This release contains schema changes. To upgrade:
java -jar gerrit.war init -d site_path
Gerrit 2.14 introduces a new secondary index for groups. The initial version of this index must be created by running the offline reindex before starting Gerrit:
java -jar gerrit.war reindex --index groups -d site_path
Note that it is not necessary to reindex the changes and accounts indexes offline. These will automatically be reindexed by the online reindexer after starting Gerrit.
Gerrit now requires Java Runtime Environment (JRE) version 8. It is no longer possible to run Gerrit on JRE 7.
The Bouncy Castle Crypto API libraries are now distributed in the Gerrit
.war file rather than being downloaded during site initialization. When upgrading from a previous version of Gerrit, previously downloaded Bouncy Castle
.jar files remaining in the site's
/lib folder will be disabled by appending
.disabled to the file name.
Support for HTTP Digest Authentiation is removed.
With the move to NoteDB, the per-account data (including the HTTP password) will be stored in a branch in the
All-Users repo, where it is subject to Gerrit ACLs. Since these are notoriously hard to setup correctly, we want to avoid storing the password in plaintext.
Existing passwords will be migrated to a hashed password during site initialization when upgrading from an earlier version of Gerrit.
An exclusive ALLOW permission now has priority over a BLOCK permission when both permissions are defined on the same project.
This means an exclusive ALLOW rule now overrules BLOCK rules on the same project.
BLOCK rules still cannot be overruled by child projects.
This change makes it possible to allow a permission for a specific ref and to block the same permission for all other refs. For example, it is now possible to allow all users to push changes for review, but to block all direct pushes:
[access "refs/*"] push = block group Anonymous Users [access "refs/for/*"] exclusiveGroupPermissions = push push = group Registered Users
This release deprecates the use of Velocity mail templates. In a future release support will be removed and it will be necessary to upgrade custom mail templates to Soy files.
The permissions “Push Annotated Tag” and “Push Signed Tag” are renamed to “Create Annotated Tag” and “Create Signed Tag”. Existing project configurations using the old permission names will be migrated during site initialization.
Instead of being invoked on every commit received, the
ref-update hook is now invoked before the ref update operation is finalized. The previous behavior of the
ref-update hook is moved into a new hook named
Sites using the
ref-update hook should rename the hook file to
In version 2.14.4 the fields in the JdbcAccountPatchReviewStore primary key are reordered to improve performance when clearing the reviewed flag for a patch set.
Sites that have already upgraded from an earlier version to 2.13, or to a 2.14.x version before 2.14.4, and want to take advantage of this performance improvement, should manually drop and recreate the primary key as follows:
# drop the key ALTER TABLE account_patch_reviews DROP CONSTRAINT primary_key_account_patch_reviews; # recreate the key ALTER TABLE account_patch_reviews ADD CONSTRAINT primary_key_account_patch_reviews PRIMARY KEY (change_id, patch_set_id, account_id, file_name);
Note that this is optional. The site will continue to work without this update.
The update is not necessary when upgrading directly to 2.14.4 from a version earlier than 2.13, as the primary key will be created with the updated order anyway.
Changes may be assigned to a specific user. This allows a workflow where the user that is assigned to a change is responsible for reviewing the change and/or passing the assignment on to another user.
In the UI, changes assigned to the currently logged in user are highlighted.
assignee: search predicate allows to find changes assigned to a given user.
Gerrit email messages are made easier to read by sending HTML content parts in addition to the existing text email content. This is enabled by default, and can be disabled by setting
Users can opt to always receive plaintext emails by setting the Email Format preference.
Mail templates can now be written using Closure Templates (Soy). Mail templates written in Velocity (VTL) are deprecated but still supported. Support for VTL will be dropped in a future release.
Gerrit now supports receiving review comments by email.
Note that the Elastic Search implementation is still considered experimental and it is not advised to use it for production systems.
Issue 3944: Tags can be created and deleted via the Tags screen in the UI.
Although the REST API supports creation of both lightweight and annotated tags from 2.14, the GWT UI allows for annotation with 2.14.4 or later.
For merge commits, the list of commits that will be merged into the destination branch is included as the
/MERGE_LIST magic file which is shown as
Merge List in the UI.
Gerrit now includes a new user interface, referred to as “PolyGerrit”, based on Polymer.
The UI can be switched between PolyGerrit and GWT by clicking the “New UI” and “Old UI” links in the site footer. Alternatively, the UI can be switched by adding
?polygerrit=0 to the URL.
Note that PolyGerrit is still under development. Most use cases are supported, but there are still some missing features compared to the GWT UI.
Normally, changes can be reviewed only before they are being merged. This new feature allows for post-submit review of commits by creating a new merged change, by using the ‘merged’ push option.
Issue 5234: Fix SSH GSSAPI authentication.
