GitLab 15.6.1

GitLab is a development collaboration tool and git DVCS frontend. It includes repository management features, code reviews, an issue tracker, activity feeds and wikis. GitLab provides fine-grained access control, user management, 5 permission levels and branch constraints, and can utilize LDAP/AD intranet authorization. Powered by Ruby on Rails it comes as open source package, and as commercial supported enterprise version.

Tags ruby ruby-on-rails git dvcs wiki bugtracker version-control
License MITL
State initial

Recent Releases

15.6.101 Dec 2022 06:45 minor security: (2022-11-30). ### (1 change). Do not save PipelineMetadata if name is blank 15.6 (gitlab-org/security/gitlab@340cd5f74dbe8318105574303d49d6cda54b43bf) ( merge request (gitlab-org/security/gitlab!2947)). ### Security (12 changes). Send resolved_address param to gitaly during repository import (gitlab-org/security/gitlab@5b3540629cb8d113d96d721549be77ef35060c15) ( merge request (gitlab-org/security/gitlab!2938)). Add size validation during nuspec file extraction (gitlab-org/security/gitlab@d7048d0bf20574a5b1c926ac25b8c15504723da3) ( merge request (gitlab-org/security/gitlab!2935)). Cross-site scripting in Jira Integration (gitlab-org/security/gitlab@1419e9d1513d481472b89d36e9e22b7b20c3a5c5) ( merge request (gitlab-org/security/gitlab!2930)). Protect web-hook secret tokens after changing URL (gitlab-org/security/gitlab@d3df2d08f7ec59d2e4ebba64770c6b7309733d9b) ( merge request (gitlab-org/security/gitlab!2920)). HTML content injection in README file (gitlab-org/security/gitlab@c64a283ee09115d1edefb5fcd81a9766658757e4) ( merge request (gitlab-org/security/gitlab!2928)). Redact secret tokens from web-hook logs (gitlab-org/security/gitlab@bca8656f7a04759acec00170f9e3cabbdda45558) ( merge request (gitlab-org/security/gitlab!2916)). Prevent unauthorized users from seeing Release information on tag pages (gitlab-org/security/gitlab@f04b3cf159f40e98ea0d24df0ff168ae91522813) ( merge request (gitlab-org/security/gitlab!2927)). Update after_import to expire cache before removing prohibited branches (gitlab-org/security/gitlab@49de4ce145d00adecf33c19c8413a87e6bb0c904) ( merge request (gitlab-org/security/gitlab!2905)). Deny all package permissions when group access is restricted by IP (gitlab-org/security/gitlab@cca110162915b2cdca64181305bfed2044df2bba) ( merge request (gitlab-org/security/gitlab!2902)). Redact user emails from project webhook data (gitlab-org/security/gitlab@9148dd7f77cab086d696d56907d2cbbc921e0e6d) ( merge request (gitlab-org/securit
15.6.022 Nov 2022 03:17 major feature: (2022-11-21). ### Added (150 changes). Migration to backfill users into elastic index (gitlab-org/gitlab@dac35cd553a663861c205e832b48c7fc1eef80e8) ( merge request (gitlab-org/gitlab!102165)) GitLab Enterprise Edition. Enable Group-level Scan Result Policies feature by default (gitlab-org/gitlab@017af1e644434daa27763ab7f90788330de319c6) ( merge request (gitlab-org/gitlab!104083)) GitLab Enterprise Edition. Create the first dynamic partition for builds metadata (gitlab-org/gitlab@4de09a4b435fafa1595bb3808fe2c49357c278c8) ( merge request (gitlab-org/gitlab!102735)). Allows cascading package forward settings from admin to group (gitlab-org/gitlab@eb2a193b69a9b11adb1024a554705c3f84524cb6) ( merge request (gitlab-org/gitlab!103025)). Add enterprise information to Metadata API (gitlab-org/gitlab@6a9007f3286bf910b26a0a79e3dddca608920b04) ( merge request (gitlab-org/gitlab!103969)). Introduce a limit of 200 assignees to /MRs (gitlab-org/gitlab@511a6ae0568cfd76d6a96d86f88519c6a49db4af) ( merge request (gitlab-org/gitlab!103549)). Add a rake task to sanitize internal note todos (gitlab-org/gitlab@b9cafb101905f7b407fe493dca321b42d4221d69) ( merge request (gitlab-org/gitlab!87908)). Create Telesign services for phone verification (gitlab-org/gitlab@c37978eebc66c887d9a33284cff4c6aa4d3840c1) ( merge request (gitlab-org/gitlab!100494)). Add trend indicators to the Exec dashboard comparative table (gitlab-org/gitlab@71ee6dcc817552f7db456649bd700e38605991aa) ( merge request (gitlab-org/gitlab!103401)). Add database migrations for dependency proxy blobs in SSF (gitlab-org/gitlab@9237ac848c60b9c7daa8d692eeedecfa2a93acfd) (merge request) GitLab Enterprise Edition. Bulk delete packages for package list (gitlab-org/gitlab@e690a6e329bca673c54eda5a3cf01460f9bba22b) ( merge request (gitlab-org/gitlab!103475)). Add global alert for non-owners read-only namespace (gitlab-org/gitlab@aaa6e4a25962847fa5e4757bcbc853e166cdb783) ( merge request (gitlab-org/gitlab!103375))
15.5.412 Nov 2022 07:45 minor feature: (2022-11-11). ### (3 changes). Allow links to be opened from Swagger UI documentations (gitlab-org/gitlab@d0ee1589e00a695764a942e711dfe1be405f011c) ( merge request (gitlab-org/gitlab!103772)). Add Hashie::Array to allowed YAML serialization classes (gitlab-org/gitlab@b450aae9dbc1a0cbe124de8e3643842a11a1ee77) ( merge request (gitlab-org/gitlab!103772)). Revert Sidekiq default routing rules (gitlab-org/gitlab@f1db2eefe1d5039b220d4368dc25dbe5ad9060a1) ( merge request (gitlab-org/gitlab!103643)).
15.5.308 Nov 2022 03:45 minor bugfix: (2022-11-07). ### (1 change). Opensearch compatibility check (gitlab-org/gitlab@c7094017eb6fae71c0b8441a04f6927ed69025ea) ( merge request (gitlab-org/gitlab!103157)) GitLab Enterprise Edition.
15.5.203 Nov 2022 07:05 minor security: (2022-11-02). ### Security (11 changes). Redact confidential references in Jira descriptions (gitlab-org/security/gitlab@b6df9d1e4e0c996655a41831fbfae8f457fe1e6b) ( merge request (gitlab-org/security/gitlab!2870)). Forbid reading emojis on internal notes (gitlab-org/security/gitlab@0015523a32c38c184ffef9067d9952d0ef54e3f2) ( merge request (gitlab-org/security/gitlab!2854)). Same-site redirect vulnerability (gitlab-org/security/gitlab@7fd87a5f0b8317d45171fb565c198cda4e65fa34) ( merge request (gitlab-org/security/gitlab!2878)). BYPASS: Stored-XSS with CSP-bypass via scoped labels' color (gitlab-org/security/gitlab@2f1777b305d632b3256076967a798dab65fe6bf4) ( merge request (gitlab-org/security/gitlab!2860)). Running Upstream Pipelines Jobs Without Permission (gitlab-org/security/gitlab@9b3f469da7c0295eb12120027a45ac04f76cdad5) ( merge request (gitlab-org/security/gitlab!2881)). Add length limit to addressable URLs (gitlab-org/security/gitlab@82ffc5825c9a7761d787c66b8c4a1593b3330c50) ( merge request (gitlab-org/security/gitlab!2856)). Add a redirect wall before artifact redirect to pages (gitlab-org/security/gitlab@41a4480b3302ba8a67e94de5420d41298d258585) ( merge request (gitlab-org/security/gitlab!2875)). Sandbox swagger-ui to prevent injection attacks (gitlab-org/security/gitlab@432913f802a093b67f2e5d46cc51b5f13bb16590) ( merge request (gitlab-org/security/gitlab!2857)). external project permission when using CI prefill variables (gitlab-org/security/gitlab@ec872da0ab949f447aec35d64d1db45b5d25b7fd) ( merge request (gitlab-org/security/gitlab!2853)). Resolve users can view audit events from other members (gitlab-org/security/gitlab@34ffe2e88fa462b055f22d6af84fdb93a62fa575) ( merge request (gitlab-org/security/gitlab!2855)). Path traversal for Secure Files (gitlab-org/security/gitlab@568c36b34a884cc877b6292b340de9da66537bc8) ( merge request (gitlab-org/security/gitlab!2858)).
15.5.128 Oct 2022 03:25 minor bugfix: (2022-10-24). ### (2 changes). Batch records when preloading for indexing (gitlab-org/gitlab@43f0f24d5985ab2d731ab022aa5a498cfee5789b) ( merge request (gitlab-org/gitlab!101927)) GitLab Enterprise Edition. Specify certificates when connecting to KAS using TLS (gitlab-org/gitlab@f445f3f11d93eef56793fc116c7b2f1a4d030701) ( merge request (gitlab-org/gitlab!101927)).
15.5.024 Oct 2022 07:25 major feature: (2022-10-21). ### Added (159 changes). Render labels correctly in content editor (gitlab-org/gitlab@638d82853f69babb1cdab437c5ae5c7befbb0c8d) ( merge request (gitlab-org/gitlab!101027)). Add "use_legacy_web_ide" to "user_preferences" (gitlab-org/gitlab@a5fc40397368786dd6596ae36768967382585f50) ( merge request (gitlab-org/gitlab!98945)). Set default compliance framework during project creation (gitlab-org/gitlab@bdcce8e14ed51e58b03a4b5eea623915d17fafad) ( merge request (gitlab-org/gitlab!100959)) GitLab Enterprise Edition. Expose `created_by` in the Users API (gitlab-org/gitlab@d235f2cead5e0505660612b207a722fb57d6a82a) ( merge request (gitlab-org/gitlab!93092)). Add models for tag and tag links (gitlab-org/gitlab@ae345a3d0df94f98a67354585395fbcd6646305b) (merge request). Adding migration for backfilling namespaces metadata (gitlab-org/gitlab@5ff5b728057411fd3f71b66f8cd1325c4706b771) ( merge request (gitlab-org/gitlab!98513)). Add metrics for projects with applied scan result policies (gitlab-org/gitlab@a078b5a8f37c654bbff240f95bc8636fc1e5861e) ( merge request (gitlab-org/gitlab!99955)) GitLab Enterprise Edition. Moved label and date widgets out of FF (gitlab-org/gitlab@46951293e36801a3ac1609f941427f3ec8df315d) ( merge request (gitlab-org/gitlab!101117)). Add GraphQL field to preview billable user changes (gitlab-org/gitlab@282f335d0b86674d90a6b42329037b9ce09a0819) ( merge request (gitlab-org/gitlab!90195)) GitLab Enterprise Edition. Additional Gitlab::Json method aliases (gitlab-org/gitlab@457279cf874b89cb9ab837810785d1019c38cffb) ( merge request (gitlab-org/gitlab!101286)). Enhance review app modal instructions (gitlab-org/gitlab@1ee8b02d94061b282a3f47d10c9582107a805217) ( merge request (gitlab-org/gitlab!95004)). 18052 Gitlab import: attachments (gitlab-org/gitlab@db828d5c6098e51b0106480cafc4e244bef57144) ( merge request (gitlab-org/gitlab!100510)). Namespace package forward settings in GraphQL (gitlab-org/gitlab@60a6a487ba96311af92884
15.4.320 Oct 2022 06:45 minor bugfix: (2022-10-19). ### (4 changes). Sign in: use custom logo again (gitlab-org/gitlab@5822562c4c3508927e3b217749867736e91316f3) ( merge request (gitlab-org/gitlab!101235)). closing of external (gitlab-org/gitlab@1302f992e3706b698c983961f596fcab03704c3f) ( merge request (gitlab-org/gitlab!101235)). Sign in: use custom logo again (gitlab-org/gitlab@d760473a022ef485be7e258ab5fc406f05a127a4) ( merge request (gitlab-org/gitlab!101235)). REST/GRAPHQL APIs handling TODOs WorkItem target (gitlab-org/gitlab@f4157b08596040bbc504292c4a75fe2100aa570c) ( merge request (gitlab-org/gitlab!100081)).
15.4.205 Oct 2022 10:25 minor bugfix: (2022-10-04). ### (1 change). Ensure that stage name and record are in sync for page deployments (gitlab-org/gitlab@ce58ec2ef959bd35ddbc6992560a163c8fc4f145) ( merge request (gitlab-org/gitlab!100037)).
15.4.130 Sep 2022 07:05 minor security: (2022-09-29). ### Security (15 changes). Redact user's private email in group member event webhook (gitlab-org/security/gitlab@f556c625f37d1be801b54c5a1ff3dd37434d48e4) ( merge request (gitlab-org/security/gitlab!2809)). Redact secrets from WebHookLogs (gitlab-org/security/gitlab@7101edbc7fc27e2d2d23b8f9f84611943b310b71) ( merge request (gitlab-org/security/gitlab!2805)). Forbid creating a tag using default branch name (gitlab-org/security/gitlab@ba3e62fc30f475b9334440409f5bad481b3c5dd6) ( merge request (gitlab-org/security/gitlab!2798)). Sanitize Url and check for valid numerical errorId in error tracking (gitlab-org/security/gitlab@fba573834091aec7bde7856bfddd080cc74fb3ae) ( merge request (gitlab-org/security/gitlab!2819)). Add security protection for Github (gitlab-org/security/gitlab@6265bdb12496d34f30d9ae6889288c6857fd4fd0) ( merge request (gitlab-org/security/gitlab!2803)). leaking emails in WebHookLogs (gitlab-org/security/gitlab@7580a2d62cd421b5176a3ce7f23c7d192e69989e) ( merge request (gitlab-org/security/gitlab!2806)). Restrict max duration to 1 year for trace display (gitlab-org/security/gitlab@e1162719cc9e62692c911c992175d6ef3b5f996f) ( merge request (gitlab-org/security/gitlab!2817)). Use UntrustedRegexp for upload rewriter (gitlab-org/security/gitlab@fde2bb115242a9af3678e5c8547c7c9ccd2b0c1e) ( merge request (gitlab-org/security/gitlab!2790)). Validate httpUrlToRepo to be http or https only (gitlab-org/security/gitlab@d56ebc1a207618ec846e6ee2c842d3a5019444b7) ( merge request (gitlab-org/security/gitlab!2811)). Respect instance level rule for editing approval rules (gitlab-org/security/gitlab@dc5dd5be3f3f681ca499d3a59eb469bd12dad51b) ( merge request (gitlab-org/security/gitlab!2796)). Prevent users creating in ay project via board/controller (gitlab-org/security/gitlab@e0b09653ff468b65a73155a2e28077a0e94dc7e8) ( merge request (gitlab-org/security/gitlab!2781)). Prevent serialization of sensible attributes from JsonCache (gitlab
15.4.022 Sep 2022 03:17 major feature: (2022-09-21). ### Added (162 changes). Add git tags from last deployment to environment detail page (gitlab-org/gitlab@dd9fbfc75790666b2ff3aff0dc45d2ddfc1695ae) ( merge request (gitlab-org/gitlab!96060)). Background worker for suggested reviewers (gitlab-org/gitlab@38048811859fa714a5f2dcb79e38877f99b3460f) ( merge request (gitlab-org/gitlab!97622)). Maven request forwarding (gitlab-org/gitlab@80c6b14a94c96eb9772786b669249512ae6bfb86) ( merge request (gitlab-org/gitlab!85299)). Add edited by information to GraphQL WorkItem type (gitlab-org/gitlab@4be6e1c75b511c2e4173517b0e57b1f9c534b8ba) ( merge request (gitlab-org/gitlab!97328)). RPM initial upload and package creation (gitlab-org/gitlab@b1f7bf75fe40ab26d1ffa50d20b07ae426b30b9f) ( merge request (gitlab-org/gitlab!96940)). Add codeOwnerReviewRequired to EE (gitlab-org/gitlab@8bd7af46e98e2ee3b4680e01e6817cc968a7c865) ( merge request (gitlab-org/gitlab!96693)) GitLab Enterprise Edition. Added REST APIs to fetch latest release and download release assets (gitlab-org/gitlab@09faee593310ed2c5965788cb1efbebfbd7690f8) by @zillemarco ( merge request (gitlab-org/gitlab!92607)). Add iterations cadences to Gitlab Migration (gitlab-org/gitlab@9aa3c847a7a838f887c1ccdd8af0aedbfb322052) ( merge request (gitlab-org/gitlab!96570)) GitLab Enterprise Edition. Expose user and group for branch protection access levels in EE (gitlab-org/gitlab@5a96b284a5985a1192f3a63856d07640e704e3b9) ( merge request (gitlab-org/gitlab!96301)) GitLab Enterprise Edition. Add cluster_agent_id and image to GraphQL vulnerabilitySeveritiesCount (gitlab-org/gitlab@1e8223d08bd2103a99e10b5e8a93888ae9fa0616) ( merge request (gitlab-org/gitlab!98168)) GitLab Enterprise Edition. Add unique index to ci_builds_metadata (gitlab-org/gitlab@f84cbd4a20b86d596d405afb9b9d099996aa425b) ( merge request (gitlab-org/gitlab!97924)). Add job field to ProjectType (gitlab-org/gitlab@442fc9f599032672cea48385377a29962a03ac1e) ( merge request (gitlab-org/git
15.3.304 Sep 2022 03:17 minor bugfix: (2022-09-01). ### (5 changes). Skip file removal if GitLab managed replication is disabled (gitlab-org/gitlab@dbec61270621df70775c98946d09deca913bd187) ( merge request (gitlab-org/gitlab!96556)) GitLab Enterprise Edition. Geo: redirects of LFS transfer downloads (gitlab-org/gitlab@98092958c879d1dc9dda0ba2953ba548aa0b93c0) ( merge request (gitlab-org/gitlab!96654)) GitLab Enterprise Edition. Improve blame link feature (gitlab-org/gitlab@163cadb49f96951a0f747d61a8cd1cb92b7d4296) ( merge request (gitlab-org/gitlab!96654)). Bypass earliest date validation in importing of iteration cadences (gitlab-org/gitlab@66f56eb2551a302d80ca0891ff0bddec1c84f025) ( merge request (gitlab-org/gitlab!96654)) GitLab Enterprise Edition. user recent activity links for work item actions (gitlab-org/gitlab@9d9368545847cf558fad26a64b216a00b2db36b4) ( merge request (gitlab-org/gitlab!96654)).
15.3.231 Aug 2022 08:45 minor security: (2022-08-30). ### Security (17 changes). No overriding methods for Sawyer class (gitlab-org/security/gitlab@397aa9e269676f4ab3dfba4c3ba8fef131b5b4bd) ( merge request (gitlab-org/security/gitlab!2754)). Update Oj to v3.13.21 (gitlab-org/security/gitlab@15f86c00b579ad1b4aeedd395f9239e8229c6f8b) ( merge request (gitlab-org/security/gitlab!2730)). Prevent long loops when generating suggested branch name (gitlab-org/security/gitlab@1479c9e2a0444794ea274b07e0f59e8a50ced6ee) ( merge request (gitlab-org/security/gitlab!2743)). IDOR in Zentao integration show page (gitlab-org/security/gitlab@92fdf89045bf294d4ee0338ba3f26c91094a073e) ( merge request (gitlab-org/security/gitlab!2740)). Patch VULNDB-255039 (potential Rack cache poisoning) (gitlab-org/security/gitlab@383c926cc8aa4e2c4273556a181e1ddc1b71049f) ( merge request (gitlab-org/security/gitlab!2697)). HTML escape the label background color (gitlab-org/security/gitlab@1e43656560fbc13907af72d5d4f696df95d7f49c) ( merge request (gitlab-org/security/gitlab!2719)). Sandbox jupyter notebook HTML output (gitlab-org/security/gitlab@3ade5f2fadbb0c15d9e5a14306d0a79136a8f23e) ( merge request (gitlab-org/security/gitlab!2710)). unauthorized GFM references in Incident Timeline (gitlab-org/security/gitlab@2e18b59472b5a43921d39433e60038b0f254d123) ( merge request (gitlab-org/security/gitlab!2707)). Optimize handling repositories with huge trees (gitlab-org/security/gitlab@4bfaca71c8d8f663242138049cf5639e69326bbb) ( merge request (gitlab-org/security/gitlab!2706)). Parse commit trailers without using regexp (gitlab-org/security/gitlab@c15b2cd9b5e572a9bbc7c0c5cb7c9511f1a04ead) ( merge request (gitlab-org/security/gitlab!2699)). Check for pathological markdown input (gitlab-org/security/gitlab@2fd5e1133e1acd82cdb524f059b554976cd68f51) ( merge request (gitlab-org/security/gitlab!2733)). Replaced smooshpack to the vulnerability in LivePreview (gitlab-org/security/gitlab@114637f8f0d9add00914ac3e4562419b0f1b4f63) ( m
15.3.124 Aug 2022 11:05 minor security: (2022-08-22). ### Security (1 change). Validate if values to be saved in Redis can be converted to string (gitlab-org/security/gitlab@e8a4aeff901363923a5ddff3f7c6b654abf2b125) ( merge request (gitlab-org/security/gitlab!2723)).
