All Versions
662
Latest Version
Avg Release Cycle
13 days
Latest Release
1428 days ago
Changelog History
Page 40
Changelog History
Page 40
-
v12.0.7 Changes
π Security (22 changes)
- π Ensure only authorised users can create notes on Merge Requests and Issues.
- Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
- Queries for Upload should be scoped by model.
- Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
- Limit the size of issuable description and comments.
- Send TODOs for comments on commits correctly.
- π Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
- β Added image proxy to mitigate potential stealing of IP addresses.
- Filter out old system notes for epics in notes api endpoint response.
- Avoid exposing unaccessible repo data upon GFM post processing.
- π Fix HTML injection for label description.
- π Make sure HTML text is always escaped when replacing label/milestone references.
- Prevent DNS rebind on JIRA service integration.
- π Use admin_group authorization in Groups::RunnersController.
- π Prevent disclosure of merge request ID via email.
- π Show cross-referenced MR-id in issues' activities only to authorized users.
- Enforce max chars and max render time in markdown math.
- π Check permissions before responding in MergeController#pipeline_status.
- β Remove EXIF from users/personal snippet uploads.
- π Fix project import restricted visibility bypass via API.
- π Fix weak session management by clearing password reset tokens after login (username/email) are updated.
- π Fix SSRF via DNS rebinding in Kubernetes Integration.
-
v12.0.6 Changes
August 12, 2019- No changes.
-
v12.0.4
July 25, 2019 -
v12.0.3 Changes
June 27, 2019No changes.
π Security (10 changes)
Persist tmp snippet uploads at users.
Gate MR head_pipeline behind read_pipeline ability.
π Fix DoS vulnerability in color validation regex.
π¦ Expose merge requests count based on user access.
π Fix Denial of Service for comments when rendering issues/MR comments.
β Add missing authorizations in GraphQL.
π Disable Rails SQL query cache when applying service templates.
Prevent Billion Laughs attack.
Correctly check permissions when creating snippet notes.
π Prevent the detection of merge request templates by unauthorized users.
-
v12.0.2 Changes
June 25, 2019π Fixed (7 changes, 1 of them is from the community)
- π Fix missing API notification flags for Microsoft Teams. !29824 (Seiji Suenaga)
- π Fixed 'diff version changes' link not working. !29825
- π Fix label serialization in issue and note hooks. !29850
- Include the GitLab version in the cache key for Gitlab::JsonCache. !29938
- Prevent EE backport migrations from running if CE is not migrated. !30002
- β Silence backup warnings when CRON=1 in use. !30033
- π Fix comment emails not respecting group-level notification email.
π Performance (1 change)
- π Omit issues links in merge request entity API response. !29917
-
v12.0.1 Changes
June 24, 2019- No changes.
-
v12.0.0 Changes
June 22, 2019π Security (10 changes)
- Hide confidential issue title on unsubscribe for anonymous users.
- π Fix url redaction for issue links.
- π Fix confidential issue label disclosure on milestone view.
- Filter relative links in wiki for XSS.
- Prevent XSS injection in note imports.
- Resolve: Milestones leaked via search API.
- π Prevent bypass of restriction disabling web password sign in.
- β Add extra fields for handling basic auth on import by url page.
- Protect Gitlab::HTTP against DNS rebinding attack.
- π Prevent invalid branch for merge request.
