gitlab-org--gitlab-foss/CHANGELOG.md

**Note:** This file is automatically generated. Please see the [developer
documentation](doc/development/changelog.md) for instructions on adding your own
entry.

## 13.3.4 (2020-09-02)

### Security (1 change)

- Protect OAuth endpoints from brute force/password stuffing.


## 13.3.3 (2020-09-02)

### Security (23 changes, 1 of them is from the community)

- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.19.3.


## 13.3.2 (2020-08-28)

### Removed (1 change)

- Display upcoming database deprecation warning only if current database version minimum is not met. !38225

### Fixed (5 changes)

- Fix race condition in concurrent backups. !39894
- Prevent accidental group deletion if path rename fails. !40353
- Fix snippet save button disabled with empty file path. !40412
- Fix exception handling when a concurrent backup fails. !40451
- Scope incident issue counts by given project or group. !40700


## 13.3.1 (2020-08-25)

### Fixed (2 changes)

- Fix bug when promoting an Issue with attachments to an Epic. !39654
- Avoid creating diff position when line-code is nil. !40089


## 13.3.0 (2020-08-22)

### Security (2 changes)

- Improve path traversal validation checks. !33114
- Update GitLab Runner Helm Chart to 0.19.2.

### Removed (3 changes)

- Remove Internet Explorer 11 from babel transpilation. !36840
- Remove namespace storage limit setting. !38108
- Geo: Drop tables related to vulnerability export replication. !38299

### Fixed (116 changes, 14 of them are from the community)

- Fix filter by releases at group issues and merge requests search bar. !26740 (Gilang Gumilar)
- Disable commenting on lines in files that were or are symlinks or replace or are replaced by symlinks. !35371
- Fix icon alignment on board cards. !35710 (carolcarvalhosa)
- Make Add metrics button visible on self monitoring dashboard. !36169
- Keep large spinner while MR file tree is loading. !36446
- Bug Fix: Child pipelines are not found by API endpoints. !36494
- Show relevant error messages when failing to match a CI job entry. !36536
- Don’t show close icon on flash warning. !36581
- Updates to file table in package details UI. !36723 (Adam Alvis (@adamalvis))
- Add graceful timeout handling for analytics. !36811
- Resolve Pasting an image into a comment also uploads design. !37171
- Fix release evidence sometimes not being collected. !37184
- Fix editing note throws js error. !37216
- Fix merge request approvals for EE without a license. !37246
- Fixed ops settings titles. !37259
- Refactor all factories to fix SaveBang Cop. !37268 (Rajendra Kadam)
- Resolve Anchor tags to Designs is not working. !37307
- Fix content validation for existing wiki pages. !37310
- Alert management list spacing. !37320
- Fix issue with blank keyset pagination parameters. !37351
- Remove dashed border on designs hover. !37375
- Fix CSV downloads for multiple series in the same chart. !37377
- Fix Pypi and Nuget Storage Statistics. !37386
- Display files in tab counter same as diff stats. !37390
- Fix vertical alignment of design management toolbar buttons. !37398
- Allow LFS to be enabled in project settings even when Repository is disabled. !37401
- Update closed MRs on push. !37414
- Remove old export file when requesting new project export using API. !37427
- Refactor spec/helpers and ee/spec/helpers to fix SaveBang Cop. !37446 (Rajendra Kadam)
- Fix ambiguous query error when filtering for Any milestone in Value Stream Analytics. !37451
- Ensure User's preferred_language always has a value. !37464
- Wiki controller should not crash with non-html format. !37466
- Fix local Tiller not being default-enabled on the frontend. !37494
- Fix sizing of pins for new design comments. !37541
- Remove status dropdown in merged tab. !37544
- Resolve UX Polish: Fix icon styles. !37546
- UX Polish: Remove the header Designs on empty state. !37548
- Fix creating release asset links when using the API. !37557
- UX Polish: Update top right Upload button from Green to Grey. !37558
- Fix bio container width on profile page. !37572
- Fix bug in group runners filtered search. !37626 (Arthur de Lapertosa Lisboa)
- Move partitioning backfill migration to post-deployment. !37633
- Fix missing path for avatars of bots. !37671
- Fix merge ref head comments for removed lines. !37755
- Query Jira projects by key or name and return all Jira projects in one query. !37799
- Make file icons extension detection be case-insensitive. !37817
- Allow anonymous users to view embedded Grafana metrics in public project. !37844
- Fix dependency proxy not working with object storage. !37878
- Fix review app links are not shown in MR widgets in public projects. !37923
- Fix dark mode container registry text. !37940
- Refactor spec/policies and ee/spec/policies to fix SaveBang Cop. !37956 (Rajendra Kadam)
- Static Site Editor: Fix ordered list formatting bug and rendering bug in strong and emphasis nodes with softbreaks. !37964
- Fix overflow issues with monaco file editor. !37984
- Fix error when blob has no auxiliary viewer. !38018
- Fix HTML not rendering in last commit widget. !38047
- Fix 500 error when unconfirmed OAuth2 user with 2FA logs in. !38104
- Fix console errors due to monaco-yaml's outdated use of monaco.Promise. !38135
- Refactor spec/finders and ee/spec/finders to fix SaveBang Cop. !38173 (Rajendra Kadam)
- Align activity dropdown height with other dropdowns. !38208
- Fix 500 for pipeline charts page. !38226
- Resolve Pasting an image into a comment still uploades a design. !38280
- Refactor ee/spec/features/* to fix SaveBang Cop. !38289 (Rajendra Kadam)
- Add workaround for Chrome 84 SVG bug. !38304
- Fix a Gradle bug where a package without a version would be created and thus not displayed on the UI. !38338
- Fixes the history button link URL being encoded incorrectly. !38392
- Refactor spec/workers/* to fix SaveBang Cop. !38399 (Rajendra Kadam)
- Use Gitaly protobuf version as DiffStats cache key. !38414
- Fix highlight commented rows. !38420
- Fix vertical alignment of some svg icons. !38550
- Fix Incident and Alert mobile CSS and alignment. !38577
- Refactor spec/features/merge_requests/* to fix Rails/SaveBang Cop. !38591 (Rajendra Kadam)
- Add transparent background to remove button in tree item list. !38597
- Update password change sign-in banner text. !38606
- Display authored message correctly on public snippets viewed by unauthenticated users. !38614
- Fix vertical alignment of svg icons on Jobs page. !38656
- Fix URLs of issues in VSA dashboard. !38703
- Remove duplicate authorized_projects entries during refresh. !38715
- Fix multiline comment rendering. !38721
- Improve rendering of very large files in the Repo File Browser. !38733
- Optimize click area in design version dropdown. !38747
- Fix notification setting for group with dot in name. !38773
- Fix bug where filtering would sometimes display only open issues on different pages listing issues. !38906
- Refactor spec/views/* and ee/spec/views/* to fix Rails/SaveBang Cop. !38981 (Rajendra Kadam)
- Refactor spec/support/helpers/* and ee/spec/support/helpers/* to fix Rails/SaveBang Cop. !38995 (Rajendra Kadam)
- Fix parallel jobs dropdown from cutting off in small pipeline graphs. !39108
- Add expire_at to PipelineArtifact. !39114
- Add not null constraint for file to ci_pipeline_artifacts. !39118
- Fix gitlab-rake gitlab:license:info crashing when no license exists. !39143
- Fix cancel button on New Release page. !39144
- Fix submit button tooltips for forms with quick submit behavior. !39225
- Fix scroll stuck on editor in snippets. !39251
- Fix: New File page file name field unclickable in mobile view. !39310
- Fix CI job artifacts metadata not extracting on some S3 providers. !39345
- Add default value for file_store to ci_pipeline_artifacts. !39349
- Handle user mapping for Jira server instances. !39362
- Ignore the sources node from the cobertura XML. !39385
- Fix Composer installation code snippet to include package name and version. !39400
- Fix failing bitbucket server import when project slug differs from name. !39433
- Right-aligned Clone dropdown for snippets. !39446
- Fix missing scoped label borders for todos. !39459
- Move gitlab-managed alerts embeds to core as documented. !39509
- Allow crawler access to api. !39520
- Fix panel "more actions" button layout. !39534
- Use history icon on recent search filter tab only on mobile. !39557 (Takuya Noguchi)
- Conan packages allow for conan_sources.tgz and conan_export.tgz files. !39559
- Fix horizontal scrolling on blocked/private profile pages. !39568
- Fixed discussion not expanding when replying to a collapsed discussion. !39571
- Fix pagination for bitbucket server importer. !39598
- Fix missing resolve button when replying to notes in MRs. !39614
- Fix Conan recipe display in the package details page. !39643
- Fix bug when promoting an Issue with attachments to an Epic. !39654
- Fix broken date time picker hide button. !39755
- Fix time zone config not respected in multi-threaded servers. !39778
- Use correct order when repositioning existing designs. !39826
- Center align pipeline graph icons. !39848
- Coerce string object storage options to booleans. !39901

### Deprecated (4 changes)

- Deprecation of ECS template. !36143
- Remove Jump to next unresolved thread button in merge request threads. !38375
- Deprecate blob field on GraphQL SnippetType. !39088
- Deprecate additions and deletions attributes in Repositories API. !39653

### Changed (144 changes, 12 of them are from the community)

- Show full commit message by default in merge request diff. !27981 (Gilang Gumilar)
- Use fingerprint column on events to ensure event uniqueness. !31021
- Disable application_settings_tokens_optional_encryption feature flag. !31798 (Gilang Gumilar)
- Disable ci_runners_tokens_optional_encryption feature flag. !31800 (Gilang Gumilar)
- Update Buildkite Service for supported events, fields, and always verify SSL. !33697 (Juanito Fatas)
- Allow OAuth to auto link LDAP users via email address. !33767 (Niko Wenselowski)
- Pre-fill the email input on sign-in / sign up pages. !33851
- Store user mentions from merge request title or description in the DB. !34378
- Allow multiline Prometheus queries in metrics dashboards yaml. !34508
- Increase contrast between UTC label and input. !34998
- Increase CI instance variable value limit. !35063
- Rewrite integration form in Vue. !35453
- Improved fork page design. !35592
- Add sign_in_count to /users/:id API for admins. !35726 (Luc Didry)
- Updates GitLab managed app Ingress version to 1.40.2. !35924
- Make scoped snippet routing a default one. !36091
- Show clone button for activity on project page. !36147
- Replace fa-angle-up icons with GitLab SVG. !36429
- Migrate '.fa-spinner' to `gl-loading-icon` within shared boards haml. !36436
- Package feature moved to core. !36667
- Replace fa-history icons with GitLab SVG history icon. !36691
- Add serverless empty state illustration. !36762
- Allow an issue or MR to be locked and unlocked without page refresh. !36773
- Exclude todos from general analytics accumulator ping. !36813
- Migrate license_management artifacts to license_scanning type. !36817
- When generating markdown for ordered lists, the list marker should not increment. !36851
- Rename snippet GraphQL files field to blob_actions. !36852
- Track milestone and state changes in issues / MRs using resource events. !36936
- Update project remove modal to add additional warnings. !36962
- Replace fa-plus icons with GitLab SVG plus icon. !36972
- Limit database deprecation notice window. !37009
- Changes limit for terraform artifacts to 5MB. !37018
- Replace fa-ban icons with "cancel" from GitLab SVG. !37067
- Move service desk usage data to core. !37080
- Add concurrency support for Git repository backups. !37158
- Replace some FA icons on groups listing page with GitLab SVG icons. !37162
- Remove extraneous `<br>` tags from the source file when using the Static Site Editor. !37223
- Remove flag and document max artifact size plan limits. !37226
- Replacing View Full Report button with GitLab UI. !37236
- Show meaningful message when applying inapplicable suggestion. !37267
- Return SSH key details in /internal/allowed response. !37289
- Change PagerDuty webhook URL. !37321
- Shorten 'enable LFS' manage for design management. !37385
- Show all snippet files when embedding. !37412
- Add target_details column to AuditEvent table. !37430
- Improve the IA and styling of the Success screen in the Static Site Editor. !37475
- Add Cilium APIs as part of kube_client. !37526
- Introduce `ci_needs_size_limit` to fine control needs. !37568
- Migrate service desk setting button to gl-button. !37612
- External auth adheres to local request setting. !37622
- Remove feature flag managed_apps_local_tiller. !37641
- Bring SAST to Core - bandit, Flawfinder, Gitleaks, Gosec, Kubesec, NodeJsScan, phpcs-security-audit, PMD, Security Code Scan, Sobelow, SpotBugs. !37648
- Replace fa-bell icons with GitLab SVG notifications icon. !37676
- Update gitlab-shell to v13.4.0. !37677
- Move clone button out of blob header. !37696
- Use normal font weight for Design Management dropzone text. !37787
- Replace fa-sign-out icons with GitLab SVG leave icon. !37794
- Add relative positioning on designs. !37835
- Backfill relative positions on designs. !37837
- Add search bar for incidents. !37885
- Add composer tab and package type to package list. !37928
- Add closed issue icon to incidents list for closed incidents. !37949
- Update size limits for SCA artifacts. !37975
- Update label select vue gl button. !37986
- Update suggest gitlab ci popover to gl-button. !37987
- Add pagination to the incident list. !37993
- Rejects duplicated pypi files. !38006
- Use new badge style for 'archived' project badge. !38013
- Remove Duplicate Dashboard item from dashboards dropdown. !38053
- Replace fa-git icons with link svg. !38078
- Enforce namespace storage limit via app setting. !38094
- Replace fa-certificate icon with first-contribution svg. !38154
- Use the uploaded file set by middleware in Repositories::LfsStorageController. !38167
- Migrate new project item select FA icons. !38177
- Add sorting by date for incident list. !38178
- Consistent labels for new/edit group URL. !38180
- Change date time picker units. !38232
- Switch manifest importer to new UI. !38268
- Add incident count badge to the incident list. !38278
- In metrics view, change default dashboard name to Overview. !38292
- Hide languages with few translations. !38312
- Reorganize group member management into tabs. !38344
- Changed wording for optional approvals. !38393
- Upgrade to Gitaly v13.3.0-rc3. !38405
- Re-name "Delete" button to "Archive" in Design Management. !38446 (Getulio Valentin Sánchez @gvso)
- Allow users with developer access level for given project to view kubernetes pod logs. !38467
- Set minimum Redis version to 4 and recommended version to 5 in Redis check task. !38475
- Re-name project remove as project delete. !38489
- Replace fa-info-circle icons with GitLab SVG information icon. !38505
- Take DAG view out of beta. !38517
- Specify Ruby image in FailFast template. !38523
- Update color and vertical alignment of project feature toggle. !38537
- Remove repositories from previous storage when storage move succeeds. !38547
- Add database migrations to prepare for future Geo replication. !38549
- Added minimum value of 1KB to wiki_page_max_content_bytes. !38554 (Uday Aggarwal (uday.agg97))
- Stop using priority and weight keys in metrics dashboards. !38572
- Add copy for Jira issues integration to GitLab issues empty state. !38586
- Add Mark as done capability to Alert To Do's. !38595
- Button migration vulnerability charts. !38610
- Change the job stuck page to use UI library components. !38618
- Order projects within the project dropdown by relevance in analytics features. !38675
- Enable New Package details UI, remove feature flag and remove all old code. !38680
- Update the project deletion confirmation modal to be more specific, the confirmation phrase now includes the project full path. !38700
- Replace v-popover directive with GlPopover in ./app/assets/javascripts/pipelines/components/pipelines_list/pipeline_url.vue.vue. !38769 (Gilang Gumilar)
- Add installation instructions for Composer. !38779
- Track wiki page views in usage data. !38784
- Update incident_issues usage ping to use issue type column. !38864
- Migrate custom metric form buttons. !38896 (George Tsiolis)
- Migrate enable review app button in environments. !38897 (George Tsiolis)
- Add migration helper index for Vulnerabilities::Finding table. !38898
- Migrate maintenance mode settings button. !38901
- Replace <gl-deprecated-button> with <gl-button> in app/assets/javascripts/pipelines/components/graph/action_component.vue. !38923
- Add a cache column for the number of changed files in a merge request diff. !38936
- Change UI and add new actions to monitor dashboard actions menu. !38946
- Support unitless single stat chart in metrics dashboards. !39067
- Update preferences for homepage/dashboard wording. !39092
- Update design mgmt navigation to use gl-button. !39104
- Enable design management reference filter by default. !39113
- Deprecated btn migration. !39154
- Update auto-build-image to v0.4.0 for an updated version of the pack CLI (v0.12.0) for Cloud Native Buildpack builds. !39159
- Change "gauge-chart" to "gauge" in YML panel configuration for gauge charts. !39184
- Enable FF ci_variables_api_filter_environment_scope by default. !39209
- Code navigation displays references when browsing repository. !39214
- Replace fa-book icon with GitLab SVG book icon. !39247
- Replace fa-close icons with GitLab SVG close icon. !39267
- Update auto-deploy-image to v1.0.0, including a locally vendored auto-deploy-app chart instead of charts.gitlab.io. !39272
- Improve environment dropdowns in operations metrics dashboard and highlight selected environment. !39303
- Replace Go Back with Collapse button for expanded Metric charts. !39307
- Replace issues icon with Gitlab SVG. !39313
- Replace fa-power-off icon with GitLab SVG power icon. !39330
- Remove transition animation from the Container Registry UI. !39337
- Replace mis-used CSS class in operations settings. !39338
- Enable Multiline Comments by default. !39370
- Enable delete button on Package group level view list. !39430
- Enabled monaco_blobs FF by default. !39441
- Import the new queries in common_metrics.yml into database. !39475
- Make View full report button open link in new tab. !39501
- Bump CodeQuality templates to version 0.85.10-gitlab.1. !39502
- Allow query/query_range keys in metrics dashboard to contain numbers. !39530
- Enable reorder_designs feature by default. !39555
- Return snippet binary blob content in GraphQL. !39583
- Add anchors to profile preferences. !39589
- Expose ID in Event object returned from the public API. !39669 (Killian Brackey @kbrackey)
- Rename create issue button to create incidents in ALert details. !39684

### Performance (25 changes)

- Add mechanism that efficiently increments ActiveRecord counters using Redis. !35878
- Add limit for wiki page content size. !36729
- Reduce 'cached' query calls for Banzai. !36735
- Fix N+1 issue in Explore Projects controller. !36874
- Avoid N+1 of issue associations in Search. !36941
- Replace FontAwesome fa-clock icon with SVG icon. !37123
- Inverse pipeline for its build associations. !37478
- Fix N+1 for project/:id/issues API endpoint. !37508
- Preload build report results for pipeline builds. !37582
- Always use expanded env name to load persisted environment. !37585
- Improve performance of test report with summary and test suite endpoints. !37629
- Preload number of pipeline warnings for commits. !37669
- Add PipelineArtifact data model. !37969
- Replace index for service usage data. !38147
- Serialize fewer pipeline fields for MR widget. !38215
- Improve performance of Banzai reference filters. !38290
- Skip subsequent topology Prometheus queries if timeout occur. !38293
- Remove some unnecessary Redis calls on commit lists. !38343
- Speed up commit lists and file blob pages on repositories with huge amounts of branches or tags. !38484
- Add index for compliance merged MRs to events. !38885
- Swap RepositoryHashCache to UNLINK. !39105
- Increase sidebar performance by not rendering k8s highlight when not needed. !39228
- Use more-efficient indexing for the MergeRequestDiff storage migration. !39470
- Add secure index for coverage fuzzing. !39569
- Performance and robustness improvements for relative positioning. !39807

