All Versions
662
Latest Version
Avg Release Cycle
13 days
Latest Release
1284 days ago
Changelog History
Page 47
Changelog History
Page 47
-
v11.4.2 Changes
October 25, 2018π Security (5 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !2571
- Persist only SHA digest of PersonalAccessToken#token.
- Redact personal tokens in unsubscribe links.
- Block loopback addresses in UrlBlocker.
- Validate Wiki attachments are valid temporary files.
-
v11.4.1 Changes
October 23, 2018π Security (2 changes)
- π Fix XSS in merge request source branch name.
- Prevent SSRF attacks in HipChat integration.
-
v11.4.0 Changes
October 22, 2018π Security (9 changes)
- Filter user sensitive data from discussions JSON. !2536
- Encrypt webhook tokens and URLs in the database. !21645
- Redact confidential events in the API.
- β± Set timeout for syntax highlighting.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Markdown API no longer displays confidential title references unless authorized.
- Properly filter private references from system notes.
- π Fix stored XSS in merge requests from imported repository.
- π Fix xss vulnerability sourced from package.json.
β Removed (2 changes)
- β Remove background job throttling feature. !21748
- β Remove sidekiq info from performance bar.
π Fixed (68 changes, 18 of them are from the community)
- π Fixes 500 for cherry pick API with empty branch name. !21501 (Jacopo Beschi @jacopo-beschi)
- π Fix sorting by priority or popularity on group issues page, when also searching issue content. !21521
- π Fix vertical alignment of text in diffs. !21573
- π Fix performance bar modal position. !21577
- β¬οΈ Bump KaTeX version to 0.9.0. !21625
- π Correctly show legacy diff notes in the merge request changes tab. !21652
- β‘οΈ Synchronize the default branch when updating a remote mirror. !21653
- Filter group milestones based on user membership. !21660
- π Fix double title in merge request chat messages. !21670 (Kukovskii Vladimir)
- β Delete container repository tags outside of transaction. !21679
- Images are no longer displayed in Todo descriptions. !21704
- π Fixed merge request widget discussion state not updating after resolving discussions. !21705
- π Vendor Auto-DevOps.gitlab-ci.yml to fix bug where the deploy job does not wait for Deployment to complete. !21713
- π Use Reliable Sidekiq fetch. !21715
- No longer show open issues from archived projects in group issue board. !21721
- Issue and MR count now ignores archived projects. !21721
- π Fix resizing of monitoring dashboard. !21730
- π Fix object storage uploads not working with AWS v2. !21731
- Don't ignore first action when assign and unassign quick actions are used in the same comment. !21749
- π Align form labels following Bootstrap 4 docs. !21752
- Respect the user commit email in more places. !21773
- π Use stats RPC when comparing diffs. !21778
- π Show commit details for selected commit in MR diffs. !21784
- Resolve "Geo: Does not mark repositories as missing on primary due to stale cache". !21789
- π Fix leading slash in redirects and add rubocop cop. !21828 (Sanad Liaquat)
- π Fix activity titles for MRs in chat notification services. !21834
- π Hides Close Merge request btn on merged Merge request. !21840 (Jacopo Beschi @jacopo-beschi)
- π Doesn't synchronize the default branch for push mirrors. !21861
- π Fix broken styling when issue board is collapsed. !21868 (Andrea Leone)
- Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse. !21870 (David Piegza)
- π Fix resolved discussions being unresolved when commented on. !21881
- π Fix timeout when running the RemoveRestrictedTodos background migration. !21893
- βͺ Enable the ability to use the force env for rebuilding authorized_keys during a restore. !21896
- π Fix link handling for issue cards to avoid too sensitive drag events. !21910 (Johann Hubert Sonntagbauer)
- Guard against a login attempt with invalid CSRF token. !21934
- π Allow setting user's organization and location attributes through the API by adding them to the list of allowed parameters. !21938 (Alexis Reigel)
- Includes commit stats in POST project commits API. !21968 (Jacopo Beschi @jacopo-beschi)
- π Fix loading issue on some merge request discussion. !21982
- Prevent Error 500s with invalid relative links. !22001
- π Fix stale issue boards after browser back. !22006 (Johann Hubert Sonntagbauer)
- Filter issues without an Assignee via the API. !22009 (Eva KadlecovΓ‘)
- π Fixes modal button alignment. !22024 (Jacopo Beschi @jacopo-beschi)
- π Fix rendering placeholder notes. !22078
- π§ Instance Configuration page now displays correct SSH fingerprints. !22081
- π Fix showing diff file header for renamed files. !22089
- π Fix LFS uploaded images not being rendered. !22092
- π Fix the issue where long environment names aren't being truncated, causing the environment name to overlap into the column next to it. !22104
- Trim whitespace when inviting a new user by email. !22119 (Jacopo Beschi @jacopo-beschi)
- π Fix incorrect parent path on group settings page. !22142
- β‘οΈ Update copy to clipboard button data for application secret. !22268 (George Tsiolis)
- π Improve MR file tree in smaller screens. !22273
- π Fix project deletion when there is a export available. !22276
- π Fixes stuck block URL linking to documentation instead of settings page. !22286
- π Fix caching issue with pipelines URL. !22293
- π Fix erased block not being rendered when job was erased. !22294
- Load correct stage in the stages dropdown. !22317
- π Fixes close/reopen quick actions preview for issues and merge_requests. !22343 (Jacopo Beschi @jacopo-beschi)
- π Allow Issue and Merge Request sidebar to be toggled from collapsed state. !22353
- π Fix filter bar height bug when a tag is added.
