLs to allow regexes for tag and ref permissions.

  The documentation states that reference names can also be described with a regular expression by prefixing the reference name with ^, but the UI only showed the creation field when a non-regex name was used.

• Issue 11082: Close changes oldest first when submitting on push.

• Issue 11059: Fix setting BLOCK on partial label range in permissions.

• Issue 10852: Replication plugin: Fix scheduling starvation.

• Issue 11110: Do not swallow the exceptions that caused REST-API to return with a status >= 400.

• Issue 11086: When a WIP change is implicitly merged by direct push to the branch, its WIP state is unset.

• Show submit button with tooltip when not allowed to submit.

  The submit button was hidden when the user did not have permission to submit, or other conditions prevented submit (for example the change being WIP).

• Allow commit validation listeners to ignore the skip-validation push option.

  Gerrit allows certain users to skip validation of new commits by passing the skip-validation push option.

  A new method shouldValidateAllCommits is added on the CommitValidationListener, to allow plugin implemented validators to override this option and always be invoked for new commits. The new method has a default implementation that returns false meaning that existing implementations don’t need to be modified and will behave the same as before.

• Optimize commit and ref operation validation for non-ff push.

  On a non-ff push all the commits were validated before the ref operation was validated. On a push with many commits, validating all the commits is wasteful in the case where the ref operation is rejected. The logic is changed so that the ref operation validation is performed before the commit validation.

• Disallow change index task duplication.

  It was possible for multiple index tasks to be queued for the same change.

• Fix formatting issues and inconsistencies in soy email templates.

• Use URL Formatter interface to generate URL in outgoing emails.

• Fix error message when JRE is not found when starting Gerrit.

  The error message recommended to check for a JRE “>= 1.7”, but Gerrit requires Java 8 minimum.

• Expose the createProject method of the CreateProject class to plugins.

  This allows plugins to directly invoke the project creation, avoiding the checks that are performed when invoking via the apply method.

• Expose the jsr305 library in the plugin API.

• PolyGerrit UI Fixes

  • Only display 404 page on initial load.

  • Don’t reload when viewing dashboard.

  • Fix hiding the HTTP password screen.

    It was possible for the HTTP password to be un-hidden using CSS.

  • Add an extension point to allow adding links to the user header.

  • Add extension point to the footer so that users can add links to their Privacy policy or Code of conduct.

  • Fix dialog popup when going to /admin/create-project.

• Elasticsearch Fixes

  • Support for Elasticsearch 7.2 and and upgrade elasticsearch-rest-client to 7.2.0.

  • Issue 10499: Set default number of shards according to Elasticsearch version.

    In Elasticsearch version 7.0 the default number of shards was reduced from 5 to 1.

    See the Elasticsearch documentation for details.

2.16.9

• Improve performance of migration of accounts to schema 146.

  • Migration of the accounts is parallelized. The default number of threads used is the number of available processors. This can be customized using the threadcount system property.

  • Before the migration, gc --prune=now is executed.

  • When hosted on FileRepository, refs are packed after migration of every 1000 accounts.

  • A progress indicator counts every 100 accounts migrated.

• Issue 10790: Avoid evaluating submit rules twice for open changes.

  Prolog submit rules were evaluated twice per page view for an open change, which caused performance degradation on projects defining complex rules.

• Issue 10943: Set References: header on new change notification mail.

  GMail changed the way emails are grouped in conversation view, which, combined with the fact that Amazon SES changes the Message-ID header, resulted in the new change notification email not being grouped with subsequent emails related to the same change.

• Issue 10896: Fix eliding project name without slash in notification emails.

• Issue 10920: Fix commit date of initial empty commit when creating new project.

  The commit date of the initial commit was the server start time, rather than the date of the actual commit.

• Issue 10952: Fix definition of PID in gerrit.sh.

• Don’t send “GPG keys added” notification when no GPG keys were added.

  A GPG key update can include both addition and removal of GPG keys. The notification email for addition of new keys was always sent, even if the update only removed keys.