### Added (138 changes, 6 of them are from the community)

- Add Rust Dockerfile to GitLab templates. !28167
- Add mutation to create a label or default backlog list for an issue board. !31233
- Allow labels argument for merge request create mutation. !32637
- Add btree_gist PGSQL extension and add DB constraints for Iteration date ranges. !33340
- Add cilium to Kubernetes apps list. !33703
- Define matrix builds for more complex pipelines. !33705
- Support getting a todo for an alert in GraphQL API. !34789
- Resolve Set a deploy freeze in the UI. !35163
- Display notes on merge ref head diff. !35422
- Add note_id to timelogs. !35916 (Lee Tickett)
- Prompt to resolve unresolved threads on an MR is a button that jumps to the first such thread. !36164
- Expose board list issues via GraphQL. !36259
- Add internal api for getting personal access tokens from gitlab-shell. !36302 (Taylan Develioglu @tdevelioglu)
- Add auto_link_user OmniAuth setting. !36664
- Add Draft to WIP for work in progress merge requests. !36666
- Add gauge chart type to the monitoring dashboards. !36674
- Add Prevent forking outside group feature. !36848
- Show Security Warning Modal for fork pipelines. !36951
- Add usage ping for coverage_fuzzing. !36960
- Use _ character for emphasis and * for strong in Static Site Editor markdown syntax. !36965
- Add migration for deployment_type of Jira server in jira_tracker_data table. !36992
- Add system note to alert when corresponding issue is closed. !37039
- Add locked as an argument to updateIssue. !37105
- Add PagerDuty incident integration. !37193
- Add container registry observations to usage ping. !37203
- Support dry-run cherry-picks and reverts via API. !37240
- Show full time range in metrics dashboard charts. !37243
- Geo: Add file store indexes. !37265
- Add ability to turn off "project moved" notifications. !37269
- Add basic incidents list. !37314
- Allow to create merge request pipelines in target project when user has permission. !37322
- Add external column to custom emoji table. !37346 (Rajendra Kadam)
- Add issue_type column to issues table. !37402
- Added webPath and descriptionHtml types to the repository GraphQL entities. !37416
- Add monthly usage ping data for analytics. !37417
- Added section names to code owner approvals in merge request form. !37425
- Add a new K8s Pod health metrics dashboard. !37482
- Update versions tab to other versions. !37513
- Add metrics dashboard templates for the standard file blob selector. !37519
- Add custom metrics dashboard templates supports. !37523
- Allow optional keyset pagination for branch list API. !37524
- Add default_membership_role column to saml_providers table. !37552
- Add NuGet lock files support to Dependency Scanning CI template. !37553
- Migrate vulnerability statistics historical data to vulnerability historical statistics. !37554
- Surface timeafo for created date in Incidents List. !37567
- Add parenthesis support for if: conditions. !37574
- Show mapped user in Jira import form dropdown. !37575
- Add GraphQL mutation to re-order designs. !37603
- Display assignees in Incident List. !37608
- Add ENV vars that expose source and target repository for CI Pipelines that run on an External Pull Requests. !37616 (Rafael Dohms @rdohms)
- Add DB table and model to track changes of the iterations on issues. !37617
- Migrate all 'incident' labelled issues to have issue type 'incident'. !37668
- Resolve Allow the ability to re-order designs. !37686
- Add target_project_id to merge_request_metrics table. !37713
- Allow user to update issue labels via GraphQL. !37728
- Sets issue type for incident issues to incident. !37781
- Create incident from the incidents list page. !37802
- Add personal_access_tokens list to REST API. !37806
- Allow user to simulate pipeline creation via CI Lint and go beyond syntax checks. !37828
- Adds clarifying documentation on EKS IAM roles. !37870
- Add API support for issue and merge request templates. !37890 (Jan Beckmann)
- Add confidential attribute to graphQL for notes update. !37920
- Add confidential attribute to public API for notes update. !37932
- Filter Issues in GraphQL by type of Issue. !38017
- Allows setting of issue subscribe status in GraphQL API. !38051
- Add deployment_events flag to web_hooks table. !38080
- Allow assign/unassign users to issues in GraphQL API. !38081
- Email notification for expired personal access token. !38086
- Upgrade CI to Git v2.28.0. !38152
- Add project milestones to GraphQL API. !38153
- Make the deploy freeze table responsive. !38213
- Add option to query a single board list with GraphQL API. !38216
- Add symlink label text to blob viewer. !38220
- Add support for runbook url to PrometheusAlert table. !38234
- Add dashboard_path to PrometheusMetric. !38237
- Add support for specifying AWS S3 Server Side Encryption (AWS-KMS). !38240
- Add issue status counts to Projects in GraphQL. !38263
- Auto expand collapsed diffs when viewing diffs file-by-file. !38296
- Add hide_backlog_list and hide_closed_list attributes to boards table. !38303
- GraphQL mutation to move issue within board lists. !38309
- Redirect to new metrics dashboard page. !38364
- Add experiments and experiment_users tables for tracking which users are enrolled for which experiments. !38397
- Save usage data in database. !38457
- Move old integrations to Settings > General and introduce instance-level integrations. !38488
- Expose runbook field in alert_management_alert GraphQL API. !38510
- Add CoverageReportsController#index CSV response. !38520
- Add support for never keyword in expire_in job artifacts. !38578 (Fabio Huser)
- Add attributes to filter project merge requests by merged at date in GraphQL. !38584
- Add `resolved_on_default_branch` column into `vulnerabilities` table. !38638
- Add alert url into incident issue markdown. !38649
- Return gitaly info in kubernetes internal API. !38654
- Add GraphQL query for a single milestone. !38682
- Add milestone_id param to issue update graphQL mutation. !38684
- Added pre-processing step to the Static Site Editor so code templates (ERB) are interpreted as code not content. !38694
- Backfill null values to prepare for Geo replication feature. !38719
- Update gitlab-shell to v13.5.0. !38720
- UI warning messages for pipeline configurations. !38734
- Enable state tracking for managed applications installed via the management project. !38759
- Set Incident issue type when creating issue. !38760
- Add pre-processing step so inline ERB and HTML syntax are wrapped in codeblocks for code vs. content editing in the static site editor's WYSIWYG mode. !38791
- Add protected branches count to usage ping. !38797
- Add include_parent_milestones param to project and group milestones API endpoints. !38800
- Clean up orphaned LFS file references during GC. !38813
- Add database migrations to ensure Geo replicates all package files when sync object storage is disabled. !38822
- Add pre-processing step so preexisting codeblocks are preserved prior to flagging content as code in the static site editor's WYSIWYG mode. !38834
- Add model for CiliumNetworkPolicy. !38848
- Expose alert information for environments. !38881
- Add Azure Blob Storage support. !38882
- Add webhooks for deployments. !38902
- Add "New Release" page to allow creation of releases through the interface. !38913
- Add GraphQL mutation for updating board list position and collapsed/expanded state. !38942
- Add due_date filter param to Issues REST API. !38973
- Support adding of API requests to the performance bar. !39057
- Expose counts (pipeline, commits) and approvers for a merge request in GraphQL. !39086
- Add total_weight and issues_count fields to the board list graphQL endpoint. !39110
- Make available new UI for adding a panel to a metrics dashboard. !39124
- Improve submission behavior of the New/Edit Release page. !39145
- Allows NuGet to authenticate with Job Token. !39147
- Upgrade Pages to 1.22.0. !39172
- Upgrade Workhorse to v8.38.0. !39223
- JUnit test report on pipeline detail page. !39260
- Allow GraphQL pipeline to resolve non-CI pipelines and expose configSource field. !39275
- GraphQL: Issues - Added 'include_subgroup' parameter. !39279
- Enable `:resource_access_token` feature flag by default. !39287
- Add runbook to metric chart dropdown. !39288
- Add runbooks to metric alerts. !39315
- Preserve active tab on alert details page reload. !39369
- GraphQL: Add user to pipeline + status and email to user + StatusType. !39402
- Add external link icon to list of repositories in importer. !39442
- Add target_type to audit_events. !39461
- Enable read SPDX catalogue from local copy. !39463
- Show runbook for alert in detail view. !39477
- Link to logs from GitLab-managed alert metrics. !39487
- Add SECRET_DETECTION_EXCLUDED_PATHS env var. !39523
- Add pipeline_artifacts_size to project_statistics. !39607
- Setup basic level telemetry for navigation. !39638
- Update gitlab-shell to v13.6.0. !39675
- Empty State for the Incident list. !39718

### Other (69 changes, 9 of them are from the community)

- Remove globe icon from explore projects dropdown. !21659
- Remove mr_tabs_position feature flag. !29340 (Lee Tickett)
- Improve Elasticsearch Reindexing documentation. !29788
- Remove createIssues logic from list model. !32236 (nuwe1)
- Unify Prometheus metric initialization by always using inline transaction metrics. !32980
- Adds models and tables for cluster agent and cluster agent tokens. !33228
- Remove updated_at column on audit_events table. !35690
- Replace fa-pencil-square-o icons with GitLab SVG icons. !36059
- Replace fa-rss with GitLab SVG icon. !36553
- Limit project moved e-mails to maintainers/owners. !36665
- Backfill personal snippets statistics. !36801
- Set default bullet char character as - when generating markdown in Static Site Editor. !36820
- Replace <gl-deprecated-button> with <gl-button> in app/assets/javascripts/pipelines/components/graph/linked_pipeline.vue. !36968
- Replace fa-link icons with GitLab SVG link icon. !36973
- Consolidate issuable_header_warning for both MR and issue. !37043
- Remove index from chat_names and service_id. !37054
- Making component diagram click-friendly. !37147 (Arjun Pravin @Sgt.Arjun)
- Replace fa-pause with pause svg. !37149
- Replace fa-replace icon with svg. !37228
- Replace fa-key icon with svg. !37251
- Remove app_server_type from top level usage ping. !37279
- Update GitLab Runner Helm Chart to 0.19.0. !37292
- Use ES6 methods instead of `for` loops. !37324 (allenlai18)
- Remove legacy pipeline processing service and FF ci_atomic_processing. !37339
- Cleanup migration to drop temporary table untracked_files_for_uploads if exists. !37352
- Fix the MR number in CHANGELOG. !37399
- Immediately update project statistics when running housekeeping or repository cleanup. !37579
- Update GitLab Runner Helm Chart to 0.19.1. !37583
- Add index to resource_milestone_events for add actions. !37636
- Capitalize CloudFlare in documentation. !37704 (Takuya Noguchi)
- Use Cloudflare in comments. !37764 (Takuya Noguchi)
- Update $gray-400 hex and replace instances of $gray-400 with $gray-200. !37813
- Add link to issue details page from Incident list page. !37814
- Remove link to Cloudflare cert for Pages. !37876 (Takuya Noguchi)
- Add incident state columns. !37889
- Move file store updates and mount_uploader into a concern. !37907
- Set appropriate timeouts for PrometheusClient. !37924
- Remove GitlabIssueTrackerService database records. !37931
- Remove title and description columns from services table. !37936
- Fix misalignment of download icon on jobs page. !37966
- Automatically calculate the database connection pool size. !38049
- Remove per-web-transaction redis metrics. !38101
- ee Updating $gray-500 hex value and replacing instances with $gray-300. !38229
- Removes the old UI page. !38277
- Log raw pre-receive message in fast-forward merge. !38354
- Replace times-circle with GitLab SVG clear icon. !38409
- Add telemetry for instance-level and template integrations. !38459
- Add group_id column to the services table. !38499
- Replace fa-play/pause icons with svg. !38535
- Add telemetry for projects inheriting instance settings. !38561
- Move button in Settings > Webhooks to the right. !38650
- Replace deprecated button on vulnerability details page. !38679
- Collect node CPU and memory utilization in usage ping. !38681
- Improve unfurling support for /search. !38699
- Add can_push column to group_deploy_keys_groups table. !38714
- Log raw pre receive error for create branch service. !38749
- Change to glbutton component in CI variables list. !38757
- Replace deprecated buttons in dashboard header. !38830
- Remove :gzip_diff_cache feature flag. !38838
- Replace some fa-trash icons with GitLab SVG remove icon. !38964
- Productivity Analytics: Improve error message when query takes too long to calculate. !39074
- Adds an environment variable override to disable unstructured logs. !39109
- Remove not-null constraint on type column in audit_events. !39192
- Set longer Prometheus timeouts in PrometheusService. !39318
- Use active version of Redis for an example. !39404 (Takuya Noguchi)
- Remove FF ci_composite_status and related codes. !39498
- Remove a card-small class from HAML files. !39550 (Takuya Noguchi)
- Provide versioning support to Sidekiq workers. !39562
- Replace fa-pencil icon with GitLab SVG. !39648


## 13.2.8 (2020-09-02)

### Security (1 change)

- Protect OAuth endpoints from brute force/password stuffing.


## 13.2.7 (2020-09-02)

### Security (23 changes, 1 of them is from the community)

- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.18.3.


## 13.2.6 (2020-08-18)

- No changes.

## 13.2.5 (2020-08-17)

### Security (2 changes)

- Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy.
- Project access is checked during deploy token authentication.


## 13.2.4 (2020-08-11)

### Security (1 change)

- Add decompressed archive size validation on Project/Group Import. !38736

### Fixed (1 change)

- Fix automatic issue creation via Prometheus alerts. !37884


## 13.2.3 (2020-08-05)

### Security (12 changes)

- Update kramdown gem to version 2.3.0.
- Enforce 2FA on Doorkeeper controllers.
- Revoke OAuth grants when a user revokes an application.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.
- Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled.
- Update GitLab Runner Helm Chart to 0.18.2.


## 13.2.2 (2020-07-29)

### Fixed (3 changes)

- Coerce repository_storages_weighted, removes repository_storages. !36376
- Fix JiraImportUsersInput startAt field. !37492
- Provide better git error message when the user is unconfirmed. !37944

### Changed (1 change)

- Skip mass unconfirming users when send_user_confirmation_email setting is off. !38024


## 13.2.0 (2020-07-22)

### Security (3 changes)

- Unconfirm wrongfully verified email addresses and user accounts. !35492
- Make logrotate run as git user for source installations. !35519
- Replace misleading text in re-confirmation emails. !36634

### Removed (7 changes, 2 of them are from the community)

- Remove deprecated dashboard & group milestone pages. !13237
- Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna)
- Remove all search autocomplete for groups/projects/other. !31187
- Remove temporary datepicker position fix as it is no longer required. !31836 (Arun Kumar Mohan)
- Remove the ability to customize the title and description of some integrations (Bugzilla, Custom Issue Tracker, Redmine, and YouTrack). !33298
- Drop deprecated **_ANALYZER_IMAGE_PREFIX. !34325
- Remove Internet Explorer 11 specific polyfills. !36830

