Show More
| @@ -0,0 +1,162 b'' | |||||
|
|
1 | |RCE| 4.7.0 |RNS| | |||
|
|
2 | ----------------- | |||
|
|
3 | ||||
|
|
4 | Release Date | |||
|
|
5 | ^^^^^^^^^^^^ | |||
|
|
6 | ||||
|
|
7 | - 2017-04-08 | |||
|
|
8 | ||||
|
|
9 | ||||
|
|
10 | New Features | |||
|
|
11 | ^^^^^^^^^^^^ | |||
|
|
12 | ||||
|
|
13 | - Git: added support for Git LFS v2 protocol. RhodeCode now supports both | |||
|
|
14 | Mercurial Largefiles, and Git LFS for storing large binaries. | |||
|
|
15 | - Largefiles: detect Git LFS or Mercurial Largefiles objects in UI. | |||
|
|
16 | Those are now available for downloading together with showing their size. | |||
|
|
17 | - Files: Jupyter notebooks will be now rendered inside the file view. Including | |||
|
|
18 | MatJax support, and relative images. | |||
|
|
19 | - Files: render images inside the file view. | |||
|
|
20 | Instead of displaying binary message, render images icons and gifs | |||
|
|
21 | inside the file view page. | |||
|
|
22 | - Files: relative ULR support inside rendered files. It's now possible to | |||
|
|
23 | write Markup files and relative links will be handled from the RhodeCode | |||
|
|
24 | instance itself. Adds basic wiki functionality. | |||
|
|
25 | - Files: allow to show inline pdf in browser using embedded files from source code. | |||
|
|
26 | - Annotation: added shortcut links to browse the annotation view with previous | |||
|
|
27 | commits. Allows browsing history for each line from annotation view. | |||
|
|
28 | - Pull Requests: add explicit close action instead of close with status from | |||
|
|
29 | status selector. This allows closing of approved or rejected | |||
|
|
30 | pull requests, without performing a merge action. | |||
|
|
31 | - Authentication: LDAP now has an option to sync LDA groups using two | |||
|
|
32 | distinct ways. Either using rfc2307 or rfc2307bis. Increases compatibility | |||
|
|
33 | with different OpenLDAP and AD servers. | |||
|
|
34 | - Slack: updated slack integration to use the attachments for nicer formatting. | |||
|
|
35 | Added number of commits inside the message, changed UI for all Slack events. | |||
|
|
36 | - Authentication (EE edition only): added repository scope for VCS type auth | |||
|
|
37 | tokens. Each token can be now bound to particular repository for added security. | |||
|
|
38 | - User administration: added audit page to allow showing single user actions. | |||
|
|
39 | - API: implemented `get_user_audit_logs` method to fetch audit logs via API endpoint. | |||
|
|
40 | - User administration: It's now possible to edit user group membership from | |||
|
|
41 | user view. | |||
|
|
42 | - User groups administration: added managing and showing the group | |||
|
|
43 | synchronization in UI. It's now possible to enable manual group syncing on | |||
|
|
44 | already existing user groups from external sources such as LDAP/AD. | |||
|
|
45 | - Repositories: added new strip view allowing removing commits from repositories | |||
|
|
46 | via web interface for repository administrators. | |||
|
|
47 | - System Info: added info about workers and worker type. | |||
|
|
48 | Added more details about CPU. Expose workers of VCSServer in system info data. | |||
|
|
49 | Detect database migration errors. | |||
|
|
50 | ||||
|
|
51 | ||||
|
|
52 | General | |||
|
|
53 | ^^^^^^^ | |||
|
|
54 | ||||
|
|
55 | - Core: ported many views into pure pyramid code with python3.6 compatibility. | |||
|
|
56 | - Core: removed deprecated Pyro4 backend from Enterprise code. | |||
|
|
57 | - Maintenance: implemented maintenance view for Mercurial and GIT repositories. | |||
|
|
58 | For HG it will run `hg verify`, and for GIT a `git gc` command. | |||
|
|
59 | - Notifications: different approach with fixed/standard container. Floating | |||
|
|
60 | notifications no longer hide the menu when browsed on top of the page. | |||
|
|
61 | Also added option to remove single elements from stacked notifications. | |||
|
|
62 | - VCS server: exception-handling: better handling of remote exception and logging. | |||
|
|
63 | - VCS server: propagate hooks tracebacks to VCS server for easier debugging. | |||
|
|
64 | - Core: prevent `httplib3` logs to spam internal RhodeCode logs. | |||
|
|
65 | It often confuses people looking at those entries, misleading during debug. | |||
|
|
66 | - Mercurial: allow editing Largefiles store location from web interface. | |||
|
|
67 | - Git: allow editing GIT LFS store location from web interface. | |||
|
|
68 | - API: add get_method API call. This allows showing the method and it's parameter | |||
|
|
69 | from the CLI without reading the documentation. | |||
|
|
70 | In addition use it's mechanics to propose users other methods with close names | |||
|
|
71 | if the calling method is not found. | |||
|
|
72 | - UI: add timezone info into tooltips. | |||
|
|
73 | - Dependencies: bumped pyramid to 1.7.4 | |||
|
|
74 | - Dependencies: bumped Mercurial version to 4.1.2 | |||
|
|
75 | ||||
|
|
76 | ||||
|
|
77 | Security | |||
|
|
78 | ^^^^^^^^ | |||
|
|
79 | ||||
|
|
80 | - Hooks: added changes to propagate commit metadata on pre-push. | |||
|
|
81 | This allows easier implementation of checking hooks such as branch protection. | |||
|
|
82 | - Hooks: added new pretx hook to allow mercurial checks such as protected | |||
