All Versions
Latest Version
Avg Release Cycle
13 days
Latest Release
1284 days ago

Changelog History
Page 47

  • v11.4.2 Changes

    October 25, 2018

    πŸ”’ Security (5 changes)

    • Escape entity title while autocomplete template rendering to prevent XSS. !2571
    • Persist only SHA digest of PersonalAccessToken#token.
    • Redact personal tokens in unsubscribe links.
    • Block loopback addresses in UrlBlocker.
    • Validate Wiki attachments are valid temporary files.
  • v11.4.1 Changes

    October 23, 2018

    πŸ”’ Security (2 changes)

    • πŸ›  Fix XSS in merge request source branch name.
    • Prevent SSRF attacks in HipChat integration.
  • v11.4.0 Changes

    October 22, 2018

    πŸ”’ Security (9 changes)

    • Filter user sensitive data from discussions JSON. !2536
    • Encrypt webhook tokens and URLs in the database. !21645
    • Redact confidential events in the API.
    • ⏱ Set timeout for syntax highlighting.
    • Sanitize JSON data properly to fix XSS on Issue details page.
    • Markdown API no longer displays confidential title references unless authorized.
    • Properly filter private references from system notes.
    • πŸ›  Fix stored XSS in merge requests from imported repository.
    • πŸ›  Fix xss vulnerability sourced from package.json.

    βœ‚ Removed (2 changes)

    • βœ‚ Remove background job throttling feature. !21748
    • βœ‚ Remove sidekiq info from performance bar.

    πŸ›  Fixed (68 changes, 18 of them are from the community)