### Fixed (300 changes, 79 of them are from the community)

- Remove broken hyperlink from close and reopen button. !22220 (Lee Tickett)
- Fix 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan)
- Fix back button when switching MR tabs. !29862 (Lee Tickett)
- Remove ability to scroll Issue while in Design View. !29881
- Fix merge request note label URLs. !30428 (Lee Tickett)
- Fix default path when creating project from group template. !30597 (Lee Tickett)
- Fixed issue (#198424) that prevented k8s authentication with intermediate certificates. !31254 (Abdelrahman Mohamed)
- Fix group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta)
- Fix issuable listings with any label filter. !31729
- Move prepend to last in ee-app-services. !31838 (Rajendra Kadam)
- Fallback to lowest visibility level in snippet visibility radio. !31847 (Jacopo Beschi @jacopo-beschi)
- Add class stubs and fix leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam)
- Remove usage of spam constants in spec. !31959 (Rajendra Kadam)
- Fix leaky constant issue in uninstall progress service check. !32036 (Rajendra Kadam)
- Fix leaky constant issue in commit entity spec. !32039 (Rajendra Kadam)
- Fix leaky constant issue in task completion status spec. !32043 (Rajendra Kadam)
- Fix leaky constant issue in admin mode migration spec. !32074 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware server metric spec. !32104 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware client metric spec. !32108 (Rajendra Kadam)
- Fix leaky constant issue in path regex spec. !32115 (Rajendra Kadam)
- Fix leaky constant issue importer and cache headers spec. !32122 (Rajendra Kadam)
- Fix leaky constant issue in relation factory spec. !32129 (Rajendra Kadam)
- Fix leaky constant issue in test coverage spec. !32134 (Rajendra Kadam)
- Prevent emails to user on expiry of impersonation token. !32140
- Fix leaky constant issue in diff collection spec. !32163 (Rajendra Kadam)
- Fix leaky constant issue in migration helpers, with lock retries and ignored cols spec. !32170 (Rajendra Kadam)
- Fix leaky constant issue in factory spec. !32174 (Rajendra Kadam)
- Fix leaky constant issue in creds factory spec. !32176 (Rajendra Kadam)
- Use applogger in project import state file. !32182 (Rajendra Kadam)
- Use applogger in project.rb. !32183 (Rajendra Kadam)
- Use applogger in chat_team.rb. !32184 (Rajendra Kadam)
- Use applogger in repository model. !32185 (Rajendra Kadam)
- Use applogger in build and ssh host key. !32187 (Rajendra Kadam)
- Use applogger in cache attrs and highest role ruby files. !32189 (Rajendra Kadam)
- Use applogger in legacy project and namespace. !32190 (Rajendra Kadam)
- Use applogger in base.rb. !32191 (Rajendra Kadam)
- Use applogger in usage ping and webhook service. !32192 (Rajendra Kadam)
- Use applogger in exclusive_lease_guard. !32194 (Rajendra Kadam)
- Use applogger in groups destroy service and label create service. !32195 (Rajendra Kadam)
- Use applogger in merge_service.rb. !32196 (Rajendra Kadam)
- Use applogger in project create service and after import service. !32198 (Rajendra Kadam)
- Use applogger in update stats service. !32200 (Rajendra Kadam)
- Use applogger in base attachment service. !32201 (Rajendra Kadam)
- Use applogger in export service. !32203 (Rajendra Kadam)
- Use applogger in akismet service. !32205 (Rajendra Kadam)
- Use applogger in file mover file. !32206 (Rajendra Kadam)
- Use applogger in commit signature worker. !32207 (Rajendra Kadam)
- Use applogger in delete user worker. !32209 (Rajendra Kadam)
- Use applogger in email receiver worker. !32211 (Rajendra Kadam)
- Use applogger in artifact worker. !32212 (Rajendra Kadam)
- Use applogger in new note worker. !32213 (Rajendra Kadam)
- Fix duplicate filename displayed in design todos. !32274 (Arun Kumar Mohan)
- Add value length validations for instance level variable. !32303
- Resolve image overflow at releases list panel. !32307
- Clean up shared/tmp folder after Import/Export. !32326
- Fix creating release evidence if release is created via UI. !32441
- GraphQL hasNextPage and hasPreviousPage return correct values. !32476
- Fix loading and empty state styling for alerts list. !32531
- Resolve incorrect x-axis padding on the Environments Dashboard. !32533
- Fix time_tracking help link. !32552
- Don't display confidential note icon on confidential issue public notes. !32571
- Update container expiration policy database defaults. !32600
- Fix rendering of emojis in status tooltips. !32604
- Remove `:prevent_closing_blocked_issues` feature flag. !32630 (Lee Tickett)
- Hid copy contents button when blob has rendering error. !32632
- Avoid refresh to show endedAt after mutation. !32636
- Fix for metrics creation when saving MR. !32668
- Skip the individual JIRA issues if failed to import vs failing the whole batch. !32673
- Hide "Import from Jira" option from non-entitled users. !32685
- Allow special characters in dashboard path. !32714
- Fix broken help link on operations settings page. !32722
- Allow different in bulk editing issues. !32734
- Fix whitespace changes overgrowing the diff container. !32774
- Improve spacing and wrapping of group actions buttons and stats in group list view. !32786
- Fix "Broadcast Messages" table overflow and button alignment. !32801
- Fix 404 when downloading a non-archive artifact. !32811
- Make commits author button confirm to Pajamas specs. !32821
- Fix filename duplication in design notes in activity feeds. !32823 (Arun Kumar Mohan)
- Prevent multiple Auto DevOps deployment jobs running concurrently when using manual rollout. !32824
- Implement displaying downstream pipeline error details. !32844
- Fix Runner heartbeats that results in considering them offline. !32851
- Conan package registry support for the conan_export.tgz file. !32866
- Fix plural message in account deletion section. !32868
- Fix atomic processing bumping a lock_version. !32914
- AsciiDoc: Add support for built-in alignment roles. !32928 (mnrvwl)
- Fix a bug where some Vue apps would be unable to load when DAG tab is disabled. !32966
- Fix undefined error in Gitlab::Git::Diff. !32967
- Fix spelling error on Ci::RunnersFinder. !32985 (Arthur de Lapertosa Lisboa)
- Fix polling for resource events. !33025
- Fix broken CSS classes inside alert management list. !33038
- Fix bug in snippet create mutation with non ActiveRecord errors. !33085
- Fix overflow issue in MR and Issue comments. !33100
- Fix alignment of button text on the Edit Release page. !33104
- Deduplicate URL parameters when requesting merge request diffs which causes diffs load to fail. !33117
- Fix tabbing through form fields in projects/new flow. !33209
- Fix incorrect commit search results returned when searching with ref. !33216
- Issue list page shows correct status for moved re-opened issues. !33238
- Fix NoMethodError by using the correct method to report exceptions to Sentry. !33260
- Fix KaTeX font paths. !33338
- Resolve Fix Incomplete Kubernetes Cluster Status List. !33344
- Fix auto-merge not running after discussions resolved. !33371
- Fix bug in snippets updating only file_name or content. !33375
- Resolve "WebIDE displays blank file incorrectly". !33391
- Fix invisible emoji modal on Set Status form when clicked the second time. !33398
- vertically center action icon in the CI pipeline. !33427 (Nathanael Weber)
- Wrap auto merge parameters update in database transaction. !33471
- Return 404 response when redirecting request with invalid url. !33492
- Fix ambiguous string concatenation on CleanupProjectsWithMissingNamespace. !33497
- Fix snippet repository import edge cases. !33506
- Rust CI template: Replace --all with --workspace on cargo test. !33517 (Markus Becker)
- Make markdown textarea links tab-accessible. !33518
- Pass hard delete option to snippets bulk destroy. !33520
- Fix CI rules for ECS related jobs. !33527
- Update GitLab Workhorse to v8.34.0. !33543
- Fix snippet repository import fail with older export files. !33584
- Web IDE: Create template files in the folder from which new file request was made. !33585 (Ashesh Vidyut)
- Improve header acccessibility. !33603
- Remove non migrated snippets from failed imports. !33621
- Prevent duplicate issues when importing from CSV. !33626
- Fix sidebar spacing for alert details. !33630
- Fix linking alerts to created issues for the Generic alerts intergration. !33647
- Resolve spacing ux debt on Release assets form field. !33684
- Fix pagination link header. !33714 (Max Wittig)
- When clicking multiple times to leave a single comment, the input field should remain focused. !33742
- Allow wiki pages with +<> characters in their title to be saved. !33803
- Fix force_remove_source_branch not working in API. !33804
- Fix prometheus alerts not being automatically created. !33806
- Fix pagination for resource label events. !33821
- Fix pagination for resource milestone events api. !33845
- Return code navigation path for nil diff_refs. !33850
- Record audit event when an admin creates a new SSH Key for a user via the API. !33859 (Rajendra Kadam)
- Do not create duplicate issues for exising Alert Management alerts. !33860
- Add link text to collapsed left sidebar links for screen readers. !33866
- Update text in error tracking list error message. !33872
- Ensure that alerts are shown when prometheus service is active. !33928
- Fixed dashboard YAML file validaiton for files which do not contain object as root element. !33935
- Fix design note scrolling. !33939
- Updated the Android CI Script. !34007 (s-ayush2903)
- Update validates_hostname gem with support for more TLDs. !34010
- Remove default "archived" parameter value from Groups API's projects endpoint. !34018 (Justin Sleep)
- Fix approval rule type when project rule has users/groups. !34026
- Update wording of addMultipleToDiscussionWarning. !34088
- Show all storages in settings. !34093
- Set author as nullable in snippet GraphQL Type. !34135
- Fix rendering of very long paths in merge request file tree. !34153
- Fix 500 errors and false positive warnings during metrics dashboard validation. !34166
- Remove not null constraint from events tables. !34190
- Ensure we always generate a valid wiki event URL. !34191
- Send information about attached files to the GraphQL mutation. !34221
- Update issue limits template to use minutes. !34254
- Add route for the lost-and-found group and update the route of orphaned projects. !34285
- Make markdown textarea buttons tab accessible. !34300
- GraphQL - properly handle pagination of millisecond-precision timestamps. !34352
- Fix 500 error in BlobController#delete. !34367
- Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup, a fix for multiline K8S_SECRET variables, updated Helm to 2.16.7 and glibc to 2.31. !34399 (verenion)
- Updates Helm version to 2.16.7, which has some fixes. !34452
- Align "External" access level row in the user admin form. !34455 (Eduardo Sanz @esanzgar)
- Fix issues with scroll on iOS / iPad OS. !34486
- Add environment_scope filter to ci-variables API. !34490
- Fix order of integrations to be sorted alphabetically. !34501
- Fix undefined method error. !34522
- Fix static site editor raw (has front matter) <-> body (lacks front matter) content changes sync. !34523
- Use Keys::DestroyService for deleting an SSH key when an admin deletes a key via the API. !34535 (Rajendra Kadam)
- Removed default artifact name for Terraform template. !34557
- Record audit event when a user creates a new SSH Key for themselves via the API. !34645 (Rajendra Kadam)
- Restrict alert assignee user search to current project in alert management details. !34649
- Limit alert assignment to only users who can read alerts. !34681
- Use Keys::DestroyService for deleting an SSH key when a user deletes a key via the API. !34718 (Rajendra Kadam)
- Use GpgKeys::CreateService when an admin creates a new GPG key for a user. !34737 (Rajendra Kadam)
- Sort code coverage graph in ascending order. !34750
- Fix Issue sticky title URL hash offset. !34764
- Fix broken todo GraphQL API filtering when filtering by type. !34790
- Use GpgKeys::CreateService when a user creates GPG keys for themselves via the API. !34817 (Rajendra Kadam)
- Expand healtchecks `500`s when DB is not available. !34844
- Assign plan_id when building a new plan limit. !34845
- Fix 500 errors with filenames that contain glob characters. !34864
- Avoid updating snippet content when snippet_files content is not present. !34865
- Ensure original repository is archived after a shard move. !34895
- Fix issue suggestion text color on dark mode. !34899
- Enclose `release-cli` steps in an array. !34913
- Add DestroyService for GPG keys and use for deleting GPG keys via API. !34935 (Rajendra Kadam)
- Resolve Misleading message displays when MR request is first submitted. !34958
- Cancel review app deployment when MR is merged. !34960
- Add RSpecs for Gitlab::Emoji module. !34980 (Rajendra Kadam)
- Fix directory and last commit not loading for some filenames. !34985
- Fix confidential warning not showing the issuable type. !34988
- Fixed mermaid not rendering when switching diff tabs. !35023
- Use GpgKeys::DestroyService when a user deletes GPG keys for themselves via the API. !35033 (Rajendra Kadam)
- Fix alignment of navigation theme options. !35041
- Support fenced code blocks in Atlassian Document Format converter. !35065
- Fixed size limit for too large snippets. !35076
- Don't include changes in webhook payload when old associations are empty. !35158
- Fix release assets for Guest users of private projects. !35166
- Properly set CI_DEPLOY_FREEZE variable in pipelines. !35226
- Move 'Delete comment' button to bottom of 'More actions' list. !35237
- Only run DAST job if Kubernetes active. !35259
- Add instrumentation to Gitaly streamed responses. !35283
- Fix pages_url for projects with mixed case path. !35300
- Ensure .git/config is updated for forks. !35305
- Defer updating .git/config for imported projects. !35308
- Redirect wiki edit actions for missing pages. !35350
- Fix styling bug for disabled merge button. !35365
- Static Site Editor can’t be opened in projects belonging to a subgroup. !35378
- Resolve timeout in admin/jobs. !35385
- Fix job log text color in dark mode. !35387
- Minor UI fixes for Issue page in dark mode. !35395
- Disable ILM on ELK vendor yaml. !35398
- Improve alert list spacing. !35400
- Fix path conflict for Ghost on UpdateRoutesForLostAndFoundGroupAndOrphanedProjects. !35425
- Add tiller.log to Auto DevOps deployment job artifacts when AUTO_DEVOPS_DEPLOY_DEBUG is set. !35458
- Resolve [Un]Assign Issue to/from Comment Author Action Visibility. !35459
- Add email and email_verified claims to OAuth ID token. !35468 (André Hänsel)
- Make ProjectUpdateRepositoryStorageWorker idempotent. !35483
- Project bot users should always have their emails confirmed by default. !35498
- Only show open Merge Requests in Web IDE. !35514
- Remove Edit dashboard button from self monitoring dashboard. !35521
- Guard against data integrity issues when canceling review app jobs. !35555
- Use FLOAT_TYPE for storage limit. !35559
- Enforce prometheus metric uniqueness across project scope. !35566
- Use full version instead of short version for Sentry Error Release links. !35623
- Propagate error on FF pre-receive failure. !35633
- Support multiple mailboxes incoming email check. !35639
- Fix Profile Applications page to be shown in correct locale. !35661
- Fix 404 when importing project with developer permission. !35667
- Fix incorrect text escaping in the Static Site Editor. !35671
- Use the user's preferred language as default. !35676
- Create associated routes when a new bot user is created. !35711
- Prevent autosave when reply comment via cmd+enter. !35716
- Fix border-radius-base SCSS value. !35740
- Fix alert sort styling issues. !35741
- Change the sort order for alert severity and status. !35774
- Fix unique case where static site editor's custom renderer for identifier syntax didn't robustly handle inline code. !35775 (Derek Knox)
- Save show whitespace changes. !35806
- Fix existing repository_storages_weighted migrations. !35814
- Fix error 500s creating new projects due to empty weights. !35829
- Fix rendering alert issue description field. !35862
- Fixed translation errors on MR Widget. !35888
- Fix 500 errors with invalid access tokens. !35895
- Change PrometheusMetrics identifier index. !35912
- Backfill missing routes for Bot users. !35960
- Add generic message when no pipeline in MR. !35980
- Conditionally render Docker row checkbox. !36000 (gfyoung)
- Fix missing avatar in MR widget. !36034
- Fix comment loading error in issues and merge requests. !36043
- Fix routing for paths starting with help and projects. !36048
- Fix infinite loading spinner for related merge requests on commit pipelines tab. !36077
- Use error.message instead of error in importer.log. !36104
- Remove hardcoded reference to gitlab.com in NPM .gitlab-ci.yml template. !36124
- Remove dashboard panels' tabindex where is not needed. !36168
- Fix Project#pages_url not to downcase url path. !36183
- Remove border from related merge requests/issues counter. !36272
- Fail jobs that fail to render registration response. !36274
- Sort metrics dashboard panels and groups using a stable sort. !36278
- Remove HTML link from plain text mail. !36301
- Fix wrong value of checkbox in integration form. !36329
- Add a Rake task to fix incorrectly-recorded external diffs. !36353
- Fix single file editor with long branch name. !36371
- Allow self monitoring dashboard to be duplicated. !36433
- Propagate DS_JAVA_VERSION for dependency scanning. !36448
- Fix to display speech bubble on hover over image on commits page. !36470 (Adam Alvis @adamalvis)
- Fix to remove speech bubble on hover over image on MR Overview tab. !36474 (Adam Alvis @adamalvis)
- Add DOCKERFILE_PATH to Auto DevOps workflow:rules. !36475
- Show symlink icon in repository browser. !36524
- Snippet comments where any line begins with a slash following an alphabetic character can't be published. !36563
- Exclude services relation from Project Import/Export. !36569
- Permanently close Jira import success alert. !36571
- Fix dashboard schema validation issue. !36577
- Refactor issues controller spec to fix SaveBang Cop. !36582 (Rajendra Kadam)
- Fix positioning of mr/issue count. !36621
- Update to Grape v1.4.0. !36628
- Fix API errors when null value is given for the bio. !36650
- Avoid 500 errors with long expiration dates in tokens. !36657
- Remove CI/CD variable validations on AWS keys. !36679
- Ensure to run unassign issuables worker when not in a transaction. !36680
- Mark existing Project Bot Users as confirmed. !36692
- Fix error message when saving an integration and testing the settings. !36700
- Do not depend on artifacts from previous stages in Auto DevOps deployments. !36741
- Delete tracking records on partitioning migration rollback. !36743
- Updates Helm version to 2.16.9 which has some fixes. !36746
- Web IDE: Page title should not be .editorconfig when the IDE is first loaded. !36783
- Removes fixes that broke the pipeline table. !36803
- Refactor group controllers specs to fix SaveBang Cop. !36853 (Rajendra Kadam)
- Fix the default metrics dashboard to work on K8s versions 1.12 to 1.16. !36863
- Fix incorrect marking MR as Draft. !36869
- Use an array for fetching same_family_pipeline_ids. !36883
- Remove extra Secret-Detection job on merge requests. !36884
- Remove Rails Optimistic Locking monkeypatch. !36893
- Refactor projects controllers specs to fix SaveBang Cop. !36920 (Rajendra Kadam)
- Fix background overflow when design note is selected. !36931
- Fix bulk editing labels bug. !36981
- Fix not being able to add more than one CI variable through the UI. !37001
- Uses --set-string to avoid Helm confusion over short SHA vs Scientific Notation. !37004 (Bryan H. @galador)
- Fix displaying import errors from server. !37073
- Fix failing dashboard schema validation calls. !37108
- Fix showing MLC form on replies. !37139
- Set experiementation cookie for GitLab domain only.
- Prevent duplicate health status text on epics.
- Add DS detection of build.gradle.kts.
- Fix for test report link in MR widget.
- Footer system message fix.

### Deprecated (1 change, 1 of them is from the community)

- Remove the unused worker code and its queue. !32595 (Ravishankar)

### Changed (191 changes, 9 of them are from the community)

- Deduplicate labels with identical title and project. !21384
- Add a GraphQL endpoint to fetch Jira projects through its REST API. !28190
- Change legends in monitor dashboards to tabular layout. !30131
- Move pipelines routing under /-/ scope. !30730
- Set markdown toolbar to use hyphens for lists. !31426
- Use sprites for comment icons on Commits. !31696
- Rate limit project export by user. !31719
- Reorder diffs compare versions dropdowns. !31770 (Gilang Gumilar)
- Enable the `in this group` action in the Search dropdown. !31939
- Externalize i18n strings from ./app/views/shared/_promo.html.haml. !32109 (Gilang Gumilar)
- Add Usage Ping count for all searches. !32111
- Add tags_count to container registry api and controller. !32141
- Externalize i18n strings from ./app/views/shared/milestones/_sidebar.html.haml. !32150 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_form_dates.html.haml. !32162 (Gilang Gumilar)
- Improve Container Registry UI header. !32424
- Added node size to cluster index. !32435
- Enable display of wiki events in activity streams. !32475
- Update operations metrics settings title and description to make them general. !32494
- Track merge_requests_users usage data. !32562
- Adds cluster CPU and Memory to cluster index. !32601
- Allow the snippet create service to accept an array of files. !32649
- Move review related controllers/workers outside EE. !32663
- Move the Members section from settings to the side nav for projects. !32667
- Show more context in unresolved jump button. !32737
- Exclude extra.server fields from exceptions_json.log. !32770
- Improve new/unknown sign-in email styling. !32808
- Allow the snippet update service to accept an array of files. !32832
- Add new issue link to email notification header. !32833
- Bump cluster-applications to 0.17.0, which updates Runner to 0.17.0 and Cilium to 1.7.4. !32931
- Update artifacts section to show when an artifact is locked. !32992
- Show clone button on project page for readme preference. !33023
- Include tag count in the image repository list. !33027
- Clean up gitlab-shell install-from-source path. !33057
- Increase LFS token default time to 2 hours. !33140
- Add the unique visits data to the usage ping. !33146
- Add explicit mention of Merge request in Slack message. !33152
- Expose `release_links.type` via API. !33154
- Add link_type column to release_links table. !33156
- Move broadcast notification dismiss button to the top. !33174
- Remove null constraint for JID in GroupImportState. !33181
- Added provider type icon to cluster list. !33196
- Remove search icon from Project find file button. !33198
- Refine SAST language detection by frameworks. !33226
- Render Merge request reference as link. !33248
- Upgrade to Gitaly v13.1.0-rc1. !33302
- Render Merge request reference as link in email templates. !33316
- Show disabled suggestion button with tooltip message. !33357
- Add update validations to SnippetInputAction. !33379
- Add snippet DB visibility check in spec. !33388 (Jacopo Beschi @jacopo-beschi)
- Add Hugo logo to project templates. !33402
- Add GitBook logo to project templates. !33403
- Add GoMicro logo to project templates. !33404
- Add Jekyll logo to project templates. !33405
- Add Hexo logo to project templates. !33406
- Add UI to disable Service template when instance-level integration is active. !33490
- Rename Add Designs button. !33491
- Add CPU, memory usage charts to self monitoring default dashboard. !33532
- Add database migrations to design_management_designs.filename to enforce a 255 character limit, and modify any filenames that exceed that limit. !33565
- Track Sentry error status updates with dedicated actions. !33623
- Alert Managament: Change sorting order to have newest alerts first. !33642
- Add blobs field to SnippetType in GraphQL. !33657
- Move Usage activity by stage for Configure to Core. !33672
- Format metrics column chart x axis dates. !33681
- Emit Bitbucket Server Importer metrics. !33700
- Style ToastUI contextual menus. !33719
- Update Auto deploy image to v0.16.1, introducing support for AUTO_DEVOPS_DEPLOY_DEBUG. !33799
- Add whether instance has Auto DevOps enabled to usage ping. !33811
- Update local IP address and domain name allow list input label. !33812
- Add date time format to the monitor stacked-column chart. !33814
- Allow Tf Plan to genrate multiple reports. !33867
- Report all unique users for Secure scanners. !33881
- Remove async_merge_request_check_mergeability feature flag. !33917
- Filter potentially-sensitive Sidekiq arguments from logs and Sentry. !33967
- Update Static Site Editor toolbar to group inline-code and code-block buttons together. !34006
- Set default values for SAST_EXCLUDED_PATHS and DS_EXCLUDED_PATHS. !34076
- Add ability to filter self monitoring resource usage charts by instance name. !34084
- Add skeleton loader to cluster list. !34090
- Pick repository storage based on weight. !34095
- Use IP or cookie in known sign-in check. !34102
- Prevents editing of non-markdown kramdown content in the Static Site Editor's WYSIWYG mode. !34185
- Display error for YAML files that are too large. !34199
- Change copy of webhooks / integration help text. !34301
- Use CodeQuality 0.85.10 in the CI template. !34329
- Update board header icons. !34366
- Show Redis instance in performance bar. !34377
- Extend members REST API with the option to unassign Issues and Merge Requests when member leaves team. !34388
- Reorder snippets in lists using `updated_at` column. !34393 (Dibyadarshi Dash @ddash2)
- Add files argument to snippet create mutation. !34449
- Consolidate object storage config in one place. !34460
- Add secret detection template to Auto DevOps. !34467
- Add contextual menu to single stat panels. !34497
- Add allowed actions to snippet input action. !34499
- Add files argument to snippet update mutation. !34514
- Change from vendor specific to Gitlab. !34576
- Enable `:ci_release_generation` feature flag by default. !34633
- Update gl-toggles with deprecated attributes. !34660
- Adjust verbiage on repository storages settings page. !34675
- Change redirect path after integration save. !34697
- Refine UI of integration form. !34707
- Change CI variable font family to monospace. !34788 (Aaron Walker)
- Rename GraphQL AwardEmoji mutations to follow naming conventions, deprecating the old mutations. !34798
- Improve error message when unconfirmed user tries to log in. !34818
- Update LFS setting label. !34829 (George Tsiolis)
- Display error if metrics dashboard YAML is too large. !34834
- Add expand/collapse view to Terraform MR widget. !34879
- Expose storage size limit for namespaces in GraphQL. !34882
- Resolve Add no graph empty state for DAG. !35053
- Remove pending and running tabs from pipelines list and remove count from finished tab. !35062
- Stop removing NaN values from monitoring data series. !35086
- Multiple Kubernetes clusters now available in GitLab core. !35094
- Include snippets size in project statistics. !35120
- Add parallel persistence for author_name on AuditEvent. !35130
- Convert the Image tag UI from a table to a list view. !35138
- Add personal and project snippet monthly counters to usage data. !35155
- Exclude integrations (services) from Project Import/Export. !35249
- Parameterize PG deprecation notice. !35271
- Add inapplicable reason in MR suggestion Tooltip. !35276
- Add snippets_size to namespace_root_storage_statistics. !35311
- Rename Container Expiration Policies to Cleanup policy for tags. !35315
- Expose snippets_size in ProjectStatistics Entity. !35316
- Add snippets_size to ProjectStatistics GraphQL type. !35319
- Update snippet and project statistics after certain events. !35340
- Update the static site editor's markdown mode text to monospace to better reflect a code-editing experience. !35347 (Derek Knox)
- Resolve Remove button row from environments empty state. !35413
- Track last activity for Personal Access Token. !35471
- Add GitLab username and name to the import users from Jira mutation response. !35542
- Use local Tiller by default for GitLab-managed apps. !35562
- Hide cleanup button for clusters with management project. !35576
- Update integration form to use GitLab UI components. !35582
- Add snippets_size to Group entity. !35585
- Add snippets_size to RootStorageStatisticsType. !35586
- Move merge_requests_users metric to stage section. !35593
- Include snippets_size statistic inside RootStorageStatistics. !35601
- Accept multiple blobs in snippets. !35605
- Replace FA exchange icon with GitLab SVG. !35634
- Require namespace path (and username) to be at least 2 chars long. !35649
- Remove count for pending/running/finished pipelines in tabs. !35693
- Display commits search in mobile & adjust text. !35702
- Open source cluster health dashboard and make it available to all users. !35721
- Update snippet statistics after project import. !35730
- Remove the second prompt to accept or decline an invitation. !35777
- Track wiki page views in Snowplow. !35784
- Use the application's default_branch_name when available when initializing a new repo with a README. !35801
- Use native Gitaly pagination for Branch list API. !35819
- Move file link to bottom in Web IDE. !35847
- Package APIs moved to core. !35919
- Allow setting extra tags for Sentry exceptions with GITLAB_SENTRY_EXTRA_TAGS. !35965
- Include personal snippets size in RootStorageStatistics. !35984
- Change Alert fingerprint index to run when status is not resolved. !36024
- Update namespace statistics after personal snippet update/removal. !36031
- Add details rows to Container Registry Tags List. !36036
- Add raw snippet repository file endpoint to API. !36037
- Move monitor stage usage activity to CE. !36067
- Move release stage usage activity to CE. !36083
- Move create stage usage activity to CE. !36086
- Move plan stage usage activity to CE. !36087
- Move manage stage usage activity to CE. !36089
- Move verify stage usage activity to CE. !36090
- Move alert integrations setting to Vue. !36110
- Use new vuex store for code quality MR widget. !36120
- Remove non-unique index on `merge_request_metrics.merge_request_id` column. !36170
- Cleanup policies: display API error messages under form field. !36190
- Replace fa-comment / fa-comments icons with GitLab SVG. !36206
- Update `rack-timeout` to `0.5.2`. !36289
- Bring SAST to Core - eslint. !36392
- Replace initial dashboard loading state with a loading spinner, show dashboard skeleton earlier with smaller loading indicators. !36399
- Merge tslint secure analyzer with eslint secure analyzer. !36400
- Expose issue ID via GraphQL. !36412
- Add broken tag state to tags list items. !36442
- Fix UI quirks with pipeline schedule cron options. !36471
- Update eslint secure analyzer to analyze jsx. !36505
- Display informative error for status updates on duplicate alerts. !36527
- Change default value in application_settings.issues_create_limit to be 0. !36558
- Expose approvals fields for FOSS FE. !36564
- Move service desk feature to core. !36613
- Check WIP status after all other possible statuses. !36624
- Add new models for DAST site profiles as part of DAST on-demand scans. !36659
- Add date to x-axes timestamps. !36675
- Make the Design Collection more visible in the Issue UI. !36681
- Add correlation between trigger job and child pipeline. !36750
- Static Site Editor: Set default sublist indent spaces to four space characters. !36756
- Add managed-apps section in log explorer. !36769
- Use a Confluence icon for the project Confluence integration nav item. !36780
- Remove file_path validation in snippet create action. !36809
- Improve animations of design note selection in design management. !36927
- Add entity_path column to audit_events table. !37041
- Make DAG annotations stick. !37068
- Support multiple files when editing snippets. !37079
- Change loading MR message wording. !37181
- Assign alerts sidebar base.
- Improved UX of the code navigation popover.