15.3.020 Aug 2022 03:17 major feature: (2022-08-19). ### Added (147 changes). Added delete release audit event (gitlab-org/gitlab@0a3e82f0501632068061aba81b3c970be461c42a) by @patnaikshekhar ( merge request (gitlab-org/gitlab!94793)). Adds data models for ML Experiment Tracking (gitlab-org/gitlab@aaf6b690c6225c5b7a439d00abadf513b14a2ab3) ( merge request (gitlab-org/gitlab!95168)). Allow access to project-level packages API with CI job token (gitlab-org/gitlab@85fd642c62443953e03d16e38fed8bf15bc29021) by @nejc ( merge request (gitlab-org/gitlab!91437)). Add tooltip on task item confidential badge (gitlab-org/gitlab@e54d32170d72d0d2e33cac06264a18cb7fd53150) ( merge request (gitlab-org/gitlab!95552)). Add recent events to group hooks (gitlab-org/gitlab@a6a9334080759e705810d894158ac5abc365d2d8) ( merge request (gitlab-org/gitlab!94145)) GitLab Enterprise Edition. Add parent_full_path to GraphQL WorkItemType (gitlab-org/gitlab@55e07a3c42593e64a17cf806ddf05a1df4aece62) ( merge request (gitlab-org/gitlab!95224)). Enable job log search (gitlab-org/gitlab@83b278d492b44a138dd74b04133c83663046b86d) ( merge request (gitlab-org/gitlab!95519)). Update task item status icon add tooltip support (gitlab-org/gitlab@40d2c373f3388cb5b4c3a4f234011f4b0e96d250) ( merge request (gitlab-org/gitlab!95345)). Expose work item timestamps in GraphQL (gitlab-org/gitlab@81b1402e47caacea887598e55c79c35c10e152d4) ( merge request (gitlab-org/gitlab!95507)). Add sorting/filtering/paging to CRM contacts (gitlab-org/gitlab@bec4924983f4fb90b7a8fadc1cceee0c0db74e9a) by @leet ( merge request (gitlab-org/gitlab!95408)). Make fork targets searchable (gitlab-org/gitlab@494620b3a8f315e9e1fa167eae83362733cdfaef) ( merge request (gitlab-org/gitlab!95479)). Add MR Approvals to Project Import/Export (gitlab-org/gitlab@799bd79995c3dffaa0a089b388198b9c10e806d0) ( merge request (gitlab-org/gitlab!94858)). Add alpha detailed_mergeability_status attribute to graphql (gitlab-org/gitlab@ae33513b4b6c6a80d7e4129a14b53c8a9e237042)
15.2.202 Aug 2022 06:45 minor bugfix: (2022-08-01). ### (6 changes). Upgrade Oj to v3.13.19 to a seg fault (gitlab-org/gitlab@758dff584369303f4176a96ac130954724a0e9f5) ( merge request (gitlab-org/gitlab!93652)). Gracefully handle nil created_at values in CI pipelines (gitlab-org/gitlab@492a3dcf6c37f8968282a93cf485f2358ecd7943) ( merge request (gitlab-org/gitlab!93652)). CI artifact sizes not logged for some runner endpoints (gitlab-org/gitlab@97ca5e38b1917239bb62cbd338eb689a0ff15fbb) ( merge request (gitlab-org/gitlab!93652)). RescheduleBackfillImportedearchData migration (gitlab-org/gitlab@015e908479a44276833e5bb40d6bd613c394f460) ( merge request (gitlab-org/gitlab!93652)). Upgrade oj to v3.3.18 to illegal instruction errors (gitlab-org/gitlab@5caf005e1315f7acd145bcbb6d5ced5281a10e56) ( merge request (gitlab-org/gitlab!93652)). Use `CREATE OR REPLACE FUNCTION` to define vulnerability reads triggers (gitlab-org/gitlab@dbfa0d51a1851e940ad243f720cbfe1e25c76111) ( merge request (gitlab-org/gitlab!93652)). ### Changed (1 change). ES client for nil password (gitlab-org/gitlab@9bd4fa109c06959f5e9b4668c85327e3503bf55a) ( merge request (gitlab-org/gitlab!93652)) GitLab Enterprise Edition.
15.2.129 Jul 2022 07:05 minor security: (2022-07-28). ### Security (18 changes). Security datadog integration leaking (gitlab-org/security/gitlab@49ec4f1a982ba1798461fad8a0f053b21c8ce8bf) ( merge request (gitlab-org/security/gitlab!2643)). Prevent users who cannot admin a public project from viewing deploy keys (gitlab-org/security/gitlab@1ff5d27ad0574fd5304114ddcc2f0e312d6bd29c) ( merge request (gitlab-org/security/gitlab!2640)). Add additional condition to accept invitation (gitlab-org/security/gitlab@90ad2f07ff08c1da02600af0c2cfe3fdd20a6856) ( merge request (gitlab-org/security/gitlab!2656)). Update GITLAB_PAGES_VERSION (gitlab-org/security/gitlab@bf54d6fa66c4981d75410591e8370c721f2f68e5) ( merge request (gitlab-org/security/gitlab!2615)). Add html_escape to build_details_entity (gitlab-org/security/gitlab@9cfafde666f0f33fb110d585652ea0db4afee340) ( merge request (gitlab-org/security/gitlab!2636)). Check permissions when filtering by contact or organization (gitlab-org/security/gitlab@bf32322d55bf148901b45aa4ae3a7daecdd4ed24) ( merge request (gitlab-org/security/gitlab!2644)). Use author to run subscribed pipeline (gitlab-org/security/gitlab@36addfe325af0780cff649ad43a9cd18d22367e3) ( merge request (gitlab-org/security/gitlab!2616)). Remove prohibited branches after project import (gitlab-org/security/gitlab@96f8f0a30b8bce1c51c3e39808baf74ba6504b33) ( merge request (gitlab-org/security/gitlab!2590)). Remove feature flag `ci_yaml_limit_size` (gitlab-org/security/gitlab@fe4b00b9ce8db49b12a7c59c9a8bd2260cbd8f53) ( merge request (gitlab-org/security/gitlab!2602)). Maintainer can change the visibility of Project and Group (gitlab-org/security/gitlab@91d953642a41305c2a8907ac252af370a837c5ab) ( merge request (gitlab-org/security/gitlab!2619)). Do not link unverified secondary emails with any users (gitlab-org/security/gitlab@84e5ba9eb2c7bbc97d6527333bb8142cbe481304) ( merge request (gitlab-org/security/gitlab!2651)). Forbid exchanging access token for ROP flow to users required 2FA
15.2.024 Jul 2022 03:17 major feature: (2022-07-21). ### Added (171 changes). Add user id to profile page (gitlab-org/gitlab@b91b90f623b1f1b71f3348bd624c518fddd262ae) by @TrueKalix ( merge request (gitlab-org/gitlab!92212)). API Get endpoint for latest TF module version (gitlab-org/gitlab@ba125b4692d966ae7c8d04a19f1b367238127731) by @renehernandez ( merge request (gitlab-org/gitlab!92450)). Adds package cleanup policy project settings (gitlab-org/gitlab@4c9ffd9067248b5eba1d0a2b043804c815ba166b) ( merge request (gitlab-org/gitlab!90783)) GitLab Enterprise Edition. Display users that have been banned in a namespace (gitlab-org/gitlab@855aae5300cb939bf490088a3a2518566c21edd3) ( merge request (gitlab-org/gitlab!91465)) GitLab Enterprise Edition. Introduce :gitlab_geo schema for Geo tracking DB (gitlab-org/gitlab@b5525d97a7308d32ac64892549d2e79a4f1a0ea8) ( merge request (gitlab-org/gitlab!85842)) GitLab Enterprise Edition. Add request-URL to vulnerability details (gitlab-org/gitlab@ba2648db8318cdcad4f6db15921469fc238f676c) ( merge request (gitlab-org/gitlab!91342)) GitLab Enterprise Edition. Add link to change failure rate chart from tile (gitlab-org/gitlab@39e800f40efbcc30b726d97ec6ac85828316eb3e) ( merge request (gitlab-org/gitlab!92529)). Add watchdog to observe memory fragmentation (gitlab-org/gitlab@e4d58c89189909dc1eb042bba77d3767056f4699) ( merge request (gitlab-org/gitlab!91910)). Add background jobs for cleanup policies for packages (gitlab-org/gitlab@ba99ba6a2902ae33fd9ef8302bb892e204314b17) ( merge request (gitlab-org/gitlab!89055)). Adds sidekiq_jobs_interrupted counter (gitlab-org/gitlab@e2c9d2ed52054e737b54095e8b20bb90106f1238) ( merge request (gitlab-org/gitlab!92560)). Add timeline feature to incidents (gitlab-org/gitlab@bd4714317073b74b4e831eb69440cb4be562f826) ( merge request (gitlab-org/gitlab!92345)). Respect parent namespace for gitlab migration (gitlab-org/gitlab@ae56020be41e092c355b07af7f5351cce3904397) ( merge request (gitlab-org/gitlab!90899)). Allow user
15.1.320 Jul 2022 03:17 minor feature: (2022-07-19). ### Added (1 change). Add praefect list virtual storages subcommand documentation (gitlab-org/gitlab@95689c32e2734831c00ef30de303098485ec095a) ( merge request (gitlab-org/gitlab!92708)). ### (1 change). group access dropdown failure if no subgroups are available (gitlab-org/gitlab@518a2f55caddab0c18d0548d0a8f777afe5ae666) ( merge request (gitlab-org/gitlab!92708)) GitLab Enterprise Edition.
15.1.206 Jul 2022 03:17 minor feature: (2022-07-05). ### (3 changes). Resolve "White screen of death on creating new project" (gitlab-org/gitlab@b737280d402aa88f723ada9885ccca22fa4457b5) ( merge request (gitlab-org/gitlab!91668)). agent token modal (gitlab-org/gitlab@6fdffc4a534f67953a1555a0e4e35e4bd2bcb960) ( merge request (gitlab-org/gitlab!91668)). Resolve "Gitlab doesn't detect the deployment pods after K8s cluster upgrade to v1.22" (gitlab-org/gitlab@5eb84d7d96189f7119aa325e83a3723942cc14ba) ( merge request (gitlab-org/gitlab!91668)). ### Changed (2 changes). Update gitaly_cgroups metric name in docs (gitlab-org/gitlab@1af956596f052446f7ee2d42635b891670ddccd4) ( merge request (gitlab-org/gitlab!91668)). Refactor add populate commit permission migration (gitlab-org/gitlab@bc80cc41c2b90b8e459055c5ec1885941798f3c2) ( merge request (gitlab-org/gitlab!91668)) GitLab Enterprise Edition. ### Removed (1 change). Geo Sites Form - Remove Beta Badge (gitlab-org/gitlab@2feffa8e272aa8d9e608ad3e510a93fda93b7fcb) ( merge request (gitlab-org/gitlab!91668)) GitLab Enterprise Edition.
15.1.101 Jul 2022 03:17 minor security: (2022-06-30). ### Security (16 changes). group IP restrictions not enforced for container registry requests (gitlab-org/security/gitlab@0c9628791bf383734ec8f32e1d0040ca2fd62178) ( merge request (gitlab-org/security/gitlab!2550)). Gitlab Runner version upgrade (gitlab-org/security/gitlab@b7e06c1e812fdf0a2fab4aca07cdea33ff22b41c) ( merge request (gitlab-org/security/gitlab!2564)). Update ProjectAttributesTransformer to use number of attributes (gitlab-org/security/gitlab@fae2720ffd7ec5ce3eb88e3b68b2879f4f664cf4) ( merge request (gitlab-org/security/gitlab!2547)). Escape deploy key title to prevent XSS (gitlab-org/security/gitlab@071c3fa4ae63d03117a3c02752711d29f6f620b1) ( merge request (gitlab-org/security/gitlab!2492)). Sanitize ZenTao breadcrumb links (gitlab-org/security/gitlab@5b16b65cfe57a946f25842b7818dafe6c8a934ea) ( merge request (gitlab-org/security/gitlab!2555)). permissions in the project labels API (gitlab-org/security/gitlab@b3ff7ee5a64382ff9ee34bc3fc44acd0117f86d9) ( merge request (gitlab-org/security/gitlab!2532)). Security sentry leaks and access level check (gitlab-org/security/gitlab@a0ad79588f170e1c58206e42d8b550d75e874a4d) ( merge request (gitlab-org/security/gitlab!2531)). Check permissions before exposing user two factor enabled (gitlab-org/security/gitlab@3b7c699ffcca64721c0876da12435c148f8e83a7) ( merge request (gitlab-org/security/gitlab!2530)). Filter milestone release by user access (gitlab-org/security/gitlab@dc79edc16c7422279235d2ad8a4807644840fc4c) ( merge request (gitlab-org/security/gitlab!2535)). the required access level in the Conan packages finder (gitlab-org/security/gitlab@5221ca59f09361f90798348851fa12c91e5d9e35) ( merge request (gitlab-org/security/gitlab!2513)). Allow inviting only groups with subset of allowed domains to groups (gitlab-org/security/gitlab@03dfb153355d0465ea25a6d73db895c975fc32df) ( merge request (gitlab-org/security/gitlab!2538)). open redirect vulnerability (gitlab-org/security/gitl
15.1.022 Jun 2022 09:25 major feature: (2022-06-21). ### Added (147 changes). Add GraphQL API to create resource links (gitlab-org/gitlab@cf6881e6d281ec62f6bc742794b81dd1dbbd3daa) (merge request) GitLab Enterprise Edition. Add support for collecting jemalloc stats (gitlab-org/gitlab@0b76148a078903dda4e6698ff6c20fc287887ec7) ( merge request (gitlab-org/gitlab!89303)). Add audit event for disabling 2FA (gitlab-org/gitlab@93f3ca0a2c3535b8eb3b4176f877abc99b75c78e) ( merge request (gitlab-org/gitlab!89598)) GitLab Enterprise Edition. Add auditEventsStreamingHeadersDestroy Mutation (gitlab-org/gitlab@50e59b0fe7bd4864fdc5735d1876041e0c7b9aeb) ( merge request (gitlab-org/gitlab!88408)) GitLab Enterprise Edition. Add backend changes to sort by at (gitlab-org/gitlab@f77350c785ae225fefecce7e983ab37b9ff58340) by @zillemarco ( merge request (gitlab-org/gitlab!89606)). Display invalid approvals on merge request widget (gitlab-org/gitlab@8aa64755f7ec14b7a704db4d925c27ba7578a68a) ( merge request (gitlab-org/gitlab!88941)). Add ownerProject field to RunnerType (gitlab-org/gitlab@72ec72a0b0ad63f64c441e47d1f214e5a8c16b52) ( merge request (gitlab-org/gitlab!89922)). Mutation to delete multiple package files (gitlab-org/gitlab@9fe8deddb8ba788fee886b36e5ec61df600a5109) ( merge request (gitlab-org/gitlab!89927)). GraphQL: Add lazy load for blocking epics count (gitlab-org/gitlab@888c4b2dc6b69c73c9ecf9645f21a774f552e86e) ( merge request (gitlab-org/gitlab!89632)) GitLab Enterprise Edition. Add git protocol configuration to groups (gitlab-org/gitlab@0938dfe435e42d08c1df0f930bd1f6042d68aad9) ( merge request (gitlab-org/gitlab!89817)). Prevent users from using known insecure public key (gitlab-org/gitlab@8a0678ef91684ede86b850a4f30c8eebbcc0d244) ( merge request (gitlab-org/gitlab!90369)). Preview plantuml/kroki diagrams in content editor (gitlab-org/gitlab@fc0aab15f39aff7fb604c06ce218e22926e8423b) ( merge request (gitlab-org/gitlab!86701)). Add scan_execution_policies endpoint to the Kubernetes interna
15.0.317 Jun 2022 03:17 minor feature: (2022-06-16). ### (2 changes). Disconnect alternates when unlinking from a repository pool (gitlab-org/gitlab@a6f4b701af0d5850a10d77feeb4842b1fe017047) ( merge request (gitlab-org/gitlab!90269)). Add GitLab agent image tag to install command (gitlab-org/gitlab@09decb04e391f095139412ed623164cab8023a7c) ( merge request (gitlab-org/gitlab!90269)).
15.0.207 Jun 2022 03:25 minor bugfix: (2022-06-06). ### Added (1 change). Add event type in audit event streaming (gitlab-org/gitlab@55ba03fc8342a608e774db01ecadfa0441ea7f76) ( merge request (gitlab-org/gitlab!89266)) GitLab Enterprise Edition. ### (10 changes). Advanced Search Opensearch detection (gitlab-org/gitlab@38b58801fed210cef048daf30b4d52542fefb1cf) ( merge request (gitlab-org/gitlab!89266)) GitLab Enterprise Edition. on list page (gitlab-org/gitlab@d02cc074f6c3aa0da972d6a368aca423fe50f437) ( merge request (gitlab-org/gitlab!89266)). Include inherited owners when calculating User#solo_owned_groups (gitlab-org/gitlab@d38405007bb4b36441bdb4f15acc5d0093c63115) ( merge request (gitlab-org/gitlab!89266)). description list item styling (gitlab-org/gitlab@e1077027f1a2616026e7297ae5742a8ddc09d794) ( merge request (gitlab-org/gitlab!89266)). focus for linked input field IDE cursor (gitlab-org/gitlab@3249749eec2dddde761532d2d899e45c39db815c) ( merge request (gitlab-org/gitlab!89266)). docs: DS_DEFAULT_ANALYZERS variable docs (gitlab-org/gitlab@b5aad346a987a6135e05a0fb6b21b5928101fd7f) ( merge request (gitlab-org/gitlab!89266)). Remove existing repository backups when creating a full backup (gitlab-org/gitlab@d12ab4c65b7a99b94220716e9a0f60fe74296010) ( merge request (gitlab-org/gitlab!89266)). Move LFK scheduling out from EE check (gitlab-org/gitlab@43f352382e3dbeb445732e4d8752c161e3e26088) ( merge request (gitlab-org/gitlab!89266)). drag and drop list item (gitlab-org/gitlab@75957edfd741f0e96645871d73e09a87938b0012) ( merge request (gitlab-org/gitlab!89266)). Hide internal note checkbox on unsupported issuable types (gitlab-org/gitlab@4eaed3e11797c8f1e0c6a710b3a411fe9c38090d) ( merge request (gitlab-org/gitlab!89266)) GitLab Enterprise Edition. ### Changed (1 change). Update auto-deploy-image to v2.28.2 (gitlab-org/gitlab@881ef5713a6a16f6ed5e77cf91f9a82dff788b02) ( merge request (gitlab-org/gitlab!89266)).
