##// END OF EJS Templates
docs: added changelog for 4.7.0
marcink -
r1608:e92c1ca2 default
parent child Browse files
Show More
@@ -0,0 +1,162 b''
1 |RCE| 4.7.0 |RNS|
2 -----------------
3
4 Release Date
5 ^^^^^^^^^^^^
6
7 - 2017-04-08
8
9
10 New Features
11 ^^^^^^^^^^^^
12
13 - Git: added support for Git LFS v2 protocol. RhodeCode now supports both
14 Mercurial Largefiles, and Git LFS for storing large binaries.
15 - Largefiles: detect Git LFS or Mercurial Largefiles objects in UI.
16 Those are now available for downloading together with showing their size.
17 - Files: Jupyter notebooks will be now rendered inside the file view. Including
18 MatJax support, and relative images.
19 - Files: render images inside the file view.
20 Instead of displaying binary message, render images icons and gifs
21 inside the file view page.
22 - Files: relative ULR support inside rendered files. It's now possible to
23 write Markup files and relative links will be handled from the RhodeCode
24 instance itself. Adds basic wiki functionality.
25 - Files: allow to show inline pdf in browser using embedded files from source code.
26 - Annotation: added shortcut links to browse the annotation view with previous
27 commits. Allows browsing history for each line from annotation view.
28 - Pull Requests: add explicit close action instead of close with status from
29 status selector. This allows closing of approved or rejected
30 pull requests, without performing a merge action.
31 - Authentication: LDAP now has an option to sync LDA groups using two
32 distinct ways. Either using rfc2307 or rfc2307bis. Increases compatibility
33 with different OpenLDAP and AD servers.
34 - Slack: updated slack integration to use the attachments for nicer formatting.
35 Added number of commits inside the message, changed UI for all Slack events.
36 - Authentication (EE edition only): added repository scope for VCS type auth
37 tokens. Each token can be now bound to particular repository for added security.
38 - User administration: added audit page to allow showing single user actions.
39 - API: implemented `get_user_audit_logs` method to fetch audit logs via API endpoint.
40 - User administration: It's now possible to edit user group membership from
41 user view.
42 - User groups administration: added managing and showing the group
43 synchronization in UI. It's now possible to enable manual group syncing on
44 already existing user groups from external sources such as LDAP/AD.
45 - Repositories: added new strip view allowing removing commits from repositories
46 via web interface for repository administrators.
47 - System Info: added info about workers and worker type.
48 Added more details about CPU. Expose workers of VCSServer in system info data.
49 Detect database migration errors.
50
51
52 General
53 ^^^^^^^
54
55 - Core: ported many views into pure pyramid code with python3.6 compatibility.
56 - Core: removed deprecated Pyro4 backend from Enterprise code.
57 - Maintenance: implemented maintenance view for Mercurial and GIT repositories.
58 For HG it will run `hg verify`, and for GIT a `git gc` command.
59 - Notifications: different approach with fixed/standard container. Floating
60 notifications no longer hide the menu when browsed on top of the page.
61 Also added option to remove single elements from stacked notifications.
62 - VCS server: exception-handling: better handling of remote exception and logging.
63 - VCS server: propagate hooks tracebacks to VCS server for easier debugging.
64 - Core: prevent `httplib3` logs to spam internal RhodeCode logs.
65 It often confuses people looking at those entries, misleading during debug.
66 - Mercurial: allow editing Largefiles store location from web interface.
67 - Git: allow editing GIT LFS store location from web interface.
68 - API: add get_method API call. This allows showing the method and it's parameter
69 from the CLI without reading the documentation.
70 In addition use it's mechanics to propose users other methods with close names
71 if the calling method is not found.
72 - UI: add timezone info into tooltips.
73 - Dependencies: bumped pyramid to 1.7.4
74 - Dependencies: bumped Mercurial version to 4.1.2
75
76
77 Security
78 ^^^^^^^^
79
80 - Hooks: added changes to propagate commit metadata on pre-push.
81 This allows easier implementation of checking hooks such as branch protection.
82 - Hooks: added new pretx hook to allow mercurial checks such as protected
83 branches, or force push.
