Release Notes

2.2.8

General

  • 2015-06-30

Fixes

  • Security: Apply the same permission checks for the API call create_repo and the web interface to create a repository.

2.2.7

General

  • 2015-02-03

Fixes

  • Security: fixed severe issue with leaking of auth_tokens(api_keys) on certain API calls.

2.2.6

General:
  • 2014-12-03
News
  • Repository locking requires at least write permission to repository.
  • API: added add/remove methods for extra fields
  • New repositories/ repository groups should be created using 0755 mode not 0777
  • Added editable owner field for repository groups
  • Added editable owner field for user groups
  • API: Permission delegation on grant/revoke user permission functions
  • Auth plugin can create user creation state on first login
  • New license logic
Fixes
  • Fix issue with unicode email addresses in custom gravatar template
  • Protect against empty author string
  • Fixed issue with multiprocess setup and cached global settings
  • Fixed issues with IIS and proxied ports
  • Fixed issue with mysql column size on installing RhodeCode
  • Fixed issue with API call for update repo when a repo inside a group was badly renamed when doing those calls

2.2.5

General:
  • released 2014-02-13
  • Improvements for larger setups
  • Extended API calls
News:
  • Better support for larger enterprise hierarchies with more repository group levels.
  • Added filters to permission boxes which makes managing of many thousand repo groups easier.
  • The My Account page requires the old password for a password change.
  • Removing of deprecated parts in .ini files.
  • Extended API: added permission delegation on user groups calls.
Fixes:
  • No fixes

2.2.4

General:
  • released 2013-12-30
  • More secure output of a remote clone URL
  • Extended API calls
  • Support for latest Git versions
News:
  • Password in a remote clone URL are not displayed anymore.
  • Better Windows support on server info page.
  • Extended API: added permission delegation to grant/revoke calls.
  • Extended API: added copy_permissions flag to create_repo_group.
  • Extended API: added apply_to_children to grant/revoke methods of repo groups.
Fixes:
  • Fixed forking into a repository group.
  • Fixed detection of remote Git repositories.
  • Fixed issue with API calls on repo names with groups.
  • Fixed unescaped characters which broke Javascript in the 2-side diff view.
  • Fixed git clone command by adding -q flag due to changes in the latest Git.

2.2.3

General:
  • released 2013-11-27
  • Asynchronous & more stable repo forking & creation
  • Inheritable repository group permissions
News:
  • Bumped Mercurial to 2.8.0.
  • Bumped Mergely to latest version.
  • Permissions from a repository group can be inherited to child repositories.
  • Added side-by-side diff link to compare files diff view.
  • Forking and creation of repositories can be done asynchronously via Celery.
  • Forking and creation of repositories is more stable in terms of concurrency and file system errors.
  • Added new visual option for number of records on admin ‘data grids’.
  • Repository admins can add/delete repository extra fields.
  • Improved validators of remote clone urls for Git and Mercurial.
Fixes:
  • Fixed page links at Gists which lost filter settings on click.
  • Fixed how auth plugins handle groups.
  • Fixed issue on mismatch of repository fork VCS type (Git or Mercurial).
  • Fixed admin UI forms which broke when using long names.
  • Fixed LookupError exceptions when ambiguous identifier was given.
  • Fixed issues which occured with Git under Windows.

2.2.2

General:
  • released 2013-11-19
  • Push & pull up to 4x faster
  • Security fixes
News:
  • Optimized the number of permission tree builds when doing push and pull operations which leads to a significant (up to 4x) performance increase.
Fixes:
  • Fixed issue with pygrack using os.cwd for working dir, that caused issues in some operating systems.
  • Fixed dulwich parents function call used when building DAG graph.
  • Fixed issue with revoke permissions on repository group when apply to children was set to ‘none’. This call could silently fail without proper notification to users.
  • Fixed issues with Mercurial hooks when creating remote repositories.
  • Strip passwords from clone urls for logging output.
  • Fixed LDAP issues with unicode. LDAP bind does not support unicode passwords.
  • Fixed admin UI which broke when using long names.
  • Fixed rendering of READMEs that contained different line endings.
  • Fixed issue with admin users of groups which could create repositories at top-level.

