Gerrit 3.7.x | Gerrit Code Review

Download: 3.7.9 | 3.7.8 | 3.7.7 (DO NOT USE) | 3.7.6 | 3.7.5 | 3.7.4 | 3.7.3 | 3.7.2 | 3.7.1 | 3.7.0

Documentation: 3.7.9 | 3.7.8 | 3.7.7 (DO NOT USE) | 3.7.6 | 3.7.5 | 3.7.4 | 3.7.3 | 3.7.2 | 3.7.1 | 3.7.0

Release highlights

UI mostly migrated to Lit

Gerrit UI is mostly migrated to Lit, with a few exceptions for certain modules.

Mention @user support

Users can be mentioned in comments using the @<user> notation and select the matching accounts. Mentioning users automatically add them in CC and send e-mail notification to get their attention.

This feature can be enabled in gerrit.config by adding this configuration:

[experiments]
    enabled = UiFeature__mention_users

Full markdown support in comments

Comments and checks accept and render the full markdown syntax, allowing richer interaction and communication between authors and reviewers. This follows the CommonMark spec, except inline images and direct HTML are not rendered and kept as plaintext. No markdown rendering is done in the commit message.

Bulk actions on search results and dashboard

Apply a change action to an entire group of changes all at once right from the search page or your dashboard. Simply select all the changes, click your action, and fill out the details on the dialog. Currently supported actions are:

Add Reviewer or CC
Add Topic
Add Hashtag
Vote (excluding Code-Review)

Auto theme mode

The theme is automatically changed to light/dark based on your OS preference. You can change the theme in users preferences.

Copy links

The copy links are in the dropdown next to the change number with keyboard shortcuts or a button to quickly copy the format that you prefer to link change.

Import Projects’ Changes from other Gerrit servers

Gerrit can read and render Changes coming from Projects copied from other servers having different server-ids and account-ids. This allows the Gerrit administrators to move projects and changes across servers with a compatible NoteDb structure and having the change meta-data parsed and reindexed in Gerrit.

NOTE: Only the changes can be imported and reindexed in Gerrit, following the account reverse lookup association using the new imported external-ids. Groups, ACLs and project hierarchy and Prolog rules (aka refs/meta/config) may not be imported out of the box and still require the Gerrit administrator to copy and adapt them manually.

At high-level, the process consists of:

Configure the gerrit.importedServerId with the values of the gerrit.serverId of the Gerrit servers from the project changes to be imported originate from.

Identify the accounts involved in the project changes to import and create the corresponding imported external-ids in the All-Users.git repository.

Example of how to add the external-id imported:1000002@59a4964e-6376-4ed9-beef-123bd9217df8 to the account-id 1000001:

$ EXT_ID=imported:1000002@59a4964e-6376-4ed9-beef-123bd9217df8
$ EXT_ID_NOTE=$(echo -n $EXT_ID | shasum | awk '{print $1}')
$ git clone $GERRIT_SITE/git/All-Users.git && cd All-Users
$ git fetch origin refs/meta/external-ids && git checkout FETCH_HEAD
$ echo -e '[externalId "'$EXT_ID'"]\n\taccountId = 1000001' > $EXT_ID_NOTE
$ git add . && git commit -am "Added $EXT_ID"
$ git push origin HEAD:refs/meta/external-ids

Create the destination project of the import in Gerrit
Push the changes under refs/changes/* from the source Gerrit into the newly created destination project.
Reindex all imported changes, either online with gerrit index changes or offline with the java -jar gerrit.war reindex commands.

The overall process has been described in detail and live demoed during the Gerrit User Summit 2022.

New command to check project access for other users

Gerrit admins can verify the ACLs of projects for individual users using the new gerrit check-project-access SSH command.

Important notes

Schema and index changes

This release contain changes to the schema which is upgraded to version 185; also all indexes have been upgraded.

Offline upgrade

Download the gerrit.war and run the init and then reindex program:

  java -jar gerrit.war init -d site_path
  java -jar gerrit.war reindex -d site_path

Online upgrade with zero-downtime

Gerrit v3.7.x supports zero-downtime upgrade from Gerrit v3.6.3 or later when configured using a high-availability configuration, and the Git repositories are stored in a shared filesystem such as NFS or similar.

NOTE: Gerrit versions older than v3.6.0 would require an offline upgrade.

During the zero-downtime upgrade, Gerrit end-users would not notice any outage or service disruption. They will be able to perform any read/write Gerrit operation on the GUI or using using any API.

The zero-downtime upgrade consists of the following steps:

Have Gerrit servers running v3.6.3 or later, in high-availability configuration, healthy and able to handle the incoming traffic properly.
Set gerrit.experimentalRollingUpgrade to true in gerrit.config on both Gerrit masters.
Set the Gerrit server unhealthy.
Shutdown the Gerrit server, update gerrit.war and plugins to v3.7.x and start Gerrit again.
Verify that the Gerrit server is working properly (e.g. run automated smoke tests) and then make it healthy again.
Wait for the Gerrit server to start serving traffic normally.
Repeat steps 3. to 6. for all the other Gerrit servers.
Remove gerrit.experimentalRollingUpgrade from gerrit.config on both Gerrit masters.

Downgrade

Downgrade to Gerrit v3.6.x release is possible, but requires the following manual steps:

Shutdown a migrated Gerrit v3.7.x server
Downgrade the All-Projects.git version (refname: refs/meta/version) to 184:
```
git update-ref refs/meta/version $(echo -n 184|git hash-object -w --stdin)
```
See git hash-object and git update-ref.

NOTE: The migration of the label config to copy-condition performed in v3.7.x init step is idempotent and can be run many times. Also v3.6.x supports the copy-condition and therefore the migration does not need to be downgraded.

Run Gerrit v3.6.x init, downgrading all plugins, and run the off-line reindex

  java -jar gerrit-3.6.x.war init -d site_path
  java -jar gerrit-3.6.x.war reindex -d site_path

Start Gerrit v3.6.x server

Native packaging

GerritForge RPM repository updated for arm64 architecture

GerritForge RPM v1.4 has been released, including the native packages for arm64 architecutre.
gerrit:3.7.0-almalinux8 OS base image upgraded to AlmaLinux 8.6
DockerHub images for arm64 architecture

DockerHub Gerrit images include images for arm64 architecture.