### Performance (50 changes, 1 of them is from the community)

- Improve performance of commit search by limiting the number of results requested. !32260
- Add GraphQL lookahead support. !32373
- Update index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial index for secret_detection. !32584
- Add index on id and type for Snippets. !32885
- Use build_stubbed to avoid interacting with the DB in todos helper specs. !32906 (Arun Kumar Mohan)
- Optimize SQL queries on Milestone index page. !32953
- Add build report results data model. !32991
- Improve the performance for loading large diffs on a Merge request. !33037
- Adjust condition for partial indexes on services table. !33044
- Add index to issues and epics on last_edited_by_id. !33075
- Fix preconnect typo in rel link. !33255
- Add project_id, user_id, status, ref index to ci_pipelines. !33290
- Move migration related to ci_builds to post_deployment. !33416
- Remove need to call commit (gitaly call) in ProjectPipelineStatus. !33712
- Reduce redundant queries for Search API users scope. !33795
- Speed up boot time in production. !33929
- Harden CI pipelines usage data queries with an index. !34045
- Use snapshot transfers for repository shard moves when possible. !34113
- Add partial index on locked merge requets. !34127
- Improve pipeline index controller performance by resolving Gitaly N+1 calls. !34160
- Lazy load commit_date and authored_date on Commit. !34181
- Optimize container repository for groups query. !34364
- Further improve the performance for loading large diffs on a Merge request. !34516
- Paginate the notes incremental fetch endpoint. !34628
- Optimize rolling 28 days snippets counter. !34918
- Only load project license if needed. !35068
- Improve query to retrieve job artifacts with files stored locally. !35084
- Preload commits markdown cache. !35314
- Use BatchLoader for Project.forks_count to limit calls to Redis. !35328
- Rework hardening CI pipelines usage data queries with an index. !35494
- Performance improvement for job logs. !35504
- Define a namespace traversal cache. !35713
- MR diff migration: perform I/O outside of database transaction. !35734
- Resolve N+1 in Search API projects scope. !35833
- Optimize deployment counters for last 28 days. !35892
- Trigger stackprof by sending a SIGUSR2 signal. !35993
- Improve the search performance for merge requests. !36072
- Reduce number of scanned commits for code intelligence. !36093
- Improve snippet finders queries. !36292
- Swap Grape over to Gitlab::Json. !36472
- Add oj gem for faster JSON. !36555
- Replace fa-eyes-slash icons with GitLab SVG eye-slash icon. !36602
- Avoid N+1 calls for image_path when rendering commits. !36724
- Enable BulkInsertSafe on Ci::BuildNeed. !36815
- Remove optimized_count_users_by_group_id feature flag. !36953
- Remove unindexed condition on label transfer. !37060
- Speed up project creation for users with many projects. !37070
- Split query for code-nav path into two queries. !37092
- Use memoized start/finish for metrics based on issues table. !37155
- Enable CI Atomic Processing by default.

### Added (298 changes, 23 of them are from the community)

- Release generation via gitlab-ci.yml documentation. !19237
- Add rake task to verify encrypted data through secrets. !21851
- User can apply multiple suggestions at the same time. !22439 (Jesse Hall)
- Resolve Add a button to assign users who have commented on an issue. !23883
- Add custom emoji model and database table. !24229 (Rajendra Kadam)
- Resolve Graph code coverage changes over time for a project. !26174
- Add doc for custom validators in api styleguide. !26734 (Rajendra Kadam)
- Add Scheduled Job for Monitoring Monitor Group Demo Environments. !27360
- Add setting to allow merge on skipped pipeline. !27490 (Mathieu Parent)
- Add dark theme (alpha). !28252
- Show estimate on issues list. !28271 (Lee Tickett)
- Make Fixed Email Notification Generally Available. !28338 (jacopo-beschi)
- Add a link to the `renamed` viewer to fully expand the renamed file (if it's text). !28448
- Focus and toggle metrics dashboard panels via keyboard. !28603
- Remove `scoped_approval_rules` feature flag. !28864 (Lee Tickett)
- Create Group import UI for creating new Groups. !29271
- Add finder for group-level runners. !29283 (Arthur de Lapertosa Lisboa)
- Allow customization of badge key_text and key_width. !29381 (Fabian Schneider @fabsrc)
- Support Workhorse directly uploading files to S3. !29389
- Add frontend support for multiline comments. !29516
- Support first_name and last_name attributes in LDAP user sync. !29542
- Link to test reports from MR Widget. !29729
- Add link to status page detail view for status page published issues. !30249
- Add metrics dashboard name to document title. !30392
- Backfill StatusPage::Published incidents and enable a publish quick action for EE. !30906
- Add missing Merge Request fields. !30935
- Show build status on branch list. !30948 (Lee Tickett)
- Add mutation to create commits in GraphQL. !31102
- Support quick actions when editing issue, merge request, and epic descriptions. !31186
- Add GraphQL support for authored and assigned Merge Requests. !31227
- Add usage data metrics for terraform states. !31280
- Add usage data metrics for terraform reports. !31281
- Add API endpoint for listing bridge jobs. !31370 (Abhijith Sivarajan)
- SpamVerdictService can call external spam check endpoint. !31449
- Move Admin note feature to GitLab Core. !31457 (Rajendra)
- Add DAG serializer for pipelines controller. !31583
- Save repository storages in application settings with weights. !31645
- Add API endpoint for resource milestone events. !31720
- Show import in progress screen for group imports. !31731
- Add Verify/FailFast CI template. !31812
- Improve Add/Remove Issue Labels API. !31864 (Lee Tickett)
- Add mutation to create a merge request in GraphQL. !31867
- Add warning popup for Elastic Stack update. !31972
- Add API support for sharing groups with groups. !32008
- Add the container expiration policy attribute to the project GraphQL type. !32100
- Add GraphQL support for project and group labels. !32113
- Add number of database calls to Prometheus metrics and logs for sidekiq and request. !32131
- Filter pipelines by status. !32151
- Filter pipelines based on url query params. !32230
- Add metrics for Redis usage during Sidekiq job execution. !32265
- Add filters to merge request fields. !32328
- Support reading .editorconfig files inside of the Web IDE. !32378
- [Frontend] Resolvable design discussions. !32399
- Table index added to `metrics_dashboard_annotations` for future pruning of stale metrics Annotations for metrics dashboards are now checked for valid start and end dates. !32433
- Enable GitLab-Flavored Markdown processing for design links. !32446
- Filter Pipelines by Tag Name. !32470
- Adds sorting by column to alert management list. !32478
- Add project specific repository storage API. !32493
- Adapt Limitable for system-wide features. !32574
- Add application limits to instance level CI/CD variables. !32575
- Add model for project level security auto-fix settings. !32577
- Expose Jira imported issues count in GraphQL. !32580
- Organize alerts by status tabs. !32582
- Add note to ECS CI template. !32597
- Add metrics for Redis usage during web requests. !32605
- Add database and GraphQL support for alert assignees. !32609
- Set fingerprints and increment events count for Alert Management alerts. !32613
- Process stuck jira import jobs. !32643
- Allow user to add custom links to their metrics dashboard panels. !32646
- Add tags to experimental queue selector attributes. !32651
- Allow generic endpoint to receive alerts from external Prometheus. !32676
- Customize the Cloud Native Buildpack builder used with Auto Build. !32691
- Add timezone display to alert based issue start time. !32702
- Display dates on metrics dashboards in UTC time zone. !32746
- Store Todo resolution method. !32753
- Add Falco to the managed cluster apps template. !32779
- Add experience_level to user_preferences. !32784
- Add keyboard shortcuts to metrics dashboard. !32804
- Remove metrics dashboard annotations attached to time periods older than two weeks. !32838
- Monitor:Health metrics instrumenation. !32846
- Adds PostHog as a CI/CD Managed Application. !32856
- Groups API has top_level_only option to exclude subgroups. !32870
- Create operations_feature_flags_issues table. !32876
- Allow advanced API projects filtering for admins. !32879
- Add api.js methods to update issues and merge requests. !32893
- Render user-defined links in dashboard yml file on metrics dashboard. !32895
- Create group_deploy_keys_groups intermediate table. !32901
- Add accessibility report MR widget. !32902
- Add a GraphQL mutation for toggling the resolved state of a Discussion. !32934
- Added CI template for Dart. !32942 (agilob)
- Add container expiration policy objects to the GraphQL API. !32944
- Don't hide Commit tab in Web IDE when there are no changes yet. !32979
- Add column for alert slack notifications. !33017
- Add ability to insert an image via SSE. !33029
- Add user root query to GraphQL API. !33041
- Adds groupMembership and projectMembership to GraphQL API. !33049
- Alerts list pagination. !33073
- Add ApplicationSetting ui changes for repository_storages_weighted. !33096
- Resolve Feature proposal: API for import from BitBucket Server. !33097
- Add squash commits options as a project setting. !33099
- Display confirmation modal when user exits SSE and there are unsaved changes. !33103
- Add column dashboard_timezone to project_metrics_setting. !33120
- Allow the assignment of alerts to users from the alert detail view. !33122
- Add solarized dark for Web IDE. !33148
- Add support for artifacts/exclude configuration. !33170
- Add root users query to GraphQL API. !33195
- Added validation for YAML files with metrics dashboard definitions. !33202
- Create issue from alert. !33213
- Add max import file size option. !33215 (Roger Meier)
- Add system note when assigning user to alert. !33217
- Add count of alerts from all sources to usage ping. !33220
- Add button to create an issue from an alert management alert. !33221
- Add more detail to alert integration settings description. !33244
- Add Evidence to Releases GraphQL endpoint. !33254
- Add support for pasting images in the Web IDE. !33256
- Add ProjectAccessToken table. !33272
- Automatically resolve alert when associated issue closes. !33278
- Add Jira Importer user mapping form. !33320
- Add `link_type` to `ReleaseLink` GraphQL type. !33386
- Add setting to enable and disable shared Runners for a group and its descendants. !33411 (Arthur de Lapertosa Lisboa)
- Add  members to project graphQL endpoint. !33418
- Update Static Site Editor WYSIWYG mode to hide front matter. !33441
- Added delete action for Dashboard Annotations in GraphQL. !33468
- Create graphQL endpoint for Jira users import. !33501
- Support IAP protected prometheus installations. !33508
- New instance-level variables UI. !33510
- Add design activity in event streams. !33534
- Allow developer role read-only access to Terraform state. !33573
- Add support for `git filter-repo` to repository cleanup. !33576
- Close open reply input fields in the design view sidebar when leaving a new comment. !33587
- Add dashboard schema validation warnings as metrics dashboard GraphQL field. !33592
- Add time range to user-defined links in metrics dashboard. !33663
- Increase events count for Prometheus alerts. !33706
- Add dashboard validation warning to metrics dashboard. !33769
- Track pod logs refresh action. !33802
- Expose all Jira projects endpoint through a GraphQL. !33861
- Add secret detection template. !33869
- Add new path to access project metrics dashboard. !33905
- Add new raw snippet blob endpoint. !33938
- Add DAG visualization MVC. !33958
- Introduce a feature flag for Vue-based UI for all import providers. !33980
- Add sticky title on Issue pages. !33983
- Allow policies to override parent rules. !33990
- Allow Release asset links to be associated with a type. !33998
- Support user-defined Grafana links in metrics dashboard. !34003
- Adds AWS guidance to CI/CD > Add Variable modal. !34009
- Show custom attributes within Admin Pages. !34017 (Roger Meier)
- Enable Slack notifications for alerts. !34038
- Container expiration policy regular expressions are now validated. !34063
- Add todo when alert is assigned to a user. !34104
- Track merge requests submitted by Static Site Editor. !34105
- Turn off alert issue creation by default. !34107
- Add detailed logs of each Redis instance usage during job execution and web requests. !34110
- Support metrics dashboard with file name. !34115
- Add API to schedule project repository storage moves. !34119
- Update diff discussion positions on demand. !34148
- Add ability for user to manually create a todo for an alert. !34175
- Add validation step on backend for metrics dashboard links. !34204
- Track when Static Site Editor is initialized. !34215
- Bring SAST to Core - brakeman. !34217
- Mask key comments when exposing SSH/Deploy Keys via the API. !34255
- Convert `:release` yaml to `release-cli` commands. !34261
- Validate regex before sending them to CleanupContainerRepositoryWorker. !34282
- Create vulnerability_statistics table. !34289
- Add secret_detection to DOWNLOADABLE_TYPES. !34313
- Enable ability to assign alerts to users with corresponding system notes and todos. !34360
- Rolling 28 day time period counters for snippets. !34363
- Add regex fields to the container expiration policy update mutation. !34389
- Display Multiple Terraform Reports in MR Widget. !34392
- Highlight commented rows. !34432
- Add ci_builds_metadata.secrets column. !34480
- Enable CI Inheriting Env Variables feature. !34495
- Show tooltip on error detail page when hovering over dates. !34506
- Show notification about empty stacktrace. !34517
- Add native code intelligence. !34542
- Add global setting to disable/enable email notification on unknown sign-ins. !34562
- Bump cluster-applications version to v0.20.0. !34569
- Send fixed pipeline notification by default. !34589
- Add search argument for AlertStatusCountsResolver. !34596
- Add clusters_applications_cilium DB table. !34601
- Fetch metrics dashboard templating variable options using a Prometheus query. !34607
- Add Jira users mapping to start Jira import mutation. !34609
- Allow CI_JOB_TOKEN for authenticating to the Terraform state API. !34618
- Search plain text in alert list frontend. !34631
- Trigger unsaved changes warning in snippets on navigating away. !34640
- Add Cilium to the ParseClusterApplicationsArtifactService. !34695
- Use new icon for api preview. !34700 (Roger Meier)
- Remove partial clone feature flag. !34703
- Ability to use an arbitrary YAML blob to create CI pipelines. !34706
- Upgrade GitLab Pages to 1.19.0. !34730
- Add CI_PROJECT_ROOT_NAMESPACE predefined environment variable. !34733
- Add override selector for project-level integrations. !34742
- Create namespace_limits table with additional purchase columns. !34746
- Add mutation to update merge requests. !34748
- Add plan limits for max size per artifact type. !34767
- Add package scope validation to Node.js template. !34778
- Expose project deploy keys for autocompletion. !34875
- Block invalid URLs in metrics dashboard chart links. !34888
- Add release data to GraphQL endpoint. !34937
- Add ref, released_at, milestones to release yml. !34943
- Add option to unassign member from issuables when removing them from a project. !34946
- Add diff stats fields to merge request type. !34966
- Bump Gitaly to v13.2.0-rc1. !34977
- Add prometheus_alert_id and environment_id to Alert management alerts. !34995
- Add full width to single charts in a row. !34999
- Support extensibility for Editor Lite. !35008
- Add snippets_size to ProjectStatistics. !35017
- Add SnippetStatistics model. !35026
- Add metrics settings menu to dashboard header. !35028
- Surface metrics charts on the alert detail page. !35044
- Add milestone stats to GraphQL endpoint. !35066
- Add a custom HTML renderer to the Static Site Editor for markdown identifier syntax. !35077
- Expose ref, milestones, released_at to releaser-cli. !35115
- Add snippet statistics logic. !35118
- Allow files with .md.erb extension for the Static Site Editor. !35136
- Add migration for experimental product analytics table. !35168
- Extend ECS Deploy template with Fargate jobs. !35173
- Upgrade Pages to 1.20.0. !35177
- Automatically close related issue when resolving Alert Management Prometheus Alert. !35208
- Create API to retrieve resource state events. !35210
- Allow diffs to be viewed file-by-file. !35223 (rinslow)
- Add indices for projects with disable_overriding_approvers_per_merge_request. !35224
- Log name of class that failed to obtain exclusive lease. !35228
- Render source job info in TriggeredPipelineEntity. !35232
- Add refresh rate options to dashboard header. !35238
- Add annotation component for DAG. !35240
- Add a custom HTML renderer to the Static Site Editor for embedded ruby (ERB) syntax. !35261
- Display metric label in single stat. !35289
- Add issue column to alert list. !35291
- Expose metrics dashboard URL for alert GraphQL query. !35293
- Allow diffing changes in wiki history. !35330 (gwhyte, Steve Mokris)
- Added support for reordering issues to the v4 API. !35349 (Joel @jjshoe, Lee Tickett @leetickett)
- Add 'not' params to MergeRequests API endpoint. !35391
- Implement GraphQL query to generate JSON for SAST config UI. !35397
- Add system notes for status updates on alerts. !35467
- Enable S3 Workhorse client if consolidated object settings used. !35480
- Rolling 28 day time period counter for deployments. !35493
- Add log statements to Projects::ContainerRepository::DeleteTagsService. !35539
- Provide a label for 'Scheduled Pipeline' in the pipelines overview page. !35554
- Add note about SSH key title being public information. !35574
- Add todo pill styling for resolved alert. !35579
- Add support for Markdown in the user's bio. !35604 (Riccardo Padovani)
- Introduce prepare environment action to annotate non-deployment jobs. !35642
- Add custom Dockerfile paths to Auto DevOps Build stage with DOCKERFILE_PATH. !35662 (thklein)
- Add MergeRequest.diffStatsSummary.fileCount to graphql API. !35685
- Introduces Group Level Delayed Project Removal Setting. !35689
- Update cluster-applications to 0.23.0. !35691
- Resolve user's todo when an alert is resolved. !35700
- Show when alert is new in the Alerts list. !35708
- Convert Import/Export rate limits to configurable application settings. !35728
- Add installed state metrics for Cilium cluster application. !35808
- Add support for linting based on schemas in WebIDE. !35838
- Add a metrics settings button to the dashboard header. !35848
- Prevent a project bot from being removed as member. !35899
- Add background_migration_jobs table to trace background migrations. !35913
- Allow prefixing with Draft to mark MR as WIP. !35940
- FindRemoteRepository is storage scoped. !35962
- Include project and subgroup milestones on Roadmap page. !35973
- Todo Mutations should return the mutated todos. !35998
- Add API support for instance-level Kubernetes clusters. !36001
- Add count to imported Jira issues message. !36075
- Add temporary storage increase column. !36107
- Remove generic_alert_fingerprinting feature flag. !36148
- Upgrade GitLab Pages to 1.21.0. !36214
- Move approvals endpoints to FOSS version. !36237
- Add initial custom HTML renderer to the Static Site Editor to prevent editing in WYSIWYG mode. !36250
- Open new alert when existing alert is resolved. !36261
- Add custom avatars for Alert and Support Bot. !36269
- Add PagerDuty integration columns to `project_incident_management_settings` table. !36277
- Enable Alerts dropdown in Operations Settings. !36296
- Add number of approval project rules to usage ping. !36316
- Add namespace settings table. !36321
- Add a custom HTML renderer to the Static Site Editor for HTML block syntax. !36330
- Expose gitlab managed apps logs inside log explorer. !36336
- Add keyboard shortcut ('b') to copy MR source branch name on MR page. !36338
- Add a custom HTML renderer to the Static Site Editor for font awesome inline HTML syntax. !36361
- Add system note for alert when creating issue. !36370
- Periodically update container registry type settings. !36415
- Expands Jira integration to allow viewing and searching a list of of Jira issues directly within GitLab. !36435
- Show Approve button on merge requests in Core. !36449
- Measure adoption of package registry. !36514
- If a user does not have write access to repo, but a fork exists, the Web IDE button should take them to the fork. !36548
- Enable Batch Suggestins feature flag by default. !36561
- Add default and non-default branch jobs for secret detection. !36570
- Add a custom HTML renderer to the Static Site Editor for markdown identifier instance syntax. !36574
- Add docs for Alert trigger test alerts. !36647
- Support short urls for custom metrics dashboards. !36740
- Update cluster-applications to 0.24.2. !36768
- Add new Confluence integration for projects. !36781
- Add confidential attribute to public API for notes creation. !36793
- Add confidential attribute to graphQL for notes creation. !36799
- Prometheus instances behind Google IAP can now be accessed via manual configurations. !36856
- GraphQL mutation for changing locked status of an issue. !36866
- Default the feature flag to true to always show the default initial branch name setting. !36889
- Enable feature flag 'sectional_codeowners' Sections for Code Owners. !36902
- Add pagination to iterations list. !37052
- Add Jsonnet template for GitLab. !37058
- Enable design activity events by default. !37107

