RhodeCode Enterprise 3.0.0 Release Notes#
As RhodeCode Enterprise 3.0 is a big release, the release notes have been split into the following sections:
General#
Released 2015-01-27
Basic Subversion support added
GPLv3 components removed
Server/Client architecture for VCS systems created
Python 2.5 and 2.6 support deprecated
Server info pages now show gist/archive cache storage, and also CPU/Memory/Load information.
Added new bulk commit (changeset) status comment form into compare view which enables bulk code-reviews without opening a pull-request.
License checks and limits now only apply to active users.
Removed CLI command for repository scans as it can be done via an API call.
VCS backends can be globally enabled/disabled from the
rhodecode.ini
file.Added a UI option to set default rendering to rst or markdown.
Added syntax highlighting to 2 way compare diff.
Markup rendering can now render checkboxes for easy checklists generation.
Gravatars are now retina ready.
Admins can define custom CSS or JavaScript in the header or footer via new pre/post code options.
Replaced
graph.js
withcommits-graph.js
html5 implementation.Added editable owner field for repository groups, and user group.
Added an option to detach/delete user repositories when deleting users from the system.
Added a Supervisor control page that shows status of processes.
User admin grid can now filter by username OR email.
Added personal repository group link for easier fork creation.
Added support for using subdirectories when creating and uploading new files.
Added option to rename a file from the web interface.
Added arrow key navigation to file filter and fixed the back button behaviour.
Added fuzzy matching to file filter.
Added functionality to create folder structures along with files when adding content via the web interface.
Separated default permissions UI into global, user, or object permissions management.
Added an inheritance flag to object permissions which allows for explicit permissions which disregard global permissions.
Added post create repository group hook.
Added trigger push hooks on online file editor.
Added default title for pull request.
More detailed logs during Authentication.
More explicit logging when permission checks occur.
Switched the implementation of Git
fetch clone pull checkout
commands to pure Python without any subprocess calls.Introduced the
rcserver
command for custom development.Added the ability to force no cache archived via the
GET no_cache
flag
Security#
CSRF (Cross-Site Request Forgery) tokens now in all pages that use forms.
The
clone_url
field is now AES encrypted inside the database.ACLs (Access Control Lists) are checked on the gist edit page for logged in users.
New repository groups and repositories are created with 0755 permissions and not not 0777.
Explicit RSS tokens are used for the RSS journal, when leaked, limits access to RSS only.
Fixed XSS issues when rendering raw SVG files.
Added force password reset option for users.
IP list now accepts comma-separated values, and also ranges using - to specify multiple addresses.
Added
auth tokens
, these authentication tokens can be used as an alternative to passwords.Added roles (
http, api, rss, all, vcs
) into authentication tokens (previously calledapikeys
).LDAP Group Support added.
Added JASIG CAS auth plugin support.
Added a plugin parameter that defines if a plugin can create new users on the fly.
API#
Added permissions delegation when creating repositories or repository groups.
Added
strip
support for Mercurial and Git repositories.Added comments API for commits.
Added add/remove methods for extra fields in repositories.
get_*
calls now usepermission()
andpermission_user_group()
methods for unified permissions structure.
get_repo_nodes
information sending has changed and is no longer a boolean flag, it’s nowbasic
orfull
.Due to configurable backends
repo_type
is now mandatory parameter for thecreate_repo
call.
Performance#
Significant performance improvements across all application functions.
HTTP Authentication performance enhancements.
Added a
scope
variable to the permissions fetching function which improves building permission trees in large amounts by a factor of 10.Implemented caching logic for all authentication plugins. The
AUTH_CACHE_TTL = <int>
property now allow you to set the cache in seconds.
Pull Requests#
Pull requests can be now updated and merged from the web interface
Fixed creating a Mercurial pull request from a bookmark.
Forbid closing pull requests when calculated status is different that the approved or rejected version.
Properly display calculated pull request review status on listing page.
Disable delete comment button if pull request is closed.
Gists#
New UI based on grids with filtering.
Super-admins can see all gists.
Gists can now be created with a custom names.
Search#
New API based indexer.
Added the ability to create size limits for indexed files.
Added a new mapping configuration file which gives a very high level of flexibility when creating full text search.
Fixes#
General: fixed issues with dependent objects, such as
users
inuser groups
. Cleaning up these dependent objects is now done in a safe way.General: deleting a
user group
from settings > advanced will use force removal and cleanup from all associations.General: fixed issue with filter proxy middleware it’s now more error prone.
General: fixed issues with unable to create fork inside a group.
General: fixed bad logic in
ext_json
lib, that checked bool on microseconds, in case it was 0 bool it returned False.General: authors in annotation mode shows authors of current source, not from all history (that is in normal mode)
Permissions: fix issue when inherit flag for user group stopped working after initial permissions set.
Git: fixed shallow clones.
Git: added
\n
into the service line of Git protocol. It is in the specifications and some python clients require this.Mercurial: fix thread safety for mercurial
in-memory
commits.Windows: fixed issue with shebang and env headers.
MySQL: fixed database fields with 256 char length with added indexes. Mysql had problems with them.
Database: fixed bad usage of matching using
ILIKE
. Previously it could happen that if you hadmarcin_1@rhodecode.com
andmarcin_2@rhodecode.com
emails, usingmarcin_@rhodecode.com
would match both.VCS: fixed issues with double new lines on the commit patches.
VCS: repository locking now requires write permission to repository. If we allowed locking with read, people can lock repository without an option to unlock it.
Models: removed the
isdigit
call that can create issues when names are actually numbers on fetching objects.Files: Fix bug with show authors in annotate view.
Hooks: truncate excessive commit lists on
post_push
hook.Hooks: in Git, support added to set the default branch if it is not
master
.Notifications: now can be marked as read when you are not admin.
Notifications: marking all notifications as read will hide the counter.
Frontend: fixed branch-tag switcher multiple ajax calls.
Repository group: repository group owners can now change group settings even if they don’t have access to top-level permissions.
Repositories: if you set
Fork of
in advanced repository settings it will now only show valid repositories with the same type.