All Versions
662
Latest Version
Avg Release Cycle
13 days
Latest Release
1428 days ago

Changelog History
Page 40

  • v12.0.7 Changes

    πŸ”’ Security (22 changes)

    • πŸ”€ Ensure only authorised users can create notes on Merge Requests and Issues.
    • Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
    • Queries for Upload should be scoped by model.
    • Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
    • Limit the size of issuable description and comments.
    • Send TODOs for comments on commits correctly.
    • πŸ— Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
    • βž• Added image proxy to mitigate potential stealing of IP addresses.
    • Filter out old system notes for epics in notes api endpoint response.
    • Avoid exposing unaccessible repo data upon GFM post processing.
    • πŸ›  Fix HTML injection for label description.
    • πŸ‘‰ Make sure HTML text is always escaped when replacing label/milestone references.
    • Prevent DNS rebind on JIRA service integration.
    • πŸ‘‰ Use admin_group authorization in Groups::RunnersController.
    • πŸ”€ Prevent disclosure of merge request ID via email.
    • πŸ‘‰ Show cross-referenced MR-id in issues' activities only to authorized users.
    • Enforce max chars and max render time in markdown math.
    • πŸ”€ Check permissions before responding in MergeController#pipeline_status.
    • βœ‚ Remove EXIF from users/personal snippet uploads.
    • πŸ›  Fix project import restricted visibility bypass via API.
    • πŸ›  Fix weak session management by clearing password reset tokens after login (username/email) are updated.
    • πŸ›  Fix SSRF via DNS rebinding in Kubernetes Integration.

  • v12.0.6 Changes

    August 12, 2019
    • No changes.

  • v12.0.4

    July 25, 2019

  • v12.0.3 Changes

    June 27, 2019

    • No changes.

      πŸ”’ Security (10 changes)

    • Persist tmp snippet uploads at users.

    • Gate MR head_pipeline behind read_pipeline ability.

    • πŸ›  Fix DoS vulnerability in color validation regex.

    • πŸ”¦ Expose merge requests count based on user access.

    • πŸ›  Fix Denial of Service for comments when rendering issues/MR comments.

    • βž• Add missing authorizations in GraphQL.

    • πŸš… Disable Rails SQL query cache when applying service templates.

    • Prevent Billion Laughs attack.

    • Correctly check permissions when creating snippet notes.

    • πŸ”€ Prevent the detection of merge request templates by unauthorized users.

  • v12.0.2 Changes

    June 25, 2019

    πŸ›  Fixed (7 changes, 1 of them is from the community)

    • πŸ›  Fix missing API notification flags for Microsoft Teams. !29824 (Seiji Suenaga)
    • πŸ›  Fixed 'diff version changes' link not working. !29825
    • πŸ›  Fix label serialization in issue and note hooks. !29850
    • Include the GitLab version in the cache key for Gitlab::JsonCache. !29938
    • Prevent EE backport migrations from running if CE is not migrated. !30002
    • ⚠ Silence backup warnings when CRON=1 in use. !30033
    • πŸ›  Fix comment emails not respecting group-level notification email.

    🐎 Performance (1 change)

    • πŸ”€ Omit issues links in merge request entity API response. !29917

  • v12.0.1 Changes

    June 24, 2019
    • No changes.

  • v12.0.0 Changes

    June 22, 2019

    πŸ”’ Security (10 changes)

    • Hide confidential issue title on unsubscribe for anonymous users.
    • πŸ›  Fix url redaction for issue links.
    • πŸ›  Fix confidential issue label disclosure on milestone view.
    • Filter relative links in wiki for XSS.
    • Prevent XSS injection in note imports.
    • Resolve: Milestones leaked via search API.
    • 🌐 Prevent bypass of restriction disabling web password sign in.
    • βž• Add extra fields for handling basic auth on import by url page.
    • Protect Gitlab::HTTP against DNS rebinding attack.
    • πŸ”€ Prevent invalid branch for merge request.

