If an ssh: sync fails in a way that suggests that the fossil executable
could not be found on the remote host, then retry after adding a PATH=
prefix to the command. This helps "ssh:" to "just work" when the server
is a Mac.
Moved the /museum/repo.fossil file referenced from the Dockerfile from
the ENTRYPOINT to the CMD part to allow use of --repolist mode.
The /uvlist page now shows the hash algorithm used so that
outsiders don't have to guess it from the hash length when
double-checking hashes of downloaded files on their end.
The hash itself is now shown in a fixed-width font on the /uvlist
page, suiting this tabular display.
Reworked the default skin to make everything more readable: larger
fonts, more whitespace, added indents to show hierarchy and to
offset command examples, etc. Colors are slightly adjusted to bring
things into better accord with the WCAG accessibility guidelines.
Changes for version 2.23 (2023-11-01)
Add ability to "close" forum threads, such that unprivileged users
may no longer respond to them. Only administrators can close
threads or respond to them by default, and the
forum-close-policy setting can be
used to add that capability to moderators.
The fossil fts-config command now shows how much
repository space is used by the full-text index.
Changing a setting to an empty string is now the same as deleting the
setting, in most cases. There are a few exceptions, indicated by the
keep-empty flag on the setting definition.
The fossil branch list command can now filter branches
that have/have not been merged into the current branch.
Improvements to interactions with remote repositories over SSH:
Print the text of the SSH command that is run to do remote interaction,
for full disclosure to the operator.
Add a PATH= argument to the fossil ui remote:/ and
fossil patch push/pull remote:... commands so that
they work when the "remote" machine is a Mac and the "fossil"
executable is in the $HOME/bin directory.
Update built-in libraries SQLite, ZLib, Pikchr to their latest versions.
Add the ft=TAG query parameter which in combination with d=Y
shows all descendants of Y up to TAG
Enhance the s=PATTERN (search) query parameter so that forum post
text is also searched when the "vfx" query parameter is used
Fix the u= (user) query parameter so that it works with a= and b=
Add the oldestfirst query parameter to show the events in reverse order.
Useful in combination with y=f and vfs and perhaps also u= to show all
forum events in chronological order
For the p=X and bt=Y query parameter combination, if Y is a tag that
identifies multiple check-ins, search backwards in time for Y beginning
at X
Administrators can select to skip sending notifications about new forum
posts.
If the value N is negative in "--context N" or "-c N" to the various diff
commands, then treat it as infinite and show the complete file content.
The stock OCI container no longer includes BusyBox, thus no longer
needs to start as root to chroot that power away. That in turn
frees us from needing to build and install the container as root,
since it no longer has to create a private /dev tree
inside the jail for Fossil's use.
Add support for the trigram tokenizer for FTS5 search to enable
searching in Chinese.
Comment lines (starting with a '#') are now supported inside
versioned settings.
Default permissions for anonymous users in new repositories are
changed to "hz".
The fossil status command now detects when a
file used to be a symlink and has been replaced by a regular file.
(It previously checked for the inverse case only.)
The empty-dirs setting now reuses the same
parser as the *-glob settings instead of its prior idiosyncratic
parser, allowing quoted whitespace in patterns.
The by-week, by-month, and by-year options now show an estimated
size of the current week, month, or year as a dashed box.
New sub-categories "Merge Check-ins" and "Non-Merge Check-ins".
Changes for version 2.21 (2023-02-25)
Users can request a password reset. This feature is disabled by default.
Use the new self-pw-reset property to enable it.
New web pages /resetpw and
/reqpwreset added.
Add the fossil repack command (together with
fossil all repack) as a convenient way to optimize the
size of one or all of the repositories on a system.
Add the ability to put text descriptions on ticket report formats.
The /chat page can now embed fossil-rendered
views of wiki/markdown/pikchr file attachments with the caveat that such
embedding happens in an iframe and thus does not inherit styles and such
from the containing browser window.
Writes to the database are disabled by default if the HTTP request
does not come from the same origin. This enhancement is a defense in depth
measure only; it does not address any known vulnerabilities.
Improvements to automatic detection and mitigation of attacks from
malicious robots.
The /unsubscribe page now requests confirmation. Email notifications
now contain only an "Unsubscribe" link, and not a link to subscription management.
Added the "fossil branch lsh" subcommand to list the
most recently modified branches.
More elements of the /info page are now inside of an accordion.
Replace the --dryrun flag with --dry-run in all
commands which still used the former name, for consistency.
Rebuilt the stock Dockerfile to create a "from scratch"
Busybox based container image via an Alpine Linux intermediary
Added a new document describing how to
customize, use, and run that container.
Fixed a bug introduced in 2.17 that
prevented clone --unversioned from completing the
retrieval of UV files from the remote repo. While fixing that, enabled
UV tracing output with clone --unversioned --verbose, making it
consonant with uv sync --verbose.
Changes for version 2.19 (2022-07-21)
On file listing pages, sort filenames using the "uintnocase" collating
sequence, so that filenames that contains embedded integers sort in
numeric order even if they contain a different number of digits.
(Example: "fossil_80_..." comes before "fossil_100.png" in the
/skins/blitz directory listing.)
Enhancements to the graph layout algorithm design to improve readability
and promote better situational awareness.
Performance enhancement for the
"root:BRANCHNAME" style of tag,
accomplished using a Common Table Expression in the underlying SQL.
Sort tag listings (command line and webpage) by taking numbers into
consideration so as to cater for tags that follow semantic versioning.
On the wiki listings, omit by default wiki pages that are associated with
check-ins and branches.
Fix remote-url-overwrite
bug where remote-url is overwritten by the proxy setting during sync
operation. Also require explicit "system" proxy setting to use
"http_proxy" environment variable.
Reimplemented the /pikchrshow app to use a WebAssembly build of
pikchr so that it can render pikchrs on the client instead of requiring
a server round-trip.
Add the email-listid setting. If set, it is
used as the List-ID header for all outbound notification emails.
Add the "--branch" option to the "timeline" command
to restrict the displayed items to a specific branch.
Add the "--versions" option to "fossil diff"
to display details about the compared versions into the patch header.
The /chat page input options have been reworked
again for better cross-browser portability.
When sending a /chat message fails, it is no longer
immediately lost and sending may optionally be retried.
/chat can now optionally embed attachments of certain
types directly into message bodies via an iframe.
Add the "--as FILENAME" option to the "fossil chat send"
command.
Added the "fossil chat pull" command, available to
administrators only, for backing up the chat conversation.
Promote the test-detach command into the detach command.
For "fossil pull" with the --from-parent-project option,
if no URL is specified then use the last URL from the most recent prior
"fossil pull --from-parent-project".
Add options --project-name and --project-desc to the
"fossil init" command.
The /ext page generates the SERVER_SOFTWARE environment
variable for clients.
Fix the REQUEST_URI CGI variable such
that it includes the query string. This is how most other systems understand
REQUEST_URI.
Added the --transport-command option to fossil sync
and similar.
Changes for version 2.17 (2021-10-09)
Major improvements to the "diff" subsystem, including:
Better partial-line matching for side-by-side diffs
Buttons on web-based diffs to show more context
Performance improvements
The --branchcolor option on fossil commit and
fossil amend can now take the value "auto" to
force Fossil to use its built-in automatic color choosing algorithm.
Add the ticket-default-report setting,
which if set to the title of a ticket report causes that ticket report
to be displayed below the search box in the /ticket page.
The "nc" query parameter to the /timeline page
causes all graph coloring to be omitted.
Improvements and bug fixes to the new "fossil ui REMOTE"
feature so that it works better on a wider variety of platforms.
In /wikiedit, show the list of attachments for
the current page and list URLs suitable for pasting them into the page.