15.0.102 Jun 2022 06:05 minor security: (2022-06-01). ### Security (8 changes). IP restrictions not applying to deploy tokens (gitlab-org/security/gitlab@3af76bc31e2d141e2262d65eb08fcab7f34844bf) ( merge request (gitlab-org/security/gitlab!2474)). Trigger token should respect group IP restrictions (gitlab-org/security/gitlab@f9ba81383a97b014be3085524def6f01120d9e3e) ( merge request (gitlab-org/security/gitlab!2476)). content injection in Jira title (gitlab-org/security/gitlab@d0c449079ce8d680f3390e21ed08aced1bfaf17b) ( merge request (gitlab-org/security/gitlab!2463)). Escape contact details correctly in quick actions (gitlab-org/security/gitlab@cbafec91630b1309354784040c572ba1f844f794) ( merge request (gitlab-org/security/gitlab!2459)). Subgroup member can list members of parent group (gitlab-org/security/gitlab@93583b7fe97f59f746f719742230eadbfbdf5ce3) ( merge request (gitlab-org/security/gitlab!2479)). Do not allow project member import when membership is locked (gitlab-org/security/gitlab@b6ca02c9bac46ebcc822bbeee9e75aaf184d9996) ( merge request (gitlab-org/security/gitlab!2457)). Disable changing user attributes when updating SCIM provisioned user (gitlab-org/security/gitlab@660a0021e3df45893c1f4317d3aa86dd276c6071) ( merge request (gitlab-org/security/gitlab!2453)). Allow only job owner to run interactive terminal (gitlab-org/security/gitlab@917c3e4e314b02da33d8b9aea07179bc74833053) ( merge request (gitlab-org/security/gitlab!2451)).
15.0.021 May 2022 04:05 major feature: (2022-05-20). ### Added (147 changes). Self-managed SAML Group Links and Membership Updater (gitlab-org/gitlab@1e0f58b879ef31887b9a74185313b17b56609087) ( merge request (gitlab-org/gitlab!85209)) GitLab Enterprise Edition. Show error message in pipeline alert (gitlab-org/gitlab@6252f29ff3fa438282065fec8435b5c517cb3cf3) ( merge request (gitlab-org/gitlab!87478)). Upgrade GitLab Pages to 1.58.0 (gitlab-org/gitlab@cd321ca67463512b29437f527216438a439a1391) ( merge request (gitlab-org/gitlab!87780)). Drag and drop list items on page (gitlab-org/gitlab@4eedecb70ba9d3aba5e2f88611cf81b315e69a92) ( merge request (gitlab-org/gitlab!85936)). Default enable automated_email_provision feature flag (gitlab-org/gitlab@7674378f2dd15ad6ecadb96eb810062ffe1de5ce) ( merge request (gitlab-org/gitlab!87099)) GitLab Enterprise Edition. Bump Gitlab Shell version to 14.3.0 (gitlab-org/gitlab@2a835d002d918cc143a39e41d81a7ab30f9b5f50) ( merge request (gitlab-org/gitlab!87762)). Add documentation for inactive project deletion feature (gitlab-org/gitlab@025a9389d1d1a0b25e0685f4f6f6ac7d22c3f4b2) ( merge request (gitlab-org/gitlab!86907)). Enable confidential_notes FF by default (gitlab-org/gitlab@44fe4216bd63cdba718fb5344f07fb0c256a7f6e) ( merge request (gitlab-org/gitlab!87383)). Add slack_app_signing_secret to settings (gitlab-org/gitlab@62629f80fd850b9ef0bdf54cd1f58387d81b288c) ( merge request (gitlab-org/gitlab!86623)). Add a 409 error page (gitlab-org/gitlab@ce8aa56314eca5016935cad1d5fabe6a6191c5e9) ( merge request (gitlab-org/gitlab!87134)). Store pipeline creation rate limit into application settings (gitlab-org/gitlab@b611e17cf016dcb7994d835d4ed9f59a52e1cd22) ( merge request (gitlab-org/gitlab!86466)). Add REPOSITORIES_STORAGES option to backups (gitlab-org/gitlab@721440b63d74ecc6506715368a4b544d1dbb6ce5) ( merge request (gitlab-org/gitlab!86896)). Add option to disable seperated caches (gitlab-org/gitlab@daccb0b39344257a235c2eca0879fb5c37e0a1af) by @Taucher20
14.10.207 May 2022 07:05 minor feature: (2022-05-04). ### (2 changes). Resolve "Fork relationship is not respected for certain projects" (gitlab-org/gitlab@881099bc27d9696ea3b9bcc2a1e43c3207ee4bb3) ( merge request (gitlab-org/gitlab!86476)). mappings errors for ES6.8 (gitlab-org/gitlab@5caac54a746a331d828d4e3ce24273cd6173c86f) ( merge request (gitlab-org/gitlab!86476)) GitLab Enterprise Edition. ### Other (1 change). Add documentation for mr settings audit events part 1 (gitlab-org/gitlab@95bfdae5a677de5ac9d0d5ceccd42e88ca4f99c4) ( merge request (gitlab-org/gitlab!86476)).
14.10.103 May 2022 06:25 minor security: (2022-04-29). ### Security (14 changes). Add sufto cache name to add isolation (gitlab-org/security/gitlab@9ff0233c191339f4dd042b7f55d1ffd66b3f9a2b) ( merge request (gitlab-org/security/gitlab!2426)). Update Import/Export merge/push access levels exclude ci config path (gitlab-org/security/gitlab@40f32316dad5bb0779907261215b3526ed8871fc) ( merge request (gitlab-org/security/gitlab!2404)). Prevent maintainers from editing PipelineSchedule (gitlab-org/security/gitlab@2ce3805447b4b3b7336d46d1d21dcd9e173c40be) ( merge request (gitlab-org/security/gitlab!2421)). Add validation to pypi file sha256 values (gitlab-org/security/gitlab@afc796f43df09a2e43f40beaffec942a80ad973d) ( merge request (gitlab-org/security/gitlab!2415)). Conan Token uses PAT rather than ID in payload (gitlab-org/security/gitlab@2679b802ac4cd9bd36190bcca691177c5568a981) ( merge request (gitlab-org/security/gitlab!2412)). security markdown API disclosing titles of limited projects (gitlab-org/security/gitlab@66088697787bcd55a727602da4f7fdd51b997eb0) ( merge request (gitlab-org/security/gitlab!2407)). Verify that mentioned user can read TODO's note (gitlab-org/security/gitlab@fd166c1b4cc01e2bbbecabbab706deb423fa17f6) ( merge request (gitlab-org/security/gitlab!2397)). Invalidate markdown cache to clear up stored XSS (gitlab-org/security/gitlab@0a0aee802c8b7760ffb0213e67129863d1769313) ( merge request (gitlab-org/security/gitlab!2418)). Allow rate limiting of deploy tokens (gitlab-org/security/gitlab@8de550917a4b86a3ca3e132465d7d2c8394c4493) ( merge request (gitlab-org/security/gitlab!2395)). Disable wiki access with CI_JOB_TOKEN when improper access level (gitlab-org/security/gitlab@516dbcd83cb2bbda6b15e22f4fafdaed661f4eb1) ( merge request (gitlab-org/security/gitlab!2408)). Sanitize error input to prevent HTML/CSS injection in messages (gitlab-org/security/gitlab@c3f62e0f2965fe871463ed7a8b6e438cd2e1f515) ( merge request (gitlab-org/security/gitlab!2379)). Secure detrace arti
14.10.022 Apr 2022 06:45 major feature: (2022-04-21). ### Added (141 changes). Add a dropdown to switch language in code blocks (gitlab-org/gitlab@3b72b32536c5fc66e32af33ead8d6609f96df2fe) ( merge request (gitlab-org/gitlab!69131)). Wraps Jupyter Notebook Diff in a feature flag (gitlab-org/gitlab@bd75c1583e1c6b994bcbfc90a1a7921485c22fd4) ( merge request (gitlab-org/gitlab!85079)). Track related epics blocked added on usage data (gitlab-org/gitlab@37be6bcfe05d1af1443008d8c3abc6ee52f51a21) ( merge request (gitlab-org/gitlab!84503)) GitLab Enterprise Edition. Optimize followed users queries (gitlab-org/gitlab@a93a42b8aeaed4d3099b49bc18a07b11814fd704) ( merge request (gitlab-org/gitlab!84856)). Enable feature flag by default (gitlab-org/gitlab@a901c405c63b255dc6f1a159a6b9b594719f0e7c) ( merge request (gitlab-org/gitlab!85270)). Enable policy type selection page by default (gitlab-org/gitlab@a99a9df36c335d727478fc0ddb6543876188bfc5) ( merge request (gitlab-org/gitlab!83600)) GitLab Enterprise Edition. Add DS_IMAGE_SUFto enable Gemnasium FIPS (gitlab-org/gitlab@aaa62e9d83b68ce23269e9b46d091e6802035faa) ( merge request (gitlab-org/gitlab!85106)). feat: Add SAST/SD template support for FIPS images (gitlab-org/gitlab@8b1989350dd0bf096b175244aca2a6c45c5ec16f) ( merge request (gitlab-org/gitlab!84839)). Enable FF ci_trigger_forward_variables (gitlab-org/gitlab@850c9c3945cef068c43f103443778d83550d7d60) ( merge request (gitlab-org/gitlab!85263)). Add gitlab-pages http server timeout options documentation (gitlab-org/gitlab@3169be7dff244c5e7388e341be8e6936fae4024e) ( merge request (gitlab-org/gitlab!84944)). Namespace onboarding action for license scanning (gitlab-org/gitlab@59d45d87d2a4abb372895e8b9209546054b5de1d) ( merge request (gitlab-org/gitlab!77782)) GitLab Enterprise Edition. Enable feature flag by default (gitlab-org/gitlab@cd0cf705715563d5dc7e9a3b37e63f24200d10e5) ( merge request (gitlab-org/gitlab!82679)) GitLab Enterprise Edition. Default to the current group when importing fro
14.9.313 Apr 2022 10:05 minor bugfix: (2022-04-12). ### (4 changes). Revert Protected Environment group access inheritence (gitlab-org/gitlab@488fd8f3f6770eebae10c815398534ff41d57546) ( merge request (gitlab-org/gitlab!84664)). URL blocker when object storage enabled but type is disabled (gitlab-org/gitlab@d0da89768774de9cf635af530ed7386e65f92d40) ( merge request (gitlab-org/gitlab!84664)). Remove pending builds from the queue on conflict (gitlab-org/gitlab@8c88898dfd1619cc635ce5b98e30eebd91da497f) ( merge request (gitlab-org/gitlab!84664)). null argument handling in background migration Rake task (gitlab-org/gitlab@23e1eb3272828b3546e18efdfaea5a8077cb20f4) ( merge request (gitlab-org/gitlab!84664)).
14.9.201 Apr 2022 03:16 minor security: (2022-03-31). ### Security (20 changes). Quarantine UsageDataNonSqlMetrics failing test (gitlab-org/security/gitlab@123fc00ff9f407284ce05007ddc373e1bd0aeede) ( merge request (gitlab-org/security/gitlab!2364)). Disallow login if password matches a list (gitlab-org/security/gitlab@1a128ae3fb17b3d83974bb08034e4ba7a7d54e3b) ( merge request (gitlab-org/security/gitlab!2357)). Update devise-two-factor to 4.0.2 (gitlab-org/security/gitlab@17c70b13dcd437c05de63b3286245af8e6f42210) ( merge request (gitlab-org/security/gitlab!2349)). Limit the number of tags associated with a CI runner (gitlab-org/security/gitlab@ed5daced882a0206e050c4f676a888ac1c2417b1) ( merge request (gitlab-org/security/gitlab!2303)). GitLab Pages Security Updates for 14.9 (gitlab-org/security/gitlab@79709cabf71a57a336f490636a7e32a208fe0229) ( merge request (gitlab-org/security/gitlab!2327)). Upgrade swagger-ui dependency (gitlab-org/security/gitlab@14280c1d844be3ffc2f30f5321a818a7b6c51770) ( merge request (gitlab-org/security/gitlab!2336)). Modify release link format check to avoid regex if string is too long (gitlab-org/security/gitlab@f516d883b46e1441410476dc140d69fde51cdf0f) ( merge request (gitlab-org/security/gitlab!2307)). Masks variables in error messages (gitlab-org/security/gitlab@9cf62118390c0cfba3d36a4231a30a7836f06e2f) ( merge request (gitlab-org/security/gitlab!2308)). Escape user provided string to prevent XSS (gitlab-org/security/gitlab@2da3502aef64ed1b01c13d82418950cf284098c6) ( merge request (gitlab-org/security/gitlab!2313)). Monkey patch of RDoc to prevent Ruby segfault (gitlab-org/security/gitlab@0ae4925089a1b5fd7c9abeeb0756b3a50e05799a) ( merge request (gitlab-org/security/gitlab!2321)). Project import maps members' created_by_id users based on source user ID (gitlab-org/security/gitlab@3826f2a7c652d3f74e45bfef8888601ca1c86ba1) ( merge request (gitlab-org/security/gitlab!2301)). Redact InvalidURIError error messages (gitlab-org/security/gitlab@59b60e9cf8f79
14.9.126 Mar 2022 03:17 minor feature: (2022-03-23). ### (1 change). backups not working when feature_flags table does not exist (gitlab-org/gitlab@4cc3cd6cf6eb256a9837ef92a6fdb4991cd1642c) ( merge request (gitlab-org/gitlab!83388)). ### Changed (1 change). Alias user_email_lookup_limit to search_rate_limit (gitlab-org/gitlab@424c277fc4c994df60ea68acb8988537526108e4) ( merge request (gitlab-org/gitlab!83388)).
14.9.023 Mar 2022 03:17 major feature: (2022-03-21). ### Added (119 changes). Toggle the related_epics_widge feature flag (gitlab-org/gitlab@8f64bbbc5c485fcdb7453f3c42949a37e030a71f) ( merge request (gitlab-org/gitlab!82333)) GitLab Enterprise Edition. Add Time to Restore Service DORA metric (gitlab-org/gitlab@0ccf5b4ae6bca2fa1ea128228e14bb63153283ce) ( merge request (gitlab-org/gitlab!82510)) GitLab Enterprise Edition. Added possiblity to create new token from the UI (gitlab-org/gitlab@8f36ef50c87ea78e33409c3ddcbbb04782fa5e15) ( merge request (gitlab-org/gitlab!82690)). Add param to Wiki REST endpoint to retrieve different page versions (gitlab-org/gitlab@53b8b9fe4952d7c11a80cd52f4dab8e6d8bfa7de) ( merge request (gitlab-org/gitlab!82838)). Add Harbor integration (gitlab-org/gitlab@bcb79d53fd54e545cf80416beb77360e06262c22) by @prajnamas ( merge request (gitlab-org/gitlab!80999)). MR widget: update merge commit message when default changed (gitlab-org/gitlab@b005b8e80ba8691ec24a5063e4a133d21e56532e) by @trakos ( merge request (gitlab-org/gitlab!77425)). Support agent registration without config (gitlab-org/gitlab@388f87faad5adf5c68ba4850a82b1d4433290b0f) ( merge request (gitlab-org/gitlab!82036)). Add `RestrictGitlabSchema` that enforces `restrict_gitlab_migration` (gitlab-org/gitlab@6bdac41133bebcf66c308dc31f589046b1dc0725) ( merge request (gitlab-org/gitlab!73756)). Enable the vsa_incremental_worker FF by default (gitlab-org/gitlab@d04a006d125f94b34c7eef4f6b85a37292bc7500) ( merge request (gitlab-org/gitlab!82975)). Add deployment approval comment field (gitlab-org/gitlab@5dfb9cabb2d2aee7eff447e34021c8b7ca24eed4) ( merge request (gitlab-org/gitlab!82743)) GitLab Enterprise Edition. Support iteration property for api (gitlab-org/gitlab@406a79a51c6dc35cd8207a7426a8582cd20ecfc4) ( merge request (gitlab-org/gitlab!82813)) GitLab Enterprise Edition. Filter archived / MRs from GraphQL (gitlab-org/gitlab@a7fde3da984bc52b887203fa57998c93f9c6fc5f) ( merge request (gitlab-org/gitlab!826
14.8.419 Mar 2022 03:17 minor feature: (2022-03-16). ### Added (1 change). Detect and artifacts with backfilled expire_at (gitlab-org/gitlab@a627e0ac2f71e48235b956a7f744608b1cf9632f) ( merge request (gitlab-org/gitlab!83013)). ### (1 change). Pass ID to merge request creation form (gitlab-org/gitlab@86c4ec0d5f73a7139a8a22021e73171c354f9326) ( merge request (gitlab-org/gitlab!83013)). ### Changed (1 change). Enable feature flags to resume artifact removal on self-managed (gitlab-org/gitlab@07dcfcfc11428900de446d195e673be127ad4f07) ( merge request (gitlab-org/gitlab!83013)).
14.8.315 Mar 2022 06:25 minor bugfix: (2022-03-14). ### (3 changes). rake task to setup the Geo tracking database (gitlab-org/gitlab@5382a63c46b205bf49b096e834f7241d6bdd6814) ( merge request (gitlab-org/gitlab!82782)) GitLab Enterprise Edition. handling of resource iteration events when deleting a User (gitlab-org/gitlab@f26db84ae16d36186b70e630fcb6c3706976ce96) ( merge request (gitlab-org/gitlab!82782)) GitLab Enterprise Edition. Ensure cleanup job artifacts task does not include pipeline artifacts (gitlab-org/gitlab@c75ecbaeb59be774d8f449b180b772bd0f611a8d) ( merge request (gitlab-org/gitlab!82782)). ### Changed (1 change). Remove runners token prefeature flags (gitlab-org/gitlab@9f316b9a606df7751b56b4eb966c1c02f6d6b3a0) ( merge request (gitlab-org/gitlab!82119)).
14.8.226 Feb 2022 03:16 minor security: (2022-02-25). ### Security (8 changes). Limit commands_changes to certain keys (gitlab-org/security/gitlab@7a4e348b3ea3d34469bcd353286474c25288d836) ( merge request (gitlab-org/security/gitlab!2225)). Add runners_token preto Group and Project (gitlab-org/security/gitlab@87bd94f7252f887f22f971ffd59044b355712042) ( merge request (gitlab-org/security/gitlab!2248)). Anonymous user can enumerate all users through GraphQL endpoint (gitlab-org/security/gitlab@945da4fadb156ce862bdd12ee5625f57709b590d) ( merge request (gitlab-org/security/gitlab!2213)). Check for unsafe characters in email addresses before sending (gitlab-org/security/gitlab@641b23f6b1ad827536ea704c848330a068fc0472) ( merge request (gitlab-org/security/gitlab!2206)). Warn when snippet contains unretrievable files (gitlab-org/security/gitlab@d703ecef74f7d73eab3d5345af3a5d60f28c9d7f) ( merge request (gitlab-org/security/gitlab!2205)). Prevent DOS when rendering math markdown (gitlab-org/security/gitlab@cedf63be73dc9c37352e425cf8b8cf4e16980935) ( merge request (gitlab-org/security/gitlab!2219)). Check permission when creating members through service (gitlab-org/security/gitlab@6228fd285e7062dd1c2e88f8ca33bc8e9a0f4fad) ( merge request (gitlab-org/security/gitlab!2209)). Reset password field on page load (gitlab-org/security/gitlab@5ece8645add37c3e77f28d7afb8f28ce4bbe2b7f) ( merge request (gitlab-org/security/gitlab!2224)).
