Subversion MultiSite Release Notes

Release: 4.2.14.16 Build: 4619

June 12, 2017

Fixes made

  • Please contact WANdisco support for more information. NA-6855

Release: 4.2 Build: 3753

August 11, 2016

Fixes made

  • Activity identity being calculated incorrectly (could cause read-only repositories). NA-6829
  • Pre-replication hook was failing due to NA-6829. NA-6838
  • Disabled accounts now properly removed from generated AuthZ file. NA-6842

Release: 4.2 Build: 3347

March 17, 2016

Fix made

  • Fixed a problem where some commits could result in repositories returning 500-errors, going Read-only and requiring repair. (NA-6825)

Release: 4.2 Build: 3022

January 5, 2016

Fixes made

  • Fixed a potential race condition relating to the handling of the Subversion password file that could result in a deadlock. (NA-6807)
  • Fixed an issue relating to LDAP Account Authentication. (NA-6820)

Release: 4.2 Build: 2682

September 29, 2015

What's New

  • A new endpoint has been added to the REST API to allow LDAP polling to be triggered for a specific team. This benefits deployments that have large numbers of users where a global LDAP synchronization could take a long time. See pollLdapTeam action in the Team POST endpoint. (NA-6786)

Fixes made

  • Made an additional fix that related to SVN MultiSite not accounting for SVN COPY requests that are constructed in a particular manner. The issue would trigger an error message "unable to determine activity ID". (NA-6795)
  • Fixed an issue that could result in an error "java.io.NotSerializableExceptions on TCPReader.Client" forcing the replicator to restart after a product upgrade. (NA-6802)

Release: 4.2 Build: 2487

September 2, 2015

Fix made

  • Fixed an issue where SVN MultiSite didn't account for SVN COPY requests that are constructed in a particular manner. (NA-6789)

Release: 4.2 Build: 2444

August 26, 2015

Fixes made

  • There was an issue where a false positive identification of a Java NIO spin bug would cause a graceful replicator restart. This has now been resolved.

Release: 4.2 Build: 2299

August 3, 2015

Fixes made

  • Deletion now properly occurs at all replicas during a commit where a lock is held on a file in the tree that is being removed.
  • Skip list processing is now logged to enable proper visibility to WANdisco support.

Release: 4.2 Build: 1366

24 February 2015

Fixes

  • Team leads are now listed correctly after teams are deleted or users updated when an erroneous model is detected. (NA-6749)
  • Updated Windows talkback functionality. (NA-6738 / NA-6740)

Release: 4.2 Build: 1037

13 January 2015

Fixes

  • Replicator no longer generates fatal restart events. (NA-6744)
  • Code has been fixed to report error properly. (NA-6746)

Known issues

  • You may need to install additional tools and additional configuration to set up the environment on Windows for capturing heap dump via talkback. (NA-6738)

Release: 4.2 Build: 0401

September 29, 2014

Issues Addressed

  • We've identified a potential issue in large deployments or when the number of concurrent connection exceeds 500. This will exceed a limit set in SVN MultiSite's configuration.

    You can adjust the TCP channel pool sizes by adding some settings to a node's prefs file, located at: <install-dir>/svn-replicator/config/prefs.xml Add the following xml stanza to your prefs.xml file, followed by a node restart.
    <Preferences>
       <TCPChannel>
           <TTCPChannel.minPoolSize.Client>25
           <TTCPChannel.maxPoolSize.Client>500
           <TCPChannel.keepAliveTime.Client>600
           <TCPChannel.minPoolSize.Server>25
           <TCPChannel.maxPoolSize.Server>500
           <TCPChannel.keepAliveTime.Server>600
       </TCPChannel>
    ...
    </Preferences>
    

    Note: Default values are illustrated.

    You'll notice that we provide separate pools for both servers and clients. We recommended that you make the server's pool larger, this will ensure that proposals from non-connected sites will go through if the client thread pool is full.

