All Versions
662
Latest Version
Avg Release Cycle
13 days
Latest Release
1819 days ago
Changelog History
Page 44
Changelog History
Page 44
-
v11.7.8 Changes
March 26, 2019π Security (7 changes)
- π Disallow guest users from accessing Releases.
- π Fix PDF.js vulnerability.
- Hide "related branches" when user does not have permission.
- π Fix XSS in resolve conflicts form.
- β Added rake task for removing EXIF data from existing uploads.
- β‘οΈ Disallow updating namespace when updating a project.
- π Use UntrustedRegexp for matching refs policy.
-
v11.7.7 Changes
March 19, 2019π Security (2 changes)
- β Remove project serialization in quick actions response.
- π Fixed ability to see private groups by users not belonging to given group.
-
v11.7.5 Changes
February 06, 2019π Fixed (8 changes)
- π Fix import handling errors in Bitbucket Server importer. !24499
- Adjusts suggestions unable to be applied. !24603
- π Fix 500 errors with legacy appearance logos. !24615
- π Fix form functionality for edit tag page. !24645
- β‘οΈ Update Workhorse to v8.0.2. !24870
- Downcase aliased OAuth2 callback providers. !24877
- π Fix Detect Host Keys not working. !24884
- π Changed external wiki query method to prevent attribute caching. !24907
-
v11.7.2 Changes
January 29, 2019π Fixed (1 change)
- π Fix uninitialized constant with GitLab Pages.
-
v11.7.1 Changes
January 28, 2019π Security (24 changes)
- π» Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770
- Don't process MR refs for guests in the notes. !2771
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2828
- π Fixed XSS content in KaTex links.
- Disallows unauthorized users from accessing the pipelines section.
- π Verify that LFS upload requests are genuine.
- π Extract GitLab Pages using RubyZip.
- Prevent awarding emojis to notes whose parent is not visible to user.
- Prevent unauthorized replies when discussion is locked or confidential.
- Disable git v2 protocol temporarily.
- π Fix showing ci status for guest users when public pipline are not set.
- π Fix contributed projects info still visible when user enable private profile.
- β Add subresources removal to member destroy service.
- β Add more LFS validations to prevent forgery.
- π Use common error for unauthenticated users when creating issues.
- π Fix slow regex in project reference pattern.
- π Fix private user email being visible in push (and tag push) webhooks.
- π Fix wiki access rights when external wiki is enabled.
- π Group guests are no longer able to see merge requests they don't have access to at group level.
- π Fix path disclosure on project import error.
- Restrict project import visibility based on its group.
- π¦ Expose CI/CD trigger token only to the trigger owner.
- π Notify only users who can access the project on project move.
- Alias GitHub and BitBucket OAuth2 callback URLs.
-
v11.7.0 Changes
January 22, 2019π Security (14 changes, 1 of them is from the community)
- Escape label and milestone titles to prevent XSS in GFM autocomplete. !2693
- β¬οΈ Bump Ruby on Rails to 5.0.7.1. !23396 (@blackst0ne)
- β Delete confidential todos for user when downgraded to Guest.
- π Project guests no longer are able to see refs page.
- Set URL rel attribute for broken URLs.
- Prevent leaking protected variables for ambiguous refs.
- π· Authorize before reading job information via API.
- π Allow changing group CI/CD settings only for owners.
- π Fix SSRF with import_url and remote mirror url.
- π Don't expose cross project repositories through diffs when creating merge reqeusts.
- Validate bundle files before unpacking them.
- Issuable no longer is visible to users when project can't be viewed.
- Escape html entities in LabelReferenceFilter when no label found.
- Prevent private snippets from being embeddable.