β Removed (5 changes, 1 of them is from the community)
- β Remove ability for group clusters to be automatically configured on creation. !27245
- Removes support for AUTO_DEVOPS_DOMAIN. !28460
- β Remove the circuit breaker API. !28669
- π Make Kubernetes service templates readonly. !29044
- β Remove Content-Type override for Mattermost OAuth login. (Harrison Healey)
π Fixed (116 changes, 28 of them are from the community)
- π Fix col-sm-* in forms to keep layout. !24885 (Takuya Noguchi)
- Avoid 500 when rendering users ATOM data. !25408
- π Fix flyout nav on small viewports. !25998
- π Fix proxy support in Container Scanning. !27246
- preventing blocked users and their PipelineSchdules from creating new Pipelines. !27318
- π Fix yaml linting for GitLab CI inside project (.gitlab/ci) *.yml files and CI template files. !27576 (Will Hall)
- π Fix yaml linting for project root *.yml files. !27579 (Will Hall)
- β Added a content field to atom feed. !27652
- π Bring secondary button styles up to design standard. !27920
- π Use FindOrCreateService to create labels and check for existing ones. !27987 (Matt Duren)
- π Fix "too many loops" error by handling gracefully cron schedules for non existent days. !28002
- π Handle errors in successful notes reply. !28082
- π Fix 500 error when accessing charts with an anonymous user. !28091 (Diego Silva)
- π Allow user to set primary email first when 2FA is required. !28097 (Kartikey Tanna)
- Auto-DevOps: allow to disable rollout status check. !28130 (Sergej Nikolaev [email protected])
- Resolved JIRA service: NoMethodError: undefined method 'find' for nil:NilClass. !28206
- π Supports Matomo/Piwik string website ID ("Protect Track ID" plugin). !28214 (DUVERGIER Claude)
- π Fix loading.. dropdown at search field. !28275 (Pavel Chausov)
- β Remove unintended error message shown when moving issues. !28317
- π Properly clear the merge error upon rebase failure. !28319
- β¬οΈ Upgrade dependencies for node 12 compatibility. !28323
- π Fix.
db:migrate
is failed on MySQL 8. !28351 (sue445) - π Fix an error in projects admin when statistics are missing. !28355
- π Fix emojis URLs. !28371
- Prevent common name collisions when requesting multiple Let's Encrypt certificates concurrently. !28373
- π Fix issue that causes "Save changes" button in project settings pages to be enabled/disabled incorrectly when changes are made to the form. !28377
- π Fix diff notes and discussion notes being exported as regular notes. !28401
- π Fix padding in MR widget. !28472
- β‘οΈ Updates loading icon in commits page. !28475
- π Fix border radius of discussions. !28490
- β‘οΈ Update broadcast message action icons. !28496 (Jarek Ostrowski @jareko)
- β‘οΈ Update icon color to match design system, pass accessibility. !28498 (Jarek Ostrowski @jareko)
- π Show data on Cycle Analytics page when value is less than a second. !28507
- π Fix dropdown position when loading remote data. !28526
- β Delete unauthorized Todos when project is made private. !28560
- π Change links in system notes to use relative paths. !28588 (Luke Picciau)
- β‘οΈ Update favicon from next. !28601 (Jarek Ostrowski @jareko)
- Open visibility help link in a new tab. !28603 (George Tsiolis)
- π Fix issue importing members with owner access. !28636
- π Fix the height of the page headers on issues/merge request/snippets pages. !28650 (Erik van der Gaag)
- Always show "Pipelines must succeed" checkbox. !28651
- Resolve moving an issue results in broken image links in comments. !28654
- π Fix milestone references containing &, <, or >. !28667
- β Add hover and focus to Attach a file. !28682
- Correctly word-wrapping project descriptions with very long words. !28695 (Erik van der Gaag)
- Prevent icons from shrinking in User popover when contents exceed container. !28696
- π Allow removal of empty lines via suggestions. !28703
- Throw an error when formatDate's input is invalid. !28713
- π Fix order dependency with user params during imports. !28719
- π Fix search dropdown not closing on blur if empty. !28730
- π Fixed ignored postgres version that occurs after the first autodevops deploy when specifying custom $POSTGRES_VERSION. !28735 (Brandon Dimcheff)
- Limit milestone dates to before year 9999. !28742 (Luke Picciau)