    Higher pool sizes will place greater load on the system, and some possible performance loss with huge increases in the number of connections. We therefore recommend that increases in pool size are matched with corresponding increases to the node's Java HEAP and basic resources such as system memory.

    (NA-6711)

Release: 4.2 Build: 9698

July 16, 2014

Issues Addressed

  • Fixed an issue with the Access Control user model which could previously have resulted in users who no longer have admin permissions still retaining permissions which they should no longer have. (NA-6642)

  • Fixed an issue where managing team membership via user's profile instead of through the team settings could leave rules in place which should no longer apply to the user. (NA-6633)

  • Fixed an issue where creating an LDAP/Active Directory group as a base DN (instead of using a filter to create the group) could result in a replicator crash if the group is empty. (NA-6631)

  • The SVN MultiSite/Access Control export tool creates a backup directory. However, importing a backup directory is only possible if there's a single node (no replication). The backup procedure will use a particular file or set of times from the backup directory. (NA-6648)

Release: 4.2 Build: 9404

June 19, 2014

Issues Addressed

  • We've fixed an issue concerning Access Control's 'model switching' - used to support the Batched Updates mode. Switching the Batch updates mode on and off could in certain situations lead to errors in the polling of LDAP that would result in the creation of duplicate users. (NA-6661)

Release: 4.2 Build: 9034

May 28, 2014

What's New

  • A new parameter "onlyReturnNames" has been added to the Get Team(s) API call to allow returns to be limited to only team names. (NA-6623)

Issues Addressed

  • Improved handling of LDAP invalid credentials errors ( which in some situations had resulted in a null pointer exception. (NA-6608)

  • We've corrected an error in the admin guide that stated that the import tool which is used to restore system configuration can re-import the entire exported directory. This is only possible when using the product in a stand-alone mode for Access Control only. To clarify, when running in MultiSite mode you should only import the access-control.xml file which is located within an export directory. (NA-6628)

Release: 4.2 Build: 8814

May 1, 2014

Issues Addressed

  • Now prevent Access Control validation issues where the presence of invalid special characters in usernames (such as $ in any part of a username and @ as a prefix) cause those invalid users to be added to the model incorrectly after a restart. The issue was only exposed when Batched Updates was enabled. (NA-6604)

Release: 4.2 Build: 8484

April 10, 2014

Issues Addressed

  • Now prevent an empty pop-up window from being displayed for LDAP user retrievals that result in no users being selected. (NA-4367)

  • When creating rules, ticking the check-box for applying the rule to all users in the team now correctly disables the browse users window. (NA-4430)

  • Newly installed nodes no longer start up in an active state, they must be started manually. (NA-4962)

  • We've fixed the LDAP poll safeguard limit so that we now include the paging when calculating the returned LDAP user count. (NA-6374)

  • Fixed a problem where restrictive permissions at the top of a repository's folder structure could prevent deletion of files in sub folders. (NA-6067)

  • Fixed an issue where team user permissions were not applied correctly - team leaders would have their permissions limited if an administrator with more limited permissions was also a assigned as a team leader. (NA-6430)

  • We've fixed an issue that stopped the REST API call for resetting passwords. (NA-6329)

  • The setting "Auto skip bypassable transactions" is now correctly replicated to all nodes. (NA-6558)

  • The restriction on the '@' appearing in usernames has now been lifted, as this is required for organizations where email addresses are used for usernames. Note, however, that it still can't be used for the first character as there are edge cases where Apache reads it as a special character which can result in Apache blocking access to users. (NA-6535), (NA-6506)

  • The Talkback script that is used to assist troubleshooting now includes the ./logs/thread-dump/ directory and can also include jmap heap dump. (NA-6365), (NA-6403)

  • Team leaders are now able to change their subteam's name. (NA-6407)

  • The 50-character limit for subteam names is now properly enforced. (NA-6428)

