gitlab/changelogs/archive-10.md at master

Remove wrapper methods from Gitlab::Database

This module contained various methods that were forwarded to
Gitlab::Database::Connection. This commit removes these wrappers in
favour of using Gitlab::Database.main instead. This is done to make it
explicit what database connection should be used.

See https://gitlab.com/gitlab-org/gitlab/-/issues/331776 and
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65262 for more
information.

2021-07-27 11:44:53 +02:00

130 KiB

Raw Permalink Blame History

10.8.6 (2018-07-17)

Security (2 changes)

Fix symlink vulnerability in project import.
Merge branch 'fix-mr-widget-border' into 'master'.

10.8.5 (2018-06-21)

Security (5 changes)

Fix XSS vulnerability for table of content generation.
Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
HTML escape branch name in project graphs page.
HTML escape the name of the user in ProjectsHelper#link_to_member.
Don't show events from internal projects for anonymous users in public feed.

10.8.4 (2018-06-06)

No changes.

10.8.3 (2018-05-30)

Fixed (4 changes)

Replace Gitlab::REVISION with Gitlab.revision and handle installations without a .git directory. !19125
Fix encoding of branch names on compare and new merge request page. !19143
Fix remote mirror database inconsistencies when upgrading from EE to CE. !19196
Fix local storage not being cleared after creating a new issue.

Performance (1 change)

Memoize Gitlab::Database.main.version.

10.8.2 (2018-05-28)

Security (3 changes)

Prevent user passwords from being changed without providing the previous password.
Fix API to remove deploy key from project instead of deleting it entirely.
Fixed bug that allowed importing arbitrary project attributes.

10.8.1 (2018-05-23)

Fixed (9 changes)

Allow CommitStatus class to use presentable methods. !18979
Fix corrupted environment pages with unathorized proxy url. !18989
Fixes deploy token variables on Ci::Build. !19047
Fix project mirror database inconsistencies when upgrading from EE to CE. !19109
Render 404 when prometheus adapter is disabled in Prometheus metrics controller. !19110
Fix error when deleting an empty list of refs.
Fixed U2F login when used with LDAP.
Bump prometheus-client-mmap to 0.9.3 to fix nil exception error.
Fix system hook not firing for blocked users when LDAP sign-in is used.

10.8.0 (2018-05-22)

Security (3 changes, 1 of them is from the community)

Update faraday_middlewar to 0.12.2. !18397 (Takuya Noguchi)
Serve archive requests with the correct file in all cases.
Sanitizes user name to avoid XSS attacks.

Fixed (47 changes, 11 of them are from the community)

Refactor CSS to eliminate vertical misalignment of login nav. !16275 (Takuya Noguchi)
Fix pipeline status in branch/tag tree page. !17995
Allow group owner to enable runners from subgroups (#41981). !18009
Fix template selector menu visibility when toggling preview mode in file edit view. !18118 (Fabian Schneider)
Fix confirmation modal for deleting a protected branch. !18176 (Paul Bonaud @PaulRbR)
Triggering custom hooks by Wiki UI edit. !18251
Now rake cache:clear will also clear pipeline status cache. !18257
Fix joined information on project members page. !18290 (Fabian Schneider)
Fix missing namespace for some internal users. !18357
Show shared projects on group page. !18390
Restore label underline color. !18407 (George Tsiolis)
Fix undefined html_escape method during markdown rendering. !18418
Fix unassign slash command preview. !18447
Correct text and functionality for delete user / delete user and contributions modal. !18463 (Marc Schwede)
Fix discussions API setting created_at for notable in a group or notable in a project in a group with owners. !18464
Don't include lfs_file_locks data in export bundle. !18495
Reset milestone filter when clicking "Any Milestone" in dashboard. !18531
Ensure member notifications are sent after the member actual creation/update in the DB. !18538
Update links to /ci/lint with ones to project ci/lint. !18539 (Takuya Noguchi)
Fix tabs container styles to make RSS button clickable. !18559
Raise NoRepository error for non-valid repositories when calculating repository checksum. !18594
Don't automatically remove artifacts for pages jobs after pages:deploy has run. !18628
Increase new issue metadata form margin. !18630 (George Tsiolis)
Add loading icon padding for pipeline environments. !18631 (George Tsiolis)
ShaAttribute no longer stops startup if database is missing. !18726
Fix close keyboard shortcuts dialog using the keyboard shortcut. !18783 (Lars Greiss)
Fixes database inconsistencies between Community and Enterprise Edition on import state. !18811
Add database foreign key constraint between pipelines and build. !18822
Fix finding wiki pages when they have invalidly-encoded content. !18856
Fix outdated Web IDE welcome copy. !18861
fixed copy to blipboard button in embed bar of snippets. !18923 (haseebeqx)
Disables RBAC on nginx-ingress. !18947
Correct skewed Kubernetes popover illustration. !18949
Resolve Import/Export ci_cd_settings error updating the project. !46049
Fix project creation for user endpoint when jobs_enabled parameter supplied.
46210 Display logo and user dropdown on mobile for terms page and fix styling.
Adds illustration for when job log was erased.
Ensure web hook 'blocked URL' errors are stored in web hook logs and properly surfaced to the user.
Make toggle markdown preview shortcut only toggle selected field.
Verifiy if pipeline has commit idetails and render information in MR widget when branch is deleted.
Fixed inconsistent protected branch pill baseline.
Fix setting GitLab metrics content types.
Display only generic message on merge error to avoid exposing any potentially sensitive or user unfriendly backend messages.
Fix label links update on project transfer.
Breaks commit not found message in pipelines table.
Adjust issue boards list header label text color.
Prevent pipeline actions in dropdown to redirct to a new page.

Changed (35 changes, 15 of them are from the community)

Improve tooltips in collapsed right sidebar. !17714
Partition job_queue_duration_seconds with jobs_running_for_project. !17730
For group dashboard, we no longer show groups which the visitor is not a member of (this applies to admins and auditors). !17884 (Roger Rüttimann)
Use RFC 3676 mail signature delimiters. !17979 (Enrico Scholz)
Add sha filter to pipelines list API. !18125
New CI Job live-trace architecture. !18169
Make project deploy keys table more clearly structured. !18279
Remove green background from unlock button in admin area. !18288
Renamed Overview to Project in the contextual navigation at a project level. !18295 (Constance Okoghenun)
Load branches on new merge request page asynchronously. !18315
Create settings section for autodevops. !18321
Add a comma to the time estimate system notes. !18326
Enable specifying variables when executing a manual pipeline. !18440
Fix size and position for fork icon. !18449 (George Tsiolis)
Refactored activity calendar. !18469 (Enrico Scholz)
Small improvements to repository checks. !18484
Add 2FA filter to users API for admins only. !18503
Align project avatar on small viewports. !18513 (George Tsiolis)
Show group and project LFS settings in the interface to Owners and Masters. !18562
Update environment item action buttons icons. !18632 (George Tsiolis)
Update timeline icon for description edit. !18633 (George Tsiolis)
Revert discussion counter height. !18656 (George Tsiolis)
Improve quick actions summary preview. !18659 (George Tsiolis)
Change font for tables inside diff discussions. !18660 (George Tsiolis)
Add padding to profile description. !18663 (George Tsiolis)
Break issue title for board card title and issuable header text. !18674 (George Tsiolis)
Adds push mirrors to GitLab Community Edition. !18715
Inform the user when there are no project import options available. !18716 (George Tsiolis)
Improve commit message body rendering and fix responsive compare panels. !18725 (Constance Okoghenun)
Reconcile project templates with Auto DevOps. !18737
Remove branch name from the status bar of WebIDE.
Clean up WebIDE status bar and add useful info.
Improve interaction on WebIDE commit panel.
Keep current labels visible when editing them in the sidebar.
Use VueJS for rendering pipeline stages.

Performance (26 changes, 11 of them are from the community)

Move WorkInProgress vue component. !17536 (George Tsiolis)
Move ReadyToMerge vue component. !17545 (George Tsiolis)
Move BoardBlankState vue component. !17666 (George Tsiolis)
Improve DB performance of calculating total artifacts size. !17839
Add i18n and update specs for UnresolvedDiscussions vue component. !17866 (George Tsiolis)
Introduce new ProjectCiCdSetting model with group_runners_enabled. !18144
Move PipelineFailed vue component. !18277 (George Tsiolis)
Move TimeTrackingEstimateOnlyPane vue component. !18318 (George Tsiolis)
Move TimeTrackingHelpState vue component. !18319 (George Tsiolis)
Reduce queries on merge requests list page for merge requests from forks. !18561
Destroy build_chunks efficiently with FastDestroyAll module. !18575
Improve performance of a service responsible for creating a pipeline. !18582
Replace time_ago_in_words with JS-based one. !18607 (Takuya Noguchi)
Move TimeTrackingNoTrackingPane vue component. !18676 (George Tsiolis)
Move SidebarTimeTracking vue component. !18677 (George Tsiolis)
Move TimeTrackingSpentOnlyPane vue component. !18710 (George Tsiolis)
Detecting tags containing a commit uses Gitaly by default.
Increase cluster applications installer availability using alpine linux mirrors.
Compute notification recipients in background jobs.
Use persisted diff data instead fetching Git on discussions.
Detecting branchnames containing a commit uses Gitaly by default.
Detect repository license on Gitaly by default.
Finish NamespaceService migration to Gitaly.
Check if a ref exists is done by Gitaly by default.
Compute Gitlab::Git::Repository#checksum on Gitaly by default.
Repository#exists? is always executed through Gitaly.

Added (22 changes, 10 of them are from the community)

Allow group masters to configure runners for groups. !9646 (Alexis Reigel)
Adds Embedded Snippets Support. !15695 (haseebeqx)
Add Copy metadata quick action. !16473 (Mateusz Bajorski)
Show Runner's description on job's page. !17321
Add deprecation message to dynamic milestone pages. !17505
Show new branch/mr button even when branch exists. !17712 (Jacopo Beschi @jacopo-beschi)
API: add languages of project GET /projects/:id/languages. !17770 (Roger Rüttimann)
Display active sessions and allow the user to revoke any of it. !17867 (Alexis Reigel)
Add cron job to email users on issue due date. !17985 (Stuart Nelson)
Rubocop rule to avoid returning from a block. !18000 (Jacopo Beschi @jacopo-beschi)
Add the signature verification badge to the compare view. !18245 (Marc Shaw)
Expose Deploy Token data as environment varialbes on CI/CD jobs. !18414
Show group id in group settings. !18482 (George Tsiolis)
Allow admins to enforce accepting Terms of Service on an instance. !18570
Add CI_COMMIT_MESSAGE, CI_COMMIT_TITLE and CI_COMMIT_DESCRIPTION predefined variables. !18672
Add GCP signup offer to cluster index / create pages. !18684
Output some useful information when running the rails console. !18697
Display merge commit SHA in merge widget after merge. !18722
git SHA is now displayed alongside the GitLab version on the Admin Dashboard.
Expose the target commit ID through the tag API.
Added fuzzy file finder to web IDE.
Add discussion API for merge requests and commits.

Other (22 changes, 8 of them are from the community)

Replace the project/issues/milestones.feature spinach test with an rspec analog. !18300 (@blackst0ne)
Replace the project/commits/branches.feature spinach test with an rspec analog. !18302 (@blackst0ne)
Replacing gollum libraries for gitlab custom libs. !18343
Replace the project/commits/comments.feature spinach test with an rspec analog. !18356 (@blackst0ne)
Replace "Click" with "Select" to be more inclusive of people with accessibility requirements. !18386 (Mark Lapierre)
Remove ahead/behind graphs on project branches on mobile. !18415 (Takuya Noguchi)
Replace the project/source/markdown_render.feature spinach test with an rspec analog. !18525 (@blackst0ne)
Add missing changelog type to docs. !18526 (@blackst0ne)
Added Webhook SSRF prevention to documentation. !18532
Upgrade underscore.js to 1.9.0. !18578
Add documentation about how to use variables to define deploy policies for staging/production environments. !18675
Replace the project/builds/artifacts.feature spinach test with an rspec analog. !18729 (@blackst0ne)
Block access to the API & git for users that did not accept enforced Terms of Service. !18816
Transition to atomic internal ids for all models. !44259
Removes modal boards store and mixins from global scope.
Replace GKE acronym with Google Kubernetes Engine.
Replace vue resource with axios for pipelines details page.
Enable prometheus monitoring by default.
Replace vue resource with axios in pipelines table.
Bump lograge to 0.10.0 and remove monkey patch.
Improves wording in new pipeline page.
Gitaly handles repository forks by default.

10.7.7 (2018-07-17)

Security (1 change)

Fix symlink vulnerability in project import.

10.7.6 (2018-06-21)

Security (6 changes)

Fix XSS vulnerability for table of content generation.
Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
HTML escape branch name in project graphs page.
HTML escape the name of the user in ProjectsHelper#link_to_member.
Don't show events from internal projects for anonymous users in public feed.
XSS fix to use safe_params instead of params in url_for helpers.

Other (1 change)

Replacing gollum libraries for gitlab custom libs. !18343

10.7.5 (2018-05-28)

Security (3 changes)

Prevent user passwords from being changed without providing the previous password.
Fix API to remove deploy key from project instead of deleting it entirely.
Fixed bug that allowed importing arbitrary project attributes.

10.7.4 (2018-05-21)

Fixed (1 change)

Fix error when deleting an empty list of refs.

10.7.3 (2018-05-02)

Fixed (8 changes)

Fixed wrong avatar URL when the avatar is on object storage. !18092
Fix errors on pushing to an empty repository. !18462
Update doorkeeper to 4.3.2 to fix GitLab OAuth authentication. !18543
Ports omniauth-jwt gem onto GitLab OmniAuth Strategies suite. !18580
Fix redirection error for applications using OpenID. !18599
Fix commit trailer rendering when Gravatar is disabled.
Fix file_store for artifacts and lfs when saving.
Fix users not seeing labels from private groups when being a member of a child project.

10.7.2 (2018-04-25)

Security (2 changes)

Serve archive requests with the correct file in all cases.
Sanitizes user name to avoid XSS attacks.

10.7.1 (2018-04-23)

Fixed (11 changes)

[API] Fix URLs in the Link header for GET /projects/:id/repository/contributors when no value is passed for order_by or sort. !18393
Fix a case with secret variables being empty sometimes. !18400
Fix Trace::HttpIO can not render multi-byte chars. !18417
Fix specifying a non-default ref when requesting an archive using the legacy URL. !18468
Respect visibility options and description when importing project from template. !18473
Removes 'No Job log' message from build trace. !18523
Align action icons in pipeline graph.
Fix direct_upload when records with null file_store are used.
Removed alert box in IDE when redirecting to new merge request.
Fixed IDE not loading for sub groups.
Fixed IDE not showing loading state when tree is loading.

Performance (4 changes)

Validate project path prior to hitting the database. !18322
Add index to file_store on ci_job_artifacts. !18444
Fix N+1 queries when loading participants for a commit note.
Support Markdown rendering using multiple projects.

Added (1 change)

Add an API endpoint to download git repository snapshots. !18173

10.7.0 (2018-04-22)

Security (6 changes, 2 of them are from the community)

Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0. !17734 (Takuya Noguchi)
Update rack-protection to 2.0.1. !17835 (Takuya Noguchi)
Adds confidential notes channel for Slack/Mattermost.
Fix XSS on diff view stored on filenames.
Fix GitLab Auth0 integration signing in the wrong user.