Add the --no-http-compression option to fossil sync
and similar.
Print total payload bytes on a fossil sync when using
the --verbose option.
Add the close, reopen, hide, and
unhide subcommands to the branch command.
The Markdown formatter now interprets the content of
block HTML markup (such as <table>) in most cases. Only content
of <pre> and <script> is passed through verbatim.
The wiki list command no longer lists "deleted"
pages by default. Use the new --all option to include deleted
pages in the output.
The fossil all git status command only shows reports for
the subset of repositories that have a configured Git export.
The /chat configuration was reimplemented and
provides new options, including the ability for a repository
administrator to
extend the selection of notification sounds
using unversioned files.
Chat now uses fossil's full complement of markdown features,
instead of the prior small subset of markup it previously supported.
This retroactively applies to all chat messages, as they are
markdown-processed when they are sent instead of when they
are saved.
Added a chat message preview mode so messages can be previewed
before being sent. Similarly, added a per-message ability to view
the raw un-parsed message text.
The hotkey to activate preview mode in /wikiedit,
/fileedit, and /pikchrshow
was changed from ctrl-enter to shift-enter in order to align with
/chat's new preview feature and related future
changes.
Changes for Version 2.16 (2021-07-02)
Security: Fix the client-side TLS so that it verifies that the
server hostname matches its certificate.
The default "ssh" command on Windows is changed to "ssh" instead of the
legacy "plink", as ssh is now generally available on Windows systems.
Installations that still need to use the legacy "plink" can make that
happen by running: 'fossil set ssh-command "plink -ssh" --global'.
The fossil ui command is enhanced in multiple ways:
The REPOSITORY argument can be the name of a check-out directory.
If the REPOSITORY argument is prefixed by "HOST:" or "USER@HOST:"
then the ui is run on the remote machine and tunnelled back to the local
machine using ssh. (The latest version of fossil must be installed on
both the local and the remote for this to work correctly.)
The new --nobrowser and --fossilcmd options is provided.
The /brlist web page allows the user to
select multiple branches to be displayed together in a single
timeline.
The Forum provides a hyperlink on the author of each
post that goes to a timeline of recent posts by that same author.
Added the "fossil bisect run" command for improved
automation of bisects.
The fossil merge command now does a better job merging
branches where files have been renamed between the current branch and the
branch being merged.
The fossil open command allows the repository file
to be inside the working directory without requiring the --force flag.
Administrators can configure email alerts to expire
a specific number of days (ex: 365) after the last user contact with
the Fossil server. This prevents alert emails being sent to
abandoned email accounts forever.
Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07)
and 2.15.2 on (2021-06-15)
Patch 2.15.2: Fix the client-side TLS so that it verifies that the
server hostname matches its certificate. Upgrading to
the patch is recommended.
Patch 2.15.1: Fix a data exfiltration bug in the server. Upgrading to
the patch is recommended.
The default CSP has been relaxed slightly to allow
images to be loaded from any URL. All other resources are still
locked down by default.
The built-in skins all use the "mainmenu"
setting to determine the content of the main menu.
The ability to edit the
"mainmenu" setting is added on the /Admin/Configuration page.
The hamburger menu is now available on most of the built-in skins.
Any built-in skin named "X" can be used instead of the standard
repository skin by adding the URL parameter skin=X to the
request. The selection is persisted using the display
preferences cookie unless the "once" query parameter is also
included. The /skins page may be used to select a skin.
The /cookies page now gives the user an opportunity to delete
individual cookies. And the /cookies page is linked from the
/sitemap, so that it appears in hamburger menus.
The /sitemap extensions are now specified by a single new
"sitemap-extra setting",
rather than a cluster of various
"sitemap-*" settings. The older settings are no longer used.
This change might require minor server configuration
adjustments on servers that use /sitemap extensions.
The /Admin/Configuration page provides the ability to edit
the new "sitemap-extra" setting.
For diff web pages, if the diff type (unified versus side-by-side)
is not specified by a query parameter, and if the
"preferred-diff-type"
setting is omitted or less than 1, then select the diff type based
on a guess of whether or not the request is coming from a mobile
device. Mobile gets unified and desktop gets side-by-side.
The various pages which show diffs now have toggles to show/hide
individual diffs.
Add the "preferred-diff-type"
setting to allow an admin to force a default diff type.
The "pikchr-background" setting is now available in
"detail.txt" skin files, for better control of Pikchr
colors in inverted color schemes.
Add the --list option to the
tarball,
zip, and sqlar
commands.
The javascript used to implement the hamburger menu on the
default built-in skin has been made generic so that it is usable
by a variety of skins, and promoted to an ordinary built-in
javascript file.
The leaves command now shows the branch point
of each leaf.
The fossil add command refuses to add files whose
names are reserved by Windows (ex: "aux") unless the --allow-reserved
option is included. This helps prevent Unix users from accidentally
creating check-ins that are unreadable by Windows users.
Add the "re=" query parameter to the /dir webpage,
for symmetry with the /tree page.
Update the built-in SQLite to version 3.35.0.
The ./configure script now has the --print-minimum-sqlite-version option
that prints the minimum SQLite version required by the current version
of Fossil. This might be used by integrators who insist on building
Fossil to link against the system SQLite library rather than the
built-in copy of SQLite, to verify that their system SQLite library
is recent enough.
Webpage that shows history of a wiki page
gained client-side UI to help with comparison between two arbitrary
versions of a wiki (by the means of anchoring a "baseline" version)
and the ability to squeeze several sequential edits made by the same
user into a single "recycled" row (the latest edit in that sequence).
Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07)
and 2.14.2 on (2021-06-15)
Patch 2.14.2: Fix the client-side TLS so that it verifies that the
server hostname matches its certificate. Upgrading to
the patch is recommended.
Patch 2.14.1: Fix a data exfiltration bug in the server.
Upgrading to the patch is recommended.
Schema Update Notice #1:
This release drops a trigger from the database schema (replacing
it with a TEMP trigger that is created as needed). This
change happens automatically the first time you
add content to a repository using Fossil 2.14 or later. No
action is needed on your part. However, if you upgrade to
version 2.14 and then later downgrade or otherwise use an earlier
version of Fossil, the email notification mechanism may fail
to send out notifications for some events, due to the missing
trigger. If you want to
permanently downgrade an installation, then you should run
"fossil rebuild" after the downgrade
to get email notifications working again. If you are not using
email notification, then the schema change will not affect you in
any way.
Schema Update Notice #2:
This release changes how the descriptions of wiki edits are stored
in the EVENT table, for improved display on timelines. You must
run "fossil rebuild" to take advantage of
this enhancement. Everything will still work without
"fossil rebuild", except you will get goofy descriptions of
wiki updates in the timeline.
The "fossil clone" command is enhanced so that
if the repository filename is omitted, an appropriate name is derived
from the remote URL and the newly cloned repo is opened. This makes
the clone command work more like Git, thus making it easier for
people transitioning from Git.
Enhance the --numstat option on the
"fossil diff" command so that it shows a total
number of lines added and deleted and total number of files
modified.
Better text position in cylinder objects of Pikchr diagrams.
New "details.txt" settings available to custom skins to better control
the rendering of Pikchr diagrams:
pikchr-foreground
pikchr-scale
pikchr-fontscale
Allow the use of SQL functions inside the ticket table definition
for custom ticket configurations.
The built-in SQLite is updated to version 3.35.0 alpha containing
performance optimizations, especially performance associated with
startup, and minor improvements to the CLI.
Performance optimizations to Fossil itself.
Countless improvements and enhancements to the documentation
Added support for embedding pikchr
markup in markdown and fossil-wiki content.
The new "pikchr" command can render
pikchr scripts, optionally pre-processed with
TH1 blocks and variables exactly like
site skins are.
