Skip to content

Latest commit

 

History

History
2380 lines (2005 loc) · 131 KB

archive-10.md

File metadata and controls

2380 lines (2005 loc) · 131 KB

10.8.6 (2018-07-17)

Security (2 changes)

  • Fix symlink vulnerability in project import.
  • Merge branch 'fix-mr-widget-border' into 'master'.

10.8.5 (2018-06-21)

Security (5 changes)

  • Fix XSS vulnerability for table of content generation.
  • Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
  • HTML escape branch name in project graphs page.
  • HTML escape the name of the user in ProjectsHelper#link_to_member.
  • Don't show events from internal projects for anonymous users in public feed.

10.8.4 (2018-06-06)

  • No changes.

10.8.3 (2018-05-30)

Fixed (4 changes)

  • Replace Gitlab::REVISION with Gitlab.revision and handle installations without a .git directory. !19125
  • Fix encoding of branch names on compare and new merge request page. !19143
  • Fix remote mirror database inconsistencies when upgrading from EE to CE. !19196
  • Fix local storage not being cleared after creating a new issue.

Performance (1 change)

  • Memoize Gitlab::Database.version.

10.8.2 (2018-05-28)

Security (3 changes)

  • Prevent user passwords from being changed without providing the previous password.
  • Fix API to remove deploy key from project instead of deleting it entirely.
  • Fixed bug that allowed importing arbitrary project attributes.

10.8.1 (2018-05-23)

Fixed (9 changes)

  • Allow CommitStatus class to use presentable methods. !18979
  • Fix corrupted environment pages with unathorized proxy url. !18989
  • Fixes deploy token variables on Ci::Build. !19047
  • Fix project mirror database inconsistencies when upgrading from EE to CE. !19109
  • Render 404 when prometheus adapter is disabled in Prometheus metrics controller. !19110
  • Fix error when deleting an empty list of refs.
  • Fixed U2F login when used with LDAP.
  • Bump prometheus-client-mmap to 0.9.3 to fix nil exception error.
  • Fix system hook not firing for blocked users when LDAP sign-in is used.

10.8.0 (2018-05-22)

Security (3 changes, 1 of them is from the community)

  • Update faraday_middlewar to 0.12.2. !18397 (Takuya Noguchi)
  • Serve archive requests with the correct file in all cases.
  • Sanitizes user name to avoid XSS attacks.

Fixed (47 changes, 11 of them are from the community)

  • Refactor CSS to eliminate vertical misalignment of login nav. !16275 (Takuya Noguchi)
  • Fix pipeline status in branch/tag tree page. !17995
  • Allow group owner to enable runners from subgroups (#41981). !18009
  • Fix template selector menu visibility when toggling preview mode in file edit view. !18118 (Fabian Schneider)
  • Fix confirmation modal for deleting a protected branch. !18176 (Paul Bonaud @PaulRbR)
  • Triggering custom hooks by Wiki UI edit. !18251
  • Now rake cache:clear will also clear pipeline status cache. !18257
  • Fix joined information on project members page. !18290 (Fabian Schneider)
  • Fix missing namespace for some internal users. !18357
  • Show shared projects on group page. !18390
  • Restore label underline color. !18407 (George Tsiolis)
  • Fix undefined html_escape method during markdown rendering. !18418
  • Fix unassign slash command preview. !18447
  • Correct text and functionality for delete user / delete user and contributions modal. !18463 (Marc Schwede)
  • Fix discussions API setting created_at for notable in a group or notable in a project in a group with owners. !18464
  • Don't include lfs_file_locks data in export bundle. !18495
  • Reset milestone filter when clicking "Any Milestone" in dashboard. !18531
  • Ensure member notifications are sent after the member actual creation/update in the DB. !18538
  • Update links to /ci/lint with ones to project ci/lint. !18539 (Takuya Noguchi)
  • Fix tabs container styles to make RSS button clickable. !18559
  • Raise NoRepository error for non-valid repositories when calculating repository checksum. !18594
  • Don't automatically remove artifacts for pages jobs after pages:deploy has run. !18628
  • Increase new issue metadata form margin. !18630 (George Tsiolis)
  • Add loading icon padding for pipeline environments. !18631 (George Tsiolis)
  • ShaAttribute no longer stops startup if database is missing. !18726
  • Fix close keyboard shortcuts dialog using the keyboard shortcut. !18783 (Lars Greiss)
  • Fixes database inconsistencies between Community and Enterprise Edition on import state. !18811
  • Add database foreign key constraint between pipelines and build. !18822
  • Fix finding wiki pages when they have invalidly-encoded content. !18856
  • Fix outdated Web IDE welcome copy. !18861
  • fixed copy to blipboard button in embed bar of snippets. !18923 (haseebeqx)
  • Disables RBAC on nginx-ingress. !18947
  • Correct skewed Kubernetes popover illustration. !18949
  • Resolve Import/Export ci_cd_settings error updating the project. !46049
  • Fix project creation for user endpoint when jobs_enabled parameter supplied.
  • 46210 Display logo and user dropdown on mobile for terms page and fix styling.
  • Adds illustration for when job log was erased.
  • Ensure web hook 'blocked URL' errors are stored in web hook logs and properly surfaced to the user.
  • Make toggle markdown preview shortcut only toggle selected field.
  • Verifiy if pipeline has commit idetails and render information in MR widget when branch is deleted.
  • Fixed inconsistent protected branch pill baseline.
  • Fix setting GitLab metrics content types.
  • Display only generic message on merge error to avoid exposing any potentially sensitive or user unfriendly backend messages.
  • Fix label links update on project transfer.
  • Breaks commit not found message in pipelines table.
  • Adjust issue boards list header label text color.
  • Prevent pipeline actions in dropdown to redirct to a new page.

Changed (35 changes, 15 of them are from the community)

  • Improve tooltips in collapsed right sidebar. !17714
  • Partition job_queue_duration_seconds with jobs_running_for_project. !17730
  • For group dashboard, we no longer show groups which the visitor is not a member of (this applies to admins and auditors). !17884 (Roger Rüttimann)
  • Use RFC 3676 mail signature delimiters. !17979 (Enrico Scholz)
  • Add sha filter to pipelines list API. !18125
  • New CI Job live-trace architecture. !18169
  • Make project deploy keys table more clearly structured. !18279
  • Remove green background from unlock button in admin area. !18288
  • Renamed Overview to Project in the contextual navigation at a project level. !18295 (Constance Okoghenun)
  • Load branches on new merge request page asynchronously. !18315
  • Create settings section for autodevops. !18321
  • Add a comma to the time estimate system notes. !18326
  • Enable specifying variables when executing a manual pipeline. !18440
  • Fix size and position for fork icon. !18449 (George Tsiolis)
  • Refactored activity calendar. !18469 (Enrico Scholz)
  • Small improvements to repository checks. !18484
  • Add 2FA filter to users API for admins only. !18503
  • Align project avatar on small viewports. !18513 (George Tsiolis)
  • Show group and project LFS settings in the interface to Owners and Masters. !18562
  • Update environment item action buttons icons. !18632 (George Tsiolis)
  • Update timeline icon for description edit. !18633 (George Tsiolis)
  • Revert discussion counter height. !18656 (George Tsiolis)
  • Improve quick actions summary preview. !18659 (George Tsiolis)
  • Change font for tables inside diff discussions. !18660 (George Tsiolis)
  • Add padding to profile description. !18663 (George Tsiolis)
  • Break issue title for board card title and issuable header text. !18674 (George Tsiolis)
  • Adds push mirrors to GitLab Community Edition. !18715
  • Inform the user when there are no project import options available. !18716 (George Tsiolis)
  • Improve commit message body rendering and fix responsive compare panels. !18725 (Constance Okoghenun)
  • Reconcile project templates with Auto DevOps. !18737
  • Remove branch name from the status bar of WebIDE.
  • Clean up WebIDE status bar and add useful info.
  • Improve interaction on WebIDE commit panel.
  • Keep current labels visible when editing them in the sidebar.
  • Use VueJS for rendering pipeline stages.

