Download: 3.1.16 | 3.1.15 | 3.1.14 | 3.1.13 | 3.1.12 | 3.1.11 | 3.1.10 | 3.1.8 | 3.1.7 | 3.1.6 | 3.1.5 | 3.1.4 | 3.1.3 | 3.1.2 | 3.1.1 | 3.1.0

Documentation: 3.1.16 | 3.1.15 | 3.1.14 | 3.1.13 | 3.1.12 | 3.1.11 | 3.1.10 | 3.1.8 | 3.1.7 | 3.1.6 | 3.1.5 | 3.1.4 | 3.1.3 | 3.1.2 | 3.1.1 | 3.1.0

Release Highlights

  • Support for git protocol v2

  • Polymer 2

  • Mandatory plugins

  • Performance logging and tracing

See the New Features section for further details.

Important Notes

Schema Changes

This release does not contain any schema changes. To upgrade:

  java -jar gerrit.war init -d site_path

The accounts, changes and groups index versions have been increased. To run off-line reindexing (optional):

  java -jar gerrit.war reindex -d site_path

By default indexes are automatically rebuilt upon the Gerrit startup after the upgrade.

Breaking Changes

The reviewdb.client package is renamed to entities

Plugins or extensions that import classes from the package must change the imports to

Changed APIs for Id and NameKey classes

Plugins and extensions that instantiate and use classes such as Account.Id, Change.Id, Project.NameKey, Branch.NameKey, etc, must adapt to the following changes.

  • The classes can no longer be instantiated with the new operator. Instead they must be created with static factory methods.

    • new Account.Id(...) –>
    • new AccountGroup.Id(...) –>
    • new AccountGroup.UUID(...) –> AccountGroup.uuid(...)
    • new Branch.NameKey(...) –> BranchNameKey.create(...)
    • new Project.NameKey(...) –> Project.nameKey(...)
  • ‘Getter’ methods are now generated by the auto-value library and no longer have the get prefix.

    • Account.getName() ->
    • …etc

REST API endpoint implementations must return Response<T>

REST API endpoint implementations must now return a Response object that explicitly sets a status code. Plugins that currently only return an Object must be adapted to the new interface.

Powermock and Easymock are removed

The Powermock and Easymock libraries are no longer exported in the acceptance-framework artifact, and are replaced by Mockito. Plugins that use Powermock and/or Easymock in their tests should either add explicit dependencies, or migrate the tests to Mockito.

Polymer 2 and Shadow DOM may break JavaScript plugins

The Gerrit frontend has been migrated from Polymer 1 to Polymer 2 and to using Shadow DOM. This may break JavaScript plugins, e.g. if they use document.getElementById() to reach into the DOM. Instead, plugins will have to use dedicated plugin endpoints together with calling plugin.registerCustomComponent.

Browser Support

Internet Explorer is not supported. Major browsers are supported for the following versions and newer: Firefox 68, Chrome 76, Safari 12.1.

Legacy support for pushing to refs/drafts/ is removed

The change.allowDrafts configuration option is removed, and it is no longer possible to push new changes or patch sets to refs/drafts/<branch-name>.

Support for pushing to refs/changes/ is removed

The receive.allowPushToRefsChanges configuration option is removed, and it is no longer possible to add a new patch set to a change by pushing to refs/changes/<change number>.

JGit Configuration is no longer read from system level .gitconfig

JGit’s configuration options are now read from the $site/etc/jgit.config file rather than the system level .gitconfig.

New limit on the number of change meta updates

Many NoteDb operations require walking the entire change meta ref and loading its contents into memory, so changes with arbitrarily many updates may cause high CPU usage, memory pressure, persistent cache bloat, and other problems.

A new configuration option change.maxUpdates allows to set the maximum number of updates that are allowed.

container.slave is renamed to container.replica

The container.slave option is still recognized as an alias of container.replica but is deprecated and will be removed in a future release.

The MessageOfTheDay extension point is removed.

The MessageOfTheDay functionality was not ported to the PolyGerrit-UI and the MessageOfTheDay extension point was removed with the 3.1.3 release. However, the JS API provides the banner entrypoint for plugins to add messages to the UI. Plugins that were previously using the MessageOfTheDay extension point have to be adapted accordingly.

The test.submit_rule and test.submit_type REST APIs now require input

In previous versions of Gerrit it was possible to omit the rule from the input and the project’s default submit rule would be tested. Now the rule is required, and the request will fail with ‘400 bad request’ if the rule is not provided.

New Features

Git Protocol V2

Git protocol V2 is now enabled by default. A new permission-aware ref database ensures that Gerrit only ever returns refs that the calling user has access to.

Mandatory Plugins

It is possible to configure which plugins are mandatory. Gerrit will fail to start if a mandatory plugin cannot be loaded.

Disabling and restarting of a mandatory plugin is rejected, but reloading of a mandatory plugin is still possible.

