098127227f
CHANGELOG.md was getting very large, so this commit: 1. Creates `changelogs/archive-$x.md` for each major version of GitLab, starting at GitLab 10. 2. Archives the matching EE changelogs in that directory too. 3. Documents this in changelogs/archive.md.
70 KiB
70 KiB
11.11.8
- No changes.
11.11.7
Security (5 changes)
- Don't override approval rules if not allowed.
- Grant admin note permissions in epics for maintainers and owners.
- Prevent an XSS vector in the add approver email.
- Ensure the Insights configuration project is part of the group and is accessible to the current user.
- Make vulnerability feedback invisible if limited access to repo.
11.11.4 (2019-06-26)
Fixed (1 change)
- Use quarantine size to check push size against repository size limit. !14269
11.11.3 (2019-06-10)
Fixed (1 change)
- Fix create mr from vuln modal regression. !13524
11.11.2 (2019-06-04)
Performance (1 change)
- Geo - Does not apply selective sync restrictions while counting registries on the tracking database. !13257
11.11.0 (2019-05-22)
Security (1 change)
- Destroy project remote pull mirrors instead of disabling. !10355
Fixed (26 changes)
- Add missing endpoint for user information to GitHub API. !10482
- Remove slack slash commands double up. !10555
- Display Scoped Labels on Issue Board. !10669
- Ensure custom group template feature is available only for groups on gold and silver. !10678
- Fix removing and updating insights config, and foreign key constraints. !11030
- Geo: Fix broken button to delete orphaned upload registries through Admin. !11156
- Resolve: Epic labels in system notes point to the epic itself. !11234
- Geo: Fix: Project sync failures usually double-increment *_retry_count. !11381
- Fix unauthenticated GET of public Epics API. !11485
- Hide ScopedBadge overflow notes. !11548
- Fixes a CI failure in jest. !11586
- Fix error when reordering/deleting subgroup epics. !11837
- Fix some filter bar tokens not showing up when multiple assignees are enabled. !11939
- Geo: Fix OAuth authentication with relative URLs. !11976
- Fix for not being able to remove the last namespace/project from elasticsearch limited namespaces/projects. !11989
- Fix approvals project settings section when merge requests disabled. !12070
- Enable alert bot to use quick actions. !12127
- Geo: Remove counts over geo_event_log table. !12146
- Geo: Prevent RegistryFinder calls on the primary. !12183
- Fix placement of LDAP icon in members list. !12304
- Use path instead of a URL for accessing approval settings. !12414
- Remove non-semantic use of
.row
in member listing controls. !12466 - Force tag overwrite on mirror update. !12491
- Fixes the feedback paths on the project security dashboard. !12849
- Fixed starting a review on images.
- Fix updating board attributes through API.
Changed (13 changes)
- Group SAML enforcement requires active SSO session for group access. !10034
- Geo: Rename "Disable" to "Pause|Resume" (Admin > Geo Nodes). !10297
- Upgrade group security dashboard to use gitlab-ui line chart. !10479
- Geo - Implement selective sync support for the LFS objects FDW queries. !10757
- Documentation : Improve selective sync documentation. !11072
- Geo: Implement selective sync support for the FDW queries to count the number of attachments to sync. !11107
- Allowing Elasticsearch indexing gap recovering. !11408
- Geo - Implement selective sync support for the FDW queries to count attachments. !11518
- Geo - Implement selective sync support for the FDW queries to find attachments. !11544
- Geo - Add selective sync support for the job artifacts FDW queries. !11892
- Fetch all available groups when creating MR approval rule. !12096
- SSO enforcement requires active SAML session for web access to project resources. !12109
- Perform LDAP group sync on sign in only for new users.
Performance (3 changes)
- Swap conditions to reduce frequency of database query. !11217
- Add index for mirror_user_id to projects table. !11422
- Geo - Improve performance of the selective sync cleanup worker. !11998
Added (27 changes, 2 of them are from the community)
- Proxy websocket requests to build services. !9723
- Add dependency proxy for containers. !9750
- Added gitlab:elastic:projects_not_indexed rake task. !9854 (Jason Colyer)
- Added Snowplow tracking to notes. !10104
- Support multiple assignees for merge requests. !10161
- Add UI to enable/disable a dependency proxy on a group level. !10386
- Let the GitLab Alert bot open incident issues. !10460
- Remove feature flag
:incident_management
. !10569 - Allow multiple secondary nodes behind a load balancer. !10755
- Copy LFS objects from pull mirror. !10779
- Geo: Inform users about current replication lag in the UI on secondaries. !10807
- Autosave description in epics. !10844
- Keep track of packages_file in ProjectStatistics. !11020
- Adds a dismissal item to the vulnerability modal. !11028
- Add project level config for merge train. !11065
- Support pie charts in Insights. !11186
- Create ActiveRecordModel and table for Merge Train feature. !11204
- Allow adding GitLab license at installation time. !11244
- Added ZAP Full Scan support for DAST. !11269
- Add created_at and updated_at filters to Epics API. !11315 (jramsay)
- Add API to retrieve security vulnerabilities. !11539
- Basic Rails implementation for BOM. !11613
- Add Frontend Store and UI For Environments Dashboard MVC. !11702
- Track clicks on uninstall button for kubernetes implementation. !12048
- Add Vulnerabilities API scoping: severity, confidence, and dismissal. !12076
- Alert users that protected environments affects feature flags. !12168
- Support creating a new child epic from the API.
Other (8 changes, 1 of them is from the community)
- Improve project settings page layout and UX. !10388
- Uses the more explicit vulnerability feedback endpoints on the front end. !10461
- Automatically enable multiple MR assignees feature flag. !10558
- Move geo_log_cursor binary to the ee folder. !10821
- Move sidekiq-cluster to ee/bin. !11001
- Move ee-specific code from boards/components/issue_card_inner.vue. !11032 (Roman Rodionov)
- Make all billing cards fit in view. !11602
- Extracted EE specific lines for spec/javascripts/vue_mr_widget/mock_data.js. !11847
11.10.8 (2019-06-27)
- No changes.
Security (2 changes)
- Gate MR head_pipeline behind read_pipeline ability.
- Do not allow localhost urls in GitHub Integration.
11.10.7 (2019-06-26)
Fixed (1 change)
- Use quarantine size to check push size against repository size limit. !14271
11.10.6 (2019-06-04)
Fixed (5 changes, 1 of them is from the community)
- Fix removing and updating insights config, and foreign key constraints. !11030
- Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng)
- Fix approvals project settings section when merge requests disabled. !12070
- Use path instead of a URL for accessing approval settings. !12414
- Fix relative url root issues with license management. !12488
11.10.4 (2019-05-01)
Fixed (1 change, 1 of them is from the community)
- Fix error retrieving licenses when relative URL in use. !11717 (Hiroyuki Sato)
Changed (1 change)
- [Insights] Change the default weeks period limit to 12. !11498
11.10.3 (2019-04-30)
- No changes.
11.10.2 (2019-04-25)
Security (1 change)
- Handle race condition when creating an MR approval.
11.10.1 (2019-04-23)
Fixed (4 changes)
- Fix approval rules when used with relative url root. !10819
- Fix add/remove pipeline dashboard issue. !11029
- Fix JWT token check when repository does not exist. !11033
- Fix preventing approval of merge requests by an author. !11263
Changed (2 changes)
- Improve SAML settings with validation, design, and help text. !10450
- Use a single color for the Insights time series bar charts. !11076
11.10.0 (2019-04-22)
Security (3 changes)
- Check label_ids parent when updating issue board.
- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary.
- Expose only basic group attributes in boards API.
