Download: 3.8.6 | 3.8.5 | 3.8.4 | 3.8.3 | 3.8.2 | 3.8.1 | 3.8.0

Documentation: 3.8.6 | 3.8.5 | 3.8.4 | 3.8.3 | 3.8.2 | 3.8.1 | 3.8.0

Release highlights

Rebase on behalf of the uploader

Rebasing a change from the web UI preserves the uploader for trivial rebases.

This has the advantage that the rebaser is not taking over the change, which is important when the project is configured to ignore self-approvals of the uploader, as this allows the reviewer to approve and submit the change, after doing a rebase.

Rebase a chain of changes

Allow to atomically rebase a chain of changes.

If the chain is outdated, i.e., there’s a change that depends on an old revision of its parent, the result is the same as individually rebasing all outdated changes on top of their parent’s latest revision.

Browser Notifications (experimental)

Users can be notified about their attention set in browser. The notifications work only when Gerrit is open in one of the browser tabs. When users open Gerrit, they will be asked by a popup to allow desktop notifications on their browser to see them. If users deny notifications on all sites, there won’t be a popup. But they can change it in browser settings. The latency to get the notification is up to 5 minutes.

Automatic notifications are enabled by default, but users can turn them off in the Gerrit user preferences.

See the documentation for more details.

This feature can be enabled in gerrit.config by adding this configuration:

    enabled = UiFeature__push_notifications

Edit URL

Users can create a change and open a file for edit in that change using an Edit URL. This enables other tools to provide a URL that directly opens an edit of specific files.

See the documentation for more details.

Important notes

Schema and index changes

This release doesn’t contain schema changes.

The changes index version has been increased to version 82.

Online index schema upgrade from 3.7

By default, if you’re upgrading from 3.7, the index is automatically rebuilt upon Gerrit startup after the upgrade.

If you’re upgrading from 3.6 or an earlier version, you must use the Offline upgrade steps below.

Offline upgrade

  1. Download the new gerrit.war
  2. Stop Gerrit
  3. Ensure all installed plugins are compatible with the new API
  4. Run init
  java -jar gerrit.war init -d site_path --batch
  1. Reindex
  • If you are upgrading from a 3.7 version you don’t need to run reindex (see Online index schema upgrade from 3.7 above). If you still want to you will only need to run reindex of changes:

      java -jar gerrit.war reindex --index changes -d site_path
  • If you are upgrading from a 3.6 version, or an earlier version, you must run a reindex of all indexes:

     java -jar gerrit.war reindex -d site_path

See the reindex program for other options.

  1. Start Gerrit

Online upgrade with zero-downtime

Gerrit v3.8.x supports zero-downtime upgrade from Gerrit v3.7.2 or later when configured using a high-availability configuration, and the Git repositories are stored in a shared filesystem such as NFS or similar.

During the zero-downtime upgrade, Gerrit end-users would not notice any outage or service disruption. They will be able to perform any read/write Gerrit operation on the GUI or using any API.

The zero-downtime upgrade consists of the following steps:

  1. Have Gerrit servers running v3.7.2 or later, in high-availability configuration, healthy and able to handle the incoming traffic properly.
  2. Set gerrit.experimentalRollingUpgrade to true in gerrit.config on both Gerrit primaries.
  3. Set one of the Gerrit servers to unhealthy.
  4. Shutdown the Gerrit server, update gerrit.war and plugins to v3.8.x and start Gerrit again.
  5. Verify that the Gerrit server is working properly (e.g. run automated smoke tests) and then make it healthy again.
  6. Wait for the Gerrit server to start serving traffic normally.
  7. Repeat steps 3. to 6. for all the other Gerrit servers.
  8. Remove gerrit.experimentalRollingUpgrade from gerrit.config on both Gerrit primaries.


Downgrade to any Gerrit v3.7.x release is possible, but requires the following manual steps:

  1. Shutdown all migrated Gerrit v3.8.x servers
  2. Update the gerrit.war and plugins to the previous v3.7.x version
  3. Run offline change reindexing using the previous gerrit.war version
  java -jar gerrit.war init -d site_path --batch
  java -jar gerrit.war reindex --index changes -d site_path
  1. Startup Gerrit server

Native packaging

Update gerrit.reportBugUrl configuration

The issues of the Gerrit Code Review project have been migrated from Monorail into the new Gerrit Tracker, see announcement at:

If the gerrit.reportBugUrl setting on your Gerrit server is pointing to the Gerrit Monorail project, which is deprecated now, please update the URL to point to the new Gerrit Tracker, e.g. change to

Known issues

  • Issue 309098227 Change 360646: The introducion a per request ref cache for better performance may break the repository consistency

    The addition of a new core.usePerRequestRefCache setting, true by default, introduced a per request (currently per request thread) ref cache, helping reduce the overhead of checking if the packed-refs file was outdated. However, in some scenarios, such as multi-site or concurrency between git-receive-pack and git-gc, it may lead to split-brain inconsistencies and, in the worst-case scenario, to the corruption of the underlying repository.

