gitlab-org--gitlab-foss/changelogs/archive-12.md

4818 lines
265 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## 12.10.14 (2020-07-06)
- No changes.
## 12.10.13 (2020-07-01)
### Security (15 changes)
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.
## 12.10.12 (2020-06-24)
### Fixed (1 change)
- Correctly count wiki pages in sidebar. !30508
## 12.10.11 (2020-06-10)
- No changes.
## 12.10.8 (2020-05-28)
### Fixed (2 changes)
- Fix Geo replication for design thumbnails. !32703
- Fix 404s downloading build artifacts. !32741
## 12.10.7 (2020-05-27)
### Security (14 changes)
- Add an extra validation to Static Site Editor payload.
- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Disable caching on repo/blobs/[sha]/raw endpoint.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.
- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API.
## 12.10.6 (2020-05-15)
### Fixed (5 changes)
- Fix duplicate index removal on ci_pipelines.project_id. !31043
- Fix 500 on creating an invalid domains and verification. !31190
- Fix incorrect number of errors returned when querying sentry errors. !31252
- Add instance column to services table if it's missing. !31631
- Fix incorrect regex used in FileUploader#extract_dynamic_path. !32271
## 12.10.5 (2020-05-13)
### Added (1 change)
- Consider project group and group ancestors when processing CODEOWNERS entries. !31804
## 12.10.4 (2020-05-05)
### Fixed (1 change)
- Add a Project's group to list of groups when parsing for codeowner entries. !30934
## 12.10.2 (2020-04-30)
### Security (8 changes)
- Ensure MR diff exists before codeowner check.
- Apply CODEOWNERS validations to web requests.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Change GitHub service integration token input to password.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
## 12.10.1 (2020-04-24)
### Fixed (5 changes)
- Fix bug creating project from git ssh. !29771
- Fix Web IDE handling of deleting newly added files. !29783
- Fix null dereference in /import status REST endpoint. !29886
- Fix Service Templates missing Active toggle. !29936
- Fix 500 error on accessing restricted levels. !30313
### Changed (1 change)
- Move Group Deploy Tokens to new Group-scoped Repository settings. !29290
### Other (1 change)
- Migration of dismissals to vulnerabilities. !29711
## 12.10.0 (2020-04-22)
### Removed (3 changes)
- Revert LDAP readonly attributes feature. !28541
- Remove deprecated /ci/lint page. !28562
- Remove open in file view link from Web IDE. !28705
### Fixed (118 changes, 26 of them are from the community)
- Return 202 for command only notes in REST API. !19624
- Run SAST using awk to pass env variables directly to docker without creating .env file. !21174 (Florian Gaultier)
- #42671: Project and group storage statistics now support values up to 8 PiB (up from 4GiB)
. !23131 (Matthias van de Meent)
- Fix 500 error on profile/chat_names for deleted projects. !24341
- Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !24684
- Fix archived corrupted projects not displaying in admin. !25171 (erickcspice)
- Fix some Web IDE bugs with empty projects. !25463
- Fix failing ci variable e2e test. !25924
- Fix new file not being created in non-ascii character folders. !26165
- Validate uniqueness of project_id and type when a new project service is created. !26308
- Fix assignee dropdown on new issue page. !26971
- Resolve Unable to expand multiple downstream pipelines. !27029
- Hide admin user actions for ghost and bot users. !27162
- Fix invalid ancestor group milestones when moving projects. !27262
- Fix right sidebar when scrollbars are always visible. !27314 (Shawn @CasualBot)
- Fix OpenAPI file detector. !27321 (Roger Meier)
- Fix managed_free_namespaces scope to only groups without a license or a free license. !27356
- Set commit status to failed if the TeamCity connection is refused. !27395
- Resolve Improve format support message in issue design. !27409
- Add tooltips with full path to file headers on file tree. !27437
- Scope WAF Statistics anomalies to environment.external_url. !27466
- Show the proper information in snippet edit form. !27479
- Fixes the repository Vue router not working with Chinese characters. !27494
- Fix smartcard config initialization. !27560
- Fix audit event that weren't being created for failed LDAP log-in tries. !27608
- Fix filtered search tokenization. !27648
- Fix processing of GrapqhQL query complexity based on used resolvers. !27652
- Update board scopes when promoting a label. !27662
- Reuse default generated snippet file name in repository. !27673
- Revert user bio back to non-italicized font to fix rendering of emojis. !27693
- Filter out Releases with missing tags. !27716
- Update detected languages for dependency scanning in no dind mode. !27723
- Fix logic for ingress can_uninstall?. !27729
- Fix dropped filter when paging groups. !27737 (Lee Tickett)
- Amend GraphQL merge requests resolver to check for project presence. !27783
- Fix bug issue template handling of markdown. !27808 (Lee Tickett)
- Update discord notifications to be a single embed and include log messages. !27812 (Sam Bingner)
- Update detected languages for sast in no dind mode. !27831
- Fix bug inviting members whose emails start with numbers. !27848 (Lee Tickett)
- Allow self monitoring project to query internal Prometheus even when "Allow local requests in webhooks and services" setting is false. !27865
- Add missing docstring to Prometheus metric. !27868
- Resolve Snippet creation failure bug. !27891
- Fix optional params for deploy token API. !27961 (Nejc Habjan)
- Use Ci::Pipeline#all_merge_requests.first as Ci::Build#merge_request. !27968
- Fix bug tracking snippet shard name. !27979
- Add `discussion_locked` to Webhook. !28018
- Fix invalid class option for ionice. !28023
- Improve SAST NO_DIND file detection with proper boundary conditions. !28036
- Detect skipped specs in JUnit reports and set TestCase status. !28053
- Allow 0 for pages size limit setting in admin settings. !28086
- Fix wrong colors displayed in charts. !28095
- Fix incorrect content returned on empty dotfile. !28144
- Include LDAP UID attribute in default attributes for all LDAP lookups. !28148
- Fix deploy token API to properly delete all associated deploy token records. !28156
- Fix Gitlab::Auth to handle orphaned oauth tokens. !28159
- Protect sidekiq admin UI with admin mode. !28164 (Diego Louzán)
- Prevent overriding the username when creating a Deploy Token via the API. !28175 (Ayoub Mrini)
- Resolve Snippet actions with binary data. !28191
- Make all HTTPS cookies set SameSite to none. !28205
- Don't send 'accept-encoding' in HttpIO requests. !28239
- Gracefully handle missing latest CI pipeline. !28263
- Fix error removing secondary email. !28267 (Lee Tickett)
- Fix name of approvals column in merge requests. !28274 (Steffen Köhler)
- Add management_project_id to group and project cluster creation, clarifies docs. !28289
- Check first if feature flag version_snippet is enabled. !28352
- Fix single stat panel percentile format support. !28365
- Use CTE optimization for searching board issues. !28430
- Fix missing synthetic milestone change notes for disabled milestone change event tracking feature flag. !28440
- Fix Releases page for Guest users of private projects. !28447
- Prevent ProjectUpdateRepositoryStorageWorker from moving to same filesystem. !28469
- Return error message for create_merge_request. !28482
- Include MR times in Milestone time overview. !28519 (Bob van de Vijver)
- Fix daily report result to use average of coverage values if there are multiple builds for a given group name. !28556
- Token creation uses HTTP status CREATED. !28587
- Allow award emoji same name & user duplicates when Importing. !28588
- Fix pagination in Merge Request GraphQL api. !28667 (briankabiro)
- Remove duplicate spec in web hook service spec. !28669 (Rajendra Kadam)
- Fix GraphQL SnippetType repo urls. !28673
- Add missing ON DELETE FK constraints referencing users table. !28720
- Update duplicate specs in notification service spec. !28742 (Rajendra Kadam)
- Fix styling of MR dropdown in Web IDE. !28746
- Better error message when importing a Github project and Github API rate limit is exceeded. !28785
- Prevent false positives in Ci::Pipeline#all_merge_requests. !28800
- Enable toggle all discussions button for logged out users. !28809 (Diego Louzán)
- Fix display of PyCharm generated Jupyter notebooks. !28810 (Jan Beckmann)
- Resolve Snippet update error with version flag disabled. !28815
- Show multimetric embeds on a single chart. !28841
- Fix race condition updating snippet without repository. !28851
- Normalize signature mime types when filtering attachments in emails. !28865 (Diego Louzán)
- Add autostop check to folder table. !28937
- Fix 500 error on create release API when providing an invalid tag_name. !28969 (Sashi Kumar)
- Fix missing group icons on profile page when screen < 576px. !28973
- Stringify Sidekiq job args in exception logs. !28996
- Ensure members are always added on Project Import when importing as admin. !29046
- Elasticsearch recommendation alert does not appears while screen is loaded. !29097
- Prevent wrong environment being used when processing Prometheus alert. !29119
- Fix Slack slash commands using relative URL. !29160
- Exclude 'trial_ends_on', 'shared_runners_minutes_limit' & 'extra_shared_runners_minutes_limit' from list of exported Group attributes. !29259
- Group level container registry show subgroups repos. !29263
- Move prepend to last line in finders files. !29274 (Rajendra Kadam)
- Remove 'error' from diff note error message. !29281
- Migrate legacy uploads out of deprecated paths. !29295
- Move prepend to last line in commit status presenter. !29328 (Rajendra Kadam)
- Move prepend to last line in app serializers. !29332 (Rajendra Kadam)
- Move prepend to last line in app workers and uploaders. !29379 (Rajendra Kadam)
- fix: Publish toolbar dissappears when submitting empty content. !29410
- Replace deprecated GlLoadingIcon sizes. !29417
- fix display head and base in version dropdowns. !29433
- Fix Web IDE not showing diff when opening commit tab. !29439
- Use music icon for files with .ogg extension. !29514
- Fix dashboard processing error which prevented dashboards with unknown attributes inside panels from being displayed. !29517
- Fix Deploy Token creation when no scope selected. !29614
- Update auto-build-image to v0.2.2 with fixes for docker caching. !29730
- Fix resolve WIP clearing merge request area. !29757
- Enable the Add metric button for CE users. !29769
- Fix Error 500 when inviting user to a few projects. !29778
- Fixed whitespace toggle not showing the correct diff.
- Fixed upload file creating a file in the wrong directory.
### Deprecated (1 change)
- Deprecate 'token' attribute from Runners API. !29481
### Changed (62 changes, 7 of them are from the community)
- Only enable searching of projects by full path / name on certain dropdowns. !21910
- Support wiki events in activity streams. !23869
- Fix for issue 26426: Details of runners of nested groups of an owned group are now available for users with enough permissions. !24169 (nachootal@gmail.com)
- Rename "Project Services" to "Integrations" in frontend and docs. !26244
- Support multiple Evidences for a Release. !26509
- Move some global routes to - scope. !27106
- Only display mirrored URL to users who can manage Repository settings. !27166
- Disable lookup of other ActiveSessions to determine admin mode status. !27318 (Diego Louzán)
- Extract X509::Signature from X509::Commit. !27327 (Roger Meier)
- Show user statistics in admin area also in CE, and use daily generated data for these statistics. !27345
- Update aws-ecs image location in CI template. !27382
- Update More Pages button on Wiki Page. !27499
- Update ApplicationLimits to prefer defaults. !27574
- Allow external diff files to be removed. !27602
- Add atomic and cleanup-on-fail parameters for Helm. !27721
- Change the url when the timeslider changes. !27726
- Add user_details.bio column and migrate data from users.bio. !27773
- WAF settings will be read-only if there is a new version of ingress available. !27845
- Add an helper to check if a notification_event is enabled. !27880 (Jacopo Beschi @jacopo-beschi)
- Ensure freshness of settings with snippet creation. !27897
- Update copies in Admin Panel > Repository Storage section. !27986
- Add event tracking to Container regstry quickstart. !27990
- Render snippet repository blobs. !28085
- Accept `author_username` as a param in Merge Requests API. !28100
- Use rich icons for thw rows on the file tree. !28112
- Renamed Contribution Charts as Repository Analytics. !28162
- Move Alerting feature to Core. !28196
- Add file-based pipeline conditions to default Auto DevOps CI template. !28242
- Make pipeline info in chat notifications concise. !28284
- Use different approval icon if current user approved. !28290 (Steffen Köhler)
- Remove repeated examples in user model specs. !28450 (Rajendra Kadam)
- Show only active environments in monitoring dropdown. !28456
- Enable container expiration policies by default for new projects. !28480
- Show snippet error update to the user. !28516
- Move 'Additional Metrics' feature to GitLab Core. !28527
- Add ability to search by environment state in environments GraphQL API. !28567
- Add correlation_id to project_mirror_data, expose in /import API endpoints. !28662
- Add status column to container_registry. !28682
- Cleanup the descriptions of some fields of GraphQL ProjectType. !28735
- Add Project template for Static Site Editor / Middleman. !28758
- Remove duplicate show spec in admin routing. !28790 (Rajendra Kadam)
- Add Fluentd model for cluster apps. !28846
- Add grab cursor for operations dashboard cards. !28868
- Update copy when snippet git feature disabled. !28913
- Expose relations that failed to import in /import endpoints. !28915
- Update informational text on Edit Release page. !28938
- Add support for dot (.) in variables masking. !29022
- Update Auto DevOps docker version to 19.03.8. !29081
- Make search redaction more robust. !29166
- Enable async delete in container repository list. !29175
- Make manual prometheus configuration section always editable. !29209
- Adjust label title applied to issues on import from Jira. !29246
- Track statistics per project for jira imported issues. !29406
- Display local timezone in log explorer. !29409
- Allow to retry submitting changes when an error occurs. !29434
- Define dashboard dropdowns layout in flex to improve support smaller screens. !29477
- Update auto-deploy-image to v0.13.0 for deploy job, enabling more granular control over service.enabled. !29524
- Do not display branch link in saved changes message UI. !29611
- Redesign Jira issue import UI. !29671
- Add support for /file_hooks directory. !29675
- Sort the project dropdown by star count when moving issues. !29766
- Increase the timing of polling for the merge request widget.
### Performance (45 changes)
- Limits issues displayed on milestones. !23102
- Optimize suggestions counters. !26443
- Prefetch DNS for asset host. !26868
- Move bots functionality to user_type column. !26981
- Optimize projects_service_active queries performance in usage data. !27093
- Optimize projects_mirrored_with_pipelines_enabled query performance in usage data. !27110
- Optimize ldap keys counters query performance in usage data. !27309
- Enable Workhorse upload acceleration for Project Import uploads via UI. !27332
- Cache ES enabled namespaces and projects. !27348
- Optimize template_repositories query by using batch counting. !27352
- Reduce SQL queries when rendering webhook settings. !27359
- Reduce number of SQL queries for service templates. !27396
- Improve Advanced global search performance by using routing. !27398
- Improve performance of the container repository cleanup tags service. !27441
- Optimize usage ping queries by using batch counting. !27455
- Fix redundant query execution when loading board issues. !27505
- Optimize projects_enforcing_code_owner_approval counter query performance for usage ping. !27526
- Optimize projects_reporting_ci_cd_back_to_github query performance for usage data. !27533
- Optimize service desk enabled projects counter. !27589
- Improve pagination in discussions API. !27697
- Improve API response for archived project searchs. !27717
- Optimize ci builds counters in usage data. !27770
- Enable streaming serializer feature flag by default. !27813
- Harden jira usage data. !27973
- Create merge request pipelines in background jobs. !28024
- Optimize ci builds non distinct counters in usage data. !28027
- Remove feature flag 'export_fast_serialize' and 'export_fast_serialize_with_raw_json'. !28037
- Improve API response for descending internal project searches. !28038
- Make Rails.cache and Gitlab::Redis::Cache share the same Redis connection pool. !28074
- Introduce rate limit for creating issues via web UI. !28129
- Introduce rate limit for creating issues via API. !28130
- Remove unnecessary index index_ci_builds_on_name_for_security_reports_values. !28224
- Disallow distinct count for regular batch count. !28518
- Resolve an N+1 in merge request CI variables. !28688
- Use faster streaming serializer for project exports. !28925
- Add index for created_at of resource_milestone_events. !28929
- Optimize issues with embedded grafana charts usage counter. !28936
- Avoid scheduling duplicate sidekiq jobs. !29116
- Optimize projects with repositories enabled usage data. !29117
- Use diff-stats for calculating raw diffs modified paths. !29134
- Optimize protected branches usage data. !29148
- Refresh only existing MRs on push. !29420
- Reduce SQL requests number for CreateCommitSignatureWorker. !29479
- Remove redundant index from projects table. !29507
- Add index on users.unlock_token. !276298
### Added (140 changes, 33 of them are from the community)
- New package list is enabled which includes filtering by type. !18860
- Create a rake task to cleanup unused LFS files. !21747
- Support Asciidoc docname attribute. !22313 (Jouke Witteveen)
- Adds features to delete stopped environments. !22629
- Highlight line which includes search term is code search results. !22914 (Alex Terekhov (terales))
- Allow embedded metrics charts to be hidden. !23929
- Add toggle all discussions button to MRs. !24670 (Martin Hobert & Diego Louzán)
- Store daily code coverages into ci_daily_report_results table. !24695
- Add cluster management project template. !25318
- Add limit metric to lists. !25532
- Add support for Okta as a SCIM provider. !25649
- Add grape custom validator for git reference params. !26102 (Rajendra Kadam)
- Add healthy column to clusters_applications_prometheus table. !26168
- Add API endpoint to list runners for a group. !26328
- Add unlock_membership_to_ldap boolean to Groups. !26474
- Adds wiki metadata models. !26529
- Create model to store Terraform state files. !26619
- Improve logs dropdown with more clear labels. !26635
- Add all pods view to logs explorer. !26883
- Add first_contribution to single merge request API. !26926
- Populate user_highest_roles table. !27127
- Add option for switching between blocking and logging for WAF. !27133
- Add bar chart support to monitoring dashboard. !27155
- Start merge request for custom dashboard if new branch is provided. !27189
- Update user's highest role to keep the users statistics up to date. !27231
- Make "Value Stream" the default page that appears when clicking the project-level "Analytics" sidebar item. !27279 (Gilang Gumilar)
- Add metric to derive new users count. !27351
- Display cluster type in cluster info page. !27366
- Improve logs filters on mobile, simplify kubernetes API logs filters. !27484
- Adds branch information to the package details title section. !27488
- Add forking_access_level to projects API. !27514 (Mathieu Parent)
- Add a DB column to track external issue and epic ids when importing from external sources. !27522
- Added Edit Title shared component. !27582
- Add metrics dashboard annotation model, relation, policy, create and delete services. To provide interface for create and delete operations. !27583
- Adds filter by name to the packages list. !27586
- Allow querying of Jira imports and their status via GraphQL. !27587
- Update Gitaly to 12.9.0-rc5. !27631
- Add filtered search for elastic search in logs. !27654
- Add cost factor fields to ci runners. !27666
- Add auto_ssl_failed to pages_domains. !27671
- Allow to start Jira import through graphql mutation. !27684
- Add terraform report to merge request widget. !27700
- Read metadata from Wiki front-matter. !27706
- Support custom graceful timeout for Sidekiq Cluster processes. !27710
- Show storage size on project page. !27724 (Roger Meier)
- Upload a design by copy/pasting the file into the Design Tab. !27776
- Update Active checkbox component to use toggle. !27778
- Add namespace_storage_size_limit to application settings. !27786
- Add issues to graphQL group endpoint. !27789
- Enable container registry at the group level. !27814
- Expose created_at property in Groups API. !27824
- Add an endpoint to allow group admin users to purge the dependency proxy for a group. !27843
- Filter health endpoint metrics. !27847
- Add support for system note metadata in project Import/Export. !27853 (Melvin Vermeeren)
- Add daily job to create users statistics. !27883
- Add DS_REMEDIATE env var to dependency scanning template. !27947
- Add Swift Dockerfile to GitLab templates. !28035
- Generate JWT and provide it to CI jobs for integration with other systems. !28063
- Update user's highest role to keep the users statistics up to date. !28087
- Add jira_imports table to track current jira import progress as well as historical imports data. !28108
- Add initial support for Cloud Native Buildpacks in Auto DevOps builds. !28165
- Add app server type to usage ping. !28189
- Add last_activity_before and last_activity_after filter to /api/projects endpoint. !28221 (Roger Meier)
- Expose basic project services attributes through GraphQL. !28234
- Add environment-state flag to metrics data. !28237
- Allow defining of metric step in dashboard yml. !28247
- Separate validators into own class files. !28266 (Rajendra Kadam)
- Refactor push rules and add push_rule_id columns in project settings and application settings. !28286
- Added support for single-token deletion via option/ctrl-backspace or search-filter clearing via command-backspace in filtered search. !28295 (James Becker)
- Enable log explorer to use the full height of the screen. !28312
- Automatically assign id to each panel within dashboard to support panel scoped annotations. !28341
- Add Praefect rake task to print out replica checksums. !28369
- Add rake task to update x509 signatures. !28406 (Roger Meier)
- Add application setting to enable container expiration and retention policies on pre 12.8 projects. !28479
- Add Prometheus alerts automatically after Prometheus Service was created. !28503
- Add ability to filter commits by author. !28509
- Add usage data metrics for instance level clusters and clusters with management projects. !28510
- Add slash command support for merge train. !28532
- Add metrics dashboard annotations to GraphQL API. !28550
- Refactor duplicate specs in wiki page specs. !28551 (Rajendra Kadam)
- Refactor duplicate member specs. !28574 (Rajendra Kadam)
- Remove design management as a license feature. !28589
- Add api endpoint to get x509 signature. !28590 (Roger Meier)
- Refactored Snippet edit form to Vue. !28600
- Add support for database-independent embedded metric charts. !28618
- Fix issuable duplicate spec. !28632 (Rajendra Kadam)
- Fix build duplicate spec. !28633 (Rajendra Kadam)
- Remove duplicate specs in ability model. !28644 (Rajendra Kadam)
- Remove duplicate specs in update service spec. !28650 (Rajendra Kadam)
- Add added_lines and removed_lines columns to merge_request_metrics table. !28658
- Remove duplicate specs in pipeline message spec. !28664 (Rajendra Kadam)
- Implement Terraform State API with locking. !28692
- Move export issues feature to core. !28703
- Add status endpoint to Pages Internal API. !28743
- Enable last user activity logging on the REST API. !28755
- Refresh metrics dashboard data without reloading the page. !28756
- Update duplicate specs in update large table spec. !28787 (Rajendra Kadam)
- Fix duplicate spec in factory relation spec. !28794 (Rajendra Kadam)
- Remove duplicate spec from changelog spec. !28801 (Rajendra Kadam)
- Remove duplicate spec from closing issue spec. !28803 (Rajendra Kadam)
- Allow Release links to be edited on the Edit Release page. !28816
- Create operations_user_lists table. !28822
- Added the clone button for Snippet view. !28840
- Add Fluentd table for cluster apps. !28844
- Fix duplicate spec from user helper spec. !28854 (Rajendra Kadam)
- Add missing spec for gitlab schema. !28855 (Rajendra Kadam)
- Fix duplciate spec in merge requests. !28856 (Rajendra Kadam)
- Fix duplicate spec in environment finder. !28857 (Rajendra Kadam)
- Fix duplicate spec in template dropdown spec. !28858 (Rajendra Kadam)
- Fix duplicate spec in user post diff notes. !28859 (Rajendra Kadam)
- Fix duplicate spec in filter issues. !28860 (Rajendra Kadam)
- Remove `ci_dag_support` feature flag. !28863 (Lee Tickett)
- Validate dependency on job generating a CI config when using dynamic child pipelines. !28901
- Add read_api scope to personal access tokens for granting read only API access. !28944
- Add a new default format(engineering notation) for yAxis labels in monitor charts. !28953
- Add write_registry scope to deploy tokens for container registry push access. !28958
- Add Nginx error percentage metric. !28983
- Provide configuration options for Static Site Editor. !29058
- Remove blobs_fetch_in_batches feature flag. !29069
- API endpoint to create annotations for environments dashboard. !29089
- Add graphQL interface to fetch metrics dashboard. !29112
- Add typed AWS environment variables for access keys & region. !29124
- Add line range to diff note position. !29135
- Add push rules association for groups. !29144
- Gather historical pod list from Elasticsearch. !29168
- Save changes in Static Site Editor using REST GitLab API. !29286
- Add temporary empty message when no result is found. !29306
- Add API endpoint to get users without projects. !29347
- Add status page url field to DB and setting model. !29357
- Add metrics_dashboard_access_level to project features. !29371
- Add a database column to enable or disable group owners from changing the default branch protection setting of a group. !29397
- Allow sorting of issue and MR discussions. !29492
- Update UI for project and group settings CI variables. !29584
- Add GRADLE_CLI_OPTS and SBT_CLI_OPTS env vars to dependency scanning orchestrator. !29595
- Add name_regex_keep to container_expiration_policies. !29618
- Adds Knative and Fluentd as CI/CD managed applications. !29637
- Add jira issues import feature.
- Add wildcard case in documentation for artifacts. (Fábio Matavelli)
- Add namespace storage size limit setting.
- Add placeholders to broadcast message notifications.
### Other (48 changes, 16 of them are from the community)
- Convert schema to plain SQL using structure.sql. !22808
- Provide link to a survey for Knative users. !23025
- Complete the migration of Job Artifact to Security Scan. !24244
- Migrate .fa-spinner to .spinner for app/views/shared/notes. !25028 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/ci/variables. !25030 (nuwe1)
- Migrate .fa-spinner to .spinner for ee/app/views/projects/settings. !25038 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/projects/mirrors. !25041 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/projects/network. !25050 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/groups. !25053 (nuwe1)
- Replace underscore with lodash for ./app/assets/javascripts/vue_shared. !25108 (Tobias Spagert)
- Remove health_status column from epics. !26302
- Show object access warning when disabling repo LFS. !26696
- Update icons in Sentry Error Tracking list for ignored/resolved errors. !27125
- Use Ruby 2.7 in specs to remove Ruby 2.1/2.2/2.3. !27269 (Takuya Noguchi)
- Fill user_type for ghost users. !27387
- Add Bitbucket Importer metrics. !27524
- Consume remaining LinkLFsObjectsProjects jobs. !27558
- Update GitLab Runner Helm Chart to 0.15.0. !27670
- Log Redis call count and duration to log files. !27735
- Use id instead of cve where possible when parsing remediations. !27815
- Log member additions when importing Project/Group. !27930
- Change project_export_worker urgency to throttled. !27941
- Add missing track_exception() call to Ci::CreateJobArtifactsService. !27954
- Add possibility to conigure additional rails hosts with env variable. !28133
- Remove new issue tooltip. !28261 (Victor Wu)
- Improve message when promoting project labels. !28265
- Change the link to chart copy text. !28371
- Conditional mocking of admin mode in specs by directory. !28420 (Diego Louzán)
- Align color and font-weight styles of heading elements and their typography classes. !28422
- Fix merge request threads icon buttons color. !28465
- Updated spinner next to forking message. !28506 (Victor Wu)
- Replaced old-style buttons with the new ones on Snippet view. !28614
- Change redo for retry icon in metrics dashboard. !28670
- Remove User's association max_access_level_membership. !28757
- Reduce urgency of EmailsOnPushWorker. !28783
- Use concern instead of service to update highest role. !28791
- Normalize error message between Gitea and Fogbugz importers. !28802
- Fix keyboard shortcut to navigate to your groups. !28873 (Victor Wu)
- Fix keyboard shortcut to navigate to dashboard activity. !28985 (Victor Wu)
- Remove unused index for vulnerability severity levels. !29023
- Update query labels dynamically for embedded charts. !29034
- Refactor projects/:id/packages API to supply only necessary params to PackagesFinder. !29052 (Sashi Kumar)
- Implement showing CI bridge error messages. !29123
- Update GitLab Shell to v12.1.0. !29167
- Update GitLab Elasticsearch Indexer. !29256
- Add Gitlab User-Agent to ContainerRegistry::Client. !29294 (Sashi Kumar)
- Improve error message in DAST CI template. !29388
- Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar)
## 12.9.10 (2020-06-10)
- No changes.
## 12.9.8 (2020-05-27)
### Security (13 changes)
- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Disable caching on repo/blobs/[sha]/raw endpoint.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.
- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API.
## 12.9.6 (2020-05-05)
### Fixed (1 change)
- Add a Project's group to list of groups when parsing for codeowner entries. !30934
## 12.9.5 (2020-04-30)
### Security (9 changes)
- Ensure MR diff exists before codeowner check.
- Apply CODEOWNERS validations to web requests.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Prevent ES credentials leak.
- Change GitHub service integration token input to password.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
## 12.9.4 (2020-04-16)
- No changes.
### Fixed (5 changes, 1 of them is from the community)
- Fix not working File upload from Project overview page. !26828 (Gilang Gumilar)
- Fix storage rollback regression caused by previous refactor. !28496
- Fix incorrect regex used in FileUploader#extract_dynamic_path. !28683
- Fully qualify id columns for keyset pagination (Projects API). !29026
- Fix Slack notifications when upgrading from old GitLab versions. !29111
## 12.9.3 (2020-04-14)
### Security (3 changes)
- Refresh ProjectAuthorization during Group deletion.
- Prevent filename bypass on artifact upload.
- Update rack and related gems to 2.0.9 to fix security issue.
## 12.9.2 (2020-03-31)
### Fixed (5 changes)
- Ensure import by URL works after a failed import. !27546
- Fix issue/MR state not being preserved when importing a project using Project Import/Export. !27816
- Leave upload Content-Type unchaged. !27864
- Disable archive rate limit by default. !28264
- Fix rake gitlab:setup failing on new installs. !28270
### Changed (1 change)
- Rename feature on the FE and locale.
### Performance (1 change)
- Index issues on sent_notifications table. !27034
## 12.9.1 (2020-03-26)
### Security (16 changes)
- Add permission check for pipeline status of MR.
- Ignore empty remote_id params from Workhorse accelerated uploads.
- External user can not create personal snippet through API.
- Prevent malicious entry for group name.
- Restrict mirroring changes to admins only when mirroring is disabled.
- Reject all container registry requests from blocked users.
- Deny localhost requests on fogbugz importer.
- Redact notes in moved confidential issues.
- Fix UploadRewriter Path Traversal vulnerability.
- Block hotlinking to repository archives.
- Restrict access to project pipeline metrics reports.
- vulnerability_feedback records should be restricted to a dev role and above.
- Exclude Carrierwave remote URL methods from import.
- Update Nokogiri to fix CVE-2020-7595.
- Prevent updating trigger by other maintainers.
- Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown.