• Update email notifications on changing security related settings.

  Email notifications are now sent when a GPG or SSH key is removed, and when the HTTP password is deleted or changed.

  An email notification is now always sent when an SSH key is added to an account, even when it was added by an administrator.

  These notifications allow to alert the user if their account is compromised and keys or password are altered by the attacker.

• Remove explicit dependency on protobuf_java.

  The protobuf_java library is now consumed from rules_closure.

• Add methods to generate and set the HTTP password on the accounts API.

• Don’t send “GPG keys added” notification when no GPG keys were added.

  A GPG key update can include both the addition and removal of GPG keys. The notification email for the addition of new keys was always sent, even if the update only removed keys.

• Add methods to generate and set the HTTP password on the accounts API.

• Issue 10664: Fix duplicate key detection when using MySQL for the patch review store.

  Retrieve the error code number from the SQL exception to correctly detect and ignore a duplicate key error.

• Issue 10359: LDAP: support servers that do not allow anonymous browsing.

  Add ldap.supportAnonymous configuration setting in gerrit.config to support servers that do not allow anonymous browsing. Default is true per standard and best practice.

• Elasticsearch fixes

  • Issue 10496 and Issue 10844: Fix usage of include_type_name in index creation.

  • Add support for Elasticsearch 7.1.

  • Upgrade elasticsearch-rest-client to 7.1.1.

• PolyGerrit UI fixes

  • Issue 11020: Add syntax highlighting for mjs files.

  • Issue 10549: Fix single tab indentation in PolyGerrit diff view.

  • Issue 9409: Fix replacement of file content when navigating between files with [ and ].

  • Upgrade polymer-resin to 2.0.1.

  • Issue 10670: Fix selection of merge base when navigating between merge commit changes.

    When navigating between merge commit changes, the selection of the merge base was not persisted.

  • Hide overflowing author element content.

    In the case of vertical stacking Unicode characters, it was possible for the text to overflow out of the element and into other details on the review page.

    That is a partial fix for the problem described in issue 10795.

  • Issue 10744: Fix display of “Show More” after change screen reloaded.

  • Issue 10757: Fix handling of “Automatically mark viewed files reviewed” preference.

    Files were automatically marked as reviewed even when the setting was disabled.

  • Issue 10549: Fix single tab indentation in diff view.

  • Use dom-if instead of CSS when hiding the user’s password in the element gr-http-password, to prevent users from using CSS to reshow the password screen.

  • Hide project-aware top menus from the header.

  • Upgrade highlightjs for syntax highlighting fixes:

    • Treat False, None and True as literals in python.

    • Fully support C++11 raw strings in cpp.

• Core plugins

  • Replication plugin: Fix internal server error when username or password not specified for remote.

    The username and password are both optional, but the replication plugin failed with a null pointer exception if either of them was omitted.

  • codemirror-plugin: upgraded to the latest revision on master, which includes the following fixes and improvements:

    • Bazel: Fix lint warning flagged by buildifier

    • Add .mailmap

    • Remove CodeMirror modes that are not supported at Google

• Documentation updates

  • Issue 10897: Update links to Google individual and corporate CLA pages.

  • Clarify that account must have a username to be able to set HTTP password.

  • Fix formatting in project config documentation.

2.16.8

• Issue 10695: Upgrade JGit to 5.1.7.201904200442-r to fix regression in packfile list handling.

  If core.trustfolderstat was set to false, an infinite loop could occur when an object was not found in the packfile.

• Add support for Elasticsearch 6.7.x and 7.0.x.

  The elasticsearch-rest-client is upgraded to 7.0.0.

• Don’t abort auto-abandoning if one change failed.

  When failing to query a single change during auto-abandoning, the whole process was aborted. Now the failure is logged and the process continues to attempt to abandon subsequent changes.

• Issue 10693: Avoid empty item in list of conflicting files on cherry-picking a change.

• Fix leak of temp files during merge operations.

  TemporaryBuffer instances created during merge operations could leave undeleted temporary files in the file system.