Fixed (25 changes)
- User Statistics in Admin Dashboard now a button. !8807
- Fix misalignment of dropdowns in edit board modal of issue boards. !9909
- Geo: Support archive recovery or streaming replication types in health check. !9935
- Geo: Only display Geo-specific clone instructions button on a Geo Secondary node. !10007
- Resolve Deletion of vulnerability-associated issuables prevents security report from loading. !10016
- Elasticsearch API: Fix project_id showing as 0 for all blobs. A reindex will be required. !10020
- Make editing the filters in the Group Security Dashboard easier. !10138
- Geo - Reset the verification checksum after deployment refs are created. !10160
- Search snippets via elasticsearch. !10325
- Fixed bug preventing users from adding child epics with multiple children. !10331
- Fix merge requests being added to Jira Development Panel. !10342
- Fix authors of merge commits being excluded from approving an MR. !10359
- Fix ChatOps Slack responder for gitlab.com. !10416
- Fix sorting by priority with filtering by approvers. !10446
- Make UpdateRepositoryStorageService idempotent. !10457
- Fix broken links to protected environments on the CI/CD settings page. !10470
- Notify owner that group is invalid when LDAP "Sync now" fails. !10509
- Fix user agent string for Hosted Jira. !10545
- Fix query used to calculate number of users over license. !10556
- Fix pipeline bridge serialization error. !10565
- Correct path to cluster health partial. !10638
- Ensure Insights charts show all periods even if there are no data. !10733
- Hide scoped labels help text without corresponding license. !10737
- Fix merge request operation failure (e.g. assigning user) when project approvers required increases. !10766
- Include subgroups when finding Insights issuables. !10801
Changed (27 changes)
- Move project search bar into modal dialog on Operations Dashboard page. !9260
- Geo - Add selective sync support for the FDW queries to count synced registries. !9445
- Geo - Add selective sync support for the FDW queries to count failed registries. !9527
- Convert enable group authentication checkbox to toggle button. !9816
- Geo: Limit max backoff time by 1 hour, instead of 7 days. !9893
- Documented Guide to using Geo in HA with RDS cross-region replicas. !9985
- Dynamically resize security group dashboard vuln graph. !10028
- Add self approval of merge requests setting to merge requests approvals API. !10050
- elasticsearch: Switch from LZ4 to DEFLATE compression. !10072
- Geo - Store the invalid checksum when we have a mismatch. !10101
- Add requested resources to cluster health metrics. !10135
- Allow self-approvals in fallback approval rules. !10218
- Geo - Add selective sync support for FDW queries to find verified registries. !10255
- Add file line number to vuln modal. !10265
- Geo - Add selective sync support for FDW queries to find registries where verification has failed. !10266
- Enforce Geo JWT tokens scope for repository sync. !10303
- Display link to review note in text email, similar to HTML email. !10401
- Geo - Add selective sync support for the FDW queries to find mismatch registries. !10434
- Geo - Add selective sync support for queries to find registries retrying verification. !10436
- Geo - Add selective sync support for the FDW queries to find registries to verify. !10438
- Improve DAST location fingerprints. !10487
- Change order in dast location fingerprint. !10487
- Geo: Add selective sync support for the FDW queries to find unsynced projects. !10522
- Enrich container scanning with more data on the frontend. !10526
- [Geo] Don't mark sync as successful if repo does not exist because of some problems. !10578
- Move operations dashboard from Ultimate to Premium. !10586
- Support multiple chart per page for Insights.
Performance (3 changes)
- Avoid a Gitaly N+1 when loading commits for Elasticsearch search results. !9760
- Geo: Optimize repository and wiki verification counts. !9939
- Avoid N+1 when loading Code search results with Elasticsearch enabled. !10394
Added (31 changes, 1 of them is from the community)
- Add approval and unapproval webhooks. !8742
- Adding pipelines to the operations dashboard. !9197
- Add operations dashboard usage counts to usage data. !9291
- Automatically deprovision and update users from a configured identity via SCIM. !9388
- Add SCIM Token section to SAML SSO Settings. !9619
- Use merge request MERGE ref for attached merge request pipelines. !9622
- Geo: Support syncing over non-publicly accessible URLs. !9634
- Prevent merge if the merge request pipeline is stale. !9643
- Block possibility to change email for users with group managed account. !9712
- Geo admin panel for upload verification. !9720
- Geo: Create separate models for different registries. !9755
- Add ability to purchase extra CI minutes. !9815
- Update Web IDE config to accept ports. !9818
- Allow per-project and per-group enabling of Elasticsearch indexing. !9861
- Geo: Help admins diagnose configuration problems. !9988
- Added MAVEN_CLI_OPTS env var support to License Management CI job. !10012
- Show DAST vulnerabilities in the Group Security Dashboard. !10271
- Show DAST in Group Security Dashboard Back-End. !10277
- Removing pipeline dashboard feature flag. !10302
- Update user name upon LDAP sync. !10316 (@icode1)
- Collect usage of pod logs feature. !10370
- Added metrics reports widget to merge request page. !10380
- IP whitelisting for Geo-enabling functionality in the primary. !10383
- Persist in the URL the page and day range of vulnerabilities viewed in the Group Security Dashboard. !10402
- Add 'Metrics' job artifact report type. !10452
- Create a user via SCIM. !10456
- Geo: Display secondary replication lag on console (if lag > 0 seconds). !10471
- Add Roadmap to Epic page. !10488
- Expose merge request pipeline parameters for MR widget. !10502
- Allow instance admins to link all projects to Jira DVCS. !10541
- Added mutually exclusive key value labels.
Other (4 changes)
- Simplify admin instance licenses page. !9785
- Extract EE specific files and externalize strings in admin application settings. !9930
- Add specs for coerced labels parameter in Epics API. !9932
- Improve project service desk settings. !10381
11.9.12 (2019-05-30)
Security (3 changes, 1 of them is from the community)
- Filter relative links in wiki for XSS. (kerrizor)
- Fix XSS in Ancestor tooltip title.
- Ignore out of range epic IDs.
11.9.10 (2019-04-26)
Security (1 change)
- Handle race condition when creating an MR approval.
Fixed (1 change, 1 of them is from the community)
- Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng)
11.9.9 (2019-04-23)
Fixed (1 change)
- Fix approval rules when used with relative url root. !10819
11.9.8 (2019-04-11)
Fixed (1 change)
- Fix sorting by priority with filtering by approvers. !10446
11.9.7 (2019-04-09)
Security (1 change)
- Expose only basic group attributes in boards API.
11.9.6 (2019-04-04)
Fixed (3 changes)
- Fix project approval rule with only private group being considered as approved when override is allowed. !10356
- Fix approval rule sourcing from forked MR. !10474
- Guard against ldap_sync_last_sync_at being nil. !10505
Added (1 change)
- Add Insights frontend to retrieve and render chart. !9856
11.9.5 (2019-04-03)
Fixed (3 changes)
- Fix project approval rule with only private group being considered as approved when override is allowed. !10356
- Fix approval rule sourcing from forked MR. !10474
- Guard against ldap_sync_last_sync_at being nil. !10505
Added (1 change)
- Add Insights frontend to retrieve and render chart. !9856
11.9.3 (2019-03-27)
Security (1 change)
- Check label_ids parent when updating issue board.
11.9.2 (2019-03-26)
Security (2 changes)
- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary.
- Check label_ids parent when updating issue board.
11.9.1 (2019-03-25)
Fixed (1 change)
- Fix date save for Epic to reflect on UI immediately after save. !10321
11.9.0 (2019-03-22)
Security (4 changes)
- Prevent Group SAML authorizing sign in without prior user approval.
- Respect group membership lock when importing a member from another group.
- Remove the possibility to share a project with a group that a user is not a member of.
- Prevent SAML access when disabled by group admin on GitLab.com.
Fixed (22 changes)
- Allow assigning Prometheus alerts to multiple environments. !7361
- Fix repo pushes while initial Elasticsearch indexing not permitting initial indexing to complete. !9478
- Fix vulnerability occurrence scope to trailing 30 days. !9494
- Skip whitelisted vulnerabilities in Container Scanning reports. !9528
- Fix npm registry for yarn. !9599
- Renders inline downstream & upstream pipelines. !9627
- Prunes whole Geo event when there's only a primary. !9630
- Fix alert notifications for non-public projects. !9636
- Fix 500 error when visiting merged merge request. !9648
- Allow plus symbol in maven package version. !9657
- Show commands applied message when promoting issues to epics. !9669
- Ensure comments from merge request review is displayed in the same order as user commenting order. !9684
- Geo - Fix selective sync by namespace. !9732
- Fix bridge jobs than can be hidden keys too. !9796
- Fix approval-related UI showing up in free plan. !9819
- Add 'No approvals required' view to approval rules (behind feature flag). !9899
- Fix npm package install with a dot in the name. !9900
- GroupSAML for GitLab.com prevents blank NameID. !9907
- Fix protected environment initializer. !10150
- Fix SSH pull mirrors not working. !10272
- Fix HTML spew in Locked Files page.