Replication plugin

  • Issue 11196: Latency metric is now recorded also at a project level, only when the latency was greater than a configured threshold, configurable in replication.config

New option to limit options used when rendering internal events.

The new option event.payload.listChangeOptions allows to configure which options are used when rendering internal events. This can be used to reduce performance impact of rendering many options.

Performance logging and tracing

See the documentation for full details.


  • Accounts

    • The DETAILS query option on the query accounts endpoint now includes the status and state fields in the response.
  • Changes

    • New SKIP_DIFFSTAT option for the query changes endpoint.

      Computation of the insertions and deletions fields may be expensive for large trees. The new SKIP_DIFFSTAT option allows to omit it from the result.

    • New exclude-groups option on the Suggest Reviewers endpoint.

    • New optional commit-message field on the input for cherry-pick endpoints.

      If the optional message is provided, it is used, otherwise the message from the cherry-picked change is used.

    • New optional topic field on the input for the revert endpoint.

      If the optional topic is provided, it is used, otherwise the topic from the reverted change is used.

  • Config

  • Projects

    • New endpoint: Update dashboard.

      The new endpoint currently only works for the default dashboard.

Bug Fixes

  • Issue 5082: Fix internal server error when getting blame for removed/replaced file.

  • Issue 11918: Fix internal server error when deleting a ref by git push.

  • Issue 12246: Fix generation of duplicate Change-Ids when creating a new change via REST.

    The Change-Id was computed from the commit content and the timestamp, which resulted in the possibility for two changes to get the same Change-Id when two empty changes were created by REST at the same time.

    The Change-Id is now generated randomly.

Dependency Updates

  • Remove easymock, powermock and javassist from the acceptance framework

  • Remove promise-polyfill

  • Add mockito in the acceptance framework

  • Upgrade Apache sshd and mina-core to 2.3.0

  • Upgrade auto-value to 1.7

  • Upgrade bouncycastle to 1.61

  • Upgrade commons-compress to 1.18

  • Upgrade gitiles-servlet and blame-cache to 0.3-6

  • Upgrade jetty to 9.4.18.v20190429

  • Upgrade JGit to v5.5.1.201910021850-r-152-g63fc6970c

  • Upgrade polymer to 2.7.2

    • Upgrade polymerelements/iron-autogrow-textarea to 2.2.0

    • Upgrade polymerelements/iron-dropdown to 2.2.1

    • Upgrade polymerelements/iron-icon to 2.1.0

    • Upgrade polymerelements/iron-iconset-svg to 2.2.1

    • Upgrade polymerelements/iron-input to 2.1.3

    • Upgrade polymerelements/iron-overlay-behavior to 2.3.4

    • Upgrade polymerelements/iron-selector to 2.1.0

    • Upgrade polymerelements/iron-test-helpers to 2.0.1

    • Upgrade polymerelements/test-fixture to 3.0.0

    • Upgrade polymerelements/paper-button to 2.1.3

    • Upgrade polymerelements/paper-input to 2.2.3

    • Upgrade polymerelements/paper-item to 2.1.1

    • Upgrade polymerelements/paper-listbox to 2.1.1

    • Upgrade polymerelements/paper-tabs to 2.1.1

    • Upgrade polymerelements/paper-toggle-button to 2.1.1

    • Upgrade visionmedia/page.js to 1.11.4

  • Upgrade truth to 1.0

Bugfix Releases


  • Security Fixes

    • Issue 14732: Commits/IncludedIn exposes branch names without respecting the ACLs on branches

      When calling the REST endpoint for listing all branches that a commit SHA1 is part of, the commit is properly checked for visibility against the ACLs (it is a REST resource) but the branches were not checked.

      The included-in may have exposed the list of non-visible branches to a user that had visibility purely on the SHA1.

    • Issue 7282: Hide repository name and description when user has no access

      Gitiles did not respect Gerrit’s permission and would show the repo name and description to any user who could guess the name. The repositories list as well as the content APIs were not affected.

  • Bug Fixes

    • Issue 14639: Searching repositories by name is case-sensitive

      Restore the correct project search that was case-insensitive in 2.16.27, 3.1.3 and 3.3.2.

    • Change 307602: Fix NPE while accessing draft refs

    • Change 307482: EqualsLabelPredicate: fix bug that prevents matching owner votes


  • Bug Fixes

    • Issue 14553: Gerrit REST-API fails when using /a/ prefix and cookies

      Recent fix to support GerritAccount Cookie authentication for Git/HTTP broke existing Python (or other) scripting when performing automation with Gerrit REST-API. That is due to the generation of the GerritAccount cookie in the HTTP response, which Python automatically manages to reuse in subsequent calls.

    • Issue 13721: Don’t serve polygerrit assets for git requests

      After migration to Polymer UI, PolyGerrit static resources are mounted at the root of the gerrit URL, and would collide with project namespaces, so that the project with these prefixes cannot be served with Git over HTTP protocol.