Performance (26 changes, 11 of them are from the community)

  • Move WorkInProgress vue component. !17536 (George Tsiolis)
  • Move ReadyToMerge vue component. !17545 (George Tsiolis)
  • Move BoardBlankState vue component. !17666 (George Tsiolis)
  • Improve DB performance of calculating total artifacts size. !17839
  • Add i18n and update specs for UnresolvedDiscussions vue component. !17866 (George Tsiolis)
  • Introduce new ProjectCiCdSetting model with group_runners_enabled. !18144
  • Move PipelineFailed vue component. !18277 (George Tsiolis)
  • Move TimeTrackingEstimateOnlyPane vue component. !18318 (George Tsiolis)
  • Move TimeTrackingHelpState vue component. !18319 (George Tsiolis)
  • Reduce queries on merge requests list page for merge requests from forks. !18561
  • Destroy build_chunks efficiently with FastDestroyAll module. !18575
  • Improve performance of a service responsible for creating a pipeline. !18582
  • Replace time_ago_in_words with JS-based one. !18607 (Takuya Noguchi)
  • Move TimeTrackingNoTrackingPane vue component. !18676 (George Tsiolis)
  • Move SidebarTimeTracking vue component. !18677 (George Tsiolis)
  • Move TimeTrackingSpentOnlyPane vue component. !18710 (George Tsiolis)
  • Detecting tags containing a commit uses Gitaly by default.
  • Increase cluster applications installer availability using alpine linux mirrors.
  • Compute notification recipients in background jobs.
  • Use persisted diff data instead fetching Git on discussions.
  • Detecting branchnames containing a commit uses Gitaly by default.
  • Detect repository license on Gitaly by default.
  • Finish NamespaceService migration to Gitaly.
  • Check if a ref exists is done by Gitaly by default.
  • Compute Gitlab::Git::Repository#checksum on Gitaly by default.
  • Repository#exists? is always executed through Gitaly.

Added (22 changes, 10 of them are from the community)

  • Allow group masters to configure runners for groups. !9646 (Alexis Reigel)
  • Adds Embedded Snippets Support. !15695 (haseebeqx)
  • Add Copy metadata quick action. !16473 (Mateusz Bajorski)
  • Show Runner's description on job's page. !17321
  • Add deprecation message to dynamic milestone pages. !17505
  • Show new branch/mr button even when branch exists. !17712 (Jacopo Beschi @jacopo-beschi)
  • API: add languages of project GET /projects/:id/languages. !17770 (Roger Rüttimann)
  • Display active sessions and allow the user to revoke any of it. !17867 (Alexis Reigel)
  • Add cron job to email users on issue due date. !17985 (Stuart Nelson)
  • Rubocop rule to avoid returning from a block. !18000 (Jacopo Beschi @jacopo-beschi)
  • Add the signature verification badge to the compare view. !18245 (Marc Shaw)
  • Expose Deploy Token data as environment varialbes on CI/CD jobs. !18414
  • Show group id in group settings. !18482 (George Tsiolis)
  • Allow admins to enforce accepting Terms of Service on an instance. !18570
  • Add CI_COMMIT_MESSAGE, CI_COMMIT_TITLE and CI_COMMIT_DESCRIPTION predefined variables. !18672
  • Add GCP signup offer to cluster index / create pages. !18684
  • Output some useful information when running the rails console. !18697
  • Display merge commit SHA in merge widget after merge. !18722
  • git SHA is now displayed alongside the GitLab version on the Admin Dashboard.
  • Expose the target commit ID through the tag API.
  • Added fuzzy file finder to web IDE.
  • Add discussion API for merge requests and commits.

Other (22 changes, 8 of them are from the community)

  • Replace the project/issues/milestones.feature spinach test with an rspec analog. !18300 (@blackst0ne)
  • Replace the project/commits/branches.feature spinach test with an rspec analog. !18302 (@blackst0ne)
  • Replacing gollum libraries for gitlab custom libs. !18343
  • Replace the project/commits/comments.feature spinach test with an rspec analog. !18356 (@blackst0ne)
  • Replace "Click" with "Select" to be more inclusive of people with accessibility requirements. !18386 (Mark Lapierre)
  • Remove ahead/behind graphs on project branches on mobile. !18415 (Takuya Noguchi)
  • Replace the project/source/markdown_render.feature spinach test with an rspec analog. !18525 (@blackst0ne)
  • Add missing changelog type to docs. !18526 (@blackst0ne)
  • Added Webhook SSRF prevention to documentation. !18532
  • Upgrade underscore.js to 1.9.0. !18578
  • Add documentation about how to use variables to define deploy policies for staging/production environments. !18675
  • Replace the project/builds/artifacts.feature spinach test with an rspec analog. !18729 (@blackst0ne)
  • Block access to the API & git for users that did not accept enforced Terms of Service. !18816
  • Transition to atomic internal ids for all models. !44259
  • Removes modal boards store and mixins from global scope.
  • Replace GKE acronym with Google Kubernetes Engine.
  • Replace vue resource with axios for pipelines details page.
  • Enable prometheus monitoring by default.
  • Replace vue resource with axios in pipelines table.
  • Bump lograge to 0.10.0 and remove monkey patch.
  • Improves wording in new pipeline page.
  • Gitaly handles repository forks by default.

10.7.7 (2018-07-17)

Security (1 change)

  • Fix symlink vulnerability in project import.

10.7.6 (2018-06-21)

Security (6 changes)

  • Fix XSS vulnerability for table of content generation.
  • Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
  • HTML escape branch name in project graphs page.
  • HTML escape the name of the user in ProjectsHelper#link_to_member.
  • Don't show events from internal projects for anonymous users in public feed.
  • XSS fix to use safe_params instead of params in url_for helpers.

Other (1 change)

  • Replacing gollum libraries for gitlab custom libs. !18343

10.7.5 (2018-05-28)

Security (3 changes)

  • Prevent user passwords from being changed without providing the previous password.
  • Fix API to remove deploy key from project instead of deleting it entirely.
  • Fixed bug that allowed importing arbitrary project attributes.

10.7.4 (2018-05-21)

Fixed (1 change)

  • Fix error when deleting an empty list of refs.

10.7.3 (2018-05-02)

Fixed (8 changes)

  • Fixed wrong avatar URL when the avatar is on object storage. !18092
  • Fix errors on pushing to an empty repository. !18462
  • Update doorkeeper to 4.3.2 to fix GitLab OAuth authentication. !18543
  • Ports omniauth-jwt gem onto GitLab OmniAuth Strategies suite. !18580
  • Fix redirection error for applications using OpenID. !18599
  • Fix commit trailer rendering when Gravatar is disabled.
  • Fix file_store for artifacts and lfs when saving.
  • Fix users not seeing labels from private groups when being a member of a child project.

10.7.2 (2018-04-25)

Security (2 changes)

  • Serve archive requests with the correct file in all cases.
  • Sanitizes user name to avoid XSS attacks.

10.7.1 (2018-04-23)

Fixed (11 changes)

  • [API] Fix URLs in the Link header for GET /projects/:id/repository/contributors when no value is passed for order_by or sort. !18393
  • Fix a case with secret variables being empty sometimes. !18400
  • Fix Trace::HttpIO can not render multi-byte chars. !18417
  • Fix specifying a non-default ref when requesting an archive using the legacy URL. !18468
  • Respect visibility options and description when importing project from template. !18473
  • Removes 'No Job log' message from build trace. !18523
  • Align action icons in pipeline graph.
  • Fix direct_upload when records with null file_store are used.
  • Removed alert box in IDE when redirecting to new merge request.
  • Fixed IDE not loading for sub groups.
  • Fixed IDE not showing loading state when tree is loading.

Performance (4 changes)

  • Validate project path prior to hitting the database. !18322
  • Add index to file_store on ci_job_artifacts. !18444
  • Fix N+1 queries when loading participants for a commit note.
  • Support Markdown rendering using multiple projects.