Fixed (65 changes, 20 of them are from the community)

File uploads in remote storage now support project renaming. !4597
Fixed bug in dropdown selector when selecting the same selection again. !14631 (bitsapien)
Fixed group deletion linked to Mattermost. !16209 (Julien Millau)
Create commit API and Web IDE obey LFS filters. !16718
Set breadcrumb for admin/runners/show. !17431 (Takuya Noguchi)
Enable restore rake task to handle nested storage directories. !17516 (Balasankar C)
Fix hover style of dropdown items in the right sidebar. !17519
Improve empty state for canceled job. !17646
Fix generated URL when listing repoitories for import. !17692
Use singular in the diff stats if only one line has been changed. !17697 (Jan Beckmann)
Long instance urls do not overflow anymore during project creation. !17717
Fix importing multiple assignees from GitLab export. !17718
Correct copy text for the promote milestone and label modals. !17726
Fix search results stripping last endline when parsing the results. !17777 (Jasper Maes)
Add read-only banner to all pages. !17798
Fix viewing diffs on old merge requests. !17805
Fix forking to subgroup via API when namespace is given by name. !17815 (Jan Beckmann)
Fix UI breakdown for Create merge request button. !17821 (Takuya Noguchi)
Unify format for nested non-task lists. !17823 (Takuya Noguchi)
UX re-design branch items with flexbox. !17832 (Takuya Noguchi)
Use porcelain commit lookup method on CI::CreatePipelineService. !17911
Update dashboard milestones breadcrumb link. !17933 (George Tsiolis)
Deleting a MR you are assigned to should decrements counter. !17951 (m b)
Update no repository placeholder. !17964 (George Tsiolis)
Drop JSON response in Project Milestone along with avoiding error. !17977 (Takuya Noguchi)
Fix personal access token clipboard button style. !17978 (Fabian Schneider)
Avoid validation errors when running the Pages domain verification service. !17992
Project creation will now raise an error if a service template is invalid. !18013
Add better LDAP connection handling. !18039
Fix autolinking URLs containing ampersands. !18045
Fix exceptions raised when migrating pipeline stages in the background. !18076
Always display Labels section in issuable sidebar, even when the project has no labels. !18081 (Branka Martinovic)
Fixed gitlab:uploads:migrate task ignoring some uploads. !18082
Fixed gitlab:uploads:migrate task failing for Groups' avatar. !18088
Increase dropdown width in pipeline graph & center action icon. !18089
Fix JobsController#raw endpoint can not read traces in database. !18101
Fix gitlab-rake gitlab:two_factor:disable_for_all_users. !18154
Adjust 404's for LegacyDiffNote discussion rendering. !18201
Work around Prometheus Helm chart name changes to fix integration. !18206 (joshlambert)
Prioritize weight over title when sorting charts. !18233
Verify that deploy token has valid access when pulling container registry image. !18260
Stop redirecting the page in pipeline main actions.
Fixed IDE button opening the wrong URL in tree list.
Ensure hooks run when a deploy key without a user pushes.
Fix 404 in group boards when moving issue between lists.
Display state indicator for issuable references in non-project scope (e.g. when referencing issuables from group scope).
Add missing port to artifact links.
Fix data race between ObjectStorage background_upload and Pages publishing.
Fixes unresolved discussions rendering the error state instead of the diff.
Don't show Jump to Discussion button on Issues.
Fix bug rendering group icons when forking.
Automatically cleanup stale worktrees and lock files upon a push.
Use the GitLab version as part of the appearances cache key.
Fix Firefox stealing formatting characters on issue notes.
Include matching branches and tags in protected branches / tags count. (Jan Beckmann)
Fix 500 error when a merge request from a fork has conflicts and has not yet been updated.
Test if remote repository exists when importing wikis.
Hide emoji popup after multiple spaces. (Jan Beckmann)
Fix relative uri when "#" is in branch name. (Jan)
Escape Markdown characters properly when using autocomplete.
Ignore project internal references in group context.
Fix finding wiki file when Gitaly is enabled.
Fix listing commit branch/tags that contain special characters.
Ensure internal users (ghost, support bot) get assigned a namespace.
Fix links to subdirectories of a directory with a plus character in its path.

Deprecated (1 change)

Remove support for legacy tar.gz pages artifacts. !18090

Changed (22 changes, 2 of them are from the community)

Add yellow favicon when CANARY=true to differientate canary environment. !12477
Use human readable value build_timeout in Project. !17386
Improved visual styles and consistency for commit hash and possible actions across commit lists. !17406
Don't create permanent redirect routes. !17521
Add empty repo check before running AutoDevOps pipeline. !17605
Update wording to specify create/manage project vs group labels in labels dropdown. !17640
Add tooltips to icons in lists of issues and merge requests. !17700
Change avatar error message to include allowed file formats. !17747 (Fabian Schneider)
Polish design for verifying domains. !17767
Move email footer info to a single line. !17916
Add average and maximum summary statistics to the prometheus dashboard. !17921
Add additional cluster usage metrics to usage ping. !17922
Move 'Registry' after 'CI/CD' in project navigation sidebar. !18018 (Elias Werberich)
Redesign application settings to match project settings. !18019
Allow HTTP(s) when git request is made by GitLab CI. !18021
Added hover background color to IDE file list rows.
Make project avatar in IDE consistent with the rest of GitLab.
Show issues of subgroups in group-level issue board.
Repository checksum calculation is handled by Gitaly when feature is enabled.
Allow viewing timings for AJAX requests in the performance bar.
Fixes remove source branch checkbox being visible when user cannot remove the branch.
Make /-/ delimiter optional for search endpoints.

Performance (24 changes, 11 of them are from the community)

Move AssigneeTitle vue component. !17397 (George Tsiolis)
Move TimeTrackingCollapsedState vue component. !17399 (George Tsiolis)
Move MemoryGraph and MemoryUsage vue components. !17533 (George Tsiolis)
Move UnresolvedDiscussions vue component. !17538 (George Tsiolis)
Move NothingToMerge vue component. !17544 (George Tsiolis)
Move ShaMismatch vue component. !17546 (George Tsiolis)
Stop caching highlighted diffs in Redis unnecessarily. !17746
Add i18n and update specs for ShaMismatch vue component. !17870 (George Tsiolis)
Update spec import path for vue mount component helper. !17880 (George Tsiolis)
Move TimeTrackingComparisonPane vue component. !17931 (George Tsiolis)
Improves the performance of projects list page. !17934
Remove N+1 query for Noteable association. !17956
Improve performance of loading issues with lots of references to merge requests. !17986
Reuse root_ref_hash for performance on Branches. !17998 (Takuya Noguchi)
Update asciidoctor-plantuml to 0.0.8. !18022 (Takuya Noguchi)
Cache personal projects count. !18197
Reduce complexity of issuable finder query. !18219
Reduce number of queries when viewing a merge request.
Free open file descriptors and libgit2 buffers in UpdatePagesService.
Memoize Git::Repository#has_visible_content?.
Require at least one filter when listing issues or merge requests on dashboard page.
lazy load diffs on merge request discussions.
Bulk deleting refs is handled by Gitaly by default.
ListCommitsByOid is executed by Gitaly by default.

Added (38 changes, 7 of them are from the community)

Add HTTPS-only pages. !16273 (rfwatson)
adds closed by informations in issue api. !17042 (haseebeqx)
Projects and groups badges settings UI. !17114
Add per-runner configured job timeout. !17221
Add alternate archive route for simplified packaging. !17225
Add support for pipeline variables expressions in only/except. !17316
Add object storage support for LFS objects, CI artifacts, and uploads. !17358
Added confirmation modal for changing username. !17405
Implement foreground verification of CI artifacts. !17578
Extend API for exporting a project with direct upload URL. !17686
Move ci/lint under project's namespace. !17729
Add Total CPU/Memory consumption metrics for Kubernetes. !17731
Adds the option to the project export API to override the project description and display GitLab export description once imported. !17744
Port direct upload of LFS artifacts from EE. !17752
Adds support for OmniAuth JWT provider. !17774
Display error message on job's tooltip if this one fails. !17782
Add 'Assigned Issues' and 'Assigned Merge Requests' as dashboard view choices for users. !17860 (Elias Werberich)
Extend API for importing a project export with overwrite support. !17883
Create Deploy Tokens to allow permanent access to repository and registry. !17894
Detect commit message trailers and link users properly to their accounts on GitLab. !17919 (cousine)
Adds cancel btn to new pages domain page. !18026 (Jacopo Beschi @jacopo-beschi)
API: Add parameter merge_method to projects. !18031 (Jan Beckmann)
Introduce simpler env vars for auto devops REPLICAS and CANARY_REPLICAS #41436. !18036
Allow overriding params on project import through API. !18086
Support LFS objects when importing/exporting GitLab project archives. !18115
Store sha256 checksum of artifact metadata. !18149
Limit the number of failed logins when using LDAP for authentication. !43525
Allow assigning and filtering issuables by ancestor group labels.
Include subgroup issues when searching for group issues using the API.
Allow to store uploads by default on Object Storage.
Add slash command for moving issues. (Adam Pahlevi)
Render MR commit SHA instead "diffs" when viable.
Send @mention notifications even if a user has explicitly unsubscribed from item.
Add support for Sidekiq JSON logging.
Add Gitaly call details to performance bar.
Add support for patch link extension for commit links on GitLab Flavored Markdown.
Allow feature gates to be removed through the API.
Allow merge requests related to a commit to be found via API.

Other (27 changes, 11 of them are from the community)

Send notification emails when push to a merge request. !7610 (YarNayar)
Rename modal.vue to deprecated_modal.vue. !17438
Atomic generation of internal ids for issues. !17580
Use object ID to prevent duplicate keys Vue warning on Issue Boards page during development. !17682
Update foreman from 0.78.0 to 0.84.0. !17690 (Takuya Noguchi)
Add realtime pipeline status for adding/viewing files. !17705
Update documentation to reflect current minimum required versions of node and yarn. !17706
Update knapsack to 1.16.0. !17735 (Takuya Noguchi)
Update CI services documnetation. !17749
Added i18n support for the prometheus memory widget. !17753
Use specific names for filtered CI variable controller parameters. !17796
Apply NestingDepth (level 5) (framework/dropdowns.scss). !17820 (Takuya Noguchi)
Clean up selectors in framework/header.scss. !17822 (Takuya Noguchi)
Bump state_machines-activerecord to 0.5.1. !17924 (blackst0ne)
Increase the memory limits used in the unicorn killer. !17948
Replace the spinach test with an rspec analog. !17950 (blackst0ne)
Remove unused index from events table. !18014
Make all workhorse gitaly calls opt-out, take 2. !18043
Update brakeman 3.6.1 to 4.2.1. !18122 (Takuya Noguchi)
Replace the project/issues/labels.feature spinach test with an rspec analog. !18126 (blackst0ne)
Bump html-pipeline to 2.7.1. !18132 (@blackst0ne)
Remove test_ci rake task. !18139 (Takuya Noguchi)
Add documentation for Pipelines failure reasons. !18352
Improve JIRA event descriptions.
Add query counts to profiler output.
Move Sidekiq exporter logs to log/sidekiq_exporter.log.
Upgrade Gitaly to upgrade its charlock_holmes.

10.6.6 (2018-05-28)

Security (4 changes)

Do not allow non-members to create MRs via forked projects when MRs are private.
Prevent user passwords from being changed without providing the previous password.
Fix API to remove deploy key from project instead of deleting it entirely.
Fixed bug that allowed importing arbitrary project attributes.

10.6.5 (2018-04-24)

Security (1 change)

Sanitizes user name to avoid XSS attacks.

10.6.4 (2018-04-09)

Fixed (8 changes, 1 of them is from the community)

Correct copy text for the promote milestone and label modals. !17726
Avoid validation errors when running the Pages domain verification service. !17992
Fix autolinking URLs containing ampersands. !18045
Fix exceptions raised when migrating pipeline stages in the background. !18076
Work around Prometheus Helm chart name changes to fix integration. !18206 (joshlambert)
Don't show Jump to Discussion button on Issues.
Fix listing commit branch/tags that contain special characters.
Fix 404 in group boards when moving issue between lists.

Performance (1 change)

Free open file descriptors and libgit2 buffers in UpdatePagesService.

10.6.3 (2018-04-03)

Security (2 changes)

Fix XSS on diff view stored on filenames.
Adds confidential notes channel for Slack/Mattermost.

10.6.2 (2018-03-29)

Fixed (2 changes, 1 of them is from the community)

Don't capture trailing punctuation when autolinking. !17965
Cloning a repository over HTTPS with LDAP credentials causes a HTTP 401 Access denied. (Horatiu Eugen Vlad)

10.6.1 (2018-03-27)

Security (1 change)

Bump rails-html-sanitizer to 1.0.4.

Fixed (2 changes)

Prevent auto-retry AccessDenied error from stopping transition to failed. !17862
Fix 500 error when trying to resolve non-ASCII conflicts in the editor. !17962

Performance (1 change)

Add indexes for user activity queries. !17890

Other (1 change)

Add documentation for runner IP address (#44232). !17837

10.6.0 (2018-03-22)

Security (4 changes)

Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
Ensure that OTP backup codes are always invalidated.
Add verification for GitLab Pages custom domains.
Fix GitLab Auth0 integration signing in the wrong user.

Fixed (75 changes, 17 of them are from the community)

Ensure users cannot create environments with leading or trailing slashes (Fixes #39885). !15273
Fix new project path input overlapping. !16755 (George Tsiolis)
Respect description and visibility when creating project from template. !16820 (George Tsiolis)
Remove user notification settings for groups and projects when user leaves. !16906 (Jacopo Beschi @jacopo-beschi)
Fix Teleporting Emoji. !16963 (Jared Deckard jared.deckard@gmail.com)
Fix duplicate system notes when merging a merge request. !17035
Fix breadcrumb on labels page for groups. !17045 (Onuwa Nnachi Isaac)
Fix user avatar's vertical align on the issues and merge requests pages. !17072 (Laszlo Karpati)
Fix settings panels not expanding when fragment hash linked. !17074
Fix 404 when listing archived projects in a group where all projects have been archived. !17077 (Ashley Dumaine)
Allow to call PUT /projects/:id API with only ci_config_path specified. !17105 (Laszlo Karpati)
Fix long list of recipients on group request membership email. !17121 (Jacopo Beschi @jacopo-beschi)
Remove duplicated error message on duplicate variable validation. !17135
Keep "Import project" tab/form active when validation fails trying to import "Repo by URL". !17136
Fixed bug with unauthenticated requests through git ssh. !17149
Allows project rename after validation error. !17150
Fix "Remove source branch" button in Merge request widget during merge when pipeline succeeds state. !17192
Add missing pagination on the commit diff endpoint. !17203 (Maxime Roussin-Bélanger)
Fix get a single pages domain when project path contains a period. !17206 (Travis Miller)
remove avater underline. !17219 (Ken Ding)
Allows the usage of /milestone quick action for group milestones. !17239 (Jacopo Beschi @jacopo-beschi)
Encode branch name as binary before creating a RPC request to copy attributes. !17291
Restart Unicorn and Sidekiq when GRPC throws 14:Endpoint read failed. !17293
Do not persist Google Project verification flash errors after a page reload. !17299
Ensure group issues and merge requests pages show results from subgroups when there are no results from the current group. !17312
Prevent trace artifact migration to incur data loss. !17313
Fixes gpg popover layout. !17323
Return a 404 instead of 403 if the repository does not exist on disk. !17341
Fix Slack/Mattermost notifications not respecting notify_only_default_branch setting for pushes. !17345
Fix Group labels load failure when there are duplicate labels present. !17353
Allow Prometheus application to be installed from Cluster applications. !17372
Fixes Prometheus admin configuration page. !17377
Enable filtering MR list based on clicked label in MR sidebar. !17390
Fix code and wiki search results pages when non-ASCII text is displayed. !17413
Count comments on diffs and discussions as contributions for the contributions calendar. !17418 (Riccardo Padovani)
Add Assignees vue component missing data container. !17426 (George Tsiolis)
Update tooltip on pipeline cancel to Stop (#42946). !17444
Removing the two factor check when the user sets a new password. !17457
Fix quick actions for users who cannot update issues and merge requests. !17482
Stop loading spinner on error of milestone update on issue. !17507 (Takuya Noguchi)
Set margins around dropdown dividers to 4px. !17517
Fix pages flaky failure by reloading stale object. !17522
Remove extra breadcrumb on tags. !17562 (Takuya Noguchi)
Fix missing uploads after group transfer. !17658
Fix markdown table showing extra column. !17669
Ensure the API returns https links when https is configured. !17681
Sanitize extra blank spaces used when uploading a SSH key. !40552
Render htmlentities correctly for links not supported by Rinku.
Keep link when redacting unauthorized object links.
Handle empty state in Pipelines page.
Revert Project.public_or_visible_to_user changes and only apply to snippets.
Release libgit2 cache and open file descriptors after git gc run.
Fix project dashboard showing the wrong timestamps.
Fix "Can't modify frozen hash" error when project is destroyed.
Fix Error 500 when viewing a commit with a GPG signature in Geo.
Don't error out in system hook if user has nil datetime columns.
Remove double caching of Repository#empty?.
Don't delete todos or unassign issues and MRs when a user leaves a project.
Don't cache a nil repository root ref to prevent caching issues.
Escape HTML entities in commit messages.
Verify project import status again before marking as failed.
[GitHub Import] Create an empty wiki if wiki import failed.
Create empty wiki when import from GitLab and wiki is not there.
Make sure wiki exists when it's enabled.
Fix broken loading state for close issue button.
Fix code and wiki search results when filename is non-ASCII.
Fix file upload on project show page.
Fix squashing when a file is renamed.
Show loading button inline in refresh button in MR widget.
Fix close button on issues not working on mobile.
Adds tooltip in environment names to increase readability.
Fixed issue edit shortcut not opening edit form.
Fix 500 error being shown when diff has context marker with invalid encoding.
Render modified icon for moved file in changes dropdown.
Remember assignee when moving an issue.

