Headline
CVE-2022-34009: Fossil: Change Log
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.
Changes for version 2.20 (pending)
- Replaced the --dryrun flag with --dry-run in all commands which still used the former name, for consistency.
Changes for version 2.19 (2022-07-21)
- On file listing pages, sort filenames using the “uintnocase” collating sequence, so that filenames that contains embedded integers sort in numeric order even if they contain a different number of digits. (Example: “fossil_80_…” comes before “fossil_100.png” in the /skins/blitz directory listing.)
- Enhancements to the graph layout algorithm design to improve readability and promote better situational awareness.
- Performance enhancement for the “root:BRANCHNAME” style of tag, accomplished using a Common Table Expression in the underlying SQL.
- Sort tag listings (command line and webpage) by taking numbers into consideration so as to cater for tags that follow semantic versioning.
- On the wiki listings, omit by default wiki pages that are associated with check-ins and branches.
- Add the new “fossil describe” command.
- Markdown subsystem extended with footnotes support. See corresponding test cases, known limitations and discussion.
- Add the new special name “start:BRANCH” to refer to the first check-in of the branch.
- Support generated “mimetype” columns in the TICKET and TICKETCHNG tables.
- Fix remote-url-overwrite bug where remote-url is overwritten by the proxy setting during sync operation. Also require explicit “system” proxy setting to use “http_proxy” environment variable.
- Reimplemented the /pikchrshow app to use a WebAssembly build of pikchr so that it can render pikchrs on the client instead of requiring a server round-trip.
- Add the email-listid setting. If set, it is used as the List-ID header for all outbound notification emails.
- Add the “–branch” option to the “timeline” command to restrict the displayed items to a specific branch.
- Add the “–versions” option to “fossil diff” to display details about the compared versions into the patch header.
- Numerous other minor enhancements.
Changes for version 2.18 (2022-02-23)
- Added support for SSL/TLS server mode for commands like “fossil server” and “fossil http”
- The new cherry-pick command is an alias for merge --cherrypick.
- Add new setting "large-file-size". If the size of any file in a commit exceeds this size, a warning is issued.
- Query parameter “year=YYYY” is now accepted by /timeline.
- The tar and zip commands no longer sterilize the manifest file.
- Futher improvement to diff alignment in cases that involve both edits and indentation changes.
- Chat improvements:
- The /chat page input options have been reworked again for better cross-browser portability.
- When sending a /chat message fails, it is no longer immediately lost and sending may optionally be retried.
- /chat can now optionally embed attachments of certain types directly into message bodies via an iframe.
- Add the “–as FILENAME” option to the “fossil chat send” command.
- Added the “fossil chat pull” command, available to administrators only, for backing up the chat conversation.
- Promote the test-detach command into the detach command.
- For “fossil pull” with the --from-parent-project option, if no URL is specified then use the last URL from the most recent prior "fossil pull --from-parent-project".
- Add options --project-name and --project-desc to the “fossil init” command.
- The /ext page generates the SERVER_SOFTWARE environment variable for clients.
- Fix the REQUEST_URI CGI variable such that it includes the query string. This is how most other systems understand REQUEST_URI.
- Added the --transport-command option to fossil sync and similar.
Changes for version 2.17 (2021-10-09)
- Major improvements to the “diff” subsystem, including:
- Added new formatting options: --by, -b, --webpage, --json, --tcl.
- Partial-line matching for unified diffs
- Better partial-line matching for side-by-side diffs
- Buttons on web-based diffs to show more context
- Performance improvements
- The --branchcolor option on fossil commit and fossil amend can now take the value “auto” to force Fossil to use its built-in automatic color choosing algorithm.
- Fossil now autosyncs prior to running fossil open.
- Add the ticket-default-report setting, which if set to the title of a ticket report causes that ticket report to be displayed below the search box in the /ticket page.
- The “nc” query parameter to the /timeline page causes all graph coloring to be omitted.
- Improvements and bug fixes to the new “fossil ui REMOTE” feature so that it works better on a wider variety of platforms.
- In /wikiedit, show the list of attachments for the current page and list URLs suitable for pasting them into the page.
- Add the --no-http-compression option to fossil sync and similar.
- Print total payload bytes on a fossil sync when using the --verbose option.
- Add the close, reopen, hide, and unhide subcommands to the branch command.
- The "-p" option to fossil branch list shows only private branches.
- The Markdown formatter now interprets the content of block HTML markup (such as <table>) in most cases. Only content of <pre> and <script> is passed through verbatim.
- The wiki list command no longer lists “deleted” pages by default. Use the new --all option to include deleted pages in the output.
- The fossil all git status command only shows reports for the subset of repositories that have a configured Git export.
- The /chat configuration was reimplemented and provides new options, including the ability for a repository administrator to extend the selection of notification sounds using unversioned files.
- Chat now uses fossil’s full complement of markdown features, instead of the prior small subset of markup it previously supported. This retroactively applies to all chat messages, as they are markdown-processed when they are sent instead of when they are saved.
- Added a chat message preview mode so messages can be previewed before being sent. Similarly, added a per-message ability to view the raw un-parsed message text.
- The hotkey to activate preview mode in /wikiedit, /fileedit, and /pikchrshow was changed from ctrl-enter to shift-enter in order to align with /chat’s new preview feature and related future changes.
Changes for Version 2.16 (2021-07-02)
- Security: Fix the client-side TLS so that it verifies that the server hostname matches its certificate.
- The default “ssh” command on Windows is changed to “ssh” instead of the legacy "plink", as ssh is now generally available on Windows systems. Installations that still need to use the legacy “plink” can make that happen by running: 'fossil set ssh-command “plink -ssh” --global’.
- Added the fossil patch command.
- The fossil ui command is enhanced in multiple ways:
- The REPOSITORY argument can be the name of a check-out directory.
- If the REPOSITORY argument is prefixed by “HOST:” or “USER@HOST:” then the ui is run on the remote machine and tunnelled back to the local machine using ssh. (The latest version of fossil must be installed on both the local and the remote for this to work correctly.)
- The new --nobrowser and --fossilcmd options is provided.
- The /brlist web page allows the user to select multiple branches to be displayed together in a single timeline.
- The Forum provides a hyperlink on the author of each post that goes to a timeline of recent posts by that same author.
- Added the “fossil bisect run” command for improved automation of bisects.
- The fossil merge command now does a better job merging branches where files have been renamed between the current branch and the branch being merged.
- The fossil open command allows the repository file to be inside the working directory without requiring the --force flag.
- The /wikiedit and /wikinew pages now default to markdown format.
- The /login page now links to a user’s forum post timeline if the repository has forum posts.
- Tags may now be propagated for forum posts, wiki pages, and technotes. The tag command can now manipulate and list such tags.
- Login-Groups are now shown on the repository list of the “fossil all ui” command.
- Administrators can configure email alerts to expire a specific number of days (ex: 365) after the last user contact with the Fossil server. This prevents alert emails being sent to abandoned email accounts forever.
- SQL that defines database objects for tickets now can DROP a VIEW or an INDEX provided that its name starts with ‘ticket’ or 'fx_’.
- Update the built-in SQLite to version 3.36.0.
- Numerous other minor enhancements.
Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07) and 2.15.2 on (2021-06-15)
- Patch 2.15.2: Fix the client-side TLS so that it verifies that the server hostname matches its certificate. Upgrading to the patch is recommended.
- Patch 2.15.1: Fix a data exfiltration bug in the server. Upgrading to the patch is recommended.
- The default CSP has been relaxed slightly to allow images to be loaded from any URL. All other resources are still locked down by default.
- The built-in skins all use the “mainmenu” setting to determine the content of the main menu. The ability to edit the “mainmenu” setting is added on the /Admin/Configuration page.
- The hamburger menu is now available on most of the built-in skins.
- Any built-in skin named “X” can be used instead of the standard repository skin by adding the URL parameter skin=X to the request. The selection is persisted using the display preferences cookie unless the “once” query parameter is also included. The /skins page may be used to select a skin.
- The /cookies page now gives the user an opportunity to delete individual cookies. And the /cookies page is linked from the /sitemap, so that it appears in hamburger menus.
- The /sitemap extensions are now specified by a single new "sitemap-extra setting", rather than a cluster of various “sitemap-*” settings. The older settings are no longer used. This change might require minor server configuration adjustments on servers that use /sitemap extensions. The /Admin/Configuration page provides the ability to edit the new “sitemap-extra” setting.
- Added the “–ckout-alias NAME” option to fossil ui, fossil server, and fossil http. This option causes Fossil to understand URIs of the form “/doc/NAME/…” as if they were "/doc/ckout/…", to facilitate testing of embedded documentation changes prior to check-in.
- For diff web pages, if the diff type (unified versus side-by-side) is not specified by a query parameter, and if the “preferred-diff-type” setting is omitted or less than 1, then select the diff type based on a guess of whether or not the request is coming from a mobile device. Mobile gets unified and desktop gets side-by-side.
