GitLab 17.1.2

GitLab is a development collaboration tool and git DVCS frontend. It includes repository management features, code reviews, an issue tracker, activity feeds and wikis. GitLab provides fine-grained access control, user management, 5 permission levels and branch constraints, and can utilize LDAP/AD intranet authorization. Powered by Ruby on Rails it comes as open source package, and as commercial supported enterprise version.

Tags ruby ruby-on-rails git dvcs wiki bugtracker version-control
License MITL
State initial

Recent Releases

17.1.211 Jul 2024 20:05 minor security: (2024-07-09). ### (2 changes). Update dependency slack-messenger to v2.3.5 (gitlab-org/security/gitlab@e21a4599ab21cc6f6b89ca432d9557ed72169c85). MailRoom not loading in Omnibus (gitlab-org/security/gitlab@5547c1164c494705bf29595062124ff8cb266cb3). ### Security (9 changes). Disallow serving Pages over disabled custom domains with deployments (gitlab-org/security/gitlab@176442d616a111667481f22186560925d1175c67) ( merge request (gitlab-org/security/gitlab!4245)). Check npm package name, version and scripts coherence (gitlab-org/security/gitlab@917d805ce57e5d0439b4a4c757967d494014a97d) ( merge request (gitlab-org/security/gitlab!4212)). Check for create_deploy_token policy before creating deploy token (gitlab-org/security/gitlab@8ae4e9b0b25bec92561698da3c7d0495d6ba61bc) ( merge request (gitlab-org/security/gitlab!4209)). Check if user has ban_group_member access before banning in namespace (gitlab-org/security/gitlab@eefb608987d64b9cf58411b8520f260d1fb9b1c3) ( merge request (gitlab-org/security/gitlab!4091)). Prevent privilege escalation via custom role (gitlab-org/security/gitlab@a618e86dc4585b0fef049f75f13acf0eec00656d) ( merge request (gitlab-org/security/gitlab!4199)). Prevent using quick actions for some bot users (gitlab-org/security/gitlab@5789cc333d04d76ffb4c79239e71be1910f12229) ( merge request (gitlab-org/security/gitlab!4231)). Disable raw HTML for quick action pipeline (gitlab-org/security/gitlab@7db9b002b803cb6b53a3e6ce3f8d9b15107e7464) ( merge request (gitlab-org/security/gitlab!4235)). Disable quick actions unless description changed (gitlab-org/security/gitlab@a1800c591b38df0e2d143df3ee56f76b4f3a914f) ( merge request (gitlab-org/security/gitlab!4234)). Remove comment support from shrug and tableflip (gitlab-org/security/gitlab@fb6bcef1935dc3a7dd60def448a652769c86ee62) ( merge request (gitlab-org/security/gitlab!4229)).
17.1.127 Jun 2024 20:05 minor security: (2024-06-25). ### (1 change). Only enumerate commits in pre-receive check if push came from Web (gitlab-org/security/gitlab@09fac947735945114db37b482035ffe8f605a1ad). ### Security (14 changes). Security for banzai pipeline (gitlab-org/security/gitlab@bb484256fab53f248450f49350d44ec246f05e49) ( merge request (gitlab-org/security/gitlab!4184)). the catastrophic backtracking in openapi regex (gitlab-org/security/gitlab@d9f51d836d290fc90f6bbfd50937e28ac4382ad6) ( merge request (gitlab-org/security/gitlab!4135)). Use permitted_params for standalone and multiplex queries (gitlab-org/security/gitlab@624758559c2ffa452c7d118b4bf438783bf22b96) ( merge request (gitlab-org/security/gitlab!4173)). for Private job artifacts can be accessed by any user (gitlab-org/security/gitlab@4c5ac0433595920d2e9e1a0887461fbf9ea58476) ( merge request (gitlab-org/security/gitlab!4194)). Remove search results from public projects with unauthorized repos (gitlab-org/security/gitlab@74bebdd2a20be50c13d3696b0cc2ba815fd9e95b) ( merge request (gitlab-org/security/gitlab!4210)). Do not run a new pipeline on re-target (gitlab-org/security/gitlab@0a90eb06107fce3a6c2e15dcead5ec9fc0302967) ( merge request (gitlab-org/security/gitlab!4187)). Add limits on autolinker regex (gitlab-org/security/gitlab@4854ff9db1ee52c37cab05d5be1eb02b4e5e93b0) ( merge request (gitlab-org/security/gitlab!4126)). clickjacking on OAuth application page (gitlab-org/security/gitlab@3620cdabd780c08754f48df7a81b0ed41924f75e) ( merge request (gitlab-org/security/gitlab!4186)). Hide branch merge request if merge requests are private (gitlab-org/security/gitlab@551999ae405109144906d3b0fbd254553ba10baa) ( merge request (gitlab-org/security/gitlab!4200)). Remove collapseLongCommitList method (gitlab-org/security/gitlab@35a86b9d0cec107e06d56ced48ecbf5ac108250c) ( merge request (gitlab-org/security/gitlab!4203)). Pass SSO session data to Sidekiq (gitlab-org/security/gitlab@143598720f040450de58440be4266337278fb8
17.1.020 Jun 2024 22:25 major feature: (2024-06-19). ### Added (180 changes). Allow `admin_runner` ability to change shared runner setting (gitlab-org/gitlab@f8a4a504e3b04875bed19bdef66f7cdcaae7e462) ( merge request (gitlab-org/gitlab!155505)) GitLab Enterprise Edition. Update services to create custom software license (gitlab-org/gitlab@fef112e156bf0f37f8b1dbd310cd2a2ddc629eb2) ( merge request (gitlab-org/gitlab!155325)) GitLab Enterprise Edition. Protected containers: Add help text for repository path pattern input (gitlab-org/gitlab@e710daa4b59d0ae74d608490c1cd563437c4ca74) by @gerardo-navarro ( merge request (gitlab-org/gitlab!154932)). Move document for CS for registry (gitlab-org/gitlab@06d2a6d2b6cdcb7cffd7ffc81b0706485d5967c2) ( merge request (gitlab-org/gitlab!156259)) GitLab Enterprise Edition. Add new duo pro discover page (gitlab-org/gitlab@ca64b696dbd33b8cddcd1f887d31afb4290853bf) ( merge request (gitlab-org/gitlab!154478)) GitLab Enterprise Edition. Changed association of frameworks with projects (gitlab-org/gitlab@ecaf61939432fe08eb7fa8fe48925d04c4685a68) ( merge request (gitlab-org/gitlab!153664)) GitLab Enterprise Edition. Add support for new placeholders (gitlab-org/gitlab@679bf3a203e041300daf200de432c81d70062b72) by @TamsilAmani ( merge request (gitlab-org/gitlab!155804)). Add `admin_runners` custom ability (gitlab-org/gitlab@860f5cc09eca6679d90184fd33a855086f31ac4e) ( merge request (gitlab-org/gitlab!154848)) GitLab Enterprise Edition. Add worker to aggregate last 30-day catalog resource usage data (gitlab-org/gitlab@56f45cfdc1fa3a94f0e850d54970ac3936ca622a) ( merge request (gitlab-org/gitlab!155001)). Add cargo to supported sbom and sync types (gitlab-org/gitlab@11d3dfa2c8385a1d9400b9522d75047735630f4b) ( merge request (gitlab-org/gitlab!155751)). Add project settings sections to command mode results (gitlab-org/gitlab@e3d6d8a451ec86581cf04ad24eda35cdd63dbb49) ( merge request (gitlab-org/gitlab!153452)). Configuring Topology Service in Rails (gitlab-org/gitl
17.0.213 Jun 2024 15:05 minor security: (2024-06-11). ### (1 change). instance templates pagination (gitlab-org/security/gitlab@d53fb868885472d0b7645afabee590f416eda0d5) GitLab Enterprise Edition. ### Changed (1 change). Only query the fields needed (gitlab-org/security/gitlab@74794d45373cf605d7c036cc0ab13a3d5018c616). ### Security (4 changes). XSS and content injection raw XHTML files on IOS devices (gitlab-org/security/gitlab@7459916b867b01581b3422fd065419feb6352180) ( merge request (gitlab-org/security/gitlab!4093)). Improve go_package_regex to prevent ReDoS attacks (gitlab-org/security/gitlab@45ccd851058bf319f7795e88afcb27c1440c24e9) ( merge request (gitlab-org/security/gitlab!4096)). ReDoS in CI Interpolation (gitlab-org/security/gitlab@11be5651e849441813c022bc492e6549e9ed297d) ( merge request (gitlab-org/security/gitlab!4081)). Verify Asana access token when testing Asana integration (gitlab-org/security/gitlab@c35fb1ce0e58b8e90bc61b7d48949572fca6705c) ( merge request (gitlab-org/security/gitlab!4059)).
17.0.124 May 2024 10:25 minor security: (2024-05-21). ### (2 changes). Don't fail so loudly if default work item type is invalid (gitlab-org/security/gitlab@c0817a7654e3fb68e1cc89e19599fd16ff63f121). Ensure BLPOP/BRPOP returns nil instead of raising ReadTimeoutError (gitlab-org/security/gitlab@9a0c5c69aa9d54aaae8ceb1698c7fbae0aa74694). ### Security (7 changes). Prevent PDF.js from evaluating scripts (gitlab-org/security/gitlab@2820f31998ca2dcf61eb4b6893b615cebb503b07) ( merge request (gitlab-org/security/gitlab!4069)). Caching test_report api response to reduce calculations (gitlab-org/security/gitlab@b64b0178e955d5091dfaf47b632af266165a5a2e) ( merge request (gitlab-org/security/gitlab!4051)). Restrict access to Secure artifacts to developer role (gitlab-org/security/gitlab@5dd7b7377e0d33dd635fedca66e4aefd5bdf7c7e) ( merge request (gitlab-org/security/gitlab!4053)). Fail create commit status on pipeline_id / sha mismatch (gitlab-org/security/gitlab@460dd3c803da58973d2a4597581c42f4f82e76cc) ( merge request (gitlab-org/security/gitlab!4049)). Use UntrustedRegexp for gollum pattern (gitlab-org/security/gitlab@b5499fca0fa5ac226f97665168562a9f93465525) ( merge request (gitlab-org/security/gitlab!4039)). Patch @gitlab/web-ide to XSS webWorkerExtensionHostIframe.html (gitlab-org/security/gitlab@c848b946ee4867332692d15e6c27e8efaf37ae53) ( merge request (gitlab-org/security/gitlab!4055)). Add text limit to ci_runners text fields (gitlab-org/security/gitlab@20cf74de115473a32bb3c1e3d52e3c7b8f31b3f9) ( merge request (gitlab-org/security/gitlab!4050)).
17.0.016 May 2024 14:25 major feature: (2024-05-15). ### Added (164 changes). Add more actions to work item sticky header (gitlab-org/gitlab@d652db2e95244d18fd9e7d17e4ad92b586b8ddb6) ( merge request (gitlab-org/gitlab!152156)). Expose webhook name and description fields in API (gitlab-org/gitlab@3c3e42b2e6f43450667edd0892c66965035b3982) ( merge request (gitlab-org/gitlab!152497)). Expose VSA metrics via GraphQL (gitlab-org/gitlab@d45e601964aef8557d289a13c3b40a9f5b1431ac) ( merge request (gitlab-org/gitlab!152029)). Update project policy to use admin_push_rules (gitlab-org/gitlab@67b51d054820e891425f880be9981ecbae615196) ( merge request (gitlab-org/gitlab!150415)) GitLab Enterprise Edition. Document migration to multiple databases for Streaming Replication setup (gitlab-org/gitlab@7c845587e022488153d95b213bbe9e308f648844) ( merge request (gitlab-org/gitlab!152389)). Auto assign the new members a duo pro seat (gitlab-org/gitlab@6f42311253eb9005109849c3aafd2681f69a9cfb) ( merge request (gitlab-org/gitlab!152058)) GitLab Enterprise Edition. Augment GCS signed URLs with GitLab metadata for package registry (gitlab-org/gitlab@e03f6750463a4783165463b7df7241013b7cf863) ( merge request (gitlab-org/gitlab!147207)). Add automatic color mode (gitlab-org/gitlab@d57d070fd9e07f672cd5fb20f6a3ca6c9cf22aa6) ( merge request (gitlab-org/gitlab!150254)). Enable ai_gateway_docs_search as beta feature (gitlab-org/gitlab@4825c14339231ab0123ad41e63ad8f639441a5a8) ( merge request (gitlab-org/gitlab!152581)) GitLab Enterprise Edition. Set imported_from for Direct Transfer objects (gitlab-org/gitlab@798ba98818bfaeea1d0982a6e21fd9b2ac077fc8) ( merge request (gitlab-org/gitlab!152576)). Adding create and delete apis for group namespace filters (gitlab-org/gitlab@1395a790daa3719e560a46b63df46506a08ead27) ( merge request (gitlab-org/gitlab!150712)) GitLab Enterprise Edition. Cleanup default_branch_protection_defaults feature flag (gitlab-org/gitlab@78af3a7af2823e3de3ec588ee5e4ca9bb0c63709) ( merge request (gi
16.11.210 May 2024 01:25 minor security: (2024-05-07). ### (1 change). Changed the email validation for only encoded chars (gitlab-org/security/gitlab@d920615ba4a25ffc035ad6b8c26285815eeff4f9) (merge request). ### Changed (1 change). Return or display Gitlab version if GITLAB_KAS_VERSION is a SHA (gitlab-org/security/gitlab@0f75cac19752463492bd3311b14c37c468f8ab0d). ### Security (11 changes). Update GITHUB_MEDIA_CDN to avoid SSRF when importing from Github (gitlab-org/security/gitlab@d09a2e9218ca0388e17c6e5810d73b1cdfaed965) ( merge request (gitlab-org/security/gitlab!4011)). Prevent namespace banned users from reading project todos (gitlab-org/security/gitlab@b3cc2799fe98e9a5a493545f5ff45098b9ba60fb) ( merge request (gitlab-org/security/gitlab!3968)). ReDoS in GitRefsFinder when using wildcards in branch search (gitlab-org/security/gitlab@1b2d2c2b4fb27eafd40ab4ef230f2b52d7b73747) ( merge request (gitlab-org/security/gitlab!3995)). ReDos in escape and commit reference filters (gitlab-org/security/gitlab@0b08bd7eebf65e4999574f3f856d996568c87fe6) ( merge request (gitlab-org/security/gitlab!3972)). Validate request origin before MR approval (gitlab-org/security/gitlab@ad8dfe033740952805ed677f26ff2ec391e4be82) ( merge request (gitlab-org/security/gitlab!4007)). Check request size before updating user pins (gitlab-org/security/gitlab@8f8110ed24f70c00f1bc69848af22f7fdd0caf57) ( merge request (gitlab-org/security/gitlab!4014)). Enforce per_page validation for Branches/TagsFinders (gitlab-org/security/gitlab@4655fca6ac2ecc340dd3bc50ddd6a74a8d00048f) ( merge request (gitlab-org/security/gitlab!3998)). Update Integrations::Discord::ATTACHMENT_REGEX regex (gitlab-org/security/gitlab@7d6c80a3768a7c0281647402990b67a4fa8a2c19) ( merge request (gitlab-org/security/gitlab!3988)). Update BaseMessage::RELATIVE_LINK_REGEX regex (gitlab-org/security/gitlab@52311b09ce70c1b3db8b7e7a49808467f76980b5) ( merge request (gitlab-org/security/gitlab!3989)). Require confirmation before linking JWT ident
16.11.125 Apr 2024 17:05 minor security: (2024-04-24). ### Security (5 changes). Validation for encoded formatting characters (gitlab-org/security/gitlab@fc42e4b96ae1ac3cd766569d62d025cbf23ef16c) ( merge request (gitlab-org/security/gitlab!3979)). Forbid untrusted sign-ins to GitLab with Bitbucket and related uid (gitlab-org/security/gitlab@ef083c319e67072029787cd5c6a588562984a58c) ( merge request (gitlab-org/security/gitlab!3983)). Ensure PAT scope is validated everywhere for GraphQL/ActionCable (gitlab-org/security/gitlab@1847435210161d95b9c5fcd079380e7f2892195f) ( merge request (gitlab-org/security/gitlab!3975)). Protect against ReDoS in FileFinder with wildcard filters (gitlab-org/security/gitlab@dc16f3baa640ca8d5b223782ef3d58369423a1dd) ( merge request (gitlab-org/security/gitlab!3969)). : Validate security report version against schema during parsing (gitlab-org/security/gitlab@55e58d49051aa42938ec1d159b5e7eb3c47d2eb1) ( merge request (gitlab-org/security/gitlab!3967)).
16.11.019 Apr 2024 15:25 major feature: (2024-04-17). ### Added (121 changes). Add skip secret detection audit event (gitlab-org/gitlab@e5b10f3c044a8992907f2dcc598123d798be9c7e) ( merge request (gitlab-org/gitlab!147855)) GitLab Enterprise Edition. Added added_approver to the todo action enum in GraphQL (gitlab-org/gitlab@0f2966c47ed9f5e042b8fb633ce454aa4592aa35) by @zillemarco ( merge request (gitlab-org/gitlab!148831)). Add setting for enabling pre-receive SD (gitlab-org/gitlab@dc4f895086986077fafc660537060d78546826b2) ( merge request (gitlab-org/gitlab!148332)) GitLab Enterprise Edition. Added pending member for project listing page (gitlab-org/gitlab@dcbb5001eca02fd8aa6d8dbd06a401fc49716988) ( merge request (gitlab-org/gitlab!146678)) GitLab Enterprise Edition. Merge branch 'add-support-for-v-pre' into 'master' (gitlab-org/gitlab@e5bcb9dc8a57d7bdcf6fc5ed4d9a34590fdf7348) ( merge request (gitlab-org/gitlab!148706)). Simplifies SemanticVersionable concern (gitlab-org/gitlab@f7353bc52a84f417ccc032ae4ba45e1058c14c50) ( merge request (gitlab-org/gitlab!148706)). Added model for external_status_checks_protected_branches (gitlab-org/gitlab@2647e53b6725a9c90e032488401d4b1d2827571e) ( merge request (gitlab-org/gitlab!149046)) GitLab Enterprise Edition. Update URL with cursor to load a specific page (gitlab-org/gitlab@4c7fb3d5d2853424555c64e23ebbe1ccb79dee0f) (merge request) GitLab Enterprise Edition. Added update api for instance level audit streaming (gitlab-org/gitlab@444a1b0312439545bd7ca7bd50136047c8db9c6f) ( merge request (gitlab-org/gitlab!149104)) GitLab Enterprise Edition. Add endpoint for checking relation import status (gitlab-org/gitlab@f450696483846a1cd7da2f2e8315e52df979cd75) ( merge request (gitlab-org/gitlab!147775)). Utilize show_diff_preview_in_email column (gitlab-org/gitlab@614f6d5d7d2c0358ebf5425e76d4f3062009be6c) by @joe-snyder ( merge request (gitlab-org/gitlab!98547)). Add API for trigger project webhook (gitlab-org/gitlab@b9bf0c33d5139823dada3a401a2607fa3856b
16.10.211 Apr 2024 17:25 minor security: (2024-04-09). ### (1 change). URL validator for mirror services when using localhost (gitlab-org/security/gitlab@82ee9dbd7b4f52507563a509eaa8d2e4839b2e58). ### Security (3 changes). Update Gitlab::Regex::Packages#slack_link_regex (gitlab-org/security/gitlab@25d2355e4cd84a5c1005f1769624e83bfc6d63c2) ( merge request (gitlab-org/security/gitlab!3945)). XSS in autocomplete in rich text editor (gitlab-org/security/gitlab@dc132c61a896afc1b63ce9cf31b69797eecf95ce) ( merge request (gitlab-org/security/gitlab!3946)). Correctly parse attachments for junit result (gitlab-org/security/gitlab@e729252188fd47950e27abe14bad4bf748e99455) ( merge request (gitlab-org/security/gitlab!3934)).
16.10.128 Mar 2024 22:25 minor security: (2024-03-27). ### (2 changes). Update redis-client to v0.21.1 (gitlab-org/security/gitlab@c9d6f434dbc8d5ca244d0c00d8c5cf0d9092df39). new project group templates pagination (gitlab-org/security/gitlab@956b01c404e55bc92276ab7d21c63a09bc3edfb5) GitLab Enterprise Edition. ### Security (3 changes). Merge branch 'dchevalier2-master-patch-88770' into 'master' (gitlab-org/security/gitlab@9e621975bf405f2e66541faebf11b06a31360b5d) ( merge request (gitlab-org/security/gitlab!3936)). Limit the number of emojis we will transform (gitlab-org/security/gitlab@e935e1cc26a06990832781b30827d5afa53d0194) ( merge request (gitlab-org/security/gitlab!3927)). stored xss in wikis using the abstract_reference_filter (gitlab-org/security/gitlab@d1bad1a4847917d5f10c883d0d2f627088a00ca5) ( merge request (gitlab-org/security/gitlab!3929)).
16.10.021 Mar 2024 20:05 major feature: (2024-03-20). ### Added (115 changes). Add drawer to list of linked policies (gitlab-org/gitlab@218016c38801cfeac1308385097dcd760182a378) ( merge request (gitlab-org/gitlab!147039)) GitLab Enterprise Edition. Command palette default opening state - part 3 (gitlab-org/gitlab@a51d07342e3a7dc4da56ec84efec5191d8663640) ( merge request (gitlab-org/gitlab!142816)). Expose repository object format via GitInfo (gitlab-org/gitlab@4947d2c17a7118e392312f9d31fcf7c6799577e3) ( merge request (gitlab-org/gitlab!146485)). Add deprecated_policy field for approval policies (gitlab-org/gitlab@2e332564e7148343db00f79a4caafe672e206c87) ( merge request (gitlab-org/gitlab!146520)). Add approval rules drawer component (gitlab-org/gitlab@51b30ac3d7bb61ab5f43fc87a322560ea0167238) ( merge request (gitlab-org/gitlab!146502)) GitLab Enterprise Edition. Expose external links to Vulnerabilities if any (gitlab-org/gitlab@7a8d63cd7660e3bc2dcc1de307f556549c137876) ( merge request (gitlab-org/gitlab!146149)) GitLab Enterprise Edition. Add table to track CI component usage (gitlab-org/gitlab@3372a7566bfe2b0bea000e48fd0bffbaffb2db45) ( merge request (gitlab-org/gitlab!145881)). Add Pages URL anchor (gitlab-org/gitlab@6d5023141d9597087ffd353a2794102e52ec5e09) ( merge request (gitlab-org/gitlab!144281)). Update Jira::JqlBuilderService to support multiple project keys (gitlab-org/gitlab@4da23ca620a7219a43c81170496ef99ebc989efd) ( merge request (gitlab-org/gitlab!146916)). Add new achievement UI (gitlab-org/gitlab@a4bcf4e181d1458f8bcb504de2d7e95ee3a4136e) ( merge request (gitlab-org/gitlab!146273)). Protected containers: GraphQL query for container protection rules (gitlab-org/gitlab@1a773182a248eb646affd5334c6a6e1182828345) by @gerardo-navarro ( merge request (gitlab-org/gitlab!146467)). Add runner creation metrics (gitlab-org/gitlab@dc17b7ad19792592b2e9078e49755a5da3356bc6) ( merge request (gitlab-org/gitlab!146063)) GitLab Enterprise Edition. Allow to enable/disable ClickHou
16.9.207 Mar 2024 15:07 minor security: (2024-03-06). ### (2 changes). Backport 145801 (CI linter error when repository is empty) to 16.9 (gitlab-org/security/gitlab@3387113650f62739955a47de59f7c17dbe7e9509). container repositories checksum mismatch errors (gitlab-org/security/gitlab@7dce926636d80e26c4e99ac74c09c3795063151a) GitLab Enterprise Edition. ### Security (2 changes). Restrict group token rotation for custom roles (gitlab-org/security/gitlab@c7eafe2b214d8a5c739fe116899540133daebef3) ( merge request (gitlab-org/security/gitlab!3905)). Reset approvals when reopening a MR (gitlab-org/security/gitlab@4c3fbb6674de3dfc01332a25959167ba1085e5bb) ( merge request (gitlab-org/security/gitlab!3897)).
16.9.122 Feb 2024 10:25 minor security: (2024-02-20). ### (2 changes). Duo Chat CORS by updating web-ide package (gitlab-org/security/gitlab@6c4fccdd4d33fd40550197699a990a0d07a65137). deny_all_requests_except_allowed of AddressableUrlValidator (gitlab-org/security/gitlab@18ff795a3b9fdd54705c1a8898ad15b5dd84e2f0). ### Security (10 changes). Add a limit to CodeOwners reference extractor regex (gitlab-org/security/gitlab@b090b503c47300d708d7e51192a486467fdecefd) ( merge request (gitlab-org/security/gitlab!3894)). Ensure LDAP user cannot sign in with password (gitlab-org/security/gitlab@1c2de5ef077c5710e213b668373557c01ff8ba26) ( merge request (gitlab-org/security/gitlab!3891)). Ensure LDAP users cannot reset local password to bypass LDAP (gitlab-org/security/gitlab@07621ad26d2db3656c99b332e697a6b0857f6e07) ( merge request (gitlab-org/security/gitlab!3879)). Disallow assigning higher role than current user (gitlab-org/security/gitlab@c9d8ffebe020dfdc1435e073516a098a8d188ff0) ( merge request (gitlab-org/security/gitlab!3889)). Check project read access in Environment and Operations dashboard (gitlab-org/security/gitlab@83fdac099562fa4aebcc43e400b0da2026c730a6) ( merge request (gitlab-org/security/gitlab!3873)). Stored-XSS in user's profile page: Change markup used for pronouns (gitlab-org/security/gitlab@0fafb29660c08e72b87bd79d792da802c566b650) ( merge request (gitlab-org/security/gitlab!3882)). Invalidate markdown cache to clear up stored XSS (gitlab-org/security/gitlab@3411c25e77642fddc3619bf24ee956d4ba4d99b2) ( merge request (gitlab-org/security/gitlab!3884)). Disallow users to modify deploy key title (gitlab-org/security/gitlab@46ffceb9c94b6f4ba207ddf035ae67e8de413d57) ( merge request (gitlab-org/security/gitlab!3876)). Adds authorization for analytics settings (gitlab-org/security/gitlab@01e2c82cb79b6b4a9f6cf3428890149d023aacfb) ( merge request (gitlab-org/security/gitlab!3877)). Use merge_head_diff for codeowners when merge request is mergeable (gitlab-org/security/gitlab@e
16.9.015 Feb 2024 15:25 major feature: (2024-02-14). ### Added (145 changes). Ensure at least one permission is selected during member role creation (gitlab-org/gitlab@327e3959708cd9b4ed91f565f1b79108ab2c0d6e) ( merge request (gitlab-org/gitlab!143616)) GitLab Enterprise Edition. Allow signing in to Active Directory with smart card (gitlab-org/gitlab@25f2235ce97701a2677a13a6ae175f40d6f5da64) ( merge request (gitlab-org/gitlab!143721)) GitLab Enterprise Edition. Add POST /personal_access_tokens/self/rotate endpoint (gitlab-org/gitlab@e48c661eecb449deb591f3c6d89f7aa716460019) by @stalb ( merge request (gitlab-org/gitlab!142664)). Track traversal sync events, update vulnerability reads accordingly (gitlab-org/gitlab@9f960c976ffefa38ae025b5531f24886517cfda6) ( merge request (gitlab-org/gitlab!143537)) GitLab Enterprise Edition. Add achievements UI (gitlab-org/gitlab@7dd37d8ae59dd1fbc6120bfb50cb3821589c8b27) ( merge request (gitlab-org/gitlab!129370)). Update BulkImports::Failure to display subrelation that failed to import (gitlab-org/gitlab@8d44a19fe239b03134c4c247fde54b07b2062a6d) ( merge request (gitlab-org/gitlab!142820)). Add branchRuleDelete graphql mutation (gitlab-org/gitlab@6bc4e72b8233d8ce06697f88ea82a7fc2a04ddf9) ( merge request (gitlab-org/gitlab!144255)). This MR adds experiment promotion banner (gitlab-org/gitlab@9b9ac988a4a831d83514b64d6c203dce134ddde3) ( merge request (gitlab-org/gitlab!144078)) GitLab Enterprise Edition. Add settting math_rendering_limits_enabled (gitlab-org/gitlab@9f416a02be5417e9473e9f94065dce9ec7170a90) ( merge request (gitlab-org/gitlab!143256)). Add basic testing functionality for group level (gitlab-org/gitlab@24d019352e82b4f2c29a5d8cf86068e1ffd0dea3) ( merge request (gitlab-org/gitlab!144023)) GitLab Enterprise Edition. Sync create indexes and prepare FK for p_ci_builds upstream_pipeline_id (gitlab-org/gitlab@f4e00909f87104e3a4f5b3be8aa90beb22e53101) ( merge request (gitlab-org/gitlab!143897)). Added first part of the command palete update (
16.8.208 Feb 2024 20:25 minor security: (2024-02-07). ### (3 changes). Redis 6.0 compatibility breakage with Sidekiq 7 gem (gitlab-org/security/gitlab@e61868ad98d2ae640b3deec2b148c01fb52dba77). Defer ConnectionPool instrumentation setup (gitlab-org/security/gitlab@d31ee125cd7ec9023b7558bd7af44c0293637b94). invalid records with FK not valid (gitlab-org/security/gitlab@a8dece6c5d160a218d9622a3dab0f93a7b2ca181). ### Security (4 changes). CI component input Regexp (gitlab-org/security/gitlab@96b81737b2b9f1aa3c9d710bc00b80be8359f68f) ( merge request (gitlab-org/security/gitlab!3854)). Make scan result policies block renaming branches (gitlab-org/security/gitlab@6b12a71efe9c82b696cf1dc68c5aa2bc72e5fea3) ( merge request (gitlab-org/security/gitlab!3837)). Restrict group access token creation for custom roles (gitlab-org/security/gitlab@e1d38e70f1f5c9defbb0ca2fa4608e603dcd2858) ( merge request (gitlab-org/security/gitlab!3834)). Limit vulnerabilitiesCountByDay date range to 1 year (gitlab-org/security/gitlab@5e5428919d4773731bed7f724bd650dbc7555d9e) ( merge request (gitlab-org/security/gitlab!3826)).
16.8.126 Jan 2024 09:25 minor security: (2024-01-24). ### (1 change). Optimize garbage collection process (gitlab-org/security/gitlab@1d5a7bc23d5678a2d3c059cbced7d33f5e1e68c4). ### Changed (1 change). Migrate hll_counters _i_code_review_create_mr from hll to int (gitlab-org/security/gitlab@357bfe13fc9ab986bba65eb2b06413baed1357f1). ### Security (5 changes). Devfile parser arbitrary file write (gitlab-org/security/gitlab@4f2cc52e8695d219bc9e5c73ada1cf92b1b7a398) ( merge request (gitlab-org/security/gitlab!3817)). Use public email in tags atom feed (gitlab-org/security/gitlab@d3b7615e4b0e5aa8007a8d00944bbd98a98c5f84) ( merge request (gitlab-org/security/gitlab!3822)). improper username sanitization (gitlab-org/security/gitlab@2f5cccd35e5e0e5e1786d9d10cfacf890704d1ad) ( merge request (gitlab-org/security/gitlab!3818)). Escape user input before building regex for linker (gitlab-org/security/gitlab@7a315ac79ece40726fa28d0821c872f0343346b8) ( merge request (gitlab-org/security/gitlab!3819)). Do not allow non-team member to set MR assignees/reviewers (gitlab-org/security/gitlab@bf0c84e848ef955443e3998b937aabaf66cdb5ed) ( merge request (gitlab-org/security/gitlab!3820)).
16.8.020 Jan 2024 23:25 major feature: (2024-01-17). ### Added (113 changes). Enable security_policies_policy_scope by default (gitlab-org/gitlab@f79b154180c1e5fdb240e02f3b593b4865b42d4e) ( merge request (gitlab-org/gitlab!141766)) GitLab Enterprise Edition. Enable compliance framework report by default (gitlab-org/gitlab@60e01b758a57e44ab89c9ae37f71e6da2ee6bd72) ( merge request (gitlab-org/gitlab!140825)) GitLab Enterprise Edition. Improve weight system notes (gitlab-org/gitlab@dc18d16118f5a617e7af004f49d7de9393016dfc) ( merge request (gitlab-org/gitlab!141479)) GitLab Enterprise Edition. Release the Maven dependency proxy (gitlab-org/gitlab@aa18d864fb03734eb8de24c0b259b2b7d4da7015) ( merge request (gitlab-org/gitlab!141600)). Make delete members API rate limit configurable (gitlab-org/gitlab@18f63149c87f8dac86369a4d8abb60eda0f60eec) ( merge request (gitlab-org/gitlab!140633)). Adds support for mlflow experiment search (gitlab-org/gitlab@f4b5d7db108885885752afc84d8356c0c5e106b7) ( merge request (gitlab-org/gitlab!141428)). Adds ML Agent and AgentVersion models (gitlab-org/gitlab@6e27278848405306d1d1ec597c5fbe6312144442) ( merge request (gitlab-org/gitlab!141356)) GitLab Enterprise Edition. Add code suggestions available to user graphql type (gitlab-org/gitlab@71a210d879da13472050cacdc2b4ef1b46123a6f) ( merge request (gitlab-org/gitlab!141617)) GitLab Enterprise Edition. API option for returning top level namespaces only (gitlab-org/gitlab@7cb19c35853e4ba599d9abcfb3702e167a307697) ( merge request (gitlab-org/gitlab!141311)). Protected packages: Display busy table with loading icon (gitlab-org/gitlab@4fd0e5a3885bb6f830fa70cef02cc72776c48d89) by @gerardo-navarro ( merge request (gitlab-org/gitlab!141370)). Add sorting to member roles GraphQL query (gitlab-org/gitlab@d3cc881499dcc51f9be3b9a16c8c34e59830774e) ( merge request (gitlab-org/gitlab!141405)) GitLab Enterprise Edition. Log audit events when updating and deleting member roles (gitlab-org/gitlab@5eb6f94b8282c9511533532ef3b2
16.7.316 Jan 2024 15:25 minor bugfix: (2024-01-13). ### (1 change). Make chat_names table migration idempotent (gitlab-org/gitlab@1757965f503f2f0eb144731a982d4f83519e61d9) ( merge request (gitlab-org/gitlab!141704)).