### Fixed (1 change)
- Fix updating the authorized_keys file. !27798
## 12.9.0 (2020-03-22)
### Security (1 change)
- Update Puma to 4.3.3. !27232
### Removed (3 changes)
- Remove staging from commit workflow in the Web IDE. !26151
- Remove and deprecate snippet content search. !26359
- Remove "Analytics" suffix from the sidebar menu items. !26415
### Fixed (117 changes, 19 of them are from the community)
- Set all NULL `lock_version` values to 0 for issuables. !18418
- Support finding namespace by ID or path on fork API. !20603 (leoleoasd)
- Fixes caret position after pasting an image 15011. !21382 (Carolina Carvalhosa)
- Use of sha instead of ref when creating a new ref on deployment creation. !23170
- Fix logic to determine project export state and add regeneration_in_progress state. !23664
- Create child pipelines dynamically using content from artifact as CI configuration. !23790
- Handle Gitaly failure when fetching license. !24310
- Fix error details layout and alignment for mobile view. !24390
- Added the multiSelect option to stop event propagation when clicking on the dropdown. !24611 (Gwen_)
- Activate Prometheus integration service for newly created project if this project has access to shared Prometheus application. !24676
- Fix Jump to next unresolved thread. !24728
- Require a logged in user to accept or decline a term. !24771
- Fix quick actions executing in multiline inline code when placed on its own line. !24933 (Pavlo Dudchenko)
- Fix timezones for popovers. !24942
- Prevent "Select project to create merge request" button from overflowing out of the viewport on mobile. !25195
- Add validation for updated_at parameter in update Issue API. !25201 (Filip Stybel)
- Elasticsearch: when index is absent warn users and disable index button. !25254
- Fix pipeline details page initialisation on invalid pipeline. !25302 (Fabio Huser)
- Fix bug with sidebar not expanding at certain resolutions. !25313 (Lee Tickett)
- Rescue elasticsearch server error in pod logs. !25367
- Fix project setting approval input in non-sequential order. !25391
- Add responsivity to cluster environments table. !25501
- Board issue due dates appear grey for closed past-due issues. !25507 (rachelfox)
- Fix self monitoring project link. !25516
- Don't track MR deployment multiple times. !25537
- Fix an issue with Group Import members with Owner access level being imported with Maintainer access level. Owner access level is now preserved. !25595
- Allow 0 to be set for pages maximum size per project/group to indicate unlimited size. !25677
- Fix variable passthrough in the SAST CI/CD template when using DinD. !25697
- Drop bridge if downstream pipeline has errors. !25706
- Clean stale background migration jobs. !25707
- Inject CSP values when repository static objects external caching is enabled. !25711
- Fix bug deleting internal project snippets by project maintainer. !25792
- Fix Insights displaying JSON on back navigation. !25801
- Don't show issue as blocked on the issue board if blocking issue is closed. !25817
- Return 503 to the Runner when the object storage is unavailable. !25822
- Ensure temp export data is removed if Group/Project export failed. !25828
- Fix Kubernetes namespace resolution for new DeploymentCluster records. !25853
- Fix links to exposed artifacts in MRs from forks. !25868 (Daniel Stone)
- Keep needs association on the retried build. !25888
- Remove unreachable link from embded dashboard context menu. !25892
- Fix issue importer so it matches issue export format. !25896
- Fix snippet blob viewers for rich and plain data. !25945
- Fix White syntax highlighting theme in Monaco to closely match the Pygments theme. !25966
- Markup tips for Markdown shown while editing wiki pages in other formats. !25974
- Fix code search pagination on a custom branch. !25984
- Fix Snippet content incorrectly caching. !25985
- Fix 500 error caused by Kubernetes logs not being encoded in UTF-8. !25999
- Fix "Add an epic" form. !26003
- Ensure weight changes no longer render duplicate system notes. !26014
- Geo: Show secondary-only setting on only on secondaries. !26029
- Fixes project import failures when user is not part of any groups. !26038
- Fix ImportFailure when restore ci_pipelines:external_pull_request relation. !26041
- Code Review Analytics: Fix review time display. !26057
- Allow to fork to the same namespace and different path via API call. !26062
- Change back internal api return code. !26063
- Create approval todos on update. !26077
- Fix issues missing on epic's page after project import. !26099
- Fix scoped labels rendering in To-Do List. !26146
- Fix 500 Error when using Gitea Importer. !26166
- Fix dev vulnerabilities seeder. !26169
- Use uncached SQL queries for Geo long-running workers. !26187
- Fix infinite spinner on error detail page. !26188
- Generate proper link for Pipeline tab. !26193
- Issue Analytics: Fix svg illustration path for empty state. !26219
- Fix dashboards dropdown if custom dashboard is broken. !26228
- Refresh widget after canceling "Merge When Pipeline Succeeds". !26232
- Fix package file finder for conan packages with a conan_package_reference filter. !26240
- Fixed bug where processing NuGet packages are returned from the Packages API. !26270
- Fix bug committing snippet content when creating the snippet. !26287
- Fix error messages for dashboard clonning process. !26290
- Fix saving preferences with unrelated changes when gitaly timeouts became invalid. !26292
- Allow creating default branch in snippet repositories. !26294
- Container expiration policy settings hide form on API error. !26303
- Prevent unauthorized users to lock an issue from the collapsed sidebar. !26324 (Gilang Gumilar)
- Mark existing LFS object for upload for forks. !26344
- Fix scoped labels rendering in emails. !26347
- Fix issues with non-ASCII plain text files being incorrectly uploaded as binary in the Web IDE. !26360
- Polyfill fetch for Internet Explorer 11. !26366
- Fix avg_cycle_analytics uncaught error and optimize query. !26381
- Fix reversed pipeline order on Project Import. !26390
- Display GitLab issues created via Sentry global integration. !26418
- Fix MergeToRefService raises Gitlab::Git::CommandError. !26465
- Render special references for releases. !26554
- Show git error message updating snippet. !26570
- Support Rails 6 `insert_all!`. !26595
- Fix evidence SHA clipboard hover text. !26608 (Gilang Gumilar)
- Prevent editing weight to scroll to the top. !26613 (Gilang Gumilar)
- Fix spinner in Create MR dropdown. !26679
- Added a padding-right to items in subgroup list. !26791
- Prevent default overwrite for theme and color ID in user API. !26792 (Fabio Huser)
- Fix user registration when smartcard authentication is enabled. !26800
- Correctly send notification on pipeline retry. !26803 (Jacopo Beschi @jacopo-beschi)
- Default to generating blob links for missing paths. !26817
- Fix Mermaid flowchart width. !26848 (julien MILLAU)
- Ensure valid mount point is used by attachments on notes. !26849
- Validate that users selects at least two subnets in EKS Form. !26936
- Fix embeds so that a chart appears only once. !26997
- Fix capybara screenshots path name for rails configuration. !27002
- Fix access to logs when multiple pods exist. !27008
- Fix installation of GitLab-managed crossplane chart. !27040
- Fix bug displaying snippet update error. !27082
- Fix WikiPage#title_changed for paths with spaces. !27087
- Fix backend validation of numeric emoji names. !27101
- Reorder exported relations by primary_key when using Project Export. !27117
- Ensure freshness of settings with project creation. !27156
- Fix bug setting hook env with personal snippets. !27235
- Fix Conan package download_urls and snapshot to return files based on requested conan_package_reference. !27250
- Fixes stop_review job upon expired artifacts from previous stages. !27258 (Jack Lei)
- Fix duplicate labels when moving projects within the same ancestor group. !27261
- Fix project moved message after git operation. !27341
- Fix submodule links to gist.github.com. !27346
- Fix remove special chars from snippet url_to_repo. !27390
- Validate actor against CODEOWNERS entries.
- Fix: tableflip quick action is interpreted even if inside code block. (Pavlo Dudchenko)
- Fix an error with concat method.
- Improved selection of multiple cards. (Gwen_)
- Resolves the disappearance of a ticket when it was moved from the closed list. (Gwen_)
### Deprecated (1 change)
- Remove state column from issues and merge_requests. !25561
### Changed (81 changes, 18 of them are from the community)
- Remove kubernetes workaround in container scanning. !21188
- New styles for scoped labels. !21377
- Update labels in Vue with GlLabel component. !21465
- Update Web IDE clientside preview bundler to use GitLab managed server. !21520
- Allow default time window on grafana embeds. !21884
- Default to first valid panel in unspecified Grafana embeds. !21932
- Correctly style scoped labels in sidebar after updating. !22071
- Add id and image_v432x230 columns to design_management_designs_versions. !22860
- Decouple Webhooks from Integrations within Project > Settings. !23136
- Sort closed issues on issue boards using time of closing. !23442 (briankabiro)
- Differentiate between errors and failures in xUnit result. !23476
- Add 'shard' label for 'job_queue_duration_seconds' metric. !23536
- Migrate mentions for design notes to design_user_mentions DB table. !23704
- Migrate mentions for commit notes to commit_user_mentions DB table. !23859
- Update files when snippet is updated. !23993
- Move issues routes under /-/ scope. !24791
- Migrated the sidebar label select dropdown title component spinner to utilize GlLoadingIcon. !24914 (Raihan Kabir)
- Migrated from .fa-spinner to .spinner in 'app/assets/javascripts/notes.js. !24916 (Raihan Kabir (gitlab/rk4bir))
- Migrated from .fa-spinner to .spinner in app/assets/javascripts/create_merge_request_dropdown.js. !24917 (Raihan Kabir (gitlab/rk4bir))
- Migrated from .fa-spinner to .spinner in app/assets/javascripts/sidebar/components/assignees/assignee_title.vue. !24919 (rk4bir)
- Replace underscore with lodash for ./app/assets/javascripts/deploy_keys. !24965 (Jacopo Beschi @jacopo-beschi)
- Replace underscore with lodash for ./app/assets/javascripts/badges. !24966 (Jacopo Beschi @jacopo-beschi)
- Add commits limit text at graphs page. !24990
- Migrated from .fa-spinner to .spinner in app/assets/javascripts/blob/template_selector.js. !25045 (Raihan Kabir (gitlab/rk4bir))
- Update iOS (Swift) project template logo. !25049
- Sessionless and API endpoints bypass session for admin mode. !25056 (Diego Louzán)
- New loading spinner for attachemnt uploads via discussion boxes. !25057 (Philip Jonas)
- Hide the private commit email in Notification email list. !25099 (briankabiro)
- Replace underscore with lodash in /app/assets/javascripts/blob/. !25113 (rkpattnaik780)
- Allow access to /version API endpoint with read_user scope. !25211
- Use only the first line of the commit message on chat service notification. !25224 (Takuya Noguchi)
- Include invalid directories in wiki title message. !25376
- Replace avatar and favicon upload type consistency validation with content whitelist validation. !25401
- Showing only "Next" button for snippet explore page. !25404
- Moved Deploy Keys from Repository to CI/CD settings. !25444
- Move pod logs to core. !25455
- Improve error messages of failed migrations. !25457
- Hides the "Allowed to fail" tag on jobs that are successful. !25458
- Disable CSRF protection on logout endpoint. !25521 (Diego Louzán)
- Ensure all errors are logged in Group Import. !25619
- Tweak wiki page title handling. !25647
- Add refresh dashboard button. !25716
- Disable draggable behavior on the epic tree chevron (collapse/expand) button. !25729
- Rate limit archive endpoint by user. !25750
- Improve audit log header layout. !25821
- Migrate mentions for merge requests to DB table. !25826
- Align git returned error codes. !25936
- Split cluster info page into tabs. !25940
- Remove visibility check from epic descendant counts. !25975
- Use colon to tokenize input in filtered search. !26072
- Add link to dependency proxy docs on the dependency proxy page. !26092
- Remove Puma notices from AdminArea banner. !26137
- Add airgap support to Dependency Scanning template. !26145
- 27880 Make release notes optional and do not delete release when they are removed. !26231 (Pavlo Dudchenko)
- Limit notification-type broadcast display to web interface. !26236 (Aleksandrs Ļedovskis)
- Update renewal banner link for clearer instructions. !26240
- Special handling for the rich viewer on specific file types. !26260
- Rename pod logs to logs. !26313
- Ensure checksums match when updating repository storage. !26334
- Bump Auto Deploy image to v0.12.1. !26336
- Use cert-manager 0.10 instead of 0.9 for new chart installations. !26345
- Use y-axis format configuration in column charts. !26356
- Add Prometheus metrics for Gitaly and database time in background jobs. !26384
- Batch processing LFS objects downloads. !26434
- Add edit custom metric link to metrics dashboard. !26511
- Remove unused file_type column from packages_package_files. !26527
- Enable client-side GRPC keepalive for Gitaly. !26536
- Use ReplicateRepository when moving repo storage. !26550
- Add functionality to render individual mermaids. !26564
- Sync snippet after Git action. !26565
- In single-file editor set syntax highlighting theme according to user's preference. !26606
- Introduce a feature flag for Notifications for when pipelines are fixed. !26682 (Jacopo Beschi @jacopo-beschi)
- Replace checkbox by toggle for ModSecurity on Cluster App Page. !26720
- Change capybara screenshots files names taken on tests failures. !26788
- Update cluster-applications image to v0.11 with a runner bugfix, updated cert-manager, and vault as a new app. !26842
- Store first commit's authored_date for value stream calculation on merge. !26885
- Group repository contributors by email instead of name. !26899 (Hilco van der Wilk)
- Move authorized_keys operations into their own Sidekiq queue. !26913
- Upgrade Elastic Stack helm chart to 1.9.0. !27011
- Enable customizable_cycle_analytics feature flag by default. !27418
- Deemphasized styles for inline code blocks.
### Performance (41 changes, 1 of them is from the community)
- Cache milestone issue counters and make them independent of user permissions. !21554
- Persist expanded environment name in ci build metadata. !22374
- Diffs load each view style separately, on demand. !24821
- Project repositories are no longer cloned by default when running DAST. !25320
- Enable Workhorse upload acceleration for Project Import API. !25361
- Add API pagination for deployed merge requests. !25733
- Upgrade to Bootsnap 1.4.6. !25844
- Improve performance of Repository#merged_branch_names. !26005
- Fix N+1 in Group milestone view. !26051
- Project Snippets API endpoints check feature status. !26064
- Memoize loading of CI variables. !26147
- Refactor workhorse passthrough URL checker. !26157 (Takuya Noguchi)
- Project Snippets GraphQL resolver checks feature status. !26158
- Improved MR toggle file performance by hiding instead of removing. !26181
- Use Workhorse acceleration for Project Import file upload via UI. !26278
- Improve SnippetsFinder performance with disabled project snippets. !26295
- Add trigram index on snippet description. !26341
- Optimize todos counters in usage data. !26442
- Optimize event counters query performance in usage data. !26444
- Ensure RepositoryLinkFilter handles Gitaly failures gracefully. !26531
- Fix N+1 queries for PipelinesController#index.json. !26643
- Optimize Project related count with slack service. !26686
- Optimize Project counters with respository enabled counter. !26698
- Optimize Deployment related counters. !26757
- Optimize ci_pipelines counters in usage data. !26774
- Improve performance of the "has this commit been reverted?" check. !26784
- Optimize Project counters with pipelines enabled counter. !26802
- Optimize notes counters in usage data. !26871
- Optimize clusters counters query performance in usage data. !26887
- Enable Workhorse upload acceleration for Project Import uploads via API. !26914
- Use process-wide memory cache for feature flags. !26935
- Optimize services usage counters using batch counters. !26973
- Optimize Project related count service desk enabled. !27115
- Swap to UNLINK for Redis set cache. !27116
- Optimize members counters query performance in usage data. !27197
- Use batch counters instead of approximate counters in usage data. !27218
- Enable Redis cache key compression. !27254
- Move feature flag list into process cache. !27511
- Remove duplicate authorization refresh for group members on project creation.
- Optimize project representation in large imports.
- Replace several temporary indexes with a single one to save time when running mentions migration.
### Added (115 changes, 16 of them are from the community)
- Notifications for when pipelines are fixed. !16951 (Jacopo Beschi @jacopo-beschi)
- Backport API support to move between repository storages/shards. !18721 (Ben Bodenmiller)
- Add ability to trigger pipelines when project is rebuilt. !20063
- Add user dismiss option to broadcast messages. !20665 (Fabio Huser)
- Show notices in Admin area when detected any of these cases: Puma, multi-threaded Puma, multi-threaded Puma + Rugged. !21403
- Update git workflows and routes to allow snippets. !21739
- Add Cobertura XML coverage visualization to merge request diff view. !21791 (Fabio Huser)
- Add 2FA support to admin mode feature. !22281 (Diego Louzán)
- GraphQL: Add Board type. !22497 (Alexander Koval)
- Add/update services to delete snippets repositories. !22672
- Render single snippet blob in repository. !23848
- Commit file when snippet is created. !23953
- Addition of the Group Deploy Token interface. !24102
- Allow multiple Slack channels for notifications. !24132
- Import/Export snippet repositories. !24150
- Add custom validator for validating file path. !24223 (Rajendra Kadam)
- Add a bulk processor for elasticsearch incremental updates. !24298
- Send alert emails for generic incident alerts. !24414
- Introduce default branch protection at the group level. !24426
- Add "New release" button to Releases page. !24516
- Nudge users to select a gitlab-ci.yml template. !24622
- Allow enabling/disabling modsecurity from UI. !24747
- Add possibility to track milestone changes on issues and merge requests. !24780
- Allow group/project board to be queried by ID via GraphQL. !24825
- Add functionality to revoke a X509Certificate and update related X509CommitSignatures. !24889 (Roger Meier)
- Update file content of an existing custom dashboard. !25024
- Add deploy tokens instance API endpoint. !25066
- Add support for alert-based metric embeds in GFM. !25075
- Add restrictions for signup email addresses. !25122
- Add accessibility scanning CI template. !25144
- Expose `plan` and `trial` to `/users/:id` endpoint. !25151
- Add "Job Title" field in user settings and display on profile. !25155
- Add endpoint for listing all deploy tokens for a project. !25186
- Add api endpoint for listing deploy tokens for a group. !25219
- Add API endpoint for deleting project deploy tokens. !25220
- Add API endpoint for deleting group deploy tokens. !25222
- Allow users to get Merge Trains entries via Public API. !25229
- Added CI_MERGE_REQUEST_CHANGED_PAGE_* to Predefined Variables reference. !25256
- Add missing arguments to UpdateIssue mutation. !25268
- Add api endpoint to create deploy tokens. !25270
- Automatically include embedded metrics for GitLab alert incidents. !25277
- Allow to create masked variable from group variables API. !25283 (Emmanuel CARRE)
- Add migration to create self monitoring project environment. !25289
- Add deploy and re-deploy buttons to deployments. !25427
- Replaced ACE with Monaco editor for Snippets. !25465
- Add support for user Job Title. !25483
- Add name_regex_keep param to container registry bulk delete API endpoint. !25484
- Add Project template for Gatsby. !24192
- Add filepath to ReleaseLink. !25512
- Added Drop older active deployments project setting. !25520
- Add filepath to release links API. !25533
- Adds new activity panel to package details page. !25534
- Add filepath redirect url. !25541
- Add version column to operations_feature_flags table. !25552
- Filter commits by author. !25597
- Add api endpoint for creating group deploy tokens. !25629
- Expose assets filepath URL on UI. !25635
- Update moved service desk issues notifications. !25640
- Allow chart descriptions for Insights. !25686
- Allow to disable inheritance of default job settings. !25690
- Support more query variables in custom dashboards per project. !25732
- All image diffs (except for renamed files) show the image file size in the diff. !25734
- Optional custom icon in the OmniAuth login labels. !25744 (Tobias Wawryniuk, Luca Leonardo Scorcia)
- Add avatar upload support for create and update group APIs. !25751 (Rajendra Kadam)
- Add properties to the dashboard definition to customize y-axis format. !25785
- Empty state for Code Review Analytics. !25793
- Search issues in GraphQL API by milestone title and assignees. !25794
- Add package_type as a filter option to the packages list API endpoint. !25816
- Add support for configuring remote mirrors via API. !25825 (Rajendra Kadam)
- Display base label in versions drop down. !25834
- Create table & setup operations endpoint for Status Page Settings. !25863
- Update Ingress chart version to 1.29.7. !25949
- Include snippet description as part of snippet title search (basic search). !25961
- Add admin API endpoint to delete Sidekiq jobs matching metadata. !25998
- Add documentation for create remote mirrors API. !26012 (Rajendra Kadam)
- Update charts documentation and common_metrics.yml to enable data formatting. !26048
- Allow issues/merge_requests as an issuable_type in Insights configuration. !26061
- Add migration for Requirement model. !26097
- Create scim_identities table in preparation for newer SCIM features in the future. !26124
- Add web_url attribute to API response for Commits. !26173
- Filter sentry error list by status (unresolved/ignored/resolved). !26205
- Add grape custom validator for sha params. !26220 (Rajendra Kadam)
- Update cluster-applications to v0.9.0. !26242
- Support DotEnv Variables through report type artifact. !26247
- More logs entries are loaded when logs are scrolled to the top. !26254
- Introduce db table to store users statistics. !26261
- Add title to Analytics sidebar menus. !26265
- Added package_name as filter parameter to packages API. !26291
- Added tracking to merge request jump to next thread buttons. !26319 (Martin Hobert)
- Introduce optional expiry date for SSH Keys. !26351
- Show cluster status (FE). !26368
- Add CI template to deploy to ECS. !26371
- Make hostname configurable for smartcard authentication. !26411
- Filter rules by target_branch in approval_settings. !26439
- Add CRUD for Instance-Level Integrations. !26454
- Add vars to allow air-gapped usage of Retire.js (Dependency Scanning). !26463
- Upgrade Pages to 1.17.0. !26478
- Add dedicated Release page for viewing a single Release. !26502
- Allow selecting all queues with sidekiq-cluster. !26594
- Enable feature Dynamic Child Pipeline creation via artifact. !26648
- Generate JSON-formatted a11y CI artifacts. !26687
- Add anchor tags to related issues and related merge requests. !26756 (Gilang Gumilar)
- Added Blob Description Edit component in Vue. !26762
- Added Edit Visibility Vue compoenent for Snippet. !26799
- Add package_type as a filter option to the group packages list API endpoint. !26833
- Update UI for project and group settings CI variables. !26901
- Track merge request cherry-picks. !26907
- Introduce database table for user highest roles. !26987
- Add ability to whitelist ports. !27025
- Add issue summary to Release blocks on the Releases page. !27032
- Support sidekiq-cluster supervision through bin/background_jobs. !27042
- Adds crossplane as CI/CD Managed App. !27374
- Update UI for project and group settings CI variables. !27411
- Add remote mirrors API.
- Add changed pages dropdown to visual review modal.
### Other (66 changes, 22 of them are from the community)
- Make design_management_versions.created_at not null. !20182 (Lee Tickett)
- Drop forked_project_links table. !20771 (Lee Tickett)
- Moves refreshData from issue model to board store. !21409 (nuwe1)
- Use DNT: 1 as an experiment opt-out mechanism. !22100
- Include full path to an upload in api response. !23500 (briankabiro)
- Update Ruby version in official CI templates. !23585 (Takuya Noguchi)
- Schedule worker to migrate security job artifacts to security scans. !24125
- Move namespace of Secure Sidekiq queues. !24340
- Remove spinner from app/views/projects/notes. !25015 (nuwe1)
- Migrate .fa-spinner to .spinner for ee/app/views/shared/members. !25019 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/ide. !25022 (nuwe1)
- Remove spinner from app/views/award_emoji. !25032 (nuwe1)
- Remove .fa-spinner from app/views/projects/forks. !25034 (nuwe1)
- Remove .fa-spinner from app/views/snippets/notes. !25036 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/help. !25037 (nuwe1)
- Replaced underscore with lodash for app/assets/javascripts/lib. !25042 (Shubham Pandey)
- Remove unused loading spinner from badge_settings partial. !25044 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/projects/find_file. !25051 (nuwe1)
- Migrate .fa-spinner to .spinner for app/assets/javascripts/notes/components/discussion_resolve_button.vue. !25055 (nuwe1)
- Change OmniAuth log format to JSON. !25086
- migrate fa spinner for notification_dropdown.js. !25141 (minghuan)
- Use new loading spinner in Todos dashboard buttons. !25142 (Tsegaselassie Tadesse)
- Refuse to start web server without a working ActiveRecord connection. !25160
- Simplifying colors in the Web IDE. !25304
- Clean up conditional `col-` classes in `nav_dropdown_button.vue`. !25312
- Only load usage ping cron schedule for Sidekiq. !25325
- Update rouge to v3.16.0. !25334 (Konrad Borowski)
- Update project's permission settings description to reflect actual permissions. !25523
- Use clearer error message for pages deploy job when the SHA is outdated. !25659
- Add index on LOWER(domain) for pages_domains. !25664
- Remove repository_storage column from snippets. !25699
- Add instance column to services table. !25714
- Update GitLab Runner Helm Chart to 0.14.0. !25749
- Update loader for various project views. !25755 (Phellipe K Ribeiro)
- Clarify private visibility for projects. !25852
- Do not parse undefined severity and confidence from reports. !25884
- Remove special chars from previous and next items in pagination. !25891
- Update Auto DevOps deployment template's auto-deploy-image to v0.10.0 (updates the included glibc). !25920
- Update DAST auto-deploy-image to v0.10.0. !25922
- Optimize storage usage for newly created ES indices. !25992
- Replace undefined severity with unknown severity for occurrences. !26085
- Replace undefined severity with unknown severity for vulnerabilities. !26305
- Remove unused Snippets#content_types method. !26306
- Change tooltip text for pipeline on last commit widget. !26315
- Resolve Change link-icons on security configuration page to follow design system. !26340
- Put System Metrics chart group first in default dashboard. !26355
- Validates only one service template per type. !26380
- update table layout for error tracking list on medium view ports. !26479
- Validate absence of project_id if service is a template. !26563
- Move sidekiq-cluster script to Core. !26703
- Update GitLab's codeclimate to 0.85.9. !26712 (Eddie Stubbington)
- Bump minimum node version to v10.13.0. !26831
- Remove promoted notes temporary index. !26896
- Update Project Import API rate limit. !26903
- Backfill LfsObjectsProject records of forks. !26964
- Add migration for creating open_project_tracker_data table. !26966
- Fixed SSH warning style. !26992
- Use new codequality docker image from ci-cd group. !27098
- Add tooltip to modification icon in the file tree. !27158
- Upgrade Gitaly gem and fix UserSquash RPC usage. !27372
- Replace issue-external icon with external-link. !208827
- Add keep_divergent_refs to remote_mirrors table.
- Replace issue-duplicate icon with duplicate icon.
- Add confidential attribute to notes table.
- Replace content_viewer_spec setTimeouts with semantic actions / events. (Oregand)
- Improvement in token reference.
## 12.8.10 (2020-04-30)
### Security (7 changes)
- Ensure MR diff exists before codeowner check.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Prevent ES credentials leak.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
## 12.8.9 (2020-04-14)
### Security (3 changes)
- Refresh ProjectAuthorization during Group deletion.
- Prevent filename bypass on artifact upload.
- Update rack and related gems to 2.0.9 to fix security issue.
## 12.8.7 (2020-03-16)
### Fixed (1 change, 1 of them is from the community)
- Fix crl_url parsing and certificate visualization. !25876 (Roger Meier)
## 12.8.6 (2020-03-11)
### Security (1 change)
- Do not enable soft email confirmation by default.
## 12.8.5
### Fixed (8 changes)
- Fix Group Import API file upload when object storage is disabled. !25715
- Fix Web IDE fork modal showing no text. !25842
- Fixed regression when URL was encoded in a loop. !25849
- Fixed repository browsing for folders with non-ascii characters. !25877
- Fix search for Sentry error list. !26129
- Send credentials with GraphQL fetch requests. !26386
- Show CI status in project dashboards. !26403
- Rescue invalid URLs during badge retrieval in asset proxy. !26524
### Performance (2 changes)
- Disable Marginalia line backtrace in production. !26199
- Remove unnecessary Redis deletes for broadcast messages. !26541
### Other (1 change, 1 of them is from the community)
- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
## 12.8.4
### Fixed (8 changes)
- Fix Group Import API file upload when object storage is disabled. !25715
- Fix Web IDE fork modal showing no text. !25842
- Fixed regression when URL was encoded in a loop. !25849
- Fixed repository browsing for folders with non-ascii characters. !25877
- Fix search for Sentry error list. !26129
- Send credentials with GraphQL fetch requests. !26386
- Show CI status in project dashboards. !26403
- Rescue invalid URLs during badge retrieval in asset proxy. !26524
### Performance (2 changes)
- Disable Marginalia line backtrace in production. !26199
- Remove unnecessary Redis deletes for broadcast messages. !26541
### Other (1 change, 1 of them is from the community)
- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
## 12.8.3
### Fixed (8 changes)
- Fix Group Import API file upload when object storage is disabled. !25715
- Fix Web IDE fork modal showing no text. !25842
- Fixed regression when URL was encoded in a loop. !25849
- Fixed repository browsing for folders with non-ascii characters. !25877
- Fix search for Sentry error list. !26129
- Send credentials with GraphQL fetch requests. !26386
- Show CI status in project dashboards. !26403
- Rescue invalid URLs during badge retrieval in asset proxy. !26524
### Performance (2 changes)
- Disable Marginalia line backtrace in production. !26199
- Remove unnecessary Redis deletes for broadcast messages. !26541
### Other (1 change, 1 of them is from the community)
- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
## 12.8.2
### Security (17 changes)
- Update container registry authentication to account for login request when checking permissions.
- Update ProjectAuthorization when deleting or updating GroupGroupLink.
- Prevent an endless checking loop for two merge requests targeting each other.
- Update user 2fa when accepting a group invite.
- Fix for XSS in branch names.
- Prevent directory traversal through FileUploader.
- Run project badge images through the asset proxy.
- Check merge requests read permissions before showing them in the pipeline widget.
- Respect member access level for group shares.
- Remove OID filtering during LFS imports.
- Protect against denial of service using pipeline webhook recursion.
- Expire account confirmation token.
- Prevent XSS in admin grafana URL setting.
- Don't require base_sha in DiffRefsType.
- Sanitize output by dependency linkers.
- Recalculate ProjectAuthorizations for all users.
- Escape special chars in Sentry error header.