- 0οΈβ£ Set project default visibility to max allowed. !28754
- π Cancel auto merge when merge request is closed. !28782
- π Fixes Ref link being displayed as raw HTML in the Pipelines page. !28823
- π Fix job name in graph dropdown overflowing. !28824
- β Add style to disable webkit icons for search inputs. !28833 (Jarek Ostrowski @jareko)
- π Fix email notifications for user excluded actions. !28835
- Resolve Tooltip Consistency. !28839
- π Fix Merge Request merge checkbox alignment on mobile view. !28845
- β Add referenced-commands in no overflow list. !28858
- π Fix participants list wrapping. !28873
- Excludes MR author from Review roulette. !28886 (Jacopo Beschi @jacopo-beschi)
- Give labels consistent weight. !28895
- β Added padding to time window dropdown in monitor dashboard. !28897
- π Move text under p tag. !28901
- Resolve Position is off when visiting files with anchors. !28913
- π Fix whitespace changes visibility when the related file was initially collapsed. !28950 (OndΕej Budai)
- π Fix emoji picker visibility issue. !28984
- π Resolve Merge request discussion text jumps when resolved. !28995
- π Allow lowercase prefix for Youtrack issue ids. !29057 (Matthias Baur)
- β Add support to view entirety of long branch name in dropdown instead of it being cut off. !29069
- π Fix inconsistent option dropdown button height to match adjacent button. !29096
- π Improve new user email markup unconsistency between text and html parts. !29111 (Haunui Saint-sevin)
- Eliminate color inconsistencies in metric graphs. !29127
- Avoid setting Gitlab::Session on sessionless requests and Git HTTP. !29146
- π Use the selected time window for metrics dashboard. !29152
- β Remove build policies from serverless app template. !29253
- π Fix serverless apps deployments by bumping 'tm' version. !29254
- Include the port in the URLs of the API Link headers. !29267
- π Fix Fogbugz Importer not working. !29383
- π Fix GPG signature verification with recent GnuPG versions. !29388 (David Palubin)
- π Cancel Auto Merge when target branch is changed. !29416
- π Fix nil coercion updating storage size on project statistics. !29425
- Ignore legacy artifact columns in Project Import/Export. !29427
- β± Avoid DB timeouts when scheduling migrations. !29437
- π Handle encoding errors for MergeToRefService. !29440
- π Fix UTF-8 conversion issues when resolving conflicts. !29453
- Enlarge metrics time-window dropdown links. !29458
- β Remove unnecessary decimals on Metrics chart axis. !29468
- π Fix scrolling to top on assignee change. !29500
- π Allow command/control click to open link in new tab on Merge Request tabs. !29506
- Omit blocked admins from repository check e-mails. !29507
- π Fix diverged branch locals. !29508
- 0οΈβ£ Process up to 100 commit messages for references when pushing to a new default branch. !29511 (Fabio Papa)
- π Allow developer role to delete docker tags via container registry API. !29512
- π Fix "Resolve conflicts" button not appearing for some users. !29535
- π Fix: propagate all documented ENV vars to CI when using SAST. !29564
- β AutoDevops function ensure_namespace() now explicitly tests the namespace. !29567 (Jack Lei)
- π Fix sidebar flyout navigation. !29571
- π Fix missing deployment rockets in monitor dashboard. !29574
- π Fix inability to set visibility_level on project via API. !29578
- π Ensure a Kubernetes namespace is not used for deployments if there is no service account token associated with it. !29643
- Refresh service_account_token for kubernetes_namespaces. !29657
- π¦ Expose all current events properly on services API. !29736 (Zsolt Kovari)
- π Move Dropdown to Stick to MR View App Button. !29767
- π Fix IDE commit using latest ref in branch and overriding contents. !29769
- β± Revert concurrent pipeline creation for pipeline schedules. !29794
- π Fix layout of group milestone header.
- π Fix remote mirrors not updating after tag push.
- π Fix padding of unclickable pipeline dropdown items to match links.
- π Change resolve button text to mark comment as resolved.
- Align system note within discussion with other notes.
- π Fix border radii on diff files and repo files.
- π Fixed show whitespace button not refetching diff content.
- π Fix pipeline schedules when owner is nil.