Update gerrit.reportBugUrl configuration

The issues of the Gerrit Code Review project have been migrated from Monorail into the new Gerrit Tracker, see announcement at: https://groups.google.com/g/repo-discuss/c/F4havFh_Bvw/m/D5MsV17yAgAJ

If the gerrit.reportBugUrl setting on your Gerrit server is pointing to the Gerrit Monorail project, which is deprecated now, please update the URL to point to the new Gerrit Tracker, e.g. change https://bugs.chromium.org/p/gerrit/issues/entry?template=Bug+Report to https://issues.gerritcodereview.com/issues/new.

Known issues

Issue 380898784: The new changes_by_project cache will make the git-upload-pack fail intermittently on projects containing one or more inconsistent changes.

The introduction of the changes_by_project cache is incompatible with projects having one or more inconsistent changes, like changes with /meta refs coming from unexpected Gerrit serverId. The cache makes the git-upload-pack fail intermittently with internal server errors when it fails to load the change meta-data depending on the status of the cache. As a workaround, disable the changes_by_project cache as follows in gerrit.config:
```
[cache "changes_by_project"]
      memoryLimit = 0
```

Breaking changes

Change 335625: ThreadMXBeanSun: Use getCurrentThreadAllocatedBytes() method

Used Bazel version is shipping latest release of JDK 11, that contains this method. The getCurrentThreadAllocatedBytes() method is provided from JDK versions

= 11.0.10. Make sure you are running JDK versions >= 11.0.10 when upgrading to 3.7.
Change 343774: Delete ignored state of changes and ‘star:’ queries

The query predicates star:ignored, is:ignored and star:star are not supported anymore. The latter is identical to is:starred or has:star.
Change 334467: Removed support for deprecated approval config fields in label configs

The boolean flags in label configurations to control approval copying, as well as the copyValue settings, was previously deprecated and now completely removed in flavor of the new copyCondition setting that allows to express the copy conditions as a query.
Change 337456: Ban new modifications to label functions in favour of submit requirements
Issue 15784: New project head updated event in the stream events
Issue 11686: Discontinue support for legacy numeric types in Lucene

In Lucene the implementation switched from integer id to string id and now all the old code is removed. Three different index implementations are affected:
- changes
- account
- groups
Change 334325: Migrated label definitions to use copy conditions instead of deprecated fields

The boolean flags in label configurations to control approval copying, as well as the copyValue settings, have been deprecated in favor of the new copyCondition setting that allows to express the copy conditions as a query. The newly added schema version migrates the deprecated fields to copy conditions.

NOTE: Because of this breaking change, downgrading to Gerrit v3.6.x is not possible out of the box.
Issue 15941: Fix SSH queries to not show commit-message unless –commit-message is provided

This issue has existed for several years and should be considered breaking as users might expect commit message to be included by default in SSH query results. Obtaining the commit message is a costly operation as the commit data has to be loaded. So, showing it even when –commit-message is not provided degrades the performance of SSH queries.
Change 336297: Recognize lower case operators in search

Previously, we only recognized AND, OR and NOT as boolean operators. This seems overly strict as users might unintentionally use the lower case variants.

Indexing improvements

Change 343798: Introduce index.pageSizeMultiplier configuration to paginate index queries with increasing size
Change 343694: Improve performance of queries that check the visibility of changes for a non-current user
Change 343096: Introduce index.paginationType=SEARCH_AFTER configuration for speeding up query pagination
Change 349694: Improve performance of parentof operator by two orders of magnitude
Change 345634: Paginate internal change index queries, as index backends such as Lucene and Elasticsearch are known to degrade with a high limit

Performance fixes

Change 338154: Lazy load change notes when submit by push Improves performance of change submit via push
Change 338574: Cache ProjectControl instances in SSH queries A PerThreadCache is used to cache ProjectControl instances to improve SSH query performance.
Change 338614 Optimize SSH queries to avoid loading individual accounts This improves performance of SSH queries.
Change 338834: Avoid creating an IdentifiedUser multiple times in a SSH query This improves performance of SSH queries.
Change 339795: Improve performance of the create branch REST API when the repository contains over one million refs
Issue 16284: Fix performance issues with git-upload-pack on repositories with a large number of changes

Other changes

Change 346979: Add ability to specify prefix, suffix and text fields for commentLinks of type link
Change 346854: Update change.maxPatchSets value from 1500 to 1000
Change 345229: Support bulk actions on dashboard and search pages
Change 337434: New REST API for previewing fix from the request body to a patch set

The newly added API fix:preview previewes fix(es) provided as part of a POST request body. ApplyProvidedFixInput holds the fix(es). This flow is suitable when a frontend plugin shows fix(es) that it is suggesting on the UI and that the user can accept.
Change 339788: Allow testing submit requirements using a pending change to the refs/meta/config branch

Admins can then test their SRs using the following workflow:
1. Upload a pending change to the refs/meta/config branch.
2. Test it immediately on any change using: curl -X POST https://<gerrit-url>/changes/<change_to_test>/check.submit_requirement?sr-name=Foo&refs-config-change-id=$id
Change 336715: Disallow index updates that both add and remove fields

A new version may only add or remove fields, but not both. The type of existing fields may not be changed.
Change 341454: Allow using GitWeb with multi-site and cached-refdb
Change 307349: Add change REST endpoints to create and retrieve submit requirements.
Change 307352: Add a REST endpoint to delete submit requirements
Change 307351: Add a REST endpoint to list submit requirements in a project.
Change : New REST API for applying a fix from the request body to a patch set
Change 339555: The commit-msg hook ignores fixup and squash commits now.