  • Issue 40015537: Gerrit does not render properly the modal dialogs on Safari 15.3, Chrome 36, Edge 78, and Firefox 97 or earlier.

    Gerrit frontend uses the HTMLDialogElement.showModal function, which is not working properly on old browsers.

Breaking changes

  • Change 365595: WebLinkInfo: Drop deprecated constructor

    Custom UI plugins that are explicitly using WebLinkInfo are affected by this and might need adapting.

  • Change 360756: Disallow uploading new prolog rules files.

    Clients should use submit-requirements instead. Please note that modifications and deletions of existing files are still allowed.

  • Change 360054: Allow callers to format create change response

    Add ListChangeOptions to ChangeInput and ApplyPatchPatchSetInput such that callers can control what fields should be formatted in the returned ChangeInfo. For ApplyPatch, this commit changes the default formatting options from CURRENT_COMMIT to no-options.

  • Change 360219: Delete vote now fails for an already deleted vote

    An e-mail was sent each time when a vote was executed, even if the label had been already set to 0 and thus no actual changes were made.

    This fix can break some scenarios, where the caller expects that DeleteVoteOp will always succeed after the label was added at least once. This should be fixed on the caller side.

  • Change 358975: Skip account visibility checks when querying changes

    Skipping the account visibility check when querying changes of users participating in the change (the change owner, reviewers, CCs etc.). This affects several search predicates: owner / uploader / label

    • user / reviewer / attention / commentby
  • Change 358954: Check permissions when resolving accounts by secondary emails

    fixed an issue that allowed users to resolve secondary emails, although they should not have been able to see them.

  • Change 358114: removed automatic linkification of URLs that do not start with http:// or https://.

  • Change 357298: Removed Assignee functionality in Gerrit.

    ‘Assignee’ functionality has been superseded by ‘Attention Set’. The functionality has no Web UI support anymore.

  • Change 357276: Removed option to disable Attention Set

    No longer support the option of disabling the Attention Set.

  • Change 356941: Do not set real_author in ChangeMessageInfo if author == real_author

    It’s not needed to return the author twice if the change message was not impersonated. Documentation already stated this, but clients should double check they don’t rely on real_author always being returned.

  • Change 354916: Remove registerStyleModule() plugin API

    Use plugin.styleApi().insertCSSRule() instead.

  • Change 351814: Remove notify() from AnnotationPluginApi

  • Change 351515: Remove html commentlink functionality.

    Html commentlinks allow for arbitrary html injection on the page. Replaced them with link commentlinks, using optional prefix, suffix, text parameters to achieve the same functionality. Existing configs can be migrated using scripts in tools/migration/

Other changes

Plugin changes

  • download-commands:
  • reviewnotes:
  • webhooks:
    • Change 365175: Add HTTP response code ‘SC_ACCEPTED’ (202) as success case in response handler
  • codemirror-editor:
  • gitiles:
  • replication:
    • Change 353294: Provide an option to skip replication of NoteDb meta refs

      Replicating NoteDb meta refs is not needed when the remote does not run a Gerrit instance. This can be now disabled via remote.<NAME>.replicateNoteDbMetaRefs

Performance changes

  • Change 360646: Introduce a per request ref cache for better performance

    Add a new core.usePerRequestRefCache setting. If the setting is true, use a per request (currently per request thread) ref cache. This helps reduce the overhead of checking if the packed-refs file is outdated. This setting is true by default.

  • Change 365144: Destination queries now use the change index

    destination predicate now matches any number of branch names with O(1) efficiency.

  • Issue 16072: Fix “showchange” plugin event being triggered twice on patchset change

  • Change 363074: Performance optimization for cold-cache groups

Gerrit UI changes

  • Change 370995: Add comments chips to patchset select

  • Change 361574: Add darkMode param to gr-editor-view extension point

  • Change 358179: Add a new endpoint for a profile page

    The goal of this endpoint is to show a new page that’s the contributions’ page of a user.

  • Change 360134: Fix “Old Patchset” being displayed on current edits

  • Change 359814: User can rebase whole chain from UI.

  • Issue 16545: Fix issue where using in-line editor to add new files / edit existing files didn’t show the changes in file list

  • Change 349422: Privacy information on settings page

  • Change 354154: Enter key selects emoji after ‘:’ is typed

    The previous behavior was that enter wouldn’t select emojis until more characters were typed after ‘:’.

  • Change 352682: Matching atoms in copy conditions that are posted as change messages are highlighted in bold now.