    • πŸ›  Fixes 500 for cherry pick API with empty branch name. !21501 (Jacopo Beschi @jacopo-beschi)
    • πŸ›  Fix sorting by priority or popularity on group issues page, when also searching issue content. !21521
    • πŸ›  Fix vertical alignment of text in diffs. !21573
    • πŸ›  Fix performance bar modal position. !21577
    • ⬆️ Bump KaTeX version to 0.9.0. !21625
    • πŸ”€ Correctly show legacy diff notes in the merge request changes tab. !21652
    • ⚑️ Synchronize the default branch when updating a remote mirror. !21653
    • Filter group milestones based on user membership. !21660
    • πŸ›  Fix double title in merge request chat messages. !21670 (Kukovskii Vladimir)
    • βœ‚ Delete container repository tags outside of transaction. !21679
    • Images are no longer displayed in Todo descriptions. !21704
    • πŸ›  Fixed merge request widget discussion state not updating after resolving discussions. !21705
    • πŸš€ Vendor Auto-DevOps.gitlab-ci.yml to fix bug where the deploy job does not wait for Deployment to complete. !21713
    • πŸ‘‰ Use Reliable Sidekiq fetch. !21715
    • No longer show open issues from archived projects in group issue board. !21721
    • Issue and MR count now ignores archived projects. !21721
    • πŸ›  Fix resizing of monitoring dashboard. !21730
    • πŸ›  Fix object storage uploads not working with AWS v2. !21731
    • Don't ignore first action when assign and unassign quick actions are used in the same comment. !21749
    • πŸ“„ Align form labels following Bootstrap 4 docs. !21752
    • Respect the user commit email in more places. !21773
    • πŸ‘‰ Use stats RPC when comparing diffs. !21778
    • πŸ‘‰ Show commit details for selected commit in MR diffs. !21784
    • Resolve "Geo: Does not mark repositories as missing on primary due to stale cache". !21789
    • πŸ›  Fix leading slash in redirects and add rubocop cop. !21828 (Sanad Liaquat)
    • πŸ›  Fix activity titles for MRs in chat notification services. !21834
    • πŸ”€ Hides Close Merge request btn on merged Merge request. !21840 (Jacopo Beschi @jacopo-beschi)
    • πŸ”€ Doesn't synchronize the default branch for push mirrors. !21861
    • πŸ›  Fix broken styling when issue board is collapsed. !21868 (Andrea Leone)
    • Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse. !21870 (David Piegza)
    • πŸ›  Fix resolved discussions being unresolved when commented on. !21881
    • πŸ›  Fix timeout when running the RemoveRestrictedTodos background migration. !21893
    • βͺ Enable the ability to use the force env for rebuilding authorized_keys during a restore. !21896
    • πŸ›  Fix link handling for issue cards to avoid too sensitive drag events. !21910 (Johann Hubert Sonntagbauer)
    • Guard against a login attempt with invalid CSRF token. !21934
    • πŸ‘ Allow setting user's organization and location attributes through the API by adding them to the list of allowed parameters. !21938 (Alexis Reigel)
    • Includes commit stats in POST project commits API. !21968 (Jacopo Beschi @jacopo-beschi)
    • πŸ›  Fix loading issue on some merge request discussion. !21982
    • Prevent Error 500s with invalid relative links. !22001
    • πŸ›  Fix stale issue boards after browser back. !22006 (Johann Hubert Sonntagbauer)
    • Filter issues without an Assignee via the API. !22009 (Eva KadlecovΓ‘)
    • πŸ›  Fixes modal button alignment. !22024 (Jacopo Beschi @jacopo-beschi)
    • πŸ›  Fix rendering placeholder notes. !22078
    • πŸ”§ Instance Configuration page now displays correct SSH fingerprints. !22081
    • πŸ›  Fix showing diff file header for renamed files. !22089
    • πŸ›  Fix LFS uploaded images not being rendered. !22092
    • πŸ›  Fix the issue where long environment names aren't being truncated, causing the environment name to overlap into the column next to it. !22104
    • Trim whitespace when inviting a new user by email. !22119 (Jacopo Beschi @jacopo-beschi)
    • πŸ›  Fix incorrect parent path on group settings page. !22142
    • ⚑️ Update copy to clipboard button data for application secret. !22268 (George Tsiolis)
    • πŸ‘Œ Improve MR file tree in smaller screens. !22273
    • πŸ›  Fix project deletion when there is a export available. !22276
    • πŸ›  Fixes stuck block URL linking to documentation instead of settings page. !22286
    • πŸ›  Fix caching issue with pipelines URL. !22293
    • πŸ›  Fix erased block not being rendered when job was erased. !22294
    • Load correct stage in the stages dropdown. !22317
    • πŸ›  Fixes close/reopen quick actions preview for issues and merge_requests. !22343 (Jacopo Beschi @jacopo-beschi)
    • πŸ‘ Allow Issue and Merge Request sidebar to be toggled from collapsed state. !22353
    • πŸ›  Fix filter bar height bug when a tag is added.
    • πŸ›  Fix the state of the Done button when there is an error in the GitLab Todos section. (marcos8896)
    • πŸ›  Fix wrong text color of help text in merge request creation. (Gerard Montemayor)
    • βž• Add borders and white background to markdown tables.
    • πŸ›  Fixed mention autocomplete in edit merge request.
    • πŸ›  Fix long webhook URL overflow for custom integration. (Kukovskii Vladimir)
    • πŸ›  Fixed file templates not fully being fetched in Web IDE.
    • πŸ›  Fixes performance bar looking for a key in a undefined prop.
    • πŸ‘· Hides sidebar for job page in mobile.
    • πŸ›  Fixes triggered/created labeled in job header.

    πŸ”„ Changed (26 changes, 4 of them are from the community)

