All Versions
662
Latest Version
Avg Release Cycle
13 days
Latest Release
1819 days ago

Changelog History
Page 44

  • v11.7.8 Changes

    March 26, 2019

    πŸ”’ Security (7 changes)

    • πŸš€ Disallow guest users from accessing Releases.
    • πŸ›  Fix PDF.js vulnerability.
    • Hide "related branches" when user does not have permission.
    • πŸ›  Fix XSS in resolve conflicts form.
    • βž• Added rake task for removing EXIF data from existing uploads.
    • ⚑️ Disallow updating namespace when updating a project.
    • πŸ‘‰ Use UntrustedRegexp for matching refs policy.

  • v11.7.7 Changes

    March 19, 2019

    πŸ”’ Security (2 changes)

    • βœ‚ Remove project serialization in quick actions response.
    • πŸ›  Fixed ability to see private groups by users not belonging to given group.

  • v11.7.5 Changes

    February 06, 2019

    πŸ›  Fixed (8 changes)

    • πŸ›  Fix import handling errors in Bitbucket Server importer. !24499
    • Adjusts suggestions unable to be applied. !24603
    • πŸ›  Fix 500 errors with legacy appearance logos. !24615
    • πŸ›  Fix form functionality for edit tag page. !24645
    • ⚑️ Update Workhorse to v8.0.2. !24870
    • Downcase aliased OAuth2 callback providers. !24877
    • πŸ›  Fix Detect Host Keys not working. !24884
    • πŸ”„ Changed external wiki query method to prevent attribute caching. !24907

  • v11.7.2 Changes

    January 29, 2019

    πŸ›  Fixed (1 change)

    • πŸ›  Fix uninitialized constant with GitLab Pages.

  • v11.7.1 Changes

    January 28, 2019

    πŸ”’ Security (24 changes)

    • πŸ’» Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770
    • Don't process MR refs for guests in the notes. !2771
    • Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2828
    • πŸ›  Fixed XSS content in KaTex links.
    • Disallows unauthorized users from accessing the pipelines section.
    • πŸ‘Œ Verify that LFS upload requests are genuine.
    • πŸ’Ž Extract GitLab Pages using RubyZip.
    • Prevent awarding emojis to notes whose parent is not visible to user.
    • Prevent unauthorized replies when discussion is locked or confidential.
    • Disable git v2 protocol temporarily.
    • πŸ›  Fix showing ci status for guest users when public pipline are not set.
    • πŸ›  Fix contributed projects info still visible when user enable private profile.
    • βž• Add subresources removal to member destroy service.
    • βž• Add more LFS validations to prevent forgery.
    • πŸ‘‰ Use common error for unauthenticated users when creating issues.
    • πŸ›  Fix slow regex in project reference pattern.
    • πŸ›  Fix private user email being visible in push (and tag push) webhooks.
    • πŸ›  Fix wiki access rights when external wiki is enabled.
    • πŸ‘€ Group guests are no longer able to see merge requests they don't have access to at group level.
    • πŸ›  Fix path disclosure on project import error.
    • Restrict project import visibility based on its group.
    • πŸ”¦ Expose CI/CD trigger token only to the trigger owner.
    • 🚚 Notify only users who can access the project on project move.
    • Alias GitHub and BitBucket OAuth2 callback URLs.

  • v11.7.0 Changes

    January 22, 2019

    πŸ”’ Security (14 changes, 1 of them is from the community)

    • Escape label and milestone titles to prevent XSS in GFM autocomplete. !2693
    • ⬆️ Bump Ruby on Rails to 5.0.7.1. !23396 (@blackst0ne)
    • βœ‚ Delete confidential todos for user when downgraded to Guest.
    • πŸ‘€ Project guests no longer are able to see refs page.
    • Set URL rel attribute for broken URLs.
    • Prevent leaking protected variables for ambiguous refs.
    • πŸ‘· Authorize before reading job information via API.
    • πŸ‘ Allow changing group CI/CD settings only for owners.
    • πŸ›  Fix SSRF with import_url and remote mirror url.
    • πŸ”€ Don't expose cross project repositories through diffs when creating merge reqeusts.
    • Validate bundle files before unpacking them.
    • Issuable no longer is visible to users when project can't be viewed.
    • Escape html entities in LabelReferenceFilter when no label found.
    • Prevent private snippets from being embeddable.

