release-notes-4.7.0.rst
162 lines
| 8.0 KiB
| text/x-rst
|
RstLexer
| r1608 | |RCE| 4.7.0 |RNS| | |||
| ----------------- | ||||
| Release Date | ||||
| ^^^^^^^^^^^^ | ||||
| - 2017-04-08 | ||||
| New Features | ||||
| ^^^^^^^^^^^^ | ||||
| - Git: added support for Git LFS v2 protocol. RhodeCode now supports both | ||||
| Mercurial Largefiles, and Git LFS for storing large binaries. | ||||
| - Largefiles: detect Git LFS or Mercurial Largefiles objects in UI. | ||||
| Those are now available for downloading together with showing their size. | ||||
| - Files: Jupyter notebooks will be now rendered inside the file view. Including | ||||
| MatJax support, and relative images. | ||||
| - Files: render images inside the file view. | ||||
| Instead of displaying binary message, render images icons and gifs | ||||
| inside the file view page. | ||||
| - Files: relative ULR support inside rendered files. It's now possible to | ||||
| write Markup files and relative links will be handled from the RhodeCode | ||||
| instance itself. Adds basic wiki functionality. | ||||
| - Files: allow to show inline pdf in browser using embedded files from source code. | ||||
| - Annotation: added shortcut links to browse the annotation view with previous | ||||
| commits. Allows browsing history for each line from annotation view. | ||||
| - Pull Requests: add explicit close action instead of close with status from | ||||
| status selector. This allows closing of approved or rejected | ||||
| pull requests, without performing a merge action. | ||||
| - Authentication: LDAP now has an option to sync LDA groups using two | ||||
| distinct ways. Either using rfc2307 or rfc2307bis. Increases compatibility | ||||
| with different OpenLDAP and AD servers. | ||||
| - Slack: updated slack integration to use the attachments for nicer formatting. | ||||
| Added number of commits inside the message, changed UI for all Slack events. | ||||
| - Authentication (EE edition only): added repository scope for VCS type auth | ||||
| tokens. Each token can be now bound to particular repository for added security. | ||||
| - User administration: added audit page to allow showing single user actions. | ||||
| - API: implemented `get_user_audit_logs` method to fetch audit logs via API endpoint. | ||||
| - User administration: It's now possible to edit user group membership from | ||||
| user view. | ||||
| - User groups administration: added managing and showing the group | ||||
| synchronization in UI. It's now possible to enable manual group syncing on | ||||
| already existing user groups from external sources such as LDAP/AD. | ||||
| - Repositories: added new strip view allowing removing commits from repositories | ||||
| via web interface for repository administrators. | ||||
| - System Info: added info about workers and worker type. | ||||
| Added more details about CPU. Expose workers of VCSServer in system info data. | ||||
| Detect database migration errors. | ||||
| General | ||||
| ^^^^^^^ | ||||
| - Core: ported many views into pure pyramid code with python3.6 compatibility. | ||||
| - Core: removed deprecated Pyro4 backend from Enterprise code. | ||||
| - Maintenance: implemented maintenance view for Mercurial and GIT repositories. | ||||
| For HG it will run `hg verify`, and for GIT a `git gc` command. | ||||
| - Notifications: different approach with fixed/standard container. Floating | ||||
| notifications no longer hide the menu when browsed on top of the page. | ||||
| Also added option to remove single elements from stacked notifications. | ||||
| - VCS server: exception-handling: better handling of remote exception and logging. | ||||
| - VCS server: propagate hooks tracebacks to VCS server for easier debugging. | ||||
| - Core: prevent `httplib3` logs to spam internal RhodeCode logs. | ||||
| It often confuses people looking at those entries, misleading during debug. | ||||
| - Mercurial: allow editing Largefiles store location from web interface. | ||||
| - Git: allow editing GIT LFS store location from web interface. | ||||
| - API: add get_method API call. This allows showing the method and it's parameter | ||||
| from the CLI without reading the documentation. | ||||
| In addition use it's mechanics to propose users other methods with close names | ||||
| if the calling method is not found. | ||||
| - UI: add timezone info into tooltips. | ||||
| - Dependencies: bumped pyramid to 1.7.4 | ||||
| - Dependencies: bumped Mercurial version to 4.1.2 | ||||
| Security | ||||
| ^^^^^^^^ | ||||
| - Hooks: added changes to propagate commit metadata on pre-push. | ||||
| This allows easier implementation of checking hooks such as branch protection. | ||||
