##// END OF EJS Templates
feat(hide recaptcha secrets): masked sensitive information related to reCaptcha configuration.
feat(hide recaptcha secrets): masked sensitive information related to reCaptcha configuration.

File last commit:

r302:37a52f4e default
r5641:ad0048eb tip default
Show More
release-notes-4.2.0.rst
70 lines | 2.6 KiB | text/x-rst | RstLexer

|RCE| 4.2.0 |RNS|

Release Date

  • 2016-06-30

General

  • Autocomplete: add GET flag support to show/hide active users on autocomplete, also display this information in autocomplete data. ref #3374
  • Gravatar: add flag to show current gravatar + user as disabled user (non-active)
  • Repos, repo groups, user groups: allow to use disabled users in owner field. This fixes #3374.
  • Repos, repo groups, user groups: visually show what user is an owner of a resource, and if potentially he is disabled in the system.
  • Pull requests: reorder navigation on repo pull requests, fixes #2995
  • Dependencies: bump dulwich to 0.13.0

New Features

  • My account: made pull requests aggregate view for users look like not created in 1995. Now uses a consistent look with repo one.
  • emails: expose profile link on registation email that super-admins receive. Implements #3999.
  • Social auth: move the buttons to the top of nav so they are easier to reach.

Security

  • Encryption: allow to pass in alternative key for encryption values. Now users can use rhodecode.encrypted_values.secret that is alternative key, de-coupled from beaker.session key.
  • Encryption: Implement a slightly improved AesCipher encryption. This addresses issues from #4036.
  • Encryption: encrypted values now by default uses HMAC signatures to detect if data or secret key is incorrect. The strict checks can be disabled using rhodecode.encrypted_values.strict = false .ini setting

Performance

  • Sql: use smarter JOINs when fetching repository information
  • Helpers: optimize slight calls for link_to_user to save some intense queries.
  • App settings: use computed caches for repository settings, this in some cases brings almost 4x performance increase for large repos with a lot of issue tracker patterns.

Fixes

  • Fixed events on user pre/post create actions
  • Authentication: fixed problem with saving forms with errors on auth plugins
  • Svn: Avoid chunked transfer for Subversion that caused checkout issues in some cases.
  • Users: fix generate new user password helper.
  • Celery: fixed problem with workers running action in sync mode in some cases.
  • Setup-db: fix redundant question on writable dir. The question needs to be asked only when the dir is actually not writable.
  • Elasticsearch: fixed issues when searching single repo using elastic search
  • Social auth: fix issues with non-active users using social authentication causing a 500 error.
  • Fixed problem with largefiles extensions on per-repo settings using local .hgrc files present inside the repo directory.