    When a new patch set is created and approvals are copied to the new patch set, Gerrit posts a change message to inform about the copied and outdated votes together with the corresponding copy condition. Passing and failing atoms in the copy condition are now highlighted in bold.

  • Change 351934 Comments tab respects special file sorting cases like .h

  • Change 348877: Show account hovercard preview on settings page

    Account preview can be displayed in-flow without requiring hovering

  • Change 348794: Account chip preview on settings page

    This lets the user see how they will appear to others and what data will be public.

  • Change 348536: Removed all hardcoded gr-icons.

    All core plugins have been migrated to using Material-based gr-icon which no longer need these hardcoded SVGs.

  • Change 353058 Add a route and a dialog for creating a change directly from the URL.

Documentation changes

  • Change 361696: Remove prolog rules doc page mention from the index page

    users should use submit-requirements instead of prolog rules

  • Change 348538: Improve Polygerrit README

  • Change 340255: Add a shortcut to Developer Setup

JGit changes

  • Upgrade jgit to 5ae8d28. Notable changes are:
    • Implement a snapshotting RefDirectory for use in request scope
    • If tryLock fails to get the lock another gc has it
    • Fix GcConcurrentTest#testInterruptGc
    • Don’t swallow IOException in GC.PidLock#lock
    • Check if FileLock is valid before using or releasing it
    • Use Java 11 ProcessHandle to get pid of the current process
    • UploadPack: use allow-any-sha1-in-want configuration
    • Acquire file lock “” before running gc
    • Fix getPackedRefs to not throw NoSuchFileException
    • Add pack options to preserve and prune old pack files
    • Allow to perform PackedBatchRefUpdate without locking loose refs
    • Document option “core.sha1Implementation” introduced in 59029aec
    • Shortcut during git fetch for avoiding looping through all local refs
    • FetchCommand: fix fetchSubmodules to work on a Ref to a blob
    • Allow the exclusions of refs prefixes from bitmap
    • PackWriterBitmapPreparer: do not include annotated tags in bitmap
    • BatchingProgressMonitor: avoid int overflow when computing percentage
    • Fetch-CLI: add support for shallow
    • Speedup GC listing objects referenced from reflogs
    • Fixes for multi-primary new loose object reads on NFS
    • GC: disable writing commit-graph for shallow repos
    • Introduce core.trustPackedRefsStat config
    • Add TernarySearchTree
    • CommitGraph: teach ObjectReader to get commit-graph
    • PatchApplier: fix handling of last newline in text patch
    • CommitGraph: add commit-graph for FileObjectDatabase
    • IO#readFully: provide overload that fills the full array
    • GC: Write commit-graph files when gc
    • CommitGraph: add core.commitGraph config
    • CommitGraph: implement commit-graph read
    • Gc#deleteOrphans: avoid dependence on PackExt alphabetical ordering
    • WalkPushConnection: Sanitize paths given to transports
    • Fix documentation for core.trustFolderStat
    • Update jetty to 10.0.13 d
    • PackExt: Add a commit graph extension.
    • UploadPackServlet#doPost use try-with-resource to ensure up is closed
    • Update Apache Mina SSHD to 2.9.2
    • Fix crashes on rare combination of file names
    • DfsBlockCache: Report IndexEventConsumer metrics for reverse indexes.
    • DfsStreamKey: Replace ForReverseIndex to separate metrics.
    • RawText.isBinary(): handle complete buffer correctly
    • PackExt: Add a reverse index extension.

Other dependency changes

Other core changes

  • Change 367654 Fixed rebasing chain when a checks refs exists for one of the changes

    Fixed a NPE that might have been thrown when rebasing on changes for which a checks ref exists.

  • Change 366334 Added ‘a’ as alias for the ‘author’ search operator

    This follows the example of other aliases, e.g. ‘o’ for ‘owner’ or ‘r’ for ‘ reviewer’.

  • Change 365901 Added global capability that allows to view secondary emails

    If users have multiple emails only the preferred email is visible to other users. Now, with the new View Secondary Emails global capability it’s possible to allow viewing all emails.

  • Change 361460 Allow editing commit message from Change-Id: to Link: footer

    This allows to edit the commit message by replacing a valid ‘Change-Id:’ footer for a valid ‘Link:’ footer.

  • Change 350455: Enables transition from LDAP to Google OAuth

    When transitions to Google OAuth from LDAP, if the account exists with the same e-mail then the account ID is reused. This allows to have the same user history post migration.

  • Change 359974: Fixed calculation of insertions and change buckets for change emails

    When computing change email, the number of files, insertions and deletions didn’t count the commit message for number of files, but for insertions the lines from the commit message were counted, which was inconsistent.

  • Change 358115: Allow for plugin data directory to be symlinked

  • Change 357648: Don’t add owner to attention set on merged change if bot re-applies a negative vote

    Bots can no longer re-apply negative votes on merged change, leading to an unwanted attention set update.

