RhodeCode Enterprise 3.0.0 Release Notes

As RhodeCode Enterprise 3.0 is a big release, the release notes have been split into the following sections:

• General

• Security

• API

• Performance

• Pull Requests

• Gists

• Search

• Fixes

General

• Released 2015-01-27

• Basic Subversion support added

• GPLv3 components removed

• Server/Client architecture for VCS systems created

• Python 2.5 and 2.6 support deprecated

• Server info pages now show gist/archive cache storage, and also CPU/Memory/Load information.

• Added new bulk commit (changeset) status comment form into compare view which enables bulk code-reviews without opening a pull-request.

• License checks and limits now only apply to active users.

• Removed CLI command for repository scans as it can be done via an API call.

• VCS backends can be globally enabled/disabled from the rhodecode.ini file.

• Added a UI option to set default rendering to rst or markdown.

• Added syntax highlighting to 2 way compare diff.

• Markup rendering can now render checkboxes for easy checklists generation.

• Gravatars are now retina ready.

• Admins can define custom CSS or JavaScript in the header or footer via new pre/post code options.

• Replaced graph.js with commits-graph.js html5 implementation.

• Added editable owner field for repository groups, and user group.

• Added an option to detach/delete user repositories when deleting users from the system.

• Added a Supervisor control page that shows status of processes.

• User admin grid can now filter by username OR email.

• Added personal repository group link for easier fork creation.

• Added support for using subdirectories when creating and uploading new files.

• Added option to rename a file from the web interface.

• Added arrow key navigation to file filter and fixed the back button behaviour.

• Added fuzzy matching to file filter.

• Added functionality to create folder structures along with files when adding content via the web interface.

• Separated default permissions UI into global, user, or object permissions management.

• Added an inheritance flag to object permissions which allows for explicit permissions which disregard global permissions.

• Added post create repository group hook.

• Added trigger push hooks on online file editor.

• Added default title for pull request.

• More detailed logs during Authentication.

• More explicit logging when permission checks occur.

• Switched the implementation of Git fetch clone pull checkout commands to pure Python without any subprocess calls.

• Introduced the rcserver command for custom development.

• Added the ability to force no cache archived via the GET no_cache flag

Security

• CSRF (Cross-Site Request Forgery) tokens now in all pages that use forms.

• The clone_url field is now AES encrypted inside the database.

• ACLs (Access Control Lists) are checked on the gist edit page for logged in users.

• New repository groups and repositories are created with 0755 permissions and not not 0777.

• Explicit RSS tokens are used for the RSS journal, when leaked, limits access to RSS only.

• Fixed XSS issues when rendering raw SVG files.

• Added force password reset option for users.

• IP list now accepts comma-separated values, and also ranges using - to specify multiple addresses.

• Added auth tokens, these authentication tokens can be used as an alternative to passwords.

• Added roles (http, api, rss, all, vcs) into authentication tokens (previously called apikeys).

• LDAP Group Support added.

• Added JASIG CAS auth plugin support.

• Added a plugin parameter that defines if a plugin can create new users on the fly.

API

• Added permissions delegation when creating repositories or repository groups.

• Added strip support for Mercurial and Git repositories.

• Added comments API for commits.

• Added add/remove methods for extra fields in repositories.

• get_* calls now use permission() and permission_user_group() methods for unified permissions structure.

• get_repo_nodes information sending has changed and is no longer a boolean flag, it’s now basic or full.

• Due to configurable backends repo_type is now mandatory parameter for the create_repo call.

Performance

• Significant performance improvements across all application functions.

• HTTP Authentication performance enhancements.

• Added a scope variable to the permissions fetching function which improves building permission trees in large amounts by a factor of 10.

• Implemented caching logic for all authentication plugins. The AUTH_CACHE_TTL = <int> property now allow you to set the cache in seconds.

Pull Requests

• Pull requests can be now updated and merged from the web interface

• Fixed creating a Mercurial pull request from a bookmark.

• Forbid closing pull requests when calculated status is different that the approved or rejected version.

• Properly display calculated pull request review status on listing page.

• Disable delete comment button if pull request is closed.

Gists

• New UI based on grids with filtering.

• Super-admins can see all gists.

• Gists can now be created with a custom names.

Search

• New API based indexer.

• Added the ability to create size limits for indexed files.

• Added a new mapping configuration file which gives a very high level of flexibility when creating full text search.

Fixes

• General: fixed issues with dependent objects, such as users in user groups. Cleaning up these dependent objects is now done in a safe way.

• General: deleting a user group from settings > advanced will use force removal and cleanup from all associations.

• General: fixed issue with filter proxy middleware it’s now more error prone.

• General: fixed issues with unable to create fork inside a group.

• General: fixed bad logic in ext_json lib, that checked bool on microseconds, in case it was 0 bool it returned False.

• General: authors in annotation mode shows authors of current source, not from all history (that is in normal mode)

• Permissions: fix issue when inherit flag for user group stopped working after initial permissions set.

• Git: fixed shallow clones.

• Git: added \n into the service line of Git protocol. It is in the specifications and some python clients require this.

• Mercurial: fix thread safety for mercurial in-memory commits.

• Windows: fixed issue with shebang and env headers.

• MySQL: fixed database fields with 256 char length with added indexes. Mysql had problems with them.

• Database: fixed bad usage of matching using ILIKE. Previously it could happen that if you had marcin_1@rhodecode.com and marcin_2@rhodecode.com emails, using marcin_@rhodecode.com would match both.

• VCS: fixed issues with double new lines on the commit patches.

• VCS: repository locking now requires write permission to repository. If we allowed locking with read, people can lock repository without an option to unlock it.

• Models: removed the isdigit call that can create issues when names are actually numbers on fetching objects.

• Files: Fix bug with show authors in annotate view.

• Hooks: truncate excessive commit lists on post_push hook.

• Hooks: in Git, support added to set the default branch if it is not master.

• Notifications: now can be marked as read when you are not admin.

• Notifications: marking all notifications as read will hide the counter.

• Frontend: fixed branch-tag switcher multiple ajax calls.

• Repository group: repository group owners can now change group settings even if they don’t have access to top-level permissions.

• Repositories: if you set Fork of in advanced repository settings it will now only show valid repositories with the same type.