β Removed (3 changes, 1 of them is from the community)
- β Removes all instances of deprecated Gitlab Upgrader calls. !23603 (@jwolen)
- β Removed discard draft comment button form notes. !24185
- β Remove migration to backfill project_repositories for legacy storage projects. !24299
π Fixed (42 changes, 7 of them are from the community)
- β‘οΈ Prevent awards emoji being updated when updating status. !23470
- π Allow merge after rebase without page refresh on FF repositories. !23572
- Prevent admins from attempting hashed storage migration on read only DB. !23597
- π Correct the ordering of metrics on the performance dashboard. !23630
- Display empty files properly on MR diffs. !23671 (Sean Nichols)
- π Allow GitHub imports via token even if OAuth2 provider not configured. !23703
- β‘οΈ Update header navigation theme colors. !23734 (George Tsiolis)
- π Fix login box bottom margins on signin page. !23739 (@gear54)
- Return an ApplicationSetting in CurrentSettings. !23766
- π Fix bug commenting on LFS images. !23812
- Only prompt user once when navigating away from file editor. !23820 (Sam Bigelow)
- π Display commit ID for discussions made on merge request commits. !23837
- Stop autofocusing on diff comment after initial mount. !23849
- π Fix object storage not working properly with Google S3 compatibility. !23858
- π Fix project calendar feed when sorted by priority. !23870
- π Fix edit button disappearing in issue title. !23948 (Ruben Moya)
- π Aligns build loader animation with the job log. !23959
- Allow 'rake gitlab:cleanup:remote_upload_files' to read bucket files without having permissions to see all buckets. !23981
- Correctly externalize pipeline tags. !24028
- π Fix error when creating labels in a new issue in the boards page. !24039 (Ruben Moya)
- π Use 'parsePikadayDate' to parse due date string. !24045
- π Fix commit SHA not showing in merge request compare dropdown. !24084
- β Remove top margin in modal header titles. !24108
- β¬οΈ Drop Webhooks from project import/export config. !24121
- Only validate project visibility when it has changed. !24142
- Resolve About this feature link should open in new window. !24149
- β Add syntax highlighting to suggestion diff. !24156
- π Fix Bitbucket Server import only including first 25 pull requests. !24178
- Enable caching for records which primary key is not
id
. !24245 - βͺ Adjust applied suggestion reverting previous changes. !24250
- π Fix unexpected exception by failure of finding an actual head pipeline. !24257
- π Fix broken templated "Too many changes to show" text. !24282
- π Fix requests profiler in admin page not rendering HTML properly. !24291
- π Fix no avatar not showing in user selection box. !24346
- β¬οΈ Upgrade to gitaly 1.12.1. !24361
- π Fix runner eternal loop when update job result. !24481
- π Fix notification email for image diff notes.
- π Fixed merge request diffs empty states.
- π Fixed diff suggestions removing dashes.
- π· Don't hide CI dropdown behind diff summary. (gfyoung)
- π Fix spacing on discussions.
- π Fixes missing margin in releases block.
π Changed (22 changes, 8 of them are from the community)
- π Show clusters of ancestors in cluster list page. !22996
- β Remove unnecessary line before reply holder. !23092 (George Tsiolis)
- π Make the Pages permission setting more clear. !23146
- π Disable merging of labels with same names. !23265
- π Allow basic authentication on go get middleware. !23497 (Morty Choi @mortyccp)
- No longer require email subaddressing for issue creation by email. !23523
- Adjust padding of .dropdown-title to comply with design specs. !23546
- π Make commit IDs in merge request discussion header monospace. !23562
- β‘οΈ Update environments breadcrumb. !23751 (George Tsiolis)
- β Add date range in milestone change email notifications. !23762
- Require Knative to be installed only on an RBAC kubernetes cluster. !23807 (Chris Baumbauer)
- π Fix label and header styles in the job details sidebar. !23816 (Nathan Friend)
- β Add % prefix to milestone reference links. !23928
- Reorder sidebar menu item for group clusters. !24001 (George Tsiolis)
- π Support CURD operation for Links as one of the Release assets. !24056
- β¬οΈ Upgrade Omniauth and JWT gems to switch away from Google+ API. !24068
- π Renames Milestone sort into Milestone due date. !24080 (Jacopo Beschi @jacopo-beschi)
- π Discussion filter only displayed in discussions tab for merge requests. !24082
- 0οΈβ£ Make RBAC enabled default for new clusters. !24119
- Hashed Storage: Only set as
read_only
when starting the per-project migration. !24128 - Knative version bump 0.1.3 -> 0.2.2. (Chris Baumbauer)
- π Show message on non-diff discussions.
