Release Notes

Features and bugfixes in our latest releases. Please see the Download page for links to source and binaries.

Note that Mercurial follows a time-based release plan with major releases every three months and minor (bugfix) releases on the first of every month (see TimeBasedReleasePlan).

{i} Be sure to read the upgrade notes when upgrading.

(See the archive for older versions)

1. Mercurial 4.4.2 (2017-12-01)

This is a regularly-scheduled bugfix release.

1.1. Notable changes

1.1.1. Stricter command option parsing

Mercurial can now optionally parse "early" options (-R/--repository, --cwd, --config, --debugger, and --profile) more strictly, for more secure integration with tools that invoke 'hg' commands. Setting HGPLAIN=+strictflags will parse these options more strictly, which prevents them from being injected as arguments to other flags.

1.2. Bug fixes

1.3. Performance improvements

2. Mercurial 4.4.1 (2017-11-07)

2.1. Notable changes

It is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked in to the repository in Mercurial 4.4 and earlier. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

3. Mercurial 4.4 (2017-11-01)

3.1. Notable changes

3.1.1. Control whitespace settings for annotation on hgweb

/annotate URLs on hgweb now accept query string arguments to influence how whitespace changes impact results.

The arguments "ignorews," "ignorewsamount," "ignorewseol," and "ignoreblanklines" now have the same meaning as their [annotate] config section counterparts. Any provided setting overrides the server default.

HTML checkboxes have been added to the paper and gitweb themes to expose current whitespace settings and to easily modify the current view.

3.1.2. Fast, heuristic copy-tracing

A new fast heuristic algorithm for copytracing which assumes that the files moves are either:

  1. renames in the same directory
  2. moves in other directories with same names

You can use this algorithm by setting 'experimental.copytrace=heuristics'. This setting performs full copytracing if both source and destination branches contains non-public changesets only.

3.1.3. Other changes

3.2. Backwards Compatibility Changes

3.3. Bug Fixes

3.4. Performance Improvements

3.5. API Changes

3.5.1. remove peer.batch()

Replace with peer.iterbatch().

3.5.2. Other Changes

4. Mercurial 4.3.3 (2017-10-01)

5. Mercurial 4.3.2 (2017-09-18)

6. Mercurial 4.3 / 4.3.1 (2017-08-10)

(4.3.1 was released immediately after 4.3 to fix a release oversight.)

An overview of new features available. This is a regularly-scheduled quarterly feature release.

6.1. Notable changes

6.2. CVE-2017-1000115

Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.

6.3. CVE-2017-1000116

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with -oProxyCommand. This is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so please patch those tools as well if you have them installed.

7. Mercurial 4.2.3 (2017-08-10)

This was an out-of-cycle backport of security fixes from 4.3 for users stuck on Python 2.6.

8. Mercurial 4.2.2 (2017-07-05)

This is a regularly-scheduled bugfix release.

9. Mercurial 4.2.1 (2017-6-4)

This is a regularly-scheduled bugfix release.

10. Mercurial 4.2 (2017-5-2)

An overview of new features available. This is a regularly-scheduled quarterly feature release.

10.1. Notable changes

10.2. commands

10.3. core

10.4. extensions

10.5. hgweb

10.6. Behavior changes

10.7. Internal API changes

11. Mercurial 4.1.3 (2017-4-18)

This is an out of cycle release to address a security issue:

12. Mercurial 4.1.2 (2017-4-3)

This is a regularly-scheduled bugfix release.

13. Mercurial 4.1.1 (2017-3-2)

This is a regularly-scheduled bugfix release.

14. Mercurial 4.1 (2017-2-1)

An overview of new features available. This is a regularly-scheduled quarterly feature release.

14.1. commands

14.2. core

14.3. extensions

14.4. hgweb

14.5. chg

14.6. Behavior Changes

14.7. Internal API Changes

15. Mercurial 4.0.2 (2017-01-04)

This is a regularly-scheduled bugfix release.

16. Mercurial 4.0.1 (2016-12-1)

This is a regularly-scheduled bugfix release.

17. Mercurial 4.0 (2016-11-1)

An overview of new features available. This is a regularly-scheduled quarterly feature release. Unlike other 4.0 software releases, this is simply 3.9 + .1, so it should be the usual pain-free upgrade.

17.1. commands

17.2. core

17.3. extensions

17.4. hgweb