Gerrit 2.0.19.2 is now available in the usual location:

Important Notices

  • Prior User Sessions

    The cookie used to identify a signed-in user has been changed. All users will be automatically signed-out during this upgrade, and will need to sign-in again after the upgrade is complete. Users who try to use a web session from before the upgrade may receive the obtuse error message "Invalid xsrfKey in request". Prior web clients are misinterpreting the error from the server. Users need to sign-out and sign-in again to pick up a new session. This change was necessary to close GERRIT-83, see below.

  • Preserving Sessions Across Restarts

    Administrators who wish to preserve user sessions across server restarts must set [http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#cache.directory cache.directory] in gerrit.config. This allows Gerrit to flush the set of active sessions to disk during shutdown, and load them back during startup.

Schema Change

WARNING: This version contains a schema change (since 2.0.18)

Important notes about this schema change:

  • Do not run the schema change while the server is running.

    This upgrade adds a new required column to the changes table, something which cannot be done while users are creating records. Like .18, I strongly suggest a full shutdown, schema upgrade, then startup approach. Apply the database specific schema script:

  java -jar gerrit.war --cat sql/upgrade016_017_postgres.sql | psql reviewdb
  java -jar gerrit.war --cat sql/upgrade016_017_mysql.sql    | mysql reviewdb

New Features

  • New ssh create-project command

    Thanks to Ulrik Sjölin we now have gerrit create-project available over SSH, to construct a new repository and database record for a project. Documentation has also been updated to reflect that the command is now available.

  • Be more liberal in accepting Signed-off-by lines

    The "Require Signed-off-by line" feature in a project is now more liberal. Gerrit now requires that the commit be signed off by either the author or the committer. This was relaxed because kernel developers often cherry-pick in patches signed off by the author and by Linus Torvalds, but not by the committer who did the backport cherry-pick.

  • Allow cache.name.diskLimit = 0 to disable on disk cache

    Setting cache.name.diskLimit to 0 will disable the disk for that cache, even though cache.directory was set. This allows sites to set cache.diff.diskLimit to 0 to avoid caching the diff records on disk, but still allow caching web_sessions to disk, so that live sessions are maintained across server restarts. This is a change in behavior, the prior meaning of diskLimit = 0 was "unlimited", which is not very sane given how Ehcache manages the on disk cache files.

  • Allow human-readable units in config.name.maxage

    Timeouts for any cache.name.maxAge may now be specified in human readable units, such as "12 days" or "3 hours". The server will automatically convert them to minutes during parsing. If no unit is specified, minutes are assumed, to retain compatibility with prior releases.

  • Add native LDAP support to Gerrit

    Gerrit now has native LDAP support. Setting auth.type to HTTP_LDAP and then configuring the handful of ldap properties in gerrit.config will allow Gerrit to load group membership directly from the organization’s LDAP server. This replaces the need for the sync-groups script posted in the wiki. See: http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#ldap If you use the sync-groups script from the wiki page, you would also need to delete the group members after upgrading, to remove unnecessary records in your database: {{{ DELETE FROM account_group_members WHERE group_id IN ( SELECT group_id FROM account_groups WHERE automatic_membership = Y); }}}

  • Don’t allow users to edit their name if it comes from LDAP

    User information loaded from LDAP, such as full name or SSH username, cannot be modified by the end-user. This allows the Gerrit site administrator to require that users conform to the standard information published by the organization’s directory service. Updates in LDAP are automatically reflected in Gerrit the next time the user signs-in.

  • Remembers anchor during HTTP logins

    When using an HTTP SSO product, clicking on a Gerrit link received out-of-band (e.g. by email or IM) often required clicking the link twice. On the first click Gerrit redirect you to the organization’s single-sign-on authentication system, which upon success redirected to your dashboard. The actual target of the link was often lost, so a second click was required. With .19 and later, if the administrator changes the frontend web server to perform authentication only for the /login/ subdirectory of Gerrit, this can be avoided. For example with Apache:

     <Location "/login/">
       AuthType Basic
       AuthName "Gerrit Code Review"
       Require valid-user
       ...
     </Location>
During a request for an arbitrary URL, such as '/#change,42',
Gerrit realizes the user is not logged in.  Instead of sending an
immediate redirect for authentication, Gerrit sends JavaScript
to save the target token (the part after the '#' in the URL)
by redirecting the user to '/login/change,42'.  This enters
the secured area, and performs the authentication.  When the
authenticated user returns to '/login/change,42' Gerrit sends
a redirect back to the original URL, '/#change,42'.
  • Create check_schema_version during schema creation

    Schema upgrades for PostgreSQL now validate that the current schema version matches the expected schema version at the start of the upgrade script. If the schema does not match, the script aborts, although it will spew many errors.