Changed (16 changes, 9 of them are from the community)

Allow including custom attributes in API responses. !16526 (Markus Koller)
Apply new default and inline label design. !16956 (George Tsiolis)
Remove whitespace from the username/email sign in form field. !17020 (Peter lauck)
CI charts now include the current day. !17032 (Dakkaron)
Hide CI secret variable values after saving. !17044
Add new modal Vue component. !17108
Asciidoc now support inter-document cross references between files in repository. !17125 (Turo Soisenniemi)
Update issue closing pattern to allow variations in punctuation. !17198 (Vicky Chijwani)
Add a button to deploy a runner to a Kubernetes cluster in the settings page. !17278
Pages custom domain: allow update of key/certificate. !17376 (rfwatson)
Clear the Labels dropdown search filter after a selection is made. !17393 (Andrew Torres)
Hook data for pipelines includes detailed_status. !17607
Avoid showing unnecessary Trigger checkboxes for project Integrations with only one event. !17607
Display a link to external issue tracker when enabled.
Allow token authentication on go-get request.
Update SSH key link to include existing keys. (Brendan O'Leary)

Performance (24 changes, 5 of them are from the community)

Add catch-up background migration to migrate pipeline stages. !15741
Move BoardNewIssue vue component. !16947 (George Tsiolis)
Move IssuableTimeTracker vue component. !16948 (George Tsiolis)
Move RecentSearchesDropdownContent vue component. !16951 (George Tsiolis)
Move Assignees vue component. !16952 (George Tsiolis)
Improve performance of pipeline page by reducing DB queries. !17168
Store sha256 checksum to job artifacts. !17354
Move SidebarAssignees vue component. !17398 (George Tsiolis)
Improve database response time for user activity listing. !17454
Use persisted/memoized value for MRs shas instead of doing git lookups. !17555
Cache MergeRequests can_be_resolved_in_ui? git operations. !17589
Prevent the graphs page from generating unnecessary Gitaly requests. !37602
Use a user object in ApplicationHelper#avatar_icon where possible to avoid N+1 queries. !42800
Submit a single batch blob RPC to Gitaly per HTTP request when viewing diffs.
Avoid re-fetching merge-base SHA from Gitaly unnecessarily.
Don't use ProjectsFinder in TodosFinder.
Adding missing indexes on taggings table.
Add index on section_name_id on ci_build_trace_sections table.
Cache column_exists? for application settings.
Cache table_exists?('application_settings') to reduce repeated schema reloads.
Make --prune a configurable parameter in fetching a git remote.
Fix timeouts loading /admin/projects page.
Add partial indexes on todos to handle users with many todos.
Optimize search queries on the search page by setting a limit for matching records in project scope.

Added (30 changes, 9 of them are from the community)

Add CommonMark markdown engine (experimental). !14835 (blackst0ne)
API: Get references a commit is pushed to. !15026 (Robert Schilling)
Add overview of branches and a filter for active/stale branches. !15402 (Takuya Noguchi)
Add project export API. !15860 (Travis Miller)
expose more metrics in merge requests api. !16589 (haseebeqx)
#28481: Display time tracking totals on milestone page. !16753 (Riccardo Padovani)
Add a button on the project page to set up a Kubernetes cluster and enable Auto DevOps. !16900
Include cycle time in usage ping data. !16973
Add ability to use external plugins as an alternative to system hooks. !17003
Add search param to Branches API. !17005 (bunufi)
API endpoint for importing a project export. !17025
Display ingress IP address in the Kubernetes page. !17052
Implemented badge API endpoints. !17082
Allow installation of GitLab Runner with a single click. !17134
Allow commits endpoint to work over all commits of a repository. !17182
Display Runner IP Address. !17286
Add archive feature to trace. !17314
Allow maintainers to push to forks of their projects when a merge request is open. !17395
Foreground verification of uploads and LFS objects. !17402
Adds updated_at filter to issues and merge_requests API. !17417 (Jacopo Beschi @jacopo-beschi)
Port /wip quick action command to Merge Request creation (on description). !17463 (Adam Pahlevi)
Add a paragraph about security implications on Cluster's page. !17486
Add plugins list to the system hooks page. !17518
Enable privileged mode for GitLab Runner. !17528
Expose GITLAB_FEATURES as CI/CD variable (fixes #40994).
Upgrade GitLab Workhorse to 4.0.0.
Add discussions API for Issues and Snippets.
Add one group board to Libre.
Add support for filtering by source and target branch to merge requests API.

Other (18 changes, 7 of them are from the community)

Group MRs on issue page by project and namespace. !8494 (Jeff Stubler)
Make oauth provider login generic. !8809 (Horatiu Eugen Vlad)
Add email button to new issue by email. !10942 (Islam Wazery)
Update vue component naming guidelines. !17018 (George Tsiolis)
Added new design for promotion modals. !17197
Update to github-linguist 5.3.x. !17241 (Ken Ding)
update toml-rb to 1.0.0. !17259 (Ken Ding)
Keep track of projects a user interacted with. !17327
Moved o_auth/saml/ldap modules under gitlab/auth. !17359 (Horatiu Eugen Vlad)
Enables eslint in codeclimate job. !17392
Port Labels Select dropdown to Vue. !17411
Add NOT NULL constraint to projects.namespace_id. !17448
Ensure foreign keys on clusters applications. !17488
Started translation into Turkish, Indonesian and Filipino. !17526
Add documentation for displayed K8s Ingress IP address (#44330). !17836
Move Ruby endpoints to OPT_OUT.
Upgrade Workhorse to version 3.8.0 to support structured logging.
Use host URL to build JIRA remote link icon.

10.5.8 (2018-04-24)

Security (1 change)

Sanitizes user name to avoid XSS attacks.

10.5.7 (2018-04-03)

Security (2 changes)

Fix XSS on diff view stored on filenames.
Adds confidential notes channel for Slack/Mattermost.

10.5.6 (2018-03-16)

Security (2 changes)

Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
Fix GitLab Auth0 integration signing in the wrong user.

10.5.5 (2018-03-15)

Fixed (3 changes)

Fix missing uploads after group transfer. !17658
Fix code and wiki search results when filename is non-ASCII.
Remove double caching of Repository#empty?.

Performance (2 changes)

Adding missing indexes on taggings table.
Add index on section_name_id on ci_build_trace_sections table.

10.5.4 (2018-03-08)

Fixed (11 changes)

Encode branch name as binary before creating a RPC request to copy attributes. !17291
Restart Unicorn and Sidekiq when GRPC throws 14:Endpoint read failed. !17293
Ensure group issues and merge requests pages show results from subgroups when there are no results from the current group. !17312
Prevent trace artifact migration to incur data loss. !17313
Return a 404 instead of 403 if the repository does not exist on disk. !17341
Allow Prometheus application to be installed from Cluster applications. !17372
Fixes Prometheus admin configuration page. !17377
Fix code and wiki search results pages when non-ASCII text is displayed. !17413
Fix pages flaky failure by reloading stale object. !17522
Fixed issue edit shortcut not opening edit form.
Revert Project.public_or_visible_to_user changes and only apply to snippets.

Performance (1 change)

Don't use ProjectsFinder in TodosFinder.

10.5.3 (2018-03-01)

Security (1 change)

Ensure that OTP backup codes are always invalidated.

10.5.2 (2018-02-25)

Fixed (7 changes)

Fix single digit value clipping for stacked progress bar. !17217
Fix issue with cache key being empty when variable used as the key. !17260
Enable Legacy Authorization by default on Cluster creations. !17302
Allow branch names to be named the same as the sha it points to.
Fix 500 error when loading an invalid upload URL.
Don't attempt to update user tracked fields if database is in read-only.
Prevent MR Widget error when no CI configured.

Performance (5 changes)

Improve query performance for snippets dashboard. !17088
Only check LFS integrity for first ref in a push to avoid timeout. !17098
Improve query performance of MembersFinder. !17190
Increase feature flag cache TTL to one hour.
Improve performance of searching for and autocompleting of users.

10.5.1 (2018-02-22)

No changes.

10.5.0 (2018-02-22)

Security (3 changes, 1 of them is from the community)

Update marked from 0.3.6 to 0.3.12. !16480 (Takuya Noguchi)
Update nokogiri to 1.8.2. !16807
Add verification for GitLab Pages custom domains.

Fixed (77 changes, 25 of them are from the community)

Fix the Projects API with_issues_enabled filter behaving incorrectly any user. !12724 (Jan Christophersen)
Hide pipeline schedule take ownership for current owner. !12986
Handle special characters on API request of issuable templates. !15323 (Takuya Noguchi)
Shows signin tab after new user email confirmation. !16174 (Jacopo Beschi @jacopo-beschi)
Make project README containers wider on fixed layout. !16181 (Takuya Noguchi)
Fix dashboard projects nav links height. !16204 (George Tsiolis)
Fix error on empty query for Members API. !16235
Issue board: fix for dragging an issue to the very bottom in long lists. !16250 (David Kuri)
Make rich blob viewer wider for PC. !16262 (Takuya Noguchi)
Substitute deprecated ui_charcoal with new default ui_indigo. !16271 (Takuya Noguchi)
Generate HTTP URLs for custom Pages domains when appropriate. !16279
Make modal dialog common for Groups tree app. !16311
Allow moving wiki pages from the UI. !16313
Filter groups and projects dropdowns of search page on backend. !16336
Adjust layout width for fixed layout. !16337 (George Tsiolis)
Fix custom header logo design nitpick: Remove unneeded margin on empty logo text. !16383 (Markus Doits)
File Upload UI can create LFS pointers based on .gitattributes. !16412
Fix Ctrl+Enter keyboard shortcut saving comment/note edit. !16415
Fix file search results when they match file contents with a number between two colons. !16462
Fix tooltip displayed for running manual actions. !16489
Allow trailing + on labels in board filters. !16490
Prevent JIRA issue identifier from being humanized. !16491 (Andrew McCallum)
Add horizontal scroll to wiki tables. !16527 (George Tsiolis)
Fix a bug calculating artifact size for project statistics. !16539
Stop loading spinner on error of issuable templates. !16600 (Takuya Noguchi)
Allows html text in commits atom feed. !16603 (Jacopo Beschi @jacopo-beschi)
Disable MR check out button when source branch is deleted. !16631 (Jacopo Beschi @jacopo-beschi)
Fix export removal for hashed-storage projects within a renamed or deleted namespace. !16658
Default to HTTPS for all Gravatar URLs. !16666
Login via OAuth now only marks new users as external. !16672
Fix default avatar icon missing when Gravatar is disabled. !16681 (Felix Geyer)
Change button group width on mobile. !16726 (George Tsiolis)
Fix version information not showing on help page if commercial content display was disabled. !16743
Adds spacing between edit and delete tag btn in tag list. !16757 (Jacopo Beschi @jacopo-beschi)
Fix 500 error when loading a merge request with an invalid comment. !16795
Deleting an upload will correctly clean up the filesystem. !16799
Cleanup new branch/merge request form in issues. !16854
Fix GitLab import leaving group_id on ProjectLabel. !16877
Fix forking projects when no restricted visibility levels are defined applicationwide. !16881
Trigger change event on filename input when file template is applied. !16911 (Sebastian Klingler)
Fixes different margins between buttons in tag list. !16927 (Jacopo Beschi @jacopo-beschi)
Close low level rugged repository in project cache worker. !16930 (Bastian Blank)
Override group sidebar links. !16942 (George Tsiolis)
Avoid running PopulateForkNetworksRange-migration multiple times. !16988
Resolve PrepareUntrackedUploads PostgreSQL syntax error. !17019
Fix monaco editor features which were incompatible with GitLab CDN settings. !17021
Fixed error 500 when removing an identity with synced attributes and visiting the profile page. !17054
Fix cnacel edit note button reverting changes. !42462
For issues display time of last edit of title or description instead of time of any attribute change.
Handle all Psych YAML parser exceptions (fixes #41209).
Fix validation of environment scope of variables.
Display user friendly error message if rebase fails.
Hide new branch and tag links for projects with an empty repo.
Fix protected branches API to accept name parameter with dot.
Closes #38540 - Remove .ssh/environment file that now breaks the gitlab:check rake task.
Keep subscribers when promoting labels to group labels.
Replace verified badge icons and uniform colors.
Fix error on changes tab when merge request cannot be created.
Ignore leading slashes when searching for files within context of repository. (Andrew McCallum)
Close and do not reload MR diffs when source branch is deleted.
Bypass commits title markdown on notes.
Reload MRs memoization after diffs creation.
Return more consistent values for merge_status on MR APIs.
Contribution calendar label was cut off. (Branka Martinovic)
LDAP Person no longer throws exception on invalid entry.
Fix bug where award emojis would be lost when moving issues between projects.
Fix not all events being shown in group dashboard.
Fix JIRA not working when a trailing slash is included.
Fix squash not working when diff contained non-ASCII data.
Remove erroneous text in shared runners page that suggested more runners available.
Execute system hooks after-commit when executing project hooks.
Makes forking protect default branch on completion.
Validate user, group and project paths consistently, and only once.
Validate user namespace before saving so that errors persist on model.
Permits 'password_authentication_enabled_for_git' parameter for ApplicationSettingsController.
Fix duplicate item in protected branch/tag dropdown.
Open visibility level help in a new tab. (Jussi Räsänen)

Deprecated (1 change)

Add note within ux documentation that further changes should be made within the design.gitlab project.