- The various pages which show diffs now have toggles to show/hide individual diffs.
- Add the “preferred-diff-type” setting to allow an admin to force a default diff type.
- The “pikchr-background” settings is now available in “detail.txt” skin files, for better control of Pikchr colors in inverted color schemes.
- Add the --list option to the tarball, zip, and sqlar commands.
- The javascript used to implement the hamburger menu on the default built-in skin has been made generic so that it is usable by a variety of skins, and promoted to an ordinary built-in javascript file.
- New TH1 commands: "builtin_request_js", "capexpr", "foreach", "lappend", and “string match”
- The leaves command now shows the branch point of each leaf.
- The fossil add command refuses to add files whose names are reserved by Windows (ex: “aux”) unless the --allow-reserved option is included. This helps prevent unix users from accidentally creating check-ins that are unreadable by Windows users.
- Add the “re=” query parameter to the /dir webpage, for symetry with the /tree page.
- Update the built-in SQLite to version 3.35.0.
- The ./configure script now has the --print-minimum-sqlite-version option that prints the minimum SQLite version required by the current version of Fossil. This might be used by integrators who insist on building Fossil to link against the system SQLite library rather than the built-in copy of SQLite, to verify that their system SQLite library is recent enough.
- Webpage that shows history of a wiki page gained client-side UI to help with comparison between two arbitrary versions of a wiki (by the means of anchoring a “baseline” version) and the ability to squeeze several sequential edits made by the same user into a single “recycled” row (the latest edit in that sequence).
Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07) and 2.14.2 on (2021-06-15)
- Patch 2.14.2: Fix the client-side TLS so that it verifies that the server hostname matches its certificate. Upgrading to the patch is recommended.<
- Patch 2.14.1: Fix a data exfiltration bug in the server. Upgrading to the patch is recommended.
- Schema Update Notice #1: This release drops a trigger from the database schema (replacing it with a TEMP trigger that is created as needed). This change happens automatically the first time you add content to a repository using Fossil 2.14 or later. No action is needed on your part. However, if you upgrade to version 2.14 and then later downgrade or otherwise use an earlier version of Fossil, the email notification mechanism may fail to send out notifications for some events, due to the missing trigger. If you want to permanently downgrade an installation, then you should run “fossil rebuild” after the downgrade to get email notifications working again. If you are not using email notification, then the schema change will not affect you in any way.
- Schema Update Notice #2: This release changes how the descriptions of wiki edits are stored in the EVENT table, for improved display on timelines. You must run “fossil rebuild” to take advantage of this enhancement. Everything will still work without "fossil rebuild", except you will get goofy descriptions of wiki updates in the timeline.
- Add support for Fossil chat.
- The “fossil clone” command is enhanced so that if the repository filename is omitted, an appropriate name is derived from the remote URL and the newly cloned repo is opened. This makes the clone command work more like Git, thus making it easier for people transitioning from Git.
- Added the --mainbranch option to the fossil git export command.
- Added the --format option to the “fossil timeline” command.
- Enhance the --numstat option on the “fossil diff” command so that it shows a total number of lines added and deleted and total number of files modified.
- Add the “contact” sub-command to fossil user.
- Added commands “fossil all git export” and "fossil all git status".
- Added the “df=CHECKIN” query parameter to the /timeline page.
- Improvements to the “/sitemap” page. Add subpages /sitemap-timeline and /sitemap-test.
- Better text position in cylinder objects of Pikchr diagrams.
- New “details.txt” settings available to custom skins to better control the rendering of Pikchr diagrams:
- pikchr-foreground
- pikchr-scale
- pikchr-fontscale
- Allow the use of SQL functions inside the ticket table definition for custom ticket configurations.
- The built-in SQLite is updated to version 3.35.0 alpha containing performance optimizations, especially performance associated with startup, and minor improvements to the CLI.
- Performance optimizations to Fossil itself.
- Countless improvements and enhancements to the documentation
Changes for Version 2.13 (2020-11-01)
- Added support for interwiki links.
- Enable <del> and <ins> markup in wiki.
- Improvements to the Forum threading display.
- Added support for embedding pikchr markup in markdown and fossil-wiki content.
- The new “pikchr” command can render pikchr scripts, optionally pre-processed with TH1 blocks and variables exactly like site skins are.
- The new pikchrshow page provides an editor and previewer for pikchr markup.
- In /wikiedit and /fileedit, Ctrl-Enter can now be used initiate a preview and to toggle between the editor and preview tabs.
- The /artifact and /file views, when in line-number mode, now support interactive selection of a range of lines to hyperlink to.
- Enhance the /finfo webpage so that when query parameters identify both a filename and a checkin, the resulting graph tracks the identified file across renames.
- The built-in SQLite is updated to an alpha of version 3.34.0, and the minimum SQLite version is increased to 3.34.0 because the /finfo change in the previous bullet depends on enhancements to recursive common table expressions that are only available in SQLite 3.34.0 and later.
- Countless other minor refinements and documentation improvements.
Changes for Version 2.12.1 (2020-08-20)
- (2.12.1): Fix client-side vulnerabilities discovered by Max Justicz.
- Security fix in the “fossil git export” command. The same fix is also backported to version 2.10.1 and 2.11.1. New “safety-net” features were added to prevent similar problems in the future.
- Enhancements to the graph display for cases when there are many cherry-pick merges into a single check-in. Example
- Enhance the fossil open command with the new --workdir option and the ability to accept a URL as the repository name, causing the remote repository to be cloned automatically. Do not allow “fossil open” to open in a non-empty working directory unless the --keep option or the new --force option is used.
- Enhance the markdown formatter to more closely follow the CommonMark specification with regard to text highlighting. Underscores in the middle of identifiers (ex: fossil_printf()) no longer need to be escaped.
- The markdown-to-html translator can prevent unsafe HTML (for example: <script>) on user-contributed pages like forum and tickets and wiki. The admin can adjust this behavior using the safe-html setting on the Admin/Wiki page. The default is to disallow unsafe HTML everywhere. Example.
- Added the “collapse” and “expand” capability for long forum posts. Example
- The “fossil remote” command now has options for specifying multiple persistent remotes with symbolic names. Currently only one remote can be used at a time, but that might change in the future.
- Add the “Remember me?” checkbox on the login page. Use a session cookie for the login if it is not checked.
- Added the experimental “fossil hook” command for managing “hook scripts” that run before checkin or after a push.
- Enhance the fossil revert command so that it is able to revert all files beneath a directory.
- Add the fossil bisect skip command.
- Add the fossil backup command.
- Enhance fossil bisect ui so that it shows all unchecked check-ins in between the innermost “good” and “bad” check-ins.
- Added the --reset flag to the "fossil add", "fossil rm", and “fossil addremove” commands.
- Added the "–min N" and "–logfile FILENAME" flags to the backoffice command, as well as other enhancements to make the backoffice command a viable replacement for automatic backoffice. Other incremental backoffice improvements.
- Added the /fileedit page, which allows editing of text files online. Requires explicit activation by a setup user.
- Translate built-in help text into HTML for display on web pages. Example.
- On the /timeline webpage, the combination of query parameters “p=CHECKIN” and “bt=ANCESTOR” draws all ancestors of CHECKIN going back to ANCESTOR. For example, /timeline?p=202006271506&bt=version-2.11 shows all ancestors of the checkin that occured on 2020-06-27 15:06 going back to the 2.11 release.
- Update the built-in SQLite so that the “fossil sql” command supports new output modes “.mode box” and ".mode json".
- Add the "obscure()" SQL function to the “fossil sql” command.
- Added virtual tables “helptext” and “builtin” to the “fossil sql” command, providing access to the dispatch table including all help text, and the builtin data files, respectively.
- Delta compression is now applied to forum edits.
- The wiki editor has been modernized and is now Ajax-based. The WYSIWYG editing option for Fossil-format wiki pages was removed. (Please let us know, via the site’s Forum menu, if that removal unduly impacts you.) This also changes the semantics of the wiki "Sandbox": that pseudo-page may be freely edited but no longer saved via the UI (the wiki CLI command can, though).
- The allow-symlinks setting no longer syncs. It must be activated individually on any clones which require symlinks.
- Countless documentation enhancements.
Changes for Version 2.11 (2020-05-25)
- (2.11.2): Backport security fixes from 2.12.1
- (2.11.1): Backport security fix for the “fossil git export” command.
- Support Markdown in the default ticket configuration.
- Timestamp strings in object names can now omit punctation. So, for example, “202004181942” and “2020-04-18 19:42” mean the same thing.
- Enhance backlink processing so that it works with Markdown-formatted tickets and so that it works for wiki pages. Ticket [a3572c6a5b47cd5a].
- “fossil rebuild” is needed to take full advantage of this fix. Fossil will continue to work without the rebuild, but the new backlinks will be missing.
- The algorithm for finding the location of the configuration database is enhanced to be XDG-compliant.
- Add a hide/show feature to associated wiki display on check-in and branch information pages.