- Fixes Broken new/edit feature flag form.
Changed (9 changes, 1 of them is from the community)
- Remove authorization from /managed_licenses. !8541
- Consider dismissed items in security reports summary. !9275
- Add backend for cross-project pipeline dashboard MVC. !9396
- Create merge request approval rule for each code owner entry. !9455
- Split severity and confidence values for vulnerabilities. !9495
- Enforce Geo JWT tokens scope for file uploads and Geo API. !9502
- Update cluster health empty state. !9540 (George Tsiolis)
- Add extra graph spacing on the Security Dashboard Group Vulnerability Chart. !9780
- Add Kerberos URL back to clone panel. !9840
Performance (1 change)
- Eliminate N+1 queries in Epics API. !9897
Added (23 changes, 1 of them is from the community)
- Enabled setting the Security Dashboard as a default view for groups. !7889
- Add reordering of child epics. !9283
- Create MR from Vulnerability Solution. !9326
- Create pool repositories on Geo secondaries. !9428
- Add date range for security dashboard graph. !9446
- Add filtering merge requests by approvers. !9468
- Add audit log for managing feature flags. !9487
- Add DELETE package API endpoint. !9623
- Enrich container scanning report. !9641
- Adapt feedback for Container Scanning vulnerabilities. !9655
- Enforce merge request approvals from code owners. !9656
- Added vendored CI/CD template for Dependency Scanning job. !9660
- Add Insights config behind the "group_insights" feature flag. !9665
- Add single package API endpoint. !9667
- Added GET /licenses and DELETE /license/:id endpoints. !9733
- Add container scanning results to group security dashboard. !9736
- Add an incident management settings form and create issues from alertmanager alerts. !9773
- Add API for reordering child epics. !9781
- Allow guests to comment on epics. !9783
- Display Recent Boards in Board switcher. !9808
- Add Ancestors in Epic Sidebar. !9817
- Add vendored templates for SAST, DAST, Container Scanning and License Management job definitions. !9921
- Add realtime validation for user fullname and username on validation. !25017 (Ehsan Abdulqader @EhsanZ)
Other (12 changes, 1 of them is from the community)
- Use export-import svg from gitlab-svgs. !9453
- Renames 'revert dismissal' to 'undo dismiss' on the Group security dashboard. !9500
- Using positional arguments in request specs have been deprecated. !9506 (Jasper Maes)
- Splits the severity and confidence constants in the group security dashboard frontend. !9535
- Add Gitlab.com gold trial callout to /billings. !9611
- Update project settings section titles and info. !9614
- Improve visual consistency of values in vulnerability modal. !9616
- Limit Group Security Dashboard to selected types of report. !9626
- Make related issues components reusable. !9730
- sidekiq-cluster: put each sidekiq in a new pgroup. !9775
- License Management: Load up to a 100 licenses per default. !9913
- Adds documentation for autoremediation. !10054
11.8.10 (2019-04-30)
- No changes.
11.8.3 (2019-03-19)
- No changes.
11.8.2 (2019-03-13)
Fixed (4 changes)
- Fix 500 error when visiting merged merge request. !9648
- Fix bridge jobs than can be hidden keys too. !9796
- Fix approval-related UI showing up in free plan. !9819
- Add 'No approvals required' view to approval rules (behind feature flag). !9899
11.8.0 (2019-02-22)
Security (2 changes)
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !790
- Hide personal access tokens from other maintainers.
Fixed (28 changes, 1 of them is from the community)
- Add keyboard navigation to issue board switcher and remove duplicate scroll bar. !8591
- Geo: Always update the default branch on the secondary. !9064
- Fix public group milestones not shown in epics autocomplete. !9068
- Check hosts file for nameserver IP. !9071
- Fixes the icon for fixed vulnerability in Container Scanning report. !9120
- Return 400 error instead of 500 when upload maven package with invalid version. !9125
- Fix mirrors that have invalid SSH public auth mode set. !9135
- Hide packages without version from UI. !9151
- Remove duplicate "Operations Dashboard" header/breadcrumb. !9152 (Nathan Friend)
- Create UTC date in subscription table. !9166
- Display epic icon in related epics list. !9166
- Don't validate Jenkins username if password is blank. !9198
- Don't show Alert widget for non-licensed users. !9224
- Group security dashboard: Fix overflow for Vulnerabilities with long titles. !9271
- Geo - Respect shard restriction while loading new resources to verify on the Geo secondary node. !9343
- When cleaning up repositories, ensure orphaned entries do not remain in the tracking database. !9344
- Geo - Make sure project does not meet selective sync rule before deleting it. !9345
- Fix alert notification emails are not being sent. !9393
- Fix alert notifications for managed Prometheus. !9402
- Replacing old blob methods in ElasticSerach module. !9418
- Add checks to prevent cycling hierarchy in epics structure. !9438
- Fix bug where users could not be added in protected branch rules. !9474
- Avoid SAML required_groups indiscriminately unblocking users on login. !9489
- Resolve Cannot scroll forwards in time for roadmap view. !9530
- Fix unleash server side cannot return feature flags. !9532
- Show alerts settings only for manual configuration. !9538
- Fix access to constant Gitlab::RepositorySizeError. !9579
- Clear our import data credentials when adding new mirrors. !24339
Deprecated (1 change)
- Geo: Show hashed storage warnings on geo nodes page. !8433
Changed (14 changes)
- Prevent commit authors from self approvaling merge requests. !9007
- Add docs link to explain legacy and new email format. !9020
- Recursively expands upstream and downstream pipelines. !9073
- Geo: Don't show external link icon on current node. !9130
- Issues created from vulnerabilities are now confidential by default. !9157
- Validate custom metrics. !9178
- Change paginate number to 20. !9213
- Convert buttons to button group on Group Security Dashboard. !9220
- Make it possible to edit Geo primary through API. !9328
- Geo: Handle repository and wiki sync separately in Geo::ProjectSyncWorker. !9360
- Geo: Add settings page empty state. !9415
- Renders New and Edit forms for feature flag in Vue and allow to define scopes.
- Improves title in feature flags empty states.
- Adds environment column to the feature flags page.
Performance (5 changes)
- Solve a N+1 issue in Groups::AnalyticsController. !4508
- Refactored Epic app in Vuex for better performance and maintenance. !9361
- Optimize slow pipelines.js response. !9387
- Disable commit checks when no push rules are active. !9569
- Enable some frozen string in ee/lib.
Added (22 changes, 1 of them is from the community)
- Elasticsearch: Support for Gitaly. !7434
- Canary deployment callout on the environments page. !8457
- Allow to filter notes in epics. !8978
- Multiple blocking merge request approval rules (behind feature flag). !9001
- Add support for auto-expanding Roadmap timeline on horizontal scroll. !9018
- Added Snowplow tracking to issues import. !9067
- Persist Group Level Security Dashboard state in URL. !9108
- Multiple environments support for feature flags (Unleash API standpoint). !9110
- Shows the approval given/required counts and its status for each MR when viewing the Merge Requests page. !9142 (Glavin Wiechert, Andy Steele)
- Support CURD operation for feature flag scopes. !9182
- Add epic links API endpoints. !9188
- Store DAST scan results in the database. !9192
- Add LDAP integration to smartcard authentication. !9235
- Allow SSO enforcement in group settings for GitLab.com. !9240
- Add API endpoint for project packages. !9259
- Add upvote/downvote information to epics API. !9264
- Resolve Implement access controls when SSO enforcement enabled. !9270
- Add package files API endpoint. !9305
- Support alerts from external Prometheus servers. !9334
- Cross-project pipelines support in .gitlab-ci.yml. !9374
- Enable mails for external alerts. !9457
- Moving repository across shards leaves the pool.
Other (13 changes, 7 of them are from the community)
- Gather JIRA DVCS integration usage data. !8949
- ActiveRecord::Migration -> ActiveRecord::Migration[5.0] for AddAlertManagerTokenToClustersApplicationPrometheus and EnqueuePrometheusUpdates. !9049 (Jasper Maes)
- Track navbar links in Snowplow. !9059
- Adds snowplough tracking for the group security dashboard filters. !9119
- Support Ajax endpoints for FeatureFlagsController. !9127
- Fix deprecation: Passing an argument to force an association to reload is now deprecated. !9140 (Jasper Maes)
- Fix deprecation: #original_exception is deprecated. Use #cause instead. !9141 (Jasper Maes)
- Uses GLDropdown for licence management. !9237
- Replace deprecated render text. !9346 (Jasper Maes)
- Fix several ActionController::Parameters deprecations. !9347 (Jasper Maes)
- Fix deprecation: uniq is deprecated and will be removed from Rails 5.1. !9348 (Jasper Maes)
- Turn on rubocop for frozen string in ee/. (gfyoung)
- Creates an EE component for the pipeline graph.