The new pikchrshow page provides an
editor and previewer for pikchr markup.
In /wikiedit and
/fileedit, Ctrl-Enter can now be used
initiate a preview and to toggle between the editor and preview
tabs.
The /artifact and /file views, when in
line-number mode, now support interactive selection of a range
of lines to hyperlink to.
Enhance the /finfo webpage so that when query
parameters identify both a filename and a checkin, the resulting
graph tracks the identified file across renames.
The built-in SQLite is updated to an alpha of version 3.34.0, and
the minimum SQLite version is increased to 3.34.0 because the
/finfo change in the previous bullet depends on enhancements to
recursive common table expressions that are only available in
SQLite 3.34.0 and later.
Countless other minor refinements and documentation improvements.
Changes for Version 2.12.1 (2020-08-20)
(2.12.1): Fix client-side vulnerabilities discovered by Max Justicz.
Security fix in the "fossil git export" command.
The same fix is also backported to version 2.10.1 and 2.11.1.
New "safety-net" features were added to prevent similar problems
in the future.
Enhancements to the graph display for cases when there are
many cherry-pick merges into a single check-in.
Example
Enhance the fossil open command with the new
--workdir option and the ability to accept a URL as the repository
name, causing the remote repository to be cloned automatically.
Do not allow "fossil open" to open in a non-empty working directory
unless the --keep option or the new --force option is used.
Enhance the markdown formatter to more closely follow the
CommonMark specification
with regard to text highlighting.
Underscores in the middle of identifiers (ex: fossil_printf())
no longer need to be escaped.
The markdown-to-html translator can prevent unsafe HTML
(for example: <script>) on user-contributed pages like forum and
tickets and wiki. The admin can adjust this behavior using
the safe-html setting on the Admin/Wiki page.
The default is to disallow unsafe HTML everywhere.
Example.
Added the "collapse" and "expand" capability for long forum posts.
Example
The "fossil remote" command now has options for
specifying multiple persistent remotes with symbolic names. Currently
only one remote can be used at a time, but that might change in the
future.
Add the "Remember me?" checkbox on the login page. Use a session
cookie for the login if it is not checked.
Added the experimental "fossil hook" command for
managing "hook scripts" that run before checkin or after a push.
Enhance the fossil revert command so that it
is able to revert all files beneath a directory.
Added the "--minN" and "--logfileFILENAME"
flags to the backoffice command, as well as other
enhancements to make the backoffice command a viable replacement for
automatic backoffice. Other incremental backoffice improvements.
Added the /fileedit page, which allows
editing of text files online. Requires explicit activation by
a setup user.
Translate built-in help text into HTML for display on web pages.
Example.
On the /timeline webpage, the combination
of query parameters "p=CHECKIN" and "bt=ANCESTOR" draws all
ancestors of CHECKIN going back to ANCESTOR. For example,
/timeline?p=202006271506&bt=version-2.11 shows all ancestors
of the checkin that occurred on 2020-06-27 15:06 going back to
the 2.11 release.
Update the built-in SQLite so that the
"fossil sql" command supports new output
modes ".mode box" and ".mode json".
Add the "obscure()" SQL function to the
"fossil sql" command.
Added virtual tables "helptext" and "builtin" to
the "fossil sql" command, providing access to the
dispatch table including all help text, and the builtin data files,
respectively.
The wiki editor has been modernized and is
now Ajax-based. The WYSIWYG editing option for Fossil-format wiki
pages was removed. (Please let us know, via the site's Forum menu,
if that removal unduly impacts you.) This also changes the semantics
of the wiki "Sandbox": that pseudo-page may be freely edited but
no longer saved via the UI (the wiki CLI command
can, though).
The allow-symlinks setting no longer
syncs. It must be activated individually on any clones which require
symlinks.
Countless documentation enhancements.
Changes for Version 2.11 (2020-05-25)
(2.11.2): Backport security fixes from 2.12.1
(2.11.1): Backport security fix for the "fossil git export" command.
Support Markdown in the default ticket configuration.
Timestamp strings in object names
can now omit punctation. So, for example, "202004181942" and
"2020-04-18 19:42" mean the same thing.
Enhance backlink processing so that it works with Markdown-formatted
tickets and so that it works for wiki pages.
Ticket [a3572c6a5b47cd5a].
"fossil rebuild" is needed to
take full advantage of this fix. Fossil will continue
to work without the rebuild, but the new backlinks will be missing.
Add a hide/show feature to
associated wiki display on
check-in and branch information pages.
Enhance the "fossil info" command so that it
works with no arguments even if not within an open check-out.
Many improvements to the forum and especially email notification
of forum posts, in response to community feedback after switching
SQLite support from a mailing list over to the forum.
Minimum length of a self-registered user ID increased from 3 to 6
characters.
When the "vfx" query parameter is used on the
"/timeline" page, it causes the complete
text of forum posts to be displayed.
Rework the "fossil grep" command to be more useful.
The /ext page can now render index files,
in the same way as the embedded docs.
Most commands now support the Unix-conventional "--"
flag to treat all following arguments as filenames
instead of flags.
Added the mimetypes config setting
(versionable) to enable mimetype overrides and custom definitions.
Add an option on the /Admin/Timeline setup page to set a default
timeline style other than "Modern".
In embedded documentation, hyperlink URLs
of the form "/doc/$CURRENT/..." the "$CURRENT" text is translated
into the check-in hash for the document currently being viewed.
Added the /phantoms webpage that shows all
phantom artifacts.
Enhancements to phantom processing to try to reduce
bandwidth-using chatter about phantoms on the sync protocol.
Security: Fossil now assumes that the schema of every
database it opens has been tampered with by an adversary and takes
extra precautions to ensure that such tampering is harmless.
Security: Fossil now puts the Content-Security-Policy in the
HTTP reply header, in addition to also leaving it in the
HTML <head> section, so that it is always available, even
if a custom skin overrides the HTML <head> and omits
the CSP in the process.
Output of the fossil diff -y command automatically
adjusts according to the terminal width.
Merge conflicts caused via the merge and
update commands no longer leave temporary
files behind unless the new --keep-merge-files flag
is used.
The /artifact_stats page is now accessible
to all users if the new "artifact_stats_enable" setting is turned
on. There is a new checkbox under the /Admin/Access menu to turn
that capability on and off.
Add the fossil tls-config command for viewing
the TLS configuration and the list of SSL Cert exceptions.
Captchas all include a button to read the captcha using an audio
file, so that they can be completed by the visually impaired.
Stop using the IP address as part of the login cookie.
Bug fix: fix the SSL cert validation logic so that if an exception
is allowed for particular site, the exception expires as soon as the
cert changes values.
Bug fix: the FTS search into for forum posts is now kept up-to-date
correctly.
Bug fix: the "fossil git export" command is now working on Windows
Bug fix: display Technote items on the timeline correctly
Bug fix: fix the capability summary matrix of the Security Audit
page so that it does not add "anonymous" capabilities to the
"nobody" user.
Update internal Unicode character tables, used in regular expression
handling, from version 12.1 to 13.
Many documentation enhancements.
Many minor enhancements to existing features.
Changes for Version 2.10 (2019-10-04)
(2.10.2): backport security fixes from 2.12.1
(2.10.1): backport security fix for the "fossil git export" command.
Added the repolist-skin setting used to
add style to repository list pages.
Enhance the hierarchical display of Forum threads to do less
indentation and to provide links back to the previous message
in the thread. Provide sequential numbers for all messages in
a forum thread.
Add support for fenced code blocks and improved hyperlink
processing to the markdown formatter.
Uppercase query parameters, POST parameters, and cookie names are
converted to all lowercase and entered into the parameter set,
instead of being discarded.