    βœ‚ Removed (5 changes, 1 of them is from the community)

    • βœ‚ Remove ability for group clusters to be automatically configured on creation. !27245
    • Removes support for AUTO_DEVOPS_DOMAIN. !28460
    • βœ‚ Remove the circuit breaker API. !28669
    • πŸ‘‰ Make Kubernetes service templates readonly. !29044
    • βœ‚ Remove Content-Type override for Mattermost OAuth login. (Harrison Healey)

    πŸ›  Fixed (116 changes, 28 of them are from the community)

    • πŸ›  Fix col-sm-* in forms to keep layout. !24885 (Takuya Noguchi)
    • Avoid 500 when rendering users ATOM data. !25408
    • πŸ›  Fix flyout nav on small viewports. !25998
    • πŸ›  Fix proxy support in Container Scanning. !27246
    • preventing blocked users and their PipelineSchdules from creating new Pipelines. !27318
    • πŸ›  Fix yaml linting for GitLab CI inside project (.gitlab/ci) *.yml files and CI template files. !27576 (Will Hall)
    • πŸ›  Fix yaml linting for project root *.yml files. !27579 (Will Hall)
    • βž• Added a content field to atom feed. !27652
    • πŸ’… Bring secondary button styles up to design standard. !27920
    • πŸ‘‰ Use FindOrCreateService to create labels and check for existing ones. !27987 (Matt Duren)
    • πŸ›  Fix "too many loops" error by handling gracefully cron schedules for non existent days. !28002
    • πŸ– Handle errors in successful notes reply. !28082
    • πŸ›  Fix 500 error when accessing charts with an anonymous user. !28091 (Diego Silva)
    • πŸ‘ Allow user to set primary email first when 2FA is required. !28097 (Kartikey Tanna)
    • Auto-DevOps: allow to disable rollout status check. !28130 (Sergej Nikolaev [email protected])
    • Resolved JIRA service: NoMethodError: undefined method 'find' for nil:NilClass. !28206
    • πŸ‘Œ Supports Matomo/Piwik string website ID ("Protect Track ID" plugin). !28214 (DUVERGIER Claude)
    • πŸ›  Fix loading.. dropdown at search field. !28275 (Pavel Chausov)
    • βœ‚ Remove unintended error message shown when moving issues. !28317
    • πŸ”€ Properly clear the merge error upon rebase failure. !28319
    • ⬆️ Upgrade dependencies for node 12 compatibility. !28323
    • πŸ›  Fix. db:migrate is failed on MySQL 8. !28351 (sue445)
    • πŸ›  Fix an error in projects admin when statistics are missing. !28355
    • πŸ›  Fix emojis URLs. !28371
    • Prevent common name collisions when requesting multiple Let's Encrypt certificates concurrently. !28373
    • πŸ›  Fix issue that causes "Save changes" button in project settings pages to be enabled/disabled incorrectly when changes are made to the form. !28377
    • πŸ›  Fix diff notes and discussion notes being exported as regular notes. !28401
    • πŸ›  Fix padding in MR widget. !28472
    • ⚑️ Updates loading icon in commits page. !28475
    • πŸ›  Fix border radius of discussions. !28490
    • ⚑️ Update broadcast message action icons. !28496 (Jarek Ostrowski @jareko)
    • ⚑️ Update icon color to match design system, pass accessibility. !28498 (Jarek Ostrowski @jareko)
    • πŸ“ˆ Show data on Cycle Analytics page when value is less than a second. !28507
