All Versions
581
Latest Version
Avg Release Cycle
14 days
Latest Release
556 days ago

Changelog History
Page 38

  • v11.5.1 Changes

    November 26, 2018

    πŸ”’ Security (17 changes)

    • Escape user fullname while rendering autocomplete template to prevent XSS.
    • πŸ›  Fix CRLF vulnerability in Project hooks.
    • πŸ›  Fix possible XSS attack in Markdown urls with spaces.
    • 🌲 Redact sensitive information on gitlab-workhorse log.
    • πŸ”§ Do not follow redirects in Prometheus service when making http requests to the configured api url.
    • Don't expose confidential information in commit message list.
    • Provide email notification when a user changes their email address.
    • 🌐 Restrict Personal Access Tokens to API scope on web requests.
    • Resolve reflected XSS in Ouath authorize window.
    • πŸ›  Fix SSRF in project integrations.
    • πŸ›  Fixed ability to comment on locked/confidential issues.
    • πŸ›  Fixed ability of guest users to edit/delete comments on locked or confidential issues.
    • πŸ›  Fix milestone promotion authorization check.
    • πŸ”§ Configure mermaid to not render HTML content in diagrams.
    • πŸ›  Fix a possible symlink time of check to time of use race condition in GitLab Pages.
    • βœ‚ Removed ability to see private group names when the group id is entered in the url.
    • πŸ›  Fix stored XSS for Environments.
  • v11.5.0 Changes

    November 22, 2018

    πŸ”’ Security (10 changes, 1 of them is from the community)

    • Escape entity title while autocomplete template rendering to prevent XSS. !2556
    • ⚑️ Update moment to 2.22.2. !22648 (Takuya Noguchi)
    • Redact personal tokens in unsubscribe links.
    • Escape user fullname while rendering autocomplete template to prevent XSS.
    • Persist only SHA digest of PersonalAccessToken#token.
    • Monkey kubeclient to not follow any redirects.
    • Prevent SSRF attacks in HipChat integration.
    • Prevent templated services from being imported.
    • Validate Wiki attachments are valid temporary files.
    • πŸ›  Fix XSS in merge request source branch name.

    βœ‚ Removed (2 changes)

    • βœ‚ Remove Git circuit breaker. !22212
    • βœ‚ Remove Koding integration and documentation. !22334

    πŸ›  Fixed (74 changes, 15 of them are from the community)