Fixup and squash commits will inherit the Change-id of the commit they are squashed into.
Issue 10168: Fix broken links to Gitweb lightweight tags
Issue 12546: In commit-msg hook, the Change-Id is now inserted before any Signed-off-by
Issue 13930: Support ssh kex server-sig-algs for modern clients, like OpenSSH 8.8
Issue 15194: Define new event containing all refs updated in a single operation
Issue 15664: Disallow truncating the Change-Id across patch-sets
Issue 15997: Make DelegateRepository#delegate() method public
Issue 16182: Display the change’s Change-Id underneath the commit message when not present in the commit message
Issue 16263: Disallow js in comment links
Issue 16322: Limit the number of changes that can be submitted at once
Issue 16354: Fix change screen errors when trying to load an invalid project with an exixting change number
Change 338680: Included copied/outdated votes in change message on patch set creation

Include copied and outdated approvals into the change message that is posted on patch set creation. This allows users to find the copied/outdated approvals for each patch set in the change log.
Change 337968: Copy approvals that are applied on outdated patch sets to follow-up patch sets if copyable

Copying approvals that are applied on outdated patch sets to follow-up patch sets make the life easier for CIs, e.g.:
1. CI is triggered on PS X
2. While the CI is running, PS X+1 which only modified the commit message is uploaded
3. CI finishes on votes Verified+1 on the outdated PS X
Change 336712: Included outdated approvals in push output when pushing a new patch set
Change 336414: Included unsatisfied SRs into new patch set email when change becomes unsubmittable

When a change becomes unsubmittable users want to know which submit requirements are no longer satisfied.
Change : Support deletion of missing changes from the index

If a change is not found, and the “delete_missing” option is set to “true”, then try to delete it from the index.
Change 336134: gerrit.sh: add –debug option, start JVM in debug mode
Change 335754: Approver is added to the attention set when their approval is not copied

If a user applied an approval on a change and this approval gets outdated and removed when a new patch set is uploaded (i.e. the approval is not copied to the new patch set) then this user is added to the attention set now. This is to signal that this user should re-review the change and renew their approval.
Change 330407: Added the value “NOT_EVALUATED” to the SubmitRequirementExpressionInfo in the Change API and in NoteDb.
Change 349314: Fixed change reindex with label copyCondition containing group

Plugin changes

Gerrit UI changes

Change 346077: Added “Your > All Visible Changes” default query

Add a new entry to the “Your” menu which queries “is:visible” which, is the query for viewing all changes.
Change 345136: Remove redundant/unhelpful ARIA labels from diff tables
Change 344914: Fix freezing in Safari when adding comments
Change : New user setting for theme. New default - Auto - shows dark or light theme based on OS theme preference. User can change new default in settings

Switching theme is now reactive - listening to OS theme preference changes or on user changing user preferences.
Change 337421: Introduce Auto Dark/Light Theme based on OS preference

Introducing a new default mode - Auto. This will dynamically change theme based on OS preferences. Mac OS has Auto mode, that switch to dark mode in evening. With this change Gerrit can have dark theme in evening and light them during day.
Change 343605: Make the file list easier to understand at a glance

Folders that match the previous file are colored gray, folders that do not match are black, and the file name it self is blue.
Change 340970: Start using material icons
Issue 14526: Allow to rebase changes with conflicts in the UI

Documentation changes

Change 337097: Contribution Documentation updated for grammar

A few updates to the contribution documentation for developers:
- Minor grammatical errors and restructuring sentences.
- Removing a duplicated paragraph regarding incomplete features.
- Changes in verb tense (‘has’ to ‘is’ where appropriate)

End-to-End tests changes

Change 335394: Added property authenticated to e2e-tests

This property let you use authenticated HTTP clones with the e2e-tests.

JGit changes

Update jgit to 2021ce342, improves UploadPack and git blame performance for large merge commits, also correctly report errors for UploadPack.

Other dependency changes

Update Lucene version to 7.7.3

Bugfix releases

3.7.9

Enhancements
- Change 424957: Emails notifications for comments now mention who owns the change
  
  When receiving the email, knowing the change owner helps the receiver prioritize their reviews.
- Issue 325309573: Add virtual_id_number to ChangeInfo.
  
  Introduces virtualId to change data to avoid clashes when starring changes imported from foreign server ids.
Bug Fixes
- Issue 40014889: Stop considering WIP changes “unmergeable”
  
  WIP changes can now be mergeable under specific conditions.
- Issue 330195358: Fix pagination to stop querying when there are no more results
  
  Addresses the issue of unnecessary queries when the first query does not fill the full limit.
- Issue 330758152: Fix detection of invalid SSH key algorithm
  
  Validates and rejects SSH keys with invalid or mismatched algorithms.
- Issue 325309574: Resolve draft comment reference ambiguity for imported changes
  
  Ensures distinct draft comment references for each imported change coming from a foreign server-id.
- Issue 328958027: Fix NONE paginationType filtering of changes
  
  Addresses visibility filter issues when paginationType is NONE.
Dependency Updates
- Update JGit to c0b415fb0
  