11.7.12 (2019-04-23)
- No changes.
11.7.11 (2019-04-09)
Security (1 change)
- Expose only basic group attributes in boards API.
11.7.10 (2019-03-28)
Security (1 change)
- Check label_ids parent when updating issue board.
11.7.8 (2019-03-26)
Security (2 changes)
- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary.
- Check label_ids parent when updating issue board.
11.7.7 (2019-03-19)
- No changes.
11.7.5 (2019-02-05)
Fixed (2 changes)
- Fix Kerberos authentication. !9390
- Fix background migration error when project repository is missing. !9392
11.7.2 (2019-01-29)
Security (6 changes)
- Avoid leaking unauthorized approver group members. !766
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791
- Check access rights when creating/updating ProtectedRefs.
- Fix locked file visibility issue for private repositories.
- Filter out non-project member approvers.
- Remove HTTP POST in JIRA OAuth access_token endpoint.
11.7.1 (2019-01-28)
Security (6 changes)
- Avoid leaking unauthorized approver group members. !766
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791
- Check access rights when creating/updating ProtectedRefs.
- Fix locked file visibility issue for private repositories.
- Filter out non-project member approvers.
- Remove HTTP POST in JIRA OAuth access_token endpoint.
11.7.0 (2019-01-22)
Security (1 change)
- Add a shared secret to prevent abuse of the alert endpoint.
Fixed (27 changes, 2 of them are from the community)
- Defaults to feature flags link for Operations entry. !8622
- Fix error on explore page when logged out due to gold trial callout. !8674
- Prevents the empty state from showing when the dashboard errors. !8703
- Allow matching only the repo-root for CODEOWNERS. !8708
- Fix adding labels to epics using quick actions. !8772
- Geo: Keep the minimum cursor last event. !8832
- Reinstate sorting issuable by weight. !8834
- Geo - Show the proper label for the last repository check run on Geo projects page. !8844
- Resolve Reorder gitlab:elastic:index rake tasks to ensure wikis and database are completed even if projects error out. !8852
- Remove dash on issue weight for unauthorized users. !8882 (George Tsiolis)
- Dismiss epic promotion and persist it across reloads. !8885
- Fix JIRA Development Panel links with subgroups. !8908
- Remove epic field in sidebar for projects without groups. !8919
- Remove duplicate padding from issue board switcher. !8928
- Resolve Ctrl+Enter immediately adds MR comment. !8932
- Geo: Ignore invalid attributes when updating Geo node status. !8957
- Fix border-radius for related issues. !8958 (Johann Hubert Sonntagbauer)
- Fix Security Dashboard Header font size. !9011
- Fix title and description for issue created from a vulnerability. !9022
- Pseudonymizer: Gracefully handle empty pseudo entries. !9044
- Fix permission check when creating an issue from a vulnerability. !9055
- Docfix - broken doc links for Secure/Autodevops features. !9058
- Fix Error 500 when deleting a pipeline via the API. !9104
- Uses project_id instead of project on the group security dashboard. !9109
- Recursively get all of a groups projects. !9205
- Fix data migration failure if approvals_before_merge is set to too high. !9217
- Don't remove milestones when moving issues to board backlog from non-milestone list.
Changed (5 changes, 1 of them is from the community)
- Update Geo nodes empty state. !8576 (George Tsiolis)
- Add search field to issue board switcher. !8862
- Allow downloading package files from UI. !8888
- Changes to the data model for counts on the Group Security Dashboard. !9035
- Fix packages UI mentioned only Maven packages support. !9132
Performance (2 changes, 1 of them is from the community)
- Fix timeout loading Open list when board contains assignee lists.
- Enable some frozen string in ee/lib. (gfyoung)
Added (17 changes)
- Add an instance-level endpoint for downloading maven packages. !8274
- Add NPM registry support to GitLab packages. !8673
- Store container scanning CI jobs results into the database. !8797
- Add a group-level endpoint for downloading maven packages. !8798
- Add Filtering vulnerabilities in the Group Security Dashboard. !8817
- Allow to filter Feature Flags. !8821
- Geo - Show last verification time on Geo projects page. !8845
- Adds basic filtering to the Group Security Dashboard frontend. !8886
- Autocomplete issues and MRs in epics. !8936
- Adds project filtering to the GSD. !8944
- Allow using TCP for DB load balancing DNS lookups. !8961
- Add filtering for summary and history on security dashboard. !8972
- Add solution card to the vulnerability modal. !9030
- Allows the Group Security Dashboard to select multiple filters. !9031
- Added Snowplow tracking to issues export. !9045
- Add support for relationship between epics. !9051
- Added pagination to epics API endpoint.
Other (13 changes, 3 of them are from the community)
- Promote starting a GitLab.com Gold trial on the dashboard. !6947
- Adds event tracking to navbar. !7787
- Update tracing settings to match error tracking settings. !8786
- Adapt subscriptions page for free plans and trials. !8838
- Support for new SAST and dependency scanning report format. !8869
- Remove deprecated ActionDispatch::ParamsParser. !8897 (Jasper Maes)
- Fix deprecation: Comparing equality between ActionController::Parameters and a Hash is deprecated. !8914 (Jasper Maes)
- Removes Notes from GitLab Pseudonymizer config. !8923
- Add count of projects with tracing enabled to usage ping data. !8940
- Adds dependency scanning to the report type filters on GSD. !9034
- Fix deprecation: Using positional arguments in specs for EE spes in spec/. !9040 (Jasper Maes)
- Pass issuable-type in AddIssuableForm. !9111
- Gather deepest epic relationship data.
11.6.11 (2019-04-23)
- No changes.
11.6.10 (2019-02-28)
Security (5 changes)
- Remove the possibility to share a project with a group that a user is not a member of.
- Prevent Group SAML authorizing sign in without prior user approval.
- Prevent SAML access when disabled by group admin on GitLab.com.
- Respect group membership lock when importing a member from another group.
- Ignore out of range epic IDs.
11.6.9 (2019-02-04)
- No changes.
11.6.8 (2019-01-30)
- No changes.
11.6.5 (2019-01-17)
Fixed (1 change)
- Fix Error 500 when deleting a pipeline via the API. !9104
11.6.4 (2019-01-15)
- No changes.
11.6.3 (2019-01-04)
Fixed (1 change)
- Fix instance project templates no longer working. !9019
11.6.2 (2019-01-02)
Fixed (1 change)
- Fix issue ID wrapping and avatar counter shrinking in Related Issues list. !8854
11.6.1 (2018-12-28)
Security (1 change)
- Add a shared secret to prevent abuse of the alert endpoint.
11.6.0 (2018-12-22)
Security (7 changes)
- Switch from CBC to GCM for Geo logout tokens. !8518
- Prevent reporter roles from viewing the Jaeger tracing settings page.
- Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues.
- Fix IDOR at /drafts/publish.
- Authorize users when listing board users and milestones.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
Fixed (27 changes, 2 of them are from the community)
- Ensure that avatars in approvals have correct tooltip. !6269
- Geo: Fix push to secondary over SSH for LFS. !8044
- Don't show packages tab and settings for starter license. !8270
- Makes the vulnerability name on the Group Security Dashboard a button for better A11y. !8341
- Used the iid instead of the id for linked issues on the Group Security Dashboard. !8357
- Show navigation line separator when instance etrics is disabled. !8379 (George Tsiolis)
- Fix project deploy key creation and deletion as admin. !8432
- Changes initial state for disabled prometheus integrations. !8434
- Fix a typo in Admin: intergration -> integration. !8444 (Vincent AUBERT)
- Geo: Moving registry deletion into the job that deletes the files and project record. !8480
- Parameterize alerting rules with variables. !8481
- Fix PostReceive failing for project mirrors missing local branch. !8495
- Rails 5: Fix the check whether the database is in read-only mode. !8594
- Raisl 5: Fix Gitlab::Database::LoadBalancing#caught_up? check. !8595
- Renders upstream and downstream pipelines in the main pipeline graph. !8607
- Fix issue board api with special milestones. !8653
- fix pod dropdown not switching pod logs. !8660
- Geo - Respect the next retry time when re-verifying failed repositories. !8661
- Update elasticsearch system check to check for new supported versions. !8683
- Handle null start or due dates for dates sourcing milestone in Epics. !8689
- Fixed license managment path in MR widget for fork cases. !8700
- Fix gitlab:geo:check rake task. !8714
- Fix ability to choose shards for selective sync. !8717
- Add Rails.version to the Geo cache keys. !8775
- Support older NGINX version forwarding the client certificate for smartcard auth. !8784
- Remove duplicated smartcard login button. !8793
- Disable password autocomplete in mirror form fill.