• Improve logging of invalid schedule values, and clarify documentation.

  When a schedule value, for example gc.startTime or gc.interval, was configured, the error message in the log was not helpful. This is now improved to include more information about what was wrong.

  Additionally, the documentation is updated to clarify that the hour value in times must be zero-padded.

• Install AddKeyHtml.soy template example during installation.

  The installation of this template into $site_path/etc/mail was omitted.

• Upgrade Flogger to version 0.4.

• Upgrade metrics-core to 4.0.5.

• Upgrade protobuf-java to 3.7.1.

• PolyGerrit Fixes

  • Issue 10696: Increase autocomplete limit for repo inheritance in access page to 50.

  • Issue 10703: Highlight Starlark files as Python.

  • Do not show the HTTP credentials screen when auth type is not HTTP.

2.16.7

New Features

• Issue 5728: Add support for cherry-picking changes with merge conflicts in PolyGerrit.

• Issue 8081: Add support for “Show Relative Dates in Changes Table” preference in PolyGerrit.

• Issue 8838: Add support for “Default Base For Merges” preference in PolyGerrit.

Bug fixes

PolyGerrit

• Issue 9851: Fix avatars not showing correctly.

• Issue 8495: Do not show “Patch file” if change does not have a parent.

• Issue 10494: Fix display of change creation screen on mobile devices.

• Issue 8678: Fix setting “Automatically mark viewed files reviewed” in user preferences.

• Issue 10586: Fix syntax highlighting for Verilog/SystemVerilog.

• Fix that an endpoint cannot be used by two plugins anymore.

  ‘name’ does not exist on the plugin object, so the _initializedPlugins map would store undefined=>true for the first plugin and then not allow any further plugins.

  For example the change-view-integration could not be used by buildbucket and tricium anymore.

• Issue 10587: Fix setting group visibility.

Other Fixes

• Issue 10562: Upgrade JGit to 5.1.6.201903130242-r to fix corruption of packfile list due to concurrent access during GC.

  See JGit issue 544199 for details.

• Issue 10591: Fix account and group query with Elasticsearch 6.

  The wrong document type was used in the request URL, causing the query to return no results.

• Issue 7192: Strip trailing slashes from name when creating repository.

• Issue 10568: Add is:submittable to search suggestions.

• Issue 10600: Fix commit-msg hook to abort commit when commit message is empty.

• Allow the @LogThreshold annotation to be inherited.

• Fix documentation of hashtag: search predicate.

  The documentation incorrectly stated that the search was an exact match.

2.16.6

New features

• New configuration option: gerrit.primaryWeblinkName.

  The new configuration option allows to specify the name of the link the UI should use when multiple weblink providers are available but only one single link may be shown on the UI.

• New configuration option: gerrit.listProjectsFromIndex.

  The new configuration option allows restoring the legacy behavior of using the in-memory cache for rendering the list of projects. When set to true the list of projects is rendered using the secondary index and thus is limited by the queryLimits.

  By default is set to false, the in-memory cache is used as an engine for listing and thus returns all the projects without limits.

PolyGerrit UI changes

• Gitiles change-weblink with default weblink name (“browse”) is now inline.

  If available a weblink that links to a code-browser is displayed inline on the change screen. Previously weblinks were only considered links to code-browsers if their name was one of “gitweb”,”gitiles”. Weblinks with name “browse” are now also considered to be links to code-browsers and are displayed inline (href of current patchset and parent SHA1s) unless gitweb is available and configured as gerrit.primaryWeblinkName.

Plugins API

• New annotation @LogThreshold for setting a logging level during the execution of the tests. By default is set to DEBUG for backward compatibility.

Bug fixes

PolyGerrit

• Issue 10467: Fix hard-coded title for mark reviewed/unreviewed button.

  The button title was always “Mark as reviewed” even when the change was already marked as reviewed.

• Issue 10155: Exclude WIP changes from ‘Assigned Changes’ dashboard.

• Issue 10415: Fix replacement of project name placeholder in download command.

• Issue 9911: Add dependency on resemblejs.