  You can retrieve the full list of changes with:
```
git log --no-merges --format=oneline acf21c0bc..c0b415fb0
```
  notable changes are:
  - 81d64c91 Cache refreshed loose ref dirs in SnapshottingRefDirectory
  - 72fa0a53 TreeRevFilter: correct changedPathFilter usage for multi-paths inclusion
  - da7a88bc [ssh] Implement the “Ciphers” SSH config
  - bf7dd9ad ShutdownHook: run on bundle deactivation if in OSGi
  - 21f7fdff Introduce core.trustLooseRefStat config
  - a44b9e8b Support public key in IdentityFile
  - f11d1365 Revert “StartGenerator: Fix parent rewrite with non-default RevFilter”
  - 3e624306 Allow to discover bitmap on disk created after the packfile
  - 426d6784 storage.file: Do not throw NSFE when deleting tmp files
  - 67142cac FS.detectSymlinkSupport: fix a race
  - 906c2beb RebaseCommand: fix stopping on root commit conflicts
  - c701c01b Improve handling of NFS stale handle errors
  - e0910eda Fix handling of missing pack index file
  - c6466492 CherryPick: add ability to customise cherry-picked commit message
  - 8116f66b FooterLines: handle extraction from messages without headers
  - 78848731 BasePackFetchConnection: Skip object/ref lookups if local repo is empty
  - faa50c68 LooseObjects: Use File#exists when possible
  - e25bf957 PackBitmapIndex/StoredBitmap: Expose size and counts
  - 52c18ae1 PackWriter/Statistics: Remove the bitmapt hit stats
  - db5ce6b5 StartGenerator: Fix parent rewrite with non-default RevFilter
  - 5e563e1b PackWriter: store the objects with bitmaps in the statistics
  - 340cc787 Improve footer parsing to allow multiline footers.
  - aab75dba BitmapIndex: Add interface to track bitmaps found (or not)
  - e4a341db Fix branch ref exist check
  - d3f711ca BitmapWalker: announce walked objects via listener interface
  - 4f18c509 Optimize RefDirectory.getRefsByPrefix(String…)
  - b761a0fc Use try-with-resource to ensure UploadPack is closed
  - 593fbf7c CommitGraphWriter: Add progress monitor to bloom filter computation
  - 5207bf07 CommitGraphWriter: Use ProgressMonitor from the OutputStream
  - c46b54ee CommitGraphWriter: Unnest generation-number progress
  - 3937300f Optimise Git protocol v2 ref-prefix scanning
  - 5f563e38 UploadPack: use want-refs as advertised set in fetch v2
  - 093bde51 BasePackFetchConnection: Avoid full clone with useNegotiationTip
  - 0f078da4 FileBasedConfig: in-process synchronization for load() and save()
  - f6774fa8 FileUtils.rename(): better retry handling
  - cb46ee35 FileBasedConfig: ensure correct snapshot if no file
  - ecf94d15 Config.removeSection() telling whether it changed the config
  - f93ccb7f RebaseCommand: return correct status on stash apply conflicts
  - 42917767 UploadPack: Delay freeing refs in sendPack()
  - 0ca7438f Fix log level for successful execution of ShutdownHook#notify to debug
  - 2ab7c3eb SSH agent: correct plug-in title
  - b6b1e0a0 Fix DefaultCharset bug pattern flagged by error prone
  - 7092803a Add comment why protocol list uses WeakReference
  - c57257bc CommitGraphWriter#createCoreChunks: Remove not-thrown exceptions
  - 2390a89f CommitGraphWriter: Decouple Stats from computing bloom filters
  - f1a9d92a CommitGraphWriter: Move bloom filter calculation out of createChunks
  - 642f1602 Use ShutdownHook to gracefully handle JVM shutdown
  - d4d6c2b5 Add ShutdownHook to cleanup FileLocks on graceful JVM shutdown
  - f94be665 Unregister ShutdownHook when GC#PidLock is closed
  - 82c6638c RevertCommand: support for inserting a Gerrit change ID
  - 13c8daca CommitGraphWriter: throw exception on unknown chunk
  - fb51a223 Document commit-graph options supported by JGit
  - e7a09e31 Introduce core.packedIndexGitUseStrongRefs config key
  - c353645a Move footer-line parsing methods from RevCommit to FooterLine
  - 462c57ec Merge: Add diff3 style merge conflict formatter.
  - c8f5a3f9 RevCommitCG: Read changed-path-filters directly from commit graph
  - ec3d919a Identify a commit that generates a diffEntry on a rename Event.
  - f196c7a0 Pack: open reverse index from file if present
  - 000e7caf PackReverseIndexV1: reverse index parsed from version 1 file
  - 2eba4e5b PackReverseIndex: open file if present otherwise compute
  - 8123dcd6 PackReverseIndex: verify checksums
  - 7d266958 ComputedPackReverseIndex: Clarify custom bucket sort algorithm
  - 3b77e33a CommitGraphWriter: add option for writing/using bloom filters
  - 77aec621 CommitGraphWriter: reuse changed path filters
  - d3b40e72 RevWalk: use changed path filters
  - ff0f7c17 CommitGraphLoader: read changed-path filters
  - 49beb5ae CommitGraphWriter: write changed-path filters
  - 23758d7a ssh: PKCS#11 support
  - db08835c GC: Remove handling of extra pack for RefTree
  - b2f7dc18 Remove redundant specification of type arguments
  - 79b46a0e Fix S3Repository getSize to handle larger object sizes
  - 8e619716 PackReverseIndex: separate out the computed implementation
  - 181b629f Gc#writePack: write the reverse index file to disk

3.7.8

Bug Fixes
- Change 411279: Fix change staleness check for changes with drafts and stars
- Change 410917: Fix copy-approvals for cases where current approvals have different values when normalized.
- Change 410317: Fix change id parsing in SSH commands.
Dependency Updates
- Change 410743: Update JGit to acf21c0bc which was missed in v3.7.7.
  
  You can retrieve the full list of changes with:
```
git log --no-merges --format=oneline 74fa245b3..acf21c0bc
```
  notable changes are:
  - acf21c0bc RefDirectory: Do not unlock until after deleting loose ref
  - 29c89d1f0 SnapshottingRefDirectory: Invalidate snapshot after locking ref for update
  - 747618358 Improve handling of NFS stale handle errors
  - ca54c5176 Fix handling of missing pack index file
  - b4c66104f Introduce a PriorityQueue sorting RevCommits by commit timestamp
  - e712b4716 Make sure ref to prune is in packed refs
  - 170244d05 Checkout: better directory handling
  - 244165fc5 Remove unused API problem filters
  - f103a1d5c Add support for git config repack.packKeptObjects
  - f5f4bf0ad Do not exclude objects in locked packs from bitmap processing
  - 3a6eec9bb Express the explicit intention of creating bitmaps in GC
  - ac8d7838f GC: prune all packfiles after the loosen phase
  - f6928f573 Revert “RefDirectory: Throw exception if CAS of packed ref list fails”
  - 6b3b2b33a GraphObjectIndex: fix search in findGraphPosition
  - 0f7d485bc Remove unused API filters
  - 43954ea62 [releng] API filter for PackIndex.DEFAULT_WRITE_REVERSE_INDEX
  - 2c89a3ec7 PackExt: add a #getTmpExtension method
  - d0564cf8a UploadPack: Record negotiation stats on fetchV2 call
  - ce88e62ed PackWriter: write the PackReverseIndex file

3.7.7 (DO NOT USE)

Breaking changes
- Change 404018: Add option to populate ‘starred’ field for change queries.
  
  star option can must now be provided to include the starred field in ChangeInfo, which indicates if the change is starred by the current user or not.
Known Issues
- Change 391575: JGit was accidentally reverted to 5ae8d28faaf6168921f673c89a4e6d601ffad78d.
New Features
- Change 406237: Add metrics for git/upload-pack/bitmap_index_misses_count and a separate one for missing bitmap indexes.
  
