Chat now uses fossil's full complement of markdown features,
instead of the prior small subset of markup it previously supported.
This retroactively applies to all chat messages, as they are
markdown-processed when they are sent instead of when they
Added a chat message preview mode so messages can be previewed
before being sent. Similarly, added a per-message ability to view
the raw un-parsed message text.
The hotkey to activate preview mode in /wikiedit,
/fileedit, and /pikchrshow
was changed from ctrl-enter to shift-enter in order to align with
/chat's new preview feature and related future
Changes for Version 2.16 (2021-07-02)
Security: Fix the client-side TLS so that it verifies that the
server hostname matches its certificate.
The default "ssh" command on Windows is changed to "ssh" instead of the
legacy "plink", as ssh is now generally available on Windows systems.
Installations that still need to use the legacy "plink" can make that
happen by running: 'fossil set ssh-command "plink -ssh" --global'.
The fossil ui command is enhanced in multiple ways:
The REPOSITORY argument can be the name of a check-out directory.
If the REPOSITORY argument is prefixed by "HOST:" or "USER@HOST:"
then the ui is run on the remote machine and tunnelled back to the local
machine using ssh. (The latest version of fossil must be installed on
both the local and the remote for this to work correctly.)
The new --nobrowser and --fossilcmd options is provided.
The /brlist web page allows the user to
select multiple branches to be displayed together in a single
The Forum provides a hyperlink on the author of each
post that goes to a timeline of recent posts by that same author.
Administrators can configure email alerts to expire
a specific number of days (ex: 365) after the last user contact with
the Fossil server. This prevents alert emails being sent to
abandoned email accounts forever.
Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07)
and 2.15.2 on (2021-06-15)
Patch 2.15.2: Fix the client-side TLS so that it verifies that the
server hostname matches its certificate. Upgrading to
the patch is recommended.
Patch 2.15.1: Fix a data exfiltration bug in the server. Upgrading to
the patch is recommended.
The default CSP has been relaxed slightly to allow
images to be loaded from any URL. All other resources are still
locked down by default.
The built-in skins all use the "mainmenu"
setting to determine the content of the main menu.
The ability to edit the
"mainmenu" setting is added on the /Admin/Configuration page.
The hamburger menu is now available on most of the built-in skins.
Any built-in skin named "X" can be used instead of the standard
repository skin by adding the URL parameter skin=X to the
request. The selection is persisted using the display
preferences cookie unless the "once" query parameter is also
included. The /skins page may be used to select a skin.
The /cookies page now gives the user an opportunity to delete
individual cookies. And the /cookies page is linked from the
/sitemap, so that it appears in hamburger menus.
The /sitemap extensions are now specified by a single new
rather than a cluster of various
"sitemap-*" settings. The older settings are no longer used.
This change might require minor server configuration
adjustments on servers that use /sitemap extensions.
The /Admin/Configuration page provides the ability to edit
the new "sitemap-extra" setting.
For diff web pages, if the diff type (unified versus side-by-side)
is not specified by a query parameter, and if the
setting is omitted or less than 1, then select the diff type based
on a guess of whether or not the request is coming from a mobile
device. Mobile gets unified and desktop gets side-by-side.
The various pages which show diffs now have toggles to show/hide
The fossil add command refuses to add files whose
names are reserved by Windows (ex: "aux") unless the --allow-reserved
option is included. This helps prevent unix users from accidentally
creating check-ins that are unreadable by Windows users.
Add the "re=" query parameter to the /dir webpage,
for symetry with the /tree page.
Update the built-in SQLite to version 3.35.0.
The ./configure script now has the --print-minimum-sqlite-version option
that prints the minimum SQLite version required by the current version
of Fossil. This might be used by integrators who insist on building
Fossil to link against the system SQLite library rather than the
built-in copy of SQLite, to verify that their system SQLite library
is recent enough.
Webpage that shows history of a wiki page
gained client-side UI to help with comparison between two arbitrary
versions of a wiki (by the means of anchoring a "baseline" version)
and the ability to squeeze several sequential edits made by the same
user into a single "recycled" row (the latest edit in that sequence).
Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07)
and 2.14.2 on (2021-06-15)
Patch 2.14.2: Fix the client-side TLS so that it verifies that the
server hostname matches its certificate. Upgrading to
the patch is recommended.<
Patch 2.14.1: Fix a data exfiltration bug in the server.
Upgrading to the patch is recommended.
Schema Update Notice #1:
This release drops a trigger from the database schema (replacing
it with a TEMP trigger that is created as needed). This
change happens automatically the first time you
add content to a repository using Fossil 2.14 or later. No
action is needed on your part. However, if you upgrade to
version 2.14 and then later downgrade or otherwise use an earlier
version of Fossil, the email notification mechanism may fail
to send out notifications for some events, due to the missing
trigger. If you want to
permanently downgrade an installation, then you should run
"fossil rebuild" after the downgrade
to get email notifications working again. If you are not using
email notification, then the schema change will not affect you in
Schema Update Notice #2:
This release changes how the descriptions of wiki edits are stored
in the EVENT table, for improved display on timelines. You must
run "fossil rebuild" to take advantage of
this enhancement. Everything will still work without
"fossil rebuild", except you will get goofy descriptions of
wiki updates in the timeline.