14.8.022 Feb 2022 06:25 major feature: (2022-02-21). ### Added (134 changes). Add fields to PipelineSecurityReportFindingType (gitlab-org/gitlab@732f134e9342df18dd3f0c31668f5d43b82b35ac) ( merge request (gitlab-org/gitlab!75001)) GitLab Enterprise Edition. Add overage confirmation modal (gitlab-org/gitlab@0d26cab716b54fdbdc224e5f72b109ffb276dd90) ( merge request (gitlab-org/gitlab!79644)) GitLab Enterprise Edition. Add custom tags to the Datadog integration (gitlab-org/gitlab@694a0512374106d42b2fe8296a3bf9d0714f35e3) by @AdrianLC ( merge request (gitlab-org/gitlab!79665)). Save sort on querystring for vulnerability report (gitlab-org/gitlab@0000d7993aea7420d914641124a4b3aae4e6b8e5) (merge request) GitLab Enterprise Edition. Pipeline and other to community contribution (gitlab-org/gitlab@091a55c1d2dcbd9b3b3041548dec3403af57df19) ( merge request (gitlab-org/gitlab!78899)). Allow broadcast messages to be targeted to the current user's role (gitlab-org/gitlab@cbfa1e26b2ccb41ea0cc050dcba4943e2575bc2a) ( merge request (gitlab-org/gitlab!77498)). Provide FF to project edit action (gitlab-org/gitlab@e35d9ec63567f6360bf1d086df6130ed2380e41c) ( merge request (gitlab-org/gitlab!80805)) GitLab Enterprise Edition. Stream audit events using audit event JSON (gitlab-org/gitlab@156e6741c0ac457821f71e49ba9b9d2ebd71cd86) ( merge request (gitlab-org/gitlab!80297)) GitLab Enterprise Edition. Add CI minutes usage charts to group usage quotas (gitlab-org/gitlab@0157ce737c68f966eb1f1d3226da33c936f46354) ( merge request (gitlab-org/gitlab!80321)) GitLab Enterprise Edition. Defaulted roadmap_settings to true (gitlab-org/gitlab@1bc7cfa4415c717c926b41c7d97106e192dd10e4) ( merge request (gitlab-org/gitlab!80766)). GraphQL: Expose token_expires_at property and sorting (gitlab-org/gitlab@800bf64eb87a83d78c19cfa9d2c2c196884043b6) by @KyleFromKitware ( merge request (gitlab-org/gitlab!79135)). Add scan method to dast site profile (gitlab-org/gitlab@cb8679b4c5f6cc1abcf6847021725f6967e72042) (merge request).
14.7.316 Feb 2022 03:16 minor feature: (2022-02-15). ### (2 changes). Update GitHub PRs Importer to force update repository (gitlab-org/gitlab@33f12736b070362cb89e9bbb4b3aa7d86fc373c3) ( merge request (gitlab-org/gitlab!80595)). Geo checksummable check failing when file is nil (gitlab-org/gitlab@f49e3ea3e4d4ca7a64607687f9aaa974801b6bf9) ( merge request (gitlab-org/gitlab!80595)) GitLab Enterprise Edition. ### Changed (1 change). Properly exclude pending_destruction packages when creating one (gitlab-org/gitlab@9fb9f1ca8a2342225b7017c211f85175a4ef56dd) ( merge request (gitlab-org/gitlab!80595)).
14.7.209 Feb 2022 07:25 minor feature: (2022-02-08). ### Added (1 change). Allow self-hosted instances to render same-origin Iframe (gitlab-org/gitlab@eb7c78363cdfc670286967872d8458fc5f6d82e8) ( merge request (gitlab-org/gitlab!79966)). ### (4 changes). Geo: reverify object stored files (gitlab-org/gitlab@603700dcca3b8f25a3b80b44b11a73df549c0cb3) ( merge request (gitlab-org/gitlab!79966)) GitLab Enterprise Edition. Geo: verification failures of remote stored files (gitlab-org/gitlab@2eb8ac7e88dcd40f0e8266966655962e4d6e3171) ( merge request (gitlab-org/gitlab!79966)) GitLab Enterprise Edition. GitLab Version - CE Admin Dashboard RUN ALL RSPEC RUN AS-IF-FOSS (gitlab-org/gitlab@f2253ce2d729fa202a26b54f3ca870b932ea1855) ( merge request (gitlab-org/gitlab!79966)). cluster integration HTTP adapter (gitlab-org/gitlab@c05027ef4d7ec35fc16e8e16dc6e5af201f665c3) ( merge request (gitlab-org/gitlab!79966)). ### Changed (1 change). Update to ruby-magic v0.5.4 (gitlab-org/gitlab@ced6ef1001730dc2851f58f7db3229d1c585b9d3) ( merge request (gitlab-org/gitlab!79966)). ### Removed (1 change). Disable sandboxed_mermaid feature flag by default (gitlab-org/gitlab@70c40d43169bd48d360ed7a6a03c33c05d5e3738) ( merge request (gitlab-org/gitlab!79966)).
14.7.023 Jan 2022 03:16 major feature: (2022-01-21). ### Added (84 changes). Add verification before namespace creation (gitlab-org/gitlab@62c6ea0ff38f4a90ede4d5200e78206cdb71d29b) ( merge request (gitlab-org/gitlab!77315)). Add GraphQL mutation to destroy timeline events (gitlab-org/gitlab@71a1be80522bd01d3434dde6a5bb009454e65839) ( merge request (gitlab-org/gitlab!78192)) GitLab Enterprise Edition. ApplicationSetting: Add runner_token_expiration_interval field (gitlab-org/gitlab@d62621aa82714995cfe84c056773b291775b77bc) by @KyleFromKitware ( merge request (gitlab-org/gitlab!77884)). Rate limit Gitlab Shell operations (gitlab-org/gitlab@ddda5851babbad2f89b7ba37b0437b87e55950e5) ( merge request (gitlab-org/gitlab!78373)). Add `Delete` button to label edit view (gitlab-org/gitlab@07fa8e097bfc1143cfe362a0a4f2031d4792b73b) ( merge request (gitlab-org/gitlab!77917)). Enable autocomplete on cadence iteration create/edit pages (gitlab-org/gitlab@f0f99fc37266ebffb82134419bde8346ca799091) by @espadav8 ( merge request (gitlab-org/gitlab!78272)) GitLab Enterprise Edition. Extend GraphQL API interface with `securityTrainingProviders` field (gitlab-org/gitlab@d182af0c80834ddfc6f5db0587202f013351a42e) ( merge request (gitlab-org/gitlab!78195)) GitLab Enterprise Edition. Hierarchy page to show work items (gitlab-org/gitlab@a88b585c3b8cc4fd4fd11229e175ed4e24dead13) ( merge request (gitlab-org/gitlab!76720)). Add group level access token UI (gitlab-org/gitlab@a1a5cb34efe5218b562c69e621fc586625b3ed0a) by @fh1ch ( merge request (gitlab-org/gitlab!77449)). Remove ci_archived_build_trace_checksum feature flag (gitlab-org/gitlab@fbdec367917ae9f8ec4577f6de6ecd292755d5d0) ( merge request (gitlab-org/gitlab!78368)). Add scan result policies into the policy (gitlab-org/gitlab@71e49518d368fa7ab6a20a7ce295b5025923179f) ( merge request (gitlab-org/gitlab!77810)) GitLab Enterprise Edition. Enable logging when recursive webhook detected (gitlab-org/gitlab@2c9dc9a4b3d8b9f510369277f9d9fb12c319ee57) ( merge re
14.6.319 Jan 2022 07:05 minor bugfix: (2022-01-18). ### (4 changes). destruction of projects with pipelines (gitlab-org/gitlab@83e1616fe46b933c5b78b2d43e08463fdae4264a) ( merge request (gitlab-org/gitlab!78401)). Geo: Resolve "undefined method each_batch" (gitlab-org/gitlab@a38bf23ebd0a9931ec5bb91377955824dcda39ea) ( merge request (gitlab-org/gitlab!78401)) GitLab Enterprise Edition. migration for cases with empty strings (gitlab-org/gitlab@ddda8880db35b7d48ca8e4ec8efe54954d64f41f) ( merge request (gitlab-org/gitlab!78401)). Geo: adapt verification timed out query to use state table (gitlab-org/gitlab@89212752226d6c5f34830e3f4a73c5a56764ed17) ( merge request (gitlab-org/gitlab!78401)) GitLab Enterprise Edition.
14.6.105 Jan 2022 03:16 minor bugfix: (2022-01-04). ### (2 changes). Ignore new line differences when deciding whether to squash MR (gitlab-org/gitlab@9d25380756bbc11ad5d18ea268b0ed0b60bf92fb) ( merge request (gitlab-org/gitlab!77499)). re-use of extensions between instances (gitlab-org/gitlab@0ad3357123bbb72493b965b0ab769dab81890397) ( merge request (gitlab-org/gitlab!77499)).
14.6.022 Dec 2021 03:16 major feature: (2021-12-21). ### Added (76 changes). Create table to store merge request compliance violations (gitlab-org/gitlab@6020f42812e3dc09d4163488e35d9a75f20da9ff) (merge request). Upgrade GitLab Pages to 1.49.0 (gitlab-org/gitlab@b10f47f58cc3c7998e6815580405d00575595715) ( merge request (gitlab-org/gitlab!76908)). Add create crm organization component (gitlab-org/gitlab@20998c7f182a6f12001ac10b515fc8c20147b56a) by @leet ( merge request (gitlab-org/gitlab!76059)). Registration features info for setting repo size (gitlab-org/gitlab@d857bc88bfe2dff493b73934c39ac89c25a4381a) (merge request) GitLab Enterprise Edition. Log structured message when LFS object is auto-linked from parent (gitlab-org/gitlab@fe545efa9f3c138a1f65bed0f021525b8cb3fc22) ( merge request (gitlab-org/gitlab!76818)). Enable display_outdated_line_diff by default (gitlab-org/gitlab@3f368ddb4378101757f7a3ce7a92d0d36bcf7823) ( merge request (gitlab-org/gitlab!76887)). Default enable webauthn feature flag (gitlab-org/gitlab@81a6ee387a3f4b593859c04d52245312b9b194ba) by @kingjan1999 ( merge request (gitlab-org/gitlab!50735)). Update return type for previousStageJobsOrNeeds (gitlab-org/gitlab@ca6c6a70b0e054b24cd331b0ce6bedb383a86dff) ( merge request (gitlab-org/gitlab!76444)). Add support for Rel-License microformat (gitlab-org/gitlab@dd445481700a90c9e9fd645c2315e94b22df4889) ( merge request (gitlab-org/gitlab!76471)). Add error alerts and badge for webhooks (gitlab-org/gitlab@d366378ce6612db8316a07e60eb139d4e7eb39da) ( merge request (gitlab-org/gitlab!76871)). Add alert for rate limited webhooks (gitlab-org/gitlab@d163f4c929d696884438cb139329cdb3bae75803) ( merge request (gitlab-org/gitlab!76743)). Expose iid in pipelines api (gitlab-org/gitlab@a7f53bddf1cfc64d471b13312dd01c42015799c4) ( merge request (gitlab-org/gitlab!76625)). Implement separate status for bulk imports (gitlab-org/gitlab@96db744c439129de268cf05f4e7e5b41597ff751) ( merge request (gitlab-org/gitlab!73960)). Include pa
14.5.102 Dec 2021 09:45 minor bugfix: (2021-12-01). ### (4 changes). Check validation for license only if new record (gitlab-org/gitlab@3e34c2dc431a2b1c1828f5154a4d2be350359b16) ( merge request (gitlab-org/gitlab!75498)) GitLab Enterprise Edition. for hexadecimal branch deletion (gitlab-org/gitlab@eb74cd44edac0c16c44aa11d710b742586c31741) ( merge request (gitlab-org/gitlab!75498)). the SSL_CERT_DIR logging on git operations (gitlab-org/gitlab@6ef3b63ad5e58baa0e0e0a922fe43a2fb4494508) ( merge request (gitlab-org/gitlab!75498)). Support Action Cable on GCP Memorystore (gitlab-org/gitlab@d62aa5bcbad5851209a9d248ca267d0c46d1e7c9) ( merge request (gitlab-org/gitlab!75498)).
14.5.020 Nov 2021 03:15 major feature: (2021-11-19). ### Added (113 changes). Show warning for markdown structure changes (gitlab-org/gitlab@9b44058536cff8e36996dc04820636a3c39cef2f) ( merge request (gitlab-org/gitlab!71064)). Implement Pipeline Editor Walkthrough experiment (gitlab-org/gitlab@2ab23a789a355eb2f1a923b263f2194f72665b5f) ( merge request (gitlab-org/gitlab!73050)). Add endpoint for activating all pending members (gitlab-org/gitlab@fb949a578e625f21242fccf20ad8883efb425e56) ( merge request (gitlab-org/gitlab!73849)) GitLab Enterprise Edition. Add Yaml Source Editor Extension (gitlab-org/gitlab@fe4f8022b129997263cc3e26c597b4c77df878a7) ( merge request (gitlab-org/gitlab!72764)). Introduced the Source Editor Instance module (gitlab-org/gitlab@7dbdf10e35cf793e0219344d0830dfcbb229667d) ( merge request (gitlab-org/gitlab!74566)). Add total counters in each runner type tab (gitlab-org/gitlab@b852ba5b2da2cabae8eaf5bf1f4f9b950b0576de) ( merge request (gitlab-org/gitlab!74196)). Add customer relations organizations viewer (gitlab-org/gitlab@9db2c7fef64053f78eebbc6bf12978ca46d08979) by @leet ( merge request (gitlab-org/gitlab!73508)). Add customer relations contacts viewer (gitlab-org/gitlab@22a90aa556d503e617b22a8795754197a807dab1) by @leet ( merge request (gitlab-org/gitlab!73429)). Add endpoint for activating an waiting member (gitlab-org/gitlab@c9857c9dc7f3196ee14f9ff40bd3bc8a4382329e) ( merge request (gitlab-org/gitlab!73845)) GitLab Enterprise Edition. Add keyset pagination for tags API (gitlab-org/gitlab@e9c3b012dcba273ec9eb2c5aaa4c8163d295cd9a) ( merge request (gitlab-org/gitlab!74239)). Enable loose_foreign_key_cleanup FF by default (gitlab-org/gitlab@8e8864cf97eae6f3e9d8bd1187d743d88f243fe9) ( merge request (gitlab-org/gitlab!74499)). Allow reporters to see the service desk email address (gitlab-org/gitlab@b12fcd0eccdc9fc66ec0647d7939eb53310a374d) ( merge request (gitlab-org/gitlab!74179)). Upgrade GitLab Pages to 1.48.0 (gitlab-org/gitlab@a8e068be055bc0bb5805321b1
14.4.209 Nov 2021 06:45 minor feature: (2021-11-08). ### (3 changes). Skip retrying for reads on connection errors if primary only (gitlab-org/gitlab@8e1976ed75bd6c606d49c83863cf46bf3c4d5070) ( merge request (gitlab-org/gitlab!73919)). error 500 loading branch with UTF-8 characters with performance bar (gitlab-org/gitlab@67ddc428472d57bb3d8a4a84eb0750487a175f75) ( merge request (gitlab-org/gitlab!73919)). Skip st_diff callback setting on LegacyDiffNote when importing (gitlab-org/gitlab@84f5c66321473cd702b3b671584054fcf3d141ae) ( merge request (gitlab-org/gitlab!73919)). ### Changed (1 change). Remove skip_legacy_diff_note_callback_on_import from legacy diff note (gitlab-org/gitlab@547a2ec29ea9e9299eab727899c3d90886ffc21c) ( merge request (gitlab-org/gitlab!73919)). ### Performance (1 change). Prevent Sidekiq size limiter middleware from running multiple times on the same job (gitlab-org/gitlab@294c01be38d400607536fb20a2038e098c0f0e28) ( merge request (gitlab-org/gitlab!73919)).
14.4.129 Oct 2021 03:15 minor security: (2021-10-28). ### Security (13 changes). Highlight usage of unicode bidi characters (gitlab-org/security/gitlab@cef762a270783780112c7bf318e353a39de1aa1e) ( merge request (gitlab-org/security/gitlab!1937)). dompurify.js to prevent path traversal attacks (gitlab-org/security/gitlab@9a891cbe465a302f260f0f81fc490cacb9e8c70e) ( merge request (gitlab-org/security/gitlab!1929)). Refresh authorizations on transfer of groups having project shares (gitlab-org/security/gitlab@bdf8b6e90d0a1f719c0f389f29ea5dc41c22f119) ( merge request (gitlab-org/security/gitlab!1916)). Adding a ' redacted ' to mask private email addresses (gitlab-org/security/gitlab@324fe6286b266c3990676bc93b3f6ab03eea5f6b) ( merge request (gitlab-org/security/gitlab!1927)). Do not allow Applications API to create apps with blank scopes (gitlab-org/security/gitlab@4e2c4d2a88acf7167e1078e8a27679545ab90c9c) ( merge request (gitlab-org/security/gitlab!1922)). Don't allow author to resolve discussions when MR is locked via GraphQL (gitlab-org/security/gitlab@34ffcb55a70ad6db38292f79fe73c05fb2655738) ( merge request (gitlab-org/security/gitlab!1919)). Workhorse: Allow uploading only a single file (gitlab-org/security/gitlab@0aee710db4bbab84c78b9e38f459bfca606aaf80) ( merge request (gitlab-org/security/gitlab!1913)). Set PipelineSchedules to inactive (gitlab-org/security/gitlab@de405edc9de4519656675ed6825534aac6b738da) ( merge request (gitlab-org/security/gitlab!1911)). Do not display the root password by default (gitlab-org/security/gitlab@138a62f89ce6616d63e3cf18eeda291a380b9ebc) ( merge request (gitlab-org/security/gitlab!1909)). Group owners should see SCIM token only once (gitlab-org/security/gitlab@43d19f580543d0203b1d841f921536474ca4be38) ( merge request (gitlab-org/security/gitlab!1906)) GitLab Enterprise Edition. Respect visibility level settings when updating project via API (gitlab-org/security/gitlab@f96258f3622cf72b46158f22c4660ff60a2c25ae) ( merge request (gitlab-org/security/gi
14.4.022 Oct 2021 03:16 major feature: (2021-10-21). ### Added (79 changes). Upgrade GitLab Pages to 1.46.0 (gitlab-org/gitlab@e606ddc078a2fe55658abb33924fac5699376953) ( merge request (gitlab-org/gitlab!72383)). Support math expressions in the Content Editor (gitlab-org/gitlab@3e60388da219b0b33fa032f50bf087fd5b7845c0) ( merge request (gitlab-org/gitlab!72153)). Add Reviewer names (gitlab-org/gitlab@925c1246984a33b4c408848298dc544757656499) ( merge request (gitlab-org/gitlab!72244)). Geo: Enable Upload replication using SSF by default (gitlab-org/gitlab@99543ee585f7f35f84f19e08b2ccba6428341a2b) ( merge request (gitlab-org/gitlab!72199)) GitLab Enterprise Edition. Add username attribute support for GitLab.com Group SAML SSO (gitlab-org/gitlab@085254b32ebdb6269636c774de9d88cbabc5bed9) ( merge request (gitlab-org/gitlab!72134)) GitLab Enterprise Edition. Expose contacts via GraphQL (gitlab-org/gitlab@2dc68a486afeffd1b64b78fcbeae537c030d7dfa) by @leet ( merge request (gitlab-org/gitlab!71889)). Add source instance version validation for project (gitlab-org/gitlab@44c33c0ceb7c4507c94f1c7fda5811d81d5fdf9c) ( merge request (gitlab-org/gitlab!71423)). Add top-level GraphQL query for single board list (gitlab-org/gitlab@2740bda696e362f7fd92f567b3e13f063b6677cf) ( merge request (gitlab-org/gitlab!67909)). Allow to setup Documentation pages URL for help pages redirects (gitlab-org/gitlab@3f3566ab09ce35ac3a636a22e65e40927e63cab9) ( merge request (gitlab-org/gitlab!71737)). DevOps Adoption: Add "trend over time" graph (gitlab-org/gitlab@ef874e312ca65ed14101c41d09e69bfa9869a19e) ( merge request (gitlab-org/gitlab!70518)) GitLab Enterprise Edition. Improve data zoom on contribution analytics (gitlab-org/gitlab@13d202a2f08fb7c45ebfa475ab258d20b68bc982) ( merge request (gitlab-org/gitlab!72004)) GitLab Enterprise Edition. Add cluster_image_scanning CI parser to update location data (gitlab-org/gitlab@c28d8ab7e6367258ddfbbeb25e0492c0a324c6f7) ( merge request (gitlab-org/gitlab!71794)) GitLab Ent
14.3.313 Oct 2021 13:05 minor bugfix: (2021-10-12). ### (3 changes). Disable caching of MergeToRefService call in mergeability check (gitlab-org/gitlab@ea9f38fb3ce1f9b345ca699b5f9ae7b36726a56f) ( merge request (gitlab-org/gitlab!72179)). FA setup for users with no password (gitlab-org/gitlab@c6d5cdfc3fa1a1dc0a6686a8f189972c03403f7a) ( merge request (gitlab-org/gitlab!72179)). dependency proxy image pre (gitlab-org/gitlab@deb9719db05e99dec787bd76c5e96408f92eb802) ( merge request (gitlab-org/gitlab!72179)).