Added (1 change)

  • Add an API endpoint to download git repository snapshots. !18173

10.7.0 (2018-04-22)

Security (6 changes, 2 of them are from the community)

  • Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
  • Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0. !17734 (Takuya Noguchi)
  • Update rack-protection to 2.0.1. !17835 (Takuya Noguchi)
  • Adds confidential notes channel for Slack/Mattermost.
  • Fix XSS on diff view stored on filenames.
  • Fix GitLab Auth0 integration signing in the wrong user.

Fixed (65 changes, 20 of them are from the community)

  • File uploads in remote storage now support project renaming. !4597
  • Fixed bug in dropdown selector when selecting the same selection again. !14631 (bitsapien)
  • Fixed group deletion linked to Mattermost. !16209 (Julien Millau)
  • Create commit API and Web IDE obey LFS filters. !16718
  • Set breadcrumb for admin/runners/show. !17431 (Takuya Noguchi)
  • Enable restore rake task to handle nested storage directories. !17516 (Balasankar C)
  • Fix hover style of dropdown items in the right sidebar. !17519
  • Improve empty state for canceled job. !17646
  • Fix generated URL when listing repoitories for import. !17692
  • Use singular in the diff stats if only one line has been changed. !17697 (Jan Beckmann)
  • Long instance urls do not overflow anymore during project creation. !17717
  • Fix importing multiple assignees from GitLab export. !17718
  • Correct copy text for the promote milestone and label modals. !17726
  • Fix search results stripping last endline when parsing the results. !17777 (Jasper Maes)
  • Add read-only banner to all pages. !17798
  • Fix viewing diffs on old merge requests. !17805
  • Fix forking to subgroup via API when namespace is given by name. !17815 (Jan Beckmann)
  • Fix UI breakdown for Create merge request button. !17821 (Takuya Noguchi)
  • Unify format for nested non-task lists. !17823 (Takuya Noguchi)
  • UX re-design branch items with flexbox. !17832 (Takuya Noguchi)
  • Use porcelain commit lookup method on CI::CreatePipelineService. !17911
  • Update dashboard milestones breadcrumb link. !17933 (George Tsiolis)
  • Deleting a MR you are assigned to should decrements counter. !17951 (m b)
  • Update no repository placeholder. !17964 (George Tsiolis)
  • Drop JSON response in Project Milestone along with avoiding error. !17977 (Takuya Noguchi)
  • Fix personal access token clipboard button style. !17978 (Fabian Schneider)
  • Avoid validation errors when running the Pages domain verification service. !17992
  • Project creation will now raise an error if a service template is invalid. !18013
  • Add better LDAP connection handling. !18039
  • Fix autolinking URLs containing ampersands. !18045
  • Fix exceptions raised when migrating pipeline stages in the background. !18076
  • Always display Labels section in issuable sidebar, even when the project has no labels. !18081 (Branka Martinovic)
  • Fixed gitlab:uploads:migrate task ignoring some uploads. !18082
  • Fixed gitlab:uploads:migrate task failing for Groups' avatar. !18088
  • Increase dropdown width in pipeline graph & center action icon. !18089
  • Fix JobsController#raw endpoint can not read traces in database. !18101
  • Fix gitlab-rake gitlab:two_factor:disable_for_all_users. !18154
  • Adjust 404's for LegacyDiffNote discussion rendering. !18201
  • Work around Prometheus Helm chart name changes to fix integration. !18206 (joshlambert)
  • Prioritize weight over title when sorting charts. !18233
  • Verify that deploy token has valid access when pulling container registry image. !18260
  • Stop redirecting the page in pipeline main actions.
  • Fixed IDE button opening the wrong URL in tree list.
  • Ensure hooks run when a deploy key without a user pushes.
  • Fix 404 in group boards when moving issue between lists.
  • Display state indicator for issuable references in non-project scope (e.g. when referencing issuables from group scope).
  • Add missing port to artifact links.
  • Fix data race between ObjectStorage background_upload and Pages publishing.
  • Fixes unresolved discussions rendering the error state instead of the diff.
  • Don't show Jump to Discussion button on Issues.
  • Fix bug rendering group icons when forking.
  • Automatically cleanup stale worktrees and lock files upon a push.
  • Use the GitLab version as part of the appearances cache key.
  • Fix Firefox stealing formatting characters on issue notes.
  • Include matching branches and tags in protected branches / tags count. (Jan Beckmann)
  • Fix 500 error when a merge request from a fork has conflicts and has not yet been updated.
  • Test if remote repository exists when importing wikis.
  • Hide emoji popup after multiple spaces. (Jan Beckmann)
  • Fix relative uri when "#" is in branch name. (Jan)
  • Escape Markdown characters properly when using autocomplete.
  • Ignore project internal references in group context.
  • Fix finding wiki file when Gitaly is enabled.
  • Fix listing commit branch/tags that contain special characters.
  • Ensure internal users (ghost, support bot) get assigned a namespace.
  • Fix links to subdirectories of a directory with a plus character in its path.

Deprecated (1 change)

  • Remove support for legacy tar.gz pages artifacts. !18090

Changed (22 changes, 2 of them are from the community)

  • Add yellow favicon when CANARY=true to differientate canary environment. !12477
  • Use human readable value build_timeout in Project. !17386
  • Improved visual styles and consistency for commit hash and possible actions across commit lists. !17406
  • Don't create permanent redirect routes. !17521
  • Add empty repo check before running AutoDevOps pipeline. !17605
  • Update wording to specify create/manage project vs group labels in labels dropdown. !17640
  • Add tooltips to icons in lists of issues and merge requests. !17700
  • Change avatar error message to include allowed file formats. !17747 (Fabian Schneider)
  • Polish design for verifying domains. !17767
  • Move email footer info to a single line. !17916
  • Add average and maximum summary statistics to the prometheus dashboard. !17921
  • Add additional cluster usage metrics to usage ping. !17922
  • Move 'Registry' after 'CI/CD' in project navigation sidebar. !18018 (Elias Werberich)
  • Redesign application settings to match project settings. !18019
  • Allow HTTP(s) when git request is made by GitLab CI. !18021
  • Added hover background color to IDE file list rows.
  • Make project avatar in IDE consistent with the rest of GitLab.
  • Show issues of subgroups in group-level issue board.
  • Repository checksum calculation is handled by Gitaly when feature is enabled.
  • Allow viewing timings for AJAX requests in the performance bar.
  • Fixes remove source branch checkbox being visible when user cannot remove the branch.
  • Make /-/ delimiter optional for search endpoints.

Performance (24 changes, 11 of them are from the community)

  • Move AssigneeTitle vue component. !17397 (George Tsiolis)
  • Move TimeTrackingCollapsedState vue component. !17399 (George Tsiolis)
  • Move MemoryGraph and MemoryUsage vue components. !17533 (George Tsiolis)
  • Move UnresolvedDiscussions vue component. !17538 (George Tsiolis)
  • Move NothingToMerge vue component. !17544 (George Tsiolis)
  • Move ShaMismatch vue component. !17546 (George Tsiolis)
  • Stop caching highlighted diffs in Redis unnecessarily. !17746
  • Add i18n and update specs for ShaMismatch vue component. !17870 (George Tsiolis)
  • Update spec import path for vue mount component helper. !17880 (George Tsiolis)
  • Move TimeTrackingComparisonPane vue component. !17931 (George Tsiolis)
  • Improves the performance of projects list page. !17934
  • Remove N+1 query for Noteable association. !17956
  • Improve performance of loading issues with lots of references to merge requests. !17986
  • Reuse root_ref_hash for performance on Branches. !17998 (Takuya Noguchi)
  • Update asciidoctor-plantuml to 0.0.8. !18022 (Takuya Noguchi)
  • Cache personal projects count. !18197
  • Reduce complexity of issuable finder query. !18219
  • Reduce number of queries when viewing a merge request.
  • Free open file descriptors and libgit2 buffers in UpdatePagesService.
  • Memoize Git::Repository#has_visible_content?.
  • Require at least one filter when listing issues or merge requests on dashboard page.
  • lazy load diffs on merge request discussions.
  • Bulk deleting refs is handled by Gitaly by default.
  • ListCommitsByOid is executed by Gitaly by default.

