Download: 3.8.0

Documentation: 3.8.0

Release highlights

Rebase on behalf of the uploader

Rebasing a change from the web UI preserves the uploader for trivial rebases.

This has the advantage that the rebaser is not taking over the change, which is important when the project is configured to ignore self-approvals of the uploader, as this allows the reviewer to approve and submit the change, after doing a rebase.

Rebase a chain of changes

Allow to atomically rebase a chain of changes.

If the chain is outdated, i.e., there’s a change that depends on an old revision of its parent, the result is the same as individually rebasing all outdated changes on top of their parent’s latest revision.

Important notes

Schema and index changes

This release doesn’t contain schema changes.

The changes index version has been increased to version 82.

Online index schema upgrade from 3.7

By default, if you’re upgrading from 3.7, the index is automatically rebuilt upon Gerrit startup after the upgrade.

If you’re upgrading from 3.6 or an earlier version, you must use the Offline upgrade steps below.

Offline upgrade

  1. Download the new gerrit.war
  2. Stop Gerrit
  3. Ensure all installed plugins are compatible with the new API
  4. Run init
  java -jar gerrit.war init -d site_path --batch
  1. Reindex

  • If you are upgrading from a 3.7 version you don’t need to run reindex (see Online index schema upgrade from 3.7 above). If you still want to you will only need to run reindex of changes:

      java -jar gerrit.war reindex --index changes -d site_path

  • If you are upgrading from a 3.6 version, or an earlier version, you must run a reindex of all indexes:

     java -jar gerrit.war reindex -d site_path

See the reindex program for other options.

  1. Start Gerrit

Online upgrade with zero-downtime

Gerrit v3.8.x supports zero-downtime upgrade from Gerrit v3.7.2 or later when configured using a high-availability configuration, and the Git repositories are stored in a shared filesystem such as NFS or similar.

During the zero-downtime upgrade, Gerrit end-users would not notice any outage or service disruption. They will be able to perform any read/write Gerrit operation on the GUI or using any API.

The zero-downtime upgrade consists of the following steps:

  1. Have Gerrit servers running v3.7.2 or later, in high-availability configuration, healthy and able to handle the incoming traffic properly.
  2. Set gerrit.experimentalRollingUpgrade to true in gerrit.config on both Gerrit primaries.
  3. Set one of the Gerrit servers to unhealthy.
  4. Shutdown the Gerrit server, update gerrit.war and plugins to v3.8.x and start Gerrit again.
  5. Verify that the Gerrit server is working properly (e.g. run automated smoke tests) and then make it healthy again.
  6. Wait for the Gerrit server to start serving traffic normally.
  7. Repeat steps 3. to 6. for all the other Gerrit servers.
  8. Remove gerrit.experimentalRollingUpgrade from gerrit.config on both Gerrit primaries.

Downgrade

Downgrade to any Gerrit v3.7.x release is possible, but requires the following manual steps:

  1. Shutdown all migrated Gerrit v3.8.x servers
  2. Update the gerrit.war and plugins to the previous v3.7.x version
  3. Run offline change reindexing using the previous gerrit.war version
  java -jar gerrit.war init -d site_path --batch
  java -jar gerrit.war reindex --index changes -d site_path
  1. Startup Gerrit server

Native packaging

Breaking changes

  • Issue 16942: Gerrit does not render properly the modal dialogs on Safari 15.3, Chrome 36, Edge 78, and Firefox 97 or earlier.

    Gerrit frontend uses the HTMLDialogElement.showModal function, which is not working properly on old browsers.

  • Change 365595: WebLinkInfo: Drop deprecated constructor

    Custom UI plugins that are explicitly using WebLinkInfo are affected by this and might need adapting.

  • Change 360756: Disallow uploading new prolog rules files.

    Clients should use submit-requirements instead. Please note that modifications and deletions of existing rules.pl files are still allowed.

  • Change 360054: Allow callers to format create change response

    Add ListChangeOptions to ChangeInput and ApplyPatchPatchSetInput such that callers can control what fields should be formatted in the returned ChangeInfo. For ApplyPatch, this commit changes the default formatting options from CURRENT_COMMIT to no-options.

  • Change 360219: Delete vote now fails for an already deleted vote

    An e-mail was sent each time when a vote was executed, even if the label had been already set to 0 and thus no actual changes were made.

    This fix can break some scenarios, where the caller expects that DeleteVoteOp will always succeed after the label was added at least once. This should be fixed on the caller side.

