include security note for hg upgrade; some reordering

galaxyproject · May 12, 2016 · e0a9efc · e0a9efc
1 parent 93d1d56
commit e0a9efc
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 8 deletions.
diff --git a/doc/source/releases/16.04.rst b/doc/source/releases/16.04.rst
@@ -12,21 +12,19 @@ Enhancements
 
 .. major_feature
 
-* Overhaul of Tools and Jobs for 16.04
+* Overhaul of Tools and Jobs
   `Pull Request 1688`_
 * Implement an Embedded Pulsar Job Runner
   `Pull Request 2057`_
 * Use the API to install repositories instead of loading the
-  Tool Shed in an iframe.
+  Tool Shed in an iframe. (Beta)
   `Pull Request 1392`_
 
 .. feature
 
 * Phinch interactive environment
   (thanks to `@shiltemann <https://github.com/shiltemann>`__.)
   `Pull Request 1647`_
-* Basic tool error Sentry reporting.
-  `Pull Request 1900`_
 * Add iobio external display applications for BAM and VCF.
   `Pull Request 1926`_
 * add chemical datatypes
@@ -36,6 +34,10 @@ Enhancements
   `Pull Request 1463`_
 * Work toward automating release management.
   `Pull Request 1613`_
+* Basic tool error Sentry reporting.
+  `Pull Request 1900`_
+* disable 'hg push' to TS repositories
+  `Pull Request 2033`_
 
 .. enhancement
 
@@ -214,10 +216,6 @@ Enhancements
 * Better element_identifier handling in repeat sections
   (thanks to `@mvdbeek <https://github.com/mvdbeek>`__.)
   `Pull Request 2029`_
-* disable 'hg push' to TS repositories
-  `Pull Request 2033`_
-* Disable repo push for TS repositories
-  `Pull Request 2044`_
 * Pulsar-As-A-Dependency
   `Pull Request 2052`_
 * Simplify Workflow sharing menu

diff --git a/doc/source/releases/16.04_announce.rst b/doc/source/releases/16.04_announce.rst
@@ -59,6 +59,18 @@ API for history contents, index:
  * **deleted** and **visible**: are no longer parameters but are still accessible using
   ``q=deleted&qv=[True | False]&q=visible&qv=[True | False]``
 
+Security
+===========================================================
+Due to security fixes on the Mercurial_ side we had to update the hg version that
+both Galaxy and TS depend on because the fixes have not been backported to older versions.
+However this has broken the TS's ``hg push`` functionality as Mercurial changed their bundle
+format in a non-compatible manner. Given that we deprecated the ``hg push`` API
+functionality back in in 15.10 we decided to disable it fully from 16.01 (retroactively).
+
+**Only Tool Sheds newer than 16.01 should be deployed form now on.**
+
+.. _Mercurial: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
+
 
 Release Notes
 ===========================================================