16.7.212 Jan 2024 10:45 minor security: (2024-01-10). ### (1 change). Add missing ci_sources_pipelines indexes for self-host (gitlab-org/security/gitlab@1e0c4e44228a3ec8013b70e5ef33ac3184f6cb4c) ( merge request (gitlab-org/security/gitlab!3809)). ### Changed (1 change). Enable Apollo Boards by default (gitlab-org/security/gitlab@dc1e1e8368fce9ca8c407d439877980e0426b356) ( merge request (gitlab-org/security/gitlab!3809)). ### Security (4 changes). Consider older commits when resetting codeowner approvals (gitlab-org/security/gitlab@d20f815258ac8f7195a04aeab760645993354485) ( merge request (gitlab-org/security/gitlab!3764)). Password reset followups (gitlab-org/security/gitlab@48154de65e174b93d70bc561c7a0c8b0815d367f) ( merge request (gitlab-org/security/gitlab!3777)). Add verification layer for BaseSlash commands (gitlab-org/security/gitlab@f972a67468aa2da9530188930da2fb5225eb1aad) ( merge request (gitlab-org/security/gitlab!3763)). Ensure workspaces are created under same root namespace as agent (gitlab-org/security/gitlab@ca7e81b8ce6c2140820c9ce21aa75af1967a2fb5) ( merge request (gitlab-org/security/gitlab!3759)).
16.7.021 Dec 2023 03:17 major feature: (2023-12-20). ### Added (199 changes). Geo: Skip download of new blob if already exists (gitlab-org/gitlab@70b30c0e167eef997912320926d2a5697a41d1f2) ( merge request (gitlab-org/gitlab!96935)) GitLab Enterprise Edition. Exempt paid non-trial/enterprise users from identity verification (gitlab-org/gitlab@522c510cd5a9e32e6bc20844fc6d80a2e4d38bbd) ( merge request (gitlab-org/gitlab!139101)) GitLab Enterprise Edition. Add feature toggle for custom CI execution policy (gitlab-org/gitlab@8806c961f16593036b81de50426820d72803c378) ( merge request (gitlab-org/gitlab!138484)) GitLab Enterprise Edition. Add namespace setting to enable/disable NuGet symbol server (gitlab-org/gitlab@d16d642b86d57e9efb704a918210a8c92bc979f5) ( merge request (gitlab-org/gitlab!138936)). Soft limit daily phone verification transactions (gitlab-org/gitlab@fa81159a3f5e5959332015c6017981f6f7d8a4d3) ( merge request (gitlab-org/gitlab!138287)) GitLab Enterprise Edition. Cleanup and reschedule finding_id backfilling (gitlab-org/gitlab@f28e14553d1e88b650e2a122dd892218ed0b3832) ( merge request (gitlab-org/gitlab!138163)). Add WorkItems::DatesStart table/model (gitlab-org/gitlab@dbfe5a390f0b86c772e76d066a765fb06083353b) ( merge request (gitlab-org/gitlab!139116)). Allow handling instance custom roles via graphql (gitlab-org/gitlab@2b222db166c76e971452fd3c03b40292d01d5ed9) ( merge request (gitlab-org/gitlab!139166)) GitLab Enterprise Edition. Remove SAML Microsoft Attribute Feature Flag (gitlab-org/gitlab@ffedc93a863ef6e625a6ce69787185f8e9d8b86b) ( merge request (gitlab-org/gitlab!139289)). Save timestamp for login in session storage (gitlab-org/gitlab@aebdbd71a2fd83abce3042d3862ba715c0ec20c8) ( merge request (gitlab-org/gitlab!139069)) GitLab Enterprise Edition. feat: Add graphql mutation to update container protection rules (gitlab-org/gitlab@b2fecc011df6bec721a76b3903ee86ec2eea1117) by @gerardo-navarro ( merge request (gitlab-org/gitlab!137175)). Add feature spec for MR approval
16.6.214 Dec 2023 14:45 minor security: (2023-12-13). ### (1 change). adding confidential child tasks (gitlab-org/security/gitlab@1e67ddffca37e733aee2c3b118c2f9510fc094c0). ### Security (8 changes). Prevent tag names starting with SHA-1 and SHA-256 values (gitlab-org/security/gitlab@d942166b879e8986d9deb45ab1732fa563e715c2) ( merge request (gitlab-org/security/gitlab!3746)). Pass encoded file paths to router (gitlab-org/security/gitlab@1e414bb90ec85c818955bb241934bd43137adb4d) ( merge request (gitlab-org/security/gitlab!3735)). Validate access level of user while rotating token (gitlab-org/security/gitlab@a8267a4facee6ba922897fa2a1f358636d24fb09) ( merge request (gitlab-org/security/gitlab!3750)). large time_spent value causing GraphQL error `Integer out of bounds` (gitlab-org/security/gitlab@6a48b4b8d58daf75a1d1da192b69c790435427bc) ( merge request (gitlab-org/security/gitlab!3745)). Restrict Protected branch access via group to direct members (gitlab-org/security/gitlab@dde50268150c2ef4653c7024eb8357321042ec94) ( merge request (gitlab-org/security/gitlab!3726)). Remove the ability to fork and create MR for auditors (gitlab-org/security/gitlab@c1a532527ee764c32f9c0779fa787a31b6d481f4) ( merge request (gitlab-org/security/gitlab!3738)). Restrict passing variables on the pipeline schedule API (gitlab-org/security/gitlab@0f12c83c9be495e37a04594c678a500643deb410) ( merge request (gitlab-org/security/gitlab!3723)). Smartcard auth: encrypt client cert in params (gitlab-org/security/gitlab@180374e354da080d90c70500aef9e574cc371e9e) ( merge request (gitlab-org/security/gitlab!3729)).
16.6.101 Dec 2023 09:05 minor security: (2023-11-30). ### (3 changes). Revert "Merge branch 'sc1-release-goredis' into 'master'" (gitlab-org/security/gitlab@9589d80224cae8723bea3180418061363deeddd9). Truncate verification failure message to 255 (gitlab-org/security/gitlab@d3c363a1e644525c386e670abca295181a9ae450) GitLab Enterprise Edition. Prefer custom sort order with search in users API (gitlab-org/security/gitlab@3c9b46eb086ebfa595083452f82ddd19db586e5b). ### Security (11 changes). Validate adding members with higher role (gitlab-org/security/gitlab@e55b3d8e5f3cf86fa5b124b0c85d3c70e94056b0) ( merge request (gitlab-org/security/gitlab!3713)). Enforce ref protection on pipeline schedule updates (gitlab-org/security/gitlab@a4565e7ddc064035a622c0f645bdcf583f8d9945) ( merge request (gitlab-org/security/gitlab!3703)). Update mermaid version for DOS security (gitlab-org/security/gitlab@baec50f7af8077e77cf3124ac695ecb12d2d0028) ( merge request (gitlab-org/security/gitlab!3707)). Prevent guest users from being able to add emojis in confidential (gitlab-org/security/gitlab@7700354a9e5bd11b8db8e6b116d6708c9ef15e72) ( merge request (gitlab-org/security/gitlab!3699)). Do not run ssl cert validation if key has errors (gitlab-org/security/gitlab@a585a7ad29319b9cdaa6086287251ac34b0cd2be) ( merge request (gitlab-org/security/gitlab!3702)). Ensure access is checked when loading releases associated with tags (gitlab-org/security/gitlab@68cb75d412db5e1fe97823f21cd848299cb1c969) ( merge request (gitlab-org/security/gitlab!3701)). XSS and ReDoS in Markdown via Banzai pipeline of Jira (gitlab-org/security/gitlab@4ab2701284c928a392b5390977e4daed30b1b39f) ( merge request (gitlab-org/security/gitlab!3697)). Prevent branch names starting with SHA-1 and SHA-256 values (gitlab-org/security/gitlab@cc65b6c8c94b1b647995fe5f2d6afd23cc621f12) ( merge request (gitlab-org/security/gitlab!3698)). Filter out projects with disabled package registry in Composer finder (gitlab-org/security/gitlab@576f1ee9a3b612
16.6.019 Nov 2023 11:45 major feature: (2023-11-15). ### Added (117 changes). Add SAML Auth for Approvals (gitlab-org/gitlab@3fc89ba6d391b7264bc7d63d526c6fe5a397e4a7) ( merge request (gitlab-org/gitlab!130204)) GitLab Enterprise Edition. Add Archive Project custom permission (gitlab-org/gitlab@7e8e8b15ad899bf51ae83743aeaadece67bf7e9c) ( merge request (gitlab-org/gitlab!134998)) GitLab Enterprise Edition. Added MLFLow API to get latest model version (gitlab-org/gitlab@65756294681052f131d9910cd0fd2632125cc0c8) (merge request). This MR adds compliance framework dropdown (gitlab-org/gitlab@97e2eea040a560d8e9ef2c4a3e31f5c6407d7f2b) ( merge request (gitlab-org/gitlab!135792)) GitLab Enterprise Edition. Add Cloud Connector ADR 001 to design doc (gitlab-org/gitlab@cc8ccf84959e84ba34bda91d0e23852c8fc37a02) ( merge request (gitlab-org/gitlab!135818)). Removed nil constraint from personal access token table (gitlab-org/gitlab@1e38e00acae1fbefba8a436f210d10299f53faf6) ( merge request (gitlab-org/gitlab!135472)) GitLab Enterprise Edition. Add a fullpath argument to the ciCatalogResource endpoint (gitlab-org/gitlab@313c94abb839189c2fc7c1c1098f60e8a9536b5d) ( merge request (gitlab-org/gitlab!135493)). Removes the saved_replies feature flag (gitlab-org/gitlab@04d3023c16ddcfd4c2a87d8454a95518a0b8fa11) ( merge request (gitlab-org/gitlab!123363)). Add column to namespace settings (gitlab-org/gitlab@b420b80b7da25fa654501d56481d77fc7fc1362d) ( merge request (gitlab-org/gitlab!136063)). Enable bulk_import_details_page by default (gitlab-org/gitlab@33018de66e3415161b97455344c7f4704597a4a1) ( merge request (gitlab-org/gitlab!136408)). Add CVSS Vector to CSV (gitlab-org/gitlab@ed6113a895258c16e7f2fc34f33758eea937b53d) ( merge request (gitlab-org/gitlab!135930)) GitLab Enterprise Edition. Added create api for namespace filters (gitlab-org/gitlab@0b3cd5909122945bffdfdb5ce3b0a4529d458b7a) ( merge request (gitlab-org/gitlab!136047)) GitLab Enterprise Edition. Save additional PyPi metadata info (gitlab-or
16.5.215 Nov 2023 13:25 minor bugfix: (2023-11-14). ### (4 changes). assign security check permission checks (gitlab-org/gitlab@41d0d45a2abd8621ef55042eb0bc54343a48f2da) ( merge request (gitlab-org/gitlab!136434)) GitLab Enterprise Edition. Create group wiki repo if absent when verifying on primary (gitlab-org/gitlab@0b490bdbda06febdda47b2e0e0cea1d9e52dd381) ( merge request (gitlab-org/gitlab!136243)) GitLab Enterprise Edition. broken rendering when initial ID is null (gitlab-org/gitlab@9f9fafbe202c5f5f591f689e295f62b01b8d40fc) ( merge request (gitlab-org/gitlab!136065)). Backport artifacts page breadcrumb (gitlab-org/gitlab@4f15baf84a8de9068fa5c2c6af47fc74d2a46df8) ( merge request (gitlab-org/gitlab!135195)).
16.5.101 Nov 2023 07:25 minor security: (2023-10-30). ### (1 change). Revert "Merge branch '419642-better-error-messages-for-pull-mirroring' into 'master'" (gitlab-org/security/gitlab@08ae4b9d3814a05631d9b486fea1d4353a702a7d) by @Taucher2003. ### Security (7 changes). infinite loop when finding component project (gitlab-org/security/gitlab@9f9f87376e23c3f7aab74348c47f7401ac2d78ee) ( merge request (gitlab-org/security/gitlab!3665)). Guard gitlab_version_check helper (gitlab-org/security/gitlab@35c8592afc0225653677a00c545043eb7212a6d4) ( merge request (gitlab-org/security/gitlab!3652)). Add the environment action to the CI JWT token fields (gitlab-org/security/gitlab@cdfcea2200b0a18b9972ffd2acd9630089022f8e) ( merge request (gitlab-org/security/gitlab!3648)). Remove FIFO files from tarball extract (gitlab-org/security/gitlab@c284870b8f1ffcc9697ea34c8bd3b7314040e39c) ( merge request (gitlab-org/security/gitlab!3644)). Backport add abuse detection for pipes (gitlab-org/security/gitlab@1720c5ba557946e5805719deaaf0b9834f1a91d6) ( merge request (gitlab-org/security/gitlab!3647)). Prevent unprivileged user assignment in templated projects (gitlab-org/security/gitlab@b74af1395876a4ffb32f692f090b268815e75afd) ( merge request (gitlab-org/security/gitlab!3645)). Service Desk email template description privileges (gitlab-org/security/gitlab@097a300ac6144f0b80dfa3bc4aea73410ef74cb1) ( merge request (gitlab-org/security/gitlab!3641)). ### Other (1 change). Update migration to drop column only if it exists (gitlab-org/security/gitlab@36bcb0e41d37aa92457f60ee1016bd32003da2f6).
16.5.021 Oct 2023 16:05 major feature: (2023-10-20). ### Added (140 changes). Add branch field to Telegram integration (gitlab-org/gitlab@dd8eb28a06c7f518128a417183d5a0ebd82f14cf) ( merge request (gitlab-org/gitlab!134361)). Add validation for restrictions on work item links (gitlab-org/gitlab@6bc0197872b732b341ec424dca33b852373dd5d8) ( merge request (gitlab-org/gitlab!133618)). Optimize index for adjourned project deletion (gitlab-org/gitlab@e8f7386b48cc9ec58e713633628f3385ba26175e) ( merge request (gitlab-org/gitlab!134438)). Add parent widget to work items (gitlab-org/gitlab@097b46575a40c0678e3dc2602a751ef5299dcb69) ( merge request (gitlab-org/gitlab!133426)) GitLab Enterprise Edition. VSD drill-down links inherit labels from panel filter (gitlab-org/gitlab@4ff4f4707656a6a317d33feb33a2fce8d06feed3) ( merge request (gitlab-org/gitlab!133899)) GitLab Enterprise Edition. Increased the limit of linked items that can be added at the time (gitlab-org/gitlab@50610ceb942d8cce85fd40e44d9c6f9a3ed781ff) ( merge request (gitlab-org/gitlab!134295)). feat: Add graphql query for package protection rules (gitlab-org/gitlab@19eee23b8152e9963b0457653f98b2e0e19aa194) by @gerardo-navarro ( merge request (gitlab-org/gitlab!127022)). Hide snippets of banned users (gitlab-org/gitlab@817389ee1f67495a55ce773be2d0b3f585ecf7c8) ( merge request (gitlab-org/gitlab!134048)). Add counts with no DORA data within scope (gitlab-org/gitlab@8f2aae7efda5a5e24329c759119714344d235bcc) ( merge request (gitlab-org/gitlab!132516)) GitLab Enterprise Edition. Adds notes to abuse reports backend (gitlab-org/gitlab@1fac5166c60eb8ba756c4475bbdd10a889cb538b) ( merge request (gitlab-org/gitlab!132505)). Enable the print_wiki feature flag by default (gitlab-org/gitlab@36a7604df43d31dc32d9a0923bf45d4bddcb16df) ( merge request (gitlab-org/gitlab!134251)). Convert user columns in projects to LFKs (gitlab-org/gitlab@474c09f1551f68b7bc50470c3568fb5c40046a60) ( merge request (gitlab-org/gitlab!134246)). Add Cloud Connector serv
16.4.129 Sep 2023 06:45 minor security: (2023-09-28). ### Security (15 changes). Mark any CI builds that are not complete as canceled when imported (gitlab-org/security/gitlab@2b3246c076dd7b6505945b6e19d3787fc8698b6f) ( merge request (gitlab-org/security/gitlab!3597)). Destroy group service accounts when removing group (gitlab-org/security/gitlab@5135447afe579babb040e7f40192ac330d663aee) ( merge request (gitlab-org/security/gitlab!3602)). SSO Enforcement for shared groups and projects (gitlab-org/security/gitlab@bdcbc1561c60b8039763bf85f0b00e34e6771cc0) ( merge request (gitlab-org/security/gitlab!3603)). Prevents Ci::Build data from being rendered (gitlab-org/security/gitlab@d53320b0ad9b5c6f517971072a073f985d35facb) ( merge request (gitlab-org/security/gitlab!3604)). Allow only one membership for security policy bots (gitlab-org/security/gitlab@0427e9ce8496fd587f4c971d8df710ab37d4a104) ( merge request (gitlab-org/security/gitlab!3611)). Reset all approvals when target branch changes (gitlab-org/security/gitlab@d3cd8f60d73ce2feecd034383bf2e17789f6fe43) ( merge request (gitlab-org/security/gitlab!3607)). Default to using the asset proxy (gitlab-org/security/gitlab@524aebbbaa746b3745506ce642eba67b668f9872) ( merge request (gitlab-org/security/gitlab!3587)). Restrict Project Fork Linking to Owners and Admins (gitlab-org/security/gitlab@3132e578fcd0fc093d732a9891dd72a37341cfab) ( merge request (gitlab-org/security/gitlab!3605)). Prevent math hijacking page elements (gitlab-org/security/gitlab@c8c813dc3fc8b26e3975392758328c97568e6eb4) ( merge request (gitlab-org/security/gitlab!3591)). Delete of member branch protection rules cascadingly (gitlab-org/security/gitlab@4635a97c527fbe81bb4d93502460d7147262c2a6) ( merge request (gitlab-org/security/gitlab!3594)). Prevent collaboration across forks when author cannot push (gitlab-org/security/gitlab@d9b21a60fe0ff6f7e5cbecbcaf2a70ac33aa4acd) ( merge request (gitlab-org/security/gitlab!3586)). Allow Maintainer+ to list Sentry projects (gitlab-
16.4.023 Sep 2023 11:45 major feature: (2023-09-21). ### Added (179 changes). Create list for standards adherence report (gitlab-org/gitlab@e8aabe8fac4cf2d99de68ab325c788468abe64ee) ( merge request (gitlab-org/gitlab!129538)) GitLab Enterprise Edition. Add keyset pagination support for /users endpoint (gitlab-org/gitlab@bb7df12f5e7cb60c654d6b518a1e96a847a2f01b) ( merge request (gitlab-org/gitlab!130019)). Add documentation for Self-Managed Code Suggestions (gitlab-org/gitlab@cf61e023da5737d9fa7528283d66a3e9caed7167) ( merge request (gitlab-org/gitlab!131628)). Added create api for instance level gcp destinations (gitlab-org/gitlab@d40dde514fa1d456bc5fb09762f04e03fdc6eb1b) ( merge request (gitlab-org/gitlab!130663)) GitLab Enterprise Edition. Support multiline comment for code generation (gitlab-org/gitlab@6ad031e89bf3d9fb4530af0e0fe5de525ace17d8) ( merge request (gitlab-org/gitlab!131793)) GitLab Enterprise Edition. Expose `vulnerability_events` integrations field (gitlab-org/gitlab@501ffaceeb709179ebd9fe655d4cce67c7c051fa) ( merge request (gitlab-org/gitlab!131831)) GitLab Enterprise Edition. Added delete api for instance gcp config (gitlab-org/gitlab@87e31d608c0459979b46fbe398ff52621b55728b) ( merge request (gitlab-org/gitlab!131752)) GitLab Enterprise Edition. Enable package_metadata_advisory_sync and... (gitlab-org/gitlab@ae6fb2eb94d03bd3f979379ddad5b284b7f6ef46) ( merge request (gitlab-org/gitlab!131705)) GitLab Enterprise Edition. Add /award quick action for work items (gitlab-org/gitlab@e8c3705fde44496aa9ecac2be51ee1fceb9683d6) ( merge request (gitlab-org/gitlab!127953)). Added instance level gcp destination streaming (gitlab-org/gitlab@34f43f68e1c518e4b0e1111ba0a7ceec326fef71) ( merge request (gitlab-org/gitlab!131608)) GitLab Enterprise Edition. Graphql endpoint for listing all custom roles (gitlab-org/gitlab@e0fe47d2bffbbf503d21c1e4b884bc5f2e07921e) ( merge request (gitlab-org/gitlab!131324)) GitLab Enterprise Edition. Added archived filter for commits scope (gitlab-o
16.3.419 Sep 2023 16:25 minor security: (2023-09-18). ### (2 changes). Geo secondary proxying Git pulls unnecessarily (gitlab-org/security/gitlab@d4ac7db42e80dec97fee07c50471f1e7b60d3bcc) GitLab Enterprise Edition. Use new indexer, removing blobs from index (gitlab-org/security/gitlab@5d48e6871bc6f1c36b93c10f2a54cf28d6adbc65) GitLab Enterprise Edition. ### Security (1 change). Enforce that the policy is executed by the bot user (gitlab-org/security/gitlab@3f278f761f18ee0b14aca68e2e5f764e1e274176) ( merge request (gitlab-org/security/gitlab!3568)).
16.3.313 Sep 2023 11:25 minor feature: (2023-09-12). ### (2 changes). Prevent pipeline creation while import is running (gitlab-org/gitlab@b4e374ed7f5b264f04a2589a99004e568ef92319) ( merge request (gitlab-org/gitlab!131156)). Create iid sequence for ci_pipelines with new projects (gitlab-org/gitlab@a74b9ac352e0d9783ec39adaadbe2b65028f8e0c) ( merge request (gitlab-org/gitlab!130835)).
16.3.206 Sep 2023 07:05 minor bugfix: (2023-09-05). ### (2 changes). Drop bridge jobs on unknown failures (gitlab-org/gitlab@d6fa408c6ecd9283430d6e9d6f46132d6726a8d3) ( merge request (gitlab-org/gitlab!130833)). Code Suggestions in Web IDE on GitLab 16.3 (gitlab-org/gitlab@6e4cb467dd8c73e9034ba1b3c51a51c2eb02dd38) ( merge request (gitlab-org/gitlab!130755)).
16.3.101 Sep 2023 06:45 minor security: (2023-08-31). ### (1 change). Geo: Resync direct upload object stored artifacts (gitlab-org/security/gitlab@5db060ebf8829d027d61403fe9e30f5dc04e17ae) GitLab Enterprise Edition. ### Security (11 changes). Add authorization checks to import status endpoint (gitlab-org/security/gitlab@4ab4a1e5a3388f222154a3c4d71487303bc15387) ( merge request (gitlab-org/security/gitlab!3513)). Update commonmarker to 0.23.10 (gitlab-org/security/gitlab@58c3c6e164f7c4f20a711f996b9816d767cafc8c) ( merge request (gitlab-org/security/gitlab!3507)). Remove DAST secret variables when URL is updated (gitlab-org/security/gitlab@038471d42bfe5a15df95645b487c9c6872528a33) ( merge request (gitlab-org/security/gitlab!3498)). Maintainer can leak sentry token by changing the configured URL (gitlab-org/security/gitlab@62ac5e0cb77f61c107c4b91a442927ab666056e8) ( merge request (gitlab-org/security/gitlab!3516)). Service account users are external by default (gitlab-org/security/gitlab@8c6892ba0144d202a346d9cc83488fa5d9ae044b) ( merge request (gitlab-org/security/gitlab!3501)). Additional permission check when editing label (gitlab-org/security/gitlab@ec01380d19929259a95bf2d198cdffde3351806f) ( merge request (gitlab-org/security/gitlab!3504)). ReDOS in bulk_imports endpoint params (gitlab-org/security/gitlab@6e043d181b1c4968777efd0ab06bc9879a5a2076) ( merge request (gitlab-org/security/gitlab!3510)). Prevent namespace level banned users from accessing API (gitlab-org/security/gitlab@ca3180b89ee5601b3a535058ae0a51def2b78a0f) ( merge request (gitlab-org/security/gitlab!3519)). Check prohibit_outer_forks in fork relationship api (gitlab-org/security/gitlab@95f74317906732a0f8c6db830dcd9ac1113f69d3) ( merge request (gitlab-org/security/gitlab!3479)). Prevent traversal for `path` parameter in refs/switch endpoint (gitlab-org/security/gitlab@12b3b42cf27750b6b7c2c4b62352b444b4b4ae34) ( merge request (gitlab-org/security/gitlab!3491)). Gitaly keyset pager when pagination none only wit
16.3.022 Aug 2023 09:45 major feature: (2023-08-21). ### Added (169 changes). Add metrics for Dependency Management actions (gitlab-org/gitlab@305f5bfc638fd693c447bdaed844df90184ea37f) ( merge request (gitlab-org/gitlab!129481)) GitLab Enterprise Edition. Adding new application setting called ci_max_total_yaml_size_bytes (gitlab-org/gitlab@accf6c4c29c8e306a836e870c087e183fb6fba64) ( merge request (gitlab-org/gitlab!123129)). Add default_branch_protection_defaults in groups apis (gitlab-org/gitlab@dd442e7a643070257fd9cf4f44801e597cf7963c) ( merge request (gitlab-org/gitlab!128760)). Add documentation for multi pipeline scan result policy feature (gitlab-org/gitlab@7d0147bbe197e39f7f377184124620344ff58bd4) ( merge request (gitlab-org/gitlab!128126)) GitLab Enterprise Edition. Adds CatalogResourceComponents table (gitlab-org/gitlab@c5ffadd08f57532e30c9651585b2017e05f46b78) ( merge request (gitlab-org/gitlab!127775)). Add popover for Flux sync status badge (gitlab-org/gitlab@32fe79fe61b43adbf1634948022381e36cb0d4cc) ( merge request (gitlab-org/gitlab!129098)). Adds `to_redacted_sql` support for ClickHouse QueryBuilder (gitlab-org/gitlab@2208b24e261ce25ffd2cf734bb1ed4422a509e7e) ( merge request (gitlab-org/gitlab!128933)). Remove ci_namespace_catalog_experimental (gitlab-org/gitlab@d30d57d8eba8d86021063b9741e5086d646b62d4) ( merge request (gitlab-org/gitlab!129299)). New default branch protection json field (gitlab-org/gitlab@b20292728aed75e734e5b021e3697d5ba50f4974) ( merge request (gitlab-org/gitlab!128577)). Allow to select flux resource for environment (gitlab-org/gitlab@9a8ec346b5e8b9ed42e8cc4aba383a47151b5cd6) ( merge request (gitlab-org/gitlab!128857)). Adding WAL rate db health indicator (gitlab-org/gitlab@f7d35e30da51edf0dd24dafef9aa491d71d52241) ( merge request (gitlab-org/gitlab!128365)). Support themes in "super sidebar" navigation redesign (gitlab-org/gitlab@d51d6d7adb2137c3eebb54d661041dd02229d800) ( merge request (gitlab-org/gitlab!127990)). Introduce rake task for
16.2.412 Aug 2023 12:25 minor bugfix: (2023-08-11). ### (2 changes). Replace with (gitlab-org/gitlab@b19d3d6412b4e349b932775d0736c8727d98b1b2) ( merge request (gitlab-org/gitlab!128950)). Revert "Remove log_response_length feature flag" (gitlab-org/gitlab@03a2a38a822da8c303a3ccefd9a4b8de818c2ca2) ( merge request (gitlab-org/gitlab!128778)).
16.2.202 Aug 2023 17:25 minor security: (2023-08-01). ### Added (1 change). Add MR reviewers to BitBucketServer import to 16-2 (gitlab-org/security/gitlab@aeb33292029aae649352dea089d9e86933e01a80). ### (2 changes). Disable IAT verification by default (gitlab-org/security/gitlab@b3a0c02721101596c644443d412ca13e8f4ce000). Enable descendant_security_scans by default (gitlab-org/security/gitlab@66eaaabed118b3b4b75fca17ef13e56b64e4eb4b) GitLab Enterprise Edition. ### Security (17 changes). undefined method licenses for nil:NilClass (gitlab-org/security/gitlab@aa4c4dc26a239e7799f9e9aa14d893c7a696d112) ( merge request (gitlab-org/security/gitlab!3471)). undefined method page error in list dependencies (gitlab-org/security/gitlab@08acd6aa91d34de2403e1d2a28b437c58af107c1) ( merge request (gitlab-org/security/gitlab!3470)). Add pagination for license scanning (gitlab-org/security/gitlab@b58ed3a7c40dd08ab0fe48c0cc4386e1cb7fa48a) ( merge request (gitlab-org/security/gitlab!3467)). Prevent leaking emails of newly created users (gitlab-org/security/gitlab@25d75bb2494dffb7e2b55f3b9d190a7302461fe1) ( merge request (gitlab-org/security/gitlab!3449)). Added redirect to filtered params (gitlab-org/security/gitlab@a72a1d48e871716ebeae3a4082078d4626cab8a0) ( merge request (gitlab-org/security/gitlab!3441)). Relocate PlantUML config and disable SVG support (gitlab-org/security/gitlab@6aac3a3e7223cbb85a62d6e95cf096e8a582cfcf) ( merge request (gitlab-org/security/gitlab!3438)). Sanitize multiple hardlinks from import archives (gitlab-org/security/gitlab@286c5b4e79f1a94554ee20b2535376d7c1c329a8) ( merge request (gitlab-org/security/gitlab!3435)). Validates project path availability (gitlab-org/security/gitlab@d970c230a0dc1113de469e4636bac020fa7cdeac) ( merge request (gitlab-org/security/gitlab!3426)). policy project assign (gitlab-org/security/gitlab@5564547ac37f5f80c58f444778bdaf3e3a491ff7) ( merge request (gitlab-org/security/gitlab!3423)). where comments on files with incorrect sha breaks UI
16.2.126 Jul 2023 03:17 minor bugfix: (2023-07-25). ### (1 change). crash when LDAP CA file set outside tls_options (gitlab-org/gitlab@a10e127dda8b2f228639164d1b5055b007546166) ( merge request (gitlab-org/gitlab!127313)).
16.2.022 Jul 2023 03:45 major feature: (2023-07-21). ### Added (176 changes). Add GraphQL API to get compliance standards adherence at group level (gitlab-org/gitlab@79f1bb21779ffd683476596998255bcf4f337978) ( merge request (gitlab-org/gitlab!125875)) GitLab Enterprise Edition. Add read_dependency column to member_roles table (gitlab-org/gitlab@5b8edb4e4becc9cce5d2841990b06937a5f3ec90) ( merge request (gitlab-org/gitlab!126247)). Dashboards item under group analyze nav menu (gitlab-org/gitlab@c9a7ba67e2a9a0f2b76ba49cdcd3d237147142e5) ( merge request (gitlab-org/gitlab!123852)) GitLab Enterprise Edition. Backfill vulnerability_occurrences.uuid_convert_string_to_uuid column (gitlab-org/gitlab@0a534cf29b527c328e5b777d9c5003da8481f972) ( merge request (gitlab-org/gitlab!124986)). Add support for vulnerability age filtering (gitlab-org/gitlab@2123dfd5360d713a727f17413daca45bfa59c71e) ( merge request (gitlab-org/gitlab!123956)) GitLab Enterprise Edition. Use default template when creating via gql (gitlab-org/gitlab@72ae0b58ef4518451946585c391ef4a29dcbe239) ( merge request (gitlab-org/gitlab!125440)). Add background migration worker for Redis (gitlab-org/gitlab@ad5b117bc10d7515d0544fc5837802f1f3b5787b) ( merge request (gitlab-org/gitlab!124951)). Trigger Microsoft Group Sync on sign-in (gitlab-org/gitlab@a317f4cd289a35baf45f828471fde0d56c8e5dcd) ( merge request (gitlab-org/gitlab!126081)) GitLab Enterprise Edition. Add a new faster git refs finder (gitlab-org/gitlab@7cf2f8959a73bcbec0d186bf2544cea80f4bc344) ( merge request (gitlab-org/gitlab!125718)). Add SCIM as a provider to the Users API search (gitlab-org/gitlab@3ac64827a94d1ef42c4941a4a7890cef5ef03e8a) ( merge request (gitlab-org/gitlab!125201)) GitLab Enterprise Edition. Add sync for advisories (gitlab-org/gitlab@0c2ee8e56039486068fe5d0752fd9d02082d181a) ( merge request (gitlab-org/gitlab!125594)) GitLab Enterprise Edition. Add developer documentation on required stops (gitlab-org/gitlab@94ae77cbc9ddf57d395c4ce59ece609e3c97a198)
16.1.206 Jul 2023 19:45 minor security: (2023-07-04). ### (4 changes). Set a min-height for wiki list items (gitlab-org/security/gitlab@5a360319844f0d8712452c831e13e5e3f82907d8). GitHub Importer (gitlab-org/security/gitlab@258050534701a14f66a6339b918ed35b1dad5dba). Bitbucket Cloud Importer (gitlab-org/security/gitlab@f21e3a29d0911c40dca10d54b37fd4f00bd3c4bf). CSP is set in Environment page incorrectly (gitlab-org/security/gitlab@88ca9f97abd5b575dd8de5d755a04df0dde38e9d). ### Security (1 change). Add authorization to the subscriptions group controller (gitlab-org/security/gitlab@5d3f7e618dde34926916f474d0190b681936073b) ( merge request (gitlab-org/security/gitlab!3379)).