    • πŸ‘· Hide all tables on Pipeline when no Jobs for the Pipeline. !18540 (Takuya Noguchi)
    • πŸ›  Fixing count on Milestones. !21446
    • πŸ‘‰ Use case insensitive username lookups. !21728 (William George)
    • Correctly process Bamboo API result array. !21970 (Alex Lossent)
    • πŸ›  Fix 'merged with' UI being displayed when merge request has no merge commit. !22022
    • πŸ›  Fix broken file name navigation on MRs. !22109
    • πŸ›  Fix incorrect spacing between buttons when commenting on a MR. !22135
    • Vertical align Pipeline Graph in Commit Page. !22173 (Johann Hubert Sonntagbauer)
    • Reject invalid branch names in repository compare controller. !22186
    • πŸ›  Fix size of emojis of user status in user menu. !22194
    • Use the standard PIP_CACHE_DIR for Python dependency caching template. !22211 (Takuya Noguchi)
    • πŸ›  Fix bug with wiki attachments content disposition. !22220
    • Does not allow a SSH URI when importing new projects. !22309
    • πŸ›  fix duplicated key in license management job auto devops gitlab ci template. !22311 (Adam Lemanski)
    • πŸ›  Fix commit signature error when project is disabled. !22344
    • ⚑️ Show available clusters when installed or updated. !22356
    • πŸ›  Fix auto-corrected upload URLs in webhooks. !22361
    • πŸ›  Fix a bug displaying certain wiki pages. !22377
    • πŸ›  Fix prometheus graphs in firefox. !22400
    • Resolve assign-me quick action doesn't work if there is extra white space. !22402
    • βœ‚ Remove base64 encoding from files that contain plain text. !22425
    • Strip whitespace around GitHub personal access tokens. !22432
    • πŸ›  Fix 500 error when testing webhooks with redirect loops. !22447 (Heinrich Lee Yu)
    • πŸ›  Fix rendering of 'Protected' value on Runner details page. !22459
    • πŸ›  Fix bug stopping non-admin users from changing visibility level on group creation. !22468
    • πŸ‘‰ Make Issue Board sidebar show project-specific labels based on selected Issue. !22475
    • πŸ›  Fix EOF detection with CI artifacts metadata. !22479
    • πŸ›  Fix transient spec error in the bar_chart component. !22495
    • Resolve LFS not correctly showing enabled. !22501
    • πŸ‘· If user was not found, service hooks won't run on post receive background job. !22519
    • πŸ›  Fix broken "Show whitespace changes" button on MRs. !22539
    • Always show new issue button in boards' Open list. !22557 (Heinrich Lee Yu)
    • βž• Add transparent background to markdown header tabs. !22565 (George Tsiolis)
    • πŸ‘‰ Use gitlab_environment for ldap rake task. !22582
    • βž• Add commit message to commit tree anchor title. !22585
    • Cache pipeline status per SHA. !22589
    • πŸ”„ Change HELM_HOST in Auto-DevOps template to work behind proxy. !22596 (Sergej Nikolaev [email protected])
    • πŸ‘‰ Show user status for label events in system notes. !22609
    • πŸ›  Fix extra merge request versions created from forked merge requests. !22611
    • βœ‚ Remove PersonalAccessTokensFinder#find_by method. !22617
    • πŸ›  Fix search "all in GitLab" not working with relative URLs. !22644
    • πŸ›  Fix quick links button styles. !22657 (George Tsiolis)
    • πŸ›  Fix #53298: JupyterHub restarts should work without errors. !22671 (Amit Rathi)
    • πŸ›  Fix incompatibility with IE11 due to non-transpiled gitlab-ui components. !22695
    • πŸ›  Fix bug when links in tabs of the labels index pages ends with .html. !22716
    • πŸ›  Fixed label removal from issue. !22762
    • πŸ’» Align toggle sidebar button across all browsers and OSs. !22771
    • Disable replication lag check for Aurora PostgreSQL databases. !22786
    • Render unescaped link for failed pipeline status. !22807
    • πŸ›  Fix misaligned approvers dropdown. !22832
    • πŸ›  Fix bug with wiki page create message. !22849
    • πŸ›  Fix rendering of filter bar tokens for special values. !22865 (Heinrich Lee Yu)
    • Align sign in button. !22888 (George Tsiolis)
    • πŸ›  Fix error handling bugs in kubernetes integration. !22922
    • πŸ›  Fix deployment jobs using nil KUBE_TOKEN due to migration issue. !23009
    • πŸš€ Avoid returning deployment metrics url to MR widget when the deployment is not successful. !23010
    • πŸ›  Fix a race condition intermittently breaking GitLab startup. !23028
    • βž• Adds margin after a deleted branch name in the activity feed. !23038
    • Ignore environment validation failure. !23100
    • πŸ›  Fixes broken borders for reports section in MR widget.
    • βž• Adds CI favicon back to jobs page.
    • πŸ— Redirect to the pipeline builds page when a build is canceled. (Eva Kadlecova)
    • πŸ›  Fixed diff stats not showing when performance bar is enabled.
    • πŸ‘‰ Show expand all diffs button when a single diff file is collapsed.
    • 🌐 Clear fetched file templates when changing template type in Web IDE.
    • πŸ›  Fix bug causing not all emails to show up in commit email selectbox.
    • βœ‚ Remove duplicate escape in job sidebar.
    • πŸ›  Fixing styling issues on the scheduled pipelines page.
    • Renders stuck block when runners are stuck.
    • βœ‚ Removes extra border from test reports in the merge request widget.
    • Only render link to branch when branch still exists in pipeline page.
    • πŸ›  Fixed source project not filtering in merge request creation compare form.
    • πŸš€ Do not reload self on hooks when creating deployment.
    • πŸ›  Fixes broken test in master.