|
|
83 | branches, or force push. | |||
|
|
84 | - Auth: give owner of user group proper admin permissions to the user group. | |||
|
|
85 | This makes the behaviour consistent with repositories and repository groups. | |||
|
|
86 | And allows delegation of administration of those to other users. | |||
|
|
87 | - Password reset: strengthen security on password reset logic. | |||
|
|
88 | Generate token that has special password reset role. | |||
|
|
89 | Set 10 minute expiration for the token. | |||
|
|
90 | Add some logic to prevent brute forcing attacks. | |||
|
|
91 | Use more implicit messages to prevent user email discovery attacks. | |||
|
|
92 | - Core: added checks for password change for authenticated users in pure | |||
|
|
93 | Pyramid views. 2 views were still available and not forcing users to change | |||
|
|
94 | their passwords. | |||
|
|
95 | - Auth tokens: removed builtin auth-token for users. | |||
|
|
96 | Builtin token were non-removable, and always generated for new users. This | |||
|
|
97 | wasn't best practice for security as some users are strictly not allowed to | |||
|
|
98 | use tokens. From now on new users needs a new token generation in case they | |||
|
|
99 | want to use token based authentication. | |||
|
|
100 | - Auth tokens: don't generate builtin token for new users. | |||
|
|
101 | Also don't change them when password reset is made. | |||
|
|
102 | - Api: added last-activity into returned data of get_user api. | |||
|
|
103 | ||||
|
|
104 | ||||
|
|
105 | Performance | |||
|
|
106 | ^^^^^^^^^^^ | |||
|
|
107 | ||||
|
|
108 | - Mercurial: enabled new `Zstandard` compression algorithm available with | |||
|
|
109 | Mercurial 4.1.X. This allows faster, more CPU efficient clones when used | |||
|
|
110 | with new Mercurial clients. | |||
|
|
111 | ||||
|
|
112 | - Users Admin: moved user admin to pyramid, and made it load users in chunks. | |||
|
|
113 | Fixed loading data to be lazy fetched, drastically improves speed of user | |||
|
|
114 | administration page in case of large amount of users. | |||
|
|
115 | ||||
|
|
116 | ||||
|
|
117 | Fixes | |||
|
|
118 | ^^^^^ | |||
|
|
119 | ||||
|
|
120 | - Search: goto commit search will now use a safe search option and never | |||
|
|
121 | throw any exceptions even if search is misconfigured | |||
|
|
122 | e.g. Elastic Search cluster is down. | |||
|
|
123 | - Events: fix a case for events called from API that couldn't fetch | |||
|
|
124 | registered user object. | |||
|
|
125 | - Comments: unlock submit if we use slash commands to set status. | |||
|
|
126 | - UI: fixed an issue with date of last change was not displayed correctly. | |||
|
|
127 | - Emails: added comment types (TODO/NOTE) into emails. | |||
|
|
128 | - Events: fix wrongly returned author data. | |||
|
|
129 | - Error middleware: read the instance title from cached object. | |||
|
|
130 | Reading from settings inside error handler can cause error hiding when | |||
|
|
131 | error_handler was caused by database errors. | |||
|
|
132 | - Pull requests: show version age component should use local dates instead of UTC. | |||
|
|
133 | - Pull requests: lock button when updating reviewers to forbid multi-submit | |||
|
|
134 | problems. Additionally fixed some small UI issues found in that view. | |||
|
|
135 | - Pull requests: forbid browsing versions on closed pull request. | |||
|
|
136 | - Pull requests: allow super-admins to delete pull requests instead of only owners. | |||
|
|
137 | - Diffs: support mercurial copy operation in diffs details. | |||
|
|
138 | - SVN: escape special chars to allow interactions with non-standard svn paths. | |||
|
|
139 | Path with special characters such as '#' will no longer trigger 404 errors. | |||
|
|
140 | - Data grids: fix some styling and processing text display. | |||
|
|
141 | - API: use consistent way to extract users, repos, repo groups and user groups | |||
|
|
142 | by id or name. Makes usage of Number vs String to differentiate if we pick | |||
|
|
143 | object ID or it's name this will allow editing of objects by either id or | |||
|
|
144 | it's name, including numeric string names. | |||
|
|
145 | - API: validate commit_id when using commit_comment API | |||
|
|
146 | - API: cleanup sessions enforce older_then must be a valid INT. | |||
|
|
147 | ||||
|
|
148 | ||||
|
|
149 | Upgrade notes | |||
|
|
150 | ^^^^^^^^^^^^^ | |||
|
|
151 | ||||
|
|
152 | - Auth-tokens: a builtin token will be migrated for all users into a custom | |||
|
|
153 | external token. We advise to inform users that the current builtin tokens | |||
|
|
154 | will now show as external ones. Builtin tokens were removed to allow expiring | |||
|
|
155 | ,or removing them. It's now possible to create users without any tokens. | |||
|
|
156 | ||||
|
|
157 | From now on new users needs a new token generation in case they want to use | |||
|
|
158 | token based authentication. | |||
|
|
159 | ||||
|
|
160 | - Hooks: we added via migration a pre transaction hook for Mercurial. If you're | |||
|
|
161 | using a custom code inside pre-push function of rcextensions make sure it | |||
|
|
162 | will not block your pushes. | |||
General Comments 0
You need to be logged in to leave comments.
Login now