  • Change 357477: Added a new ‘uploaderemail:' operator for Submit Requirements

    returns true if the uploader’s email matches a specific regular expression pattern.

  • Change 357474: Added a new ‘committeremail:' operator for Submit Requirements

    returns true if the change committer’s email matches a specific regular expression pattern.

  • Change 357460: Fixed ownerin/uploaderin for internal groups that include external groups

    Fixed an issue where the ownerin and uploaderin predicates were not matching correctly for internal groups that include external groups.

  • Change 350034: The commit-msg hook respects the scissors marker for the empty message detection.

    When “git commit –cleanup=scissors” the commit-msg hook couldn’t detect if the commit message is empty properly.

  • Change 357278: Fixed parsing of URL parameters that contain a ‘%’ that is not part of an encoded character

    Without this fix users could trigger 500 internal server errors in Gerrit by providing invalid strings for URL parameters.

  • Change 356762: Added support for rebasing on behalf of the uploader

    Rebasing a change on behalf of the uploader means that the uploader stays intact when the reviewer rebases the change.

  • Change 356354: Added project permission for removing votes/labels

    For every configured label My-Name in the project, there is a corresponding permission removeLabel-My-Name with a range corresponding to the defined values. For these values, the users are permitted to remove other users’ votes from a change.

  • Change 356260: Fixed overriding impersonated votes

    Fix an issue where overriding an impersonated vote for a user A (real user B) only worked if the voting values were different. If the voting value was the same Gerrit wrongly assumed that the voting was a no-op.

  • Change 355574: Added support to remove a non-visible account as a reviewer through the PostReview REST endpoint

    Fix an issue where, if a visible change had a reviewer whose account was not visible, this account could be seen on the change, but the reviewer could not be removed.

  • Change 351075: Added a REST API to rebase a chain of changes

    A new API POST /changes/{change-id}/rebase:chain now allows to rebase an ancestry chain of changes.

  • Change 355116: Added prefixsubject index field (requires index upgrade)

    Similarly to prefixhashtag and prefixtopic it is not possible to search changes by subject prefix (e.g. a bug ID in square brackets).

  • Change 354294: Custom git gc-preserve command which can preserve packs for JGit

    Implemented a custom git command “git-gc-preserve” preserving old packs to prevent races between git gc running on a large repository concurrently to fetch/clone requests.

  • Change 354037: Added subject index field (requires index upgrade)

    Allow to query changes by subject.

  • Change 353674: Invalid label ranges for permissions are rejected when pushing a project.config file

    Attempting to add permissions with a range where min is greater than max, where min is present but max is missing or vice-versa throws an IllegalArgumentException.

  • Change 353635: Set Access REST endpoint rejects invalid label ranges

  • Change 353655: Do not add a duplicated project.config entry if a duplicate input is added.

    When the same request was made to the ‘Set Access’ project rest endpoint, it resulted in adding a duplicated line in the project.config.

  • Change 353287: Votes that are copied to follow-up patch sets when a vote on an outdated patch set is applied are now posted as a change message.

    When votes were copied to follow-up patch sets they were applied in NoteDb, but users were not informed about them. Now a change message is posted to inform that the vote was copied forward.

  • Change 352055: Reject invalid base on push with proper error message instead of failing with an internal server error

  • Change 352034: Fix GetRelated if multiple changes for the same commit exist

  • Change 351534: Fix the issue that 404 page is shown after login

    After logging in using the “Sign in with a Launchpad ID” link Gerrit used to display a “not found” page.

  • Change 351614: Do not require trailing slash for requests on root collections

    Often users are confused why ‘GET /changes/’ works, but ‘GET /changes’ doesn’t. Both are now allowed.

  • Change 347719: Suppressing emails on submit is disallowed now if there is a post approval diff

    Fixes a security issue where a malicious user could submit code changes without anyone ever seeing them. If a change is submitted and a post approval diff exists, no matter which notify setting the caller specified, Notify=ALL is used.

  • Change 351114: Add support for enabling Strict Dynamic CSP on Documentation pages.

  • Change 349175: Disallow ‘cansee’ account search operator with private changes

    This operator used to fail for private changes if the change owner requested cansee:<private_change>. Now, if the caller of the query is the owner or one of the reviewers/ccs of the change, the query returns account data for it.

  • Change 349216: Add a has:submodule-updates operator for submit requirements

    Returns true if the diff of the latest patchset against the default base has a submodule modified file

  • Change 347936: Reject uploading project config changes if they contain duplicate submit requirement definitions.

    Prevent project owners and admins from accidentally adding multiple definitions for the same submit requirement name.

  • Change 246234: The WorkQueue now uses new STARTING and STOPPING states while a listener’s onStart() and onStop() methods are called.