    • Enable unauthenticated access to public SSH keys via the API. !20118 (Ronald Claveau)
    • πŸ‘Œ Support Kubernetes RBAC for GitLab Managed Apps when creating new clusters. !21401
    • Highlight current user in comments. !21406
    • Excludes project marked from deletion to projects API. !21542 (Jacopo Beschi @jacopo-beschi)
    • πŸ‘Œ Improve install flow of Kubernetes cluster apps. !21567
    • 🚚 Move including external files in .gitlab-ci.yml from Starter to Libre. !21603
    • Simplify runner registration token resetting. !21658
    • πŸ”Š Filter any parameters ending with "key" in logs. !21688
    • Ensure the schema is loaded with post_migrations included. !21689
    • ⚑️ Updated icons used in filtered search dropdowns. !21694
    • 0️⃣ Enable omniauth by default. !21700
    • πŸ”¨ Vendor Auto-DevOps.gitlab-ci.yml to refactor registry_login. !21714 (Laurent Goderre @LaurentGoderre)
    • βž• Add Gitaly diff stats RPC client. !21732
    • πŸ‘ Allow user to revoke an authorized application even if User OAuth applications setting is disabled in admin settings. !21835
    • πŸ”„ Change vertical margin of page titles to 16px. !21888
    • Preserve order of project tags list. !21897
    • Avoid close icon leaving the modal header. !21904
    • πŸ‘ Allow /copy_metadata for new issues and MRs. !21953
    • πŸ”— Link to the tag for a version on the help page instead of to the commit. !22015
    • πŸš€ Show SHA for pre-release versions on the help page. !22026
    • πŸ‘‰ Use local tiller for Auto DevOps. !22036
    • βœ‚ Remove 'rbac_clusters' feature flag. !22096
    • Increased retained event data by extending events pruner timeframe to 2 years. !22145
    • βž• Add installation type to backup information file. !22150
    • βœ‚ Remove duplicate button from the markdown header toolbar. !22192 (George Tsiolis)
    • ⚑️ Update to Rouge 3.3.0 including frozen string literals for improved memory usage.

    🐎 Performance (17 changes, 6 of them are from the community)

    • Enable frozen string in app/controllers/*/.rb.
    • πŸ‘Œ Improve lazy image loading performance by using IntersectionObserver where available. !21565
    • βž• Adds support for Gitaly ListLastCommitsForTree RPC in order to make bulk-fetch of commits more performant. !21921
    • πŸ— Dont create license_management build when not included in license. !21958
    • Skip creating auto devops jobs for sast, container_scanning, dast, dependency_scanning when not licensed. !21959
    • ⬇️ Reduce queries needed to compute notification recipients. !22050
    • Banzai label ref finder - minimize SQL calls by sharing context more aggresively. !22070
    • βœ‚ Removes expensive dead code on main MR page request. !22153
    • Lazy load xterm custom colors css.
    • πŸ“œ Mitigate N+1 queries when parsing commit references in comments.
    • Enable more frozen string in app/controllers/. (gfyoung)
    • 🐎 Increase performance when creating discussions on diff.
    • Enable frozen string in lib/api and lib/backup. (gfyoung)
    • Enable frozen string in vestigial files. (gfyoung)
    • Enable frozen string for app/helpers/*/.rb. (gfyoung)
    • Enable frozen string in app/graphql + app/finders. (gfyoung)
    • Enable even more frozen string in app/controllers. (gfyoung)

    βž• Added (37 changes, 21 of them are from the community)