### Other (1 change, 1 of them is from the community)
- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
## 12.8.1
### Fixed (5 changes)
- Fix markdown layout of incident issues. !25352
- Time series extends axis options correctly. !25399
- Fix "Edit Release" page. !25469
- Fix upgrade failure in EE displaying license. !25788
- Fixed last commit widget when Gravatar is disabled. !25800
## 12.8.0
### Security (6 changes, 2 of them are from the community)
- Upgrade Doorkeeper to 4.4.3 to address CVE-2018-1000211. !20953
- Upgrade Doorkeeper to 5.0.2. !21173
- Update webpack related packages. !22456 (Takuya Noguchi)
- Update rubyzip gem in qa tests to 1.3.0 to fix CVE-2019-16892. !24119
- Update GraphicsMagick from 1.3.33 to 1.3.34. !24225 (Takuya Noguchi)
- Update handlebars to remove issues from dependency dashboard.
### Removed (2 changes, 1 of them is from the community)
- Remove temporary index at services on project_id. !24263
- Remove CI status from Projects Dashboard. !25225 (George Thomas @thegeorgeous)
### Fixed (136 changes, 21 of them are from the community)
- When a namespace GitLab Subscription expires, disable SSO enforcement. !21135
- Fix bug with snippet counts not being scoped to current authorisation. !21705
- Log user last activity on REST API. !21725
- Create LfsObjectsProject record for forks as well. !22418
- Limit size of diffs returned by /projects/:id/repository/compare API endpoint. !22658
- Fix spacing and UI on Recent Deliveries section of Project Services. !22666
- Improve error messages when adding a child epic. !22688
- Fixes a new line issue with suggestions in the last line of a file. !22732
- Use POSTGRES_VERSION variable in Auto DevOps Test stage. !22884 (Serban Marti)
- Include milestones from subgroups in the list of Group Milestones. !22922
- Authenticate user when scope is passed to events api. !22956 (briankabiro)
- Limit productivity analytics graph y-axis scale to whole numbers. !23140
- Fix GraphiQL when GitLab is installed under a relative URL. !23143 (Mathieu Parent)
- Stop NoMethodError happening for 1.16+ Kubernetes clusters. !23149
- Fix advanced global search permissions for guest users. !23177
- Fix JIRA DVCS retrieving repositories. !23180
- Fix logs api etag issues with elasticsearch. !23249
- Add border radius and remove blue outline on recent searches filter. !23266
- Fix premailer and S/MIME emailer hooks order. !23293 (Diego Louzán)
- Fix Web IDE alert message look and feel. !23300 (Sean Nichols)
- Ensure that error tracking frontend only polls when required. !23305
- Fixes spacing issue in modal footers. !23327
- Fix POST method in dashboard link for disabling admin mode. !23363 (Diego Louzán)
- Fix Markdown not rendering on releases page. !23370
- Fix pipeline status loading errors on project dashboard page caused by Gitaly connection failures. !23378
- Improve message UI on Microsoft Teams notification. !23385 (Takuya Noguchi)
- Use state machine in Merge Train to avoid race conditions. !23395
- Prevent DAG builds to run after skipped need build. !23405
- Fixes AutoMergeProcessWorker failing when merge train service is not available for a merge request. !23407
- Fix error when assigning an existing asignee. !23416
- Fix outdated MR security warning message. !23496
- Fix missing API notification argument for Microsoft Teams. !23571 (Seiji Suenaga)
- Support the bypass 2FA function with ADFS SAML. !23615
- Require other stages than .pre and .post. !23629
- Remove the OpenSSL include within SMIME email signing. !23642 (Roger Meier)
- Fix custom charts in monitoring dashboard shrinking. !23649
- Correctly render mermaid digrams inside details blocks. !23662
- Fix Pipeline failed notification email not being delivered if the failed job is a bridge job. !23668
- Call DetectRepositoryLanguagesWorker only for project repositories. !23696
- Fix emails on push integrations created before 12.7. !23699
- Fix hash parameter of Permalink and Blame button. !23713
- Task lists work correctly again on closed MRs. !23714
- Fix broken link to documentation. !23715
- Trim extra period when merge error displayed. !23737
- Skip squashing with only one commit in a merge request. !23744
- Fix 500 error when trying to unsubscribe from an already deleted entity. !23747
- Fix some of the file encoding issues when uploading in the Web IDE. !23761
- Remove keep button for non archive artifacts. !23762
- Ensure all Project records have a corresponding ProjectFeature record. !23766
- Fix design of snippet search results page. !23780
- Fix Merge Request comments when some notes are corrupt. !23786
- Add optional angle brackets in address_regex. !23797 (Max Winterstein)
- Eliminate statement timeouts when namespace is blank. !23839
- Remove unstaged and staged modification tooltip. !23847
- Allow Owner access level for sharing groups with groups. !23868
- Allow running child pipelines as merge request pipelines. !23884
- Fix user popover glitch. !23904
- Return 404 when repository archive cannot be retrieved. !23926
- Fix 503 errors caused by Gitaly failures during project_icon lookup. !23930
- Fix showing 'NaN files' when a MR diff does not have any changes. !24002
- Label MR test modal execution time as seconds. !24019
- Fix copy markdown with elements with no text content. !24020
- Disable pull mirror importing for archived projects. !24029
- Remove gray color from diff buttons. !24041
- Prevent project path namespace overflow during import. !24042 (George Tsiolis)
- Fix JIRA::HTTPError initialize parameter. !24060
- Fix multiline issue when loading env vars from DinD in SAST. !24108
- Clean backgroud_migration queue from ActivatePrometheusServicesForSharedCluster jobs. !24135
- Fix quoted-printable encoding for unicode and newlines in mails. !24153 (Diego Louzán)
- Replace artifacts via Runner API if already exist. !24165
- Port `trigger` keyword in CI config to Core. !24191
- Fix race condition bug in Prometheus managed app update process. !24228
- Hide label tooltips when dragging board cards. !24239
- Fix dropdown caret not being positioned correctly. !24273
- Enable recaptcha check on sign up. !24274
- Avoid loading user activity calendar on mobile. !24277 (Takuya Noguchi)
- Resolve Design discussion note preview is broken. !24288
- Query projects of subgroups in productivity analytics. !24335
- Query projects of subgroups in Cycle Analytics. !24392
- Fix backup restoration with pre-existing wiki. !24394
- Fix duplicated user popovers. !24405
- Fix inconditionally setting user profile to public when updating via API and private_profile parameter is not present in the request. !24456 (Diego Louzán)
- Enable Web IDE on projects without Merge Requests. !24508
- Avoid double encoding of credential while importing a Project by URL. !24514
- Redact push options from error logs. !24540
- Fix merge train unnecessarily retries pipeline by a race condition. !24566
- Show selected template type when clicked. !24596
- Don't leak entire objects into the error log when rendering markup fails. !24599
- Fix blobs search API degradation. !24607
- Sanitize request parameters in exceptions_json.log. !24625
- Add styles for board list labels when text is too long. !24627
- Show blocked status for all blocked issues on issue boards. !24631
- Ensure board lists are sorted consistently. !24637
- Geo: Fix GeoNode name in geo:update_primary_node_url rake task. !24649
- Fix link to base domain help in clusters view. !24658
- Fix false matches of substitution-based quick actions in text. !24699
- Fix pipeline icon background in Web IDE. !24707
- Fix job page not loading because kuberenetes/prometheus URL is blocked. !24743
- Fix signature badge popover on Firefox. !24756
- Avoid autolinking YouTrack issue numbers followed by letters. !24770 (Konrad Borowski)
- Fix 500 error while accessing Oauth::ApplicationsController without a valid session. !24775
- Ensure a valid mount_point is used by the AvatarUploader. !24800
- Fix k8s logs alert display state. !24802
- Squelch Snowplow tracker log messages. !24809
- Fix code line and line number alignment in Safari. !24820
- Fixed default-branch link under Pipeline Subscription settings. !24834 (James Johnson)
- Do not remove space from project name in Slack. !24851
- Drop etag cache on logs API. !24864
- Revert rename services template to instance migration. !24885
- Geo: Don't clean up files in object storage when Geo is responsible of syncing them. !24901
- Add missing colors on the monitoring dashboards. !24921
- Upgrade omniauth-github gem to fix GitHub API deprecation notice. !24928
- dragoon20. !24958 (Jordan Fernando)
- Fix bug rendering BlobType markdown data. !24960
- Use closest allowed visibility level on group creation when importing groups using Group Import/Export. !25026
- Extend the list of excluded_attributes for group on Group Import. !25031
- Update broken links to Cloud Run for Anthos documentation. !25159
- Fix autocomplete limitation bug. !25167
- Fix Group Import existing objects lookup when description attribute is an empty string. !25187
- Fix N+1 queries caused by loading job artifacts archive in pipeline details entity. !25250
- Fix sidekiq jobs not always getting a database connection when running with low concurrency. !25261
- Fix overriding the image pull policy from a values file for Auto Deploy. !25271 (robcalcroft)
- Pin Auto DevOps Docker-in-Docker service image to work around pull timeouts. !25286
- Remove name & path from list of excluded attributes during Group Import. !25342
- Time series extends axis options correctly. !25399
- Fix "Edit Release" page. !25469
- Ensure New Snippet button is displayed based on the :create_snippet permission in Project Snippets page and User profile > Snippets tab. !55240
- Fix wrong MR link is shown on pipeline failure email.
- Fix issue count wrapping on board list.
- Allow long milestone titles on board lists to be truncated.
- Update styles for pipeline status badge to be correctly vertically centered in project pipeline card. (Oregand)
- MVC for assignees avatar dissapearing when opening issue sidebar in board. (Oregand)
- Fix application settings not working with pending migrations.
- Rename too long migration filename to address gem packaging limitations.
- Add more accurate way of counting remaining background migrations before upgrading.
- update main javascript file to only apply right sidebar class when an aside is present. (Oregand)
### Deprecated (2 changes)
- Move repository routes under - scope. !20455
- Move merge request routes under /-/ scope. !21126
### Changed (82 changes, 13 of them are from the community)
- Move the clone button to the tree controls area. !17752 (Ablay Keldibek)
- Add experimental --queue-selector option to sidekiq-cluster. !18877
- Truncate related merge requests list in pipeline view. !19404
- Increase pipeline email notification from 10 to 30 lines. !21728 (Philipp Hasper)
- Sets size limits on data loaded async, like deploy boards and merge request reports. !21871
- Deprecate /admin/application_settings in favor of /admin/application_settings/general. The former path is to be removed in 13.0. !22252 (Alexander Oleynikov)
- Migrate epic, epic notes mentions to respective DB table. !22333
- Restyle changes header & file tree. !22364
- Let tie breaker order follow primary sort direction (API). !22795
- Allow SSH keys API endpoint to be requested for a given username. !22899 (Rajendra Kadam)
- Allow to deploy only forward deployments. !22959
- Add blob and blob_viewer fields to graphql snippet type. !22960
- Activate new project integrations by default. !23009
- Rename Custom hooks to Server hooks. !23064
- Reorder signup omniauth options. !23082
- Cycle unresolved threads. !23123
- Rename 'GitLab Instance Administration' project to 'GitLab self monitoring' project. !23182
- Update pipeline status copy in deploy footer. !23199
- Allow users to read broadcast messages via API. !23298 (Rajendra Kadam)
- Default the `creation of a Mattermost team` checkbox to false. !23329 (briankabiro)
- Makes the generic alerts endpoint available with the free tier. !23339
- Allow to switch between cloud providers in cluster creation screen. !23362
- Rename cycle analytics interfaces to value stream analytics. !23427
- Upgrade to Gitaly v1.83.0. !23431
- Groups::ImportExport::ExportService to require admin_group permission. !23434
- Bump ingress managed app chart to 1.29.3. !23461
- Add support for stacked column charts. !23474
- Remove kibana_hostname column from clusters_applications_elastic_stacks table. !23503
- Update rebasing to use the new two-phase Gitaly Rebase RPC. !23546
- Fetch merge request widget data asynchronous. !23594
- Include issues created in GitLab on error tracking details page. !23605
- Add Epics Activity information to Group Export. !23613
- Copy issues routing under - scope. !23779
- Make Explore Projects default to All. !23811
- Migrate CI CD statistics + duration chart to VueJS. !23840
- Use NodeUpdateService for updating Geo node. !23894 (Rajendra Kadam)
- Add support for column charts. !23903
- Update PagesDomains data model for serverless domains. !23943
- Upgrade to Gitaly v1.85.0. !23945
- Change vague copy to clipboard icon to a clearer icon. !23983
- Add award emoji information of Epics and Epic Notes to Group Import/Export. !24003
- Make name, email, and location attributes readonly for LDAP enabled instances. !24049
- Migrate CI CD pipelines charts to ECharts. !24057
- Include license_scanning to index_ci_builds_on_name_for_security_products_values. !24090
- Add mode field to snippet blob in GraphQL. !24157
- Switch order of tabs in Web IDE nav dropdown. !24199
- Hide comment button if on diff HEAD. !24207
- Move commit routes under - scope. !24279
- Move security routes under - scope. !24287
- Restyle Merge Request diffs file tree. !24342
- Limit length of wiki file/directory names. !24364
- Admin mode support in sidekiq jobs. !24388 (Diego Louzán)
- Expose theme and color scheme user preferences in API. !24409
- Remove username lookup when mapping users when importing projects using Project Import/Export and rely on email only. !24464
- Extend logs retention to period from 15 to 30 days. !24466
- Move analytics pages under the sidebar for projects and groups. !24470
- Rename 'Kubernetes configured' button. !24487
- Test reports in the pipeline details page will now load when clicking the tests tab. !24577
- Move Settings->Operations->Incidents to the Core. !24600
- Upgrade to Gitaly v1.86.0. !24610
- Conan packages are validated based on full recipe instead of name/version alone. !24692
- WebIDE: Support # in branch names. !24717
- Move Merge Request from right sidebar of Web IDE to bottom bar. !24746
- Updated cluster-applications to v0.7.0. !24754
- Add migration to save Instance Administrators group ID in application_settings table. !24796
- Add percentile value support to single stat panel types. !24813
- Parse filebeat modsec logs as JSON. !24836
- Add plain_highlighted_data field to SnippetBlobType. !24856
- Add Board Lists to Group Export. !24863
- Replace underscore with lodash for ./app/assets/javascripts/mirrors. !24967 (Jacopo Beschi @jacopo-beschi)
- Replace underscore with lodash in /app/assets/javascripts/helpers. !25014 (rkpattnaik780)
- Migrate from class .fa-spinner to .spinner in app/assets/javascripts/gfm_auto_complete.js. !25039 (rk4bir)
- Update cluster-applications to v0.8.0. !25138
- Limit size of params array in JSON logs to 10 KiB. !25158
- Omit error details from previous attempt in Sidekiq JSON logs. !25161
- Remove unnecessary milestone join tables. !25198
- Upgrade to Gitaly v1.87.0. !25370
- Drop signatures in email replies. !25389 (Diego Louzán)
- update service desk project to use GlLoadingIcon over font awesome spinner. (Oregand)
- Search group-level objects among all ancestors during project import.
- Add broadcast type to API.
- Changed color of allowed to fail badge from danger to warning.
### Performance (22 changes, 1 of them is from the community)
- Check mergeability of MR asynchronously. !21026
- Fix query performance in PipelinesFinder. !21092
- Fix usage ping timeouts with batch counters. !22705
- Remove N+1 query for profile notifications. !22845 (Ohad Dahan)
- Limit page number on explore/projects. !22876
- Prevent unnecessary Gitaly calls when rendering comment excerpts in todos and activity feed. !23100
- Eliminate Gitaly N+1 queries loading submodules. !23292
- Optimize page loading of Admin::RunnersController#show. !23309
- Improve performance of the Container Registry delete tags API. !23325
- Don't allow Gitaly calls to exceed the worker timeout set for unicorn or puma. !23510
- Use CTE optimization fence for loading projects in dashboard. !23754
- Optimize ref name lookups in archive downloads. !23890
- Change broadcast message index. !23986
- Add index to audit_events (entity_id, entity_type, id). !23998
- Remove unneeded indexes on projects table. !24086
- Load maximum 1mb blob data for a diff file. !24160
- Optimize issue search when sorting by weight. !24208
- Optimize issue search when sorting by due date and position. !24217
- Refactored repository browser to use Vue and GraphQL. !24450
- Improvement to merged_branch_names cache. !24504
- Destroy user associations in batches like we do with projects. !24641
- Cache repository merged branch names by default. !24986
### Added (137 changes, 46 of them are from the community)
- x509 signed commits using openssl. !17773 (Roger Meier)
- Allow keyboard shortcuts to be disabled. !18782
- Add API endpoints for 'soft-delete for groups' feature. !19430
- Add UI for 'soft-delete for groups' feature. !19483
- Introduce project_settings table. !19761
- Expose current and last IPs to /users endpoint. !19781
- Add Group Import API endpoint & update Group Import/Export documentation. !20353
- Show Kubernetes namespace on job show page. !20983
- Add admin settings panel for instance-level serverless domain (behind feature flag). !21222
- Filter merge requests by approvals (API). !21379
- Expose is_using_seat attribute for Member in API. !21496
- Add querying of Sentry errors to Graphql. !21802
- Extends 'Duplicate dashboard' feature, by including custom metrics added to GitLab-defined dashboards. !21923
- Add tab width option to user preferences. !22063 (Alexander Oleynikov)
- Add iid to operations_feature_flags and backfill. !22175
- Support retrieval of disk statistics from Gitaly. !22226 (Nels Nelson)
- Implement allowing empty needs for jobs in DAG pipelines. !22246
- Create snippet repository when it's created. !22269
- When switching to a file permalink, just change the URL instead of triggering a useless page reload. !22340
- Packages published to the package registry via CI/CD with a CI_JOB_TOKEN will display pipeline information on the details page. !22485
- Add users memberships endpoints for admins. !22518
- Add cilium to the managed cluster apps template. !22557
- Add WAF Anomaly Summary service. !22736
- Introduce license_scanning CI template. !22773
- Add extra fields to the application context. !22792
- Add selective sync support to Geo Nodes API update endpoint. !22828 (Rajendra Kadam)
- Add validation for custom PrometheusDashboard. !22893
- Sync GitLab issue back to Sentry when created in GitLab. !23007
- Add new Elastic Stack cluster application for pod log aggregation. !23058
- NPM dist tags will now be displayed on the package details page. !23061
- Add show routes for group and project repositories_controllers and add pagination to the index responses. !23151
- Add pages_access_level to projects API. !23176 (Mathieu Parent)
- Document CI job activity limit for pipeline creation. !23246
- Update Praefect docs for subcommand. !23255
- Add CI variables to provide GitLab port and protocol. !23296 (Aidin Abedi)
- Seprate 5 classes in separate files from entities. !23299 (Rajendra Kadam)
- Upgrade pages to 1.14.0. !23317
- Indicate Sentry error severity in GitLab. !23346
- Sync GitLab issues with Sentry plugin integration. !23355
- Backfill missing GraphQL API Group type properties. !23389 (Fabio Huser)
- Allow setting minimum concurrency for sidekiq-cluster processes. !23408
- Geo: Add tables to prepare to replicate package files. !23447
- Update deploy token architecture to introduce group-level deploy tokens. !23460
- Add tags, external_base_url, gitlab_issue to Sentry Detailed Error graphql. !23483
- Reverse actions for resolve/ignore Sentry issue. !23516
- Add deploy_token_type column to deploy_tokens table. !23530
- Add ability to hide GraphQL fields using GitLab Feature flags. !23563
- Add can_create_merge_request_in to /project/:id API response. !23577
- Close related GitLab issue on Sentry error resolve. !23610
- Add emails_disabled to projects API. !23616 (Mathieu Parent)
- Expose group milestones on GraphQL. !23635
- Add support for lsif artifact report. !23672
- Displays package tags next to the name on the new package list page. !23675
- Collect release evidence at release timestamp. !23697
- Create conditional Enable Review App button. !23703
- Add CI variables to configure bundler-audit advisory database (Dependency Scanning). !23717
- Add API to "Play" a scheduled pipeline immediately. !23718
- Add selective sync support to Geo Nodes API create endpoint. !23729 (Rajendra Kadam)
- Refactor user entities into own class files. !23730 (Rajendra Kadam)
- Replace Net::HTTP with Gitlab::HTTP in rake gitlab:geo:check. !23741 (Rajendra Kadam)
- Add separate classes for user related entities for email, membership, status. !23748 (Rajendra Kadam)
- Add Sentry error stack trace to GraphQL API. !23750
- Allow for relative time ranges in metrics dashboard URLs. !23765
- Add non_archived param to issues API endpoint to filter issues from archived projects. !23785
- Add separate classes for project hook, identity, export status. !23789 (Rajendra Kadam)
- Create snippet repository model. !23796
- Add non_archived param to group merge requests API endpoint to filter MRs from non archived projects. !23809
- Change `Rename` to `Rename/Move` in Web IDE Dropdown. !23877
- Add separate classes for project related classes. !23887 (Rajendra Kadam)
- Added search box to dashboards dropdown in monitoring dashboard. !23906
- Display operations feature flag internal ids. !23914
- Enable search and filter in environments dropdown in monitoring dashboard. !23942
- Add GraphQL mutation to restore multiple todos. !23950
- Add migration to create resource milestone events table. !23965
- Add cycle analytics duration chart with median line. !23971
- Support require_password_to_approve in project merge request approvals API. !24016
- Add updateImageDiffNote mutation. !24027
- Upgrade Pages to 1.15.0. !24043
- Updated package details page header to begin updating the page design. !24055
- Added migration which adds project_key column to service_desk_settings. !24063
- Separate project and group entities into own class files. !24070 (Rajendra Kadam)
- Separate commit entities into own class files. !24085 (Rajendra Kadam)
- Add delete identity endpoint on the users API. !24122
- Add search support for protected branches API. !24137
- Dark syntax highlighting theme for Web IDE. !24158
- Added NuGet package installation instructions to package details page. !24162
- Expose issue link type in REST API. !24175
- Separate snippet entities into own class files. !24183 (Rajendra Kadam)
- Support for table of contents tag in GitLab Flavored Markdown. !24196
- Add GET endpoint to LDAP group link API. !24216
- Add API to enable and disable error tracking settings. !24220 (Rajendra Kadam)
- Separate protected and issuable entities into own class files. !24221 (Rajendra Kadam)
- Separate issue entities into own class files. !24226 (Rajendra Kadam)
- Make smarter user suggestions for assign slash commands. !24294
- Add loading icon to clusters being created. !24370
- Allow a grace period for new users to confirm their email. !24371
- Separate merge request entities into own class files. !24373 (Rajendra Kadam)
- Create an environment for self monitoring project. !24403
- Add blocked icon on issue board card. !24420
- Add blocking issues feature. !24460
- Wait for elasticsearch to be green on install. !24489
- Separate key and other entities into own class files. !24495 (Rajendra Kadam)
- Implement support of allow_failure keyword for CI rules. !24605
- Adds path to edit custom metrics in dashboard response. !24645
- Add tooltip when dates in date picker are too long. !24664
- API: Ability to list commits in order (--topo-order). !24702
- Separate note entities into own class files. !24732 (Rajendra Kadam)
- Separate 5 classes into own entities files. !24745 (Rajendra Kadam)
- Set default dashboard for self monitoring project. !24814
- Create operations strategies and scopes tables. !24819
- Separate access entities into own class files. !24845 (Rajendra Kadam)
- Refactor error tracking specs and add validation to enabled field in error tracking model. !24892 (Rajendra Kadam)
- Separate service entities into own class files. !24936 (Rajendra Kadam)
- Separate label entities into own class files. !24938 (Rajendra Kadam)
- Separate board, list and other entities into own class files. !24939 (Rajendra Kadam)
- Separate entities into own class files. !24941 (Rajendra Kadam)
- Separate tag and release entities into own class files. !24943 (Rajendra Kadam)
- Separate job entities into own class files. !24948 (Rajendra Kadam)
- Separate entities into own class files. !24950 (Rajendra Kadam)
- Separate environment entities into own class files. !24951 (Rajendra Kadam)
- Display the y-axis on the range of data value in the chart. !24953
- Separate token and template entities into own class files. !24955 (Rajendra Kadam)
- Separate token entities into own class files. !24974 (Rajendra Kadam)
- Separate JobRequest entities into own class files. !24977 (Rajendra Kadam)
- Separate entities into own class files. !24985 (Rajendra Kadam)
- Separate page domain entities into own class files. !24987 (Rajendra Kadam)
- add avatar_url in job webhook, and email in pipeline webhook. !24992 (Guillaume Micouin)
- Separate Application and Blob entities into own class files. !24997 (Rajendra Kadam)
- Separate badge entities into own class files. !25116 (Rajendra Kadam)
- Separate provider, platform and post receive entities into own class files. !25119 (Rajendra Kadam)
- Separate cluster entities into own class files. !25121 (Rajendra Kadam)
- Container Registry tag expiration policy settings. !25123
- Upgrade pages to 1.16.0. !25238
- Added "Prohibit outer fork" setting for Group SAML. !25246
- Separate project entity into own class file. !25297 (Rajendra Kadam)
- Add license FAQ link to license expired message.
- Add broadcast types to broadcast messages.
### Other (55 changes, 15 of them are from the community)
- Upgrade to Rails 6. !19891
- refactoring gl_dropdown.js to use ES6 classes instead of constructor functions. !20488 (nuwe1)
- Creates a standalone vulnerability page. !20734
- Auto generated wiki commit message containing HTML encoded entities. !21371 (2knal)
- removes store logic from issue board models. !21391 (nuwe1)
- removes store logic from issue board models. !21404 (nuwe1)
- Reducing whitespace in group list to show more on screen and reduce vertical scrolling. !21584
- Geo: Include host when logging. !22203
- Add rate limiter to Project Imports. !22644
- Use consistent layout in cluster advanced settings. !22656
- Replace custom action array in CI header bar with <slot>. !22839 (Fabio Huser)
- Fix visibility levels of subgroups to be not higher than their parents' level. !22889
- Update pg gem to v1.2.2. !23237
- Remove milestone_id from epics. !23282 (Lee Tickett)
- Remove button group for edit and web ide in file header. !23291
- Update GitLab Runner Helm Chart to 0.13.0/12.7.0. !23308
- Remove storage_version column from snippets. !23315
- Upgrade acme-client to v2.0.5. !23498
- Make rake -T output more consistent. !23550
- Show security report outdated message for only Active MRs. !23575
- Update Kaminari templates to match gl-pagination's markup. !23582
- Update GitLab Runner Helm Chart to 0.13.1 (GitLab Runner 12.7.1). !23588
- Remove unused Code Hotspots database tables. !23590
- Remove self monitoring feature flag. !23631
- Store security scans run in CI jobs. !23669
- More verbose JiraService error logs. !23688
- Rename Cloud Run on GKE to Cloud Run for Anthos. !23694
- Update links related to MR approvals in UI. !23948
- Migrate issue tracker data to data field tables. !24076
- Updated icon for copy-to-clipboard button. !24146
- Add specialized index to packages_packages database table. !24182
- Bump auto-deploy-image for Auto DevOps deploy to 0.9.1. !24231
- Bump DAST deploy auto-deploy-image to 0.9.1. !24232
- Move contribution analytics chart to echarts. !24272
- Minor text update to IDE commit to branch disabled tooltip. !24521
- Promote stackprof into a production gem. !24564
- Replace unstructured application logs with structured (JSON) application logs in the admin interface. !24614
- Move insights charts to echarts. !24661
- Improve UX of optional fields in Snippets form. !24762
- Update snippets empty state and remove explore snippets button. !24764
- Backfill LfsObjectsProject records of forks. !24767
- Update button margin of various empty states. !24806
- Update loading icon in Value Stream Analytics view. !24861
- Replace underscore with lodash for ./app/assets/javascripts/serverless. !25011 (Tobias Spagert)
- Replaced underscore with lodash for spec/javascripts/vue_shared/components. !25018 (Shubham Pandey)
- Replaced underscore with lodash for spec/javascripts/badges. !25135 (Shubham Pandey)
- Replace underscore with lodash for ./app/assets/javascripts/error_tracking. !25143 (Tobias Spagert)
- Destroy the OAuth application when Geo secondary becomes a primary. !25154 (briankabiro)
- Refactored snippets view to Vue. !25188
- Updated ui elements in wiki page creation. !25197 (Marc Schwede)
- Internationalize messages for group audit events. !25233 (Takuya Noguchi)
- Add a link to the variable priority override section from triggers page. !25264 (DFredell)
- Track usage of merge request file header buttons. (Oregand)
- Switch dropdown operators to lowercase.
- Add clarifying content to account fields.
## 12.7.9 (2020-04-14)
### Security (3 changes)
- Refresh ProjectAuthorization during Group deletion.
- Prevent filename bypass on artifact upload.
- Update rack and related gems to 2.0.9 to fix security issue.
## 12.7.5
### Fixed (4 changes, 1 of them is from the community)
- Add accidentally deleted project config for custom apply suggestions. !23687 (Fabio Huser)
- Fix database permission check for triggers on Amazon RDS. !24035
- Fix applying the suggestions with an empty custom message. !24144
- Remove invalid data from issue_tracker_data table.
## 12.7.3
### Security (17 changes, 1 of them is from the community)
- Fix xss on frequent groups dropdown. !50
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type.
- Cleanup todos for users from a removed linked group.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.
## 12.7.1
### Fixed (6 changes)
- Fix loading of sub-epics caused by wrong subscription check. !23184
- Fix Bitbucket Server importer error handler. !23310
- Fixes random passwords generated not conforming to minimum_password_length setting. !23387
- Reverts MR diff redesign which fixes Web IDE visual bugs including file dropdown not showing up. !23428
- Allow users to sign out on a read-only instance. !23545
- Remove invalid data from jira_tracker_data table. !23621
### Added (1 change)
- Close Issue when resolving corresponding Sentry error. !22744
## 12.7.0
### Security (6 changes, 2 of them are from the community)
- Ensure content matches extension on image uploads. !20697
- Update set-value from 2.0.0 to 2.0.1. !22366 (Takuya Noguchi)
- Update rdoc to 6.1.2. !22434
- Upgrade json-jwt to v1.11.0. !22440
- Update webpack from 4.40.2 to 4.41.5. !22452 (Takuya Noguchi)
- Update rack-cors to 1.0.6. !22809
### Removed (2 changes)
- Remove feature flag 'use_legacy_pipeline_triggers' and remove legacy tokens. !21732
- Add deprecation warning to Rake tasks in sidekiq namespace.