  • Change 346954: Log progress for online-reindexing of changes

    When performing online reindexing, from the log file we could only observe when it starts and when it ends. With this change we log the progress once per minute.

  • Change 340061: Add old/new file modes to the ‘List Files’ diff endpoint

    if a file is modified with a change to the file mode only, now the file will be listed as modified.

  • Change 245614: Added a WorkQueue.TaskListener extension for plugins

    This extension point makes it possible for plugins to define and implement WorkQueue QOS policies.

Bugfix releases


  • Enhancements

    • Change 424957: Emails notifications for comments now mention who owns the change

      When receiving the email, knowing the change owner helps the receiver prioritize their reviews.

    • Issue 325309573: Add virtual_id_number to ChangeInfo.

      Introduces virtualId to change data to avoid clashes when starring changes imported from foreign server ids.

  • Bug Fixes

  • Plugin changes

    • codemirror-editor updated to: 6f916580c3f26ecfd9b2a10d96cb1c0530103bc6


  • Security Fixes

    • Issue 321784734: Fix endless loop when using “is:watched” in project watches.

      Previous setting up email notification with is:watched predicate would create an infinite loop that would take a CPU offline.

  • Breaking changes

    • Issue 330758152: Validate and reject SSH keys with invalid or mismatched algorithm

      Verify that the OpenSSH key algorithm matches the one associated with the public key. Throw a new specific InvalidKeyAlgorithmException if the two algorithms do not match.

      Make SshKeyCacheImpl tolerant to existing keys stored in the accounts’ profile, otherwise Gerrit may start flagging keys that have been previously stored as invalid, resulting in random authentication failures by existing users.

      Existing invalid keys are reported in the error_log with the associated exceptions and automatically fixed, removing the invalid key from the accounts profile and adjusting the key algorithm with the one associated with the public key.

  • Bug Fixes

    • Issue 330195358: Fix paginationType NONE to stop querying when there are no more results

    • Change 416560: Ensure that clearing reviewed flags is performed on correct change when it is imported from another instance

    • Issue 325309573: Prevent starred changes clashes between local and imported changes having the same change number.

    • Issue 325309574: Assign draft comments to the correct change when there is ambiguity due to imported changes having the same change number.

    • Change 411279: Fix change staleness check for changes with drafts and stars

    • Issue 325821304: Fix change id parsing in SSH commands

      SSH commands did not support anything but simply the change number as change id. They are now able to interpret all the standard format of changeIds like project~changeNumber.

    • Issue 40014889: Fix WIP changes being always considered as in conflict.

    • Issue 328958027: Fix NONE paginationType filtering of changes

    Addresses visibility filter issues when paginationType is NONE.

  • JGit changes

    • Change 415557: Update JGit to c0b415fb0

      • 21f7fdff7 Introduce core.trustLooseRefStat config
      • a44b9e8bf Support public key in IdentityFile
      • 906c2bebe RebaseCommand: fix stopping on root commit conflicts
      • 788487316 BasePackFetchConnection: Skip object/ref lookups if local repo is empty
      • faa50c683 LooseObjects: Use File#exists when possible
      • ab132937f FooterLine: Protect from ill-formed message
      • 5e563e1ba PackWriter: store the objects with bitmaps in the statistics
      • 340cc787a Improve footer parsing to allow multiline footers.
      • aab75dba7 BitmapIndex: Add interface to track bitmaps found (or not)
      • 3937300f3 Optimise Git protocol v2 ref-prefix scanning
      • 5f563e386 UploadPack: use want-refs as advertised set in fetch v2
      • 093bde518 BasePackFetchConnection: Avoid full clone with useNegotiationTip
      • f103a1d5c Add support for git config repack.packKeptObjects
      • f5f4bf0ad Do not exclude objects in locked packs from bitmap processing
      • fb51a2234 Document commit-graph options supported by JGit
      • e29834a77 Fix some tests in ConfigTest
      • e7a09e316 Introduce core.packedIndexGitUseStrongRefs config key
      • 551ca93cc DfsGarbageCollector: provide commit graph stats
      • 6f7333693 DfsGarbageCollector: put only GC commits into the commit graph
      • b4b8f05ee DfsReader: Expose when indices are loaded
      • 462c57ec8 Merge: Add diff3 style merge conflict formatter.
      • f196c7a0e Pack: open reverse index from file if present
      • db08835c6 GC: Remove handling of extra pack for RefTree
      • ac8d7838f GC: prune all packfiles after the loosen phase
      • 6b3b2b33a GraphObjectIndex: fix search in findGraphPosition
      • 913e6cf3f Switch to Apache MINA sshd 2.10.0
      • d0564cf8a UploadPack: Record negotiation stats on fetchV2 call
      • 8c0c96e0a Support rebasing independent branches
      • 8bc13fb79 Support cherry-picking a root commit
      • 032eef5b1 Parse pull.rebase=preserve as alias for pull.rebase=merges
      • 96d9e3eb1 Prevent infinite loop rescanning the pack list on PackMismatchException
      • e06ce5960 Add protocol configuration to Amazon S3 transport
      • 060dcf1cc ListTagCommand: implement git tag –contains
      • 5cc9ecde8 RevWalk: use generation number to optimize getMergedInto()
      • 23b9693a7 DirCache: support option index.skipHash


  • Breaking changes

    • Change 404018: Add option to populate ‘starred’ field for change queries.