The "fossil clone" command is enhanced so that
if the repository filename is omitted, an appropriate name is derived
from the remote URL and the newly cloned repo is opened. This makes
the clone command work more like Git, thus making it easier for
people transitioning from Git.
Added support for embedding pikchr
markup in markdown and fossil-wiki content.
The new "pikchr" command can render
pikchr scripts, optionally pre-processed with
TH1 blocks and variables exactly like
site skins are.
The new pikchrshow page provides an
editor and previewer for pikchr markup.
In /wikiedit and
/fileedit, Ctrl-Enter can now be used
initiate a preview and to toggle between the editor and preview
The /artifact and /file views, when in
line-number mode, now support interactive selection of a range
of lines to hyperlink to.
Enhance the /finfo webpage so that when query
parameters identify both a filename and a checkin, the resulting
graph tracks the identified file across renames.
The built-in SQLite is updated to an alpha of version 3.34.0, and
the minimum SQLite version is increased to 3.34.0 because the
/finfo change in the previous bullet depends on enhancements to
recursive common table expressions that are only available in
SQLite 3.34.0 and later.
Countless other minor refinements and documentation improvements.
Changes for Version 2.12.1 (2020-08-20)
(2.12.1): Fix client-side vulnerabilities discovered by Max Justicz.
Security fix in the "fossil git export" command.
The same fix is also backported to version 2.10.1 and 2.11.1.
New "safety-net" features were added to prevent similar problems
in the future.
Enhancements to the graph display for cases when there are
many cherry-pick merges into a single check-in.
Enhance the fossil open command with the new
--workdir option and the ability to accept a URL as the repository
name, causing the remote repository to be cloned automatically.
Do not allow "fossil open" to open in a non-empty working directory
unless the --keep option or the new --force option is used.
Enhance the markdown formatter to more closely follow the
with regard to text highlighting.
Underscores in the middle of identifiers (ex: fossil_printf())
no longer need to be escaped.
The markdown-to-html translator can prevent unsafe HTML
(for example: <script>) on user-contributed pages like forum and
tickets and wiki. The admin can adjust this behavior using
the safe-html setting on the Admin/Wiki page.
The default is to disallow unsafe HTML everywhere.
Added the "collapse" and "expand" capability for long forum posts.
The "fossil remote" command now has options for
specifying multiple persistent remotes with symbolic names. Currently
only one remote can be used at a time, but that might change in the
Add the "Remember me?" checkbox on the login page. Use a session
cookie for the login if it is not checked.
Added the experimental "fossil hook" command for
managing "hook scripts" that run before checkin or after a push.
Enhance the fossil revert command so that it
is able to revert all files beneath a directory.
Added the "--minN" and "--logfileFILENAME"
flags to the backoffice command, as well as other
enhancements to make the backoffice command a viable replacement for
automatic backoffice. Other incremental backoffice improvements.
Added the /fileedit page, which allows
editing of text files online. Requires explicit activation by
a setup user.
Translate built-in help text into HTML for display on web pages.
On the /timeline webpage, the combination
of query parameters "p=CHECKIN" and "bt=ANCESTOR" draws all
ancestors of CHECKIN going back to ANCESTOR. For example,
/timeline?p=202006271506&bt=version-2.11 shows all ancestors
of the checkin that occured on 2020-06-27 15:06 going back to
the 2.11 release.
Update the built-in SQLite so that the
"fossil sql" command supports new output
modes ".mode box" and ".mode json".
Add the "obscure()" SQL function to the
"fossil sql" command.
Added virtual tables "helptext" and "builtin" to
the "fossil sql" command, providing access to the
dispatch table including all help text, and the builtin data files,
The wiki editor has been modernized and is
now Ajax-based. The WYSIWYG editing option for Fossil-format wiki
pages was removed. (Please let us know, via the site's Forum menu,
if that removal unduly impacts you.) This also changes the semantics
of the wiki "Sandbox": that pseudo-page may be freely edited but
no longer saved via the UI (the wiki CLI command
The allow-symlinks setting no longer
syncs. It must be activated individually on any clones which require
Countless documentation enhancements.
Changes for Version 2.11 (2020-05-25)
(2.11.2): Backport security fixes from 2.12.1
(2.11.1): Backport security fix for the "fossil git export" command.
Support Markdown in the default ticket configuration.
Timestamp strings in object names
can now omit punctation. So, for example, "202004181942" and
"2020-04-18 19:42" mean the same thing.
Enhance backlink processing so that it works with Markdown-formatted
tickets and so that it works for wiki pages.
"fossil rebuild" is needed to
take full advantage of this fix. Fossil will continue
to work without the rebuild, but the new backlinks will be missing.
Add an option on the /Admin/Timeline setup page to set a default
timeline style other than "Modern".
In embedded documentation, hyperlink URLs
of the form "/doc/$CURRENT/..." the "$CURRENT" text is translated
into the check-in hash for the document currently being viewed.
Added the /phantoms webpage that shows all
Enhancements to phantom processing to try to reduce
bandwidth-using chatter about phantoms on the sync protocol.