  • It's now possible to add path components for resources that don't yet exist in a repository - so that it is possible to create rules for resources that don't exist yet. (NA-6446)

  • The "Reset AuthZ Generation Count" and "Reset Password Generation Count" now correctly reset to zero. (NA-6449)

  • We've improved the logging around Access Control's rules so that it's easier to identify potential data issues. (NA-6462)

  • Manually created LDAP users (Added via the "Add User" screen on the admin console) now have the correct permissions applied. (NA-6465)

  • Fixed an issue where restarting or importing to a node when batched updates are in use could result in username case insensitivity being disabled. This could resulting duplicate users and the potential for loss of sync. (NA-6478), (NA-6495)

  • Also addressed a problem where updating the use case insensitivity setting could result in an empty error message appearing on screen. (NA-6494)

  • It's now possible for users with auditor permissions to run RESTful API calls used by a load balancer. There are references within the supporting script "ms42zeus_read_only_monitor.pl" that we provide as part of the installation. (NA-6481)

  • Rest API calls to non-existent resources will no longer result in an incorrect 200 error response message. (NA-6480)

  • Fixed a problem that could break replication over SSL. We've also removed two SSL settings "Certificate Alias" and "Key Password" as these are no longer used in our SSL implementation. (NA-6486),(NA-6487)

  • The API documentation now includes a method that will force the use of a specific data format for returned API data. (NA-6496)

Release: 4.2 Build: 7206

Thursday, February 06, 2014

Issues Addressed

  • A recent change to the Audit Trail Logging tool caused the process to become too chatty. When supporting large numbers of users this could result in the generation of excessive numbers of transactions. We've now made improvements that reduce the impact of using the tool in large deployments. (NA-6453)


Release: 4.2 Build: 6801

Monday January 13, 2014

What's New

  • SVN MultiSite now officially supports both Java 1.6 and 1.7 runtime environments. Please remember that Java 1.7 is not completely compatible with earlier versions of SVN MultiSite (prior to this build). (NA-4171)

  • Access Control's search facility is now accessible through the API. (NA-6354)

  • Access Control rules now incorporate the file system path for repositories , this will enable Access Control to work with replication products that support more server configurations (Apache/svnserve) and per-repository replication. (NA-6207)

  • Authz files generated by SVN MultiSite/Access Control are now ordered by repository location to aid readability. (NA-6312)

  • Authz and password files controlled by SVN MultiSite/Access Control now have added comments within the files to ensure that their implementation will support new replication products:

    Authz file comments:
    1. A version number of the file format (so you can see if it changes).
    2. In the Authz file only: Repository file path.
    3. The location of the authz/password file on the system where it will be used.
    4. A monotonically incremented number representing the number of times that the authz/password file has been generated.
    5. (NA-6313) (NA-6317) (NA-6391)

  • LDAP managed users who are stored in the SVN MultiSite/Access Control database can now be refreshed with LDAP. The button that triggers this re-population can be found on the LDAP settings screen: http://docs.wandisco.com/svn/ms/v4.2/index.html#repopulate (NA-6237)

  • When adding users to a team through LDAP, we now require the administrator to confirm the settings before LDAP is polled. This makes it harder to accidently add very large numbers of users.

    Note that the number of users reported on the confirmation screen is an approximation, it is only intended to warn you again unexpectedly large numbers of users, not provide an exact count which you will get if you confirm and complete the LDAP polling. (NA-6231) (NA-6319) (NA-6375)

Issues Addressed

  • Addressed an issue where adding a repository through the API could occasionally result in an exception. (NA-6369)

  • Fixed a problem where ParentPath type repositories added using the REST API may not show as available on all nodes. (NA-6370)

  • As a result of customer feedback we've increased the pagination limit on the List Users screen. Now each page displays 20 users instead of 8. (NA-6212)

  • When editing users from the List Users screen, on completing an edit you are now returned to point in the user list on which you made the edit, instead of being sent back to the start of the list. (NA-6211)