Added (38 changes, 7 of them are from the community)

  • Add HTTPS-only pages. !16273 (rfwatson)
  • adds closed by informations in issue api. !17042 (haseebeqx)
  • Projects and groups badges settings UI. !17114
  • Add per-runner configured job timeout. !17221
  • Add alternate archive route for simplified packaging. !17225
  • Add support for pipeline variables expressions in only/except. !17316
  • Add object storage support for LFS objects, CI artifacts, and uploads. !17358
  • Added confirmation modal for changing username. !17405
  • Implement foreground verification of CI artifacts. !17578
  • Extend API for exporting a project with direct upload URL. !17686
  • Move ci/lint under project's namespace. !17729
  • Add Total CPU/Memory consumption metrics for Kubernetes. !17731
  • Adds the option to the project export API to override the project description and display GitLab export description once imported. !17744
  • Port direct upload of LFS artifacts from EE. !17752
  • Adds support for OmniAuth JWT provider. !17774
  • Display error message on job's tooltip if this one fails. !17782
  • Add 'Assigned Issues' and 'Assigned Merge Requests' as dashboard view choices for users. !17860 (Elias Werberich)
  • Extend API for importing a project export with overwrite support. !17883
  • Create Deploy Tokens to allow permanent access to repository and registry. !17894
  • Detect commit message trailers and link users properly to their accounts on GitLab. !17919 (cousine)
  • Adds cancel btn to new pages domain page. !18026 (Jacopo Beschi @jacopo-beschi)
  • API: Add parameter merge_method to projects. !18031 (Jan Beckmann)
  • Introduce simpler env vars for auto devops REPLICAS and CANARY_REPLICAS #41436. !18036
  • Allow overriding params on project import through API. !18086
  • Support LFS objects when importing/exporting GitLab project archives. !18115
  • Store sha256 checksum of artifact metadata. !18149
  • Limit the number of failed logins when using LDAP for authentication. !43525
  • Allow assigning and filtering issuables by ancestor group labels.
  • Include subgroup issues when searching for group issues using the API.
  • Allow to store uploads by default on Object Storage.
  • Add slash command for moving issues. (Adam Pahlevi)
  • Render MR commit SHA instead "diffs" when viable.
  • Send @mention notifications even if a user has explicitly unsubscribed from item.
  • Add support for Sidekiq JSON logging.
  • Add Gitaly call details to performance bar.
  • Add support for patch link extension for commit links on GitLab Flavored Markdown.
  • Allow feature gates to be removed through the API.
  • Allow merge requests related to a commit to be found via API.

Other (27 changes, 11 of them are from the community)

  • Send notification emails when push to a merge request. !7610 (YarNayar)
  • Rename modal.vue to deprecated_modal.vue. !17438
  • Atomic generation of internal ids for issues. !17580
  • Use object ID to prevent duplicate keys Vue warning on Issue Boards page during development. !17682
  • Update foreman from 0.78.0 to 0.84.0. !17690 (Takuya Noguchi)
  • Add realtime pipeline status for adding/viewing files. !17705
  • Update documentation to reflect current minimum required versions of node and yarn. !17706
  • Update knapsack to 1.16.0. !17735 (Takuya Noguchi)
  • Update CI services documnetation. !17749
  • Added i18n support for the prometheus memory widget. !17753
  • Use specific names for filtered CI variable controller parameters. !17796
  • Apply NestingDepth (level 5) (framework/dropdowns.scss). !17820 (Takuya Noguchi)
  • Clean up selectors in framework/header.scss. !17822 (Takuya Noguchi)
  • Bump state_machines-activerecord to 0.5.1. !17924 (blackst0ne)
  • Increase the memory limits used in the unicorn killer. !17948
  • Replace the spinach test with an rspec analog. !17950 (blackst0ne)
  • Remove unused index from events table. !18014
  • Make all workhorse gitaly calls opt-out, take 2. !18043
  • Update brakeman 3.6.1 to 4.2.1. !18122 (Takuya Noguchi)
  • Replace the project/issues/labels.feature spinach test with an rspec analog. !18126 (blackst0ne)
  • Bump html-pipeline to 2.7.1. !18132 (@blackst0ne)
  • Remove test_ci rake task. !18139 (Takuya Noguchi)
  • Add documentation for Pipelines failure reasons. !18352
  • Improve JIRA event descriptions.
  • Add query counts to profiler output.
  • Move Sidekiq exporter logs to log/sidekiq_exporter.log.
  • Upgrade Gitaly to upgrade its charlock_holmes.

10.6.6 (2018-05-28)

Security (4 changes)

  • Do not allow non-members to create MRs via forked projects when MRs are private.
  • Prevent user passwords from being changed without providing the previous password.
  • Fix API to remove deploy key from project instead of deleting it entirely.
  • Fixed bug that allowed importing arbitrary project attributes.

10.6.5 (2018-04-24)

Security (1 change)

  • Sanitizes user name to avoid XSS attacks.

10.6.4 (2018-04-09)

Fixed (8 changes, 1 of them is from the community)

  • Correct copy text for the promote milestone and label modals. !17726
  • Avoid validation errors when running the Pages domain verification service. !17992
  • Fix autolinking URLs containing ampersands. !18045
  • Fix exceptions raised when migrating pipeline stages in the background. !18076
  • Work around Prometheus Helm chart name changes to fix integration. !18206 (joshlambert)
  • Don't show Jump to Discussion button on Issues.
  • Fix listing commit branch/tags that contain special characters.
  • Fix 404 in group boards when moving issue between lists.

Performance (1 change)

  • Free open file descriptors and libgit2 buffers in UpdatePagesService.

10.6.3 (2018-04-03)

Security (2 changes)

  • Fix XSS on diff view stored on filenames.
  • Adds confidential notes channel for Slack/Mattermost.

10.6.2 (2018-03-29)

Fixed (2 changes, 1 of them is from the community)

  • Don't capture trailing punctuation when autolinking. !17965
  • Cloning a repository over HTTPS with LDAP credentials causes a HTTP 401 Access denied. (Horatiu Eugen Vlad)

10.6.1 (2018-03-27)

Security (1 change)

  • Bump rails-html-sanitizer to 1.0.4.

Fixed (2 changes)

  • Prevent auto-retry AccessDenied error from stopping transition to failed. !17862
  • Fix 500 error when trying to resolve non-ASCII conflicts in the editor. !17962

Performance (1 change)

  • Add indexes for user activity queries. !17890

Other (1 change)

  • Add documentation for runner IP address (#44232). !17837

10.6.0 (2018-03-22)

Security (4 changes)

  • Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
  • Ensure that OTP backup codes are always invalidated.
  • Add verification for GitLab Pages custom domains.
  • Fix GitLab Auth0 integration signing in the wrong user.