    • πŸ›  Fix dropdown position when loading remote data. !28526
    • βœ‚ Delete unauthorized Todos when project is made private. !28560
    • πŸ”„ Change links in system notes to use relative paths. !28588 (Luke Picciau)
    • ⚑️ Update favicon from next. !28601 (Jarek Ostrowski @jareko)
    • Open visibility help link in a new tab. !28603 (George Tsiolis)
    • πŸ›  Fix issue importing members with owner access. !28636
    • πŸ›  Fix the height of the page headers on issues/merge request/snippets pages. !28650 (Erik van der Gaag)
    • Always show "Pipelines must succeed" checkbox. !28651
    • Resolve moving an issue results in broken image links in comments. !28654
    • πŸ›  Fix milestone references containing &, <, or >. !28667
    • βž• Add hover and focus to Attach a file. !28682
    • Correctly word-wrapping project descriptions with very long words. !28695 (Erik van der Gaag)
    • Prevent icons from shrinking in User popover when contents exceed container. !28696
    • πŸ‘ Allow removal of empty lines via suggestions. !28703
    • Throw an error when formatDate's input is invalid. !28713
    • πŸ›  Fix order dependency with user params during imports. !28719
    • πŸ›  Fix search dropdown not closing on blur if empty. !28730
    • πŸ›  Fixed ignored postgres version that occurs after the first autodevops deploy when specifying custom $POSTGRES_VERSION. !28735 (Brandon Dimcheff)
    • Limit milestone dates to before year 9999. !28742 (Luke Picciau)
    • 0️⃣ Set project default visibility to max allowed. !28754
    • πŸ”€ Cancel auto merge when merge request is closed. !28782
    • πŸ›  Fixes Ref link being displayed as raw HTML in the Pipelines page. !28823
    • πŸ›  Fix job name in graph dropdown overflowing. !28824
    • βž• Add style to disable webkit icons for search inputs. !28833 (Jarek Ostrowski @jareko)
    • πŸ›  Fix email notifications for user excluded actions. !28835
    • Resolve Tooltip Consistency. !28839
    • πŸ›  Fix Merge Request merge checkbox alignment on mobile view. !28845
    • βž• Add referenced-commands in no overflow list. !28858
    • πŸ›  Fix participants list wrapping. !28873
    • Excludes MR author from Review roulette. !28886 (Jacopo Beschi @jacopo-beschi)
    • Give labels consistent weight. !28895
    • βž• Added padding to time window dropdown in monitor dashboard. !28897
    • 🚚 Move text under p tag. !28901
    • Resolve Position is off when visiting files with anchors. !28913
    • πŸ›  Fix whitespace changes visibility when the related file was initially collapsed. !28950 (OndΕ™ej Budai)
    • πŸ›  Fix emoji picker visibility issue. !28984
    • πŸ”€ Resolve Merge request discussion text jumps when resolved. !28995
    • πŸ‘ Allow lowercase prefix for Youtrack issue ids. !29057 (Matthias Baur)
    • βž• Add support to view entirety of long branch name in dropdown instead of it being cut off. !29069
    • πŸ›  Fix inconsistent option dropdown button height to match adjacent button. !29096
    • πŸ‘Œ Improve new user email markup unconsistency between text and html parts. !29111 (Haunui Saint-sevin)