  JGit packer tracks the number of times that an object was not found in the bitmap index or if the bitmap index was completely missing. Added the git/upload-pack/bitmap_index_misses_count for being used in performance graphs, while the git/upload-pack/no_bitmap_index should be more suitable for alerts.
- Change 406004: Add timer for git/upload-pack/phase_searching_for_* phases.
  
  Add metrics for the “Finding sources” phase, which is critical for an optimal Git/HTTP performance.
- Change 404718: Add timer for git/upload-pack/phase_negotiating.
  
  Added the git/upload-pack/phase_negotiating so that the Gerrit admin can graph how these are performing and spot any potential issues. JGit packer tracks time spent in the negotiation phase. This statistic was only exposed in the sshd_log and is not available when the client uses Git/HTTP.
- Change 402497: Introduce configurable shutdown timeout
  
  Added container.shutdownTimeout to configure the maximum time (in seconds) to wait before terminating Gerrit.
- Change 393037: Bazel: Add support for BuildBuddy RBE provider.
  
  BuildBuddy provides an open-core suite of enterprise features for Bazel.
Performance Fixes
- Change 392634: Improved performance for conflicts: operator and other mergeability checks when submit type is Merge-If-Necessary.
Bug Fixes
- Change 404937: Fix copyable change links when base URL has a path.
  
  Removed extra base URL prefix in gr-copy-links. The links are crafted from createChangeUrl which already returns an URL with the base URL.
- Issue 311925527: Fix canonical web url binding in Git over HTTP.
  
  Fix a problem encountered in the virtualhost plugin, where despite proper configuration for tenant canonical web URL, the git push output would use the value of gerrit.canonicalWebUrl configuration option.
- Issue 314113030: Fail the change reindex operation upon StorageException(s).
  
  Allows some of the indexing operations to fail, so that if a change indexing throws a StorageException, so that the change does not disappear from the index.
- Issue 318745940: Fix serverId in identity parsing for imported human comments.
  
  Remapping of account-ids correctly adapts the comment’s author account-ids and serverId fixing the inconsistent identity of the comments.
- Change 395741: Fix event parse exception when changing repository HEAD.
  
  Explicitly registered a type and class for ProjectHeadUpdatedEvent in EventType in order to successfully deserialize events.
Dependency Updates
- Change 403721: Bump SSHD version to 2.12.0 with security fix for CVE-2023-48795

3.7.6

Breaking Changes
- Change 383334: refreshAfterWrite and maxAge settings in gerrit config are now honored for both persistent and in-memory caches.
  
  Previously these settings were erroneously ignored for persistent caches. If you rely on them for persistent caches you should be aware they will be honoured now.
New Features
- Change 383334: Allow to set gerrit.instanceID from java system property
  
  In environments where Gerrit is scaled automatically and which use the same static configuration for all instances, e.g. in Kubernetes, setting instance specific configuration in the config file is a cumbersome process. Instance ID can also be set using the gerrit.instanceId Java system property, which will override the instance ID in gerrit.config.
- Change 377699: Allow generating safe local-only documentation, without reference to external fonts in CSS
- Change 390658: Allow disable Prolog rules evaluation on closed changes
- Change 390614: Allow uploading changes to group refs except changes to group files
- Change 389055: Allow operator aliases to be used in submit requirement expressions
- Change 386974: SSH set-reviewers cmd now handles lock failures with retries
Performance Fixes
- Change 376094: Introduce new cache changes_by_project to speedup git ref advertisements on replica and git-receive-pack on primary
- Change 377814: Skip building bloom filters by default speeding up offline reindex
Security Fixes
- Change 389374: Update Jetty to 9.4.53.v20231009 with critical security fixes CVE-2023-36478 and CVE-2023-44487
Bug Fixes
- Change 394435: Support listing of patch-set files also for imported changes from other Gerrit servers-ids
- Issue 301481564: Fix the repository configuration screen remainign stale when switching tabs
- Issue 40014568: Fix ref-updated stream events consistency for change edits
- Issue 304335624: Fix the changing preferred email resulting in duplicate emails set in cache
- Change 388054: Eliminated startup warning for plugins whose SshModule only provides Ssh*CommandInterceptors
- Change 387217: Fixed case where an exception in change visibility checking could break visibility of all refs in that repo
- Change 387055: Fix SSH set-topic cmd to consider ‘editTopicName’ permission
- Issue 291102119 Avoid NullPointerException when deleting a single ref
- Change 387216: Fixed potential OOM due to SubmitRuleEvaluator creating new metrics whenever an instance was created
- Change 387214: Fixed potential OOM due to DefaultRefFilter creating new metrics whenever an instance was created
- Change 386976: Fixed potential OOM due to *QueryProcessor classes creating new metrics whenever an instance was provided
- Issue 300976121: Fix NPE when auth.httpDisplaynameHeader is configured but header is unset
- Change 387054: Fix force topic edit permission to consider change owner rule
- Change 386994: Fixed InactiveAccountDisconnector NPE due to race condition
- Issue 295457464: Fixed SSH query not returning copied approvals on per patchset level
Documentation Fixes
- Change 391858: Document ChecksApi.updateResult() in PolyGerrit plugins checks API
- Change 391696: Document check-result-expanded plugin endpoint in PolyGerrit plugins checks API
- Change 388936: Explain in ls-projects SSH API when the “parent” field is “?-N”
- Change 388530: Explain in /projects/ REST API when the “parent” field is “?-N”
Replication Plugin Updates
- Change 384754: Avoid opportunity to inadvertently block the distributor
- Change 383694: Reduced log level for Task deletion errors in MP setups
Dependency Updates
- Update jgit to 82e277c813398c9f519f16e83d080a94fa29a27c
Native Packaging
- Issue 311414905: Add trailing slash in default canonicalWebUrl in Docker containers