    βœ‚ Removed (3 changes, 1 of them is from the community)

    • βœ‚ Removes all instances of deprecated Gitlab Upgrader calls. !23603 (@jwolen)
    • βœ‚ Removed discard draft comment button form notes. !24185
    • βœ‚ Remove migration to backfill project_repositories for legacy storage projects. !24299

    πŸ›  Fixed (42 changes, 7 of them are from the community)

    • ⚑️ Prevent awards emoji being updated when updating status. !23470
    • πŸ‘ Allow merge after rebase without page refresh on FF repositories. !23572
    • Prevent admins from attempting hashed storage migration on read only DB. !23597
    • 🐎 Correct the ordering of metrics on the performance dashboard. !23630
    • Display empty files properly on MR diffs. !23671 (Sean Nichols)
    • πŸ‘ Allow GitHub imports via token even if OAuth2 provider not configured. !23703
    • ⚑️ Update header navigation theme colors. !23734 (George Tsiolis)
    • πŸ›  Fix login box bottom margins on signin page. !23739 (@gear54)
    • Return an ApplicationSetting in CurrentSettings. !23766
    • πŸ›  Fix bug commenting on LFS images. !23812
    • Only prompt user once when navigating away from file editor. !23820 (Sam Bigelow)
    • πŸ”€ Display commit ID for discussions made on merge request commits. !23837
    • Stop autofocusing on diff comment after initial mount. !23849
    • πŸ›  Fix object storage not working properly with Google S3 compatibility. !23858
    • πŸ›  Fix project calendar feed when sorted by priority. !23870
    • πŸ›  Fix edit button disappearing in issue title. !23948 (Ruben Moya)
    • πŸ— Aligns build loader animation with the job log. !23959
    • Allow 'rake gitlab:cleanup:remote_upload_files' to read bucket files without having permissions to see all buckets. !23981
    • Correctly externalize pipeline tags. !24028
    • πŸ›  Fix error when creating labels in a new issue in the boards page. !24039 (Ruben Moya)
    • πŸ“œ Use 'parsePikadayDate' to parse due date string. !24045
    • πŸ›  Fix commit SHA not showing in merge request compare dropdown. !24084
    • βœ‚ Remove top margin in modal header titles. !24108
    • ⬇️ Drop Webhooks from project import/export config. !24121
    • Only validate project visibility when it has changed. !24142
    • Resolve About this feature link should open in new window. !24149
    • βž• Add syntax highlighting to suggestion diff. !24156
    • πŸ›  Fix Bitbucket Server import only including first 25 pull requests. !24178
    • Enable caching for records which primary key is not id. !24245
    • βͺ Adjust applied suggestion reverting previous changes. !24250
    • πŸ›  Fix unexpected exception by failure of finding an actual head pipeline. !24257
    • πŸ›  Fix broken templated "Too many changes to show" text. !24282
    • πŸ›  Fix requests profiler in admin page not rendering HTML properly. !24291
    • πŸ›  Fix no avatar not showing in user selection box. !24346
    • ⬆️ Upgrade to gitaly 1.12.1. !24361
    • πŸ›  Fix runner eternal loop when update job result. !24481
    • πŸ›  Fix notification email for image diff notes.
    • πŸ›  Fixed merge request diffs empty states.
    • πŸ›  Fixed diff suggestions removing dashes.
    • πŸ‘· Don't hide CI dropdown behind diff summary. (gfyoung)
    • πŸ›  Fix spacing on discussions.
    • πŸ›  Fixes missing margin in releases block.