  • The SVN password file is now correctly regenerated if replication LDAP is disabled. (NA-4400)

  • When Audit trail logging is enabled denied access attempts are now logged correctly, previously they could be incorrectly logged as 'allowed'. (NA-5942)

  • Team leaders given create user permissions no longer lose the permissions after creating a user in a sub-team. (NA-6363)

  • Resolved a performance issue with replicated commits (on non-distinguished nodes) when using JAVA 1.7 with SSL encryption. The fixing of this issue opens to the way for official Java 1.7 support. (NA-5697)

  • Following on from the recently added "Replicate Revision Timestamps" feature, the Consistency Checker tool will now treat a lack of sync between timestamps on different nodes as an inconsistency. (NA-6268)

  • We also now ensure that in the event of a timestamp synchronization failing we send a notification email as well as placing a warning in the log file. (This is subject to you having successfully set up email notifications). (NA-6266)

  • Applies in a load-balanced deployment: We've now addressed the issue the issue that required that you specify the trailing slash "/" in the repository URL when accessing it using a web-browser. (NA-5226)

  • LDAP managed users who are given administrator permissions no longer lose the permissions after an LDAP refresh, or after logging into the admin console. (NA-6330)

  • When performing an LDAP search request for an individual user (in order to obtain their DN for a bind request), we were using pagedResultsControl which could result in searches being rejected. We now ensure that searches will no longer fail. (NA-6334)

  • When using the repository repair tool, navigating away from the repair screen no longer results in the admin console crashing, which would result in a failed repair state. (NA-6250)

  • It's now possible to provide IP addresses to our utility script for removing inactive users. There Knowledgebase article includes the new features:
    http://support.wandisco.com/index.php?/Knowledgebase/Article/View/457/44/removing-inactive-users (NA-6259)

  • The script used to update SVN MultiSite to a later versions of the same product (e.g. 4.1 Build x to 4.2 Build y) has been updated to fix a problem with importing rules that don't specify a resource. Now, any rule that doesn't include a resource is correctly updated as a deny permission applied to "no resource". e.g.:
    resource = No Resource(|/.*)
    permission = Deny
    
    (NA-6243)

  • On Windows deployments running MultiSite as a service: Shutdowns performed through the admin console are now correctly detected by the WANdisco MultiSite service. (NA-6250)


Release: 4.2 Build: 5704

Wednesday 30th October, 2013

What's New

  • A new "auditor" user type is now available in Access Control. A user who is assigned as an auditor has limited access to the admin console for viewing user/team information but is unable to make any changes. For information on how to create auditor accounts: http://docs.wandisco.com/svn/ms/v4.2/index.html#auditor (NA-6171)

  • SVN MultiSite now better supports Kerberos-like security protocols. To this end, SVN MultiSite can now be set up to work with a Front-end Apache instance - ideal when using Kerberos-like security that handles authentication before a user hits the WANdisco SVN proxy. In this case, it's possible to bind the WANdisco SVN Proxy to localhost to ensure that there's no external access to SVN traffic. This feature is enabled by clicking the "Bind SVN proxy to localhost only:" check box on the SVN Settings screen. (NA-6183)

  • There's also a feature for allowing LDAP authentication to be turned off when using Kerberos authentication. Disable LDAP auth by ticking the check box "LDAP users are already authenticated" on the LDAP settings screen. LDAP will still be used for user/team management. (NA-6197)

  • We've added a feature that will monitor the consistency in the SVN password and Authz files between nodes. Enable this feature using the "Monitor files for consistency" check box on the SVN Settings screen of the admin console: http://docs.wandisco.com/svn/ms/v4.2/index.html#monitorfiles (NA-5844)

Issues Addressed

  • Editing LDAP settings no longer results in blanking LDAP teams settings. (NA-6215)