2.2.1

General:
  • released 2013-10-25
News:
  • No news
Fixes:
  • Fixed issue with forking.
  • Fixed redirection to previous location which was lost via container auth login.
  • API: removed urllib.unquote_plus on raw body. This caused a bug with ‘+’ chars beeing stripped out of sent JSON BODY.

2.2.0

General:
  • released 2013-10-23
  • Gists are editable
  • New keyboard shortcuts
  • Improved permission management
  • Speed improvements
  • Security improvements
News:
  • Gists are editable.
  • Gist URLs can take revisions as last parameter.
  • New keyboard shortcuts ‘gg’ and ‘gG’ open private/public Gists page.
  • New keyboard shortcut ‘gF’ opens files page with loaded files filter.
  • New keyboard shortcut ‘gO’ opens repository permissions settings.
  • ‘Apply to children’ becomes a 4-state radio button. It allows appling permissions to child objects of a repository group that are only repositories or only groups or both or none.
  • New permission for controlling repository creation with write access on repository groups.
  • Codemirror mode has added functionality of detection based on filename.
  • Added get_user function to auth plugins base. Can be overriden to customize other than standard user extraction, like the one needed for container auth.
  • API: added methods for permission managements for repo groups.
  • API: get_nodes API function is now callable not only by users with admin permissions but also with at least read permissions to a given repo.
  • Added stand-alone binary scripts for API, Gist, backup and extensions.
  • Extensions has additional notification plugins. Builtin plugins hipchat (hipchat notification on push), push_post( POST data after push). Use ‘rhodecode-extensions –plugins’ to install them.
  • Added captcha field to password_reset form.
  • Removed mailto: links, for better anti-spam protection on open instances.
  • Twice as fast page load of repository settings subpages.
  • Added checkbox in Map & Scan Admin Setting to verify and install any missing Git hooks that RhodeCode uses.
  • Bumped mako templates version to 0.9.0.
  • Bumped dulwich version to 0.9.3
  • Bumped mercurial version to 2.7.2.
Fixes:
  • Fixed issue with container_auth tring to auth against non-container users.
  • Fixed issues when authentication via container failed on Git/hg operations when using non standard (REMOTE_USER) headers.
  • Fixed some JSON decode issue in Atlassian crowd auth plugin.
  • Fixed Git-related issue that didn’t allow to push a non-master branch on the first push to the server.
  • Fixed issue on delete_user_group API call.
  • Fixed styling of password reset and register forms.
  • Fixed issue with Mercurial ui() object generation that caused certain extensions like hgsubversion to work incorrectly.
  • Fixed issue with revoked access to repo group for admins of repos inside those groups. In that case editing of these repos no longer causes an error.
  • Fixed sorting issues on tags/bookmarks/branches views.
  • Fixed issue when performing ‘git update-server-info’ while importing existing Git repositories. It makes sure now that clients can clone it.