  • Reject disconnected ancestries when creating changes

    Uploading commits to a project now requires that the new commits share a common ancestry with the existing commits of that project. This catches and prevents problems caused by a user making a typo in the project name, and inadvertently selecting the wrong project.

  • Change-Id tags in commit messages to associate commits

    Gerrit now looks for Change-Id: I…. in the footer area of a commit message and uses this to identify a change record within the project. If the listed Change-Id has not been seen before, a new change record is created. If the Change-Id is already known, Gerrit updates the change with the new commit. This simplifies updating multiple changes at once, such as might happen when rebasing an entire series of commits that are still being reviewed. A commit-msg hook can be installed to automatically generate these Change-Id lines during initial commit: {{{ scp -P 29418 review.example.com:hooks/commit-msg .git/hooks/ }}} Using this hook ensures that the Change-Id is predicatable once the commit is uploaded for review. For more details, please see the docs: http://gerrit.googlecode.com/svn/documentation/2.0/user-changeid.html

Bug Fixes

  • Fix yet another ArrayIndexOutOfBounds during side-by-s…

    We found yet another bug with the side-by-side view failing under certain conditions. I think this is the last bug.

  • Apply URL decoding to parameter of /cat/

  • Fix old image when shown inline in unified diff

    Images weren’t displaying correctly, even though mimetype.image/png.safe was true in gerrit.config. Turned out to be a problem with the parameter decoding of the /cat/ servlet, as well as the link being generated wrong.

  • Fix high memory usage seen in gerrit show-caches

    In Gerrit 2.0.18 JGit had a bug where the repository wasn’t being reused in memory. This meant that we were constantly reloading the repository data in from disk, so the server was always maxed out at core.packedGitLimit and core.packedGitOpenFiles, as no data was being reused from the cache. Fixed in this release.

  • Fix display of timeouts in gerrit show-caches

    Timeouts were not always shown correctly, sometimes 12 hours was showing up as 2.5 days, which is completely wrong. Fixed.

  • GERRIT-261 Fix reply button when comment is on the last line

    The "Reply" button didn’t work if the comment was on the last line of the file, the browser caught an array index out of bounds exception as we walked off the end of the table looking for where to insert the new editor box.

  • GERRIT-83 Make sign-out really invalidate the user’s session

    The sign-out link now does more than delete the cookie from the user’s browser, it also removes the token from the server side. By removing it from the server, we prevent replay attacks where an attacker has observed the user’s cookie and then later tries to issue their own requests with the user’s cookie. Note that this sort of attack is difficult if SSL is used, as the attacker would have a much more difficult time of sniffing the user’s cookie while it was still live.

  • Evict account record after changing SSH username

    Changing the SSH username on the web immediately affected the SSH daemon, but the web still showed the old username. This was due to the change operation not flushing the cache that the web code was displaying from. Fixed.

  • Really don’t allow commits to replace in wrong project

    It was possible for users to upload replacement commits to the wrong project, e.g. uploading a replacement commit to project B while picking a change number from project A. Fixed.

=Fixes in 2.0.19.1=

  • Fix NPE during direct push to branch closing a change

    Closing changes by pushing their commits directly into the branch didn’t always work as expected, due to some data not being initialized correctly.

  • Ignore harmless "Pipe closed" in scp command

    scp command on the server side threw exceptions when a client aborted the data transfer. We typically don’t care to log such cases.

  • Refactor user lookup during permission checking

  • GERRIT-264 Fix membership in Registered Users group

    Users were not a member of "Registered Users", this was a rather serious bug in the code as it meant many users lost their access rights.

  • GERRIT-265 Correctly catch "Invalid xsrfKey in request" error as …

    Above I mentioned we should handle this error as "Not Signed In", only the pattern match wasn’t quite right. Fixed.

  • GERRIT-263 Fix --re=bob to match bob@example.com when using HTTP_LDAP

    HTTP_LDAP broke using local usernames to match an account. Fixed.

=Fixes in 2.0.19.2=

  • Don’t line wrap project or group names in admin panels

    Line wrapping group names like "All Users" when the description column has a very long name in it is ugly.

  • GERRIT-267 Don’t add users to a change review if they cannot access

    If a user cannot access a change, let the owner know when they try to add the user as a reviewer, or CC them on it.

  • commit-msg: Do not insert Change-Id if the message is …

    The commit-msg hook didn’t allow users to abort accidental git commit invocations, as it still modified the file, making git commit think that the end-user wanted to make a commit. Anyone who has a copy of the hook should upgrade to the new hook, if possible.

