2017-12-07 - firstname.lastname@example.org
- Use bcond for deciding between system and builtin sqlite.
- Update to version 2.4:
* New feature: URL Aliases. URL Aliases allow an administrator to
define their own URLs on the web interface that are rewritten to
built-in URLs with specific parameters. Create and configure
URL Aliases using the /Setup/URL_Aliases menu option in the
* Add tech-note search capability.
* Add the -r|--revision and -o|--origin options to the annotate
* Add the origin= query parameter to the /annotate webpage.
* The fossil annotate command and the /annotate web page go
backwards in time as far as can be computed in 30 milliseconds
by default, rather than stopping after 20 steps. The new
limit= query parameter or the --limit command-line option can
be used to alter this timeout.
* Provide separate on-line help screens for each setting.
* Back out support for the --no-dir-symlinks option
* Remove support from the legacy configuration sync
protocol. The only way now to do a configuration push or pull
is to use the new protocol that was added in 2011.
* Add the from= and to= query parameters to /fdiff in order to
get a diff of two files in the same check-in.
* CVE-2017-17459, bsc#1071709: Fix the "ssh://" protocol to
prevent an attack whereby the attacker convinces a victim to
run a "clone" with a dodgy URL and thereby gains access to
* Provide a checkbox that will temporarily disable all ad-units.
* Improvements to the /stat page
* Various new hyperlinks to the /bloblist and /bigbloblist pages.
* Correct the /doc page to support read-only repositories.
* Correct /zip, /tarball, zip, and tarball pages and commands to
honor the versioned manifest setting when outside of an open
* The admin-log and access-log settings are now on by default
for new repositories.
* Update the built-in SQLite to version 3.21.0.
2017-08-11 - email@example.com
- Update to version 2.3:
* Update internal Unicode character tables, used in regular
expression handling, from version 9.0 to 10.0.
* Show the last-sync-URL on the /urllist page (
* Added the "Event Summary" activity report. example
* Added the "Security Audit" page, available to administrators
* Added the Last Login time to the user list page,
for administrators only
* Added the --numstat option to the fossil diff command
* Limit the size of the heap and stack on unix systems, as a
proactive defense against the Stack Clash attack.
* Fix "database locked" warnings caused by "PRAGMA optimize".
* Fix a potential XSS vulnerability on the /help webpage.
* Documentation updates
2017-05-08 - firstname.lastname@example.org
- Update to version 2.2:
* GIT comment tags are now handled by Fossil during import/export.
* Show the content of README files on directory listings.
* Support for Basic Authentication if enabled (default off).
* Show the hash algorithms used on the /rcvfromlist page.
* The /tarball and /zip pages now use the the r= query parameter to
select which check-in to deliver. The uuid= query parameter is
still accepted for backwards compatibility.
* Update the built-in SQLite to version 3.18.0.
* Run "PRAGMA optimize" on the database connection as it is closing.
- Changes in Version 2.1:
* Add support for hash policies that control which of the
Hardened-SHA1 or SHA3-256 algorithms is used to name new
* Add the "gshow" and "gcat" subcommands to fossil stash.
* Add the /juvlist web page and use it to construct the Download
Page of the Fossil self-hosting website using Ajax.
2017-03-08 - email@example.com
- Update to version 2.0:
* Use the hardened SHA1 implemenation by Marc Stevens and Dan
* Add the ability to read and understand artifact names that are
based on SHA3-256 rather than SHA1, but do not actually
generate any such names.
* Added the sha3sum command.
* Update the built-in SQLite to version 3.17.0.