    • πŸ‘ Allow file templates to be requested at the project level. !7776
    • βž• Add /lock and /unlock quick actions. !15197 (Mehdi Lahmam (@mehlah))
    • βž• Added search functionality for Work In Progress (WIP) merge requests. !18119 (Chantal Rollison)
    • pipeline webhook event now contain pipeline variables. !18171 (Pierre Tardy)
    • βž• Add markdown header toolbar button to insert table. !18480 (George Tsiolis)
    • βž• Add link button to markdown editor toolbar. !18579 (Jan Beckmann)
    • βž• Add access control to GitLab pages and make it possible to enable/disable it in project settings. !18589 (Tuomo Ala-Vannesluoma)
    • βž• Add a filter bar to the admin runners view and add a state filter. !19625 (Alexis Reigel)
    • βž• Add a type filter to the admin runners view. !19649 (Alexis Reigel)
    • πŸ‘ Allow user to choose the email used for commits made through GitLab's UI. !21213 (Joshua Campbell)
    • βž• Add autocomplete drop down filter for project snippets. !21458 (Fabian Schneider)
    • πŸ‘ Allow events filter to be set in the URL in addition to cookie. !21557 (Igor @igas)
    • Adds a initialize_with_readme parameter to POST /projects. !21617 (Steve)
    • βž• Add ability to skip user email confirmation with API. !21630
    • βž• Add sorting for labels on labels page. !21642
    • Set user status from within user menu. !21643
    • Copy nurtch demo notebooks at Jupyter startup. !21698 (Amit Rathi)
    • πŸ‘ Allows to sort projects by most stars. !21762 (Jacopo Beschi @jacopo-beschi)
    • πŸ‘ Allow pipelines to schedule delayed job runs. !21767
    • βž• Added tree of changed files to merge request diffs. !21833
    • βž• Add GitLab version components to CI environment variables. !21853
    • πŸ‘ Allows to chmod file with commits API. !21866 (Jacopo Beschi @jacopo-beschi)
    • πŸ”§ Make single diff patch limit configurable. !21886
    • πŸ”’ Extend reports feature to support Security Products. !21892
    • βž• Adds the user's public_email attribute to the API. !21909 (Alexis Reigel)
    • ⚑️ Update all gitlab CI templates from gitlab-org/gitlab-ci-yml. !21929
    • βž• Add support for setting the public email through the api. !21938 (Alexis Reigel)
    • πŸ‘Œ Support db migration and initialization for Auto DevOps. !21955
    • βž• Add subscribe filter to group and project labels pages. !21965
    • βž• Add support for pipeline only/except policy for modified paths. !21981
    • πŸ“„ Docs for Project/Groups members API with inherited members. !21984 (Jacopo Beschi @jacopo-beschi)
    • βž• Adds Web IDE commits to usage ping. !22007
    • βž• Add timed incremental rollout to Auto DevOps. !22023
    • πŸ‘‰ Show percentage of language detection on the language bar. !22056 (Johann Hubert Sonntagbauer)
    • πŸ‘ Allows to filter issues by Any milestone in the API. !22080 (Jacopo Beschi @jacopo-beschi)
    • βž• Add button to download 2FA codes. (Luke Picciau)
    • 🌲 Render log artifact files in GitLab.

    Other (42 changes, 16 of them are from the community)

    • πŸš€ Send deployment information in job API. !21307
    • Split admin settings into multiple sub pages. !21467
    • βœ‚ Remove Rugged and shell code from Gitlab::Git. !21488
    • βž• Add trigger information in job API. !21495
    • βž• Add empty state illustration information in job API. !21532
    • βž• Add retried jobs to pipeline stage. !21558
    • 🚚 Rails 5: fix issue move service In rails 5, the attributes method for an enum returns the name instead of the database integer. !21616 (Jasper Maes)
    • πŸ”¦ Expose project runners in job API. !21618
    • create from template: hide checkbox for initializing repository with readme. !21646
    • βž• Adds new 'Overview' tab on user profile page. !21663
    • βž• Add clean-up phase for ScheduleDiffFilesDeletion migration. !21734
    • Prevents private profile help link from toggling checkbox. !21757
    • πŸ‘‰ Make AutoDevOps work behind proxy. !21775 (Sergej - @kinolaev)
    • πŸ‘· Use Vue components and new API to render Artifacts, Trigger Variables and Commit blocks on Job page. !21777
    • βž• Add wrapper rake task to migrate all uploads to OS. !21779
    • Retroactively fill pipeline source for external pipelines. !21814
    • πŸ”€ Rename squash before merge vue component. !21851 (George Tsiolis)
    • πŸ›  Fix merge request header margins. !21878
    • πŸ›  Fix committer typo. !21899 (George Tsiolis)
    • βž• Adds an extra width to the responsive tables. !21928
    • πŸ”¦ Expose has_trace in job API. !21950
    • πŸ“‡ Rename block scope local variable in table pagination spec. !21969 (George Tsiolis)
    • πŸ›  Fix blue, orange, and red color inconsistencies. !21972
    • ⚑️ Update operations metrics empty state. !21974 (George Tsiolis)
    • πŸ‘Œ Improve empty project placeholder for non-members and members without write access. !21977 (George Tsiolis)
    • βž• Add copy to clipboard button for application id and secret. !21978 (George Tsiolis)
    • βž• Add link component to UserAvatarLink component. !21986 (George Tsiolis)
    • βž• Add link component to DownloadViewer component. !21987 (George Tsiolis)
    • πŸ“š Rephrase 2FA and TOTP documentation and view. !21998 (Marc Schwede)
    • ⚑️ Update project path on project name autofill. !22016
    • πŸ‘Œ Improve logging when username update fails due to registry tags. !22038
    • Align collapsed sidebar avatar container. !22044 (George Tsiolis)
    • Rails5: fix artifacts controller download spec Rails5 has params[:file_type] as '' if file_type is included as nil in the request. !22123 (Jasper Maes)
    • Hide pagination for personal projects on profile overview tab. !22321
    • Extracts scroll position check into reusable functions.
    • 🚚 Uses Vuex store in job details page and removes old mediator pattern.
    • Render 412 when invalid UTF-8 parameters are passed to controller.
    • πŸ‘· Renders Job show page in new Vue app.
    • βž• Add link to User Snippets in breadcrumbs of New User Snippet page. (J.D. Bean)
    • 🌲 Log project services errors when executing async.
    • ⚑️ Update docs regarding frozen string. (gfyoung)
    • πŸ’… Check frozen string in style builds. (gfyoung)
  • v11.3.14 Changes

