Release Notes

All platforms - DevOps (.NET Core Server flavor): We replaced the WebSockets library we used for SignalR.

This translates into a more stable .NET Core server. The .NET Framework version of the server is not affected by these changes.

If you are using the DevOps features (the WebSocket connection) from outside the Plastic SCM Server (a bot or a plug not managed by the server itself), please pay attention to the changes:

Now the port you should connect your WebSocket to is defined in either WebAdminToolPort or WebAdminToolSslPort. It depends on whether you want or not SSL - as you can imagine by the name. But it has further implications:

- The WebAdminToolPort does NOT listen through SSL. You can only connect a WebSocket to it using the "ws://" schema. It also rejects all connections from outside localhost.

- The WebAdminToolSslPort ONLY listens through SSL. You can only connect a WebSocket to it using the "wss://" schema. It accepts all connections regardless of their origin. You also need to use TLS v1.2 to connect to the WebSocket.

Regarding the WebSocketServerPort setting:

- It is now deprecated. Soon it will no longer work.

- For new setups, it now has the same default value as WebAdminToolPort.

- It now behaves the same as WebAdminToolPort, including its limitations (no SSL, no connections from outside).

Regarding the WebSocketServerCertificatePath and WebSocketServerCertificatePassword settings:

- They no longer work.

- The certificate to connect to the secure WebSocket (through the WebAdminToolSslPort) is the same the WebAdmin uses. And that certificate is also the same your Plastic SCM uses for secure client connections.

Remember that the WebAdmin does NOT start listening through SSL if you don't have an SSL port defined in your network.conf configuration file. This is because the WebAdmin uses the same certificate as regular Plastic SCM client to server connections and if there is no certificate… there is no SSL!

So this is what you need to do:

- If you don't use custom plugs or mergebots: you don't need to do anything.

- If you use custom plugs or mergebots, but you use them through the Plastic SCM server (the server manages their lifecycle), you don't need to do anything. The server passes down the WebSocket URI to the integration, so the change will happen automatically for you.

- If you use custom plugs or mergebots BUT you don't use them through the Plastic SCM server's DevOps features, you might need to do one or more things:

1) If the plug or mergebot run in the same machine the Plastic SCM server does, you could not do anything. However, we advise you to start using the WebAdminToolPort instead of the WebSocketServerPort, because the later setting is deprecated.

2) If the plug or mergebot runs in a different machine the Plastic SCM server does, you need to change some things. Your integration needs to use the WebAdminToolSslPort, it needs to use the "wss://" schema to connect to the WebSocket, and it needs to use TLS v1.2 connections.

If you find any issue, we will be more than glad to help you. Remember you can ping us on Twitter at @plasticscm and one of our minions will jump right in. Or you can write at support [at] codicesoftware [dot] com and we will guide you through whatever problem you might encounter.

All platforms - Command line client: Now you can set encryption parameters on the command line!

Use the following arguments to set the parameters required to work against an encrypted server:

* --encryptmethod: This must be AES128, AES192 or AES256. Note: it is recommended that you use AES128, as the other options may require further configuration.

* --encryptpassword: Your encryption key - usually stored in the .key files in your config directory.

* --encryptserver: The server for which the previous values apply.

When using these arguments, the values will not be stored to disk on the client machine, and it is not necessary to have a cryptedservers.conf file or any .key files on the client machine.

Note: these settings will be saved on the server if they are used to perform a replication.