  • Change 358975: Skip account visibility checks when querying changes

    Skipping the account visibility check when querying changes of users participating in the change (the change owner, reviewers, CCs etc.). This affects several search predicates: owner / uploader / label

    • user / reviewer / attention / commentby

  • Change 358954: Check permissions when resolving accounts by secondary emails

fixed an issue that allowed users to resolve secondary emails, although they should not have been able to see them.

  • Change 358114: removed automatic linkification of URLs that do not start with http:// or https://.

  • Change 357298: Removed Assignee functionality in Gerrit.

    ‘Assignee’ functionality has been superseded by ‘Attention Set’. The functionality has no Web UI support anymore.

  • Change 357276: Removed option to disable Attention Set

    No longer support the option of disabling the Attention Set.

  • Change 356941: Do not set real_author in ChangeMessageInfo if author == real_author

    It’s not needed to return the author twice if the change message was not impersonated. Documentation already stated this, but clients should double check they don’t rely on real_author always being returned.

  • Change 354916: Remove registerStyleModule() plugin API

    Use plugin.styleApi().insertCSSRule() instead.

  • Change 351814: Remove notify() from AnnotationPluginApi

  • Change 351515: Remove html commentlink functionality.

    Html commentlinks allow for arbitrary html injection on the page. Replaced them with link commentlinks, using optional prefix, suffix, text parameters to achieve the same functionality. Existing configs can be migrated using scripts in tools/migration/html_to_link_commentlink.md

Other changes

Plugin changes

  • download-commands:
  • reviewnotes:
  • webhooks:
    • Change 365175: Add HTTP response code ‘SC_ACCEPTED’ (202) as success case in response handler
  • codemirror-editor:
  • gitiles:
  • replication:

    • Change 353294: Provide an option to skip replication of NoteDb meta refs

      Replicating NoteDb meta refs is not needed when the remote does not run a Gerrit instance. This can be now disabled via remote.<NAME>.replicateNoteDbMetaRefs

Performance changes

  • Change 360646: Introduce a per request ref cache for better performance

    Add a new core.usePerRequestRefCache setting. If the setting is true, use a per request (currently per request thread) ref cache. This helps reduce the overhead of checking if the packed-refs file is outdated. This setting is true by default.

  • Change 365144: Destination queries now use the change index

    destination predicate now matches any number of branch names with O(1) efficiency.

  • Issue 16072: Fix “showchange” plugin event being triggered twice on patchset change

  • Change 363074: Performance optimization for cold-cache groups

Gerrit UI changes

  • Change 370995: Add comments chips to patchset select

  • Change 361574: Add darkMode param to gr-editor-view extension point

  • Change 358179: Add a new endpoint for a profile page

    The goal of this endpoint is to show a new page that’s the contributions’ page of a user.

  • Change 360134: Fix “Old Patchset” being displayed on current edits

  • Change 359814: User can rebase whole chain from UI.

  • Issue 16545: Fix issue where using in-line editor to add new files / edit existing files didn’t show the changes in file list

  • Change 349422: Privacy information on settings page

  • Change 354154: Enter key selects emoji after ‘:’ is typed

    The previous behavior was that enter wouldn’t select emojis until more characters were typed after ‘:’.

  • Change 352682: Matching atoms in copy conditions that are posted as change messages are highlighted in bold now.

    When a new patch set is created and approvals are copied to the new patch set, Gerrit posts a change message to inform about the copied and outdated votes together with the corresponding copy condition. Passing and failing atoms in the copy condition are now highlighted in bold.

  • Change 351934 Comments tab respects special file sorting cases like .h

  • Change 348877: Show account hovercard preview on settings page

    Account preview can be displayed in-flow without requiring hovering

  • Change 348794: Account chip preview on settings page

    This lets the user see how they will appear to others and what data will be public.

  • Change 348536: Removed all hardcoded gr-icons.

    All core plugins have been migrated to using Material-based gr-icon which no longer need these hardcoded SVGs.