Issue 5739: Prevent
ref-update hook from being invoked on every commit when pushing multiple commits.
Instead of being invoked on every commit received, the
ref-update hook is now invoked before the ref update operation is finalized. Note that the hook is no longer invoked on commits pushed for review or on changes that are merged. It is invoked for creation/deletion of refs, and for ref updates caused by direct pushes (i.e. bypassing review).
The previous behavior of the
ref-update hook is moved into a new hook named
commit-received. A new parameter
--cmdref is added, and the special handling of
refs/changes is removed.
Sites using the
ref-update hook should rename the hook file to
Update auto-value to 1.4
Update Bouncy Castle to 1.56
Update codemirror to 5.25.0
Update commons-compress to 1.12
Update Guava to 21.0 (updated to 22.0 in 2.14.6)
Update Guice to 4.1.0
Update GWT to 2.8.0 (updated to 2.8.2 in 2.14.6)
Update gwtjsonrpc to 1.11
Update gwtorm to 1.17
Update JavaEWAH to 1.1.6
Update JGit to 188.8.131.52704051617-r
Update jsch to 0.1.54
Update Lucene to 5.5.2
Update mina to 2.0.16
Update ow2-asm to 5.1
Update prolog-cafe to 1.4.2
Update SSHD to 1.4.0
Issue 7562: Stop passing
curl in download-commands plugin.
Validating certs is an important feature of HTTPS that we should not disable, especially when downloading code that is going to be trusted.
ban-commit ssh command on slaves.
Gerrit slaves are supposed to be read-only, but the
ban-commit command creates a Git note and hence writes to the repository.
Fix error message when attempting to delete a branch without permission.
Branches can be deleted by a user having the “Push” permission with the force flag set, or the “Delete Reference” permission. However, the error message did not mention “Delete Reference”, leading to users unnecessarily requesting administrators to grant the force push permission.
Fix status transition when directly pushing an abandoned change.
If a change was abandoned, but then directly pushed to the branch, its status was not changed from “Abandoned” to “Merged”.
Keep old timestamps during data migration.
In some cases the “created on” field was updated to the time of the migration when replacing the “Submitted” state with “New”.
Don't compress live log file
Don't create GC log file when GC is not configured.
Specify new tip of the branch when updating submodules.
In Gerrit 2.12, whenever a submodule was updated the corresponding commit in the superproject included the SHA-1 of the new tip of the branch.
Restore this behavior to avoid breaking clients that extract this information from the superproject commit message.
Don't use account index to look up external IDs when authenticating with OAuth or OpenID.
The account index is not available on slaves, causing authentication with OAuth and OpenID to fail.
Issue 7647: Gracefully handle malformed GPG keys input.
Posting a malformed GPG resulted in an internal server error.
Issue 7611: Stop the project cache clock and await termination of index executor threads on server shutdown.
Issue 5386: Fix database connection leak in
Evict idle database connections.
Database idle connections in the pool were not evicted which could lead to connections to the database being exhausted.
Idle connections are now evicted after 60 seconds.
Enable CORS for plugin static files and documentation.
Allow to select and copy text in inline comment boxes.
Issue 7739: Only enable the “Require Signed Push” project option for project owners.
Upgrade Polymer to version 1.11.0.
This version includes a fix for deprecation of HTMLImports in Chrome.
Upgrade GWT to version 2.8.2.
This version includes various fixes since 2.8.0.
Upgrade Guava to version 22.0.
Fix regression introduced in 2.14.5
A regression was introduced when fixing the
set-reviewers command to work with change sha1s. The check for sha1 was done before the check for legacy change number, so if a server had large enough change numbers they would be erroneously interpreted as sha1 resulting in a “change not found” error.
WARNING: the 2.14.5 release includes a regression. Use 184.108.40.206 instead.
Issue 7273: On account creation evict account from account cache.
When an account was created by ssh or REST API, its username and full name were not available until the account cache was flushed (e.g. by restarting the server).
Issue 6885: Fix over-eager caching of pages.
Issue 7098: Fix diff base gitweb link.
Issue 5897: Fix false-positive warning on gitweb requests.
Issue 6657: Prevent invalid query operator from invalidating user's web session.
If the user entered an invalid query like
has:starss, the user's web session was invalidated.
Issue 7425: Add
sshd.waitTimeout configuration to set
In sshd a new channel property, channel-output-wait-for-space-timeout, was introduced with a default value of 30 seconds.
This was not being set, causing any clone operations lasting longer than 30 seconds to fail.
Administrators may now increase this value by setting
Increase the value of
GERRIT_FDS when an LFS plugin is configured.
GERRIT_FDS was set to double of
core.packedGitOpenFiles, which was not sufficient to account for the file descriptors used by Git LFS.
Issue 7357: Fix bad rounding of relative dates like ‘1 year, 12 months ago’.