14.3.205 Oct 2021 06:25 minor feature: (2021-10-01). ### (1 change). Update GitLab Shell to v13.21.1 (gitlab-org/gitlab@9e9e41f2ae9bdb89355c0f9cef486950bbaf361c) ( merge request (gitlab-org/gitlab!71513)). ### Changed (1 change). Remove `async_filtering` feature flag (gitlab-org/gitlab@c4277c1fed0de3d86694390641612bfcde30cc92) ( merge request (gitlab-org/gitlab!71513)).
14.3.101 Oct 2021 03:16 minor security: (2021-09-30). ### Security (29 changes). permissions check on project members import (gitlab-org/security/gitlab@63ba9ad2a1067eb74df493e273707bb64a13a197) ( merge request (gitlab-org/security/gitlab!1858)). Require password param for 2FA changes (gitlab-org/security/gitlab@f246cfbd15344ba74a0182276bf63f0b5f1a4a31) ( merge request (gitlab-org/security/gitlab!1813)). Respect disabled import sources when initiating import via API (gitlab-org/security/gitlab@046e964b0151fc8c58063281a39af063ffb678bd) ( merge request (gitlab-org/security/gitlab!1846)). Return 404 if model id wasn't passed to UploadsController (gitlab-org/security/gitlab@747e6f0e4aec39462f296fd56b37df1c255d29cb) ( merge request (gitlab-org/security/gitlab!1843)). Scrub artifacts signed URL in SendEntry logs (gitlab-org/security/gitlab@f6c57892ddc9518efaace1021346b42b4c805a1c) ( merge request (gitlab-org/security/gitlab!1840)). Prevent double-impersonation and impersonation breakout (gitlab-org/security/gitlab@615d418f9315ca3b3619689c47201f618cf6bde9) ( merge request (gitlab-org/security/gitlab!1834)). Clear session access tokens when starting/stopping impersonation (gitlab-org/security/gitlab@62c2e0d3ed73f2d7ded90d04fe232ff6ae2f6136) ( merge request (gitlab-org/security/gitlab!1831)). Prevent users from bypassing 2FA on certain pages (gitlab-org/security/gitlab@0b41838b36da09a9230de4d8449040a701464de7) ( merge request (gitlab-org/security/gitlab!1827)). Use validated URL when sending request to Gitea Importer (gitlab-org/security/gitlab@26731d762f6503fe1b8b509be11c56e77601a552) ( merge request (gitlab-org/security/gitlab!1822)). XSS in Jira link (gitlab-org/security/gitlab@d41060acb2aa151119042db9162a102d4e2c15ab) ( merge request (gitlab-org/security/gitlab!1819)) GitLab Enterprise Edition. fogz importer DNS Rebind SSRF (gitlab-org/security/gitlab@cc13d57c66cc65e6f920bdeab57b9fdb9d6baac1) ( merge request (gitlab-org/security/gitlab!1814)). Remove related project access tokens whe
14.3.022 Sep 2021 03:16 major feature: (2021-09-21). ### Added (111 changes). Add organizations update mutation to GraphQL (gitlab-org/gitlab@9375734734a090d186da58cb5d1ece7d886318f8) by @leet ( merge request (gitlab-org/gitlab!69559)). Auto-scope board to iteration cadence (gitlab-org/gitlab@3015a0232caa9641266130bd905942ece2758d16) ( merge request (gitlab-org/gitlab!69030)). Decouple project runners queuing query from projects table (gitlab-org/gitlab@04a2a99342e8db67058ee6534e4166ca0a8a4914) ( merge request (gitlab-org/gitlab!70415)). Add owner validation for project namespaces (gitlab-org/gitlab@a30da0a109d54f5254498d70977e3e2be69f9901) ( merge request (gitlab-org/gitlab!69201)). Add ProjectNamespace model and DB relationships (gitlab-org/gitlab@6914cf3c13c2ca6f325ae273944f4c2172691451) ( merge request (gitlab-org/gitlab!69201)). Upgrade Pages to 1.44.0 (gitlab-org/gitlab@2e2263965716a3dd7c3f427f9876d50183a9a3ef) ( merge request (gitlab-org/gitlab!70484)). Add docs on how to use AWS server side encryption for backups (gitlab-org/gitlab@00eeff9dd13ad4a515655630cc9f006ca2ec8c75) ( merge request (gitlab-org/gitlab!70327)). Persist projects configured to use an Agent (gitlab-org/gitlab@3a80bebfcb49b4315c91d3ac3863f06d692fc000) ( merge request (gitlab-org/gitlab!67295)). Enable Pages replication with Geo by default (gitlab-org/gitlab@5f9c6a945c6f46294ede78b5b1ae82b2d8239c92) ( merge request (gitlab-org/gitlab!70434)) GitLab Enterprise Edition. Address the PK Overflow risk for the ci_build_needs - Step 3 (gitlab-org/gitlab@c789075c2907e6689d61e9f3c0ff6943018a4c9c) ( merge request (gitlab-org/gitlab!69473)). Extend `marginalia` to provide `db_config_name` (gitlab-org/gitlab@24e07a2a61cc981f401fd886e39940305cc3699c) ( merge request (gitlab-org/gitlab!67328)). Enable Roadmap daterange presets (gitlab-org/gitlab@3dccdb1fc8a795ea8e6fd23710362f0ef8b6a146) (merge request) GitLab Enterprise Edition. Test project namespace is destroyed with project_namespace.rb (gitlab-org/gitlab@93ff65
14.2.418 Sep 2021 07:05 minor bugfix: (2021-09-17). ### (2 changes). Elastic::MigrationWorker current_migration (2nd attempt) (gitlab-org/gitlab@65bf8636d35edc6f580c7f09e1ffafc46ca5fbdb) ( merge request (gitlab-org/gitlab!70494)) GitLab Enterprise Edition. Removes cleanup job from Terraform.latest (gitlab-org/gitlab@6085d73d1a88aa98310f775fe2ff74584948e1a9) ( merge request (gitlab-org/gitlab!70494)).
14.2.305 Sep 2021 03:25 minor bugfix: (2021-09-01). ### (4 changes). Live Markdown Preview in personal and subgroup projects (gitlab-org/gitlab@20553f93703c0bc076c8e1a4fbc4ce07e2e914b7) ( merge request (gitlab-org/gitlab!69316)). OrphanedInviteTokensCleanup migration (gitlab-org/gitlab@9c59b2fbdfeb250de66a9d2b9424cde9680f86c3) ( merge request (gitlab-org/gitlab!69316)). Reset severity_levels default (gitlab-org/gitlab@34e65788679cfbdeec28357a01a8b303ba61418f) ( merge request (gitlab-org/gitlab!69316)). Geo: Replicate multi-arch containers (gitlab-org/gitlab@fdf88767320016a84c83e896b9f9b90291de89e0) (merge request) GitLab Enterprise Edition.
14.2.201 Sep 2021 06:45 minor security: (2021-08-31). ### Security (9 changes). Prevent non-admins from configuring Jira connect app (gitlab-org/security/gitlab@1bc56361c9daa90accea65836d5a424168a2c544) ( merge request (gitlab-org/security/gitlab!1697)). Only create jira connect NS subscriptions for admins (gitlab-org/security/gitlab@c160da2cb32a5774fef149155cfd397981bf9173) ( merge request (gitlab-org/security/gitlab!1698)). Update apollo_upload_server dependency (gitlab-org/security/gitlab@5ef659b8c9a5a7338830171c62943d3b8bb16410) ( merge request (gitlab-org/security/gitlab!1699)). Ensure shared group members lose project access after group deletion (gitlab-org/security/gitlab@c94e934234a90f82e7fe291ed0f1d6a763b9a977) ( merge request (gitlab-org/security/gitlab!1683)). Update Import/Export to use public email when mapping users (gitlab-org/security/gitlab@13fb902c55c2dfe7ec2bf35f58a9cb3d93905d9a) ( merge request (gitlab-org/security/gitlab!1669)) GitLab Enterprise Edition. Require sign in for.keys endpoint on non-public instances (gitlab-org/security/gitlab@0979dd458e8fa0d4f5e184ef0b9ea042d79f6c14) ( merge request (gitlab-org/security/gitlab!1676)). Inherit user external status while creating project bots (gitlab-org/security/gitlab@93062909ffc093cb8f718a3ea3f2976292a9b9af) ( merge request (gitlab-org/security/gitlab!1675)). Escape reference and title for Jira (gitlab-org/security/gitlab@d25ef8599ec03ee80ef1bff7067b2269836400cf) ( merge request (gitlab-org/security/gitlab!1673)) GitLab Enterprise Edition. stored XSS vulnerability in Datadog settings form (gitlab-org/security/gitlab@23b98dac7864992898992a153950247ac6ccb933) ( merge request (gitlab-org/security/gitlab!1670)).
14.2.126 Aug 2021 03:16 minor feature: (2021-08-23). ### (1 change). Drop un-used db/ci_migrate symlink (gitlab-org/gitlab@1154311625345e120407c0c397c7d4a27848a739) ( merge request (gitlab-org/gitlab!68723)). ### Changed (2 changes). Reorder vuln check criteria (gitlab-org/gitlab@9bbb20db46362a859632e7bb88deba985318ca2c) ( merge request (gitlab-org/gitlab!68723)) GitLab Enterprise Edition. Don't override vulnerability feedback UUID anymore (gitlab-org/gitlab@5f8372fb782c9416ae5ab582009a4399cb7d3750) ( merge request (gitlab-org/gitlab!68723)) GitLab Enterprise Edition.
14.2.022 Aug 2021 07:45 major feature: (2021-08-20). ### Added (128 changes). Add missing Ci::Build graphql mutations (gitlab-org/gitlab@b0389d7d0da358b550392cf20178c2faea6dbd61) ( merge request (gitlab-org/gitlab!68399)). Introduce a table to store job trace metadata (gitlab-org/gitlab@66ac715bd050922f83e754f1f2b27c27848fa2b2) ( merge request (gitlab-org/gitlab!68171)). Promote the contact_sales_btn_in_app experiment to product feature (gitlab-org/gitlab@273a053eff53c29ce55f70358b2ebd593a64c7ff) ( merge request (gitlab-org/gitlab!65598)). Upgrade GitLab Pages to v1.42.0 (gitlab-org/gitlab@5de522492fa0a3d013eef5d75103a93f350036c2) ( merge request (gitlab-org/gitlab!68341)). Enable the instance-level overrides feature (gitlab-org/gitlab@b8ab6f1e1c1120a8b53fa0864627bc7a5ff6603f) ( merge request (gitlab-org/gitlab!67927)). Add support for inline diff in content editor (gitlab-org/gitlab@c10baec8a0efb6c6a59909cd8c1772c9d7cab042) ( merge request (gitlab-org/gitlab!68231)). Update security policies pipeline processor to support secret detection (gitlab-org/gitlab@797d5d844d5533ea6561dc2e584d8b15b0c47b71) ( merge request (gitlab-org/gitlab!67223)) GitLab Enterprise Edition. Render references in content editor (gitlab-org/gitlab@efc45686c1d1804d8367a292fc63164aa1d7f6c2) ( merge request (gitlab-org/gitlab!68230)). Add copy feature to CI job page (gitlab-org/gitlab@5d72b702b7d78566110714a30d9742d32e8e32d0) ( merge request (gitlab-org/gitlab!68148)). Limit number of files per pages site (gitlab-org/gitlab@48df27a71ab7c3845172671b20e2cf2e3dcf6fe2) ( merge request (gitlab-org/gitlab!67761)). Added new user callout for the Terraform banner (gitlab-org/gitlab@c52952f613e4dfd1ab5cbde859b8f3d1a1ce51eb) ( merge request (gitlab-org/gitlab!68138)). Markdown Live preview for Source Editor (gitlab-org/gitlab@2fffee2645d5bb9a4b8b269c578ebca9f9f73fbf) (merge request). Create table zentao_tracker_data (gitlab-org/gitlab@161e6d31110c591b041b76717a98024f5963a3f7) ( merge request (gitlab-org/gitlab!6793
14.1.318 Aug 2021 03:16 minor feature: (2021-08-17). ### (2 changes). Geo 2.0 Regression - Add ability to remove primary (gitlab-org/gitlab@1635f3d07d421edd2a83be109d7c54635aa4f58c) ( merge request (gitlab-org/gitlab!68383)) GitLab Enterprise Edition. RUN AS-IF-FOSS AS SAML SSO login redirects not working (gitlab-org/gitlab@7b551e3d2a4ba6127549c613ee95e2c12c014b90) ( merge request (gitlab-org/gitlab!68383)) GitLab Enterprise Edition. ### Changed (1 change). Resolve "operator does not exist: integer bigint in... (gitlab-org/gitlab@99e6457b6d9d39805dc7758c47091cf6ad0f2bdd) ( merge request (gitlab-org/gitlab!68383)).
14.1.204 Aug 2021 06:45 minor security: (2021-08-03). ### Security (19 changes). Add project member validation for domain limitation (gitlab-org/security/gitlab@d17016dde463811c81a22c07aeab817ff7b5757c) ( merge request (gitlab-org/security/gitlab!1564)). Hide project-level CI/CD Analytics for Guests (gitlab-org/security/gitlab@ce3b41daadd795e906b5bbbec424a494c491a1d4) ( merge request (gitlab-org/security/gitlab!1600)). Only allow invite to be accepted by user with matching email (gitlab-org/security/gitlab@9d9e439c6a923fa4791a056e599c7b7e76de59a1) ( merge request (gitlab-org/security/gitlab!1632)). Add html escaping for default branch name (gitlab-org/security/gitlab@549101007452bd43d866d314b1c787120cfcb36a) ( merge request (gitlab-org/security/gitlab!1630)). Configure OmniAuth to use GitLab AppLogger (gitlab-org/security/gitlab@0b234f0058bbaa0415ab43182761757c332764d1) ( merge request (gitlab-org/security/gitlab!1615)). Add permissions check to pipelines#show action (gitlab-org/security/gitlab@6901d52d5265d126419e78848344ae9a886ee1a7) ( merge request (gitlab-org/security/gitlab!1612)). Prevent impersonation in gitlab-shell SSH certs (gitlab-org/security/gitlab@82a878ba276c6500af5aa3d951819240535127de) ( merge request (gitlab-org/security/gitlab!1609)). Protected Environment Accesses Cleanup (gitlab-org/security/gitlab@0c954547dbdee6a47fc755eebef0882852080579) ( merge request (gitlab-org/security/gitlab!1606)) GitLab Enterprise Edition. Use oauth_app id instead of uid (gitlab-org/security/gitlab@9c49cbbbc730eb16ef109c1f1fc1b167768d5dd3) ( merge request (gitlab-org/security/gitlab!1603)) GitLab Enterprise Edition. Block impersonation token use if it is not permitted (gitlab-org/security/gitlab@1a73b228549dfe1fe98f44a8cee8e3ebcc36d841) ( merge request (gitlab-org/security/gitlab!1583)). XSS in Mermaid Markdown rendering (gitlab-org/security/gitlab@6bff57b10739c42d177371dbf44143d92de1e595) ( merge request (gitlab-org/security/gitlab!1488)). Do not show email address in error messag
14.1.129 Jul 2021 03:25 minor feature: (2021-07-28). ### Added (1 change). RackAttack: extend basic authentication detection for rate limiting (gitlab-org/gitlab@ad521c88bfa8da185380397aa2e6e8972a28b04e) ( merge request (gitlab-org/gitlab!66726)). ### (3 changes). Prevent terms from being created if blank (gitlab-org/gitlab@29e5ebe23869cfe1325d8f7ab2ec17a3a8670f61) ( merge request (gitlab-org/gitlab!66726)). : Sidekiq workers delete each other's metrics (gitlab-org/gitlab@d6d8ed55392a90cc55aa6213ebae80008d0df3e0) ( merge request (gitlab-org/gitlab!66726)). Resolve "Bulk dismissal checkboxes don't appear on group vulnerability report" (gitlab-org/gitlab@77b2cf8b935aba08f23c00cf5fdc746849a65e74) ( merge request (gitlab-org/gitlab!66726)) GitLab Enterprise Edition. ### Other (1 change). Revert backfill on ci_build_trace_sections (gitlab-org/gitlab@a67a8d734440d50c5fdbb0c559b5d2a2f6e48fae) ( merge request (gitlab-org/gitlab!66726)).
14.1.025 Jul 2021 16:25 major feature: (2021-07-21). ### Added (123 changes). Add ability to set `squash_option` in the Project API (gitlab-org/gitlab@0cd893d72f410351411563e54af9e1d3f6fd789f) ( merge request (gitlab-org/gitlab!66122)). Add ref to pipeline graphql schema (gitlab-org/gitlab@4f4f2ec9adf86f841828b87f39639684ee2051f0) ( merge request (gitlab-org/gitlab!66241)). Upsell the GitLab Managed Terraform state if the repo contains `.tf` files (gitlab-org/gitlab@e2763f345fde0232092e6b099550c715c503e03e) ( merge request (gitlab-org/gitlab!65870)). Add mailgun endpoint for receiveing permanent failures (gitlab-org/gitlab@af2a6a81b92110c27da08528c5ed5dfe1ebf3f7d) ( merge request (gitlab-org/gitlab!65078)). Add error tracking collector (gitlab-org/gitlab@90e16440fc02e74d426a8c023a2e6a0f9d430990) ( merge request (gitlab-org/gitlab!65767)). Add Vulnerability Management metric for Devops Adoption API (gitlab-org/gitlab@4ef341255b5620a68a9ee3b4f8a570bac0bb1202) ( merge request (gitlab-org/gitlab!66081)). Allow immediate deletion of projects (gitlab-org/gitlab@1752841832fcbe88bd9da3b3720697bcce2be9dc) ( merge request (gitlab-org/gitlab!65522)) GitLab Enterprise Edition. Make database changes to persist false_positive information (gitlab-org/gitlab@10ff49e8bca5a0510fc2599bf378f1aecbe16394) ( merge request (gitlab-org/gitlab!65573)). Added user_cap to setting update service (gitlab-org/gitlab@f88b2f61621c4177adbd3ac68fa7e53f95aab811) ( merge request (gitlab-org/gitlab!65542)). Audit successful GPG key creation and removal (gitlab-org/gitlab@f32cc873fac3b730af86bb8095862190770174ff) ( merge request (gitlab-org/gitlab!65973)) GitLab Enterprise Edition. Enable sidekiq load balancing by default (gitlab-org/gitlab@a36a0b84264738c942363798a9dab3a6b51895a7) ( merge request (gitlab-org/gitlab!65669)). Add Pipeline Editor branch selector (gitlab-org/gitlab@13b69f776686e98fa0752c303aebb8c64320c264) ( merge request (gitlab-org/gitlab!61793)). Introduce multiple oncall schedules feature (gitlab
14.0.621 Jul 2021 14:25 minor bugfix: (2021-07-20). ### (4 changes). validation method regarding MIME type keys (gitlab-org/gitlab@2cc6d89cc77368b9472c8ec22e97bb3481409fb3) ( merge request (gitlab-org/gitlab!66403)). Geo: snippet verification by replicating the HEAD ref (gitlab-org/gitlab@4dbf36af8553775603c170784ad8bfcdc436a669) ( merge request (gitlab-org/gitlab!66403)) GitLab Enterprise Edition. LFS objects not downloading with Bitbucket (gitlab-org/gitlab@161776f9a4975dfeb2760b06e83160def902c61f) ( merge request (gitlab-org/gitlab!66403)). Replace Excon with Faraday for requesting object storage (gitlab-org/gitlab@a223d526d5b97f248c8810ef0b968d2c3b0323e0) ( merge request (gitlab-org/gitlab!66403)).