3.7.5

New Features
- Change 385116: Support Cloud Spanner for AccountPatchReviewStore
Bug Fixes
- Change 385557: Remove warning on persisted_projects cache on multi-servers setups
  
  The implementation of the key for persisted_project includes the project version, therefore it is safe when used in a multi-servers scenarios (HA, multi-site).
- Change 380154: Documentation: NOTE on use of sshkeys, and *projects cache on clusters
  
  When using the sshkeys, and *projects caches on a cluster, warn the Gerrit admin he should be aware of those caches to be potentially stale. The problem can be minimised by either disabling them altogether or setting a low value of refreshAfterWrite.
- Change 384214: Align Jetty session timeout with Gerrit web_sessions maxAge
  
  Do not leave Jetty having sessions kept forever but expire them with the same timeout of Gerrit sessions.
  
  Verified E2E that the Jetty sessions expires with the same timeout of the web_sessions maxAge value.
- Issue 290225204: loginUrl and loginText are hardcoded in the UI
  
  Gerrit UI ignored the settings in the auth section of the configuration 1.
  
  In particular auth.loginUrl 2 should be used if present and auth.type is set to HTTP or HTTP_LDAP. Also auth.loginText 3 should be used if auth.loginUrl is set.
  
  This change backports change 381534 to stable-3.6. We didn’t cherry-pick because the code changes significantly and had many conflicts.
- Issue 291102119: Avoid NullPointerException when deleting multiple tags
  
  To avoid NPE make sure that ref is not read again after checking if ref exists. This prevent the issue when other call already removed the tag and we try to read it. Proper behaviour is to try to delete it and return Cannot delete refs/tags/...: LOCK_FAILURE if tag is already deleted.
- Issue 289505276: Fix for: change can’t be submitted if another branch contains exactly the same commit.
- Change 380694: Hide Move Change from UI if change.move is set to false
- Issue 290641654: Fix bug in API ‘/projects/*/access:review’ ignoring ‘message’ field
  
  Fix API endpoint ‘CreateAccessChange’ ‘/projects/*/access:review’ not hounouring ‘message’ field provided via ‘ProjectAccessInput’ object despite setting it. Add condition to check if message is provided then use it instead of default ‘Review access change’
Plugin Updates
- Change 383360: Update webhooks plugin to 1dc0a71883
  
  This includes the following changes: 1dc0a71 Add HTTP response code ‘SC_ACCEPTED’ (202) as success case in response handler 16110f3 Annotate methods that return a definitely null value with @Nullable and fixes: Issue 40015349 “plugins/webhooks doesn’t accept HTTP 202 response code”

3.7.4

Breaking changes
- Issue 40015585: Enhance metric name sanitize function to remove collision on ‘_’ between metrics.
  
  Collision between the sanitized metric names can be easily created e.g. foo_bar will collide with foo+bar. In order to avoid collisions keep the rules about slashes and replace not supported chars with _0x[HEX CODE]_ string. The replacement prefix 0x is prepended with another replacement prefix.
New Features
- Issue 287484350: Extend configurability of index pagination type
  
  Add NONE option to disable index backend pagination, this option needs to be honoured by the indexing backend and this change introduces the correct implementation for Lucene.
Bug Fixes
- Issue 289321387: Preserve refs order in the GitBatchRefUpdateEvent event
  
  Change 335757 introduced the concept of the single event representing batch ref update. However this new event did not preserve original order of the updated refs. This impacts event consumers behaviour and can cause failures. For example if meta ref is processed before patchset ref indexing operation will fail because of the missing patchset.
  
  The timeline of events is kept in the same order they are generated, to make sure that refs order is preserved and backward compatibility is kept.
- Issue 40015399: Removed automatic linkification of URLs that do not start with https?://
- Issue 288303235: Fix search duplicates returned for imported changes upon edits and reindexing
  
  When parsing the change data from ChangeNotes, the in-memory ChangeData created contains useful information like the serverId that the change belongs to. The same information isn’t there when reindexing directly from a newly created entity Change which has no relationship with the underlying change notes.
  
  If the change to reindex is coming from a different server, it has a specific serverId associated which is needed for producing the correct virtualId for reindexing, that is the reason why it is crucial to have the serverId upon reindexing.
  
  Failing to propagate the original serverId for a change would result in generating duplicates during reindex:
  - The original document with the virtualId associated with the serverId of the change
  - A new document with the change number used as id.
  Make sure to reindex the same document by propagating the correct serverId of the change upon reindexing.
  
  Leverage the ability to index either local or imported changes in the following end-to-end use-cases:
  - Editing a change (create, amend or delete)
  - Indexing a change via REST-API
  - Staleness checker
  Amend also the ChangeIndexer.index(Change) JavaDoc by specifying that it is intended to be used only for local changes and therefore flag the method as deprecated.
  
  All references to ChangeIndexer.index(Change) are removed from Gerrit, however there could be plugins using the method which would need amending.
- Change 377536: Clarify that index.cacheQueryResultsByChangeNum must be set to false for imported changes
  
  When importing changes from other Gerrit servers, the index.cacheQueryResultsByChangeNum must be set to false, otherwise the search results won’t be reliable because of the inability to identify a change data by change number.
- Issue 40015248: Fix parsing legacy labels for users with comma
  
  This change fixes a bug introduced by change 336883 when parsing labels where a UUID was present together with a user name containing a comma.
- Issue 40015614: Show correct cherry-picked list for imported changes
- Issue 40015611: Fix parsing of identities for imported accounts
  
  Change I2f017af1cbb introduced the ability to resolve accounts by imported external identities.
  