2.1.0

General:
  • released 2013-09-25
  • Pull requests work for Mercurial and Git
  • New IP Whitelist inheritance
  • Ability to check for new update of RhodeCode Enterprise
  • Multiple API keys per user
  • Strong performance improvements
  • Shortcuts
News:
  • Added Git pull request functionality
  • Multiple API keys and the option to add additional API keys for a user together with description and expiration.
  • Users can now delete files via web interface.
  • Moved Gravatar configuration from .ini files to web interface.
  • Moved custom clone URL configuration from .ini files to web interface.
  • Default IP whitelist is now inheritable by all users. This allows to setup system-wide IP restrictions for all users.
  • Added intermediate waiting page for forks creation. After the fork is created the user is redirected to the forked repo summary page.
  • Next/prev links on changeset are now lazy calculated with onClick actions which can boost initial rendering speed of pages by 2-3x.
  • New repo switcher based on select2. Now with keyboard control and repository groups searching.Added basic keyboard navigation shortcuts, simply call ‘?’ to show them.
  • Added check for update mechanism in web interface.
  • All alerts and confirmations can be closed with an ‘x’ button in the corner.
  • Updated Mercurial to 2.7.1
  • Updated Waitress to 0.8.7
Fixes:
  • Updated Google Noto Sans web font to fix issues for older IE versions
  • Fixed Git backend calls to not use grep. Users are not required anymore to install it for Windows.
  • Fixed sorting by revision in dashboard view.
  • Container auth plugin preserves modified details after user is created and edited.
  • Fixed issue with deleting notifications for some users.
  • Fixed issue when external auth systems always regenerated tokens when user logged in (due to temp passwords on those accounts)
  • Fixed some JS errors on summary page.
  • Fixed issue when external auth plugins wanted to create new users after the free limit is reached and failed with an error.
  • Removed broken prerender calls in pagination.

2.0.2

General:
  • released 2013-08-27
News:
  • Completely new my account page.
  • Added created_on field for repository groups.
  • Users can now define extra email addresses in their account page.
  • Updated codemirror to latest version with Nginx, Jade, Smartymixed modes.
  • Better MIME-type detection of files with pygments to improve online editor syntax and mode detection.
  • Added option to enable Captcha on registration page. It helps fight spam on open RhodeCode Enterprise instances.
Fixes:
  • Many fixes for Internet Explorer 8 and newer.
  • Fix largefiles user cache location by explicitly setting the location in RhodeCode database.
  • Fixed “Remove Pull Request” button HTML on “my account” page.
  • Allow admin flag control for external authentication accounts
  • Changed landing_rev format to <rev_type>:<rev> to overcome issues with same names in different rev types like bookmarks and branches.
  • Add strip to attr_login for LDAP Auth plugin which is a very sensitive about whitespaces. Leaving whitespaces in there causes hard to debug issues.

2.0.1

General:
  • released 2013-08-14
News:
  • Create Pull-request button is visible for all logged in users, not only for those with a created repo permission set.
  • New UI on repository groups, now consistent with other views.
  • UI improvements on pull request reviewers.
  • Repository admin can revoke reviewers from pull requests.
  • Super admins can directly edit groups/users at permission box.
  • Links in footer point to website and new support pages.
Fixes:
  • Fixed download button size.
  • Fixed empty dot occuring on page titles when no site customization was set.
  • Fixed issue #893, some static resources were called without url() leading to bad address when used with proxy prefix.
  • Fixed missing external values from user forms.
  • Fixed one Git call in pygrack that defaulted to hardcoded ‘git’ instead of customized path from RhodeCode settings.
  • Fixed issue with html on revoke buttons on pull request reviewers.
  • Fixed all occurences of bad permission check that didn’t allow repository admins to do certain actions. Only global admins could run them.
  • Fixed gist url filtering for public gists.
  • Newly registered users now default to ‘rhodecode’ as authentication type.
  • Bumped Waitress version that allows setting asyncore_use_poll in settings to overcome 1024 open sockets limit with default select() implementation.

2.0.0

General:
  • released 2013-08-07
  • First introduction as RhodeCode Enterprise
News:
  • Renamed to RhodeCode Enterprise.
  • New UI based on font icons.
  • Changed buttons to Twitter Bootstrap and Flat design.
  • Only the most important button on a page is green.
  • Capitalized labels.
  • Pluggable Auth system.
  • Extended API methods. Please check the latest docs for API changes.
  • Only one most important button is green in a page.
  • Reduced size of summary page info.
  • Moved statistics to dedicated page for consistent summary view.
  • New filtered and styled select fields using select2 widget. Select fields with bigger ammount of data are lazy loaded for performance.
  • Implemented separate compare page for easy comparing changesets between revisions, tags and bookmarks.
  • Repository, repository groups, users and users groups pages are now using same data_table rendered for consistency. All are now sortable with a special filter box.
  • Small improvements on pull requests.
Fixes:
  • No fixes