### Other (137 changes, 45 of them are from the community)

- Improve fast-forward merge is not possible message. !22834 (Ben Bodenmiller)
- Add node ci template. !25668
- Deduplicate merge_request_metrics table. !29566
- Remove unused WAF indexes from CI variables. !30021
- Update the visual design of badges in some areas. !31646
- Extract featurable concern from ProjectFeature. !31700 (Alexander Randa)
- Remove update function logic from list model. !31900 (nuwe1)
- Remove nextpage function logic from list model. !31904 (nuwe1)
- Squash database migrations prior to 2019 into one. !31936
- Update deprecated slot syntax in app/assets/javascripts/reports/components/grouped_test_reports_app.vue. !31975 (Gilang Gumilar)
- Replace slot syntax for Vue 3 migration. !31987 (gaslan)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue. !31994 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue. !31995 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue. !32010 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/environments/components/environments_app.vue. !32011 (Gilang Gumilar)
- Remove setLoadingState logic from issue model. !32226 (nuwe1)
- Remove addAssignee logic from issue model. !32231 (nuwe1)
- Remove addLabel Logic from issue models. !32233 (nuwe1)
- Remove addMilestone logic from issue model. !32235 (nuwe1)
- Remove destroy function logic from list model. !32237 (nuwe1)
- Remove findAssignee logic from issue model. !32238 (nuwe1)
- Remove findLabel logic from issue model. !32239 (nuwe1)
- Remove findIssue logic from list model. !32241 (nuwe1)
- Remove moveIssue logic from list model. !32242 (nuwe1)
- Remove moveMultipleIssues logic from issue model. !32243 (nuwe1)
- Remove newIssue logic from list model. !32244 (nuwe1)
- Remove onNewIssueResponse logic from list model. !32245 (nuwe1)
- Remove removeAllAssignees logic from issue model. !32247 (nuwe1)
- Remove removeAssignee logic from issue model. !32248 (nuwe1)
- Clarify verbiage for stuck job messages. !32250
- Remove removeLabel logic from issue model. !32251 (nuwe1)
- Remove removeLabels logic from issue model. !32252 (nuwe1)
- Remove removeMilestone logic from issue model. !32253 (nuwe1)
- Remove removeMultipleIssues logic from list model. !32254 (nuwe1)
- Remove setFetchingState logic from issue model. !32255 (nuwe1)
- Remove updateData logic from issue model. !32256 (nuwe1)
- Update U2F docs for Firefox 67+. !32289 (Takuya Noguchi)
- Update alert management mobile table alignment. !32295
- Include available instance memory in usage ping. !32315
- Moves merge request reviews into Core. !32558
- Update GitLab Runner Helm Chart to 0.17.0. !32634
- Add snowplow tracking for logs page. !32704
- Extend "Remember me" token after each login. !32730
- Assign alerts sidebar container fix. !32743
- Add anchor for creating a branch. !32745
- Tidy. !32759 (Lee Tickett)
- Less verbose JiraService error logs. !32847
- Reduced padding and increased emphasis of titles within the epic tree. !32873
- Add source to resource state events. !32924
- Remove obsolete users.ghost column. !32957
- Move NoPrimary table def to last context in spec. !33015 (Rajendra Kadam)
- Document github rate limit behavior. !33090
- Added build_id column to requirements_management_test_reports table. !33184
- Add version history information on U2F support. !33229 (Takuya Noguchi)
- Convert IP spoofing errors into client errors. !33280
- Update docs to reflect move web IDE Terminal and file sync to Core. !33419
- Add hovering icon for sorting columns on alert management list. !33429
- Upgrade Grape v1.1.0 to v1.3.3. !33450
- Avoid javascript for omniauth logins. !33459 (Diego Louzán)
- Add opacity transition to active design discussion pins. !33493
- Update GitLab Runner Helm Chart to 0.17.1. !33504
- Store pipeline creation errors and warnings into Ci::PipelineMessage. !33762
- Make project selector in various dashboard more translatable. !33771
- Update Workhorse to v8.35.0. !33817
- Remove FF hide_token_from_runners_api. !33947
- Bump omniauth_openid_connect to 0.3.5. !34030 (Roger Meier)
- Specify tiers for SAML SSO at self-hosted plans. !34040 (Takuya Noguchi)
- Backfill failed imported snippet repositories. !34052
- Use GitLab SVG icon for file attacher action. !34196
- Suppress progress on pulling on Performance Test. !34368 (Takuya Noguchi)
- Update icon associated with attach a file actions. !34401
- Add GraphQL snippet FileInputType. !34442
- Move filter code into finder. !34470 (Ravishankar)
- Update blue hex values to match GitLab UI. !34530
- Remove legacy job log rendering. !34538
- Update red hex values to match GitLab UI. !34544
- Update green hex values to match GitLab UI. !34547
- Validate the existing not null constraints on columns for ci_job_artifacts, lfs_objects, and uploads tables. !34568
- Move HasStatus module to the Ci namespace. !34577 (blackst0ne)
- Update pinned links to use GlButton. !34620
- Add machine/sysname/release in topology usage ping. !34627
- Remove build dependencies on code quality and license scanning. !34659
- Add :section to approval_merge_request_rule unique index. !34680
- Replace double angle icons with double chevron. !34736
- Update Workhorse to v8.36.0. !34759
- Update heart icon from FontAwesome to GitLab SVG. !34777
- Fix broken CSS for system notes. !34870
- Fix Gitaly duration tracking of RefService RPCs. !34904
- Fix Gitaly duration timings of BlobService RPCs. !34906
- Fix Gitaly duration timings for conflicts and search RPCs. !34909
- Add validation for move action in SnippetInputAction. !34911
- Fix Gitaly duration timings for other CommitService RPCs. !34933
- Add project_key column to jira_tracker_data table. !34949
- Update GitLab Runner Helm Chart to 0.18.0. !34969
- Copy snippet route under - scope. !35020
- Copy project snippet routes under - scope. !35022
- Removes monkey patch to generate 6.0.3 style token. !35104
- Create time-space partitions in separate schema gitlab_partitions_dynamic. !35137
- Edit copy of DAG unsupported data alert. !35170
- Move configuration for Alerts endpoint from "Settings > Integration" to "Settings > Operations > Alerts". !35187
- Clean up GitlabIssueTrackerService database records. !35221
- Throttle ProjectUpdateRepositoryStorageWorker Jobs. !35230
- Suppress progress on docker pulling in builtin templates. !35253 (Takuya Noguchi)
- Create schema for static partitions. !35268
- Add default_branch_name to application_settings. !35282
- Upgrade Gitaly to 13.2.0-rc2. !35345
- Drop partitions_dynamic schema if it exists. !35426
- Avoid grouping statement timeouts in Sentry. !35479
- Database migration to add project_settings.has_confluence. !35485
- Update UI links to docs in core features. !35488
- Update Sidekiq to v5.2.9. !35495
- Move profiles/keys#get_keys to users#ssh_keys. !35507 (Takuya Noguchi)
- Add default_branch_name to ApplicationSettings visible attrs. !35681
- Update GitLab Runner Helm Chart to 0.18.1. !35712
- Prepare database for WebAuthn. !35797 (Jan Beckmann)
- Remove dead Elasticsearch indexing code. !35936
- Add alias expansion to Terraform documentation. !35941 (zmeggyesi)
- Hide dropdown header on list view. !35954
- Update GitLab Elasticsearch Indexer. !35966
- Restore the search autocomplete for groups/project/other. !35983
- Add issues_enabled column to jira_tracker_data table. !35987
- Normalize the 'thumb-up', 'thumb-down' icon. !35988
- Add migration to drop unused daily report results table. !36102
- Updating $gray-200 hex value and remapping current instances to $gray-100. !36128
- Removes ci_ensure_scheduling_type feature flag. !36140
- Update more UI links to docs in core features. !36174
- Format graphql files with prettier. !36244
- Replace FA play icon with svg in pipeline schedule and admin runner page. !36379
- Backfill project snippet statistics. !36444
- Expose blob mode in GraphQL for repository files. !36488
- Drop index of ruby objects in details on audit_events table. !36547
- Expand Operations > Alerts section by default via link follow through. !36649
- Update snippets housecleaning docs. !36715
- Update Rouge to v3.21.0. !36942
- Update GITLAB_WORKHORSE_VERSION to 8.37.0. !36988
- Track the number of unique users who push, change wikis and change design managerment.
- Remove removeIssue logic from list model. (nuwe1)


## 13.1.10 (2020-09-02)

### Security (1 change)

- Protect OAuth endpoints from brute force/password stuffing.


## 13.1.9 (2020-09-02)

### Security (23 changes, 1 of them is from the community)

- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.18.3.


## 13.1.8 (2020-08-18)

- No changes.

## 13.1.7 (2020-08-17)

### Security (2 changes)

- Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy.
- Project access is checked during deploy token authentication.


## 13.1.6 (2020-08-05)

### Security (11 changes)

- Add decompressed archive size validation on Project/Group Import. !562
- Enforce 2FA on Doorkeeper controllers.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Revoke OAuth grants when a user revokes an application.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.
- Update GitLab Runner Helm Chart to 0.17.2.


## 13.1.5 (2020-07-23)

- No changes.

## 13.1.3 (2020-07-06)

- No changes.

## 13.1.2 (2020-07-01)

### Security (18 changes)

- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.


## 13.1.1 (2020-06-23)

### Fixed (4 changes)

- Fix missing templating vars set from URL in metrics dashboard. !34668
- Fix edit status dropdown overflow. !34847
- Load user before logging git http-requests. !34923
- Do not mask key comments for DeployKeys. !35014

### Added (1 change)

- Periodically recompute project authorizations. !34071


## 13.1.0 (2020-06-22)

### Removed (4 changes, 2 of them are from the community)

- Remove deprecated dashboard & group milestone pages. !13237
- Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna)
- Remove all search autocomplete for groups/projects/other. !31187
- Remove temporary datepicker position fix as it is no longer required. !31836 (Arun Kumar Mohan)