  • Users added via pre-replication LDAP are no longer immediately added to the SVN password file when running Access Control in the Batched Update mode. Allowing immediately updates was causing the password files between nodes to go out of sync. Now new users are only written to the password file when the next batch update runs. See more about Batched Updates: http://docs.wandisco.com/svn/ms/v4.2/index.html#batchupdates (NA-6219)

  • We'ved removed an earlier change (See NA-6067) as this was changing the expected behavior of Access Control with regard to Read-only rules applied to directories. Now assigning a Read Only rule to a directory will be properly enforced. (NA-6244)

  • When using LDAP for user management, you can now choose whether a user is disabled or competely removed from SVN MultiSite's Access Control when the last team they belong to is removed. The setting is applied from a drop-down menu on the LDAP Settings screen. (NA-6181)

  • We've added an API call for generating lists of disabled users: Disabled users: http://docs.wandisco.com/svn/ms/v4.2/api.html#5118 (NA-6044)

  • Fixed an issue where a change to an LDAP Authority URL on the LDAP settings screen didn't update the URL if the authority has been assigned on the team settings. (NA-6214)

  • Now lock down users fields when LDAP is being used. This helps ensure that consistencies are not introduced between LDAP and internally stored user data. (NA-6139)

  • The logging level for the illegal character in path warnings have been moved to "Fine" to prevent logs being clogged in certain scenarios. (NA-6242)

  • The time noted in the reset.log file is now consistent with our standard timestamp format. (NA-5723)

  • Fixed an issue that in some situations could have resulted in team deletions while performing a search through the admin console. (NA-6247)

  • Now, when a disabled local user (not LDAP managed) is added to a team, the user is automatically re-enabled. (NA-6078)



Release: 4.2 Build: 5707

Wednesday 30th October, 2013

Issues Addressed

  • The API call for listing all Subversion users no longer requires a product license that includes the Access Control add-on. (NA-6262)



Release: 4.2 Build: 5672

Monday 28th October, 2013

Issues Addressed

  • We've added support for synchronizing revision timestamps between nodes. To enable this feature you need to tick the "Replicate Revision Timestamps" check box, either during set up or on the SVN Settings screen of the admin console.

    You'll also need to create a hook script on each applicable node to unify the timestamps. There's an explanation of how to set this up here: http://docs.wandisco.com/svn/ms/v4.2/#timestamps (NA-6232)



Release: 4.2 Build: 5357

Wednesday 2nd October, 2013

Issues Addressed

  • Fixed an issue that occured as a result of the LDAP improvements that we introduced in build 4811. In releases after build 4811 it was possible that changing the LDAP configuration could result in LDAP team settings being blanked. NA-6213



Release: 4.2 Build: 4944

Tuesday 27th August, 2013

What's New

    Affecting SVN MultiSite when bundled with Access Control:

  • Access Control can now toggle between either a restrictive or additive mode for handling conflicting access rule:

    Restrictive AC Mode
    By default Access Control is restrictive and gives more weight to access restrictions, which ensures that in a situation with conflicting rules user's don't get the benefit of the doubt and the "deny" rule always takes precedence, i.e.:the order in which rules are applied is DENY, READ-ONLY, READ-WRITE.

    If you prefer that Access Control behave like mod_authz_svn then untick Restrictive AC Mode. In which case Access Control applies rules in the opposite way: READ-WRITE, READ-ONLY then DENY. So that in a rules conflict, the most favorable rule is applied. NA-6112

  • A script has been added to the distribution that allows the disabling of users who have not accessed the SVN repository in a user-specified number of days or more. NA-6106

    Read our knowledge base article on its use: Removing Inactive users

Issues Addressed

    Affecting SVN MultiSite when bundled with Access Control:

  • Fixed an issue where read-only file permissions set higher up a repository file system could stop file deletions from occurring directly on the repository, in subdirectories in which the user had valid write permissions. NA-6067

  • When running with Authz it is now possible to define rules at the per-file level. Previously this was only possible when instead using regex for access rule creation. NA-6026