  Not every consumer of account identities however were accounting for imported accounts (i.e. changeNoesCache, AuditLogReader, etc).
  
  The consequence of this is that REST APIs (/accounts/ for example), were returning the original imported account id rather than the one associated in the new server.
  
  Because of this, the UI might either show anonymous coward (when the original user id does not exist in the new server) or an erroneous user (where the original id maps to a different user on the new server).
  
  Fix this by parsing identities in a way that is aware of imported accounts.
- Issue 40015611: Fix identity parsing for imported human comments
  
  When parsing human comments, noteDb data was just deserialized without validating the author identity.
  
  Whilst this is fine for changes that originated in the current Gerrit instance, this logic breaks when dealing with changes that were imported from a different server, since the user who made the comment is now mapped to a different user id.
  
  Parse author identities from comments so that their user id is correctly mapped to the identity for the current Gerrit server.
- Issue 40015148: Fix ExternalId differential loading when cache is inconsistent
  
  JGit may return a failure to update a repository, even if it actually succeeded.
  
  This can create an issue when loading externalIds, since we would retry to insert the same value into the cache twice, due to the retry performed by the client, leading the cache loader to consistently blow up.
  
  For example: Ext-Id1:
  - attempt to insert into All-Users: failed on JGit but not on disk 1
  - the key Ext-Id1 is stored in cache Ext-Id1:
  - retry to insert into All-Users, because of JGit failure
  - try to add key Ext-Id1 entry BUT it already exists in cache => BOOM
  Make differential loading idempotent to avoid failures due to retry to insert the same entry again.
  
  Make “buildAllExternalIds” package-private for testing visibility.
- Issue 40015093: Fix Bazel build on Apple M2 ARM64 chip
  
  According to 1 Bazel fails to select the correct java-tools binaries for Apple’s ARM64 chip and download the generic x86.
  
  Apple the workaround suggested at 1 by disabling the download of the pre-compiled java_tools, allowing Bazel to build them locally using the correct architecture.
  
  1 https://github.com/bazelbuild/bazel/issues/13944
- Change 371195: Update Bazel version to 6.2.0
- Change 372974: Index searches with size greater than maxPageSize are no longer allowed
  
  Queries with a ‘start’ parameter (for example like 1) can perform an index search with size greater than the configured maxPageSize, i.e. when start + limit exceeds the maxPageSize. Fix such queries to paginate instead.
  
  1 gerrit query –start 20000 ‘status:open limit:5’

3.7.3

New Features
- Change 364591 Allow to hide download schemes from the UI
  
  Allow hiding a download scheme in the UI while still allowing to use it.
- Change 360221: Add metric for memory allocated by all threads
  
  Introduce proc/jvm/memory/allocated which can be used to monitor total memory allocation rate causing work for the Java gc.
Bug Fixes
- Change 362914 Fix internal server error caused by double flush in BaseCommand.TaskThunk
  
  Ignore SshChannelClosedException when flushing the task’s output and error streams. JGit commands like UploadPack flush these streams already. When TaskThunk tries to flush them again SshChannelClosedException is thrown and led to an internal server error.
- Change 364478: AndSource: Run isVisibleToPredicate based on its cost
  
  The isVisible check can be expensive and always running it ahead of other cheaper predicates can increase the query time. Update AndSource to treat isVisibleToPredicate like any other predicate so that it runs based on its estimated cost.
- Issue 16819: Enable LDAP “Remember me” in login form per default
  
  When users are presented with the LDAP login page, the “Remember me” checkbox is disabled by default. This might be a problem because, if the user doesn’t explicitly click the checkbox, the session will be tied to the browser session.
- Issue 16814: Improve Rebase-SubmitStrategy performance in some cases
  
  Set uninteresting branches based on project configuration: create_new_change_for_all_not_in_target.
- Change 369415: Fix metric computation with file paths in metric name.
  
  Don’t fail metric computation due to duplicated metric names.
- Change 370354: Improved performance of queries when backend index returns more results than needed
  
  Matching changes more than the limit is just extra work that is discarded at the end when the results are trimmed to match the limit. This can help improve the performance of queries where a small percentage of changes are filtered in the initial page and the remaining results are obtained from the next page.
- Change 357834: Improved performance for plugin-provided SSH commands that perform multiple permission checks or ref lookups for the same project
  
  Move creation of PerThreadCache to SshCommand so that the cache is available to most commands, including plugins.
- Change 361434: Mark LabelType.Builder#setFunction as deprecated
  
  Align the code with the documentation.
- Change 370835: Enforce minimum Java version to Java 11.0.10 or higher
  
  Since release 3.5 the minimum supported java version was raised to Java 11. Since Change 335625 the minimum Java version 11.0.10 is required.
- Issue 16884: Fix switching plugin screens.
  
  Backport of Change 371094.
- Issue 16823: Fix the search by inname: predicate query in the project filter
  
  Fix regression introduced in Change 337994, in context of Issue 15134.
- Change 370334 Fix build on MacOS 13.3
  
  Update bazel to 6.1.2 and remote_java_tools to 12.1 to fix build on MacOS 13.3
Download-commands plugin fixes
- Issue 15944: Update download-commands to latest master
Dependency Updates
- Update jgit to 5ae8d28faaf6168921f673c89a4e6d601ffad78d.
- JGit Bug 565854 SshdSession: close channel gracefully
  
  Close the channel gracefully to give the server a chance to clean up properly on its side.
- Update bouncycastle to 1.72.
- Update commons-compress to 1.22.