The check-in lock interval is reduced from 24 hours to 60 seconds,
though the interval is now configurable using a setting.
An additional check for conflicts is added after interactive
check-in comment entry, to compensate for the reduced lock interval.
Enhancements to the timeline graph layout, to show more information
with less clutter.
Added tool-tips to the /timeline graph. On by default but can be
disabled by setting the "Tooltip dwell time" to 0 in the timeline
configuration.
Copy buttons added to various check-in hash and branch name links.
Double-clicking on a /timeline graph node now jumps to the /info page
for the check-in. So, repurpose the timestamp hyperlink to show all
activity around that check-in in time.
For the "fossil update" and
"fossil checkout" commands, if a
managed file is removed because it is no longer part of the target
check-in and the directory containing the file is empty after the
file is removed and the directory is not the current working
directory and is not on the empty-dirs
list, then also remove the directory.
Update internal Unicode character tables, used in regular expression
handling, from version 11.0 to 12.1.
In "fossil regexp", "fossil grep"
and the TH1 "regexp" command, the -nocase option now removes multiple
diacritics from the same character (derived from SQLite's
remove_diacritics=2)
Added the /secureraw page that requires the
complete SHA1 or SHA3 hash, not just a prefix, before it will deliver
content.
Accept purely numeric ISO8601 date/time strings as long as they
do not conflict with a hash. Example: "20190510134217" instead of
"2019-05-10 13:42:17". This helps keep URLs shorter and less
complicated
Support both "1)" and "1." for numbered lists in markdown, as
commonmark does.
The sync and clone HTTP requests omit the extra /xfer path element
from the end of the request URI. All servers since 2010 know that
the HTTP request is for a sync or clone from the mimetype so the
extra path element is not needed.
If an automatic sync gets a permanent redirect request, then update
the saved remote URL to the new address.
Temporary filenames (for example used for external "diff" commands)
try to preserve the suffix of the original file.
Enhanced parsing of /timeline query parameters
"ymd=", "ym=", and "yw=". All arguments are option (in which case they
default to the current time) and all accept ISO8601 date/times without
punctuation.
Automatically disapprove pending moderation requests for a user when
that user is deleted. This helps in dealing with spam-bots.
Improvements to the "Capability Summary" section in the
Security Audit web-page.
Use new "ci-lock" and "ci-lock-failed" pragmas in the
sync protocol to try to prevent accident forks
caused by concurrent commits when operating in auto-sync mode.
Fix a bug (details)
that can cause repository databases to be overwritten with debugging
output, thus corrupting the repository. This is only a factor when
CGI debugging is enabled, and even then is a rare occurrence, but it is
obviously an important fix.
Changes for Version 2.8 (2019-02-20)
Show cherry-pick merges as dotted lines on the timeline graph.
→ The "fossil rebuild" command must be run to create and
populate the new "cherrypick" table in the repository in order
for this feature to operate.
Add the ability to associate branches, check-ins, and tags with
specially-named Wiki pages. This gives the ability to better
document branches and tags, and provide more documentation on
check-ins beyond the check-in comment. The associated Wiki is
automatically displayed on /info pages for check-ins, and on
/timeline?r=BRANCH and /timeline?t=TAG pages for branches and
tags. This feature is on by default, but can be disabled in on
the Admin/Wiki page.
Enhance the repository list page (shown for example by
"fossil all ui") so that it shows the name and last check-in
time for each project. The implementation of the repository
list page is now broken out into a separate source file (repolist.c).
Allow users with Forum Supervisor permission ('6') to add Forum
Write Trusted permission ('4') to users as they are approving a
forum post by that user.
When running a bisect, report the number of check-ins still in
the search range and the estimated number of bisect steps remaining.
Do this at each step of the bisect.
Provide a permanent link to a bisect timeline using the bid= query
parameter.
Make the chronological forum display feature available to all users,
and make it the default format on mobile devices.
Break out Wiki setup into a separate /setup_wiki page, accessible
on the standard menus through Admin/Wiki.
Add "Next" and "Previous" buttons on the /wdiff page, allowing
the user to step through the versions of a wiki page.
Improve the display of the /whistory page.
Omit the "HH:MM" timestamps on timeline graphs on narrow-screen
devices, to improve horizontal space uses. This helps make Fossil
more mobile-friendly.
Enhance /wcontent to show a sortable list of Wiki pages together
with the number of revisions and the most recent change time for
each page.
Hyperlinks to Wiki pages on the /timeline go to the specific
version of the Wiki page named in the timeline, not to the latest
version.
Enhancements to the "amend", "tag", and "reparent" commands, including
adding options --override-date, --override-user, and --dry-run.
Add the global --comment-format command-line option and the
comment-format setting to control the display of the command-line
timeline.
Change the "fossil reparent" command so that it only works from
within an active checkout.
On the /setup_ucap_list, show administrators how many users have
each capability. The counts are a hyperlink to the /setup_ulist
page showing the subset of users that have that capability.
Provide the ability to redirect all HTTP pages to HTTPS. Formerly
one could cause this to occur for the /login page only. That option
still exists, but the redirect can now also be done for all pages.
"Compress" the built-in javascript by omitting comments and
leading and trailing whitespace.
Detect when the repository used by a checkout is swapped out for
a clone that uses different RID values, and make appropriate adjustments
to the checkout database to avoid any problems.
Add the backoffice-disable setting to completely disable the
backoffice feature.
Update the built-in SQLite to version 3.27.1.
Various other small enhancements to webpages and documentation.
Changes for Version 2.7 (2018-09-22)
Add the email alerts feature for commits, ticket
changes, wiki changes, forum posts, and announcements. This is
still a work in progress. It is functional, but it is not as easy to
setup and use as it ought to be.
Add new user capabilities letters needed to support alerts and forum.
Formerly, user capabilities were letters from [a-z], but with the
enhancements, the supply of lower case letters was exhausted.
User capabilities are now letters in [a-zA-Z0-9].
The built-in skins are now responsive, providing better layout on
small screens, including mobile devices.
The default skin now includes a hamburger menu that is generated
by the /sitemap page.
All of the built-in skins now use a
Content Security Policy (CSP)
to help prevent cross-site injection and forgery attacks. There are no known
vulnerabilities in Fossil. The added CSP does not fix anything; it merely adds
another layer of defense.
The /sitemap and other list pages show as multiple columns if
the viewing window is wide enough.
There is an optional "js" file for each skin that can be used to
hold javascript. This file can be loaded by reference or can be
included in the header or footer.
Some code and interfaces are in place to support sending and
receiving email directly via SMTP, but this feature is not yet
complete or ready for production use.
The `mv-rm-files` setting is now compiled into Fossil in the
default Fossil configuration; no longer must you say
./configure --with-legacy-mv-rm to make it available. The
setting remains disabled by default, however, so you must still say
fossil set mv-rm-files 1 to enable it on each repository
where you want hard mv/rm behavior.
Changes for Version 2.6 (2018-05-04)
Fix a bug that was causing crashes while trying to clone the TCL
repository. This fix is the main reason for the current release.
Added the new "Classic" timeline viewing mode. "Classic" is the
same as "Verbose" in the previous release. The "Verbose" mode is
now like "Compact" except the extra check-in details are shown by
default.
Add support for ETags:, Last-Modified:, and If-Modified-Since:
cache control mechanisms.
Enhance the /tarball,
/zip, and
/sqlar pages so that the checkin
name to be downloaded can be expressed as part of the URI,
and without the need for query parameters.
On the /timeline webpage, add the days=N
query parameter and enhance the ymd=DATE and yw=DATE query parameters
to accept 'now' as an argument to show the latest day or week.
In the web page that comes up in response to the
fossil all ui command, show the last modification
time for each repository, and allow click-to-sort on the modification
time column.
