|RCE| 4.2.0 |RNS|
-----------------

Release Date
^^^^^^^^^^^^

- 2016-06-30


General
^^^^^^^

- Autocomplete: add GET flag support to show/hide active users on autocomplete,
  also display this information in autocomplete data.  ref #3374
- Gravatar: add flag to show current gravatar + user as disabled user (non-active)
- Repos, repo groups, user groups: allow to use disabled users in owner field.
  This fixes #3374.
- Repos, repo groups, user groups: visually show what user is an owner of a
  resource, and if potentially he is disabled in the system.
- Pull requests: reorder navigation on repo pull requests, fixes #2995
- Dependencies: bump dulwich to 0.13.0

New Features
^^^^^^^^^^^^

- My account: made pull requests aggregate view for users look like not
  created in 1995. Now uses a consistent look with repo one.
- emails: expose profile link on registation email that super-admins receive.
  Implements #3999.
- Social auth: move the buttons to the top of nav so they are easier to reach.


Security
^^^^^^^^

- Encryption: allow to pass in alternative key for encryption values. Now
  users can use `rhodecode.encrypted_values.secret` that is alternative key,
  de-coupled from `beaker.session` key.
- Encryption: Implement a slightly improved AesCipher encryption.
  This addresses issues from #4036.
- Encryption: encrypted values now by default uses HMAC signatures to detect
  if data or secret key is incorrect. The strict checks can be disabled using
  `rhodecode.encrypted_values.strict = false` .ini setting


Performance
^^^^^^^^^^^

- Sql: use smarter JOINs when fetching repository information
- Helpers: optimize slight calls for link_to_user to save some intense queries.
- App settings: use computed caches for repository settings, this in some cases
  brings almost 4x performance increase for large repos with a lot of issue
  tracker patterns.


Fixes
^^^^^

- Fixed events on user pre/post create actions
- Authentication: fixed problem with saving forms with errors on auth plugins
- Svn: Avoid chunked transfer for Subversion that caused checkout issues in some cases.
- Users: fix generate new user password helper.
- Celery: fixed problem with workers running action in sync mode in some cases.
- Setup-db: fix redundant question on writable dir. The question needs to be
  asked only when the dir is actually not writable.
- Elasticsearch: fixed issues when searching single repo using elastic search
- Social auth: fix issues with non-active users using social authentication
  causing a 500 error.
- Fixed problem with largefiles extensions on per-repo settings using local
  .hgrc files present inside the repo directory.