### Fixed (91 changes, 7 of them are from the community)
- Remove extra whitespace in user popover. !19938
- Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !19956
- Fix pages size limit setting in database if it is above the hard limit. !20154
- Support dashes in LDAP group CN for sync on users first log in. !20402
- Users without projects use a license seat in a non-premium license. !20664
- Add fallbacks and proper errors for diff file creation. !21034
- Authenticate API requests with job tokens for Rack::Attack. !21412
- Tasks in HTML comments are no longer incorrectly detected. !21434
- Hide mirror admin actions from developers. !21569
- !21542 Part 3: Handle edge cases in stage and unstage mutations. !21676
- Web IDE: Fix Incorrect diff of deletion and addition of the same file. !21680
- Fix bug when clicking on same note twice in Firefox. !21699 (Jan Beckmann)
- Fix "No changes" empty state showing up in changes tab, despite there being changes. !21713
- Require group owner to have linked SAML before enabling Group Managed Accounts. !21721
- Fix README.txt not showing up on a project page. !21763 (Alexander Oleynikov)
- Fix MR diffs file count increments while batch loading. !21764
- When sidekiq-cluster is asked to shutdown, actively terminate any sidekiq processes that don't finish cleanly in short order. !21796
- Prevent MergeRequestsController#ci_environment_status.json from making HTTP requests. !21812
- Fix issue: Discard button in Web IDE does nothing. !21902
- Fix "Discard" for newly-created and renamed files. !21905
- Add epic milestone sourcing foreign key. !21907
- Fix transferring groups to root when EE features are enabled. !21915
- Show regular rules without approvers. !21918
- Resolve "Merge request discussions API doesn't reject an error input in some case". !21936
- fix CSS when board issue is collapsed. !21940 (allenlai18)
- Properly check a task embedded in a list with no text. !21947
- Process quick actions when using Service Desk templates. !21948
- Sidebar getting partially hidden behind the content block. !21978 (allenlai18)
- Fix bug in Container Scanning report remediations. !21980
- Return empty body for 204 responses in API. !22086
- Limit the amount of time ChatNotificationWorker waits for the build trace. !22132
- Return 503 error when metrics dashboard has no connectivity. !22140
- Cancel running pipelines when merge request is dropped from merge train. !22146
- Fix: undefined background migration classes for EE-CE downgrades. !22160
- Check both SAST_DISABLE and SAST_DISABLE_DIND when executing SAST job template. !22166
- Check both DEPENDENCY_SCANNING_DISABLED and DS_DISABLE_DIND when executing Dependency Scanning job template. !22172
- Stop exposing MR refs in favor of persistent pipeline refs. !22198
- Display login or register widget only if user is not logged in. !22211
- Fix milestone quick action to handle ancestor group milestones. !22231
- Fix RefreshMergeRequestsService raises an exception and unnecessary sidekiq retry. !22262
- Make BackgroundMigrationWorker backward compatible. !22271
- Update foreign key constraint for personal access tokens. !22305
- Fix markdown table border colors. !22314
- Retry obtaining Let's Encrypt certificates every 2 hours if it wasn't successful. !22336
- Disable Prometheus metrics if initialization fails. !22355
- Make jobs with resource group cancellable. !22356
- Fix bug when trying to expose artifacts and no artifacts are produced by the job. !22378
- Gracefully error handle CI lint errors in artifacts section. !22388
- Fix GitLab plugins not working without hooks configured. !22409
- Prevent omniauth signup redirect loop. !22432 (Balazs Nagy)
- Fix deploy tokens erroneously triggering unique IP limits. !22445
- Add support to export and import award emojis for issues, issue notes, MR, MR notes and snippet notes. !22493
- Fix Delete Selected button being active after uploading designs after a deletion. !22516
- Fix releases page when tag contains a slash. !22527
- Reverts Add RBAC permissions for getting knative version. !22560
- Fix error in Wiki when rendering the AsciiDoc include directive. !22565
- Fix Error 500 in parsing invalid CI needs and dependencies. !22567
- Fix discard all to behave like discard single file in Web IDE. !22572
- Update IDE discard of renamed entry to also discard file changes. !22573
- Avoid pre-populating form for MR resolve issues. !22593
- Fix relative links in Slack message. !22608
- Hide merge request tab popover for anonymous users. !22613
- Remove unused keyword from EKS provision service. !22633
- Prevent job log line numbers from being selected. !22691
- Fix CAS users being signed out repeatedly. !22704
- Make Sidekiq timestamps consistently ISO 8601. !22750
- Merge a merge request immediately when passing merge when pipeline succeeds to the merge API when the head pipeline already succeeded. !22777
- Fix Issue API: creating with manual IID returns conflict when IID already in use. !22788 (Mara Sophie Grosch)
- Project issue board names now sorted correctly in FOSS. !22807
- Fix upload redirections when project has moved. !22822
- Update Mermaid to v8.4.5. !22830
- Prevent builds from halting unnecessarily when completing prerequisites. !22938
- Fix discarding renamed directories in Web IDE. !22943
- Gracefully handle marking a project deletion multiple times. !22949
- Fix: WebIDE doesn't work on empty repositories again. !22950
- Fix rebase error message translation in merge requests. !22952 (briankabiro)
- Geo: Fix Docker repository synchronization for local storage. !22981
- Include subgroups when searching inside a group. !22991
- Geo: Handle repositories in Docker Registry with no tags gracefully. !23022
- Fix group issue list and group issue board filters not showing ancestor group milestones. !23038
- Add returning relation from GroupMembersFinder if called on root group with only inherited param. !23161
- Fix extracting Sentry external URL when URL is nil. !23162
- Fix issue CSV export failing for some projects. !23223
- Fix unexpected behaviour of the commit form after committing in Web IDE. !23238
- Fix analytics tracking for new merge request notes. !23273
- Identify correct sentry id in error tracking detail. !23280
- Fix for 500 when error stack trace is empty. !119205
- Removes incorrect help text from EKS Kubernetes version field.
- Exclude snippets from external caching handling.
- Validate deployment SHAs and refs.
- Increase size of issue boards sidebar collapse button.
### Changed (42 changes, 4 of them are from the community)
- Restores user's ability to revoke sessions from the active sessions page. !17462 (Jesse Hall @jessehall3)
- Add documentation & helper text information regarding securing a GitLab instance. !18987
- Add activity across all projects to /events endpoint. !19816 (briankabiro)
- Don't run Auto DevOps when no dockerfile or matching buildpack exists. !20267
- Expose full reference path for issuables in API. !20354
- Add measurement details for programming languages graph. !20592
- Move instance statistics into analytics namespace. !21112
- Improve warning for Promote issue to epic. !21158
- Added Conan recipe in place of the package name on the package details page. !21247
- Expose description_html for labels. !21413
- Add audit events to the adding members to project or group API endpoint. !21633
- Include commit message instead of entire page content in Wiki chat notifications. !21722 (Ville Skyttä)
- Add fetching of Grafana Auth via the GraphQL API. !21756
- Update prometheus chart version to 9.5.2. !21935
- Turns on backend MR reports for DAST by default. !22001
- Changes to template dropdown location. !22049
- Copy merge request routes to the - scope. !22082
- Copy repository route under - scope. !22092
- Add back feature flag for cache invalidator. !22106
- Update jupyterhub chart. !22127
- Enable ability to install Crossplane app by default. !22141
- Apply word-diff highlighting to Suggestions. !22182
- Update auto-deploy-image to v0.8.3 for DAST default branch deploy. !22227
- Restyle changes header & file tree. !22364
- Upgrade to Gitaly v1.79.0. !22515
- Save Instance Administrators group ID in DB. !22600
- Resolve Create new project: Auto-populate project slug string to project name if name is empty. !22627
- Bump cluster-applications image to v0.4.0, adding support to install cert-manager. !22657
- Pass log source to the frontend. !22694
- Allow Unicode 11 emojis in project names. !22776 (Harm Berntsen)
- Update name max length. !22840
- Update button label in MR widget pipeline footer. !22900
- Exposes tiller.log as artifact in Managed-Cluster-Applications GitLab CI template. !22940
- Rename GitLab Plugins feature to GitLab File Hooks. !22979
- Allow to share groups with other groups. !23185
- Upgrade to Gitaly v1.81.0. !23198
- Enable Code Review Analytics by default. !23285
- Add JSON error context to extends error in CI lint. !30066
- Fix embedded snippets UI polish issues.
- Align embedded snippet mono space font with GitLab mono space font.
- Updates AWS EKS service role name help text to clarify it is distinct from provision role.
- Adds quickstart doc link to ADO CICD settings.
### Performance (27 changes)
- Reduce redis key size for the Prometheus proxy and the amount of queries by half. !20006
- Implement Atomic Processing that updates status of builds, stages and pipelines in one go. !20229
- Request less frequent updates from Runner when job log is not being watched. !20841
- Don't let Gitaly calls exceed a request time of 55 seconds. !21492
- Reduce CommitIsAncestor RPCs with environments. !21778
- LRU object caching for GroupProjectObjectBuilder. !21823
- Preload project, user and group to reuse objects during project import. !21853
- Fix slow query on blob search when doing path filtering. !21996
- Add index to optimize loading pipeline charts. !22052
- Avoid Gitaly RPCs in rate-limited raw blob requests. !22123
- Remove after_initialize and before_validation for Note. !22128
- Execute Gitaly LFS call once when Vue file enabled. !22168
- Speed up path generation with build artifacts. !22257
- Performance improvements on milestone burndown chart. !22380
- Added smart virtual list component to test reports to enhance rendering performance. !22381
- Add Index to help Hashed Storage migration on big instances. !22391
- Use GraphQL to load error tracking detail page content. !22422
- Improve link generation performance. !22426
- Create optimal indexes for created_at order (Projects API). !22623
- Avoid making Gitaly calls when some Markdown text links to an uploaded file. !22631
- Remove unused index on project_mirror_data. !22647
- Add more indexes for other order_by options (Projects API). !22784
- Add indexes for authenticated Project API calls. !22886
- Enable redis HSET diff caching by default. !23105
- Add `importing?` to disable some callbacks.
- Remove N+1 query issue when checking group root ancestor.
- Reduce Gitaly calls needed for issue discussions.
### Added (95 changes, 18 of them are from the community)
- Add previous revision link to blame. !17088 (Hiroyuki Sato)
- Render whitespaces in code. !17244 (Mathieu Parent)
- Add an option to configure forking restriction. !17988
- Add support for operator in filter bar. !19011
- Add epics to project import/export. !19883
- Load MR diff types lazily to reduce initial diff payload size. !19930
- Metrics and network referee artifact types added to job artifact types. !20181
- Auto stop environments after a certain period. !20372
- Implement application appearance API endpoint. !20674 (Fabio Huser)
- Add build metadata to package API. !20682
- Add support for Liquid format in Prometheus queries. !20793
- Adds created_at object to package api response. !20816
- Stage all changes by default in Web IDE. !21067
- 25968-activity-filter-to-notes-api. !21159 (jhenkens)
- Improve error list UI on mobile viewports. !21192
- New API endpoint GET /projects/:id/services. !21330
- Add child and parent labels to pipelines. !21332
- Add release count to project homepage. !21350
- Add pipeline deletion button to pipeline details page. !21365 (Fabio Huser)
- Add support for Rust Cargo.toml dependency vizualisation and linking. !21374 (Fabio Huser)
- Expose issue link type in REST API. !21375
- Implement customizable commit messages for applied suggested changes. !21411 (Fabio Huser)
- Add stacktrace to issue created from the sentry error detail page. !21438
- add background migration for sha256 fingerprints of ssh keys. !21579 (Roger Meier)
- Add a cron job and worker to run the Container Expiration Policies. !21593
- Add feature flag override toggle. !21598
- Add 'resource_group' keyword to .gitlab-ci.yml for pipeline job concurrency limitation. !21617
- Add full text search to pod logs. !21656
- Add capability to disable issue auto-close feature per project. !21704 (Fabio Huser)
- Add API for getting sentry error tracking settings of a project. !21788 (raju249)
- Allow a pipeline (parent) to create a child pipeline as downstream pipeline within the same project. !21830
- Add API support for retrieving merge requests deployed in a deployment. !21837
- Add remaining project services to usage ping. !21843
- Add ability to duplicate the common metrics dashboard. !21929
- Custom snowplow events for monitoring alerts. !21963
- Add enable_modsecurity setting to managed ingress. !21966
- Add modsecurity_enabled setting to managed ingress. !21968
- Allow admins to disable users ability to change profile name. !21987
- Allow administrators to enforce access control for all pages web-sites. !22003
- Setup storage for multiple milestones. !22043
- Generate Prometheus sample metrics over pre-set intervals. !22066
- Add tags to sentry detailed error response. !22068
- Extend Design view sidebar with issue link and a list of participants. !22103
- Add Gitlab version and revision to export. !22108
- Add language and error urgency level for Sentry issue details page. !22122
- Document MAVEN_CLI_OPTS defaults for maven project dependency scanning and update when the variable is used. !22126
- Show sample metrics for an environment without prometheus configured. !22133
- Download cross-project artifacts by using needs keyword in the CI file. !22161
- Add GitLab commit to error detail endpoint. !22174
- Container expiration policies can be updated with the project api. !22180
- Allow CI_JOB_TOKENS for Conan package registry authentication. !22184
- Add option to configure branches for which to send emails on push. !22196
- Add a config for disabling CSS and jQuery animations. !22217
- Add API for rollout Elasticsearch per plan level. !22240
- Add retry logic for failures during import. !22265
- Add migrations for version control snippets. !22275
- Update tooltip content for deployment instances. !22289 (Rajendra Kadam)
- Cut and paste Markdown table from a spreadsheet. !22290
- Add CI variable to provide GitLab base URL. !22327 (Aidin Abedi)
- Bump kubeclient version from 4.4.0 to 4.6.0. !22347
- Accept `Envelope-To` as possible location for Service Desk key. !22354 (Max Winterstein)
- Added Conan installation instructions to Conan package details page. !22390
- Add API endpoint for creating a Geo node. !22392 (Rajendra Kadam)
- Link to GitLab commit in Sentry error details page. !22431
- Geo: Check current node in gitlab:geo:check Rake task. !22436
- Add internal API to update Sentry error status. !22454
- Add ability to ignore/resolve errors from error tracking detail page. !22475
- Add informational message about page limits to environments dashboard. !22489
- Add slug to services API response. !22518
- Allow an upstream pipeline to create a downstream pipeline in the same project. !22663
- Display SHA fingerprint for Deploy Keys and extend api to query those. !22665 (Roger Meier <r.meier@siemens.com>)
- Add getDateInFuture util method. !22671
- Detect go when doing dependency scanning. !22712
- Fix aligment for icons on alerts. !22760 (Rajendra Kadam)
- Allow "skip_ci" flag to be passed to rebase operation. !22800
- Add gitlab_commit_path to Sentry Error Details Response. !22803
- Document go support for dependency scanning. !22806
- Implement ability to ignore Sentry errrors from the list view. !22819
- Add ability to create an issue in an epic. !22833
- Drop support for ES5 add support for ES7. !22859
- Add View Issue button to error tracking details page. !22862
- Resolve Design View: Left/Right keyboard arrows through Designs. !22870
- Add Org to the list of available markups for project wikis. !22898 (Alexander Oleynikov)
- Backend for allowing sample metrics to be toggled from ui. !22901
- Display fn, line num and column in stacktrace entry caption. !22905
- Get Project's environment names via GraphQL. !22932
- Filter deployments using the environment & status. !22996
- Assign labels to the GMA and project k8s namespaces. !23027
- Expose mentions_disabled value via group API. !23070 (Fabio Huser)
- Bump cluster-applications image to v0.5.0 (Adds GitLab Runner support). !23110
- Resolve Sentry errors from error tracking list. !23135
- Expose `active` field in the Error Tracking API. !23150
- Track deployed merge requests using GitLab environments and deployments.
- Enable the linking of merge requests to all non review app deployments.
- Add comment_on_event_enabled to services API.
### Other (31 changes, 7 of them are from the community)
- Migrate issue trackers data. !18639
- refactor javascript to remove Immediately Invoked Function Expression from project file search. !19192 (Brian Luckenbill)
- Remove IIFEs from users_select.js. !19290 (minghuan lei)
- Remove milestone_id from epics. !20539 (Lee Tickett)
- Update d3 to 5.12. !20627 (Praveen Arimbrathodiyil)
- Add Ci Resource Group models. !20950
- Display in MR if security report is outdated. !20954
- Fix CI job's scroll down icon and update animation. !21442
- Implement saving config content for pipelines in a new table 'ci_pipelines_config'. !21827
- Display SSL limitations warning for project's pages under namespace that contains dot. !21874
- Updated monaco-editor dependency. !21938
- fix: EKS credentials form does not reset after error. !21958
- Fix regex matching for gemnasium dependency scanning jobs. !22025 (Maximilian Stendler)
- User signout and admin mode disable use now POST instead of GET. !22113 (Diego Louzán)
- Update to clarify slightly misleading tool tip. !22222
- Replace Font Awesome cog icon with GitLab settings icon. !22259
- Drop redundant index on ci_pipelines.project_id. !22325
- Display location in the Security Project Dashboard. !22376
- Add structured logging for application logs. !22379
- Remove ActiveRecord patch to ignore limit on text columns. !22406
- Update Ruby to 2.6.5. !22417
- Log database time in Sidekiq JSON logs. !22548
- Update GitLab Runner Helm Chart to 0.12.0. !22566
- Update project hooks limits to 100 for all plans. !22604
- Update Gitaly to v1.80.0. !22654
- Update GitLab's codeclimate to 0.85.6. !22659 (Takuya Noguchi)
- Updated no commit verbiage. !22765
- Use IS08601.3 format for app level logging of timestamps. !22793
- Upgrade octokit and its dependencies. !22946
- Remove feature flag for import graceful failures.
- Update the Net-LDAP gem to 0.16.2.
## 12.6.7
### Security (1 change)
- Fix ProjectAuthorization calculation for shared groups.
## 12.6.6
### Security (1 change)
- Update workhorse to v8.20.0.
## 12.6.5
### Security (19 changes, 1 of them is from the community)
- Update rack-cors to 1.0.6.
- Update rdoc to 6.1.2.
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Cleanup todos for users from a removed linked group.
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
- Fix xss on frequent groups dropdown.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.
## 12.6.4
### Security (1 change)
- Fix private objects exposure when using Project Import functionality.
## 12.6.2
### Security (6 changes)
- GraphQL: Add timeout to all queries.
- Filter out notification settings for projects that a user does not have at least read access.
- Hide project name and path when unsusbcribing from an issue or merge request.
- Fix 500 error caused by invalid byte sequences in uploads links.
- Return only runners from groups where user is owner for user CI owned runners.
- Fix Vulnerability of Release Evidence.
## 12.6.1
### Fixed (2 changes)
- Handle forbidden error when checking for knative. !22170
- Fix stack trace highlight for PHP. !22258
### Performance (1 change)
- Eliminate N+1 queries in PipelinesController#index. !22189
## 12.6.0
### Security (4 changes)
- Update Rugged to v0.28.4.1. !21869
- Update maven_file_name_regex for full string match.
- Add maven file_name regex validation on incoming files.
- Update Workhorse and Gitaly to fix a security issue.
### Removed (1 change)
- Remove downstream pipeline connecting lines. !21196
### Fixed (101 changes, 16 of them are from the community)
- Fix delete user dialog bypass caused by hitting enter. !17343
- Fix broken UI on Environment folder. !17427 (Takuya Noguchi)
- Fix award emoji tooltip being escaped twice if multiple people voted. !19273 (Brian T)
- Use cascading deletes for deleting oauth_openid_requests upon deleting an oauth_access_grant. !19617
- Update merging an MR behavior on the API when pipeline fails. !19641 (briankabiro)
- Vertically align collapse button on epic sidebar. !19656
- Fix projects list to show info in user's locale. !20015 (Arun Kumar Mohan)
- Update padding for cluster alert warning. !20036 (George Tsiolis)
- Show correct warning on issue when project is archived. !20078
- Resets aria-describedby on mouseleave. !20092 (carolcarvalhosa)
- Allow patch notes on repo tags page to word wrap. !20135
- Remove Release edit url for users not allowed to update a release. !20136
- Fix group managed accounts members cleanup. !20157
- Epic tree bug fixes. !20209
- Add missing external-link icon for Crossplane managed app. !20283
- Fixes MR approvers tooltip wrong color. !20287 (Dheeraj Joshi)
- Ignore empty MR diffs when migrating to external storage. !20296
- Add link color to design comments. !20302
- Fix graph groups in monitor dashboard that are hidden on load. !20312
- Update Container Registry naming restrictions to allow for sequential '-'. !20318
- Fixed monitor charts from throwing error when zoomed. !20331
- Validate the merge sha before merging, confirming that the merge will only contain what the user saw. !20348
- Change container registry column name from Tag ID to Image ID. !20349
- Fix dropdown location on the monitoring charts. !20400
- Fixed project import from export ignoring namespace selection. !20405
- Backup: Disable setting of ACL for Google uploads. !20407
- Fix documentation link from empty environment dashboard. !20415
- Move persistent_ref.create into run_after_commit. !20422
- Update external link to provider in cluster settings. !20425
- Fix issue trying to edit weight with collapsed sidebar as guest. !20431
- Handle empty stacktrace and entries with no code. !20458
- Refactor the Deployment model so state machine events are used by both CI and the API. !20474
- Guest users should not delete project snippets they created. !20477
- Accept user-defined dashboard uids in Grafana embeds. !20486
- Fix multi select input padding in project and group user select. !20520 (Kevin Lee)
- Use correct fragment identifier for vulnerability help path. !20524
- Fix group search in groups dropdown. !20535
- Fix removing of child epics that belong to subgroups. !20610
- Fix opening Sentry error details in new tab. !20611
- Ensure next unresolved discussion button takes user to the right place. !20620
- Allow Gitlab GKE clusters to access Google Cloud Registry private images. !20662 (Tan Yee Jian)
- Fix cron parsing for Daylight Savings. !20667
- Fix incorrect new branch name from issue. !20677 (Lee Tickett)
- Improve the way the metrics dashboard waits for data. !20687
- Remove destroy_personal_snippet ability. !20717
- Try longer to clean up after using a gpg-keychain and raise exption if the cleanup fails. !20718
- Fix tooltip hovers in environments table. !20737
- Remove DB transaction from Rebase operation. !20739
- Improve UX for vulnerability dismissal note. !20768
- Fix change to default foreground and backgorund colors in job log. !20787
- Display Labels item in sidebar when Issues are disabled. !20817
- Junit success percentage no longer displays 100% if there are failures. !20835
- Ensure to check create_personal_snippet ability. !20838
- Fix a display bug in the fork removal description message. !20843
- Validate unique environment scope for instance clusters. !20886
- Add empty region when group metrics are missing. !20900
- Adjust issue metrics first_mentioned_in_commit_at calculation. !20923
- Update copy on managed namespace prefixes. !20935
- Add protected branch permission check to run downstream pipelines. !20964
- Fix assignee url in issue board sidebar. !20992 (Lee Tickett)
- Retrieve issues from subgroups when rendering group milestone. !21024
- Adds 409 when user cannot be soft deleted through the API. !21037
- Respect the timezone reported from Gitaly. !21066
- Fix Container repositories can not be replicated when s3 is used. !21068
- Remove redundant toast.scss file and variables. !21105
- Respect snippet query params when displaying embed urls. !21131
- Remove action buttons from designs tab if there are no designs. !21186
- Correctly return stripped PGP text. !21187 (Roger Meier)
- Fix error when linking already linked issue to epic. !21213
- Do not attribute unverified commit e-mails to GitLab users. !21214
- Add nonunique indexes to Labels. !21230
- Fix snippet routes. !21248
- Fix Zoom Quick Action server error when creating a GitLab Issue. !21262
- Rename snippet refactored routes. !21267
- Validate connection section in direct upload config. !21270
- Fix pipeline retry in a CI DAG. !21296
- Authenticate runner requests in Rack::Attack. !21311
- Fix top border of README file header in file list. !21314
- Fix forking a deduplicated project after it was moved to a different shard. !21339
- Fix misaligned approval tr. !21368 (Lee Tickett)
- Fix crash registry contains helm charts. !21381
- Web IDE: Fix the console error that happens when discarding a newly added/uploaded file. !21537
- Authenticate requests with job token as basic auth header for request limiting. !21562
- Fix Single-File-Editor-Layout breaking when branch name is too long. !21577 (Roman Kuba)
- Fix top border of README in vue_file_list. !21578 (Hector Bustillos)
- Stage dropdown lists style corrections. !21607 (Hector Bustillos)
- Change commit_id type on commit_user_mentions table. !21651
- Do not clean the prometheus metrics directory for sidekiq. !21671
- !21542 Part 1: Add new utils for Web IDE store. !21673
- Update auto-deploy-image to v0.8.3. !21696
- Match external user new snippet button visibility to permissions. !21718
- Links to design comments now lead to specific note. !21724
- Re-enable the cloud run feature. !21762
- Ensure forks count cache refresh for source project. !21771
- Fix padding on the design comments. !21839
- Fix "Discard all" for new and renamed files. !21854
- Fix project file finder url encoding file path separators. !21861
- Ensure namespace is present for Managed-Cluster-Applications CI template. !21903
- Rename common template jobs in sast and ds. !22084
- Fixed query behind release filter on merge request search page. !38244
- Activate projects Prometheus service integration when Prometheus managed application is installed on shared cluster.
### Deprecated (4 changes)
- Drop deprecated column from projects table. !18914
- Limit number of projects displayed in GET /groups/:id API. !20023
- Move operations project routes under - scope. !20456
- Move wiki routing under /-/ scope. !21185
### Changed (60 changes, 10 of them are from the community)
- Use better context-specific empty state screens for the Security Dashboards. !18382
- Add evidence collection for Releases. !18874
- Update information and button text for deployment footer. !18918
- Move merge request description into discussions tab. !18940
- Keep details in MR when changing target branch. !19138
- Make internal projects poolable. !19295 (briankabiro)
- Enable support for multiple content query in GraphQL Todo API. !19576
- Allow merge without refresh when new commits are pushed. !19725
- Correct link to Merge trains documentation on MR widget. !19726
- Preserve merge train history. !19864
- Support go-source meta tag for godoc.org. !19888 (Ethan Reesor (@firelizzard))
- Display a better message when starting a discussion on a deleted comment. !20031 (Jacopo Beschi @jacopo-beschi)
- Add sort param to error tracking issue index. !20101
- Add template repository usage to the usage ping. !20126 (minghuan lei)
- Convert flash epic error to form validation error. !20130
- Add 'download' button to Performance Bar. !20205 (Will Chandler)
- SaaS trial copy shows plan. !20207
- Add rbac access to knative-serving namespace deployments to get knative version information. !20244
- Unlock button changed from Icon to String. !20307
- Upgrade to Gitaly v1.72.0. !20313
- Increase upper limit of start_in attribute to 1 week. !20323 (Will Layton)
- Add CI variable to show when Auto-DevOps is explicitly enabled. !20332
- Hashed Storage attachments migration: exclude files in object storage as they are all hashed already. !20338
- Removes caching for design tab discusisons. !20374
- Fixes to inconsistent margins/sapcing in the project detail page. !20395
- Changes to how the search term is styled in the results. !20416
- Move confidence column in the security dashboard. !20435 (Dheeraj Joshi)
- Upgrade to Gitaly v1.73.0. !20443
- Replacing incorrect icon in security dashboard. !20510
- Rework pod logs navigation scheme. !20578
- Reduce start a trial rocket emoji size. !20579
- Upgrade auto-deploy-image for helm default values file. !20588
- Exposed deployment build manual actions for merge request page. !20615
- Upgrade to Gitaly v1.74.0. !20706
- Fetches initial merge request widget data async. !20719
- Add service desk information to project graphQL endpoint. !20722
- Add admin mode controller path to Rack::Attack defaults. !20735 (Diego Louzán)
- Add more filters to SnippetsFinder. !20767
- Clean up the cohorts table. !20779
- Remove vulnerability counter from security tab. !20800
- Only blacklist IPs from Git requests. !20828
- Optimize Deployments endpoint by preloading associations and make record ordering more consistent. !20848
- Update deploy instances color scheme. !20890
- Add service desk information to projects API endpoint. !20913
- Added event tracking to the package details installation components. !20967
- Hide Merge Request information on milestones when MRs are disabled for project. !20985 (Wolfgang Faust)
- Upgrade to Gitaly v1.75.0. !21045
- Evidence - Added restriction for guest on Release page. !21102
- Increase lower DAG `needs` limit from five to ten. !21237
- Add doc links to features on admin dashboard. !21419
- Autofocus cluster dropdown search input. !21440
- Add autofocus to label search fields. !21508
- When a forked project is less visible than its source, merge requests opened in the fork now target the less visible project by default. !21517
- UI improvements in the views for new project from template and the user groups and snippets. !21524 (Hector Bustillos)
- Show merge immediately dialog even if the MR's pipeline hasn't finished. !21556
- Support toggling service desk from API. !21627
- Make `workflow:rules` to work well with Merge Requests. !21742
- Upgrade to Gitaly v1.76.0. !21857
- Remove authentication step from visual review tools instructions.
- Fixes wording on runner admin.