In the tarball cache replacement algorithm, give extra weight to
tarballs that have been accessed more than once.
Additional defenses against web-based attacks. There have not been
any known vulnerabilities. We are just being paranoid.
Update the built-in SQLite to an alpha version of 3.24.0.
Changes for Version 2.5 (2018-02-07)
Numerous enhancements to the look and feel of the web interface.
Especially: Added separate "Modern", "Compact", "Verbose", and
"Columnar" view options on timelines.
Common display settings (such as the "view" option and the number
of rows in a timeline) are held in a cookie and thus persist
across multiple pages.
Rework the skin editing process so that changes are implemented
on one of nine /draft pages, evaluated, then merged back to the
default.
Fossil now automatically generates the
<html><head>...</head><body>
at the beginning of each web page if the configurable header
lacks a <body> tag.
Added the /artifact_stats page, currently accessible only by
the administrator.
Upgrade to the latest versions of SQLite and OpenSSL.
Improved key bindings on the Tk diff screen generated by
"fossil diff --tk".
Begin factoring out in-line javascript into separately loaded
script files. This is a step along the
road toward supporting a strict Content Security Policy. More work
is to be done.
Initial infrastructure is in place to make use of the pledge()
system call in OpenBSD. More work is to be done.
Changes for Version 2.4 (2017-11-03)
New feature: URL Aliases. URL Aliases allow an administrator
to define their own URLs on the web interface that are rewritten to
built-in URLs with specific parameters. Create and configure URL Aliases
using the /Setup/URL_Aliases menu option in the web interface.
Add tech-note search capability.
Add the -r|--revision and -o|--origin options to the
annotate command.
Add the origin= query parameter to the /annotate
webpage.
The fossil annotate command and the
/annotate web page go backwards in time as far
as can be computed in 30 milliseconds by default, rather than stopping
after 20 steps. The new limit= query parameter or the --limit command-line
option can be used to alter this timeout.
Remove support from the legacy configuration sync protocol. The only
way now to do a configuration push or pull is to use the new protocol that
was added in 2011.
Add the from= and to= query parameters to /fdiff
in order to get a diff of two files in the same check-in.
Fix the "ssh://" protocol to prevent an attack whereby the attacker convinces
a victim to run a "clone" with a dodgy URL and thereby gains access to their
system.
Provide a checkbox that will temporarily disable all ad-units.
Added the "Event Summary" activity report.
example
Added the "Security Audit" page, available to administrators only
Added the Last Login time to the user list page, for administrators only
Added the --numstat option to the fossil diff command
Limit the size of the heap and stack on unix systems, as a proactive
defense against the
Stack Clash
attack.
Fix "database locked" warnings caused by "PRAGMA optimize".
Fix a potential XSS vulnerability on the
/help webpage.
Documentation updates
Changes for Version 2.2 (2017-04-11)
GIT comment tags are now handled by Fossil during import/export.
Show the content of README files on directory listings.
(example)
Support for Basic Authentication if enabled (default off).
Show the hash algorithms used on the
/rcvfromlist page.
The /tarball and /zip pages
now use the the r= query parameter
to select which check-in to deliver. The uuid= query parameter
is still accepted for backwards compatibility.
Update the built-in SQLite to version 3.18.0.
Run "PRAGMA optimize"
on the database connection as it is closing.
Changes for Version 2.1 (2017-03-10)
Add support for hash policies that control which
of the Hardened-SHA1 or SHA3-256 algorithms is used to name new
artifacts.
Add the "gshow" and "gcat" subcommands to fossil stash.
Add the /juvlist web page and use it to construct
the Download Page of the Fossil self-hosting website
using Ajax.
Changes for Version 2.0 (2017-03-03)
Use the
hardened SHA1
implementation by Marc Stevens and Dan Shumow.
Add the ability to read and understand
artifact names that are based on SHA3-256
rather than SHA1, but do not actually generate any such names.
Add checkbox widgets to various web pages. See this technote for more information. To get the checkboxes to look as
intended, you must update the CSS in your repository and all clones.
Enhance the /brlist webpage to make use of branch colors.
Add support for the ms=EXACT|LIKE|GLOB|REGEXP query parameter on the
/timeline webpage, with associated form widgets.
Enhance the changes and status commands
with many new filter options so that specific kinds of changes can be
found without having to pipe through grep or sed.
The download page is moved into
unversioned content so that the self-hosting Fossil
websites no longer uses any external content.
Added the "Search" button to the graphical diff generated by
the --tk option on the diff command.
Added the "--checkin VERSION" option to the
diff command.
Various performance enhancements to the diff command.
Update internal Unicode character tables, used in regular expression
handling, from version 8.0 to 9.0.
Update the built-in SQLite to version 3.15. Fossil now requires
the SQLITE_DBCONFIG_MAINDBNAME interface of SQLite which is only available
in SQLite version 3.15 and later and so Fossil will not work with
earlier SQLite versions.
Enhance the /finfo page so that when it is showing
the ancestors of a particular file version, it only shows direct
ancestors and omits changes on branches, thus making it show the same set
of ancestors that are used for /blame.
Enhanced fossil clean --verily so that it ignores
keep-glob and ignore-glob settings. Added the -x alias for --verily.
Add the --soft and --hard options to fossil rm and
fossil mv. The default is still --soft, but that is
now configurable at compile-time or by the mv-rm-files setting.
Automatically adjust the CLI timeline to the terminal
width on Linux.
Added [info commands] and [info vars] commands to TH1.
These commands perform the same function as their Tcl counterparts,
except they do not accept a pattern argument.
Fix some obscure issues with TH1 expression processing.
Fix titles in search results for documents that are not wiki, markdown,
or HTML.
Formally translate TH1 to Tcl return codes and vice-versa, where
necessary, in the Tcl integration subsystem.
Removed the ".fossil-settings/keep-glob" file. It should not have been
checked into the repository.
Update the built-in SQLite to version 3.8.10.2.
Make fossil open honor ".fossil-settings/allow-symlinks".
Allow fossil add to be used on symlinks to nonexistent or
unreadable files in the same way as fossil addremove.
Added fork warning to be issued if sync produced a fork
Update the info page to report when a file becomes a
symlink. Additionally show the UUID for files whose types have changed
without changing contents or symlink target.
Have fossil changes and
fossil status report when executable or symlink status
changes on otherwise unmodified files.
Permit filtering weekday and file reports by user.
Also ensure the user parameter is preserved when changing types. Add a
field for direct entry of the user name to each applicable report.
Create parent directories of empty-dirs if they don't
already exist.
Inhibit timeline links to wiki pages that have been deleted.
Changes for Version 1.32 (2015-03-14)
When creating a new repository using fossil init, ensure
that the new repository is fully compatible with historical versions of
Fossil by having a valid manifest as RID 1.
Anti-aliased rendering of arrowheads on timeline graphs.
Added vi/less-style key bindings to the --tk diff GUI.
Documentation updates to fix spellings and changes all "checkins" to
"check-ins".
Change the auxiliary schema by adding columns MLINK.ISAUX and MLINK.PMID
columns to the schema, to support better drawing of file change graphs.
A fossil rebuild is recommended but is not required.
so that the new graph drawing logic can work effectively.
Added search over Check-in comments, Documents, Tickets and
Wiki. Disabled by default. The search can be either a full-scan or it
can use an index that is kept up-to-date automatically. The new
/srchsetup web-page and the fts-config command
were added to help configure the search capability. Expect further
enhancements to the search capabilities in subsequent releases.
Added form elements to some submenus (in particular the /timeline)
for easier operation.
Improvements to the /login page. Some hyperlinks to pages that require
"anonymous" privileges are displayed even if the current user is "nobody"
but automatically redirect to /login.