      A star option can now be provided to include the starred field in ChangeInfo, which indicates if the change is starred by the current user or not.

  • New Features

    • Change 406237: Add metrics for git/upload-pack/bitmap_index_misses_count and a separate one for missing bitmap indexes.

      JGit packer tracks the number of times that an object was not found in the bitmap index or if the bitmap index was completely missing. Added the git/upload-pack/bitmap_index_misses_count for being used in performance graphs, while the git/upload-pack/no_bitmap_index should be more suitable for alerts.

    • Change 406004: Add timer for git/upload-pack/phase_searching_for_* phases.

      Add metrics for the “Finding sources” phase, which is critical for an optimal Git/HTTP performance.

    • Change 402497: Introduce configurable shutdown timeout

      Added container.shutdownTimeout to configure the maximum time (in seconds) to wait before terminating Gerrit.

    • Change 404718: Add timer for git/upload-pack/phase_negotiating.

      Added the git/upload-pack/phase_negotiating so that the Gerrit admin can graph how these are performing and spot any potential issues. JGit packer tracks time spent in the negotiation phase. This statistic was only exposed in the sshd_log and is not available when the client uses Git/HTTP.

    • Change 393037: Bazel: Add support for BuildBuddy RBE provider.

      BuildBuddy provides an open-core suite of enterprise features for Bazel.

  • Performance Fixes

    • Change 392634: Improved performance for conflicts: operator and other mergeability checks when submit type is Merge-If-Necessary.
  • Bug Fixes

    • Change 395016 Fixed NPE when submitting changes.

    • Issue 314113030: Fail the change reindex operation upon StorageException(s).

      Allows some of the indexing operations to fail, so that if a change indexing throws a StorageException, so that the change does not disappear from the index.

    • Change 395741: Fix event parse exception when changing repository HEAD.

      Explicitly registered a type and class for ProjectHeadUpdatedEvent in EventType in order to successfully deserialize events.

    • Issue 318745940: Fix serverId in identity parsing for imported human comments.

      Remapping of account-ids correctly adapts the comment’s author account-ids and serverId fixing the inconsistent identity of the comments.

    • Change 404937: Fix copyable change links when base URL has a path.

      Removed extra base URL prefix in gr-copy-links. The links are crafted from createChangeUrl which already returns an URL with the base URL.

    • Issue 311925527: Fix canonical web url binding in Git over HTTP.

      Fix a problem encountered in the virtualhost plugin, where despite proper configuration for tenant canonical web URL, the git push output would use the value of gerrit.canonicalWebUrl configuration option.

  • Dependency Updates

  • JGit changes

    • Change 391575: Update JGit to acf21c0bc6a63a3d20fca92757b992a1f2d55f41.

      You can retrieve the full list of changes with:

      git log --no-merges --format=oneline 74fa245b3..acf21c0bc

      notable changes are:

      • acf21c0bc RefDirectory: Do not unlock until after deleting loose ref
      • 29c89d1f0 SnapshottingRefDirectory: Invalidate snapshot after locking ref for update
      • 747618358 Improve handling of NFS stale handle errors
      • ca54c5176 Fix handling of missing pack index file
      • b4c66104f Introduce a PriorityQueue sorting RevCommits by commit timestamp
      • e712b4716 Make sure ref to prune is in packed refs
      • 170244d05 Checkout: better directory handling
      • 244165fc5 Remove unused API problem filters
      • f103a1d5c Add support for git config repack.packKeptObjects
      • f5f4bf0ad Do not exclude objects in locked packs from bitmap processing
      • 3a6eec9bb Express the explicit intention of creating bitmaps in GC
      • ac8d7838f GC: prune all packfiles after the loosen phase
      • f6928f573 Revert “RefDirectory: Throw exception if CAS of packed ref list fails”
      • 6b3b2b33a GraphObjectIndex: fix search in findGraphPosition
      • 0f7d485bc Remove unused API filters
      • 43954ea62 [releng] API filter for PackIndex.DEFAULT_WRITE_REVERSE_INDEX
      • 2c89a3ec7 PackExt: add a #getTmpExtension method
      • d0564cf8a UploadPack: Record negotiation stats on fetchV2 call
      • ce88e62ed PackWriter: write the PackReverseIndex file


  • Breaking Changes

    • Change 383334: refreshAfterWrite and maxAge settings in gerrit config are now honored for both persistent and in-memory caches.