### Performance (22 changes)
- Optimize query for CI pipelines of merge request. !19653
- Replace index on environments table project_id and state with project_id, state, and environment_type. !19902
- Remove reactive caching value keys once the alive key has expired. !20111
- Suggest squash commit messages based on recent commits. !20231
- Improve performance of /api/:version/snippets/public API and only return public personal snippets. !20339
- Add limit for snippet content size. !20346
- Reduce Gitaly calls in BuildHooksWorker. !20365
- Enable ETag caching for MR notes polling. !20440
- Disable public project counts on welcome page. !20517
- Optimize query when Projects API requests private visibility level. !20594
- Improve issues search performance on GraphQL. !20784
- UpdateProjectStatistics updates after commit. !20852
- Run housekeeping after moving a repository between shards. !20863
- Require group_id or project_id for MR target branch autocomplete action. !20933
- Cache the ancestor? Gitaly call to speed up polling for the merge request widget. !20958
- Optimize loading the repository deploy keys page. !20970
- Added lightweight check when retrieving Prometheus metrics. !21099
- Limit max metrics embeds in GFM to 100. !21356
- Fork Puma to validate scheduler fixes. !21547
- Remove an N+1 call rendering projects search results. !21626
- Skip updating LFS objects in mirror updates if repository has not changed. !21744
- Add indexes on deployments to improve environments search. !21789
### Added (119 changes, 18 of them are from the community)
- Add upvote/downvotes attributes to GraphQL Epic query. !14311
- Delete kubernetes cluster association and resources. !16954
- Add badge name field. !16998 (Lee Tickett)
- Add OmniAuth authentication support to admin mode feature. !18214 (Diego Louzán)
- Creates DB tables for storing mentioned users, groups, projects referenced in a note or issuable description. !18316
- Add body data elements for pageview context. !18450
- Added filtering of inherited members for subgroups. !18842
- Added responsiveness to audit events table. !18859
- Add ability to make Jira comments optional. !19004
- Store users, groups, projects mentioned in Markdown to DB tables. !19088
- Upgrade `mail_room` gem to 0.10.0 and enable structured logging. !19186
- Add possibility to save max issue weight on lists. !19220
- Return 422 status code in case of error in submitting comments. !19276 (raju249)
- Add Personal Access Token expiration reminder. !19296
- Add recent search to error tracking. !19301
- Resolve Limit the number of stored sessions per user. !19325
- Add services for 'soft-delete for groups' feature. !19358
- Notify user when over 1000 epics in roadmap. !19419
- Search list of Sentry errors by title in GitLab. !19439
- Add issue statistics to releases on the Releases page. !19448
- Add snowplow events for monitoring dashboard. !19455
- Add snowplow events for APM. !19463
- Add GraphQL mutation to mark all todos done for a user. !19482
- Added rules configuration for Ci::Bridge. !19605
- Add workers for 'soft-delete for groups' feature. !19679
- add tagger within tag view. !19681 (Roger Meier)
- Strong validate import export references. !19682
- Update Release API with evidence related data. !19706
- Graphql query for issues can now be sorted by weight. !19721
- GraphQL for Sentry rror details. !19733
- View closed issues in epic. !19741
- Add API endpoint to unpublish GitLab Pages. !19781
- Add Pipeline Metadata to Packages. !19796
- Create data model for serverless domains. !19835
- Add Unify Circuit project integration service. !19849 (Fabio Huser)
- add sha256 fingerprint to keys model, view and extend users API to search user via fingerprint. !19860 (Roger Meier)
- Allow order_by updated_at in Pipelines API. !19886
- Implement pagination for project releases page. !19912 (Fabio Huser)
- Add migrations for secret snippets. !19939
- Control passing artifacts from CI DAG needs. !19943
- Genereate a set of sample prometheus metrics and route to the sample metrics when enabled. !19987
- Add warning dialog when users click the "Merge immediately" merge train option. !20054
- Expose moved_to_id in issues API. !20083 (Lee Tickett)
- Relate issues when they are marked as duplicated. !20161 (minghuan lei)
- Asks for confirmation before changing project visibility level. !20170
- Allow CI config path to point to a URL or file in a different repository. !20179
- Allow groups to disable mentioning their members, if the group is mentioned. !20184 (Fabio Huser)
- Add modsecurity deployment counts to usage ping. !20196
- Added legend to deploy boards. !20208
- Support passing CI variables via git push options. !20255
- Add GraphQL mutation to restore a Todo. !20261
- Allow specifying Kubernetes namespace for an environment in gitlab-ci.yml. !20270
- Add migrations for 'soft-delete for groups' feature. !20276
- Add Maven installation commands to package detail page for Maven packages. !20300
- Add feature to allow specifying userWithId strategies per environment spec. !20325
- Enable creating Amazon EKS clusters from GitLab. !20333
- Add ability to create new issue from sentry error detail page. !20337
- Convert flash alerts to toasts. !20356
- Return project commit url instead of commits url. !20369 (raju249)
- Collect the date a SaaS trial starts on. !20384
- Add option to delete cached Kubernetes namespaces. !20411
- Create container expiration policies for projects. !20412
- Adjust fork network relations upon project visibility change. !20466
- Create a license info rake task. !20501 (Jason Colyer)
- Add GraphQL mutation for changing due date of an issue. !20577
- Add Snippet GraphQL resolver endpoints. !20613
- Allow Job-Token authentication on Releases creation API. !20632
- Add created_before/after filter to group/project audit events. !20641
- Allow searching of projects by full path. !20659
- Allow administrators to set a minimum password length. !20661
- Update helper text for sentry error tracking settings. !20663 (Rajendra Kadam)
- Adds ability to create issues from sentry details page. !20666
- Add coverage difference visualization to merge request page. !20676 (Fabio Huser)
- Use CI configured namespace for deployments to unmanaged clusters. !20686
- Resolve Design view: Download single issue design image. !20703
- Import large gitlab_project exports via rake task. !20724
- Added Total/Frontend metrics to the performance bar. !20725
- Add dependency scanning flag for skipping automatic bundler audit update. !20743
- Add GraphQL mutation for setting an issue as confidential. !20785
- Track adding metric via monitoring dashboard. !20818
- Add _links object to package api response. !20820
- CI template for installing cluster applications. !20822
- Add SalesforceDX project template. !20831
- Allow NPM package downloads with CI_JOB_TOKEN. !20868
- Allow raw blobs to be served from an external storage. !20936
- Added Snippets GraphQL mutations. !20956
- Added WebHookLogs for ServiceHooks. !20976
- Surface GitLab issue in error detail page. !21019
- Add type to broadcast messages. !21038
- add OpenAPI file viewer. !21106 (Roger Meier)
- Add updated_before and updated_after filters to the Pipelines API endpoint. !21133
- Implement pagination for sentry errors. !21136
- Add support for Conan package management in the package registry. !21152
- Add syntax highlight for Sentry error stack trace. !21182
- Keyset pagination for REST API (Project endpoint). !21194
- CI template for Sentry managed app. !21208
- Add CI variable to set the version of pip when scanning dependencies of Python projects. !21218
- Add dependency scanning flag for specifying pip requirements file for scanning. !21219
- Do not allow specifying a Kubernetes namespace via CI template for managed clusters. !21223
- Sort Sentry error list by first seen, last seen or frequency. !21250
- Add documentation about dependency scanning gradle support. !21253
- Allow PDF attachments to be opened on browser. !21272
- Add child label to commit box. !21323
- Update Knative to 0.9.0. !21361 (cab105)
- Add target_path to broadcast message API. !21430
- Allow Kubernetes namespaces specified via CI template to be used for terminals, pod logs and deploy boards. !21460
- Allow styling broadcast messages. !21522
- Enable new job log by default. !21543
- Document support for sbt dependency scanning. !21588
- Return multiple errors from CI linter. !21589
- Add specific error states to dashboard. !21618
- Add timestamps to pod logs. !21663
- Hide profile information when user is blocked. !21706
- link to group on group admin page. !21709
- Added migration which adds service desk username column. !21733
- Add SentryIssue table to store a link between issue and sentry issue. !37026
- Add path based targeting to broadcast messages.
- Add allow failure in pipeline webhook event. !20978 (Gaetan Semet)
- Add runner information in build web hook event. !20709 (Gaetan Semet)
### Other (51 changes, 28 of them are from the community)
- Remove done callbacks from vue_shared/components/markdown. !16842 (Lee Tickett)
- Update timeago to the latest release. !19407
- Improve job tokens and provide access helper. !19793
- Add post deployment migration to complete pages metadata migration. !19928
- Resolve Document - Make using GitLab auth with Vault easy. !19980
- Remove IIFEs from gl_dropdown.js. !19983 (nuwe1)
- Improve sparkline chart in MR widget deployment. !20085
- Updated jekyll project_template. !20090 (Marc Schwede)
- Updated hexo project_template. !20105 (Marc Schwede)
- Updated hugo project_template. !20109 (Marc Schwede)
- Resolve environment rollback was not friendly. !20121
- Removed all references of BoardService. !20144 (nuwe1)
- Removes references of BoardService in list file. !20145 (nuwe1)
- replace var gl_dropdown.js. !20166 (nuwe1)
- delete board_service.js. !20168 (nuwe1)
- Improve create confidential MR dropdown styling. !20176 (Lee Tickett)
- Remove milestone_id from epics. !20187 (Lee Tickett)
- Remove build badge path from route. !20188 (Lee Tickett)
- Add worker attributes to Sidekiq metrics. !20292
- Update GitLab Runner Helm Chart to 0.11.0. !20461
- add missing test for add_index rubocop rule. !20464 (Eric Thomas)
- Suppress progress on pulling image on Code Quality of Auto DevOps. !20604 (Takuya Noguchi)
- Increase margin between project stats. !20606
- Remove extra spacing below sidebar time tracking info. !20657 (Lee Tickett)
- Add e2e qa test for email delivery. !20675 (Diego Louzán)
- Collect project import failures instead of failing fast. !20727
- Removed unused methods in monitoring dashboard. !20819
- removes references of BoardService. !20872 (nuwe1)
- removes references of BoardService. !20874 (nuwe1)
- removes references of BoardService. !20875 (nuwe1)
- removes references of BoardService. !20876 (nuwe1)
- removes references of BoardService. !20877 (nuwe1)
- removes references of BoardService. !20879 (nuwe1)
- removes references of BoardService. !20880 (nuwe1)
- removes references of BoardService. !20881 (nuwe1)
- Remove whitespaces between tree-controls elements. !20952
- Add Project Export request/download rate limits. !20962
- Remove feature flag for limiting diverging commit counts. !20999
- Changed 'Add approvers' to 'Approval rules'. !21079
- Resolve Add missing popover and remove none in MR widget. !21095
- Change Puma log format to JSON. !21101
- Update GitLab Shell to v10.3.0. !21151
- Improve diff expansion text. !21616
- Remove var from app/assets/javascripts/commit/image_file.js. !21649 (Abubakar Hassan)
- Rename User#full_private_access? to User#can_read_all_resources?. !21668 (Diego Louzán)
- Replace CI_COMMIT_REF with CI_COMMIT_SHA on CI docs. !21781 (Takuya Noguchi)
- Add reportSnippet permission to Snippet GraphQL. !21836
- Harmonize capitalization on cluster UI. !21878 (Evan Read)
- Add mark as spam snippet mutation. !21912
- Update Workhorse to v8.18.0. !22091
- Replace Font Awesome bullhorn icon with GitLab bullhorn icon.
## 12.5.8
### Security (19 changes, 1 of them is from the community)
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
- Update rdoc to 6.1.2.
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Cleanup todos for users from a removed linked group.
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Update rack-cors to 1.0.6.
- Fix xss on frequent groups dropdown.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.
### Changed (1 change, 1 of them is from the community)
- Add template repository usage to the usage ping. !20126 (minghuan lei)
## 12.5.5
### Security (1 change)
- Upgrade Akismet gem to v3.0.0. !21786
### Fixed (2 changes)
- Fix error in updating runner session. !20902
- Fix Asana integration. !21501
## 12.5.4
### Security (1 change)
- Update maven_file_name_regex for full string match.
## 12.5.3
### Fixed (4 changes)
- Fix project creation with templates using /projects/user/:id API. !20590
- Fix merging merge requests from push options. !20639
- Fix Crossplane help link in cluster applications page. !20668
- Fixes job log not scrolling to the bottom.
### Changed (1 change)
- Flatten exception details in API and controller logs. !20434
## 12.5.1
### Security (11 changes)
- Do not create todos for approvers without access. !1442
- Hide commit counts from guest users in Cycle Analytics.
- Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue.
- Add maven file_name regex validation on incoming files.
- Check permissions before showing a forked project's source.
- Limit potential for DNS rebind SSRF in chat notifications.
- Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS.
- Add authorization to using filter vulnerable in Dependency List.
## 12.5.0
### Security (15 changes)
- Enable the HttpOnly flag for experimentation_subject_id cookie. !19189
- Update incrementing of failed logins to be thread-safe. !19614
- Sanitize all wiki markup formats with GitLab sanitization pipelines.
- Sanitize search text to prevent XSS.
- Remove deploy access level when project/group link is deleted.
- Mask sentry auth token in Error Tracking dashboard.
- Return 404 on LFS request if project doesn't exist.
- Don't leak private members in project member autocomplete suggestions.
- Require Maintainer permission on group where project is transferred to.
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
- Disallow unprivileged users from commenting on private repository commits.
- Analyze incoming GraphQL queries and check for recursion.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Do not display project labels that are not visible for user accessing group labels.
- Standardize error response when route is missing.
### Fixed (100 changes, 15 of them are from the community)
- Fix incorrect selection of custom templates. !17205
- Smaller width for design comments layout, truncate image title. !17547
- Correctly cleanup orphan job artifacts. !17679 (Adam Mulvany)
- Add Infinite scroll to Add Projects modal in the operations dashboard. !17842
- Allow emojis to be linkable. !18014
- Enable image link and lazy loading in AsciiDoc documents. !18164 (Guillaume Grossetie)
- Expose prometheus status to monitor dashboard. !18289
- Time limit the database lock when rebasing a merge request. !18481
- Fix missing admin mode UI buttons on bigger screen sizes. !18585 (Diego Louzán)
- Abort only MWPS when FF only merge is impossible. !18591
- Remove pointer cursor from MemoryUsage chart on MR widget deployment. !18599
- Fix keyboard shortcuts in header search autocomplete. !18685
- Fix empty chart in collapsed sections. !18699
- Fix error when viewing group billing page. !18740
- Fix query validation in custom metrics form. !18769
- Fix Gitaly call duration measurements. !18785
- Resolve Error when uploading a few designs in a row. !18811
- Block MR with OMIPS on skipped pipelines. !18838
- Pipeline vulnerability dashboard sort vulnerabilities by severity then confidence. !18863
- Remove empty Github service templates from database. !18868
- Fix broken images when previewing markdown files in Web IDE. !18899
- fixed #27164 Image cannot be collapsed on merge request changes tab. !18917 (Jannik Lehmann)
- Let ANSI \r code replace the current job log line. !18933
- Fix serverless function descriptions not showing on Knative 0.7. !18973
- Fix "project or group was moved" alerts showing up in the wrong pages. !18985
- Add missing breadcrumb in Project > Settings > Integrations. !18990
- Fixed admin geo collapsed sidebar fly out not showing. !19012
- Serialize short sha as nil if head commit is blank. !19014
- Add max width on manifest file attachment input. !19028
- Do not generate To-Dos additional when editing group mentions. !19037
- Fix previewing quick actions for epics. !19042
- Fix errors in GraphQL Todos API due to missing TargetTypeEnum values. !19052
- Hashed Storage Migration: Handle failed attachment migrations with existing target path. !19061
- Set shorter TTL for all unauthenticated requests. !19064
- Fix Todo IDs in GraphQL API. !19068
- Triggers the correct endpoint on licence approval. !19078
- Fix search button height on 404 page. !19080
- Fix Kubernetes help text link. !19121
- Make `jobs/request` to be resillient. !19150
- Disable pull mirror if repository is in read-only state. !19182
- Only enable protected paths for POST requests. !19184
- Enforce default, global project and snippet visibilities. !19188
- Make Bitbucket Cloud superseded pull requests as closed. !19193
- Fix crash when docker fails deleting tags. !19208
- Fix environment name in rollback dialog. !19209
- Fixed a typo in the "Keyboard Shortcuts" pop-up. !19217 (Manuel Stein)
- Fix unable to expand or collapse files in merge request by clicking caret. !19222 (Brian T)
- Allow release block edit button to be visible. !19226
- Fix double escaping in /tableflip quick action. !19271 (Brian T)
- Add missing bottom padding in CI/CD settings. !19284 (George Tsiolis)
- Prevents console warning on design upload. !19297
- Resolve: Web IDE does not create POSIX Compliant Files. !19339
- Use initial commit SHA instead of branch id to request IDE files and contents. !19348 (David Palubin)
- Resolve: Web IDE Throws Error When Viewing Diff for Renamed Files. !19348
- Fix project service API 500 error. !19367
- Fix cluster feature highlight popover image. !19372
- Fix template selector filename bug. !19376
- Fixes mobile styling issues on security modals. !19391
- Only move repos for legacy project storage. !19410
- Show correct total number of commit diff's changes. !19424
- Increase the timeout for GitLab-managed cert-manager installation to 90 seconds (was 30 seconds). !19447
- Fix uninitialized constant SystemDashboardService. !19453
- Properly handle exceptions in StuckCiJobsWorker. !19465
- Fix user popover not being displayed when the user has a status message. !19519
- Update omniauth_openid_connect to v0.3.3. !19525
- Fix project clone dropdown button width. !19551 (George Tsiolis)
- Do not escape HTML tags in Ansi2json as they are escaped in the frontend. !19610
- [Geo] Fix: undefined Gitlab::BackgroundMigration::PruneOrphanedGeoEvents. !19638
- Revert btn-xs styling in projects scss. !19640
- Fix canary badge and favicon inconsistency. !19645
- Use fingerprint when comparing security reports in MR widget. !19654
- Update GCP credit URLs. !19683
- Update squash_commit_sha only on successful merge. !19688
- Fix import of snippets having `award_emoji` (Project Export/Import). !19690
- Allow admins to administer personal snippets. !19693 (Oren Kanner)
- Re-add missing file sizes in 2-Up diff file viewer. !19710
- Fix checking task item when previous tasks contain only spaces. !19724
- Fix Bitbucket Cloud importer pull request state. !19734
- Fix merge train is not refreshed when the system aborts/drops a merge request. !19763
- Resolve Hide Delete selected in designs when viewing an old version. !19889
- Use new trial registration URL in billing. !19978
- Helm v2.16.1. !19981
- Ensure milestone titles are never empty. !19985
- Remove unused image/screenshot. !20030 (Lee Tickett)
- Remove local qualifier from geo sync indicators. !20034 (Lee Tickett)
- Fixed the scale of embedded videos to fit the page. !20056
- Fix broken monitor cluster health dashboard. !20120
- Fix expanding collapsed threads when reference link clicked. !20148
- Fix sub group export to export direct children. !20172
- Remove update hook from date filter to prevent js from getting stuck. !20215
- Prevent Dropzone.js initialisation error by checking target element existence. !20256 (Fabio Huser)
- Fix style reset in job log when empty ANSI sequence is encoutered. !20367
- Add productivity analytics merge date filtering limit. !32052
- Fix productivity analytics listing with multiple labels. !33182
- Fix closed board list loading issue.
- Apply correctly the limit of 10 designs per upload.
- Only allow confirmed users to run pipelines.
- Fix scroll to bottom with new job log.
- Fixed protected branches flash styling.
- Show tag link whenever it's a tag in chat message integration for push events and pipeline events. !18126 (Mats Estensen)
### Deprecated (2 changes)
- Ignore deprecated column and remove references to it. !18911
- Move some project routes under - scope. !19954
### Changed (56 changes, 6 of them are from the community)
- Upgrade design/copy for issue weights locked feature. !17352
- Reduce new MR page redundancy by moving the source/target branch selector to the top. !17559
- Replace raven-js with @sentry/browser. !17715
- Ask if the user is setting up GitLab for a company during signup. !17999
- When a user views a file's blame or blob and switches to a branch where the current file does not exist, they will now be redirected to the root of the repository. !18169 (Jesse Hall @jessehall3)
- Propagate custom environment variables to SAST analyzers. !18193
- Fix any approver project rule records. !18265
- Minor UX improvements to Environments Dashboard page. !18280
- Reduce the allocated IP for Cluster and Services. !18341
- Update flash messages color sitewide. !18369
- Add modsecurity template for ingress-controller. !18485
- Hide projects without access to admin user when admin mode is disabled. !18530 (Diego Louzán)
- Update Runners Settings Text + Link to Docs. !18534
- Store Zoom URLs in a table rather than in the issue description. !18620
- Improve admin dashboard features. !18666
- Drop `id` column from `ci_build_trace_sections` table. !18741
- Truncate recommended branch name to a sane length. !18821
- Add support for YAML anchors in CI scripts. !18849
- Save dashboard changes by the user into the vuex store. !18862
- Update expired trial status copy. !18962
- Can directly add approvers to approval rule. !18965
- Rename Vulnerabilities API to Vulnerability Findings API. !19029
- Improve clarity of text for merge train position. !19031
- Updated Auto-DevOps to kubectl v1.13.12 and helm v2.15.1. !19054 (Leo Antunes)
- Refactor maximum user counts in license. !19071 (briankabiro)
- Change return type of getDateInPast to Date. !19081
- Show approval required status in license compliance. !19114
- Handle new Container Scanning report format. !19123
- Allow container scanning to run offline by specifying the Clair DB image to use. !19161
- Add maven cli opts flag to maven security analyzer (part of dependency scanning). !19174
- Added report_type attribute to Vulnerabilities. !19179
- Migrate enabled flag on grafana_integrations table. !19234
- Improve handling of gpg-agent processes. !19311
- Update help text of "Tag name" field on Edit Release page. !19321
- Add user filtering to abuse reports page. !19365
- Move add license button to project buttons. !19370
- Update to Mermaid v8.4.2 to support more graph types. !19444
- Move release meta-data into footer on Releases page. !19451
- Expose subscribed field in issue lists queried with GraphQL. !19458 (briankabiro)
- [Geo] Fix: rake gitlab:geo:check on the primary is cluttered. !19460
- Hide trial banner for namespaces with expired trials. !19510
- Hide repeated trial offers on self-hosted instances. !19511
- Add loading icon to error tracking settings page. !19539
- Upgrade to Gitaly v1.71.0. !19611
- Make role required when editing profile. !19636
- Made `name` optional parameter of Release entity. !19705
- Vulnerabilities history chart - use sparklines. !19745
- Add event tracking to container registry. !19772
- Update SaaS trial header to include the tier Gold. !19970
- Update start a trial option in top right drop down to include Gold. !19971
- Improve merge request description placeholder. !20032 (Jacopo Beschi @jacopo-beschi)
- Add backtrace to production_json.log. !20122
- Change the default concurrency factor of merge train to 20. !20201
- Upgrade to Gitaly v1.72.0.
- Require explicit null parameters to remove pages domain certificate and allow to use Let's Encrypt certificates through API.
- Replace wording trace with log.
### Performance (13 changes)
- Record latencies for Sidekiq failures. !18909
- Fix N+1 for group container repositories view. !18979
- Do not render links in commit message on blame page. !19128
- Puma only: database connection pool now always >= number of worker threads. !19286
- Run check_mergeability only if merge status requires it. !19364
- Execute limited request for diff commits instead of preloading. !19485
- Improve performance of admin/abuse_reports page. !19630
- Remove N+1 DB calls from branches API. !19661
- Improve performance of linking LFS objects during import. !19709
- Optimize MergeRequest#mergeable_discussions_state? method. !19988
- Add index for unauthenticated requests to projects API default endpoint. !19989
- Add index for authenticated requests to projects API default endpoint. !19993
- Increase PumaWorkerKiller memory limit in development environment. !20039
### Added (83 changes, 8 of them are from the community)
- Adds Application Settings and ui settings in the integration admin area for Pendo. !15086
- Add endpoint for a group's vulnerable projects. !15317
- Added new chart component to display an anomaly boundary. !16530
- Add links to associated releases on the Milestones page. !16558
- Merge Details Page and Edit Page for Page Domains. !16687
- Share groups with groups. !17117
- Add links to associated release(s) to the milestone detail page. !17278
- New group path uniqueness check. !17394
- Unify html email layout for member html emails. !17699 (Diego Louzán)
- The Security Dashboard displays DAST vulnerabilities for all the scanned sites, not just the first. !17779
- Create table for elastic stack. !18015
- Allow to define a default CI configuration path for new projects. !18073 (Mathieu Parent)
- Issues queried in GraphQL now sortable by due date. !18094
- Add cleanup status to clusters. !18144
- Added Tests tab to pipeline detail that contains a UI for browsing test reports produced by JUnit. !18255
- Users can verify SAML configuration and view SamlResponse XML. !18362
- Support Enable/Disable operations in Feature Flag API. !18368
- Expose arbitrary job artifacts in Merge Request widget. !18385
- Add project option for deleting source branch. !18408 (Zsolt Kovari)
- Adds ability to set management project for cluster via API. !18429
- Close issues on Prometheus alert recovery. !18431
- Add ApplicationSetting for snowplow_iglu_registry_url. !18449
- Allow Grafana charts to be embedded in Gitlab Flavored Markdown. !18486
- Mark todo done by GraphQL API. !18581
- Create a users_security_dashboard_projects table to store the projects a user has added to their personal security dashboard. !18708
- New API endpoint for creating anonymous merge request discussions from Visual Review Tools. !18710
- Enable the color chip in AsciiDoc documents. !18723
- Add prevent_ldap_sign_in option so LDAP can be used exclusively for sync. !18749
- Show inherited group variables in project view. !18759
- Add "release" filter to issue search page. !18761
- Search list of Sentry errors by title in Gitlab. !18772
- Add migrations and changes for soft-delete for projects. !18791
- Support for Crossplane as a managed app. !18797 (Mahendra Bagul)
- Bump Auto-Deploy image to v0.3.0. !18809
- Set X-GitLab-NotificationReason header if notification reason is explicit subscription. !18812
- Add issues, MRs, participants, and labels tabs in group milestone page. !18818
- Add ability to reorder projects on operations dashboard. !18855
- Make `Job`, `Bridge` and `Default` inheritable. !18867
- Show epic events on group activity page. !18869
- Detail view of Sentry error in GitLab. !18878
- Expose mergeable state of a merge request. !18888 (briankabiro)
- Add ability to select a Cluster management project. !18928
- Add a Slack slash command to add a comment to an issue. !18946
- Added installation commands for npm and yarn packages to package detail page. !18999
- Show start and end dates in Epics list page. !19006
- Populate new pipeline CI vars from params. !19023
- Add warnings about pages access control settings. !19067
- Graphql mutation for (un)subscribing to an epic. !19083
- API for stack trace & detail view of Sentry error in GitLab. !19137
- Add grafana integration active status checkbox. !19255
- GraphQL: Add Merge Request milestone mutation. !19257
- Add MergeRequestSetAssignees GraphQL mutation. !19272
- Add edit button to metrics dashboard. !19279
- Add "release" filter to merge request search page. !19315
- Add dead jobs to Sidekiq metrics API. !19350 (Marco Peterseil)
- Add pipeline information to dependency list header. !19352
- Build CI cache key from commit SHAs that changed given files. !19392
- Adding support for searching tags using '^' and '$'. !19435 (Cauhx Milloy)
- Sentry error stacktrace. !19492
- Add an `error_code` attribute to the API response when a cherry-pick or revert fails. !19518
- Add documentation for sign-in application setting. !19561 (Horatiu Eugen Vlad)
- Create AWS EKS cluster. !19578
- Add modsecurity logging sidecar to ingress controller. !19600
- Add start a trial option in the top-right user dropdown. !19632
- Manage and display labels from epic in the GraphQL API. !19642
- Allow order_by updated_at in Deployments API. !19658
- Add can_edit and project_blob_path to metrics_dashboard endpoint. !19663
- Add usage ping data for project services. !19687
- Graphql query for issues can now be sorted by relative_position. !19713
- Add API endpoint to trigger Group Structure Export. !19779
- Show Tree UI containing child Epics and Issues within an Epic. !19812
- Enable environments dashboard by default. !19838
- Update the DB schema to allow linking between Vulnerabilities and Issues. !19852
- Add Group Audit Events API. !19868
- Adds a copy button next to package metadata on the details page. !19881
- GraphQL: Create MR mutations needed for the sidebar. !19913
- Add id_before, id_after filter param to projects API. !19949
- Add modsecurity feature flag to usage ping. !20194
- Specify management project for a Kubernetes cluster. !20216
- Upgrade pages to 1.12.0. !20217
- Support template_project_id parameter in project creation API. !20258
- Add heatmap chart support. !32424
- Add template for Serverless Framework/JS. !33805
### Other (59 changes, 26 of them are from the community)
- Add EKS cluster count to usage data. !17059
- Track the starting and stopping of the current signup flow and the experimental signup flow. !17521
- Attribute Sidekiq workers according to their workloads. !18066
- Add ApplicationSetting entries for EKS integration. !18307
- Geo: Add resigns-related fields to Geo Node Status table. !18379
- Allow adding requests to performance bar manually. !18464
- Removes `export_designs` feature flag. !18507 (nate geslin)
- Update AWS SDK to 2.11.374. !18601
- Remove required dependecy of Postgresql for Gitaly. !18659
- Add deployment_merge_requests table. !18755
- Bump Gitaly to 1.70.0 and remove cache invalidation feature flag. !18766
- Update gRPC to v1.24.0. !18837
- Update GitLab Runner Helm Chart to 0.10.0. !18879
- Adds a Sidekiq queue duration metric. !19005
- Create explicit Default and Free plans. !19033
- Improve instance mirroring help text. !19047
- Add Codesandbox metrics to usage ping. !19075
- Add internal_socket_dir to gitaly config in setup helper. !19170
- Use Rails 5.2 Redis caching store. !19202
- Update GitLab Runner Helm Chart to 0.10.1. !19232
- Rename snowplow_site_id to snowplow_app_id in application_settings table. !19252
- Removed IIFEs from network.js file. !19254 (nuwe1)
- Remove IIFEs from project_select.js. !19288 (minghuan lei)
- Remove IIFEs from merge_request.js. !19294 (minghuan lei)
- Make snippet list easier to scan. !19490
- Removed IIFEs from image_file.js. !19548 (nuwe1)
- Fix api docs for deleting project cluster. !19558
- Change blob edit view button styling. !19566
- Include exception and backtrace in API logs. !19671
- Add index on marked_for_deletion_at in projects table. !19788
- Visual design for edit buttons in blob view. !19932
- Refactor disabled sidebar notifications to Vue. !20007 (minghuan lei)
- Remove IIFEs from branch_graph.js. !20008 (minghuan lei)
- Remove IIFEs from new_branch_form.js. !20009 (minghuan lei)
- Remove duplication from slugifyWithUnderscore function. !20016 (Arun Kumar Mohan)
- Update registry.gitlab.com/gitlab-org/security-products/codequality to 12-5-stable. !20046 (Takuya Noguchi)
- Add mb-2 class to global alerts. !20081 (2knal)
- Remove var from syntax_highlight_spec.js. !20086 (Lee Tickett)
- Remove var from merge_request_tabs_spec.js. !20087 (Lee Tickett)
- Remove var from bootstrap_jquery_spec.js. !20089 (Lee Tickett)
- Remove var from project_select.js. !20091 (Lee Tickett)
- Remove var from new_commit_form.js. !20095 (Lee Tickett)
- Remove var from issue.js. !20098 (Lee Tickett)
- Remove var from new_branch_form.js. !20099 (Lee Tickett)
- Remove var from tree.js. !20103 (Lee Tickett)
- Remove var from line_highlighter.js. !20108 (Lee Tickett)
- Remove var from preview_markdown.js. !20115 (Lee Tickett)
- remove all references of BoardService in boards_selector.vue. !20147 (nuwe1)
- Remove all references to BoardsService in index.vue. !20152 (nuwe1)
- Remove var from labels_select.js. !20153 (Lee Tickett)
- Remove all reference to BoardService in board_form.vue. !20158 (nuwe1)
- Remove calendar icon from personal access tokens. !20183
- Move margin-top from flash container to flash. !20211
- Bump Auto DevOps deploy image to v0.7.0. !20250
- Make 'Sidekiq::Testing.fake!' mode as default. !31662 (@blackst0ne)
- Replace task-done icon with list-task icon to better align with other toolbar list icons.