The /doc web-page will now try to deliver the file
"404.md" from the top-level directory (if such a file exists) in
place of its built-in 404 text.
Download of Tarballs and ZIP Archives by user "nobody" is now enabled
by default in new repositories.
Enhancements to the table sorting controls. More display tables
are now sortable.
Enhance the /tree webpage to show the age of each file with the option
to sort by age.
Enhance the /brlist webpage to show additional information about each branch
and to be sortable by clicking on column headers.
Add support for Docker. Just install docker and type
"sudo docker run -d -p 8080:8080 nijtmans/fossil" to get it running.
Add the fossil fusefs DIRECTORY command that mounts a
Fuse Filesystem at the given DIRECTORY and populates it with read-only
copies of all historical check-ins. This only works on systems that
support FuseFS.
Add the administrative log that records all configuration.
Let fossil new no longer create an initial empty commit
by default. The first commit after checking out an empty repository will
become the initial commit.
Added the --verily option to the fossil clean command.
Add the "autosync-tries" setting to control the number of autosync attempts
before returning an error.
Added a compile-time option (--with-miniz) to build using miniz instead
of zlib. Disabled by default.
Support customization of commands and webpages, including the ability to
add new ones, via the "TH1 hooks" feature. Disabled by default. Enabled
via a compile-time option.
Add the [checkout], [render], [styleHeader], [styleFooter],
[trace], [getParameter], [setParameter], [artifact], and
[globalState] commands to TH1, primarily for use by TH1 hooks.
Automatically adjust the width of command-line timeline output according to the
detected width of the terminal.
Prompt the user to optionally fix invalid UTF-8 at check-in.
Added a line-number toggle option to the /info
and /artifact pages.
Most commands now issue errors rather than silently ignoring unrecognized
command-line options.
Use full 40-character SHA1 hashes (instead of abbreviations) in most
internal URLs.
The "ssh:" sync method on Windows now uses "plink.exe" instead of "ssh" as
the secure-shell client program.
Prevent a partial clone when the connection is lost.
Make the distinction between 301 and 302 redirects.
Allow commits against a closed check-in as long as the commit goes onto
a different branch.
Improved cache control in the web interface reduces unnecessary requests
for common resources like the page logo and CSS.
Fix a rare and long-standing sync protocol bug
that would silently prevent the sync from running to completion. Before
this bug-fix it was sometimes necessary to do "fossil sync --verily" to
get two repositories in sync.
Add the files_of_checkin virtual table - useful
for ad hoc queries in the fossil sql interface,
and also used internally.
Added the "$secureurl" TH1 variable for use in headers and footers.
(Internal:) Add the ability to include resources as separate files in the
source tree that are converted into constant byte arrays in the compiled
binary. Use this feature to store the Tk script that implements the --tk
diff option in a separate file for easier editing.
(Internal:) Implement a system of compile-time checks to help ensure
the correctness of printf-style formatting strings.
Fix CVE-2014-3566, also known as the POODLE SSL 3.0 vulnerability.
Numerous documentation fixes and improvements.
Other obscure and minor bug fixes - see the timeline for details.
Changes For Version 1.29 (2014-06-12)
Add the ability to display content, diffs and annotations for UTF16
text files in the web interface.
Add the "SaveAs..." and "Invert" buttons
to the graphical diff display that results
from using the --tk option with the fossil diff command.
The /reports page now requires Read ("o") permissions. The "byweek"
report now properly propagates the selected year through the event type
filter links.
The info command now shows leaf status of the checkout.
Add support for tunneling https through a http proxy (Ticket [e854101c4f]).
Add support for HTTP Basic Authentication on clone and
sync.
Fix the stash so that it remembers added files and re-adds
them when the stash is applied.
Fix the server so that it avoids writing to the database (and thus avoids
database locking issues) on a
pull or clone.
Add support for server load management using both
a cache of expensive pages (the fossil cache command)
and by rejecting expensive page requests when the server load average is too
high.
Enhance the fossil test-diff command with -y or --tk
options so that it shows both filenames above their respective columns in
the side-by-side diff output.
Issue a warning if a fossil add command tries to add a file
that matches the ignore-glob.
Enhance support for running as the root user. Now works on Haiku.
Added the -empty option to fossil new, which
causes it to not create an initial empty commit. The first commit after
checking out a repo created this way will become the initial commit.
Enhance sync operations by committing each round-trip to minimize number
of retransmits when autosync fails. Include option for
fossil update and fossil merge to
continue even if missing content.
Minor portability fixes for platforms where the char type is unsigned
by default.
When cloning a repository, the user name passed via the URL (if any)
is now used as the default local admin user's name.
Enhance the SSH transport mechanism so that it runs a single instance of
the "fossil" executable on the remote side, obviating the need for a shell
on the remote side. Some users may need to add the "?fossil=/path/to/fossil"
query parameter to "ssh:" URIs if their fossil binary is not in a standard
place.
Add the "fossil blame" command that works just like
"fossil annotate" but uses a different output format that includes the
user who made each change and omits line numbers.
Add the "Tarball and ZIP-archive Prefix" configuration parameter under
Admin/Configuration.
Fix CGI processing so that it works on web servers that do not
supply REQUEST_URI.
Add options --dirsonly, --emptydirs, and --allckouts to the
"fossil clean" command.
Ten-fold performance improvement in large "fossil blame" or
"fossil annotate" commands.
Option -n|--limit of "fossil timeline" now
specifies the number of entries, just like all other commands which
have the -n|--limit option. The various timeline-related functions
now output "--- ?? limit (??) reached ---" at the end whenever
appropriate. Use "-n 0" if no limit is desired.
Fix handling of password embedded in Fossil URL.
New --once option to fossil clone command
which does not store the URL or password when cloning.
Modify fossil ui to respect "default user" in an open
repository.
Fossil now hides check-ins that have the "hidden" tag in timeline webpages.
Enhance /ci_edit page to add the "hidden" tag to check-ins.
Advanced possibilities for commit and ticket change notifications over
http using TH1 scripting.
Add --sha1sum and --integrate options
to the "fossil commit" command.
Add the "clean" and "extra" subcommands to the
"fossil all" command
Add the --whatif option to "fossil clean" that works the
same as "--dry-run",
so that the name does not collide with the --dry-run option of "fossil all".
Provide a configuration option to show dates on the web timeline
as "YYMMMDD HH:MM"
Add an option to the "stats" webpage that allows an administrator to see
the current repository schema.
Enhancements to the "/vdiff" webpage for more difference
display options.
Added the "/tree" webpage as an alternative
to "/dir" and make it the default way of showing file lists.
Send gzipped HTTP responses to clients that support it.
New --integrate option to fossil merge, which
automatically closes the merged branch when committing.
Renamed /stats_report page to /reports. Graph width is now
relative, not absolute.
Added yw=YYYY-WW (year-week) filter to timeline to limit the results
to a specific year and calendar week number, e.g. /timeline?yw=2013-01.
Updates to SQLite to prevent opening a repository file using file descriptors
1 or 2 on Unix. This fixes a bug under which an assertion failure could
overwrite part of a repository database file, corrupting it.
Added support for unlimited line lengths in side-by-side diffs.
New --close option to fossil commit, which
immediately closes the branch being committed.
The internals of the JSON API are now MIT-licensed, so downstream
users/packagers are no longer affected by the "do no evil" license
clause.
Changes For Version 1.26 (2013-06-18)
The argument to the --port option for the fossil ui and
fossil server commands can take an IP address in addition
to the port number, causing Fossil to bind to just that one IP address.
After prompting for a password, also ask if that password should be
remembered.
Performance improvements to the diff engine.
Fix the side-by-side diff engine to work better with multi-byte Unicode text.