16.1.130 Jun 2023 03:19 minor security: (2023-06-28). ### Security (12 changes). Revert 'security-leaked-ci-job-token-permission-16-1' from '16-1' (gitlab-org/security/gitlab@d2599119b120eab983a1446fc9ed3ca801c88368) ( merge request (gitlab-org/security/gitlab!3374)). Use fully qualified ref when loading code owner file (gitlab-org/security/gitlab@e8ba90bb85de376bb020350c027bb369671c83d6) ( merge request (gitlab-org/security/gitlab!3356)). Maintainer can leak masked webhook secrets by manipulating URL masking (gitlab-org/security/gitlab@2cf91108544e8c30aae6d9b207385c90c299869c) ( merge request (gitlab-org/security/gitlab!3359)). Remove approvals when the only commit gets amended (gitlab-org/security/gitlab@3f81f7bc4236bcc2ed887f40b7a14702d756ca9e) ( merge request (gitlab-org/security/gitlab!3366)). Add authorization validation to GithubController#failures action (gitlab-org/security/gitlab@3c8c305deef9c9bd1194788b40e0d7ae1de45f3b) ( merge request (gitlab-org/security/gitlab!3335)). for fork permissions check in compare controller (gitlab-org/security/gitlab@5b14436f3874de7be62e0f46a25e93a1d8c99975) ( merge request (gitlab-org/security/gitlab!3342)). Webhook token leaked in Sidekiq logs if log format is 'default' (gitlab-org/security/gitlab@d2d76399c880c62d7449cdae6014ee3236bffc0b) ( merge request (gitlab-org/security/gitlab!3345)). Mitigate epic reference filter ReDOS (gitlab-org/security/gitlab@874d5bc2d55e2e1092bf7cc4ebb0e53fc716d850) ( merge request (gitlab-org/security/gitlab!3341)). Increasing security for CI_JOB_TOKEN on public and internal projects (gitlab-org/security/gitlab@c2aa392b932af04e395d67eb06a20b5c768ec683) ( merge request (gitlab-org/security/gitlab!3337)). Adjust access to value stream create, edit and destroy actions (gitlab-org/security/gitlab@8a3645e265c71886951bdc03857837aacb57e558) ( merge request (gitlab-org/security/gitlab!3349)). Sanitize user email addresses in admin confirm user dialog (gitlab-org/security/gitlab@70553e6ca6b3f244df37e306466e2d3b5d54f76
16.1.022 Jun 2023 07:05 major feature: (2023-06-21). ### Added (224 changes). Initiate the process of group wiki indexing (gitlab-org/gitlab@9bd405f4f5caceda6c069ff893c4a03c2369c435) (merge request) GitLab Enterprise Edition. Add copy reference and email address actions in work items (gitlab-org/gitlab@d4ef682430f4025e8df8a07681fa95de1066b95f) ( merge request (gitlab-org/gitlab!122932)) GitLab Enterprise Edition. Implement group-level dependency list export API (gitlab-org/gitlab@dce970d363a4ed422d99af8ef00e1b7299941379) ( merge request (gitlab-org/gitlab!123397)) GitLab Enterprise Edition. Add runner status column (gitlab-org/gitlab@a80e35eb6eff575325535344d18e1749d61b95b2) ( merge request (gitlab-org/gitlab!123798)). Add a guideline to configure dnsmasq for Pages (gitlab-org/gitlab@87f95e8d2f17ee695f11e52b27e502bf32d21678) ( merge request (gitlab-org/gitlab!123802)). Add GeoJSON support for viewing files (gitlab-org/gitlab@05e09bb9f7166ae03c59c43075ef04a45f7b3558) ( merge request (gitlab-org/gitlab!123012)). Introduce find_changed_paths with merge_commit_diff_mode (gitlab-org/gitlab@d773f966e8a57ecb360dc58c0935b2be288b11c4) ( merge request (gitlab-org/gitlab!123501)). Added new component + imoplemented @anna_vovchenko notes (gitlab-org/gitlab@c28e6f60eb1edafc82bb3388c6dce304dcd15a74) ( merge request (gitlab-org/gitlab!121063)). Added not_aimed_for_deletion filter for namespace-project (gitlab-org/gitlab@ffd598efe9287db2becb3287b45e66cdcf4d5447) ( merge request (gitlab-org/gitlab!123153)). Adding monthly metric for ci builds (28d) (gitlab-org/gitlab@378537cbaa1dd6b6887059d7d833b413dc13ff75) ( merge request (gitlab-org/gitlab!122227)). Show list of audit events in listbox (gitlab-org/gitlab@f9935b6c262bd1fa3968ea3477e037bb86cf385b) ( merge request (gitlab-org/gitlab!123181)) GitLab Enterprise Edition. Add `` to `pipeline_hooks` (gitlab-org/gitlab@f5ea19c8d29d6d22ab20999b23d9612e731b77d4) ( merge request (gitlab-org/gitlab!123639)). Add Add-on purchase AP
16.0.517 Jun 2023 08:05 minor feature: (2023-06-16). ### (1 change). Update gitlab-elasticsearch-indexer version (gitlab-org/gitlab@d080c6c9af405b24e65e269ccb7b723cd5510940) ( merge request (gitlab-org/gitlab!122335)). ### Changed (1 change). Make MigrateSharedVulnerabilityIdentifiers use slow iteration (gitlab-org/gitlab@252da7be42ec95a5d470c17f43209c27890a7e85) ( merge request (gitlab-org/gitlab!122859)) GitLab Enterprise Edition.
16.0.409 Jun 2023 03:17 minor bugfix: (2023-06-08). ### (1 change). LDAP tls_options not working (gitlab-org/gitlab@e6038d0d4e8bb190ccfeca5fe7204d6a6af266e5) ( merge request (gitlab-org/gitlab!122797)).
16.0.206 Jun 2023 03:17 minor security: (2023-06-05). ### (1 change). Sidekiq crash when gitlab.yml contains UTF-8 characters (gitlab-org/security/gitlab@bb3f94f25f14068e11ff242e00841ec6ad4952a5). ### Changed (1 change). Introduce parallelised BitBucket Server Importer (gitlab-org/security/gitlab@6aa9cf0799d3fa30d7498a9d119dbfb52a839247). ### Security (16 changes). DoS on test report artifacts (gitlab-org/security/gitlab@1058018d0f40165150742f2703e3feb0e0810799) ( merge request (gitlab-org/security/gitlab!3271)). XSS in Abuse Reports form action (gitlab-org/security/gitlab@c5ab6568c8d9d084876b8680394cfe18d6c58ba1) ( merge request (gitlab-org/security/gitlab!3289)). Escape the source branch link correctly (gitlab-org/security/gitlab@40a3d27c0293190fb094216a8d7a193751e61acd) ( merge request (gitlab-org/security/gitlab!3286)). Import source owners with maintainer access if importer is a maintainer (gitlab-org/security/gitlab@2d580f269e4285834f478df6601132f7cdc3130a) ( merge request (gitlab-org/security/gitlab!3282)). Filter inaccessible issuable notes when exporting project (gitlab-org/security/gitlab@ca46e35908072748b5ae68d099acf46f8f667cfc) ( merge request (gitlab-org/security/gitlab!3275)). Block tag names that are prepended with refs/tags/, due to conflicts (gitlab-org/security/gitlab@80e86cec6ea8a87c6b869eeeaa8c9a317f53d26d) ( merge request (gitlab-org/security/gitlab!3269)). Set IP in ActionContoller filter before IP enforcement is evaluated (gitlab-org/security/gitlab@121f1270bed598cf1ca249fc5fd27c9806765421) ( merge request (gitlab-org/security/gitlab!3278)). Prevent primary email returned as verified on unsaved change (gitlab-org/security/gitlab@506533fc3a1928361ea451dbb7a702da2912f16f) ( merge request (gitlab-org/security/gitlab!3259)). Use UntrustedRegexp to protect FrontMatter filter (gitlab-org/security/gitlab@50e26a058850e907970ea12d94a72e8be4c6b296) ( merge request (gitlab-org/security/gitlab!3258)). Improve ambiguous_ref? logic to include heads and tags (gitla
16.0.125 May 2023 03:25 minor security: (2023-05-22). ### Security (1 change). arbitary file read via filename param (gitlab-org/security/gitlab@2ddbf5464954addce7b8c82102377f0f137b604f) ( merge request (gitlab-org/security/gitlab!3265)).
16.0.021 May 2023 07:45 major feature: (2023-05-18). ### Added (168 changes). Add X-GitLab-Confidential: header boolean (gitlab-org/gitlab@e3594865e0b4b95914df2533613c6ac21384c7ed) by @micah ( merge request (gitlab-org/gitlab!101558)). Adds CI information to candidate detail (gitlab-org/gitlab@7a2b5cbb51c8fda57c7fc7935df981c29bae500e) ( merge request (gitlab-org/gitlab!119733)). Added pipelines shortcut (gitlab-org/gitlab@b93d0c5d72dcbd29207704c1800318fec7985fc0) by @AlexNewson ( merge request (gitlab-org/gitlab!119090)). Add user deactivate service (gitlab-org/gitlab@d152ca26fb82f12867a5ec9a11d033118e068d7f) (merge request) GitLab Enterprise Edition. Updated code based on suggestion (gitlab-org/gitlab@7e0dab6d96b41ee07c157606d5d79ca5c55ef692) ( merge request (gitlab-org/gitlab!119497)). feat: Add lock_version to milestone (gitlab-org/gitlab@9019b79935b04aeb5d605db11cce0a75bdaf65ca) by @gerardo-navarro ( merge request (gitlab-org/gitlab!119859)). Enable import_details_page ff by default (gitlab-org/gitlab@0698522dc3e90a079741b1a57f857c4aeb6bd47c) ( merge request (gitlab-org/gitlab!120265)). Add audit events schema definitions (gitlab-org/gitlab@fa7087bd21164a195fdca9e6d1463ade7fac16de) ( merge request (gitlab-org/gitlab!114991)) GitLab Enterprise Edition. Add specs for ApprovalProjectRule creation (gitlab-org/gitlab@4be4a12f8377f342ef890f7f5ec9071a8b3592dd) ( merge request (gitlab-org/gitlab!120362)). Add environment tier to deployment webhooks (gitlab-org/gitlab@ca4a20056f62e79a5831c3390ee871f90899d7f1) ( merge request (gitlab-org/gitlab!120151)). Add keyword to allow multiple cache fallback keys (gitlab-org/gitlab@3b795d64cd0cd82cddbba66d909680feb15e756b) by @renehernandez ( merge request (gitlab-org/gitlab!110467)). Add emoji awards for work item (gitlab-org/gitlab@1ce458ee16d86aa0e760c7dfb32797db05bd2197) ( merge request (gitlab-org/gitlab!119585)) GitLab Enterprise Edition. GraphQL project fields for refs containing a commit (gitlab-org/gitlab@2fea8e046fcdd05ab6cebf7e111
15.11.417 May 2023 07:05 minor bugfix: (2023-05-16). ### (2 changes). Do not autofocus the description field (gitlab-org/gitlab@978ae42ee723d5bc5235115b8ebfd7c67c8d858b) ( merge request (gitlab-org/gitlab!120306)). group blobs search permission when migration is not complete (gitlab-org/gitlab@c718fc80bf2ae389d63760db0c4aa95ec6c67f7e) ( merge request (gitlab-org/gitlab!120159)) GitLab Enterprise Edition. ### Changed (1 change). Use correct migration finalisation method (gitlab-org/gitlab@db7999c368aa41a155f717206b5b8340c91927f7) ( merge request (gitlab-org/gitlab!120683)).
15.11.312 May 2023 07:25 minor feature: (2023-05-10). ### (2 changes). description keeping autosave after save (gitlab-org/security/gitlab@9a2d98b24c1ed9416ef672635aae27997b99a8b6). Backport MR 119319 changes to 15-11-stable-ee (gitlab-org/security/gitlab@7f54f28a839efeebdea9030ae41975c9059a5f4e). ### Changed (1 change). Restrict cleanup migrations only for (gitlab-org/security/gitlab@d6d1c3a650277a0f4acb777f0b123cc0b9c57ea4).
15.11.206 May 2023 03:17 minor security: (2023-05-03). ### Security (2 changes). Only maintainers of projects should be able to assign runners to them (gitlab-org/security/gitlab@c52abfffad2c06c2a49788e3db473f14923c3926) ( merge request (gitlab-org/security/gitlab!3234)). Authorize access to vulnerabilitiesCountByDay resolver (gitlab-org/security/gitlab@8e78aecb9a6c248099a043f181de3c8f6d4417ce).
15.11.103 May 2023 03:17 minor security: (2023-05-01). ### (2 changes). search cron worker when indexing is disabled (gitlab-org/security/gitlab@e543d1c8e0bb5d9e498beb51cd264c8bc6825cc0) GitLab Enterprise Edition. Web IDE Beta icons not loading in Safari (gitlab-org/security/gitlab@f11e5b37c05f314efe5a6895d385bc4ed284d217). ### Security (9 changes). Set minimum role for importing projects to Maintainer (gitlab-org/security/gitlab@bd6bd7340736767a9dc7589ab798c75dbea607d5) ( merge request (gitlab-org/security/gitlab!3214)). Commit trailers now only match public user email addresses (gitlab-org/security/gitlab@2c307a557ac7b3e32c4201b639d684fa1389351c) ( merge request (gitlab-org/security/gitlab!3207)). Handle invalid URLs in asset proxy (gitlab-org/security/gitlab@2748c81f96539de154b3fb89ca2e72658bda617b) ( merge request (gitlab-org/security/gitlab!3211)). Relay state to check for only allowing sub paths (gitlab-org/security/gitlab@be654790e2844dcc246e3cbf9d06280360e2a134) ( merge request (gitlab-org/security/gitlab!3218)). Prohibit 40 character hex sets at beginning of path-based branch name (gitlab-org/security/gitlab@5bb78addd26b3c53750aaeeb575e1f2d46728260) ( merge request (gitlab-org/security/gitlab!3198)). Add specs for external users flag (gitlab-org/security/gitlab@b45c2e236f530558cd850fa53ef08cd2ee58d79a) ( merge request (gitlab-org/security/gitlab!3206)). Update policy to prevent banned members from accessing public projects (gitlab-org/security/gitlab@e8848b32fd03c0bc4b46f3fa9efb73550bacf615) ( merge request (gitlab-org/security/gitlab!3217)). Use dummy filename as filename when viewing raw xml files (gitlab-org/security/gitlab@ac38e0600b5dedd616ae653a17ad838f009f25f0) ( merge request (gitlab-org/security/gitlab!3199)). Authorize access to vulnerabilitiesCountByDay resolver (gitlab-org/security/gitlab@70264a8cc4e10e635ac4c1ebed15a01b1201c688) ( merge request (gitlab-org/security/gitlab!3222)).
15.11.022 Apr 2023 07:45 major feature: (2023-04-21). ### Added (175 changes). Add error logic for admin jobs vue (gitlab-org/gitlab@fa55b3a412e76a431ed689527d1b957f62c5b82b) by @TrueKalix ( merge request (gitlab-org/gitlab!117990)). Added migration and models for instance external audit events (gitlab-org/gitlab@c3101feb41ed7e3bdd6be97eea1e304651d04826) ( merge request (gitlab-org/gitlab!116909)) GitLab Enterprise Edition. Add "explain this vulnerability" feature to vuln details page (gitlab-org/gitlab@8733ceb1d611b099aea06435a21c0aa24d4e5fb6) ( merge request (gitlab-org/gitlab!117657)) GitLab Enterprise Edition. Add empty state to admins jobs vue (gitlab-org/gitlab@ea124629c7fdf109781a1420feb643e4de7e8e74) by @TrueKalix ( merge request (gitlab-org/gitlab!118030)). Add support for snowplow PA configurator (gitlab-org/gitlab@bd92c8664934d10a15e82ec9f9ff48f6f15f88d3) ( merge request (gitlab-org/gitlab!117141)). GraphQL project fields to get refs tipping at a commit (gitlab-org/gitlab@fc4e77db4a81daaa42a447a0b246889b56280a5d) ( merge request (gitlab-org/gitlab!116697)). Add vulnerabilityLinkCreate GraphQL mutation (gitlab-org/gitlab@5388b8a5f717d0ac502a4764ca04c71935d91f24) ( merge request (gitlab-org/gitlab!114304)) GitLab Enterprise Edition. Add milestone reference to removed milestone note (gitlab-org/gitlab@27d9abcb69807e6c4029bf9db8ccdee7a01a2332) ( merge request (gitlab-org/gitlab!117529)). Add user_identities field to JWTv2 (gitlab-org/gitlab@b0d92f33023afb99fec95ec34996e2435da144d9) by @joe-snyder ( merge request (gitlab-org/gitlab!117541)). Create GraphQL endpoint for Explain Vulnerability (gitlab-org/gitlab@ddcae59b448bd53d58faa31e714c87fcf79e0c96) (merge request) GitLab Enterprise Edition. Automatically index projects in Zoekt when namespace is enabled (gitlab-org/gitlab@5670f066793539d243bcde0e5ceb555c1f74562f) (merge request) GitLab Enterprise Edition. Add AwardEmoji widget update (gitlab-org/gitlab@0a24f6cc11564deb973d9ac27034107d77b0ebe0) ( merge request (gitlab-org
15.10.315 Apr 2023 08:45 minor feature: (2023-04-14). ### (3 changes). Backport for broadcast messages (gitlab-org/gitlab@c97c17e31e99f9e93127245cd1f65f7d15cdb0ef) ( merge request (gitlab-org/gitlab!117276)). automatically-retried jobs stuck in pending state (gitlab-org/gitlab@e349581eaf1e050b8bcdee76f9d40f0c182a09f8) ( merge request (gitlab-org/gitlab!117280)). Verify deploy keys settings for protected tags (backport) (gitlab-org/gitlab@4bd6914bd616c1d8dc9ee7cb75e92be13d522ca9) ( merge request (gitlab-org/gitlab!116952)). ### Changed (1 change). Change the order of vulnerability creation (gitlab-org/gitlab@4193c4cab75f9472b3804b74b17f4a10f3ae9580) ( merge request (gitlab-org/gitlab!116851)) GitLab Enterprise Edition.
15.10.206 Apr 2023 03:17 minor bugfix: (2023-04-05). ### (3 changes). openapi viewer for relative url instances (gitlab-org/gitlab@28c94e7f0e0c29651383212e16422e0b384cddb9) ( merge request (gitlab-org/gitlab!115480)). Update mail gem to v2.8.1 (gitlab-org/gitlab@1ec987737d7a3ee96bb1ef8efa3f06fcd32c31e4) ( merge request (gitlab-org/gitlab!116173)). Move ldap option sync_name to ldap server and (gitlab-org/gitlab@e56f6d11f76ae858f602b23ea1e2875eb8754fe5) by @zhzhang93 ( merge request (gitlab-org/gitlab!115820)) GitLab Enterprise Edition. ### Changed (1 change). Migrate the existing RedisHLL keys to default slot (gitlab-org/gitlab@5fa90b0ef485aee29f62c500fb48c19278099ef0) ( merge request (gitlab-org/gitlab!116604)).
15.10.131 Mar 2023 07:25 minor security: (2023-03-30). ### (2 changes). Sync security policy rule schedules that may have been deleted by (gitlab-org/security/gitlab@5ac094761b5cfac26c44d63988359fbae263a415). dashboard returning from archived projects (gitlab-org/security/gitlab@6127799167081845824e8759f358aac8f702adb8). ### Security (15 changes). Redirect to tree from project root on ref collision (gitlab-org/security/gitlab@c10a48134447128486e2254fc54d0af0d8e6fee0) ( merge request (gitlab-org/security/gitlab!3155)). soft email confirmation alert vulnerability (gitlab-org/security/gitlab@4aa387fec0c995607f03e8c057d2c2a11168aca9) ( merge request (gitlab-org/security/gitlab!3158)). Restrict Prometheus API access on public projects (gitlab-org/security/gitlab@e9cf398f8c205ae1b8cafddbb2cfbcb214a84d51) ( merge request (gitlab-org/security/gitlab!3162)). Verify that users have access to the parent of the fork (gitlab-org/security/gitlab@fb55096b37ab82f49f2a0205f7ab8bdda14b0010) ( merge request (gitlab-org/security/gitlab!3153)). Protect webhook secrets by resetting url_variables (gitlab-org/security/gitlab@433996f41e89db3e2073314c0644a6f95ab67062) ( merge request (gitlab-org/security/gitlab!3146)). Replace Unicode space chars with spaces (gitlab-org/security/gitlab@c9942785d9a26cf7bb96a81ccd14e5c6e5582bbe) ( merge request (gitlab-org/security/gitlab!3156)). Check access to parent when creating and updating epics (gitlab-org/security/gitlab@a42d166e743edb966b0a581bf1325ffb7c96041b) ( merge request (gitlab-org/security/gitlab!3148)). Improve Gitlab::UrlSanitizer regex to match more URIs (gitlab-org/security/gitlab@58a823e09c27948d15432c344248a8436587f9af) ( merge request (gitlab-org/security/gitlab!3165)). Check access to target project before looking for branch (gitlab-org/security/gitlab@804d9da677451889e0a7a0880f2c2f4c3c04faed) ( merge request (gitlab-org/security/gitlab!3151)). the potential leak of internal notes (gitlab-org/security/gitlab@e21dbf4373a4c4e5179b073f5cba4318ee174
15.10.022 Mar 2023 11:45 major feature: (2023-03-21). ### Added (155 changes). Add wiki_access_level to group API (gitlab-org/gitlab@05b4aca71af6e5e2e73175ee13e4bf6741d17721) ( merge request (gitlab-org/gitlab!114719)) GitLab Enterprise Edition. Add filter for approved status (gitlab-org/gitlab@739d2677fe60c53443e828241b3b53518ef2cb12) by @Taucher2003 ( merge request (gitlab-org/gitlab!114374)). Show achievements on user profile (gitlab-org/gitlab@b6d43f703b109add8f8e951335d86551531f137d) ( merge request (gitlab-org/gitlab!113156)). Run package metadata conditionally in dev (gitlab-org/gitlab@64f1ba858e13f775faaa17af1407f3d398837308) ( merge request (gitlab-org/gitlab!115062)) GitLab Enterprise Edition. Add revoke achievement mutation and service (gitlab-org/gitlab@15c471bf7984a9e1f364cf0479fedfdc2f86c620) ( merge request (gitlab-org/gitlab!114810)). Add documentation for protected tags creation with deploy keys (gitlab-org/gitlab@c9bf5fc531199249b99dd6e95126f6f61fa649a8) ( merge request (gitlab-org/gitlab!110240)). Define ci_builds primary key as partitioned (gitlab-org/gitlab@730cb2f3c0335e4e436f34c20b800caed2aa4f44) ( merge request (gitlab-org/gitlab!113725)). Compliance frameworks report (gitlab-org/gitlab@f53da2b047b5ffb811cc4950b5050e73510e902c) (merge request) GitLab Enterprise Edition. feat: Enable auto-resolution of removed SAST rules by default (gitlab-org/gitlab@929b74d1ee087b678ff6041cd63d04ada298692e) ( merge request (gitlab-org/gitlab!114633)). Filter projects by compliance framework presence (gitlab-org/gitlab@15417d7fa2032b3d4cd9f5ca78778f82fefa617b) ( merge request (gitlab-org/gitlab!114440)) GitLab Enterprise Edition. Add Squash TM integration (gitlab-org/gitlab@0f3b8a519f0f57380cfc46565ad55844fe4a1c6e) by @pckerneis ( merge request (gitlab-org/gitlab!110909)). Enable duo 2FA authentication support (gitlab-org/gitlab@07c175ed7bb2275cc0861717217b6ad9a3c3cbc6) ( merge request (gitlab-org/gitlab!114068)). Move work item notes out of FF and docs (gitlab-org/gitla
15.9.310 Mar 2023 03:17 minor bugfix: (2023-03-09). ### (4 changes). foreign_key_exists? migration helper (gitlab-org/gitlab@7b51239b18779acfe9876fb9467f1231f56d47b4) ( merge request (gitlab-org/gitlab!114005)). Enable Geo::RepositoryRegistrySyncWorker on Geo secondary site (gitlab-org/gitlab@57b542b4377bcc991b65f34a37397ac1d08846d9) ( merge request (gitlab-org/gitlab!114005)) GitLab Enterprise Edition. Guard against dropped columns when finalizing user details migration (gitlab-org/gitlab@939d646e2cbbbabf870e15fae384c0380d371111) ( merge request (gitlab-org/gitlab!114005)). object deletion not working with Azure Blob Storage (gitlab-org/gitlab@9515c7a334a43c0e580543029a8da5061bdc19ce) ( merge request (gitlab-org/gitlab!114005)).
15.9.203 Mar 2023 03:17 minor security: (2023-03-02). ### Security (12 changes). Using builds metadata to determine de_mode (gitlab-org/security/gitlab@e19fcea675071d005eb72c7e100ff0b357f43508) ( merge request (gitlab-org/security/gitlab!3022)). pagination limits for Commits API (gitlab-org/security/gitlab@f71e2650b44e306c8291a8fa5f8557ff4ae4f5d7) ( merge request (gitlab-org/security/gitlab!3071)). Mask Google IAP account details in Prometheus integration (gitlab-org/security/gitlab@8cad41d16614f7eb6a0f1693046ae1981ff413d5) ( merge request (gitlab-org/security/gitlab!3081)). Stop Group Transfer Service if SAML Provider or SCIM token is present (gitlab-org/security/gitlab@e7ebbc1d37372c147392a3854186f4bb7fd15db5) ( merge request (gitlab-org/security/gitlab!3095)). Protect Datadog API key by changing Datadog site (gitlab-org/security/gitlab@abe3343d6cd0397a6b1b491878a9e8dfc5774a2f) ( merge request (gitlab-org/security/gitlab!3093)). Protect integrations' sensitive information exposed via API (gitlab-org/security/gitlab@0036ee57dd9f37858ca09746be20fa254347a7ef) ( merge request (gitlab-org/security/gitlab!3087)). Disallow maintainer to create an owner access token (gitlab-org/security/gitlab@820d02055d2a958462da3be5587d460a905d157f) ( merge request (gitlab-org/security/gitlab!3090)). Paste only text content in work items title (gitlab-org/security/gitlab@5ef125158ceaf0220260423d67cf6a0e1c973e63) ( merge request (gitlab-org/security/gitlab!3074)). Jira DVCS OAuth Open Redirect Vulnerability (gitlab-org/security/gitlab@d6295e117531bc9cde690ba49a456be6883fcd21) ( merge request (gitlab-org/security/gitlab!3077)). Block private personal snippet from unauthorized users (gitlab-org/security/gitlab@1471002b48fba676367397bdffa63a1b50c375bd) ( merge request (gitlab-org/security/gitlab!3079)). Verify Kroki diagram type (gitlab-org/security/gitlab@c76ccc6be3115ded496bbd1bde7da6e4a7dd19ba) ( merge request (gitlab-org/security/gitlab!3056)). Check read_release permission before showing releases i
15.9.125 Feb 2023 03:25 minor bugfix: (2023-02-23). ### (2 changes). Broadcast messages not showing in admin console (gitlab-org/gitlab@f50dfdfe43231b4bb52378eaaa515ee76c918d03) ( merge request (gitlab-org/gitlab!112831)). dependency check in license approval policies (gitlab-org/gitlab@ff5a77036fdb74c4b410fbb954428dbf8736ffd8) ( merge request (gitlab-org/gitlab!112831)) GitLab Enterprise Edition.
15.9.022 Feb 2023 03:17 major feature: (2023-02-21). ### Added (223 changes). Initialize conversion of to bigint (gitlab-org/gitlab@b4bde678e26065d177374d6440ad065378a30fe3) ( merge request (gitlab-org/gitlab!110597)). Add top-level `groups` GraphQL query (gitlab-org/gitlab@63b93320ea9c9aca9017af344f648acb815603e2) ( merge request (gitlab-org/gitlab!111199)). Add aditional arguments to BulkUpdate mutation (gitlab-org/gitlab@2d26ce617cb65806ba2dc4585fd5715412c854ff) ( merge request (gitlab-org/gitlab!111729)). Expose project visibleForks in GraphQL (gitlab-org/gitlab@78a7ca9961c39b3ef055419a62e17f18b2660c40) ( merge request (gitlab-org/gitlab!112167)). Add MR settings support for group (EE frontend) (gitlab-org/gitlab@2b39d1e8bc0420144152fecf428cfcf78d7a0bb7) by @luzhiyuan.deer ( merge request (gitlab-org/gitlab!102863)) GitLab Enterprise Edition. Add EE only metrics for license compliance MR widget (gitlab-org/gitlab@f5f18bc99ae1e8d7450c6c2b84087e26bc94d2e2) ( merge request (gitlab-org/gitlab!111725)). Add widget definitions table (gitlab-org/gitlab@a2f61bec6e65f9dfc84ffc6c76a879dcfce13df1) ( merge request (gitlab-org/gitlab!107582)). Board - Move epic at top or bottom of list (gitlab-org/gitlab@2ce467cc01dab8fae9822a5f87d659219ba47e14) ( merge request (gitlab-org/gitlab!111398)) GitLab Enterprise Edition. Add package metadata ingestion service (gitlab-org/gitlab@bc4c2148648c3620998ed98b2c748dc08c2c8134) ( merge request (gitlab-org/gitlab!108600)). Initialize the conversion of todos.note_id to bigint (gitlab-org/gitlab@c7eb9f44003ee8b827a0b3081fc133a311877f46) ( merge request (gitlab-org/gitlab!110704)). Allow users to stop stale environments via the UI (gitlab-org/gitlab@3d71756b3a002580d5307967aa7522797ff5803e) ( merge request (gitlab-org/gitlab!112098)). Process webhook notification to send HLLRedis metrics (gitlab-org/gitlab@35ea0be75c0671afff397a8973e47582476056c5) ( merge request (gitlab-org/gitlab!107918)) GitLab Enterprise Edition. Add ability to re-import pr
15.8.319 Feb 2023 03:17 minor feature: (2023-02-15). ### (3 changes). Attempt reading schema file instead of a file named `# report_version ` (gitlab-org/gitlab@f4b236c5f22c2da89bd4275cd8f5bf2807069ee4) ( merge request (gitlab-org/gitlab!111934)). Revert changes on wiki replication/verification legacy code (gitlab-org/gitlab@71b29b669f0415fa371560139d699aa7ad568549) ( merge request (gitlab-org/gitlab!111934)) GitLab Enterprise Edition. Revert changes on wiki replication/verification legacy code (gitlab-org/gitlab@fd824d99fb7b341088841edfaa6c401c4c20dad8) ( merge request (gitlab-org/gitlab!111879)) GitLab Enterprise Edition. ### Changed (1 change). Upgrade Alert - Add proper API support (gitlab-org/gitlab@6658efdbfb89847f20836e862710260e49c44778) ( merge request (gitlab-org/gitlab!111934)).
15.8.101 Feb 2023 06:45 minor security: (2023-01-30). ### Security (5 changes). Remove parameter validation for registry notification request 15.8 (gitlab-org/security/gitlab@bf5a28cc21ffa3e7b63eeca02f220c1312314f75) ( merge request (gitlab-org/security/gitlab!3028)). Add size validation for Chart.yaml during file extraction (gitlab-org/security/gitlab@f4afa319cffded561731c117c808969b5261ca52) ( merge request (gitlab-org/security/gitlab!3018)). Prevent default branches from storing paths (gitlab-org/security/gitlab@a906e14f6891e84cfe854be960266adc7f0f6092) ( merge request (gitlab-org/security/gitlab!3011)). Validate Issuable description max length on update (gitlab-org/security/gitlab@312fbac888d0452d9beb9d6545b22972b7e1f09d) ( merge request (gitlab-org/security/gitlab!3004)). Security dynamic child pipeline zip extraction (gitlab-org/security/gitlab@ea09503c67eb1eb1f17ea49b7748543d2676e393) ( merge request (gitlab-org/security/gitlab!3007)).