- Dependency Scanning template that doesn't rely on Docker-in-Docker.
- Adding dropdown arrow icon and updated text alignment.
- Change selects from default browser style to custom style.
## 12.4.8
### Security (1 change)
- Fix private objects exposure when using Project Import functionality.
## 12.4.5
- No changes.
## 12.4.3
### Fixed (2 changes)
- Only enable protected paths for POST requests. !19184
- Fix Bitbucket Cloud importer pull request state. !19734
## 12.4.2
### Fixed (10 changes)
- Increase timeout for FetchInternalRemote RPC call. !18908
- Clean up duplicate indexes on ci_trigger_requests. !19053
- Fix project imports not working with serialized data. !19124
- Fixed welcome screen icons not showing. !19148
- Disable protected path throttling by default. !19185
- Fix Prometheus duplicate metrics. !19327
- Fix ref switcher not working on Microsoft Edge. !19335
- Extend gRPC timeouts for Rake tasks. !19461
- Disable upload HTTP caching to fix case when object storage is enabled and proxy_download is disabled. !19494
- Removes arrow icons for old collapsible sections.
### Changed (2 changes)
- Increased deactivation threshold to 180 days. !18902
- Add extra sentence about registry to AutoDevOps popup. !19092
## 12.4.1
### Security (14 changes)
- Standardize error response when route is missing.
- Do not display project labels that are not visible for user accessing group labels.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Analyze incoming GraphQL queries and check for recursion.
- Disallow unprivileged users from commenting on private repository commits.
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
- Require Maintainer permission on group where project is transferred to.
- Don't leak private members in project member autocomplete suggestions.
- Return 404 on LFS request if project doesn't exist.
- Mask sentry auth token in Error Tracking dashboard.
- Fixes a Open Redirect issue in `InternalRedirect`.
- Remove deploy access level when project/group link is deleted.
- Sanitize all wiki markup formats with GitLab sanitization pipelines.
## 12.4.0
### Security (14 changes)
- HTML-escape search term in empty message. !18319
- Fix private feature Elasticsearch leak.
- Prevent bypassing email verification using Salesforce.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Do not show resource label events referencing not accessible labels.
- Check permissions before showing head pipeline blocking merge requests.
- Cancel all running CI jobs triggered by the user who is just blocked.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- Display only participants that user has permission to see on milestone page.
- Fix Gitaly SearchBlobs flag RPC injection.
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.
- Prevent GitLab accounts takeover if SAML is configured.
- Only render fixed number of mermaid blocks.
### Fixed (103 changes, 12 of them are from the community)
- When user toggles task list item, keep details open until user closes the details manually. !16153
- Fix formatting welcome screen external users. !16667
- Fix signup link in admin area not being disabled. !16726 (Illya Klymov)
- Fix routing bugs in security dashboards. !16738
- Fix Jira integration favicon image with relative URL. !16802
- Add timeout mechanism for CI config validation. !16807
- Fix for count in todo badge when user has over 1,000 todos. Will now correctly display todo count after user marks some todos as done. !16844 (Jesse Hall @jessehall3)
- Naming a project "shared" will no longer automatically open the "Shared Projects" tab. !16847 (Jesse Hall @jessehall3)
- Adds the ability to delete single tags from the docker registry. Fix the issue that caused all related tags and image to be deleted at the same time. !16886
- Changed confidential quick action to only be available on non confidential issues. !16902 (Marc Schwede)
- Stop sidebar icons from jumping when expanded & collapsed. !16971
- Set name and updated_at properly in GitHub ReleaseImporter. !17020
- Remove thin white line at top of diff view code blocks. !17026
- Show correct CI indicator when build succeeded with warnings. !17034
- Create a persistent ref per pipeline for keeping pipelines run from force-push and merged results. !17043
- Move SMAU usage counters to the UsageData count field. !17074
- Allow maintainers to toggle write permission for public deploy keys. !17210
- Fix GraphQL for read-only instances. !17225
- Fix visibility level error when updating group from API. !17227 (Mathieu Parent)
- Fix stylelint errors in epics.scss. !17243
- Fix new discussion replies sometimes showing up twice. !17255
- Adjust unnapliable suggestions in expanded lines. !17286
- Show all groups user belongs to in Notification settings. !17303
- Alphabetically sorts selected sidebar labels. !17309
- Show issue weight when weight is 0. !17329 (briankabiro)
- Generate LFS token authorization for user LFS requests. !17332
- Backfill releases table updated_at column and add not null constraints to created_at and updated_at. !17400
- Log Sidekiq exceptions properly in JSON format. !17412
- Redo fix for related issues border radius. !17480
- Show the original branch name and link of merge request in pipeline emails. !17513
- Fixes issues with the security reports migration. !17519
- Users can view the blame or history of a file with newlines in its filename. !17543 (Jesse Hall @jessehall3)
- Display reCAPTCHA modal when making issue public. !17553
- Fix css selector for details in issue description. !17557
- Prevents a group path change when a project inside the group has container registry images. !17583
- Show 20 labels in dropdown instead of 5. !17596
- Nullify platform Kubernetes namespace if blank. !17657
- Fix Issue: WebIDE asks for confirmation to leave the page when committing and creating a new MR. !17671
- Catch unhandled exceptions in health checks. !17694
- Suppress error messages shown when navigating to a new page. !17706
- Specify sort order explicitly for Group and Project audit events. !17739
- Merge Request: Close JIRA issues when issues are disabled. !17743
- Disable gitlab-workhorse static error page on health endpoints. !17770
- Fix notes race condition when linking to specific note. !17777
- Fix relative positioning when moving items down and there is no space. !17781
- Fix project imports for pipelines for merge requests. !17799
- Increase the limit of includes in CI file to 100. !17807
- Geo: Fix race condition for container synchronization. !17823
- Geo: Invalidate cache after refreshing foreign tables. !17885
- Abort Merge When Pipeline Succeeds when Fast Forward merge is impossible. !17886
- Fix viewing merge reqeust from a fork that's being deleted. !17894
- Fix empty security dashboard for public projects. !17915
- Fix inline rendering of videos for uploads with uppercase file extensions. !17924
- Hide redundant labels in issue boards. !17937
- Time window filter in monitor dashboard gets reset. !17972
- Use cache_method_asymmetrically with Repository#has_visible_content?. !17975
- Allow users to compare Git revisions on a read-only instance. !18038
- Enable Google API retries for uploads. !18040
- Fix bug with new wiki not being indexed. !18051
- Stops the expand button in reports from expanding. !18064
- Make sure project insights stick on its own. !18082
- Embed metrics time window scroll no longer affects other embeds. !18109
- Fix broken notes avatar rendering in Chrome 77. !18110
- Ignore incoming emails with X-Autoreply header. !18118
- Enable grid, frame and stripes styling on AsciiDoc tables. !18165 (Guillaume Grossetie)
- Add backend support for selecting custom templates by ID. !18178
- Fix notifications for private group mentions in Notes, Issues, and Merge Requests. !18183
- Do not strip forwarded message body when creating an issue from Service Desk email. !18196
- Fix protected branch detection used by notification service. !18221
- Fix error where helper was incorrectly returning `true`. !18231
- Adjust placeholder to solve misleading regex. !18235
- Fix Flaky spec/finders/members_finder_spec.rb:85. !18257 (Jacopo Beschi @jacopo-beschi)
- Fix 500 error on clicking to LetsEncrypt Terms of Service. !18263
- Fix error tracking table layout on small screens. !18325
- GitHub import: Handle nil published_at dates. !18355
- Do not allow deactivated users to use slash commands. !18365
- Fix creating epics with dates from api. !18393
- JIRA Service: Improve username/email validation. !18397
- Stopped CRD apply retrying from allowing silent failures. !18421
- Fix erroneous "No activities found" message. !18434
- Support ES searches for project snippets. !18459
- Fix styling of set status emoji picker. !18509
- Fix showing diff when it has legacy diff notes. !18510
- JIRA Integration API URL works having a trailing slash. !18526
- Fixes embedded metrics chart tooltip spacing. !18543
- Bump GITLAB_ELASTICSEARCH_INDEXER_VERSION=v1.4.0. !18558
- Fix pod logs failure when pod contains more than 1 container. !18574
- Prevent the slash command parser from removing leading whitespace from content that is unrelated to slash commands. !18589 (Jared Deckard)
- Fix inability to set snippet visibility via API. !18612
- Fix Web IDE tree not updating modified status. !18647
- Fix button link foreground color. !18669
- Resolve missing design system notes icons. !18693
- Remove duplicate primary button in dashboard snippets. !32048 (George Tsiolis)
- Allow to view productivity analytics page without a license. !33876
- Fix container registry delete tag modal title and button. !34032
- Fixes variables overflowing in sm screens.
- Update top nav bar to fit all content in at all screen sizes.
- Fix permissions for group milestones.
- Removes Collapsible Sections from Job Log.
- Fixes job overflow in stages dropdown.
- Fix moved help URL for monitoring performance.
- Fix issue with wiki TOC links being treated as external links. (Oren Kanner)
- Show error message when setting an invalid group ID for the performance bar.
### Deprecated (1 change)
- Removing cleanup:repo, cleanup:dirs. !18087
### Changed (51 changes, 3 of them are from the community)
- Links on Releases page to commits and tags. !16128
- Add status to deployments and state to environments in API responses. !16242
- Use search scope label in empty results message. !16324
- Add step 2 of the experimental signup flow. !16583
- Add property to enable metrics dashboards to be rearranged. !16605
- Allow intra-project MR dependencies. !16799
- Use scope param instead of hide_dismissed. !16834
- Add empty state in file search. !16851
- Warn before applying issue templates. !16865
- MR Test Summary now shows errors as failures. !17039
- Add support for the association of multiple milestones to the Releases page. !17091
- Display if an issue was moved in issue list. !17102
- Improve UI for admin/projects and group/settings/projects pages. !17247
- Update registry tag delete popup message. !17257
- Show the "Set up CI/CD" prompt in empty repositories when applicable. !17274 (Ben McCormick)
- Knative version bump 0.6 -> 0.7. !17367 (Chris Baumbauer)
- Fix usability problems with the file template picker. !17522
- Make commit status created for any pipelines. !17524 (Aufar Gilbran)
- Add warnings to performance bar when page shows signs of poor performance. !17612
- Banners should only be dismissable by clicking x button. !17642
- Changes response body of liveness check to be more accurate. !17655
- Enable Request Access functionality by default for new projects and groups. !17662
- Add more attributes to issues GraphQL endpoint. !17802
- Improve admin/system_info page ui. !17829
- Adds management project for a cluster. !17866
- Upgrade gitlab-workhorse to 8.12.0. !17892
- Geo: Fix instruction from rake geo:gitlab:check. !17895
- Upgrade to Gitaly v1.66.0. !17900
- Do not start mirroring via API when paused. !17930
- Use MR links in PipelinePresenter#ref_text for branch pipelines. !17947
- Avoid knative and prometheus uninstall race condition. !18020
- Deprecate usage of state column for issues and merge requests. !18099
- Add missing page title to projects/container-registry. !18114
- Port over EE pipeline functionality to CE. !18136
- Aggregate push events when there are too many. !18239
- Cleanup background migrations for any approval rules. !18256
- Container registry tag(s) delete button pluralization. !18260
- Create clusters with VPC-Native enabled. !18284
- Update cluster link text. !18322
- Upgrade to Gitaly v1.67.0. !18326
- Improve UI of documentation under /help. !18331
- Cross-link unreplicated Geo types to issues. !18443
- Make designs read-only if the issue has been moved, or if its discussion has been locked. !18551
- Do not show new issue button on archived projects. !18590
- Increase group avatar size to 40px. !18654
- Sort vulnerabilities by severity then confidence for dashboard and pipeline views. !18675
- Add timeouts for each RPC call. !31766
- Add more specific message to clarify the role of empty images in container registry. !32919
- Embed Jaeger in Gitlab UI.
- Use text instead of icon for recent searches dropdown.
- Export liveness and readiness probes.
### Performance (25 changes, 1 of them is from the community)
- Limit diverging commit counts requests. !16737
- Use GetBlobs RPC for uri type. !16824
- Reduce Gitaly calls when viewing a commit. !17095
- Limit snippets search count. !17585
- Narrow snippet search scope in GitLab.com. !17625
- Handle wiki and graphql attachments in gitlab-workhorse. !17690
- Reduce lock contention of deployment creation by allocating IID outside of the pipeline transaction. !17696
- Update PumaWorkerKiller defaults. !17758
- Add trigram index on snippet content. !17806
- Fix Gitaly N+1 queries in related merge requests API. !17850
- Don't execute webhooks/services when above limit. !17874
- Only schedule updating push-mirrors once per push. !17902
- Show only personal snippets on explore page. !18092
- Priority bump authorized_projects sidekiq queue. !18125
- Avoid dumping files on disk when direct_upload is enabled. !18135
- Check if mapping is empty before caching in File Collections. !18290 (briankabiro)
- Avoid unnecessary locks on internal_ids. !18328
- Fix N+1 queries in Jira Development Panel API endpoint. !18329
- Optimize SQL requests for BlameController and CommitsController. !18342
- Remove N+1 for fetching commits signatures. !18389
- Reduce idle in transaction time when updating a merge request. !18493
- Use cascading deletes for deleting logs upon deleting a webhook. !18642
- Replace index on ci_triggers. !18652
- Hide license breakdown in /admin if user count is high. !18825
- Cache branch and tag names as Redis sets. !30476
### Added (78 changes, 12 of them are from the community)
- Adds sorting of packages at the project level. !15448
- Add projects.only option to Insights. !15930
- Add kubernetes section to group runner settings. !16338
- Enable Cloud Run on GKE cluster creation. !16566
- Add file matching rule to flexible CI rules. !16574
- Enable preview of private artifacts. !16675 (Tuomo Ala-Vannesluoma)
- Upgrade Gitaly to v1.64. !16788
- Render xml artifact files in GitLab. !16790
- Add GitHub & Gitea importers project filtering. !16823
- Add project filtering to Bitbucket Cloud import. !16828
- Provides internationalization support to chart legends. !16832
- Expose name property in imports API. !16848
- Add allowFilter and allowAnySHA1InWant for partial clones. !16850
- [ObjectStorage] Allow migrating back to local storage. !16868
- Require admins to enter admin-mode by re-authenticating before performing administrative operations. !16981 (Roger Rüttimann & Diego Louzán)
- Deactivate a user (with self-service reactivation). !17037
- Add database tables to store AWS roles and cluster providers. !17057
- Collect docker registry related metrics. !17063
- Allow releases to be targeted by URL anchor links on the Releases page. !17150
- Add project_pages_metadata DB table. !17197
- Add index on ci_builds for successful Pages deploys. !17204
- Creation of Evidence collection of new releases. !17217
- API: Add missing group parameters. !17220 (Mathieu Parent)
- Allow to exclude ancestor groups on group labels API. !17221 (Mathieu Parent)
- Added 'copy link' in epic comment dropdown. !17224
- Add columns for per project/group max pages/artifacts sizes. !17231
- Create table for grafana api token for metrics embeds. !17234
- Add proper label REST API for update, delete and promote. !17239 (Mathieu Parent)
- Allow cross-project pipeline triggering with CI_JOB_TOKEN in core. !17251
- Add user_id and created_at columns to design_management_versions table. !17316
- Add pull_mirror_branch_prefix column on projects table. !17368
- Expose web_url for epics on API. !17380
- Improve time window filtering on metrics dashboard. !17554
- Group level Container Registry browser. !17615
- Add API for manually creating and updating deployments. !17620
- Introduce diffs_batch JSON endpoint for paginated diffs. !17651
- Web IDE button should fork and open forked project when selected from read-only project. !17672
- Allow users to be searched with a @ prefix. !17742
- Add individual inherited member lookup API. !17744
- Preserve custom .gitlab-ci.yml config path when forking. !17817 (Mathieu Parent)
- Introduce CI_PROJECT_TITLE as predefined environment variable. !17849 (Nejc Habjan)
- Feature enabling embedded audio elements in markdown. !17860 (Jesse Hall @jessehall3)
- Add 'New release' to the project custom notifications. !17877
- Added timestamps (created_at and updated_at) to API pipelines response. !17911
- Added timestamp (updated_at) to API deployments response. !17913
- Add pipeline preparing status icons. !17923
- Creates Vue and Vuex app to render exposed artifacts. !17934
- Add web_exporter to expose Prometheus metrics. !17943
- Schedule background migration to populate pages metadata. !17993
- Add "Edit Release" page. !18033
- Unpin ingress image version, upgrade chart to 1.22.1. !18047
- Adds sorting of packages at the group level. !18062
- Introduce a lightweight diffs_metadata endpoint. !18104
- Limit the number of comments on an issue, MR, or commit. !18111
- Introduce new Ansi2json parser to convert job logs to JSON. !18133
- Use new Ansi2json job log converter via feature flag. !18134
- Snowplow custom events for Monitor: Health Product Categories. !18157
- Support Create/Read/Destroy operations in Feature Flag API. !18198
- Add two new predefined stages to pipelines. !18205
- Add endpoint to proxy requests to grafana's proxy endpoint. !18210
- Add ability to query todos using GraphQL. !18218
- Include in the callout message a list of jobs that caused missing dependencies failure. !18219
- Adds login input with copy box and supporting copy to empty container registry view. !18244 (nate geslin)
- Add max_artifacts_size fields under project and group settings. !18286
- Provide Merge requests and Issue links through the Release API. !18311
- Adds separate parsers for mentions of users, groups, projects in markdown content. !18318
- Add matching branch info to branch column. !18352
- Users can preview audio files in a repository. !18354 (Jesse Hall @jessehall3)
- Add edit button to release blocks on Releases page. !18411
- Add "Custom HTTP Git clone URL root" setting. !18422
- Add support for epic update through GraphQL API. !18440
- Expose subscribed attribute for epic on API. !18475
- Geo: Enable replicating uploads, LFS objects, and artifacts in Object Storage. !18482
- Show related merge requests in pipeline view. !18697
- Allow users to configure protected paths from Admin panel. !31246
- persist the refs when open the link of refs in a new tab of browser. !31998 (minghuan lei)
- Add first_parent option to list commits api. !32410 (jhenkens)
- Allow users to add and remove zoom rooms on an issue using quick action commands.
### Other (23 changes, 5 of them are from the community)
- Sync issuables state_id with null values. !16480
- Experimental separate sign up flow. !16482
- Upgrade Rouge to v3.11.0. !17011
- Better job naming for Docker.gitlab-ci.yml. !17218 (luca.orlandi@gmail.com)
- Update GitLab Runner Helm Chart to 0.9.0. !17326
- Change welcome message and make translatable. !17391
- Remove map-get($grid-breakpoints, xs) for max-width. !17420 (Takuya Noguchi)
- Document Git LFS and max file size interaction. !17609
- Refactor email notification code. !17741 (briankabiro)
- Ignore id column of ci_build_trace_sections table. !17805
- Extend graphql query endpoint for merge requests to return more attributes to support sidebar implementation. !17813
- Project list: Align star icons. !17833
- Moves the license compliance reports to the Backend. !17905
- Fixes wrong link on Protected paths admin settings. !17945
- Update Pages to v1.11.0. !18010
- Refactor checksum code in uploads. !18065 (briankabiro)
- Make instance configuration user friendly. !18363 (Takuya Noguchi)
- Update Workhorse to v8.14.0. !18391
- Attribute each Sidekiq worker to a feature category. !18462
- Update GitLab Shell to v10.2.0. !18735
- Use correct icons for issue actions.
- Increase color contrast of select option path.
- Remove Postgresql specific setup tasks and move to schema.rb.
## 12.3.9
### Security (1 change)
- Update maven_file_name_regex for full string match.
## 12.3.7
### Security (12 changes)
- Do not create todos for approvers without access. !1442
- Limit potential for DNS rebind SSRF in chat notifications.
- Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue.
- Add maven file_name regex validation on incoming files.
- Hide commit counts from guest users in Cycle Analytics.
- Check permissions before showing a forked project's source.
- Fix 500 error caused by invalid byte sequences in links.
- Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS.
- Add authorization to using filter vulnerable in Dependency List.
## 12.3.4
### Fixed (2 changes)
- Fix cannot merge icon showing in dropdown for users who can merge. !17306
- Fix pipelines for merge requests in project exports. !17844
## 12.3.2
### Security (12 changes)
- Fix Gitaly SearchBlobs flag RPC injection.
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- Check permissions before showing head pipeline blocking merge requests.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
- Cancel all running CI jobs triggered by the user who is just blocked.
- Fix Gitaly SearchBlobs flag RPC injection.
- Only render fixed number of mermaid blocks.
- Prevent GitLab accounts takeover if SAML is configured.
## 12.3.1
### Fixed (4 changes)
- Fix ordering of issue board lists not being persisted. !17356
- Fix error when duplicate users are merged in approvers list. !17406
- Fix bug that caused a merge to show an error message. !17466
- Fix CSS leak in job log.
## 12.3.0
### Security (23 changes)
- Filter out old system notes for epics in notes api endpoint response.
- Fix SSRF via DNS rebinding in Kubernetes Integration.
- Fix project import restricted visibility bypass via API.
- Prevent disclosure of merge request ID via email.
- Use admin_group authorization in Groups::RunnersController.
- Gitaly: ignore git redirects.
- Prevent DNS rebind on JIRA service integration.
- Make sure HTML text is always escaped when replacing label/milestone references.
- Fix HTML injection for label description.
- Avoid exposing unaccessible repo data upon GFM post processing.
- Remove EXIF from users/personal snippet uploads.
- Fix weak session management by clearing password reset tokens after login (username/email) are updated.
- Added image proxy to mitigate potential stealing of IP addresses.
- Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
- Ensure only authorised users can create notes on Merge Requests and Issues.
- Send TODOs for comments on commits correctly.
- Check permissions before responding in MergeController#pipeline_status.
- Limit the size of issuable description and comments.
- Enforce max chars and max render time in markdown math.
- Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
- Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
- Upgrade pages to 1.8.1.
- Show cross-referenced MR-id in issues' activities only to authorized users.
### Removed (1 change)
- Removed redundant index on releases table. !31487
### Fixed (78 changes, 25 of them are from the community)
- Avoid Devise "401 Unauthorized" responses. !16519
- Allow close status to be shown on locked issues. !16685
- Changed todo/done quick actions to work not only for first usage. !16837 (Marc Schwede)
- Adds missing error handling. !16896 (toptalo)
- Prevent the user from seeing an invalid "Purchase more minutes" prompt. !16979
- Fix missing board lists when other users collapse / expand the list. !17318
- Uses projects_authorizations.access_level in MembersFinder. !28887 (Jacopo Beschi @jacopo-beschi)
- Let project reporters create issue from group boards. !29866
- Remove margin from user header. !30878 (lucyfox)
- Improve application settings API. !31149 (Mathieu Parent)
- Fix encoding of special characters in "Find File". !31311 (Jan Beckmann)
- Avoid conflicts between ArchiveTracesCronWorker and ArchiveTraceWorker. !31376
- Disable "Transfer group" button when no group is selected. !31387 (Jan Beckmann)
- Prevent archived projects from showing up in global search. !31498 (David Palubin)
- Fixed embeded metrics tooltip inconsistent styling. !31517
- Fix 500 errors caused by pattern matching with variables in CI Lint. !31719
- Fixed removing directories in Web IDE. !31727
- All of discussion expand/collapse button is clickable. !31730
- Only show /copy_metadata quick action when usable. !31735 (Lee Tickett)
- Read pipelines from public projects through API without an access token. !31816
- fix charts scroll handle icon to use gitlab svg. !31825
- Remove "Commit" from pipeline status tooltips. !31861
- Fix top-nav search bar dropdown on xl displays. !31864 (Kemais Ehlers)
- Fix loading icon causing text to jump in file row of Web IDE. !31884
- Fix MR reports section loading icon alignment. !31897
- Fix broken git clone box on wiki git access page. !31898
- Exempt user gitlab-ci-token from rate limiting. !31909
- Fix search preserving space when change branch. !31973 (minghuan lei)
- Fix file header style and position during scroll in a merge conflict resolution. !31991
- Allow latency measurements of sidekiq jobs taking > 2.5s. !32001
- Return correct user for manual deployments. !32004
- Fix style of secondary profile tab buttons. !32010 (Wolfgang Faust)
- Fix serverless entry page layout. !32029
- Fix HTML rendering for fast-forward rebases in merge request widget. !32032
- Update the timestamp in Operations > Environments to show correct deployment date for manual deploy jobs. !32072
- Fix dropdowns closing when click is released outside the dropdown. !32084
- Hide duplicate board list while dragging. !32099
- Don't check external authorization when disabling the service. !32102 (Robert Schilling)
- Makes custom Pages domain open as external link in new tab. !32130 (jakeburden)
- Change default visibility level for FogBugz imported projects to Private. !32142
- Move visual review toolbar code to NPM. !32159
- Fix parsing of months in time tracking commands. !32165
- Wrong format on MS teams integration push events with multi line commit messages. !32180 (Massimeddu Cireddu)
- Guard against deleted project feature entry in project permissions. !32187
- Fix ref switcher separators from conflicting with branch names. !32198
- Fix performance bar on Puma. !32213
- Remove token field from runners edit form. !32231
- Fix 500 error in CI lint when included templates are an array. !32232
- Fix users cannot access job detail page when deployable does not exist. !32247
- Do not translate system notes into author's language. !32264
- Fix moving issues API failing when text includes commit URLs. !32317
- Fix issue due notification emails not being threaded correctly. !32325
- Allow project feature permissions to be overridden during import with override_params. !32348
- Handle invalid mirror url. !32353 (Lee Tickett)
- New project milestone primary button. !32355 (Lee Tickett)
- Display `more information` docs link on error tracking page when users do not have permissions to enable that feature. !32365 (Romain Maneschi)
- Quick action label must be first in issue comment. !32367 (Romain Maneschi)
- Fix for missing avatar images dislpayed in commit trailers. !32374 (Jesse Hall @jessehall3)
- Make it harder to delete issuables accidentally. !32376
- Replaced vue resource to axios in the Markdown field preview component. !32386 (Prakash Chokalingam @prakash_Chokalingam)
- Fix create MR from issue using a tag as ref. !32392 (Jacopo Beschi @jacopo-beschi)
- Add X-GitLab-NotificationReason header to note emails. !32422
- Expand textarea for CA cert in cluster form. !32508
- Prevent empty external authorization classification labels from overriding the default label. !32517 (Will Chandler)
- Allow not resolvable urls when dns rebind protection is disabled. !32523
- Avoid checking dns rebind protection when validating. !32577
- Passing job rules downstream and E2E specs for job:rules configuration. !32609
- Quote branch names in how to merge instructions. !32639 (Lee Tickett)
- Fix removal of install pods. !32667
- Fix sharing localStorage with all MRs. !32699
- Default the asset proxy whitelist to the installation domain. !32703
- Add some padding to details markdown element. !32716
- Use `ChronicDuration` in a thread-safe way. !32817
- Fix watch button styling and notifications buttons consistency. !32827
- Fix encoding error in MR diffs when using external diffs. !32862 (Hiroyuki Sato)
- Add bottom margin to snippet title. !32877
- Bump markdown cache version to fix any incorrect links from asset proxy defaults.
- Persist `needs:` validation as config error.
