Show More
release-notes-4.7.0.rst
162 lines
| 8.0 KiB
| text/x-rst
|
RstLexer
r1608 | |RCE| 4.7.0 |RNS| | |||
----------------- | ||||
Release Date | ||||
^^^^^^^^^^^^ | ||||
- 2017-04-08 | ||||
New Features | ||||
^^^^^^^^^^^^ | ||||
- Git: added support for Git LFS v2 protocol. RhodeCode now supports both | ||||
Mercurial Largefiles, and Git LFS for storing large binaries. | ||||
- Largefiles: detect Git LFS or Mercurial Largefiles objects in UI. | ||||
Those are now available for downloading together with showing their size. | ||||
- Files: Jupyter notebooks will be now rendered inside the file view. Including | ||||
MatJax support, and relative images. | ||||
- Files: render images inside the file view. | ||||
Instead of displaying binary message, render images icons and gifs | ||||
inside the file view page. | ||||
- Files: relative ULR support inside rendered files. It's now possible to | ||||
write Markup files and relative links will be handled from the RhodeCode | ||||
instance itself. Adds basic wiki functionality. | ||||
- Files: allow to show inline pdf in browser using embedded files from source code. | ||||
- Annotation: added shortcut links to browse the annotation view with previous | ||||
commits. Allows browsing history for each line from annotation view. | ||||
- Pull Requests: add explicit close action instead of close with status from | ||||
status selector. This allows closing of approved or rejected | ||||
pull requests, without performing a merge action. | ||||
- Authentication: LDAP now has an option to sync LDA groups using two | ||||
distinct ways. Either using rfc2307 or rfc2307bis. Increases compatibility | ||||
with different OpenLDAP and AD servers. | ||||
- Slack: updated slack integration to use the attachments for nicer formatting. | ||||
Added number of commits inside the message, changed UI for all Slack events. | ||||
- Authentication (EE edition only): added repository scope for VCS type auth | ||||
tokens. Each token can be now bound to particular repository for added security. | ||||
- User administration: added audit page to allow showing single user actions. | ||||
- API: implemented `get_user_audit_logs` method to fetch audit logs via API endpoint. | ||||
- User administration: It's now possible to edit user group membership from | ||||
user view. | ||||
- User groups administration: added managing and showing the group | ||||
synchronization in UI. It's now possible to enable manual group syncing on | ||||
already existing user groups from external sources such as LDAP/AD. | ||||
- Repositories: added new strip view allowing removing commits from repositories | ||||
via web interface for repository administrators. | ||||
- System Info: added info about workers and worker type. | ||||
Added more details about CPU. Expose workers of VCSServer in system info data. | ||||
Detect database migration errors. | ||||
General | ||||
^^^^^^^ | ||||
- Core: ported many views into pure pyramid code with python3.6 compatibility. | ||||
- Core: removed deprecated Pyro4 backend from Enterprise code. | ||||
- Maintenance: implemented maintenance view for Mercurial and GIT repositories. | ||||
For HG it will run `hg verify`, and for GIT a `git gc` command. | ||||
- Notifications: different approach with fixed/standard container. Floating | ||||
notifications no longer hide the menu when browsed on top of the page. | ||||
Also added option to remove single elements from stacked notifications. | ||||
- VCS server: exception-handling: better handling of remote exception and logging. | ||||
- VCS server: propagate hooks tracebacks to VCS server for easier debugging. | ||||
- Core: prevent `httplib3` logs to spam internal RhodeCode logs. | ||||
It often confuses people looking at those entries, misleading during debug. | ||||
- Mercurial: allow editing Largefiles store location from web interface. | ||||
- Git: allow editing GIT LFS store location from web interface. | ||||
- API: add get_method API call. This allows showing the method and it's parameter | ||||
from the CLI without reading the documentation. | ||||
In addition use it's mechanics to propose users other methods with close names | ||||
if the calling method is not found. | ||||
- UI: add timezone info into tooltips. | ||||
- Dependencies: bumped pyramid to 1.7.4 | ||||
- Dependencies: bumped Mercurial version to 4.1.2 | ||||
Security | ||||
^^^^^^^^ | ||||
- Hooks: added changes to propagate commit metadata on pre-push. | ||||