15.8.022 Jan 2023 03:17 major feature: (2023-01-20). ### Added (120 changes). Expose user emails via GraphQL (gitlab-org/gitlab@c51bb3692efe2af559ae3d4fb48021840fd67aac) ( merge request (gitlab-org/gitlab!107525)). Describe possible solutions for curl 92 HTTP/2 error (gitlab-org/gitlab@8ccea46126f06513b0f9c5b06834a006680ed476) ( merge request (gitlab-org/gitlab!109102)). Add report abuse category to merge requests (gitlab-org/gitlab@d0fd2b1f17726738b954e79ee00776782bf9b258) ( merge request (gitlab-org/gitlab!108381)). Add storage admin control columns to plan limits table (gitlab-org/gitlab@fff306d8068fd87c0c7a0149672655b140cc3dae) ( merge request (gitlab-org/gitlab!108498)). Add unique index to ci_builds (gitlab-org/gitlab@6eef9ec19c01154a7f2f96613df87a1bd3d15ac6) ( merge request (gitlab-org/gitlab!109116)). Add partitioning tmp indexes to ci_sources_pipelines table (gitlab-org/gitlab@f877540bb4ee612eeaac00c1eb3d8832c43356d7) ( merge request (gitlab-org/gitlab!109094)). Add SCIM Token section to Admin Area for instance-level SCIM (gitlab-org/gitlab@33cf1877708b9e8c1ea999045688693917d28be2) ( merge request (gitlab-org/gitlab!106340)) GitLab Enterprise Edition. Drop unused index in ci_builds (gitlab-org/gitlab@0ce9cf242f815604020b9ef6fb5c0a0ceb892a72) ( merge request (gitlab-org/gitlab!108964)). Use healthStatusUpdated subscription in frontend (gitlab-org/gitlab@04d3b1bc588497bca673dba76138887fad3b43c6) ( merge request (gitlab-org/gitlab!108853)) GitLab Enterprise Edition. Expose ability to import groups without projects (gitlab-org/gitlab@5ad01e4fbf8c3ae568d391d68cc9febb23d98efa) ( merge request (gitlab-org/gitlab!108802)). Add an option to select 180 days of data (gitlab-org/gitlab@63b2650d3f9c2665288cbac6dbd09b00bd6e1f40) ( merge request (gitlab-org/gitlab!108398)) GitLab Enterprise Edition. Add tmp indexes for CI partitioning (gitlab-org/gitlab@a6f7d42fc03cf7d72dd0c786175737853a7ff8bd) ( merge request (gitlab-org/gitlab!108788)). Add GraphQL subscription for health status
15.7.314 Jan 2023 07:25 minor bugfix: (2023-01-11). ### (3 changes). Reset Container Repository Sync status on secondary (gitlab-org/gitlab@5a6d024e199c9ab9fd39df2db44a133c022eadd5) ( merge request (gitlab-org/gitlab!108679)). Enforce memory-watchdog by default (gitlab-org/gitlab@6f7fcb0f50330af46a5f7311796e5375d6d59816) ( merge request (gitlab-org/gitlab!108679)). Geo: Container Repository push events don't work (gitlab-org/gitlab@721227d157cd2f4fd842e5dcf54180bcc470336a) ( merge request (gitlab-org/gitlab!108679)).
15.7.210 Jan 2023 09:05 minor security: (2023-01-09). ### Security (9 changes). Avoid regex with potential for poorly performing backtracking (gitlab-org/security/gitlab@1cb3b4904b25f1e47a40ddd48f3fdcb16bf02401) ( merge request (gitlab-org/security/gitlab!2987)). Protect web-hook url variables after changing URL (gitlab-org/security/gitlab@58015aa49e63456094fcbf06a8fa739ac2a27f21) ( merge request (gitlab-org/security/gitlab!2976)). Limit the size of user agent to reduce ReDos attack (gitlab-org/security/gitlab@ac3eb7cbf4a1701a499d0cbbbae568c55914c8c3) ( merge request (gitlab-org/security/gitlab!2985)). Protect Sentry auth-token after changing URL (gitlab-org/security/gitlab@eba316d255caaa497e3a137aba5f262fd6272939) ( merge request (gitlab-org/security/gitlab!2983)). Delete project specific licenses when license policy is deleted (gitlab-org/security/gitlab@a6bef9aee6175401408a12fe1439e775b84bc8cb) ( merge request (gitlab-org/security/gitlab!2969)). Restrict user avatar availability based on visibility restrictions (gitlab-org/security/gitlab@9620a1bcae911c84112cc14da22711a344b89acf) ( merge request (gitlab-org/security/gitlab!2971)). Policy change to read and destroy token without license (gitlab-org/security/gitlab@5fcf1350fafe9a30f17fa19a3567620f10df1ccd) ( merge request (gitlab-org/security/gitlab!2968)). Restrict Grafana API access on public projects (gitlab-org/security/gitlab@3274a7fbeabc04f9db69ffd052e0e77a6b71a7f8) ( merge request (gitlab-org/security/gitlab!2960)). "Race condition enables verified email forgery" (gitlab-org/security/gitlab@c3e6fede4230a3ce0fc1d0e4c82f5f3ede41f663) ( merge request (gitlab-org/security/gitlab!2966)).
15.7.106 Jan 2023 07:05 minor bugfix: (2023-01-05). ### (2 changes). Relax FIPS constraints on PyPi packages (gitlab-org/gitlab@e0bfadf38b0873119dab0abba92e07085658abcd) ( merge request (gitlab-org/gitlab!107993)). Workaround a segfault due to array GC (gitlab-org/gitlab@85c7b6ad255c1638d54cb9953367e1e3e6b8396b) ( merge request (gitlab-org/gitlab!107993)). ### Performance (1 change). Remove vulnerability state migration (gitlab-org/gitlab@ef444959f787daa31d33e61fa94aa072be47a7b7) ( merge request (gitlab-org/gitlab!107993)).
15.7.022 Dec 2022 03:25 major feature: (2022-12-21). ### Added (182 changes). Get timeline event tag and display on list (gitlab-org/gitlab@e06f3b6177baf214ba724ac2fca242efdc2c4cfc) ( merge request (gitlab-org/gitlab!107081)). Add tag_list to dast_profiles (gitlab-org/gitlab@813ee04e34bc51284d4a7401463b2b71cdd8d827) ( merge request (gitlab-org/gitlab!104909)). Serialize image attributes for content editor (gitlab-org/gitlab@c45c89297ea821dc8aca311f352594ad253b6d11) ( merge request (gitlab-org/gitlab!106733)). Add CI_PROJECT_NAMESPACE_ID to predefined variables (gitlab-org/gitlab@730e2f15e41e65b8e1c9fff36e9237b4bce09096) by @vadrin ( merge request (gitlab-org/gitlab!106817)). Add project language search/filter (gitlab-org/gitlab@f556c5fb41e7d2554fc2386d86f5bda941b0606c) ( merge request (gitlab-org/gitlab!104167)). Creating tasks counts towards user contribution graph (gitlab-org/gitlab@dfb7c139ae56741e1a5b9cf701b0f0465103bdb4) ( merge request (gitlab-org/gitlab!106873)). Process requirements_v2 artifacts on CI Jobs (gitlab-org/gitlab@9779a9fc0e2bc170bb630bf48976f262e528c360) ( merge request (gitlab-org/gitlab!106746)) GitLab Enterprise Edition. Add health status selection widget for work items (gitlab-org/gitlab@cbfa1059c6940b457b464a36f10719a05e31abf0) ( merge request (gitlab-org/gitlab!106683)) GitLab Enterprise Edition. Add metrics for number of created merge requests (gitlab-org/gitlab@950c7cc08a10f6d3385b04ef7c60e262006752d3) ( merge request (gitlab-org/gitlab!106869)). Remove feature flag allow audit event type filtering (gitlab-org/gitlab@2733f009e3ad85ddcdc730f692111ed6f6574aed) ( merge request (gitlab-org/gitlab!107068)) GitLab Enterprise Edition. Create StateTransitions for dismissed Vulnerabilities (gitlab-org/gitlab@131e26e85be62a4a7f4bc3bd6b403c2cb7d26946) ( merge request (gitlab-org/gitlab!97699)). Count approval project rules metrics (gitlab-org/gitlab@2e2513983c6a4dc14f0058b3f253b8b9a05c2597) ( merge request (gitlab-org/gitlab!106787)) GitLab Enterprise Edition.
15.6.206 Dec 2022 04:05 minor bugfix: (2022-12-05). ### Added (1 change). Finalize group member namespace id migration (gitlab-org/gitlab@0b8ccad1c8c4066ffb594c8181bb1a68ddde7fdf) ( merge request (gitlab-org/gitlab!105804)). ### (4 changes). Conditionally disable fastupdate on GIN indexes (, merge_requests) (gitlab-org/gitlab@302bea06dedf5939dcb618be945bbbb85fb4dd45) ( merge request (gitlab-org/gitlab!105804)). Hide marketing-related entries (gitlab-org/gitlab@628fb55b6d32d5f4739e07cbd3c60de69246107b) ( merge request (gitlab-org/gitlab!105804)). memory limit for RssMemoryLimit monitor (gitlab-org/gitlab@4c040620cb5c84043d30587f95b4c2fc6149a3ed) ( merge request (gitlab-org/gitlab!105804)). deleting protected branch (gitlab-org/gitlab@2c884c5162ca24dbc3fd3d1c156f426f81565800) ( merge request (gitlab-org/gitlab!105804)).
15.6.101 Dec 2022 06:45 minor security: (2022-11-30). ### (1 change). Do not save PipelineMetadata if name is blank 15.6 (gitlab-org/security/gitlab@340cd5f74dbe8318105574303d49d6cda54b43bf) ( merge request (gitlab-org/security/gitlab!2947)). ### Security (12 changes). Send resolved_address param to gitaly during repository import (gitlab-org/security/gitlab@5b3540629cb8d113d96d721549be77ef35060c15) ( merge request (gitlab-org/security/gitlab!2938)). Add size validation during nuspec file extraction (gitlab-org/security/gitlab@d7048d0bf20574a5b1c926ac25b8c15504723da3) ( merge request (gitlab-org/security/gitlab!2935)). Cross-site scripting in Jira Integration (gitlab-org/security/gitlab@1419e9d1513d481472b89d36e9e22b7b20c3a5c5) ( merge request (gitlab-org/security/gitlab!2930)). Protect web-hook secret tokens after changing URL (gitlab-org/security/gitlab@d3df2d08f7ec59d2e4ebba64770c6b7309733d9b) ( merge request (gitlab-org/security/gitlab!2920)). HTML content injection in README file (gitlab-org/security/gitlab@c64a283ee09115d1edefb5fcd81a9766658757e4) ( merge request (gitlab-org/security/gitlab!2928)). Redact secret tokens from web-hook logs (gitlab-org/security/gitlab@bca8656f7a04759acec00170f9e3cabbdda45558) ( merge request (gitlab-org/security/gitlab!2916)). Prevent unauthorized users from seeing Release information on tag pages (gitlab-org/security/gitlab@f04b3cf159f40e98ea0d24df0ff168ae91522813) ( merge request (gitlab-org/security/gitlab!2927)). Update after_import to expire cache before removing prohibited branches (gitlab-org/security/gitlab@49de4ce145d00adecf33c19c8413a87e6bb0c904) ( merge request (gitlab-org/security/gitlab!2905)). Deny all package permissions when group access is restricted by IP (gitlab-org/security/gitlab@cca110162915b2cdca64181305bfed2044df2bba) ( merge request (gitlab-org/security/gitlab!2902)). Redact user emails from project webhook data (gitlab-org/security/gitlab@9148dd7f77cab086d696d56907d2cbbc921e0e6d) ( merge request (gitlab-org/securit
15.6.022 Nov 2022 03:17 major feature: (2022-11-21). ### Added (150 changes). Migration to backfill users into elastic index (gitlab-org/gitlab@dac35cd553a663861c205e832b48c7fc1eef80e8) ( merge request (gitlab-org/gitlab!102165)) GitLab Enterprise Edition. Enable Group-level Scan Result Policies feature by default (gitlab-org/gitlab@017af1e644434daa27763ab7f90788330de319c6) ( merge request (gitlab-org/gitlab!104083)) GitLab Enterprise Edition. Create the first dynamic partition for builds metadata (gitlab-org/gitlab@4de09a4b435fafa1595bb3808fe2c49357c278c8) ( merge request (gitlab-org/gitlab!102735)). Allows cascading package forward settings from admin to group (gitlab-org/gitlab@eb2a193b69a9b11adb1024a554705c3f84524cb6) ( merge request (gitlab-org/gitlab!103025)). Add enterprise information to Metadata API (gitlab-org/gitlab@6a9007f3286bf910b26a0a79e3dddca608920b04) ( merge request (gitlab-org/gitlab!103969)). Introduce a limit of 200 assignees to /MRs (gitlab-org/gitlab@511a6ae0568cfd76d6a96d86f88519c6a49db4af) ( merge request (gitlab-org/gitlab!103549)). Add a rake task to sanitize internal note todos (gitlab-org/gitlab@b9cafb101905f7b407fe493dca321b42d4221d69) ( merge request (gitlab-org/gitlab!87908)). Create Telesign services for phone verification (gitlab-org/gitlab@c37978eebc66c887d9a33284cff4c6aa4d3840c1) ( merge request (gitlab-org/gitlab!100494)). Add trend indicators to the Exec dashboard comparative table (gitlab-org/gitlab@71ee6dcc817552f7db456649bd700e38605991aa) ( merge request (gitlab-org/gitlab!103401)). Add database migrations for dependency proxy blobs in SSF (gitlab-org/gitlab@9237ac848c60b9c7daa8d692eeedecfa2a93acfd) (merge request) GitLab Enterprise Edition. Bulk delete packages for package list (gitlab-org/gitlab@e690a6e329bca673c54eda5a3cf01460f9bba22b) ( merge request (gitlab-org/gitlab!103475)). Add global alert for non-owners read-only namespace (gitlab-org/gitlab@aaa6e4a25962847fa5e4757bcbc853e166cdb783) ( merge request (gitlab-org/gitlab!103375))
15.5.412 Nov 2022 07:45 minor feature: (2022-11-11). ### (3 changes). Allow links to be opened from Swagger UI documentations (gitlab-org/gitlab@d0ee1589e00a695764a942e711dfe1be405f011c) ( merge request (gitlab-org/gitlab!103772)). Add Hashie::Array to allowed YAML serialization classes (gitlab-org/gitlab@b450aae9dbc1a0cbe124de8e3643842a11a1ee77) ( merge request (gitlab-org/gitlab!103772)). Revert Sidekiq default routing rules (gitlab-org/gitlab@f1db2eefe1d5039b220d4368dc25dbe5ad9060a1) ( merge request (gitlab-org/gitlab!103643)).
15.5.308 Nov 2022 03:45 minor bugfix: (2022-11-07). ### (1 change). Opensearch compatibility check (gitlab-org/gitlab@c7094017eb6fae71c0b8441a04f6927ed69025ea) ( merge request (gitlab-org/gitlab!103157)) GitLab Enterprise Edition.
15.5.203 Nov 2022 07:05 minor security: (2022-11-02). ### Security (11 changes). Redact confidential references in Jira descriptions (gitlab-org/security/gitlab@b6df9d1e4e0c996655a41831fbfae8f457fe1e6b) ( merge request (gitlab-org/security/gitlab!2870)). Forbid reading emojis on internal notes (gitlab-org/security/gitlab@0015523a32c38c184ffef9067d9952d0ef54e3f2) ( merge request (gitlab-org/security/gitlab!2854)). Same-site redirect vulnerability (gitlab-org/security/gitlab@7fd87a5f0b8317d45171fb565c198cda4e65fa34) ( merge request (gitlab-org/security/gitlab!2878)). BYPASS: Stored-XSS with CSP-bypass via scoped labels' color (gitlab-org/security/gitlab@2f1777b305d632b3256076967a798dab65fe6bf4) ( merge request (gitlab-org/security/gitlab!2860)). Running Upstream Pipelines Jobs Without Permission (gitlab-org/security/gitlab@9b3f469da7c0295eb12120027a45ac04f76cdad5) ( merge request (gitlab-org/security/gitlab!2881)). Add length limit to addressable URLs (gitlab-org/security/gitlab@82ffc5825c9a7761d787c66b8c4a1593b3330c50) ( merge request (gitlab-org/security/gitlab!2856)). Add a redirect wall before artifact redirect to pages (gitlab-org/security/gitlab@41a4480b3302ba8a67e94de5420d41298d258585) ( merge request (gitlab-org/security/gitlab!2875)). Sandbox swagger-ui to prevent injection attacks (gitlab-org/security/gitlab@432913f802a093b67f2e5d46cc51b5f13bb16590) ( merge request (gitlab-org/security/gitlab!2857)). external project permission when using CI prefill variables (gitlab-org/security/gitlab@ec872da0ab949f447aec35d64d1db45b5d25b7fd) ( merge request (gitlab-org/security/gitlab!2853)). Resolve users can view audit events from other members (gitlab-org/security/gitlab@34ffe2e88fa462b055f22d6af84fdb93a62fa575) ( merge request (gitlab-org/security/gitlab!2855)). Path traversal for Secure Files (gitlab-org/security/gitlab@568c36b34a884cc877b6292b340de9da66537bc8) ( merge request (gitlab-org/security/gitlab!2858)).
15.5.128 Oct 2022 03:25 minor bugfix: (2022-10-24). ### (2 changes). Batch records when preloading for indexing (gitlab-org/gitlab@43f0f24d5985ab2d731ab022aa5a498cfee5789b) ( merge request (gitlab-org/gitlab!101927)) GitLab Enterprise Edition. Specify certificates when connecting to KAS using TLS (gitlab-org/gitlab@f445f3f11d93eef56793fc116c7b2f1a4d030701) ( merge request (gitlab-org/gitlab!101927)).
15.5.024 Oct 2022 07:25 major feature: (2022-10-21). ### Added (159 changes). Render labels correctly in content editor (gitlab-org/gitlab@638d82853f69babb1cdab437c5ae5c7befbb0c8d) ( merge request (gitlab-org/gitlab!101027)). Add "use_legacy_web_ide" to "user_preferences" (gitlab-org/gitlab@a5fc40397368786dd6596ae36768967382585f50) ( merge request (gitlab-org/gitlab!98945)). Set default compliance framework during project creation (gitlab-org/gitlab@bdcce8e14ed51e58b03a4b5eea623915d17fafad) ( merge request (gitlab-org/gitlab!100959)) GitLab Enterprise Edition. Expose `created_by` in the Users API (gitlab-org/gitlab@d235f2cead5e0505660612b207a722fb57d6a82a) ( merge request (gitlab-org/gitlab!93092)). Add models for tag and tag links (gitlab-org/gitlab@ae345a3d0df94f98a67354585395fbcd6646305b) (merge request). Adding migration for backfilling namespaces metadata (gitlab-org/gitlab@5ff5b728057411fd3f71b66f8cd1325c4706b771) ( merge request (gitlab-org/gitlab!98513)). Add metrics for projects with applied scan result policies (gitlab-org/gitlab@a078b5a8f37c654bbff240f95bc8636fc1e5861e) ( merge request (gitlab-org/gitlab!99955)) GitLab Enterprise Edition. Moved label and date widgets out of FF (gitlab-org/gitlab@46951293e36801a3ac1609f941427f3ec8df315d) ( merge request (gitlab-org/gitlab!101117)). Add GraphQL field to preview billable user changes (gitlab-org/gitlab@282f335d0b86674d90a6b42329037b9ce09a0819) ( merge request (gitlab-org/gitlab!90195)) GitLab Enterprise Edition. Additional Gitlab::Json method aliases (gitlab-org/gitlab@457279cf874b89cb9ab837810785d1019c38cffb) ( merge request (gitlab-org/gitlab!101286)). Enhance review app modal instructions (gitlab-org/gitlab@1ee8b02d94061b282a3f47d10c9582107a805217) ( merge request (gitlab-org/gitlab!95004)). 18052 Gitlab import: attachments (gitlab-org/gitlab@db828d5c6098e51b0106480cafc4e244bef57144) ( merge request (gitlab-org/gitlab!100510)). Namespace package forward settings in GraphQL (gitlab-org/gitlab@60a6a487ba96311af92884
15.4.320 Oct 2022 06:45 minor bugfix: (2022-10-19). ### (4 changes). Sign in: use custom logo again (gitlab-org/gitlab@5822562c4c3508927e3b217749867736e91316f3) ( merge request (gitlab-org/gitlab!101235)). closing of external (gitlab-org/gitlab@1302f992e3706b698c983961f596fcab03704c3f) ( merge request (gitlab-org/gitlab!101235)). Sign in: use custom logo again (gitlab-org/gitlab@d760473a022ef485be7e258ab5fc406f05a127a4) ( merge request (gitlab-org/gitlab!101235)). REST/GRAPHQL APIs handling TODOs WorkItem target (gitlab-org/gitlab@f4157b08596040bbc504292c4a75fe2100aa570c) ( merge request (gitlab-org/gitlab!100081)).
15.4.205 Oct 2022 10:25 minor bugfix: (2022-10-04). ### (1 change). Ensure that stage name and record are in sync for page deployments (gitlab-org/gitlab@ce58ec2ef959bd35ddbc6992560a163c8fc4f145) ( merge request (gitlab-org/gitlab!100037)).
15.4.130 Sep 2022 07:05 minor security: (2022-09-29). ### Security (15 changes). Redact user's private email in group member event webhook (gitlab-org/security/gitlab@f556c625f37d1be801b54c5a1ff3dd37434d48e4) ( merge request (gitlab-org/security/gitlab!2809)). Redact secrets from WebHookLogs (gitlab-org/security/gitlab@7101edbc7fc27e2d2d23b8f9f84611943b310b71) ( merge request (gitlab-org/security/gitlab!2805)). Forbid creating a tag using default branch name (gitlab-org/security/gitlab@ba3e62fc30f475b9334440409f5bad481b3c5dd6) ( merge request (gitlab-org/security/gitlab!2798)). Sanitize Url and check for valid numerical errorId in error tracking (gitlab-org/security/gitlab@fba573834091aec7bde7856bfddd080cc74fb3ae) ( merge request (gitlab-org/security/gitlab!2819)). Add security protection for Github (gitlab-org/security/gitlab@6265bdb12496d34f30d9ae6889288c6857fd4fd0) ( merge request (gitlab-org/security/gitlab!2803)). leaking emails in WebHookLogs (gitlab-org/security/gitlab@7580a2d62cd421b5176a3ce7f23c7d192e69989e) ( merge request (gitlab-org/security/gitlab!2806)). Restrict max duration to 1 year for trace display (gitlab-org/security/gitlab@e1162719cc9e62692c911c992175d6ef3b5f996f) ( merge request (gitlab-org/security/gitlab!2817)). Use UntrustedRegexp for upload rewriter (gitlab-org/security/gitlab@fde2bb115242a9af3678e5c8547c7c9ccd2b0c1e) ( merge request (gitlab-org/security/gitlab!2790)). Validate httpUrlToRepo to be http or https only (gitlab-org/security/gitlab@d56ebc1a207618ec846e6ee2c842d3a5019444b7) ( merge request (gitlab-org/security/gitlab!2811)). Respect instance level rule for editing approval rules (gitlab-org/security/gitlab@dc5dd5be3f3f681ca499d3a59eb469bd12dad51b) ( merge request (gitlab-org/security/gitlab!2796)). Prevent users creating in ay project via board/controller (gitlab-org/security/gitlab@e0b09653ff468b65a73155a2e28077a0e94dc7e8) ( merge request (gitlab-org/security/gitlab!2781)). Prevent serialization of sensible attributes from JsonCache (gitlab
15.4.022 Sep 2022 03:17 major feature: (2022-09-21). ### Added (162 changes). Add git tags from last deployment to environment detail page (gitlab-org/gitlab@dd9fbfc75790666b2ff3aff0dc45d2ddfc1695ae) ( merge request (gitlab-org/gitlab!96060)). Background worker for suggested reviewers (gitlab-org/gitlab@38048811859fa714a5f2dcb79e38877f99b3460f) ( merge request (gitlab-org/gitlab!97622)). Maven request forwarding (gitlab-org/gitlab@80c6b14a94c96eb9772786b669249512ae6bfb86) ( merge request (gitlab-org/gitlab!85299)). Add edited by information to GraphQL WorkItem type (gitlab-org/gitlab@4be6e1c75b511c2e4173517b0e57b1f9c534b8ba) ( merge request (gitlab-org/gitlab!97328)). RPM initial upload and package creation (gitlab-org/gitlab@b1f7bf75fe40ab26d1ffa50d20b07ae426b30b9f) ( merge request (gitlab-org/gitlab!96940)). Add codeOwnerReviewRequired to EE (gitlab-org/gitlab@8bd7af46e98e2ee3b4680e01e6817cc968a7c865) ( merge request (gitlab-org/gitlab!96693)) GitLab Enterprise Edition. Added REST APIs to fetch latest release and download release assets (gitlab-org/gitlab@09faee593310ed2c5965788cb1efbebfbd7690f8) by @zillemarco ( merge request (gitlab-org/gitlab!92607)). Add iterations cadences to Gitlab Migration (gitlab-org/gitlab@9aa3c847a7a838f887c1ccdd8af0aedbfb322052) ( merge request (gitlab-org/gitlab!96570)) GitLab Enterprise Edition. Expose user and group for branch protection access levels in EE (gitlab-org/gitlab@5a96b284a5985a1192f3a63856d07640e704e3b9) ( merge request (gitlab-org/gitlab!96301)) GitLab Enterprise Edition. Add cluster_agent_id and image to GraphQL vulnerabilitySeveritiesCount (gitlab-org/gitlab@1e8223d08bd2103a99e10b5e8a93888ae9fa0616) ( merge request (gitlab-org/gitlab!98168)) GitLab Enterprise Edition. Add unique index to ci_builds_metadata (gitlab-org/gitlab@f84cbd4a20b86d596d405afb9b9d099996aa425b) ( merge request (gitlab-org/gitlab!97924)). Add job field to ProjectType (gitlab-org/gitlab@442fc9f599032672cea48385377a29962a03ac1e) ( merge request (gitlab-org/git
15.3.304 Sep 2022 03:17 minor bugfix: (2022-09-01). ### (5 changes). Skip file removal if GitLab managed replication is disabled (gitlab-org/gitlab@dbec61270621df70775c98946d09deca913bd187) ( merge request (gitlab-org/gitlab!96556)) GitLab Enterprise Edition. Geo: redirects of LFS transfer downloads (gitlab-org/gitlab@98092958c879d1dc9dda0ba2953ba548aa0b93c0) ( merge request (gitlab-org/gitlab!96654)) GitLab Enterprise Edition. Improve blame link feature (gitlab-org/gitlab@163cadb49f96951a0f747d61a8cd1cb92b7d4296) ( merge request (gitlab-org/gitlab!96654)). Bypass earliest date validation in importing of iteration cadences (gitlab-org/gitlab@66f56eb2551a302d80ca0891ff0bddec1c84f025) ( merge request (gitlab-org/gitlab!96654)) GitLab Enterprise Edition. user recent activity links for work item actions (gitlab-org/gitlab@9d9368545847cf558fad26a64b216a00b2db36b4) ( merge request (gitlab-org/gitlab!96654)).
15.3.231 Aug 2022 08:45 minor security: (2022-08-30). ### Security (17 changes). No overriding methods for Sawyer class (gitlab-org/security/gitlab@397aa9e269676f4ab3dfba4c3ba8fef131b5b4bd) ( merge request (gitlab-org/security/gitlab!2754)). Update Oj to v3.13.21 (gitlab-org/security/gitlab@15f86c00b579ad1b4aeedd395f9239e8229c6f8b) ( merge request (gitlab-org/security/gitlab!2730)). Prevent long loops when generating suggested branch name (gitlab-org/security/gitlab@1479c9e2a0444794ea274b07e0f59e8a50ced6ee) ( merge request (gitlab-org/security/gitlab!2743)). IDOR in Zentao integration show page (gitlab-org/security/gitlab@92fdf89045bf294d4ee0338ba3f26c91094a073e) ( merge request (gitlab-org/security/gitlab!2740)). Patch VULNDB-255039 (potential Rack cache poisoning) (gitlab-org/security/gitlab@383c926cc8aa4e2c4273556a181e1ddc1b71049f) ( merge request (gitlab-org/security/gitlab!2697)). HTML escape the label background color (gitlab-org/security/gitlab@1e43656560fbc13907af72d5d4f696df95d7f49c) ( merge request (gitlab-org/security/gitlab!2719)). Sandbox jupyter notebook HTML output (gitlab-org/security/gitlab@3ade5f2fadbb0c15d9e5a14306d0a79136a8f23e) ( merge request (gitlab-org/security/gitlab!2710)). unauthorized GFM references in Incident Timeline (gitlab-org/security/gitlab@2e18b59472b5a43921d39433e60038b0f254d123) ( merge request (gitlab-org/security/gitlab!2707)). Optimize handling repositories with huge trees (gitlab-org/security/gitlab@4bfaca71c8d8f663242138049cf5639e69326bbb) ( merge request (gitlab-org/security/gitlab!2706)). Parse commit trailers without using regexp (gitlab-org/security/gitlab@c15b2cd9b5e572a9bbc7c0c5cb7c9511f1a04ead) ( merge request (gitlab-org/security/gitlab!2699)). Check for pathological markdown input (gitlab-org/security/gitlab@2fd5e1133e1acd82cdb524f059b554976cd68f51) ( merge request (gitlab-org/security/gitlab!2733)). Replaced smooshpack to the vulnerability in LivePreview (gitlab-org/security/gitlab@114637f8f0d9add00914ac3e4562419b0f1b4f63) ( m
15.3.124 Aug 2022 11:05 minor security: (2022-08-22). ### Security (1 change). Validate if values to be saved in Redis can be converted to string (gitlab-org/security/gitlab@e8a4aeff901363923a5ddff3f7c6b654abf2b125) ( merge request (gitlab-org/security/gitlab!2723)).
15.3.020 Aug 2022 03:17 major feature: (2022-08-19). ### Added (147 changes). Added delete release audit event (gitlab-org/gitlab@0a3e82f0501632068061aba81b3c970be461c42a) by @patnaikshekhar ( merge request (gitlab-org/gitlab!94793)). Adds data models for ML Experiment Tracking (gitlab-org/gitlab@aaf6b690c6225c5b7a439d00abadf513b14a2ab3) ( merge request (gitlab-org/gitlab!95168)). Allow access to project-level packages API with CI job token (gitlab-org/gitlab@85fd642c62443953e03d16e38fed8bf15bc29021) by @nejc ( merge request (gitlab-org/gitlab!91437)). Add tooltip on task item confidential badge (gitlab-org/gitlab@e54d32170d72d0d2e33cac06264a18cb7fd53150) ( merge request (gitlab-org/gitlab!95552)). Add recent events to group hooks (gitlab-org/gitlab@a6a9334080759e705810d894158ac5abc365d2d8) ( merge request (gitlab-org/gitlab!94145)) GitLab Enterprise Edition. Add parent_full_path to GraphQL WorkItemType (gitlab-org/gitlab@55e07a3c42593e64a17cf806ddf05a1df4aece62) ( merge request (gitlab-org/gitlab!95224)). Enable job log search (gitlab-org/gitlab@83b278d492b44a138dd74b04133c83663046b86d) ( merge request (gitlab-org/gitlab!95519)). Update task item status icon add tooltip support (gitlab-org/gitlab@40d2c373f3388cb5b4c3a4f234011f4b0e96d250) ( merge request (gitlab-org/gitlab!95345)). Expose work item timestamps in GraphQL (gitlab-org/gitlab@81b1402e47caacea887598e55c79c35c10e152d4) ( merge request (gitlab-org/gitlab!95507)). Add sorting/filtering/paging to CRM contacts (gitlab-org/gitlab@bec4924983f4fb90b7a8fadc1cceee0c0db74e9a) by @leet ( merge request (gitlab-org/gitlab!95408)). Make fork targets searchable (gitlab-org/gitlab@494620b3a8f315e9e1fa167eae83362733cdfaef) ( merge request (gitlab-org/gitlab!95479)). Add MR Approvals to Project Import/Export (gitlab-org/gitlab@799bd79995c3dffaa0a089b388198b9c10e806d0) ( merge request (gitlab-org/gitlab!94858)). Add alpha detailed_mergeability_status attribute to graphql (gitlab-org/gitlab@ae33513b4b6c6a80d7e4129a14b53c8a9e237042)
15.2.202 Aug 2022 06:45 minor bugfix: (2022-08-01). ### (6 changes). Upgrade Oj to v3.13.19 to a seg fault (gitlab-org/gitlab@758dff584369303f4176a96ac130954724a0e9f5) ( merge request (gitlab-org/gitlab!93652)). Gracefully handle nil created_at values in CI pipelines (gitlab-org/gitlab@492a3dcf6c37f8968282a93cf485f2358ecd7943) ( merge request (gitlab-org/gitlab!93652)). CI artifact sizes not logged for some runner endpoints (gitlab-org/gitlab@97ca5e38b1917239bb62cbd338eb689a0ff15fbb) ( merge request (gitlab-org/gitlab!93652)). RescheduleBackfillImportedearchData migration (gitlab-org/gitlab@015e908479a44276833e5bb40d6bd613c394f460) ( merge request (gitlab-org/gitlab!93652)). Upgrade oj to v3.3.18 to illegal instruction errors (gitlab-org/gitlab@5caf005e1315f7acd145bcbb6d5ced5281a10e56) ( merge request (gitlab-org/gitlab!93652)). Use `CREATE OR REPLACE FUNCTION` to define vulnerability reads triggers (gitlab-org/gitlab@dbfa0d51a1851e940ad243f720cbfe1e25c76111) ( merge request (gitlab-org/gitlab!93652)). ### Changed (1 change). ES client for nil password (gitlab-org/gitlab@9bd4fa109c06959f5e9b4668c85327e3503bf55a) ( merge request (gitlab-org/gitlab!93652)) GitLab Enterprise Edition.