Changed (20 changes, 7 of them are from the community)

Show coverage to two decimal points in coverage badge. !10083 (Jeff Stubler)
Update 'removed assignee' note to include old assignee reference. !16301 (Maurizio De Santis)
Move row containing Projects, Users and Groups count to the top in admin dashboard. !16421
Add Auto DevOps Domain application setting. !16604
Changes Revert this merge request text. !16611 (Jacopo Beschi @jacopo-beschi)
Link Auto DevOps settings to Clusters page. !16641
Internationalize charts page. !16687 (selrahman)
Internationalize graph page selrahman. !16688 (Shah El-Rahman)
Save traces as artifacts. !16702
Hide variable values on pipeline schedule edit page. !16729
Update runner info on all authenticated requests. !16756
Improve issue note dropdown and mr button. !16758 (George Tsiolis)
Replace "cluster" with "Kubernetes cluster". !16778
Enable Prometheus metrics for deployed Ingresses. !16866 (joshlambert)
Rename button to enable CI/CD configuration to "Set up CI/CD". !16870
Double padding for file-content wiki class on larger screens.
Improve wording about additional costs for Ingress on custom clusters.
Last push widget will show banner for new pushes to previously merged branch.
Save user ID and username in Grape API log (api_json.log).
Include subgroup issues and merge requests on the group page.

Performance (14 changes, 1 of them is from the community)

Fix double query execution on groups page. !16314
Speed up loading merged merge requests when they contained a lot of commits before merging. !16320
Properly memoize some predicate methods. !16329
Reduce the number of Prometheus metrics. !16443
Only highlight search results under the highlighting size limit. !16462
Add fast-blank. !16468
Move BoardList vue component to vue file. !16888 (George Tsiolis)
Fix N+1 query problem for snippets dashboard. !16944
Optimize search queries on the search page by setting a limit for matching records.
Store number of commits in merge_request_diffs table.
Improve performance of target branch dropdown.
Remove duplicate calls of MergeRequest#can_be_reverted?.
Stop checking if discussions are in a mergeable state if the MR isn't.
Remove N+1 queries with /projects/:project_id/{access_requests,members} API endpoints.

Added (28 changes, 10 of them are from the community)

Add link on commit page to merge request that introduced that commit. !13713 (Hiroyuki Sato)
System hooks for Merge Requests. !14387 (Alexis Reigel)
Add pipelines endpoint to merge requests API. !15454 (Tony Rom thetonyrom@gmail.com)
Adds Rubocop rule for line break around conditionals. !15739 (Jacopo Beschi @jacopo-beschi)
Add Colors to GitLab Flavored Markdown. !16095 (Tony Rom thetonyrom@gmail.com)
Initial work to add notification reason to emails. !16160 (Mario de la Ossa)
Implement multi server support and use kube proxy to connect to Prometheus servers inside K8S cluster. !16182
Add ability to transfer a group into another group. !16302
Add blue dot feature highlight to make GKE Clusters more visible to users. !16379
Add section headers to plus button dropdown. !16394 (George Tsiolis)
Support PostgreSQL 10. !16471
Enables Project Milestone Deletion via the API. !16478 (Jacopo Beschi @jacopo-beschi)
Add realtime ci status for the repository -> files view. !16523
User can now git push to create a new project. !16547
Improve empty project overview. !16617 (George Tsiolis)
Added uploader metadata to the uploads. !16779
Added ldap config setting to lower case the username. !16791
Add search support into the API. !16878
Backport of LFS File Locking API. !16935
Add a link to documentation on how to get external ip in the Kubernetes cluster details page. !16937
Add sorting options for /users API (admin only). !16945
Adds sorting to deployments API. (Jacopo Beschi @jacopo-beschi)
Add rake task to check integrity of uploaded files.
Add backend for persistently dismissably callouts.
Track and act upon the number of executed queries.
Add a gRPC health check to ensure Gitaly is up.
Log and send a system hook if a blocked user attempts to login.
Add Gitaly Servers admin dashboard.

Other (25 changes, 7 of them are from the community)

Updated the katex library. !15864
Add modal for deleting a milestone. !16229
Remove unused CSS selectors for Cycle Analytics. !16270 (Takuya Noguchi)
Add reason to keep postgresql 9.2 for CI. !16277 (Takuya Noguchi)
Adjust modal style to new design. !16310
Default to Gitaly for 'git push' HTTP/SSH, and make Gitaly mandatory for SSH pull. !16586
Set timezone for karma to UTC. !16602 (Takuya Noguchi)
Make Gitaly RepositoryExists opt-out. !16680
Update minimum git version to 2.9.5. !16683
Disable throwOnError in KaTeX to reveal user where is the problem. !16684 (Jakub Jirutka)
fix documentation about node version. !16720 (Tobias Gurtzick)
Enable RuboCop Style/RegexpLiteral. !16752 (Takuya Noguchi)
Add confirmation-input component. !16816
Add unique constraint to trending_projects#project_id. !16846
Add foreign key and NOT NULL constraints to todos table. !16849
Include branch in mobile view for pipelines. !16910 (George Tsiolis)
Downgrade google-protobuf gem. !16941
Refactors mr widget components into vue files and adds i18n.
increase-readability-of-colored-text-in-job-output-log.
Finish any remaining jobs for issues.closed_at.
Translate issuable sidebar.
Set standard disabled state for all buttons.
Upgrade GitLab Workhorse to v3.6.0.
Improve readability of underlined links for dyslexic users.
Adds empty state illustration for pending job.

10.4.7 (2018-04-03)

Security (2 changes)

Fix XSS on diff view stored on filenames.
Adds confidential notes channel for Slack/Mattermost.

10.4.6 (2018-03-16)

Security (2 changes)

Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
Fix GitLab Auth0 integration signing in the wrong user.

10.4.5 (2018-03-01)

Security (1 change)

Ensure that OTP backup codes are always invalidated.

10.4.4 (2018-02-16)

Security (1 change)

Update nokogiri to 1.8.2. !16807

Fixed (9 changes)

Fix 500 error when loading a merge request with an invalid comment. !16795
Cleanup new branch/merge request form in issues. !16854
Fix GitLab import leaving group_id on ProjectLabel. !16877
Fix forking projects when no restricted visibility levels are defined applicationwide. !16881
Resolve PrepareUntrackedUploads PostgreSQL syntax error. !17019
Fixed error 500 when removing an identity with synced attributes and visiting the profile page. !17054
Validate user namespace before saving so that errors persist on model.
LDAP Person no longer throws exception on invalid entry.
Fix JIRA not working when a trailing slash is included.

10.4.3 (2018-02-05)

Security (4 changes)

Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
Fix stored XSS in code blocks that ignore highlighting.
Fix wilcard protected tags protecting all branches.
Restrict Todo API mark_as_done endpoint to the user's todos only.

10.4.2 (2018-01-30)

Fixed (6 changes)

Fix copy/paste on iOS devices due to a bug in webkit. !15804
Fix missing "allow users to request access" option in public project permissions. !16485
Fix encoding issue when counting commit count. !16637
Fixes destination already exists, and some particular service errors on Import/Export error. !16714
Fix cache clear bug withg using : on Windows. !16740
Use has_table_privilege for TRIGGER on PostgreSQL.

Changed (1 change)

Vendor Auto DevOps template with DAST security checks enabled. !16691

10.4.1 (2018-01-24)

Fixed (4 changes)

Ensure that users can reclaim a namespace or project path that is blocked by an orphaned route. !16242
Correctly escape UTF-8 path elements for uploads. !16560
Fix issues when rendering groups and their children. !16584
Fix bug in which projects with forks could not change visibility settings from Private to Public. !16595

Performance (2 changes)

rework indexes on redirect_routes.
Remove unnecessary query from labels filter.

10.4.0 (2018-01-22)

Security (8 changes, 1 of them is from the community)

Upgrade Ruby to 2.3.6 to include security patches. !16016
Prevent a SQL injection in the MilestonesFinder.
Check user authorization for source and target projects when creating a merge request.
Fix path traversal in gitlab-ci.yml cache:key.
Fix writable shared deploy keys.
Filter out sensitive fields from the project services API. (Robert Schilling)
Fix RCE via project import mechanism.
Prevent OAuth login POST requests when a provider has been disabled.

Fixed (68 changes, 24 of them are from the community)

Update comment on image cursor and icons. !15760
Fixes the wording of headers in system info page. !15802 (Gilbert Roulot)
Reset todo counters when the target is deleted. !15807
Execute quick actions (if present) when creating MR from issue. !15810
fix build count in pipeline success mail. !15827 (Christiaan Van den Poel)
Fix error that was preventing users to change the access level of access requests for Groups or Projects. !15832
Last push event widget width for fixed layout. !15862 (George Tsiolis)
Hide link to issues/MRs from labels list if issues/MRs are disabled. !15863 (Sophie Herold)
Use relative URL for projects to avoid storing domains. !15876
Fix gitlab-rake gitlab:import:repos import schedule. !15931
Removed incorrect guidance stating blocked users will be removed from groups and project as members. !15947 (CesarApodaca)
Fix some POST/DELETE requests in IE by switching some bundles to Axios for Ajax requests. !15951
Fixing error 500 when member exist but not the user. !15970
show None when issue is in closed list and no labels assigned. !15976 (Christiaan Van den Poel)
Fix tags in the Activity tab not being clickable. !15996 (Mario de la Ossa)
Disable Vue pagination when only one page of content is available. !15999 (Mario de la Ossa)
disables shortcut to issue boards when issues are not enabled. !16020 (Christiaan Van den Poel)
Ignore lost+found folder during backup on a volume. !16036 (Julien Millau)
Fix abuse reports link url in admin area navbar. !16068 (megos)
Keep typographic hierarchy in User Settings. !16090 (George Tsiolis)
Adjust content width for User Settings, GPG Keys. !16093 (George Tsiolis)
Fix gitlab-rake gitlab:import:repos import schedule. !16115
Fix import project url not updating project name. !16120
Fix activity inline event line height on mobile. !16121 (George Tsiolis)
Fix slash commands dropdown description mis-alignment on Firefox. !16125 (Maurizio De Santis)
Remove unnecessary sidebar element realignment. !16159 (George Tsiolis)
User#projects_limit remove DB default and added NOT NULL constraint. !16165 (Mario de la Ossa)
Fix API endpoints to edit wiki pages where project belongs to a group. !16170
Fix breadcrumbs in User Settings. !16172 (rfwatson)
Move 2FA disable button. !16177 (George Tsiolis)
Fixing bug when wiki last version. !16197
Protected branch is now created for default branch on import. !16198
Prevent excessive DB load due to faulty DeleteConflictingRedirectRoutes background migration. !16205
Force Auto DevOps kubectl version to 1.8.6. !16218
Fix missing references to pipeline objects when restoring project with import/export feature. !16221
Fix inconsistent downcase of filenames in prefilled Add commit messages. !16232 (James Ramsay)
Default merge request title is set correctly again when external issue tracker is activated. !16356 (Ben305)
Ensure that emails contain absolute, rather than relative, links to user uploads. !16364
Prevent invalid Route path if path is unchanged. !16397
Fixing rack request mime type when using rack attack. !16427
Prevent RevList failing on non utf8 paths. !16440
Fix giant fork icons on forks page. !16474
Fix links to uploaded files on wiki pages. !16499
Modify LDAP::Person to return username value based on attributes.
Fixed merge request status badge not updating after merging.
Remove related links in MR widget when empty state.
Gracefully handle garbled URIs in Markdown.
Fix hooks not being set up properly for bare import Rake task.
Fix Mermaid drawings not loading on some browsers.
Humanize the units of "Showing last X KiB of log" in job trace.
Avoid leaving a push event empty if payload cannot be created.
Show authored date rather than committed date on the commit list.
Fix when branch creation fails don't post system note. (Mateusz Bajorski)
Fix viewing merge request diffs where the underlying blobs are unavailable.
Fix 500 error when visiting a commit where the blobs do not exist.
Set target_branch to the ref branch when creating MR from issue.
Fix closed text for issues on Todos page.
[API] Fix creating issue when assignee_id is empty.
Fix false positive issue references in merge requests caused by header anchor links.
Fixed chanages dropdown ellipsis positioning.
Fix shortcut links on help page.
Clears visual token on second backspace. (Martin Wortschack)
Fix onion-skin re-entering state.
fix button alignment on MWPS component.
Add optional search param for Merge Requests API.
Normalizing Identity extern_uid when saving the record.
Fixed typo for issue description field declaration. (Marcus Amargi)
Fix ANSI 256 bold colors in pipelines job output.

Changed (18 changes, 3 of them are from the community)

Make mail notifications of discussion notes In-Reply-To of each other. !14289
Migrate existing data from KubernetesService to Clusters::Platforms::Kubernetes. !15589
Implement checking GCP project billing status in cluster creation form. !15665
Present multiple clusters in a single list instead of a tabbed view. !15669
Remove soft removals related code. !15789
Only mark import and fork jobs as failed once all Sidekiq retries get exhausted. !15844
Translate date ranges on contributors page. !15846
Update issuable status icons. !15898
Update feature toggle design to use icons and make it i18n friendly. !15904
Update groups tree to use GitLab SVG icons, add last updated at information for projects. !15980
Allow forking a public project to a private group. !16050
Expose project_id on /api/v4/pages/domains. !16200 (Luc Didry)
Display graph values on hover within monitoring page. !16261
removed tabindexes from tag form. (Marcus Amargi)
Move edit button to second row on issue page (and change it to a pencil icon).
Run background migrations with a minimum interval.
Provide additional cookies to JIRA service requests to allow Oracle WebGates Basic Auth. (Stanislaw Wozniak)
Hide markdown toolbar in preview mode.

Performance (11 changes)

Improve the performance for counting diverging commits. Show 999+ if it is more than 1000 commits. !15963
Treat empty markdown and html strings as valid cached text, not missing cache that needs to be updated.
Cache merged and closed events data in merge_request_metrics table.
Speed up generation of commit stats by using Rugged native methods.
Improve search query for issues.
Improve search query for merge requests.
Eager load event target authors whenever possible.
Use simple Next/Prev paging for jobs to avoid large count queries on arbitrarily large sets of historical jobs.
Improve performance of MR discussions on large diffs.
Add index on namespaces lower(name) for UsersController#exists.
Fix timeout when filtering issues by label.

Added (26 changes, 8 of them are from the community)

Support new chat notifications parameters in Services API. !11435
Add online and status attribute to runner api entity. !11750
Adds ordering to projects contributors in API. !15469 (Jacopo Beschi @jacopo-beschi)
Add assets_sync gem to Gemfile. !15734
Add a gitlab:tcp_check rake task. !15759
add support for sorting in tags api. !15772 (haseebeqx)
Add Prometheus to available Cluster applications. !15895
Validate file status when committing multiple files. !15922
List of avatars should never show +1. !15972 (Jacopo Beschi @jacopo-beschi)
Do not generate NPM links for private NPM modules in blob view. !16002 (Mario de la Ossa)
Backport fast database lookup of SSH authorized_keys from EE. !16014
Add i18n helpers to branch comparison view. !16031 (James Ramsay)
Add pause/resume button to project runners. !16032 (Mario de la Ossa)
Added option to user preferences to enable the multi file editor. !16056
Implement project jobs cache reset. !16067
Rendering of emoji's in Group-Overview. !16098 (Jacopo Beschi @jacopo-beschi)
Allow automatic creation of Kubernetes Integration from template. !16104
API: get participants from merge_requests & issues. !16187 (Brent Greeff)
Added option to disable commits stats in the commit endpoint. !16309
Disable creation of new Kubernetes Integrations unless they're active or created from template. !41054
Added badge to tree & blob views to indicate LFS tracked files.
Enable ordering of groups and their children by name.
Add button to run scheduled pipeline immediately.
Allow user to rebase merge requests.
Handle GitLab hashed storage repositories using the repo import task.
Hide runner token in CI/CD settings page.

Other (12 changes, 3 of them are from the community)

Adds the multi file editor as a new beta feature. !15430
Use relative URLs when linking to uploaded files. !15751
Add docs for why you might be signed out when using the Remember me token. !15756
Replace '.team << [user, role]' with 'add_role(user)' in specs. !16069 (@blackst0ne)
Add id to modal.vue to support data-toggle="modal". !16189
Update scss-lint to 0.56.0. !16278 (Takuya Noguchi)
Fix web ide user preferences copy and buttons. !41789
Update redis-rack to 2.0.4.
Import some code and functionality from gitlab-shell to improve subprocess handling.
Update Browse file to Choose file in all occurrences.
Bump mysql2 gem version from 0.4.5 to 0.4.10. (asaparov)
Use a background migration for issues.closed_at.