Deprecated (1 change)
- Deprecate non-hashed repository storage for Geo installations. !8739
Changed (17 changes, 1 of them is from the community)
- Adds Group SAML metadata endpoint. !5782
- Group SAML SSO page warns when linking account. !8295
- Change the delete custom metric alert. !8430
- Replace weight icon. !8448 (George Tsiolis)
- Switch snowplows stateStorageStrategy to cookie. !8461
- Move merge request approval settings. !8493
- Geo: Constantly reverify repositories. !8550
- Add file and line numbers to issues created from SAST vulnerabilities. !8578
- Redesign MR header sections and approvals (EE). !8593
- Add packages_enabled attribute to Projects API. !8604
- Run geo check task from gitlab check. !8616
- Change issue create weight dropdown to an input. !8648
- Add epics state filtering in roadmap view. !8658
- Users can unlink Group SAML from accounts page. !8682
- Update casing in Built-in on project templates tab. !8688
- Epic issue list and related issue list re-design.
- Add sort direction button with sort dropdown for Epics and Roadmap.
Performance (5 changes, 3 of them are from the community)
- Remove partial index for projects on mirror and mirror_last_update_at. !8585
- Enable some frozen string in ee/app. !8667 (gfyoung)
- Remove redundant indices for is_sample on push_rules and next_execution_timestamp on project_mirror_data. !8695
- Enable some frozen string in ee/app. (gfyoung)
- Enable some frozen string in ee/app. (gfyoung)
Added (10 changes)
- Add support for Group-level project templates. !6878
- Added web terminals to Web IDE. !7386
- Promote an Issue to an Epic using quick action. !8051
- Smartcard authentication. !8120
- Adds Security dashboard empty state. !8443
- Add vulnerability history at group level. !8603
- Adds group security dashboard metrics chart. !8631
- Add milestones autocomplete for epics. !8632
- Parse and store dependency scanning reports in database. !8642
- Adds EE store to handle upstream & downstream pipelines.
Other (13 changes, 4 of them are from the community)
- Add subscription table to GitLab.com billing areas. !7885
- UX improvements for the group security dashboard. !8217
- Restyles the dismissed vulnerabilities. !8401
- Adds PHILOSOPHY.md and references GitLab Product Handbook. !8515
- Make sidekiq-cluster play well with Sidekiq 5.2.2+. !8522
- Rails5: Passing a class as a value in an Active Record query is deprecated. !8540 (Jasper Maes)
- render :nothing option is deprecated, Use head method to respond with empty response body. !8560 (Jasper Maes)
- Add help page link for licence management in CI/CD settings. !8561 (George Tsiolis)
- Re-orders the Group Security Dashboard. !8624
- Move EE only differences for finders. !8629 (George Tsiolis)
- Add count of projects with at least one package to a usage ping data. !8641
- Added recommendations for handling deleted documents in Elasticsearch.
- Use new information-o icon for Security Dashboard.
11.5.11 (2019-04-23)
Security (1 change)
- Respect group membership lock when importing a member from another group.
11.5.8 (2019-01-28)
Security (6 changes)
- Avoid leaking unauthorized approver group members. !766
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !793
- Check access rights when creating/updating ProtectedRefs.
- Fix locked file visibility issue for private repositories.
- Filter out non-project member approvers.
- Remove HTTP POST in JIRA OAuth access_token endpoint.
11.5.5 (2018-12-20)
- No changes.
11.5.3 (2018-12-06)
- No changes.
11.5.2 (2018-12-03)
Fixed (2 changes)
- Fix inability to scroll dashboard. !8459
- Fix issues analytics query when ordering issues by priority. !8509
11.5.1 (2018-11-26)
Security (6 changes)
- Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues.
- Prevent reporter roles from viewing the Jaeger tracing settings page.
- Fix IDOR at /drafts/publish.
- Authorize users when listing board users and milestones.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
11.5.0 (2018-11-22)
Security (2 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !696
- Prevent templated services from being imported.
Removed (1 change)
- Remove security report summary from pipelines view. !7844
Fixed (25 changes, 3 of them are from the community)
- Geo: Remove connectivity check from primary to secondary from gitlab:geo:check rake task. !7821
- Include (closed) for closed epics in parsed text. !7946
- Add new state to the cluster application vue app. !7954
- Do not allow to assign an issue to an epic twice. !8004
- [Geo] Fix: Deleting a project leaves orphaned LFS objects and CI Job artifacts around. !8031
- Support
/client/features
Unleash endpoint. !8045 - Fix button rendering in license management in FF. !8046
- Geo: Handle orphaned Uploads records. !8054
- Geo - Redirect user back to the secondary after a logout & re-login via the primary. !8157
- Fix approver removal still being conducted even when "Cancel" is clicked in confirmation prompt. !8178
- Link project short SHA to commit url. !8214
- Update ops dashboard remove dropdown button. !8236 (George Tsiolis)
- Clear ops dashboard project search input on submit. !8239 (George Tsiolis)
- Fixes a dismissed vulnerability bug on the group security dashboard. !8343
- Fixes missing fields on the group security dashboard. !8360
- Fixes the view issue button in the Group Security Dashboard. !8385
- Ops Dashboard should be available for public projects on GitLab.com. !8399
- Update draft comments design to match new design. !8405
- Change issues analytics breadcrumb. !8414 (George Tsiolis)
- Include classification label in project API. !8426
- Fix Pod Log topbar position when perf bar is disabled.
- Always proxy reports downloads.
- Removes extra rigth margin from job page.
- Geo: Rails console message display primary/secondary state incorrectly.
- Disable Feature Flags and Packages if repository is disabled.
Changed (13 changes, 1 of them is from the community)
- Add test button to Group SAML settings. !5622
- Group SAML status badges on members page. !5807
- Update related issues list styling to be more space efficient. !7784
- Refactor test reports to use new artifact architecture. !7827
- Add timeline icon for issue weights. !7847 (George Tsiolis)
- Added a search bar to
Admin > Geo > Projects
. !8079 - Geo: Deprecate source installations instructions. !8134
- Does not synchronize default branch for pull mirrors. !8138
- Adds split error states for the group security dashboard. !8208
- Geo: Improve read-only message in secondary nodes for actionable screens. !8238
- Improve error messages for operations dashboard. !8244
- Add documentation link to ops dashboard. !8296
- Issue board card design. !21229
Added (24 changes, 1 of them is from the community)
- Group-level file templates. !7391
- Adds group-level Security Dashboard counts. !7564
- Parse SAST reports and store vulnerabilities in database. !7578
- elasticsearch 6 support - migrate from parent/child relationships to join. !7618
- Geo: Admin > Geo > Projects support for batch operations. !7806
- Create system notes for epic close and reopen. !7850
- Add Tracing landing and settings page. !7903
- Add modals and actions to the vulnerabilities in the Group security dashboard. !7910
- Assign code owner as approver. !7933
- Enable previewing of draft review comments. !7936
- Audit log: Add logging for project feature changes. !7962
- Add project operations dashboard. !7973
- Audit log: Add audit events for group setting changes. !7987
- Add approve quick action. !7989
- Show actual Milestone dates within tooltips for Milestones in Epics sidebar. !8048
- Allow filtering by weight in issues API. !8140 (Heinrich Lee Yu)
- Filter epics by state in API. !8179
- Support epics autocomplete for project objects. !8180
- Add 'l', 'r' and 'e' keyboard shortcuts support in Epic. !8203
- Configurable GitHub static context for statuses integration. !8235
- Send notifications for epic status change. !8247
- Support license management and performance using new reports syntax.
