Gerrit Code Review 3.13 has landed, bringing a significant wave of security enhancements, powerful automation, and next-generation AI features designed to streamline your development workflow. This release reflects a healthy, growing open-source project, with a focus on improving both the user experience and the underlying security and configurability of the platform.
Here are the top 6 features and improvements you need to know about in Gerrit 3.13:
- Introducing Gerrit Flows for Powerful Automation
Gerrit Flows is a game-changing new concept that introduces automation rules for changes. It is a powerful generalization of the logic previously found in issue tracker plugins (like its-jira), allowing you to define a sequence of actions triggered when specific conditions are met.
This is a pluggable service, meaning that while the core functionality is in Gerrit, community plugins can easily integrate it with systems like Jira, GitHub Issues, or internal tools.
An example could be to add reviewers only after the CI/CD has validated the change, so that the reviewer doesn’t waste time reviewing a change that will ultimately receive a minus one from the build process.
- HTTP Auth-Tokens Replace Long-Lived Passwords
In a major security upgrade driven primarily by SAP’s contribution, Gerrit 3.13 deprecates long-lived HTTP passwords in favor of secure, time-limited Authentication Tokens (Auth-Tokens).
This enhancement addresses two long-standing security concerns with previous HTTP passwords:
- Expiration: Tokens can now be set to expire, allowing organizations to enforce rotation policies that were previously not enforceable when using Git or the Gerrit REST API over HTTPS.
- Multiple Credentials: Users can have more than one token with friendly names, enabling proper credential rotation (like blue/green deployment) for automated scripts without downtime.
Tokens are a full replacement of the legacy HTTP passwords, as the ability to define their maximum lifetime is often a prerequisite for security compliance. Generating a new token credential would automatically remove the deprecated passwords stored in the account’s profile.
- Next-Gen AI Assistance: AI prompt generation for Code Review
Gerrit 3.13 firmly steps into the era of AI-assisted development by enabling its foundational AI features by default and introducing native facilities to request help to review incoming changes using an external LLM.
AI-Assisted “Generate Prompt” Feature: This feature was previously released as an experiment and is now enabled by default. It helps users generate rich, explicitly crafted prompts for LLMs (such as Gemini, ChatGPT, or Claude) to assist with code reviews. Users can ask for help with the commit message, request improvements, or check for security concerns.
- Dedicated UI for Project Labels and Submit Requirements
Configuration and administration are significantly simplified with the introduction of dedicated UI panels for managing Project Labels and Submit Requirements.
Interactive Project Configuration vs. config file editing: Previously, defining these project settings required cloning and editing the project.config file, either offline or online, a process described as difficult and error-prone for most users.
Submittability Split: This reinforces the modern split where Labels are just votes, and Submit Requirements formally define the logic for a change’s submittability.
- End-to-End Group Deletion \o/
This was a long-awaited quality-of-life feature: Gerrit 3.13 provides full end-to-end functionality to delete internal groups directly through the UI and a dedicated REST API.
Administrative Control: In the past, groups, once created, were permanent. Now, administrators can remove them.
Prerequisite: A group cannot be deleted if it is referenced in any ACL (access control list). Admins must first reshape their ACLs before removal. The community has acknowledged that the resulting error message needs improvement to show where the group is referenced.
- Significant UI/UX Updates, Including Drag-and-Drop
Gerrit continues its modernization effort, focusing on a cleaner, more efficient user experience, thanks largely to contributions from Paladox/Wikimedia.
Drag-and-Drop Reviewers: Users can now drag and drop reviewers and CCed users to move them between fields, eliminating the annoying multi-step process of removing a user from one list and adding them to the other.
Mobile and Material Updates: The release includes extensive modernization, replacing older components with @material/web, and a redesigned mobile UI for improved navigation.
Gerrit 3.13 By The Numbers
A Community Effort Gerrit 3.13 saw a significant push in core development, reversing the trend of previous releases that focused more heavily on plugins. The number of commits in Core Gerrit went from ~600 in Gerrit 3.12 to over 900 in Gerrit 3.13, showcasing an amazing increase of pace in the development speed of the project, which is great to see.
The open-source health of Gerrit is strong, with no single organization contributing over 50% of the changes. The contributions are spread across many companies, demonstrating the actual value of open source and the good health of the project. Google continues to lead the project from the forefront with almost 40% of commits.
GerritForge’s Contribution
Here at GerritForge, led by maintainer Luca Milanesio, we contributed 28% of the commits to the past 12 months of the Gerrit project contributions! We also, as usual, performed the crucial work required to take the finished code and turn it into a consumable release for the world, including, but not limited to, managing the whole release process and continuing to host the CI/CD pipelines for the project.
This dedicated effort ensures the smooth, professional delivery of every new version of Gerrit.
GerritForge Blog 