### Changed (39 changes, 6 of them are from the community)
- Extend pipeline graph scroll area to full width. !14870
- Frontend support for saving issue board preferences on the current user. !16421
- Switch Milestone and Release to a many-to-many relationship. !16517
- Align project selector search box better with design system. !16795
- Adds the runners_token of the group if the user that requests the group info is admin of it. !16831 (Ignacio Lorenzo Subirá Otal nachootal@gmail.com)
- Upgrade to Gitaly v1.65.0. !17135
- Make flash notifications sticky. !30141
- Add Issue and Merge Request titles to Todo items. !30435 (Arun Kumar Mohan)
- Remove wiki page slug dialog step when creating wiki page. !31362
- Improve system notes for Zoom links. !31410 (Jacopo Beschi @jacopo-beschi)
- Updated WebIDE default commit options. !31449
- Remove oauth form from GitHub CI/CD only import authentication. !31488
- Update assignee (cannot merge) style. !31545
- Updated latest pipeline tag tooltip to be more descriptive. !31624
- Add optional label_id parameter to label API for PUT and DELETE. !31804
- Updates issues REST API to allow extended sort options. !31849
- Fix to show renamed file in mr. !31888
- Replaced expand diff icons. !31907
- Upgrade to Gitaly 1.60.0. !31981
- Make MR pipeline widget text more descriptive. !32025
- Fix wording on milestone due date when milestone is due today. !32096
- Improve search result labels. !32101
- Limit access request emails to ten most recently active owners or maintainers. !32141
- Improve chatops help output. !32208
- Update merge train documentation. !32218
- Add caret icons to the monitoring dashboard. !32239
- Install cert-manager v0.9.1. !32243
- Bring text mail for new issue & MR more in line. !32254
- Add cluster domain warning. !32260
- Rename epic column state to state_id. !32270
- Use moved instead of closed in issue references. !32277 (juliette-derancourt)
- Standardize use of `content` parameter in snippets API. !32296
- Show meaningful message on /due quick action with invalid date. !32349 (Jacopo Beschi @jacopo-beschi)
- Remove dynamically constructed feature flags starting with prometheus_transaction_. !32395 (Jacopo Beschi @jacopo-beschi)
- Indicate on Issue Status if an Issue was Duplicated. !32472
- Avoid dns rebinding checks when the domain is whitelisted. !32603
- Upgrade to Gitaly v1.62.0. !32608
- Unified presentation of the filter input field for projects listings. !32706
- Hide resolve thread button from guest. !32859
### Performance (20 changes)
- Lower search counters. !11777
- Considerably improve the query performance for MR discussions load. !16635
- Eliminate Gitaly N+1 queries with notes API. !32089
- Optimise UpdateBuildQueueService. !32095
- Remove N+1 SQL query loading project feature in dashboard. !32169
- Reduce the number of SQL requests on MR-show. !32192
- Makes LFS object linker process OIDs in batches. !32268
- Preload routes information to fix N+1 issue. !32352
- Reduce N+1 when doing project export. !32423
- Skip requesting diverging commit counts if no branches are listed. !32496
- Support selective highlighting of lines. !32514
- Replace indexes for counting active users. !32538
- Create partial index for gitlab-monitor CI metrics. !32546
- Optimize queries for snippet listings. !32576
- Preprocess wiki attachments with GitLab-Workhorse. !32663
- Create index for users.unconfirmed_email. !32664
- Optimize /admin/applications so that it does not timeout. !32852
- Replace events index with partial one. !32874
- Partial index for namespaces.type. !32876
- Fix member expiration not always working. !32951
### Added (42 changes, 10 of them are from the community)
- Enable modsecurity in nginx-ingress apps. !15774
- Database table for tracking programming language trends over time. !16491
- Add DAST full scan domain validation. !16680
- Add not param to Issues API endpoint. !16748
- Allow specifying timeout per-job in .gitlab-ci.yml. !16777 (Michał Siwek)
- Document forwarding CI variables to docker build in Auto DevOps. !16783
- Add links for latest pipelines. !20865 (Alex Ives)
- New interruptible attribute for CI/CD jobs. !23464 (Cédric Tabin)
- API: Promote project labels to group labels. !25218 (Robert Schilling)
- Introduced Build::Rules configuration for Ci::Build. !29011
- Notification emails can be signed with SMIME. !30644 (Diego Louzán)
- Allow milestones to be associated with a release (backend). !30816
- Enable serving static objects from an external storage. !31025
- Save collapsed option for board lists in database. !31069
- Apply quickactions when modifying comments. !31136
- Add SwaggerUI Pages template for .gitlab-ci.yml. !31183 (mdhtr)
- Add ability to see project deployments at cluster level (FE). !31575
- Create component to display area and line charts in monitor dashboards. !31639
- Add persistance to last choice of projects sorting on projects dashboard page. !31669
- Run Pipeline button & API for MR Pipelines. !31722
- Add service to transfer Group Milestones when transferring a Project. !31778
- Allow $CI_REGISTRY_USER to delete tags. !31796
- Support adding and removing labels w/ push opts. !31831
- Enable line charts in dashbaord panels and embedded charts. !31920
- Add First and Last name columns to User model. !31985
- Add option to allow OAuth providers to bypass two factor. !31996 (Dodocat)
- Expose namespace storage statistics with GraphQL. !32012
- Add usage pings for merge request creating. !32059
- Add warning about initial deployment delay for GitLab Pages sites. !32122
- Allow Knative to be installed on group and instance level clusters. !32128
- Add a close issue slack slash command. !32150
- Support chat notifications to be fired for protected branches. !32176
- Add system hooks for project/group membership updates. !32371 (Brandon Williams)
- Add source and merge_request fields to pipeline event webhook. !32373 (Bian Jiaping)
- Allow ECDSA certificates for pages domains. !32393
- Show link to cluster used on job page. !32446
- Group level JupyterHub. !32512
- Creates utility parser for the job log. !32555
- Expose update project service endpoint JSON. !32759
- Expose 'protected' field for Tag API endpoint. !32790 (Andrea Leone)
- Create table `alerts_service_data`. !32860
- Creates base components for the new job log.
### Other (42 changes, 13 of them are from the community)
- Setting NOT NULL constraint to users.private_profile column. !14838
- Schedule productivity analytics recalculation for EE. !15137
- Document Lambda deploys via GitLab CI/CD. !16858
- Add Redis interceptor tracing. !30238
- Encrypt existing and new deploy tokens. !30679
- Clean up keyboard shortcuts help modal, removing and adding as needed. !31642
- Add warning to pages domains that obtaining/deploying SSL certificates through Let's Encrypt can take some time. !31765
- Add new API method in Api.js: projectUsers. !31801
- Upgrade babel to 7.5.5. !31819 (Takuya Noguchi)
- Update docs to reflect the rename of gitlab-monitor to gitlab-exporter. !31901
- Count comments on commits and merge requests. !31912
- Resolve Badge counter: Very low contrast between foreground and background colors. !31922
- Add index to improve group cluster deployments query performance. !31988
- Replace finished_at with deployed_at for the internal API Deployment entity. !32000
- Update to GitLab Shell v9.4.0. !32009
- Default clusters namespace_per_environment column to true. !32139
- Remove deprecation message for milestone tabs. !32252
- Refactored Karma spec to Jest for mr_widget_auto_merge_failed. !32282 (Illya Klymov)
- Update GitLab Runner Helm Chart to 0.8.0. !32289
- Refactor showStagedIcon property to reflect the behavior its name represents. !32333 (Arun Kumar Mohan)
- Upgrade pages to 1.8.0. !32334
- Change prioritized labels empty state message. !32338 (Lee Tickett)
- make test of note app with comments disabled dry. !32383 (Romain Maneschi)
- Use new location for gitlab-runner helm charts. !32384
- Mention in docs how to disable project snippets. !32391 (Jacopo Beschi @jacopo-beschi)
- delete animation width on global search input. !32399 (Romain Maneschi)
- Remove vue resource from sidebar service. !32400 (Lee Tickett)
- Remove vue resource from issue. !32421 (Lee Tickett)
- Remove vue resource from remove issue. !32425 (Lee Tickett)
- Remove vue-resource from PerformanceBarService. !32428 (Lee Tickett)
- Added warning note on the project container registry setting informing users that the registry is public for public projects. !32447
- Admin dashboard: Fetch and render statistics async. !32449
- Update GitLab Workhorse to v8.10.0. !32501
- Remove Users.support_bot column. !32554
- Add padding to left of "Sort by" in members dropdown. !32602
- Log errors for failed pipeline creation in PostReceive. !32633
- Avoid prefilling target branch when source branch is the default one. !32701
- Bump Kubeclient to 4.4.0. !32811
- Remove vue-resource from notes service. !32934 (Lee Tickett)
- Added board name to page title in boards view.
- Remove vue resource from group service. (Lee Tickett)
- Updates tooltip of 'detached' label/state.
## 12.2.11
- No changes.
## 12.2.8
### Security (1 change)
- Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.
## 12.2.7
### Security (1 change)
- Fix private feature Elasticsearch leak.
## 12.2.6
### Security (11 changes)
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- Check permissions before showing head pipeline blocking merge requests.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
- Cancel all running CI jobs triggered by the user who is just blocked.
- Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.59.3].
- Only render fixed number of mermaid blocks.
- Prevent GitLab accounts takeover if SAML is configured.
## 12.2.5
### Security (1 change)
- Upgrade pages to 1.7.2.
## 12.2.4
### Fixed (7 changes)
- Add syntax highlighting for line expansion. !31821
- Fix issuable sidebar icon on notification disabled. !32134
- Upgrade Mermaid to v8.2.4. !32186
- Fix Piwik not working. !32234
- Fix snippets API not working with visibility level. !32286
- Fix upload URLs in Markdown for users without access to project repository. !32448
- Update Mermaid to v8.2.6. !32502
### Performance (1 change)
- Fix N+1 Gitaly calls in /api/v4/projects/:id/issues. !32171
## 12.2.3
- No changes.
## 12.2.2
### Security (22 changes)
- Ensure only authorised users can create notes on Merge Requests and Issues.
- Gitaly: ignore git redirects.
- Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
- Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
- Limit the size of issuable description and comments.
- Send TODOs for comments on commits correctly.
- Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
- Added image proxy to mitigate potential stealing of IP addresses.
- Filter out old system notes for epics in notes api endpoint response.
- Avoid exposing unaccessible repo data upon GFM post processing.
- Fix HTML injection for label description.
- Make sure HTML text is always escaped when replacing label/milestone references.
- Prevent DNS rebind on JIRA service integration.
- Use admin_group authorization in Groups::RunnersController.
- Prevent disclosure of merge request ID via email.
- Show cross-referenced MR-id in issues' activities only to authorized users.
- Enforce max chars and max render time in markdown math.
- Check permissions before responding in MergeController#pipeline_status.
- Remove EXIF from users/personal snippet uploads.
- Fix project import restricted visibility bypass via API.
- Fix weak session management by clearing password reset tokens after login (username/email) are updated.
- Fix SSRF via DNS rebinding in Kubernetes Integration.
## 12.2.1
### Fixed (2 changes)
- Fix for embedded metrics undefined params. !31975
- Fix "ERR value is not an integer or out of range" errors. !32126
### Performance (1 change)
- Fix Gitaly N+1 calls with listing issues/MRs via API. !31938
### Fixed (3 changes)
- Fix for embedded metrics undefined params. !31975
- Fix "ERR value is not an integer or out of range" errors. !32126
- Prevent duplicated trigger action button.
### Performance (1 change)
- Fix Gitaly N+1 calls with listing issues/MRs via API. !31938
## 12.2.0
### Security (4 changes, 1 of them is from the community)
- Update mini_magick to 4.9.5. !31505 (Takuya Noguchi)
- Upgrade Rugged to 0.28.3. !31794
- Queries for Upload should be scoped by model.
- Restrict slash commands to users who can log in.
### Removed (3 changes)
- Remove Kubernetes service integration page. !31365
- Remove line profiler from performance bar.
- Remove GC metrics from performance bar.
### Fixed (74 changes, 4 of them are from the community)
- Resolve Incorrect empty state message on Explore projects. !25578
- Search issuables by iids. !28302 (Riccardo Padovani)
- Make it easier to find invited group members. !28436
- fix: updates to include units for the y axis label. !30330
- Align access permissions for wiki history to those of wiki pages. !30470
- Add index for issues on relative position, project, and state for manual sorting. !30542
- Fix suggestion on lines that are not part of an MR. !30606
- Add empty chart component. !30682
- Remove blank block from job sidebar. !30754
- Remove duplicate buttons in diff discussion. !30757
- Order projects in 'Move issue' dropdown by name. !30778
- Fix bug in dashboard display of closed milestones. !30820
- Fixes alignment issues with reports. !30839
- Ensure visibility icons in group/project listings are grey. !30858
- Fix admin labels page when there are invalid records. !30885
- Extra logging for new live trace architecture. !30892
- Fix pipeline emails not respecting group notification email setting. !30907
- Handle trailing slashes when generating Jira issue URLs. !30911
- Optimize relative re-positioning when moving issues. !30938
- Better support clickable tasklists inside blockquotes. !30952
- Add space to "merged by" widget. !30972
- Remove duplicated mapping key in config/locales/en.yml. !30980 (Peter Dave Hello)
- Update Mermaid to v8.2.3. !30985
- Use persistent Redis cluster for Workhorse pub/sub notifications. !30990
- Remove :livesum from RubySampler metrics. !31047
- Fix pid discovery for Unicorn processes in `PidProvider`. !31056
- Respect group notification email when sending group access notifications. !31089
- Default dependency job stage index to Infinity, and correctly report it as undefined in prior stages. !31116
- Fix incorrect use of message interpolation. !31121
- Moved labels out of fields on Search page. !31137
- Ensure Warden triggers after_authentication callback. !31138
- Fix admin area user access level radio button labels. !31154
- Ignore Gitaly errors if cache flushing fails on project destruction. !31164
- Prevent double slash in review apps path. !31212
- Make pdf.js render CJK characters. !31220
- Prevent discussion filter from persisting to `Show all activity` when opening links to notes. !31229
- Improve layout of dropdowns in the metrics dashboard page. !31239
- Remove pdf.js deprecation warnings. !31253
- Fix GC::Profiler metrics fetching. !31331
- Jupyter fixes. !31332 (Amit Rathi)
- Fix first-time contributor notes not rendering. !31340
- Fix inline rendering of relative paths to SVGs from the current repository. !31352
- Make `bin/web_puma` consider RAILS_ENV. !31378
- Removed extrenal dashboard legend border. !31407
- Fix visual review app storage keys. !31427
- Fix flashing conflict warning when editing issues. !31469
- Fix broken issue links and possible 500 error on cycle analytics page when project name and path are different. !31471
- Prevent turning plain links into embedded when moving issues. !31489
- Add a field for released_at to GH importer. !31496
- Adjust size and align MR-widget loading icon. !31503
- Fix an issue where clicking outside the MR/branch search box in WebIDE closed the dropdown. !31523
- Don't attempt to contact registry if it is disabled. !31553
- Fix IDE new files icon in tree. !31560
- Fix missing author line (`Created by: <user>`) in MRs/issues/comments of imported Bitbucket Cloud project. !31579
- Add missing report-uri to CSP config. !31593
- Fixed display of some sections and externalized all text in the shortcuts modal overlay. !31594
- Remove extra padding from disabled comment box. !31603
- Allow CI to clone public projects when HTTP protocol is disabled. !31632
- error message for general settings. !31636 (Mesut Güneş)
- Invalidate branches cache on PostReceive. !31653
- Fix active metric files being wiped after the app starts. !31668
- Fix :wiki_can_not_be_created_total counter. !31673
- Fix job logs where style changes were broken down into separate lines. !31674
- Properly save suggestions in project exports. !31690
- Fix project avatar image in Slack pipeline notifications. !31788
- Fix empty error flash message on profile:account page when updating username with username that has already been taken. !31809
- Fix starrers counts after searching. !31823
- Fix pipelines not always being created after a push. !31927
- Fix 500 errors in commits api caused by empty ref_name parameter.
- Center loading icon in CI action component.
- Prevents showing 2 tooltips in pipelines table.
- Fix tag page layout.
- Prevent duplicated trigger action button.
- Hides loading spinner in pipelines actions after request has been fullfiled.
### Changed (31 changes, 5 of them are from the community)
- Update cluster page automatically when cluster is created. !27189
- Add branch/tags/commits dropdown filter on the search page for searching codes. !28282 (minghuan lei)
- Add support for start_sha to commits API. !29598
- Maintainers can create subgroups. !29718 (Fabio Papa)
- Extract Auto DevOps deploy functions into a base image. !30404
- Add MR form to Visual Review (EE) runtime configuration. !30481
- Adjust redis cache metrics. !30572
- Add DS_PIP_DEPENDENCY_PATH option to configure Dependency Scanning for projects using pip. !30762
- Bring scoped environment variables to core. !30779
- Add Web IDE Usage Ping for Create SMAU. !30800
- Update the container scanning CI template to use v12 of the clair scanner. !30809
- Multiple pipeline support for Commit status. !30828 (Gaetan Semet)
- Add support for exporting repository type data for LFS objects. !30830
- Avoid increasing redis counters when usage_ping is disabled. !30949
- Added navbar searches usage ping counter. !30953
- Convert githost.log to JSON format. !30967
- Adjusted the clickable area of collapsed sidebar elements. !30974 (Michel Engelen)
- Mark push mirrors as failed after 1 hour. !30999
- Allows masking @ and : characters. !31065
- Remove incorrect fallback when determining which cluster to use when retrieving MR performance metrics. !31126
- Retry push mirrors faster when running concurrently, improve error handling when push mirrors fail. !31247
- Make issue boards importable. !31434 (Jason Colyer)
- Allow users to resend a confirmation link when the grace period has expired. !31476
- Remove counts from default labels API responses. !31543
- Upgrade to Gitaly v1.57.0. !31568
- Rename githost.log -> git_json.log. !31634
- Load search result counts asynchronously. !31663
- feat: adds a download to csv functionality to the dropdown in prometheus metrics. !31679
- Adjust copy for adding additional members. !31726
- Upgrade to Gitaly v1.59.0. !31743
- Filter title, description, and body parameters from logs.
### Performance (17 changes, 1 of them is from the community)
- Add partial index on identities table to speed up LDAP lookups. !26710
- Improve MembersFinder query performance using UNION. !30451 (Jacopo Beschi @jacopo-beschi)
- Rake task to cleanup expired ActiveSession lookup keys. !30668
- Update usage ping cron behavior. !30842
- Make Bootsnap available via ENABLE_BOOTSNAP=1. !30963
- Batch processing of commit refs in markdown processing. !31037
- Use tablesample approximate counting by default. !31048
- Create index on environments by state. !31231
- Split MR widget into etag-cached and non-cached serializers. !31354
- Speed up loading and filtering deploy keys and their projects. !31384
- Only track Redis calls if Peek is enabled. !31438
- Only expire tag cache once per push. !31641
- Reduce Gitaly calls in PostReceive. !31741
- Eliminate many Gitaly calls in discussions API. !31834
- Optimize DB indexes for ES indexing of notes. !31846
- Expire project caches once per push instead of once per ref. !31876
- Look up upstream commits once before queuing ProcessCommitWorkers.
### Added (51 changes, 11 of them are from the community)
- Make starred projects and starrers of a project publicly visible. !24690
- Make quick action commands applied banner more useful. !26672 (Jacopo Beschi @jacopo-beschi)
- Allow Helm to be uninstalled from the UI. !27359
- Improve pipeline status Slack notifications. !27683
- Add links to relevant configuration areas in admin area overview. !29306
- Display project id on project admin page. !29734 (Zsolt Kovari)
- Display group id on group admin page. !29735 (Zsolt Kovari)
- Resolve Keyboard shortcut for jump to NEXT unresolved discussion. !30144
- Personal access tokens are accepted using OAuth2 header format. !30277
- Add Outbound requests whitelist for local networks. !30350 (Istvan Szalai)
- Allow multiple Auto DevOps projects to deploy to a single namespace within a k8s cluster. !30360 (James Keogh)
- Allow Knative to be uninstalled from the UI. !30458
- Add admin-configurable "Support page URL" link to top Help dropdown menu. !30459 (Diego Louzán)
- Allow specifying variables when running manual jobs. !30485
- Use predictable environment slugs. !30551
- Return an ETag header for the archive endpoint. !30581
- Add Rate Request Limiter to RawController#show endpoint. !30635
- Add git blame to GitLab API. !30675 (Oleg Zubchenko)
- Use separate Kubernetes namespaces per environment. !30711
- Support remove source branch on merge w/ push options. !30728
- Deploy serverless apps with gitlabktl. !30740
- Adjust group level analytics to accept multiple ids. !30744
- Adds event enum column to DesignsVersions join table. !30745
- Allow email notifications to be disabled for all members of a group or project. !30755 (Dustin Spicuzza)
- Export and download CSV from metrics charts. !30760
- Add API endpoints to return container repositories and tags from the group level. !30817
- Add support for deferred links in persistent user callouts. !30818
- Add system notes for when a Zoom call was added/removed from an issue. !30857 (Jacopo Beschi @jacopo-beschi)
- Count wiki creation, update and delete events. !30864
- Add new expansion options for merge request diffs. !30927
- Count snippet creation, update and comment events. !30930
- Update namespace label for GitLab-managed clusters. !30935
- UI for disabling group/project email notifications. !30961 (Dustin Spicuzza)
- Support setting of merge request title and description using git push options. !31068
- Add new table to store email domain per group. !31071
- Redirect from a project wiki git route to the project wiki home. !31085
- Link and embed metrics in GitLab Flavored Markdown. !31106
- Moves snowplow tracking from ee to ce. !31160 (jejacks0n)
- Allow Cert-Manager to be uninstalled. !31166
- Add new outbound network requests application setting for system hooks. !31177
- Allow links to metrics dashboard at a specific time. !31283
- Enable embedding of specific metrics charts in GFM. !31304
- Support creating DAGs in CI config through the `needs` key. !31328
- Generate shareable link for specific metric charts. !31339
- Add support for Content-Security-Policy. !31402
- Add BitBucketServer project import filtering. !31420
- Embed specific metrics chart in issue. !31644
- Track page views for cycle analytics show page. !31717
- Add usage pings for source code pushes. !31734
- Makes collapsible title clickable in job log.
- Adds highlight to the collapsible section.
### Other (36 changes, 9 of them are from the community)
- Rewrite `if:` argument in before_action and alike when `only:` is also used. !24412 (George Thomas @thegeorgeous)
- Create rake tasks for migrating legacy uploads out of deprecated paths. !29409
- Remove the warning style from the U2F device message in user settings > account. !30119 (matejlatin)
- Set visibility level 'Private' for restricted 'Internal' imported projects when 'Internal' visibility setting is restricted in admin settings. !30522
- Change BoardService in favor of boardsStore on board blank state of the component board. !30546 (eduarmreyes)
- Adds Sidekiq scheduling latency structured logging field. !30784
- Adds chaos endpoints to Sidekiq. !30814
- Added multi-select deletion of container registry images. !30837
- When GitLab import fails during importer user mapping step, add an explicit error message mentioning importer. !30838
- Add Rugged calls and duration to API and Rails logs. !30871
- Fixed distorted avatars when resource not reachable. !30904 (Marc Schwede)
- Update GitLab Runner Helm Chart to 0.7.0. !30950
- Use Rails 5.2 Redis caching store. !30966
- Add Rugged calls to performance bar. !30983
- add color selector to broadcast messages form. !30988
- Harmonize selections in user settings. !31110 (Marc Schwede)
- Update rouge to v3.7.0. !31254
- Update 'Ruby on Rails' project template. !31310
- Fix mirroring help text. !31348 (jramsay)
- Enhance style of the shared runners limit. !31386
- Enables storage statistics for root namespaces on database. !31392
- Improve quick action error messages. !31451
- Enable authenticated cookie encryption. !31463
- Update karma to 4.2.0. !31495 (Takuya Noguchi)
- Add max_replication_slots to PG HA documentation. !31534
- Create database tables for the new cycle analytics backend. !31621
- Updated the detached pipeline badge tooltip text to offer a better explanation. !31626
- Add Gitaly and Rugged call timing in Sidekiq logs. !31651
- Fix the style-lint errors and warnings for `app/assets/stylesheets/pages/wiki.scss`. !31656
- Update GraphicsMagick from 1.3.29 to 1.3.33 for CI tests. !31692 (Takuya Noguchi)
- Migrate remaining users with null private_profile. !31708
- Bump Helm to 2.14.3 and kubectl to 1.11.10 for Kubernetes integration. !31716
- Updated the personal access token api scope description to reflect the permissions it grants. !31759
- Add finished_at to the internal API Deployment entity. !31808
- Remove Security Dashboard feature flag. !31820
- Update Packer.gitlab-ci.yml to use latest image. (Kelly Hair)
## 12.1.14
### Security (1 change)
- Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.
## 12.1.12
### Security (12 changes)
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- Check permissions before showing head pipeline blocking merge requests.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
- Cancel all running CI jobs triggered by the user who is just blocked.
- Fix Gitaly SearchBlobs flag RPC injection.
- Only render fixed number of mermaid blocks.
- Prevent GitLab accounts takeover if SAML is configured.
- Upgrade mermaid to prevent XSS.
## 12.1.10
- No changes.
## 12.1.5
### Security (2 changes)
- Upgrade Gitaly to 1.53.2 to prevent revision flag injection exploits.
- Upgrade pages to 1.7.1 to prevent gitlab api token recovery from cookie.
## 12.1.4
### Fixed (3 changes, 1 of them is from the community)
- Properly translate term in projects list. !30958
- Add exclusive lease to mergeability check process. !31082
- Fix Docker in Docker (DIND) listen port behavior change by adding DOCKER_TLS_CERTDIR in CI job templates. !31201 (Cameron Boulton)
### Performance (1 change)
- Improve job log rendering performance. !31262
## 12.1.3
### Fixed (11 changes)
- Prevent multiple confirmation modals from opening when deleting a repository. !30532
- Fix the project auto devops API. !30946
- Fix "Certificate misses intermediates" UI error when enabling Let's Encrypt integration for pages domain. !30995
- Fix xterm css not loading for environment terminal. !31023
- Set DOCKER_TLS_CERTDIR in Auto Dev-Ops CI template to fix jobs using Docker-in-Docker. !31078
- Set DOCKER_TLS_CERTDIR in CI job templates to fix Docker-in-Docker service. !31080
- Support Docker OCI images. !31127
- Fix error rendering submodules in MR diffs when there is no .gitmodules. !31162
- Fix pdf.js rendering pages in the wrong order. !31222
- Fix exception handling in Gitaly autodetection. !31285
- Fix bug that caused diffs not to show on MRs with changes to submodules.
### Performance (1 change)
- Optimise import performance. !31045
## 12.1.2
### Security (1 change)
- Use source project as permissions reference for MergeRequestsController#pipelines.
### Security (9 changes)
- Restrict slash commands to users who can log in.
- Patch XSS issue in wiki links.
- Queries for Upload should be scoped by model.
- Filter merge request params on the new merge request page.
- Fix Server Side Request Forgery mitigation bypass.
- Show badges if pipelines are public otherwise default to project permissions.
- Do not allow localhost url redirection in GitHub Integration.
- Do not show moved issue id for users that cannot read issue.
- Drop feature to take ownership of trigger token.
## 12.1.1
- No changes.
## 12.1.0
### Security (11 changes, 2 of them are from the community)
- Update tar to 2.2.2. !29949 (Takuya Noguchi)
- Update lodash to 4.7.14 and lodash.mergewith to 4.6.2. !30602 (Takuya Noguchi)
- Correctly check permissions when creating snippet notes.
- Gate MR head_pipeline behind read_pipeline ability.
- Prevent Billion Laughs attack.
- Add missing authorizations in GraphQL.
- Fix Denial of Service for comments when rendering issues/MR comments.
- Expose merge requests count based on user access.
- Fix DoS vulnerability in color validation regex.
- Prevent the detection of merge request templates by unauthorized users.
- Persist tmp snippet uploads at users.
### Removed (7 changes)
- Disable Kubernetes credential passthrough for managed project-level clusters. !29262
- Remove deprecated group routes. !29351
- Remove support for creating non-RBAC kubernetes clusters. !29614
- Remove Kubernetes service integration and Kubernetes service template from available deployment platforms. !29786
- Remove MySQL support. !29790
- Remove depreated /u/:username routing. !30044
- Remove support for legacy pipeline triggers. !30133
### Fixed (84 changes, 14 of them are from the community)
- Update a user's routes after updating their name. !23272
- Show poper panel when validation error occurs in admin settings panels. !25434
- Expect bytes from Gitaly RPC GetRawChanges. !28164
- Sanitize LDAP output in Rake tasks. !28427
- Left align mr widget icons and text. !28561
- Keep the empty folders in the tree. !29196
- Fix incorrect emoji placement in commit diff discussion. !29445
- Fix favicon path with uploads of object store. !29482 (Roger Meier)
- Remove duplicate trailing +/- char in merge request discussions. !29518
- Fix the signup form's username validation messages not displaying. !29678 (Jiaan Louw)
- Fix broken environment selector and always display it on monitoring dashboard. !29705
- Fix Container Scanning job timeout when using the kubernetes executor. !29706
- Look for new branches more carefully. !29761
- Fix nested lists unnecessary margin. !29775 (Kuba Kopeć)
- Fix reports jobs timing out because of cache. !29780
- Fix Double Border in Profile Page. !29784 (Yoginth <@yo>)
- Remove minimum character limits for fuzzy searches when using a CTE. !29810
- Set default sort method for dashboard projects list. !29830 (David Palubin)
- Protect TeamCity builds from triggering when a branch has been deleted. And a MR-option. !29836 (Nikolay Novikov, Raphael Tweitmann)
- Fix pipeline schedule does not run correctly when it's scheduled at the same time with the cron worker. !29848
- Always shows author of created issue/started discussion/comment in HTML body and text of email. !29886 (Frank van Rest)
- Build correct basenames for title search results. !29898
- Resolve "500 error when forking via the web IDE button". !29909
- Turn commit sha in monitor charts popover to link. !29914
- Fix broken URLs for uploads with a plus in the filename. !29915
- Retry fetching Kubernetes Secret#token (#63507). !29922
- Enforce presence of pipeline when "Pipeline must succeed" project setting is enabled. !29926
- Fix unresponsive reply button in discussions. !29936
- Allow asynchronous rebase operations to be monitored. !29940
- Resolve Avatar in Please sign in pattern too large. !29944
- Persist the cluster a deployment was deployed to. !29960
- Fix runner tags search dropdown being empty when there are tags. !29985
- Display the correct amount of projects being migrated/rolled-back to Hashed Storage when specifying ranges. !29996
- Resolve Environment details header border misaligned. !30011
- Correct link to docs for External Dashboard. !30019
- Fix Jupyter-Git integration. !30020 (Amit Rathi)
- Update Mermaid to 8.1.0. !30036
- Fix background migrations failing with unused replication slot. !30042
- Disable Rails SQL query cache when applying service templates. !30060
- Set higher TTL for write lock of trace to prevent concurrent archiving. !30064
- Fix charts on Cluster health page. !30073
- Display boards filter bar on mobile. !30120
- Fix IDE editor not showing when switching back from preview. !30135
- Support note position tracing on an image. !30158
- Replace slugifyWithHyphens with improved slugify function. !30172 (Luke Ward)
- 'Open' and 'Closed' issue board lists no longer display a redundant tooltip. !30187
- Fix pipelines table to update without refreshing after action. !30190
- Change ruby_process_start_time_seconds metric to unix timestamp instead of seconds from boot. !30195
- Fix attachments using the wrong URLs in e-mails. !30197
- Make sure UnicornSampler is started only in master process. !30215
- Don't show image diff note on text file. !30221
- Fix median counting for cycle analytics. !30229
- In WebIDE allow adding new entries of the same name as deleted entry. !30239
- Don't let logged out user do manual order. !30264
- Skip spam check for task list updates. !30279
- Make Housekeeping button do a full garbage collection. !30289
- Removing an image should not output binary data. !30314
- Fix spacing issues for toasts. !30345
- Fix race in forbid_sidekiq_in_transactions.rb. !30359
- Fixed back navigation for projects filter. !30373
- Fix environments broken terminal. !30401
- Fix invalid SSL certificate errors on Drone CI service. !30422
- Fix subgroup url in search drop down. !30457
- Make unicorn_workers to return meaningful results. !30506
- Fix wrong URL when creating milestones from instance milestones dashboard. !30512
- Fixed incorrect line wrap for assignee label in issues. !30523 (Marc Schwede)
- Improves section header whitespace on the CI/CD Charts page. !30531
- Prevent multiple confirmation modals from opening when deleting a repository. !30532
- Aligns CI icon in Merge Request dashboard. !30558
- Add text-secondary to controls in project list. !30567
- Review Tools: Add large z-index to toolbar. !30583
- Hide restricted and disallowed visibility radios. !30590
- Resolve Label picker: Line break on long label titles. !30610
- Fix a bug that prevented projects containing merge request diff comments from being imported. !30630
- I fixed z index bug in diff page. !30657 (Faruk Can)
- Allow client authentication method to be configured for OpenID Connect. !30683 (Vincent Fazio)
- Fix commenting before discussions are loaded. !30724
- Fix linebreak rendering in Mermaid flowcharts. !30730
- Make httpclient respect system SSL configuration. !30749
- Bump fog-aws to v3.5.2. !30803
- API: Allow changing only ci_default_git_depth. !30888 (Mathieu Parent)
- Search issuables by iids. (Riccardo Padovani)
- Fix broken warnings while Editing Issues and Edit File on MR.