15.2.129 Jul 2022 07:05 minor security: (2022-07-28). ### Security (18 changes). Security datadog integration leaking (gitlab-org/security/gitlab@49ec4f1a982ba1798461fad8a0f053b21c8ce8bf) ( merge request (gitlab-org/security/gitlab!2643)). Prevent users who cannot admin a public project from viewing deploy keys (gitlab-org/security/gitlab@1ff5d27ad0574fd5304114ddcc2f0e312d6bd29c) ( merge request (gitlab-org/security/gitlab!2640)). Add additional condition to accept invitation (gitlab-org/security/gitlab@90ad2f07ff08c1da02600af0c2cfe3fdd20a6856) ( merge request (gitlab-org/security/gitlab!2656)). Update GITLAB_PAGES_VERSION (gitlab-org/security/gitlab@bf54d6fa66c4981d75410591e8370c721f2f68e5) ( merge request (gitlab-org/security/gitlab!2615)). Add html_escape to build_details_entity (gitlab-org/security/gitlab@9cfafde666f0f33fb110d585652ea0db4afee340) ( merge request (gitlab-org/security/gitlab!2636)). Check permissions when filtering by contact or organization (gitlab-org/security/gitlab@bf32322d55bf148901b45aa4ae3a7daecdd4ed24) ( merge request (gitlab-org/security/gitlab!2644)). Use author to run subscribed pipeline (gitlab-org/security/gitlab@36addfe325af0780cff649ad43a9cd18d22367e3) ( merge request (gitlab-org/security/gitlab!2616)). Remove prohibited branches after project import (gitlab-org/security/gitlab@96f8f0a30b8bce1c51c3e39808baf74ba6504b33) ( merge request (gitlab-org/security/gitlab!2590)). Remove feature flag `ci_yaml_limit_size` (gitlab-org/security/gitlab@fe4b00b9ce8db49b12a7c59c9a8bd2260cbd8f53) ( merge request (gitlab-org/security/gitlab!2602)). Maintainer can change the visibility of Project and Group (gitlab-org/security/gitlab@91d953642a41305c2a8907ac252af370a837c5ab) ( merge request (gitlab-org/security/gitlab!2619)). Do not link unverified secondary emails with any users (gitlab-org/security/gitlab@84e5ba9eb2c7bbc97d6527333bb8142cbe481304) ( merge request (gitlab-org/security/gitlab!2651)). Forbid exchanging access token for ROP flow to users required 2FA
15.2.024 Jul 2022 03:17 major feature: (2022-07-21). ### Added (171 changes). Add user id to profile page (gitlab-org/gitlab@b91b90f623b1f1b71f3348bd624c518fddd262ae) by @TrueKalix ( merge request (gitlab-org/gitlab!92212)). API Get endpoint for latest TF module version (gitlab-org/gitlab@ba125b4692d966ae7c8d04a19f1b367238127731) by @renehernandez ( merge request (gitlab-org/gitlab!92450)). Adds package cleanup policy project settings (gitlab-org/gitlab@4c9ffd9067248b5eba1d0a2b043804c815ba166b) ( merge request (gitlab-org/gitlab!90783)) GitLab Enterprise Edition. Display users that have been banned in a namespace (gitlab-org/gitlab@855aae5300cb939bf490088a3a2518566c21edd3) ( merge request (gitlab-org/gitlab!91465)) GitLab Enterprise Edition. Introduce :gitlab_geo schema for Geo tracking DB (gitlab-org/gitlab@b5525d97a7308d32ac64892549d2e79a4f1a0ea8) ( merge request (gitlab-org/gitlab!85842)) GitLab Enterprise Edition. Add request-URL to vulnerability details (gitlab-org/gitlab@ba2648db8318cdcad4f6db15921469fc238f676c) ( merge request (gitlab-org/gitlab!91342)) GitLab Enterprise Edition. Add link to change failure rate chart from tile (gitlab-org/gitlab@39e800f40efbcc30b726d97ec6ac85828316eb3e) ( merge request (gitlab-org/gitlab!92529)). Add watchdog to observe memory fragmentation (gitlab-org/gitlab@e4d58c89189909dc1eb042bba77d3767056f4699) ( merge request (gitlab-org/gitlab!91910)). Add background jobs for cleanup policies for packages (gitlab-org/gitlab@ba99ba6a2902ae33fd9ef8302bb892e204314b17) ( merge request (gitlab-org/gitlab!89055)). Adds sidekiq_jobs_interrupted counter (gitlab-org/gitlab@e2c9d2ed52054e737b54095e8b20bb90106f1238) ( merge request (gitlab-org/gitlab!92560)). Add timeline feature to incidents (gitlab-org/gitlab@bd4714317073b74b4e831eb69440cb4be562f826) ( merge request (gitlab-org/gitlab!92345)). Respect parent namespace for gitlab migration (gitlab-org/gitlab@ae56020be41e092c355b07af7f5351cce3904397) ( merge request (gitlab-org/gitlab!90899)). Allow user
15.1.320 Jul 2022 03:17 minor feature: (2022-07-19). ### Added (1 change). Add praefect list virtual storages subcommand documentation (gitlab-org/gitlab@95689c32e2734831c00ef30de303098485ec095a) ( merge request (gitlab-org/gitlab!92708)). ### (1 change). group access dropdown failure if no subgroups are available (gitlab-org/gitlab@518a2f55caddab0c18d0548d0a8f777afe5ae666) ( merge request (gitlab-org/gitlab!92708)) GitLab Enterprise Edition.
15.1.206 Jul 2022 03:17 minor feature: (2022-07-05). ### (3 changes). Resolve "White screen of death on creating new project" (gitlab-org/gitlab@b737280d402aa88f723ada9885ccca22fa4457b5) ( merge request (gitlab-org/gitlab!91668)). agent token modal (gitlab-org/gitlab@6fdffc4a534f67953a1555a0e4e35e4bd2bcb960) ( merge request (gitlab-org/gitlab!91668)). Resolve "Gitlab doesn't detect the deployment pods after K8s cluster upgrade to v1.22" (gitlab-org/gitlab@5eb84d7d96189f7119aa325e83a3723942cc14ba) ( merge request (gitlab-org/gitlab!91668)). ### Changed (2 changes). Update gitaly_cgroups metric name in docs (gitlab-org/gitlab@1af956596f052446f7ee2d42635b891670ddccd4) ( merge request (gitlab-org/gitlab!91668)). Refactor add populate commit permission migration (gitlab-org/gitlab@bc80cc41c2b90b8e459055c5ec1885941798f3c2) ( merge request (gitlab-org/gitlab!91668)) GitLab Enterprise Edition. ### Removed (1 change). Geo Sites Form - Remove Beta Badge (gitlab-org/gitlab@2feffa8e272aa8d9e608ad3e510a93fda93b7fcb) ( merge request (gitlab-org/gitlab!91668)) GitLab Enterprise Edition.
15.1.101 Jul 2022 03:17 minor security: (2022-06-30). ### Security (16 changes). group IP restrictions not enforced for container registry requests (gitlab-org/security/gitlab@0c9628791bf383734ec8f32e1d0040ca2fd62178) ( merge request (gitlab-org/security/gitlab!2550)). Gitlab Runner version upgrade (gitlab-org/security/gitlab@b7e06c1e812fdf0a2fab4aca07cdea33ff22b41c) ( merge request (gitlab-org/security/gitlab!2564)). Update ProjectAttributesTransformer to use number of attributes (gitlab-org/security/gitlab@fae2720ffd7ec5ce3eb88e3b68b2879f4f664cf4) ( merge request (gitlab-org/security/gitlab!2547)). Escape deploy key title to prevent XSS (gitlab-org/security/gitlab@071c3fa4ae63d03117a3c02752711d29f6f620b1) ( merge request (gitlab-org/security/gitlab!2492)). Sanitize ZenTao breadcrumb links (gitlab-org/security/gitlab@5b16b65cfe57a946f25842b7818dafe6c8a934ea) ( merge request (gitlab-org/security/gitlab!2555)). permissions in the project labels API (gitlab-org/security/gitlab@b3ff7ee5a64382ff9ee34bc3fc44acd0117f86d9) ( merge request (gitlab-org/security/gitlab!2532)). Security sentry leaks and access level check (gitlab-org/security/gitlab@a0ad79588f170e1c58206e42d8b550d75e874a4d) ( merge request (gitlab-org/security/gitlab!2531)). Check permissions before exposing user two factor enabled (gitlab-org/security/gitlab@3b7c699ffcca64721c0876da12435c148f8e83a7) ( merge request (gitlab-org/security/gitlab!2530)). Filter milestone release by user access (gitlab-org/security/gitlab@dc79edc16c7422279235d2ad8a4807644840fc4c) ( merge request (gitlab-org/security/gitlab!2535)). the required access level in the Conan packages finder (gitlab-org/security/gitlab@5221ca59f09361f90798348851fa12c91e5d9e35) ( merge request (gitlab-org/security/gitlab!2513)). Allow inviting only groups with subset of allowed domains to groups (gitlab-org/security/gitlab@03dfb153355d0465ea25a6d73db895c975fc32df) ( merge request (gitlab-org/security/gitlab!2538)). open redirect vulnerability (gitlab-org/security/gitl
15.1.022 Jun 2022 09:25 major feature: (2022-06-21). ### Added (147 changes). Add GraphQL API to create resource links (gitlab-org/gitlab@cf6881e6d281ec62f6bc742794b81dd1dbbd3daa) (merge request) GitLab Enterprise Edition. Add support for collecting jemalloc stats (gitlab-org/gitlab@0b76148a078903dda4e6698ff6c20fc287887ec7) ( merge request (gitlab-org/gitlab!89303)). Add audit event for disabling 2FA (gitlab-org/gitlab@93f3ca0a2c3535b8eb3b4176f877abc99b75c78e) ( merge request (gitlab-org/gitlab!89598)) GitLab Enterprise Edition. Add auditEventsStreamingHeadersDestroy Mutation (gitlab-org/gitlab@50e59b0fe7bd4864fdc5735d1876041e0c7b9aeb) ( merge request (gitlab-org/gitlab!88408)) GitLab Enterprise Edition. Add backend changes to sort by at (gitlab-org/gitlab@f77350c785ae225fefecce7e983ab37b9ff58340) by @zillemarco ( merge request (gitlab-org/gitlab!89606)). Display invalid approvals on merge request widget (gitlab-org/gitlab@8aa64755f7ec14b7a704db4d925c27ba7578a68a) ( merge request (gitlab-org/gitlab!88941)). Add ownerProject field to RunnerType (gitlab-org/gitlab@72ec72a0b0ad63f64c441e47d1f214e5a8c16b52) ( merge request (gitlab-org/gitlab!89922)). Mutation to delete multiple package files (gitlab-org/gitlab@9fe8deddb8ba788fee886b36e5ec61df600a5109) ( merge request (gitlab-org/gitlab!89927)). GraphQL: Add lazy load for blocking epics count (gitlab-org/gitlab@888c4b2dc6b69c73c9ecf9645f21a774f552e86e) ( merge request (gitlab-org/gitlab!89632)) GitLab Enterprise Edition. Add git protocol configuration to groups (gitlab-org/gitlab@0938dfe435e42d08c1df0f930bd1f6042d68aad9) ( merge request (gitlab-org/gitlab!89817)). Prevent users from using known insecure public key (gitlab-org/gitlab@8a0678ef91684ede86b850a4f30c8eebbcc0d244) ( merge request (gitlab-org/gitlab!90369)). Preview plantuml/kroki diagrams in content editor (gitlab-org/gitlab@fc0aab15f39aff7fb604c06ce218e22926e8423b) ( merge request (gitlab-org/gitlab!86701)). Add scan_execution_policies endpoint to the Kubernetes interna
15.0.317 Jun 2022 03:17 minor feature: (2022-06-16). ### (2 changes). Disconnect alternates when unlinking from a repository pool (gitlab-org/gitlab@a6f4b701af0d5850a10d77feeb4842b1fe017047) ( merge request (gitlab-org/gitlab!90269)). Add GitLab agent image tag to install command (gitlab-org/gitlab@09decb04e391f095139412ed623164cab8023a7c) ( merge request (gitlab-org/gitlab!90269)).
15.0.207 Jun 2022 03:25 minor bugfix: (2022-06-06). ### Added (1 change). Add event type in audit event streaming (gitlab-org/gitlab@55ba03fc8342a608e774db01ecadfa0441ea7f76) ( merge request (gitlab-org/gitlab!89266)) GitLab Enterprise Edition. ### (10 changes). Advanced Search Opensearch detection (gitlab-org/gitlab@38b58801fed210cef048daf30b4d52542fefb1cf) ( merge request (gitlab-org/gitlab!89266)) GitLab Enterprise Edition. on list page (gitlab-org/gitlab@d02cc074f6c3aa0da972d6a368aca423fe50f437) ( merge request (gitlab-org/gitlab!89266)). Include inherited owners when calculating User#solo_owned_groups (gitlab-org/gitlab@d38405007bb4b36441bdb4f15acc5d0093c63115) ( merge request (gitlab-org/gitlab!89266)). description list item styling (gitlab-org/gitlab@e1077027f1a2616026e7297ae5742a8ddc09d794) ( merge request (gitlab-org/gitlab!89266)). focus for linked input field IDE cursor (gitlab-org/gitlab@3249749eec2dddde761532d2d899e45c39db815c) ( merge request (gitlab-org/gitlab!89266)). docs: DS_DEFAULT_ANALYZERS variable docs (gitlab-org/gitlab@b5aad346a987a6135e05a0fb6b21b5928101fd7f) ( merge request (gitlab-org/gitlab!89266)). Remove existing repository backups when creating a full backup (gitlab-org/gitlab@d12ab4c65b7a99b94220716e9a0f60fe74296010) ( merge request (gitlab-org/gitlab!89266)). Move LFK scheduling out from EE check (gitlab-org/gitlab@43f352382e3dbeb445732e4d8752c161e3e26088) ( merge request (gitlab-org/gitlab!89266)). drag and drop list item (gitlab-org/gitlab@75957edfd741f0e96645871d73e09a87938b0012) ( merge request (gitlab-org/gitlab!89266)). Hide internal note checkbox on unsupported issuable types (gitlab-org/gitlab@4eaed3e11797c8f1e0c6a710b3a411fe9c38090d) ( merge request (gitlab-org/gitlab!89266)) GitLab Enterprise Edition. ### Changed (1 change). Update auto-deploy-image to v2.28.2 (gitlab-org/gitlab@881ef5713a6a16f6ed5e77cf91f9a82dff788b02) ( merge request (gitlab-org/gitlab!89266)).
15.0.102 Jun 2022 06:05 minor security: (2022-06-01). ### Security (8 changes). IP restrictions not applying to deploy tokens (gitlab-org/security/gitlab@3af76bc31e2d141e2262d65eb08fcab7f34844bf) ( merge request (gitlab-org/security/gitlab!2474)). Trigger token should respect group IP restrictions (gitlab-org/security/gitlab@f9ba81383a97b014be3085524def6f01120d9e3e) ( merge request (gitlab-org/security/gitlab!2476)). content injection in Jira title (gitlab-org/security/gitlab@d0c449079ce8d680f3390e21ed08aced1bfaf17b) ( merge request (gitlab-org/security/gitlab!2463)). Escape contact details correctly in quick actions (gitlab-org/security/gitlab@cbafec91630b1309354784040c572ba1f844f794) ( merge request (gitlab-org/security/gitlab!2459)). Subgroup member can list members of parent group (gitlab-org/security/gitlab@93583b7fe97f59f746f719742230eadbfbdf5ce3) ( merge request (gitlab-org/security/gitlab!2479)). Do not allow project member import when membership is locked (gitlab-org/security/gitlab@b6ca02c9bac46ebcc822bbeee9e75aaf184d9996) ( merge request (gitlab-org/security/gitlab!2457)). Disable changing user attributes when updating SCIM provisioned user (gitlab-org/security/gitlab@660a0021e3df45893c1f4317d3aa86dd276c6071) ( merge request (gitlab-org/security/gitlab!2453)). Allow only job owner to run interactive terminal (gitlab-org/security/gitlab@917c3e4e314b02da33d8b9aea07179bc74833053) ( merge request (gitlab-org/security/gitlab!2451)).
15.0.021 May 2022 04:05 major feature: (2022-05-20). ### Added (147 changes). Self-managed SAML Group Links and Membership Updater (gitlab-org/gitlab@1e0f58b879ef31887b9a74185313b17b56609087) ( merge request (gitlab-org/gitlab!85209)) GitLab Enterprise Edition. Show error message in pipeline alert (gitlab-org/gitlab@6252f29ff3fa438282065fec8435b5c517cb3cf3) ( merge request (gitlab-org/gitlab!87478)). Upgrade GitLab Pages to 1.58.0 (gitlab-org/gitlab@cd321ca67463512b29437f527216438a439a1391) ( merge request (gitlab-org/gitlab!87780)). Drag and drop list items on page (gitlab-org/gitlab@4eedecb70ba9d3aba5e2f88611cf81b315e69a92) ( merge request (gitlab-org/gitlab!85936)). Default enable automated_email_provision feature flag (gitlab-org/gitlab@7674378f2dd15ad6ecadb96eb810062ffe1de5ce) ( merge request (gitlab-org/gitlab!87099)) GitLab Enterprise Edition. Bump Gitlab Shell version to 14.3.0 (gitlab-org/gitlab@2a835d002d918cc143a39e41d81a7ab30f9b5f50) ( merge request (gitlab-org/gitlab!87762)). Add documentation for inactive project deletion feature (gitlab-org/gitlab@025a9389d1d1a0b25e0685f4f6f6ac7d22c3f4b2) ( merge request (gitlab-org/gitlab!86907)). Enable confidential_notes FF by default (gitlab-org/gitlab@44fe4216bd63cdba718fb5344f07fb0c256a7f6e) ( merge request (gitlab-org/gitlab!87383)). Add slack_app_signing_secret to settings (gitlab-org/gitlab@62629f80fd850b9ef0bdf54cd1f58387d81b288c) ( merge request (gitlab-org/gitlab!86623)). Add a 409 error page (gitlab-org/gitlab@ce8aa56314eca5016935cad1d5fabe6a6191c5e9) ( merge request (gitlab-org/gitlab!87134)). Store pipeline creation rate limit into application settings (gitlab-org/gitlab@b611e17cf016dcb7994d835d4ed9f59a52e1cd22) ( merge request (gitlab-org/gitlab!86466)). Add REPOSITORIES_STORAGES option to backups (gitlab-org/gitlab@721440b63d74ecc6506715368a4b544d1dbb6ce5) ( merge request (gitlab-org/gitlab!86896)). Add option to disable seperated caches (gitlab-org/gitlab@daccb0b39344257a235c2eca0879fb5c37e0a1af) by @Taucher20
14.10.207 May 2022 07:05 minor feature: (2022-05-04). ### (2 changes). Resolve "Fork relationship is not respected for certain projects" (gitlab-org/gitlab@881099bc27d9696ea3b9bcc2a1e43c3207ee4bb3) ( merge request (gitlab-org/gitlab!86476)). mappings errors for ES6.8 (gitlab-org/gitlab@5caac54a746a331d828d4e3ce24273cd6173c86f) ( merge request (gitlab-org/gitlab!86476)) GitLab Enterprise Edition. ### Other (1 change). Add documentation for mr settings audit events part 1 (gitlab-org/gitlab@95bfdae5a677de5ac9d0d5ceccd42e88ca4f99c4) ( merge request (gitlab-org/gitlab!86476)).
14.10.103 May 2022 06:25 minor security: (2022-04-29). ### Security (14 changes). Add sufto cache name to add isolation (gitlab-org/security/gitlab@9ff0233c191339f4dd042b7f55d1ffd66b3f9a2b) ( merge request (gitlab-org/security/gitlab!2426)). Update Import/Export merge/push access levels exclude ci config path (gitlab-org/security/gitlab@40f32316dad5bb0779907261215b3526ed8871fc) ( merge request (gitlab-org/security/gitlab!2404)). Prevent maintainers from editing PipelineSchedule (gitlab-org/security/gitlab@2ce3805447b4b3b7336d46d1d21dcd9e173c40be) ( merge request (gitlab-org/security/gitlab!2421)). Add validation to pypi file sha256 values (gitlab-org/security/gitlab@afc796f43df09a2e43f40beaffec942a80ad973d) ( merge request (gitlab-org/security/gitlab!2415)). Conan Token uses PAT rather than ID in payload (gitlab-org/security/gitlab@2679b802ac4cd9bd36190bcca691177c5568a981) ( merge request (gitlab-org/security/gitlab!2412)). security markdown API disclosing titles of limited projects (gitlab-org/security/gitlab@66088697787bcd55a727602da4f7fdd51b997eb0) ( merge request (gitlab-org/security/gitlab!2407)). Verify that mentioned user can read TODO's note (gitlab-org/security/gitlab@fd166c1b4cc01e2bbbecabbab706deb423fa17f6) ( merge request (gitlab-org/security/gitlab!2397)). Invalidate markdown cache to clear up stored XSS (gitlab-org/security/gitlab@0a0aee802c8b7760ffb0213e67129863d1769313) ( merge request (gitlab-org/security/gitlab!2418)). Allow rate limiting of deploy tokens (gitlab-org/security/gitlab@8de550917a4b86a3ca3e132465d7d2c8394c4493) ( merge request (gitlab-org/security/gitlab!2395)). Disable wiki access with CI_JOB_TOKEN when improper access level (gitlab-org/security/gitlab@516dbcd83cb2bbda6b15e22f4fafdaed661f4eb1) ( merge request (gitlab-org/security/gitlab!2408)). Sanitize error input to prevent HTML/CSS injection in messages (gitlab-org/security/gitlab@c3f62e0f2965fe871463ed7a8b6e438cd2e1f515) ( merge request (gitlab-org/security/gitlab!2379)). Secure detrace arti
14.10.022 Apr 2022 06:45 major feature: (2022-04-21). ### Added (141 changes). Add a dropdown to switch language in code blocks (gitlab-org/gitlab@3b72b32536c5fc66e32af33ead8d6609f96df2fe) ( merge request (gitlab-org/gitlab!69131)). Wraps Jupyter Notebook Diff in a feature flag (gitlab-org/gitlab@bd75c1583e1c6b994bcbfc90a1a7921485c22fd4) ( merge request (gitlab-org/gitlab!85079)). Track related epics blocked added on usage data (gitlab-org/gitlab@37be6bcfe05d1af1443008d8c3abc6ee52f51a21) ( merge request (gitlab-org/gitlab!84503)) GitLab Enterprise Edition. Optimize followed users queries (gitlab-org/gitlab@a93a42b8aeaed4d3099b49bc18a07b11814fd704) ( merge request (gitlab-org/gitlab!84856)). Enable feature flag by default (gitlab-org/gitlab@a901c405c63b255dc6f1a159a6b9b594719f0e7c) ( merge request (gitlab-org/gitlab!85270)). Enable policy type selection page by default (gitlab-org/gitlab@a99a9df36c335d727478fc0ddb6543876188bfc5) ( merge request (gitlab-org/gitlab!83600)) GitLab Enterprise Edition. Add DS_IMAGE_SUFto enable Gemnasium FIPS (gitlab-org/gitlab@aaa62e9d83b68ce23269e9b46d091e6802035faa) ( merge request (gitlab-org/gitlab!85106)). feat: Add SAST/SD template support for FIPS images (gitlab-org/gitlab@8b1989350dd0bf096b175244aca2a6c45c5ec16f) ( merge request (gitlab-org/gitlab!84839)). Enable FF ci_trigger_forward_variables (gitlab-org/gitlab@850c9c3945cef068c43f103443778d83550d7d60) ( merge request (gitlab-org/gitlab!85263)). Add gitlab-pages http server timeout options documentation (gitlab-org/gitlab@3169be7dff244c5e7388e341be8e6936fae4024e) ( merge request (gitlab-org/gitlab!84944)). Namespace onboarding action for license scanning (gitlab-org/gitlab@59d45d87d2a4abb372895e8b9209546054b5de1d) ( merge request (gitlab-org/gitlab!77782)) GitLab Enterprise Edition. Enable feature flag by default (gitlab-org/gitlab@cd0cf705715563d5dc7e9a3b37e63f24200d10e5) ( merge request (gitlab-org/gitlab!82679)) GitLab Enterprise Edition. Default to the current group when importing fro
14.9.313 Apr 2022 10:05 minor bugfix: (2022-04-12). ### (4 changes). Revert Protected Environment group access inheritence (gitlab-org/gitlab@488fd8f3f6770eebae10c815398534ff41d57546) ( merge request (gitlab-org/gitlab!84664)). URL blocker when object storage enabled but type is disabled (gitlab-org/gitlab@d0da89768774de9cf635af530ed7386e65f92d40) ( merge request (gitlab-org/gitlab!84664)). Remove pending builds from the queue on conflict (gitlab-org/gitlab@8c88898dfd1619cc635ce5b98e30eebd91da497f) ( merge request (gitlab-org/gitlab!84664)). null argument handling in background migration Rake task (gitlab-org/gitlab@23e1eb3272828b3546e18efdfaea5a8077cb20f4) ( merge request (gitlab-org/gitlab!84664)).
14.9.201 Apr 2022 03:16 minor security: (2022-03-31). ### Security (20 changes). Quarantine UsageDataNonSqlMetrics failing test (gitlab-org/security/gitlab@123fc00ff9f407284ce05007ddc373e1bd0aeede) ( merge request (gitlab-org/security/gitlab!2364)). Disallow login if password matches a list (gitlab-org/security/gitlab@1a128ae3fb17b3d83974bb08034e4ba7a7d54e3b) ( merge request (gitlab-org/security/gitlab!2357)). Update devise-two-factor to 4.0.2 (gitlab-org/security/gitlab@17c70b13dcd437c05de63b3286245af8e6f42210) ( merge request (gitlab-org/security/gitlab!2349)). Limit the number of tags associated with a CI runner (gitlab-org/security/gitlab@ed5daced882a0206e050c4f676a888ac1c2417b1) ( merge request (gitlab-org/security/gitlab!2303)). GitLab Pages Security Updates for 14.9 (gitlab-org/security/gitlab@79709cabf71a57a336f490636a7e32a208fe0229) ( merge request (gitlab-org/security/gitlab!2327)). Upgrade swagger-ui dependency (gitlab-org/security/gitlab@14280c1d844be3ffc2f30f5321a818a7b6c51770) ( merge request (gitlab-org/security/gitlab!2336)). Modify release link format check to avoid regex if string is too long (gitlab-org/security/gitlab@f516d883b46e1441410476dc140d69fde51cdf0f) ( merge request (gitlab-org/security/gitlab!2307)). Masks variables in error messages (gitlab-org/security/gitlab@9cf62118390c0cfba3d36a4231a30a7836f06e2f) ( merge request (gitlab-org/security/gitlab!2308)). Escape user provided string to prevent XSS (gitlab-org/security/gitlab@2da3502aef64ed1b01c13d82418950cf284098c6) ( merge request (gitlab-org/security/gitlab!2313)). Monkey patch of RDoc to prevent Ruby segfault (gitlab-org/security/gitlab@0ae4925089a1b5fd7c9abeeb0756b3a50e05799a) ( merge request (gitlab-org/security/gitlab!2321)). Project import maps members' created_by_id users based on source user ID (gitlab-org/security/gitlab@3826f2a7c652d3f74e45bfef8888601ca1c86ba1) ( merge request (gitlab-org/security/gitlab!2301)). Redact InvalidURIError error messages (gitlab-org/security/gitlab@59b60e9cf8f79
14.9.126 Mar 2022 03:17 minor feature: (2022-03-23). ### (1 change). backups not working when feature_flags table does not exist (gitlab-org/gitlab@4cc3cd6cf6eb256a9837ef92a6fdb4991cd1642c) ( merge request (gitlab-org/gitlab!83388)). ### Changed (1 change). Alias user_email_lookup_limit to search_rate_limit (gitlab-org/gitlab@424c277fc4c994df60ea68acb8988537526108e4) ( merge request (gitlab-org/gitlab!83388)).
14.9.023 Mar 2022 03:17 major feature: (2022-03-21). ### Added (119 changes). Toggle the related_epics_widge feature flag (gitlab-org/gitlab@8f64bbbc5c485fcdb7453f3c42949a37e030a71f) ( merge request (gitlab-org/gitlab!82333)) GitLab Enterprise Edition. Add Time to Restore Service DORA metric (gitlab-org/gitlab@0ccf5b4ae6bca2fa1ea128228e14bb63153283ce) ( merge request (gitlab-org/gitlab!82510)) GitLab Enterprise Edition. Added possiblity to create new token from the UI (gitlab-org/gitlab@8f36ef50c87ea78e33409c3ddcbbb04782fa5e15) ( merge request (gitlab-org/gitlab!82690)). Add param to Wiki REST endpoint to retrieve different page versions (gitlab-org/gitlab@53b8b9fe4952d7c11a80cd52f4dab8e6d8bfa7de) ( merge request (gitlab-org/gitlab!82838)). Add Harbor integration (gitlab-org/gitlab@bcb79d53fd54e545cf80416beb77360e06262c22) by @prajnamas ( merge request (gitlab-org/gitlab!80999)). MR widget: update merge commit message when default changed (gitlab-org/gitlab@b005b8e80ba8691ec24a5063e4a133d21e56532e) by @trakos ( merge request (gitlab-org/gitlab!77425)). Support agent registration without config (gitlab-org/gitlab@388f87faad5adf5c68ba4850a82b1d4433290b0f) ( merge request (gitlab-org/gitlab!82036)). Add `RestrictGitlabSchema` that enforces `restrict_gitlab_migration` (gitlab-org/gitlab@6bdac41133bebcf66c308dc31f589046b1dc0725) ( merge request (gitlab-org/gitlab!73756)). Enable the vsa_incremental_worker FF by default (gitlab-org/gitlab@d04a006d125f94b34c7eef4f6b85a37292bc7500) ( merge request (gitlab-org/gitlab!82975)). Add deployment approval comment field (gitlab-org/gitlab@5dfb9cabb2d2aee7eff447e34021c8b7ca24eed4) ( merge request (gitlab-org/gitlab!82743)) GitLab Enterprise Edition. Support iteration property for api (gitlab-org/gitlab@406a79a51c6dc35cd8207a7426a8582cd20ecfc4) ( merge request (gitlab-org/gitlab!82813)) GitLab Enterprise Edition. Filter archived / MRs from GraphQL (gitlab-org/gitlab@a7fde3da984bc52b887203fa57998c93f9c6fc5f) ( merge request (gitlab-org/gitlab!826
14.8.419 Mar 2022 03:17 minor feature: (2022-03-16). ### Added (1 change). Detect and artifacts with backfilled expire_at (gitlab-org/gitlab@a627e0ac2f71e48235b956a7f744608b1cf9632f) ( merge request (gitlab-org/gitlab!83013)). ### (1 change). Pass ID to merge request creation form (gitlab-org/gitlab@86c4ec0d5f73a7139a8a22021e73171c354f9326) ( merge request (gitlab-org/gitlab!83013)). ### Changed (1 change). Enable feature flags to resume artifact removal on self-managed (gitlab-org/gitlab@07dcfcfc11428900de446d195e673be127ad4f07) ( merge request (gitlab-org/gitlab!83013)).
14.8.315 Mar 2022 06:25 minor bugfix: (2022-03-14). ### (3 changes). rake task to setup the Geo tracking database (gitlab-org/gitlab@5382a63c46b205bf49b096e834f7241d6bdd6814) ( merge request (gitlab-org/gitlab!82782)) GitLab Enterprise Edition. handling of resource iteration events when deleting a User (gitlab-org/gitlab@f26db84ae16d36186b70e630fcb6c3706976ce96) ( merge request (gitlab-org/gitlab!82782)) GitLab Enterprise Edition. Ensure cleanup job artifacts task does not include pipeline artifacts (gitlab-org/gitlab@c75ecbaeb59be774d8f449b180b772bd0f611a8d) ( merge request (gitlab-org/gitlab!82782)). ### Changed (1 change). Remove runners token prefeature flags (gitlab-org/gitlab@9f316b9a606df7751b56b4eb966c1c02f6d6b3a0) ( merge request (gitlab-org/gitlab!82119)).
14.8.226 Feb 2022 03:16 minor security: (2022-02-25). ### Security (8 changes). Limit commands_changes to certain keys (gitlab-org/security/gitlab@7a4e348b3ea3d34469bcd353286474c25288d836) ( merge request (gitlab-org/security/gitlab!2225)). Add runners_token preto Group and Project (gitlab-org/security/gitlab@87bd94f7252f887f22f971ffd59044b355712042) ( merge request (gitlab-org/security/gitlab!2248)). Anonymous user can enumerate all users through GraphQL endpoint (gitlab-org/security/gitlab@945da4fadb156ce862bdd12ee5625f57709b590d) ( merge request (gitlab-org/security/gitlab!2213)). Check for unsafe characters in email addresses before sending (gitlab-org/security/gitlab@641b23f6b1ad827536ea704c848330a068fc0472) ( merge request (gitlab-org/security/gitlab!2206)). Warn when snippet contains unretrievable files (gitlab-org/security/gitlab@d703ecef74f7d73eab3d5345af3a5d60f28c9d7f) ( merge request (gitlab-org/security/gitlab!2205)). Prevent DOS when rendering math markdown (gitlab-org/security/gitlab@cedf63be73dc9c37352e425cf8b8cf4e16980935) ( merge request (gitlab-org/security/gitlab!2219)). Check permission when creating members through service (gitlab-org/security/gitlab@6228fd285e7062dd1c2e88f8ca33bc8e9a0f4fad) ( merge request (gitlab-org/security/gitlab!2209)). Reset password field on page load (gitlab-org/security/gitlab@5ece8645add37c3e77f28d7afb8f28ce4bbe2b7f) ( merge request (gitlab-org/security/gitlab!2224)).