The date should be rounded to ‘2 years ago’.
Fix parsing of permissions when expanding parameters.
_moreChanges when change query result is empty.
Fix suppression of log file compression when exception occurs.
If any exception occurred, subsequent log compression was not done.
Fix scheduling of log file compression.
The initial delay for log file compression scheduling was not being calculated correctly, leading to the task's initial run being much later than expected.
Fix internal server error when reading changes.
When a change was not found, NullPointerException was thrown and this caused the delete-project plugin to fail. Now, ChangeNotFoundException is thrown.
Fix parsing of email replies with “gmail_default” as class name.
The email parser was rejecting all blocks with a class starting with ‘gmail’.
Don't show weblinks for ‘magic’ files.
The magic files
/MERGE_LIST don't actually exist in the git repository, so any links to them result in 404 on the viewer.
Add missing registration of
The missing registration was causing listeners to fail with ‘Unknown event type’.
Allow to add reviewers to changes by commit sha1 using the
set-reviewers ssh command.
Hooks plugin: Protect against null object IDs in ref updates.
Fix avatars when using a URL prefix
Fix redirection of URLs with context to GWT UI
Fix performance issue when clearing reviewed flag for a patch set.
Change the order of fields in the primary key of the JdbcAccountPatchReviewStore table, to allow usage of implicit indices when querying rows, improving performance when clearing the reviewed flag for a patch set.
Sites that have already upgraded from an earlier version to either 2.13 or 2.14 need to manually recreate the primary key as described in the warning above.
Issue 7086: Disallow invalid combination of
Update the documentation of
auth.type to clarify that the
CLIENT_SSL_CERT_LDAP types only use LDAP to gather basic information about the user, and not to actually perform the authentication.
Also, add checks to make sure the combination of
auth.gitBasicAuthPolicy is valid. If an invalid combination is used, this could result in unintentionally disabling authentication, so raise an error during startup.
Issue 7188: Fix ‘Cannot upgrade schema’ during upgrade on Oracle database backend.
Fix internal server error when invoking the
stream-events ssh command with the
Add support for creating annotated tags from the tags list in the GWT UI.
Although the REST API allows to create annotated tags, the UI only supported creating lightweight tags.
Consistently use lower case when reading enumerations during initialization.
The list of supported options was converted to lower case, but the input prompt did not do the same for the default value.
Issue 6853: Only attempt to parse
polygerrit URL parameter on
Attempting to parse the
polygerrit parameter on all requests caused failures when sending a
PUT request to the REST API via
Issue 6922: Fix comparison against edit revision.
Issue 6745: Emit an event to the event stream when a vote is removed from a change.
When a reviewer was removed from a change, an event was emited to the event stream, but when only a vote was removed (leaving the reviewer on the change), no event was emitted
Add user who removed reviewer into event that is emitted when a reviewer is removed from a change.
Improve error message when failing to create the first user.
Allow to run the server without specifying
The only situation where the setting is mandatory is when using OAuth authentication, because the OAuth provider needs to have a fixed callback URL with a single hostname.
Align group reference from plugin with core group reference.
When the group reference was a new one, i.e. not already in the groups file, it was not added to the groups file when saving the project config.
Fix support for plugin group reference with inheritance.
Group reference was not working when inherited from parent project config.
-S instead of
-s as alias for
--start in list branches and tags REST API endpoints.
Using an upper case
-S makes the API consistent with the other list APIs (changes, groups, projects). This is a breaking change for any clients that use
Allow to configure pool connection settings for patch review store.
Previously the pool connection settings were hard-coded. In high traffic servers this can cause a bottleneck as the transactions start to be queued when the maximum number of connetions is reached.
In the accountPatchReviewDb section of the
gerrit.config file it is now possible to configure the
Issue 6472: Fix online reindexing for plugin-dependent rules.
Issue 6473: Fix display of columns in projects tables.
Issue 6099: Set reflog message and identity when merging changes.
Issue 6591: Fix deletion of branches when the
refs/heads/ prefix is omitted.
Issue 6605: Fix searching for change by Change-Id triplet when project name matches Change-Id pattern.
For projects whose name matched the Change-Id pattern, i.e. named something like
iabcde, it was not possible to search for changes using the Change-Id triplet
Issue 3345: Preserve line endings in inline editor.
Issue 6508: Hooks plugin: Fix hook configuration names to match documentation
Most hooks in the documentation are named with “Hook” suffix, but in the code the “Hook” suffix was omitted. This prevented the hook from being found when the administrator configured it with the documented name.
Issue 6609: Add “indent with tabs” configuration option in inline editor.
Issue 6544: Allow project owners to update project configuration.
Issue 6527: Use quoted-printable for SMTP transfer encoding.
Issue 6205: Fix internal server error on
/register with URL prefix.