Color-coding in the web-based annotation (blame) display. Fix the annotation
engine so that it is no longer confused by time-warps.
The markdown formatter is now available by default and can be used for
tickets, wiki, and embedded documentation.
Add subcommands "fossil bisect log" and "fossil bisect status" to the
fossil bisect command, as well as other bisect enhancements.
Enhanced defenses that prevent spiders from using excessive CPU and bandwidth.
Consistent use of the -n or --dry-run command line options.
Enhancements to /timeline.rss, adding more flags for filtering
results, including the ability to subscribe to changes made
to individual tickets. For example: /timeline.rss?y=t&tkt=12fceeec82.
Improved handling of the differences between case-sensitive and
case-insensitive filesystems.
JSON API: added the 'status' command to report local checkout status.
Fixes to the --args support and documented this feature in the help.
Cherry-pick merges are recorded internally (though no yet displayed on the
timeline graph.)
Bring in the latest versions of SQLite, zlib, and autosetup from upstream.
Changes For Version 1.25 (2013-02-16)
Enhancements to ticket processing. There are now two tables: TICKET and
TICKETCHNG. There is one row in TICKETCHNG for each ticket artifact.
Fields from ticket artifacts go into either or both of TICKET and
TICKETCHNG, whichever contain matching column names. Default ticket
edit and viewing scripts are updated to use TICKETCHNG. The TH1
scripting language is enhanced to support this, including the new
"query" command for doing SQL queries against the repository database.
All changes should be backwards compatible.
Add the ability to moderate ticket and wiki changes. Unmoderated changes
do not sync and may be deleted by the moderator if found to contain spam
or other objectionable content.
Add javascript so that clicking on a node of the timeline graph selects
that node. Then clicking on a second node shows a diff between the
two nodes. Clicking on the selected node unselects it.
Warn of unresolved merge conflicts in "fossil status" and disallow
commits of unresolved conflicts unless the --allow-conflict option
is used.
Add javascript so that clicking on column headers in a ticket report
sorts by the indicated column.
Add the "fossil cat" command which is basically an alias for
"fossil finfo -p".
Hyperlinks with the class "button" are rendered as submenu buttons
on embedded documentation.
The check-in comment editor on Windows now defaults to NotePad.exe.
Correctly deal with BOMs in check-in comments. Also attempt to convert
check-in comments to UTF8 from other encodings.
Allow the deletion of multiple stash entries using multiple arguments
to the "fossil stash rm" command.
Enhance the "fossil server DIRECTORY" command to serve static content
files contained in DIRECTORY. For security, only files with a
recognized suffix (such as *.html, *.jpg, *.txt, etc) will be delivered
as static content, and *.fossil files are not on the list of recognized
suffixes. There are additional restrictions on the names of the files.
Allow the "fossil ui" command to specify a directory as long as the
the --notfound option is used.
Add a configuration option that causes timeline messages to be rendered
as text/x-fossil-plain (which is the same as text/plain except that
hyperlinks inside of [...] are decorated.)
Only decorate [...] in check-in comments and tickets
if the contented text really is a valid hyperlink target.
Improvements to the side-by-side diff algorithm, for a more
human-friendly display in some complex cases.
Added [utime] and [stime] commands to TH1. These
commands can be used for things such as displaying the page rendering
time in the footer.
Add the ability to pass command-line options of "fossil rebuild" to
"fossil all rebuild".
Add the --deanalyze option to "fossil rebuild" (and "fossil all rebuild")
Do not run the graphical merging tool nor leave merge-droppings after a
dry-run merge. Display an improved merge-summary message at the end of
the merge.
Add options to "fossil commit" to override the various sanity checks.
Options added: --allow-empty, --allow-fork, --allow-older, and
--allow-conflict.
Optionally require a CAPTCHA (controlled by a setting on the
Admin/Access webpage) when a user who is not logged in tries to
edit wiki, or a ticket, or an attachment.
Improvements to the "ssh://" sync protocol, to help it move past
noisy motd comments.
Add the uf=FILE-SHA1-HASH query parameter to the timeline, causing the
timeline to show only check-ins that contain the specific file identified
by FILE-SHA1-HASH. ("uf" stands for "uses file".)
Enhance the file change annotator so that it follows the file across
name changes.
Fix the server-side of the sync protocol so that it will not generate
a delta loop when a file changes from its original state, through two
or more intermediate states, and back to the original state, all within
a single sync.
Show much less output during a sync operation, unless the --verbose
option is used.
Set the action= attribute of <form> elements using javascript,
as an addition defense against spam-bots.
Disallow invalid UTF8 characters (such as characters in the surrogate
pair range) in filenames.
Judge the UserAgent strings issued by the NetSurf webbrowser to be
coming from a human, not from a bot.
Add the zlib sources to the Fossil source tree (under compat/zlib) and
use those sources when compiling on (Windows) systems that do not have
a zlib library installed by default.
Prompt the user with the option to convert non-UTF8 files into UTF8
when committing.
Allow the characters *[]? in filenames.
Allow the --context option on diff commands to have a value of 0.
Added the "dbstat" command.
Enhanced "fossil merge" so that if the VERSION argument is omitted, Fossil
tries to merge any forks of the current branch.
Improved detection of forks in a commit race.
Added the --analyze option to "fossil rebuild".
Changes For Version 1.24 (2012-10-22)
Added support for WYSIWYG editing of wiki pages. WYSIWYG is turned off
by default and can be turned on by setting a configuration option.
Allow style= attribute to occur in HTML markup on wiki pages.
Added the --tk option to the "fossil diff" and "fossil stash diff"
commands, causing color-coded diff output to be displayed in a Tcl/Tk
GUI window. This option only works if Tcl/Tk is installed on the
host.
On Windows, make the "gdiff" command default to use WinDiff.exe.
Update the "fossil stash" command so that it always prompts for a
comment if the -m option is omitted.
Enhance the timeline webpages so that a=, b=, c=, d=, p=, and dp=
query parameters (and others) can all accept any valid check-in name
(such as branch names or labels) instead of just SHA1 hashes.
Added the "fossil stash show" command.
Added the "fileage" webpage with links to this page from the check-in
information page and from the file browser.
Added --age and -t options to the "fossil ls" command.
Added the --setmtime option to "fossil update". When used, the mtime
of all managed files is set to the time when the most recent version of
the file was checked in.
Changed the "vdiff" webpage to show the complete text of files that
were added or removed (the equivalent of using the -N or --newfile
options with the "fossil diff" command-line.)
Added the --temp option to "fossil clean" and "fossil extra", causing
those commands to only look at temporary files generated by Fossil,
such as merge-conflict reports or aborted check-in messages.
Enhance the raw page download so that it can guess the mimetype of
attachments based on the filename.
Change the behavior of the from= and to= query parameters on the
timeline page so that by default the path between the two specified
check-ins avoids merges.
Add the --baseurl option to "fossil server" and "fossil http" commands,
so that those commands can be used with reverse proxies.
If unable to determine the command-line user, do not guess. Instead
issue an error message. This helps prevent check-ins from accidentally
occurring under the wrong username.
Include branch information in the output of file change listings
(the "finfo" webpage).
Make the simplified view of file history, rather than the full view,
the default.
In the "fossil configuration" command, allow the "css" option for
synchronizing, importing, or exporting just the CSS file. This makes
it easier to share CSS files across repositories by exporting from
one and importing to another.
Add the (unsupported) "fossil test-orphans" command.
Add the --template option to the "fossil init" command, to facilitate
creating new repositories based on a template repository.
Add the diff-binary setting, which if enabled causes binary files to
be passed to the "gdiff" command for it to deal with, rather than simply
printing a "cannot diff binary files" error.
Add the --unified option to the "fossil diff" command to force a unified
diff even if the --tk option (which normally implies a side-by-side diff)
is used.