π Performance (7 changes)
- π Fix some N+1 queries related to Admin Dashboard, User Dashboards and Activity Stream. !23034
- β Add indexes to speed up CI query. !23188
- π Improve the loading time on merge request's discussion page by caching diff highlight. !23857
- Cache avatar URLs and paths within a request. !23950
- π Improve snippet search performance by removing duplicate counts. !23952
- Skip per-commit validations already evaluated. !23984
- π Fix timeout issues retrieving branches via API. !24034
β Added (29 changes, 6 of them are from the community)
- π Handle ci.skip push option. !15643 (Jonathon Reinhart)
- β Add NGINX 0.16.0 and above metrics. !22133
- β Add project milestone link. !22552
- π Support tls communication in gitaly. !22602
- β Add option to make ci variables protected by default. !22744 (Alexis Reigel)
- β Add project identifier as List-Id email Header to ease filtering. !22817 (Olivier CrΓͺte)
- β Add markdown helper buttons to file editor. !23480
- π Allow to include templates in gitlab-ci.yml. !23495
- Extend override check to also check arity. !23498 (Jacopo Beschi @jacopo-beschi)
- β Add importing of issues from CSV file. !23532
- β Add submit feedback link to help dropdown. !23547
- β‘οΈ Send a notification email to project maintainers when a mirror update fails. !23595
- βͺ Restore Object Pools when restoring an object pool. !23682
- π Creates component for release block. !23697
- π Configure Auto DevOps deployed applications with secrets from prefixed CI variables. !23719
- β Add name, author_id, and sha to releases table. !23763
- Display a list of Sentry Issues in GitLab. !23770
- π Releases API. !23795
- π Creates frontend app for releases. !23796
- Add new pipeline variable CI_COMMIT_SHORT_SHA. !23822
- Create system notes on issue / MR creation when labels, milestone, or due date is set. !23859
- β Adds API documentation for releases. !23901
- β Add API Support for Kubernetes integration. !23922
- Expose CI/CD predefined variable
CI_API_V4_URL
. !23936 - β Add Knative metrics to Prometheus. !23972 (Chris Baumbauer)
- π Use reports syntax for Dependency scanning in Auto DevOps. !24081
- π Allow to include files from another projects in gitlab-ci.yml. !24101
- π User Popovers for Commit Infos, Member Lists and Snippets. !24132
- β Add no-color theme for syntax highlighting. (khm)
Other (45 changes, 30 of them are from the community)
- π» Redesign project lists UI. !22682
- β‘οΈ [Rails5.1] Update functional specs to use new keyword format. !23095 (@blackst0ne)
- β‘οΈ Update a condition to visibility a merge request collaboration message. !23104 (Harry Kiselev)
- β Remove framework/mobile.scss. !23301 (Takuya Noguchi)
- π Passing the separator argument as a positional parameter is deprecated. !23334 (Jasper Maes)
- π· Clarifies docs about CI
allow_failure
. !23367 (C.J. Jameson) - π¨ Refactor issuable sidebar to use serializer. !23379
- π¨ Refactor the logic of updating head pipelines for merge requests. !23502
- π Allow user to add Kubernetes cluster for clusterable when there are ancestor clusters. !23569
- β Adds explanatory text to input fields on user profile settings page. !23673
- Externalize strings from
/app/views/shared/notes
. !23696 (Tao Wang) - β Remove rails 4 support in CI, Gemfiles, bin/ and config/. !23717 (Jasper Maes)
- π Fix calendar events fetching error on private profile page. !23718 (Harry Kiselev)
- β‘οΈ Update GitLab Workhorse to v8.0.0. !23740
- Hide confidential events in the API. !23746
- π Changed Userpopover Fixtures and shadow color. !23768
- π Fix deprecation: Passing conditions to delete_all is deprecated. !23817 (Jasper Maes)
- Fix deprecation: Passing ActiveRecord::Base objects to sanitize_sql_hash_for_assignment. !23818 (Jasper Maes)
- β Remove rails4 specific code. !23847 (Jasper Maes)
- β Remove deprecated ActionDispatch::ParamsParser. !23848 (Jasper Maes)
- π Fix deprecation: Comparing equality between ActionController::Parameters and a Hash is deprecated. !23855 (Jasper Maes)
- π Fix deprecation: Directly inheriting from ActiveRecord::Migration is deprecated. !23884 (Jasper Maes)