    πŸ”„ Changed (38 changes, 12 of them are from the community)

    • πŸ”— Link button in markdown editor recognize URLs. !1983 (Johann Hubert Sonntagbauer)
    • Replace i to icons in vue components. !20748 (George Tsiolis)
    • βœ‚ Remove Linguist gem, reducing Rails memory usage by 128MB per process. !21008
    • Issue board card design. !21229
    • 🌐 On deletion of a file in sub directory in web IDE redirect to the sub directory instead of project root. !21465 (George Thomas @thegeorgeous)
    • πŸ”„ Change single-item breadcrumbs to page titles. !22155
    • Improving branch filter sorting by listing exact matches first and added support for begins_with () and ends_with ($) matching. !22166 (Jason Rutherford)
    • βœ‚ Remove legacy unencrypted webhook columns from the database. !22199
    • 🐎 Show canary status in the performance bar. !22222
    • βž• Add failure reason for execution timeout. !22224
    • ⏱ Rename "scheduled" label/badge of delayed jobs to "delayed". !22245
    • ⚑️ Update the empty state on wiki-only projects to display an empty state that is more consistent with the rest of the system. !22262
    • βž• Add IID headers to E-Mail notifications. !22263
    • πŸ‘ Allow finding the common ancestor for multiple revisions through the API. !22295
    • βž• Add status to Deployment. !22380
    • βž• Add dynamic timer to delayed jobs. !22382
    • πŸš€ No longer require a deploy to start Prometheus monitoring. !22401
    • πŸ‘· Secret Variables renamed to CI Variables in the codebase, to match UX. !22414 (Marcel Amirault @ravlen)
    • Automatically navigate to last board visited. !22430
    • πŸ”€ Use merge request prefix symbol in event feed title. !22449 (George Tsiolis)
    • ⚑️ Update Ruby version in README. !22466 (J.D. Bean)
    • πŸ‘· Reword error message for internal CI unknown pipeline status. !22474
    • ⬆️ Bump mermaid to 8.0.0-rc.8. !22509 (@blackst0ne)
    • ⚑️ Update Todo icons in collapsed sidebar for Issues and MRs. !22534
    • πŸ‘Œ Support backward compatibility when introduce new failure reason. !22566
    • βž• Add dynamic timer for delayed jobs in pipelines list. !22621
    • Truncate milestone title on collapsed sidebar. !22624 (George Tsiolis)
    • Standardize milestones filter in APIs to None / Any. !22637 (Heinrich Lee Yu)
    • βž• Add dynamic timer for delayed jobs in job list. !22656
    • πŸ‘ Allowing issues with single letter identifiers to be linked to external issue tracker (f.ex T-123). !22717 (DΓ­dac RodrΓ­guez ArbonΓ¨s)
    • ⚑️ Update project and group labels empty state. !22745 (George Tsiolis)
    • πŸ›  Fix environment status in merge request widget. !22799
    • Paginate Bitbucket Server importer projects. !22825
    • Drop allow_overflow option in TimeHelper.duration_in_numbers. !52284
    • βž• Add 'only history' option to notes filter.
    • βž• Adds filtered dropdown with changed files in review.
    • πŸ”¦ Expose {closed,merged}_{at,by} in merge requests API index.
    • πŸ”’ Make all legacy security reports to use raw format.