Present a choice of nearby branches and versions to diff against on the
check-in information page.
Add the --force option to the "fossil merge" command that will force the
merge to occur even if it would be a no-op. This is sometimes useful for
documentation purposes.
Add another built-in skin: "Enhanced Default". Other minor tweaks to
the existing skins.
Add the "urllist" webpage, showing a list of URLs by which a server
instance of Fossil has been accessed. Requires "Administrator" privileges.
A link is on the "Setup" main page.
Enable dynamic loading of the Tcl runtime for installations that want
to use Tcl as part of their configuration. This reduces the size of
the Fossil binary and allows any version of Tcl 8.4 or later to be used.
Merge the latest SQLite changes from upstream.
Lots of minor bug fixes.
Changes For Version 1.23 (2012-08-08)
The default checkout database name is now ".fslckout" instead of
"_FOSSIL_" on Unix. Both names continue to work.
Added the "fossil all changes" command
Added the --ckout option to the "fossil all list" command
Added the "public-pages" glob pattern that can be configured to allow
anonymous users to see embedded documentation on sites where source
code should not be accessible to anonymous users.
Allow multiple --tag options on the same "fossil commit" command.
Change the meaning of the --bgcolor option for "fossil commit" to only
change the color for that one commit. The new --branchcolor option
is available to set a persistent background color.
Add the branch= query parameter to the vdiff page and the --branch option
to the "fossil diff" command.
Check-in names of the form "root:BRANCH" now refer to the origin of
the branch. Hence to see all changes in a branch, use
"fossil diff --from root:BRANCH --to BRANCH". The --branch option on
the diff command is an alias for the same.
Add the ability to configure ad-units to be displayed between the menu
bar and the content.
Add the ability to set a background image as part of server configuration.
Allow partial commits of cherrypick merges.
Updates against an uncommitted merge are now a warning, not a fatal error.
Prompt the user to continue if a check-in comment is unedited.
Fixes to case sensitivity settings with the /dir webpage.
Repositories now try to remember the locations of all checkouts and
web-access URLs and display this information with the
"fossil info $REPO" command.
Improved defense against spiders: The src= attribute of
<a> elements is set using javascript after the page loads.
Enhanced formatting of the user list page.
If a file named in "fossil add" is missing, that is now a warning instead
of a fatal error.
Fix side-by-side diff so that it displays correctly with
multi-byte UTF8 characters.
Performance improvements in the diff logic.
Other performance tweaks and documentation updates.
Changes For Version 1.22 (2012-03-17)
Greatly improved "diff" processing including the new --brief option,
partial line matching, colorized in-line diffs, and better performance.
Promote "allow-symlinks" to a versionable setting
Harden the CGI processing logic against DOS attacks
Add the ability to run TH1 scripts after sync requests
Store the repository name in _FOSSIL_ as it is type in the "open" command,
possibly as a relative pathname.
Make ".fslckout" the alternative name for the "_FOSSIL_" file.
Change the "ssh:" transfer method to allow all access regardless of
user permission.
Improvements to the timeline messages associated with tag changes.
(Requires a "fossil rebuild" to take effect.)
Various additions and fixes for the JSON API.
Improved merge-with-rename handling.
--cherrypick merges use their origin's commit message by default.
Added support for multiple concurrent logins per user.
Update to use SQLite version 3.7.11.
Various minor bug fixes.
Changes For Version 1.21 (2011-12-13)
Added side-by-side diffs in the command-line interface
Automatically enable hyperlinks if the UserAgent string in the
HTTP header suggests that the requestor is a human and not a bot.
Show only commonly used commands with "fossil help". Use
"fossil help --all" to see the complete list now.
Improvements to the "stash" command: (1) Stash all files, not just
those below the working directory. (2) Add the --detail option to
"list". (3) Confirm before "drop --all". (4) Add the "help"
subcommand.
Add an Admin/Access setting to change the number of octets of the
IP address that are saved in login cookies - allowing this setting
to be changed to zero
Promote the "test-md5sum" command to "md5sum".
Added the "whatis" command.
Stop showing the server-code in status outputs - it is no longer used
for anything.
Added a compile-time option (--with-tcl) to build in full Tcl scripting
support via integration with TH1.
Merged the JSON branch into trunk. Disabled by default. Enabled
by a compile-time option. Probably it will be enabled by default
in some future release.
Update to use SQLite version 3.7.9 plus the alignment fix for Sparc.
align
Changes For Version 1.20 (2011-10-21)
Added side-by-side diffs in HTML interface. [0bde74ea1e]
Added support for symlinks. (Controlled by "allow-symlinks" setting,
off by default). [e4f1c1fe95]
Fixed CLI annotate to show the proper file version in case there
are multiple equal versions in history. [e161670939]
Timeline now shows tag changes (requires rebuild).[87540ed6e6]
Fixed annotate to show "more relevant" versions of lines in
some cases. [e161670939]
Added -R REPOFILE support to several more CLI commands. [e080560378]
Generated tarballs now have constant timestamps, so they are
always identical for any given check-in. [e080560378]
A number of minor HTML-related tweaks and fixes.
Added --args FILENAME global CLI argument to import arbitrary
CLI arguments from a file (e.g. long file lists). [e080560378]
Fixed significant memory leak in annotation of files with long
histories.[9929bab702]
Added warnings when a merge operation overwrites local copies
(UNDO is available, but previously this condition normally went
silently unnoticed). [39f979b08c]
Improved performance when adding many files. [a369dc7721]
Improve merges which contain many file renames. [0b93b0f958]
Added protection against timing attacks. [d4a341b49d]
Firefox now remembers filled fields when returning to forms. [3fac77d7b0]
Added the --stats option to the rebuild command. [f25e5e53c4]
RSS feed now passes validation. [ce354d0a9f]
Show overridden user when entering commit comment. [ce354d0a9f]
Made rebuilding from web interface silent. [ce354d0a9f]
Now works on MSVC with repos >2GB. [6092935ff2]
A number of code cleanups to resolve warnings from various compilers.
Update the built-in SQLite to version 3.7.9 beta.
Changes For Version 1.19 (2011-09-02)
Added a ./configure script based on autosetup.
Added the "fossil winsrv" command
for creating a Fossil service on Windows systems.
Added "versionable settings" where settings that affect
the local tree can be stored in versioned files in the
.fossil-settings directory.
Background colors for branches are chosen automatically if no
color is specified by the user.
The status, changes and extras commands now show
pathnames relative to the current working directory,
unless overridden by command line options or the
"relative-paths" setting. WARNING: This
change will break scripts which rely on the current
output when the current working directory is not the
repository root.
Added "empty-dirs" versionable setting.
Added support for client-side SSL certificates with "ssl-identity"
setting and --ssl-identity option.
Added "ssl-ca-location" setting to specify trusted root
SSL certificates.
Added the --case-sensitive BOOLEAN command-line option to many commands.
Default to true for Unix and false for Windows.
Added the "Color-Test" submenu button on the branch list web page.
Compatibility improvements to the git-export feature.
Performance improvements on SHA1 checksums
Update to the latest SQLite version 3.7.8 alpha.
Fix the tarball generator to work with very log pathnames
Changes For Version 1.18 (2011-07-14)
Added this Change Log
Added sequential version numbering
Added an optional configure script - the Makefile still works for most
systems.
Improvements to the "annotate" algorithm: only search primary
ancestors and ignore branches.
Update the "scrub" command to remove traces of login-groups and
subrepositories.
Added the --type option to the "fossil tag find" command.
In contexts where only a check-in makes sense, resolve branch and
tag names to checkins only, never events or other artifacts.
Improved display of file renames on a diff. A rebuild is required
to take full advantage of this change.