Security: Fossil now assumes that the schema of every
database it opens has been tampered with by an adversary and takes
extra precautions to ensure that such tampering is harmless.
Security: Fossil now puts the Content-Security-Policy in the
HTTP reply header, in addition to also leaving it in the
HTML <head> section, so that it is always available, even
if a custom skin overrides the HTML <head> and omits
the CSP in the process.
Output of the fossil diff -y command automatically
adjusts according to the terminal width.
Merge conflicts caused via the merge and
update commands no longer leave temporary
files behind unless the new --keep-merge-files flag
The /artifact_stats page is now accessible
to all users if the new "artifact_stats_enable" setting is turned
on. There is a new checkbox under the /Admin/Access menu to turn
that capability on and off.
Add the fossil tls-config command for viewing
the TLS configuration and the list of SSL Cert exceptions.
Captchas all include a button to read the captcha using an audio
file, so that they can be completed by the visually impaired.
Stop using the IP address as part of the login cookie.
Bug fix: fix the SSL cert validation logic so that if an exception
is allowed for particular site, the exception expires as soon as the
cert changes values.
Bug fix: the FTS search into for forum posts is now kept up-to-date
Bug fix: the "fossil git export" command is now working on Windows
Bug fix: display Technote items on the timeline correctly
Bug fix: fix the capability summary matrix of the Security Audit
page so that it does not add "anonymous" capabilities to the
Update internal Unicode character tables, used in regular expression
handling, from version 12.1 to 13.
Many documentation enhancements.
Many minor enhancements to existing features.
Changes for Version 2.10 (2019-10-04)
(2.10.2): backport security fixes from 2.12.1
(2.10.1): backport security fix for the "fossil git export" command.
The check-in lock interval is reduced from 24 hours to 60 seconds,
though the interval is now configurable using a setting.
An additional check for conflicts is added after interactive
check-in comment entry, to compensate for the reduced lock interval.
For the "fossil update" and
"fossil checkout" commands, if a
managed file is removed because it is no longer part of the target
check-in and the directory containing the file is empty after the
file is removed and the directory is not the current working
directory and is not on the empty-dirs
list, then also remove the directory.
Update internal Unicode character tables, used in regular expression
handling, from version 11.0 to 12.1.
In "fossil regexp", "fossil grep"
and the TH1 "regexp" command, the -nocase option now removes multiple
diacritics from the same character (derived from SQLite's
Added the /secureraw page that requires the
complete SHA1 or SHA3 hash, not just a prefix, before it will deliver
Accept purely numeric ISO8601 date/time strings as long as they
do not conflict with a hash. Example: "20190510134217" instead of
"2019-05-10 13:42:17". This helps keep URLs shorter and less
Support both "1)" and "1." for numbered lists in markdown, as
The sync and clone HTTP requests omit the extra /xfer path element
from the end of the request URI. All servers since 2010 know that
the HTTP request is for a sync or clone from the mimetype so the
extra path element is not needed.
If an automatic sync gets a permanent redirect request, then update
the saved remote URL to the new address.
Temporary filenames (for example used for external "diff" commands)
try to preserve the suffix of the original file.
Enhanced parsing of /timeline query parameters
"ymd=", "ym=", and "yw=". All arguments are option (in which case they
default to the current time) and all accept ISO8601 date/times without
Automatically disapprove pending moderation requests for a user when
that user is deleted. This helps in dealing with spam-bots.
Improvements to the "Capability Summary" section in the
Security Audit web-page.
Use new "ci-lock" and "ci-lock-failed" pragmas in the
sync protocol to try to prevent accident forks
caused by concurrent commits when operating in auto-sync mode.
Fix a bug (details)
that can cause repository databases to be overwritten with debugging
output, thus corrupting the repository. This is only a factor when
CGI debugging is enabled, and even then is a rare occurrence, but it is
obviously an important fix.
Changes for Version 2.8 (2019-02-20)
Show cherry-pick merges as dotted lines on the timeline graph.
→ The "fossil rebuild" command must be run to create and
populate the new "cherrypick" table in the repository in order
for this feature to operate.
Add the ability to associate branches, check-ins, and tags with
specially-named Wiki pages. This gives the ability to better
document branches and tags, and provide more documentation on
check-ins beyond the check-in comment. The associated Wiki is
automatically displayed on /info pages for check-ins, and on
/timeline?r=BRANCH and /timeline?t=TAG pages for branches and
tags. This feature is on by default, but can be disabled in on
the Admin/Wiki page.
Enhance the repository list page (shown for example by
"fossil all ui") so that it shows the name and last check-in
time for each project. The implementation of the repository
list page is now broken out into a separate source file (repolist.c).
Allow users with Forum Supervisor permission ('6') to add Forum
Write Trusted permission ('4') to users as they are approving a
forum post by that user.
When running a bisect, report the number of check-ins still in
the search range and the estimated number of bisect steps remaining.
Do this at each step of the bisect.
Provide a permanent link to a bisect timeline using the bid= query
Make the chronological forum display feature available to all users,
and make it the default format on mobile devices.
Break out Wiki setup into a separate /setup_wiki page, accessible
on the standard menus through Admin/Wiki.