Fix line wrapping in inline editor.
The line wrapping preference was respected for the diff screens, but not for the inline editor.
Don't index missing accounts.
Disable auto-reindexing if stale during offline Reindex.
Fix title of revision field for creating new tag in the UI.
self before other users in search operator suggestions.
For query operators that expect a user, the suggestion included other users whose name begins with “sel” before “self”. Since “self” is more frequently used, it should be suggested first.
Load external IDs from primary storage (ReviewDb).
On sign in we can‘t access the account index to lookup external IDs since Gerrit slaves don’t have an account index, but Gerrit slaves must be able to sign in. Instead load the external ID from the primary storage which is ReviewDb in 2.14.
shortSubject field to 72 characters in soy email template.
Align lib modules load injector on Jetty and external containers.
Align the startup of Gerrit with a standalone Jetty container to the WebAppInitializer and load the user-provided Guice modules in the sysInjector instead of the DbInjector.
This Allows overriding some of the default bindings of Gerrit (e.g. repository manager or permissions backend) with custom-made alternate implementations.
Fix cyclic dependency when using
The starting mode where
site_path is not specified (as a system property) and Gerrit first connects to the database using the ReviewDb JNDI property from the servlet container was broken since version 2.13 due to a cyclic dependency in Guice bindings.
throws declarations on
NotImplemented classes in the extension API.
throws were removed as a cleanup in Gerrit 2.14, but this prevenented classes that extend
NotImplemented from throwing the exceptions.
Add support for tag web links.
Reindex accounts after updating external Ids in
Disallow using both
r options together in branch and tag list filters.
Recognize all parts marked with
multipart/ in inbound emails.
Inbound emails would not be parsed when the message was signed and therefore wrapped in a
Replication plugin: Fix race condition when scheduling a replication
Replication plugin: Use rescheduleDelay instead of replicationDelay when rescheduling.
Add support for Git LFS locking.
Plugins implementing LFS may now include support for locking.
Upgrade JGit to 220.127.116.11706071930-r.
This includes a fix to make auto GC run in the background.
In some cases, the auto GC limit is lower than the true number of unreachable loose objects, so auto GC will run after every (e.g) fetch operation. This leads to the appearance of poor fetch performance. Since these GCs will never make progress (until either the objects become referenced, or the two week timeout expires), blocking on them simply reduces throughput.
Allow multiple Servlet filters on Jetty HTTPD.
It is now possible to specify multiple values for
Allow to set Jetty HTTPD socket timeout.
A new setting
httpd.idleTimeout makes the Jetty HTTPD socket timeout configurable so to tailor the socket and thread consumption to the needs of setups with different latencies and bandwidth.
group indexed extension point.
Similar to the existing
change indexed and
account indexedextension points, this allows plugins to be notified when a group has been indexed.
Extend upload validation interface to allow listening to negotiation start.
This can be used to check rate limits for fetch requests. Rate limits should be checked before git transport negotation starts to avoid unnecessary work in case the limit is already reached.
Fix support for ECDSA and ED25519 SSH keys.
ECDSA and ED25519 SSH host keys were not generated during site initialization and were not loaded if they existed.
Fix initialization failure when removing old Bouncy Castle library fails.
During initialization, old Bouncy Castle libraries are renamed with a
.backup suffix, but if the destination file already existed the initialization would fail with a fatal error. Now a warning is printed and the initialization continues.
Issue 6278: Fix internal server error when cloning from slave over HTTP.
Fix firing change related events for deleted change.
Issue 5393: Improve the performance of reviewer suggestion.
The idle timeout was not properly set for the nio2 backend, so connections would always time out with the default value (10 minutes).
Improve error message when publishing an already published change edit.
Fix ref visibility checks in dashboards.
Replication plugin: Fix replication retries when
maxRetries is set to 0.
Fix autocomplete for Firefox on LDAP login screen.
Add support for mariadb in AccountPatchReviewStore.
Fix notifications for comments on draft patch sets.
Fix internal server error when deleting current patch set and previous patch set doesn't exist.
Issue 6176: Fix internal server error when old patch set is not found.
Always use SSL implicitly for POP3 and IMAP.
receiveemail.encryption is set to TLS/SSL, we always want to use the implicit mode to execute the TLS/SSL command right after establishing the conection with the mail server. Strict mail servers like Gmail would close the connection prematurely otherwise.
Allow plugins to non-transitively depend on prolog rules.
Issue 6367: Allow to set blocking label range rules in permission rule editor.
Issue 6096: Add an “up” button to the diff screen.
Issue 6041: Display
Merge List and
Issue 6080: Allow editing status when full name is not editable.
Issue 6166: Fix loading favicon on a prefixed URL.
Make sure ‘Merge Conflict’ displays on change view.
Use a default name for accounts that do not have a display name.