  • Bug Fixes

    • Fix registration redirect on OpenID

    • Log when a new SSH connection is rejected due to exceeded limit

      When the sshd.maxConnectionsPerUser got exceeded for a user, new connections from that user were rejected but no log entry was reported.

    • Issue 14127: Fix binding of DELETE REST calls from plugins.

      The processing of the DELETE request actually never reached the delete-project plugin due to bug in the RestApiServlet which wrongly delegated the request to a child collection in Gerrit core.

    • Issue 13140: OpenID: Remove support for Yahoo! OpenID provider.

      Yahoo! discontinued support for OpenID provider: “OpenID2 will be EOLed on 6/30/20”

    • Issue 14246: Creation of internal account does not respect auth.userNameToLowerCase.

      The CreateAccount SSH command and REST API was able to create accounts with usernames that contained uppercase letters even if auth.userNameToLowerCase was set to true.

    • Issue 14490: Missing LDAP metrics for authentication.

      Expose the LDAP metrics in terms of latency and call rates so that any problem can be highlighted early on and potentially alerted to the Gerrit admin.

    • Issue 14497: Git/HTTP traffic overloads LDAP with duplicate authentication requests.

      When authenticating incoming Git calls over HTTP the BasicAuth filter was called 3 times per call triggering multiple authentications against the backend.

    • Issue 14508: Allow GerritAccount Cookie authentication for Git/HTTP.

      Allow to create a Gerrit session from the GerritAccount cookie set on the Git client, so that only the first HTTP call will actually authenticate and create a session whilst all the others would just reuse the existing cookie.

    • Issue 11142: ssh to gerrit with no args requires standard input to terminate.

    • JGit Issue 552173 Too many open files when fetching repos with lots of refs

      JGit update fixes “Too many open files” errors.

  • Dependency Updates

    • Update JGit to 00386272264f65c41e36406f7c2e9ea6e901276e.


  • New Features

    • Issue 14091: Support the highlighting of LaTeX files with .tex extension.
  • Breaking Changes

    • Elasticsearch: Support for EOL versions 7.2 and 7.3 is discontinued. Both elasticsearch versions became EOL recently.

    • Issue 13931: Disallow editing the Change-Id during inline edits.

  • Bug Fixes

    • Issue 12443: Stop generating continuous “logging context is not empty” in error_log.

    • Issue 14097: Allow enabling of Git GC button for non-local Git repository managers, such as multi-site repositories.

    • Issue 14118: Quota management: enforce repository size on pack rather than on object.

  • PolyGerrit Fixes

  • Replication plugin fixes

    • Issue 12754: Remove replication plugin running tasks after their completion.
  • Documentation updates

    • Align the recommended buildifier version to v4.0, the same used in the CI.

    • Development guidelines: mention that Optional in arguments is discouraged (use @Nullable instead) but may be used as return type.

  • Dependency Updates

    • Update highlight.js to 10.6.0.


  • New Features

    • Add change query option allowing administrators to skip visibility filtering.

      Add a new REST-API change query option “skip-visibility” to allow administrators to skip visibility filtering.

  • Security Fixes

    • Issue 13858 CVE-2021-22553: Fixed memory leak in Git-over-HTTP requests.

      Unauthenticated users could exploit this problem in a Denial of Service attack, causing the server to go out-of-memory.

  • PolyGerrit Fixes

    • Issue 11811: Fix comments on partial text selection on Safari.
  • Replication plugin fixes

    • Don’t check read permission when authgroup isn’t set.

      Do not check for read permission when authGroup is not set since the user is a RemoteSiteUser that is-an InternalUser having read access to everything. This fixes a regression introduced in v3.1.10 that prevented the All-Users.git repository to be fully replicated to Gerrit replicas.

  • Bug Fixes

    • Issue 13803: Limit number of ambiguous accounts in error message.

      Don’t list more than 3 ambiguous accounts in error message of UnresolvableAccountException in order to prevent flooding the log and displaying a lot of sensitive account data in an error dialog.

    • Issue 13936: Fix badly formatted error message shown in error dialog.

    • Issue 13884: Fix ‘is:submittable’ query on multiple submit records.

  • Dependency Updates

    • Update highlight.js to 10.5.0.

    • Update Jetty to 9.4.35.v20201120.

    • Downgrade soy-template to 2019-10-08.


  • Breaking Changes

    • Elasticsearch: Support for EOL version 6.8 is discontinued. This was the last supported minor version of Elasticsearch 6 in Gerrit. From this release, Gerrit no longer supports V6 but only the already supported versions 7.x of Elasticsearch.

      • Speaking of which, support for 7.0 and 7.1 is discontinued too, as both elasticsearch versions also became EOL recently.
  • Security Fixes

    • Issue 12629: Verify hostname when sending emails via SMTP server with SMTPSClient.