• Issue 10344: Fix faulty relative URLs for change weblinks.

• Issue 10355: Show all change-weblinks considered “code browser” weblinks.

• Issue 10505: Show border at 72 chars for commit messages in side-by-side view.

• Fix error in plugin loading.

• Fix support for xml syntax highlighting.

• Add commit container gr endpoint for plugins.

• Fix missing </section> in gr-settings-view.

Other Fixes

• Issue 10512: Include project name in change URL in Reviewed-on: footer in commit message.

• Issue 10500: Fix injection of UrlFormatter in plugins.

  In version 2.16.1 the binding of the UrlFormatter interface was changed to use DynamicItem, but several classes were still injecting it directly. As a result, when such a class got injected in a plugin, the plugin would fail to load. It was also not possible for a plugin to provide an alternative implementation of UrlFormatter, and the DefaultChangeReportFormatter always used the DefaultUrlFormatter.

• Issue 10488: Fix listing of GPG public keys.

  The GPG public keys were truncated in the output of the GPG key REST API endpoints.

• Fix authentication for LFS over SSH.

• Add logging of prolog rule reduction limits.

  The configured values of rules.reductionLimit and rules.compileLimit are logged at INFO level at server startup, and the effective value applied to a predicate is logged at DEBUG level.

• Improve error message when JRE cannot be found during site start.

• Suggest --no-edit option when Change-Id line is missing.

  When the Change-Id is missing, the commit can be amended without editing.

• Fix commit-msg hook to not add a Change-Id when gerrit.createChangeId is disabled.

• Upgrade elasticsearch-rest-client to 6.6.1.

2.16.5

New features

Allow searching for projects by parent project name, using the ‘parent:foo’ search operator in the query string. See the projects search operator documentation for more details.

Dependency Updates

• Issue 10024: Upgrade Jetty to 9.4.14.v20181114 This version fixes a bug that prevents the go-import plugin from working

• Issue 10279: Upgrade highlight.js to 9.14.0 This version fixes highlighting when Dart’s string interpolation feature is used.

Fixes

PolyGerrit

• Add warning that Javascript is required to use PolyGerrit.

• Issue 10366: Fix loading topics that have unusual characters.

• Issue 10415: Fix project name in the download-commands screen

• Issue 4614: Add “verilog” and “SystemVerilog” to the mime list, enabling syntax highlighting.

• Issue 10309: Support for setting max/min value for “Query Limit” and “Batch Changes” on the project’s access screen.

API Changes

• Add a method to get revision votes on the revision API.

• Issue 10380: Use project index to render change list on GWT UI.

  NOTE: As a consequence of this change, the list projects REST-API and project list screen on GWT UI will be subject to the same queryLimit capability settings as in the PolyGerrit UI. The same limit applies to the gerrit ls-projects command.

• Issue 10382 DefaultMemoryCacheModule/DefaultMemoryCacheFactory are exported again in plugin API.

• Issue 10401: Reimplement the project children API on top of the projects secondary index, which requires a significantly less amount of heap and CPU.

Other fixes

• Add support for Elasticsearch 6.6.

2.16.4

Reindex for projects, accounts and groups indexes.

Gerrit 2.16.4 includes a fix to the projects, accounts, and groups secondary indexes. It is very unusual for Gerrit to require a reindex inside a point release. However, this is an exception because it is the only solution to fix the list sorting Issue 10210 reported on PolyGerrit.

The reindex of projects, accounts and groups can be performed either offline or online. For the offline reindex, make sure that Gerrit is not active and run the following commands:

  java -jar gerrit.war reindex --index projects -d ${site_path}
  java -jar gerrit.war reindex --index groups   -d ${site_path}
  java -jar gerrit.war reindex --index accounts -d ${site_path}

The online reindex does not require any commands: upgrade the gerrit.war and restart Gerrit.

NOTE: The online reindex for projects may take quite a long time and require a substantial amount of heap memory to run. During the reindex operation, Gerrit performance may be sluggish and, even after the reindex is complete, it would take quite some time for the memory to be released. It is thus recommended to perform the offline reindex, to avoid impacting the server performance at startup and after the reindex is complete.