    πŸ”„ Changed (22 changes, 8 of them are from the community)

    • πŸ‘‰ Show clusters of ancestors in cluster list page. !22996
    • βœ‚ Remove unnecessary line before reply holder. !23092 (George Tsiolis)
    • πŸ‘‰ Make the Pages permission setting more clear. !23146
    • πŸ”€ Disable merging of labels with same names. !23265
    • πŸ‘ Allow basic authentication on go get middleware. !23497 (Morty Choi @mortyccp)
    • No longer require email subaddressing for issue creation by email. !23523
    • Adjust padding of .dropdown-title to comply with design specs. !23546
    • πŸ”€ Make commit IDs in merge request discussion header monospace. !23562
    • ⚑️ Update environments breadcrumb. !23751 (George Tsiolis)
    • βž• Add date range in milestone change email notifications. !23762
    • Require Knative to be installed only on an RBAC kubernetes cluster. !23807 (Chris Baumbauer)
    • πŸ›  Fix label and header styles in the job details sidebar. !23816 (Nathan Friend)
    • βž• Add % prefix to milestone reference links. !23928
    • Reorder sidebar menu item for group clusters. !24001 (George Tsiolis)
    • πŸ‘Œ Support CURD operation for Links as one of the Release assets. !24056
    • ⬆️ Upgrade Omniauth and JWT gems to switch away from Google+ API. !24068
    • πŸ“‡ Renames Milestone sort into Milestone due date. !24080 (Jacopo Beschi @jacopo-beschi)
    • πŸ”€ Discussion filter only displayed in discussions tab for merge requests. !24082
    • 0️⃣ Make RBAC enabled default for new clusters. !24119
    • Hashed Storage: Only set as read_only when starting the per-project migration. !24128
    • Knative version bump 0.1.3 -> 0.2.2. (Chris Baumbauer)
    • πŸ‘‰ Show message on non-diff discussions.

    🐎 Performance (7 changes)

    • πŸ›  Fix some N+1 queries related to Admin Dashboard, User Dashboards and Activity Stream. !23034
    • βž• Add indexes to speed up CI query. !23188
    • πŸ‘Œ Improve the loading time on merge request's discussion page by caching diff highlight. !23857
    • Cache avatar URLs and paths within a request. !23950
    • πŸ‘Œ Improve snippet search performance by removing duplicate counts. !23952
    • Skip per-commit validations already evaluated. !23984
    • πŸ›  Fix timeout issues retrieving branches via API. !24034

    βž• Added (29 changes, 6 of them are from the community)

    • πŸ– Handle ci.skip push option. !15643 (Jonathon Reinhart)
    • βž• Add NGINX 0.16.0 and above metrics. !22133
    • βž• Add project milestone link. !22552
    • πŸ‘Œ Support tls communication in gitaly. !22602
    • βž• Add option to make ci variables protected by default. !22744 (Alexis Reigel)
    • βž• Add project identifier as List-Id email Header to ease filtering. !22817 (Olivier CrΓͺte)
    • βž• Add markdown helper buttons to file editor. !23480
    • πŸ‘ Allow to include templates in gitlab-ci.yml. !23495
    • Extend override check to also check arity. !23498 (Jacopo Beschi @jacopo-beschi)
    • βž• Add importing of issues from CSV file. !23532
    • βž• Add submit feedback link to help dropdown. !23547
    • ⚑️ Send a notification email to project maintainers when a mirror update fails. !23595
    • βͺ Restore Object Pools when restoring an object pool. !23682
    • πŸš€ Creates component for release block. !23697
    • πŸš€ Configure Auto DevOps deployed applications with secrets from prefixed CI variables. !23719
    • βž• Add name, author_id, and sha to releases table. !23763
    • Display a list of Sentry Issues in GitLab. !23770
    • πŸš€ Releases API. !23795
    • πŸš€ Creates frontend app for releases. !23796
    • Add new pipeline variable CI_COMMIT_SHORT_SHA. !23822
    • Create system notes on issue / MR creation when labels, milestone, or due date is set. !23859
    • βž• Adds API documentation for releases. !23901
    • βž• Add API Support for Kubernetes integration. !23922
    • Expose CI/CD predefined variable CI_API_V4_URL. !23936
    • βž• Add Knative metrics to Prometheus. !23972 (Chris Baumbauer)
    • πŸ‘‰ Use reports syntax for Dependency scanning in Auto DevOps. !24081
    • πŸ‘ Allow to include files from another projects in gitlab-ci.yml. !24101
    • πŸ‘‰ User Popovers for Commit Infos, Member Lists and Snippets. !24132
    • βž• Add no-color theme for syntax highlighting. (khm)