- Enhance the “fossil info” command so that it works with no arguments even if not within an open check-out.
- Many improvements to the forum and especially email notification of forum posts, in response to community feedback after switching SQLite support from a mailing list over to the forum.
- Minimum length of a self-registered user ID increased from 3 to 6 characters.
- When the “vfx” query parameter is used on the “/timeline” page, it causes the complete text of forum posts to be displayed.
- Rework the “fossil grep” command to be more useful.
- Expose the redirect-to-https setting to the settings command.
- Improve support for CGI on IIS web servers.
- The /ext page can now render index files, in the same way as the embedded docs.
- Most commands now support the Unix-conventional “–” flag to treat all following arguments as filenames instead of flags.
- Added the mimetypes config setting (versionable) to enable mimetype overrides and custom definitions.
- Add an option on the /Admin/Timeline setup page to set a default timeline style other than "Modern".
- In embedded documentation, hyperlink URLs of the form “/doc/$CURRENT/…” the “$CURRENT” text is translated into the check-in hash for the document currently being viewed.
- Added the /phantoms webpage that shows all phantom artifacts.
- Enhancements to phantom processing to try to reduce bandwidth-using chatter about phantoms on the sync protocol.
- Security: Fossil now assumes that the schema of every database it opens has been tampered with by an adversary and takes extra precautions to ensure that such tampering is harmless.
- Security: Fossil now puts the Content-Security-Policy in the HTTP reply header, in addition to also leaving it in the HTML <head> section, so that it is always available, even if a custom skin overrides the HTML <head> and omits the CSP in the process.
- Output of the fossil diff -y command automatically adjusts according to the terminal width.
- The Content-Security-Policy is now set using the default-csp setting.
- Merge conflicts caused via the merge and update commands no longer leave temporary files behind unless the new --keep-merge-files flag is used.
- The /artifact_stats page is now accessible to all users if the new “artifact_stats_enable” setting is turned on. There is a new checkbox under the /Admin/Access menu to turn that capability on and off.
- Add the fossil tls-config command for viewing the TLS configuration and the list of SSL Cert exceptions.
- Captchas all include a button to read the captcha using an audio file, so that they can be completed by the visually impaired.
- Stop using the IP address as part of the login cookie.
- Bug fix: fix the SSL cert validation logic so that if an exception is allowed for particular site, the exception expires as soon as the cert changes values.
- Bug fix: the FTS search into for forum posts is now kept up-to-date correctly.
- Bug fix: the “fossil git export” command is now working on Windows
- Bug fix: display Technote items on the timeline correctly
- Bug fix: fix the capability summary matrix of the Security Audit page so that it does not add “anonymous” capabilities to the “nobody” user.
- Update internal Unicode character tables, used in regular expression handling, from version 12.1 to 13.
- Many documentation enhancements.
- Many minor enhancements to existing features.
Changes for Version 2.10 (2019-10-04)
- (2.10.2): backport security fixes from 2.12.1
- (2.10.1): backport security fix for the “fossil git export” command.
- Added support for CGI-based Server Extensions.
- Added the repolist-skin setting used to add style to repository list pages.
- Enhance the hierarchical display of Forum threads to do less indentation and to provide links back to the previous message in the thread. Provide sequential numbers for all messages in a forum thread.
- Add support for fenced code blocks and improved hyperlink processing to the markdown formatter.
- Add support for hyperlinks to wiki pages in the markdown formatter.
- Enhance the /stat page so that it gives the option to show a breakdown of forum posts.
- The special check-in name “merge-in:BRANCH” means the source of the most recent merge-in from the parent branch of BRANCH.
- Add hyperlinks to branch-diffs on the /info page and from timelines of a branch.
- Add graphical context on the /vdiff page.
- Uppercase query parameters, POST parameters, and cookie names are converted to all lowercase and entered into the parameter set, instead of being discarded.
- Change the default hash policy to SHA3.
- Timeout CGI requests after 300 seconds, or some other value set by the “timeout:” property in the CGI script.
- The check-in lock interval is reduced from 24 hours to 60 seconds, though the interval is now configurable using a setting. An additional check for conflicts is added after interactive check-in comment entry, to compensate for the reduced lock interval.
- Performance optimizations.
- Many documentation improvements.
Changes for Version 2.9 (2019-07-13)
- Added the fossil git export command and instructions for creating a GitHub mirror of a Fossil project.
- Improved handling of relative hyperlinks on the /artifact pages for wiki. For example, hyperlinks and the lizard <img> now work correctly for both /artifact/2ff24ab0887cf522 and /doc/0d7ac90d575004c2415/www/index.wiki.
- Enhancements to the timeline graph layout, to show more information with less clutter.
- Added tool-tips to the /timeline graph. On by default but can be disabled by setting the “Tooltip dwell time” to 0 in the timeline configuration.
- Copy buttons added to various check-in hash and branch name links.
- Double-clicking on a /timeline graph node now jumps to the /info page for the check-in. So, repurpose the timestamp hyperlink to show all activity around that check-in in time.
- Added the fossil touch command, and the --setmtime option on the fossil open and fossil update commands.
- Many documentation enhancements.
- For the “fossil update” and “fossil checkout” commands, if a managed file is removed because it is no longer part of the target check-in and the directory containing the file is empty after the file is removed and the directory is not the current working directory and is not on the empty-dirs list, then also remove the directory.
- Update internal Unicode character tables, used in regular expression handling, from version 11.0 to 12.1.
- In "fossil regexp", “fossil grep” and the TH1 “regexp” command, the -nocase option now removes multiple diacritics from the same character (derived from SQLite’s remove_diacritics=2)
- Added the /secureraw page that requires the complete SHA1 or SHA3 hash, not just a prefix, before it will deliver content.
- Accept purely numeric ISO8601 date/time strings as long as they do not conflict with a hash. Example: “20190510134217” instead of "2019-05-10 13:42:17". This helps keep URLs shorter and less complicated
- Support both "1)" and “1.” for numbered lists in markdown, as commonmark does.
- The sync and clone HTTP requests omit the extra /xfer path element from the end of the request URI. All servers since 2010 know that the HTTP request is for a sync or clone from the mimetype so the extra path element is not needed.
- If an automatic sync gets a permanent redirect request, then update the saved remote URL to the new address.
- Temporary filenames (for example used for external “diff” commands) try to preserve the suffix of the original file.
- Added the /thisdayinhistory web page.
- Enhanced parsing of /timeline query parameters "ymd=", "ym=", and "yw=". All arguments are option (in which case they default to the current time) and all accept ISO8601 date/times without punctuation.
- Automatically disapprove pending moderation requests for a user when that user is deleted. This helps in dealing with spam-bots.
- Improvements to the “Capability Summary” section in the Security Audit web-page.
- Use new “ci-lock” and “ci-lock-failed” pragmas in the sync protocol to try to prevent accident forks caused by concurrent commits when operating in auto-sync mode.
- Fix a bug (details) that can cause repository databases to be overwritten with debugging output, thus corrupting the repository. This is only a factor when CGI debugging is enabled, and even then is a rare occurrence, but it is obviously an important fix.
Changes for Version 2.8 (2019-02-20)
- Show cherry-pick merges as dotted lines on the timeline graph. → The “fossil rebuild” command must be run to create and populate the new “cherrypick” table in the repository in order for this feature to operate.
- Add the ability to associate branches, check-ins, and tags with specially-named Wiki pages. This gives the ability to better document branches and tags, and provide more documentation on check-ins beyond the check-in comment. The associated Wiki is automatically displayed on /info pages for check-ins, and on /timeline?r=BRANCH and /timeline?t=TAG pages for branches and tags. This feature is on by default, but can be disabled in on the Admin/Wiki page.
- Enhance the repository list page (shown for example by “fossil all ui”) so that it shows the name and last check-in time for each project. The implementation of the repository list page is now broken out into a separate source file (repolist.c).
- Allow users with Forum Supervisor permission (‘6’) to add Forum Write Trusted permission (‘4’) to users as they are approving a forum post by that user.
- When running a bisect, report the number of check-ins still in the search range and the estimated number of bisect steps remaining. Do this at each step of the bisect.
- Provide a permanent link to a bisect timeline using the bid= query parameter.
- Make the chronological forum display feature available to all users, and make it the default format on mobile devices.
- Break out Wiki setup into a separate /setup_wiki page, accessible on the standard menus through Admin/Wiki.
- Add “Next” and “Previous” buttons on the /wdiff page, allowing the user to step through the versions of a wiki page.
- Improve the display of the /whistory page.
- Omit the “HH:MM” timestamps on timeline graphs on narrow-screen devices, to improve horizontal space uses. This helps make Fossil more mobile-friendly.
- Enhance /wcontent to show a sortable list of Wiki pages together with the number of revisions and the most recent change time for each page.
- Hyperlinks to Wiki pages on the /timeline go to the specific version of the Wiki page named in the timeline, not to the latest version.