    December 20, 2018

    πŸ”’ Security (1 change)

    • πŸ›  Fix persistent symlink in project import.
  • v11.3.13 Changes

    December 13, 2018

    πŸ”’ Security (1 change)

    • Validate LFS hrefs before downloading them.
  • v11.3.12 Changes

    December 06, 2018

    πŸ”’ Security (1 change)

    • Prevent a path traversal attack on global file templates.
  • v11.3.11 Changes

    November 26, 2018

    πŸ”’ Security (33 changes)

    • Filter user sensitive data from discussions JSON. !2537
    • Escape entity title while autocomplete template rendering to prevent XSS. !2557
    • 🌐 Restrict Personal Access Tokens to API scope on web requests.
    • πŸ›  Fix XSS in merge request source branch name.
    • Escape user fullname while rendering autocomplete template to prevent XSS.
    • πŸ›  Fix CRLF vulnerability in Project hooks.
    • πŸ›  Fix possible XSS attack in Markdown urls with spaces.
    • 🌲 Redact sensitive information on gitlab-workhorse log.
    • ⏱ Set timeout for syntax highlighting.
    • πŸ”§ Do not follow redirects in Prometheus service when making http requests to the configured api url.
    • Persist only SHA digest of PersonalAccessToken#token.
    • Sanitize JSON data properly to fix XSS on Issue details page.
    • Don't expose confidential information in commit message list.
    • Markdown API no longer displays confidential title references unless authorized.
    • Provide email notification when a user changes their email address.
    • Properly filter private references from system notes.
    • Redact personal tokens in unsubscribe links.
    • Resolve reflected XSS in Ouath authorize window.
    • πŸ›  Fix SSRF in project integrations.
    • πŸ›  Fix stored XSS in merge requests from imported repository.
    • πŸ›  Fixed ability to comment on locked/confidential issues.
    • πŸ›  Fixed ability of guest users to edit/delete comments on locked or confidential issues.
    • πŸ›  Fix milestone promotion authorization check.
    • Monkey kubeclient to not follow any redirects.
    • πŸ”§ Configure mermaid to not render HTML content in diagrams.
    • Redact confidential events in the API.
    • πŸ›  Fix xss vulnerability sourced from package.json.
    • πŸ›  Fix a possible symlink time of check to time of use race condition in GitLab Pages.
    • βœ‚ Removed ability to see private group names when the group id is entered in the url.
    • πŸ›  Fix stored XSS for Environments.
    • Block loopback addresses in UrlBlocker.
    • Prevent SSRF attacks in HipChat integration.
    • Validate Wiki attachments are valid temporary files.
  • v11.3.10 Changes

    November 18, 2018

    πŸ”’ Security (1 change)

    • Escape user fullname while rendering autocomplete template to prevent XSS.
  • v11.3.9 Changes

    October 31, 2018

    πŸ”’ Security (1 change)

    • Monkey kubeclient to not follow any redirects.
  • v11.3.8 Changes

    October 27, 2018
    • No changes.