  • Support recursive queries against LDAP directories

  • Fix parsing of LDAP search scope properties

    As reported on repo-discuss, recursive search is sometimes necessary, and is now the default.

Removed Features

  • Remove support for /user/email style URLs

    I decided to remove this URL, its a pain to support and not discoverable. Its unlikely anyone is really using it, but if they are, they could try using "#q,owner:email,n,z" instead.

Other Changes

  • Start 2.0.19 development

  • Document the Failure and UnloggedFailure classes in Ba…

  • Merge change 11109

  • Document gerrit receive-pack is alias for git receive-…

  • Define a simple query language for Gerrit

  • Create new projects on remote systems with mkdir -p

  • Set the GIT_DIR/description file during gerrit create-…

  • Remove unnecessary toLowerCase calls in AdminCreatePro…

  • Remove unnecessary exception from AdminCreateProject

  • Remove unused import from AccountExternalId

  • Abstract out account creation and simplify sign-on for…

  • Implement server side sign-out handling

  • Cleanup private keys in system_config table

  • Remove dead max_session_age field from system_config

  • Report Invalid xsrfKey as Not Signed In

  • Update gerrit flush-caches documentation about web_ses…

  • Update documentation on cache "web_sessions" configura…

  • Add getSchemeRest to AccountExternalId

  • Cleanup ContactStore and WebModule injection

  • Catch Bouncy Castle Crypto not installed when loading …

  • Declare caches in Guice rather than hardcoded in Cache…

  • Remove old commented out cache configuration code

  • Don’t NPE in SSH keys panel when SSHD is bound to loca…

  • Don’t send users to #register,register,mine

  • Document the new LDAP support

  • Cleanup section anchors to be more useful

  • Put anchors on every configuration variable section

  • Add missing AOSP copyright header to WebSession

  • Fix short header lines in gerrit-config.txt

  • Update documentation about system_config private key f…

  • Fetch groups from LDAP during user authentication

  • Actually honor cache.ldap_groups.maxage

  • Add enum parsing support to ConfigUtil

  • Rename LoginType to AuthType

  • Support loading the sshUserName from LDAP

  • Change ldap.accountDisplayName to ldap.accountFullName

  • Fix parsing set-to-nothing options in ldap section

  • Report more friendly errors from gwtjsonrpc

  • Ensure dialog box displays correctly on network failure

  • Document how setting LDAP properties disables web UI

  • Ensure the commit body is parsed before getting the co…

  • Cleanup more section anchors

  • Make documentation table of contents anchors human rea…

  • Remove notes about HTML 5 offline support

  • Fix typo in LegacyGerritServlet javadoc

  • Use subList in server side change query code

  • Remove unsupported /all_unclaimed

  • Rewrite UrlRewriteFilter in terms of Guice bindings

  • Create a commit-msg hook to generate Change-Id tags

  • Add change_key to changes table in database

  • Allow searching for changes by Change-Id strings

  • Display the change key, aka Change-ID in the informati…

  • Display abbreviated change ids in change lists

  • Change javax.security AccountNotFoundException to NoSu…

  • Automatically update existing changes during refs/for/…

  • Automatically close changes when pushing into a branch…

  • Document the new commit-msg hook supplied by Gerrit

  • Correct title of "Command Line Tools" documentation pa…

  • Correct URL example used in Google Analytics Integrati…

  • Correct comment about customizing categories and caches

  • Fix formatting of remote.name.timeout section in docum…

  • Add anchors for remote settings in replication.config …

  • Widen the search panel now that Change-Ids are 41 char…

  • Revert "Ensure dialog box displays correctly on networ…

  • Allow searches for Change-Ids starting with lowercase …

  • Fix line wrapped formatting in ChangeListServiceImpl

  • Move Change.Key abbreviation to Change.Key class

  • Format change ids in listing tables with a fixed with …

  • Cleanup documentation of the commit-msg hook

  • Cleanup the command line tool index page

  • Correct stale documentation section about SSH authenti…

  • Correct access control documentation about project own…

  • Quote the current directory when running asciidoc

  • Move the Default Workflow link into the top of the Use…

  • Correct formatting of usage in gerrit-cherry-pick docu…

  • Document how Gerrit uses Change-Id lines

  • Add Change-Id lines during cherry-pick if not already …

  • Fix "no common ancestry" bug

  • Fix commit-msg hook to handle first lines like "foo: f…

  • Add a link to Gerrit’s project to the top of gerrit-ch…

  • Add full ASLv2 copyright notice to commit-msg hook

  • Embed Gerrit’s version number into shell scripts copie…

  • Don’t drop max_session_age column in transaction durin…

  • gerrit 2.0.19