    • Eliminate color inconsistencies in metric graphs. !29127
    • Avoid setting Gitlab::Session on sessionless requests and Git HTTP. !29146
    • πŸ‘‰ Use the selected time window for metrics dashboard. !29152
    • βœ‚ Remove build policies from serverless app template. !29253
    • πŸ›  Fix serverless apps deployments by bumping 'tm' version. !29254
    • Include the port in the URLs of the API Link headers. !29267
    • πŸ›  Fix Fogbugz Importer not working. !29383
    • πŸ›  Fix GPG signature verification with recent GnuPG versions. !29388 (David Palubin)
    • πŸ”€ Cancel Auto Merge when target branch is changed. !29416
    • πŸ›  Fix nil coercion updating storage size on project statistics. !29425
    • Ignore legacy artifact columns in Project Import/Export. !29427
    • ⏱ Avoid DB timeouts when scheduling migrations. !29437
    • πŸ”€ Handle encoding errors for MergeToRefService. !29440
    • πŸ›  Fix UTF-8 conversion issues when resolving conflicts. !29453
    • Enlarge metrics time-window dropdown links. !29458
    • βœ‚ Remove unnecessary decimals on Metrics chart axis. !29468
    • πŸ›  Fix scrolling to top on assignee change. !29500
    • πŸ‘ Allow command/control click to open link in new tab on Merge Request tabs. !29506
    • Omit blocked admins from repository check e-mails. !29507
    • πŸ›  Fix diverged branch locals. !29508
    • 0️⃣ Process up to 100 commit messages for references when pushing to a new default branch. !29511 (Fabio Papa)
    • πŸ‘ Allow developer role to delete docker tags via container registry API. !29512
    • πŸ›  Fix "Resolve conflicts" button not appearing for some users. !29535
    • πŸ›  Fix: propagate all documented ENV vars to CI when using SAST. !29564
    • βœ… AutoDevops function ensure_namespace() now explicitly tests the namespace. !29567 (Jack Lei)
    • πŸ›  Fix sidebar flyout navigation. !29571
    • πŸ›  Fix missing deployment rockets in monitor dashboard. !29574
    • πŸ›  Fix inability to set visibility_level on project via API. !29578
    • πŸš€ Ensure a Kubernetes namespace is not used for deployments if there is no service account token associated with it. !29643
    • Refresh service_account_token for kubernetes_namespaces. !29657
    • πŸ”¦ Expose all current events properly on services API. !29736 (Zsolt Kovari)
    • 🚚 Move Dropdown to Stick to MR View App Button. !29767
    • πŸ›  Fix IDE commit using latest ref in branch and overriding contents. !29769
    • ⏱ Revert concurrent pipeline creation for pipeline schedules. !29794
    • πŸ›  Fix layout of group milestone header.
    • πŸ›  Fix remote mirrors not updating after tag push.
    • πŸ›  Fix padding of unclickable pipeline dropdown items to match links.
    • πŸ”„ Change resolve button text to mark comment as resolved.
    • Align system note within discussion with other notes.
    • πŸ›  Fix border radii on diff files and repo files.
    • πŸ›  Fixed show whitespace button not refetching diff content.
    • πŸ›  Fix pipeline schedules when owner is nil.