- Support reports: for project security dashboard.
- Add chart of issues created per month.
Other (17 changes, 11 of them are from the community)
- Update boards list selector specs. !6266 (George Tsiolis)
- Write some Geo development documentation. !7452
- Connects the Group Security Dashboard API and Frontend. !7793
- Rails5: Fix epics finder count_key method In Rails5, the state enum value is passed instead of the database integer. !7822 (Jasper Maes)
- Rails 5: fix presence message validation for prometheus_alert. !7823 (Jasper Maes)
- Rails 5: fix mysql milliseconds problem in prometheus alert event spec. !7828 (Jasper Maes)
- Rails5: fix VulnerabilitySummaryEntity. !7893 (Jasper Maes)
- Update feature flags empty state. !7967 (George Tsiolis)
- Adds the security dashboard link. !7974
- Remove tooltip on sidebar text buttons. !8021 (George Tsiolis)
- Add a metric to the usage ping data to track the number of projects with at least one alert. !8058
- Remove unneeded permission checks from the mirror repositories partial. !8077
- Rails5: fix flaky mysql reset pipeline minutes spec. !8122 (Jasper Maes)
- Move
prepend
outside theclass
block for finders. !8192 (George Tsiolis) - Rails5: fix operations controller spec nil parameter. !8209 (Jasper Maes)
- Update related issues title typography. !8267 (George Tsiolis)
- Geo: Clarify Geo HA documentation.
11.4.9 (2018-12-03)
- No changes.
11.4.8 (2018-11-27)
Security (5 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !707
- Authorize users when listing board users and milestones.
- Fix IDOR at /drafts/publish.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
11.4.7 (2018-11-20)
Fixed (1 change)
- Fix code owner as merge request suggestion not available under Starter plan. !8248
11.4.6 (2018-11-18)
Security (1 change)
- Prevent templated services from being imported.
11.4.5 (2018-11-04)
Fixed (1 change)
- Stops showing review actions on commit discussions in merge requests. !8007
Performance (1 change)
- Add indexes to all geo event foreign keys. !7990
11.4.4 (2018-10-30)
- No changes.
11.4.3 (2018-10-26)
- No changes.
11.4.2 (2018-10-25)
Security (1 change)
- Escape entity title while autocomplete template rendering to prevent XSS. !707
11.4.1 (2018-10-23)
- No changes.
11.4.0 (2018-10-22)
Security (3 changes)
- Properly filter private references from system notes.
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
Removed (1 change)
- remove unnecessary help text from container scanning results. !7304
Fixed (18 changes, 1 of them is from the community)
- Prune all the Geo event log tables correctly. !6175
- Synchronize the default branch when updating a pull mirror. !7242
- Pushing to a merge request clears the approvals list even if the respective project setting is enabled and there is no fixed required number of approvals configured. !7328
- Align epics and roadmap empty state buttons to the center. !7358 (George Tsiolis)
- Add link to issue on epic. !7407
- Check for force env var when rebuilding auth_keys. !7419
- Update popover URL to point to help page of same domain. !7446
- Geo - Does not raise error 500 on Geo projects list page for orphaned entries. !7565
- Show promotion for epics on issues. !7602
- Fix Epic subscription toggle behaviour. !7723
- Geo - Send a cache invalidation event via the log cursor whenever features are changed on the primary. !7738
- Fix epic milestone dates incorrect after issue is linked to another epic. !7809
- Fixes warning for used minutes in runner showing when user still has minutes. !7843
- Fix disappearing weight input in Firefox. !7869
- Don't synchronize default branch when updating a SSH mirror. !7891
- Fix broken tokenization for filtered search bar in Epics. !7972
- Fix bug when resolving a discussion via a batch comment published right away.
- Fix wrong color in resolve/unresolve checkbox when using MR reviews.
Changed (14 changes)
- Geo: Decrease frequency of project shard schedulers when few projects to schedule. !7287
- Added placeholder to weight input for issue sidebar. !7346
- updated icons used in filtered search dropdowns. !7356
- Geo: Display helpful feedback when proxying an SSH git push to secondary request. !7357
- Geo - Include keep-around and other Gitlab-specific references in the checksum calculation. !7367
- Polish security report externalizations. !7373
- Listen for resolved Prometheus alerts. !7382
- Rename date related labels for Epics. !7447
- Add reports CI syntax for Code Quality reports. !7465
- Support short reference to epics from project entities. !7475
- Geo: Downgrade Exclusive Lease warnings from Log Cursor to debug. !7476
- Geo: Allow nodes to be editable in more scenarios. !7832
- Account for issues created in the middle of a milestone in burndown chart.
- [Geo] Add CI job artifact numbers to rake geo:status.
Performance (1 change)
- Update DB model for security reports.
Added (20 changes, 1 of them is from the community)
- Batch comments on merge requests. !4213
- Use Geo log to remove files when migrated to object storage. !5966
- Add support for closing epics. !7302
- Add
auditor_groups
configuration so Audit users can be specified using SAML groups. !7340 (St. John Johnson) - Geo - Add an event to reset checksums on Geo secondary nodes. !7394
- Starts adding the dashboard page view. !7400
- Add
Manage licenses
button to MR widget and pipelines view. !7411 - Add Open/Closed epics tabs in list view. !7424
- Add Feature Flags MVC. !7433
- Suggest approvers based on code owners. !7437
- Geo: Add a backoff time to few Geo workers to save resources. !7470
- Persist Prometheus alert events. !7493
- Geo: Added a button to Admin UI > Geo Nodes to open Geo Projects screen of any secondary node. !7512
- Show Alert Thresholds on monitoring dashboards. !7538
- Support autocomplete for commands in epics. !7588
- Add form to enter licenses manually. !7603
- Geo: Added
All
tab in Geo Nodes > Projects. !7745 - Geo: Add a Geo Status Widget to Admin > Projects. !7789
- Add data model and migration for vulnerabilities.
- Adds Batch Comments to Merge Requests [EEP].
Other (8 changes, 1 of them is from the community)
- Add runner quota information to job API. !7233
- Resolve "ee:geo QA specs are failing as of !7210". !7315
- remove readme checkbox from "create project" page. !7332
- Create a generic JS function that we can apply to being able to track arbitrary events. !7403
- Rename Admin Area Geo Nodes nav item to Geo. !7466
- Group weight icon and text on issue list and issue boards. !7484 (George Tsiolis)
- Adds expandable/collapsable section for Snowplow. !7798
- API: Allow issue weight parameter to be greater than or equal to zero.
11.3.14 (2018-12-20)
- No changes.
11.3.13 (2018-12-13)
- No changes.
11.3.11 (2018-11-26)
Security (7 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !697
- Properly filter private references from system notes.
- Authorize users when listing board users and milestones.
- Project groups approvers no longer leak private groups info.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
- Protect against CSRF attacks when adding Slack app.
11.3.10 (2018-11-18)
- No changes.
11.3.9 (2018-10-31)
- No changes.
11.3.8 (2018-10-27)
- No changes.
11.3.7 (2018-10-26)
Security (1 change)
- Escape entity title while autocomplete template rendering to prevent XSS. !697
11.3.6 (2018-10-17)
Fixed (1 change)
- Don't reset the default branch when repository mirroring is enabled. !7944
11.3.5 (2018-10-15)
Fixed (1 change)
- Fix epic milestone dates incorrect after issue is linked to another epic. !7809
11.3.4 (2018-10-05)
Security (1 change)
- Properly filter private references from system notes.
11.3.3 (2018-10-04)
- No changes.
11.3.2 (2018-10-03)
Fixed (1 change)
- Geo: repository shard verification job should have unique lease keys per shard name. !7474
11.3.1 (2018-09-26)
Security (2 changes)
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
11.3.0 (2018-09-22)
Security (1 change)
- Prevent regular users from moving projects to different storage shards.
