This is a digest of the updates from several weeks of changelogs which are published upstream. This is an incomplete list as I've cherry-picked just the changes which I think will be of significant interest to end-users of Wikimedia's phabricator. Please see the upstream changelogs for a detailed overview of everything that's changed recently.

General

Bulk Editor

https://secure.phabricator.com/T13025 The bulk editor (previously sometimes called the "batch editor") has been rebuilt on top of modern infrastructure (EditEngine) and a number of bugs have been fixed.

You can now modify the set of objects being edited from the editor screen, and a wider range of fields (including "points" and some custom fields) are supported. The bulk editor should also handle edits of workboard columns with large numbers of items more gracefully.

Bulk edits can now be made silently (suppressing notifications, feed stories, and email) with bin/bulk make-silent. The need to run a command-line tool is a little clumsy and is likely to become easier in a future version of Phabricator, but the ability to act silently could help an attacker who compromised an account avoid discovery for an extended period of time.

Edits which were made silently show an icon in the timeline view to make it easier to identify them.

Webhooks

Herald now supports formally defining webhooks. You can configure webhooks in "firehose" mode (so they receive all events) or use Herald rules to call them when certain conditions are met.

Mail Stamps

Several users have requested a way to differentiate notifications triggered by an @mention from the deluge of regular task subscription notification emails. This feature should provide a very good solution. See T150766 for one such request.

Mail now supports "mail stamps" to make it easier to use client rules to route or flag mail. Stamps are pieces of standardized metadata attached to mail in a machine-parseable format, like "FRAGILE" or "RETURN TO SENDER" might be stamped on a package.

By default, stamps are available in the X-Phabricator-Stamps header. You can also enable them in the mail body by changing the Settings → Email Format → Send Stamps setting. This may be useful if you use a client like Gmail which can not act on mail headers.

Stamps provide more comprehensive information about object and change state than was previously available, and you can now highlight important mail which has stamps like mention(@alice) or reviewer(@alice).

See https://secure.phabricator.com/T13069 for additional discussion and plans for this feature.

Mute

You can now Mute Notifications for any object which supports subscriptions. This action is available in the right-hand column under Subscribe. Muting notifications for an object stops you from receiving mail from that object, except for mail triggered by Send me an email rules in Herald.

This feature is "on probation" and may be removed in the future if it proves more confusing than useful.

See https://secure.phabricator.com/T13068 for some discussion.

Task Close Date

Maniphest now explicitly tracks a closed date (and closing actor) for tasks. This data will be built retroactively by a migration during the upgrade. This will take a little while if you have a lot of tasks (see "Migrations" below).

The Maniphest search UI can now order by close date and filter tasks closed between particular dates or closed by certain users. The maniphest.search API has similar support, and returns this data in result sets. This data is also now available via Export Data.

For closed tasks, the main task list view now shows a checkmark icon and the close date. For open tasks, the view retains the old behavior (no icon, modified date).

Require secure mail

Herald rules can now Require secure mail. You can use this action to prevent discussion of sensitive objects (like security bugfixes) from being transmitted via email.

To use this feature, you'll generally write a Herald rule like this:

Global Rule for Revisions
When: 
[ Projects ][ include ][ Security Fix ]
Take actions:
[ Require secure mail ]

Users will still be notified that the corresponding object has been updated, but will have to follow a link in the mail to view details over HTTPS.

This may be useful if you use mailing lists with wide distributions or model sophisticated attackers as threats.

Note that this action is currently not stateful: the rule must keep matching every update to keep the object under wraps. This may change in the future. This flag may also support continuing to send mail content if GPG is configured in some future release.

I expect that we will utilize this feature to improve the secrecy of critical security bugs which are kept private until a security patch has been released.

Minor

• Slightly reduced the level of bleeding/explosions on the Maniphest burnup chart.
• Added date range filtering to activity logs, pull logs, and push logs.
• Push logs are now more human readable.
• "Assign to" should now work properly in the bulk editor.
• Fixed an issue with comment actions that affect numeric fields like "Points" in Maniphest.
• maniphest.edit should now accept null to unassign a task, as suggested by the documentation.
• GitLFS over SSH no longer fatals on a bad getUser() call.
• Commits and revisions may now Reverts <commit|revision> one another, and reverting or reverted changes are shown more clearly in the timeline.