Release Date

• 2017-11-23

New Features

General

• dependencies: pin against rhodecode-tools 0.13.1. Fixes a cleanup-repos bug.

Security

• Pull requests: security(low), check for permissions on exposure of repo-refs. Prevents exposure of branches/tags on private repositories.
• Metatags: limit the scope of url => metatag to http, https and / links. Prevents possible JS injection in those types of links which is unsafe.

Performance

Fixes

• Emails: fixed validation of emails with whitespace in them.
• Repo groups: fix bad route redirect on check if user tried to revoke permissions on himself.
• Comments: place the left over comments (outdated/misplaced) to the left or right pane in side-by-side diff.
• Comments: allow to properly initialize outdated comments that are still attached. Fixes a problem when outdated TODO notes couldn't be properly resolved.
• Diffs: fixed problem with rendering no newline at the end of file markers. In case of unified diff that would show incorrect diffs in rare cases.
• Settings: fix potential 500 problem on bad data passed in.

Upgrade notes

• Fixes regression in nested repository groups update. No upgrade problems should be expected