      The SMTP server’s certificate and hostname must be verified if encryption is enabled with SSL verification in the host settings (sendemail.smtpEncryption and sendemail.sslVerify).

  • PolyGerrit Fixes

    • Add a warning if submitting a change with an open change edit.
  • Bug Fixes

    • Issue 13781 Compact the REST-API output JSON unconditionally.

      The output JSON was initially compacted only when the Accept header was set to application/json: the compation is now done unconditionally, unless the pp=1 query parameter is specified.

    • Issue 13786 ForRef#check should permit internal users to read all refs:

      Make PermissionBackend#ForRef authoritative change introduced a regression where gerrit internal users (e.g. plugins) were not taken into consideration when checking READ permission. As consequence the All-Users.git repository did not get any of the user’s refs replicated to the slaves. After the upgrade it is required to trigger a forced replication of the All-Users.git repository manually.

  • Documentation Updates

    • Clarify that ‘m’ push option sets patch set description.

    • Clarify that disk cache metrics require cache.enableDiskStatMetrics.

  • Dependency Updates

    • Upgrade testcontainers to 1.15.1.

    • Upgrade Jetty to 9.4.33.v20201020.


  • Breaking Changes

    • Elasticsearch: Support for EOL versions 6.6 and 6.7 is discontinued.

    • Logging: --console-log-flag of gerrit.war daemon respects log.textLogging and log.jsonLogging options

      Change in the default behaviour of the --console-log flag. Since log.textLogging in the gerrit.config is true by default, using the --console-log-flag now writes logs to the error_log-file in addition to stderr by default. This can be avoided by setting log.textLogging = false.

  • Security Fixes

    • Issue 13621 CVE-2020-8919: Make PermissionBackend#ForRef authoritative.

      Fixes a misconception that leads to data being accessible through Gerrit APIs that should be locked down.

      Gerrit had two components for determining if a Git ref is visible to a user: (Default)RefFilter and PermissionBackend#ForRef (e.g., RefControl). The former was always capable of providing correct results for all refs. The latter only had logic to decide if a Git ref is visible according to the Gerrit READ permissions. This includes all refs under refs/heads as well as any other ref that isn’t a database ref or a Git tag. This component was unaware of Git tags and notedb-related refs. Hence, when asked for a database reference such as refs/changes/xx/yyyyxx/meta, the logic would allow access if the user has READ permissions on any of the ref prefixes (such as the default “read refs/* Anonymous Users”).

      That was problematic, because it bypassed documented behavior where a user should only have access to a change if he can see the destination ref. The same goes for other database references.

    • Issue 13514 CVE-2020-8920: Work around Gitiles bug on All-Users visibility.

      Gitiles has a special FilteredRepository wrapper that allows carefully hiding refs based on the project’s ACLs. There is however an optimization that skips the filtering in case a user has READ permissions on every ACL pattern(s). When the target repository is All-Users, the optimization turns into a security issue because it allows seeing all personal information associated with all accounts, i.e.:

      • draft comments
      • draft edits
      • personally identifiable information (PII) of all users
      • external ids

      This fix now blocks Gitiles or any other part of Gerrit to abuse this power when the target repository is All-Users, where nobody can be authorized to skip the ACLs evaluation anyway.


This minor release has been withdrawn.


  • Security Fixes

    • Issue 12846: BadMessageException: 500: Response header too large.


      Bump Jetty version to 9.4.30.v20200611 to fix regression introduced in Jetty version: 9.4.27.v20200227.

      Response header overflow leads to buffer corruptions Jetty server always allocates maximum response header size.

      For more details see also upstream issues:

      Issue 4936 Issue 4541

  • Bug Fixes

    • Issue 12959: Submit: Use updated change for response

      The response was sent with the change instance from before it got submitted, rather than the updated change. As a result, the response contained the status “NEW” rather than “MERGED”.

    • Issue 13166: Include request latency in httpd_log.json

      The latency field was missing in the entries of JSON-formatted http logs.

    • Issue 12917: Switching between changes fails and in-line edit returns HTTP status 404.

      Switching between changes in a change series randomly fails. Also, when adding a file to a change using in-line edit fails constantly with an HTTP status 404.


  • Security Fixes

  • Bug Fixes

    • Issue 12680: Run projects reindex after Gerrit init only when needed, speeding up the upgrade process.

    • Issue 12778: Fix Included In filter not working in the search box.

    • Issue 12909: Fx missing index creation after Gerrit init.

    • Issue 12918: Fix missing email notifications for project watches for changes created via cherry-pick.

  • PolyGerrit Fixes

    • Issue 11368: Fix Javascript error if project has incorrect access configuration in Global Capabilities.

    • Issue 12899: Speedup the rendering of changes with large number of comments by lazy loading them when expanded.

  • Documentation Updates

    • Issue 12869: Add documentation on how to move a change across branches.