Add "Next" and "Previous" buttons on the /wdiff page, allowing
the user to step through the versions of a wiki page.
Improve the display of the /whistory page.
Omit the "HH:MM" timestamps on timeline graphs on narrow-screen
devices, to improve horizontal space uses. This helps make Fossil
Enhance /wcontent to show a sortable list of Wiki pages together
with the number of revisions and the most recent change time for
Hyperlinks to Wiki pages on the /timeline go to the specific
version of the Wiki page named in the timeline, not to the latest
Enhancements to the "amend", "tag", and "reparent" commands, including
adding options --override-date, --override-user, and --dry-run.
Add the global --comment-format command-line option and the
comment-format setting to control the display of the command-line
Change the "fossil reparent" command so that it only works from
within an active checkout.
On the /setup_ucap_list, show administrators how many users have
each capability. The counts are a hyperlink to the /setup_ulist
page showing the subset of users that have that capability.
Provide the ability to redirect all HTTP pages to HTTPS. Formerly
one could cause this to occur for the /login page only. That option
still exists, but the redirect can now also be done for all pages.
leading and trailing whitespace.
Detect when the repository used by a checkout is swapped out for
a clone that uses different RID values, and make appropriate adjustments
to the checkout database to avoid any problems.
Add the backoffice-disable setting to completely disable the
Update the built-in SQLite to version 3.27.1.
Various other small enhancements to webpages and documentation.
Changes for Version 2.7 (2018-09-22)
Add the email alerts feature for commits, ticket
changes, wiki changes, forum posts, and announcements. This is
still a work in progress. It is functional, but it is not as easy to
setup and use as it ought to be.
Add new user capabilities letters needed to support alerts and forum.
Formerly, user capabilities were letters from [a-z], but with the
enhancements, the supply of lower case letters was exhausted.
User capabilities are now letters in [a-zA-Z0-9].
The built-in skins are now responsive, providing better layout on
small screens, including mobile devices.
The default skin now includes a hamburger menu that is generated
by the /sitemap page.
All of the built-in skins now use a
Content Security Policy (CSP)
to help prevent cross-site injection and forgery attacks. There are no known
vulnerabilities in Fossil. The added CSP does not fix anything; it merely adds
another layer of defense.
The /sitemap and other list pages show as multiple columns if
the viewing window is wide enough.
There is an optional "js" file for each skin that can be used to
included in the header or footer.
Some code and interfaces are in place to support sending and
receiving email directly via SMTP, but this feature is not yet
complete or ready for production use.
The `mv-rm-files` setting is now compiled into Fossil in the
default Fossil configuration; no longer must you say
./configure --with-legacy-mv-rm to make it available. The
setting remains disabled by default, however, so you must still say
fossil set mv-rm-files 1 to enable it on each repository
where you want hard mv/rm behavior.
Changes for Version 2.6 (2018-05-04)
Fix a bug that was causing crashes while trying to clone the TCL
repository. This fix is the main reason for the current release.
Added the new "Classic" timeline viewing mode. "Classic" is the
same as "Verbose" in the previous release. The "Verbose" mode is
now like "Compact" except the extra check-in details are shown by
Add support for ETags:, Last-Modified:, and If-Modified-Since:
cache control mechanisms.
Enhance the /tarball,
/sqlar pages so that the checkin
name to be downloaded can be expressed as part of the URI,
and without the need for query parameters.
On the /timeline webpage, add the days=N
query parameter and enhance the ymd=DATE and yw=DATE query parameters
to accept 'now' as an argument to show the latest day or week.
In the web page that comes up in response to the
fossil all ui command, show the last modification
time for each repository, and allow click-to-sort on the modification
In the tarball cache replacement algorithm, give extra weight to
tarballs that have been accessed more than once.
Additional defenses against web-based attacks. There have not been
any known vulnerabilities. We are just being paranoid.
Update the built-in SQLite to an alpha version of 3.24.0.
Changes for Version 2.5 (2018-02-07)
Numerous enhancements to the look and feel of the web interface.
Especially: Added separate "Modern", "Compact", "Verbose", and
"Columnar" view options on timelines.
Common display settings (such as the "view" option and the number
of rows in a timeline) are held in a cookie and thus persist
across multiple pages.
Rework the skin editing process so that changes are implemented
on one of nine /draft pages, evaluated, then merged back to the
Fossil now automatically generates the
at the beginning of each web page if the configurable header
lacks a <body> tag.
Added the /artifact_stats page, currently accessible only by
Upgrade to the latest versions of SQLite and OpenSSL.
Improved key bindings on the Tk diff screen generated by
"fossil diff --tk".
script files. This is a step along the
road toward supporting a strict Content Security Policy. More work
is to be done.
Initial infrastructure is in place to make use of the pledge()
system call in OpenBSD. More work is to be done.
Changes for Version 2.4 (2017-11-03)
New feature: URL Aliases. URL Aliases allow an administrator
to define their own URLs on the web interface that are rewritten to
built-in URLs with specific parameters. Create and configure URL Aliases
using the /Setup/URL_Aliases menu option in the web interface.
Add tech-note search capability.