π Changed (35 changes, 13 of them are from the community)
- π Include information if issue was clossed via merge request or commit. !15610 (MichaΕ ZajΔ c)
- β Removes duplicated members from api/projects/:id/members/all. !24005 (Jacopo Beschi @jacopo-beschi)
- Apply the group setting "require 2FA" across all subgroup members as well when changing the group setting. !24965 (rroger)
- Enable function features for external Knative installations. !27173
- β Remove dind from DAST template. !28083
- β‘οΈ Update registration form to indicate invalid name or username length on input. !28095 (Jiaan Louw)
- 0οΈβ£ Default masked to false for new variables. !28186
- π Better isolated
Docker.gitlab-ci.yml
to avoid interference with other job configurations. !28213 (lrkwz) - Remove the mr_push_options feature flag. !28278
- Replace Oxygen-Sans font with Noto Sans. !28322
- β‘οΈ Update new smiley icons, find n replace old names with new ones. !28338 (Jarek Ostrowski)
- β Adds a text label to color pickers to improve accessibility. !28343 (Chris Toynbee)
- Prioritize login form on mobile breakpoint. !28360
- π Move some project routes under /-/ scope. !28435
- I18n for issue closure reason in emails. !28489 (MichaΕ ZajΔ c)
- π Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation and usage. !28546
- β Add check circle filled icon for resolved comments. !28663
- π Update project security dashboard documentation. !28681
- β Remove
docker pull
prefix when copying a tag from the registry. !28757 (Benedikt Franke) - Adjust milestone completion rate to be based on issues count. !28777
- β¨ Enhance line-height of Activity feed UI. !28856 (Jacopo Beschi @jacopo-beschi)
- β¬οΈ Upgrade to Gitaly v1.43.0. !28867
- β‘οΈ Do not display Update app button when saving Knative domain name. !28904
- β Rebrush of flash-warning according to the new design (brighter background and darker font). !28916 (Michel Engelen)
- Added reference, web_path, and relative_position fields to GraphQL Issue. !28998
- π Change logic behind cycle analytics. !29018
- β Add documentation links for confidental and locked discussions. !29073
- Update GITALY_SERVER_VERSION to 1.45.0. !29109
- π Allow masking if 8 or more characters in base64. !29143 (thomas-nilsson-irfu)
- π Replaces sidekiq mtail metrics with ruby instrumentation metrics. !29215
- π Allow references to labels and milestones to contain emoji. !29284
- π
changed the styles on
Add List
dropdown to look more like the EE vesion. !29338 (Michel Engelen) - 0οΈβ£ Hashed Storage is enabled by default on new installations. !29586
- β¬οΈ Upgrade to Gitaly v1.47.0. !29789
- 0οΈβ£ Default MR checkbox to true in most cases.
π Performance (11 changes)
- π Improve performance of jobs controller. !28093
- β¬οΈ Upgrade Ruby version to 2.6.3. !28117
- β± Make pipeline schedule worker resilient. !28407
- π Fix performance issue with large Markdown content in issue or merge request description. !28597
- π Improve clone performance by using delta islands. !28871
- π Reduce Gitaly calls to improve performance when rendering suggestions. !29027
- π Use Redis for CacheMarkDownField on non AR models. !29054
- β Add index on public_email for users. !29430
- Speed up commit loads by disabling BatchLoader replace_methods. !29633
- β Add index on invite_email for members. !29768
- π Improve performance of users autocomplete when there are lots of results.