Fixed (75 changes, 17 of them are from the community)

  • Ensure users cannot create environments with leading or trailing slashes (Fixes #39885). !15273
  • Fix new project path input overlapping. !16755 (George Tsiolis)
  • Respect description and visibility when creating project from template. !16820 (George Tsiolis)
  • Remove user notification settings for groups and projects when user leaves. !16906 (Jacopo Beschi @jacopo-beschi)
  • Fix Teleporting Emoji. !16963 (Jared Deckard [email protected])
  • Fix duplicate system notes when merging a merge request. !17035
  • Fix breadcrumb on labels page for groups. !17045 (Onuwa Nnachi Isaac)
  • Fix user avatar's vertical align on the issues and merge requests pages. !17072 (Laszlo Karpati)
  • Fix settings panels not expanding when fragment hash linked. !17074
  • Fix 404 when listing archived projects in a group where all projects have been archived. !17077 (Ashley Dumaine)
  • Allow to call PUT /projects/:id API with only ci_config_path specified. !17105 (Laszlo Karpati)
  • Fix long list of recipients on group request membership email. !17121 (Jacopo Beschi @jacopo-beschi)
  • Remove duplicated error message on duplicate variable validation. !17135
  • Keep "Import project" tab/form active when validation fails trying to import "Repo by URL". !17136
  • Fixed bug with unauthenticated requests through git ssh. !17149
  • Allows project rename after validation error. !17150
  • Fix "Remove source branch" button in Merge request widget during merge when pipeline succeeds state. !17192
  • Add missing pagination on the commit diff endpoint. !17203 (Maxime Roussin-Bélanger)
  • Fix get a single pages domain when project path contains a period. !17206 (Travis Miller)
  • remove avater underline. !17219 (Ken Ding)
  • Allows the usage of /milestone quick action for group milestones. !17239 (Jacopo Beschi @jacopo-beschi)
  • Encode branch name as binary before creating a RPC request to copy attributes. !17291
  • Restart Unicorn and Sidekiq when GRPC throws 14:Endpoint read failed. !17293
  • Do not persist Google Project verification flash errors after a page reload. !17299
  • Ensure group issues and merge requests pages show results from subgroups when there are no results from the current group. !17312
  • Prevent trace artifact migration to incur data loss. !17313
  • Fixes gpg popover layout. !17323
  • Return a 404 instead of 403 if the repository does not exist on disk. !17341
  • Fix Slack/Mattermost notifications not respecting notify_only_default_branch setting for pushes. !17345
  • Fix Group labels load failure when there are duplicate labels present. !17353
  • Allow Prometheus application to be installed from Cluster applications. !17372
  • Fixes Prometheus admin configuration page. !17377
  • Enable filtering MR list based on clicked label in MR sidebar. !17390
  • Fix code and wiki search results pages when non-ASCII text is displayed. !17413
  • Count comments on diffs and discussions as contributions for the contributions calendar. !17418 (Riccardo Padovani)
  • Add Assignees vue component missing data container. !17426 (George Tsiolis)
  • Update tooltip on pipeline cancel to Stop (#42946). !17444
  • Removing the two factor check when the user sets a new password. !17457
  • Fix quick actions for users who cannot update issues and merge requests. !17482
  • Stop loading spinner on error of milestone update on issue. !17507 (Takuya Noguchi)
  • Set margins around dropdown dividers to 4px. !17517
  • Fix pages flaky failure by reloading stale object. !17522
  • Remove extra breadcrumb on tags. !17562 (Takuya Noguchi)
  • Fix missing uploads after group transfer. !17658
  • Fix markdown table showing extra column. !17669
  • Ensure the API returns https links when https is configured. !17681
  • Sanitize extra blank spaces used when uploading a SSH key. !40552
  • Render htmlentities correctly for links not supported by Rinku.
  • Keep link when redacting unauthorized object links.
  • Handle empty state in Pipelines page.
  • Revert Project.public_or_visible_to_user changes and only apply to snippets.
  • Release libgit2 cache and open file descriptors after git gc run.
  • Fix project dashboard showing the wrong timestamps.
  • Fix "Can't modify frozen hash" error when project is destroyed.
  • Fix Error 500 when viewing a commit with a GPG signature in Geo.
  • Don't error out in system hook if user has nil datetime columns.
  • Remove double caching of Repository#empty?.
  • Don't delete todos or unassign issues and MRs when a user leaves a project.
  • Don't cache a nil repository root ref to prevent caching issues.
  • Escape HTML entities in commit messages.
  • Verify project import status again before marking as failed.
  • [GitHub Import] Create an empty wiki if wiki import failed.
  • Create empty wiki when import from GitLab and wiki is not there.
  • Make sure wiki exists when it's enabled.
  • Fix broken loading state for close issue button.
  • Fix code and wiki search results when filename is non-ASCII.
  • Fix file upload on project show page.
  • Fix squashing when a file is renamed.
  • Show loading button inline in refresh button in MR widget.
  • Fix close button on issues not working on mobile.
  • Adds tooltip in environment names to increase readability.
  • Fixed issue edit shortcut not opening edit form.
  • Fix 500 error being shown when diff has context marker with invalid encoding.
  • Render modified icon for moved file in changes dropdown.
  • Remember assignee when moving an issue.

Changed (16 changes, 9 of them are from the community)

  • Allow including custom attributes in API responses. !16526 (Markus Koller)
  • Apply new default and inline label design. !16956 (George Tsiolis)
  • Remove whitespace from the username/email sign in form field. !17020 (Peter lauck)
  • CI charts now include the current day. !17032 (Dakkaron)
  • Hide CI secret variable values after saving. !17044
  • Add new modal Vue component. !17108
  • Asciidoc now support inter-document cross references between files in repository. !17125 (Turo Soisenniemi)
  • Update issue closing pattern to allow variations in punctuation. !17198 (Vicky Chijwani)
  • Add a button to deploy a runner to a Kubernetes cluster in the settings page. !17278
  • Pages custom domain: allow update of key/certificate. !17376 (rfwatson)
  • Clear the Labels dropdown search filter after a selection is made. !17393 (Andrew Torres)
  • Hook data for pipelines includes detailed_status. !17607
  • Avoid showing unnecessary Trigger checkboxes for project Integrations with only one event. !17607
  • Display a link to external issue tracker when enabled.
  • Allow token authentication on go-get request.
  • Update SSH key link to include existing keys. (Brendan O'Leary)

Performance (24 changes, 5 of them are from the community)

  • Add catch-up background migration to migrate pipeline stages. !15741
  • Move BoardNewIssue vue component. !16947 (George Tsiolis)
  • Move IssuableTimeTracker vue component. !16948 (George Tsiolis)
  • Move RecentSearchesDropdownContent vue component. !16951 (George Tsiolis)
  • Move Assignees vue component. !16952 (George Tsiolis)
  • Improve performance of pipeline page by reducing DB queries. !17168
  • Store sha256 checksum to job artifacts. !17354
  • Move SidebarAssignees vue component. !17398 (George Tsiolis)
  • Improve database response time for user activity listing. !17454
  • Use persisted/memoized value for MRs shas instead of doing git lookups. !17555
  • Cache MergeRequests can_be_resolved_in_ui? git operations. !17589
  • Prevent the graphs page from generating unnecessary Gitaly requests. !37602
  • Use a user object in ApplicationHelper#avatar_icon where possible to avoid N+1 queries. !42800
  • Submit a single batch blob RPC to Gitaly per HTTP request when viewing diffs.
  • Avoid re-fetching merge-base SHA from Gitaly unnecessarily.
  • Don't use ProjectsFinder in TodosFinder.
  • Adding missing indexes on taggings table.
  • Add index on section_name_id on ci_build_trace_sections table.
  • Cache column_exists? for application settings.
  • Cache table_exists?('application_settings') to reduce repeated schema reloads.
  • Make --prune a configurable parameter in fetching a git remote.
  • Fix timeouts loading /admin/projects page.
  • Add partial indexes on todos to handle users with many todos.
  • Optimize search queries on the search page by setting a limit for matching records in project scope.

