##// END OF EJS Templates
deps: bumped zope.interface==7.1.1
deps: bumped zope.interface==7.1.1

File last commit:

r4728:29e77558 default
r5595:e7e5db4e default
Show More
release-notes-4.26.0.rst
55 lines | 1.7 KiB | text/x-rst | RstLexer

|RCE| 4.26.0 |RNS|

Release Date

  • 2021-08-06

New Features

General

  • Caches: introduce invalidation as a safer ways to expire keys, deleting them are more problematic.
  • Caches: improved locking problems with distributed lock new cache backend.
  • Pull requests: optimize db transaction logic. This should prevent potential problems with locking of pull-requests that have a lot of reviewers.
  • Pull requests: updates use retry logic in case of update is locked/fails for some concurrency issues.
  • Pull requests: allow forced state change to repo admins too.
  • SSH: handle subrepos better when using SSH communication.

Security

  • Drafts comments: don't allow to view history for others than owner.
  • Validators: apply username validator to prevent bad values being searched in DB, and potential XSS payload sent via validators.

Performance

  • SSH: use pre-compiled backends for faster matching of vcs detection.
  • Routing: don't check channelstream connections for faster handling of this route.
  • Routing: skip vcsdetection for ops view so they are not checked against the vcs operations.

Fixes

  • Permissions: flush all users permissions when creating a new user group.
  • Repos: recover properly from bad extraction of repo_id from URL and DB calls.
  • Comments history: fixed fetching of history for comments
  • Pull requests: fix potential crash on providing a wrong order-by type column.
  • Caches: report damaged DB on key iterations too not only the GET call
  • API: added proper full permission flush on API calls when creating repos and repo groups.

Upgrade notes

  • Scheduled release 4.26.0.