This allows easier implementation of checking hooks such as branch protection. | ||||
- Hooks: added new pretx hook to allow mercurial checks such as protected | ||||
branches, or force push. | ||||
- Auth: give owner of user group proper admin permissions to the user group. | ||||
This makes the behaviour consistent with repositories and repository groups. | ||||
And allows delegation of administration of those to other users. | ||||
- Password reset: strengthen security on password reset logic. | ||||
Generate token that has special password reset role. | ||||
Set 10 minute expiration for the token. | ||||
Add some logic to prevent brute forcing attacks. | ||||
Use more implicit messages to prevent user email discovery attacks. | ||||
- Core: added checks for password change for authenticated users in pure | ||||
Pyramid views. 2 views were still available and not forcing users to change | ||||
their passwords. | ||||
- Auth tokens: removed builtin auth-token for users. | ||||
Builtin token were non-removable, and always generated for new users. This | ||||
wasn't best practice for security as some users are strictly not allowed to | ||||
use tokens. From now on new users needs a new token generation in case they | ||||
want to use token based authentication. | ||||
- Auth tokens: don't generate builtin token for new users. | ||||
Also don't change them when password reset is made. | ||||
- Api: added last-activity into returned data of get_user api. | ||||
Performance | ||||
^^^^^^^^^^^ | ||||
- Mercurial: enabled new `Zstandard` compression algorithm available with | ||||
Mercurial 4.1.X. This allows faster, more CPU efficient clones when used | ||||
with new Mercurial clients. | ||||
- Users Admin: moved user admin to pyramid, and made it load users in chunks. | ||||
Fixed loading data to be lazy fetched, drastically improves speed of user | ||||
administration page in case of large amount of users. | ||||
Fixes | ||||
^^^^^ | ||||
- Search: goto commit search will now use a safe search option and never | ||||
throw any exceptions even if search is misconfigured | ||||
e.g. Elastic Search cluster is down. | ||||
- Events: fix a case for events called from API that couldn't fetch | ||||
registered user object. | ||||
- Comments: unlock submit if we use slash commands to set status. | ||||
- UI: fixed an issue with date of last change was not displayed correctly. | ||||
- Emails: added comment types (TODO/NOTE) into emails. | ||||
- Events: fix wrongly returned author data. | ||||
- Error middleware: read the instance title from cached object. | ||||
Reading from settings inside error handler can cause error hiding when | ||||
error_handler was caused by database errors. | ||||
- Pull requests: show version age component should use local dates instead of UTC. | ||||
- Pull requests: lock button when updating reviewers to forbid multi-submit | ||||
problems. Additionally fixed some small UI issues found in that view. | ||||
- Pull requests: forbid browsing versions on closed pull request. | ||||
- Pull requests: allow super-admins to delete pull requests instead of only owners. | ||||
- Diffs: support mercurial copy operation in diffs details. | ||||
- SVN: escape special chars to allow interactions with non-standard svn paths. | ||||
Path with special characters such as '#' will no longer trigger 404 errors. | ||||
- Data grids: fix some styling and processing text display. | ||||
- API: use consistent way to extract users, repos, repo groups and user groups | ||||
by id or name. Makes usage of Number vs String to differentiate if we pick | ||||
object ID or it's name this will allow editing of objects by either id or | ||||
it's name, including numeric string names. | ||||
- API: validate commit_id when using commit_comment API | ||||
- API: cleanup sessions enforce older_then must be a valid INT. | ||||
Upgrade notes | ||||
^^^^^^^^^^^^^ | ||||
- Auth-tokens: a builtin token will be migrated for all users into a custom | ||||
external token. We advise to inform users that the current builtin tokens | ||||
will now show as external ones. Builtin tokens were removed to allow expiring | ||||
,or removing them. It's now possible to create users without any tokens. | ||||
From now on new users needs a new token generation in case they want to use | ||||
token based authentication. | ||||
- Hooks: we added via migration a pre transaction hook for Mercurial. If you're | ||||
using a custom code inside pre-push function of rcextensions make sure it | ||||
will not block your pushes. | ||||