- Enhancements to the "amend", "tag", and “reparent” commands, including adding options --override-date, --override-user, and --dry-run.
- Add the global --comment-format command-line option and the comment-format setting to control the display of the command-line timeline.
- Change the “fossil reparent” command so that it only works from within an active checkout.
- On the /setup_ucap_list, show administrators how many users have each capability. The counts are a hyperlink to the /setup_ulist page showing the subset of users that have that capability.
- Provide the ability to redirect all HTTP pages to HTTPS. Formerly one could cause this to occur for the /login page only. That option still exists, but the redirect can now also be done for all pages.
- “Compress” the built-in javascript by omitting comments and leading and trailing whitespace.
- Detect when the repository used by a checkout is swapped out for a clone that uses different RID values, and make appropriate adjustments to the checkout database to avoid any problems.
- Add the backoffice-disable setting to completely disable the backoffice feature.
- Update the built-in SQLite to version 3.27.1.
- Various other small enhancements to webpages and documentation.
Changes for Version 2.7 (2018-09-22)
- Add the email alerts feature for commits, ticket changes, wiki changes, forum posts, and announcements. This is still a work in progress. It is functional, but it is not as easy to setup and use as it ought to be.
- Add the discussion forum feature.
- Add new user capabilities letters needed to support alerts and forum. Formerly, user capabilities were letters from [a-z], but with the enhancements, the supply of lower case letters was exhausted. User capabilities are now letters in [a-zA-Z0-9].
- The built-in skins are now responsive, providing better layout on small screens, including mobile devices.
- The default skin now includes a hamburger menu that is generated by the /sitemap page.
- All of the built-in skins now use a Content Security Policy (CSP) to help prevent cross-site injection and forgery attacks. There are no known vulnerabilities in Fossil. The added CSP does not fix anything; it merely adds another layer of defense.
- The /sitemap and other list pages show as multiple columns if the viewing window is wide enough.
- There is an optional “js” file for each skin that can be used to hold javascript. This file can be loaded by reference or can be included in the header or footer.
- Add the backoffice.
- Update internal Unicode character tables, used in regular expression handling, from version 10.0 to 11.0.
- Improvements to the “Security Audit” administration page
- Add the fossil branch current command.
- Add the grep command.
- Update the built-in SQLite to version 3.25.1.
- Some code and interfaces are in place to support sending and receiving email directly via SMTP, but this feature is not yet complete or ready for production use.
- The `mv-rm-files` setting is now compiled into Fossil in the default Fossil configuration; no longer must you say ./configure --with-legacy-mv-rm to make it available. The setting remains disabled by default, however, so you must still say fossil set mv-rm-files 1 to enable it on each repository where you want hard mv/rm behavior.
Changes for Version 2.6 (2018-05-04)
- Fix a bug that was causing crashes while trying to clone the TCL repository. This fix is the main reason for the current release.
- Added the new “Classic” timeline viewing mode. “Classic” is the same as “Verbose” in the previous release. The “Verbose” mode is now like “Compact” except the extra check-in details are shown by default.
- Add support for ETags:, Last-Modified:, and If-Modified-Since: cache control mechanisms.
- Enhance the /tarball, /zip, and /sqlar pages so that the checkin name to be downloaded can be expressed as part of the URI, and without the need for query parameters.
- On the /timeline webpage, add the days=N query parameter and enhance the ymd=DATE and yw=DATE query parameters to accept ‘now’ as an argument to show the latest day or week.
- In the web page that comes up in response to the fossil all ui command, show the last modification time for each repository, and allow click-to-sort on the modification time column.
- In the tarball cache replacement algorithm, give extra weight to tarballs that have been accessed more than once.
- Additional defenses against web-based attacks. There have not been any known vulnerabilities. We are just being paranoid.
- Update the built-in SQLite to an alpha version of 3.24.0.
Changes for Version 2.5 (2018-02-07)
- Numerous enhancements to the look and feel of the web interface. Especially: Added separate "Modern", "Compact", "Verbose", and “Columnar” view options on timelines.
- Common display settings (such as the “view” option and the number of rows in a timeline) are held in a cookie and thus persist across multiple pages.
- Rework the skin editing process so that changes are implemented on one of nine /draft pages, evaluated, then merged back to the default.
- Added the Ardoise skin.
- Fix the “fossil server” command on Unix to be much more responsive to multiple simultaneous web requests.
- Use the IPv6 stack for the “fossil ui” and “fossil server” commands on Windows.
- Support for SQL Archives as a download option.
- Fossil now automatically generates the <html><head>…</head><body> at the beginning of each web page if the configurable header lacks a <body> tag.
- Added the /artifact_stats page, currently accessible only by the administrator.
- Upgrade to the latest versions of SQLite and OpenSSL.
- Improved key bindings on the Tk diff screen generated by "fossil diff --tk".
- Begin factoring out in-line javascript into separately loaded script files. This is a step along the road toward supporting a strict Content Security Policy. More work is to be done.
- Initial infrastructure is in place to make use of the pledge() system call in OpenBSD. More work is to be done.
Changes for Version 2.4 (2017-11-03)
- New feature: URL Aliases. URL Aliases allow an administrator to define their own URLs on the web interface that are rewritten to built-in URLs with specific parameters. Create and configure URL Aliases using the /Setup/URL_Aliases menu option in the web interface.
- Add tech-note search capability.
- Add the -r|–revision and -o|–origin options to the annotate command.
- Add the origin= query parameter to the /annotate webpage.
- The fossil annotate command and the /annotate web page go backwards in time as far as can be computed in 30 milliseconds by default, rather than stopping after 20 steps. The new limit= query parameter or the --limit command-line option can be used to alter this timeout.
- Provide separate on-line help screens for each setting.
- Back out support for the --no-dir-symlinks option
- Remove support from the legacy configuration sync protocol. The only way now to do a configuration push or pull is to use the new protocol that was added in 2011.
- Add the from= and to= query parameters to /fdiff in order to get a diff of two files in the same check-in.
- Fix the “ssh://” protocol to prevent an attack whereby the attacker convinces a victim to run a “clone” with a dodgy URL and thereby gains access to their system.
- Provide a checkbox that will temporarily disable all ad-units.
- Improvements to the /stat page
- Various new hyperlinks to the /bloblist and /bigbloblist pages.
- Correct the /doc page to support read-only repositories.
- Correct /zip, /tarball, zip, and tarball pages and commands to honor the versioned manifest setting when outside of an open checkout directory.
- The admin-log and access-log settings are now on by default for new repositories.
- Update the built-in SQLite to version 3.21.0.
Changes for Version 2.3 (2017-07-21)
- Update the built-in SQLite to version 3.20.0 (beta).
- Update internal Unicode character tables, used in regular expression handling, from version 9.0 to 10.0.
- Show the last-sync-URL on the /urllist page.
- Added the “Event Summary” activity report. example
- Added the “Security Audit” page, available to administrators only
- Added the Last Login time to the user list page, for administrators only
- Added the --numstat option to the fossil diff command
- Limit the size of the heap and stack on unix systems, as a proactive defense against the Stack Clash attack.
- Fix “database locked” warnings caused by "PRAGMA optimize".
- Fix a potential XSS vulnerability on the /help webpage.
- Documentation updates
Changes for Version 2.2 (2017-04-11)
- GIT comment tags are now handled by Fossil during import/export.
- Show the content of README files on directory listings. (example)
- Support for Basic Authentication if enabled (default off).
- Show the hash algorithms used on the /rcvfromlist page.
- The /tarball and /zip pages now use the the r= query parameter to select which check-in to deliver. The uuid= query parameter is still accepted for backwards compatibility.
- Update the built-in SQLite to version 3.18.0.
- Run “PRAGMA optimize” on the database connection as it is closing.
Changes for Version 2.1 (2017-03-10)
- Add support for hash policies that control which of the Hardened-SHA1 or SHA3-256 algorithms is used to name new artifacts.
- Add the “gshow” and “gcat” subcommands to fossil stash.
- Add the /juvlist web page and use it to construct the Download Page of the Fossil self-hosting website using Ajax.
Changes for Version 2.0 (2017-03-03)
- Use the hardened SHA1 implementation by Marc Stevens and Dan Shumow.
- Add the ability to read and understand artifact names that are based on SHA3-256 rather than SHA1, but do not actually generate any such names.
- Added the sha3sum command.
- Update the built-in SQLite to version 3.17.0.
Changes for Version 1.37 (2017-01-16)
- Add checkbox widgets to various web pages. See this technote for more information. To get the checkboxes to look as intended, you must update the CSS in your repository and all clones.
- Add the fossil all ui command
- Add the /file webpage
- Enhance the /brlist webpage to make use of branch colors.
- Add support for the ms=EXACT|LIKE|GLOB|REGEXP query parameter on the /timeline webpage, with associated form widgets.
- Enhance the changes and status commands with many new filter options so that specific kinds of changes can be found without having to pipe through grep or sed.