### Fixed (154 changes, 57 of them are from the community)

- Fix 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan)
- Fix back button when switching MR tabs. !29862 (Lee Tickett)
- Remove ability to scroll Issue while in Design View. !29881
- Fix merge request note label URLs. !30428 (Lee Tickett)
- Fix default path when creating project from group template. !30597 (Lee Tickett)
- Group authorization refresh to consider shared groups. !31204
- Fix group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta)
- Fix issuable listings with any label filter. !31729
- Move prepend to last in ee-app-services. !31838 (Rajendra Kadam)
- Fallback to lowest visibility level in snippet visibility radio. !31847 (Jacopo Beschi @jacopo-beschi)
- Add class stubs and fix leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam)
- Remove usage of spam constants in spec. !31959 (Rajendra Kadam)
- Fix leaky constant issue in uninstall progress service check. !32036 (Rajendra Kadam)
- Fix leaky constant issue in commit entity spec. !32039 (Rajendra Kadam)
- Fix leaky constant issue in task completion status spec. !32043 (Rajendra Kadam)
- Fix leaky constant issue in admin mode migration spec. !32074 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware server metric spec. !32104 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware client metric spec. !32108 (Rajendra Kadam)
- Fix leaky constant issue in path regex spec. !32115 (Rajendra Kadam)
- Fix leaky constant issue importer and cache headers spec. !32122 (Rajendra Kadam)
- Fix leaky constant issue in relation factory spec. !32129 (Rajendra Kadam)
- Fix leaky constant issue in test coverage spec. !32134 (Rajendra Kadam)
- Prevent emails to user on expiry of impersonation token. !32140
- Fix leaky constant issue in diff collection spec. !32163 (Rajendra Kadam)
- Fix leaky constant issue in migration helpers, with lock retries and ignored cols spec. !32170 (Rajendra Kadam)
- Fix leaky constant issue in factory spec. !32174 (Rajendra Kadam)
- Fix leaky constant issue in creds factory spec. !32176 (Rajendra Kadam)
- Use applogger in project import state file. !32182 (Rajendra Kadam)
- Use applogger in project.rb. !32183 (Rajendra Kadam)
- Use applogger in chat_team.rb. !32184 (Rajendra Kadam)
- Use applogger in repository model. !32185 (Rajendra Kadam)
- Use applogger in build and ssh host key. !32187 (Rajendra Kadam)
- Use applogger in cache attrs and highest role ruby files. !32189 (Rajendra Kadam)
- Use applogger in legacy project and namespace. !32190 (Rajendra Kadam)
- Use applogger in base.rb. !32191 (Rajendra Kadam)
- Use applogger in usage ping and webhook service. !32192 (Rajendra Kadam)
- Use applogger in exclusive_lease_guard. !32194 (Rajendra Kadam)
- Use applogger in groups destroy service and label create service. !32195 (Rajendra Kadam)
- Use applogger in merge_service.rb. !32196 (Rajendra Kadam)
- Use applogger in project create service and after import service. !32198 (Rajendra Kadam)
- Use applogger in update stats service. !32200 (Rajendra Kadam)
- Use applogger in base attachment service. !32201 (Rajendra Kadam)
- Use applogger in export service. !32203 (Rajendra Kadam)
- Use applogger in akismet service. !32205 (Rajendra Kadam)
- Use applogger in file mover file. !32206 (Rajendra Kadam)
- Use applogger in commit signature worker. !32207 (Rajendra Kadam)
- Use applogger in delete user worker. !32209 (Rajendra Kadam)
- Use applogger in email receiver worker. !32211 (Rajendra Kadam)
- Use applogger in artifact worker. !32212 (Rajendra Kadam)
- Use applogger in new note worker. !32213 (Rajendra Kadam)
- Fix duplicate filename displayed in design todos. !32274 (Arun Kumar Mohan)
- Add value length validations for instance level variable. !32303
- Resolve image overflow at releases list panel. !32307
- Clean up shared/tmp folder after Import/Export. !32326
- Fix creating release evidence if release is created via UI. !32441
- GraphQL hasNextPage and hasPreviousPage return correct values. !32476
- Fix loading and empty state styling for alerts list. !32531
- Resolve incorrect x-axis padding on the Environments Dashboard. !32533
- Fix time_tracking help link. !32552
- Don't display confidential note icon on confidential issue public notes. !32571
- Update container expiration policy database defaults. !32600
- Fix rendering of emojis in status tooltips. !32604
- Hid copy contents button when blob has rendering error. !32632
- Avoid refresh to show endedAt after mutation. !32636
- Fix for metrics creation when saving MR. !32668
- Skip the individual JIRA issues if failed to import vs failing the whole batch. !32673
- Hide "Import from Jira" option from non-entitled users. !32685
- Fix broken help link on operations settings page. !32722
- Allow different in bulk editing issues. !32734
- Fix whitespace changes overgrowing the diff container. !32774
- Improve spacing and wrapping of group actions buttons and stats in group list view. !32786
- Fix "Broadcast Messages" table overflow and button alignment. !32801
- Fix 404 when downloading a non-archive artifact. !32811
- Make commits author button confirm to Pajamas specs. !32821
- Fix filename duplication in design notes in activity feeds. !32823 (Arun Kumar Mohan)
- Prevent multiple Auto DevOps deployment jobs running concurrently when using manual rollout. !32824
- Implement displaying downstream pipeline error details. !32844
- Fix Runner heartbeats that results in considering them offline. !32851
- Conan package registry support for the conan_export.tgz file. !32866
- Fix plural message in account deletion section. !32868
- Fix atomic processing bumping a lock_version. !32914
- AsciiDoc: Add support for built-in alignment roles. !32928 (mnrvwl)
- Fix a bug where some Vue apps would be unable to load when DAG tab is disabled. !32966
- Fix undefined error in Gitlab::Git::Diff. !32967
- Fix spelling error on Ci::RunnersFinder. !32985 (Arthur de Lapertosa Lisboa)
- Fix polling for resource events. !33025
- Fix broken CSS classes inside alert management list. !33038
- Fix bug in snippet create mutation with non ActiveRecord errors. !33085
- Fix overflow issue in MR and Issue comments. !33100
- Fix alignment of button text on the Edit Release page. !33104
- Deduplicate URL parameters when requesting merge request diffs which causes diffs load to fail. !33117
- Fix tabbing through form fields in projects/new flow. !33209
- Fix incorrect commit search results returned when searching with ref. !33216
- Fix NoMethodError by using the correct method to report exceptions to Sentry. !33260
- Fix KaTeX font paths. !33338
- Resolve Fix Incomplete Kubernetes Cluster Status List. !33344
- Fix auto-merge not running after discussions resolved. !33371
- Fix bug in snippets updating only file_name or content. !33375
- Fix invisible emoji modal on Set Status form when clicked the second time. !33398
- vertically center action icon in the CI pipeline. !33427 (Nathanael Weber)
- Wrap auto merge parameters update in database transaction. !33471
- Return 404 response when redirecting request with invalid url. !33492
- Fix ambiguous string concatenation on CleanupProjectsWithMissingNamespace. !33497
- Fix snippet repository import edge cases. !33506
- Rust CI template: Replace --all with --workspace on cargo test. !33517 (Markus Becker)
- Make markdown textarea links tab-accessible. !33518
- Pass hard delete option to snippets bulk destroy. !33520
- Fix CI rules for ECS related jobs. !33527
- Update GitLab Workhorse to v8.34.0. !33543
- Fix snippet repository import fail with older export files. !33584
- Web IDE: Create template files in the folder from which new file request was made. !33585 (Ashesh Vidyut)
- Improve header acccessibility. !33603
- Remove non migrated snippets from failed imports. !33621
- Prevent duplicate issues when importing from CSV. !33626
- Fix sidebar spacing for alert details. !33630
- Fix linking alerts to created issues for the Generic alerts intergration. !33647
- Resolve spacing ux debt on Release assets form field. !33684
- Fix pagination link header. !33714 (Max Wittig)
- Fix Value Stream Analytics summary when using non-english locale. !33717
- Fix bug with variable substitution in alerts. !33772
- Allow wiki pages with +<> characters in their title to be saved. !33803
- Fix force_remove_source_branch not working in API. !33804
- Fix prometheus alerts not being automatically created. !33806
- Fix pagination for resource label events. !33821
- Fix relative URL root in wiki_base_path. !33841
- Return code navigation path for nil diff_refs. !33850
- Record audit event when an admin creates a new SSH Key for a user via the API. !33859 (Rajendra Kadam)
- Do not create duplicate issues for exising Alert Management alerts. !33860
- Add link text to collapsed left sidebar links for screen readers. !33866
- Update text in error tracking list error message. !33872
- Adjust wrong column reference for ResetMergeStatus (background job). !33899
- Fixed dashboard YAML file validaiton for files which do not contain object as root element. !33935
- Fix design note scrolling. !33939
- Update validates_hostname gem with support for more TLDs. !34010
- Update wording of addMultipleToDiscussionWarning. !34088
- Show all storages in settings. !34093
- Set author as nullable in snippet GraphQL Type. !34135
- Fix rendering of very long paths in merge request file tree. !34153
- Remove not null constraint from events tables. !34190
- Ensure we always generate a valid wiki event URL. !34191
- Send information about attached files to the GraphQL mutation. !34221
- Update issue limits template to use minutes. !34254
- Add route for the lost-and-found group and update the route of orphaned projects. !34285
- GraphQL - properly handle pagination of millisecond-precision timestamps. !34352
- Fix 500 error in BlobController#delete. !34367
- Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup, a fix for multiline K8S_SECRET variables, updated Helm to 2.16.7 and glibc to 2.31. !34399 (verenion)
- Fix issues with scroll on iOS / iPad OS. !34486
- Fix order of integrations to be sorted alphabetically. !34501
- Fix undefined method error. !34522
- Use Keys::DestroyService for deleting an SSH key when an admin deletes a key via the API. !34535 (Rajendra Kadam)
- Removed default artifact name for Terraform template. !34557
- Footer system message fix.
- Set experiementation cookie for GitLab domain only.
- Add DS detection of build.gradle.kts.

### Changed (76 changes, 5 of them are from the community)

- Add a GraphQL endpoint to fetch Jira projects through its REST API. !28190
- Change legends in monitor dashboards to tabular layout. !30131
- Move pipelines routing under /-/ scope. !30730
- Set markdown toolbar to use hyphens for lists. !31426
- Use sprites for comment icons on Commits. !31696
- Rate limit project export by user. !31719
- Reorder diffs compare versions dropdowns. !31770 (Gilang Gumilar)
- Enable the `in this group` action in the Search dropdown. !31939
- Externalize i18n strings from ./app/views/shared/_promo.html.haml. !32109 (Gilang Gumilar)
- Add Usage Ping count for all searches. !32111
- Add tags_count to container registry api and controller. !32141
- Externalize i18n strings from ./app/views/shared/milestones/_sidebar.html.haml. !32150 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_form_dates.html.haml. !32162 (Gilang Gumilar)
- Improve Container Registry UI header. !32424
- Added node size to cluster index. !32435
- Update operations metrics settings title and description to make them general. !32494
- Track merge_requests_users usage data. !32562
- Adds cluster CPU and Memory to cluster index. !32601
- Allow the snippet create service to accept an array of files. !32649
- Move review related controllers/workers outside EE. !32663
- Move the Members section from settings to the side nav for projects. !32667
- Show more context in unresolved jump button. !32737
- Exclude extra.server fields from exceptions_json.log. !32770
- Improve new/unknown sign-in email styling. !32808
- Allow the snippet update service to accept an array of files. !32832
- Add new issue link to email notification header. !32833
- Bump cluster-applications to 0.17.0, which updates Runner to 0.17.0 and Cilium to 1.7.4. !32931
- Update artifacts section to show when an artifact is locked. !32992
- Include tag count in the image repository list. !33027
- Clean up gitlab-shell install-from-source path. !33057
- Increase LFS token default time to 2 hours. !33140
- Add explicit mention of Merge request in Slack message. !33152
- Expose `release_links.type` via API. !33154
- Add link_type column to release_links table. !33156
- Move broadcast notification dismiss button to the top. !33174
- Remove null constraint for JID in GroupImportState. !33181
- Added provider type icon to cluster list. !33196
- Remove search icon from Project find file button. !33198
- Refine SAST language detection by frameworks. !33226
- Render Merge request reference as link. !33248
- Upgrade to Gitaly v13.1.0-rc1. !33302
- Show disabled suggestion button with tooltip message. !33357
- Add update validations to SnippetInputAction. !33379
- Add snippet DB visibility check in spec. !33388 (Jacopo Beschi @jacopo-beschi)
- Add Hugo logo to project templates. !33402
- Add GitBook logo to project templates. !33403
- Add GoMicro logo to project templates. !33404
- Add Jekyll logo to project templates. !33405
- Add Hexo logo to project templates. !33406
- Rename Add Designs button. !33491
- Add CPU, memory usage charts to self monitoring default dashboard. !33532
- Add database migrations to design_management_designs.filename to enforce a 255 character limit, and modify any filenames that exceed that limit. !33565
- Track Sentry error status updates with dedicated actions. !33623
- Alert Managament: Change sorting order to have newest alerts first. !33642
- Add blobs field to SnippetType in GraphQL. !33657
- Format metrics column chart x axis dates. !33681
- Style ToastUI contextual menus. !33719
- Update Auto deploy image to v0.16.1, introducing support for AUTO_DEVOPS_DEPLOY_DEBUG. !33799
- Add whether instance has Auto DevOps enabled to usage ping. !33811
- Update local IP address and domain name allow list input label. !33812
- Add date time format to the monitor stacked-column chart. !33814
- Allow Tf Plan to genrate multiple reports. !33867
- Remove async_merge_request_check_mergeability feature flag. !33917
- Filter potentially-sensitive Sidekiq arguments from logs and Sentry. !33967
- Update Static Site Editor toolbar to group inline-code and code-block buttons together. !34006
- Set default values for SAST_EXCLUDED_PATHS and DS_EXCLUDED_PATHS. !34076
- Add ability to filter self monitoring resource usage charts by instance name. !34084
- Pick repository storage based on weight. !34095
- Display error for YAML files that are too large. !34199
- Change copy of webhooks / integration help text. !34301
- Update board header icons. !34366
- Show Redis instance in performance bar. !34377
- Add secret detection template to Auto DevOps. !34467
- Add allowed actions to snippet input action. !34499
- Change from vendor specific to Gitlab. !34576
- Assign alerts sidebar base.

### Performance (19 changes, 1 of them is from the community)

- Improve performance of commit search by limiting the number of results requested. !32260
- Add GraphQL lookahead support. !32373
- Update index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial index for secret_detection. !32584
- Add index on id and type for Snippets. !32885
- Use build_stubbed to avoid interacting with the DB in todos helper specs. !32906 (Arun Kumar Mohan)
- Optimize SQL queries on Milestone index page. !32953
- Add build report results data model. !32991
- Adjust condition for partial indexes on services table. !33044
- Add index to issues and epics on last_edited_by_id. !33075
- Fix preconnect typo in rel link. !33255
- Add project_id, user_id, status, ref index to ci_pipelines. !33290
- Move migration related to ci_builds to post_deployment. !33416
- Reduce redundant queries for Search API users scope. !33795
- Speed up boot time in production. !33929
- Harden CI pipelines usage data queries with an index. !34045
- Add partial index on locked merge requets. !34127
- Lazy load commit_date and authored_date on Commit. !34181
- Optimize container repository for groups query. !34364
- Enable CI Atomic Processing by default.

### Added (149 changes, 14 of them are from the community)

- Add rake task to verify encrypted data through secrets. !21851
- User can apply multiple suggestions at the same time. !22439 (Jesse Hall)
- Resolve Add a button to assign users who have commented on an issue. !23883
- Resolve Graph code coverage changes over time for a project. !26174
- Add doc for custom validators in api styleguide. !26734 (Rajendra Kadam)
- Add Scheduled Job for Monitoring Monitor Group Demo Environments. !27360
- Add setting to allow merge on skipped pipeline. !27490 (Mathieu Parent)
- Add dark theme (alpha). !28252
- Show estimate on issues list. !28271 (Lee Tickett)
- Make Fixed Email Notification Generally Available. !28338 (jacopo-beschi)
- Add a link to the `renamed` viewer to fully expand the renamed file (if it's text). !28448
- Focus and toggle metrics dashboard panels via keyboard. !28603
- Remove `scoped_approval_rules` feature flag. !28864 (Lee Tickett)
- Create Group import UI for creating new Groups. !29271
- Add finder for group-level runners. !29283 (Arthur de Lapertosa Lisboa)
- Allow customization of badge key_text and key_width. !29381 (Fabian Schneider @fabsrc)
- Support Workhorse directly uploading files to S3. !29389
- Add frontend support for multiline comments. !29516
- Support first_name and last_name attributes in LDAP user sync. !29542
- Add link to status page detail view for status page published issues. !30249
- Add metrics dashboard name to document title. !30392
- Backfill StatusPage::Published incidents and enable a publish quick action for EE. !30906
- Add missing Merge Request fields. !30935
- Show build status on branch list. !30948 (Lee Tickett)
- Add mutation to create commits in GraphQL. !31102
- Add GraphQL support for authored and assigned Merge Requests. !31227
- Add usage data metrics for terraform states. !31280
- Add usage data metrics for terraform reports. !31281
- Add API endpoint for listing bridge jobs. !31370 (Abhijith Sivarajan)
- SpamVerdictService can call external spam check endpoint. !31449
- Move Admin note feature to GitLab Core. !31457 (Rajendra)
- Add DAG serializer for pipelines controller. !31583
- Save repository storages in application settings with weights. !31645
- Add API endpoint for resource milestone events. !31720
- Show import in progress screen for group imports. !31731
- Add Verify/FailFast CI template. !31812
- Improve Add/Remove Issue Labels API. !31864 (Lee Tickett)
- Add mutation to create a merge request in GraphQL. !31867
- Add warning popup for Elastic Stack update. !31972
- Add API support for sharing groups with groups. !32008
- Add the container expiration policy attribute to the project GraphQL type. !32100
- Add GraphQL support for project and group labels. !32113
- Add number of database calls to Prometheus metrics and logs for sidekiq and request. !32131
- Filter pipelines by status. !32151
- Filter pipelines based on url query params. !32230
- Add metrics for Redis usage during Sidekiq job execution. !32265
- Add filters to merge request fields. !32328
- Support reading .editorconfig files inside of the Web IDE. !32378
- [Frontend] Resolvable design discussions. !32399
- Table index added to `metrics_dashboard_annotations` for future pruning of stale metrics Annotations for metrics dashboards are now checked for valid start and end dates. !32433
- Enable GitLab-Flavored Markdown processing for design links. !32446
- Filter Pipelines by Tag Name. !32470
- Adds sorting by column to alert management list. !32478
- Add project specific repository storage API. !32493
- Adapt Limitable for system-wide features. !32574
- Add application limits to instance level CI/CD variables. !32575
- Add model for project level security auto-fix settings. !32577
- Expose Jira imported issues count in GraphQL. !32580
- Organize alerts by status tabs. !32582
- Add note to ECS CI template. !32597
- Add metrics for Redis usage during web requests. !32605
- Add database and GraphQL support for alert assignees. !32609
- Set fingerprints and increment events count for Alert Management alerts. !32613
- Process stuck jira import jobs. !32643
- Allow user to add custom links to their metrics dashboard panels. !32646
- Add tags to experimental queue selector attributes. !32651
- Allow generic endpoint to receive alerts from external Prometheus. !32676
- Customize the Cloud Native Buildpack builder used with Auto Build. !32691
- Add timezone display to alert based issue start time. !32702
- Display dates on metrics dashboards in UTC time zone. !32746
- Store Todo resolution method. !32753
- Add experience_level to user_preferences. !32784
- Remove metrics dashboard annotations attached to time periods older than two weeks. !32838
- Monitor:Health metrics instrumenation. !32846
- Adds PostHog as a CI/CD Managed Application. !32856
- Groups API has top_level_only option to exclude subgroups. !32870
- Create operations_feature_flags_issues table. !32876
- Add api.js methods to update issues and merge requests. !32893
- Render user-defined links in dashboard yml file on metrics dashboard. !32895
- Add accessibility report MR widget. !32902
- Add a GraphQL mutation for toggling the resolved state of a Discussion. !32934
- Add container expiration policy objects to the GraphQL API. !32944
- Don't hide Commit tab in Web IDE when there are no changes yet. !32979
- Add column for alert slack notifications. !33017
- Add ability to insert an image via SSE. !33029
- Add user root query to GraphQL API. !33041
- Adds groupMembership and projectMembership to GraphQL API. !33049
- Alerts list pagination. !33073
- Add ApplicationSetting ui changes for repository_storages_weighted. !33096
- Display confirmation modal when user exits SSE and there are unsaved changes. !33103
- Add column dashboard_timezone to project_metrics_setting. !33120
- Allow the assignment of alerts to users from the alert detail view. !33122
- Add solarized dark for Web IDE. !33148
- Add support for artifacts/exclude configuration. !33170
- Add root users query to GraphQL API. !33195
- Added validation for YAML files with metrics dashboard definitions. !33202
- Create issue from alert. !33213
- Add max import file size option. !33215 (Roger Meier)
- Add system note when assigning user to alert. !33217
- Add count of alerts from all sources to usage ping. !33220
- Add button to create an issue from an alert management alert. !33221
- Add more detail to alert integration settings description. !33244
- Add Evidence to Releases GraphQL endpoint. !33254
- Add support for pasting images in the Web IDE. !33256
- Add ProjectAccessToken table. !33272
- Automatically resolve alert when associated issue closes. !33278
- Add `link_type` to `ReleaseLink` GraphQL type. !33386
- Add  members to project graphQL endpoint. !33418
- Update Static Site Editor WYSIWYG mode to hide front matter. !33441
- Added delete action for Dashboard Annotations in GraphQL. !33468
- Create graphQL endpoint for Jira users import. !33501
- Support IAP protected prometheus installations. !33508
- New instance-level variables UI. !33510
- Provide `__range` variable for Prometheus queries. !33521
- Add support for `git filter-repo` to repository cleanup. !33576
- Close open reply input fields in the design view sidebar when leaving a new comment. !33587
- Add dashboard schema validation warnings as metrics dashboard GraphQL field. !33592
- Add time range to user-defined links in metrics dashboard. !33663
- Increase events count for Prometheus alerts. !33706
- Track pod logs refresh action. !33802
- Add secret detection template. !33869
- Add DAG visualization MVC. !33958
- Introduce a feature flag for Vue-based UI for all import providers. !33980
- Add sticky title on Issue pages. !33983
- Allow Release asset links to be associated with a type. !33998
- Support user-defined Grafana links in metrics dashboard. !34003
- Adds AWS guidance to CI/CD > Add Variable modal. !34009
- Show custom attributes within Admin Pages. !34017 (Roger Meier)
- Enable Slack notifications for alerts. !34038
- Container expiration policy regular expressions are now validated. !34063
- Add todo when alert is assigned to a user. !34104
- Track merge requests submitted by Static Site Editor. !34105
- Turn off alert issue creation by default. !34107
- Add detailed logs of each Redis instance usage during job execution and web requests. !34110
- Add API to schedule project repository storage moves. !34119
- Add validation step on backend for metrics dashboard links. !34204
- Track when Static Site Editor is initialized. !34215
- Bring SAST to Core - brakeman. !34217
- Mask key comments when exposing SSH/Deploy Keys via the API. !34255
- Convert `:release` yaml to `release-cli` commands. !34261
- Validate regex before sending them to CleanupContainerRepositoryWorker. !34282
- Add secret_detection to DOWNLOADABLE_TYPES. !34313
- Enable ability to assign alerts to users with corresponding system notes and todos. !34360
- Enable CI Inheriting Env Variables feature. !34495
- Show tooltip on error detail page when hovering over dates. !34506
- Add native code intelligence. !34542
- Bump cluster-applications version to v0.20.0. !34569
- Add search argument for AlertStatusCountsResolver. !34596
- Allow CI_JOB_TOKEN for authenticating to the Terraform state API. !34618