Fixes

PolyGerrit

• Issue 8740: Disable deps.js requests in the index template to fix page load delay.

• Issue 10371: Fix an issue where a saved edit would always restore the same content in subsequent edits of the same file, due to the cache not being erased.

• Issue 9909: Do not crash PolyGerrit UI if permitted labels array is empty

• Issue 10324: Allow plugins (e.g. delete-project) to control the cache invalidation and display new content immediately without refreshing the page.

• Fix broken links in gr-icons.html.

• Issue 7669, Issue 9614: Fix ‘/’ getting typed in search bar when pressed.

• Issue 10151: Issue 10019: Fix the “delete” button visibility to allow branch deletion.

• Issue 10317: Don’t show “Same Topic” for only one change.

  When there is only one change in the topic, it doesn’t add any value to show the “Same Topic” tab/section because it will always only include the currently viewed change.

  The query used to get the changes is modified to exclude the current change. This means that the “Same Topic” tab/section now only shows other changes in the same topic, but never the current change.

Other fixes

• Issue 10326: Fix excessive heap and CPU usage when listing projects.

• Create the .git/hooks folder in download commands.

• Add method to get related changes in the Changes API.

• Add method to get edit details in the Change Edit API.

  The new method allows to set the base revision, and request to include the files and download commands.

• Add --skip-project option to the MigrateToNoteDb command.

  This is useful when only a few projects should be skipped but all others should be migrated.

2.16.3

• Issue 10262: Upgrade JGit to 5.1.5.201812261915-r to fix validation of wants in git-upload-pack for protocol v0 stateless transports.

  AdvertiseRefsHook was not called for git-upload-pack in protocol v0 stateless transports, meaning that wants were not validated and a user could fetch anything that is pointed to by any ref (using fetch-by-sha1), as long as they could guess the object name.

• Issue 10242: Fix regression that allows a user’s account to be taken over when multiple authentication providers are in use.

  A regression introduced in 2.14.7 allowed a user’s account to be taken over by creating an account on a different provider with exactly the same username as the existing Gerrit account.

• Issue 10082: Decouple online reindex activation from index module.

  Plugins were not loaded before online indexing was triggered, resulting in plugin-contributed submit rules not being evaluated during indexing.

  Online reindex activation is now decoupled from the index module and thus postpones the triggering of online reindexing until after loading of the plugins.

• Evict group caches on group creation.

  If a group was created after a previous cache miss for its name, Id, or UUID, the cache also did not return the group if it is called immediately after the group was created.

• Issue 10240: Fix internal server error when cloning a repository from Gerrit slave.

• Improve error handling if comment note is too large during schema migration.

  During migration to schema 169, comments in NoteDb are migrated to json. If loading the blob for a comment note failed due to being too large (in excess of a hard-coded 25MB limit), the migration would fail.

  The hard-coded limit is now removed. It is still possible that the migration can fail if the blob is excessively large, but the logging of such a failure is improved so that the change that failed can be tracked down.

• Issue 4278: Fix wrong code snippet in email notifications.

• Upgrade jackson-core to 2.9.8.

  Version 2.9.8 includes several bug fixes, including security fixes.

• Upgrade elasticsearch-rest-client to 6.5.4.

• Issue 10263: Include edit ref in EditInfo element returned by the edit API.

  It was not possible for users of the Java API to get the edit ref.

• Export the project indexer in the plugin API.

• Issue 10260: Replication plugin: Fix auto-replay of stored events during config reload.

• Add a new method on the account API to set the account name.

• Add new methods on the project API to get/set the project’s HEAD.

PolyGerrit

• Issue 9410: Add the GWT hash separator to the GWT url.

• Merge top menu items contributed by plugins.

  Each plugin contributes a list single of menus, which are expected to be merged in existing top menu entries if they already exist. This was implemented in the GWT UI, but not in PolyGerrit.