14.8.022 Feb 2022 06:25 major feature: (2022-02-21). ### Added (134 changes). Add fields to PipelineSecurityReportFindingType (gitlab-org/gitlab@732f134e9342df18dd3f0c31668f5d43b82b35ac) ( merge request (gitlab-org/gitlab!75001)) GitLab Enterprise Edition. Add overage confirmation modal (gitlab-org/gitlab@0d26cab716b54fdbdc224e5f72b109ffb276dd90) ( merge request (gitlab-org/gitlab!79644)) GitLab Enterprise Edition. Add custom tags to the Datadog integration (gitlab-org/gitlab@694a0512374106d42b2fe8296a3bf9d0714f35e3) by @AdrianLC ( merge request (gitlab-org/gitlab!79665)). Save sort on querystring for vulnerability report (gitlab-org/gitlab@0000d7993aea7420d914641124a4b3aae4e6b8e5) (merge request) GitLab Enterprise Edition. Pipeline and other to community contribution (gitlab-org/gitlab@091a55c1d2dcbd9b3b3041548dec3403af57df19) ( merge request (gitlab-org/gitlab!78899)). Allow broadcast messages to be targeted to the current user's role (gitlab-org/gitlab@cbfa1e26b2ccb41ea0cc050dcba4943e2575bc2a) ( merge request (gitlab-org/gitlab!77498)). Provide FF to project edit action (gitlab-org/gitlab@e35d9ec63567f6360bf1d086df6130ed2380e41c) ( merge request (gitlab-org/gitlab!80805)) GitLab Enterprise Edition. Stream audit events using audit event JSON (gitlab-org/gitlab@156e6741c0ac457821f71e49ba9b9d2ebd71cd86) ( merge request (gitlab-org/gitlab!80297)) GitLab Enterprise Edition. Add CI minutes usage charts to group usage quotas (gitlab-org/gitlab@0157ce737c68f966eb1f1d3226da33c936f46354) ( merge request (gitlab-org/gitlab!80321)) GitLab Enterprise Edition. Defaulted roadmap_settings to true (gitlab-org/gitlab@1bc7cfa4415c717c926b41c7d97106e192dd10e4) ( merge request (gitlab-org/gitlab!80766)). GraphQL: Expose token_expires_at property and sorting (gitlab-org/gitlab@800bf64eb87a83d78c19cfa9d2c2c196884043b6) by @KyleFromKitware ( merge request (gitlab-org/gitlab!79135)). Add scan method to dast site profile (gitlab-org/gitlab@cb8679b4c5f6cc1abcf6847021725f6967e72042) (merge request).
14.7.316 Feb 2022 03:16 minor feature: (2022-02-15). ### (2 changes). Update GitHub PRs Importer to force update repository (gitlab-org/gitlab@33f12736b070362cb89e9bbb4b3aa7d86fc373c3) ( merge request (gitlab-org/gitlab!80595)). Geo checksummable check failing when file is nil (gitlab-org/gitlab@f49e3ea3e4d4ca7a64607687f9aaa974801b6bf9) ( merge request (gitlab-org/gitlab!80595)) GitLab Enterprise Edition. ### Changed (1 change). Properly exclude pending_destruction packages when creating one (gitlab-org/gitlab@9fb9f1ca8a2342225b7017c211f85175a4ef56dd) ( merge request (gitlab-org/gitlab!80595)).
14.7.209 Feb 2022 07:25 minor feature: (2022-02-08). ### Added (1 change). Allow self-hosted instances to render same-origin Iframe (gitlab-org/gitlab@eb7c78363cdfc670286967872d8458fc5f6d82e8) ( merge request (gitlab-org/gitlab!79966)). ### (4 changes). Geo: reverify object stored files (gitlab-org/gitlab@603700dcca3b8f25a3b80b44b11a73df549c0cb3) ( merge request (gitlab-org/gitlab!79966)) GitLab Enterprise Edition. Geo: verification failures of remote stored files (gitlab-org/gitlab@2eb8ac7e88dcd40f0e8266966655962e4d6e3171) ( merge request (gitlab-org/gitlab!79966)) GitLab Enterprise Edition. GitLab Version - CE Admin Dashboard RUN ALL RSPEC RUN AS-IF-FOSS (gitlab-org/gitlab@f2253ce2d729fa202a26b54f3ca870b932ea1855) ( merge request (gitlab-org/gitlab!79966)). cluster integration HTTP adapter (gitlab-org/gitlab@c05027ef4d7ec35fc16e8e16dc6e5af201f665c3) ( merge request (gitlab-org/gitlab!79966)). ### Changed (1 change). Update to ruby-magic v0.5.4 (gitlab-org/gitlab@ced6ef1001730dc2851f58f7db3229d1c585b9d3) ( merge request (gitlab-org/gitlab!79966)). ### Removed (1 change). Disable sandboxed_mermaid feature flag by default (gitlab-org/gitlab@70c40d43169bd48d360ed7a6a03c33c05d5e3738) ( merge request (gitlab-org/gitlab!79966)).
14.7.023 Jan 2022 03:16 major feature: (2022-01-21). ### Added (84 changes). Add verification before namespace creation (gitlab-org/gitlab@62c6ea0ff38f4a90ede4d5200e78206cdb71d29b) ( merge request (gitlab-org/gitlab!77315)). Add GraphQL mutation to destroy timeline events (gitlab-org/gitlab@71a1be80522bd01d3434dde6a5bb009454e65839) ( merge request (gitlab-org/gitlab!78192)) GitLab Enterprise Edition. ApplicationSetting: Add runner_token_expiration_interval field (gitlab-org/gitlab@d62621aa82714995cfe84c056773b291775b77bc) by @KyleFromKitware ( merge request (gitlab-org/gitlab!77884)). Rate limit Gitlab Shell operations (gitlab-org/gitlab@ddda5851babbad2f89b7ba37b0437b87e55950e5) ( merge request (gitlab-org/gitlab!78373)). Add `Delete` button to label edit view (gitlab-org/gitlab@07fa8e097bfc1143cfe362a0a4f2031d4792b73b) ( merge request (gitlab-org/gitlab!77917)). Enable autocomplete on cadence iteration create/edit pages (gitlab-org/gitlab@f0f99fc37266ebffb82134419bde8346ca799091) by @espadav8 ( merge request (gitlab-org/gitlab!78272)) GitLab Enterprise Edition. Extend GraphQL API interface with `securityTrainingProviders` field (gitlab-org/gitlab@d182af0c80834ddfc6f5db0587202f013351a42e) ( merge request (gitlab-org/gitlab!78195)) GitLab Enterprise Edition. Hierarchy page to show work items (gitlab-org/gitlab@a88b585c3b8cc4fd4fd11229e175ed4e24dead13) ( merge request (gitlab-org/gitlab!76720)). Add group level access token UI (gitlab-org/gitlab@a1a5cb34efe5218b562c69e621fc586625b3ed0a) by @fh1ch ( merge request (gitlab-org/gitlab!77449)). Remove ci_archived_build_trace_checksum feature flag (gitlab-org/gitlab@fbdec367917ae9f8ec4577f6de6ecd292755d5d0) ( merge request (gitlab-org/gitlab!78368)). Add scan result policies into the policy (gitlab-org/gitlab@71e49518d368fa7ab6a20a7ce295b5025923179f) ( merge request (gitlab-org/gitlab!77810)) GitLab Enterprise Edition. Enable logging when recursive webhook detected (gitlab-org/gitlab@2c9dc9a4b3d8b9f510369277f9d9fb12c319ee57) ( merge re
14.6.319 Jan 2022 07:05 minor bugfix: (2022-01-18). ### (4 changes). destruction of projects with pipelines (gitlab-org/gitlab@83e1616fe46b933c5b78b2d43e08463fdae4264a) ( merge request (gitlab-org/gitlab!78401)). Geo: Resolve "undefined method each_batch" (gitlab-org/gitlab@a38bf23ebd0a9931ec5bb91377955824dcda39ea) ( merge request (gitlab-org/gitlab!78401)) GitLab Enterprise Edition. migration for cases with empty strings (gitlab-org/gitlab@ddda8880db35b7d48ca8e4ec8efe54954d64f41f) ( merge request (gitlab-org/gitlab!78401)). Geo: adapt verification timed out query to use state table (gitlab-org/gitlab@89212752226d6c5f34830e3f4a73c5a56764ed17) ( merge request (gitlab-org/gitlab!78401)) GitLab Enterprise Edition.
14.6.105 Jan 2022 03:16 minor bugfix: (2022-01-04). ### (2 changes). Ignore new line differences when deciding whether to squash MR (gitlab-org/gitlab@9d25380756bbc11ad5d18ea268b0ed0b60bf92fb) ( merge request (gitlab-org/gitlab!77499)). re-use of extensions between instances (gitlab-org/gitlab@0ad3357123bbb72493b965b0ab769dab81890397) ( merge request (gitlab-org/gitlab!77499)).
14.6.022 Dec 2021 03:16 major feature: (2021-12-21). ### Added (76 changes). Create table to store merge request compliance violations (gitlab-org/gitlab@6020f42812e3dc09d4163488e35d9a75f20da9ff) (merge request). Upgrade GitLab Pages to 1.49.0 (gitlab-org/gitlab@b10f47f58cc3c7998e6815580405d00575595715) ( merge request (gitlab-org/gitlab!76908)). Add create crm organization component (gitlab-org/gitlab@20998c7f182a6f12001ac10b515fc8c20147b56a) by @leet ( merge request (gitlab-org/gitlab!76059)). Registration features info for setting repo size (gitlab-org/gitlab@d857bc88bfe2dff493b73934c39ac89c25a4381a) (merge request) GitLab Enterprise Edition. Log structured message when LFS object is auto-linked from parent (gitlab-org/gitlab@fe545efa9f3c138a1f65bed0f021525b8cb3fc22) ( merge request (gitlab-org/gitlab!76818)). Enable display_outdated_line_diff by default (gitlab-org/gitlab@3f368ddb4378101757f7a3ce7a92d0d36bcf7823) ( merge request (gitlab-org/gitlab!76887)). Default enable webauthn feature flag (gitlab-org/gitlab@81a6ee387a3f4b593859c04d52245312b9b194ba) by @kingjan1999 ( merge request (gitlab-org/gitlab!50735)). Update return type for previousStageJobsOrNeeds (gitlab-org/gitlab@ca6c6a70b0e054b24cd331b0ce6bedb383a86dff) ( merge request (gitlab-org/gitlab!76444)). Add support for Rel-License microformat (gitlab-org/gitlab@dd445481700a90c9e9fd645c2315e94b22df4889) ( merge request (gitlab-org/gitlab!76471)). Add error alerts and badge for webhooks (gitlab-org/gitlab@d366378ce6612db8316a07e60eb139d4e7eb39da) ( merge request (gitlab-org/gitlab!76871)). Add alert for rate limited webhooks (gitlab-org/gitlab@d163f4c929d696884438cb139329cdb3bae75803) ( merge request (gitlab-org/gitlab!76743)). Expose iid in pipelines api (gitlab-org/gitlab@a7f53bddf1cfc64d471b13312dd01c42015799c4) ( merge request (gitlab-org/gitlab!76625)). Implement separate status for bulk imports (gitlab-org/gitlab@96db744c439129de268cf05f4e7e5b41597ff751) ( merge request (gitlab-org/gitlab!73960)). Include pa
14.5.102 Dec 2021 09:45 minor bugfix: (2021-12-01). ### (4 changes). Check validation for license only if new record (gitlab-org/gitlab@3e34c2dc431a2b1c1828f5154a4d2be350359b16) ( merge request (gitlab-org/gitlab!75498)) GitLab Enterprise Edition. for hexadecimal branch deletion (gitlab-org/gitlab@eb74cd44edac0c16c44aa11d710b742586c31741) ( merge request (gitlab-org/gitlab!75498)). the SSL_CERT_DIR logging on git operations (gitlab-org/gitlab@6ef3b63ad5e58baa0e0e0a922fe43a2fb4494508) ( merge request (gitlab-org/gitlab!75498)). Support Action Cable on GCP Memorystore (gitlab-org/gitlab@d62aa5bcbad5851209a9d248ca267d0c46d1e7c9) ( merge request (gitlab-org/gitlab!75498)).
14.5.020 Nov 2021 03:15 major feature: (2021-11-19). ### Added (113 changes). Show warning for markdown structure changes (gitlab-org/gitlab@9b44058536cff8e36996dc04820636a3c39cef2f) ( merge request (gitlab-org/gitlab!71064)). Implement Pipeline Editor Walkthrough experiment (gitlab-org/gitlab@2ab23a789a355eb2f1a923b263f2194f72665b5f) ( merge request (gitlab-org/gitlab!73050)). Add endpoint for activating all pending members (gitlab-org/gitlab@fb949a578e625f21242fccf20ad8883efb425e56) ( merge request (gitlab-org/gitlab!73849)) GitLab Enterprise Edition. Add Yaml Source Editor Extension (gitlab-org/gitlab@fe4f8022b129997263cc3e26c597b4c77df878a7) ( merge request (gitlab-org/gitlab!72764)). Introduced the Source Editor Instance module (gitlab-org/gitlab@7dbdf10e35cf793e0219344d0830dfcbb229667d) ( merge request (gitlab-org/gitlab!74566)). Add total counters in each runner type tab (gitlab-org/gitlab@b852ba5b2da2cabae8eaf5bf1f4f9b950b0576de) ( merge request (gitlab-org/gitlab!74196)). Add customer relations organizations viewer (gitlab-org/gitlab@9db2c7fef64053f78eebbc6bf12978ca46d08979) by @leet ( merge request (gitlab-org/gitlab!73508)). Add customer relations contacts viewer (gitlab-org/gitlab@22a90aa556d503e617b22a8795754197a807dab1) by @leet ( merge request (gitlab-org/gitlab!73429)). Add endpoint for activating an waiting member (gitlab-org/gitlab@c9857c9dc7f3196ee14f9ff40bd3bc8a4382329e) ( merge request (gitlab-org/gitlab!73845)) GitLab Enterprise Edition. Add keyset pagination for tags API (gitlab-org/gitlab@e9c3b012dcba273ec9eb2c5aaa4c8163d295cd9a) ( merge request (gitlab-org/gitlab!74239)). Enable loose_foreign_key_cleanup FF by default (gitlab-org/gitlab@8e8864cf97eae6f3e9d8bd1187d743d88f243fe9) ( merge request (gitlab-org/gitlab!74499)). Allow reporters to see the service desk email address (gitlab-org/gitlab@b12fcd0eccdc9fc66ec0647d7939eb53310a374d) ( merge request (gitlab-org/gitlab!74179)). Upgrade GitLab Pages to 1.48.0 (gitlab-org/gitlab@a8e068be055bc0bb5805321b1
14.4.209 Nov 2021 06:45 minor feature: (2021-11-08). ### (3 changes). Skip retrying for reads on connection errors if primary only (gitlab-org/gitlab@8e1976ed75bd6c606d49c83863cf46bf3c4d5070) ( merge request (gitlab-org/gitlab!73919)). error 500 loading branch with UTF-8 characters with performance bar (gitlab-org/gitlab@67ddc428472d57bb3d8a4a84eb0750487a175f75) ( merge request (gitlab-org/gitlab!73919)). Skip st_diff callback setting on LegacyDiffNote when importing (gitlab-org/gitlab@84f5c66321473cd702b3b671584054fcf3d141ae) ( merge request (gitlab-org/gitlab!73919)). ### Changed (1 change). Remove skip_legacy_diff_note_callback_on_import from legacy diff note (gitlab-org/gitlab@547a2ec29ea9e9299eab727899c3d90886ffc21c) ( merge request (gitlab-org/gitlab!73919)). ### Performance (1 change). Prevent Sidekiq size limiter middleware from running multiple times on the same job (gitlab-org/gitlab@294c01be38d400607536fb20a2038e098c0f0e28) ( merge request (gitlab-org/gitlab!73919)).
14.4.129 Oct 2021 03:15 minor security: (2021-10-28). ### Security (13 changes). Highlight usage of unicode bidi characters (gitlab-org/security/gitlab@cef762a270783780112c7bf318e353a39de1aa1e) ( merge request (gitlab-org/security/gitlab!1937)). dompurify.js to prevent path traversal attacks (gitlab-org/security/gitlab@9a891cbe465a302f260f0f81fc490cacb9e8c70e) ( merge request (gitlab-org/security/gitlab!1929)). Refresh authorizations on transfer of groups having project shares (gitlab-org/security/gitlab@bdf8b6e90d0a1f719c0f389f29ea5dc41c22f119) ( merge request (gitlab-org/security/gitlab!1916)). Adding a ' redacted ' to mask private email addresses (gitlab-org/security/gitlab@324fe6286b266c3990676bc93b3f6ab03eea5f6b) ( merge request (gitlab-org/security/gitlab!1927)). Do not allow Applications API to create apps with blank scopes (gitlab-org/security/gitlab@4e2c4d2a88acf7167e1078e8a27679545ab90c9c) ( merge request (gitlab-org/security/gitlab!1922)). Don't allow author to resolve discussions when MR is locked via GraphQL (gitlab-org/security/gitlab@34ffcb55a70ad6db38292f79fe73c05fb2655738) ( merge request (gitlab-org/security/gitlab!1919)). Workhorse: Allow uploading only a single file (gitlab-org/security/gitlab@0aee710db4bbab84c78b9e38f459bfca606aaf80) ( merge request (gitlab-org/security/gitlab!1913)). Set PipelineSchedules to inactive (gitlab-org/security/gitlab@de405edc9de4519656675ed6825534aac6b738da) ( merge request (gitlab-org/security/gitlab!1911)). Do not display the root password by default (gitlab-org/security/gitlab@138a62f89ce6616d63e3cf18eeda291a380b9ebc) ( merge request (gitlab-org/security/gitlab!1909)). Group owners should see SCIM token only once (gitlab-org/security/gitlab@43d19f580543d0203b1d841f921536474ca4be38) ( merge request (gitlab-org/security/gitlab!1906)) GitLab Enterprise Edition. Respect visibility level settings when updating project via API (gitlab-org/security/gitlab@f96258f3622cf72b46158f22c4660ff60a2c25ae) ( merge request (gitlab-org/security/gi
14.4.022 Oct 2021 03:16 major feature: (2021-10-21). ### Added (79 changes). Upgrade GitLab Pages to 1.46.0 (gitlab-org/gitlab@e606ddc078a2fe55658abb33924fac5699376953) ( merge request (gitlab-org/gitlab!72383)). Support math expressions in the Content Editor (gitlab-org/gitlab@3e60388da219b0b33fa032f50bf087fd5b7845c0) ( merge request (gitlab-org/gitlab!72153)). Add Reviewer names (gitlab-org/gitlab@925c1246984a33b4c408848298dc544757656499) ( merge request (gitlab-org/gitlab!72244)). Geo: Enable Upload replication using SSF by default (gitlab-org/gitlab@99543ee585f7f35f84f19e08b2ccba6428341a2b) ( merge request (gitlab-org/gitlab!72199)) GitLab Enterprise Edition. Add username attribute support for Group SAML SSO (gitlab-org/gitlab@085254b32ebdb6269636c774de9d88cbabc5bed9) ( merge request (gitlab-org/gitlab!72134)) GitLab Enterprise Edition. Expose contacts via GraphQL (gitlab-org/gitlab@2dc68a486afeffd1b64b78fcbeae537c030d7dfa) by @leet ( merge request (gitlab-org/gitlab!71889)). Add source instance version validation for project (gitlab-org/gitlab@44c33c0ceb7c4507c94f1c7fda5811d81d5fdf9c) ( merge request (gitlab-org/gitlab!71423)). Add top-level GraphQL query for single board list (gitlab-org/gitlab@2740bda696e362f7fd92f567b3e13f063b6677cf) ( merge request (gitlab-org/gitlab!67909)). Allow to setup Documentation pages URL for help pages redirects (gitlab-org/gitlab@3f3566ab09ce35ac3a636a22e65e40927e63cab9) ( merge request (gitlab-org/gitlab!71737)). DevOps Adoption: Add "trend over time" graph (gitlab-org/gitlab@ef874e312ca65ed14101c41d09e69bfa9869a19e) ( merge request (gitlab-org/gitlab!70518)) GitLab Enterprise Edition. Improve data zoom on contribution analytics (gitlab-org/gitlab@13d202a2f08fb7c45ebfa475ab258d20b68bc982) ( merge request (gitlab-org/gitlab!72004)) GitLab Enterprise Edition. Add cluster_image_scanning CI parser to update location data (gitlab-org/gitlab@c28d8ab7e6367258ddfbbeb25e0492c0a324c6f7) ( merge request (gitlab-org/gitlab!71794)) GitLab Ent
14.3.313 Oct 2021 13:05 minor bugfix: (2021-10-12). ### (3 changes). Disable caching of MergeToRefService call in mergeability check (gitlab-org/gitlab@ea9f38fb3ce1f9b345ca699b5f9ae7b36726a56f) ( merge request (gitlab-org/gitlab!72179)). FA setup for users with no password (gitlab-org/gitlab@c6d5cdfc3fa1a1dc0a6686a8f189972c03403f7a) ( merge request (gitlab-org/gitlab!72179)). dependency proxy image pre (gitlab-org/gitlab@deb9719db05e99dec787bd76c5e96408f92eb802) ( merge request (gitlab-org/gitlab!72179)).
14.3.205 Oct 2021 06:25 minor feature: (2021-10-01). ### (1 change). Update GitLab Shell to v13.21.1 (gitlab-org/gitlab@9e9e41f2ae9bdb89355c0f9cef486950bbaf361c) ( merge request (gitlab-org/gitlab!71513)). ### Changed (1 change). Remove `async_filtering` feature flag (gitlab-org/gitlab@c4277c1fed0de3d86694390641612bfcde30cc92) ( merge request (gitlab-org/gitlab!71513)).
14.3.101 Oct 2021 03:16 minor security: (2021-09-30). ### Security (29 changes). permissions check on project members import (gitlab-org/security/gitlab@63ba9ad2a1067eb74df493e273707bb64a13a197) ( merge request (gitlab-org/security/gitlab!1858)). Require password param for 2FA changes (gitlab-org/security/gitlab@f246cfbd15344ba74a0182276bf63f0b5f1a4a31) ( merge request (gitlab-org/security/gitlab!1813)). Respect disabled import sources when initiating import via API (gitlab-org/security/gitlab@046e964b0151fc8c58063281a39af063ffb678bd) ( merge request (gitlab-org/security/gitlab!1846)). Return 404 if model id wasn't passed to UploadsController (gitlab-org/security/gitlab@747e6f0e4aec39462f296fd56b37df1c255d29cb) ( merge request (gitlab-org/security/gitlab!1843)). Scrub artifacts signed URL in SendEntry logs (gitlab-org/security/gitlab@f6c57892ddc9518efaace1021346b42b4c805a1c) ( merge request (gitlab-org/security/gitlab!1840)). Prevent double-impersonation and impersonation breakout (gitlab-org/security/gitlab@615d418f9315ca3b3619689c47201f618cf6bde9) ( merge request (gitlab-org/security/gitlab!1834)). Clear session access tokens when starting/stopping impersonation (gitlab-org/security/gitlab@62c2e0d3ed73f2d7ded90d04fe232ff6ae2f6136) ( merge request (gitlab-org/security/gitlab!1831)). Prevent users from bypassing 2FA on certain pages (gitlab-org/security/gitlab@0b41838b36da09a9230de4d8449040a701464de7) ( merge request (gitlab-org/security/gitlab!1827)). Use validated URL when sending request to Gitea Importer (gitlab-org/security/gitlab@26731d762f6503fe1b8b509be11c56e77601a552) ( merge request (gitlab-org/security/gitlab!1822)). XSS in Jira link (gitlab-org/security/gitlab@d41060acb2aa151119042db9162a102d4e2c15ab) ( merge request (gitlab-org/security/gitlab!1819)) GitLab Enterprise Edition. fogz importer DNS Rebind SSRF (gitlab-org/security/gitlab@cc13d57c66cc65e6f920bdeab57b9fdb9d6baac1) ( merge request (gitlab-org/security/gitlab!1814)). Remove related project access tokens whe
14.3.022 Sep 2021 03:16 major feature: (2021-09-21). ### Added (111 changes). Add organizations update mutation to GraphQL (gitlab-org/gitlab@9375734734a090d186da58cb5d1ece7d886318f8) by @leet ( merge request (gitlab-org/gitlab!69559)). Auto-scope board to iteration cadence (gitlab-org/gitlab@3015a0232caa9641266130bd905942ece2758d16) ( merge request (gitlab-org/gitlab!69030)). Decouple project runners queuing query from projects table (gitlab-org/gitlab@04a2a99342e8db67058ee6534e4166ca0a8a4914) ( merge request (gitlab-org/gitlab!70415)). Add owner validation for project namespaces (gitlab-org/gitlab@a30da0a109d54f5254498d70977e3e2be69f9901) ( merge request (gitlab-org/gitlab!69201)). Add ProjectNamespace model and DB relationships (gitlab-org/gitlab@6914cf3c13c2ca6f325ae273944f4c2172691451) ( merge request (gitlab-org/gitlab!69201)). Upgrade Pages to 1.44.0 (gitlab-org/gitlab@2e2263965716a3dd7c3f427f9876d50183a9a3ef) ( merge request (gitlab-org/gitlab!70484)). Add docs on how to use AWS server side encryption for backups (gitlab-org/gitlab@00eeff9dd13ad4a515655630cc9f006ca2ec8c75) ( merge request (gitlab-org/gitlab!70327)). Persist projects configured to use an Agent (gitlab-org/gitlab@3a80bebfcb49b4315c91d3ac3863f06d692fc000) ( merge request (gitlab-org/gitlab!67295)). Enable Pages replication with Geo by default (gitlab-org/gitlab@5f9c6a945c6f46294ede78b5b1ae82b2d8239c92) ( merge request (gitlab-org/gitlab!70434)) GitLab Enterprise Edition. Address the PK Overflow risk for the ci_build_needs - Step 3 (gitlab-org/gitlab@c789075c2907e6689d61e9f3c0ff6943018a4c9c) ( merge request (gitlab-org/gitlab!69473)). Extend `marginalia` to provide `db_config_name` (gitlab-org/gitlab@24e07a2a61cc981f401fd886e39940305cc3699c) ( merge request (gitlab-org/gitlab!67328)). Enable Roadmap daterange presets (gitlab-org/gitlab@3dccdb1fc8a795ea8e6fd23710362f0ef8b6a146) (merge request) GitLab Enterprise Edition. Test project namespace is destroyed with project_namespace.rb (gitlab-org/gitlab@93ff65
14.2.418 Sep 2021 07:05 minor bugfix: (2021-09-17). ### (2 changes). Elastic::MigrationWorker current_migration (2nd attempt) (gitlab-org/gitlab@65bf8636d35edc6f580c7f09e1ffafc46ca5fbdb) ( merge request (gitlab-org/gitlab!70494)) GitLab Enterprise Edition. Removes cleanup job from Terraform.latest (gitlab-org/gitlab@6085d73d1a88aa98310f775fe2ff74584948e1a9) ( merge request (gitlab-org/gitlab!70494)).
14.2.305 Sep 2021 03:25 minor bugfix: (2021-09-01). ### (4 changes). Live Markdown Preview in personal and subgroup projects (gitlab-org/gitlab@20553f93703c0bc076c8e1a4fbc4ce07e2e914b7) ( merge request (gitlab-org/gitlab!69316)). OrphanedInviteTokensCleanup migration (gitlab-org/gitlab@9c59b2fbdfeb250de66a9d2b9424cde9680f86c3) ( merge request (gitlab-org/gitlab!69316)). Reset severity_levels default (gitlab-org/gitlab@34e65788679cfbdeec28357a01a8b303ba61418f) ( merge request (gitlab-org/gitlab!69316)). Geo: Replicate multi-arch containers (gitlab-org/gitlab@fdf88767320016a84c83e896b9f9b90291de89e0) (merge request) GitLab Enterprise Edition.
14.2.201 Sep 2021 06:45 minor security: (2021-08-31). ### Security (9 changes). Prevent non-admins from configuring Jira connect app (gitlab-org/security/gitlab@1bc56361c9daa90accea65836d5a424168a2c544) ( merge request (gitlab-org/security/gitlab!1697)). Only create jira connect NS subscriptions for admins (gitlab-org/security/gitlab@c160da2cb32a5774fef149155cfd397981bf9173) ( merge request (gitlab-org/security/gitlab!1698)). Update apollo_upload_server dependency (gitlab-org/security/gitlab@5ef659b8c9a5a7338830171c62943d3b8bb16410) ( merge request (gitlab-org/security/gitlab!1699)). Ensure shared group members lose project access after group deletion (gitlab-org/security/gitlab@c94e934234a90f82e7fe291ed0f1d6a763b9a977) ( merge request (gitlab-org/security/gitlab!1683)). Update Import/Export to use public email when mapping users (gitlab-org/security/gitlab@13fb902c55c2dfe7ec2bf35f58a9cb3d93905d9a) ( merge request (gitlab-org/security/gitlab!1669)) GitLab Enterprise Edition. Require sign in for.keys endpoint on non-public instances (gitlab-org/security/gitlab@0979dd458e8fa0d4f5e184ef0b9ea042d79f6c14) ( merge request (gitlab-org/security/gitlab!1676)). Inherit user external status while creating project bots (gitlab-org/security/gitlab@93062909ffc093cb8f718a3ea3f2976292a9b9af) ( merge request (gitlab-org/security/gitlab!1675)). Escape reference and title for Jira (gitlab-org/security/gitlab@d25ef8599ec03ee80ef1bff7067b2269836400cf) ( merge request (gitlab-org/security/gitlab!1673)) GitLab Enterprise Edition. stored XSS vulnerability in Datadog settings form (gitlab-org/security/gitlab@23b98dac7864992898992a153950247ac6ccb933) ( merge request (gitlab-org/security/gitlab!1670)).
14.2.126 Aug 2021 03:16 minor feature: (2021-08-23). ### (1 change). Drop un-used db/ci_migrate symlink (gitlab-org/gitlab@1154311625345e120407c0c397c7d4a27848a739) ( merge request (gitlab-org/gitlab!68723)). ### Changed (2 changes). Reorder vuln check criteria (gitlab-org/gitlab@9bbb20db46362a859632e7bb88deba985318ca2c) ( merge request (gitlab-org/gitlab!68723)) GitLab Enterprise Edition. Don't override vulnerability feedback UUID anymore (gitlab-org/gitlab@5f8372fb782c9416ae5ab582009a4399cb7d3750) ( merge request (gitlab-org/gitlab!68723)) GitLab Enterprise Edition.
14.2.022 Aug 2021 07:45 major feature: (2021-08-20). ### Added (128 changes). Add missing Ci::Build graphql mutations (gitlab-org/gitlab@b0389d7d0da358b550392cf20178c2faea6dbd61) ( merge request (gitlab-org/gitlab!68399)). Introduce a table to store job trace metadata (gitlab-org/gitlab@66ac715bd050922f83e754f1f2b27c27848fa2b2) ( merge request (gitlab-org/gitlab!68171)). Promote the contact_sales_btn_in_app experiment to product feature (gitlab-org/gitlab@273a053eff53c29ce55f70358b2ebd593a64c7ff) ( merge request (gitlab-org/gitlab!65598)). Upgrade GitLab Pages to v1.42.0 (gitlab-org/gitlab@5de522492fa0a3d013eef5d75103a93f350036c2) ( merge request (gitlab-org/gitlab!68341)). Enable the instance-level overrides feature (gitlab-org/gitlab@b8ab6f1e1c1120a8b53fa0864627bc7a5ff6603f) ( merge request (gitlab-org/gitlab!67927)). Add support for inline diff in content editor (gitlab-org/gitlab@c10baec8a0efb6c6a59909cd8c1772c9d7cab042) ( merge request (gitlab-org/gitlab!68231)). Update security policies pipeline processor to support secret detection (gitlab-org/gitlab@797d5d844d5533ea6561dc2e584d8b15b0c47b71) ( merge request (gitlab-org/gitlab!67223)) GitLab Enterprise Edition. Render references in content editor (gitlab-org/gitlab@efc45686c1d1804d8367a292fc63164aa1d7f6c2) ( merge request (gitlab-org/gitlab!68230)). Add copy feature to CI job page (gitlab-org/gitlab@5d72b702b7d78566110714a30d9742d32e8e32d0) ( merge request (gitlab-org/gitlab!68148)). Limit number of files per pages site (gitlab-org/gitlab@48df27a71ab7c3845172671b20e2cf2e3dcf6fe2) ( merge request (gitlab-org/gitlab!67761)). Added new user callout for the Terraform banner (gitlab-org/gitlab@c52952f613e4dfd1ab5cbde859b8f3d1a1ce51eb) ( merge request (gitlab-org/gitlab!68138)). Markdown Live preview for Source Editor (gitlab-org/gitlab@2fffee2645d5bb9a4b8b269c578ebca9f9f73fbf) (merge request). Create table zentao_tracker_data (gitlab-org/gitlab@161e6d31110c591b041b76717a98024f5963a3f7) ( merge request (gitlab-org/gitlab!6793
14.1.318 Aug 2021 03:16 minor feature: (2021-08-17). ### (2 changes). Geo 2.0 Regression - Add ability to remove primary (gitlab-org/gitlab@1635f3d07d421edd2a83be109d7c54635aa4f58c) ( merge request (gitlab-org/gitlab!68383)) GitLab Enterprise Edition. RUN AS-IF-FOSS AS SAML SSO login redirects not working (gitlab-org/gitlab@7b551e3d2a4ba6127549c613ee95e2c12c014b90) ( merge request (gitlab-org/gitlab!68383)) GitLab Enterprise Edition. ### Changed (1 change). Resolve "operator does not exist: integer bigint in... (gitlab-org/gitlab@99e6457b6d9d39805dc7758c47091cf6ad0f2bdd) ( merge request (gitlab-org/gitlab!68383)).