    Other (45 changes, 30 of them are from the community)

    • πŸ’» Redesign project lists UI. !22682
    • ⚑️ [Rails5.1] Update functional specs to use new keyword format. !23095 (@blackst0ne)
    • ⚑️ Update a condition to visibility a merge request collaboration message. !23104 (Harry Kiselev)
    • βœ‚ Remove framework/mobile.scss. !23301 (Takuya Noguchi)
    • πŸ—„ Passing the separator argument as a positional parameter is deprecated. !23334 (Jasper Maes)
    • πŸ‘· Clarifies docs about CI allow_failure. !23367 (C.J. Jameson)
    • πŸ”¨ Refactor issuable sidebar to use serializer. !23379
    • πŸ”¨ Refactor the logic of updating head pipelines for merge requests. !23502
    • πŸ‘ Allow user to add Kubernetes cluster for clusterable when there are ancestor clusters. !23569
    • βž• Adds explanatory text to input fields on user profile settings page. !23673
    • Externalize strings from /app/views/shared/notes. !23696 (Tao Wang)
    • βœ‚ Remove rails 4 support in CI, Gemfiles, bin/ and config/. !23717 (Jasper Maes)
    • πŸ›  Fix calendar events fetching error on private profile page. !23718 (Harry Kiselev)
    • ⚑️ Update GitLab Workhorse to v8.0.0. !23740
    • Hide confidential events in the API. !23746
    • πŸ”„ Changed Userpopover Fixtures and shadow color. !23768
    • πŸ›  Fix deprecation: Passing conditions to delete_all is deprecated. !23817 (Jasper Maes)
    • Fix deprecation: Passing ActiveRecord::Base objects to sanitize_sql_hash_for_assignment. !23818 (Jasper Maes)
    • βœ‚ Remove rails4 specific code. !23847 (Jasper Maes)
    • βœ‚ Remove deprecated ActionDispatch::ParamsParser. !23848 (Jasper Maes)
    • πŸ›  Fix deprecation: Comparing equality between ActionController::Parameters and a Hash is deprecated. !23855 (Jasper Maes)
    • πŸ›  Fix deprecation: Directly inheriting from ActiveRecord::Migration is deprecated. !23884 (Jasper Maes)
    • Fix deprecation: alias_method_chain is deprecated. Please, use Module#prepend instead. !23887 (Jasper Maes)
    • ⚑️ Update specs to exclude possible false positive pass. !23893 (@blackst0ne)
    • πŸ—„ Passing an argument to force an association to reload is now deprecated. !23894 (Jasper Maes)
    • ActiveRecord::Migration -> ActiveRecord::Migration[5.0]. !23910 (Jasper Maes)
    • Split bio into individual line in extended user tooltips. !23940
    • πŸ›  Fix deprecation: redirect_to :back is deprecated. !23943 (Jasper Maes)
    • πŸ›  Fix deprecation: insert_sql is deprecated and will be removed. !23944 (Jasper Maes)
    • ⬆️ Upgrade @gitlab/ui to 1.16.2. !23946
    • πŸ‘ convert specs in javascripts/ and support/ to new syntax. !23947 (Jasper Maes)
    • βœ‚ Remove deprecated xhr from specs. !23949 (Jasper Maes)
    • βœ‚ Remove app/views/shared/issuable/_filter.html.haml. !24008 (Takuya Noguchi)
    • πŸ›  Fix deprecation: Using positional arguments in integration tests. !24009 (Jasper Maes)
    • πŸ’» UI improvements for redesigned project lists. !24011
    • ⚑️ Update cert-manager chart from v0.5.0 to v0.5.2. !24025 (Takuya Noguchi)
    • Hide spinner on empty activities list on user profile overview. !24063
    • πŸ‘· Don't show Auto DevOps enabled banner for projects with CI file or CI disabled. !24067
    • ⚑️ Update GitLab Runner Helm Chart to 0.1.43. !24083
    • πŸ›  Fix navigation style in docs. !24090 (Takuya Noguchi)
    • βœ‚ Remove gem install bundler from Docker-based Ruby environments. !24093 (Takuya Noguchi)
    • πŸ›  Fix deprecation: Using positional arguments in integration tests. !24110 (Jasper Maes)
    • πŸ›  Fix deprecation: returning false in Active Record and Active Model callbacks will not implicitly halt a callback chain. !24134 (Jasper Maes)
    • ActiveRecord::Migration -> ActiveRecord::Migration[5.0] for AddIndexesToCiBuildsAndPipelines. !24167 (Jasper Maes)
    • ⚑️ Update url placeholder for the sentry configuration page. !24338