Documentation changes

  • Change 361696: Remove prolog rules doc page mention from the index page

    users should use submit-requirements instead of prolog rules

  • Change 348538: Improve Polygerrit README

  • Change 340255: Add a shortcut to Developer Setup

JGit changes

  • Upgrade jgit to 5ae8d28. Notable changes are:
    • Implement a snapshotting RefDirectory for use in request scope
    • If tryLock fails to get the lock another gc has it
    • Fix GcConcurrentTest#testInterruptGc
    • Don’t swallow IOException in GC.PidLock#lock
    • Check if FileLock is valid before using or releasing it
    • Use Java 11 ProcessHandle to get pid of the current process
    • UploadPack: use allow-any-sha1-in-want configuration
    • Acquire file lock “gc.pid” before running gc
    • Fix getPackedRefs to not throw NoSuchFileException
    • Add pack options to preserve and prune old pack files
    • Allow to perform PackedBatchRefUpdate without locking loose refs
    • Document option “core.sha1Implementation” introduced in 59029aec
    • Shortcut during git fetch for avoiding looping through all local refs
    • FetchCommand: fix fetchSubmodules to work on a Ref to a blob
    • Allow the exclusions of refs prefixes from bitmap
    • PackWriterBitmapPreparer: do not include annotated tags in bitmap
    • BatchingProgressMonitor: avoid int overflow when computing percentage
    • Fetch-CLI: add support for shallow
    • Speedup GC listing objects referenced from reflogs
    • Fixes for multi-primary new loose object reads on NFS
    • GC: disable writing commit-graph for shallow repos
    • Introduce core.trustPackedRefsStat config
    • Add TernarySearchTree
    • CommitGraph: teach ObjectReader to get commit-graph
    • PatchApplier: fix handling of last newline in text patch
    • CommitGraph: add commit-graph for FileObjectDatabase
    • IO#readFully: provide overload that fills the full array
    • GC: Write commit-graph files when gc
    • CommitGraph: add core.commitGraph config
    • CommitGraph: implement commit-graph read
    • Gc#deleteOrphans: avoid dependence on PackExt alphabetical ordering
    • WalkPushConnection: Sanitize paths given to transports
    • Fix documentation for core.trustFolderStat
    • Update jetty to 10.0.13 d
    • PackExt: Add a commit graph extension.
    • UploadPackServlet#doPost use try-with-resource to ensure up is closed
    • Update Apache Mina SSHD to 2.9.2
    • Fix crashes on rare combination of file names
    • DfsBlockCache: Report IndexEventConsumer metrics for reverse indexes.
    • DfsStreamKey: Replace ForReverseIndex to separate metrics.
    • RawText.isBinary(): handle complete buffer correctly
    • PackExt: Add a reverse index extension.

Other dependency changes

Other core changes

  • Change 367654 Fixed rebasing chain when a checks refs exists for one of the changes

    Fixed a NPE that might have been thrown when rebasing on changes for which a checks ref exists.

  • Change 366334 Added ‘a’ as alias for the ‘author’ search operator

    This follows the example of other aliases, e.g. ‘o’ for ‘owner’ or ‘r’ for ‘ reviewer’.

  • Change 365901 Added global capability that allows to view secondary emails

    If users have multiple emails only the preferred email is visible to other users. Now, with the new View Secondary Emails global capability it’s possible to allow viewing all emails.

  • Change 361460 Allow editing commit message from Change-Id: to Link: footer

    This allows to edit the commit message by replacing a valid ‘Change-Id:’ footer for a valid ‘Link:’ footer.

  • Change 350455: Enables transition from LDAP to Google OAuth

    When transitions to Google OAuth from LDAP, if the account exists with the same e-mail then the account ID is reused. This allows to have the same user history post migration.

  • Change 359974: Fixed calculation of insertions and change buckets for change emails

    When computing change email, the number of files, insertions and deletions didn’t count the commit message for number of files, but for insertions the lines from the commit message were counted, which was inconsistent.

  • Change 358115: Allow for plugin data directory to be symlinked

  • Change 357648: Don’t add owner to attention set on merged change if bot re-applies a negative vote

    Bots can no longer re-apply negative votes on merged change, leading to an unwanted attention set update.

  • Change 357477: Added a new ‘uploaderemail:' operator for Submit Requirements

    returns true if the uploader’s email matches a specific regular expression pattern.

  • Change 357474: Added a new ‘committeremail:' operator for Submit Requirements

    returns true if the change committer’s email matches a specific regular expression pattern.

  • Change 357460: Fixed ownerin/uploaderin for internal groups that include external groups

    Fixed an issue where the ownerin and uploaderin predicates were not matching correctly for internal groups that include external groups.

  • Change 350034: The commit-msg hook respects the scissors marker for the empty message detection.

    When “git commit –cleanup=scissors” the commit-msg hook couldn’t detect if the commit message is empty properly.