  • New Features

    • Support for rolling upgrade to Gerrit v3.2.0.

    • New interface AccountActivationListener available to plugins for listening to accounts activation status changes.

  • Security Fixes

    • Issue 12717: Deny access over HTTP for disabled accounts.

      A disabled account was still able to access over HTTP until the existing session expired.

    • Close active SSH connections associated to an account that has been disabled.

  • Bug Fixes

    • Issue 12844: Update account full name when it changes in LDAP.

    • Issue 12850: Ignore WIP changes in “CCed on” dashboard section.

  • Replication plugin fixes

    • Issue 12806: Fix replication of the project deletions to remote replicas.
  • PolyGerrit Fixes

    • Issue 11706: Support commit message modification as part of the inline edit session.
  • Documentation Updates


  • New Features

    • Add a new metric for monitoring Java deadlocks.

      The metric proc/jvm/thread/num_deadlocked_threads monitors the number of threads that are deadlocked waiting for object monitors or ownable synchronizers.

    • Add support for Elasticsearch 7.7.

  • Breaking Changes

    • Metrics: Cache disk stat metric computation is disabled by default

      Calculation of the cache disks stat metrics for persistent caches is disabled by default because it is a very expensive operation that can block a thread for several minutes on larger installations.

      Installations that still want to use this metric must explicitly enable it with the cache.enableDiskStatMetrics configuration option.

    • Plugin API: Deprecated methods related to the draft workflow and change edits are removed

      • ChangeApi.getEdit()
      • ChangeApi.publish()
      • RevisionApi.delete()
      • RevisionApi.publish()
    • Issue 12527: Elasticsearch: Support for EOL versions v5.6 and v6.0 to v6.5 is discontinued

  • End-to-end Tests Improvements

    • Allow end-to-end tests to proportionally scale on their expected execution times.

      A power_factor environment property was added to the end-to-end tests core framework. Using that optional property, scenario steps can take some more (or less) time prior to expecting proper completion.

      The way to set that property locally then depends on the target runtime environment, or SUT latency. The property may be used for either core or plugin scenarios.

    • FlushProjectsCache related scenarios added to core (and the high-availability plugin).

    • Support for relative runtime weights in scenarios.

      Each scenario can now either weight like any other by default, or override that default with a greater weight value, compared to siblings that are lighter on execution times.

      Beside core, make the high-availability and multi-site plugin scenarios reuse this.

    • Allow scenarios to create and delete Gerrit changes alongside projects.

      Add the corresponding core support for an optional http request body to every such GerritSimulation. Either automate or allow environment properties to feed the related input test data.

      Beside core, make the high-availability and multi-site plugin scenarios test changes that way. The latter currently has Issue 12693 as a known limitation.

  • Bug Fixes

    • Issue 12606: Fix visibleto predicate for groups.

      If a group name was used in the visibleto predicate, changes were not returned even if the group had permission to see them.

    • Issue 12747: Fix change query visibility for internal user.

    • Issue 12755: Block the removal of the Realm primary external ids.

      It was possible to remove the email address associated with the primary id of a Realm, effectively resulting in the account being removed.

    • Isssue 12786: Fix wrong status returned when auth backend couldn’t be reached.

      The response 401 was returned when the auth backend could not be reached, instead of the response 503.

    • Issue 14242: Fix email token verification failures caused by non-URL-encoded characters.

    • Issue 11625: Avoid multiple notifications for existing reviewers.

    • Fix internal server error on parsing commit message during receive commits.

    • Add autocomplete="off" to LDAP login form.

      Some security tools will flag the absence of the autocomplete flag as a possible security issue, as it could allow for passwords to be saved and automatically filled in on shared computers.

    • Accept --ownedby as an alias of --owned-by in the groups REST API.

      The option was incorrectly documented as --ownedBy which resulted in an error “not a valid option” if anyone tried to use it.

      The documentation is fixed, and --ownedby is added as an alias so that it also works for anyone still referring to the old documentation.

    • Fix various misuses of the Flogger API causing exception details to be omitted in the log output.

      Exceptions were not properly passed to the logger which would cause the details to be omitted, or in some cases the message “ERROR: UNUSED LOG ARGUMENTS” to be emitted.

      • When an invalid PAPE response is received during OpenID authentication
      • When a plugin config is invalid and cannot be loaded
      • When an error occurs while migrating a change metadata entry to JSON
      • When there is an unsupported charset in a patch text
    • Issue 12673: Fix emitting debug logs while running tests.

  • PolyGerrit UI Fixes

    • Issue 12707: Apply diff preferences immediately after pressing “Save”.

    • Issue 12690: Only show the “Edit” button for open changes in the diff view.

    • Issue 12726: Fix incorrect highlighting after / character in Javascript.

    • Issue 12775: Fix parent of previous patch sets not being available.

    • Issue 12385: Fix memory leak in gr-plugin-endpoints.