14.1.204 Aug 2021 06:45 minor security: (2021-08-03). ### Security (19 changes). Add project member validation for domain limitation (gitlab-org/security/gitlab@d17016dde463811c81a22c07aeab817ff7b5757c) ( merge request (gitlab-org/security/gitlab!1564)). Hide project-level CI/CD Analytics for Guests (gitlab-org/security/gitlab@ce3b41daadd795e906b5bbbec424a494c491a1d4) ( merge request (gitlab-org/security/gitlab!1600)). Only allow invite to be accepted by user with matching email (gitlab-org/security/gitlab@9d9e439c6a923fa4791a056e599c7b7e76de59a1) ( merge request (gitlab-org/security/gitlab!1632)). Add html escaping for default branch name (gitlab-org/security/gitlab@549101007452bd43d866d314b1c787120cfcb36a) ( merge request (gitlab-org/security/gitlab!1630)). Configure OmniAuth to use GitLab AppLogger (gitlab-org/security/gitlab@0b234f0058bbaa0415ab43182761757c332764d1) ( merge request (gitlab-org/security/gitlab!1615)). Add permissions check to pipelines#show action (gitlab-org/security/gitlab@6901d52d5265d126419e78848344ae9a886ee1a7) ( merge request (gitlab-org/security/gitlab!1612)). Prevent impersonation in gitlab-shell SSH certs (gitlab-org/security/gitlab@82a878ba276c6500af5aa3d951819240535127de) ( merge request (gitlab-org/security/gitlab!1609)). Protected Environment Accesses Cleanup (gitlab-org/security/gitlab@0c954547dbdee6a47fc755eebef0882852080579) ( merge request (gitlab-org/security/gitlab!1606)) GitLab Enterprise Edition. Use oauth_app id instead of uid (gitlab-org/security/gitlab@9c49cbbbc730eb16ef109c1f1fc1b167768d5dd3) ( merge request (gitlab-org/security/gitlab!1603)) GitLab Enterprise Edition. Block impersonation token use if it is not permitted (gitlab-org/security/gitlab@1a73b228549dfe1fe98f44a8cee8e3ebcc36d841) ( merge request (gitlab-org/security/gitlab!1583)). XSS in Mermaid Markdown rendering (gitlab-org/security/gitlab@6bff57b10739c42d177371dbf44143d92de1e595) ( merge request (gitlab-org/security/gitlab!1488)). Do not show email address in error messag
14.1.129 Jul 2021 03:25 minor feature: (2021-07-28). ### Added (1 change). RackAttack: extend basic authentication detection for rate limiting (gitlab-org/gitlab@ad521c88bfa8da185380397aa2e6e8972a28b04e) ( merge request (gitlab-org/gitlab!66726)). ### (3 changes). Prevent terms from being created if blank (gitlab-org/gitlab@29e5ebe23869cfe1325d8f7ab2ec17a3a8670f61) ( merge request (gitlab-org/gitlab!66726)). : Sidekiq workers delete each other's metrics (gitlab-org/gitlab@d6d8ed55392a90cc55aa6213ebae80008d0df3e0) ( merge request (gitlab-org/gitlab!66726)). Resolve "Bulk dismissal checkboxes don't appear on group vulnerability report" (gitlab-org/gitlab@77b2cf8b935aba08f23c00cf5fdc746849a65e74) ( merge request (gitlab-org/gitlab!66726)) GitLab Enterprise Edition. ### Other (1 change). Revert backfill on ci_build_trace_sections (gitlab-org/gitlab@a67a8d734440d50c5fdbb0c559b5d2a2f6e48fae) ( merge request (gitlab-org/gitlab!66726)).
14.1.025 Jul 2021 16:25 major feature: (2021-07-21). ### Added (123 changes). Add ability to set `squash_option` in the Project API (gitlab-org/gitlab@0cd893d72f410351411563e54af9e1d3f6fd789f) ( merge request (gitlab-org/gitlab!66122)). Add ref to pipeline graphql schema (gitlab-org/gitlab@4f4f2ec9adf86f841828b87f39639684ee2051f0) ( merge request (gitlab-org/gitlab!66241)). Upsell the GitLab Managed Terraform state if the repo contains `.tf` files (gitlab-org/gitlab@e2763f345fde0232092e6b099550c715c503e03e) ( merge request (gitlab-org/gitlab!65870)). Add mailgun endpoint for receiveing permanent failures (gitlab-org/gitlab@af2a6a81b92110c27da08528c5ed5dfe1ebf3f7d) ( merge request (gitlab-org/gitlab!65078)). Add error tracking collector (gitlab-org/gitlab@90e16440fc02e74d426a8c023a2e6a0f9d430990) ( merge request (gitlab-org/gitlab!65767)). Add Vulnerability Management metric for Devops Adoption API (gitlab-org/gitlab@4ef341255b5620a68a9ee3b4f8a570bac0bb1202) ( merge request (gitlab-org/gitlab!66081)). Allow immediate deletion of projects (gitlab-org/gitlab@1752841832fcbe88bd9da3b3720697bcce2be9dc) ( merge request (gitlab-org/gitlab!65522)) GitLab Enterprise Edition. Make database changes to persist false_positive information (gitlab-org/gitlab@10ff49e8bca5a0510fc2599bf378f1aecbe16394) ( merge request (gitlab-org/gitlab!65573)). Added user_cap to setting update service (gitlab-org/gitlab@f88b2f61621c4177adbd3ac68fa7e53f95aab811) ( merge request (gitlab-org/gitlab!65542)). Audit successful GPG key creation and removal (gitlab-org/gitlab@f32cc873fac3b730af86bb8095862190770174ff) ( merge request (gitlab-org/gitlab!65973)) GitLab Enterprise Edition. Enable sidekiq load balancing by default (gitlab-org/gitlab@a36a0b84264738c942363798a9dab3a6b51895a7) ( merge request (gitlab-org/gitlab!65669)). Add Pipeline Editor branch selector (gitlab-org/gitlab@13b69f776686e98fa0752c303aebb8c64320c264) ( merge request (gitlab-org/gitlab!61793)). Introduce multiple oncall schedules feature (gitlab
14.0.621 Jul 2021 14:25 minor bugfix: (2021-07-20). ### (4 changes). validation method regarding MIME type keys (gitlab-org/gitlab@2cc6d89cc77368b9472c8ec22e97bb3481409fb3) ( merge request (gitlab-org/gitlab!66403)). Geo: snippet verification by replicating the HEAD ref (gitlab-org/gitlab@4dbf36af8553775603c170784ad8bfcdc436a669) ( merge request (gitlab-org/gitlab!66403)) GitLab Enterprise Edition. LFS objects not downloading with Bitbucket (gitlab-org/gitlab@161776f9a4975dfeb2760b06e83160def902c61f) ( merge request (gitlab-org/gitlab!66403)). Replace Excon with Faraday for requesting object storage (gitlab-org/gitlab@a223d526d5b97f248c8810ef0b968d2c3b0323e0) ( merge request (gitlab-org/gitlab!66403)).
14.0.511 Jul 2021 11:25 minor feature: (2021-07-08). ### (4 changes). Return empty strings for Jira links when URL is not set (gitlab-org/gitlab@6da7890d8137b1879297ad81c6737312d6f672b3) ( merge request (gitlab-org/gitlab!65728)). Add preto autocomplete path (gitlab-org/gitlab@5256ab7db346610a816ebb975ae9a6ce0d853435) ( merge request (gitlab-org/gitlab!65728)). Do not create audit event for failed logins on read-only DB (gitlab-org/gitlab@30c7944ddddfe92566b3f66a7f549bef3ffd8d82) ( merge request (gitlab-org/gitlab!65728)) GitLab Enterprise Edition. git clone for projects with a trailing dot over HTTP (gitlab-org/gitlab@a91be9412a09b069390cc33c14d1bc72216cdbf0) ( merge request (gitlab-org/gitlab!65728)). ### Other (1 change). Initialize conversion of for bigint migration (gitlab-org/gitlab@34522b102be43118063aa3245d23af313173700d) ( merge request (gitlab-org/gitlab!65728)).
14.0.307 Jul 2021 06:45 minor bugfix: (2021-07-06). ### (7 changes). deploy keys not working with LFS auth check (gitlab-org/gitlab@134b244c7f59f8a20cb191bc0d2aaa43171f3d6e) ( merge request (gitlab-org/gitlab!65498)). DevOps Adoption - ensure displayNamespaceId is included (gitlab-org/gitlab@1166130f1e6786a8c96735b6518241fb704047b1) ( merge request (gitlab-org/gitlab!65498)) GitLab Enterprise Edition. Geo - state value in the lfs_object_registry table (gitlab-org/gitlab@b6f30299d255949b79d149ee71ee50025ac0c8c2) ( merge request (gitlab-org/gitlab!65498)) GitLab Enterprise Edition. broken Time Tracking Reports on Issuable sidebar (gitlab-org/gitlab@da0b4a92f791a3f621ec8da8e2fbb0ad4e39d399) ( merge request (gitlab-org/gitlab!65498)). where Milestone page led to console error (gitlab-org/gitlab@179948d489ed92f5d8158c23190430e819941a29) ( merge request (gitlab-org/gitlab!65498)). frequent items timestamps not updated (gitlab-org/gitlab@481d4d36252dc91291afe9dacd7d48558878d27f) ( merge request (gitlab-org/gitlab!65498)). pages deployment storage migration (gitlab-org/gitlab@0eab6e579890c557bf97dd48dd6a2a7adaf97358) ( merge request (gitlab-org/gitlab!65498)). ### Changed (2 changes). Geo - Move migration to a pre-deployment migration (gitlab-org/gitlab@84327652855cafe36c574df798322b63d0649561) ( merge request (gitlab-org/gitlab!65498)) GitLab Enterprise Edition. Reintroduce recursive_approach_for_all_projects default-enabled (gitlab-org/gitlab@14b3aa69cad85541ae6b845b346c80d1eaea099b) ( merge request (gitlab-org/gitlab!65498)).
14.0.202 Jul 2021 03:16 minor security: (2021-07-01). ### Added (1 change). Added omniauth_user check when verifying user cap (gitlab-org/security/gitlab@68c5d856fbf83f5f5ade562ea84b6aa06db96c60) ( merge request (gitlab-org/security/gitlab!1501)) GitLab Enterprise Edition. ### Security (14 changes). Update rdoc to 6.3.1 (gitlab-org/security/gitlab@341334cbb2d822f6aa057933934b819c34b87932) ( merge request (gitlab-org/security/gitlab!1533)). Forbid GET requests with mutations (gitlab-org/security/gitlab@895c99b35efa6795fb050bfb4ef4574f3e32a373) ( merge request (gitlab-org/security/gitlab!1528)). Prevent GraphQL API access by deactivated users (gitlab-org/security/gitlab@2dda4163dadc04b59ee3367990b72bee933adf9b) ( merge request (gitlab-org/security/gitlab!1525)). Add sanitizing for name field (gitlab-org/security/gitlab@ecb5a598b87d670906df67ed4432426a375efa05) ( merge request (gitlab-org/security/gitlab!1499)). Copy feature visibility settings to a fork (gitlab-org/security/gitlab@fcc87978b1c865c8bdcb3fc5d8dc221b7370192c) ( merge request (gitlab-org/security/gitlab!1522)). XSS on audit log for feature flag actions (gitlab-org/security/gitlab@94fc41d49e828a6457f1de31f2b239b087679c12) ( merge request (gitlab-org/security/gitlab!1521)). Avoid disclosing project in web IDE (gitlab-org/security/gitlab@9de99878401713bc5f3a76ca85901dc3a9ca0cd8) ( merge request (gitlab-org/security/gitlab!1511)). Sanitize input on pasteGFM (gitlab-org/security/gitlab@7bb97cfa11a11bb0725bc707dec73831e16fe177) ( merge request (gitlab-org/security/gitlab!1514)). merge request diff display with unsupported encoding (gitlab-org/security/gitlab@8c21afdce6c6214c14db1863df1aad80ed501377) ( merge request (gitlab-org/security/gitlab!1509)). deploy key fallback in protected branch (gitlab-org/security/gitlab@a24aa5412a8f1dad01359de6b2f0b66bb741f5d4) ( merge request (gitlab-org/security/gitlab!1508)). Add total http read timeout (gitlab-org/security/gitlab@cf4e0aa0a3f668fb63de6721d062c3157fdd9f84) ( merge request
14.0.125 Jun 2021 06:05 minor feature: (2021-06-24). ### (3 changes). Remove add button from Devops Adoption (gitlab-org/gitlab@1c60bdf5daf64f10f001eeb5134f08a53a148d90) ( merge request (gitlab-org/gitlab!64764)) GitLab Enterprise Edition. DevOps Adoption - ensure displayNamespaceId is included (gitlab-org/gitlab@9eb7cd5212cfc19f4cd6578c8e4afc7b4da27eab) ( merge request (gitlab-org/gitlab!64764)) GitLab Enterprise Edition. Add Helm-2to3.gitlab-ci.yml to Auto DevOps (gitlab-org/gitlab@61ac7f46b06fcf151be62407dc0837a44843800e) ( merge request (gitlab-org/gitlab!64764)).
14.0.022 Jun 2021 03:16 major feature: (2021-06-21). ### Added (116 changes). Add Packages::Helm::ProcessFileService (gitlab-org/gitlab@dae2f102ec92a656eb56a753fa7dc625e3489ae3) ( merge request (gitlab-org/gitlab!62760)). Add unique index for Helm packages (gitlab-org/gitlab@cb08762e7c878e3dd0a1ca9f922f387f8b8e453a) ( merge request (gitlab-org/gitlab!62760)). Disable policies linked to no container repositories (gitlab-org/gitlab@120e0486368cff65da3782de377c82ec47a0b28e) ( merge request (gitlab-org/gitlab!62461)). Allow storing detection_method in vulnerability findings (gitlab-org/gitlab@e2a66be7a2b5d3f14c3698e0c74214b4164c0b9c) ( merge request (gitlab-org/gitlab!63989)). Expose `humanTimeEstimate` `humanTotalTimeSpent` (gitlab-org/gitlab@4d078467643f9d3c48e43b18c706bb42746b9434) ( merge request (gitlab-org/gitlab!64081)). Make max diff files and max diff lines configurable (gitlab-org/gitlab@3e26e2528384efcd6e1b0b2e28c6aca687a23d6a) ( merge request (gitlab-org/gitlab!56722)). Add GraphQL endpoint to list agent configurations (via KAS) (gitlab-org/gitlab@d91cbf733ddbb6b9369efe1fecdb8b6fce6384ee) ( merge request (gitlab-org/gitlab!62646)) GitLab Enterprise Edition. Add checkbox in group settings for prevent sharing outside hierarchy (gitlab-org/gitlab@86eb11f2523f441f9a97f69c950816596208b0ab) ( merge request (gitlab-org/gitlab!63810)). Add "Enterprise" badge to users that are provisioned via SAML/SCIM (gitlab-org/gitlab@5f961f652a202d7dcbe872d827a48eb0e2bfd17b) ( merge request (gitlab-org/gitlab!63474)) GitLab Enterprise Edition. Update Bulk Import state more accurately (gitlab-org/gitlab@cea74ea42d4464c30ff39ca929b2bdadcb7083de) ( merge request (gitlab-org/gitlab!63883)). Enable DB Load-balancer flag USE_NEW_LOAD_BALANCER_QUERY by default (gitlab-org/gitlab@b44a37ba10472f7797867b988e41f7548c093e02) ( merge request (gitlab-org/gitlab!63910)). Allow toggle job_token_scope_enabled via GraphQL (gitlab-org/gitlab@3ca540c424d26e8f9cad16f846a7ca4366cd74b1) ( merge request (gitlab-o
13.12.415 Jun 2021 03:16 minor bugfix: (2021-06-14). ### (3 changes). Add alias method usage_ping_enabled? (gitlab-org/gitlab@eb8755115a2a7045b6291171aaa0c7ae76f43fec) ( merge request (gitlab-org/gitlab!63974)). MR diff compare with previous version (gitlab-org/gitlab@96d4df8bb4eb5f148e4dabcc4c3eea88ad27cbc3) ( merge request (gitlab-org/gitlab!63974)). double render in project's git URL redirect (gitlab-org/gitlab@be4059b7a5cddd2e70fa760d8935b1d170068759) (merge request).
13.12.308 Jun 2021 11:05 minor feature: (2021-06-07). ### Added (1 change). Add an option to expose description_html in Release API (gitlab-org/gitlab@47f3fba10dfa82c65b6b006d56cc1724aac411eb) ( merge request (gitlab-org/gitlab!63393)). ### (5 changes). spam detection with Akismet client (gitlab-org/gitlab@75dbe8d017ed691d0517f0a6ca7b9bdd866fa9d9) ( merge request (gitlab-org/gitlab!63393)). Set CSP back to disabled by default (gitlab-org/gitlab@f8f2dbf229693e20171185ae8e31fd59ce2131b3) ( merge request (gitlab-org/gitlab!63393)). CSP related to captchas (gitlab-org/gitlab@cec54814460994ea40311f1091fb7f091d04964f) ( merge request (gitlab-org/gitlab!63393)). with frames not loading in Safari (gitlab-org/gitlab@77b9355f244370b1c184943581f3b6cc27495931) ( merge request (gitlab-org/gitlab!63393)). Catch PgQuery::ParseError errors and log as-is (gitlab-org/gitlab@a4f36df3701208b5d015e1e818f3d5be3577697a) ( merge request (gitlab-org/gitlab!62795)). ### Changed (1 change). Improve SSH key expiration warning emails (gitlab-org/gitlab@2e3929503046ab1da5635ef295321ce08843f937) ( merge request (gitlab-org/gitlab!63393)).
13.12.126 May 2021 03:16 minor bugfix: (2021-05-25). ### (3 changes). Merge branch '/pin-gke-version-to-1-18' into 'master' (gitlab-org/gitlab@44de5542ca82b371ed280db9ce03e0c4d4bd6135) ( merge request (gitlab-org/gitlab!62466)). Merge branch '331562--pipeline-security-tab-scanner-filter' into 'master' (gitlab-org/gitlab@1d70bf2efd574537d73b5fd80f92fd8dd939980b) ( merge request (gitlab-org/gitlab!62466)). Update Gitaly's binary path in init.d scripts (gitlab-org/gitlab@0761e78434dbfa120c8ae14263bfe77f9ae48c71) ( merge request (gitlab-org/gitlab!62457)).
13.12.022 May 2021 03:16 major feature: (2021-05-22). ### Security (3 changes). Prevent DOS from Chaining in Mermaid. !60382. Report pipeline creation success only when warranted. !60746. XSS vulnerability in shared runner description. !60891. ### Removed (10 changes, 2 of them are from the community). Delete feature flag for usage_data_a_compliance_audit_events_api. !52947. Remove feature flag api_always_use_application_json. !56777. Remove unneeded index on packages_debian_ project,group _architectures.distribution_id. !59615 (Mathieu Parent). Delete HipChat service database records. !59769. Set Hipchat metric definitions status to removed. !59779. Remove Legacy Group-Level DORA metrics API. !59858. Remove Alerts service metric. !60149. Remove description_html field from Release Rest API. !61327. Removes multiple_cache_per_job feature flag and associated code. (Laura Montemayor). Remove support for WIP in merge request title toggle. ### (108 changes, 32 of them are from the community). Add warning when locally stored description is out of date. !29438. Disable unsupported task items in Markdown tables. !46060. Flush statistics cache anytime it is updated. !52938. Return an HTML response for a request with the Accept */ header. !56288. Resolve offense Performance/Count. !57007 (Shubham Kumar). Don't show due dates in red if the is. !57647. Rails/SaveBang Rubocop offenses for wiki_page models. !57899. Rails/SaveBang rubocop offenses in spec/frontend. !57909. Rails/SaveBang rubocop offenses in spec/graphql. !57912. Resolve RuboCop offenses for Style/RedundantRegexpCharacterClass. !57914. rubocop offenses Style/RescueStandardError. !57923 (Shubham Kumar). Resolves rubocop offense Style/RedundantFileExtensionInRequire. !57963 (Shubham Kumar). Rails/SaveBang Rubocop offenses for project related models. !57983. Rails/SaveBang Rubocop offenses for member models. !57994. Resolves offenses Style/RaiseArgs. !58009. Resolves offenses Style/RedundantBegin. !58017 (Shubham Kumar)
13.11.415 May 2021 03:16 minor bugfix: (2021-05-14). ### (3 changes). N+1 SQL queries in PipelinesController#show. !60794. Omit trailing slash when proxying pre-authorized routes with no suf. !61638. Omit trailing slash when checking allowed requests in the read-only middleware. !61641.
13.11.304 May 2021 10:25 minor bugfix: (2021-04-30). ### (1 change). Instance-level Project Integration Management page for GitLab FOSS. !60354.
13.11.230 Apr 2021 07:05 minor security: (2021-04-27). ### Security (5 changes). Prevent tokens with only read_api scope from executing mutations. Do not allow deploy tokens in the dependency proxy authentication service. Disable keyset pagination for branches by default. Bump Carrierwave gem to v1.3.2. Restrict setting system_note_timestamp to owners.
13.11.126 Apr 2021 13:05 minor feature: (2021-04-22). ### Changed (1 change). Change unsubscribe language for email campaign on self managed. !59121. ### Added (1 change). Add documentation about Pages deployment migration. !59475.
13.11.022 Apr 2021 16:25 major bugfix: (2021-04-22). ### Security (3 changes). Update to Rails v6.0.3.6. !59328. Update mermaid to version 8.9.2. Allow to disable exiftool depending on env variable. ### Removed (10 changes, 1 of them is from the community). Redirect deprecated pipeline routes. !53990. Remove CI lint button from Jobs page nav. !56854. Remove graphql_individual_release_page feature flag. !56882. Remove deprecated repository archive routes. !57236. Remove add modal from boards (this has been disabled since 13.6). !57329. Remove unused feature flag ':roadmap_buffered_rendering'. !57486. Remove HipChat integration from frontend and docs. !57556. Remove temporary index from vulnerabilities table. !57656. Remove unused feature flag checks. !58469. Remove ability to create new service templates. !58624. ### (175 changes, 90 of them are from the community). Update gatsby project template to address the pipeline failure. !37410 (Takuya Noguchi). an where the link commit message did not end with a newline. !49086 (Kazuya Kojima). Partially incorrect icons for non-standard license files. !53207. Add language- preto CSS class of markdown code blocks. !55076 (Camil Staps). Filter out pipelines that were excluded in the relation scope in Ci::Pipeline#latest_pipeline_per_commit. !55657. mermaid diagrams in dark mode. !56183. Catch network errors. !56457 (Shubham Kumar). the Maven sync worker to not fail if the versionless package is not found. !56514. `#current_authenticated_job` when used with `.authenticate_with` in Grape APIs. !56564. Move graphql timelogs to CE. !56633. in wiki link rewriter filter. !56636. in Gollum Tags filter. !56638. derivation of effective permissions (access level) of group members. !56677. word wrapping in parallel diffs. !56713. Don't label select box on click if only mouseup outside. !56721. reference widget icon and text spacing. !56759. test report merge request widget summary and alignment. !56768. artifacts section from showing up
13.10.315 Apr 2021 13:25 minor security: (2021-04-13). ### Security (3 changes). Check image content type before running exiftool in workhorse. Clean only legitimate JPG and TIFF files. Update ruby-saml and rexml gems.
13.10.205 Apr 2021 08:45 minor feature: (2021-04-01). ### (1 change). Rendering of the image blobs. !57479. ### Added (1 change). Improve performance for composer v2 clients. !55169.
13.10.101 Apr 2021 11:45 minor feature: (2021-03-31). ### Security (6 changes). Leave pool repository on fork unlinking. XSS in merge requests sidebar. arbitrary read/write in AsciiDoctor and Kroki gems. Prevent infinite loop when checking if collaboration is allowed. Disable arbitrary URI and file reads in JSON validator. Require POST request to trigger system hooks. ### Removed (1 change). Make HipChat project service do nothing. !57434. ### Other (3 changes). Remove direct mimemagic dependency. !57387. Refactor MimeMagic calls to new MimeType class. !57421. Switch to using a fake mimemagic gem. !57443.
13.10.018 Mar 2021 07:45 major feature: (2021-03-22). ### Security (3 changes). Workhorse: prevent escaped router path traversal. Workhorse: Stop logging when path is excluded. Patch Kramdown syntax highlighter gem. ### Removed (2 changes). Remove Remove from board button from board sidebar. !53946. Remove workaround for icon loading in Chrome 84. !56114. ### (99 changes, 23 of them are from the community). button alignment in design management header. !48003. Updated UI text to match style guidelines. !50383. Don't auto suggest select boxes on click if only the mouseup (but not the mousedown) event happened outside the box. !51139. Auto DevOps deploys that use a default branch that's not named 'master'. !53280. Correct job artifacts API download for expired and locked files. !53567 (Fabio Huser). project import error occurring due to default visibility. !53827. relative URL with composer package. !53918. Cleanup incorrect data in projects.has_external__tracker. !53936. not skipped manual and delayed DAG jobs. !54073. Skip orphaned pool repositories on restore. !54112. Add space next to icons in epic list. !54138 (Yogi). Render version dropdowns in MR changes view above tab navbar. !54159. Do not show button to resolve discussion opening an when are disabled. !54263. Hide count and link in project list for projects with disabled. !54275. Handle GlobalIDs with invalid resource names. !54290. overflowing width - at mention container. !54377. Update k8s version for EKS cluster. !54389. React to new DOM nodes being added to the page to bind the user information popover to them. !54411. move create_release_evidence sidekiq queue out of the cronjob namespace. !54432. copy to clipboard tooltip button. !54472. bold text mismatch in MR menu. !54531. Wrap long code lines in markdown. !54540. Hide repeated trial offers on self-hosted instances. !54550. when snippet blobs array contain a nil value. !54552. the npm instance level API to exclude subgroups. !54554. the value of
13.9.309 Mar 2021 10:25 minor bugfix: (2021-03-08). ### (4 changes). Upgrade gitlab-shell to v13.17.0. !55295. Update Kroki to Wavedrom graphs. !55659. disabling of Kroki optional formats. !55665. Rename asset_proxy_allowlist column. !55884.
13.9.205 Mar 2021 11:05 minor security: (2021-03-04). ### Security (6 changes). Bump thrift gem to 0.14.0. Allow only owners to manage group variables. Do not store marshalled sessions ids in Redis. XSS in wiki author email and name. Workhorse: prevent escaped router path traversal. XSS vulnerability for swagger file viewer.
13.9.124 Feb 2021 20:05 minor bugfix: (2021-02-23). ### (6 changes, 1 of them is from the community). Send SIGINT instead of SIGQUIT to puma. !54446. Reset description template names cache key to reload an updated templates structure. !54614. Restore missing horizontal scrollbar on boards. !54634. keep latest artifacts checkbox being always disabled. !54669. Metric tab not showing up on operations page. !54736. S3 object storage failing when endpoint is not specified. !54868. ### Changed (1 change). Updates authorization for linting endpoint. !54492. ### Performance (1 change). N+1 SQL regression in exporting to CSV. !54287. ### Other (1 change). creating the idx_on__where_service_desk_reply_to_is_not_null index before the post migration. !54346.
13.9.021 Feb 2021 02:25 major feature: (2021-02-22). ### Security (1 change). Add token_with_iv table. ### Removed (4 changes). Remove implicit FF check on `Featurable`. !52223. Remove merge_request_reviewers feature flag. !52468. Removed unused Text dropdown. !53464. Remove legacy alerts service data and table. !53534. ### (131 changes, 29 of them are from the community). Allow to retrieve all jobs for a given pipeline. !48589 (Alexander Kutelev). Include submodule information for files in diff metadata. !50346. "Stay on Page" alert showing in empty snippet. !50400. Add css to fluid layout for index file. !50626. Make System OAuth app index table responsive and externalize text. !50979. Prevent long variable names from overflowing the popover in CI/CD settings. !51018. long CI variable name overflows on origin. !51021. breadcrumb dropdown on mobile being too narrow. !51092. Show correct ref name in code coverage statistics header. !51385 (Andreas Schmidt). Change Jira Connect update sequence id to use Unix Time. !51697. batch query when primary key is -1. !51716. Allow versionless maven-metadata.xml file duplicates even when maven duplicates are disabled. !51758. comment form dropdown check alignment. !51787. Schedule artifact expiry date backfill background jobs. !51822. alignment and font in project operations settings page. !51825 (Yogi). broken testsuite link if the suite contains a dot. !51828. Move Social connect button to new GitLab UI. !51835 (Yogi). border bottom color collapsed replies. !51871 (Yogi). alignment of chevron-down icon in toggle replies. !51872 (Yogi). Remove container_class in project activity which removes extra padding. !51878 (Yogi). Add btn-default to MR edit button. !51879 (Yogi). Remove duplicates from related_commit_sha query. !51888. Add btn-default class to button in project breadcrumb. !51910 (Yogi). top border-radius of the login box. !51950 (Yogi). Improve duplication validation on Release Links. !51951. Update Project/Group Exp
13.8.412 Feb 2021 07:05 minor security: (2021-02-11). ### Security (9 changes). Cancel running and pending jobs when a project is deleted. !1220. Prevent Denial of Service Attack on gitlab-shell. Prevent exposure of confidential titles in file browser. Updates authorization for linting API. Check user access on API merge request read actions. Limit daily invitations to groups and projects. Enforce the analytics enabled project setting for project-level analytics features. Perform SSL verification for FortiTokenCloud Integration. Prevent Server-side Request Forgery for Prometheus when secured by Google IAP.
13.8.306 Feb 2021 12:25 minor bugfix: (2021-02-05). ### (2 changes). Revert multipart URL optimization for AWS S3. !52561. Regression with old wiki image uploads. !52656.
13.8.202 Feb 2021 04:45 minor feature: (2021-02-01). ### Security (5 changes). Filter sensitive GraphQL variables from logs. Avoid exposing release links when the user cannot read git-tag/repository. Sanitize target branch on MR page. DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting. Add routes for unmatched url for not-get requests.
13.8.127 Jan 2021 22:05 minor bugfix: (2021-01-26). ### (3 changes). Cancel artifact expiry backfill background jobs. !51821. LFS not working with S3 specific-storage settings. !52296. missing setting LDAP servers. !52512.
13.8.022 Jan 2021 13:25 major feature: (2021-01-22). ### Security (4 changes, 1 of them is from the community). The NuGet endpoints will no longer ignore an invalid username when a personal access token or deploy token is passed via HTTP Basic authentication. !38627 (Ethan Reesor). Update WEBrick to v1.6.1. !50720. Prevent user-defined variables from being used by non-maintainers. !51682. Upgrade Workhorse to 8.58.2. ### Removed (2 changes). Drop group_id column from compliance_management_frameworks table. !50829. Remove deprecated generic alert integration in favor of HTTP Integrations. !50913. ### (91 changes, 35 of them are from the community). Deduplicate labels with identical title and group. !37148. Remove diff display preferences and file tree from changes empty state. !43467. Upgrade to Grape v1.5.0. !44554. database timeout errors when removing expired job artifacts. !47496. Return release milestones in predictable order. !47700. multiple simultaneous requests for vulnerabilities on pipeline security tab. !48426. Remove duplicate service records. !49463. Add LaTeX support for Jupyter Notebooks. !49497. confusing button text when importing from GitHub. !49684. identicon text color in dark mode. !49785. installation of Knative under Helm 3. !49843. Hide inoperable group search Releases filter. !50010. visibility level validation for deep nested forks. !50081. Change type of CiJob.needs. !50192. Handle git errors when cleaning up MR refs. !50250. over-eagerly updating Web IDE Live Preview. !50255. Persist updated_at value in state change events. !50272. Enlarge the timeline toggle button. !50284. Hide "Actions" label on group members view if no action buttons exist. !50304. with snippets in HEAD when default branch is not master. !50366. Add project scope to ci clint graphql endpoint. !50418. the graphQL type for container repository tags. !50419. Allow more actions on group members. !50445. Don't allow filtering by release tag on groups. !50457. Flash transf
13.7.312 Jan 2021 03:18 minor bugfix: (2021-01-08). ### (7 changes). Canary Ingress weight is not reflected on UI immediately. !50246. Change pages deployments size to bigint. !50262. Viewing container repositories with tags with corrupted manifest. !50362. The graphQL type for container repository tags. !50419. (eetrialbanner): EE trial banner to allow dismiss. !50436. Update Helm 2 version to 2.17.0. !50547. Project access token regression. !50800.
13.7.208 Jan 2021 19:25 minor bugfix: (2021-01-07). ### Security (7 changes). Forbid public cache for private repos. Deny implicit flow for confidential apps. Update NuGet regular expression to protect against ReDoS. regular expression backtracking in package name validation. stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages. Update trusted OAuth applications to set them as confidential. Upgrade Workhorse to 8.58.2.