      Previously these settings were erroneously ignored for persistent caches. If you rely on them for persistent caches you should be aware they will be honoured now.

  • New Features

    • Change 383334: Allow to set gerrit.instanceID from java system property

      In environments where Gerrit is scaled automatically and which use the same static configuration for all instances, e.g. in Kubernetes, setting instance specific configuration in the config file is a cumbersome process. Instance ID can also be set using the gerrit.instanceId Java system property, which will override the instance ID in gerrit.config.

    • Change 377699: Allow generating safe local-only documentation, without reference to external fonts in CSS

    • Change 390658: Allow disable Prolog rules evaluation on closed changes

    • Change 390614: Allow uploading changes to group refs except changes to group files

    • Change 389055: Allow operator aliases to be used in submit requirement expressions

    • Change 386974: SSH set-reviewers cmd now handles lock failures with retries

  • Performance Fixes

    • Change 376094: Introduce new cache changes_by_project to speedup git ref advertisements on replica and git-receive-pack on primary

    • Change 377814: Skip building bloom filters by default speeding up offline reindex

  • Security Fixes

  • Bug Fixes

    • Change 394435: Support listing of patch-set files also for imported changes from other Gerrit servers-ids

    • Issue 301481564: Fix the repository configuration screen remainign stale when switching tabs

    • Issue 304335624: Fix the changing preferred email resulting in duplicate emails set in cache

    • Change 388054: Eliminated startup warning for plugins whose SshModule only provides Ssh*CommandInterceptors

    • Change 387217: Fixed case where an exception in change visibility checking could break visibility of all refs in that repo

    • Change 387055: Fix SSH set-topic cmd to consider ‘editTopicName’ permission

    • Issue 291102119 Avoid NullPointerException when deleting a single ref

    • Change 387216: Fixed potential OOM due to SubmitRuleEvaluator creating new metrics whenever an instance was created

    • Change 387214: Fixed potential OOM due to DefaultRefFilter creating new metrics whenever an instance was created

    • Change 386976: Fixed potential OOM due to *QueryProcessor classes creating new metrics whenever an instance was provided

    • Issue 300976121: Fix NPE when auth.httpDisplaynameHeader is configured but header is unset

    • Change 387054: Fix force topic edit permission to consider change owner rule

    • Change 386994: Fixed InactiveAccountDisconnector NPE due to race condition

    • Issue 295457464: Fixed SSH query not returning copied approvals on per patchset level

  • Documentation Fixes

    • Change 391858: Document ChecksApi.updateResult() in PolyGerrit plugins checks API

    • Change 391696: Document check-result-expanded plugin endpoint in PolyGerrit plugins checks API

    • Change 388936: Explain in ls-projects SSH API when the “parent” field is “?-N”

    • Change 388530: Explain in /projects/ REST API when the “parent” field is “?-N”

  • Replication Plugin Updates

    • Change 384754: Avoid opportunity to inadvertently block the distributor

    • Change 383694: Reduced log level for Task deletion errors in MP setups

  • Dependency Updates

    • Update jgit to 82e277c813398c9f519f16e83d080a94fa29a27c
  • Native Packaging

    • Issue 311414905: Add trailing slash in default canonicalWebUrl in Docker containers


  • New Features

    • Change 385116: Support Cloud Spanner for AccountPatchReviewStore
  • Bug Fixes

    • Change 380154: Documentation: NOTE on use of sshkeys, and *projects cache on clusters

      When using the sshkeys, and *projects caches on a cluster, warn the Gerrit admin he should be aware of those caches to be potentially stale. The problem can be minimised by either disabling them altogether or setting a low value of refreshAfterWrite.

    • Change 384214: Align Jetty session timeout with Gerrit web_sessions maxAge

      Do not leave Jetty having sessions kept forever but expire them with the same timeout of Gerrit sessions.

      Verified E2E that the Jetty sessions expires with the same timeout of the web_sessions maxAge value.

    • Issue 290225204: loginUrl and loginText are hardcoded in the UI

      Gerrit UI ignored the settings in the auth section of the configuration 1.

      In particular auth.loginUrl 2 should be used if present and auth.type is set to HTTP or HTTP_LDAP. Also auth.loginText 3 should be used if auth.loginUrl is set.

      This change backports change 381534 to stable-3.6. We didn’t cherry-pick because the code changes significantly and had many conflicts.

    • Issue 291102119: Avoid NullPointerException when deleting multiple tags

      To avoid NPE make sure that ref is not read again after checking if ref exists. This prevent the issue when other call already removed the tag and we try to read it. Proper behaviour is to try to delete it and return Cannot delete refs/tags/...: LOCK_FAILURE if tag is already deleted.