β Added (47 changes, 12 of them are from the community)
- β Added option to filter jobs by age in the /job/request API endpoint. !1340 (Dmitry Chepurovskiy)
- β Add ability to define notification email addresses for groups you belong to. !25299
- β Add wiki size to project statistics. !25321 (Peter Marko)
- 58404 - setup max depth for GraphQL. !25737 (Ken Ding)
- β Add auto SSL toggle option to Pages domain settings page. !26438
- π Empty project state for Web IDE. !26556
- β Add support for multiple job parents in GitLab CI YAML. !26801 (Wolphin (Nikita))
- Pass user's identity and token from JupyterHub to user's Jupyter environment. !27314 (Amit Rathi)
- β Add issues_statistics api endpoints and extend issues search api. !27366
- Validate Kubernetes credentials at cluster creation. !27403
- β‘οΈ Update the merge request widget's "Merge" button to support merge trains. !27594
- π Style the toast component according to design specs. !27734
- β Add API support for committing changes to different projects in same fork network. !27915
- β Add support for && and || to CI Pipeline Expressions. Change CI variable expression matching for Lexeme::Pattern to eagerly return tokens. !27925 (Martin Manelli)
- β Added ref querystring parameter to project search API to allow searching on branches/tags other than the default. !28069 (Lee Tickett)
- Add notify_only_default_branch option to PipelinesEmailService. !28271 (Peter Marko)
- π Support multiplex GraphQL queries. !28273
- β Add Namespace and ProjectStatistics to GraphQL API. !28277
- Display classname JUnit attribute in report modal. !28376
- API: Allow to get and set "masked" attribute for variables. !28381 (Mathieu Parent)
- β Add allow_failure attribute to Job API. !28406
- β Add support for AsciiDoc include directive. !28417 (Jakub Jirutka & Guillaume Grossetie)
- Migrate Kubernetes service integration templates to clusters. !28534
- π Allow issue list to be sorted by relative order. !28566
- Implement borderless discussion design with new reply field. !28580
- β Add expand/collapse to error tracking settings. !28619
- β Adds collapsible sections for job log. !28642
- β Add LFS oid to GraphQL blob type. !28666
- π Allow users to specify a time range on metrics dashboard. !28670
- β Add a New Copy Button That Works in Modals. !28676
- β Add Kubernetes logs to Admin Logs UI. !28685
- Set up git client in Jupyter installtion. !28783 (Amit Rathi)
- β Add task count and completed count to responses of Issue and MR. !28859
- β Add project level git depth CI/CD setting. !28919
- π Use global IDs when exposing GraphQL resources. !29080
- π¦ Expose wiki_size on GraphQL API. !29123
- π¦ Expose notes and discussions in GraphQL. !29212
- π Use to 'gitlabktl' build serverless applications. !29258
- β Adds pagination component for graphql api. !29277
- π Allow switching clusters between managed and unmanaged. !29322
- 0οΈβ£ Get and edit ci_default_git_depth via project API. !29353
- π Link to an external dashboard from metrics dashboard. !29369
- β Add labels to note event payload. !29384 (Sujay Patel)
- β Add Join meeting button to issues with Zoom links. !29454
- π Make task completion status available via GraphQL.
- β Add backtraces to Peek performance bar for SQL calls.
- β Added diff suggestion feature discovery popover.
Other (62 changes, 14 of them are from the community)
- Unified EE/CS differences in repository/show.html. !13562
- β Remove legacy artifact related code. !26475
- Backport the EE schema and migrations to CE. !26940 (Yorick Peterse)
- β Add dedicated logging for GraphQL queries. !27885
- i18n: externalize strings from user profile settings. !28088 (Antony Liu)
- Omit max-count for diverging_commit_counts behind feature flag. !28157
- π Fix alignment of resend button in members page. !28202
- β‘οΈ Update indirect dependency fsevents from 1.2.4 to 1.2.9. !28220 (Takuya Noguchi)
- π¨ Update get_process_mem to 0.2.3. !28248
- β Add Pool repository to the usage ping. !28267
- π¦ Forbid NULL in project_statistics.packages_size. !28400
- β‘οΈ Update Gitaly to v1.42.1. !28425
- β¬οΈ Upgrade babel to 7.4.4. !28437 (Takuya Noguchi)