Add the -r|--revision and -o|--origin options to the
Add the origin= query parameter to the /annotate
The fossil annotate command and the
/annotate web page go backwards in time as far
as can be computed in 30 milliseconds by default, rather than stopping
after 20 steps. The new limit= query parameter or the --limit command-line
option can be used to alter this timeout.
Added the "Search" button to the graphical diff generated by
the --tk option on the diff command.
Added the "--checkin VERSION" option to the
Various performance enhancements to the diff command.
Update internal Unicode character tables, used in regular expression
handling, from version 8.0 to 9.0.
Update the built-in SQLite to version 3.15. Fossil now requires
the SQLITE_DBCONFIG_MAINDBNAME interface of SQLite which is only available
in SQLite version 3.15 and later and so Fossil will not work with
earlier SQLite versions.
Enhance the /finfo page so that when it is showing
the ancestors of a particular file version, it only shows direct
ancestors and omits changes on branches, thus making it show the same set
of ancestors that are used for /blame.
Change the auxiliary schema by adding columns MLINK.ISAUX and MLINK.PMID
columns to the schema, to support better drawing of file change graphs.
A fossil rebuild is recommended but is not required.
so that the new graph drawing logic can work effectively.
Added search over Check-in comments, Documents, Tickets and
Wiki. Disabled by default. The search can be either a full-scan or it
can use an index that is kept up-to-date automatically. The new
/srchsetup web-page and the fts-config command
were added to help configure the search capability. Expect further
enhancements to the search capabilities in subsequent releases.
Added form elements to some submenus (in particular the /timeline)
for easier operation.
Enhance the /tree webpage to show the age of each file with the option
to sort by age.
Enhance the /brlist webpage to show additional information about each branch
and to be sortable by clicking on column headers.
Add support for Docker. Just install docker and type
"sudo docker run -d -p 8080:8080 nijtmans/fossil" to get it running.
Add the fossil fusefs DIRECTORY command that mounts a
Fuse Filesystem at the given DIRECTORY and populates it with read-only
copies of all historical check-ins. This only works on systems that
Add the administrative log that records all configuration.
Most commands now issue errors rather than silently ignoring unrecognized
Use full 40-character SHA1 hashes (instead of abbreviations) in most
The "ssh:" sync method on Windows now uses "plink.exe" instead of "ssh" as
the secure-shell client program.
Prevent a partial clone when the connection is lost.
Make the distinction between 301 and 302 redirects.
Allow commits against a closed check-in as long as the commit goes onto
a different branch.
Improved cache control in the web interface reduces unnecessary requests
for common resources like the page logo and CSS.
Fix a rare and long-standing sync protocol bug
that would silently prevent the sync from running to completion. Before
this bug-fix it was sometimes necessary to do "fossil sync --verily" to
get two repositories in sync.
Added the "$secureurl" TH1 variable for use in headers and footers.
(Internal:) Add the ability to include resources as separate files in the
source tree that are converted into constant byte arrays in the compiled
binary. Use this feature to store the Tk script that implements the --tk
diff option in a separate file for easier editing.
(Internal:) Implement a system of compile-time checks to help ensure
the correctness of printf-style formatting strings.
Fix CVE-2014-3566, also known as the POODLE SSL 3.0 vulnerability.
Numerous documentation fixes and improvements.
Other obscure and minor bug fixes - see the timeline for details.
Changes For Version 1.29 (2014-06-12)
Add the ability to display content, diffs and annotations for UTF16
text files in the web interface.
Add the "SaveAs..." and "Invert" buttons
to the graphical diff display that results
from using the --tk option with the fossil diff command.
The /reports page now requires Read ("o") permissions. The "byweek"
report now properly propagates the selected year through the event type
When cloning a repository, the user name passed via the URL (if any)
is now used as the default local admin user's name.
Enhance the SSH transport mechanism so that it runs a single instance of
the "fossil" executable on the remote side, obviating the need for a shell
on the remote side. Some users may need to add the "?fossil=/path/to/fossil"
query parameter to "ssh:" URIs if their fossil binary is not in a standard
Add the "fossil blame" command that works just like
"fossil annotate" but uses a different output format that includes the
user who made each changes and omits line numbers.
Add the "Tarball and ZIP-archive Prefix" configuration parameter under
Fix CGI processing so that it works on web servers that do not
Add options --dirsonly, --emptydirs, and --allckouts to the
"fossil clean" command.
Ten-fold performance improvement in large "fossil blame" or
"fossil annotate" commands.
Option -n|--limit of "fossil timeline" now
specifies the number of entries, just like all other commands which
have the -n|--limit option. The various timeline-related functions
now output "--- ?? limit (??) reached ---" at the end whenever
appropriate. Use "-n 0" if no limit is desired.
Fix handling of password embedded in Fossil URL.
New --once option to fossil clone command
which does not store the URL or password when cloning.
Modify fossil ui to respect "default user" in an open
Fossil now hides check-ins that have the "hidden" tag in timeline webpages.
Enhance /ci_edit page to add the "hidden" tag to check-ins.
Advanced possibilities for commit and ticket change notifications over
http using TH1 scripting.
Add --sha1sum and --integrate options
to the "fossil commit" command.