  • LDAP users who are then assigned as team leaders within the Access Control tool will no longer have their team leader permissions revoked when the LDAP service then runs. NA-6108




Release: 4.2 Build: 4811

Monday 19th August, 2013

What's New

  • Support has been added for the Oracle operating system: See the deployment guide

Issues Addressed

  • LDAP queries now support paging. Should the returned number of users exceed the LDAP server's maxpagesize our LDAP system will make multiple queries until all users are inported. NA-6014
  • Moving unassigned (and therefore disabled) users into a team will now automatically enable them. NA-6031

  • Improvements made to Access Control to ensure that it's possible to set multiple permissions to multiple resources within a single rule. NA-6007

  • We've fixed an encoding issue that could prevent Access Control rules from being applied to folders with names that contained spaces. NA-5999

  • Using SVN MultiSite without the added Access Control element: when running with mixed user types (LDAP and local users), adding a new local user or changing a password now triggers an update to the password file. Previously, the affected user could fail their next authentication. NA-6013

  • We've resolved a file naming error that meant it was only possible to restore from individual backup files instead of the backup folder. NA-5982

  • We've added the ability to define manually imported users as LDAP users by defining UserType as LDAP. NA-5960
    Read about Imported UserType
  • Now LDAP users are automatically disabled when they are removed from the last team of which they are a member. furthermore, a users who is not a member of any team is disabled by default. NA-6018

  • Sorted a problem where adding a single repository to a team caused the repository to be displayed twice in the repository browser. NA-6008

  • When using LDAP, removing the last user from a rule no longer puts the rule into a "no_users" error state. NA-5951

  • Fixed a problem where users that have been disabled had to be renabled before they could be deleted from the system. NA-5862

  • We have added a new parameter for the Create user and Update User API cals so that it is possible to define whether the user's type: LDAP or Local. NA-6041
  • We've added some replication-related API calls: Get pending transactions and change the distinguished node. NA-5924
    See the API Guide for more information.



Release: 4.2 Build: 4197

Monday 8th July, 2013

What's New

  • We've provided a new and improved method of running the replicator as a Windows service, since the old method required a version of ActivePerl that is no longer available. The new method is based on the open source Windows Java launcher - WinRun4j. See Windows Service (NA-5779)

  • We've added an API call that can be used to trigger an LDAP poll -
    API Call to trigger LDAP poll (NA-5753)

Issues Addressed

  • Fixed an encrypted GET method that could occasionally have resulted in illegal protocol errors when viewing the proxy tab or repository repair tool after enabling SSL. (NA-5890)

  • LDAP authentication no longer breaks if we attempt to bind to a DN that contains illegal characters. Previously we'd accept a returned string that was wrapped in quotes and add it straight to the base DN without removing the quotes - resulting in a broken user string. (NA-5845)

  • It's now possible to distinguish users by their type (locally added or automatically added via LDAP). The Users List, available in the admin console displays each user's type. (NA-3145)

  • Fixed an issue where file descriptors were left open which prevented proposal files from being deleted, which could in certain situations result in unnecessary disk space consumption until the next server restart. (NA-5907)

  • The 'Disable non-admin users upon removal from last team' is now available on a second LDAP authority. Previously, using a second LDAP authority could result in the per-user license being used up by disable or inactive users. (NA-5926)

  • We've modified the admin console so that JavaScripting used in editing teams is now compatible with Internet Explorer 8 on 64-bit Windows 7 Pro. (NA-5810)

  • Fixed an issue where the teams list on the admin console was mis-aligned when using Internet Explorer 8 on 64-bit Windows 7 Pro making it difficult to see if you have selected the correct team for deletion. We now confirm the name of any team selected for deletion. (NA-5811)

  • We've optimized our handling of imports of large numbers of users when using large LDAP groups (1000+ users). (NA-5816)