- π Fix the state of the Done button when there is an error in the GitLab Todos section. (marcos8896)
- π Fix wrong text color of help text in merge request creation. (Gerard Montemayor)
- β Add borders and white background to markdown tables.
- π Fixed mention autocomplete in edit merge request.
- π Fix long webhook URL overflow for custom integration. (Kukovskii Vladimir)
- π Fixed file templates not fully being fetched in Web IDE.
- π Fixes performance bar looking for a key in a undefined prop.
- π· Hides sidebar for job page in mobile.
- π Fixes triggered/created labeled in job header.
π Changed (26 changes, 4 of them are from the community)
- Enable unauthenticated access to public SSH keys via the API. !20118 (Ronald Claveau)
- π Support Kubernetes RBAC for GitLab Managed Apps when creating new clusters. !21401
- Highlight current user in comments. !21406
- Excludes project marked from deletion to projects API. !21542 (Jacopo Beschi @jacopo-beschi)
- π Improve install flow of Kubernetes cluster apps. !21567
- π Move including external files in .gitlab-ci.yml from Starter to Libre. !21603
- Simplify runner registration token resetting. !21658
- π Filter any parameters ending with "key" in logs. !21688
- Ensure the schema is loaded with post_migrations included. !21689
- β‘οΈ Updated icons used in filtered search dropdowns. !21694
- 0οΈβ£ Enable omniauth by default. !21700
- π¨ Vendor Auto-DevOps.gitlab-ci.yml to refactor registry_login. !21714 (Laurent Goderre @LaurentGoderre)
- β Add Gitaly diff stats RPC client. !21732
- π Allow user to revoke an authorized application even if User OAuth applications setting is disabled in admin settings. !21835
- π Change vertical margin of page titles to 16px. !21888
- Preserve order of project tags list. !21897
- Avoid close icon leaving the modal header. !21904
- π Allow /copy_metadata for new issues and MRs. !21953
- π Link to the tag for a version on the help page instead of to the commit. !22015
- π Show SHA for pre-release versions on the help page. !22026
- π Use local tiller for Auto DevOps. !22036
- β Remove 'rbac_clusters' feature flag. !22096
- Increased retained event data by extending events pruner timeframe to 2 years. !22145
- β Add installation type to backup information file. !22150
- β Remove duplicate button from the markdown header toolbar. !22192 (George Tsiolis)
- β‘οΈ Update to Rouge 3.3.0 including frozen string literals for improved memory usage.
π Performance (17 changes, 6 of them are from the community)
- Enable frozen string in app/controllers/*/.rb.
- π Improve lazy image loading performance by using IntersectionObserver where available. !21565
- β Adds support for Gitaly ListLastCommitsForTree RPC in order to make bulk-fetch of commits more performant. !21921
- π Dont create license_management build when not included in license. !21958
- Skip creating auto devops jobs for sast, container_scanning, dast, dependency_scanning when not licensed. !21959
- β¬οΈ Reduce queries needed to compute notification recipients. !22050
- Banzai label ref finder - minimize SQL calls by sharing context more aggresively. !22070
- β Removes expensive dead code on main MR page request. !22153
- Lazy load xterm custom colors css.
- π Mitigate N+1 queries when parsing commit references in comments.
- Enable more frozen string in app/controllers/. (gfyoung)
- π Increase performance when creating discussions on diff.
- Enable frozen string in lib/api and lib/backup. (gfyoung)
- Enable frozen string in vestigial files. (gfyoung)
- Enable frozen string for app/helpers/*/.rb. (gfyoung)
- Enable frozen string in app/graphql + app/finders. (gfyoung)
- Enable even more frozen string in app/controllers. (gfyoung)
β Added (37 changes, 21 of them are from the community)
- π Allow file templates to be requested at the project level. !7776
- β Add /lock and /unlock quick actions. !15197 (Mehdi Lahmam (@mehlah))
- β Added search functionality for Work In Progress (WIP) merge requests. !18119 (Chantal Rollison)
- pipeline webhook event now contain pipeline variables. !18171 (Pierre Tardy)
- β Add markdown header toolbar button to insert table. !18480 (George Tsiolis)
- β Add link button to markdown editor toolbar. !18579 (Jan Beckmann)
- β Add access control to GitLab pages and make it possible to enable/disable it in project settings. !18589 (Tuomo Ala-Vannesluoma)
- β Add a filter bar to the admin runners view and add a state filter. !19625 (Alexis Reigel)
- β Add a type filter to the admin runners view. !19649 (Alexis Reigel)
- π Allow user to choose the email used for commits made through GitLab's UI. !21213 (Joshua Campbell)
- β Add autocomplete drop down filter for project snippets. !21458 (Fabian Schneider)
- π Allow events filter to be set in the URL in addition to cookie. !21557 (Igor @igas)
- Adds a initialize_with_readme parameter to POST /projects. !21617 (Steve)
- β Add ability to skip user email confirmation with API. !21630
- β Add sorting for labels on labels page. !21642
- Set user status from within user menu. !21643
- Copy nurtch demo notebooks at Jupyter startup. !21698 (Amit Rathi)
- π Allows to sort projects by most stars. !21762 (Jacopo Beschi @jacopo-beschi)
- π Allow pipelines to schedule delayed job runs. !21767
- β Added tree of changed files to merge request diffs. !21833
- β Add GitLab version components to CI environment variables. !21853
- π Allows to chmod file with commits API. !21866 (Jacopo Beschi @jacopo-beschi)
- π§ Make single diff patch limit configurable. !21886
- π Extend reports feature to support Security Products. !21892
- β Adds the user's public_email attribute to the API. !21909 (Alexis Reigel)
- β‘οΈ Update all gitlab CI templates from gitlab-org/gitlab-ci-yml. !21929
- β Add support for setting the public email through the api. !21938 (Alexis Reigel)
- π Support db migration and initialization for Auto DevOps. !21955
- β Add subscribe filter to group and project labels pages. !21965
- β Add support for pipeline only/except policy for modified paths. !21981
- π Docs for Project/Groups members API with inherited members. !21984 (Jacopo Beschi @jacopo-beschi)
- β Adds Web IDE commits to usage ping. !22007
- β Add timed incremental rollout to Auto DevOps. !22023
- π Show percentage of language detection on the language bar. !22056 (Johann Hubert Sonntagbauer)
- π Allows to filter issues by Any milestone in the API. !22080 (Jacopo Beschi @jacopo-beschi)
- β Add button to download 2FA codes. (Luke Picciau)
- π² Render log artifact files in GitLab.
Other (42 changes, 16 of them are from the community)
- π Send deployment information in job API. !21307
- Split admin settings into multiple sub pages. !21467
- β Remove Rugged and shell code from Gitlab::Git. !21488
- β Add trigger information in job API. !21495
- β Add empty state illustration information in job API. !21532
- β Add retried jobs to pipeline stage. !21558
- π Rails 5: fix issue move service In rails 5, the attributes method for an enum returns the name instead of the database integer. !21616 (Jasper Maes)
- π¦ Expose project runners in job API. !21618
- create from template: hide checkbox for initializing repository with readme. !21646
- β Adds new 'Overview' tab on user profile page. !21663
- β Add clean-up phase for ScheduleDiffFilesDeletion migration. !21734
- Prevents private profile help link from toggling checkbox. !21757
- π Make AutoDevOps work behind proxy. !21775 (Sergej - @kinolaev)
- π· Use Vue components and new API to render Artifacts, Trigger Variables and Commit blocks on Job page. !21777
- β Add wrapper rake task to migrate all uploads to OS. !21779
- Retroactively fill pipeline source for external pipelines. !21814
- π Rename squash before merge vue component. !21851 (George Tsiolis)
- π Fix merge request header margins. !21878
- π Fix committer typo. !21899 (George Tsiolis)
- β Adds an extra width to the responsive tables. !21928
- π¦ Expose has_trace in job API. !21950
- π Rename block scope local variable in table pagination spec. !21969 (George Tsiolis)
- π Fix blue, orange, and red color inconsistencies. !21972
- β‘οΈ Update operations metrics empty state. !21974 (George Tsiolis)
- π Improve empty project placeholder for non-members and members without write access. !21977 (George Tsiolis)
- β Add copy to clipboard button for application id and secret. !21978 (George Tsiolis)
- β Add link component to UserAvatarLink component. !21986 (George Tsiolis)
- β Add link component to DownloadViewer component. !21987 (George Tsiolis)
- π Rephrase 2FA and TOTP documentation and view. !21998 (Marc Schwede)
- β‘οΈ Update project path on project name autofill. !22016
- π Improve logging when username update fails due to registry tags. !22038
- Align collapsed sidebar avatar container. !22044 (George Tsiolis)
- Rails5: fix artifacts controller download spec Rails5 has params[:file_type] as '' if file_type is included as nil in the request. !22123 (Jasper Maes)
- Hide pagination for personal projects on profile overview tab. !22321
- Extracts scroll position check into reusable functions.
- π Uses Vuex store in job details page and removes old mediator pattern.
- Render 412 when invalid UTF-8 parameters are passed to controller.
- π· Renders Job show page in new Vue app.
- β Add link to User Snippets in breadcrumbs of New User Snippet page. (J.D. Bean)
- π² Log project services errors when executing async.
- β‘οΈ Update docs regarding frozen string. (gfyoung)
- π Check frozen string in style builds. (gfyoung)
-
v11.3.14 Changes
December 20, 2018π Security (1 change)
- π Fix persistent symlink in project import.
-
v11.3.13 Changes
December 13, 2018π Security (1 change)
- Validate LFS hrefs before downloading them.
-
v11.3.12 Changes
December 06, 2018π Security (1 change)
- Prevent a path traversal attack on global file templates.
-
v11.3.11 Changes
November 26, 2018π Security (33 changes)
- Filter user sensitive data from discussions JSON. !2537
- Escape entity title while autocomplete template rendering to prevent XSS. !2557
- π Restrict Personal Access Tokens to API scope on web requests.
- π Fix XSS in merge request source branch name.
- Escape user fullname while rendering autocomplete template to prevent XSS.
- π Fix CRLF vulnerability in Project hooks.
- π Fix possible XSS attack in Markdown urls with spaces.
- π² Redact sensitive information on gitlab-workhorse log.
- β± Set timeout for syntax highlighting.
- π§ Do not follow redirects in Prometheus service when making http requests to the configured api url.
- Persist only SHA digest of PersonalAccessToken#token.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Don't expose confidential information in commit message list.
- Markdown API no longer displays confidential title references unless authorized.
- Provide email notification when a user changes their email address.
- Properly filter private references from system notes.
- Redact personal tokens in unsubscribe links.
- Resolve reflected XSS in Ouath authorize window.
- π Fix SSRF in project integrations.
- π Fix stored XSS in merge requests from imported repository.
- π Fixed ability to comment on locked/confidential issues.
- π Fixed ability of guest users to edit/delete comments on locked or confidential issues.
- π Fix milestone promotion authorization check.
- Monkey kubeclient to not follow any redirects.
- π§ Configure mermaid to not render HTML content in diagrams.
- Redact confidential events in the API.
- π Fix xss vulnerability sourced from package.json.
- π Fix a possible symlink time of check to time of use race condition in GitLab Pages.
- β Removed ability to see private group names when the group id is entered in the url.
- π Fix stored XSS for Environments.
- Block loopback addresses in UrlBlocker.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.
-
v11.3.10 Changes
November 18, 2018π Security (1 change)
- Escape user fullname while rendering autocomplete template to prevent XSS.
-
v11.3.9 Changes
October 31, 2018π Security (1 change)
- Monkey kubeclient to not follow any redirects.
-
v11.3.8 Changes
October 27, 2018- No changes.