### Other (65 changes, 36 of them are from the community)

- Improve fast-forward merge is not possible message. !22834 (Ben Bodenmiller)
- Remove unused WAF indexes from CI variables. !30021
- Update the visual design of badges in some areas. !31646
- Extract featurable concern from ProjectFeature. !31700 (Alexander Randa)
- Remove update function logic from list model. !31900 (nuwe1)
- Remove nextpage function logic from list model. !31904 (nuwe1)
- Squash database migrations prior to 2019 into one. !31936
- Update deprecated slot syntax in app/assets/javascripts/reports/components/grouped_test_reports_app.vue. !31975 (Gilang Gumilar)
- Replace slot syntax for Vue 3 migration. !31987 (gaslan)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue. !31994 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue. !31995 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue. !32010 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/environments/components/environments_app.vue. !32011 (Gilang Gumilar)
- Remove setLoadingState logic from issue model. !32226 (nuwe1)
- Remove addAssignee logic from issue model. !32231 (nuwe1)
- Remove addLabel Logic from issue models. !32233 (nuwe1)
- Remove addMilestone logic from issue model. !32235 (nuwe1)
- Remove destroy function logic from list model. !32237 (nuwe1)
- Remove findAssignee logic from issue model. !32238 (nuwe1)
- Remove findLabel logic from issue model. !32239 (nuwe1)
- Remove findIssue logic from list model. !32241 (nuwe1)
- Remove moveIssue logic from list model. !32242 (nuwe1)
- Remove newIssue logic from list model. !32244 (nuwe1)
- Remove removeAllAssignees logic from issue model. !32247 (nuwe1)
- Remove removeAssignee logic from issue model. !32248 (nuwe1)
- Clarify verbiage for stuck job messages. !32250
- Remove removeLabel logic from issue model. !32251 (nuwe1)
- Remove removeLabels logic from issue model. !32252 (nuwe1)
- Remove removeMilestone logic from issue model. !32253 (nuwe1)
- Remove removeMultipleIssues logic from list model. !32254 (nuwe1)
- Remove setFetchingState logic from issue model. !32255 (nuwe1)
- Remove updateData logic from issue model. !32256 (nuwe1)
- Update U2F docs for Firefox 67+. !32289 (Takuya Noguchi)
- Update alert management mobile table alignment. !32295
- Include available instance memory in usage ping. !32315
- Moves merge request reviews into Core. !32558
- Update GitLab Runner Helm Chart to 0.17.0. !32634
- Add snowplow tracking for logs page. !32704
- Extend "Remember me" token after each login. !32730
- Assign alerts sidebar container fix. !32743
- Add anchor for creating a branch. !32745
- Tidy. !32759 (Lee Tickett)
- Less verbose JiraService error logs. !32847
- Reduced padding and increased emphasis of titles within the epic tree. !32873
- Remove obsolete users.ghost column. !32957
- Move NoPrimary table def to last context in spec. !33015 (Rajendra Kadam)
- Document github rate limit behavior. !33090
- Added build_id column to requirements_management_test_reports table. !33184
- Add version history information on U2F support. !33229 (Takuya Noguchi)
- Convert IP spoofing errors into client errors. !33280
- Update docs to reflect move web IDE Terminal and file sync to Core. !33419
- Add hovering icon for sorting columns on alert management list. !33429
- Avoid javascript for omniauth logins. !33459 (Diego Louzán)
- Add opacity transition to active design discussion pins. !33493
- Update GitLab Runner Helm Chart to 0.17.1. !33504
- Make project selector in various dashboard more translatable. !33771
- Update Workhorse to v8.35.0. !33817
- Remove FF hide_token_from_runners_api. !33947
- Bump omniauth_openid_connect to 0.3.5. !34030 (Roger Meier)
- Specify tiers for SAML SSO at self-hosted plans. !34040 (Takuya Noguchi)
- Backfill failed imported snippet repositories. !34052
- Use GitLab SVG icon for file attacher action. !34196
- Add GraphQL snippet FileInputType. !34442
- Update red hex values to match GitLab UI. !34544
- Remove removeIssue logic from list model. (nuwe1)


## 13.0.14 (2020-08-18)

- No changes.

## 13.0.13 (2020-08-17)

### Security (2 changes)

- Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy.
- Project access is checked during deploy token authentication.


## 13.0.12 (2020-08-05)

### Security (10 changes)

- Add decompressed archive size validation on Project/Group Import. !562
- Enforce 2FA on Doorkeeper controllers.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Revoke OAuth grants when a user revokes an application.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.


## 13.0.11 (2020-08-05)

This version has been skipped due to packaging problems.

## 13.0.10 (2020-07-09)

### Fixed (1 change)

- Fix gitlab:*:check Rake tasks. !35944


## 13.0.9 (2020-07-06)

- No changes.

## 13.0.8 (2020-07-01)

### Security (18 changes)

- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.


## 13.0.7 (2020-06-25)

### Fixed (7 changes)

- Group authorization refresh to consider shared groups. !31204
- Fix Value Stream Analytics summary when using non-english locale. !33717
- Fix bug with variable substitution in alerts. !33772
- Fix relative URL root in wiki_base_path. !33841
- Adjust wrong column reference for ResetMergeStatus (background job). !33899
- Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup. !34657
- Load user before logging git http-requests. !34923

### Added (2 changes)

- Provide `__range` variable for Prometheus queries. !33521
- Periodically recompute project authorizations. !34071


## 13.0.6 (2020-06-10)

- No changes.

## 13.0.4 (2020-06-03)

### Security (1 change)

- Prevent fetching repository code with unauthorized ci token.


## 13.0.3 (2020-05-29)

### Fixed (8 changes, 1 of them is from the community)

- Fixed redirection to project snippets. !32530
- Fix Geo replication for design thumbnails. !32703
- Fix 404s downloading build artifacts. !32741
- Fix Auto DevOps manual rollout jobs not being allowed to fail. !32865
- Update deprecated routes in irker integration. !32923 (Marc Jeanmougin)
- Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062
- Fix issue and MR API performance regression when Markdown cache is stale. !33235
- Fix close issue when user created the issue. !33294


## 13.0.1 (2020-05-27)

### Security (12 changes)

- Add an extra validation to Static Site Editor payload.
- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.


## 13.0.0 (2020-05-22)

### Removed (20 changes, 5 of them are from the community)

- Remove project routes that were deprecated before 12.1. !26808
- Drop x-y-stable version pinning for Secure templates. !29603
- Remove logs from the admin pages. !30485
- Remove deprecated /admin/application_settings redirect. !30532
- Drop support for License-Management CI template. !30645
- Remove deprecated InfluxDB. !30786
- Remove deprecated Release Evidence endpoints. !30975
- Remove deprecated Release Evidence endpoints documentation. !30978
- Drop support for `license_management` artifact. !31247
- Remove deprecated container scanning report parser. !31294
- Remove rake task `gitlab:track_deployment`. !31404
- Remove token attribute from Runners API. !31448
- Remove support for Ruby format variable interpolation (`%{variable}`) in custom dashboards. !31581
- Remove JenkinsDeprecatedService. !31607 (tnwx)
- Remove ruby_memory_bytes metric, duplicate of ruby_process_resident_memory_bytes. !31705
- Remove project_list_show_mr_count feature flag. !31789 (Gilang Gumilar)
- Remove project_list_show_issue_count feature flag. !31793 (Gilang Gumilar)
- Remove set_user_last_activity feature flag. !31795 (Gilang Gumilar)
- Remove registrations_recaptcha feature flag. !31797 (Gilang Gumilar)
- Remove deprecated Sidekiq rake tasks.

### Fixed (171 changes, 54 of them are from the community)

- Allow public access to pipeline schedules. !20806 (Lee Tickett)
- Add user last_activity logging in GraphQL. !23063
- Render TestReport parsing errors back to pipeline test summary. !24188
- Add user popovers to system notes. !24241
- Fix missing RSS feed events. !28054
- Resolve Text for future Release date grammatically incorrect. !28075
- Fix number of approvals given calculation. !28293 (Steffen Köhler)
- Always display new subgroup button when permission is granted. !28309 (Mattias Michaux)
- Correct the permission according to docs. !28657
- Fix duplicated activity and events on deletion of tag. !28861 (Sashi Kumar)
- Fix init.d script to correctly set web server PID. !29164
- Honor per_page in Search API. !29197
- fix: use the source project to generate commit links for un-persisted merge requests. !29243 (Chieh-Min Wang)
- Fix display of some overflowing merge request diffs. !29267
- Move prepend to last line in helper files. !29327 (Rajendra Kadam)
- Prevent duplicate tooltips when hovering over status emoji in comments. !29356
- Update Elastic Stack chart to 2.0.0 to support kubernetes 1.16. !29601
- Fix minor spacing issue at Snippet blob viewer. !29625 (Karthick Venkatesan)
- Eliminate errors in wiki controller during edit. !29645
- Fixed copy as GFM not copying upload links. !29683
- Bump max search depth from 2 to 4 when looking for files SAST analyzers can handle. !29732
- Move snippet raw_url attribute to base entity. !29776
- Return content from repo in snippet raw endpoint. !29781
- Return file name from repo in snippet endpoints. !29785
- Propagation of service templates also covers services with separate data tables. !29805
- Fix bug in personal snippets when somebody is mentioned. !29835 (Sashi Kumar)
- Embed metrics charts for both /metrics and /metrics_dashboard routes. !29838
- Fix admin mode access on GraphiQL controller. !29845 (Diego Louzán)
- Exclude html entities from haml lint. !29847 (Lee Tickett)
- Fixed JS error for anonymous views of a snippet. !29854
- Destroy Dropzone hidden input when form is destroyed. !29882
- Move prepend to last line in lib/gitlab files. !29938 (Rajendra)
- Match Jira keys with trailing characters. !29953
- Fixed Cancel action on Snippet edit for existing snippets. !29993
- Warn user before losing wiki content. !30037
- Move prepend to last line in lib/gitlab files. !30070 (Rajendra Kadam)
- Fix an issue where the Search dropdown results would not be clickable. !30087 (mbergeron)
- Capture all errors when updating repository storage. !30119
- Move alert management behind a feature flag. !30133
- Fix bug when services appear active even though they are not. !30160
- Fix moving an issue when there is a group reference. !30185
- Move prepend to last line in lib/gitlab files. !30194 (Rajendra Kadam)
- Move prepend to last line in lib/gitlab files. !30289 (Rajendra Kadam)
- Move prepend to last line in lib/gitlab files. !30291 (Rajendra Kadam)
- Set NULL `lock_version` values to 0 for CI objects. !30305
- Fix errors creating project with active Prometheus service template. !30340
- Add Activity icons for Wiki updated and destroyed events. !30349
- Gracefully handle orphaned member invites. !30355
- Fix incorrect commits number in commits list. !30412
- Fix second 500 error with NULL restricted visibility levels. !30414
- Move prepend to last line in ee/services. !30425 (Rajendra Kadam)
- Add LFS badge feature flag to RefsController#logs_tree. !30442
- Fix mirror repos docs link. !30443
- Added right margin to Clone Snippet button. !30471
- Fix blob link for the code search. !30473
- Use Jira import owner as the issue author when importing issues from Jira. !30504
- Correctly count wiki pages in sidebar. !30508
- Stretch heatmap metrics full column size. !30524
- Upgrade Unicorn to v5.5.1. !30541
- Avoid copying diffs as Markdown tables. !30572
- Fixes overlapping tooltips when clicking copy buttons. !30622
- Fix 500 error for non-existing snippet on graphql mutations. !30632 (Sashi Kumar)
- Change validation rules for profile email addresses. !30633
- Set timeout for Google OAuth to prevent 503 error. !30653
- Remove extra sleep when obtaining exclusive lease. !30654
- Fix GitLab CI/CD Scala template. !30667
- Fix checkmark position on dropdowns. !30685
- Remove Visibility from terraform widget. !30737
- Use migration bot user in snippet migration. !30762
- Fix discard button not showing for new empty files in Web IDE. !30767
- Disable schema dumping after migrations in production. !30812
- Fix mapping group membets as Jira issues authors/assignees. !30820
- Align styling of snippet search results. !30837
- Move daily create users statistics cronjob to CE. !30843
- Fixed alignment of Snippet Clone copy buttons. !30897
- Increase constrast ratio of text in some tables. !30903
- Ignore .gitattributes if they contain invalid byte sequences. !30922
- Fix bug in Snippet BlobViewer GraphQL definition. !30927
- Fix layout in issue view, on large screen some buttons were misaligned. !30947 (Michele (macno) Azzolari)
- Fix error renaming files using web IDE. !30969
- Handle Snippet file name errors in backfill. !30981
- Correctly track the store that external MR diffs are placed on. !31005
- Fix duplicate index removal on ci_pipelines.project_id. !31043
- Update recursive-open-struct to 1.1.1 to make it compatible with ruby 2.7. !31047
- Revert CODEOWNERS validation of Web requests in diff check. !31087
- Wrap wiki blob search result in its own object. !31155
- Allow multiple usage of EE extension/inclusion on last lines. !31183 (Rajendra Kadam)
- Fix 500 error loading environments index. !31184
- Fix 500 on creating an invalid domains and verification. !31190
- Fix redirect loop on .com when 2FA is required. !31229
- Fix regression and allow SCIM to create SAML identity. !31238
- Fix incorrect number of errors returned when querying sentry errors. !31252
- Fix RST rendering hanging on large files. !31287
- Trim whitespace in directory names in the Web IDE. !31305
- Fix 'not enough data' in Value Stream Analytics when low median values are returned. !31315
- Add tooltip to container registry tags last update column. !31317
- Fix Istio broken Istio metrics installation. !31382
- Link to subgroup milestones correctly from group milestones page. !31383
- Remove kwargs from storage move worker. !31412
- Make edit board text sentence case. !31418
- Katex render and vscode output improvements for markdown. !31433 (Reinhold Gschweicher <pyro4hell@gmail.com>)
- Fix overwrite check in GitLab import/export. !31439
- Fix API requests for branch names ending in .txt. !31446 (Daniel Stone)
- Avoid repository size checkings in snippet migrations for migration bot. !31473
- Use iso 8601 timestamp format in metrics dashboard annotations graphql resource to assure multi browser compatibility. !31474
- In WebIDE get files with relative path instead of web_url. !31478
- Fix snippet migration when user has invalid info. !31488
- Add elipsis to container registry tag name. !31584
- Add instance column to services table if it's missing. !31631
- Fix issue with broken images in Web IDE markdown. !31638
- Fixes bug where variables were not protected by default when using the correct CI/CD admin setting. !31655
- Decode dashboard_path when creating annotations. !31665
- Fix "how to checkout MR" help link. !31688
- Fixed redirection when deleting a project snippet. !31709
- Fix templates API endpoint when project name has dots. !31758
- Remove detection of file in Dependency Scanning template. !31819
- Move prepend to last line in app models. !31826 (Rajendra Kadam)
- Move prepend to last line in app models 2. !31827 (Rajendra Kadam)
- Move prepend to last line in app models 3. !31829 (Rajendra Kadam)
- Move include_if_ee to last line in ee/app 1. !31832 (Rajendra Kadam)
- Restore original sort order of the metrics dashboard select list. !31859
- Fix Snippet update error bug losing changes. !31873
- Replace the outdated link. !31874 (Renamoo)
- Replace let! with let_it_be in user api spec. !31901 (Rajendra Kadam)
- Replace let! with let_it_be in merge request spec. !31909 (Rajendra Kadam)
- angelog Replace let! with let_it_be in pipelines spec. !31916 (Rajendra Kadam)
- Fix public metrics dashboard visibility bug. !31925
- Add nested file detection for Dependency Scanning. !31932
- Add class stubs and fix leaky constant cop alert. !31938 (Rajendra Kadam)
- Add class stubs and fix leaky constant alert in content whitelist spec. !31946 (Rajendra Kadam)
- Fix broken heading of Vue 3 migration guide doc. !31951 (Gilang Gumilar)
- Add class stubs and fix leaky constant alert in query recorder spec. !31954 (Rajendra Kadam)
- Fix no scroll when overflow in IDE right pane. !31961
- Fix leaky constant cop issue in clone dashboard service spec. !31962 (Rajendra Kadam)
- Stub class constant in resolve discussion spec. !31965 (Rajendra Kadam)
- Fix leaky constant issue in upgrade progress service check. !31969 (Rajendra Kadam)
- Clear merge request error on push to source branch. !32001
- Allow only users with `adminNote` permission to edit the design note. !32035
- Fix leaky constant issue in retry build service check. !32038 (Rajendra Kadam)
- Fix leaky constant issue in env assignment spec. !32040 (Rajendra Kadam)
- Fix leaky constant issue in statistics api spec. !32042 (Rajendra Kadam)
- Fix leaky constant issue in merge request policy spec. !32044 (Rajendra Kadam)
- Fix leaky constant issue in tree spec. !32045 (Rajendra Kadam)
- Fix leaky constant issue in mentionable spec. !32049 (Rajendra Kadam)
- Fix leaky constant issue in json serialization spec. !32051 (Rajendra Kadam)
- Fix leaky constant issue in cluster spec. !32053 (Rajendra Kadam)
- Fix bug in Groups API when statistics are requested in an unauthenticated API call. !32057
- Fix leaky constant issue in nulls pt2 spec. !32058 (Rajendra Kadam)
- Fix leaky constant issue in application settings encrypt spec. !32066 (Rajendra Kadam)
- Fix leaky constant issue in system check spec. !32080 (Rajendra Kadam)
- Fix leaky constant issue in simple executor spec. !32082 (Rajendra Kadam)
- Fix leaky constant issue in jwt spec. !32093 (Rajendra Kadam)
- Update android template. !32096
- Fix leaky constant issue in factory spec. !32099 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware spec. !32101 (Rajendra Kadam)
- Fix leaky constant issue connection, master check and attr config spec. !32144 (Rajendra Kadam)
- Fix updating of Markdown fields when Markdown cache version is incremented. !32219
- Fix incorrect regex used in FileUploader#extract_dynamic_path. !32271
- Improve responses in the snippet create/update API endpoints. !32282
- Send Devise emails triggered from the 'Email' model asynchronously. !32286
- Re-enable negative filters for Boards. !32348
- Fix missing space character in alert header. !32395
- Fix display of embedded snippets. !32411 (Jan Beckmann)
- Fixed redirection to project snippets. !32530
- Rake task gitlab:cleanup:orphan_lfs_files should clear the cached value or repository size. !32541
- Fixed enabled merge button incorrectly showing to users who can't merge.
- Fixed misaligned avatar in commit discussion form.
- Fixed cancel reply button not alerting the user.
- Fixes commit message emojis not rendering in Vue file list.
- Fix logging of username in /jwt/auth.
- Fixes branch name not getting escaped correctly on frontend.