Fixed (29 changes, 11 of them are from the community)
- don't add empty query params to boards. !4441
- Geo: sync disabled wikis. !6420
- Rails 5 fix alerts controller spec for post json parameters. !6795 (Jasper Maes)
- Fixes 500 error on user creation from admin panel with spaced username. !6804 (Jacopo Beschi @jacopo-beschi)
- Don't show search results for projects that have been deleted when using elastic search. !6830
- Geo: Use database-cached status if redis-cached status is unavailable. !6854
- [Geo] Fix: Custom favicons not being replicated by Geo. !6860
- Rails5 fix AddMilestoneToLists migration rollback deleting wrong foreign key. !6865 (Jasper Maes)
- Rails5 fix passing Group objects array into for_projects_and_groups milestone scope. !6873 (Jasper Maes)
- Rails5: fix mysql milliseconds problem in project_import_state_spec. !6874 (Jasper Maes)
- Fix Jira integration duplicating branches and MRs. !6876
- Rails5: fix mysql milliseconds problem in project_spec. !6880 (Jasper Maes)
- Remove https from Snowplow Collector URI placeholder in Admin Areawq. !6886
- Geo: Replicate keep around refs. !6922
- Fixes bug that prevented a user from seeing the system header and footer settings on the admin dashboard. !6926
- Rails5 fix duplicate gpg signature in path lock spec. !6939 (Jasper Maes)
- Rails5: Fix audit event spec. !6940 (Jasper Maes)
- Rails5: fix mysql milliseconds problem in project registry spec. !6943 (Jasper Maes)
- LDAP - Does not update permissions on a read-only database. !6965
- Rails5 fix project import spec. !6981 (Jasper Maes)
- Geo: Resolve sticky failures when attachments are missing on primary. !6991
- Geo: LFS batch downloads are OK to be handled by secondary. !7209
- Geo - Synchronize the default branch in secondary nodes. !7218
- Handle fixed dates seperately from selected dates in Epics. !7227
- Fix tooltip string to support dynamic date type in Epic sidebar. !7243
- Fix an error in docs about fetching artifacts using API. !7244
- Return proper status code when creation of an alert fails. !7360 (Peter Leitzen)
- Geo - Find the remote root ref using a JWT header for authentication. !7405
- Add weight to issue hook.
Changed (3 changes, 1 of them is from the community)
- Allow push_code when auth'd via Geo JWT. !6455
- Prefer From address over Sender for Service Desk emails. !7006 (Andreas Josephson)
- Add CI Job token support to Maven packages API. !7249
Performance (3 changes)
- Reduce queries needed for CI artifacts on merge request widget. !6978
- Use limited count approach on Protected Environments view. !6987
- Limit sidekiq-cluster concurrency to a maximum of 50. !7025
Added (15 changes, 2 of them are from the community)
- Allow custom notification for new epic event. !5863
- Geo: SSH git push to secondary -> proxy to Primary. !6456
- Allow epic start/due dates to be sourceable from issue milestones. !6470
- Add ability to upload and download maven packages from/to GitLab. !6607
- Added an instance-level license template project. !6631 (Dan Barker)
- Add backend structure for ProtectedEnvironments. !6672
- Add UI for GitLab private Maven repository feature. !6781
- Add support for sorting epics. !6885
- Allow specifying code owners in a CODEOWNERS file. !6916
- Quick action for adding/removing epic to issues. !6934
- Show total and completed instances deployed on deploy boards. !6955
- Show security analysis status on the environments page. !6987
- Add Instance Review for Core users. !6995
- Introduce custom instance-level templates for Dockerfile, .gitignore, and .gitlab-ci.yml files. !7000
- Adds Rubocop rule to enforce class_methods over module ClassMethods. !7044 (Jacopo Beschi @jacopo-beschi)
Other (4 changes)
- Removes feature flag code surrounding Protected Environments feature. !7338
- Creates vue component for shared runner limit.
- Allow MR authors to approve their MRs.
- Remove differences between CE and EE settings panel component.
11.2.8 (2018-10-31)
- No changes.
11.2.7 (2018-10-27)
- No changes.
11.2.6 (2018-10-26)
Security (1 change)
- Escape entity title while autocomplete template rendering to prevent XSS. !698
11.2.5 (2018-10-05)
Security (1 change)
- Properly filter private references from system notes.
11.2.4 (2018-09-26)
Security (2 changes)
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
11.2.3 (2018-08-28)
- No changes.
11.2.2 (2018-08-27)
Security (1 change)
- Prevent regular users from moving projects to different storage shards.
11.2.1 (2018-08-22)
- No changes.
11.2.0 (2018-08-22)
Security (1 change)
- Don't expose project names in EE counters.
Fixed (32 changes, 11 of them are from the community)
- Allow Geo node to be edited once the database is failed over. !6248
- Fix a bug where user was unable to delete a branch when repo size was above the limit. !6373
- Rails5 fix AttachmentRegistryFinder arel queries. !6396 (Jasper Maes)
- Add Premium license checks for system messages. !6460
- Fixes arrow-icon color and alignment in linked pipeline in merge request widget. !6479
- Rails 5 fix the matcher expected the ApplicationSetting to be invalid, but it was valid instead. !6488 (Jasper Maes)
- Geo: Gracefully handle deleted events from Geo event log. !6506
- Rails5 fix NoMethodError: undefined method 'message' for nil:NilClass. !6507 (Jasper Maes)
- Fix billing card title colors. !6563
- Rails5 fix undefined method 'namespace_project_settings_repository_path'. !6581 (Jasper Maes)
- Rails5 fix no implicit conversion of Symbol into Integer. !6582 (Jasper Maes)
- Rails 5 fix NoMethodError: undefined method 'message' for nil:NilClass in host_spec.rb. !6589 (Jasper Maes)
- Fix mobile view of pod logs. !6597
- Add left-padding to diverged-from-upstream label. !6647
- List groups with developer maintainer access on project creation. !6678
- no longer fail when setting up Geo database with GDK. !6680
- Allow Pseudonymizer to write to a bucket without having permissions to see all buckets. !6682
- Hide Expand button on empty MR widget Performance section. !6685
- Ensure that Create issue button is shown in vulnerability dialog. !6708
- Use same gem versions for Rails 5 as for Rails 4. !6712 (Jasper Maes)
- Rails5 correct wrong geo job name. !6713 (Jasper Maes)
- Elasticsearch: Fix a bug causing some types of note to miss being indexed. !6736
- Rails 5 fix product array method delagation by manually calling .to_a in NotificationService. !6753 (Jasper Maes)
- Adjust self-hosted Jira development panel integration. !6756
- Ensure that push size checks only count the size of newly-pushed files. !6767
- Fix the UI for listing system-level labels. !6805
- Rails5: fix slice in burndown fixture. !6813 (Jasper Maes)
- Rails5: fix Arel::UpdateManager in MigrateOldElasticsearchSettings migration. !6815 (Jasper Maes)
- Corrected URL for snowplow client side JS. !6899
- [Geo] Fix the Storage config parameter in Geo nodes admin page.
- Fix exporting issues to CSV when sorting by label priority is used.
- Fix handling of annotated tags when Gitaly is not in use.
Changed (9 changes, 2 of them are from the community)
- Add related issues loading icon top margin. !6527 (George Tsiolis)
- Add security products to usage ping. !6602
- Changed copy for "Approved" state in merge request widget. !6635 (Constance Okoghenun)
- Track the Geo event log gaps in redis and handle them later. !6640
- Replace clipboard icon in Service Desk settings. !6643
- Removes "show all" on security reports and adds a button to take you to the pipeline page. !6675
- Shows license reports when there are no reports in the source branch. !6720
- Removes status text from licence reports. !6802
- Opens "view full report" links in a new window. !6806
Performance (2 changes)
- Geo: Improve Geo Status API performance with cached counters in SiteStatistic. !6328
- Geo: Improve performance in Log Cursor gap tracking. !6754
Added (19 changes)
- Geo: Add repository verification failures to API. !6137
- Add support for todos on epics. !6142
- Summed issue weights in board columns. !6218
- Add an API endpoint for managed licenses of a project. !6246
- Implement custom project templates. !6436
- Projects page under Admin > Geo Nodes to display detailed synchronization information. !6452
- Enables configuration of pull mirroring through API. !6485
- Adds SLI alerts to custom prometheus metrics. !6590
- Add support for milestones lists on the issue boards. !6615
- Persist Epic Roadmap timescale choice. !6637
- Add license management frontend. !6638
- Add Snowplow integration. !6642
- Add Security Dashboard to project quick links. !6652
- Show License Management at pipeline level. !6688
- Add Frontend for Instance-level project templates. !6740
- Geo - Actively try to correct verification failures on the secondary. !6759
- Add Prometheus metrics to track Geo autocorrect numbers. !6778
- Link the License Management report in the MR widget with the pipeline level one. !6800
- Allow creating assignee lists via API.