| - Hooks: added new pretx hook to allow mercurial checks such as protected | ||||
| branches, or force push. | ||||
| - Auth: give owner of user group proper admin permissions to the user group. | ||||
| This makes the behaviour consistent with repositories and repository groups. | ||||
| And allows delegation of administration of those to other users. | ||||
| - Password reset: strengthen security on password reset logic. | ||||
| Generate token that has special password reset role. | ||||
| Set 10 minute expiration for the token. | ||||
| Add some logic to prevent brute forcing attacks. | ||||
| Use more implicit messages to prevent user email discovery attacks. | ||||
| - Core: added checks for password change for authenticated users in pure | ||||
| Pyramid views. 2 views were still available and not forcing users to change | ||||
| their passwords. | ||||
| - Auth tokens: removed builtin auth-token for users. | ||||
| Builtin token were non-removable, and always generated for new users. This | ||||
| wasn't best practice for security as some users are strictly not allowed to | ||||
| use tokens. From now on new users needs a new token generation in case they | ||||
| want to use token based authentication. | ||||
| - Auth tokens: don't generate builtin token for new users. | ||||
| Also don't change them when password reset is made. | ||||
| - Api: added last-activity into returned data of get_user api. | ||||
| Performance | ||||
| ^^^^^^^^^^^ | ||||
| - Mercurial: enabled new `Zstandard` compression algorithm available with | ||||
| Mercurial 4.1.X. This allows faster, more CPU efficient clones when used | ||||
| with new Mercurial clients. | ||||
| - Users Admin: moved user admin to pyramid, and made it load users in chunks. | ||||
| Fixed loading data to be lazy fetched, drastically improves speed of user | ||||
| administration page in case of large amount of users. | ||||
| Fixes | ||||
| ^^^^^ | ||||
| - Search: goto commit search will now use a safe search option and never | ||||
| throw any exceptions even if search is misconfigured | ||||
| e.g. Elastic Search cluster is down. | ||||
| - Events: fix a case for events called from API that couldn't fetch | ||||
| registered user object. | ||||
| - Comments: unlock submit if we use slash commands to set status. | ||||
| - UI: fixed an issue with date of last change was not displayed correctly. | ||||
| - Emails: added comment types (TODO/NOTE) into emails. | ||||
| - Events: fix wrongly returned author data. | ||||
| - Error middleware: read the instance title from cached object. | ||||
| Reading from settings inside error handler can cause error hiding when | ||||
| error_handler was caused by database errors. | ||||
| - Pull requests: show version age component should use local dates instead of UTC. | ||||
| - Pull requests: lock button when updating reviewers to forbid multi-submit | ||||
| problems. Additionally fixed some small UI issues found in that view. | ||||
| - Pull requests: forbid browsing versions on closed pull request. | ||||
| - Pull requests: allow super-admins to delete pull requests instead of only owners. | ||||
| - Diffs: support mercurial copy operation in diffs details. | ||||
| - SVN: escape special chars to allow interactions with non-standard svn paths. | ||||
| Path with special characters such as '#' will no longer trigger 404 errors. | ||||
| - Data grids: fix some styling and processing text display. | ||||
| - API: use consistent way to extract users, repos, repo groups and user groups | ||||
| by id or name. Makes usage of Number vs String to differentiate if we pick | ||||
| object ID or it's name this will allow editing of objects by either id or | ||||
| it's name, including numeric string names. | ||||
| - API: validate commit_id when using commit_comment API | ||||
| - API: cleanup sessions enforce older_then must be a valid INT. | ||||
| Upgrade notes | ||||
| ^^^^^^^^^^^^^ | ||||
| - Auth-tokens: a builtin token will be migrated for all users into a custom | ||||
| external token. We advise to inform users that the current builtin tokens | ||||
| will now show as external ones. Builtin tokens were removed to allow expiring | ||||
| ,or removing them. It's now possible to create users without any tokens. | ||||
| From now on new users needs a new token generation in case they want to use | ||||
| token based authentication. | ||||
| - Hooks: we added via migration a pre transaction hook for Mercurial. If you're | ||||
| using a custom code inside pre-push function of rcextensions make sure it | ||||
| will not block your pushes. | ||||