14.0.511 Jul 2021 11:25 minor feature: (2021-07-08). ### (4 changes). Return empty strings for Jira links when URL is not set (gitlab-org/gitlab@6da7890d8137b1879297ad81c6737312d6f672b3) ( merge request (gitlab-org/gitlab!65728)). Add preto autocomplete path (gitlab-org/gitlab@5256ab7db346610a816ebb975ae9a6ce0d853435) ( merge request (gitlab-org/gitlab!65728)). Do not create audit event for failed logins on read-only DB (gitlab-org/gitlab@30c7944ddddfe92566b3f66a7f549bef3ffd8d82) ( merge request (gitlab-org/gitlab!65728)) GitLab Enterprise Edition. git clone for projects with a trailing dot over HTTP (gitlab-org/gitlab@a91be9412a09b069390cc33c14d1bc72216cdbf0) ( merge request (gitlab-org/gitlab!65728)). ### Other (1 change). Initialize conversion of ci_builds_metadata.id for bigint migration (gitlab-org/gitlab@34522b102be43118063aa3245d23af313173700d) ( merge request (gitlab-org/gitlab!65728)).
14.0.307 Jul 2021 06:45 minor bugfix: (2021-07-06). ### (7 changes). deploy keys not working with LFS auth check (gitlab-org/gitlab@134b244c7f59f8a20cb191bc0d2aaa43171f3d6e) ( merge request (gitlab-org/gitlab!65498)). DevOps Adoption - ensure displayNamespaceId is included (gitlab-org/gitlab@1166130f1e6786a8c96735b6518241fb704047b1) ( merge request (gitlab-org/gitlab!65498)) GitLab Enterprise Edition. Geo - state value in the lfs_object_registry table (gitlab-org/gitlab@b6f30299d255949b79d149ee71ee50025ac0c8c2) ( merge request (gitlab-org/gitlab!65498)) GitLab Enterprise Edition. broken Time Tracking Reports on Issuable sidebar (gitlab-org/gitlab@da0b4a92f791a3f621ec8da8e2fbb0ad4e39d399) ( merge request (gitlab-org/gitlab!65498)). where Milestone page led to console error (gitlab-org/gitlab@179948d489ed92f5d8158c23190430e819941a29) ( merge request (gitlab-org/gitlab!65498)). frequent items timestamps not updated (gitlab-org/gitlab@481d4d36252dc91291afe9dacd7d48558878d27f) ( merge request (gitlab-org/gitlab!65498)). pages deployment storage migration (gitlab-org/gitlab@0eab6e579890c557bf97dd48dd6a2a7adaf97358) ( merge request (gitlab-org/gitlab!65498)). ### Changed (2 changes). Geo - Move migration to a pre-deployment migration (gitlab-org/gitlab@84327652855cafe36c574df798322b63d0649561) ( merge request (gitlab-org/gitlab!65498)) GitLab Enterprise Edition. Reintroduce recursive_approach_for_all_projects default-enabled (gitlab-org/gitlab@14b3aa69cad85541ae6b845b346c80d1eaea099b) ( merge request (gitlab-org/gitlab!65498)).
14.0.202 Jul 2021 03:16 minor security: (2021-07-01). ### Added (1 change). Added omniauth_user check when verifying user cap (gitlab-org/security/gitlab@68c5d856fbf83f5f5ade562ea84b6aa06db96c60) ( merge request (gitlab-org/security/gitlab!1501)) GitLab Enterprise Edition. ### Security (14 changes). Update rdoc to 6.3.1 (gitlab-org/security/gitlab@341334cbb2d822f6aa057933934b819c34b87932) ( merge request (gitlab-org/security/gitlab!1533)). Forbid GET requests with mutations (gitlab-org/security/gitlab@895c99b35efa6795fb050bfb4ef4574f3e32a373) ( merge request (gitlab-org/security/gitlab!1528)). Prevent GraphQL API access by deactivated users (gitlab-org/security/gitlab@2dda4163dadc04b59ee3367990b72bee933adf9b) ( merge request (gitlab-org/security/gitlab!1525)). Add sanitizing for name field (gitlab-org/security/gitlab@ecb5a598b87d670906df67ed4432426a375efa05) ( merge request (gitlab-org/security/gitlab!1499)). Copy feature visibility settings to a fork (gitlab-org/security/gitlab@fcc87978b1c865c8bdcb3fc5d8dc221b7370192c) ( merge request (gitlab-org/security/gitlab!1522)). XSS on audit log for feature flag actions (gitlab-org/security/gitlab@94fc41d49e828a6457f1de31f2b239b087679c12) ( merge request (gitlab-org/security/gitlab!1521)). Avoid disclosing project in web IDE (gitlab-org/security/gitlab@9de99878401713bc5f3a76ca85901dc3a9ca0cd8) ( merge request (gitlab-org/security/gitlab!1511)). Sanitize input on pasteGFM (gitlab-org/security/gitlab@7bb97cfa11a11bb0725bc707dec73831e16fe177) ( merge request (gitlab-org/security/gitlab!1514)). merge request diff display with unsupported encoding (gitlab-org/security/gitlab@8c21afdce6c6214c14db1863df1aad80ed501377) ( merge request (gitlab-org/security/gitlab!1509)). deploy key fallback in protected branch (gitlab-org/security/gitlab@a24aa5412a8f1dad01359de6b2f0b66bb741f5d4) ( merge request (gitlab-org/security/gitlab!1508)). Add total http read timeout (gitlab-org/security/gitlab@cf4e0aa0a3f668fb63de6721d062c3157fdd9f84) ( merge request
14.0.125 Jun 2021 06:05 minor feature: (2021-06-24). ### (3 changes). Remove add button from Devops Adoption (gitlab-org/gitlab@1c60bdf5daf64f10f001eeb5134f08a53a148d90) ( merge request (gitlab-org/gitlab!64764)) GitLab Enterprise Edition. DevOps Adoption - ensure displayNamespaceId is included (gitlab-org/gitlab@9eb7cd5212cfc19f4cd6578c8e4afc7b4da27eab) ( merge request (gitlab-org/gitlab!64764)) GitLab Enterprise Edition. Add Helm-2to3.gitlab-ci.yml to Auto DevOps (gitlab-org/gitlab@61ac7f46b06fcf151be62407dc0837a44843800e) ( merge request (gitlab-org/gitlab!64764)).
14.0.022 Jun 2021 03:16 major feature: (2021-06-21). ### Added (116 changes). Add Packages::Helm::ProcessFileService (gitlab-org/gitlab@dae2f102ec92a656eb56a753fa7dc625e3489ae3) ( merge request (gitlab-org/gitlab!62760)). Add unique index for Helm packages (gitlab-org/gitlab@cb08762e7c878e3dd0a1ca9f922f387f8b8e453a) ( merge request (gitlab-org/gitlab!62760)). Disable policies linked to no container repositories (gitlab-org/gitlab@120e0486368cff65da3782de377c82ec47a0b28e) ( merge request (gitlab-org/gitlab!62461)). Allow storing detection_method in vulnerability findings (gitlab-org/gitlab@e2a66be7a2b5d3f14c3698e0c74214b4164c0b9c) ( merge request (gitlab-org/gitlab!63989)). Expose `humanTimeEstimate` `humanTotalTimeSpent` (gitlab-org/gitlab@4d078467643f9d3c48e43b18c706bb42746b9434) ( merge request (gitlab-org/gitlab!64081)). Make max diff files and max diff lines configurable (gitlab-org/gitlab@3e26e2528384efcd6e1b0b2e28c6aca687a23d6a) ( merge request (gitlab-org/gitlab!56722)). Add GraphQL endpoint to list agent configurations (via KAS) (gitlab-org/gitlab@d91cbf733ddbb6b9369efe1fecdb8b6fce6384ee) ( merge request (gitlab-org/gitlab!62646)) GitLab Enterprise Edition. Add checkbox in group settings for prevent sharing outside hierarchy (gitlab-org/gitlab@86eb11f2523f441f9a97f69c950816596208b0ab) ( merge request (gitlab-org/gitlab!63810)). Add "Enterprise" badge to users that are provisioned via SAML/SCIM (gitlab-org/gitlab@5f961f652a202d7dcbe872d827a48eb0e2bfd17b) ( merge request (gitlab-org/gitlab!63474)) GitLab Enterprise Edition. Update Bulk Import state more accurately (gitlab-org/gitlab@cea74ea42d4464c30ff39ca929b2bdadcb7083de) ( merge request (gitlab-org/gitlab!63883)). Enable DB Load-balancer flag USE_NEW_LOAD_BALANCER_QUERY by default (gitlab-org/gitlab@b44a37ba10472f7797867b988e41f7548c093e02) ( merge request (gitlab-org/gitlab!63910)). Allow toggle job_token_scope_enabled via GraphQL (gitlab-org/gitlab@3ca540c424d26e8f9cad16f846a7ca4366cd74b1) ( merge request (gitlab-o
13.12.415 Jun 2021 03:16 minor bugfix: (2021-06-14). ### (3 changes). Add alias method usage_ping_enabled? (gitlab-org/gitlab@eb8755115a2a7045b6291171aaa0c7ae76f43fec) ( merge request (gitlab-org/gitlab!63974)). MR diff compare with previous version (gitlab-org/gitlab@96d4df8bb4eb5f148e4dabcc4c3eea88ad27cbc3) ( merge request (gitlab-org/gitlab!63974)). double render in project's git URL redirect (gitlab-org/gitlab@be4059b7a5cddd2e70fa760d8935b1d170068759) (merge request).
13.12.308 Jun 2021 11:05 minor feature: (2021-06-07). ### Added (1 change). Add an option to expose description_html in Release API (gitlab-org/gitlab@47f3fba10dfa82c65b6b006d56cc1724aac411eb) ( merge request (gitlab-org/gitlab!63393)). ### (5 changes). spam detection with Akismet client (gitlab-org/gitlab@75dbe8d017ed691d0517f0a6ca7b9bdd866fa9d9) ( merge request (gitlab-org/gitlab!63393)). Set CSP back to disabled by default (gitlab-org/gitlab@f8f2dbf229693e20171185ae8e31fd59ce2131b3) ( merge request (gitlab-org/gitlab!63393)). CSP related to captchas (gitlab-org/gitlab@cec54814460994ea40311f1091fb7f091d04964f) ( merge request (gitlab-org/gitlab!63393)). with frames not loading in Safari (gitlab-org/gitlab@77b9355f244370b1c184943581f3b6cc27495931) ( merge request (gitlab-org/gitlab!63393)). Catch PgQuery::ParseError errors and log as-is (gitlab-org/gitlab@a4f36df3701208b5d015e1e818f3d5be3577697a) ( merge request (gitlab-org/gitlab!62795)). ### Changed (1 change). Improve SSH key expiration warning emails (gitlab-org/gitlab@2e3929503046ab1da5635ef295321ce08843f937) ( merge request (gitlab-org/gitlab!63393)).
13.12.126 May 2021 03:16 minor bugfix: (2021-05-25). ### (3 changes). Merge branch '/pin-gke-version-to-1-18' into 'master' (gitlab-org/gitlab@44de5542ca82b371ed280db9ce03e0c4d4bd6135) ( merge request (gitlab-org/gitlab!62466)). Merge branch '331562--pipeline-security-tab-scanner-filter' into 'master' (gitlab-org/gitlab@1d70bf2efd574537d73b5fd80f92fd8dd939980b) ( merge request (gitlab-org/gitlab!62466)). Update Gitaly's binary path in init.d scripts (gitlab-org/gitlab@0761e78434dbfa120c8ae14263bfe77f9ae48c71) ( merge request (gitlab-org/gitlab!62457)).
13.12.022 May 2021 03:16 major feature: (2021-05-22). ### Security (3 changes). Prevent DOS from Chaining in Mermaid. !60382. Report pipeline creation success only when warranted. !60746. XSS vulnerability in shared runner description. !60891. ### Removed (10 changes, 2 of them are from the community). Delete feature flag for usage_data_a_compliance_audit_events_api. !52947. Remove feature flag api_always_use_application_json. !56777. Remove unneeded index on packages_debian_ project,group _architectures.distribution_id. !59615 (Mathieu Parent). Delete HipChat service database records. !59769. Set Hipchat metric definitions status to removed. !59779. Remove Legacy Group-Level DORA metrics API. !59858. Remove Alerts service metric. !60149. Remove description_html field from Release Rest API. !61327. Removes multiple_cache_per_job feature flag and associated code. (Laura Montemayor). Remove support for WIP in merge request title toggle. ### (108 changes, 32 of them are from the community). Add warning when locally stored description is out of date. !29438. Disable unsupported task items in Markdown tables. !46060. Flush statistics cache anytime it is updated. !52938. Return an HTML response for a request with the Accept */ header. !56288. Resolve offense Performance/Count. !57007 (Shubham Kumar). Don't show due dates in red if the is. !57647. Rails/SaveBang Rubocop offenses for wiki_page models. !57899. Rails/SaveBang rubocop offenses in spec/frontend. !57909. Rails/SaveBang rubocop offenses in spec/graphql. !57912. Resolve RuboCop offenses for Style/RedundantRegexpCharacterClass. !57914. rubocop offenses Style/RescueStandardError. !57923 (Shubham Kumar). Resolves rubocop offense Style/RedundantFileExtensionInRequire. !57963 (Shubham Kumar). Rails/SaveBang Rubocop offenses for project related models. !57983. Rails/SaveBang Rubocop offenses for member models. !57994. Resolves offenses Style/RaiseArgs. !58009. Resolves offenses Style/RedundantBegin. !58017 (Shubham Kumar)
13.11.415 May 2021 03:16 minor bugfix: (2021-05-14). ### (3 changes). N+1 SQL queries in PipelinesController#show. !60794. Omit trailing slash when proxying pre-authorized routes with no suf. !61638. Omit trailing slash when checking allowed requests in the read-only middleware. !61641.
13.11.304 May 2021 10:25 minor bugfix: (2021-04-30). ### (1 change). Instance-level Project Integration Management page for GitLab FOSS. !60354.
13.11.230 Apr 2021 07:05 minor security: (2021-04-27). ### Security (5 changes). Prevent tokens with only read_api scope from executing mutations. Do not allow deploy tokens in the dependency proxy authentication service. Disable keyset pagination for branches by default. Bump Carrierwave gem to v1.3.2. Restrict setting system_note_timestamp to owners.
13.11.126 Apr 2021 13:05 minor feature: (2021-04-22). ### Changed (1 change). Change unsubscribe language for email campaign on self managed. !59121. ### Added (1 change). Add documentation about Pages deployment migration. !59475.
13.11.022 Apr 2021 16:25 major bugfix: (2021-04-22). ### Security (3 changes). Update to Rails v6.0.3.6. !59328. Update mermaid to version 8.9.2. Allow to disable exiftool depending on env variable. ### Removed (10 changes, 1 of them is from the community). Redirect deprecated pipeline routes. !53990. Remove CI lint button from Jobs page nav. !56854. Remove graphql_individual_release_page feature flag. !56882. Remove deprecated repository archive routes. !57236. Remove add modal from boards (this has been disabled since 13.6). !57329. Remove unused feature flag ':roadmap_buffered_rendering'. !57486. Remove HipChat integration from frontend and docs. !57556. Remove temporary index from vulnerabilities table. !57656. Remove unused feature flag checks. !58469. Remove ability to create new service templates. !58624. ### (175 changes, 90 of them are from the community). Update gatsby project template to address the pipeline failure. !37410 (Takuya Noguchi). an where the link commit message did not end with a newline. !49086 (Kazuya Kojima). Partially incorrect icons for non-standard license files. !53207. Add language- preto CSS class of markdown code blocks. !55076 (Camil Staps). Filter out pipelines that were excluded in the relation scope in Ci::Pipeline#latest_pipeline_per_commit. !55657. mermaid diagrams in dark mode. !56183. Catch network errors. !56457 (Shubham Kumar). the Maven sync worker to not fail if the versionless package is not found. !56514. `#current_authenticated_job` when used with `.authenticate_with` in Grape APIs. !56564. Move graphql timelogs to CE. !56633. in wiki link rewriter filter. !56636. in Gollum Tags filter. !56638. derivation of effective permissions (access level) of group members. !56677. word wrapping in parallel diffs. !56713. Don't label select box on click if only mouseup outside. !56721. reference widget icon and text spacing. !56759. test report merge request widget summary and alignment. !56768. artifacts section from showing up
13.10.315 Apr 2021 13:25 minor security: (2021-04-13). ### Security (3 changes). Check image content type before running exiftool in workhorse. Clean only legitimate JPG and TIFF files. Update ruby-saml and rexml gems.
13.10.205 Apr 2021 08:45 minor feature: (2021-04-01). ### (1 change). Rendering of the image blobs. !57479. ### Added (1 change). Improve performance for composer v2 clients. !55169.
13.10.101 Apr 2021 11:45 minor feature: (2021-03-31). ### Security (6 changes). Leave pool repository on fork unlinking. XSS in merge requests sidebar. arbitrary read/write in AsciiDoctor and Kroki gems. Prevent infinite loop when checking if collaboration is allowed. Disable arbitrary URI and file reads in JSON validator. Require POST request to trigger system hooks. ### Removed (1 change). Make HipChat project service do nothing. !57434. ### Other (3 changes). Remove direct mimemagic dependency. !57387. Refactor MimeMagic calls to new MimeType class. !57421. Switch to using a fake mimemagic gem. !57443.
13.10.018 Mar 2021 07:45 major feature: (2021-03-22). ### Security (3 changes). Workhorse: prevent escaped router path traversal. Workhorse: Stop logging when path is excluded. Patch Kramdown syntax highlighter gem. ### Removed (2 changes). Remove Remove from board button from board sidebar. !53946. Remove workaround for icon loading in Chrome 84. !56114. ### (99 changes, 23 of them are from the community). button alignment in design management header. !48003. Updated UI text to match style guidelines. !50383. Don't auto suggest select boxes on click if only the mouseup (but not the mousedown) event happened outside the box. !51139. Auto DevOps deploys that use a default branch that's not named 'master'. !53280. Correct job artifacts API download for expired and locked files. !53567 (Fabio Huser). project import error occurring due to default visibility. !53827. relative URL with composer package. !53918. Cleanup incorrect data in projects.has_external__tracker. !53936. not skipped manual and delayed DAG jobs. !54073. Skip orphaned pool repositories on restore. !54112. Add space next to icons in epic list. !54138 (Yogi). Render version dropdowns in MR changes view above tab navbar. !54159. Do not show button to resolve discussion opening an when are disabled. !54263. Hide count and link in project list for projects with disabled. !54275. Handle GlobalIDs with invalid resource names. !54290. overflowing width - at mention container. !54377. Update k8s version for EKS cluster. !54389. React to new DOM nodes being added to the page to bind the user information popover to them. !54411. move create_release_evidence sidekiq queue out of the cronjob namespace. !54432. copy to clipboard tooltip button. !54472. bold text mismatch in MR menu. !54531. Wrap long code lines in markdown. !54540. Hide repeated trial offers on self-hosted instances. !54550. when snippet blobs array contain a nil value. !54552. the npm instance level API to exclude subgroups. !54554. the value of
13.9.309 Mar 2021 10:25 minor bugfix: (2021-03-08). ### (4 changes). Upgrade gitlab-shell to v13.17.0. !55295. Update Kroki to Wavedrom graphs. !55659. disabling of Kroki optional formats. !55665. Rename asset_proxy_allowlist column. !55884.
13.9.205 Mar 2021 11:05 minor security: (2021-03-04). ### Security (6 changes). Bump thrift gem to 0.14.0. Allow only owners to manage group variables. Do not store marshalled sessions ids in Redis. XSS in wiki author email and name. Workhorse: prevent escaped router path traversal. XSS vulnerability for swagger file viewer.