    🐎 Performance (27 changes, 6 of them are from the community)

    • βž• Add preload for routes and namespaces for issues controller. !21651
    • ✨ Enhance performance of counting local LFS objects. !22143
    • πŸ‘‰ Use cached readme contents when available. !22325
    • 🌐 Experimental support for running Puma multithreaded web-server. !22372
    • ✨ Enhance performance of counting local Uploads. !22522
    • ⬇️ Reduce SQL queries needed to load open merge requests. !22709
    • Significantly cut memory usage and SQL queries when reloading diffs. !22725
    • ⚑️ Optimize merge request refresh by using the database to check commit SHAs. !22731
    • βœ‚ Remove dind from license_management auto-devops job definition. !22732
    • βž• Add index to find stuck merge requests. !22749
    • πŸ‘ Allow Rails concurrency when running in Puma. !22751
    • πŸ‘Œ Improve performance of rendering large reports. !22835
    • πŸ‘Œ Improves performance of stuck import jobs detection. !22879
    • 🐎 Rewrite SnippetsFinder to improve performance by a factor of 1500.
    • Enable more frozen string in lib/*/.rb. (gfyoung)
    • Enable some frozen string in lib/gitlab. (gfyoung)
    • Enable even more frozen string in lib/*/.rb. (gfyoung)
    • πŸ‘Œ Improve performance of tree rendering in repositories with lots of items.
    • βœ‚ Remove gitlab-ui's tooltip from global.
    • βœ‚ Remove gitlab-ui's progress bar from global.
    • βœ‚ Remove gitlab-ui's pagination from global.
    • βœ‚ Remove gitlab-ui's modal from global.
    • βœ‚ Remove gitlab-ui's loading icon from global.
    • Enable frozen string for lib/gitlab/*.rb. (gfyoung)
    • Enable frozen string for lib/gitlab/ci. (gfyoung)
    • Enable frozen string for remaining lib/gitlab/ci/*/.rb. (gfyoung)
    • βž• Adds pagination to pipelines table in merge request page.

    βž• Added (33 changes, 11 of them are from the community)

    • βž• Add endpoint to update a git submodule reference. !20949
    • βž• Add license data to projects endpoint. !21606 (J.D. Bean (@jdbean))
    • πŸ‘ Allow to configure when to retry failed CI jobs. !21758 (Markus Doits)
    • βž• Add API endpoint to list issue related merge requests. !21806 (Helmut Januschka)
    • βž• Add the Play button for delayed jobs in environment page. !22106
    • πŸ’» Switch between tree list & file list in diffs file browser. !22191
    • Re-arrange help-related user menu items into new Help menu. !22195
    • βž• Adds trace of each access check when git push times out. !22265
    • βž• Add email for milestone change. !22279
    • πŸ”€ Show post-merge pipeline in merge request page. !22292
    • βž• Add Applications API endpoints for listing and deleting entries. !22296 (Jean-Baptiste Vasseur)
    • βž• Added Any option to milestones filter. !22351 (Heinrich Lee Yu)
    • πŸ‘Œ Improve validation errors for external CI/CD configuration. !22394
    • Introduce new model to persist specific cluster information. !22404
    • βž• Add background migration to populate Kubernetes namespaces. !22433
    • βž• Add support for JSON logging for audit events. !22471
    • βž• Adds option to override commit email with a noreply private email. !22560
    • βž• Add None/Any option for assignee_id in Issues and Merge Requests API. !22598 (Heinrich Lee Yu)
    • βž• Add None/Any option for assignee_id in search bar. !22599 (Heinrich Lee Yu)
    • πŸ‘· Implement parallel job keyword. !22631
    • βž• Add None / Any options to reactions filter. !22638 (Heinrich Lee Yu)
    • Make index.* render like README.* when it's present in a repository. !22639 (Jakub Jirutka)
    • πŸ‘ Allow adding patches when creating a merge request via email. !22723 (Serdar Dogruyol)
    • ⬆️ Bump Gitaly to 0.129.0. !22868
    • πŸ‘ Allow commenting on any diff line in Merge Requests. !22914
    • βž• Add revert to commits API. !22919
    • πŸ‘ Introduce Knative support. !43959 (Chris Baumbauer)
    • πŸ”€ Reimplemented image commenting in merge request diffs.
    • πŸ‘· Soft-archive old jobs.
    • ⚠ Renders warning info when job is archieved.
    • πŸ‘Œ Support licenses and performance.
    • πŸ”€ Filter notes by comments or activity for issues and merge requests.
    • ⬆️ Bump Gitaly to 0.128.0.