84 - Auth: give owner of user group proper admin permissions to the user group.
85 This makes the behaviour consistent with repositories and repository groups.
86 And allows delegation of administration of those to other users.
87 - Password reset: strengthen security on password reset logic.
88 Generate token that has special password reset role.
89 Set 10 minute expiration for the token.
90 Add some logic to prevent brute forcing attacks.
91 Use more implicit messages to prevent user email discovery attacks.
92 - Core: added checks for password change for authenticated users in pure
93 Pyramid views. 2 views were still available and not forcing users to change
94 their passwords.
95 - Auth tokens: removed builtin auth-token for users.
96 Builtin token were non-removable, and always generated for new users. This
97 wasn't best practice for security as some users are strictly not allowed to
98 use tokens. From now on new users needs a new token generation in case they
99 want to use token based authentication.
100 - Auth tokens: don't generate builtin token for new users.
101 Also don't change them when password reset is made.
102 - Api: added last-activity into returned data of get_user api.
103
104
105 Performance
106 ^^^^^^^^^^^
107
108 - Mercurial: enabled new `Zstandard` compression algorithm available with
109 Mercurial 4.1.X. This allows faster, more CPU efficient clones when used
110 with new Mercurial clients.
111
112 - Users Admin: moved user admin to pyramid, and made it load users in chunks.
113 Fixed loading data to be lazy fetched, drastically improves speed of user
114 administration page in case of large amount of users.
115
116
117 Fixes
118 ^^^^^
119
120 - Search: goto commit search will now use a safe search option and never
121 throw any exceptions even if search is misconfigured
122 e.g. Elastic Search cluster is down.
123 - Events: fix a case for events called from API that couldn't fetch
124 registered user object.
125 - Comments: unlock submit if we use slash commands to set status.
126 - UI: fixed an issue with date of last change was not displayed correctly.
127 - Emails: added comment types (TODO/NOTE) into emails.
128 - Events: fix wrongly returned author data.
129 - Error middleware: read the instance title from cached object.
130 Reading from settings inside error handler can cause error hiding when
131 error_handler was caused by database errors.
132 - Pull requests: show version age component should use local dates instead of UTC.
133 - Pull requests: lock button when updating reviewers to forbid multi-submit
134 problems. Additionally fixed some small UI issues found in that view.
135 - Pull requests: forbid browsing versions on closed pull request.
136 - Pull requests: allow super-admins to delete pull requests instead of only owners.
137 - Diffs: support mercurial copy operation in diffs details.
138 - SVN: escape special chars to allow interactions with non-standard svn paths.
139 Path with special characters such as '#' will no longer trigger 404 errors.
140 - Data grids: fix some styling and processing text display.
141 - API: use consistent way to extract users, repos, repo groups and user groups
142 by id or name. Makes usage of Number vs String to differentiate if we pick
143 object ID or it's name this will allow editing of objects by either id or
144 it's name, including numeric string names.
145 - API: validate commit_id when using commit_comment API
146 - API: cleanup sessions enforce older_then must be a valid INT.
147
148
149 Upgrade notes
150 ^^^^^^^^^^^^^
151
152 - Auth-tokens: a builtin token will be migrated for all users into a custom
153 external token. We advise to inform users that the current builtin tokens
154 will now show as external ones. Builtin tokens were removed to allow expiring
155 ,or removing them. It's now possible to create users without any tokens.
156
157 From now on new users needs a new token generation in case they want to use
158 token based authentication.
159
160 - Hooks: we added via migration a pre transaction hook for Mercurial. If you're
161 using a custom code inside pre-push function of rcextensions make sure it
162 will not block your pushes.
@@ -9,6 +9,7 b' Release Notes'
9 9 .. toctree::
10 10 :maxdepth: 1
11 11
12 release-notes-4.7.0.rst
12 13 release-notes-4.6.1.rst
13 14 release-notes-4.6.0.rst
14 15 release-notes-4.5.2.rst
General Comments 0
You need to be logged in to leave comments. Login now