- Externalize profiles preferences. !28470 (George Tsiolis)
- β‘οΈ Update GitLab Runner Helm Chart to 0.5.0. !28497
- π Change collapse icon size to size of profile picture. !28512
- Resolve Snippet icon button is misaligned. !28522
- β¬οΈ Bumps Kubernetes in Auto DevOps to 1.11.10. !28525
- β¬οΈ Bump Helm version in Auto-DevOps.gitlab-ci.yml to 2.14.0. !28527
- Migrate the monitoring dashboard store to vuex. !28555
- Give New Snippet button green outline. !28559
- Removes project_auto_devops#domain column. !28574
- Externalize strings of email page in user profile. !28587 (antony liu)
- Externalize strings of active sessions page in user profile. !28590 (antony liu)
- π¨ Refactor and abstract Auto Merge Processes. !28595
- β Add section to dev docs on accessing chatops. !28623
- Externalize strings of chat page in user profile. !28632
- Externalize strings of PGP Keys and SSH Keys page in user profile. !28653 (Antony Liu)
- β Added the
.extended-height
class to the labels-dropdown. !28659 (Michel Engelen) - π± Moved EE/CE code differences for
app/assets/javascripts/gl_dropdown.js
into CE. !28711 (Michel Engelen) - β‘οΈ Update GitLab Runner Helm Chart to 0.5.1. !28720
- β Remove support for using Geo with an installation from source. !28737
- API: change masked attribute type to Boolean. !28758
- API: change protected attribute type to Boolean. !28766
- β Add a column header to admin/jobs page. !28837
- π Reset merge status from mergeable MRs. !28843
- π Show tooltip on truncated commit title. !28865 (Timofey Trofimov)
- β Added conditional rendering to
app/views/search/_form.html.haml
for CE/EE code base consistency. !28883 (Michel Engelen) - π Change "Report abuse to GitLab" to more generic wording. !28884 (Marc Schwede)
- β‘οΈ Update GitLab Pages to v1.6.0. !29048
- β‘οΈ Update GitLab Runner Helm Chart to 0.5.2. !29050
- π User link styling for commits. !29150
- Fix null source_project_id in pool_repositories. !29157
- β Add deletion protection setting column to application_settings table. !29268
- β Added code differnces from EE in file 'app/assets/javascripts/pages/projects/project.js' to CE. !29271 (Michel Engelen)
- β‘οΈ Update to GitLab Shell v9.3.0. !29283
- Document when milestones and labels links are missing. !29355
- π Make margin between buttons consistent. !29378
- β‘οΈ Changed the 'Created' label to 'Last Updated' on the container registry table to more accurately reflect what the date represents. !29464
- β‘οΈ Update GitLab Pages to v1.6.1. !29559
- Indent collapsible sections. !29804
- Group download buttons into a .btn-group.
- π Change default color of award emoji button.
- π Use blue for activity stream links; use monospace font for commit sha.
- β Remove fixed height from MR diff headers.
- π Moves the table pagination shared component.
- β Add warning that gitlab-secrets isn't included in backup.
- β‘οΈ Update merge request tabs so they no longer scroll.
- β¬οΈ Reduce height of issue board input to align with buttons.
- π Increase height of move issue dropdown.
- π Use grid and correct border radius for status badge.
- π Moves snowplow to CE repo.
-
v11.11.8 Changes
August 09, 2019π Security (2 changes)
- β¬οΈ Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits.
- β¬οΈ Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie.
-
v11.11.7 Changes
July 29, 2019π Security (9 changes)
- π² Restrict slash commands to users who can log in.
- Patch XSS issue in wiki links.
- π Filter merge request params on the new merge request page.
- π Fix Server Side Request Forgery mitigation bypass.
- 0οΈβ£ Show badges if pipelines are public otherwise default to project permissions.
- Do not allow localhost url redirection in GitHub Integration.
- π Do not show moved issue id for users that cannot read issue.
- π Use source project as permissions reference for MergeRequestsController#pipelines.
- β¬οΈ Drop feature to take ownership of trigger token.
-
v11.11.4 Changes
June 26, 2019π Fixed (3 changes)
- π Fix Fogbugz Importer not working. !29383
- π Fix scrolling to top on assignee change. !29500
- π Fix IDE commit using latest ref in branch and overriding contents. !29769