13.7.022 Dec 2020 07:05 major feature: (2020-12-22). ### Security (1 change). regular expression backtracking in custom emoji name validation. ### Removed (2 changes, 1 of them is from the community). Remove Google Code importer. !48139 (Getulio Valentin Sánchez). Remove release notes from Tags page. !49979. ### (109 changes, 7 of them are from the community). Update user mentions when markdown columns are directly saved to DB. !38034. Retain spinner when applying MR suggestions. !46203. Skipped jobs no longer trigger a cancelled deployment. !46614. Catch wiki timeouts when rendering pages. !46627. single file snippets display for Geo secondary sites. !46812. Jira Connect styles not loaded when startup_css is enabled. !47043. Add migration that updated users that don't need to have 2fa established. !47193. project integration form validation when integration is inactive. !47201. project access token build authentication error. !47247. Support S3 server side encryption in CI cloud native job logs. !47536. repository clone panel for wikis. !47676. Hide Mark as draft button in a merged MR even on mobile. !47678 (Takuya Noguchi). Eliminate N+1 performance in MergeRequest.pipelines in GraphQL API. !47784. Add cascade delete foreign key to web_hooks on service_id without validation. !47821. Implement passing dotenv variables to bridge jobs. !47905. Allow canceling all pipelines with auto-cancel. !47906. error in Issuable::ImportCsv::BaseService when CSV file is empty. !47918. editing labels on the swimlanes sidebar. !47946. Scroll exactly to the top of a discussion on the MR Overview tab. !47970. Search page: empty results status. !48034. Move fuzz license check to.pre stage. !48076. Add link in Access Request API. !48081 (jimcser). Add gitlab:db:active task. !48083. overscroll for MR diffs in mobile view. !48091. incorrect line height in file header. !48117. Repopulate historical vulnerability statistics. !48128. image diff comments positioning. !48132. Manually trigge
13.6.312 Dec 2020 12:05 minor bugfix: (2020-12-10). ### (5 changes). error 500s creating projects concurrently. !48571. container_registry url for relative urls. !48661. Resolve Members page 500 error after Invitation sent via API. !48937. Add different string encoding method in rack middleware. !49044. MR rendering when user is tool admin and not project member. !49258. ### Changed (1 change). Update Rake check and docs to require Ruby 2.7. !48552.
13.6.208 Dec 2020 07:25 minor bugfix: (2020-12-07). ### Security (10 changes). Validate zoom links to start with https only. !1055. Require at least 3 characters when searching for project in the Explore page. Do not show emails of users in confirmation page. Forbid setting a gitlabUserList strategy to a list from another project. mermaid resource consumption in GFM fields. Ensure group and project memberships are not leaked via API for users with private profiles. GraphQL User: do not expose email if set to private. Filter search parameter to prevent data leaks. Do not expose starred projects of users with private profile via API. Do not show starred contributed projects of users with private profile.
13.6.125 Nov 2020 06:45 minor bugfix: (2020-11-23). ### (5 changes). Project transfer corrupting shared runners state. !48032. Project select split button. !48065. Tags pages erroring for projects with private pipelines. !48184. Ensure Alerts list loads when only HTTP integrations are enabled. !48247. Does not track package events on a read-only instance. !48257. ### Changed (1 change). Re-name Instance Statistics as Usage Trends. !48183.
13.6.021 Nov 2020 03:45 major feature: (2020-11-22). ### Removed (3 changes). Removed ACE editor from the codebase. !46420. Remove storage limit column from application settings. !46676. Remove the ability to resole individual notes. !46775. ### (140 changes, 11 of them are from the community). rendering of markdown headings and floated images. !25442 (Gwen_). release assets link redirection. !35381. chatbot replies not including job log. !42010. Show tar warning message when file/folder changed during backup instead of failing whole backup operation. !42197. Remove default EKS Region dropdown in cluster create form. !43017. Remove all records from `security_findings` table. !44312. Add `position` column into security_findings table. !44815. Render script newlines in CI Lint view. !45087 (Nejc Habjan). a race condition checking whether a project is read-only. !45160. Limit number of times a background migration is rescheduled. !45298. Improve project labels page card layout consistency. !45311. Do not convert unicode versions of trademark, copyright, and registered trademark to emoji. !45457. Gracefully recover from deleted LFS file. !45459. Bad Escape in Board Empty State. !45465. Update cluster applications CI template to 0.34.1. !45487. multi line comment options in parallel mode. !45557. Removed not equal filter option for drafts on merge requests. !45649. target branch not filtering. !45652. Merge Request "Edit in Web IDE" dropdown link on MR diffs page. !45653. Handle malformed strings in URL. !45701. Reset the pagination cursor when a search result filter changes. !45708. aria label on IDE tab button. !45709. danger-secondary button in the Web IDE dark theme. !45714. Removes the hamburger icon in the Changes tab in Web IDE. !45717. exception when saving Jira integration info for an instance. !45718. Make sure the http_requests_total and http_request_duration_seconds metrics are not empty on application start. !45755. Configure CSP for displaying Youtube videos i
13.5.414 Nov 2020 13:05 minor bugfix: (2020-11-13). ### (4 changes). Vue Labels Select dropdown keyboard scroll. !43874. Hashed Storage: make migration and rollback resilient to exceptions. !46178. compliance framework database migration on CE instances. !46761. Resolve problem when namespace_settings were not created for groups created via admin panel. !46875.
13.5.307 Nov 2020 04:05 minor feature: (2020-11-03). ### (3 changes). IDE with special characters. !46398. Ensure that copy to clipboard button is visible. !46466. Auto Deploy: for fetching other charts from stable repo. !46531. ### Added (1 change). Add environment variables to override backup/restore DB settings. !45855.
13.5.203 Nov 2020 16:45 minor security: (2020-11-02). ### Security (9 changes). Add CSRF protection to runner pause and resume. !1021. Do not expose Terraform state record in API. Path traversal to RCE via LFS upload. Update container_repository_name_regex to prevent catastrophic backtracking. Validate nuget package names. Prevent private repo from being accessed via internal Kubernetes API. Validate each upload param key in multipart.rb. XSS vulnerability for job build dependencies. unauthorized user is able to access schedule pipeline variables and values.
13.5.022 Oct 2020 11:25 major feature: (2020-10-22). ### Security (1 change). Update GitLab Runner Helm Chart to 0.21.1. ### Removed (3 changes, 2 of them are from the community). Drop Iglu registry URL column. !42939. Remove coverage_report_view feature flag. !43711. Remove release_evidence_collection feature flag. !44234. ### (118 changes, 9 of them are from the community). Include builds from child pipelines in latest sucessful build for ref/sha. !29710. branches_to_be_notified API param for hangouts chat service. !35599. Add empty dependencies value to ECS Deploy job. !36862. with optional merge requests approval in CE. !42119 (Pavel Kuznetsov). type of SentryErrorType global ID. !42185. Remove linux arch only rule for coverage fuzzing. !42316. Do not show retried builds in the MR code coverage. !42402. Does not refresh project/snippet statistics on a read-only instance. !42417. Rendering trailing slash in reference links (). !42484. Remove retry icon on failed job if merge pipeline. !42495. Designs: return an error if uploading designs with duplicate names. !42514 (Sushil Khanchi). Unit Test Report: icon for errored status. !42540. Copy designs to when an with designs is moved. !42548. triggering multiple children pipeline with the same artifact. !42595. caret sizes in navigation. !42605. Revert required encryption on CI runner tokens. !42623. Markdown "Preview" tab on New/Edit Release and New Snippet pages. !42640. a causing 'Missing author note' to be added to notes for mapped users when importing project using GitLab Import. !42648. Hides batch suggestions button if there is only 1 suggestion. !42681. GraphQL token authentication when installed under a relative URL. !42706. Update pipeline failed notification e-mail warning. !42736. clickable width of release asset links. !42757. size of edit button on releases page. !42779. Move before_script into script for CQ template. !42782. Resolve Error when quickly reordering designs. !42818. Eliminate extra spacing
13.4.416 Oct 2020 15:45 minor feature: (2020-10-15). ### (2 changes). rollback portion of migration that adds temporary index for container scanning findings. !44593. Improve merge error when pre-receive hooks fail in fast-forward merge. !44843. ### Other (1 change). Revert 42465 and 42343: Expanded collapsed diff files. !43361.
13.4.307 Oct 2020 21:45 minor bugfix: (2020-10-06). ### (3 changes). Exclude 2FA from upload#show routes and 404s. !42784. Use create_wiki method on ensure_wiki_exists in update_service. !42910. Large backups not working with Azure Blob storage. !44233.
13.4.022 Sep 2020 15:05 major bugfix: (2020-09-22). ### Security (2 changes, 1 of them is from the community). Update lodash to 4.17.20. !41036 (Takuya Noguchi). Update GitLab Runner Helm Chart to 0.20.1. ### Removed (6 changes, 1 of them is from the community). Remove secret_detection job from vendored SAST CI template. !40028. Remove Docker-in-Docker mode from Dependency Scanning documentation. !40631. Removes unused classes on initial Ci::Ref implementation. !41077. Drop Docker-in-Docker mode for SAST and Dependency Scanning. !41260. Remove application settings for Snowplow iglu registry url. !41556. Remove Value Stream Total stage. !42345. ### (160 changes, 41 of them are from the community). Conditionally render the packages scopes in deploy token settings. !35334. advanced filters in log explorer view for gitlab managed applications. !37926. RegExp for dotenv report artifact. !38562. composer 404 with http auth. !38641. Update EKS Kubernetes versions. !38644. skipped status of DAG pipelines. !39205. wrong MR pipeline link when FF-merge strategy is used. !39396. Include also inherited project members in GraphQL API. !39444. Refactor spec/support/shared_examples/services/ and ee/spec/support/shared_examples/services/ to Rails/SaveBang Cop. !39538 (Rajendra Kadam). Removes extra spaces on MR/Epic tabs-containers on mobile. !39549 (Takuya Noguchi). Milestone Dashboard: Move Gray Type Badge Next to the Milestone Title. !39617. GraphQL file uploads accepting non-file input. !39763. Metrics dashboard embeds when using new URLs. !39876. Respect original visibility for instrumented methods. !39951. Take relative_url_path into account when building URLs in snippets. !39960. non-retrying bridges after retried builds in CI pipelines. !39989. Support X-Envelope-To header as a location for Service Desk key. !40001. where conan does not properly check package channel when returning file download urls. !40029. example within file_hooks documentation. !40071 (Roger Meier). miss
13.3.404 Sep 2020 02:05 minor security: (2020-09-02). ### Security (1 change). Protect OAuth endpoints from brute force/password stuffing.
13.3.229 Aug 2020 11:25 minor bugfix: (2020-08-28). ### Removed (1 change). Display upcoming database deprecation warning only if current database version minimum is not met. !38225. ### (5 changes). Race condition in concurrent backups. !39894. Prevent accidental group deletion if path rename fails. !40353. Snippet save button disabled with empty file path. !40412. Exception handling when a concurrent backup fails. !40451. Scope incident counts by given project or group. !40700.
13.3.023 Aug 2020 09:45 major feature: (2020-08-22). ### Security (2 changes). Improve path traversal validation checks. !33114. Update GitLab Runner Helm Chart to 0.19.2. ### Removed (3 changes). Remove Internet Explorer 11 from babel transpilation. !36840. Remove namespace storage limit setting. !38108. Geo: Drop tables related to vulnerability export replication. !38299. ### (116 changes, 14 of them are from the community). filter by releases at group and merge requests search bar. !26740 (Gilang Gumilar). Disable commenting on lines in files that were or are symlinks or replace or are replaced by symlinks. !35371. icon alignment on board cards. !35710 (carolcarvalhosa). Make Add metrics button visible on self monitoring dashboard. !36169. Keep large spinner while MR file tree is loading. !36446. : Child pipelines are not found by API endpoints. !36494. Show relevant error messages when failing to match a CI job entry. !36536. Don t show icon on flash warning. !36581. Updates to file table in package details UI. !36723 (Adam Alvis). Add graceful timeout handling for analytics. !36811. Resolve Pasting an image into a comment also uploads design. !37171. release evidence sometimes not being collected. !37184. editing note throws js error. !37216. merge request approvals for EE without a license. !37246. ops settings titles. !37259. Refactor all factories to SaveBang Cop. !37268 (Rajendra Kadam). Resolve Anchor tags to Designs is not working. !37307. content validation for existing wiki pages. !37310. Alert management list spacing. !37320. with blank keyset pagination parameters. !37351. Remove dashed border on designs hover. !37375. CSV downloads for multiple series in the same chart. !37377. Pypi and Nuget Storage Statistics. !37386. Display files in tab counter same as diff stats. !37390. vertical alignment of design management toolbar buttons. !37398. Allow LFS to be enabled in project settings even when Repository is disabled. !37401. Update MRs on push. !374
13.2.412 Aug 2020 19:25 minor feature: (2020-08-11). ### Security (1 change). Add decompressed archive size validation on Project/Group Import. !38736. ### (1 change). Automatic creation via Prometheus alerts. !37884.
13.2.306 Aug 2020 22:05 minor security: (2020-08-05). ### Security (12 changes). Update kramdown gem to version 2.3.0. Enforce 2FA on Doorkeeper controllers. Revoke OAuth grants when a user revokes an application. Refresh project authorizations when transferring groups. Stop excess logs from failure to send invite email when group no longer exists. Verify confirmed email for OAuth Authorize POST endpoint. XSS in Markdown reference tooltips. XSS in milestone tooltips. xss vulnerability on jobs view. Block 40-character hexadecimal branches. Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled. Update GitLab Runner Helm Chart to 0.18.2.
13.2.230 Jul 2020 10:25 minor feature: (2020-07-29). ### (3 changes). Coerce repository_storages_weighted, removes repository_storages. !36376. JiraImportUsersInput startAt field. !37492. Provide better git error message when the user is unconfirmed. !37944. ### Changed (1 change). Skip mass unconfirming users when send_user_confirmation_email setting is off. !38024.
13.2.022 Jul 2020 11:05 major feature: (2020-07-22). ### Security (3 changes). Unconfirm wrongfully verified email addresses and user accounts. !35492. Make logrotate run as git user for source installations. !35519. Replace misleading text in re-confirmation emails. !36634. ### Removed (7 changes, 2 of them are from the community). Remove deprecated dashboard group milestone pages. !13237. Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna). Remove all search autocomplete for groups/projects/other. !31187. Remove temporary datepicker position as it is no longer required. !31836 (Arun Kumar Mohan). Remove the ability to customize the title and description of some integrations (zilla, Custom Tracker, Redmine, and YouTrack). !33298. Drop deprecated _ANALYZER_IMAGE_PRE. !34325. Remove Internet Explorer 11 specific polyfills. !36830. ### (300 changes, 79 of them are from the community). Remove broken hyperlink from and reopen button. !22220 (Lee t). 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan). back button when switching MR tabs. !29862 (Lee t). Remove ability to scroll while in Design View. !29881. merge request note label URLs. !30428 (Lee t). default path when creating project from group template. !30597 (Lee t). that prevented k8s authentication with intermediate certificates. !31254 (Abdelrahman Mohamed). group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta). issuable listings with any label filter. !31729. Move prepend to last in ee-app-services. !31838 (Rajendra Kadam). Fallback to lowest visibility level in snippet visibility radio. !31847. Add class stubs and leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam). Remove usage of spam constants in spec. !31959 (Rajendra Kadam). leaky constant in uninstall progress service check. !32036 (Rajendra Kadam). leaky constant in commit entity spec. !32039 (Rajendra Kadam). leaky constant in task completion status spec
13.1.202 Jul 2020 07:25 minor security: (2020-07-01). ### Security (18 changes). Update xterm js dependency to latest stable 3.x version. Do not show activity for users with private profiles. stored XSS in markdown renderer. Upgrade swagger-ui to solve XSS. group deploy token API authorizations. Check access when sending TODOs related to merge requests. Change from hybrid to JSON cookies serializer. Prevent XSS in group name validations. Disable caching for wiki attachments. Disable Github Importer API by settings. null byte error in upload path. Update permissions for time tracking endpoints. Add snippet repository validation after bundle import. Update Kaminari gem. note author name rendering. Sanitize bitbucket repo urls to mitigate XSS. Stored XSS on the Error Tracking page. security when rendering issuable.
13.1.124 Jun 2020 13:05 minor bugfix: (2020-06-23). ### (4 changes). Missing templating vars set from URL in metrics dashboard. !34668. Edit status dropdown overflow. !34847. Load user before logging git http-requests. !34923. Do not mask key comments for DeployKeys. !35014. ### Added (1 change). Periodically recompute project authorizations. !34071.
13.0.407 Jun 2020 03:05 minor security: (2020-06-03). ### Security (1 change). Prevent fetching repository code with unauthorized ci token.
13.0.302 Jun 2020 18:05 minor bugfix: (2020-05-29). ### (8 changes, 1 of them is from the community). redirection to project snippets. !32530. Geo replication for design thumbnails. !32703. s downloading build artifacts. !32741. Auto DevOps manual rollout jobs not being allowed to fail. !32865. Update deprecated routes in irker integration. !32923 (Marc Jeanmougin). Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062. and MR API performance regression when Markdown cache is stale. !33235. when user created the. !33294.
13.0.129 May 2020 10:45 minor feature: (2020-05-27). ### Security (12 changes). Add an extra validation to Static Site Editor payload. Hide EKS secret key in admin integrations settings. Added data integrity check before updating a deploy key. Display only verified emails on notifications and profile page. Require confirmed email address for GitLab OAuth authentication. Kubernetes cluster details page no longer exposes Service Token. confirming unverified emails with soft email confirmation flow enabled. Disallow user to control PUT request using mermaid markdown in description. Check forked project permissions before allowing fork. Limit memory footprint of a command that generates ZIP artifacts metadata. file enuming using Group Import. Prevent XSS in the monitoring dashboard.
13.0.025 May 2020 21:45 major feature: (2020-05-22). ### Removed (20 changes, 5 of them are from the community). Remove project routes that were deprecated before 12.1. !26808. Drop x-y-stable version pinning for Secure templates. !29603. Remove logs from the admin pages. !30485. Remove deprecated /admin/application_settings redirect. !30532. Drop support for License-Management CI template. !30645. Remove deprecated InfluxDB. !30786. Remove deprecated Release Evidence endpoints. !30975. Remove deprecated Release Evidence endpoints documentation. !30978. Drop support for `license_management` artifact. !31247. Remove deprecated container scanning report parser. !31294. Remove rake task `gitlab:track_deployment`. !31404. Remove token attribute from Runners API. !31448. Remove support for Ruby format variable interpolation (` variable `) in custom dashboards. !31581. Remove JenkinsDeprecatedService. !31607 (tnwx). Remove ruby_memory_bytes metric, duplicate of ruby_process_resident_memory_bytes. !31705. Remove project_list_show_mr_count feature flag. !31789 (Gilang Gumilar). Remove project_list_show__count feature flag. !31793 (Gilang Gumilar). Remove set_user_last_activity feature flag. !31795 (Gilang Gumilar). Remove registrations_recaptcha feature flag. !31797 (Gilang Gumilar). Remove deprecated Sidekiq rake tasks. ### (171 changes, 54 of them are from the community). Allow public access to pipeline schedules. !20806 (Lee t). Add user last_activity logging in GraphQL. !23063. Render TestReport parsing errors back to pipeline test summary. !24188. Add user popovers to system notes. !24241. missing RSS feed events. !28054. Resolve Text for future Release date grammatically incorrect. !28075. number of approvals given calculation. !28293 (Steffen Köhler). Always display new subgroup button when permission is granted. !28309 (Mattias Michaux). Correct the permission according to docs. !28657. duplicated activity and events on deletion of tag. !28861 (Sashi Kumar). init.d s
12.10.621 May 2020 12:05 minor bugfix: (2020-05-15). ### (5 changes). Duplicate index removal on ci_pipelines.project_id. !31043. on creating an invalid domains and verification. !31190. Incorrect number of errors returned when querying sentry errors. !31252. Add instance column to services table if it's missing. !31631. Incorrect regex used in FileUploader#extract_dynamic_path. !32271.
12.10.514 May 2020 06:45 minor feature: (2020-05-13). ### Added (1 change). Consider project group and group ancestors when processing CODEOWNERS entries. !31804.
12.10.406 May 2020 15:45 minor feature: (2020-05-05). ### (1 change). Add a Project's group to list of groups when parsing for codeowner entries. !30934.
12.10.201 May 2020 15:25 minor security: (2020-04-30). ### Security (8 changes). Ensure MR diff exists before codeowner check. Apply CODEOWNERS validations to web requests. Prevent unauthorized access to default branch. Do not return private project ID without permission. doorkeeper CVE-2020-10187. Change GitHub service integration token input to password. Return only safe urls for mirrors. Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
12.10.127 Apr 2020 17:45 minor bugfix: (2020-04-24). ### (5 changes). creating project from git ssh. !29771. Web IDE handling of deleting newly added files. !29783. null dereference in /import status REST endpoint. !29886. Service Templates missing Active toggle. !29936. error on accessing restricted levels. !30313. ### Changed (1 change). Move Group Deploy Tokens to new Group-scoped Repository settings. !29290. ### Other (1 change). Migration of dismissals to vulnerabilities. !29711.
12.10.023 Apr 2020 10:25 major feature: (2020-04-22). ### Removed (3 changes). Revert LDAP readonly attributes feature. !28541. Remove deprecated /ci/lint page. !28562. Remove open in file view link from Web IDE. !28705. ### (118 changes, 26 of them are from the community). Return 202 for command only notes in REST API. !19624. Run SAST using awk to pass env variables directly to docker without creating.env file. !21174 (Florian Gaultier). #42671: Project and group storage statistics now support values up to 8 PiB. !23131 (Matthias van de Meent). error on profile/chat_names for deleted projects. !24341. Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !24684. archived corrupted projects not displaying in admin. !25171 (erickcspice). some Web IDE with empty projects. !25463. failing ci variable e2e test. !25924. new file not being created in non-ascii character folders. !26165. Validate uniqueness of project_id and type when a new project service is created. !26308. assignee dropdown on new page. !26971. Resolve Unable to expand multiple downstream pipelines. !27029. Hide admin user actions for ghost and bot users. !27162. invalid ancestor group milestones when moving projects. !27262. right sidebar when scrollbars are always visible. !27314. OpenAPI file detector. !27321 (Roger Meier). managed_free_namespaces scope to only groups without a license or a free license. !27356. Set commit status to failed if the TeamCity connection is refused. !27395. Resolve Improve format support message in design. !27409. Add tooltips with full path to file headers on file tree. !27437. Scope WAF Statistics anomalies to environment.external_url. !27466. Show the proper information in snippet edit form. !27479. the repository Vue router not working with Chinese characters. !27494. smartcard config initialization. !27560. audit event that weren't being created for failed LDAP log-in tries. !27608. filtere
12.9.419 Apr 2020 14:45 minor bugfix: (2020-04-16). No changes. ### (5 changes, 1 of them is from the community). Not working File upload from Project overview page. !26828 (Gilang Gumilar). Storage rollback regression caused by previous refactor. !28496. Incorrect regex used in FileUploader#extract_dynamic_path. !28683. Fully qualify id columns for keyset pagination (Projects API). !29026. Slack notifications when upgrading from old GitLab versions. !29111.
12.9.315 Apr 2020 15:45 minor security: (2020-04-14). ### Security (3 changes). Refresh ProjectAuthorization during Group deletion. Prevent filename bypass on artifact upload. Update rack and related gems to 2.0.9 to security.
12.9.201 Apr 2020 13:05 minor feature: (2020-03-31). ### (5 changes). Ensure import by URL works after a failed import. !27546. /MR state not being preserved when importing a project using Project Import/Export. !27816. Leave upload Content-Type unchaged. !27864. Disable archive rate limit by default. !28264. rake gitlab:setup failing on new installs. !28270. ### Changed (1 change). Rename feature on the FE and locale. ### Performance (1 change). Index on sent_notifications table. !27034.
12.9.127 Mar 2020 16:45 minor bugfix: (2020-03-26). ### Security (16 changes). Add permission check for pipeline status of MR. Ignore empty remote_id params from Workhorse accelerated uploads. External user can not create personal snippet through API. Prevent malicious entry for group name. Restrict mirroring changes to admins only when mirroring is disabled. Reject all container registry requests from blocked users. Deny localhost requests on fogz importer. Redact notes in moved confidential. UploadRewriter Path Traversal vulnerability. Block hotlinking to repository archives. Restrict access to project pipeline metrics reports. vulnerability_feedback records should be restricted to a dev role and above. Exclude Carrierwave remote URL methods from import. Update Nokogiri to CVE-2020-7595. Prevent updating trigger by other maintainers. XSS vulnerability in `admin/email` "Recipient Group" dropdown. ### (1 change). updating the authorized_keys file. !27798.
12.9.022 Mar 2020 17:25 major bugfix: (2020-03-22). ### Security (1 change). Update Puma to 4.3.3. !27232. ### Removed (3 changes). Remove staging from commit workflow in the Web IDE. !26151. Remove and deprecate snippet content search. !26359. Remove "Analytics" suffrom the sidebar menu items. !26415. ### (117 changes, 19 of them are from the community). Set all NULL `lock_version` values to 0 for issuables. !18418. Support finding namespace by ID or path on fork API. !20603 (leoleoasd). caret position after pasting an image 15011. !21382 (Carolina Carvalhosa). Use of sha instead of ref when creating a new ref on deployment creation. !23170. logic to determine project export state and add regeneration_in_progress state. !23664. Create child pipelines dynamically using content from artifact as CI configuration. !23790. Handle Gitaly failure when fetching license. !24310. error details layout and alignment for mobile view. !24390. Added the multiSelect option to stop event propagation when clicking on the dropdown. !24611 (Gwen_). Activate Prometheus integration service for newly created project if this project has access to shared Prometheus application. !24676. Jump to next unresolved thread. !24728. Require a logged in user to accept or decline a term. !24771. quick actions executing in multiline inline code when placed on its own line. !24933 (Pavlo Dudchenko). timezones for popovers. !24942. Prevent "Select project to create merge request" button from overflowing out of the viewport on mobile. !25195. Add validation for updated_at parameter in update API. !25201 (Filip Stybel). Elasticsearch: when index is absent warn users and disable index button. !25254. pipeline details page initialisation on invalid pipeline. !25302 (Fabio Huser). with sidebar not expanding at certain resolutions. !25313 (Lee t). Rescue elasticsearch server error in pod logs. !25367. project setting approval input in non-sequential order. !25391. Add responsivity to cluster environments table.
12.8.717 Mar 2020 17:05 minor bugfix: (2020-03-16). ### (1 change, 1 of them is from the community). Crl_url parsing and certificate visualization. !25876 (Roger Meier).
12.8.509 Mar 2020 12:25 minor bugfix: ### (8 changes). Group Import API file upload when object storage is disabled. !25715. Web IDE fork modal showing no text. !25842. regression when URL was encoded in a loop. !25849. repository browsing for folders with non-ascii characters. !25877. search for Sentry error list. !26129. Send credentials with GraphQL fetch requests. !26386. Show CI status in project dashboards. !26403. Rescue invalid URLs during badge retrieval in asset proxy. !26524. ### Performance (2 changes). Disable Marginalia line backtrace in production. !26199. Remove unnecessary Redis deletes for broadcast messages. !26541. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.205 Mar 2020 15:25 minor bugfix: ### Security (17 changes). Update container registry authentication to account for login request when checking permissions. Update ProjectAuthorization when deleting or updating GroupGroupLink. Prevent an endless checking loop for two merge requests targeting each other. Update user 2fa when accepting a group invite. for XSS in branch names. Prevent directory traversal through FileUploader. Run project badge images through the asset proxy. Check merge requests read permissions before showing them in the pipeline widget. Respect member access level for group shares. Remove OID filtering during LFS imports. Protect against denial of service using pipeline webhook recursion. Expire account confirmation token. Prevent XSS in admin grafana URL setting. Don't require base_sha in DiffRefsType. Sanitize output by dependency linkers. Recalculate ProjectAuthorizations for all users. Escape special chars in Sentry error header. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.126 Feb 2020 08:05 minor bugfix: ### (5 changes). Markdown layout of incident. !25352. Time series extends axis options correctly. !25399. "Edit Release" page. !25469. Upgrade failure in EE displaying license. !25788. Last commit widget when Gravatar is disabled.
12.8.023 Feb 2020 00:05 major bugfix: ### Security (6 changes, 2 of them are from the community). Upgrade Doorkeeper to 4.4.3 to address CVE-2018-1000211. !20953. Upgrade Doorkeeper to 5.0.2. !21173. Update webpack related packages. !22456 (Takuya Noguchi). Update rubyzip gem in qa tests to 1.3.0 to CVE-2019-16892. !24119. Update GraphicsMagick from 1.3.33 to 1.3.34. !24225 (Takuya Noguchi). Update handlebars to remove from dependency dashboard. ### Removed (2 changes, 1 of them is from the community). Remove temporary index at services on project_id. !24263. Remove CI status from Projects Dashboard. !25225. ### (136 changes, 21 of them are from the community). When a namespace GitLab Subscription expires, disable SSO enforcement. !21135. with snippet counts not being scoped to current authorisation. !21705. Log user last activity on REST API. !21725. Create LfsObjectsProject record for forks as well. !22418. Limit size of diffs returned by /projects/:id/repository/compare API endpoint. !22658. spacing and UI on Recent Deliveries section of Project Services. !22666. Improve error messages when adding a child epic. !22688. a new line with suggestions in the last line of a file. !22732. Use POSTGRES_VERSION variable in Auto DevOps Test stage. !22884 (Serban Marti). Include milestones from subgroups in the list of Group Milestones. !22922. Authenticate user when scope is passed to events api. !22956 (briankabiro). Limit productivity analytics graph y-axis scale to whole numbers. !23140. GraphiQL when GitLab is installed under a relative URL. !23143 (Mathieu Parent). Stop NoMethodError happening for 1.16+ Kubernetes clusters. !23149. advanced global search permissions for guest users. !23177. JIRA DVCS retrieving repositories. !23180. logs api etag with elasticsearch. !23249. Add border radius and remove blue outline on recent searches filter. !23266. premailer and S/MIME emailer hooks order. !23293 (Diego Louzán). Web IDE alert message look and feel. !23300 (Sean Nichols
12.7.505 Feb 2020 05:45 minor bugfix: ### (4 changes, 1 of them is from the community). Add accidentally deleted project config for custom apply suggestions. !23687 (Fabio Huser). Database permission check for triggers on Amazon RDS. !24035. Applying the suggestions with an empty custom message. !24144. Remove invalid data from _tracker_data table.
12.7.331 Jan 2020 06:45 minor security: ### Security (17 changes, 1 of them is from the community). xss on frequent groups dropdown. !50. Bump rubyzip to 2.0.0. (Utkarsh Gupta). Disable access to last_pipeline in commits API for users without read permissions. Add constraint to group dependency proxy endpoint param. Limit number of AsciiDoc includes per document. Prevent API access for unconfirmed users. Enforce permission check when counting activity events. Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type. Cleanup todos for users from a removed linked group. XSS vulnerability on custom project templates form. Protect internal CI builds from external overrides. ImportExport::ExportService to require admin_project permission. Make sure that only system notes where all references are visible to user are exposed in GraphQL API. Disable caching of repository/files/:file_path/raw API endpoint. Make cross-repository comparisons happen in the source repository. Update excon to 0.71.1 to CVE-2019-16779. Add workhorse request verification to package upload endpoints.
12.7.124 Jan 2020 19:54 major feature:
8.0.516 Oct 2015 13:25 minor bugfix: Correct lookup-by-email for LDAP logins. Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.406 Oct 2015 23:25 minor bugfix: Message-ID header to be RFC 2111-compliant to prevent e-mails being dropped (Stan Hu). Referrals for :back and relative URL installs. Anchors to comments in diffs. - Remove CI token from build traces. - "Assign All" button on Runner admin page.
8.0.301 Oct 2015 03:15 minor bugfix: URL shown in Slack notifications. - where projects would appear to be stuck in the forked import state (Stan Hu). - Error 500 in creating merge requests with 1000 diffs (Stan Hu).
8.0.227 Sep 2015 03:15 minor bugfix: default avatar not rendering in network graph (Stan Hu). - Skip check_initd_configured_correctly on omnibus installs. - Prevent double-preing of help page paths. - Clarify confirmation text on user deletion. - Make commit graphs responsive to window width changes (Stan Hu). - top margin for sign-in button on public pages. - LDAP attribute mapping. - Remove git refs used internally by GitLab from network graph (Stan Hu). - Use standard Markdown font in Markdown preview instead of -width font (Stan Hu). - Reply by email for non-UTF-8 messages. - Add option to use StartTLS with Reply by email IMAP server.
8.0.023 Sep 2015 08:15 major feature: Continuous integration fully integrated (all tests, deployments, packaging). Completely new look and feel. Turbo Merges. 50 less space used. Reply by Email. Quick open in Gmail. Easily upload files in GitLab. Public user profile and group pages. Notification settings within the project s main page. GitLab 8.0 can be upgraded online. Better HTTP Support. Single Sign On to authenticate with Mattermost beta1. SSL Verification for Web Hooks.
7.5.027 Nov 2014 07:05 major feature: GitLab Community Edition 7.5 brings custom git hooks, various performance improvements, API extensions and better GitLab CI support.
7.2.022 Aug 2014 21:41 major feature: This release adds an "Explore" page, project stars, a Log for Sidekiq arguments. It adds better labels: colors, ability to rename and remove. Improves the way merge request collects diffs, compare page for large diffs. Exposes the full commit message via API. Fixes 500 error on repository rename, bug when MR download patch return invalid diff. Repository import timeout increased from 2 to 4 minutes allowing larger repos to be imported. The API adds support for labels, and the ability to set an import url when creating project for specific user.