CollabNet delivered a major release, CollabNet 5.3.0, in May 2009. These release notes describe the contents of a patch release 5.3.0.1.
Release Date: July 2009
For state attributes, the Open flag is displayed to the administrators, including Project Owners while managing the artifact types.
Performance of many Subversion commands has been improved by bringing in the following changes:
In Discussion services, on attempting to see the list of subscribers of a discussion filtered by email, the displayed result was showing the anonymous subscribers for all the discussions in that project.
Solution: This was a bug in the filtering code and has been fixed.
On the
http://<project>.<domain>/servlets/ProjectMemberAdd
page, it was possible to assign roles to disabled user, by entering the disabled user
login name in the Mass add text area.
Solution: The "ProjectMemberAdd" action has been altered to accept only active users to assign roles.
Two Project Tracker surrogate objects are never equal, according to Object.equals(). Therefore, they are not fit to be used as Hash keys. Doing so leads to memory bloat. One of the SOAP APIs was using surrogate objects this way.
Solution: Now, Ids are used for keys.
Comments added via duplicate check result screen or by subversion integration were resulting in an invalid last modified date for the artifact.
Solution: This issue had been fixed.
The mechanism that processes the announcements for html validation was not thread safe. An issue only occured when multiple threads need this html validation and the announcement has some form of html in it.
Solution: The validation has been changed using a thread safe pattern.
Adds a <project> element (pseudo-attribute) to the artifact(s) within an <artifactList> such as that returned by getArtifactList and getArtifactById APIs. The element contains the project name.
Solution: For the history APIs. HistoryActivity.getOldValue() and HistoryActivity.getNewValue() no longer return null for move/copy activities. They will return a 2 or 3 element String[], containing the project name, artifact type display name, and artifact ID. In the case of an artifact type change within the same project, the artifact ID element is not present.
SQL which chooses the default columns for a multiple artifact type or cross-project query could be resource intensive.
Solution: The solution involves reducing the number of joins used in the SQL.
Single-part messages with non-standard content-dispositions were not being handled properly by the Discussion Services, because it could not find the "primary part".
Solution: The process has been modified to always treat the sole part of a single-part message as the primary part.
The new BDB logging code introduced a file handle leak for the new log file (berkeley-db.log).
Solution: This problem is now fixed by closing the file handles after writing.
Subversion commits having a particular pattern in the commit message break links in Project Tracker's "Subversion commit comments" section. For example: Subversion commit log below would break when given as "SC1 http://www.google.com/svn/test/test1" whereas, it would work when given as "SC1 http://www.google.com/svn/test".
Solution: Altering the Project Tracker javascript that reads and creates links from the subversion commit log to read the problematic pattern correctly, resolves the issue.
There was a security issue which was leading to Denial of Service (DoS) attack in mod_dav_svn.
Solution: The issue has been fixed by patching apr-util with fixes for this XML exploit, popularly known as "billion laughs attack".
After migrating pre-Rubicon forums, a similar mechanism to the old "discuss" type of lists has been lost, in which the subscribers to a discussion can post without needing moderation of their messages.
Solution: To emulate this behaviour, a new flag has been added to trusted discussions called "trust new subscriptions'". On enabling the functionality, all new subscribers to moderated and trusted discussions would have their "trusted" flag checked and would be able to post to the discussions without moderation.
Documents were accessible for public projects even if the guest user did not have the Project Document - View permssion.
Solution: This problem is now fixed by restricting access to sites that have a non-deleted, non-disabled guest user having the Project Document - View permission.
The etl script svn_extract_logdata.py fails for "external" log type.
Solution: Issue was with the argument sent for parseExternalSubversionLog() method. "logfile" was being sent instead of "filepath". The issue has been fixed.
Project Tracker and Subversion integration was failing to annotate artifact when commit included a file with only a property change.
Solution: This issue has been fixed and the integration works fine.
Realm details were never cached and because of this every login hit was doing a direct database query to fetch the realm details.
Solution: Now, realm details are cached and database overhead for each request is avoided.
When viewing a list of users to add to the personnel section of Advanced query, it was possible to generate a list of all the available users on one page, even though the maximum page size was set at 100. When the number of users is large, this can cause the user's browser to crash and could also cause site-wide PSR problems.
Solution: The maximum page size of 100 is now enforced.
The etl extraction script for subversion transactions was choking on some lines in subversion.log. It turned out that there were a few bugs in the log and the subversion log parser that it uses. Specifically, it was having trouble parsing lines with parenthesis in the path, 2-path diffs, and lines that had url escaped characters in them.
Solution: The "svn_extract_logdata.py" and the subversion log parser have been fixed to handle these cases appropriately.