- Enhanced the fossil sql command so that it opens the checkout database and the configuration database in addition to the repository database.
- TH1 enhancements:
- Add [unversioned content] command.
- Add [unversioned list] command.
- Add project_description variable.
- Rename crnl-glob setting to crlf-glob, but keep crnl-glob as a compatibility alias.
- Added the --command option to the diff command.
- Fix a C99-ism that prevents the 1.36 release from building with MSVC.
- Fix ticket set when using the “+” prefix with fields from the “ticketchng” table.
- Remove the “fusefs” command from builds that do not have the underlying support enabled.
- Fixes for incremental git import/export.
- Minor security enhancements to encrypted repositories.
- Update the built-in SQLite to version 3.16.2.
- Update the built-in Zlib to version 1.2.11.
Changes for Version 1.36 (2016-10-24)
- Add support for unversioned content, the fossil unversioned command and the /uv and /uvlist web pages.
- The download page is moved into unversioned content so that the self-hosting Fossil websites no longer uses any external content.
- Added the “Search” button to the graphical diff generated by the --tk option on the diff command.
- Added the “–checkin VERSION” option to the diff command.
- Various performance enhancements to the diff command.
- Update internal Unicode character tables, used in regular expression handling, from version 8.0 to 9.0.
- Update the built-in SQLite to version 3.15. Fossil now requires the SQLITE_DBCONFIG_MAINDBNAME interface of SQLite which is only available in SQLite version 3.15 and later and so Fossil will not work with earlier SQLite versions.
- Fix multi-line timeline bug
- Enhance the fossil purge command.
- New command fossil shell.
- SQL parameters whose names are all lower-case in Ticket Report SQL queries are filled in using HTTP query parameter values.
- Added support for child projects that are able to pull from their parent but not push.
- Added the -nocomplain option to the TH1 “query” command.
- Added support for the chng=GLOBLIST query parameter on the /timeline webpage.
Changes for Version 1.35 (2016-06-14)
- Enable symlinks by default on all non-Windows platforms.
- Enhance the Markdown formatting so that hyperlinks that begin with “/” are relative to the root of the Fossil repository.
- Rework the /setup_list page (the User List page) to display all users in a click-to-sort table.
- Fix backslash-octal escape on filenames while importing from git
- When markdown documents begin with <h1> HTML elements, use that header at the document title.
- Added the /bigbloblist page.
- Enhance the /finfo page so that when it is showing the ancestors of a particular file version, it only shows direct ancestors and omits changes on branches, thus making it show the same set of ancestors that are used for /blame.
- Added the --page option to the fossil ui command
- Added the fossil bisect ui command
- Enhanced the fossil diff command so that it accepts directory names as arguments and computes diffs on all files contained within those directories.
- Fix the fossil add command so that it shows “SKIP” for files added that were already under management.
- TH1 enhancements:
- Add [array exists] command.
- Add minimal [array names] command.
- Add tcl_platform(engine) and tcl_platform(platform) array elements.
- Get autosetup working with MinGW.
- Fix autosetup detection of zlib in the source tree.
- Added autosetup detection of OpenSSL when it may be present under the “compat” subdirectory of the source tree.
- Added the fossil reparent command
- Added --include and --exclude options to fossil tarball and fossil zip and the in= and ex= query parameters to the /tarball and /zip web pages.
- Add support for encrypted Fossil repositories.
- If the FOSSIL_PWREADER environment variable is set, then use the program it names in place of getpass() to read passwords and passphrases
- Option --baseurl now works on Windows.
- Numerous documentation improvements.
- Update the built-in SQLite to version 3.13.0.
Changes for Version 1.34 (2015-11-02)
- Make the fossil clean command undoable for files less than 10MiB.
- Update internal Unicode character tables, used in regular expression handling, from version 7.0 to 8.0.
- Add the new amend command which is used to modify tags of a "check-in".
- Fix bug in import command, handling version 3 of the svndump format for subversion.
- Add the all cache command.
- TH1 enhancements:
- Add minimal [lsearch] command. Only exact case-sensitive matching is supported.
- Add the [glob_match], [markdown], [dir], and [encode64] commands.
- Add the [tclIsSafe] and [tclMakeSafe] commands to the Tcl integration subsystem.
- Add 'double’, 'integer’, and ‘list’ classes to the [string is] command.
- Add the --undo option to the diff command.
- Build-in Antirez’s “linenoise” command-line editing library for use with the fossil sql command on Unix platforms.
- Add stash cat as an alias for the stash show command.
- Automatically pull before fossil merge when auto-sync is enabled.
- Fix --hard option to fossil mv and fossil rm to enable them to work properly with certain relative paths.
- Change the mimetype for “.n” and “.man” files to text/plain.
- Display improvements in the fossil bisect chart command.
- Updated the built-in SQLite to version 3.9.1 and activated JSON1 and FTS5 support (both currently unused within Fossil).
Changes for Version 1.33 (2015-05-23)
- Improved fork detection on fossil update, fossil status and related commands.
- Change the default skin to what used to be called "San Francisco Modern".
- Add the /repo-tabsize web page
- Add fossil import --svn, for importing a subversion repository into fossil which was exported using "svnadmin dump".
- Add the “–compress-only” option to fossil rebuild.
- Use a pie chart on the /reports?view=byuser page.
- Enhanced fossil clean --verily so that it ignores keep-glob and ignore-glob settings. Added the -x alias for --verily.
- Add the --soft and --hard options to fossil rm and fossil mv. The default is still --soft, but that is now configurable at compile-time or by the mv-rm-files setting.
- Improved ability to customize the timeline graph.
- Improvements to the /sitemap page.
- Automatically adjust the CLI timeline to the terminal width on Linux.
- Added [info commands] and [info vars] commands to TH1. These commands perform the same function as their Tcl counterparts, except they do not accept a pattern argument.
- Fix some obscure issues with TH1 expression processing.
- Fix titles in search results for documents that are not wiki, markdown, or HTML.
- Formally translate TH1 to Tcl return codes and vice-versa, where necessary, in the Tcl integration subsystem.
- Add fossil leaves -multiple, for finding multiple leaves on the same branch.
- Added the “Blitz” skin option.
- Removed the “.fossil-settings/keep-glob” file. It should not have been checked into the repository.
- Update the built-in SQLite to version 3.8.10.2.
- Make fossil open honor ".fossil-settings/allow-symlinks".
- Allow fossil add to be used on symlinks to nonexistent or unreadable files in the same way as fossil addremove.
- Added fork warning to be issued if sync produced a fork
- Update the info page to report when a file becomes a symlink. Additionally show the UUID for files whose types have changed without changing contents or symlink target.
- Have fossil changes and fossil status report when executable or symlink status changes on otherwise unmodified files.
- Permit filtering weekday and file reports by user. Also ensure the user parameter is preserved when changing types. Add a field for direct entry of the user name to each applicable report.
- Create parent directories of empty-dirs if they don’t already exist.
- Inhibit timeline links to wiki pages that have been deleted.
Changes for Version 1.32 (2015-03-14)
- When creating a new repository using fossil init, ensure that the new repository is fully compatible with historical versions of Fossil by having a valid manifest as RID 1.
- Anti-aliased rendering of arrowheads on timeline graphs.
- Added vi/less-style key bindings to the --tk diff GUI.
- Documentation updates to fix spellings and changes all “checkins” to "check-ins".
- Add the --repolist option to server commands such as fossil server or fossil http.
- Added the “Xekri” skin.
- Enhance the “ln=” query parameter on artifact displays to accept multiple ranges, separate by spaces (or “+” when URL-encoded).
- Added fossil forget as an alias for fossil rm.
Changes For Version 1.31 (2015-02-23)
- Change the auxiliary schema by adding columns MLINK.ISAUX and MLINK.PMID columns to the schema, to support better drawing of file change graphs. A fossil rebuild is recommended but is not required. so that the new graph drawing logic can work effectively.
- Added search over Check-in comments, Documents, Tickets and Wiki. Disabled by default. The search can be either a full-scan or it can use an index that is kept up-to-date automatically. The new /srchsetup web-page and the fts-config command were added to help configure the search capability. Expect further enhancements to the search capabilities in subsequent releases.
- Added form elements to some submenus (in particular the /timeline) for easier operation.
- Added the --ifneeded option to fossil rebuild.
- Added “override skins” using the “skin:” line of the CGI script or using the --skin LABEL option on the server, ui, or http commands.
- Embedded html documents that begin with <doc class="fossil-doc"> are displayed with standard headers and footers added.
- Allow <div style=’…’> markup in wiki.
- Renamed “Events” to "Technical Notes", while updating the technote display and control pages. Add support for technotes as plain text or as Markdown.
- Added the /md_rules pages containing summary instructions on the Markdown format.
- Added the --repolist and --nojail options to the various server commands (ex: fossil server).
- Added the fossil all add subcommand to "fossil all".