    Other (54 changes, 18 of them are from the community)

    • βœ‚ Remove .card-title from .card-header for BS4 migration. !19335 (Takuya Noguchi)
    • ⚑️ Update group settings/edit page to new design. !21115
    • πŸ”„ Change markdown header tab anchor links to buttons. !21988 (George Tsiolis)
    • Replace tooltip in markdown component with gl-tooltip. !21989 (George Tsiolis)
    • Extend RBAC by having a service account restricted to project's namespace. !22011
    • ⚑️ Update images in group docs. !22031 (Marc Schwede)
    • βž• Add gitlab:gitaly:check task for Gitaly health check. !22063
    • βž• Add new sort option "most_stars" to "Group > Children" pages. !22121 (Rene Hennig)
    • πŸ›  Fix inaccessible dropdown for code-less projects. !22137
    • πŸš… Rails5: fix user edit profile clear status spec. !22169 (Jasper Maes)
    • ⏱ Rails 5: fix mysql milliseconds problems in scheduled build specs. !22170 (Jasper Maes)
    • Focus project slug on tab navigation. !22198
    • Redesign activity feed. !22217
    • ⚑️ Update used version of Runner Helm Chart to 0.1.34. !22274
    • ⚑️ Update environments empty state. !22297 (George Tsiolis)
    • βž• Adds model and migrations to enable group level clusters. !22307
    • πŸ‘‰ Use literal instead of constructor for creating regex. !22367
    • βœ‚ Remove prometheus configuration help text. !22413 (George Tsiolis)
    • πŸš€ Rails5: fix deployment model spec. !22428 (Jasper Maes)
    • πŸ”„ Change to top level controller for clusters so that we can use it for project clusters (now) and group clusters (later). !22438
    • βœ‚ Remove empty spec describe blocks. !22451 (George Tsiolis)
    • πŸ”„ Change branch font type in tag creation. !22454 (George Tsiolis)
    • πŸš… Rails5: fix delete blob. !22456 (Jasper Maes)
    • Start tracking shards and pool repositories in the database. !22482
    • πŸ‘ Allow kubeclient to call RoleBinding methods. !22524
    • Introduce new kubernetes helpers. !22525
    • βž• Adds container to pager to enable scoping. !22529
    • ⚑️ Update used version of Runner Helm Chart to 0.1.35. !22541
    • βœ‚ Removes experimental labels from cluster views. !22550
    • Combine all datetime library functions into 'datetime_utility.js'. !22570
    • ⬆️ Upgrade Prometheus to 2.4.3 and Alertmanager to 0.15.2. !22600
    • πŸ›  Fix stage dropdown not rendering in different languages. !22604
    • βœ‚ Remove asset_sync gem from Gemfile and related code from codebase. !22610
    • 🌲 Use key-value pair arrays for API query parameter logging instead of hashes. !22623
    • πŸ—„ Replace deprecated uniq on a Relation with distinct. !22625 (Jasper Maes)
    • βœ‚ Remove mousetrap-rails gem. !22647 (Takuya Noguchi)
    • πŸ›  Fix IDE typos in props. !22685 (George Tsiolis)
    • βž• Add scheduled flag to job entity. !22710
    • Remove ci_enable_scheduled_build feature flag. !22742
    • βž• Add endpoints for simulating certain failure modes in the application. !22746
    • ⬆️ Bump KUBERNETES_VERSION for Auto DevOps to latest 1.10 series. !22757
    • πŸ›  Fix statement timeouts in RemoveRestrictedTodos migration. !22795
    • πŸš€ Rails5: fix mysql milliseconds issue in deployment model specs. !22850 (Jasper Maes)
    • ⚑️ Update GitLab-Workhorse to v7.1.0. !22883
    • ⚑️ Update JIRA service UI to accept email and API token.
    • ⚑️ Update wiki empty state. (George Tsiolis)
    • Only renders dropdown for review app changes when we have a list of files to show. Otherwise will render the regular review app button.
    • πŸ’Ž Associate Rakefile with Ruby icon in diffs.
    • πŸ‘· Uses gitlab-ui components in jobs components.
    • ⚑️ Create new group: Rename form fields and update UI.
    • πŸ‘· Transform job page into a single Vue+Vuex application.
    • ⚑️ Updates svg dependency.
    • βž• Adds missing i18n to pipelines table.
    • πŸš€ Disables stop environment button while the deploy is in progress.
  • v11.4.9 Changes