    πŸ”„ Changed (35 changes, 13 of them are from the community)

    • πŸ”€ Include information if issue was clossed via merge request or commit. !15610 (MichaΕ‚ ZajΔ…c)
    • βœ‚ Removes duplicated members from api/projects/:id/members/all. !24005 (Jacopo Beschi @jacopo-beschi)
    • Apply the group setting "require 2FA" across all subgroup members as well when changing the group setting. !24965 (rroger)
    • Enable function features for external Knative installations. !27173
    • βœ‚ Remove dind from DAST template. !28083
    • ⚑️ Update registration form to indicate invalid name or username length on input. !28095 (Jiaan Louw)
    • 0️⃣ Default masked to false for new variables. !28186
    • πŸ‘ Better isolated Docker.gitlab-ci.yml to avoid interference with other job configurations. !28213 (lrkwz)
    • Remove the mr_push_options feature flag. !28278
    • Replace Oxygen-Sans font with Noto Sans. !28322
    • ⚑️ Update new smiley icons, find n replace old names with new ones. !28338 (Jarek Ostrowski)
    • βž• Adds a text label to color pickers to improve accessibility. !28343 (Chris Toynbee)
    • Prioritize login form on mobile breakpoint. !28360
    • 🚚 Move some project routes under /-/ scope. !28435
    • I18n for issue closure reason in emails. !28489 (MichaΕ‚ ZajΔ…c)
    • 🚚 Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation and usage. !28546
    • βž• Add check circle filled icon for resolved comments. !28663
    • πŸ“š Update project security dashboard documentation. !28681
    • βœ‚ Remove docker pull prefix when copying a tag from the registry. !28757 (Benedikt Franke)
    • Adjust milestone completion rate to be based on issues count. !28777
    • ✨ Enhance line-height of Activity feed UI. !28856 (Jacopo Beschi @jacopo-beschi)
    • ⬆️ Upgrade to Gitaly v1.43.0. !28867
    • ⚑️ Do not display Update app button when saving Knative domain name. !28904
    • ⚠ Rebrush of flash-warning according to the new design (brighter background and darker font). !28916 (Michel Engelen)
    • Added reference, web_path, and relative_position fields to GraphQL Issue. !28998
    • πŸ”„ Change logic behind cycle analytics. !29018
    • βž• Add documentation links for confidental and locked discussions. !29073
    • Update GITALY_SERVER_VERSION to 1.45.0. !29109
    • πŸ‘ Allow masking if 8 or more characters in base64. !29143 (thomas-nilsson-irfu)
    • πŸ’Ž Replaces sidekiq mtail metrics with ruby instrumentation metrics. !29215
    • πŸ‘ Allow references to labels and milestones to contain emoji. !29284
    • πŸ’… changed the styles on Add List dropdown to look more like the EE vesion. !29338 (Michel Engelen)
    • 0️⃣ Hashed Storage is enabled by default on new installations. !29586
    • ⬆️ Upgrade to Gitaly v1.47.0. !29789
    • 0️⃣ Default MR checkbox to true in most cases.