10.3.9 (2018-03-16)

Security (3 changes)

Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
Update nokogiri to 1.8.2. !16807
Fix GitLab Auth0 integration signing in the wrong user.

10.3.8 (2018-03-01)

Security (1 change)

Ensure that OTP backup codes are always invalidated.

10.3.7 (2018-02-05)

Security (4 changes)

Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
Fix stored XSS in code blocks that ignore highlighting.
Fix wilcard protected tags protecting all branches.
Restrict Todo API mark_as_done endpoint to the user's todos only.

10.3.6 (2018-01-22)

Fixed (17 changes, 2 of them are from the community)

Fix abuse reports link url in admin area navbar. !16068 (megos)
Fix gitlab-rake gitlab:import:repos import schedule. !16115
Fixing bug when wiki last version. !16197
Prevent excessive DB load due to faulty DeleteConflictingRedirectRoutes background migration. !16205
Default merge request title is set correctly again when external issue tracker is activated. !16356 (Ben305)
Prevent invalid Route path if path is unchanged. !16397
Fixing rack request mime type when using rack attack. !16427
Prevent RevList failing on non utf8 paths. !16440
Fix 500 error when visiting a commit where the blobs do not exist.
Fix viewing merge request diffs where the underlying blobs are unavailable.
Gracefully handle garbled URIs in Markdown.
Fix hooks not being set up properly for bare import Rake task.
Fix Mermaid drawings not loading on some browsers.
Fixed chanages dropdown ellipsis positioning.
Avoid leaving a push event empty if payload cannot be created.
Set target_branch to the ref branch when creating MR from issue.
Fix shortcut links on help page.

10.3.5 (2018-01-18)

Fix error that prevented the 'deploy_keys' migration from working in MySQL databases.

10.3.4 (2018-01-10)

Security (7 changes, 1 of them is from the community)

Prevent a SQL injection in the MilestonesFinder.
Fix RCE via project import mechanism.
Prevent OAuth login POST requests when a provider has been disabled.
Filter out sensitive fields from the project services API. (Robert Schilling)
Check user authorization for source and target projects when creating a merge request.
Fix path traversal in gitlab-ci.yml cache:key.
Fix writable shared deploy keys.

10.3.3 (2018-01-02)

Fixed (3 changes)

Fix links to old commits in merge request comments.
Fix 404 errors after a user edits an issue description and solves the reCAPTCHA.
Gracefully handle orphaned write deploy keys in /internal/post_receive.

10.3.2 (2017-12-28)

Fixed (1 change)

Fix migration for removing orphaned issues.moved_to_id values in MySQL and PostgreSQL.

10.3.1 (2017-12-27)

Fixed (3 changes)

Don't link LFS objects to a project when unlinking forks when they were already linked. !16006
Execute project hooks and services after commit when moving an issue.
Fix Error 500s with anonymous clones for a project that has moved.

Changed (1 change)

Reduce the number of buckets in gitlab_cache_operation_duration_seconds metric. !15881

10.3.0 (2017-12-22)

Security (1 change, 1 of them is from the community)

Upgrade jQuery to 2.2.4. !15570 (Takuya Noguchi)

Fixed (55 changes, 8 of them are from the community)

Fail jobs if its dependency is missing. !14009
Fix errors when selecting numeric-only labels in the labels autocomplete selector. !14607 (haseebeqx)
Fix pipeline status transition for single manual job. This would also fix pipeline duration becuse it is depending on status transition. !15251
Fix acceptance of username for Mattermost service update. !15275
Set the default gitlab-shell timeout to 3 hours. !15292
Make sure a user can add projects to subgroups they have access to. !15294
OAuth identity lookups case-insensitive. !15312
Fix filter by my reaction is not working. !15345 (Hiroyuki Sato)
Avoid deactivation when pipeline schedules execute a branch includes [ci skip] comment. !15405
Add recaptcha modal to issue updates detected as spam. !15408
Fix item name and namespace text overflow in Projects dropdown. !15451
Removed unused rake task, 'rake gitlab:sidekiq:drop_post_receive'. !15493
Fix commits page throwing 500 when the multi-file editor was enabled. !15502
Fix Issue comment submit button being disabled when pasting content from another GFM note. !15530
Reenable Prometheus metrics, add more control over Prometheus method instrumentation. !15558
Fix broadcast message not showing up on login page. !15578
Initializes the branches dropdown when the 'Start new pipeline' failed due to validation errors. !15588 (Christiaan Van den Poel)
Fix merge requests where the source or target branch name matches a tag name. !15591
Create a fork network for forks with a deleted source. !15595
Fix search results when a filename would contain a special character. !15606 (haseebeqx)
Strip leading & trailing whitespaces in CI/CD secret variable keys. !15615
Correctly link to a forked project from the new fork page. !15653
Fix the fork project functionality for projects with hashed storage. !15671
Added default order to UsersFinder. !15679
Fix graph notes number duplication. !15696 (Vladislav Kaverin)
Fix updateEndpoint undefined error for issue_show app root. !15698
Change boards page boards_data absolute urls to paths. !15703
Using appropriate services in the API for managing forks. !15709
Confirming email with invalid token should no longer generate an error. !15726
fix #39233 - 500 in merge request. !15774 (Martin Nowak)
Use Markdown styling for new project guidelines. !15785 (Markus Koller)
Fix error during schema dump. !15866
Fix broken illustration images for monitoring page empty states. !15889
Make sure user email is read only when synced with LDAP. !15915
Fixed outdated browser flash positioning.
Fix gitlab:import:repos Rake task moving repositories into the wrong location.
Gracefully handle case when repository's root ref does not exist.
Fix GitHub importer using removed interface.
Align retry button with job title with new grid size.
Fixed admin welcome screen new group path.
Fix related branches/Merge requests failing to load when the hostname setting is changed.
Init zen mode in snippets pages.
Remove extra margin from wordmark in header.
Fixed long commit links not wrapping correctly.
Fixed deploy keys remove button loading state not resetting.
Use app host instead of asset host when rendering image blob or diff.
Hide log size for mobile screens.
Fix sending notification emails to users with the mention level set who were mentioned in an issue or merge request description.
Changed validation error message on wrong milestone dates. (Xurxo Méndez Pérez)
Fix access to the final page of todos.
Fixed new group milestone breadcrumbs.
Fix image diff notification email from showing wrong content.
Fixed merge request lock icon size.
Make sure head pippeline always corresponds with the head sha of an MR.
Prevent 500 error when inspecting job after trigger was removed.

Changed (14 changes, 2 of them are from the community)

Only owner or master can erase jobs. !15216
Allow password authentication to be disabled entirely. !15223 (Markus Koller)
Add the option to automatically run a pipeline after updating AutoDevOps settings. !15380
Add total_time_spent to the changes hash in issuable Webhook payloads. !15381
Monitor NFS shards for circuitbreaker in a separate process. !15426
Add inline editing to issues on mobile. !15438
Add custom brand text on new project pages. !15541 (Markus Koller)
Show only group name by default and put full namespace in tooltip in Groups tree. !15650
Use custom user agent header in all GCP API requests. !15705
Changed the deploy markers on the prometheus dashboard to be more verbose. !38032
Animate contextual sidebar on collapse/expand.
Update emojis. Add :gay_pride_flag: and :speech_left:. Remove extraneous comma in :cartwheel_tone4:.
When a custom header logo is present, don't show GitLab type logo.
Improved diff changed files dropdown design.

Performance (19 changes)

Add timeouts for Gitaly calls. !15047
Performance issues when loading large number of wiki pages. !15276
Add performance logging to UpdateMergeRequestsWorker. !15360
Keep track of all circuitbreaker keys in a set. !15613
Improve the performance for counting commits. !15628
Reduce requests for project forks on show page of projects that have forks. !15663
Perform SQL matching of Build&Runner tags to greatly speed-up job picking.
Only load branch names for protected branch checks.
Optimize API /groups/:id/projects by preloading associations.
Remove allocation tracking code from InfluxDB sampler for performance.
Throttle the number of UPDATEs triggered by touch.
Make finding most recent merge request diffs more efficient.
Fetch blobs in bulk when generating diffs.
Cache commits for MergeRequest diffs.
Use fuzzy search with minimum length of 3 characters where appropriate.
Add axios to common file.
Remove template selector from global namespace.
check the import_status field before doing SQL operations to check the import url.
Stop sending milestone and labels data over the wire for MR widget requests.

Added (22 changes, 15 of them are from the community)

Limit autocomplete menu to applied labels. !11110 (Vitaliy @blackst0ne Klachkov)
Make diff notes created on a commit in a merge request to persist a rebase. !12148
Allow creation of merge request from email. !13817 (janp)
Add an ability to use a custom branch name on creation from issues. !13884 (Vitaliy @blackst0ne Klachkov)
Add anonymous rate limit per IP, and authenticated (web or API) rate limits per user. !14708
Create a new form to add Existing Kubernetes Cluster. !14805
Add support of Mermaid (generation of diagrams and flowcharts from text). !15107 (Vitaliy @blackst0ne Klachkov)
Add total time spent to milestones. !15116 (George Andrinopoulos)
Add /groups/:id/subgroups endpoint to API. !15142 (marbemac)
Add administrative endpoint to list all pages domains. !15160 (Travis Miller)
Adds Rubocop rule for line break after guard clause. !15188 (Jacopo Beschi @jacopo-beschi)
Add edit button to mobile file view. !15199 (Travis Miller)
Add dropdown sort to group milestones. !15230 (George Andrinopoulos)
added support for ordering and sorting in notes api. !15342 (haseebeqx)
Hashed Storage migration script now supports migrating project attachments. !15352
New API endpoint - list jobs for a specified runner. !15432
Add new API endpoint - get a namespace by ID. !15442
Disables autocomplete in filtered searc. !15477 (Jacopo Beschi @jacopo-beschi)
Update empty state page of merge request 'changes' tab. !15611 (Vitaliy @blackst0ne Klachkov)
Allow git pull/push on group/user/project redirects. !15670
show status of gitlab reference links in wiki. !15694 (haseebeqx)
Add email confirmation parameters for user creation and update via API. (Daniel Juarez)

Other (17 changes, 7 of them are from the community)

Enable UnnecessaryMantissa in scss-lint. !15255 (Takuya Noguchi)
Add untracked files to uploads table. !15270
Move update_project_counter_caches? out of issue and merge request. !15300 (George Andrinopoulos)
Removed tooltip from clone dropdown. !15334
Clean up empty fork networks. !15373
Create issuable destroy service. !15604 (George Andrinopoulos)
Upgrade seed-fu to 2.3.7. !15607 (Takuya Noguchi)
Rename GKE as Kubernetes Engine. !15608 (Takuya Noguchi)
Prefer ci_config_path validation for leading slashes instead of sanitizing the input. !15672 (Christiaan Van den Poel)
Fix typo in docs about Elasticsearch. !15699 (Takuya Noguchi)
Add internationalization support for the prometheus integration. !33338
Export text utils functions as es6 module and add tests.
Stop reloading the page when using pagination and tabs - use API calls - in Pipelines table.
Clean up schema of the "issues" table.
Clarify wording of protected branch settings for the default branch.
Update svg external dependency.
Clean up schema of the "merge_requests" table.

10.2.8 (2018-02-07)

Security (4 changes)

Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
Fix stored XSS in code blocks that ignore highlighting.
Fix wilcard protected tags protecting all branches.
Restrict Todo API mark_as_done endpoint to the user's todos only.

10.2.7 (2018-01-18)

No changes.

10.2.6 (2018-01-11)

Security (9 changes, 1 of them is from the community)

Fix writable shared deploy keys.
Filter out sensitive fields from the project services API. (Robert Schilling)
Fix RCE via project import mechanism.
Fixed IPython notebook output not being sanitized.
Prevent OAuth login POST requests when a provider has been disabled.
Prevent a SQL injection in the MilestonesFinder.
Check user authorization for source and target projects when creating a merge request.
Fix path traversal in gitlab-ci.yml cache:key.
Fix XSS vulnerability in pipeline job trace.

10.2.5 (2017-12-15)

Fixed (8 changes)

Create a fork network for forks with a deleted source. !15595
Correctly link to a forked project from the new fork page. !15653
Fix the fork project functionality for projects with hashed storage. !15671
Fix updateEndpoint undefined error for issue_show app root. !15698
Fix broken illustration images for monitoring page empty states. !15889
Fix related branches/Merge requests failing to load when the hostname setting is changed.
Fix gitlab:import:repos Rake task moving repositories into the wrong location.
Gracefully handle case when repository's root ref does not exist.

Performance (3 changes)

Keep track of all circuitbreaker keys in a set. !15613
Only load branch names for protected branch checks.
Optimize API /groups/:id/projects by preloading associations.

10.2.4 (2017-12-07)

Security (5 changes)

Fix e-mail address disclosure through member search fields
Prevent creating issues through API when user does not have permissions
Prevent an information disclosure in the Groups API
Fix user without access to private Wiki being able to see it on the project page
Fix Cross-Site Scripting (XSS) vulnerability while editing a comment

10.2.3 (2017-11-30)

Fixed (7 changes)

Fix hashed storage for Import/Export uploads. !15482
Ensure that rake gitlab:cleanup:repos task does not mess with hashed repositories. !15520
Ensure that rake gitlab:cleanup:dirs task does not mess with hashed repositories. !15600
Fix WIP system note not being created.
Fix link text from group context.
Fix defaults for MR states and merge statuses.
Fix pulling and pushing using a personal access token with the sudo scope.

Performance (3 changes)

Drastically improve project search performance by no longer searching namespace name.
Reuse authors when rendering event Atom feeds.
Optimise StuckCiJobsWorker using cheap SQL query outside, and expensive inside.

10.2.2 (2017-11-23)

Fixed (5 changes)

Label addition/removal are not going to be redacted wrongfully in the API. !15080
Fix bitbucket wiki import with hashed storage enabled. !15490
Impersonation no longer gets stuck on password change. !15497
Fix blank states using old css.
Fix promoting milestone updating all issuables without milestone.

Performance (3 changes)

Update Issue Boards to fetch the notification subscription status asynchronously.
Update composite pipelines index to include "id".
Use arrays in Pipeline#latest_builds_with_artifacts.

Other (2 changes)

Don't move repositories and attachments for projects using hashed storage. !15479
Add logs for monitoring the merge process.

10.2.1 (2017-11-22)

Fixed (1 change)

Force disable Prometheus metrics.

10.2.0 (2017-11-22)

Security (4 changes)

Upgrade Ruby to 2.3.5 to include security patches. !15099
Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization.
Convert private tokens to Personal Access Tokens with sudo scope.
Remove private tokens from web interface and API.

Removed (5 changes)

Remove help text from group issues page and group merge requests page. !14963
Remove overzealous tooltips in projects page tabs. !15017
Stop merge requests from fetching their refs when the data is already available. !15129
Remove update merge request worker tagging.
Remove Session API now that private tokens are removed from user API endpoints.