Release: 4.2 Build: 3256

Wednesday 27th February, 2013

What's New


  • Support added for allowing authentication of both LDAP and non-LDAP users at the same time. (NA-4491)

  • Introduced a flag for users that indicates if they have been imported from an LDAP Authority or has been created in MultiSite's admin console, either through the "Create User" screen or import via a csv file import. (NA-5720)

  • Added support for nested groups in LDAP/Active Directory. This allows LDAP to pickup all users that are members of a "child" when pointing at the "parent" group. (NA-4836)

  • Added support for multiple Authentication Realms, a feature that is useful when using a Continuous integration solution such as Jenkins, which use the realm to determine which credentials are needed in order to connect with Subversion repositories. (NA-5066)

Issues Fixed

  • We've now fixed an issue that could occasionally stop nodes from responding to a reset (through the admin console) when deploying a new replication group or during an emergency reconfiguration. (NA-5499)

  • The Transaction ID links on the dashboard now point to the correct admin console port. (NA-5642)

  • It's no longer necessary to change a user's password in order to add them to a group - the change password process is now prompted by ticking a checkbox on the edit user screen. (NA-5679)



Release: 4.2 Build: 2697

Monday 7th January, 2013

Issues Fixed

  • Applies only to Subversion MultiSite 4.2 when bundled with the Subversion Access Control:
    We've identified an issue when importing backup.xml data from Subversion Multisite 4.1. Access control rules flagged to "apply to all users" would not persist if the replicator restarted before the running of the internal (prevayler) database back-up. (NA-5267)




Release: 4.2 Build: 2509

Friday 13th December, 2012

Issues Fixed

  • Solaris only:
    We've identified and addressed a potential issue with the creation of teams in Access Control. If this issue occurred, available repository resources wouldn't appear when you tried to assign them to the new team. Attempting to assign repository resources would then stop you from being able to save the partially created team - HTTP 500 errors would occur. (NA-5651)

Release: 4.2 Build: 2494

Friday 7th December, 2012

This release concentrates on resolving issues, mostly centered around Subversion MultiSite's LDAP integration.

Issues Fixed

LDAP specific fixes

  • There's no longer a WAN dependency for local Subversion MultiSite admins when managed through an LDAP authority. It's now possible to set the local node to manage the LDAP authority, disabling the authority on all remote nodes. (NA-5023)

  • Clicking the cancel button on a team's LDAP settings screen now triggers a page reload to ensure that changes are correctly flushed. (NA-5423)

  • The global disable option for LDAP authorities is now always replicated. There were some circumstances where they would only be disabled locally. (NA-5422)

  • Helpful error messages have been added to the LDAP authorities create/edit screens so that you get a clear warning if you enter invalid bind user details. (NA-5043)

General fixes

  • We've improved the error messaging generated if users are imported from an invalid csv file. (NA-5420)

  • It is once again possible to remove users via the RESTful API. (NA-5421)

  • Importing users (via backup.xml) from earlier versions (4.0 or earlier) of MultiSite is now handled correctly should the import contain more users than are supported under the current product license. Users exceeding the licence are no longer imported into the password file. (NA-5025)

  • We've fixed a potential issue during a product upgrade where existing repository details were not automatically added. (NA-5022)

  • Viewing Subversion MultiSite's admin console using Internet Explorer 8 no longer triggers an occasional javascript warning message 'Object doesn't support this property or method'. (NA-5021)




Release: 4.2 Build: 1536

Monday 25th September, 2012

What's New

  • Scalability Improvements: Various improvements have been made to the way that Access Control scales, ensuring that it remains performant in deployments with tens of thousands of users, thousands of teams and hundreds of repositories. (NA-4788)

  • Batch Updates: In very large deployments, changes to Access Control that require the regeneration of password and Authz files could impact write performance (through disk I/O bottlenecking). To help mitigate this potential performance hit we've added a new Batch Updates mode that forces Access Control to handle changes in batches. Thus, password/ Authz file regeneration is done only once per a user-defined frequency (once per hour by default). (NA-4483)