    • Issue 289505276: Fix for: change can’t be submitted if another branch contains exactly the same commit.

    • Change 380694: Hide Move Change from UI if change.move is set to false

    • Issue 290641654: Fix bug in API ‘/projects/*/access:review’ ignoring ‘message’ field

      Fix API endpoint ‘CreateAccessChange’ ‘/projects/*/access:review’ not hounouring ‘message’ field provided via ‘ProjectAccessInput’ object despite setting it. Add condition to check if message is provided then use it instead of default ‘Review access change’

    • Issue 298846017: Fix admin links that contain the base URL twice

      Fix Gerrit Context paths becoming doubled in Admin View navigation links.

  • Plugin Updates

    • Change 383360: Update webhooks plugin to 1dc0a71883

      This includes the following changes: 1dc0a71 Add HTTP response code ‘SC_ACCEPTED’ (202) as success case in response handler 16110f3 Annotate methods that return a definitely null value with @Nullable and fixes: Issue 40015349 “plugins/webhooks doesn’t accept HTTP 202 response code”


  • Breaking changes

    • Issue 40015585: Enhance metric name sanitize function to remove collision on ‘_’ between metrics.

      Collision between the sanitized metric names can be easily created e.g. foo_bar will collide with foo+bar. In order to avoid collisions keep the rules about slashes and replace not supported chars with _0x[HEX CODE]_ string. The replacement prefix 0x is prepended with another replacement prefix.

  • New Features

    • Change 377794: Extend configurability of index pagination type

      Add NONE option to disable index backend pagination, this option needs to be honoured by the indexing backend and this change introduces the correct implementation for Lucene.

    • Change 372974: Don’t allow index searches with size greater than maxPageSize

      Queries with a ‘start’ parameter can perform an index search with size greater than the configured maxPageSize, i.e. when start + limit exceeds the maxPageSize. Fix such queries to paginate instead.

  • Bug Fixes

    • Issue 289321387: Preserve refs order in the GitBatchRefUpdateEvent event

      Change 335757 introduced the concept of the single event representing batch ref update. However this new event did not preserve original order of the updated refs. This impacts event consumers behaviour and can cause failures. For example if meta ref is processed before patchset ref indexing operation will fail because of the missing patchset.

      The timeline of events is kept in the same order they are generated, to make sure that refs order is preserved and backward compatibility is kept.

    • Change 378075: Fix links to URLs with nonstandard schemes

      Removed automatic linking of URLs that do not start with https?://

    • Change 377796: Fix imported changes appearing as duplicates in index

      When parsing the change data from ChangeNotes, the in-memory created ChangeData contains useful information like the serverId that the change belongs to. The same information isn’t available when reindexing directly from a newly created entity Change which has no relationship with the underlying change notes.

    • Change 340014: Fix identity parsing for imported human comments

      When an account’s serverId does not match the one defined in gerrit.config, then use the ‘imported’ external ids in the accounts for reverse lookup of the accountId. This allows to correctly understand and associate the imported changes coming from repositories of other Gerrit servers to the correct local accounts.

    • Issue 40015148: Fix ExternalId differential loading when cache is inconsistent

      Make differential loading idempotent to avoid failures due to retry to insert the same entry again, caused by the JGit Issue 582044.

    • Issue 40015614: Show correct cherry-picked list for imported changes

      The UI ran the following query to determine if a change had been cherry-picked from another branch: project:<projectName> change:<changeID> -change:<changeNum> -is:abandoned Modified the query adhering to the cherry-pick change definition: project:<projectName> change:<changeID> -branch:<currentBranch> -is:abandoned

    • Change 357634: Fix parsing legacy labels for users with comma

      This change fixes a bug introduced by 336883 when parsing labels where a UUID was present together with a user name containing a comma.

    • Change 347316: Fix Bazel build on Apple M2 ARM64 chip

      Bazel fails to select the correct java-tools binaries for Apple’s ARM64 architecture and downloads the generic x86. This fix disables the download of the pre-compiled java_tools, allowing Bazel to build them locally for the correct architecture.

    • Change 375634: Fix listing files for initial commit against the first parent

      DiffOperations used an empty tree as the base commit when getting the diff for an initial commit and the user specified comparing against the first parent (which doesn’t exist). In this case the request failed with 500 ISE because the empty tree is not a commit and thus we run into an IncorrectObjectTypeException. Instead of failing in this case we are now falling back to comparing against the default root.

  • Documentation fixes

    • Issue 40014489: Announce / document that building with Java 8 is no longer supported

      Documents that building with Java 8 is no longer supported. Java 11 is now required and removes the now unused error_prone_warnings_toolchain.