  • Replication Plugin Fixes

    • Issue 12678: Fix missing replication Id in replication logs.

      The migration to use Flogger in 2.16.17 caused a regression in the logging, where the replication Id was omitted from the logs. This is fixed by reverting back to slf4j logging for the replication log.

    • Issue 12719: Fix replication start --wait to track in-flight collisions and to not fail.

    • Issue 12731: Don’t lose state when there’s a pending push to the same ref.

      If there was already a pending push (not an in-flight push) to the same endpoint, the start for the push would be dropped when adding the push to the Destination. This meant that a replication start --wait command would never complete when one of its pushes was pending since its state would never receive the completion notification for that push.

    • Issue 11745: Fix firing pending “..all..” events on startup.

    • Issue 11760: Make persistent task keys stable.

    • Fix URL matching to match real URLs in addition to templated URLs.

    • Log when skipping deletion of a ref when pushing to a remote in mirror mode.

    • Improve logging of push failures caused by a lock failure on the remote.

    • Improve logging of refs to be pushed.

  • Library Upgrades

    • Upgrade rules_closure to forked version

      This fixes the “-parameters is not supported for target value 1.7. Use 1.8 or later.” warning when building. See PR 478.

    • Issue 12448: Upgrade Guice to 4.2.3 and switch to using no-AOP Guice distribution

      This allows to more easily support newer JDK versions.

    • Upgrade asm to 7.2

    • Upgrade jackson-core to 2.11.0

    • Upgrade jetty to 9.4.27.v20200227


  • Breaking Changes

    • The LogThreshold annotation is removed.

      The default log level for tests has been changed from DEBUG to INFO, and this annotation is no longer needed. It was originally introduced to allow classes to explicitly set their log level at level other than DEBUG.

      Plugins that use this annotation must be adjusted.

  • New Features

    • Add support for Elasticsearch 7.6.x.

    • Include upload-pack metrics in the sshd log.

      In order to enable detailed performance and problem analysis, upload-pack metrics are now included in the sshd log.

    • Add new configuration setting core.packedGitUseStrongRefs.

      When set to true, this option enables using strong references to reference packfile pages cached in the WindowCache. If this option is set Java gc can no longer flush the WindowCache to free memory if the used heap comes close to the maximum heap size. On the other hand this provides more predictable performance.

    • Add new configuration setting sendemail.denyrcpt.

      This new setting works alongside the existing sendemail.allowrcpt, and allows to configure email addresses or domains that Gerrit may not send to.

    • Allow to format HTTP and SSH logs in JSON format.

      When log.jsonLogging is enabled, the HTTP and SSH logs are formatted as JSON, making it easier for them to be parsed. Note that the error log was already formatted in JSON when this option was enabled.

    • Add new metrics.

      Metrics are added for:

      • Jetty connections
      • JGit WindowCache and total load time for block cache entries
      • Available number of cores
      • Average system load for the last minute

      Refer to the metrics documentation for full details.

    • Issue 11493: Add an “Edit” button to the diff view in the PolyGerrit UI.

    • Add support for fsharp in highlighting syntax in the PolyGerrit UI.

    • Issue 12364: Add support for going to a specific line number in the inline editor.

    • Add prolog predicate to determine number of parents.

      The new predicate commit_parent_count can be used to detect merge commits.

    • Add NamedFluentLogger.

      NamedFluentLogger is an extension to Flogger that allows to create a logger with a given name rather than the name of the enclosing class.

    • Issue 12444: Add support for max_result_window in Elasticsearch index configuration.

    • Add a Code Coverage layer and plugin API in the PolyGerrit UI.

      See Chromium issue 939904 for details.

    • Allow customizing the Gerrit httpd.listenUrl configuration in Docker using the HTTPD_LISTEN_URL environment variable.

  • Library Upgrades

    • Upgrade jackson-core to 2.10.3

    • Upgrade Jetty to 9.4.24.v20191120, including a fix for supporting IPv6.

    • Upgrade JGit to v5.6.1.202002131546-r-15-g241557137

    • Upgrade rules_closure to forked version.

      This fixes the “-parameters is not supported for target value 1.7. Use 1.8 or later.” warning when building. See PR 478.

  • Security Fixes

    • Issue 12440: Fix the access-path for AbstractGitCommand subclasses.

      The access path for the Receive.currentUser in the receive-pack command was wrongly set to SSH_COMMAND instead of to GIT. This allowed project owners to force-update a ref using git-over-SSH without having en explicit permission for that.

  • Bug Fixes

    • Fix size explosion of All-Users caused by draft comment removal.

      Modify draft comments generation so that, when removed, they to point to an empty parent.

    • Issue 11772: Cancel deprecation of change identifiers that was planned since 2.16.

      Since 2.16 the documentation of change identifiers states that the identifiers other than <project>~<numericid> are deprecated and will be removed in a future release. Since then the identifiers have still not been removed and there is no clear plan to do so.