Fixed (75 changes, 18 of them are from the community)

Fix 404 errors in API caused when the branch name had a dot. !14462 (gvieira37)
Remove unnecessary alt-texts from pipeline emails. !14602 (gernberg)
Renders 404 in commits controller if no commits are found for a given path. !14610 (Guilherme Vieira)
Cleanup data-page attribute after each Karma test. !14742
Removed extra border radius from .file-editor and .file-holder when editing a file. !14803 (Rachel Pipkin)
Add support for markdown preview to group milestones. !14806 (Vitaliy @blackst0ne Klachkov)
Fixed 'Removed source branch' checkbox in merge widget being ignored. !14832
Fix unnecessary ajax requests in admin broadcast message form. !14853
Make NamespaceSelect change URL when filtering. !14888
Get true failure from evalulate_script by checking for element beforehand. !14898
Fix SAML error 500 when no groups are defined for user. !14913
Fix 500 errors caused by empty diffs in some discussions. !14945 (Alexander Popov)
Fix the atom feed for group events. !14974
Hides pipeline duration in commit box when it is zero (nil). !14979 (gvieira37)
Add new diff discussions on MR diffs tab in "realtime". !14981
Returns a ssh url for go-get=1. !14990 (gvieira37)
Case insensitive search for branches. !14995 (George Andrinopoulos)
Fixes 404 error to 'Issues assigned to me' and 'Issues I've created' when issues are disabled. !15021 (Jacopo Beschi @jacopo-beschi)
Update the groups API documentation. !15024 (Robert Schilling)
Validate username/pw for Jiraservice, require them in the API. !15025 (Robert Schilling)
Update Merge Request polling so there is only one request at a time. !15032
Use project select dropdown not only as a combobutton. !15043
Remove create MR button from issues when MRs are disabled. !15071 (George Andrinopoulos)
Tighten up whitelisting of certain Geo routes. !15082
Allow to disable the Performance Bar. !15084
Refresh open Issue and Merge Request project counter caches when re-opening. !15085 (Rob Ede @robjtede)
Fix markdown form tabs toggling preview mode from double clicking write mode button. !15119
Fix cancel button not working while uploading on the new issue page. !15137
Fix webhooks recent deliveries. !15146 (Alexander Randa (@randaalex))
Fix issues with forked projects of which the source was deleted. !15150
Fix GPG signature popup info in Safari and Firefox. !15228
Fix GFM reference links for closed milestones. !15234 (Vitaliy @blackst0ne Klachkov)
When deleting merged branches, ignore protected tags. !15252
Revert a regression on runners sorting (!15134). !15341 (Takuya Noguchi)
Don't use JS to delete memberships from projects and groups. !15344
Don't try to create fork network memberships for forks with a missing source. !15366
Fix gitlab:backup rake for hashed storage based repositories. !15400
Fix issue where clicking a GPG verification badge would scroll to the top of the page. !15407
Update container repository path reference and allow using double underscore. !15417
Fix crash when navigating to second page of the group dashboard when there are projects and groups on the first page. !15456
Fix flash errors showing up on a non configured prometheus integration. !35652
Fix timezone bug in Pikaday and upgrade Pikaday version.
Fix arguments Import/Export error importing project merge requests.
Moves mini graph of pipeline to the end of sentence in MR widget. Cleans HTML and tests.
Fix user autocomplete in subgroups.
Fixed user profile activity tab being off-screen on mobile.
Fix diff parser so it tolerates to diff special markers in the content.
Fix a migration that adds merge_requests_ff_only_enabled column to MR table.
Don't create build failed todos when the job is automatically retried.
Render 404 when polling commit notes without having permissions.
Show error message when fast-forward merge is not possible.
Prevents position update for image diff notes.
Mobile-friendly table on Admin Runners. (Takuya Noguchi)
Decreases z-index of select2 to a lower number of our navigation bar.
Fix broken Members link when relative URL root paths are used.
Avoid regenerating the ref path for the environment.
Memoize GitLab logger to reduce open file descriptors.
Fix hashed storage with project transfers to another namespace.
Fix bad type checking to prevent 0 count badge to be shown.
Fix problem with issuable header wrapping when content is too long.
Move retry button in job page to sidebar.
Formats bytes to human reabale number in registry table.
Fix commit pipeline showing wrong status.
Include link to issue in reopen message for Slack and Mattermost notifications.
Fix double border UI bug on pipelines/environments table and pagination.
Remove native title tooltip in pipeline jobs dropdown in Safari.
Fix namespacing for MergeWhenPipelineSucceedsService in MR API.
Prevent error when authorizing an admin-created OAauth application without a set owner.
Always return full avatar URL for private/internal groups/projects when asset host is set.
Make sure group and project creation is blocked for new users that are external by default.
Make sure NotesActions#noteable returns a Noteable in the update action.
Reallow project paths ending in periods.
Only set Auto-Submitted header once for emails on push.
Fix overlap of right-sidebar and main content when creating a Wiki page.
Enables scroll to bottom once user has scrolled back to bottom in job log.

Changed (21 changes, 7 of them are from the community)

Added possibility to enter past date in /spend command to log time in the past. !3044 (g3dinua, LockiStrike)
Add Prometheus equivalent of all InfluxDB metrics. !13891
Show collapsible project lists. !14055
Make Prometheus metrics endpoint return empty response when metrics are disabled. !14490
Support custom attributes on groups and projects. !14593 (Markus Koller)
Avoid fetching all branches for branch existence checks. !14778
Update participants and subscriptions button in issuable sidebar to be async. !14836
Replace WikiPage::CreateService calls with wiki_page factory in specs. !14850 (Jacopo Beschi @jacopo-beschi)
Add lazy option to UserAvatarImage. !14895
Add readme only option as project view. !14900
Todos spelled correctly on Todos list page. !15015
Support uml:: and captions in reStructuredText. !15120 (Markus Koller)
Add system hooks user_rename and group_rename. !15123
Change tags order in refs dropdown. !15235 (Vitaliy @blackst0ne Klachkov)
Change default cluster size to n1-default-2. !39649 (Fabio Busatto)
Change 'Sign Out' route from a DELETE to a GET. !39708 (Joe Marty)
Change background color of nav sidebar to match other gl sidebars.
Update i18n section in FE docs for marking and interpolation.
Add a count of changes to the merge requests API.
Improve GitLab Import rake task to work with Hashed Storage and Subgroups.
14830 Move GitLab export option to top of import list when creating a new project.

Performance (14 changes)

Improve branch listing page performance. !14729
Improve DashboardController#activity.json performance. !14985
Add a latest_merge_request_diff_id column to merge_requests. !15035
Improve performance of the /projects/:id/repository/branches API endpoint. !15215
Ensure merge requests with lots of version don't time out when searching for pipelines.
Speed up issues list APIs.
Remove Filesystem check metrics that use too much CPU to handle requests.
Disable Unicorn sampling in Sidekiq since there are no Unicorn sockets to monitor.
Truncate tree to max 1,000 items and display notice to users.
Add Performance improvement as category on the changelog.
Cache commits fetched from the repository.
Cache the number of user SSH keys.
Optimise getting the pipeline status of commits.
Improve performance of commits list by fully using DB index when getting commit note counts.

Added (26 changes, 10 of them are from the community)

Expose duration in Job entity. !13644 (Mehdi Lahmam (@mehlah))
Prevent git push when LFS objects are missing. !13837
Automatic configuration settings page. !13850 (Francisco Lopez)
Add API endpoints for Pages Domains. !13917 (Travis Miller)
Include the changes in issuable webhook payloads. !14308
Add Packagist project service. !14493 (Matt Coleman)
Add sort runners on admin runners. !14661 (Takuya Noguchi)
Repo Editor: Add option to start a new MR directly from comit section. !14665
Issue JWT token with registry:catalog:* scope when requested by GitLab admin. !14751 (Vratislav Kalenda)
Support show-all-refs for git over HTTP. !14834
Add loading button for new UX paradigm. !14883
Get Project Branch API shows an helpful error message on invalid refname. !14884 (Jacopo Beschi @jacopo-beschi)
Refactor have_http_status into have_gitlab_http_status. !14958 (Jacopo Beschi @jacopo-beschi)
Suggest to rename the remote for existing repository instructions. !14970 (helmo42)
Adds project_id to pipeline hook data. !15044 (Jacopo Beschi @jacopo-beschi)
Hashed Storage support for Attachments. !15068
Add metric tagging for sidekiq workers. !15111
Expose project visibility as CI variable - CI_PROJECT_VISIBILITY. !15193
Allow multiple queries in a single Prometheus graph to support additional environments (Canary, Staging, et al.). !15201
Allow promoting project milestones to group milestones.
Added submodule support in multi-file editor.
Add applications section to GKE clusters page to easily install Helm Tiller, Ingress.
Allow files to uploaded in the multi-file editor.
Add Ingress to available Cluster applications.
Adds typescript support.
Add sudo scope for OAuth and Personal Access Tokens to be used by admins to impersonate other users on the API.

Other (18 changes, 8 of them are from the community)

Decrease Perceived Complexity threshold to 14. !14231 (Maxim Rydkin)
Replace the 'features/explore/projects.feature' spinach test with an rspec analog. !14755 (Vitaliy @blackst0ne Klachkov)
While displaying a commit, do not show list of related branches if there are thousands of branches. !14812
Removed d3.js from the graph and users bundles and used the common_d3 bundle instead. !14826
Make contributors page translatable. !14915
Decrease ABC threshold to 54.28. !14920 (Maxim Rydkin)
Clarify system_hook triggers in documentation. !14957 (Joe Marty)
Free up some reserved group names. !15052
Bump carrierwave to 1.2.1. !15072 (Takuya Noguchi)
Enable NestingDepth (level 6) on scss-lint. !15073 (Takuya Noguchi)
Enable BorderZero rule in scss-lint. !15168 (Takuya Noguchi)
Internationalized tags page. !38589
Moves placeholders components into shared folder with documentation. Makes them easier to reuse in MR and Snippets comments.
Reorganize welcome page for new users.
Refactor GroupLinksController. (15121)
Remove filter icon from search bar.
Use title as placeholder instead of issue title for reusability.
Add Gitaly metrics to the performance bar.

10.1.7 (2018-01-18)

No changes.

10.1.6 (2018-01-11)

Security (8 changes, 1 of them is from the community)

Fix writable shared deploy keys.
Filter out sensitive fields from the project services API. (Robert Schilling)
Fix RCE via project import mechanism.
Prevent OAuth login POST requests when a provider has been disabled.
Prevent a SQL injection in the MilestonesFinder.
Check user authorization for source and target projects when creating a merge request.
Fix path traversal in gitlab-ci.yml cache:key.
Fix XSS vulnerability in pipeline job trace.

10.1.5 (2017-12-07)

Security (5 changes)

Fix e-mail address disclosure through member search fields
Prevent creating issues through API when user does not have permissions
Prevent an information disclosure in the Groups API
Fix user without access to private Wiki being able to see it on the project page
Fix Cross-Site Scripting (XSS) vulnerability while editing a comment

10.1.4 (2017-11-14)

Fixed (4 changes)

Don't try to create fork network memberships for forks with a missing source. !15366
Formats bytes to human reabale number in registry table.
Prevent error when authorizing an admin-created OAauth application without a set owner.
Prevents position update for image diff notes.

10.1.3 (2017-11-10)

[SECURITY] Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization.
[FIXED] Fix cancel button not working while uploading on the new issue page. !15137
[FIXED] Fix webhooks recent deliveries. !15146 (Alexander Randa (@randaalex))
[FIXED] Fix issues with forked projects of which the source was deleted. !15150
[FIXED] Fix GPG signature popup info in Safari and Firefox. !15228
[FIXED] Make sure group and project creation is blocked for new users that are external by default.
[FIXED] Fix arguments Import/Export error importing project merge requests.
[FIXED] Fix diff parser so it tolerates to diff special markers in the content.
[FIXED] Fix a migration that adds merge_requests_ff_only_enabled column to MR table.
[FIXED] Render 404 when polling commit notes without having permissions.
[FIXED] Show error message when fast-forward merge is not possible.
[FIXED] Avoid regenerating the ref path for the environment.
[PERFORMANCE] Remove Filesystem check metrics that use too much CPU to handle requests.

10.1.2 (2017-11-08)

[SECURITY] Add X-Content-Type-Options header in API responses to make it more difficult to find other vulnerabilities.
[SECURITY] Properly translate IP addresses written in decimal, octal, or other formats in SSRF protections in project imports.
[FIXED] Fix TRIGGER checks for MySQL.

10.1.1 (2017-10-31)

[FIXED] Auto Devops kubernetes default namespace is now correctly built out of gitlab project group-name. !14642 (Mircea Danila Dumitrescu)
[FIXED] Forbid the usage of Redis#keys. !14889
[FIXED] Make the circuitbreaker more robust by adding higher thresholds, and multiple access attempts. !14933
[FIXED] Only cache last push event for existing projects when pushing to a fork. !14989
[FIXED] Fix bug preventing secondary emails from being confirmed. !15010
[FIXED] Fix broken wiki pages that link to a wiki file. !15019
[FIXED] Don't rename paths that were freed up when upgrading. !15029
[FIXED] Fix bitbucket login. !15051
[FIXED] Update gitaly in GitLab 10.1 to 0.43.1 for temp file cleanup. !15055
[FIXED] Use the correct visibility attribute for projects in system hooks. !15065
[FIXED] Normalize LDAP DN when looking up identity.
[FIXED] Adds callback functions for initial request in clusters page.
[FIXED] Fix missing Import/Export issue assignees.
[FIXED] Allow boards as top level route.
[FIXED] Fix widget of locked merge requests not being presented.
[FIXED] Fix editing issue description in mobile view.
[FIXED] Fix deletion of container registry or images returning an error.
[FIXED] Fix the writing of invalid environment refs.
[CHANGED] Store circuitbreaker settings in the database instead of config. !14842
[CHANGED] Update default disabled merge request widget message to reflect a general failure. !14960
[PERFORMANCE] Stop merge requests with thousands of commits from timing out. !15063

10.1.0 (2017-10-22)