Added (30 changes, 9 of them are from the community)

  • Add CommonMark markdown engine (experimental). !14835 (blackst0ne)
  • API: Get references a commit is pushed to. !15026 (Robert Schilling)
  • Add overview of branches and a filter for active/stale branches. !15402 (Takuya Noguchi)
  • Add project export API. !15860 (Travis Miller)
  • expose more metrics in merge requests api. !16589 (haseebeqx)
  • #28481: Display time tracking totals on milestone page. !16753 (Riccardo Padovani)
  • Add a button on the project page to set up a Kubernetes cluster and enable Auto DevOps. !16900
  • Include cycle time in usage ping data. !16973
  • Add ability to use external plugins as an alternative to system hooks. !17003
  • Add search param to Branches API. !17005 (bunufi)
  • API endpoint for importing a project export. !17025
  • Display ingress IP address in the Kubernetes page. !17052
  • Implemented badge API endpoints. !17082
  • Allow installation of GitLab Runner with a single click. !17134
  • Allow commits endpoint to work over all commits of a repository. !17182
  • Display Runner IP Address. !17286
  • Add archive feature to trace. !17314
  • Allow maintainers to push to forks of their projects when a merge request is open. !17395
  • Foreground verification of uploads and LFS objects. !17402
  • Adds updated_at filter to issues and merge_requests API. !17417 (Jacopo Beschi @jacopo-beschi)
  • Port /wip quick action command to Merge Request creation (on description). !17463 (Adam Pahlevi)
  • Add a paragraph about security implications on Cluster's page. !17486
  • Add plugins list to the system hooks page. !17518
  • Enable privileged mode for GitLab Runner. !17528
  • Expose GITLAB_FEATURES as CI/CD variable (fixes #40994).
  • Upgrade GitLab Workhorse to 4.0.0.
  • Add discussions API for Issues and Snippets.
  • Add one group board to Libre.
  • Add support for filtering by source and target branch to merge requests API.

Other (18 changes, 7 of them are from the community)

  • Group MRs on issue page by project and namespace. !8494 (Jeff Stubler)
  • Make oauth provider login generic. !8809 (Horatiu Eugen Vlad)
  • Add email button to new issue by email. !10942 (Islam Wazery)
  • Update vue component naming guidelines. !17018 (George Tsiolis)
  • Added new design for promotion modals. !17197
  • Update to github-linguist 5.3.x. !17241 (Ken Ding)
  • update toml-rb to 1.0.0. !17259 (Ken Ding)
  • Keep track of projects a user interacted with. !17327
  • Moved o_auth/saml/ldap modules under gitlab/auth. !17359 (Horatiu Eugen Vlad)
  • Enables eslint in codeclimate job. !17392
  • Port Labels Select dropdown to Vue. !17411
  • Add NOT NULL constraint to projects.namespace_id. !17448
  • Ensure foreign keys on clusters applications. !17488
  • Started translation into Turkish, Indonesian and Filipino. !17526
  • Add documentation for displayed K8s Ingress IP address (#44330). !17836
  • Move Ruby endpoints to OPT_OUT.
  • Upgrade Workhorse to version 3.8.0 to support structured logging.
  • Use host URL to build JIRA remote link icon.

10.5.8 (2018-04-24)

Security (1 change)

  • Sanitizes user name to avoid XSS attacks.

10.5.7 (2018-04-03)

Security (2 changes)

  • Fix XSS on diff view stored on filenames.
  • Adds confidential notes channel for Slack/Mattermost.

10.5.6 (2018-03-16)

Security (2 changes)

  • Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
  • Fix GitLab Auth0 integration signing in the wrong user.

10.5.5 (2018-03-15)

Fixed (3 changes)

  • Fix missing uploads after group transfer. !17658
  • Fix code and wiki search results when filename is non-ASCII.
  • Remove double caching of Repository#empty?.

Performance (2 changes)

  • Adding missing indexes on taggings table.
  • Add index on section_name_id on ci_build_trace_sections table.

10.5.4 (2018-03-08)

Fixed (11 changes)

  • Encode branch name as binary before creating a RPC request to copy attributes. !17291
  • Restart Unicorn and Sidekiq when GRPC throws 14:Endpoint read failed. !17293
  • Ensure group issues and merge requests pages show results from subgroups when there are no results from the current group. !17312
  • Prevent trace artifact migration to incur data loss. !17313
  • Return a 404 instead of 403 if the repository does not exist on disk. !17341
  • Allow Prometheus application to be installed from Cluster applications. !17372
  • Fixes Prometheus admin configuration page. !17377
  • Fix code and wiki search results pages when non-ASCII text is displayed. !17413
  • Fix pages flaky failure by reloading stale object. !17522
  • Fixed issue edit shortcut not opening edit form.
  • Revert Project.public_or_visible_to_user changes and only apply to snippets.

Performance (1 change)

  • Don't use ProjectsFinder in TodosFinder.

10.5.3 (2018-03-01)

Security (1 change)

  • Ensure that OTP backup codes are always invalidated.

10.5.2 (2018-02-25)

Fixed (7 changes)

  • Fix single digit value clipping for stacked progress bar. !17217
  • Fix issue with cache key being empty when variable used as the key. !17260
  • Enable Legacy Authorization by default on Cluster creations. !17302
  • Allow branch names to be named the same as the sha it points to.
  • Fix 500 error when loading an invalid upload URL.
  • Don't attempt to update user tracked fields if database is in read-only.
  • Prevent MR Widget error when no CI configured.

Performance (5 changes)

  • Improve query performance for snippets dashboard. !17088
  • Only check LFS integrity for first ref in a push to avoid timeout. !17098
  • Improve query performance of MembersFinder. !17190
  • Increase feature flag cache TTL to one hour.
  • Improve performance of searching for and autocompleting of users.

10.5.1 (2018-02-22)

  • No changes.

10.5.0 (2018-02-22)

Security (3 changes, 1 of them is from the community)

  • Update marked from 0.3.6 to 0.3.12. !16480 (Takuya Noguchi)
  • Update nokogiri to 1.8.2. !16807
  • Add verification for GitLab Pages custom domains.

Fixed (77 changes, 25 of them are from the community)