      It is likely that “deprecated” identifiers are still used in links in places where they can’t be updated, for example in emails and forum posts. Due to this, and since continuing to support all of the types does not add any technical burden, ESC decided that the deprecation should be cancelled.

      The change.api.allowedIdentifier configuration setting is now obsolete and has been removed.

    • Issue 3340: Fix internal server errors when setting project access permission with bad regex.

    • Fix removal of stale metrics from the metrics registry.

    • Issue 12349: Fix time attribute of file entries in plugin artifacts.

    • Make assumption on number of query results explicit for change Id arguments.

      When a change Id passed as argument was resolved to multiple changes, the first returned change was arbitrarily used. Now an error will be raised and logged.

    • download-commands plugin: Set SSH default port to 22.

    • Document dependency from account deactivator to autoUpdateAccountActiveStatus and log a warning if the account deactivation task is configured but will not be scheduled.

    • Fix handling of ambiguous name in visibleto search predicate.

      If the visibleto search predicate was used with a display name that resolved to more than one account, the first account in the result was arbitrarily used. Now, this case will result in an error.

    • Fix a dependency injection runtime error in DeleteZombieDrafts program.

    • Issue 12473: Fix broken links in Elasticsearch configuration documentation.

  • PolyGerrit UI Fixes

    • Issue 4616: Open commentlinks to changes on the same server in the same tab.

    • Issue 12031: Fix issues with caching edited commit message.

    • Remove target=_self from commentlinks.

  • Replication Plugin Fixes

    • Check nulls in firePendingEvents at startup.

      After a sudden reboot (for unknown reason) Gerrit at startup couldn’t load because of NullPointerException.

    • Change default for the replicateOnStartup to false.

    • Issue 12559: replicateOnStartup not loaded and always considered as false.


  • New Features

    • Include request description in HTTP thread names.

      The HTTP worker threads had generic names like HTTP-100, HTTP-101, etc. While we could conclude from the stack trace what this thread was doing, we missed some important information like repository name, user name, etc.

      The HTTP threads now have descriptive names. For example, if there is an ongoing git-fetch operation we will see a thread named like: HTTP POST /a/myProject/git-upload-pack (johndoe from

      This makes the naming consistent with SSHD threads, which are named like: SSH git-upload-pack /myProject (johndoe).

    • New metrics for Jetty threadpool.

      The new metrics are exposed under http/server/jetty/*.

    • Utility program to delete zombie draft comment refs.

      Deletion of draft comment refs was broken until 2.16.14, resulting in draft comment refs not getting deleted properly. Although it has been fixed, it’s still possible that zombie refs exist from previous versions. The new site program DeleteZombieCommentsRefs can be used to remove them.

    • Highlight WORKSPACE and BUILD.bazel files as Python in the PolyGerrit UI.

  • Breaking Changes

    • The MessageOfTheDay extension point is removed.

      The MessageOfTheDay functionality was not ported to the PolyGerrit-UI and the MessageOfTheDay extension point was removed with the 3.1.3 release. However, the JS API provides the banner entrypoint for plugins to add messages to the UI. Plugins that were previously using the MessageOfTheDay extension point have to be adapted accordingly.

  • Bug Fixes

    • Issue 12097: Fix migration to NoteDb when orphan changes exist.

      In the case where a change belonged to a repository that did not exist, the migration failed.

    • Issue 9296: Fix wrong diff of commit message between different patch sets of a merge commit.

    • Issue 7969: Fix internal server error when diffing MERGE_LIST between different patch sets of a merge commit.

    • Issue 10397: Don’t send notification email when publishing a change edit on a WIP change.

    • Issue 12243: Fix unexpected deactivation of service user accounts.

    • Fix editing name and email for service user accounts.

    • Fix internal server error when a change edit includes an invalid file path.

      Invalid file paths are now rejected as ‘400 Bad Request’.

    • Fix internal server error when giving an invalid merge strategy to the ‘Create Merge Patch Set’ REST endpoint.

    • Fix a resource leak in the ‘Get Patch’ REST endpoint.

    • Don’t check for conflicting refs when deleting a ref; improve performance of migration to schema 167.

      The migration to schema 167 involves deletion of refs. The performance was poor for large installations (for example 30k user refs and 20k groups) because the ref deletion implementation was doing an unnecessary check for conflicting refs.

    • Fix setting _moreChanges to the wrong value in change query REST results.

    • Upgrade highlight-js to get various fixes in source code highlighting:

      • fix(makefile) fix double relevance for assignments
      • (xml) expand and improve document type highlighting
      • fix(kotlin): fix termination of “”” string literals
      • (cpp) Add additional keywords
      • Backslash is not used to escape in strings in standard SQL
      • (javascript) fix jsx self-closing tag issues
      • enh(ini) support arrays and much cleaner grammar
      • (javascript) support jsx fragments
  • PolyGerrit UI Fixes

    • Issue 11980: Fix handling of LDAP groups containing a dot in the PolyGerrit permissions screen.