  • Change 357278: Fixed parsing of URL parameters that contain a ‘%’ that is not part of an encoded character

    Without this fix users could trigger 500 internal server errors in Gerrit by providing invalid strings for URL parameters.

  • Change 356762: Added support for rebasing on behalf of the uploader

    Rebasing a change on behalf of the uploader means that the uploader stays intact when the reviewer rebases the change.

  • Change 356354: Added project permission for removing votes/labels

    For every configured label My-Name in the project, there is a corresponding permission removeLabel-My-Name with a range corresponding to the defined values. For these values, the users are permitted to remove other users’ votes from a change.

  • Change 356260: Fixed overriding impersonated votes

    Fix an issue where overriding an impersonated vote for a user A (real user B) only worked if the voting values were different. If the voting value was the same Gerrit wrongly assumed that the voting was a no-op.

  • Change 355574: Added support to remove a non-visible account as a reviewer through the PostReview REST endpoint

    Fix an issue where, if a visible change had a reviewer whose account was not visible, this account could be seen on the change, but the reviewer could not be removed.

  • Change 351075: Added a REST API to rebase a chain of changes

    A new API POST /changes/{change-id}/rebase:chain now allows to rebase an ancestry chain of changes.

  • Change 355116: Added prefixsubject index field (requires index upgrade)

    Similarly to prefixhashtag and prefixtopic it is not possible to search changes by subject prefix (e.g. a bug ID in square brackets).

  • Change 354294: Custom git gc-preserve command which can preserve packs for JGit

    Implemented a custom git command “git-gc-preserve” preserving old packs to prevent races between git gc running on a large repository concurrently to fetch/clone requests.

  • Change 354037: Added subject index field (requires index upgrade)

    Allow to query changes by subject.

  • Change 353674: Invalid label ranges for permissions are rejected when pushing a project.config file

    Attempting to add permissions with a range where min is greater than max, where min is present but max is missing or vice-versa throws an IllegalArgumentException.

  • Change 353635: Set Access REST endpoint rejects invalid label ranges

  • Change 353655: Do not add a duplicated project.config entry if a duplicate input is added.

    When the same request was made to the ‘Set Access’ project rest endpoint, it resulted in adding a duplicated line in the project.config.

  • Change 353287: Votes that are copied to follow-up patch sets when a vote on an outdated patch set is applied are now posted as a change message.

    When votes were copied to follow-up patch sets they were applied in NoteDb, but users were not informed about them. Now a change message is posted to inform that the vote was copied forward.

  • Change 352055: Reject invalid base on push with proper error message instead of failing with an internal server error

  • Change 352034: Fix GetRelated if multiple changes for the same commit exist

  • Change 351534: Fix the issue that 404 page is shown after login

    After logging in using the “Sign in with a Launchpad ID” link Gerrit used to display a “not found” page.

  • Change 351614: Do not require trailing slash for requests on root collections

    Often users are confused why ‘GET /changes/’ works, but ‘GET /changes’ doesn’t. Both are now allowed.

  • Change 347719: Suppressing emails on submit is disallowed now if there is a post approval diff

    Fixes a security issue where a malicious user could submit code changes without anyone ever seeing them. If a change is submitted and a post approval diff exists, no matter which notify setting the caller specified, Notify=ALL is used.

  • Change 351114: Add support for enabling Strict Dynamic CSP on Documentation pages.

  • Change 349175: Disallow ‘cansee’ account search operator with private changes

    This operator used to fail for private changes if the change owner requested cansee:<private_change>. Now, if the caller of the query is the owner or one of the reviewers/ccs of the change, the query returns account data for it.

  • Change 349216: Add a has:submodule-updates operator for submit requirements

    Returns true if the diff of the latest patchset against the default base has a submodule modified file

  • Change 347936: Reject uploading project config changes if they contain duplicate submit requirement definitions.

    Prevent project owners and admins from accidentally adding multiple definitions for the same submit requirement name.

  • Change 246234: The WorkQueue now uses new STARTING and STOPPING states while a listener’s onStart() and onStop() methods are called.

  • Change 346954: Log progress for online-reindexing of changes

    When performing online reindexing, from the log file we could only observe when it starts and when it ends. With this change we log the progress once per minute.

  • Change 340061: Add old/new file modes to the ‘List Files’ diff endpoint

    if a file is modified with a change to the file mode only, now the file will be listed as modified.

  • Change 245614: Added a WorkQueue.TaskListener extension for plugins

    This extension point makes it possible for plugins to define and implement WorkQueue QOS policies.