3.7.2

New features
- Change 362878 Allow to hide download schemes from the UI
The new setting that is added is called download.hide.
Bug Fixes
- Change 364458: Fix an issue when clicking on edit uses an old patchset
- Issue 16072: Fix “showchange” plugin event being triggered twice on patchset change
- Issue 16589: Do not emit a SHOW_CHANGE event without a change
- Issue 16765: Change gr-patch-range-select to use models instead of props
- Change 362914 Fix internal server error caused by double flush in BaseCommand.TaskThunk
- Change 361434: Mark label functions are deprecated

3.7.1

New features
- Change 351795: New auto theme mode.
  
  The theme is automatically changed to light/dark based on your OS preference. The new auto-theme can be set in users’ preferences.
- Change 351774: New copy links in the dropdown next to the change number.
  
  New copy links and keyboard shortcuts or a button is added to the dropdown next to the change number to quickly copy the format that you prefer for your snippets.
- Issue 16565: Introduce cache.threads option to allow custom executors for Caffeine caches.
  
  The introduction of cache.threads in gerrit.config allows to configure a separate thread pool which can be tuned and decoupled from the rest of the JVM common threads.
- Change 353177: Add tsconfig-plugins-base.json to Gerrit TypeScript Plugin API.
  
  Adds tsconfig-plugins-base.json to the npm package so downstream plugins can easily use the same set of TypeScript settings.
- Issue 16445: Add slice number to the change indexing task description.
  
  To indicate to the administrator each task is indeed doing something different, add the slice number if there is more than one slice in total.
- Change 356215: Support init --reindex-threads=-1 to skip reindexing after init.
  
  Admins may wish to run other commands after init and before reindex, but previously would have needed to observe and interrupt the init command process once it started reindexing in order to do so. Providing an option to init that skips the reindexing phase simplifies that workflow and makes it less error prone.
- Change 356234: Add CUDA syntax highlighting.
- Change 352534: Introduce --show-cache-stats for printing cache stats during init and reindex, disabled by default.
Bug Fixes
- Change 351674: SSH review cmd handles lock failures with retries.
  
  Retrying on lock failures helps mitigating lock failures when there is contention to lock the notedb ref. Retries were already implemented in REST API code path at a high enough layer so that it applies for all REST APIs.
- Change 353594: Inserting new patch-sets is retried on lock failures.
  
  Mitigates failures when creating new patch-sets fails if the notedb ref is locked for another update on the change.
- Issue 14686, Issue 14779, Issue 16030:
  
  In Change 293978, eTag was removed from GetRevisionActions, but not RevisionResource. This resulted in the UI to show a stale ‘submit’ action on the change in the same submission chain. The UI now uses RevisionResource eTag, that does not include MergeSuperSet (all related changes).
- Issue 16409: Report pack protocol errors to the client via smart-HTTP.
  
  A regression introduced by JGit Change 1926771, caused pack protocol errors to be reported as 500 Server errors. Such situations should be reported to the user as a 200 OK containing the details of the failed operation.
- Change 351759: Fix contrib/find-duplicate-usernames.sh output when usernames contain spaces.
- Issue 16449: Fix project root computation in Gitweb servlet.
- Change 356715: Fixed bug with negated label for queries with external groups.
- Change 359176: Fix LabelPredicate group matching for included external groups.
- Change 357874: Fixed ownerin/uploaderin for internal groups that include external groups.
- Change 355054: Wrap #mobileSearch in a div.
  
  Fixes an issue on wikimedia where the search button was hidden even though the rules executed to make it show.
- Issue 16433: Fix 404 page shown after login using OpenID
- Change 360134: Fix “Old Patchset” being displayed on current edits.
- Change 359895: Fix gr-file-list to use change-model for patchSet.
- Issue 16475: Fix stream events message including comments created as draft.
  
  Fixes a regression in v3.7 where the GUI stores the patchset-level comments first as drafts and then publishes them.
- Issue 16465: Restores the ChangeNotes.Factory.createChecked with an open Repository object.
- Issue 16421: Don’t ship auto-value-* and auto-factory dependencies.
Dependency Updates
- Update jgit to a1901305b26ed5e0116f138bc02837713d2cf5c3.
  
  Update from stable-6.1 to stable-6.5:
  - Notable enhancements and fixes from 6.2.0 are:
    - 4dd9a94e: Better feedback on SSH authentication failure
    - 7b1c8cf14: Retry reading a file when there are concurrent writes
    - fed1a5493: Refresh ‘objects’ dir and retry if a loose object is not found (Fixes cases where a new loose object is not immediately visible on a NFS client if it was created on another client)
    - 011c26ff3: Fix connection leak for smart http connections
    - ac127a793: Do not handle internal git errors as an HTTP error
  - Notable enhancements and fixes from 6.3.0 are:
    - 1a364c49e: JGit blame very slow for large merge commits that rename files
    - 66ace4b9: Do not check reachability of visible SHA1s in git-upload-pack
    - 035e0e23: Do not prematurely terminate timer in case of error during git-upload-pack
  - Notable enhancements and fixes from 6.4.0 are:
    - fe9aeb02e6, 93097f0018: Receive and parse client git session-id
    - 59029aec3: Add option to allow using JDK’s SHA1 implementation
    - 3e7281662: UploadPackServlet#doPost use try-with-resource to ensure UploadPack is closed
    - 1e04046a6: Fix crashes on rare combination of file names (This issue has been seen during offline reindex of changes with specific merge commits)
- Update sshd to 2.9.2
  - CVE-2022-45047: Avoid using Java deserialization to load a serialized java.security.PrivateKey
  - SSHD-1302: Reading again from exhausted ChannelExec#getInvertedOut() throws IOException instead of returning -1
  - SSHD-966: Deadlock on disconnection at the end of key-exchange
  - SSHD-1231: Public key authentication: wrong signature algorithm used (ed25519 key with ssh-rsa signature)
  - SSHD-1257: Shell is not getting closed if the command has already closed the OutputStream it is using.
  - SSHD-1261: Sometimes async write listener is not called
  - SSHD-1290: Race condition is logged in ChannelAsyncOutputStream
- Update mina-core to 2.0.23
- Update reviewnotes to 10db2cf772989d031c6f3558010c51fe07cf9722
Documentation fixes
- Change 353177: