All Versions
467
Latest Version
Avg Release Cycle
8 days
Latest Release
154 days ago

Changelog History
Page 4

  • v13.1.0.pre

    May 21, 2020
  • v13.0.14

    August 18, 2020
    • No changes.
  • v13.0.13

    August 17, 2020

    ๐Ÿ”’ Security (2 changes)

    • ๐Ÿš€ Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy.
    • ๐Ÿš€ Project access is checked during deploy token authentication.
  • v13.0.12

    August 05, 2020

    ๐Ÿ”’ Security (10 changes)

    • โž• Add decompressed archive size validation on Project/Group Import. !562
    • Enforce 2FA on Doorkeeper controllers.
    • Refresh project authorizations when transferring groups.
    • ๐Ÿ”Š Stop excess logs from failure to send invite email when group no longer exists.
    • ๐Ÿ‘Œ Verify confirmed email for OAuth Authorize POST endpoint.
    • Revoke OAuth grants when a user revokes an application.
    • ๐Ÿ›  Fix XSS in Markdown reference tooltips.
    • ๐Ÿ›  Fix XSS in milestone tooltips.
    • ๐Ÿ›  Fix xss vulnerability on jobs view.
    • Block 40-character hexadecimal branches.
  • v13.0.11

    August 05, 2020

    This version has been skipped due to packaging problems.

  • v13.0.10

    July 09, 2020

    ๐Ÿ›  Fixed (1 change)

    • ๐Ÿ›  Fix gitlab:*:check Rake tasks. !35944
  • v13.0.9

    July 06, 2020
    • No changes.
  • v13.0.8

    July 01, 2020

    ๐Ÿ”’ Security (18 changes)

    • โšก๏ธ Update xterm js dependency to latest stable 3.x version.
    • Do not show activity for users with private profiles.
    • ๐Ÿ›  Fix stored XSS in markdown renderer.
    • โฌ†๏ธ Upgrade swagger-ui to solve XSS issues.
    • ๐Ÿ›  Fix group deploy token API authorizations.
    • ๐Ÿ”€ Check access when sending TODOs related to merge requests.
    • ๐Ÿ”„ Change from hybrid to JSON cookies serializer.
    • Prevent XSS in group name validations.
    • Disable caching for wiki attachments.
    • Disable Github Importer API by settings.
    • ๐Ÿ›  Fix null byte error in upload path.
    • โšก๏ธ Update permissions for time tracking endpoints.
    • โž• Add snippet repository validation after bundle import.
    • โšก๏ธ Update Kaminari gem.
    • ๐Ÿ›  Fix note author name rendering.
    • Sanitize bitbucket repo urls to mitigate XSS.
    • Stored XSS on the Error Tracking page.
    • ๐Ÿ›  Fix security issue when rendering issuable.
  • v13.0.7

    June 25, 2020

    ๐Ÿ›  Fixed (7 changes)

    • Group authorization refresh to consider shared groups. !31204
    • ๐Ÿ›  Fix Value Stream Analytics summary when using non-english locale. !33717
    • ๐Ÿ›  Fix bug with variable substitution in alerts. !33772
    • Fix relative URL root in wiki_base_path. !33841
    • ๐Ÿ‘ท Adjust wrong column reference for ResetMergeStatus (background job). !33899
    • โšก๏ธ Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup. !34657
    • ๐ŸŒฒ Load user before logging git http-requests. !34923

    โž• Added (2 changes)

    • Provide __range variable for Prometheus queries. !33521
    • Periodically recompute project authorizations. !34071
  • v13.0.6

    June 10, 2020
    • No changes.