- Make sure we are receiving the proper information on the MR Popover by updating the IID in the graphql query.
### Changed (39 changes, 8 of them are from the community)
- Improve group list UI. !26542
- Backport and Docs for Paginate license management and add license search. !27602
- Update merge requests section description text on project settings page. !27838
- Knative version bump 0.5 -> 0.6. !28798 (Chris Baumbauer)
- Add salesforce logo for salesforce SSO. !28857
- Enforced requirements for UltraAuth users. !28941 (Kartikey Tanna)
- Return 400 when deleting tags more often than once per hour. !29448
- Add identity information to external authorization requests. !29461
- Enable just-in-time Kubernetes resource creation for project-level clusters. !29515
- renamed discussion to thread in merge-request and issue timeline. !29553 (Michel Engelen)
- Changed HTTP Status Code for disabled repository on /branches and /commits to 404. !29585 (Sam Battalio)
- Enable Git object pools. !29595 (jramsay)
- Updated container registry to display error message when special characters in path. Documentation has also been updated. !29616
- Allow developers to delete tags. !29668
- Will not update issue timestamps when changing positions in a list. !29677
- Include a link back to the MR for Visual Review feedback form. !29719
- Improve discussion reply buttons layout and how jump to next discussion button appears. !29779
- Renders a pre-release tag for releases. !29797
- Migrate NULL values for users.private_profile column and update users API to reject null value for private_profile. !29888
- Re-name files in Web IDE in a more natural way. !29948
- Include events from subgroups in group's activity. !29953 (Fabian Schneider @fabsrc)
- Upgrade to Gitaly v1.49.0. !29990
- Remove group and instance clusters feature flag. !30124
- Add support for creating random passwords in user creation API. !30138
- Support CIDR notation in IP rate limiter. !30146
- Add Redis call details in Peek performance bar. !30191
- Create Knative role and binding with service account. !30235
- Add cleanup migration for MR's multiple assignees. !30261
- Updates PHP template to php:latest to ensure always targeting latest stable. !30319 (Paul Giberson)
- Format `from` and `to` fields in JSON audit log. !30333
- Upgrade to Gitaly v1.51.0. !30353
- Modify cycle analytics on project level. !30356
- Extract clair version as CLAIR_EXECUTABLE_VERSION variable and update clair executable from v8 to v11. !30396
- Upgrade Rouge to 3.5.1. !30431
- Move multiple issue boards to core. !30503
- Upgrade to Gitaly v1.52.0. !30568
- Upgrade to Gitaly v1.53.0. !30614
- Open WebIDE in fork when user doesn't have access. !30642
- Propagate python version variable. (Can Eldem)
### Performance (25 changes, 1 of them is from the community)
- Remove tooltip directive on project avatar image component. !29631 (George Tsiolis)
- Use Rugged if we detect storage is NFS and we can access the disk. !29725
- Add endpoint for fetching diverging commit counts. !29802
- Cache feature flag names in Redis for a minute. !29816
- Avoid storing backtraces from Bitbucket Cloud imports in the database. !29862
- Remove import columns from projects table. !29863
- Enable Gitaly ref name caching for discussions.json. !29951
- Allow caching of negative FindCommit matches. !29952
- Eliminate N+1 queries in Dashboard::TodosController. !29954
- Memoize non-existent custom appearances. !29957
- Add a separate endpoint for fetching MRs serialized as widgets. !29979
- Use CTE to fetch clusters hierarchy in single query. !30063
- Enable Gitaly ref caching for SearchController. !30105
- Avoid loading pipeline status in search results. !30111
- Improve performance of MergeRequestsController#ci_environment_status endpoint. !30224
- Add a memory cache local to the thread to reduce Redis load. !30233
- Cache Flipper persisted names directly to local memory storage. !30265
- Limit amount of JUnit tests returned. !30274
- Cache Flipper feature flags in L1 and L2 caches. !30276
- Prevent amplification of ReactiveCachingWorker jobs upon failures. !30432
- Allow ReactiveCaching to support nil value. !30456
- Improve performance of fetching environments statuses. !30560
- Do Redis lookup in batches in ActiveSession.sessions_from_ids. !30561
- Remove catfile cache feature flag. !30750
- Fix Gitaly auto-detection caching. !30954
### Added (46 changes, 12 of them are from the community)
- Document the negative commit message push rule for the API. !14004 (Maikel Vlasman)
- Expose saml_provider_id in the users API. !14045
- Improve Project API. !28327 (Mathieu Parent)
- Remove Sentry from application settings. !28447 (Roger Meier)
- Implement borderless discussion design with new reply field. !28580
- Enable terminals for instance and group clusters. !28613
- Resolve Multiple discussions per line in merge request diffs. !28748
- Adds link to Grafana in Admin > Monitoring settings when grafana is enabled in config. !28937 (Romain Maneschi)
- Bring Manual Ordering on Issue List. !29410
- Added commit type to tree GraphQL response. !29412
- New API for User Counts, updates on success of an MR the count on top and in other tabs. !29441
- Add option to limit time tracking units to hours. !29469 (Jon Kolb)
- Add confirmation for registry image deletion. !29505
- Sync merge ref upon mergeability check. !29569
- Show an Upcoming Status for Releases. !29577
- Add order_by and sort params to list runner jobs api. !29629 (Sujay Patel)
- Allow custom username for deploy tokens. !29639
- Add a verified pill next to email addresses under the admin users section. !29669
- Add rake task to clean orphan artifact files. !29681
- Render GFM in GraphQL. !29700
- Upgrade asciidoctor version to 2.0.10. !29741 (Rajendra Kadam)
- Allow auto-completing scoped labels. !29749
- Enable syntax highlighting for AsciiDoc. !29835 (Guillaume Grossetie)
- Expose placeholder element for metrics charts in GFM. !29861
- Added a min schema version check to db:migrate. !29882
- Extract zoom link from issue and pass to frontend. !29910 (raju249)
- GraphQL mutations for add, remove and toggle emoji. !29919
- Labeled issue boards can now collapse. !29955
- Allow Ingress to be uninstalled from the UI. !29977
- Add permission check to metrics dashboards endpoint. !30017
- Allow JupyterHub to be uninstalled from the UI. !30097
- Allow GitLab Runner to be uninstalled from the UI. !30176
- GraphQL mutations for managing Notes. !30210
- Add API for CRUD group clusters. !30213
- Add endpoint to move multiple issues in boards. !30216
- Enable terminals button for group clusters. !30255
- Prevent excessive sanitization of AsciiDoc ouptut. !30290 (Guillaume Grossetie)
- Extend `MergeToRefService` to create merge ref from an arbitrary ref. !30361
- Add CI variable to provide GitLab HOST. !30417
- Add migration for adding rule_type to approval_project_rules. !30575
- Enable section anchors in Asciidoctor. !30666 (Guillaume Grossetie)
- Preserve footnote link ids in Asciidoctor. !30790 (Guillaume Grossetie)
- Add support for generating SSL certificates for custon pages domains through Let's Encrypt.
- Introduce default: for gitlab-ci.yml.
- Move Multiple Issue Boards for Projects to Core.
- Add Gitaly data to the usage ping.
### Other (35 changes, 15 of them are from the community)
- Remove unresolved class and fixed height in discussion header. !28440 (David Palubin)
- Moved EE/CE code differences for file `app/views/search/_category.html.haml` into CE. !28755 (Michel Engelen)
- Changes "Todo" to "To Do" in the UI for clarity. !28844
- Migrate GitLab managed project-level clusters to unmanaged if a Kubernetes namespace was unable to be created. !29251
- Migrate GitLab managed project-level clusters to unmanaged if they are missing a Kubernetes service account token. !29648
- Add strategies column to operations_feature_flag_scopes table. !29808
- Disallow `NULL` values for `geo_nodes.primary` column. !29818 (Arun Kumar Mohan)
- Replace 'JIRA' with 'Jira'. !29849 (Takuya Noguchi)
- Support jsonb default in add_column_with_default migration helper. !29871
- Update pagination prev and next texts. !29911
- Adds metrics to measure cost of expensive operations. !29928
- Always allow access to health endpoints from localhost in dev. !29930
- Update GitLab Runner Helm Chart to 0.6.0. !29982
- Use darker gray color for system note metadata and edited text. !30054
- Fix typo in docs about Elasticsearch. !30162 (Takuya Noguchi)
- Fix typo in code comments about Elasticsearch. !30163 (Takuya Noguchi)
- Update mixin-deep to 1.3.2. !30223 (Takuya Noguchi)
- Migrate markdown header_spec.js to Jest. !30228 (Martin Hobert)
- Remove istanbul JavaScript package. !30232 (Takuya Noguchi)
- Centralize markdownlint configuration. !30263
- Use PostgreSQL 9.6.11 in CI tests. !30270 (Takuya Noguchi)
- Fix typo in updateResolvableDiscussionsCounts action. !30278 (Frank van Rest)
- Change color for namespace in commit search. !30312
- Remove applySuggestion from notes service. !30399 (Frank van Rest)
- Improved readability of storage statistics in group / project admin area. !30406
- Alignign empty container registry message with design guidelines. !30502
- Remove toggleAward from notes service. !30536 (Frank van Rest)
- Remove deleteNote from notes service. !30537 (Frank van Rest)
- change the use of boardService in favor of boardsStore on footer for the board component. !30616 (eduarmreyes)
- Update example Prometheus scrape config. !30739
- Update GitLab Pages to v1.7.0.
- Add token_encrypted column to operations_feature_flags_clients table.
- Removes EE diff for app/views/profiles/preferences/show.html.haml.
- Removes EE differences for app/views/layouts/fullscreen.html.haml.
- Removes EE differences for app/views/admin/users/show.html.haml.
## 12.0.12
- No changes.
## 12.0.10
- No changes.
- No changes.
## 12.0.7
### Security (22 changes)
- Ensure only authorised users can create notes on Merge Requests and Issues.
- Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
- Queries for Upload should be scoped by model.
- Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
- Limit the size of issuable description and comments.
- Send TODOs for comments on commits correctly.
- Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
- Added image proxy to mitigate potential stealing of IP addresses.
- Filter out old system notes for epics in notes api endpoint response.
- Avoid exposing unaccessible repo data upon GFM post processing.
- Fix HTML injection for label description.
- Make sure HTML text is always escaped when replacing label/milestone references.
- Prevent DNS rebind on JIRA service integration.
- Use admin_group authorization in Groups::RunnersController.
- Prevent disclosure of merge request ID via email.
- Show cross-referenced MR-id in issues' activities only to authorized users.
- Enforce max chars and max render time in markdown math.
- Check permissions before responding in MergeController#pipeline_status.
- Remove EXIF from users/personal snippet uploads.
- Fix project import restricted visibility bypass via API.
- Fix weak session management by clearing password reset tokens after login (username/email) are updated.
- Fix SSRF via DNS rebinding in Kubernetes Integration.
## 12.0.6
- No changes.
## 12.0.3 (2019-06-27)
- No changes.
### Security (10 changes)
- Persist tmp snippet uploads at users.
- Gate MR head_pipeline behind read_pipeline ability.
- Fix DoS vulnerability in color validation regex.
- Expose merge requests count based on user access.
- Fix Denial of Service for comments when rendering issues/MR comments.
- Add missing authorizations in GraphQL.
- Disable Rails SQL query cache when applying service templates.
- Prevent Billion Laughs attack.
- Correctly check permissions when creating snippet notes.
- Prevent the detection of merge request templates by unauthorized users.
## 12.0.2 (2019-06-25)
### Fixed (7 changes, 1 of them is from the community)
- Fix missing API notification flags for Microsoft Teams. !29824 (Seiji Suenaga)
- Fixed 'diff version changes' link not working. !29825
- Fix label serialization in issue and note hooks. !29850
- Include the GitLab version in the cache key for Gitlab::JsonCache. !29938
- Prevent EE backport migrations from running if CE is not migrated. !30002
- Silence backup warnings when CRON=1 in use. !30033
- Fix comment emails not respecting group-level notification email.
### Performance (1 change)
- Omit issues links in merge request entity API response. !29917
## 12.0.1 (2019-06-24)
- No changes.
## 12.0.0 (2019-06-22)
### Security (10 changes)
- Prevent bypass of restriction disabling web password sign in.
- Hide confidential issue title on unsubscribe for anonymous users.
- Resolve: Milestones leaked via search API.
- Fix url redaction for issue links.
- Add extra fields for handling basic auth on import by url page.
- Fix confidential issue label disclosure on milestone view.
- Filter relative links in wiki for XSS.
- Prevent invalid branch for merge request.
- Prevent XSS injection in note imports.
- Protect Gitlab::HTTP against DNS rebinding attack.
### Removed (5 changes, 1 of them is from the community)
- Remove ability for group clusters to be automatically configured on creation. !27245
- Removes support for AUTO_DEVOPS_DOMAIN. !28460
- Remove the circuit breaker API. !28669
- Make Kubernetes service templates readonly. !29044
- Remove Content-Type override for Mattermost OAuth login. (Harrison Healey)
### Fixed (115 changes, 28 of them are from the community)
- Fix col-sm-* in forms to keep layout. !24885 (Takuya Noguchi)
- Avoid 500 when rendering users ATOM data. !25408
- Fix flyout nav on small viewports. !25998
- Fix proxy support in Container Scanning. !27246
- preventing blocked users and their PipelineSchdules from creating new Pipelines. !27318
- Fix yaml linting for GitLab CI inside project (.gitlab/ci) *.yml files and CI template files. !27576 (Will Hall)
- Fix yaml linting for project root *.yml files. !27579 (Will Hall)
- Added a content field to atom feed. !27652
- Bring secondary button styles up to design standard. !27920
- Use FindOrCreateService to create labels and check for existing ones. !27987 (Matt Duren)
- Fix "too many loops" error by handling gracefully cron schedules for non existent days. !28002
- Fix 500 error when accessing charts with an anonymous user. !28091 (Diego Silva)
- Allow user to set primary email first when 2FA is required. !28097 (Kartikey Tanna)
- Auto-DevOps: allow to disable rollout status check. !28130 (Sergej Nikolaev <kinolaev@gmail.com>)
- Resolved JIRA service: NoMethodError: undefined method 'find' for nil:NilClass. !28206
- Supports Matomo/Piwik string website ID ("Protect Track ID" plugin). !28214 (DUVERGIER Claude)
- Fix loading.. dropdown at search field. !28275 (Pavel Chausov)
- Remove unintended error message shown when moving issues. !28317
- Properly clear the merge error upon rebase failure. !28319
- Upgrade dependencies for node 12 compatibility. !28323
- Fix. `db:migrate` is failed on MySQL 8. !28351 (sue445)
- Fix an error in projects admin when statistics are missing. !28355
- Fix emojis URLs. !28371
- Prevent common name collisions when requesting multiple Let's Encrypt certificates concurrently. !28373
- Fix issue that causes "Save changes" button in project settings pages to be enabled/disabled incorrectly when changes are made to the form. !28377
- Fix diff notes and discussion notes being exported as regular notes. !28401
- Fix padding in MR widget. !28472
- Updates loading icon in commits page. !28475
- Fix border radius of discussions. !28490
- Update broadcast message action icons. !28496 (Jarek Ostrowski @jareko)
- Update icon color to match design system, pass accessibility. !28498 (Jarek Ostrowski @jareko)
- Show data on Cycle Analytics page when value is less than a second. !28507
- Fix dropdown position when loading remote data. !28526
- Delete unauthorized Todos when project is made private. !28560
- Change links in system notes to use relative paths. !28588 (Luke Picciau)
- Update favicon from next. !28601 (Jarek Ostrowski @jareko)
- Open visibility help link in a new tab. !28603 (George Tsiolis)
- Fix issue importing members with owner access. !28636
- Fix the height of the page headers on issues/merge request/snippets pages. !28650 (Erik van der Gaag)
- Always show "Pipelines must succeed" checkbox. !28651
- Resolve moving an issue results in broken image links in comments. !28654
- Fix milestone references containing &, <, or >. !28667
- Add hover and focus to Attach a file. !28682
- Correctly word-wrapping project descriptions with very long words. !28695 (Erik van der Gaag)
- Prevent icons from shrinking in User popover when contents exceed container. !28696
- Allow removal of empty lines via suggestions. !28703
- Throw an error when formatDate's input is invalid. !28713
- Fix order dependency with user params during imports. !28719
- Fix search dropdown not closing on blur if empty. !28730
- Fixed ignored postgres version that occurs after the first autodevops deploy when specifying custom $POSTGRES_VERSION. !28735 (Brandon Dimcheff)
- Limit milestone dates to before year 9999. !28742 (Luke Picciau)
- Set project default visibility to max allowed. !28754
- Cancel auto merge when merge request is closed. !28782
- Fixes Ref link being displayed as raw HTML in the Pipelines page. !28823
- Fix job name in graph dropdown overflowing. !28824
- Add style to disable webkit icons for search inputs. !28833 (Jarek Ostrowski @jareko)
- Fix email notifications for user excluded actions. !28835
- Resolve Tooltip Consistency. !28839
- Fix Merge Request merge checkbox alignment on mobile view. !28845
- Add referenced-commands in no overflow list. !28858
- Fix participants list wrapping. !28873
- Excludes MR author from Review roulette. !28886 (Jacopo Beschi @jacopo-beschi)
- Give labels consistent weight. !28895
- Added padding to time window dropdown in monitor dashboard. !28897
- Move text under p tag. !28901
- Resolve Position is off when visiting files with anchors. !28913
- Fix whitespace changes visibility when the related file was initially collapsed. !28950 (Ondřej Budai)
- Fix emoji picker visibility issue. !28984
- Resolve Merge request discussion text jumps when resolved. !28995
- Allow lowercase prefix for Youtrack issue ids. !29057 (Matthias Baur)
- Add support to view entirety of long branch name in dropdown instead of it being cut off. !29069
- Fix inconsistent option dropdown button height to match adjacent button. !29096
- Improve new user email markup unconsistency between text and html parts. !29111 (Haunui Saint-sevin)
- Eliminate color inconsistencies in metric graphs. !29127
- Avoid setting Gitlab::Session on sessionless requests and Git HTTP. !29146
- Use the selected time window for metrics dashboard. !29152
- Remove build policies from serverless app template. !29253
- Fix serverless apps deployments by bumping 'tm' version. !29254
- Include the port in the URLs of the API Link headers. !29267
- Fix Fogbugz Importer not working. !29383
- Fix GPG signature verification with recent GnuPG versions. !29388 (David Palubin)
- Cancel Auto Merge when target branch is changed. !29416
- Fix nil coercion updating storage size on project statistics. !29425
- Ignore legacy artifact columns in Project Import/Export. !29427
- Avoid DB timeouts when scheduling migrations. !29437
- Handle encoding errors for MergeToRefService. !29440
- Fix UTF-8 conversion issues when resolving conflicts. !29453
- Enlarge metrics time-window dropdown links. !29458
- Remove unnecessary decimals on Metrics chart axis. !29468
- Fix scrolling to top on assignee change. !29500
- Allow command/control click to open link in new tab on Merge Request tabs. !29506
- Omit blocked admins from repository check e-mails. !29507
- Fix diverged branch locals. !29508
- Process up to 100 commit messages for references when pushing to a new default branch. !29511 (Fabio Papa)
- Allow developer role to delete docker tags via container registry API. !29512
- Fix "Resolve conflicts" button not appearing for some users. !29535
- Fix: propagate all documented ENV vars to CI when using SAST. !29564
- AutoDevops function ensure_namespace() now explicitly tests the namespace. !29567 (Jack Lei)
- Fix sidebar flyout navigation. !29571
- Fix missing deployment rockets in monitor dashboard. !29574
- Fix inability to set visibility_level on project via API. !29578
- Ensure a Kubernetes namespace is not used for deployments if there is no service account token associated with it. !29643
- Refresh service_account_token for kubernetes_namespaces. !29657
- Expose all current events properly on services API. !29736 (Zsolt Kovari)
- Move Dropdown to Stick to MR View App Button. !29767
- Fix IDE commit using latest ref in branch and overriding contents. !29769
- Revert concurrent pipeline creation for pipeline schedules. !29794
- Fix border radii on diff files and repo files.
- Fix padding of unclickable pipeline dropdown items to match links.
- Fix pipeline schedules when owner is nil.
- Fix remote mirrors not updating after tag push.
- Fix layout of group milestone header.
- Fixed show whitespace button not refetching diff content.
- Change resolve button text to mark comment as resolved.
- Align system note within discussion with other notes.
### Changed (35 changes, 13 of them are from the community)
- Include information if issue was clossed via merge request or commit. !15610 (Michał Zając)
- Removes duplicated members from api/projects/:id/members/all. !24005 (Jacopo Beschi @jacopo-beschi)
- Apply the group setting "require 2FA" across all subgroup members as well when changing the group setting. !24965 (rroger)
- Enable function features for external Knative installations. !27173
- Remove dind from DAST template. !28083
- Update registration form to indicate invalid name or username length on input. !28095 (Jiaan Louw)
- Default masked to false for new variables. !28186
- Better isolated `Docker.gitlab-ci.yml` to avoid interference with other job configurations. !28213 (lrkwz)
- Remove the mr_push_options feature flag. !28278
- Replace Oxygen-Sans font with Noto Sans. !28322
- Update new smiley icons, find n replace old names with new ones. !28338 (Jarek Ostrowski)
- Adds a text label to color pickers to improve accessibility. !28343 (Chris Toynbee)
- Prioritize login form on mobile breakpoint. !28360
- Move some project routes under /-/ scope. !28435
- I18n for issue closure reason in emails. !28489 (Michał Zając)
- Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation and usage. !28546
- Add check circle filled icon for resolved comments. !28663
- Update project security dashboard documentation. !28681
- Remove `docker pull` prefix when copying a tag from the registry. !28757 (Benedikt Franke)
- Adjust milestone completion rate to be based on issues count. !28777
- Enhance line-height of Activity feed UI. !28856 (Jacopo Beschi @jacopo-beschi)
- Upgrade to Gitaly v1.43.0. !28867
- Do not display Update app button when saving Knative domain name. !28904
- Rebrush of flash-warning according to the new design (brighter background and darker font). !28916 (Michel Engelen)
- Added reference, web_path, and relative_position fields to GraphQL Issue. !28998
- Change logic behind cycle analytics. !29018
- Add documentation links for confidental and locked discussions. !29073
- Update GITALY_SERVER_VERSION to 1.45.0. !29109
- Allow masking if 8 or more characters in base64. !29143 (thomas-nilsson-irfu)
- Replaces sidekiq mtail metrics with ruby instrumentation metrics. !29215
- Allow references to labels and milestones to contain emoji. !29284
- changed the styles on `Add List` dropdown to look more like the EE vesion. !29338 (Michel Engelen)
- Hashed Storage is enabled by default on new installations. !29586
- Upgrade to Gitaly v1.47.0. !29789
- Default MR checkbox to true in most cases.
### Performance (11 changes)
- Improve performance of jobs controller. !28093
- Upgrade Ruby version to 2.6.3. !28117
- Make pipeline schedule worker resilient. !28407
- Fix performance issue with large Markdown content in issue or merge request description. !28597
- Improve clone performance by using delta islands. !28871
- Reduce Gitaly calls to improve performance when rendering suggestions. !29027
- Use Redis for CacheMarkDownField on non AR models. !29054
- Add index on public_email for users. !29430
- Speed up commit loads by disabling BatchLoader replace_methods. !29633
- Add index on invite_email for members. !29768
- Improve performance of users autocomplete when there are lots of results.
### Added (47 changes, 12 of them are from the community)
- Added option to filter jobs by age in the /job/request API endpoint. !1340 (Dmitry Chepurovskiy)
- Add ability to define notification email addresses for groups you belong to. !25299
- Add wiki size to project statistics. !25321 (Peter Marko)
- 58404 - setup max depth for GraphQL. !25737 (Ken Ding)
- Add auto SSL toggle option to Pages domain settings page. !26438
- Empty project state for Web IDE. !26556
- Add support for multiple job parents in GitLab CI YAML. !26801 (Wolphin (Nikita))
- Pass user's identity and token from JupyterHub to user's Jupyter environment. !27314 (Amit Rathi)
- Add issues_statistics api endpoints and extend issues search api. !27366
- Validate Kubernetes credentials at cluster creation. !27403
- Update the merge request widget's "Merge" button to support merge trains. !27594
- Style the toast component according to design specs. !27734
- Add API support for committing changes to different projects in same fork network. !27915
- Add support for && and || to CI Pipeline Expressions. Change CI variable expression matching for Lexeme::Pattern to eagerly return tokens. !27925 (Martin Manelli)
- Added ref querystring parameter to project search API to allow searching on branches/tags other than the default. !28069 (Lee Tickett)
- Add notify_only_default_branch option to PipelinesEmailService. !28271 (Peter Marko)
- Support multiplex GraphQL queries. !28273
- Add Namespace and ProjectStatistics to GraphQL API. !28277
- Display classname JUnit attribute in report modal. !28376
- API: Allow to get and set "masked" attribute for variables. !28381 (Mathieu Parent)
- Add allow_failure attribute to Job API. !28406
- Add support for AsciiDoc include directive. !28417 (Jakub Jirutka & Guillaume Grossetie)
- Migrate Kubernetes service integration templates to clusters. !28534
- Allow issue list to be sorted by relative order. !28566
- Implement borderless discussion design with new reply field. !28580
- Add expand/collapse to error tracking settings. !28619
- Adds collapsible sections for job log. !28642
- Add LFS oid to GraphQL blob type. !28666
- Allow users to specify a time range on metrics dashboard. !28670
- Add a New Copy Button That Works in Modals. !28676
- Add Kubernetes logs to Admin Logs UI. !28685
- Set up git client in Jupyter installtion. !28783 (Amit Rathi)
- Add task count and completed count to responses of Issue and MR. !28859
- Add project level git depth CI/CD setting. !28919
- Use global IDs when exposing GraphQL resources. !29080
- Expose wiki_size on GraphQL API. !29123
- Expose notes and discussions in GraphQL. !29212
- Use to 'gitlabktl' build serverless applications. !29258
- Adds pagination component for graphql api. !29277
- Allow switching clusters between managed and unmanaged. !29322
- Get and edit ci_default_git_depth via project API. !29353
- Link to an external dashboard from metrics dashboard. !29369
- Add labels to note event payload. !29384 (Sujay Patel)
- Add Join meeting button to issues with Zoom links. !29454
- Add backtraces to Peek performance bar for SQL calls.
- Added diff suggestion feature discovery popover.
- Make task completion status available via GraphQL.
### Other (62 changes, 14 of them are from the community)
- Unified EE/CS differences in repository/show.html. !13562
- Remove legacy artifact related code. !26475
- Backport the EE schema and migrations to CE. !26940 (Yorick Peterse)
- Add dedicated logging for GraphQL queries. !27885
- i18n: externalize strings from user profile settings. !28088 (Antony Liu)
- Omit max-count for diverging_commit_counts behind feature flag. !28157
- Fix alignment of resend button in members page. !28202
- Update indirect dependency fsevents from 1.2.4 to 1.2.9. !28220 (Takuya Noguchi)
- Update get_process_mem to 0.2.3. !28248
- Add Pool repository to the usage ping. !28267
- Forbid NULL in project_statistics.packages_size. !28400
- Update Gitaly to v1.42.1. !28425
- Upgrade babel to 7.4.4. !28437 (Takuya Noguchi)
- Externalize profiles preferences. !28470 (George Tsiolis)
- Update GitLab Runner Helm Chart to 0.5.0. !28497
- Change collapse icon size to size of profile picture. !28512
- Resolve Snippet icon button is misaligned. !28522
- Bumps Kubernetes in Auto DevOps to 1.11.10. !28525
- Bump Helm version in Auto-DevOps.gitlab-ci.yml to 2.14.0. !28527
- Migrate the monitoring dashboard store to vuex. !28555
- Give New Snippet button green outline. !28559
- Removes project_auto_devops#domain column. !28574
- Externalize strings of email page in user profile. !28587 (antony liu)
- Externalize strings of active sessions page in user profile. !28590 (antony liu)
- Refactor and abstract Auto Merge Processes. !28595
- Add section to dev docs on accessing chatops. !28623
- Externalize strings of chat page in user profile. !28632
- Externalize strings of PGP Keys and SSH Keys page in user profile. !28653 (Antony Liu)
- Added the `.extended-height` class to the labels-dropdown. !28659 (Michel Engelen)
- Moved EE/CE code differences for `app/assets/javascripts/gl_dropdown.js` into CE. !28711 (Michel Engelen)
- Update GitLab Runner Helm Chart to 0.5.1. !28720
- Remove support for using Geo with an installation from source. !28737
- API: change masked attribute type to Boolean. !28758
- API: change protected attribute type to Boolean. !28766
- Add a column header to admin/jobs page. !28837
- Reset merge status from mergeable MRs. !28843
- Show tooltip on truncated commit title. !28865 (Timofey Trofimov)
- Added conditional rendering to `app/views/search/_form.html.haml` for CE/EE code base consistency. !28883 (Michel Engelen)
- Change "Report abuse to GitLab" to more generic wording. !28884 (Marc Schwede)
- Update GitLab Pages to v1.6.0. !29048
- Update GitLab Runner Helm Chart to 0.5.2. !29050
- User link styling for commits. !29150
- Fix null source_project_id in pool_repositories. !29157
- Add deletion protection setting column to application_settings table. !29268
- Added code differnces from EE in file 'app/assets/javascripts/pages/projects/project.js' to CE. !29271 (Michel Engelen)
- Update to GitLab Shell v9.3.0. !29283
- Document when milestones and labels links are missing. !29355
- Make margin between buttons consistent. !29378
- Changed the 'Created' label to 'Last Updated' on the container registry table to more accurately reflect what the date represents. !29464
- Update GitLab Pages to v1.6.1. !29559
- Indent collapsible sections. !29804
- Use grid and correct border radius for status badge.
- Remove fixed height from MR diff headers.
- Use blue for activity stream links; use monospace font for commit sha.
- Moves snowplow to CE repo.
- Reduce height of issue board input to align with buttons.
- Change default color of award emoji button.
- Group download buttons into a .btn-group.
- Add warning that gitlab-secrets isn't included in backup.
- Increase height of move issue dropdown.
- Update merge request tabs so they no longer scroll.
- Moves the table pagination shared component.