    🐎 Performance (11 changes)

    • πŸ‘Œ Improve performance of jobs controller. !28093
    • ⬆️ Upgrade Ruby version to 2.6.3. !28117
    • ⏱ Make pipeline schedule worker resilient. !28407
    • πŸ›  Fix performance issue with large Markdown content in issue or merge request description. !28597
    • πŸ‘Œ Improve clone performance by using delta islands. !28871
    • 🐎 Reduce Gitaly calls to improve performance when rendering suggestions. !29027
    • πŸ‘‰ Use Redis for CacheMarkDownField on non AR models. !29054
    • βž• Add index on public_email for users. !29430
    • Speed up commit loads by disabling BatchLoader replace_methods. !29633
    • βž• Add index on invite_email for members. !29768
    • πŸ‘Œ Improve performance of users autocomplete when there are lots of results.

    βž• Added (47 changes, 12 of them are from the community)

    • βž• Added option to filter jobs by age in the /job/request API endpoint. !1340 (Dmitry Chepurovskiy)
    • βž• Add ability to define notification email addresses for groups you belong to. !25299
    • βž• Add wiki size to project statistics. !25321 (Peter Marko)
    • 58404 - setup max depth for GraphQL. !25737 (Ken Ding)
    • βž• Add auto SSL toggle option to Pages domain settings page. !26438
    • 🌐 Empty project state for Web IDE. !26556
    • βž• Add support for multiple job parents in GitLab CI YAML. !26801 (Wolphin (Nikita))
    • Pass user's identity and token from JupyterHub to user's Jupyter environment. !27314 (Amit Rathi)
    • βž• Add issues_statistics api endpoints and extend issues search api. !27366
    • Validate Kubernetes credentials at cluster creation. !27403
    • ⚑️ Update the merge request widget's "Merge" button to support merge trains. !27594
    • πŸ’… Style the toast component according to design specs. !27734
    • βž• Add API support for committing changes to different projects in same fork network. !27915
    • βž• Add support for && and || to CI Pipeline Expressions. Change CI variable expression matching for Lexeme::Pattern to eagerly return tokens. !27925 (Martin Manelli)
    • βž• Added ref querystring parameter to project search API to allow searching on branches/tags other than the default. !28069 (Lee Tickett)
    • Add notify_only_default_branch option to PipelinesEmailService. !28271 (Peter Marko)
    • πŸ‘Œ Support multiplex GraphQL queries. !28273
    • βž• Add Namespace and ProjectStatistics to GraphQL API. !28277
    • Display classname JUnit attribute in report modal. !28376
    • API: Allow to get and set "masked" attribute for variables. !28381 (Mathieu Parent)
    • βž• Add allow_failure attribute to Job API. !28406
    • βž• Add support for AsciiDoc include directive. !28417 (Jakub Jirutka & Guillaume Grossetie)
    • Migrate Kubernetes service integration templates to clusters. !28534
    • πŸ‘ Allow issue list to be sorted by relative order. !28566
    • Implement borderless discussion design with new reply field. !28580
    • βž• Add expand/collapse to error tracking settings. !28619
    • βž• Adds collapsible sections for job log. !28642
    • βž• Add LFS oid to GraphQL blob type. !28666
    • πŸ‘ Allow users to specify a time range on metrics dashboard. !28670
    • βž• Add a New Copy Button That Works in Modals. !28676
    • βž• Add Kubernetes logs to Admin Logs UI. !28685
    • Set up git client in Jupyter installtion. !28783 (Amit Rathi)
    • βž• Add task count and completed count to responses of Issue and MR. !28859
    • βž• Add project level git depth CI/CD setting. !28919
    • πŸ‘‰ Use global IDs when exposing GraphQL resources. !29080
    • πŸ”¦ Expose wiki_size on GraphQL API. !29123
    • πŸ”¦ Expose notes and discussions in GraphQL. !29212
    • πŸ— Use to 'gitlabktl' build serverless applications. !29258
    • βž• Adds pagination component for graphql api. !29277
    • πŸ‘ Allow switching clusters between managed and unmanaged. !29322
    • 0️⃣ Get and edit ci_default_git_depth via project API. !29353
    • πŸ”— Link to an external dashboard from metrics dashboard. !29369
    • βž• Add labels to note event payload. !29384 (Sujay Patel)
    • βž• Add Join meeting button to issues with Zoom links. !29454
    • πŸ‘‰ Make task completion status available via GraphQL.
    • βž• Add backtraces to Peek performance bar for SQL calls.
    • βž• Added diff suggestion feature discovery popover.

    Other (62 changes, 14 of them are from the community)