13.9.124 Feb 2021 20:05 minor bugfix: (2021-02-23). ### (6 changes, 1 of them is from the community). Send SIGINT instead of SIGQUIT to puma. !54446. Reset description template names cache key to reload an updated templates structure. !54614. Restore missing horizontal scrollbar on boards. !54634. keep latest artifacts checkbox being always disabled. !54669. Metric tab not showing up on operations page. !54736. S3 object storage failing when endpoint is not specified. !54868. ### Changed (1 change). Updates authorization for linting endpoint. !54492. ### Performance (1 change). N+1 SQL regression in exporting to CSV. !54287. ### Other (1 change). creating the idx_on__where_service_desk_reply_to_is_not_null index before the post migration. !54346.
13.9.021 Feb 2021 02:25 major feature: (2021-02-22). ### Security (1 change). Add token_with_iv table. ### Removed (4 changes). Remove implicit FF check on `Featurable`. !52223. Remove merge_request_reviewers feature flag. !52468. Removed unused Text dropdown. !53464. Remove legacy alerts service data and table. !53534. ### (131 changes, 29 of them are from the community). Allow to retrieve all jobs for a given pipeline. !48589 (Alexander Kutelev). Include submodule information for files in diff metadata. !50346. "Stay on Page" alert showing in empty snippet. !50400. Add css to fluid layout for index file. !50626. Make System OAuth app index table responsive and externalize text. !50979. Prevent long variable names from overflowing the popover in CI/CD settings. !51018. long CI variable name overflows on origin. !51021. breadcrumb dropdown on mobile being too narrow. !51092. Show correct ref name in code coverage statistics header. !51385 (Andreas Schmidt). Change Jira Connect update sequence id to use Unix Time. !51697. batch query when primary key is -1. !51716. Allow versionless maven-metadata.xml file duplicates even when maven duplicates are disabled. !51758. comment form dropdown check alignment. !51787. Schedule artifact expiry date backfill background jobs. !51822. alignment and font in project operations settings page. !51825 (Yogi). broken testsuite link if the suite contains a dot. !51828. Move Social connect button to new GitLab UI. !51835 (Yogi). border bottom color collapsed replies. !51871 (Yogi). alignment of chevron-down icon in toggle replies. !51872 (Yogi). Remove container_class in project activity which removes extra padding. !51878 (Yogi). Add btn-default to MR edit button. !51879 (Yogi). Remove duplicates from related_commit_sha query. !51888. Add btn-default class to button in project breadcrumb. !51910 (Yogi). top border-radius of the login box. !51950 (Yogi). Improve duplication validation on Release Links. !51951. Update Project/Group Exp
13.8.412 Feb 2021 07:05 minor security: (2021-02-11). ### Security (9 changes). Cancel running and pending jobs when a project is deleted. !1220. Prevent Denial of Service Attack on gitlab-shell. Prevent exposure of confidential titles in file browser. Updates authorization for linting API. Check user access on API merge request read actions. Limit daily invitations to groups and projects. Enforce the analytics enabled project setting for project-level analytics features. Perform SSL verification for FortiTokenCloud Integration. Prevent Server-side Request Forgery for Prometheus when secured by Google IAP.
13.8.306 Feb 2021 12:25 minor bugfix: (2021-02-05). ### (2 changes). Revert multipart URL optimization for AWS S3. !52561. Regression with old wiki image uploads. !52656.
13.8.202 Feb 2021 04:45 minor feature: (2021-02-01). ### Security (5 changes). Filter sensitive GraphQL variables from logs. Avoid exposing release links when the user cannot read git-tag/repository. Sanitize target branch on MR page. DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting. Add routes for unmatched url for not-get requests.
13.8.127 Jan 2021 22:05 minor bugfix: (2021-01-26). ### (3 changes). Cancel artifact expiry backfill background jobs. !51821. LFS not working with S3 specific-storage settings. !52296. missing setting LDAP servers. !52512.
13.8.022 Jan 2021 13:25 major feature: (2021-01-22). ### Security (4 changes, 1 of them is from the community). The NuGet endpoints will no longer ignore an invalid username when a personal access token or deploy token is passed via HTTP Basic authentication. !38627 (Ethan Reesor). Update WEBrick to v1.6.1. !50720. Prevent user-defined variables from being used by non-maintainers. !51682. Upgrade Workhorse to 8.58.2. ### Removed (2 changes). Drop group_id column from compliance_management_frameworks table. !50829. Remove deprecated generic alert integration in favor of HTTP Integrations. !50913. ### (91 changes, 35 of them are from the community). Deduplicate labels with identical title and group. !37148. Remove diff display preferences and file tree from changes empty state. !43467. Upgrade to Grape v1.5.0. !44554. database timeout errors when removing expired job artifacts. !47496. Return release milestones in predictable order. !47700. multiple simultaneous requests for vulnerabilities on pipeline security tab. !48426. Remove duplicate service records. !49463. Add LaTeX support for Jupyter Notebooks. !49497. confusing button text when importing from GitHub. !49684. identicon text color in dark mode. !49785. installation of Knative under Helm 3. !49843. Hide inoperable group search Releases filter. !50010. visibility level validation for deep nested forks. !50081. Change type of CiJob.needs. !50192. Handle git errors when cleaning up MR refs. !50250. over-eagerly updating Web IDE Live Preview. !50255. Persist updated_at value in state change events. !50272. Enlarge the timeline toggle button. !50284. Hide "Actions" label on group members view if no action buttons exist. !50304. with snippets in HEAD when default branch is not master. !50366. Add project scope to ci clint graphql endpoint. !50418. the graphQL type for container repository tags. !50419. Allow more actions on group members. !50445. Don't allow filtering by release tag on groups. !50457. Flash transf
13.7.312 Jan 2021 03:18 minor bugfix: (2021-01-08). ### (7 changes). Canary Ingress weight is not reflected on UI immediately. !50246. Change pages deployments size to bigint. !50262. Viewing container repositories with tags with corrupted manifest. !50362. The graphQL type for container repository tags. !50419. (eetrialbanner): EE trial banner to allow dismiss. !50436. Update Helm 2 version to 2.17.0. !50547. Project access token regression. !50800.
13.7.208 Jan 2021 19:25 minor bugfix: (2021-01-07). ### Security (7 changes). Forbid public cache for private repos. Deny implicit flow for confidential apps. Update NuGet regular expression to protect against ReDoS. regular expression backtracking in package name validation. stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages. Update trusted OAuth applications to set them as confidential. Upgrade Workhorse to 8.58.2.
13.7.022 Dec 2020 07:05 major feature: (2020-12-22). ### Security (1 change). regular expression backtracking in custom emoji name validation. ### Removed (2 changes, 1 of them is from the community). Remove Google Code importer. !48139 (Getulio Valentin Sánchez). Remove release notes from Tags page. !49979. ### (109 changes, 7 of them are from the community). Update user mentions when markdown columns are directly saved to DB. !38034. Retain spinner when applying MR suggestions. !46203. Skipped jobs no longer trigger a cancelled deployment. !46614. Catch wiki timeouts when rendering pages. !46627. single file snippets display for Geo secondary sites. !46812. Jira Connect styles not loaded when startup_css is enabled. !47043. Add migration that updated users that don't need to have 2fa established. !47193. project integration form validation when integration is inactive. !47201. project access token build authentication error. !47247. Support S3 server side encryption in CI cloud native job logs. !47536. repository clone panel for wikis. !47676. Hide Mark as draft button in a merged MR even on mobile. !47678 (Takuya Noguchi). Eliminate N+1 performance in MergeRequest.pipelines in GraphQL API. !47784. Add cascade delete foreign key to web_hooks on service_id without validation. !47821. Implement passing dotenv variables to bridge jobs. !47905. Allow canceling all pipelines with auto-cancel. !47906. error in Issuable::ImportCsv::BaseService when CSV file is empty. !47918. editing labels on the swimlanes sidebar. !47946. Scroll exactly to the top of a discussion on the MR Overview tab. !47970. Search page: empty results status. !48034. Move fuzz license check to.pre stage. !48076. Add link in Access Request API. !48081 (jimcser). Add gitlab:db:active task. !48083. overscroll for MR diffs in mobile view. !48091. incorrect line height in file header. !48117. Repopulate historical vulnerability statistics. !48128. image diff comments positioning. !48132. Manually trigge
13.6.312 Dec 2020 12:05 minor bugfix: (2020-12-10). ### (5 changes). error 500s creating projects concurrently. !48571. container_registry url for relative urls. !48661. Resolve Members page 500 error after Invitation sent via API. !48937. Add different string encoding method in rack middleware. !49044. MR rendering when user is tool admin and not project member. !49258. ### Changed (1 change). Update Rake check and docs to require Ruby 2.7. !48552.
13.6.208 Dec 2020 07:25 minor bugfix: (2020-12-07). ### Security (10 changes). Validate zoom links to start with https only. !1055. Require at least 3 characters when searching for project in the Explore page. Do not show emails of users in confirmation page. Forbid setting a gitlabUserList strategy to a list from another project. mermaid resource consumption in GFM fields. Ensure group and project memberships are not leaked via API for users with private profiles. GraphQL User: do not expose email if set to private. Filter search parameter to prevent data leaks. Do not expose starred projects of users with private profile via API. Do not show starred contributed projects of users with private profile.
13.6.125 Nov 2020 06:45 minor bugfix: (2020-11-23). ### (5 changes). Project transfer corrupting shared runners state. !48032. Project select split button. !48065. Tags pages erroring for projects with private pipelines. !48184. Ensure Alerts list loads when only HTTP integrations are enabled. !48247. Does not track package events on a read-only instance. !48257. ### Changed (1 change). Re-name Instance Statistics as Usage Trends. !48183.
13.6.021 Nov 2020 03:45 major feature: (2020-11-22). ### Removed (3 changes). Removed ACE editor from the codebase. !46420. Remove storage limit column from application settings. !46676. Remove the ability to resole individual notes. !46775. ### (140 changes, 11 of them are from the community). rendering of markdown headings and floated images. !25442 (Gwen_). release assets link redirection. !35381. chatbot replies not including job log. !42010. Show tar warning message when file/folder changed during backup instead of failing whole backup operation. !42197. Remove default EKS Region dropdown in cluster create form. !43017. Remove all records from `security_findings` table. !44312. Add `position` column into security_findings table. !44815. Render script newlines in CI Lint view. !45087 (Nejc Habjan). a race condition checking whether a project is read-only. !45160. Limit number of times a background migration is rescheduled. !45298. Improve project labels page card layout consistency. !45311. Do not convert unicode versions of trademark, copyright, and registered trademark to emoji. !45457. Gracefully recover from deleted LFS file. !45459. Bad Escape in Board Empty State. !45465. Update cluster applications CI template to 0.34.1. !45487. multi line comment options in parallel mode. !45557. Removed not equal filter option for drafts on merge requests. !45649. target branch not filtering. !45652. Merge Request "Edit in Web IDE" dropdown link on MR diffs page. !45653. Handle malformed strings in URL. !45701. Reset the pagination cursor when a search result filter changes. !45708. aria label on IDE tab button. !45709. danger-secondary button in the Web IDE dark theme. !45714. Removes the hamburger icon in the Changes tab in Web IDE. !45717. exception when saving Jira integration info for an instance. !45718. Make sure the http_requests_total and http_request_duration_seconds metrics are not empty on application start. !45755. Configure CSP for displaying Youtube videos i
13.5.414 Nov 2020 13:05 minor bugfix: (2020-11-13). ### (4 changes). Vue Labels Select dropdown keyboard scroll. !43874. Hashed Storage: make migration and rollback resilient to exceptions. !46178. compliance framework database migration on CE instances. !46761. Resolve problem when namespace_settings were not created for groups created via admin panel. !46875.
13.5.307 Nov 2020 04:05 minor feature: (2020-11-03). ### (3 changes). IDE with special characters. !46398. Ensure that copy to clipboard button is visible. !46466. Auto Deploy: for fetching other charts from stable repo. !46531. ### Added (1 change). Add environment variables to override backup/restore DB settings. !45855.
13.5.203 Nov 2020 16:45 minor security: (2020-11-02). ### Security (9 changes). Add CSRF protection to runner pause and resume. !1021. Do not expose Terraform state record in API. Path traversal to RCE via LFS upload. Update container_repository_name_regex to prevent catastrophic backtracking. Validate nuget package names. Prevent private repo from being accessed via internal Kubernetes API. Validate each upload param key in multipart.rb. XSS vulnerability for job build dependencies. unauthorized user is able to access schedule pipeline variables and values.
13.5.022 Oct 2020 11:25 major feature: (2020-10-22). ### Security (1 change). Update GitLab Runner Helm Chart to 0.21.1. ### Removed (3 changes, 2 of them are from the community). Drop Iglu registry URL column. !42939. Remove coverage_report_view feature flag. !43711. Remove release_evidence_collection feature flag. !44234. ### (118 changes, 9 of them are from the community). Include builds from child pipelines in latest sucessful build for ref/sha. !29710. branches_to_be_notified API param for hangouts chat service. !35599. Add empty dependencies value to ECS Deploy job. !36862. with optional merge requests approval in CE. !42119 (Pavel Kuznetsov). type of SentryErrorType global ID. !42185. Remove linux arch only rule for coverage fuzzing. !42316. Do not show retried builds in the MR code coverage. !42402. Does not refresh project/snippet statistics on a read-only instance. !42417. Rendering trailing slash in reference links (). !42484. Remove retry icon on failed job if merge pipeline. !42495. Designs: return an error if uploading designs with duplicate names. !42514 (Sushil Khanchi). Unit Test Report: icon for errored status. !42540. Copy designs to when an with designs is moved. !42548. triggering multiple children pipeline with the same artifact. !42595. caret sizes in navigation. !42605. Revert required encryption on CI runner tokens. !42623. Markdown "Preview" tab on New/Edit Release and New Snippet pages. !42640. a causing 'Missing author note' to be added to notes for mapped users when importing project using GitLab Import. !42648. Hides batch suggestions button if there is only 1 suggestion. !42681. GraphQL token authentication when installed under a relative URL. !42706. Update pipeline failed notification e-mail warning. !42736. clickable width of release asset links. !42757. size of edit button on releases page. !42779. Move before_script into script for CQ template. !42782. Resolve Error when quickly reordering designs. !42818. Eliminate extra spacing
13.4.416 Oct 2020 15:45 minor feature: (2020-10-15). ### (2 changes). rollback portion of migration that adds temporary index for container scanning findings. !44593. Improve merge error when pre-receive hooks fail in fast-forward merge. !44843. ### Other (1 change). Revert 42465 and 42343: Expanded collapsed diff files. !43361.
13.4.307 Oct 2020 21:45 minor bugfix: (2020-10-06). ### (3 changes). Exclude 2FA from upload#show routes and 404s. !42784. Use create_wiki method on ensure_wiki_exists in update_service. !42910. Large backups not working with Azure Blob storage. !44233.
13.4.022 Sep 2020 15:05 major bugfix: (2020-09-22). ### Security (2 changes, 1 of them is from the community). Update lodash to 4.17.20. !41036 (Takuya Noguchi). Update GitLab Runner Helm Chart to 0.20.1. ### Removed (6 changes, 1 of them is from the community). Remove secret_detection job from vendored SAST CI template. !40028. Remove Docker-in-Docker mode from Dependency Scanning documentation. !40631. Removes unused classes on initial Ci::Ref implementation. !41077. Drop Docker-in-Docker mode for SAST and Dependency Scanning. !41260. Remove application settings for Snowplow iglu registry url. !41556. Remove Value Stream Total stage. !42345. ### (160 changes, 41 of them are from the community). Conditionally render the packages scopes in deploy token settings. !35334. advanced filters in log explorer view for gitlab managed applications. !37926. RegExp for dotenv report artifact. !38562. composer 404 with http auth. !38641. Update EKS Kubernetes versions. !38644. skipped status of DAG pipelines. !39205. wrong MR pipeline link when FF-merge strategy is used. !39396. Include also inherited project members in GraphQL API. !39444. Refactor spec/support/shared_examples/services/ and ee/spec/support/shared_examples/services/ to Rails/SaveBang Cop. !39538 (Rajendra Kadam). Removes extra spaces on MR/Epic tabs-containers on mobile. !39549 (Takuya Noguchi). Milestone Dashboard: Move Gray Type Badge Next to the Milestone Title. !39617. GraphQL file uploads accepting non-file input. !39763. Metrics dashboard embeds when using new URLs. !39876. Respect original visibility for instrumented methods. !39951. Take relative_url_path into account when building URLs in snippets. !39960. non-retrying bridges after retried builds in CI pipelines. !39989. Support X-Envelope-To header as a location for Service Desk key. !40001. where conan does not properly check package channel when returning file download urls. !40029. example within file_hooks documentation. !40071 (Roger Meier). miss
13.3.404 Sep 2020 02:05 minor security: (2020-09-02). ### Security (1 change). Protect OAuth endpoints from brute force/password stuffing.
13.3.229 Aug 2020 11:25 minor bugfix: (2020-08-28). ### Removed (1 change). Display upcoming database deprecation warning only if current database version minimum is not met. !38225. ### (5 changes). Race condition in concurrent backups. !39894. Prevent accidental group deletion if path rename fails. !40353. Snippet save button disabled with empty file path. !40412. Exception handling when a concurrent backup fails. !40451. Scope incident counts by given project or group. !40700.
13.3.023 Aug 2020 09:45 major feature: (2020-08-22). ### Security (2 changes). Improve path traversal validation checks. !33114. Update GitLab Runner Helm Chart to 0.19.2. ### Removed (3 changes). Remove Internet Explorer 11 from babel transpilation. !36840. Remove namespace storage limit setting. !38108. Geo: Drop tables related to vulnerability export replication. !38299. ### (116 changes, 14 of them are from the community). filter by releases at group and merge requests search bar. !26740 (Gilang Gumilar). Disable commenting on lines in files that were or are symlinks or replace or are replaced by symlinks. !35371. icon alignment on board cards. !35710 (carolcarvalhosa). Make Add metrics button visible on self monitoring dashboard. !36169. Keep large spinner while MR file tree is loading. !36446. : Child pipelines are not found by API endpoints. !36494. Show relevant error messages when failing to match a CI job entry. !36536. Don t show icon on flash warning. !36581. Updates to file table in package details UI. !36723 (Adam Alvis). Add graceful timeout handling for analytics. !36811. Resolve Pasting an image into a comment also uploads design. !37171. release evidence sometimes not being collected. !37184. editing note throws js error. !37216. merge request approvals for EE without a license. !37246. ops settings titles. !37259. Refactor all factories to SaveBang Cop. !37268 (Rajendra Kadam). Resolve Anchor tags to Designs is not working. !37307. content validation for existing wiki pages. !37310. Alert management list spacing. !37320. with blank keyset pagination parameters. !37351. Remove dashed border on designs hover. !37375. CSV downloads for multiple series in the same chart. !37377. Pypi and Nuget Storage Statistics. !37386. Display files in tab counter same as diff stats. !37390. vertical alignment of design management toolbar buttons. !37398. Allow LFS to be enabled in project settings even when Repository is disabled. !37401. Update MRs on push. !374
13.2.412 Aug 2020 19:25 minor feature: (2020-08-11). ### Security (1 change). Add decompressed archive size validation on Project/Group Import. !38736. ### (1 change). Automatic creation via Prometheus alerts. !37884.
13.2.306 Aug 2020 22:05 minor security: (2020-08-05). ### Security (12 changes). Update kramdown gem to version 2.3.0. Enforce 2FA on Doorkeeper controllers. Revoke OAuth grants when a user revokes an application. Refresh project authorizations when transferring groups. Stop excess logs from failure to send invite email when group no longer exists. Verify confirmed email for OAuth Authorize POST endpoint. XSS in Markdown reference tooltips. XSS in milestone tooltips. xss vulnerability on jobs view. Block 40-character hexadecimal branches. Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled. Update GitLab Runner Helm Chart to 0.18.2.
13.2.230 Jul 2020 10:25 minor feature: (2020-07-29). ### (3 changes). Coerce repository_storages_weighted, removes repository_storages. !36376. JiraImportUsersInput startAt field. !37492. Provide better git error message when the user is unconfirmed. !37944. ### Changed (1 change). Skip mass unconfirming users when send_user_confirmation_email setting is off. !38024.