Add the "clean" and "extra" subcommands to the
"fossil all" command
Add the --whatif option to "fossil clean" that works the
same as "--dry-run",
so that the name does not collide with the --dry-run option of "fossil all".
Provide a configuration option to show dates on the web timeline
as "YYMMMDD HH:MM"
Add an option to the "stats" webpage that allows an administrator to see
the current repository schema.
Enhancements to the "/vdiff" webpage for more difference
Added the "/tree" webpage as an alternative
to "/dir" and make it the default way of showing file lists.
Send gzipped HTTP responses to clients that support it.
New --integrate option to fossil merge, which
automatically closes the merged branch when committing.
Renamed /stats_report page to /reports. Graph width is now
relative, not absolute.
Added yw=YYYY-WW (year-week) filter to timeline to limit the results
to a specific year and calendar week number, e.g. /timeline?yw=2013-01.
Updates to SQLite to prevent opening a repository file using file descriptors
1 or 2 on Unix. This fixes a bug under which an assertion failure could
overwrite part of a repository database file, corrupting it.
Added support for unlimited line lengths in side-by-side diffs.
New --close option to fossil commit, which
immediately closes the branch being committed.
Cherry-pick merges are recorded internally (though no yet displayed on the
Bring in the latest versions of SQLite, zlib, and autosetup from upstream.
Changes For Version 1.25 (2013-02-16)
Enhancements to ticket processing. There are now two tables: TICKET and
TICKETCHNG. There is one row in TICKETCHNG for each ticket artifact.
Fields from ticket artifacts go into either or both of TICKET and
TICKETCHNG, whichever contain matching column names. Default ticket
edit and viewing scripts are updated to use TICKETCHNG. The TH1
scripting language is enhanced to support this, including the new
"query" command for doing SQL queries against the repository database.
All changes should be backwards compatible.
Add the ability to moderate ticket and wiki changes. Unmoderated changes
do not sync and may be deleted by the moderator if found to contain spam
or other objectionable content.
that node. Then clicking on a second node shows a diff between the
two nodes. Clicking on the selected node unselects it.
Warn of unresolved merge conflicts in "fossil status" and disallow
commits of unresolved conflicts unless the --allow-conflict option
sorts by the indicated column.
Add the "fossil cat" command which is basically an alias for
"fossil finfo -p".
Hyperlinks with the class "button" are rendered as submenu buttons
on embedded documentation.
The check-in comment editor on Windows now defaults to NotePad.exe.
Correctly deal with BOMs in check-in comments. Also attempt to convert
check-in comments to UTF8 from other encodings.
Allow the deletion of multiple stash entries using multiple arguments
to the "fossil stash rm" command.
Enhance the "fossil server DIRECTORY" command to serve static content
files contained in DIRECTORY. For security, only files with a
recognized suffix (such as *.html, *.jpg, *.txt, etc) will be delivered
as static content, and *.fossil files are not on the list of recognized
suffixes. There are additional restrictions on the names of the files.
Allow the "fossil ui" command to specify a directory as long as the
the --notfound option is used.
Add a configuration option that causes timeline messages to be rendered
as text/x-fossil-plain (which is the same as text/plain except that
hyperlinks inside of [...] are decorated.)
Only decorate [...] in check-in comments and tickets
if the contented text really is a valid hyperlink target.
Improvements to the side-by-side diff algorithm, for a more
human-friendly display in some complex cases.
Added [utime] and [stime] commands to TH1. These
commands can be used for things such as displaying the page rendering
time in the footer.
Add the ability to pass command-line options of "fossil rebuild" to
"fossil all rebuild".
Add the --deanalyze option to "fossil rebuild" (and "fossil all rebuild")
Do not run the graphical merging tool nor leave merge-droppings after a
dry-run merge. Display an improved merge-summary message at the end of
Add options to "fossil commit" to override the various sanity checks.
Options added: --allow-empty, --allow-fork, --allow-older, and
Optionally require a CAPTCHA (controlled by a setting on the
Admin/Access webpage) when a user who is not logged in tries to
edit wiki, or a ticket, or an attachment.
Improvements to the "ssh://" sync protocol, to help it move past
noisy motd comments.
Add the uf=FILE-SHA1-HASH query parameter to the timeline, causing the
timeline to show only check-ins that contain the specific file identified
by FILE-SHA1-HASH. ("uf" stands for "uses file".)
Enhance the file change annotator so that it follows the file across
Fix the server-side of the sync protocol so that it will not generate
a delta loop when a file changes from its original state, through two
or more intermediate states, and back to the original state, all within
a single sync.
Show much less output during a sync operation, unless the --verbose
option is used.
as an addition defense against spam-bots.
Disallow invalid UTF8 characters (such as characters in the surrogate
pair range) in filenames.
Judge the UserAgent strings issued by the NetSurf webbrowser to be
coming from a human, not from a bot.
Add the zlib sources to the Fossil source tree (under compat/zlib) and
use those sources when compiling on (Windows) systems that do not have
a zlib library installed by default.
Prompt the user with the option to convert non-UTF8 files into UTF8
Allow the characters *? in filenames.
Allow the --context option on diff commands to have a value of 0.