    • Issue 12197: Fix rendering of commentlinks using link.

    • Issue 11697: Fix rendering of commentlinks without leading whitespace.

    • Issue 12224: Honor the date format preference when displaying dates.

    • Issue 12184: Fix link in blame annotation to link directly to the commit.

    • Issue 12108: Add missing ‘Page …’ on pagination links in the repository list.

    • Fix the size of the commit message box.

    • Fix a parse error on the repository list.

    • Fix multiple triggers when shift-r is held.

    • Wrap filenames onto two lines in the file list if the filename is too long.

    • Add a right margin to the search bar.

      This creates some space between the search bar and the header-browse-source endpoint where you often see a ‘Repositories’ link.

    • Replace ‘Menlo’ font with ‘SF Mono’.

      ‘Menlo’ was replaced by ‘SF Mono’ from Mac OS 10.11, and ‘Menlo’ does not render symbols and characters correctly.

  • Other Changes

    • Upgrade JGit to v5.6.0.201912101111-r-31-g3d59d1b80.

    • Upgrade jackson-core dependency to 2.10.2

    • Improve logging when a metadata update fails.

    • Update external Ids documentation with information on how to find the sha1 of an external Id and how to show the corresponding change note.


  • New Features

    • Include thread name in the HTTPD and SSHD logs.

      Having thread name in the HTTPD and SSHD logs makes it easier to match entries from the error log. The error log entries already contain the thread name, so with the thread name included in each entry in the HTTPD and SSHD logs, we have more data to match an error to a request than just the timestamp.

  • PolyGerrit UI Fixes

  • Other Fixes

    • Issue 12070: Fix internal server error on git over HTTP calls when SSHD is enabled.

      Double cleanup of the request context caused an internal server error on push or fetch via git over HTTP.

    • Fix generation of SSH keys with empty passphrase.

      The -N option of ssh-keygen was correctly used for generation of RSA keys, but for other types -P was used.

    • Extend documentation of external Ids to include examples of how to generate the sha1 of an external Id and how to show the git note of the Id.


  • New Features

    • Issue 11973: Add copy-to-clipboard for generated HTTP password.

    • Add support for doctag in PolyGerrit UI syntax highlighter.

    • Add an event interface in the PolyGerrit API.

    • Add support for Elasticsearch 7.5.

    • Add documentation of how to perform backups of Gerrit.

  • PolyGerrit UI Fixes

    • Issue 12024: Fix undefined branch in create-destination-dialog.

    • Issue 11969: Fix tab index in reply dialog.

    • Issue 11993: Stop loading fonts from external resources.

    • Issue 11984: Fix top menu bar on iOS.

    • Issue 8282: Avoid browser caching for diff on edit patch.

    • Issue 9444: Fix syntax highlighting for multi-char char constants.

    • Issue 12020: Fix ‘New Contributor Agreement’ screen.

    • Fix gr-syntax-params css class.

    • Fix overflow of branch name in change list.

  • Other Fixes

    • Issue 11989: Fix internal server error when pushing over SSH with git protocol v2.

    • Issue 11962: Fix advertisement of refs/meta/config in git protocol v2 when client does not have access to it.

    • Issue 11986: Fix fetching individual ref with git protocol v2.

    • Issue 7645: Fix thread deadlock when loading accounts from the account cache.

      Replacing Guava caches with Caffeine reduces the chances of having the deadlocks and improves the cache performance.

    • Issue 11918: Fix internal server error when deleting a tag or branch by git push.

    • Issue 11650: Fix reindexing of changes after project is deleted in the delete-project plugin.

    • Disallow deleting the refs/meta/config branch via the ‘Delete Branches’ REST API.

    • Disallow deleting the HEAD ref via the ‘Delete Branches’ REST API.

    • Allow empty base revision in the ‘Create Branch’ and ‘Create Tag’ REST APIs.

    • Fix deletion of draft comment refs.

      In some situations, draft comment refs were not properly deleted but left empty. This resulted in unused draft refs persisting in the All-Users repository, polluting the namespace. Published draft comments as well as deleted draft comments were kept in the history of the draft ref, keeping them alive for GC, and causing a steady increase of repository size.

    • Use correct content type text/plain instead of plain/text in ‘Create SSH Key’ REST API.

    • Fix handling of interactive/batch users in the QoS filter.

      For the git-over-http requests this filter didn’t work properly because the basic authentication happened later in the filter chain and at the moment when the QoS filter was invoked the current user was not yet set.

    • Add project name to headers of outgoing change emails.

    • Fix and expand documentation of ref-update and commit-received hooks in the hooks plugin.

    • Upgrade JGit to v5.6.0.201912041214-rc1