13.2.022 Jul 2020 11:05 major feature: (2020-07-22). ### Security (3 changes). Unconfirm wrongfully verified email addresses and user accounts. !35492. Make logrotate run as git user for source installations. !35519. Replace misleading text in re-confirmation emails. !36634. ### Removed (7 changes, 2 of them are from the community). Remove deprecated dashboard group milestone pages. !13237. Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna). Remove all search autocomplete for groups/projects/other. !31187. Remove temporary datepicker position as it is no longer required. !31836 (Arun Kumar Mohan). Remove the ability to customize the title and description of some integrations (zilla, Custom Tracker, Redmine, and YouTrack). !33298. Drop deprecated _ANALYZER_IMAGE_PRE. !34325. Remove Internet Explorer 11 specific polyfills. !36830. ### (300 changes, 79 of them are from the community). Remove broken hyperlink from and reopen button. !22220 (Lee t). 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan). back button when switching MR tabs. !29862 (Lee t). Remove ability to scroll while in Design View. !29881. merge request note label URLs. !30428 (Lee t). default path when creating project from group template. !30597 (Lee t). that prevented k8s authentication with intermediate certificates. !31254 (Abdelrahman Mohamed). group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta). issuable listings with any label filter. !31729. Move prepend to last in ee-app-services. !31838 (Rajendra Kadam). Fallback to lowest visibility level in snippet visibility radio. !31847. Add class stubs and leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam). Remove usage of spam constants in spec. !31959 (Rajendra Kadam). leaky constant in uninstall progress service check. !32036 (Rajendra Kadam). leaky constant in commit entity spec. !32039 (Rajendra Kadam). leaky constant in task completion status spec
13.1.202 Jul 2020 07:25 minor security: (2020-07-01). ### Security (18 changes). Update xterm js dependency to latest stable 3.x version. Do not show activity for users with private profiles. stored XSS in markdown renderer. Upgrade swagger-ui to solve XSS. group deploy token API authorizations. Check access when sending TODOs related to merge requests. Change from hybrid to JSON cookies serializer. Prevent XSS in group name validations. Disable caching for wiki attachments. Disable Github Importer API by settings. null byte error in upload path. Update permissions for time tracking endpoints. Add snippet repository validation after bundle import. Update Kaminari gem. note author name rendering. Sanitize bitbucket repo urls to mitigate XSS. Stored XSS on the Error Tracking page. security when rendering issuable.
13.1.124 Jun 2020 13:05 minor bugfix: (2020-06-23). ### (4 changes). Missing templating vars set from URL in metrics dashboard. !34668. Edit status dropdown overflow. !34847. Load user before logging git http-requests. !34923. Do not mask key comments for DeployKeys. !35014. ### Added (1 change). Periodically recompute project authorizations. !34071.
13.0.407 Jun 2020 03:05 minor security: (2020-06-03). ### Security (1 change). Prevent fetching repository code with unauthorized ci token.
13.0.302 Jun 2020 18:05 minor bugfix: (2020-05-29). ### (8 changes, 1 of them is from the community). redirection to project snippets. !32530. Geo replication for design thumbnails. !32703. s downloading build artifacts. !32741. Auto DevOps manual rollout jobs not being allowed to fail. !32865. Update deprecated routes in irker integration. !32923 (Marc Jeanmougin). Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062. and MR API performance regression when Markdown cache is stale. !33235. when user created the. !33294.
13.0.129 May 2020 10:45 minor feature: (2020-05-27). ### Security (12 changes). Add an extra validation to Static Site Editor payload. Hide EKS secret key in admin integrations settings. Added data integrity check before updating a deploy key. Display only verified emails on notifications and profile page. Require confirmed email address for GitLab OAuth authentication. Kubernetes cluster details page no longer exposes Service Token. confirming unverified emails with soft email confirmation flow enabled. Disallow user to control PUT request using mermaid markdown in description. Check forked project permissions before allowing fork. Limit memory footprint of a command that generates ZIP artifacts metadata. file enuming using Group Import. Prevent XSS in the monitoring dashboard.
13.0.025 May 2020 21:45 major feature: (2020-05-22). ### Removed (20 changes, 5 of them are from the community). Remove project routes that were deprecated before 12.1. !26808. Drop x-y-stable version pinning for Secure templates. !29603. Remove logs from the admin pages. !30485. Remove deprecated /admin/application_settings redirect. !30532. Drop support for License-Management CI template. !30645. Remove deprecated InfluxDB. !30786. Remove deprecated Release Evidence endpoints. !30975. Remove deprecated Release Evidence endpoints documentation. !30978. Drop support for `license_management` artifact. !31247. Remove deprecated container scanning report parser. !31294. Remove rake task `gitlab:track_deployment`. !31404. Remove token attribute from Runners API. !31448. Remove support for Ruby format variable interpolation (` variable `) in custom dashboards. !31581. Remove JenkinsDeprecatedService. !31607 (tnwx). Remove ruby_memory_bytes metric, duplicate of ruby_process_resident_memory_bytes. !31705. Remove project_list_show_mr_count feature flag. !31789 (Gilang Gumilar). Remove project_list_show__count feature flag. !31793 (Gilang Gumilar). Remove set_user_last_activity feature flag. !31795 (Gilang Gumilar). Remove registrations_recaptcha feature flag. !31797 (Gilang Gumilar). Remove deprecated Sidekiq rake tasks. ### (171 changes, 54 of them are from the community). Allow public access to pipeline schedules. !20806 (Lee t). Add user last_activity logging in GraphQL. !23063. Render TestReport parsing errors back to pipeline test summary. !24188. Add user popovers to system notes. !24241. missing RSS feed events. !28054. Resolve Text for future Release date grammatically incorrect. !28075. number of approvals given calculation. !28293 (Steffen Köhler). Always display new subgroup button when permission is granted. !28309 (Mattias Michaux). Correct the permission according to docs. !28657. duplicated activity and events on deletion of tag. !28861 (Sashi Kumar). init.d s
12.10.621 May 2020 12:05 minor bugfix: (2020-05-15). ### (5 changes). Duplicate index removal on ci_pipelines.project_id. !31043. on creating an invalid domains and verification. !31190. Incorrect number of errors returned when querying sentry errors. !31252. Add instance column to services table if it's missing. !31631. Incorrect regex used in FileUploader#extract_dynamic_path. !32271.
12.10.514 May 2020 06:45 minor feature: (2020-05-13). ### Added (1 change). Consider project group and group ancestors when processing CODEOWNERS entries. !31804.
12.10.406 May 2020 15:45 minor feature: (2020-05-05). ### (1 change). Add a Project's group to list of groups when parsing for codeowner entries. !30934.
12.10.201 May 2020 15:25 minor security: (2020-04-30). ### Security (8 changes). Ensure MR diff exists before codeowner check. Apply CODEOWNERS validations to web requests. Prevent unauthorized access to default branch. Do not return private project ID without permission. doorkeeper CVE-2020-10187. Change GitHub service integration token input to password. Return only safe urls for mirrors. Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
12.10.127 Apr 2020 17:45 minor bugfix: (2020-04-24). ### (5 changes). creating project from git ssh. !29771. Web IDE handling of deleting newly added files. !29783. null dereference in /import status REST endpoint. !29886. Service Templates missing Active toggle. !29936. error on accessing restricted levels. !30313. ### Changed (1 change). Move Group Deploy Tokens to new Group-scoped Repository settings. !29290. ### Other (1 change). Migration of dismissals to vulnerabilities. !29711.
12.10.023 Apr 2020 10:25 major feature: (2020-04-22). ### Removed (3 changes). Revert LDAP readonly attributes feature. !28541. Remove deprecated /ci/lint page. !28562. Remove open in file view link from Web IDE. !28705. ### (118 changes, 26 of them are from the community). Return 202 for command only notes in REST API. !19624. Run SAST using awk to pass env variables directly to docker without creating.env file. !21174 (Florian Gaultier). #42671: Project and group storage statistics now support values up to 8 PiB. !23131 (Matthias van de Meent). error on profile/chat_names for deleted projects. !24341. Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !24684. archived corrupted projects not displaying in admin. !25171 (erickcspice). some Web IDE with empty projects. !25463. failing ci variable e2e test. !25924. new file not being created in non-ascii character folders. !26165. Validate uniqueness of project_id and type when a new project service is created. !26308. assignee dropdown on new page. !26971. Resolve Unable to expand multiple downstream pipelines. !27029. Hide admin user actions for ghost and bot users. !27162. invalid ancestor group milestones when moving projects. !27262. right sidebar when scrollbars are always visible. !27314. OpenAPI file detector. !27321 (Roger Meier). managed_free_namespaces scope to only groups without a license or a free license. !27356. Set commit status to failed if the TeamCity connection is refused. !27395. Resolve Improve format support message in design. !27409. Add tooltips with full path to file headers on file tree. !27437. Scope WAF Statistics anomalies to environment.external_url. !27466. Show the proper information in snippet edit form. !27479. the repository Vue router not working with Chinese characters. !27494. smartcard config initialization. !27560. audit event that weren't being created for failed LDAP log-in tries. !27608. filtere
12.9.419 Apr 2020 14:45 minor bugfix: (2020-04-16). No changes. ### (5 changes, 1 of them is from the community). Not working File upload from Project overview page. !26828 (Gilang Gumilar). Storage rollback regression caused by previous refactor. !28496. Incorrect regex used in FileUploader#extract_dynamic_path. !28683. Fully qualify id columns for keyset pagination (Projects API). !29026. Slack notifications when upgrading from old GitLab versions. !29111.
12.9.315 Apr 2020 15:45 minor security: (2020-04-14). ### Security (3 changes). Refresh ProjectAuthorization during Group deletion. Prevent filename bypass on artifact upload. Update rack and related gems to 2.0.9 to security.
12.9.201 Apr 2020 13:05 minor feature: (2020-03-31). ### (5 changes). Ensure import by URL works after a failed import. !27546. /MR state not being preserved when importing a project using Project Import/Export. !27816. Leave upload Content-Type unchaged. !27864. Disable archive rate limit by default. !28264. rake gitlab:setup failing on new installs. !28270. ### Changed (1 change). Rename feature on the FE and locale. ### Performance (1 change). Index on sent_notifications table. !27034.
12.9.127 Mar 2020 16:45 minor bugfix: (2020-03-26). ### Security (16 changes). Add permission check for pipeline status of MR. Ignore empty remote_id params from Workhorse accelerated uploads. External user can not create personal snippet through API. Prevent malicious entry for group name. Restrict mirroring changes to admins only when mirroring is disabled. Reject all container registry requests from blocked users. Deny localhost requests on fogz importer. Redact notes in moved confidential. UploadRewriter Path Traversal vulnerability. Block hotlinking to repository archives. Restrict access to project pipeline metrics reports. vulnerability_feedback records should be restricted to a dev role and above. Exclude Carrierwave remote URL methods from import. Update Nokogiri to CVE-2020-7595. Prevent updating trigger by other maintainers. XSS vulnerability in `admin/email` "Recipient Group" dropdown. ### (1 change). updating the authorized_keys file. !27798.
12.9.022 Mar 2020 17:25 major bugfix: (2020-03-22). ### Security (1 change). Update Puma to 4.3.3. !27232. ### Removed (3 changes). Remove staging from commit workflow in the Web IDE. !26151. Remove and deprecate snippet content search. !26359. Remove "Analytics" suffrom the sidebar menu items. !26415. ### (117 changes, 19 of them are from the community). Set all NULL `lock_version` values to 0 for issuables. !18418. Support finding namespace by ID or path on fork API. !20603 (leoleoasd). caret position after pasting an image 15011. !21382 (Carolina Carvalhosa). Use of sha instead of ref when creating a new ref on deployment creation. !23170. logic to determine project export state and add regeneration_in_progress state. !23664. Create child pipelines dynamically using content from artifact as CI configuration. !23790. Handle Gitaly failure when fetching license. !24310. error details layout and alignment for mobile view. !24390. Added the multiSelect option to stop event propagation when clicking on the dropdown. !24611 (Gwen_). Activate Prometheus integration service for newly created project if this project has access to shared Prometheus application. !24676. Jump to next unresolved thread. !24728. Require a logged in user to accept or decline a term. !24771. quick actions executing in multiline inline code when placed on its own line. !24933 (Pavlo Dudchenko). timezones for popovers. !24942. Prevent "Select project to create merge request" button from overflowing out of the viewport on mobile. !25195. Add validation for updated_at parameter in update API. !25201 (Filip Stybel). Elasticsearch: when index is absent warn users and disable index button. !25254. pipeline details page initialisation on invalid pipeline. !25302 (Fabio Huser). with sidebar not expanding at certain resolutions. !25313 (Lee t). Rescue elasticsearch server error in pod logs. !25367. project setting approval input in non-sequential order. !25391. Add responsivity to cluster environments table.
12.8.717 Mar 2020 17:05 minor bugfix: (2020-03-16). ### (1 change, 1 of them is from the community). Crl_url parsing and certificate visualization. !25876 (Roger Meier).
12.8.509 Mar 2020 12:25 minor bugfix: ### (8 changes). Group Import API file upload when object storage is disabled. !25715. Web IDE fork modal showing no text. !25842. regression when URL was encoded in a loop. !25849. repository browsing for folders with non-ascii characters. !25877. search for Sentry error list. !26129. Send credentials with GraphQL fetch requests. !26386. Show CI status in project dashboards. !26403. Rescue invalid URLs during badge retrieval in asset proxy. !26524. ### Performance (2 changes). Disable Marginalia line backtrace in production. !26199. Remove unnecessary Redis deletes for broadcast messages. !26541. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.205 Mar 2020 15:25 minor bugfix: ### Security (17 changes). Update container registry authentication to account for login request when checking permissions. Update ProjectAuthorization when deleting or updating GroupGroupLink. Prevent an endless checking loop for two merge requests targeting each other. Update user 2fa when accepting a group invite. for XSS in branch names. Prevent directory traversal through FileUploader. Run project badge images through the asset proxy. Check merge requests read permissions before showing them in the pipeline widget. Respect member access level for group shares. Remove OID filtering during LFS imports. Protect against denial of service using pipeline webhook recursion. Expire account confirmation token. Prevent XSS in admin grafana URL setting. Don't require base_sha in DiffRefsType. Sanitize output by dependency linkers. Recalculate ProjectAuthorizations for all users. Escape special chars in Sentry error header. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.126 Feb 2020 08:05 minor bugfix: ### (5 changes). Markdown layout of incident. !25352. Time series extends axis options correctly. !25399. "Edit Release" page. !25469. Upgrade failure in EE displaying license. !25788. Last commit widget when Gravatar is disabled.
12.8.023 Feb 2020 00:05 major bugfix: ### Security (6 changes, 2 of them are from the community). Upgrade Doorkeeper to 4.4.3 to address CVE-2018-1000211. !20953. Upgrade Doorkeeper to 5.0.2. !21173. Update webpack related packages. !22456 (Takuya Noguchi). Update rubyzip gem in qa tests to 1.3.0 to CVE-2019-16892. !24119. Update GraphicsMagick from 1.3.33 to 1.3.34. !24225 (Takuya Noguchi). Update handlebars to remove from dependency dashboard. ### Removed (2 changes, 1 of them is from the community). Remove temporary index at services on project_id. !24263. Remove CI status from Projects Dashboard. !25225. ### (136 changes, 21 of them are from the community). When a namespace GitLab Subscription expires, disable SSO enforcement. !21135. with snippet counts not being scoped to current authorisation. !21705. Log user last activity on REST API. !21725. Create LfsObjectsProject record for forks as well. !22418. Limit size of diffs returned by /projects/:id/repository/compare API endpoint. !22658. spacing and UI on Recent Deliveries section of Project Services. !22666. Improve error messages when adding a child epic. !22688. a new line with suggestions in the last line of a file. !22732. Use POSTGRES_VERSION variable in Auto DevOps Test stage. !22884 (Serban Marti). Include milestones from subgroups in the list of Group Milestones. !22922. Authenticate user when scope is passed to events api. !22956 (briankabiro). Limit productivity analytics graph y-axis scale to whole numbers. !23140. GraphiQL when GitLab is installed under a relative URL. !23143 (Mathieu Parent). Stop NoMethodError happening for 1.16+ Kubernetes clusters. !23149. advanced global search permissions for guest users. !23177. JIRA DVCS retrieving repositories. !23180. logs api etag with elasticsearch. !23249. Add border radius and remove blue outline on recent searches filter. !23266. premailer and S/MIME emailer hooks order. !23293 (Diego Louzán). Web IDE alert message look and feel. !23300 (Sean Nichols
12.7.505 Feb 2020 05:45 minor bugfix: ### (4 changes, 1 of them is from the community). Add accidentally deleted project config for custom apply suggestions. !23687 (Fabio Huser). Database permission check for triggers on Amazon RDS. !24035. Applying the suggestions with an empty custom message. !24144. Remove invalid data from _tracker_data table.
12.7.331 Jan 2020 06:45 minor security: ### Security (17 changes, 1 of them is from the community). xss on frequent groups dropdown. !50. Bump rubyzip to 2.0.0. (Utkarsh Gupta). Disable access to last_pipeline in commits API for users without read permissions. Add constraint to group dependency proxy endpoint param. Limit number of AsciiDoc includes per document. Prevent API access for unconfirmed users. Enforce permission check when counting activity events. Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type. Cleanup todos for users from a removed linked group. XSS vulnerability on custom project templates form. Protect internal CI builds from external overrides. ImportExport::ExportService to require admin_project permission. Make sure that only system notes where all references are visible to user are exposed in GraphQL API. Disable caching of repository/files/:file_path/raw API endpoint. Make cross-repository comparisons happen in the source repository. Update excon to 0.71.1 to CVE-2019-16779. Add workhorse request verification to package upload endpoints.
12.7.124 Jan 2020 19:54 major feature:
8.0.516 Oct 2015 13:25 minor bugfix: Correct lookup-by-email for LDAP logins. Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.406 Oct 2015 23:25 minor bugfix: Message-ID header to be RFC 2111-compliant to prevent e-mails being dropped (Stan Hu). Referrals for :back and relative URL installs. Anchors to comments in diffs. - Remove CI token from build traces. - "Assign All" button on Runner admin page.
8.0.301 Oct 2015 03:15 minor bugfix: URL shown in Slack notifications. - where projects would appear to be stuck in the forked import state (Stan Hu). - Error 500 in creating merge requests with 1000 diffs (Stan Hu).
8.0.227 Sep 2015 03:15 minor bugfix: default avatar not rendering in network graph (Stan Hu). - Skip check_initd_configured_correctly on omnibus installs. - Prevent double-preing of help page paths. - Clarify confirmation text on user deletion. - Make commit graphs responsive to window width changes (Stan Hu). - top margin for sign-in button on public pages. - LDAP attribute mapping. - Remove git refs used internally by GitLab from network graph (Stan Hu). - Use standard Markdown font in Markdown preview instead of -width font (Stan Hu). - Reply by email for non-UTF-8 messages. - Add option to use StartTLS with Reply by email IMAP server.
8.0.023 Sep 2015 08:15 major feature: Continuous integration fully integrated (all tests, deployments, packaging). Completely new look and feel. Turbo Merges. 50 less space used. Reply by Email. Quick open in Gmail. Easily upload files in GitLab. Public user profile and group pages. Notification settings within the project s main page. GitLab 8.0 can be upgraded online. Better HTTP Support. Single Sign On to authenticate with Mattermost beta1. SSL Verification for Web Hooks.
7.5.027 Nov 2014 07:05 major feature: GitLab Community Edition 7.5 brings custom git hooks, various performance improvements, API extensions and better GitLab CI support.
7.2.022 Aug 2014 21:41 major feature: This release adds an "Explore" page, project stars, a Log for Sidekiq arguments. It adds better labels: colors, ability to rename and remove. Improves the way merge request collects diffs, compare page for large diffs. Exposes the full commit message via API. Fixes 500 error on repository rename, bug when MR download patch return invalid diff. Repository import timeout increased from 2 to 4 minutes allowing larger repos to be imported. The API adds support for labels, and the ability to set an import url when creating project for specific user.