Added the "dbstat" command.
Enhanced "fossil merge" so that if the VERSION argument is omitted, Fossil
tries to merge any forks of the current branch.
Improved detection of forks in a commit race.
Added the --analyze option to "fossil rebuild".
Changes For Version 1.24 (2012-10-22)
Added support for WYSIWYG editing of wiki pages. WYSIWYG is turned off
by default and can be turned on by setting a configuration option.
Allow style= attribute to occur in HTML markup on wiki pages.
Added the --tk option to the "fossi diff" and "fossil stash diff"
commands, causing color-coded diff output to be displayed in a Tcl/Tk
GUI window. This option only works if Tcl/Tk is installed on the
On Windows, make the "gdiff" command default to use WinDiff.exe.
Update the "fossil stash" command so that it always prompts for a
comment if the -m option is omitted.
Enhance the timeline webpages so that a=, b=, c=, d=, p=, and dp=
query parameters (and others) can all accept any valid check-in name
(such as branch names or labels) instead of just SHA1 hashes.
Added the "fossil stash show" command.
Added the "fileage" webpage with links to this page from the check-in
information page and from the file browser.
Added --age and -t options to the "fossil ls" command.
Added the --setmtime option to "fossil update". When used, the mtime
of all managed files is set to the time when the most recent version of
the file was checked in.
Changed the "vdiff" webpage to show the complete text of files that
were added or removed (the equivalent of using the -N or --newfile
options with the "fossil diff" command-line.)
Added the --temp option to "fossil clean" and "fossil extra", causing
those commands to only look at temporary files generated by Fossil,
such as merge-conflict reports or aborted check-in messages.
Enhance the raw page download so that it can guess the mimetype of
attachments based on the filename.
Change the behavior of the from= and to= query parameters on the
timeline page so that by default the path between the two specified
check-ins avoids merges.
Add the --baseurl option to "fossil server" and "fossil http" commands,
so that those commands can be used with reverse proxies.
If unable to determine the command-line user, do not guess. Instead
issue an error message. This helps prevent check-ins from accidentally
occurring under the wrong username.
Include branch information in the output of file change listings
(the "finfo" webpage).
Make the simplified view of file history, rather than the full view,
In the "fossil configuration" command, allow the "css" option for
synchronizing, importing, or exporting just the CSS file. This makes
it easier to share CSS files across repositories by exporting from
one and importing to another.
Add the (unsupported) "fossil test-orphans" command.
Add the --template option to the "fossil init" command, to facilitate
creating new repositories based on a template repository.
Add the diff-binary setting, which if enabled causes binary files to
be passed to the "gdiff" command for it to deal with, rather than simply
printing a "cannot diff binary files" error.
Add the --unified option to the "fossil diff" command to force a unified
diff even if the --tk option (which normally implies a side-by-side diff)
Present a choice of nearby branches and versions to diff against on the
check-in information page.
Add the --force option to the "fossil merge" command that will force the
merge to occur even if it would be a no-op. This is sometimes useful for
Add another built-in skin: "Enhanced Default". Other minor tweaks to
the existing skins.
Add the "urllist" webpage, showing a list of URLs by which a server
instance of Fossil has been accessed. Requires "Administrator" privileges.
A link is on the "Setup" main page.
Enable dynamic loading of the Tcl runtime for installations that want
to use Tcl as part of their configuration. This reduces the size of
the Fossil binary and allows any version of Tcl 8.4 or later to be used.
Merge the latest SQLite changes from upstream.
Lots of minor bug fixes.
Changes For Version 1.23 (2012-08-08)
The default checkout database name is now ".fslckout" instead of
"_FOSSIL_" on Unix. Both names continue to work.
Added the "fossil all changes" command
Added the --ckout option to the "fossil all list" command
Added the "public-pages" glob pattern that can be configured to allow
anonymous users to see embedded documentation on sites where source
code should not be accessible to anonymous users.
Allow multiple --tag options on the same "fossil commit" command.
Change the meaning of the --bgcolor option for "fossil commit" to only
change the color for that one commit. The new --branchcolor option
is available to set a persistent background color.
Add the branch= query parameter to the vdiff page and the --branch option
to the "fossil diff" command.
Check-in names of the form "root:BRANCH" now refer to the origin of
the branch. Hence to see all changes in a branch, use
"fossil diff --from root:BRANCH --to BRANCH". The --branch option on
the diff command is an alias for the same.
Add the ability to configure ad-units to be displayed between the menu
bar and the content.
Add the ability to set a background image as part of server configuration.
Allow partial commits of cherrypick merges.
Updates against an uncommitted merge are now a warning, not a fatal error.
Prompt the user to continue if a check-in comment is unedited.
Fixes to case sensitivity settings with the /dir webpage.
Repositories now try to remember the locations of all checkouts and
web-access URLs and display this information with the
"fossil info $REPO" command.
Improved defense against spiders: The src= attribute of
Enhanced formatting of the user list page.
If a file named in "fossil add" is missing, that is now a warning instead
of a fatal error.
Fix side-by-side diff so that it displays correctly with
multi-byte UTF8 characters.
Performance improvements in the diff logic.