Other (8 changes, 1 of them is from the community)
- Move merge requests EE helper methods. !6461 (George Tsiolis)
- Add additional logging for Geo Log Cursor. !6513
- Ensure no weight change system notes end with a superfluous comma. !6571
- Track registries marked as synced when repository does not found. !6694
- Removes EE specific CSS that was moved to CE. !6723
- Geo: Add rake task to resync projects where verification has failed. !6727
- updates column sizes in licence and security modals. !6808
- Geo: Log to geo.log when the Log Cursor skips an event.
11.1.7 (2018-09-26)
Security (2 changes)
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
11.1.6 (2018-08-28)
- No changes.
11.1.5 (2018-08-27)
- No changes.
Security (1 change)
- Prevent regular users from moving projects to different storage shards.
11.1.4 (2018-07-30)
- No changes.
11.1.3 (2018-07-27)
Fixed (1 change)
- Resolve Environments dropdown is showing on the cluster health page. !6528
11.1.2 (2018-07-26)
Security (1 change)
- Don't expose project names in EE counters.
11.1.1 (2018-07-23)
Fixed (2 changes)
- Fix geo download service ImportExportDownloader unitialized constant. !6567
- Geo - Allow repository verification to be disabled on a secondary node. !6599
11.1.0 (2018-07-22)
Removed (1 change)
- Drop ignored Geo repository_storage_path columns. !5468
Fixed (19 changes, 7 of them are from the community)
- Log audit and Geo events within a project destroy transaction. !6059
- Do not pre-select previous user(s) when creating protected branches. !6112
- Group SAML settings link hidden when unlicensed. !6147
- Geo: Fix repository/wiki sync race condition with multiple updates, especially in quick succession. !6161
- [Rails5] Fix error on missed :authenticate_user callback. !6257 (@blackst0ne)
- Rails5 fix expected: ({...}) got: (<ActionController::Parameters {...}). !6271 (Jasper Maes)
- Rails5 fix ArgumentError: wrong number of arguments (given 1, expected 2). !6272 (Jasper Maes)
- Rails5 fix NoMethodError: undefined method `join' for "":String. !6278 (Jasper Maes)
- [Rails5] fix Boards::ListsController expected the response to have status code 200 but it was 403. !6318 (Jasper Maes)
- [Rails5] fix NoMethodError: undefined method 'downcase' for Hash. !6319 (Jasper Maes)
- [Rails5] fix Projects::VulnerabilityFeedbackController didn't match the schema. !6320 (Jasper Maes)
- Fix CI/CD pipelines when repository HEAD points to an invalid branch. !6325
- Geo - Recalculates the checksum for projects up to date. !6333
- Fixes an issue with security reports footers. !6450
- Add missing sourceBranchLink prop to CI widget. !6493
- Resync project repositories on secondaries nodes when import finishes. !6529
- Adds permission checks to dismiss issue in security reports.
- Allow all but "/" chars for groups and projects paths on Jira dev panel integration.
- Fix weight system notes ending in commas.
Changed (6 changes)
- [Geo] Invert the direction of Geo metrics acquisition. !5934
- Update read-only message banner styling for Geo secondary node. !6135
- Removes action buttons from resolved vulnerability modal. !6155
- Redesign contribution analytics graphs. !6194
- Geo - Retry checksum calculation for failures on the primary node. !6295
- Don't show 'Contribute to GitLab' link on self-hosted Enterprise Edition instances. !6297
Performance (5 changes, 1 of them is from the community)
- Geo - Optimize query to return outdated projects that need to be reverified. !5879
- Boost Geo prune worker to run every 2 hours instead of 6. !6074
- Use tooltip component in MrWidgetSecondaryGeoNode vue component. !6078 (George Tsiolis)
- Eliminate N+1 queries in path lock checks during a push.
- Memoize the global default for push rules within the request.
Added (13 changes, 1 of them is from the community)
- Add a new push rule to allow negative matching of commit messages. !5453 (Hannes Rosenögger)
- Pseudonymizer to safely export data for analytics. !5532
- Add filename filtering to code search with Elasticsearch. !5590
- Add API endpoint for viewing and editing board config. !5954
- Log repository check and failed count to Prometheus. !5984
- Allow repository verification concurrency to be controlled on primary and secondary. !6102
- Geo: HTTP git-lfs push (upload) and locks (verify, lock and unlock) to secondary now redirects to the primary. !6109
- Adds pod selection dropdown to pod logs screen. !6111
- Add support for autocompleting Epics and Labels within Epics. !6195
- Add project Security Dashboard. !6197
- Support GitLab subgroups in Jira development panel. !6290
- Render container scanning and dast reports in pipeline view.
- Add link to Jenkins documentation within integration and service template.
Other (2 changes)
- Enable Geo snapshot synchronization for everyone. !6286
- Geo - Make Geo repository verification flag opt-out by default. !6369
11.0.6 (2018-08-27)
Security (1 change)
- Prevent regular users from moving projects to different storage shards.
11.0.5 (2018-07-26)
Security (1 change)
- Don't expose project names in EE counters.
11.0.4 (2018-07-17)
- No changes.
11.0.3 (2018-07-05)
- No changes.
11.0.2 (2018-06-26)
- No changes.
11.0.1 (2018-06-21)
- No changes.
11.0.0 (2018-06-22)
Security (2 changes)
- Escape name in merge request approvers dropdown.
- Fixes include directive to not allow SSRF requests.
Fixed (15 changes)
- Hide Lock button if File Locking feature is not available in license. !5656
- Geo - Move out the replication slots items from verification section in Geo admin screen. !5723
- Fix approvers API not accepting empty form-encoded params. !5784
- Fix error when locking/unlocking directories. !5862
- Geo: Formatting fix for geo:status rake task. !6020
- Geo: Automatically clean up stale lock files on Geo secondary. !6034
- Remove LFS object warning from import UI. !6083
- Fix Web IDE status bar if System Footer message is present.
- [Geo] Fix: Deleted project events may be skipped on the secondary when selective sync is used.
- [Geo] Fix: Unauthenticated rate limits should not block Geo requests.
- Perform gitlab-ci-token authentication always using primary.
- Geo: Gracefully handle a non-JSON response from the node status.
- Geo: Fix FDW schema check when tables and columns are not in the same order.
- Fix sticking of runner to primary if new job is scheduled.
- When last Geo::EventLog is not available, geo:status rake task fails.
Deprecated (2 changes)
- Rename Container Scanning job and artifact. !5770
- Rename Code Quality job and artifact. !5773
Changed (7 changes)
- Removed "(Beta)" from "Auto DevOps" messages. !5583
- Make issue weight promotion in issuable sidebar dismissable. !5601
- Remove the comma from the weight system notes. !5854
- Enrich Security Reports with more data. !5878
- Truncate Geo event log with a delay. !5897
- Add support for non-negative integer weight values in issuable sidebar.
- Improve Failed Jobs tab in the Pipeline detail page.
Performance (5 changes, 2 of them are from the community)
- Reorder LinkToMemberAvatar vue component props values. !5692 (George Tsiolis)
- Rename merge request widget author component. !5693 (George Tsiolis)
- Geo - Fix index for outdated projects on the project_repository_states table. !5986
- Preload Group plans in EpicsFinder.
- Only process Geo::EventLog events if associated shard is queryable and healthy.
Added (12 changes)
- Allows the review of kubernetes pod logs within GitLab. !4752
- Geo: Rake task to force housekeeping on next sync. !5623
- Add ability to have zero approvers. !5635
- Show status information stale icon in Geo admin dashboard. !5653
- Add assignee board list type. !5743
- Geo: HTTP git push to secondary now redirects to the primary. !5785
- Add presets for navigating Epic Roadmap. !5798
- Guest users will not consume seats quote in Ultimate plan. !5816
- Create system note on epic date change.
- Add License Management results in the MR widget.
- Extract EE specific files.
- Add service discovery for the DB load balancer.
Other (4 changes, 1 of them is from the community)
- Add promotion for epics to issuable sidebar. !5601
- Remove confusing statement in the message shown for Epics list empty state when filters are applied. !5630
- Fixed illustration alignment for group milestones promotion. !5677 (Constance Okoghenun)
- Allow viewing only one when multiple issue boards is not enabled.