|RCE| 3.0.0 |RNS| ----------------- As |RCM| 3.0 is a big release, the release notes have been split into the following sections: * :ref:`general-rn-ref` * :ref:`security-rn-ref` * :ref:`api-rn-ref` * :ref:`performance-rn-ref` * :ref:`prs-rn-ref` * :ref:`gists-rn-ref` * :ref:`search-rn-ref` * :ref:`fixes-rn-ref` .. _general-rn-ref: General ^^^^^^^ * Released 2015-01-27 * Basic |svn| support added * GPLv3 components removed * Server/Client architecture for VCS systems created * Python 2.5 and 2.6 support deprecated * Server info pages now show gist/archive cache storage, and also CPU/Memory/Load information. * Added new bulk commit (changeset) status comment form into compare view which enables bulk code-reviews without opening a pull-request. * License checks and limits now only apply to active users. * Removed CLI command for |repo| scans as it can be done via an API call. * VCS backends can be globally enabled/disabled from the :file:`rhodecode.ini` file. * Added a UI option to set default rendering to rst or markdown. * Added syntax highlighting to 2 way compare diff. * Markup rendering can now render checkboxes for easy checklists generation. * Gravatars are now retina ready. * Admins can define custom CSS or JavaScript in the header or footer via new pre/post code options. * Replaced ``graph.js`` with ``commits-graph.js`` html5 implementation. * Added editable owner field for repository groups, and user group. * Added an option to detach/delete user repositories when deleting users from the system. * Added a Supervisor control page that shows status of processes. * User admin grid can now filter by username OR email. * Added personal |repo| group link for easier fork creation. * Added support for using subdirectories when creating and uploading new files. * Added option to rename a file from the web interface. * Added arrow key navigation to file filter and fixed the back button behaviour. * Added fuzzy matching to file filter. * Added functionality to create folder structures along with files when adding content via the web interface. * Separated default permissions UI into `global`, `user`, or `object` permissions management. * Added an inheritance flag to object permissions which allows for explicit permissions which disregard global permissions. * Added post create repository group hook. * Added trigger push hooks on online file editor. * Added default title for pull request. * More detailed logs during Authentication. * More explicit logging when permission checks occur. * Switched the implementation of |git| ``fetch clone pull checkout`` commands to pure |py| without any subprocess calls. * Introduced the ``rcserver`` command for custom development. * Added the ability to force no cache archived via the ``GET no_cache`` flag .. _security-rn-ref: Security ^^^^^^^^ * CSRF (Cross-Site Request Forgery) tokens now in all pages that use forms. * The ``clone_url`` field is now AES encrypted inside the database. * ACLs (Access Control Lists) are checked on the gist edit page for logged in users. * New repository groups and repositories are created with 0755 permissions and not not 0777. * Explicit RSS tokens are used for the RSS journal, when leaked, limits access to RSS only. * Fixed XSS issues when rendering raw SVG files. * Added force password reset option for users. * IP list now accepts comma-separated values, and also ranges using `-` to specify multiple addresses. * Added ``auth tokens``, these authentication tokens can be used as an alternative to passwords. * Added roles (``http, api, rss, all, vcs``) into authentication tokens (previously called ``apikeys``). * LDAP Group Support added. * Added JASIG CAS auth plugin support. * Added a plugin parameter that defines if a plugin can create new users on the fly. .. _api-rn-ref: API ^^^ * Added permissions delegation when creating |repos| or |repo| groups. * Added ``strip`` support for |hg| and |git| |repos|. * Added comments API for commits. * Added add/remove methods for extra fields in repositories. * ``get_*`` calls now use ``permission()`` and ``permission_user_group()`` methods for unified permissions structure. * ``get_repo_nodes`` information sending has changed and is no longer a boolean flag, it's now ``basic`` or ``full``. * Due to configurable backends ``repo_type`` is now mandatory parameter for the ``create_repo`` call. .. _performance-rn-ref: Performance ^^^^^^^^^^^ * Significant performance improvements across all application functions. * HTTP Authentication performance enhancements. * Added a ``scope`` variable to the permissions fetching function which improves building permission trees in large amounts by a factor of 10. * Implemented caching logic for all authentication plugins. The ``AUTH_CACHE_TTL = <int>`` property now allow you to set the cache in seconds. .. _prs-rn-ref: Pull Requests ^^^^^^^^^^^^^ * Pull requests can be now updated and merged from the web interface * Fixed creating a Mercurial |pr| from a bookmark. * Forbid closing pull requests when calculated status is different that the approved or rejected version. * Properly display calculated pull request review status on listing page. * Disable delete comment button if |pr| is closed. .. _gists-rn-ref: Gists ^^^^^ * New UI based on grids with filtering. * Super-admins can see all gists. * Gists can now be created with a custom names. .. _search-rn-ref: Search ^^^^^^ * New API based indexer. * Added the ability to create size limits for indexed files. * Added a new mapping configuration file which gives a very high level of flexibility when creating full text search. .. _fixes-rn-ref: Fixes ^^^^^ * General: fixed issues with dependent objects, such as ``users`` in ``user groups``. Cleaning up these dependent objects is now done in a safe way. * General: deleting a ``user group`` from **settings > advanced** will use force removal and cleanup from all associations. * General: fixed issue with filter proxy middleware it's now more error prone. * General: fixed issues with unable to create fork inside a group. * General: fixed bad logic in ``ext_json`` lib, that checked bool on microseconds, in case it was 0 bool it returned False. * General: authors in annotation mode shows authors of current source, not from all history (that is in normal mode) * Permissions: fix issue when inherit flag for user group stopped working after initial permissions set. * |git|: fixed shallow clones. * |git|: added ``\n`` into the service line of |git| protocol. It is in the specifications and some python clients require this. * |hg|: fix thread safety for mercurial ``in-memory`` commits. * Windows: fixed issue with shebang and env headers. * MySQL: fixed database fields with 256 char length with added indexes. Mysql had problems with them. * Database: fixed bad usage of matching using ``ILIKE``. Previously it could happen that if you had ``marcin_1@rhodecode.com`` and ``marcin_2@rhodecode.com`` emails, using ``marcin_@rhodecode.com`` would match both. * VCS: fixed issues with double new lines on the commit patches. * VCS: repository locking now requires write permission to repository. If we allowed locking with read, people can lock repository without an option to unlock it. * Models: removed the ``isdigit`` call that can create issues when names are actually numbers on fetching objects. * Files: Fix bug with show authors in annotate view. * Hooks: truncate excessive commit lists on ``post_push`` hook. * Hooks: in |git|, support added to set the default branch if it is not ``master``. * Notifications: now can be marked as read when you are not admin. * Notifications: marking all notifications as read will hide the counter. * Frontend: fixed branch-tag switcher multiple ajax calls. * Repository group: |repo| group owners can now change group settings even if they don't have access to top-level permissions. * Repositories: if you set ``Fork of`` in advanced repository settings it will now only show valid repositories with the same type.