  • More about Batch Access Control Updates

  • API: A RESTful API has been added to Access Control, opening up most elements that can otherwise be controlled through the admin console. For more details see http://docs.wandisco.com/svn/ms/v4.2/api.html (NA-3831) (NA-2181)

  • Listed below are some of the key capabilities delivered with the API:
    • The new API makes it possible to bulk add users to teams. It's now possible to append existing user details, where the built-in import tool could only handle the adding of new entries.(NA-1631)

    • It's now possible to enable or disable hooks using Access Control's enhanced API. (NA-2997)

    • The API makes it possible to retrieve user details from Subversion MultiSite's database, for instance, you could write a hook script that correlates Subversion usernames with the corresponding user's email address (providing it's stored in Subversion MultiSite). (NA-2263)

    • There's full control of users through the API, including adding, deleting, changing passwords. (NA-3809)

    • It's now possible to lock or unlock repository folders via an API call. (NA-4000)

    • The RESTful API can now enable|disabled pre-replication hooks. (NA-2997)

    • It's now possible to trigger a synchronized stop/resume through the API (NA-3361)

    • It's now possible to modify Subversion MultiSite dynamic settings via the API. This solves a problem with the setting for the disk monitor's critical level which could only be modified from the admin console, which becomes unavailable if the critical level is reached. (NA-3375)


  • Custom Ports: The 10 ports that Subversion MultiSite grabs during setup can now be assigned individually and no longer need to be in a sequential block. It's possible to select these ports during setup, or on a node's properties screen under the Proxy tab. (NA-4928)

  • Solaris 10 Support: Since Solaris 10 has deprecated init.d, we now provide a service manifest file "<install_dir>/svn-replicator/utils/init.d/solaris/solaris-svnreplicator.xml" for starting the Subversion MultiSite via the Service Management Facility. See the accompanying readme file for more details. (NA-4809)

Issues Addressed

  • An issue concerning object-scoped LDAP authorities has now been addressed. If an LDAP authority has an object search scope, we now search for retrieved attributes against all other authorities until an appropriate user object is retrieved. Note that all user objects specified within an LDAP group object must be contained within another LDAP authority in order for them to authenticate successfully. (NA-4866)

  • We've addressed a conflict between our case-insensitive LDAP authentication and LDAP group management features - duplicated accounts had been created when usernames provided during login didn't match the case of usernames stored in LDAP. The case-insensitive LDAP authentication now handles this scenario. If you don't need to handle both case-sensitive and insensitive usernames then you can now apply this as a system-wide setting. You can find the option on the System Settings, under the System tab of the admin console. (NA-4929)

  • There's improved logging for the replication of generic files. Previously, an IOException on reading the source file - e.g. it doesn't exist, corrupted or we have no read permission, didn't get reported in the logs. (NA-4634)

  • Added a function to the sample init.d script that provides a warning if the JAVA_HOME variable is not set correctly. (NA-4331)

  • We've improved retry logic to ensure that Rest API port binding doesn't fail on a proxy restart if Apache is still holding the port. Currently there's a default of 1 minute between retries. An alert email is triggered, but only on the first retry. (NA-3858)

  • We've fixed an intermittent problem that affected Serf clients, which caused checkouts to abruptly stop before completion. (NA-4675)

  • A problem in Subversion MultiSite 4.1 which stopped the "Quorum not available" message from displaying has now been fixed. (NA-4666)

  • When selecting to use pre-replication hooks, the hook settings are now correctly replicated. (NA-4665)

  • Leaving the address blank in the email settings no longer causes the replicator to crash. (NA-4849)

  • We now prevent the changing of the packaging directory (specified during the activation of a replication group). If by some chance the directory was renamed, the replication group activation would fail. (NA-4442)

  • Fixed a problem that caused nodes to go out of sync when folders containing locked files were deleted. (NA-4650)