[SECURITY] Use a timeout on certain git operations. !14872
[SECURITY] Move project repositories between namespaces when renaming users.
[SECURITY] Prevent an open redirect on project pages.
[SECURITY] Prevent a persistent XSS in user-provided markup.
[REMOVED] Remove the ability to visit the issue edit form directly. !14523
[REMOVED] Remove animate.js and label animation.
[FIXED] Perform prometheus data endpoint requests in parallel. !14003
[FIXED] Escape quotes in git username. !14020 (Brandon Everett)
[FIXED] Fixed non-UTF-8 valid branch names from causing an error. !14090
[FIXED] Read import sources from setting at first initialization. !14141 (Visay Keo)
[FIXED] Display full pre-receive and post-receive hook output in GitLab UI. !14222 (Robin Bobbitt)
[FIXED] Fix incorrect X-axis labels in Prometheus graphs. !14258
[FIXED] Fix the default branches sorting to actually be 'Last updated'. !14295
[FIXED] Fixes project denial of service via gitmodules using Extended ASCII. !14301
[FIXED] Fix the filesystem shard health check to check all configured shards. !14341
[FIXED] Compare email addresses case insensitively when verifying GPG signatures. !14376 (Tim Bishop)
[FIXED] Allow the git circuit breaker to correctly handle missing repository storages. !14417
[FIXED] Fix rake gitlab:incoming_email:check and make it report the actual error. !14423
[FIXED] Does not check if an invariant hashed storage path exists on disk when renaming projects. !14428
[FIXED] Also reserve refs/replace after importing a project. !14436
[FIXED] Fix profile image orientation based on EXIF data gvieira37. !14461 (gvieira37)
[FIXED] Move the deployment flag content to the left when deployment marker is near the end. !14514
[FIXED] Fix notes type created from import. This should fix some missing notes issues from imported projects. !14524
[FIXED] Fix bottom spacing for dropdowns that open upwards. !14535
[FIXED] Adjusts tag link to avoid underlining spaces. !14544 (Guilherme Vieira)
[FIXED] Add missing space in Sidekiq memory killer log message. !14553 (Benjamin Drung)
[FIXED] Ensure no exception is raised when Raven tries to get the current user in API context. !14580
[FIXED] Fix edit project service cancel button position. !14596 (Matt Coleman)
[FIXED] Fix case sensitive email confirmation on signup. !14606 (robdel12)
[FIXED] Whitelist authorized_keys.lock in the gitlab:check rake task. !14624
[FIXED] Allow merge in MR widget with no pipeline but using "Only allow merge requests to be merged if the pipeline succeeds". !14633
[FIXED] Fix navigation dropdown close animation on mobile screens. !14649
[FIXED] Fix the project import with issues and milestones. !14657
[FIXED] Use explicit boolean true attribute for show-disabled-button in Vue files. !14672
[FIXED] Make tabs on top scrollable on admin dashboard. !14685 (Takuya Noguchi)
[FIXED] Fix broken Y-axis scaling in some Prometheus graphs. !14693
[FIXED] Search or compare LDAP DNs case-insensitively and ignore excess whitespace. !14697
[FIXED] Allow prometheus graphs to correctly handle NaN values. !14741
[FIXED] Don't show an "Unsubscribe" link in snippet comment notifications. !14764
[FIXED] Fixed duplicate notifications when added multiple labels on an issue. !14798
[FIXED] Fix alignment for indeterminate marker in dropdowns. !14809
[FIXED] Fix error when updating a forked project with deleted ForkedProjectLink. !14916
[FIXED] Correctly render asset path for locales with a region. !14924
[FIXED] Fix the external URLs generated for online view of HTML artifacts. !14977
[FIXED] Reschedule merge request diff background migrations to catch failures from 9.5 run.
[FIXED] fix merge request widget status icon for failed CI.
[FIXED] Fix the number representing the amount of commits related to a push event.
[FIXED] Sync up hover and legend data across all graphs for the prometheus dashboard.
[FIXED] Fixes mini pipeline graph in commit view.
[FIXED] Fix comment deletion confirmation dialog typo.
[FIXED] Fix project snippets breadcrumb link.
[FIXED] Make usage ping scheduling more robust.
[FIXED] Make "merge ongoing" check more consistent.
[FIXED] Add 1000+ counters to job page.
[FIXED] Fixed issue/merge request breadcrumb titles not having links.
[FIXED] Fixed commit avatars being centered vertically.
[FIXED] Tooltips in the commit info box now all face the same direction. (Jedidiah Broadbent)
[FIXED] Fixed navbar title colors leaking out of the navbar.
[FIXED] Fix bug that caused merge requests with diff notes imported from Bitbucket to raise errors.
[FIXED] Correctly detect multiple issue URLs after 'Closes...' in MR descriptions.
[FIXED] Set default scope on PATs that don't have one set to allow them to be revoked.
[FIXED] Fix application setting to cache nil object.
[FIXED] Fix image diff swipe handle offset to correctly align with the frame.
[FIXED] Force non diff resolved discussion to display when collapse toggled.
[FIXED] Fix resolved discussions not expanding on side by side view.
[FIXED] Fixed the sidebar scrollbar overlapping links.
[FIXED] Issue board tooltips are now the correct width when the column is collapsed. (Jedidiah Broadbent)
[FIXED] Improve autodevops banner UX and render it only in project page.
[FIXED] Fix typo in cycle analytics breaking time component.
[FIXED] Force two up view to load by default for image diffs.
[FIXED] Fixed milestone breadcrumb links.
[FIXED] Fixed group sort dropdown defaulting to empty.
[FIXED] Fixed notes not being scrolled to in merge requests.
[FIXED] Adds Event polyfill for IE11.
[FIXED] Update native unicode emojis to always render as normal text (previously could render italicized). (Branka Martinovic)
[FIXED] Sort JobsController by id, not created_at.
[FIXED] Fix revision and total size missing for Container Registry.
[FIXED] Fixed milestone issuable assignee link URL.
[FIXED] Fixed breadcrumbs container expanding in side-by-side diff view.
[FIXED] Fixed merge request widget merged & closed date tooltip text.
[FIXED] Prevent creating multiple ApplicationSetting instances.
[FIXED] Fix username and ID not logging in production_json.log for Git activity.
[FIXED] Make Redcarpet Markdown renderer thread-safe.
[FIXED] Two factor auth messages in settings no longer overlap the button. (Jedidiah Broadbent)
[FIXED] Made the "remember me" check boxes have consistent styles and alignment. (Jedidiah Broadbent)
[FIXED] Prevent branches or tags from starting with invalid characters (e.g. -, .).
[DEPRECATED] Removed two legacy config options. (Daniel Voogsgerd)
[CHANGED] Show notes number more user-friendly in the graph. !13949 (Vladislav Kaverin)
[CHANGED] Link SAML users to LDAP by email. !14216
[CHANGED] Display whether branch has been merged when deleting protected branch. !14220
[CHANGED] Make the labels in the Compare form less confusing. !14225
[CHANGED] Confirmation email shows link as text instead of human readable text. !14243 (bitsapien)
[CHANGED] Return only group's members in user dropdowns on issuables list pages. !14249
[CHANGED] Added defaults for protected branches dropdowns on the repository settings. !14278
[CHANGED] Show confirmation modal before deleting account. !14360
[CHANGED] Allow creating merge requests across a fork network. !14422
[CHANGED] Re-arrange script HTML tags before template HTML tags in .vue files. !14671
[CHANGED] Create idea of read-only database. !14688
[CHANGED] Add active states to nav bar counters.
[CHANGED] Add view replaced file link for image diffs.
[CHANGED] Adjust tooltips to adhere to 8px grid and make them more readable.
[CHANGED] breadcrumbs receives padding when double lined.
[CHANGED] Allow developer role to admin milestones.
[CHANGED] Stop using Sidekiq for updating Key#last_used_at.
[CHANGED] Include GitLab full name in Slack messages.
[ADDED] Expose last pipeline details in API response when getting a single commit. !13521 (Mehdi Lahmam (@mehlah))
[ADDED] Allow to use same periods for different housekeeping tasks (effectively skipping the lesser task). !13711 (cernvcs)
[ADDED] Add GitLab-Pages version to Admin Dashboard. !14040 (travismiller)
[ADDED] Commenting on image diffs. !14061
[ADDED] Script to migrate project's repositories to new Hashed Storage. !14067
[ADDED] Hide close MR button after merge without reloading page. !14122 (Jacopo Beschi @jacopo-beschi)
[ADDED] Add Gitaly version to Admin Dashboard. !14313 (Jacopo Beschi @jacopo-beschi)
[ADDED] Add 'closed_at' attribute to Issues API. !14316 (Vitaliy @blackst0ne Klachkov)
[ADDED] Add tooltip for milestone due date to issue and merge request lists. !14318 (Vitaliy @blackst0ne Klachkov)
[ADDED] Improve list of sorting options. !14320 (Vitaliy @blackst0ne Klachkov)
[ADDED] Add client and call site metadata to Gitaly calls for better traceability. !14332
[ADDED] Strip gitlab-runner section markers in build trace HTML view. !14393
[ADDED] Add online view of HTML artifacts for public projects. !14399
[ADDED] Create Kubernetes cluster on GKE from k8s service. !14470
[ADDED] Add support for GPG subkeys in signature verification. !14517
[ADDED] Parse and store gitlab-runner timestamped section markers. !14551
[ADDED] Add "implements" to the default issue closing message regex. !14612 (Guilherme Vieira)
[ADDED] Replace tag: true into :tag in the specs. !14653 (Jacopo Beschi @jacopo-beschi)
[ADDED] Discussion lock for issues and merge requests.
[ADDED] Add an API endpoint to determine the forks of a project.
[ADDED] Add help text to runner edit: tags should be separated by commas. (Brendan O'Leary)
[ADDED] Only copy old/new code when selecting left/right side of parallel diff.
[ADDED] Expose avatar_url when requesting list of projects from API with simple=true.
[ADDED] A confirmation email is now sent when adding a secondary email address. (digitalmoksha)
[ADDED] Move Custom merge methods from EE.
[ADDED] Makes @mentions links have a different styling for better separation.
[ADDED] Added tabs to dashboard/projects to easily switch to personal projects.
[OTHER] Extract AutocompleteController#users into finder. !13778 (Maxim Rydkin, Mayra Cabrera)
[OTHER] Replace 'project/wiki.feature' spinach test with an rspec analog. !13856 (Vitaliy @blackst0ne Klachkov)
[OTHER] Expand docs for changing username or group path. !13914
[OTHER] Move lib/ci to lib/gitlab/ci. !14078 (Maxim Rydkin)
[OTHER] Decrease Cyclomatic Complexity threshold to 13. !14152 (Maxim Rydkin)
[OTHER] Decrease Perceived Complexity threshold to 15. !14160 (Maxim Rydkin)
[OTHER] Replace project/group_links.feature spinach test with an rspec analog. !14169 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the project/milestone.feature spinach test with an rspec analog. !14171 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the profile/emails.feature spinach test with an rspec analog. !14172 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the project/team_management.feature spinach test with an rspec analog. !14173 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'project/merge_requests/accept.feature' spinach test with an rspec analog. !14176 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'project/builds/summary.feature' spinach test with an rspec analog. !14177 (Vitaliy @blackst0ne Klachkov)
[OTHER] Optimize the boards' issues fetching. !14198
[OTHER] Replace the 'project/merge_requests/revert.feature' spinach test with an rspec analog. !14201 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'project/issues/award_emoji.feature' spinach test with an rspec analog. !14202 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'profile/active_tab.feature' spinach test with an rspec analog. !14239 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'search.feature' spinach test with an rspec analog. !14248 (Vitaliy @blackst0ne Klachkov)
[OTHER] Load sidebar participants avatars only when visible. !14270
[OTHER] Adds gitlab features and components to usage ping data. !14305
[OTHER] Replace the 'project/archived.feature' spinach test with an rspec analog. !14322 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'project/commits/revert.feature' spinach test with an rspec analog. !14325 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'project/snippets.feature' spinach test with an rspec analog. !14326 (Vitaliy @blackst0ne Klachkov)
[OTHER] Add link to OpenID Connect documentation. !14368 (Markus Koller)
[OTHER] Upgrade doorkeeper-openid_connect. !14372 (Markus Koller)
[OTHER] Upgrade gitlab-markup gem. !14395 (Markus Koller)
[OTHER] Index projects on repository storage. !14414
[OTHER] Replace the 'project/shortcuts.feature' spinach test with an rspec analog. !14431 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace the 'project/service.feature' spinach test with an rspec analog. !14432 (Vitaliy @blackst0ne Klachkov)
[OTHER] Improve GitHub import performance. !14445
[OTHER] Add basic sprintf implementation to JavaScript. !14506
[OTHER] Replace the 'project/merge_requests.feature' spinach test with an rspec analog. !14621 (Vitaliy @blackst0ne Klachkov)
[OTHER] Update GitLab Pages to v0.6.0. !14630
[OTHER] Add documentation to summarise project archiving. !14650
[OTHER] Remove 'Repo' prefix from API entites. !14694 (Vitaliy @blackst0ne Klachkov)
[OTHER] Removes cycle analytics service and store from global namespace.
[OTHER] Improves i18n for Auto Devops callout.
[OTHER] Exports common_utils utility functions as modules.
[OTHER] Use simple=true for projects API in Projects dropdown for better search performance.
[OTHER] Change index on ci_builds to optimize Jobs Controller.
[OTHER] Add index for merge_requests.merge_commit_sha.
[OTHER] Add (partial) index on Labels.template.
[OTHER] Cache issue and MR template names in Redis.
[OTHER] changed dashed border button color to be darker.
[OTHER] Speed up permission checks.
[OTHER] Fix docs for lightweight tag creation via API.
[OTHER] Clarify artifact download via the API only accepts branch or tag name for ref.
[OTHER] Change recommended MySQL version to 5.6.
[OTHER] Bump google-api-client Gem from 0.8.6 to 0.13.6.
[OTHER] Detect when changelog entries are invalid.
[OTHER] Use a UNION ALL for getting merge request notes.
[OTHER] Remove an index on ci_builds meant to be only temporary.
[OTHER] Remove a SQL query from the todos index page.
Support custom attributes on users. !13038 (Markus Koller)
made read-only APIs for public merge requests available without authentication. !13291 (haseebeqx)
Hide read_registry scope when registry is disabled on instance. !13314 (Robin Bobbitt)
creation of keys moved to services. !13331 (haseebeqx)
Add username as GL_USERNAME in hooks.

10.0.7 (2017-12-07)

Security (5 changes)

Fix e-mail address disclosure through member search fields
Prevent creating issues through API when user does not have permissions
Prevent an information disclosure in the Groups API
Fix user without access to private Wiki being able to see it on the project page
Fix Cross-Site Scripting (XSS) vulnerability while editing a comment

10.0.5 (2017-11-03)

[FIXED] Fix incorrect X-axis labels in Prometheus graphs. !14258
[FIXED] Fix rake gitlab:incoming_email:check and make it report the actual error. !14423
[FIXED] Does not check if an invariant hashed storage path exists on disk when renaming projects. !14428
[FIXED] Fix bottom spacing for dropdowns that open upwards. !14535
[FIXED] Fix the project import with issues and milestones. !14657
[FIXED] Fix broken Y-axis scaling in some Prometheus graphs. !14693
[FIXED] Fixed duplicate notifications when added multiple labels on an issue. !14798
[FIXED] Don't rename paths that were freed up when upgrading. !15029
[FIXED] Fixed issue/merge request breadcrumb titles not having links.
[FIXED] Fix application setting to cache nil object.
[FIXED] Fix missing Import/Export issue assignees.
[FIXED] Allow boards as top level route.
[FIXED] Fixed milestone breadcrumb links.
[FIXED] Fixed merge request widget merged & closed date tooltip text.
[FIXED] fix merge request widget status icon for failed CI.

10.0.4 (2017-10-16)

[SECURITY] Move project repositories between namespaces when renaming users.
[SECURITY] Prevent an open redirect on project pages.
[SECURITY] Prevent a persistent XSS in user-provided markup.

10.0.3 (2017-10-05)

[FIXED] find_user Users helper method no longer overrides find_user API helper method. !14418
[FIXED] Fix CSRF validation issue when closing/opening merge requests from the UI. !14555
[FIXED] Kubernetes integration: ensure v1.8.0 compatibility. !14635
[FIXED] Fixes data parameter not being sent in ajax request for jobs log.
[FIXED] Improves UX of autodevops popover to match gpg one.
[FIXED] Fixed commenting on side-by-side commit diff.
[FIXED] Make sure API responds with 401 when invalid authentication info is provided.
[FIXED] Fix merge request counter updates after merge.
[FIXED] Fix gitlab-rake gitlab:import:repos task failing.
[FIXED] Fix pushes to an empty repository not invalidating has_visible_content? cache.
[FIXED] Ensure all refs are restored on a restore from backup.
[FIXED] Gitaly RepositoryExists remains opt-in for all method calls.
[FIXED] Fix 500 error on merged merge requests when GitLab is restored from a backup.
[FIXED] Adjust MRs being stuck on "process of being merged" for more than 2 hours.

10.0.2 (2017-09-27)

[FIXED] Notes will not show an empty bubble when the author isn't a member. !14450
[FIXED] Some checks in rake gitlab:check were failling with 'undefined method run_command'. !14469
[FIXED] Make locked setting of Runner to not affect jobs scheduling. !14483
[FIXED] Re-allow name attribute on user-provided anchor HTML.

10.0.1 (2017-09-23)

[FIXED] Fix duplicate key errors in PostDeployMigrateUserExternalMailData migration.