Other performance tweaks and documentation updates.
Changes For Version 1.22 (2012-03-17)
Greatly improved "diff" processing including the new --brief option,
partial line matching, colorized in-line diffs, and better performance.
Promote "allow-symlinks" to a versionable setting
Harden the CGI processing logic against DOS attacks
Add the ability to run TH1 scripts after sync requests
Store the repository name in _FOSSIL_ as it is type in the "open" command,
possibly as a relative pathname.
Make ".fslckout" the alternative name for the "_FOSSIL_" file.
Change the "ssh:" transfer method to allow all access regardless of
Improvements to the timeline messages associated with tag changes.
(Requires a "fossil rebuild" to take effect.)
Various additions and fixes for the JSON API.
Improved merge-with-rename handling.
--cherrypick merges use their origin's commit message by default.
Added support for multiple concurrent logins per user.
Update to use SQLite version 3.7.11.
Various minor bug fixes.
Changes For Version 1.21 (2011-12-13)
Added side-by-side diffs in the command-line interface
Automatically enable hyperlinks if the UserAgent string in the
HTTP header suggests that the requestor is a human and not a bot.
Show only commonly used commands with "fossil help". Use
"fossil help --all" to see the complete list now.
Improvements to the "stash" command: (1) Stash all files, not just
those below the working directory. (2) Add the --detail option to
"list". (3) Confirm before "drop --all". (4) Add the "help"
Add an Admin/Access setting to change the number of octets of the
IP address that are saved in login cookies - allowing this setting
to be changed to zero
Promote the "test-md5sum" command to "md5sum".
Added the "whatis" command.
Stop showing the server-code in status outputs - it is no longer used
Added a compile-time option (--with-tcl) to build in full Tcl scripting
support via integration with TH1.
Merged the JSON branch into trunk. Disabled by default. Enabled
by a compile-time option. Probably it will be enabled by default
in some future release.
Update to use SQLite version 3.7.9 plus the alignment fix for Sparc.
Changes For Version 1.20 (2011-10-21)
Added side-by-side diffs in HTML interface. [0bde74ea1e]
Added support for symlinks. (Controlled by "allow-symlinks" setting,
off by default). [e4f1c1fe95]
Fixed CLI annotate to show the proper file version in case there
are multiple equal versions in history. [e161670939]
Timeline now shows tag changes (requires rebuild).[87540ed6e6]
Fixed annotate to show "more relevant" versions of lines in
some cases. [e161670939]
Added -R REPOFILE support to several more CLI commands. [e080560378]
Generated tarballs now have constant timestamps, so they are
always identical for any given check-in. [e080560378]
A number of minor HTML-related tweaks and fixes.
Added --args FILENAME global CLI argument to import arbitrary
CLI arguments from a file (e.g. long file lists). [e080560378]
Fixed significant memory leak in annotation of files with long
Added warnings when a merge operation overwrites local copies
(UNDO is available, but previously this condition normally went
silently unnoticed). [39f979b08c]
Improved performance when adding many files. [a369dc7721]
Improve merges which contain many file renames. [0b93b0f958]
Added protection against timing attacks. [d4a341b49d]
Firefox now remembers filled fields when returning to forms. [3fac77d7b0]
Added the --stats option to the rebuild command. [f25e5e53c4]
RSS feed now passes validation. [ce354d0a9f]
Show overridden user when entering commit comment. [ce354d0a9f]
Made rebuilding from web interface silent. [ce354d0a9f]
Now works on MSVC with repos >2GB. [6092935ff2]
A number of code cleanups to resolve warnings from various compilers.
Update the built-in SQLite to version 3.7.9 beta.
Changes For Version 1.19 (2011-09-02)
Added a ./configure script based on autosetup.
Added the "fossil winsrv" command
for creating a Fossil service on Windows systems.
Added "versionable settings" where settings that affect
the local tree can be stored in versioned files in the
Background colors for branches are chosen automatically if no
color is specified by the user.
The status, changes and extras commands now show
pathnames relative to the current working directory,
unless overridden by command line options or the
"relative-paths" setting. WARNING: This
change will break scripts which rely on the current
output when the current working directory is not the
Added "empty-dirs" versionable setting.
Added support for client-side SSL certificates with "ssl-identity"
setting and --ssl-identity option.
Added "ssl-ca-location" setting to specify trusted root
Added the --case-sensitive BOOLEAN command-line option to many commands.
Default to true for Unix and false for Windows.
Added the "Color-Test" submenu button on the branch list web page.
Compatibility improvements to the git-export feature.
Performance improvements on SHA1 checksums
Update to the latest SQLite version 3.7.8 alpha.
Fix the tarball generator to work with very log pathnames
Changes For Version 1.18 (2011-07-14)
Added this Change Log
Added sequential version numbering
Added a optional configure script - the Makefile still works for most
Improvements to the "annotate" algorithm: only search primary
ancestors and ignore branches.
Update the "scrub" command to remove traces of login-groups and
Added the --type option to the "fossil tag find" command.
In contexts where only a check-in makes sense, resolve branch and
tag names to checkins only, never events or other artifacts.
Improved display of file renames on a diff. A rebuild is required
to take full advantage of this change.