##// END OF EJS Templates
env-variables: make it safer if there's a syntax problem inside .ini file....
env-variables: make it safer if there's a syntax problem inside .ini file. It's better to not crash, since it means server wont start. Let users fix problems instead of breaking the startup because of that.

File last commit:

r1:854a839a default
r3237:5cf82ecc default
Show More
release-notes-3.0.0.rst
166 lines | 8.0 KiB | text/x-rst | RstLexer
/ docs / release-notes / release-notes-3.0.0.rst
project: added all source files and assets
r1 |RCE| 3.0.0 |RNS|
-----------------
As |RCM| 3.0 is a big release, the release notes have been split into the following sections:
* :ref:`general-rn-ref`
* :ref:`security-rn-ref`
* :ref:`api-rn-ref`
* :ref:`performance-rn-ref`
* :ref:`prs-rn-ref`
* :ref:`gists-rn-ref`
* :ref:`search-rn-ref`
* :ref:`fixes-rn-ref`
.. _general-rn-ref:
General
^^^^^^^
* Released 2015-01-27
* Basic |svn| support added
* GPLv3 components removed
* Server/Client architecture for VCS systems created
* Python 2.5 and 2.6 support deprecated
* Server info pages now show gist/archive cache storage, and also CPU/Memory/Load information.
* Added new bulk commit (changeset) status comment form into compare view which enables bulk code-reviews without
opening a pull-request.
* License checks and limits now only apply to active users.
* Removed CLI command for |repo| scans as it can be done via an API call.
* VCS backends can be globally enabled/disabled from the :file:`rhodecode.ini` file.
* Added a UI option to set default rendering to rst or markdown.
* Added syntax highlighting to 2 way compare diff.
* Markup rendering can now render checkboxes for easy checklists generation.
* Gravatars are now retina ready.
* Admins can define custom CSS or JavaScript in the header or footer via new pre/post code options.
* Replaced ``graph.js`` with ``commits-graph.js`` html5 implementation.
* Added editable owner field for repository groups, and user group.
* Added an option to detach/delete user repositories when deleting users from the system.
* Added a Supervisor control page that shows status of processes.
* User admin grid can now filter by username OR email.
* Added personal |repo| group link for easier fork creation.
* Added support for using subdirectories when creating and uploading new files.
* Added option to rename a file from the web interface.
* Added arrow key navigation to file filter and fixed the back button behaviour.
* Added fuzzy matching to file filter.
* Added functionality to create folder structures along with files when adding content via the web interface.
* Separated default permissions UI into `global`, `user`, or `object` permissions management.
* Added an inheritance flag to object permissions which allows for explicit permissions which disregard global
permissions.
* Added post create repository group hook.
* Added trigger push hooks on online file editor.
* Added default title for pull request.
* More detailed logs during Authentication.
* More explicit logging when permission checks occur.
* Switched the implementation of |git| ``fetch clone pull checkout`` commands to pure |py| without any subprocess
calls.
* Introduced the ``rcserver`` command for custom development.
* Added the ability to force no cache archived via the ``GET no_cache`` flag
.. _security-rn-ref:
Security
^^^^^^^^
* CSRF (Cross-Site Request Forgery) tokens now in all pages that use forms.
* The ``clone_url`` field is now AES encrypted inside the database.
* ACLs (Access Control Lists) are checked on the gist edit page for logged in users.
* New repository groups and repositories are created with 0755 permissions and not not 0777.
* Explicit RSS tokens are used for the RSS journal, when leaked, limits access to RSS only.
* Fixed XSS issues when rendering raw SVG files.
* Added force password reset option for users.
* IP list now accepts comma-separated values, and also ranges using `-` to specify multiple addresses.
* Added ``auth tokens``, these authentication tokens can be used as an alternative to passwords.
* Added roles (``http, api, rss, all, vcs``) into authentication tokens (previously called ``apikeys``).
* LDAP Group Support added.