10.0.0 (2017-09-22)

[SECURITY] Upgrade brace-expansion NPM package due to security issue. !13665 (Markus Koller)
[REMOVED] Remove CI API v1.
[FIXED] Ensure correct visibility level options shown on all Project, Group, and Snippets forms. !13442
[FIXED] Fix the /projects/:id/repository/files/:file_path/raw endpoint to handle dots in the file_path. !13512 (mahcsig)
[FIXED] Merge request reference in merge commit changed to full reference. !13518 (haseebeqx)
[FIXED] Removes Sortable default scope. !13558
[FIXED] Wiki table of contents are now properly nested to reflect header level. !13650 (Akihiro Nakashima)
[FIXED] Improve bare project import: Allow subgroups, take default visibility level into account. !13670
[FIXED] Fix group and project search for anonymous users. !13745
[FIXED] Fix searching for files by path. !13798
[FIXED] Fix division by zero error in blame age mapping. !13803 (Jeff Stubler)
[FIXED] Fix incorrect date/time formatting on prometheus graphs. !13865
[FIXED] Changes the password change workflow for admins. !13901
[FIXED] API: Respect default group visibility when creating a group. !13903 (Robert Schilling)
[FIXED] Unescape HTML characters in Wiki title. !13942 (Jacopo Beschi @jacopo-beschi)
[FIXED] Make blob viewer for rich contents wider for mobile. !14011 (Takuya Noguchi)
[FIXED] Fix typo in the API Deploy Keys documentation page. !14014 (Vitaliy @blackst0ne Klachkov)
[FIXED] Hide admin link from default search results for non-admins. !14015
[FIXED] Fix problems sanitizing URLs with empty passwords. !14083
[FIXED] Fix stray OR in New Project page. !14096 (Robin Bobbitt)
[FIXED] Fix a wrong X-Gitlab-Event header when testing webhooks. !14108
[FIXED] Fix the diff file header from being html escaped for renamed files. !14121
[FIXED] Image attachments are properly displayed in notification emails again. !14161
[FIXED] Fixes the 500 errors caused by a race condition in GPG's tmp directory handling. !14194 (Alexis Reigel)
[FIXED] Fix MR ready to merge buttons/controls at mobile breakpoint. !14242
[FIXED] Fix Pipeline Triggers to show triggered label and predefined variables (e.g. CI_PIPELINE_TRIGGERED). !14244
[FIXED] Allow using newlines in pipeline email service recipients. !14250
[FIXED] Fix errors when moving issue with reference to a group milestone. !14294
[FIXED] Fix the "resolve discussion in a new issue" button. !14357
[FIXED] File uploaders do not perform hard check, only soft check.
[FIXED] Add to_project_id parameter to Move Issue via API example.
[FIXED] Update x/x discussions resolved checkmark icon to be green when all discussions resolved.
[FIXED] Fixed add diff note button not showing after deleting a comment.
[FIXED] Fix broken svg in jobs dropdown for success status.
[FIXED] Fix buttons with different height in merge request widget.
[FIXED] Removes disabled state from dashboard project button.
[FIXED] Better align fallback image emojis.
[FIXED] Remove focus styles from dropdown empty links.
[FIXED] Fix inconsistent spacing for edit buttons on issues and merge request page.
[FIXED] Fix edit merge request and issues button inconsistent letter casing.
[FIXED] Improve Import/Export memory usage.
[FIXED] Fix Import/Export issue to do with fork merge requests.
[FIXED] Fix invite by email address duplication.
[FIXED] Adds tooltip to the branch name and improves performance.
[FIXED] Disable GitLab Project Import Button if source disabled.
[FIXED] Migrate issues authored by deleted user to the Ghost user.
[FIXED] Fix new navigation wrapping and causing height to grow.
[FIXED] Normalize styles for empty state combo button.
[FIXED] Fix external link to Composer website.
[FIXED] Prevents jobs dropdown from closing in pipeline graph.
[FIXED] Include the is_admin field in the GET /users/:id API when current user is an admin.
[FIXED] Fix breadcrumbs container in issue boards.
[FIXED] Fix project feature being deleted when updating project with invalid visibility level.
[FIXED] Truncate milestone title if sidebar is collapsed.
[FIXED] Prevents rendering empty badges when request fails.
[FIXED] Fixes margins on the top buttons of the pipeline table.
[FIXED] Bump jira-ruby gem to 1.4.1 to fix issues with HTTP proxies.
[FIXED] Eliminate N+1 queries in loading discussions.json endpoint.
[FIXED] Eliminate N+1 queries referencing issues.
[FIXED] Remove unnecessary loading of discussions in IssuesController#show.
[FIXED] Fix errors thrown in merge request widget with external CI service/integration.
[FIXED] Do not show the Auto DevOps banner when the project has a .gitlab-ci.yml on master.
[FIXED] Reword job to pipeline to reflect what the graphs are really about.
[FIXED] Sort templates in the dropdown.
[FIXED] Fix Auto DevOps banner to be shown on empty projects.
[FIXED] Resolve Image onion skin + swipe does not work anymore.
[FIXED] Fix mini graph pipeline breakin in merge request view.
[FIXED] Fixed merge request changes bar jumping.
[FIXED] Improve migrations using triggers.
[FIXED] Fix ConvDev Index nav item and Monitoring submenu regression.
[FIXED] disabling notifications globally now properly turns off group/project added emails !13325
[DEPRECATED] Deprecate custom SSH client configuration for the git user. !13930
[CHANGED] allow all users to delete their account. !13636 (Jacopo Beschi @jacopo-beschi)
[CHANGED] Use full path of project's avatar in webhooks. !13649 (Vitaliy @blackst0ne Klachkov)
[CHANGED] Add filtered search to group merge requests dashboard. !13688 (Hiroyuki Sato)
[CHANGED] Fire hooks asynchronously when creating a new job to improve performance. !13734
[CHANGED] Improve performance for AutocompleteController#users.json. !13754 (Hiroyuki Sato)
[CHANGED] Update the GPG verification semantics: A GPG signature must additionally match the committer in order to be verified. !13771 (Alexis Reigel)
[CHANGED] Support a multi-word fuzzy search issues/merge requests on search bar. !13780 (Hiroyuki Sato)
[CHANGED] Default LDAP config "verify_certificates" to true for security. !13915
[CHANGED] "Share with group lock" now applies to subgroups, but owner can override setting on subgroups. !13944
[CHANGED] Make Gitaly PostUploadPack mandatory. !13953
[CHANGED] Remove project select dropdown from breadcrumb. !14010
[CHANGED] Redesign project feature permissions settings. !14062
[CHANGED] Document version Group Milestones API introduced.
[CHANGED] Finish migration to the new events setup.
[CHANGED] restyling of OAuth authorization confirmation. (Jacopo Beschi @jacopo-beschi)
[CHANGED] Added support for specific labels and colors.
[CHANGED] Move "Move issue" controls to right-sidebar.
[CHANGED] Remove pages settings when not available.
[CHANGED] Allow all AutoDevOps banners to be turned off.
[CHANGED] Update Rails project template to use Postgresql by default.
[CHANGED] Added support the multiple time series for prometheus monitoring.
[ADDED] API: Respect the "If-Unmodified-Since" header when delting a resource. !9621 (Robert Schilling)
[ADDED] Protected runners. !13194
[ADDED] Add support for copying permalink to notes via more actions dropdown. !13299
[ADDED] Add API support for wiki pages. !13372 (Vitaliy @blackst0ne Klachkov)
[ADDED] Add a Last 7 days option for Cycle Analytics view. !13443 (Mehdi Lahmam (@mehlah))
[ADDED] inherits milestone and labels when a merge request is created from issue. !13461 (haseebeqx)
[ADDED] Add 'from commit' information to cherry-picked commits. !13475 (Saverio Miroddi)
[ADDED] Add an option to list only archived projects. !13492 (Mehdi Lahmam (@mehlah))
[ADDED] Extend API: Pipeline Schedule Variable. !13653
[ADDED] Add settings for minimum SSH key strength and allowed key type. !13712 (Cory Hinshaw)
[ADDED] Add div id to the readme in the project overview. !13735 (Riccardo Padovani @rpadovani)
[ADDED] Add CI/CD job predefined variables with user name and login. !13824
[ADDED] API: Add GPG key management. !13828 (Robert Schilling)
[ADDED] Add CI/CD active kubernetes job policy. !13849
[ADDED] Add dropdown to Projects nav item. !13866
[ADDED] Allow users and administrator to configure Auto-DevOps. !13923
[ADDED] Implement failure_reason on ci_builds. !13937
[ADDED] Add branch existence check to the APIv4 branches via HEAD request. !13979 (Vitaliy @blackst0ne Klachkov)
[ADDED] Add quick submission on user settings page. !14007 (Vitaliy @blackst0ne Klachkov)
[ADDED] Add my_reaction_emoji param to /issues and /merge_requests API. !14016 (Hiroyuki Sato)
[ADDED] Make it possible to download a single job artifact file using the API. !14027
[ADDED] Add repository toggle for automatically resolving outdated diff discussions. !14053 (AshleyDumaine)
[ADDED] Scripts to detect orphaned repositories. !14204
[ADDED] Created callout for auto devops.
[ADDED] Add option in preferences to change navigation theme color.
[ADDED] Add JSON logger in log/api_json.log for Grape API endpoints.
[ADDED] Add CI_PIPELINE_SOURCE variable on CI Jobs.
[ADDED] Changed message and title on the 404 page. (Branka Martinovic)
[ADDED] Handle if Auto DevOps domain is not set in project settings.
[ADDED] Add collapsable sections for Pipeline Settings.
[OTHER] Add badge for dependency status. !13588 (Markus Koller)
[OTHER] Migration to remove pending delete projects with non-existing namespace. !13598
[OTHER] Bump rouge to v2.2.0. !13633
[OTHER] Fix repository equality check and avoid fetching ref if the commit is already available. This affects merge request creation performance. !13685
[OTHER] Replace 'source/search_code.feature' spinach test with an rspec analog. !13697 (blackst0ne)
[OTHER] Remove unwanted refs after importing a project. !13766
[OTHER] Never wait for sidekiq jobs when creating projects. !13775
[OTHER] Gitaly feature toggles are on by default in development. !13802
[OTHER] Remove is_ prefix from predicate method names. !13810 (Maxim Rydkin)
[OTHER] Update 'Using Docker images' documentation. !13848
[OTHER] Update gpg documentation with gpg2. !13851 (M M Arif)
[OTHER] Replace 'project/star.feature' spinach test with an rspec analog. !13855 (Vitaliy @blackst0ne Klachkov)
[OTHER] Replace 'project/user_lookup.feature' spinach test with an rspec analog. !13863 (Vitaliy @blackst0ne Klachkov)
[OTHER] Bump rouge to v2.2.1. !13887
[OTHER] Add documentation for PlantUML in reStructuredText. !13900 (Markus Koller)
[OTHER] Decrease ABC threshold to 55.25. !13904 (Maxim Rydkin)
[OTHER] Decrease Cyclomatic Complexity threshold to 14. !13972 (Maxim Rydkin)
[OTHER] Update documentation for confidential issue. !14117
[OTHER] Remove redundant WHERE from event queries.
[OTHER] Memoize the latest builds of a pipeline on a project's homepage.
[OTHER] Re-use issue/MR counts for the pagination system.
[OTHER] Memoize pipelines for project download buttons.
[OTHER] Reorganize indexes for the "deployments" table.
[OTHER] Improves markdown rendering performance for commit lists.
[OTHER] Only update the sidebar count caches when needed.
[OTHER] Improves performance of vue code by using vue files and moving svg out of data function in pipeline schedule callout.
[OTHER] Rework how recent push events are retrieved.
[OTHER] Restyle dropdown menus to make them look consistent.
[OTHER] Upgrade grape to 1.0.
[OTHER] Add usage data for Auto DevOps.
[OTHER] Cache the number of open issues and merge requests.
[OTHER] Constrain environment deployments to project IDs.
[OTHER] Eager load namespace owners for project dashboards.
[OTHER] Add description template examples to documentation.
[OTHER] Disallow NULL values for environments.project_id.
Add my reaction filter to search bar. !12962 (Hiroyuki Sato)
Generalize profile updates from providers. !12968 (Alexandros Keramidas)
Validate PO-files in static analysis. !13000
First-time contributor badge. !13143 (Micaël Bergeron micaelbergeron@gmail.com)
Add option to disable project export on instance. !13211 (Robin Bobbitt)
Hashed Storage support for Repositories (EXPERIMENTAL). !13246
Added tests for commits API unauthenticated user and public/private project. !13287 (Jacopo Beschi @jacopo-beschi)
Fix CI_PROJECT_PATH_SLUG slugify. !13350 (Ivan Chernov)
Add checks for branch existence before changing HEAD. !13359 (Vitaliy @blackst0ne Klachkov)
Fix the alignment of line numbers to lines of code in code viewer. !13403 (Trevor Flynn)
Allow users to move issues to other projects using a / command. !13436 (Manolis Mavrofidis)
Bumps omniauth-ldap gem version to 2.0.4. !13465
Implement the Gitaly RefService::RefExists endpoint. !13528 (Andrew Newdigate)
Changed all font-weight values to 400 and 600 and introduced 2 variables to manage them.
Simplify checking if objects exist code in new issaubles workers.
Present enqueued merge jobs as Merging as well.
Don't escape html entities in InlineDiffMarkdownMarker.
Move ConvDev Index location to after Cohorts.
Added type to CHANGELOG entries. (Jacopo Beschi @jacopo-beschi)
[BUGIFX] Improves subgroup creation permissions. !13418

130 KiB Raw Permalink Blame History

10.8.6 (2018-07-17)

Security (2 changes)

10.8.5 (2018-06-21)

Security (5 changes)

10.8.4 (2018-06-06)

10.8.3 (2018-05-30)

Fixed (4 changes)

Performance (1 change)

10.8.2 (2018-05-28)

Security (3 changes)

10.8.1 (2018-05-23)

Fixed (9 changes)

10.8.0 (2018-05-22)

Security (3 changes, 1 of them is from the community)

Fixed (47 changes, 11 of them are from the community)

Changed (35 changes, 15 of them are from the community)

Performance (26 changes, 11 of them are from the community)

Added (22 changes, 10 of them are from the community)

Other (22 changes, 8 of them are from the community)

10.7.7 (2018-07-17)

Security (1 change)

10.7.6 (2018-06-21)

Security (6 changes)

Other (1 change)

10.7.5 (2018-05-28)

Security (3 changes)

10.7.4 (2018-05-21)

Fixed (1 change)

10.7.3 (2018-05-02)

Fixed (8 changes)

10.7.2 (2018-04-25)

Security (2 changes)

10.7.1 (2018-04-23)

Fixed (11 changes)

Performance (4 changes)

Added (1 change)

10.7.0 (2018-04-22)

Security (6 changes, 2 of them are from the community)

Fixed (65 changes, 20 of them are from the community)

Deprecated (1 change)

Changed (22 changes, 2 of them are from the community)

Performance (24 changes, 11 of them are from the community)

Added (38 changes, 7 of them are from the community)

Other (27 changes, 11 of them are from the community)

10.6.6 (2018-05-28)

Security (4 changes)

10.6.5 (2018-04-24)

Security (1 change)

10.6.4 (2018-04-09)

Fixed (8 changes, 1 of them is from the community)

Performance (1 change)

10.6.3 (2018-04-03)

Security (2 changes)

10.6.2 (2018-03-29)

Fixed (2 changes, 1 of them is from the community)

10.6.1 (2018-03-27)

Security (1 change)

Fixed (2 changes)

Performance (1 change)

Other (1 change)

10.6.0 (2018-03-22)

Security (4 changes)

Fixed (75 changes, 17 of them are from the community)

Changed (16 changes, 9 of them are from the community)

Performance (24 changes, 5 of them are from the community)

Added (30 changes, 9 of them are from the community)

Other (18 changes, 7 of them are from the community)

10.5.8 (2018-04-24)

Security (1 change)

10.5.7 (2018-04-03)

Security (2 changes)

10.5.6 (2018-03-16)

Security (2 changes)

10.5.5 (2018-03-15)

Fixed (3 changes)

Performance (2 changes)

10.5.4 (2018-03-08)

Fixed (11 changes)

Performance (1 change)

130 KiB

Raw Permalink Blame History