- Fix deprecation: alias_method_chain is deprecated. Please, use Module#prepend instead. !23887 (Jasper Maes)
- β‘οΈ Update specs to exclude possible false positive pass. !23893 (@blackst0ne)
- π Passing an argument to force an association to reload is now deprecated. !23894 (Jasper Maes)
- ActiveRecord::Migration -> ActiveRecord::Migration[5.0]. !23910 (Jasper Maes)
- Split bio into individual line in extended user tooltips. !23940
- π Fix deprecation: redirect_to :back is deprecated. !23943 (Jasper Maes)
- π Fix deprecation: insert_sql is deprecated and will be removed. !23944 (Jasper Maes)
- β¬οΈ Upgrade @gitlab/ui to 1.16.2. !23946
- π convert specs in javascripts/ and support/ to new syntax. !23947 (Jasper Maes)
- β Remove deprecated xhr from specs. !23949 (Jasper Maes)
- β Remove app/views/shared/issuable/_filter.html.haml. !24008 (Takuya Noguchi)
- π Fix deprecation: Using positional arguments in integration tests. !24009 (Jasper Maes)
- π» UI improvements for redesigned project lists. !24011
- β‘οΈ Update cert-manager chart from v0.5.0 to v0.5.2. !24025 (Takuya Noguchi)
- Hide spinner on empty activities list on user profile overview. !24063
- π· Don't show Auto DevOps enabled banner for projects with CI file or CI disabled. !24067
- β‘οΈ Update GitLab Runner Helm Chart to 0.1.43. !24083
- π Fix navigation style in docs. !24090 (Takuya Noguchi)
- β Remove gem install bundler from Docker-based Ruby environments. !24093 (Takuya Noguchi)
- π Fix deprecation: Using positional arguments in integration tests. !24110 (Jasper Maes)
- π Fix deprecation: returning false in Active Record and Active Model callbacks will not implicitly halt a callback chain. !24134 (Jasper Maes)
- ActiveRecord::Migration -> ActiveRecord::Migration[5.0] for AddIndexesToCiBuildsAndPipelines. !24167 (Jasper Maes)
- β‘οΈ Update url placeholder for the sentry configuration page. !24338
-
v11.6.11 Changes
April 23, 2019π Security (2 changes)
- π Fixed ability to see private groups by users not belonging to given group.
- π Fix XSS in resolve conflicts form.
π Fixed (2 changes)
- Bring back Rugged implementation of find_commit. !25477
- Avoid excessive recursive calls with Rugged TreeEntries. !26813
π Performance (1 change)
- Bring back Rugged implementation of ListCommitsByOid. !27441
Other (4 changes)
- Bring back Rugged implementation of GetTreeEntries. !25674
- Bring back Rugged implementation of CommitIsAncestor. !25702
- Bring back Rugged implementation of TreeEntry. !25706
- Bring back Rugged implementation of commit_tree_entry. !25896
-
v11.6.10 Changes
February 28, 2019π Security (21 changes)
- π¦ Stop linking to unrecognized package sources. !55518
- π Check snippet attached file to be moved is within designated directory.
- π Fix potential Addressable::URI::InvalidURIError.
- π Do not display impersonated sessions under active sessions and remove ability to revoke session.
- Display only information visible to current user on the Milestone page.
- π Show only merge requests visible to user on milestone detail page.
- Disable issue boards API when issues are disabled.
- π Don't show new issue link after move when a user does not have permissions.
- π Fix git clone revealing private repo's presence.
- π Fix blind SSRF in Prometheus integration by checking URL before querying.
- Check if desired milestone for an issue is available.
- π Don't allow non-members to see private related MRs.
- π Fix arbitrary file read via diffs during import.
- Display the correct number of MRs a user has access to.
- Forbid creating discussions for users with restricted access.
- Do not disclose milestone titles for unauthorized users.
- Validate session key when authorizing with GCP to create a cluster.
- Block local URLs for Kubernetes integration.
- Limit mermaid rendering to 5K characters.
- β Remove the possibility to share a project with a group that a user is not a member of.
- π Fix leaking private repository information in API.
-
v11.6.9 Changes
February 04, 2019π Security (1 change)
- π Use sanitized user status message for user popover.
-
v11.6.8 Changes
January 30, 2019- No changes.