• Issue 10267: Add support for several more MIME types in syntax highlighting.

  Support is added for: powershell, xquery, cmake, coffeescript, crystal, diff, django, dockerfile, ebnf, elm, erlang, fortran, groovy, haml, haxe, ini, julia, latex, less, mathematica, nginx, nsis, postgresql, q, scss, scheme, excel, tcl, twig, vb, vbscript.

• Issue 10137: Fix alignment of the “By User” column on the group audit screen.

2.16.2

• SECURITY Issue 10201: Remove support for Git protocol v2, because of a security vulnerability discovered

  The JGit implementation of protocol V2 does not invoke the advertiseRefsHook on fetch and ls-refs, which results in all refs being sent, regardless of the configured ACLs.

• Issue 9024: Fix setting PRIVATE and WIP for updated changes in console report.

  In some cases the private and work-in-progress status indicator for changes updated by push was shown incorrectly.

• Issue 10564: Fix case-insensitive searching of hashtags.

  The index field has always been stored lowercase, since we intended hashtag searches to be case-insensitive. However, we never converted the input string to lower case, with the unexpected result that searching for hashtag:ACamelCaseTag would not return results for changes who contain that exact hashtag.

• Issue 10112: Upgrade rules_closure to make Gerrit buildable with the latest Bazel version.

• Issue 9781: Fix full ACL evaluation for LDAP groups.

  The LDAP groups have been historically filtered by relevance to the Gerrit ACLs. However, that optimization has the side effect of blocking users to access legitimate projects if they are temporarily not cached in memory. Allow to disable the LDAP filtering optimization for having always a 100% consistent ACL evaluation, regardless of the project’s cache status.

• Upgrade elasticsearch-rest-client to 6.5.3.

• Discontinue support for Elasticsearch 2.4.

• Add preliminary support for Elasticsearch 7.

  Support for Elasticsearch 7 is added, and tested against the alpha1 release.

• Add a new method on the account API to set the account name.

2.16.1

• Issue 10018: Fix failure to upgrade schema when migrating from 2.13.

• Issue 10038: Add support for Elasticsearch 6.5.

• Issue 10052: Fix invalid requests to Elasticsearch.

• Issue 10021: Security - Disallow create project to execute arbitrary code on the client by quoting and encoding project names.

• Fix incorrect json in the example for the ‘Set Access’ REST endpoint.

• Issue 10143: Fix internal server error when running the kill command.

• Issue 9768: Explicitly set the number of shards and replicas for Elasticsearch, and allow them to be configured.

  From Elasticsearch version 7 the default number of shards per node will be changed from 5 to 1.

  The number of shards and number of replicas are now explicitly set when creating the index.

  The new settings elasticsearch.numberOfShards and elasticsearch.numberOfReplicas allow the values to be configured. The default values are 5 and 1, respectively, which is the same as the default values used by Elasticsearch prior to version 7.

• Discontinue support for Elasticsearch 2.4.

• Add preliminary support for Elasticsearch 7.

  Support for Elasticsearch 7 is added, and tested against the alpha1 release.

• Fix internal server error when listing reviewers of a change with reviewers by email.

  Reviewers by email don’t have an account ID but formatting reviewers as JSON tried to get account IDs of all reviewers. This failed when the change had any reviewers by email.

• Do not create index on account_group_members table in postgres database.

  The account_group_members table was deleted, but the postgres setup still tried to create an index on it, which prevented a new site from starting up.

• Don’t serve PolyGerrit UI when running in headless mode.

• Don’t serve static resources when running in slave mode.

• Fix assignee’s status on the change screen.

  The assignee field’s status showed the change owner’s status text.

• Add missing documentation of the ‘Read As’ capability.

Breaking changes

• Change-Id: I3752456 Use dynamic binding for UrlFormatter.

  The UrlFormatter interface had a fixed binding to its default implementation, which meant it was not possible for plugins to provide a different implementation but were merely injecting it when needed

  It is now possible to replace the default implementation using a DynamicItem which requires a change in how it is injected and used in plugins.