- Improvements to the /login page. Some hyperlinks to pages that require “anonymous” privileges are displayed even if the current user is “nobody” but automatically redirect to /login.
- The /doc web-page will now try to deliver the file “404.md” from the top-level directory (if such a file exists) in place of its built-in 404 text.
- Download of Tarballs and ZIP Archives by user “nobody” is now enabled by default in new repositories.
- Enhancements to the table sorting controls. More display tables are now sortable.
- Add IPv6 support to fossil sync and fossil clone
- Add more skins such as “San Francisco Modern” and "Eagle".
- During shutdown, check to see if the check-out database (“.fslckout”) contains a lot of free space, and if it does, VACUUM it.
- Added the /mimetype_list page.
- Added the /hash-collisions page.
- Allow the user of Common Table Expressions in the SQL that defaults ticket reports.
- Break out the components (css, footer, and header) for the various built-in skins into separate files in the source tree.
Changes For Version 1.30 (2015-01-19)
- Added the fossil bundle command.
- Added the fossil purge command.
- Added the fossil publish command.
- Added the fossil unpublished command.
- Enhance the /tree webpage to show the age of each file with the option to sort by age.
- Enhance the /brlist webpage to show additional information about each branch and to be sortable by clicking on column headers.
- Add support for Docker. Just install docker and type “sudo docker run -d -p 8080:8080 nijtmans/fossil” to get it running.
- Add the fossil fusefs DIRECTORY command that mounts a Fuse Filesystem at the given DIRECTORY and populates it with read-only copies of all historical check-ins. This only works on systems that support FuseFS.
- Add the administrative log that records all configuration.
- Added the /sitemap webpage.
- Added the /bloblist web page.
- Let fossil new no longer create an initial empty commit by default. The first commit after checking out an empty repository will become the initial commit.
- Added the fossil all dbstat and fossil all info commands.
- Update SQLite to version 3.8.8.
- Added the --verily option to the fossil clean command.
- Add the “autosync-tries” setting to control the number of autosync attempts before returning an error.
- Added a compile-time option (–with-miniz) to build using miniz instead of zlib. Disabled by default.
- Support customization of commands and webpages, including the ability to add new ones, via the “TH1 hooks” feature. Disabled by default. Enabled via a compile-time option.
- Add the [checkout], [render], [styleHeader], [styleFooter], [trace], [getParameter], [setParameter], [artifact], and [globalState] commands to TH1, primarily for use by TH1 hooks.
- Automatically adjust the width of command-line timeline output according to the detected width of the terminal.
- Prompt the user to optionally fix invalid UTF-8 at check-in.
- Added a line-number toggle option to the /info and /artifact pages.
- Most commands now issue errors rather than silently ignoring unrecognized command-line options.
- Use full 40-character SHA1 hashes (instead of abbreviations) in most internal URLs.
- The “ssh:” sync method on Windows now uses “plink.exe” instead of “ssh” as the secure-shell client program.
- Prevent a partial clone when the connection is lost.
- Make the distinction between 301 and 302 redirects.
- Allow commits against a closed check-in as long as the commit goes onto a different branch.
- Improved cache control in the web interface reduces unnecessary requests for common resources like the page logo and CSS.
- Fix a rare and long-standing sync protocol bug that would silently prevent the sync from running to completion. Before this bug-fix it was sometimes necessary to do “fossil sync --verily” to get two repositories in sync.
- Add the files_of_checkin virtual table - useful for ad hoc queries in the fossil sql interface, and also used internally.
- Added the “$secureurl” TH1 variable for use in headers and footers.
- (Internal:) Add the ability to include resources as separate files in the source tree that are converted into constant byte arrays in the compiled binary. Use this feature to store the Tk script that implements the --tk diff option in a separate file for easier editing.
- (Internal:) Implement a system of compile-time checks to help ensure the correctness of printf-style formatting strings.
- Fix CVE-2014-3566, also known as the POODLE SSL 3.0 vulnerability.
- Numerous documentation fixes and improvements.
- Other obscure and minor bug fixes - see the timeline for details.
Changes For Version 1.29 (2014-06-12)
- Add the ability to display content, diffs and annotations for UTF16 text files in the web interface.
- Add the “SaveAs…” and “Invert” buttons to the graphical diff display that results from using the --tk option with the fossil diff command.
- The /reports page now requires Read (“o”) permissions. The “byweek” report now properly propagates the selected year through the event type filter links.
- The info command now shows leaf status of the checkout.
- Add support for tunneling https through a http proxy (Ticket [e854101c4f]).
- Add option --empty to the “fossil open” command.
- Enhanced the fileage page to support a glob parameter.
- Add -w|–ignore-all-space and -Z|–ignore-trailing-space options to fossil annotate, fossil blame, fossil (g)diff, fossil stash diff.
- Add --strip-trailing-cr option to fossil (g)diff and fossil stash diff.
- Add button “Ignore Whitespace” to /annotate, /blame, /ci, /fdiff and /vdiff UI pages.
- Enhance /reports with a “byweekday” view.
- Enhance the fossil cat command so that it works outside of a checkout when using the -R command-line option.
- Use full-length SHA1 hashes, not abbreviations, in most hyperlinks.
- Correctly render the <title> markup on wiki pages in the /artifact webpage.
- Enhance the fossil whatis command to report on attachments and cluster artifacts. Added the /help?cmd=test-whatis-all command for testing purposes.
- Add support for HTTP Basic Authentication on clone and sync.
- Fix the stash so that it remembers added files and re-adds them when the stash is applied.
- Fix the server so that it avoids writing to the database (and thus avoids database locking issues) on a pull or clone.
- Add support for server load management using both a cache of expensive pages (the fossil cache command) and by rejecting expensive page requests when the server load average is too high.
- Add the fossil praise command as an alias for fossil blame for subversion compatibility.
- Enhance the fossil test-diff command with -y or --tk options so that it shows both filenames above their respective columns in the side-by-side diff output.
- Issue a warning if a fossil add command tries to add a file that matches the ignore-glob.
- Add option -W|–width to “fossil stash ls” and “fossil leaves” commands.
- Enhance support for running as the root user. Now works on Haiku.
- Added the -empty option to fossil new, which causes it to not create an initial empty commit. The first commit after checking out a repo created this way will become the initial commit.
- Enhance sync operations by committing each round-trip to minimize number of retransmits when autosync fails. Include option for fossil update and fossil merge to continue even if missing content.
- Minor portability fixes for platforms where the char type is unsigned by default.
Changes For Version 1.28 (2014-01-27)
- Enhance /reports to support event type filtering.
- When cloning a repository, the user name passed via the URL (if any) is now used as the default local admin user’s name.
- Enhance the SSH transport mechanism so that it runs a single instance of the “fossil” executable on the remote side, obviating the need for a shell on the remote side. Some users may need to add the “?fossil=/path/to/fossil” query parameter to “ssh:” URIs if their fossil binary is not in a standard place.
- Add the “fossil blame” command that works just like “fossil annotate” but uses a different output format that includes the user who made each changes and omits line numbers.
- Add the “Tarball and ZIP-archive Prefix” configuration parameter under Admin/Configuration.
- Fix CGI processing so that it works on web servers that do not supply REQUEST_URI.
- Add options --dirsonly, --emptydirs, and --allckouts to the “fossil clean” command.
- Ten-fold performance improvement in large “fossil blame” or “fossil annotate” commands.
- Add option -W|–width and --offset to “fossil timeline” and “fossil finfo” commands.
- Option -n|–limit of “fossil timeline” now specifies the number of entries, just like all other commands which have the -n|–limit option. The various timeline-related functions now output “— ?? limit (??) reached —” at the end whenever appropriate. Use "-n 0" if no limit is desired.
- Fix handling of password embedded in Fossil URL.
- New --once option to fossil clone command which does not store the URL or password when cloning.
- Modify fossil ui to respect “default user” in an open repository.
- Fossil now hides check-ins that have the “hidden” tag in timeline webpages.
- Enhance /ci_edit page to add the “hidden” tag to check-ins.
- Advanced possibilities for commit and ticket change notifications over http using TH1 scripting.
- Add --sha1sum and --integrate options to the “fossil commit” command.
- Add the “clean” and “extra” subcommands to the “fossil all” command
- Add the --whatif option to “fossil clean” that works the same as "–dry-run", so that the name does not collide with the --dry-run option of "fossil all".
- Provide a configuration option to show dates on the web timeline as “YYMMMDD HH:MM”
- Add an option to the “stats” webpage that allows an administrator to see the current repository schema.
- Enhancements to the “/vdiff” webpage for more difference display options.
- Added the “/tree” webpage as an alternative to “/dir” and make it the default way of showing file lists.
- Send gzipped HTTP responses to clients that support it.
Changes For Version 1.27 (2013-09-11)
- Enhance the fossil changes, fossil clean, fossil extras, fossil ls and fossil status commands to restrict operation to files and directories named on the command-line.
- New --integrate option to fossil merge, which automatically closes the merged branch when committing.