* Added JASIG CAS auth plugin support.
* Added a plugin parameter that defines if a plugin can create new users on the fly.
.. _api-rn-ref:
API
^^^
* Added permissions delegation when creating |repos| or |repo| groups.
* Added ``strip`` support for |hg| and |git| |repos|.
* Added comments API for commits.
* Added add/remove methods for extra fields in repositories.
* ``get_*`` calls now use ``permission()`` and ``permission_user_group()`` methods for unified permissions structure.
* ``get_repo_nodes`` information sending has changed and is no longer a boolean flag, it's now ``basic`` or ``full``.
* Due to configurable backends ``repo_type`` is now mandatory parameter for the ``create_repo`` call.
.. _performance-rn-ref:
Performance
^^^^^^^^^^^
* Significant performance improvements across all application functions.
* HTTP Authentication performance enhancements.
* Added a ``scope`` variable to the permissions fetching function which improves building permission trees in large
amounts by a factor of 10.
* Implemented caching logic for all authentication plugins. The ``AUTH_CACHE_TTL = <int>`` property now allow you to
set the cache in seconds.
.. _prs-rn-ref:
Pull Requests
^^^^^^^^^^^^^
* Pull requests can be now updated and merged from the web interface
* Fixed creating a Mercurial |pr| from a bookmark.
* Forbid closing pull requests when calculated status is different that the approved or rejected version.
* Properly display calculated pull request review status on listing page.
* Disable delete comment button if |pr| is closed.
.. _gists-rn-ref:
Gists
^^^^^
* New UI based on grids with filtering.
* Super-admins can see all gists.
* Gists can now be created with a custom names.
.. _search-rn-ref:
Search
^^^^^^
* New API based indexer.
* Added the ability to create size limits for indexed files.
* Added a new mapping configuration file which gives a very high level of flexibility when creating full text search.
.. _fixes-rn-ref:
Fixes
^^^^^
* General: fixed issues with dependent objects, such as ``users`` in ``user groups``. Cleaning up these dependent
objects is now done in a safe way.
* General: deleting a ``user group`` from **settings > advanced** will use force removal and cleanup from all
associations.
* General: fixed issue with filter proxy middleware it's now more error prone.
* General: fixed issues with unable to create fork inside a group.
* General: fixed bad logic in ``ext_json`` lib, that checked bool on microseconds, in case it was 0 bool it returned False.
* General: authors in annotation mode shows authors of current source, not from all history (that is in normal mode)
* Permissions: fix issue when inherit flag for user group stopped working after initial permissions set.
* |git|: fixed shallow clones.
* |git|: added ``\n`` into the service line of |git| protocol. It is in the specifications and some python clients
require this.
* |hg|: fix thread safety for mercurial ``in-memory`` commits.
* Windows: fixed issue with shebang and env headers.
* MySQL: fixed database fields with 256 char length with added indexes. Mysql had problems with them.
* Database: fixed bad usage of matching using ``ILIKE``. Previously it could happen that if you had
``marcin_1@rhodecode.com`` and ``marcin_2@rhodecode.com`` emails, using ``marcin_@rhodecode.com`` would match both.
* VCS: fixed issues with double new lines on the commit patches.
* VCS: repository locking now requires write permission to repository. If we allowed locking with read,
people can lock repository without an option to unlock it.
* Models: removed the ``isdigit`` call that can create issues when names are actually numbers on fetching objects.
* Files: Fix bug with show authors in annotate view.
* Hooks: truncate excessive commit lists on ``post_push`` hook.
* Hooks: in |git|, support added to set the default branch if it is not ``master``.
* Notifications: now can be marked as read when you are not admin.
* Notifications: marking all notifications as read will hide the counter.
* Frontend: fixed branch-tag switcher multiple ajax calls.
* Repository group: |repo| group owners can now change group settings even if they don't have access to top-level
permissions.
* Repositories: if you set ``Fork of`` in advanced repository settings it will now only show valid repositories
with the same type.