1.7.2

General:
  • released 2013-07-18
News:
  • Added handling of copied files in diffs.
  • Implemented issue #387 side-by-side diffs view.
  • Added option to specify other than official bugtracker url to post issues with RhodeCode.
  • Markdown renderer now uses github flavored syntax with a better newline handling
  • Added User pre-create, create and delete hooks for rcextensions.
  • Branch selectors: show closed branches too for Mercurial.
  • Updated codemirror to latest version and added syntax coloring dropdown for various languages CodeMirror supports.
  • Added –no-public-access / –public-access flags into setup-rhodecode command to enable setup without public access.
  • Various small updates to pull requests.
  • Bumped Mercurial version to latest.
  • Diffs view doesn’t show content of delete files anymore.
Fixes:
  • Added missing __get_cs_or_redirect method for file history. Fixes issue with displaying a history of file that is not present at tip.
  • Pull request: urlify description and fix javascript injection.
  • Fixed some missing IP extraction for action logger.
  • Fixed bug with log_delete hook didn’t properly store user who triggered delete action.
  • Fixed show as raw link for private gists.
  • Fixes issue #860. IMC web commits poisoned caches when they failed with commit.
  • Fixes issue #856 file upload >1000 bytes on windows throws exception.

1.7.1

General:
  • released 2013-06-13
News:
  • Apply to children flag on repository group also adds users to private repositories, this is now consistent with user groups. Private repos default permissions are not affected by apply to children flag.
  • Removed unionrepo code as it’s part of Mercurial 2.6
  • RhodeCode accepts now read only paths for serving repositories.
Fixes:
  • Fixed issues with how mysql handles float values. Caused gists with expiration dates not work properly on MySQL.
  • Fixed issue with ldap enable/disable flag.

1.7.0

General:
  • released 2013-06-08
News:
  • Manage User’s Groups(teams): create, delete, rename, add/remove users inside by delegated user group admins.
  • Implemented simple Gist functionality.
  • External authentication got special flag to control user activation.
  • Created whitelist for API access. Each view can now be accessed by api_key if added to whitelist.
  • Added dedicated file history page.
  • Added compare option into bookmarks
  • Improved diff display for binary files and renames.
  • Archive downloading are now stored in main action journal.
  • Switch gravatar to always use ssl.
  • Implements #842 RhodeCode version disclosure.
  • Allow underscore to be the optionally first character of username.
Fixes:
  • #818: Bookmarks Do Not Display on Changeset View.
  • Fixed default permissions population during upgrades.
  • Fixed overwrite default user group permission flag.
  • Fixed issue with h.person() function returned prematurly giving only email info from changeset metadata.
  • get_changeset uses now mercurial revrange to filter out branches. Switch to branch it’s around 20% faster this way.
  • Fixed some issues with paginators on chrome.
  • Forbid changing of repository type.
  • Adde missing permission checks in list of forks in repository settings.
  • Fixes #834 hooks error on remote pulling.
  • Fixes issues #849. Web Commits functionality failed for non-ascii files.
  • Fixed #850. Whoosh indexer should use the default revision when doing index.
  • Fixed #851 and #563 make-index crashes on non-ascii files.
  • Fixes #852, flash messages had issies with non-ascii messages

1.6.0

General:
  • released 2013-05-12
News:
  • No news
Fixes:
  • #818: Bookmarks Do Not Display on Changeset View.
  • Fixed issue with forks form errors rendering.
  • #819 review status is showed in the main changelog.
  • Permission update function is idempotent, and doesn’t override default permissions when doing upgrades.
  • Fixed some unicode problems with git file path.
  • Fixed broken handling of adding an htsts headers.
  • Fixed redirection loop on changelog for empty repository.
  • Fixed issue with web-editor that didn’t preserve executable bit after editing files.