  • Fix the Projects API with_issues_enabled filter behaving incorrectly any user. !12724 (Jan Christophersen)
  • Hide pipeline schedule take ownership for current owner. !12986
  • Handle special characters on API request of issuable templates. !15323 (Takuya Noguchi)
  • Shows signin tab after new user email confirmation. !16174 (Jacopo Beschi @jacopo-beschi)
  • Make project README containers wider on fixed layout. !16181 (Takuya Noguchi)
  • Fix dashboard projects nav links height. !16204 (George Tsiolis)
  • Fix error on empty query for Members API. !16235
  • Issue board: fix for dragging an issue to the very bottom in long lists. !16250 (David Kuri)
  • Make rich blob viewer wider for PC. !16262 (Takuya Noguchi)
  • Substitute deprecated ui_charcoal with new default ui_indigo. !16271 (Takuya Noguchi)
  • Generate HTTP URLs for custom Pages domains when appropriate. !16279
  • Make modal dialog common for Groups tree app. !16311
  • Allow moving wiki pages from the UI. !16313
  • Filter groups and projects dropdowns of search page on backend. !16336
  • Adjust layout width for fixed layout. !16337 (George Tsiolis)
  • Fix custom header logo design nitpick: Remove unneeded margin on empty logo text. !16383 (Markus Doits)
  • File Upload UI can create LFS pointers based on .gitattributes. !16412
  • Fix Ctrl+Enter keyboard shortcut saving comment/note edit. !16415
  • Fix file search results when they match file contents with a number between two colons. !16462
  • Fix tooltip displayed for running manual actions. !16489
  • Allow trailing + on labels in board filters. !16490
  • Prevent JIRA issue identifier from being humanized. !16491 (Andrew McCallum)
  • Add horizontal scroll to wiki tables. !16527 (George Tsiolis)
  • Fix a bug calculating artifact size for project statistics. !16539
  • Stop loading spinner on error of issuable templates. !16600 (Takuya Noguchi)
  • Allows html text in commits atom feed. !16603 (Jacopo Beschi @jacopo-beschi)
  • Disable MR check out button when source branch is deleted. !16631 (Jacopo Beschi @jacopo-beschi)
  • Fix export removal for hashed-storage projects within a renamed or deleted namespace. !16658
  • Default to HTTPS for all Gravatar URLs. !16666
  • Login via OAuth now only marks new users as external. !16672
  • Fix default avatar icon missing when Gravatar is disabled. !16681 (Felix Geyer)
  • Change button group width on mobile. !16726 (George Tsiolis)
  • Fix version information not showing on help page if commercial content display was disabled. !16743
  • Adds spacing between edit and delete tag btn in tag list. !16757 (Jacopo Beschi @jacopo-beschi)
  • Fix 500 error when loading a merge request with an invalid comment. !16795
  • Deleting an upload will correctly clean up the filesystem. !16799
  • Cleanup new branch/merge request form in issues. !16854
  • Fix GitLab import leaving group_id on ProjectLabel. !16877
  • Fix forking projects when no restricted visibility levels are defined applicationwide. !16881
  • Trigger change event on filename input when file template is applied. !16911 (Sebastian Klingler)
  • Fixes different margins between buttons in tag list. !16927 (Jacopo Beschi @jacopo-beschi)
  • Close low level rugged repository in project cache worker. !16930 (Bastian Blank)
  • Override group sidebar links. !16942 (George Tsiolis)
  • Avoid running PopulateForkNetworksRange-migration multiple times. !16988
  • Resolve PrepareUntrackedUploads PostgreSQL syntax error. !17019
  • Fix monaco editor features which were incompatible with GitLab CDN settings. !17021
  • Fixed error 500 when removing an identity with synced attributes and visiting the profile page. !17054
  • Fix cnacel edit note button reverting changes. !42462
  • For issues display time of last edit of title or description instead of time of any attribute change.
  • Handle all Psych YAML parser exceptions (fixes #41209).
  • Fix validation of environment scope of variables.
  • Display user friendly error message if rebase fails.
  • Hide new branch and tag links for projects with an empty repo.
  • Fix protected branches API to accept name parameter with dot.
  • Closes #38540 - Remove .ssh/environment file that now breaks the gitlab:check rake task.
  • Keep subscribers when promoting labels to group labels.
  • Replace verified badge icons and uniform colors.
  • Fix error on changes tab when merge request cannot be created.
  • Ignore leading slashes when searching for files within context of repository. (Andrew McCallum)
  • Close and do not reload MR diffs when source branch is deleted.
  • Bypass commits title markdown on notes.
  • Reload MRs memoization after diffs creation.
  • Return more consistent values for merge_status on MR APIs.
  • Contribution calendar label was cut off. (Branka Martinovic)
  • LDAP Person no longer throws exception on invalid entry.
  • Fix bug where award emojis would be lost when moving issues between projects.
  • Fix not all events being shown in group dashboard.
  • Fix JIRA not working when a trailing slash is included.
  • Fix squash not working when diff contained non-ASCII data.
  • Remove erroneous text in shared runners page that suggested more runners available.
  • Execute system hooks after-commit when executing project hooks.
  • Makes forking protect default branch on completion.
  • Validate user, group and project paths consistently, and only once.
  • Validate user namespace before saving so that errors persist on model.
  • Permits 'password_authentication_enabled_for_git' parameter for ApplicationSettingsController.
  • Fix duplicate item in protected branch/tag dropdown.
  • Open visibility level help in a new tab. (Jussi Räsänen)

Deprecated (1 change)

  • Add note within ux documentation that further changes should be made within the design.gitlab project.

Changed (20 changes, 7 of them are from the community)

  • Show coverage to two decimal points in coverage badge. !10083 (Jeff Stubler)
  • Update 'removed assignee' note to include old assignee reference. !16301 (Maurizio De Santis)
  • Move row containing Projects, Users and Groups count to the top in admin dashboard. !16421
  • Add Auto DevOps Domain application setting. !16604
  • Changes Revert this merge request text. !16611 (Jacopo Beschi @jacopo-beschi)
  • Link Auto DevOps settings to Clusters page. !16641
  • Internationalize charts page. !16687 (selrahman)
  • Internationalize graph page selrahman. !16688 (Shah El-Rahman)
  • Save traces as artifacts. !16702
  • Hide variable values on pipeline schedule edit page. !16729
  • Update runner info on all authenticated requests. !16756
  • Improve issue note dropdown and mr button. !16758 (George Tsiolis)
  • Replace "cluster" with "Kubernetes cluster". !16778
  • Enable Prometheus metrics for deployed Ingresses. !16866 (joshlambert)
  • Rename button to enable CI/CD configuration to "Set up CI/CD". !16870
  • Double padding for file-content wiki class on larger screens.
  • Improve wording about additional costs for Ingress on custom clusters.
  • Last push widget will show banner for new pushes to previously merged branch.
  • Save user ID and username in Grape API log (api_json.log).
  • Include subgroup issues and merge requests on the group page.

Performance (14 changes, 1 of them is from the community)

  • Fix double query execution on groups page. !16314
  • Speed up loading merged merge requests when they contained a lot of commits before merging. !16320
  • Properly memoize some predicate methods. !16329
  • Reduce the number of Prometheus metrics. !16443
  • Only highlight search results under the highlighting size limit. !16462
  • Add fast-blank. !16468
  • Move BoardList vue component to vue file. !16888 (George Tsiolis)
  • Fix N+1 query problem for snippets dashboard. !16944
  • Optimize search queries on the search page by setting a limit for matching records.
  • Store number of commits in merge_request_diffs table.
  • Improve performance of target branch dropdown.
  • Remove duplicate calls of MergeRequest#can_be_reverted?.
  • Stop checking if discussions are in a mergeable state if the MR isn't.
  • Remove N+1 queries with /projects/:project_id/{access_requests,members} API endpoints.

Added (28 changes, 10 of them are from the community)

  • Add link on commit page to merge request that introduced that commit. !13713 (Hiroyuki Sato)
  • System hooks for Merge Requests. !14387 (Alexis Reigel)
  • Add pipelines endpoint to merge requests API. !15454 (Tony Rom [email protected])
  • Adds Rubocop rule for line break around conditionals. !15739 (Jacopo Beschi @jacopo-beschi)
  • Add Colors to GitLab Flavored Markdown. !16095 (Tony Rom [email protected])
  • Initial work to add notification reason to emails. !16160 (Mario de la Ossa)
  • Implement multi server support and use kube proxy to connect to Prometheus servers inside K8S cluster. !16182
  • Add ability to transfer a group into another group. !16302
  • Add blue dot feature highlight to make GKE Clusters more visible to users. !16379
  • Add section headers to plus button dropdown. !16394 (George Tsiolis)
  • Support PostgreSQL 10. !16471
  • Enables Project Milestone Deletion via the API. !16478 (Jacopo Beschi @jacopo-beschi)
  • Add realtime ci status for the repository -> files view. !16523
  • User can now git push to create a new project. !16547
  • Improve empty project overview. !16617 (George Tsiolis)
  • Added uploader metadata to the uploads. !16779
  • Added ldap config setting to lower case the username. !16791
  • Add search support into the API. !16878
  • Backport of LFS File Locking API. !16935
  • Add a link to documentation on how to get external ip in the Kubernetes cluster details page. !16937
  • Add sorting options for /users API (admin only). !16945
  • Adds sorting to deployments API. (Jacopo Beschi @jacopo-beschi)
  • Add rake task to check integrity of uploaded files.
  • Add backend for persistently dismissably callouts.
  • Track and act upon the number of executed queries.
  • Add a gRPC health check to ensure Gitaly is up.
  • Log and send a system hook if a blocked user attempts to login.
  • Add Gitaly Servers admin dashboard.