- Renamed /stats_report page to /reports. Graph width is now relative, not absolute.
- Added yw=YYYY-WW (year-week) filter to timeline to limit the results to a specific year and calendar week number, e.g. /timeline?yw=2013-01.
- Updates to SQLite to prevent opening a repository file using file descriptors 1 or 2 on Unix. This fixes a bug under which an assertion failure could overwrite part of a repository database file, corrupting it.
- Added support for unlimited line lengths in side-by-side diffs.
- New --close option to fossil commit, which immediately closes the branch being committed.
- Added chart option to fossil bisect.
- Improvements to the “human or bot?” determination.
- Reports errors about missing CGI-standard environment variables for HTTP servers which do not support them.
- Minor improvements to sync support on Windows.
- Added --scgi option to fossil server.
- Internal improvements to the sync process.
- The internals of the JSON API are now MIT-licensed, so downstream users/packagers are no longer affected by the “do no evil” license clause.
Changes For Version 1.26 (2013-06-18)
- The argument to the --port option for the fossil ui and fossil server commands can take an IP address in addition to the port number, causing Fossil to bind to just that one IP address.
- After prompting for a password, also ask if that password should be remembered.
- Performance improvements to the diff engine.
- Fix the side-by-side diff engine to work better with multi-byte Unicode text.
- Color-coding in the web-based annotation (blame) display. Fix the annotation engine so that it is no longer confused by time-warps.
- The markdown formatter is now available by default and can be used for tickets, wiki, and embedded documentation.
- Add subcommands “fossil bisect log” and “fossil bisect status” to the fossil bisect command, as well as other bisect enhancements.
- Enhanced defenses that prevent spiders from using excessive CPU and bandwidth.
- Consistent use of the -n or --dry-run command line options.
- Win32: Fossil now understands Cygwin paths containing one or more of the characters "*:<>?|. Those are normally forbidden in win32. This means that the win32 fossil.exe is better usable in a Cygwin environment. See http://cygwin.com/cygwin-ug-net/using-specialnames.html#pathnames-specialchars.
- Cygwin: Fossil now understands win32 absolute paths starting with a drive letter everywhere. The default value of the “case-sensitive” setting is now FALSE, except when case-sensitivity is enabled in the Windows kernel. See http://cygwin.com/cygwin-ug-net/using-specialnames.html#pathnames-casesensitive
- Enhancements to /timeline.rss, adding more flags for filtering results, including the ability to subscribe to changes made to individual tickets. For example: /timeline.rss?y=t&tkt=12fceeec82.
- Improved handling of the differences between case-sensitive and case-insensitive filesystems.
- JSON API: added the ‘status’ command to report local checkout status.
- Fixes to the --args support and documented this feature in the help.
- Added /stats_report page.
- Added ym=YYYY-MM filter to the /timeline?ym=2013-06.
- Fixed: config reset now re-installs default ticket report format.
- ssh:// and file:// protocols now ignore proxy settings.
- Added /hash-color-test web page.
- Cherry-pick merges are recorded internally (though no yet displayed on the timeline graph.)
- Bring in the latest versions of SQLite, zlib, and autosetup from upstream.
Changes For Version 1.25 (2013-02-16)
- Enhancements to ticket processing. There are now two tables: TICKET and TICKETCHNG. There is one row in TICKETCHNG for each ticket artifact. Fields from ticket artifacts go into either or both of TICKET and TICKETCHNG, whichever contain matching column names. Default ticket edit and viewing scripts are updated to use TICKETCHNG. The TH1 scripting language is enhanced to support this, including the new “query” command for doing SQL queries against the repository database. All changes should be backwards compatible.
- Add the ability to moderate ticket and wiki changes. Unmoderated changes do not sync and may be deleted by the moderator if found to contain spam or other objectionable content.
- Add javascript so that clicking on a node of the timeline graph selects that node. Then clicking on a second node shows a diff between the two nodes. Clicking on the selected node unselects it.
- Warn of unresolved merge conflicts in “fossil status” and disallow commits of unresolved conflicts unless the --allow-conflict option is used.
- Add javascript so that clicking on column headers in a ticket report sorts by the indicated column.
- Add the “fossil cat” command which is basically an alias for "fossil finfo -p".
- Hyperlinks with the class “button” are rendered as submenu buttons on embedded documentation.
- The check-in comment editor on Windows now defaults to NotePad.exe.
- Correctly deal with BOMs in check-in comments. Also attempt to convert check-in comments to UTF8 from other encodings.
- Allow the deletion of multiple stash entries using multiple arguments to the “fossil stash rm” command.
- Enhance the “fossil server DIRECTORY” command to serve static content files contained in DIRECTORY. For security, only files with a recognized suffix (such as *.html, *.jpg, *.txt, etc) will be delivered as static content, and *.fossil files are not on the list of recognized suffixes. There are additional restrictions on the names of the files.
- Allow the “fossil ui” command to specify a directory as long as the the --notfound option is used.
- Add a configuration option that causes timeline messages to be rendered as text/x-fossil-plain (which is the same as text/plain except that hyperlinks inside of […] are decorated.)
- Only decorate […] in check-in comments and tickets if the contented text really is a valid hyperlink target.
- Improvements to the side-by-side diff algorithm, for a more human-friendly display in some complex cases.
- Added [utime] and [stime] commands to TH1. These commands can be used for things such as displaying the page rendering time in the footer.
- Add the ability to pass command-line options of “fossil rebuild” to "fossil all rebuild".
- Add the --deanalyze option to “fossil rebuild” (and “fossil all rebuild”)
- Do not run the graphical merging tool nor leave merge-droppings after a dry-run merge. Display an improved merge-summary message at the end of the merge.
- Add options to “fossil commit” to override the various sanity checks. Options added: --allow-empty, --allow-fork, --allow-older, and --allow-conflict.
- Optionally require a CAPTCHA (controlled by a setting on the Admin/Access webpage) when a user who is not logged in tries to edit wiki, or a ticket, or an attachment.
- Improvements to the “ssh://” sync protocol, to help it move past noisy motd comments.
- Add the uf=FILE-SHA1-HASH query parameter to the timeline, causing the timeline to show only check-ins that contain the specific file identified by FILE-SHA1-HASH. (“uf” stands for "uses file".)
- Enhance the file change annotator so that it follows the file across name changes.
- Fix the server-side of the sync protocol so that it will not generate a delta loop when a file changes from its original state, through two or more intermediate states, and back to the original state, all within a single sync.
- Show much less output during a sync operation, unless the --verbose option is used.
- Set the action= attribute of <form> elements using javascript, as an addition defense against spam-bots.
- Disallow invalid UTF8 characters (such as characters in the surrogate pair range) in filenames.
- Judge the UserAgent strings issued by the NetSurf webbrowser to be coming from a human, not from a bot.
- Add the zlib sources to the Fossil source tree (under compat/zlib) and use those sources when compiling on (Windows) systems that do not have a zlib library installed by default.
- Prompt the user with the option to convert non-UTF8 files into UTF8 when committing.
- Allow the characters *[]? in filenames.
- Allow the --context option on diff commands to have a value of 0.
- Added the “dbstat” command.
- Enhanced “fossil merge” so that if the VERSION argument is omitted, Fossil tries to merge any forks of the current branch.
- Improved detection of forks in a commit race.
- Added the --analyze option to "fossil rebuild".
Changes For Version 1.24 (2012-10-22)
- Added support for WYSIWYG editing of wiki pages. WYSIWYG is turned off by default and can be turned on by setting a configuration option.
- Allow style= attribute to occur in HTML markup on wiki pages.
- Added the --tk option to the “fossi diff” and “fossil stash diff” commands, causing color-coded diff output to be displayed in a Tcl/Tk GUI window. This option only works if Tcl/Tk is installed on the host.
- On Windows, make the “gdiff” command default to use WinDiff.exe.
- Update the “fossil stash” command so that it always prompts for a comment if the -m option is omitted.
- Enhance the timeline webpages so that a=, b=, c=, d=, p=, and dp= query parameters (and others) can all accept any valid check-in name (such as branch names or labels) instead of just SHA1 hashes.
- Added the “fossil stash show” command.
- Added the “fileage” webpage with links to this page from the check-in information page and from the file browser.
- Added --age and -t options to the “fossil ls” command.
- Added the --setmtime option to "fossil update". When used, the mtime of all managed files is set to the time when the most recent version of the file was checked in.
- Changed the “vdiff” webpage to show the complete text of files that were added or removed (the equivalent of using the -N or --newfile options with the “fossil diff” command-line.)
- Added the --temp option to “fossil clean” and "fossil extra", causing those commands to only look at temporary files generated by Fossil, such as merge-conflict reports or aborted check-in messages.
- Enhance the raw page download so that it can guess the mimetype of attachments based on the filename.
- Change the behavior of the from= and to= query parameters on the timeline page so that by default the path between the two specified check-ins avoids merges.