### Deprecated (2 changes)

- Deprecate /plugins directory. !29678
- Implement external database checker in dashboard controller. !30389

### Changed (121 changes, 42 of them are from the community)

- Support limits for offset based pagination. !28460
- Redirect issues routes under /-/ scope. !28655
- Add Fluentd into cluster apps page. !28847
- Disallow developers to delete builds of protected branches. !28881 (Alexander Kutelev)
- Store status of repository storage moves. !29095
- Update the example regex in the image expiration policy UI. !29348
- Add WAF and Cilium Log column for Fluentd table. !29457
- Update Fluentd model to support multiple logs. !29458
- Add Cilium to Fluentd UI controls on the Cluster Application page. !29511
- Use alerts instead of toasts in Image Repository details. !29685
- Avoid commit when snippet file_name and content are not present. !29761
- Recreate foreign key in project settings to use nullify instead of cascade. !29767
- Surface alerts add sidebar link. !29775
- Make setting alerts on the monitoring dashboard available to GitLab Core users. !29789
- Keep latest artifact for each ref. !29802
- Change placeholder in search input for Analytics features. !29858 (Gilang Gumilar)
- Test Jira connection before running import. !29926
- Remove snippet file_name from snippet lists. !29937
- Add new keep regex to expiration policy settings ui. !29940
- Alert management can user enable. !30024
- Expose the updated_at attribute in the todos API. !30035
- Update GitLab-managed helm from 2.16.3 to 2.16.6, improving the reliability of GitLab's Kubernetes integration. !30067
- Show correct label and count on Jira import form. !30072
- Copy pipelines routing under - scope. !30159
- Return validation errors for invalid pod name or container name when viewing pod logs. !30165 (Sashi Kumar)
- Move global autocomplete routes to /-/ scope. !30173
- Update the cancel comment note text to a less ambiguous statement. !30189
- Use stricter regex for broadcast target path. !30210
- Change wording of merge request threads counter. !30217
- Indicate topics are optional. !30264 (Ben Bodenmiller)
- Rename Client Side Evaluation to Live Preview. !30309
- Decouple partial clone config from max input size. !30354 (Son Luong Ngoc)
- Update managed jupyter chart to 0.9.0 (stable). !30393
- Hide broadcast messages until the end of the period. !30432
- Add severity icons for alert management. !30472
- Move to supported Elastic helm charts. !30528
- Updated snippet view to show path instead of name for a blob. !30550
- Handle possible RSA key exceptions when generating CI_JOB_JWT. !30702
- Update sidebar packages name. !30712
- Update cron job schedule to have a random time generated on page load. !30729
- Migrate Container-Scanning template to rules syntax. !30775
- Migrate DAST CI template to rules syntax. !30776
- Migrate License-Scanning CI template to rules syntax. !30784
- Code review analytics: Change margin between title and description. !30834
- Productivity Analytics: Remove separator and cleanup title margins. !30839
- Move Auto DevOps Test.gitlab-ci.yml template to rules syntax instead of only/except. !30876
- Change Var to Variable text. !30878
- Move Build.gitlab-ci.yml to `rules` syntax. !30895
- Move Code-Quality.gitlab-ci.yml to `rules` syntax. !30896
- Migrate Dependency-Scanning CI template to rules syntax. !30907
- Apply shared integrations view to project level. !30971
- Exposes description, hosts, details, and timestamps for Alert Management Alert GraphQL. !31091
- Update the example regex in the image expiration policy UI. !31104
- Add clear explanation to the MR widget when no CI is available and Pipeline must succeed option is activated. !31112
- Migrate SAST CI template to rules syntax. !31127
- Update style of buttons on the Releases page. !31129 (Özgür Adem Işıklı @iozguradem)
- Changed test success calculation to exclude skipped tests. !31154
- app:gitlab:check rake task now warns when projects are not in hashed storage. !31172
- Moves embedded metrics for Prometheus alerts to Core. !31203
- Move Deploy.gitlab-ci.yml to `rules` syntax. !31290
- Modify Snippet git path errors to be more helpful. !31333
- Move Browser-Perfomance-Testing.gitlab-ci.yml to `rules` syntax. !31413
- Use gsub instead of the Liquid gem for variable substitution in the Prometheus proxy API. !31482
- Changed terminology of security scanner status from configure to enable. !31503
- Update auto-deploy-image to v0.14.0 with helm 2.16.6, --atomic deployments and improved kubernetes 1.16 support. !31505
- Add ability to add or remove MR labels via API. !31522 (Lee Tickett)
- Disable Docker-in-Docker for Dependency Scanning by default. !31588
- Disable Docker-in-Docker for SAST by default. !31589
- Add migration to import changes to the system dashboard Prometheus queries into DB. !31618
- Ensure links generated by the copy link feature contain variables. !31636
- Migrate from Vue event hub to Mitt in issuables list. !31652 (Arun Kumar Mohan)
- URL params in the monitoring dashboard update variable values defined in yml file. !31662
- Migrate from Vue event hub to Mitt. !31666 (Arun Kumar Mohan)
- Add prefix to template variables in URL in the monitoring dashboard. !31690
- Add fields to GraphQL snippet blob type. !31710
- Make protected_ci_variables setting enabled by default. !31715
- Prepare group import feature to use ndjson. !31741
- Prepare group export feature to use ndjson. !31742
- Remove a lonely dot in Batch Comments. !31783 (Gilang Gumilar)
- Update auto-deploy-image to v0.15.0, with an upgraded PostgreSQL chart used by default for Auto DevOps deployments. !31799
- Force hashed storage to always be enabled. !31801
- Add alert counts by status to GraphQL API. !31818
- Show warning message to user if raw text search is used when filtering pipelines. !31942
- Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/delete_milestone_modal.vue. !31990 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/confidential_merge_request/components/dropdown.vue. !31999 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/diffs/components/diff_discussions.vue. !32004 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/boards/components/board_form.vue. !32005 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/repository/components/breadcrumbs.vue. !32017 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/users/calendar_activities.html.haml. !32094 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/users/_deletion_guidance.html.haml. !32097 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_ref_dropdown.html.haml. !32102 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_recaptcha_form.html.haml. !32106 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_project_limit.html.haml. !32110 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_personal_access_tokens_table.html.haml. !32116 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_milestones_filter.html.haml. !32120 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_milestone_expired.html.haml. !32121 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_label_row.html.haml. !32124 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_group_tips.html.haml. !32127 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_group_form.html.haml. !32132 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_field.html.haml. !32136 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_delete_label_modal.html.haml. !32138 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_commit_message_container.html.haml. !32139 (Gilang Gumilar)
- Externalize i18n aria-label strings from ./app/views/shared/*. !32142 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_top.html.haml. !32148 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_milestone.html.haml. !32154 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_merge_requests_tab.haml. !32158 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_labels_tab.html.haml. !32159 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_issues_tab.html.haml. !32160 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_issuable.html.haml. !32161 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_sidebar.html.haml. !32164 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_nav.html.haml. !32165 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_label_*. !32167 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_report_toggle.html.haml. !32168 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_button.html.haml. !32172 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_bulk_update_sidebar.html.haml. !32173 (Gilang Gumilar)
- Add files param to snippet create mutation. !32309
- Cluster index refactor: Add missing pagination. !32338
- Refactored render errors for blob to Vue. !32345
- Format the alert payload into a table view. !32423
- Add presence validation to content and title in snippet rest endpoints. !32522
- Fix jump to definition linking to same file opening a new tab.

### Performance (15 changes, 2 of them are from the community)

- Speed up NOT Issue filters. !27639
- Add indexes on ingress, enabled clusters and successful deployments. !28331
- Add clusters index to improve usage data queries. !28626
- Uses Kubernetes API conventions to create or update a resource leandrogs. !29010 (Leandro Silva)
- Cache TreeSummary response for logs_tree. !29828
- Move release notification from model callbacks to service. !29853 (Ravishankar)
- Delete orphaned rows in application_settings table. !29981
- Improve cacheability of monaco-editor code. !30032
- Project import queries are now partially batched. !30057
- Upgrade json gem to 2.3.0. !30852
- Use process-wide cache for application settings and performance bar. !31135
- Record usage ping finish time. !31222
- Use NOT VALID to enforce a not null constraint on file store columns. !31261
- Enable ref name caching for merge request diffs. !31530
- Skip mergeability check when listing MRs in the API. !31890

### Added (146 changes, 13 of them are from the community)

- Graphql query for issues can now be sorted by priority. !18901
- Add test report API route. !24648
- Add GraphQL support for querying a board's lists. !24812
- Define remove_label quick action as alias of unlabel. !24962 (Jacopo Beschi @jacopo-beschi)
- Create Wiki activity events on pushes to Wiki git repository. !26624
- Allow users to download a CSV of the recent daily code coverage values per job. !27094
- Display x509 signed tags. !27211 (Roger Meier)
- Enabling git versioned snippets. !27705
- Add option to hide the default "thumbs up" and "thumbs down" buttons on issues, merge requests, and snippets. !27734 (Steve Mokris)
- Add sorting issues by label priority to graphQL endpoint. !27936
- Add certification revocation list download and certificate revoke. !28336 (Roger Meier)
- Add WebIDE Dark Theme Support. !28407
- Add secure binaries template. !28566
- LDAP authentication support for admin mode. !28572 (Diego Louzán)
- Add UI for exporting group data to the group settings. !28573
- Allow to assign milestones to a release on the "Edit Release page". !28583
- Add Previous and Next buttons for commit-by-commit navigation. !28596
- Add the global var SECURE_ANALYZERS_PREFIX. !28617
- Allow users to retry obtaining Let's Encrypt certificates for GitLab Pages. !28784
- Add support for cluster applications CI artifact report. !28866
- Add resource_state_events table. !28926
- Migration to add partitioned_foreign_keys table that tracks foreign keys for partitioned tables. !29064
- Collect object store config in usage data. !29149
- Add freeze period model. !29162
- Moved issue board focus mode to Core and available for for everyone. !29200
- Add freeze periods via CI_DEPLOY_FREEZE variable. !29244
- Add intermediate CAs capability to S/MIME email signature. !29352 (Diego Louzán)
- Add responding to ChatOps jobs triggered in Mattermost. !29366 (Brian Kintz)
- Expose Freeze Periods in REST API. !29382
- Add read/write_package_registry to deploy_tokens. !29383
- Add public API for feature flag user lists. !29415
- Create cluster annotations API endpoint. !29502
- Add ability to change metrics dashboard visibility. !29634
- Add percentage of actors feature flag rollout. !29698
- Add metric dashboard public visibility toggle. !29718
- Route to feature flags based on internal id. !29740
- Send email notification for unknown sign-ins. !29741
- Add search by name to registry image repositories. !29763
- Surface alerts add empty state. !29775
- Enable uploadpack filters by default. !29787
- Select the first option if there is only one metric option on alerts dropdown. !29857 (Gilang Gumilar)
- Add table for Alert Management alerts. !29864
- Add policies for managing 'default_branch_protection' setting in groups. !29879
- Add comment_detail column to services. !29891
- Add option to add custom profile image guidelines. !29894 (Roger Meier)
- View a details of a panel in 'full screen mode'. !29902
- Add database relation to preserve users starred metrics dashboard information. !29912
- Add jira imports to usage data. !29925
- Add issues_create_limit to settings api. !29960
- Map labels from Jira to labels in GitLab. !29970
- Add Deployment to ECS process to AutoDevOps. !29971
- GraphQL issue queries can now be sorted by milestone due date. !29992
- Add table for tracking issues published to status page. !29994
- Create Sprints table and barebones model. !30125
- When viewing a single panel, return to a full dashboard by pressing the Escape key. !30126
- Flesh out Sprints relationships and constraints. !30127
- Add GraphQL type for reading Alert Management Alerts. !30140
- Add ability to query Projects using GraphQL API. !30146
- Add `web_url` to branch API response. !30147
- Fix Jira importer URLs. !30155
- Add migrations for global CI variables. !30156
- Add vue routes support to Static Site Editor. !30163
- Integrate CI instance variables in the build process. !30186
- Add raw_blob_request_limit to Application Settings API. !30211
- Empty state for alerts list. !30215
- Create operations_strategies_user_lists table. !30243
- Adds URL parameter for confidential new issue creation. !30250
- Update Jira comment to include more information. !30258
- Add scheduled_at field to jira_imports table. !30284
- Alerts list loading & error state. !30315
- Deploy token authentication for API with Maven endpoints. !30332
- Add metrics dashboard annotations feature, which enables marking interesting events over metrics dashboard charts. !30371
- Add non_archived argument to issues API endpoint. !30381
- Add admin controller actions for interacting with instance variables. !30385
- Add mutation to create a new branch in GraphQL. !30388
- Introduce API for fetching shared projects in a group. !30461
- Display expanded dashboard from a panel's "Link to chart" URL. !30476
- Resolve Design Comment: Edit Comment text. !30479
- Map Jira issue assignee and author. !30498
- Add email notification on group export complete. !30522
- Add option to restrict emails that match a configured regular expression. !30548
- In metrics dashboard use custom variables from URL in queries. !30560
- Add mutation for AlertManagement's Alert status. !30576
- Multiple metrics edit navigates to prom edit page. !30666
- Update metrics dashboard url when a panel is expanded or contracted. !30704
- Add migration bot user. !30738
- Issues Analytics: Add title to page. !30836
- Contribution Analytics: Add title to page. !30842
- Insights Analytics: Add title to page. !30853
- Repository Analytics: Add title to page. !30855
- CI / CD Analytics: Add title to page. !30891
- Enable Monaco for editing Snippets by default. !30892
- Disabled Edit button for binary snippets. !30904
- Monokai and Solarized Dark syntax highlighting theme for Web IDE. !30931
- Updated deprecated buttons in release page. !30941 (Özgür Adem Işıklı @iozguradem)
- Add sorting to AlertManagement Alert Graphql. !30964
- Web IDE: Introduce syntax highlighting for .vue files. !30986
- Solarized light syntax highlighting theme for the Web IDE. !30989
- Deploy tokens can be used in the API with Basic Auth Headers enabling NuGet and PyPI to be used with deploy tokens. !31035
- Skip spam check for GitLab team members on gitlab.com. !31052
- None syntax highlighting theme for Web IDE. !31056
- Issues Analytics: Add title to group-level page. !31057
- Display metrics dashboards starred by user at the top of dashboard select field. !31059
- Add WYSIWYG editor to the Static Site Editor. !31099
- Conan registry is accessible using deploy tokens. !31114
- Add container registry settings to application_settings table. !31125
- Added provider icon to cluster index display. !31134
- Add a CI variable CI_KUBERNETES_ACTIVE as an alternative to only:kubernetes/except:kubernetes that works with the rules syntax. !31146
- Enable Alert Management functionality. !31171
- Allow monitoring dashboard users to open single panels in a new tab. !31206
- Create dashboard annotations via Graphql. !31249
- Enable deploy token authentication for the NPM registry. !31264
- Add read and write package registry scopes to deploy tokens. !31267
- Read only storage move API. !31285
- Add Design Management (via Designs tab on Issues) to GitLab FOSS. !31309
- Exposes issue IID in Alert Management Alert's GraphQL endpoint. !31313
- New API endpoint for starring metrics dashboards. !31316
- Add search bar to container registry image list. !31322
- Highlight focused Design discussion in image markers. !31323
- Allow showing merge request diffs compared to current version of target branch. !31325
- Add alert on project issues page to show Jira import is in progress. !31329
- Add API CRUD actions for instance-level CI/CD variables. !31342
- Add alert on project issues page to show Jira import has finished. !31375
- Filter pipelines by trigger author and branch name. !31386
- Add incident_labeled_issues to usage ping. !31406
- Refactored Snippet view to Vue. !31450
- Make report-type artifacts available for download. !31513
- Render dropdown and text elements based on variables defined in monitoring dashboard yml file. !31524
- Add expunge deleted messages option to mailroom. !31531 (Diego Louzán)
- Log Cloudflare request headers. !31532
- Allow Web IDE markdown to preview uncommitted images. !31540
- Add Webex Teams project integration service. !31543 (Sebastian Leuser)
- Add Rubocop cop to flag keyword arguments usage in Sidekiq workers. !31551 (Arun Kumar Mohan)
- Allow users to star/unstar dashboards which will appear at the top of their dashboards options. !31597
- Add ability to create merge request from vulnerability page. !31620
- Add confidential status support for comment and replies. !31622
- Add Web IDE pipelines usage counter. !31658
- Ruby metrics now include USS and PSS memory readings. !31707
- Add issues_created_gitlab_alerts to usage ping. !31802
- Add Alert Detail view. !31877
- New API endpoint for removing stars from metrics dashboards. !31892
- View raw file of any zip artifacts. !31912
- Add search to Alert Management Alerts GraphQL query. !32047
- Add "Keep divergent refs" option for push mirrors. !32381
- Add fields to Alert Details view. !32392
- Update GitLab Pages to 1.18.0.

### Other (70 changes, 25 of them are from the community)

- Remove Admin -> Settings -> Geo navigation. !21005 (Lee Tickett)
- removes store logic from issue board models. !21400 (nuwe1)
- removes store logic from issue board models. !21408 (nuwe1)
- Moves updateIssue from issue model to board store. !21414 (nuwe1)
- Improve error handling of squash and rebase. !23740
- Remove obsolete bot_type column. !27076
- Remove obsolete columns from resource_milestone_events. !28536
- Add index to issue_id and created_at of resource_weight_events. !28930
- Clean up & Re-arrange the keyboard shortcuts modal. !28992
- Remove ci_expose_arbitrary_artifacts_in_mr feature flag. !29363 (Lee Tickett)
- Remove git_archive_path feature flag. !29369 (Lee Tickett)
- Rename Snippet search results title. !29599
- Update to Rails 6.0.2.2. !29743
- Log server responses of API bad requests in api_json.log. !29839
- Clean up refresh fix for cancel automatic merge. !29844
- Add snippet repository backfilling migration. !29927
- Remove the SIDEKIQ_REQUEST_STORE configuration. !29955
- Increase label list label column width. !29963
- Refactor count queries to single query on Projects::EnvironmentsController. !30073 (Sashi Kumar)
- Update text on self-managed sign in page. !30135
- Remove namespaces.plan_id column. !30351
- Migrate models and policies specs to consider admin mode. !30430 (Diego Louzán)
- Upgrade Nokogiri to v1.10.9. !30435
- Add snippet migration rake tasks. !30489
- Error tracking target blank empty state. !30525
- Remove elasticsearch_experimental_indexer column. !30628
- Update the template for Static Site Editor / Middleman. !30642
- Remove unused cluster configuration workers. !30695
- Remove deprecated Snippet `code` attribute from Project Snippets API. !30739
- Update merge request widget question mark icons. !30759
- Value Stream Analytics: Add title and remove separator. !30841
- Remove mention of github-markup in Wiki clone help. !30962
- Alert Management mobile styling. !31082
- Allow Auto DevOps Test stage to start immediately. !31185
- Enable async_merge_request_check_mergeability by default. !31196
- Cleanup background migration for populating user_highest_roles table. !31218
- Add docs for alert management list. !31225
- Remove extra spaces from markdown toolbar items. !31288
- Use cookies with metadata to prevent reuse as another cookie. !31311
- Add inherit_from_id column to services table. !31320
- Organize package models by package type. !31346 (Sashi Kumar)
- Apply active class on active link element in HAML pagination. !31396
- Update GitLab Runner Helm Chart to 0.16.1. !31492
- Log when container registry permissions are denied. !31536
- Add epic_id to resource_state_events. !31587
- Update doorkeeper to latest version 5.0.3. !31673
- Add Foreign Key on projects.namespaces_id. !31675
- Fix misalignment of author dropdown on the commits search page. !31686
- Update css-loader ^1.0.0 -> ^2.1.1. !31743 (Pirate Praveen)
- Fix database schema inconsistency with not-null checks. !31930
- Removes create_confidential_merge_request feature flag leandrogs. !31968 (Leandro Silva)
- Update deprecated slot syntax in ./app/assets/javascripts/issue_show/components/fields/description.vue. !31979 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue. !31980 (Gilang Gumilar)
- Update group and project export info messages. !31981 (briankabiro)
- Relocate Nuget presenter helpers to presenters module. !31985 (Sashi Kumar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue. !31992 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/performance_bar/components/detailed_metric.vue. !32006 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/profile/account/components/delete_account_modal.vue. !32007 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/environments/components/stop_environment_modal.vue. !32012 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/serverless/components/area.vue. !32015 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/releases/components/app_edit.vue. !32018 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/releases/components/evidence_block.vue. !32019 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/ide/components/ide_review.vue. !32025 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/ide/components/pipelines/list.vue. !32027 (Gilang Gumilar)
- Update alert management table background colour to correct gray. !32068
- Validate package types in package metadatum models. !32091 (Sashi Kumar)
- Update error tracking table background colour to correct gray. !32133
- Update GitLab Elasticsearch Indexer to v2.3.0. !32199
- Update asciidoctor-plantuml gem to v0.0.12. !32376
- Use visitUrl in Alert management. !32414

## 12.10.14 through 12.0.0

- See [changelogs/archive-12.md](changelogs/archive-12.md)

## 11.11.8 through 11.0.0

- See [changelogs/archive-11.md](changelogs/archive-11.md)

## 10.8.6 through 10.0.0

- See [changelogs/archive-10.md](changelogs/archive-10.md)

## 9.5.10 through 0.8.0

- See [changelogs/archive.md](changelogs/archive.md)