  • v11.6.11 Changes

    April 23, 2019

    πŸ”’ Security (2 changes)

    • πŸ›  Fixed ability to see private groups by users not belonging to given group.
    • πŸ›  Fix XSS in resolve conflicts form.

    πŸ›  Fixed (2 changes)

    • Bring back Rugged implementation of find_commit. !25477
    • Avoid excessive recursive calls with Rugged TreeEntries. !26813

    🐎 Performance (1 change)

    • Bring back Rugged implementation of ListCommitsByOid. !27441

    Other (4 changes)

    • Bring back Rugged implementation of GetTreeEntries. !25674
    • Bring back Rugged implementation of CommitIsAncestor. !25702
    • Bring back Rugged implementation of TreeEntry. !25706
    • Bring back Rugged implementation of commit_tree_entry. !25896

  • v11.6.10 Changes

    February 28, 2019

    πŸ”’ Security (21 changes)

    • πŸ“¦ Stop linking to unrecognized package sources. !55518
    • 🚚 Check snippet attached file to be moved is within designated directory.
    • πŸ›  Fix potential Addressable::URI::InvalidURIError.
    • 🚚 Do not display impersonated sessions under active sessions and remove ability to revoke session.
    • Display only information visible to current user on the Milestone page.
    • πŸ”€ Show only merge requests visible to user on milestone detail page.
    • Disable issue boards API when issues are disabled.
    • 🚚 Don't show new issue link after move when a user does not have permissions.
    • πŸ›  Fix git clone revealing private repo's presence.
    • πŸ›  Fix blind SSRF in Prometheus integration by checking URL before querying.
    • Check if desired milestone for an issue is available.
    • πŸ‘€ Don't allow non-members to see private related MRs.
    • πŸ›  Fix arbitrary file read via diffs during import.
    • Display the correct number of MRs a user has access to.
    • Forbid creating discussions for users with restricted access.
    • Do not disclose milestone titles for unauthorized users.
    • Validate session key when authorizing with GCP to create a cluster.
    • Block local URLs for Kubernetes integration.
    • Limit mermaid rendering to 5K characters.
    • βœ‚ Remove the possibility to share a project with a group that a user is not a member of.
    • πŸ›  Fix leaking private repository information in API.

  • v11.6.9 Changes

    February 04, 2019

    πŸ”’ Security (1 change)

    • πŸ‘‰ Use sanitized user status message for user popover.

  • v11.6.8 Changes

    January 30, 2019
    • No changes.