    • Unified EE/CS differences in repository/show.html. !13562
    • βœ‚ Remove legacy artifact related code. !26475
    • Backport the EE schema and migrations to CE. !26940 (Yorick Peterse)
    • βž• Add dedicated logging for GraphQL queries. !27885
    • i18n: externalize strings from user profile settings. !28088 (Antony Liu)
    • Omit max-count for diverging_commit_counts behind feature flag. !28157
    • πŸ›  Fix alignment of resend button in members page. !28202
    • ⚑️ Update indirect dependency fsevents from 1.2.4 to 1.2.9. !28220 (Takuya Noguchi)
    • πŸ–¨ Update get_process_mem to 0.2.3. !28248
    • βž• Add Pool repository to the usage ping. !28267
    • πŸ“¦ Forbid NULL in project_statistics.packages_size. !28400
    • ⚑️ Update Gitaly to v1.42.1. !28425
    • ⬆️ Upgrade babel to 7.4.4. !28437 (Takuya Noguchi)
    • Externalize profiles preferences. !28470 (George Tsiolis)
    • ⚑️ Update GitLab Runner Helm Chart to 0.5.0. !28497
    • πŸ”„ Change collapse icon size to size of profile picture. !28512
    • Resolve Snippet icon button is misaligned. !28522
    • ⬆️ Bumps Kubernetes in Auto DevOps to 1.11.10. !28525
    • ⬆️ Bump Helm version in Auto-DevOps.gitlab-ci.yml to 2.14.0. !28527
    • Migrate the monitoring dashboard store to vuex. !28555
    • Give New Snippet button green outline. !28559
    • Removes project_auto_devops#domain column. !28574
    • Externalize strings of email page in user profile. !28587 (antony liu)
    • Externalize strings of active sessions page in user profile. !28590 (antony liu)
    • πŸ”¨ Refactor and abstract Auto Merge Processes. !28595
    • βž• Add section to dev docs on accessing chatops. !28623
    • Externalize strings of chat page in user profile. !28632
    • Externalize strings of PGP Keys and SSH Keys page in user profile. !28653 (Antony Liu)
    • βž• Added the .extended-height class to the labels-dropdown. !28659 (Michel Engelen)
    • 🍱 Moved EE/CE code differences for app/assets/javascripts/gl_dropdown.js into CE. !28711 (Michel Engelen)
    • ⚑️ Update GitLab Runner Helm Chart to 0.5.1. !28720
    • βœ‚ Remove support for using Geo with an installation from source. !28737
    • API: change masked attribute type to Boolean. !28758
    • API: change protected attribute type to Boolean. !28766
    • βž• Add a column header to admin/jobs page. !28837
    • πŸ”€ Reset merge status from mergeable MRs. !28843
    • πŸ‘‰ Show tooltip on truncated commit title. !28865 (Timofey Trofimov)
    • βž• Added conditional rendering to app/views/search/_form.html.haml for CE/EE code base consistency. !28883 (Michel Engelen)
    • πŸ”„ Change "Report abuse to GitLab" to more generic wording. !28884 (Marc Schwede)
    • ⚑️ Update GitLab Pages to v1.6.0. !29048
    • ⚑️ Update GitLab Runner Helm Chart to 0.5.2. !29050
    • πŸ‘‰ User link styling for commits. !29150
    • Fix null source_project_id in pool_repositories. !29157
    • βž• Add deletion protection setting column to application_settings table. !29268
    • βž• Added code differnces from EE in file 'app/assets/javascripts/pages/projects/project.js' to CE. !29271 (Michel Engelen)
    • ⚑️ Update to GitLab Shell v9.3.0. !29283
    • Document when milestones and labels links are missing. !29355
    • πŸ‘‰ Make margin between buttons consistent. !29378
    • ⚑️ Changed the 'Created' label to 'Last Updated' on the container registry table to more accurately reflect what the date represents. !29464
    • ⚑️ Update GitLab Pages to v1.6.1. !29559
    • Indent collapsible sections. !29804
    • Group download buttons into a .btn-group.
    • πŸ”„ Change default color of award emoji button.
    • πŸ‘‰ Use blue for activity stream links; use monospace font for commit sha.
    • βœ‚ Remove fixed height from MR diff headers.
    • 🚚 Moves the table pagination shared component.
    • βž• Add warning that gitlab-secrets isn't included in backup.
    • ⚑️ Update merge request tabs so they no longer scroll.
    • ⬇️ Reduce height of issue board input to align with buttons.
    • 🚚 Increase height of move issue dropdown.
    • πŸ‘‰ Use grid and correct border radius for status badge.
    • 🚚 Moves snowplow to CE repo.

  • v11.11.8 Changes

    August 09, 2019

    πŸ”’ Security (2 changes)

    • ⬆️ Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits.
    • ⬆️ Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie.

  • v11.11.7 Changes

    July 29, 2019

    πŸ”’ Security (9 changes)

    • 🌲 Restrict slash commands to users who can log in.
    • Patch XSS issue in wiki links.
    • πŸ”€ Filter merge request params on the new merge request page.
    • πŸ›  Fix Server Side Request Forgery mitigation bypass.
    • 0️⃣ Show badges if pipelines are public otherwise default to project permissions.
    • Do not allow localhost url redirection in GitHub Integration.
    • 🚚 Do not show moved issue id for users that cannot read issue.
    • πŸ”€ Use source project as permissions reference for MergeRequestsController#pipelines.
    • ⬇️ Drop feature to take ownership of trigger token.

  • v11.11.4 Changes

    June 26, 2019

    πŸ›  Fixed (3 changes)

    • πŸ›  Fix Fogbugz Importer not working. !29383
    • πŸ›  Fix scrolling to top on assignee change. !29500
    • πŸ›  Fix IDE commit using latest ref in branch and overriding contents. !29769