    December 03, 2018

    πŸ›  Fixed (2 changes)

    • Display impersonation token value only after creation. !22916
    • Correctly handle data-loss scenarios when encrypting columns. !23306
  • v11.4.8 Changes

    November 27, 2018

    πŸ”’ Security (24 changes)

    • Escape entity title while autocomplete template rendering to prevent XSS. !2571
    • Resolve reflected XSS in Ouath authorize window.
    • πŸ›  Fix XSS in merge request source branch name.
    • Escape user fullname while rendering autocomplete template to prevent XSS.
    • πŸ›  Fix CRLF vulnerability in Project hooks.
    • πŸ›  Fix possible XSS attack in Markdown urls with spaces.
    • 🌲 Redact sensitive information on gitlab-workhorse log.
    • πŸ”§ Do not follow redirects in Prometheus service when making http requests to the configured api url.
    • Persist only SHA digest of PersonalAccessToken#token.
    • Don't expose confidential information in commit message list.
    • Provide email notification when a user changes their email address.
    • 🌐 Restrict Personal Access Tokens to API scope on web requests.
    • Redact personal tokens in unsubscribe links.
    • πŸ›  Fix SSRF in project integrations.
    • πŸ›  Fixed ability to comment on locked/confidential issues.
    • πŸ›  Fixed ability of guest users to edit/delete comments on locked or confidential issues.
    • πŸ›  Fix milestone promotion authorization check.
    • Monkey kubeclient to not follow any redirects.
    • πŸ”§ Configure mermaid to not render HTML content in diagrams.
    • πŸ›  Fix a possible symlink time of check to time of use race condition in GitLab Pages.
    • βœ‚ Removed ability to see private group names when the group id is entered in the url.
    • πŸ›  Fix stored XSS for Environments.
    • Prevent SSRF attacks in HipChat integration.
    • Validate Wiki attachments are valid temporary files.
  • v11.4.7 Changes

    November 20, 2018
    • No changes.
  • v11.4.6 Changes

    November 18, 2018

    πŸ”’ Security (1 change)

    • Escape user fullname while rendering autocomplete template to prevent XSS.
  • v11.4.5 Changes

    November 04, 2018

    πŸ›  Fixed (4 changes, 1 of them is from the community)

    • πŸ›  fix link to enable usage ping from convdev index. !22545 (Anand Capur)
    • πŸš‘ Update gitlab-ui dependency to 1.8.0-hotfix.1 to fix IE11 bug.
    • βœ‚ Remove duplicate escape in job sidebar.
    • πŸ›  Fixed merge request fill tree toggling not respecting fluid width preference.

    Other (1 change)

    • πŸ›  Fix stage dropdown not rendering in different languages.
  • v11.4.4 Changes

    October 30, 2018

    πŸ”’ Security (1 change)

    • Monkey kubeclient to not follow any redirects.
  • v11.4.3 Changes

    October 26, 2018
    • No changes.
  • v11.4.2 Changes

    October 25, 2018

    πŸ”’ Security (5 changes)

    • Escape entity title while autocomplete template rendering to prevent XSS. !2571
    • Persist only SHA digest of PersonalAccessToken#token.
    • Redact personal tokens in unsubscribe links.
    • Block loopback addresses in UrlBlocker.
    • Validate Wiki attachments are valid temporary files.