- Add the --baseurl option to “fossil server” and “fossil http” commands, so that those commands can be used with reverse proxies.
- If unable to determine the command-line user, do not guess. Instead issue an error message. This helps prevent check-ins from accidentally occurring under the wrong username.
- Include branch information in the output of file change listings (the “finfo” webpage).
- Make the simplified view of file history, rather than the full view, the default.
- In the “fossil configuration” command, allow the “css” option for synchronizing, importing, or exporting just the CSS file. This makes it easier to share CSS files across repositories by exporting from one and importing to another.
- Add the (unsupported) “fossil test-orphans” command.
- Add the --template option to the “fossil init” command, to facilitate creating new repositories based on a template repository.
- Add the diff-binary setting, which if enabled causes binary files to be passed to the “gdiff” command for it to deal with, rather than simply printing a “cannot diff binary files” error.
- Add the --unified option to the “fossil diff” command to force a unified diff even if the --tk option (which normally implies a side-by-side diff) is used.
- Present a choice of nearby branches and versions to diff against on the check-in information page.
- Add the --force option to the “fossil merge” command that will force the merge to occur even if it would be a no-op. This is sometimes useful for documentation purposes.
- Add another built-in skin: "Enhanced Default". Other minor tweaks to the existing skins.
- Add the “urllist” webpage, showing a list of URLs by which a server instance of Fossil has been accessed. Requires “Administrator” privileges. A link is on the “Setup” main page.
- Enable dynamic loading of the Tcl runtime for installations that want to use Tcl as part of their configuration. This reduces the size of the Fossil binary and allows any version of Tcl 8.4 or later to be used.
- Merge the latest SQLite changes from upstream.
- Lots of minor bug fixes.
Changes For Version 1.23 (2012-08-08)
- The default checkout database name is now “.fslckout” instead of “_FOSSIL_” on Unix. Both names continue to work.
- Added the “fossil all changes” command
- Added the --ckout option to the “fossil all list” command
- Added the “public-pages” glob pattern that can be configured to allow anonymous users to see embedded documentation on sites where source code should not be accessible to anonymous users.
- Allow multiple --tag options on the same “fossil commit” command.
- Change the meaning of the --bgcolor option for “fossil commit” to only change the color for that one commit. The new --branchcolor option is available to set a persistent background color.
- Add the branch= query parameter to the vdiff page and the --branch option to the “fossil diff” command.
- Check-in names of the form “root:BRANCH” now refer to the origin of the branch. Hence to see all changes in a branch, use "fossil diff --from root:BRANCH --to BRANCH". The --branch option on the diff command is an alias for the same.
- Add the ability to configure ad-units to be displayed between the menu bar and the content.
- Add the ability to set a background image as part of server configuration.
- Allow partial commits of cherrypick merges.
- Updates against an uncommitted merge are now a warning, not a fatal error.
- Prompt the user to continue if a check-in comment is unedited.
- Fixes to case sensitivity settings with the /dir webpage.
- Repositories now try to remember the locations of all checkouts and web-access URLs and display this information with the “fossil info $REPO” command.
- Improved defense against spiders: The src= attribute of <a> elements is set using javascript after the page loads.
- Enhanced formatting of the user list page.
- If a file named in “fossil add” is missing, that is now a warning instead of a fatal error.
- Fix side-by-side diff so that it displays correctly with multi-byte UTF8 characters.
- Performance improvements in the diff logic.
- Other performance tweaks and documentation updates.
Changes For Version 1.22 (2012-03-17)
- Greatly improved “diff” processing including the new --brief option, partial line matching, colorized in-line diffs, and better performance.
- Promote “allow-symlinks” to a versionable setting
- Harden the CGI processing logic against DOS attacks
- Add the ability to run TH1 scripts after sync requests
- Store the repository name in _FOSSIL_ as it is type in the “open” command, possibly as a relative pathname.
- Make “.fslckout” the alternative name for the “_FOSSIL_” file.
- Change the “ssh:” transfer method to allow all access regardless of user permission.
- Improvements to the timeline messages associated with tag changes. (Requires a “fossil rebuild” to take effect.)
- Various additions and fixes for the JSON API.
- Improved merge-with-rename handling.
- –cherrypick merges use their origin’s commit message by default.
- Added support for multiple concurrent logins per user.
- Update to use SQLite version 3.7.11.
- Various minor bug fixes.
Changes For Version 1.21 (2011-12-13)
- Added side-by-side diffs in the command-line interface
- Automatically enable hyperlinks if the UserAgent string in the HTTP header suggests that the requestor is a human and not a bot.
- Show only commonly used commands with "fossil help". Use “fossil help --all” to see the complete list now.
- Improvements to the “stash” command: (1) Stash all files, not just those below the working directory. (2) Add the --detail option to "list". (3) Confirm before "drop --all". (4) Add the “help” subcommand.
- Add an Admin/Access setting to change the number of octets of the IP address that are saved in login cookies - allowing this setting to be changed to zero
- Promote the “test-md5sum” command to "md5sum".
- Added the “whatis” command.
- Stop showing the server-code in status outputs - it is no longer used for anything.
- Added a compile-time option (–with-tcl) to build in full Tcl scripting support via integration with TH1.
- Merged the JSON branch into trunk. Disabled by default. Enabled by a compile-time option. Probably it will be enabled by default in some future release.
- Update to use SQLite version 3.7.9 plus the alignment fix for Sparc. align
Changes For Version 1.20 (2011-10-21)
- Added side-by-side diffs in HTML interface. [0bde74ea1e]
- Added support for symlinks. (Controlled by “allow-symlinks” setting, off by default). [e4f1c1fe95]
- Fixed CLI annotate to show the proper file version in case there are multiple equal versions in history. [e161670939]
- Timeline now shows tag changes (requires rebuild).[87540ed6e6]
- Fixed annotate to show “more relevant” versions of lines in some cases. [e161670939]
- New command: ticket history. [98a855c508]
- Disabled SSLv2 in HTTPS client.[ea1d369d23]
- Fixed constant prompting regarding previously-saved SSL certificates. [636804745b]
- Other SSL improvements.
- Added -R REPOFILE support to several more CLI commands. [e080560378]
- Generated tarballs now have constant timestamps, so they are always identical for any given check-in. [e080560378]
- A number of minor HTML-related tweaks and fixes.
- Added --args FILENAME global CLI argument to import arbitrary CLI arguments from a file (e.g. long file lists). [e080560378]
- Fixed significant memory leak in annotation of files with long histories.[9929bab702]
- Added warnings when a merge operation overwrites local copies (UNDO is available, but previously this condition normally went silently unnoticed). [39f979b08c]
- Improved performance when adding many files. [a369dc7721]
- Improve merges which contain many file renames. [0b93b0f958]
- Added protection against timing attacks. [d4a341b49d]
- Firefox now remembers filled fields when returning to forms. [3fac77d7b0]
- Added the --stats option to the rebuild command. [f25e5e53c4]
- RSS feed now passes validation. [ce354d0a9f]
- Show overridden user when entering commit comment. [ce354d0a9f]
- Made rebuilding from web interface silent. [ce354d0a9f]
- Now works on MSVC with repos >2GB. [6092935ff2]
- A number of code cleanups to resolve warnings from various compilers.
- Update the built-in SQLite to version 3.7.9 beta.
Changes For Version 1.19 (2011-09-02)
- Added a ./configure script based on autosetup.
- Added the “fossil winsrv” command for creating a Fossil service on Windows systems.
- Added “versionable settings” where settings that affect the local tree can be stored in versioned files in the .fossil-settings directory.
- Background colors for branches are chosen automatically if no color is specified by the user.
- The status, changes and extras commands now show pathnames relative to the current working directory, unless overridden by command line options or the “relative-paths” setting.
WARNING: This change will break scripts which rely on the current output when the current working directory is not the repository root. - Added “empty-dirs” versionable setting.
- Added support for client-side SSL certificates with “ssl-identity” setting and --ssl-identity option.
- Added “ssl-ca-location” setting to specify trusted root SSL certificates.
- Added the --case-sensitive BOOLEAN command-line option to many commands. Default to true for Unix and false for Windows.
- Added the “Color-Test” submenu button on the branch list web page.
- Compatibility improvements to the git-export feature.
- Performance improvements on SHA1 checksums
- Update to the latest SQLite version 3.7.8 alpha.
- Fix the tarball generator to work with very log pathnames
Changes For Version 1.18 (2011-07-14)
- Added this Change Log
- Added sequential version numbering
- Added an optional configure script - the Makefile still works for most systems.
- Improvements to the “annotate” algorithm: only search primary ancestors and ignore branches.
- Update the “scrub” command to remove traces of login-groups and subrepositories.
- Added the --type option to the “fossil tag find” command.
- In contexts where only a check-in makes sense, resolve branch and tag names to checkins only, never events or other artifacts.
- Improved display of file renames on a diff. A rebuild is required to take full advantage of this change.
- Update the built-in SQLite to version 3.7.7.
Related news
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.