Other (25 changes, 7 of them are from the community)

  • Updated the katex library. !15864
  • Add modal for deleting a milestone. !16229
  • Remove unused CSS selectors for Cycle Analytics. !16270 (Takuya Noguchi)
  • Add reason to keep postgresql 9.2 for CI. !16277 (Takuya Noguchi)
  • Adjust modal style to new design. !16310
  • Default to Gitaly for 'git push' HTTP/SSH, and make Gitaly mandatory for SSH pull. !16586
  • Set timezone for karma to UTC. !16602 (Takuya Noguchi)
  • Make Gitaly RepositoryExists opt-out. !16680
  • Update minimum git version to 2.9.5. !16683
  • Disable throwOnError in KaTeX to reveal user where is the problem. !16684 (Jakub Jirutka)
  • fix documentation about node version. !16720 (Tobias Gurtzick)
  • Enable RuboCop Style/RegexpLiteral. !16752 (Takuya Noguchi)
  • Add confirmation-input component. !16816
  • Add unique constraint to trending_projects#project_id. !16846
  • Add foreign key and NOT NULL constraints to todos table. !16849
  • Include branch in mobile view for pipelines. !16910 (George Tsiolis)
  • Downgrade google-protobuf gem. !16941
  • Refactors mr widget components into vue files and adds i18n.
  • increase-readability-of-colored-text-in-job-output-log.
  • Finish any remaining jobs for issues.closed_at.
  • Translate issuable sidebar.
  • Set standard disabled state for all buttons.
  • Upgrade GitLab Workhorse to v3.6.0.
  • Improve readability of underlined links for dyslexic users.
  • Adds empty state illustration for pending job.

10.4.7 (2018-04-03)

Security (2 changes)

  • Fix XSS on diff view stored on filenames.
  • Adds confidential notes channel for Slack/Mattermost.

10.4.6 (2018-03-16)

Security (2 changes)

  • Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
  • Fix GitLab Auth0 integration signing in the wrong user.

10.4.5 (2018-03-01)

Security (1 change)

  • Ensure that OTP backup codes are always invalidated.

10.4.4 (2018-02-16)

Security (1 change)

  • Update nokogiri to 1.8.2. !16807

Fixed (9 changes)

  • Fix 500 error when loading a merge request with an invalid comment. !16795
  • Cleanup new branch/merge request form in issues. !16854
  • Fix GitLab import leaving group_id on ProjectLabel. !16877
  • Fix forking projects when no restricted visibility levels are defined applicationwide. !16881
  • Resolve PrepareUntrackedUploads PostgreSQL syntax error. !17019
  • Fixed error 500 when removing an identity with synced attributes and visiting the profile page. !17054
  • Validate user namespace before saving so that errors persist on model.
  • LDAP Person no longer throws exception on invalid entry.
  • Fix JIRA not working when a trailing slash is included.

10.4.3 (2018-02-05)

Security (4 changes)

  • Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
  • Fix stored XSS in code blocks that ignore highlighting.
  • Fix wilcard protected tags protecting all branches.
  • Restrict Todo API mark_as_done endpoint to the user's todos only.

10.4.2 (2018-01-30)

Fixed (6 changes)

  • Fix copy/paste on iOS devices due to a bug in webkit. !15804
  • Fix missing "allow users to request access" option in public project permissions. !16485
  • Fix encoding issue when counting commit count. !16637
  • Fixes destination already exists, and some particular service errors on Import/Export error. !16714
  • Fix cache clear bug withg using : on Windows. !16740
  • Use has_table_privilege for TRIGGER on PostgreSQL.

Changed (1 change)

  • Vendor Auto DevOps template with DAST security checks enabled. !16691

10.4.1 (2018-01-24)

Fixed (4 changes)

  • Ensure that users can reclaim a namespace or project path that is blocked by an orphaned route. !16242
  • Correctly escape UTF-8 path elements for uploads. !16560
  • Fix issues when rendering groups and their children. !16584
  • Fix bug in which projects with forks could not change visibility settings from Private to Public. !16595

Performance (2 changes)

  • rework indexes on redirect_routes.
  • Remove unnecessary query from labels filter.

10.4.0 (2018-01-22)

Security (8 changes, 1 of them is from the community)

  • Upgrade Ruby to 2.3.6 to include security patches. !16016
  • Prevent a SQL injection in the MilestonesFinder.
  • Check user authorization for source and target projects when creating a merge request.
  • Fix path traversal in gitlab-ci.yml cache:key.
  • Fix writable shared deploy keys.
  • Filter out sensitive fields from the project services API. (Robert Schilling)
  • Fix RCE via project import mechanism.
  • Prevent OAuth login POST requests when a provider has been disabled.

Fixed (68 changes, 24 of them are from the community)

  • Update comment on image cursor and icons. !15760
  • Fixes the wording of headers in system info page. !15802 (Gilbert Roulot)
  • Reset todo counters when the target is deleted. !15807
  • Execute quick actions (if present) when creating MR from issue. !15810
  • fix build count in pipeline success mail. !15827 (Christiaan Van den Poel)
  • Fix error that was preventing users to change the access level of access requests for Groups or Projects. !15832
  • Last push event widget width for fixed layout. !15862 (George Tsiolis)
  • Hide link to issues/MRs from labels list if issues/MRs are disabled. !15863 (Sophie Herold)
  • Use relative URL for projects to avoid storing domains. !15876
  • Fix gitlab-rake gitlab:import:repos import schedule. !15931
  • Removed incorrect guidance stating blocked users will be removed from groups and project as members. !15947 (CesarApodaca)
  • Fix some POST/DELETE requests in IE by switching some bundles to Axios for Ajax requests. !15951
  • Fixing error 500 when member exist but not the user. !15970
  • show None when issue is in closed list and no labels assigned. !15976 (Christiaan Van den Poel)
  • Fix tags in the Activity tab not being clickable. !15996 (Mario de la Ossa)
  • Disable Vue pagination when only one page of content is available. !15999 (Mario de la Ossa)
  • disables shortcut to issue boards when issues are not enabled. !16020 (Christiaan Van den Poel)
  • Ignore lost+found folder during backup on a volume. !16036 (Julien Millau)
  • Fix abuse reports link url in admin area navbar. !16068 (megos)
  • Keep typographic hierarchy in User Settings. !16090 (George Tsiolis)
  • Adjust content width for User Settings, GPG Keys. !16093 (George Tsiolis)
  • Fix gitlab-rake gitlab:import:repos import schedule. !16115
  • Fix import project url not updating project name. !16120
  • Fix activity inline event line height on mobile. !16121 (George Tsiolis)
  • Fix slash commands dropdown description mis-alignment on Firefox. !16125 (Maurizio De Santis)
  • Remove unnecessary sidebar element realignment. !16159 (George Tsiolis)
  • User#projects_limit remove DB default and added NOT NULL constraint. !16165 (Mario de la Ossa)
  • Fix API endpoints to edit wiki pages where project belongs to a group. !16170
  • Fix breadcrumbs in User Settings. !16172 (rfwatson)
  • Move 2FA disable button. !16177 (George Tsiolis)
  • Fixing bug when wiki last version. !16197
  • Protected branch is now created for default branch on import. !16198
  • Prevent excessive DB load due to faulty DeleteConflictingRedirectRoutes background migration. !16205
  • Force Auto DevOps kubectl version to 1.8.6. !16218
  • Fix missing references to pipeline objects when restoring project with import/export feature. !16221
  • Fix inconsistent downcase of filenames in prefilled Add commit messages. !16232 (James Ramsay)
  • Default merge request title is set correctly again when external issue tracker is activated. !16356 (Ben305)
  • Ensure that emails contain absolute, rather than relative, links to user uploads. !16364
  • Prevent invalid Route path if path is unchanged. !16397
  • Fixing rack request mime type when using rack attack. !16427
  • Prevent RevList failing on non utf8 paths. !16440
  • Fix giant fork icons on forks page. !16474
  • Fix links to uploaded files on wiki pages. !16499
  • Modify LDAP::Person to return username value based on attributes.
  • Fixed merge request status badge not updating after merging.
  • Remove related links in MR widget when empty state.
  • Gracefully handle garbled URIs in Markdown.
  • Fix hooks not being set up properly for bare import Rake task.
  • Fix Mermaid drawings not loading on some browsers.
  • Humanize the units of "Showing last X KiB of log" in job trace.
  • Avoid leaving a push event empty if payload cannot be created.
  • Show authored date rather than committed date on the commit list.
  • Fix when branch creation fails don't post system note. (Mateusz Bajorski)
  • Fix viewing merge request diffs where the underlying blobs are unavailable.
  • Fix 500 error when visiting a commit where the blobs do not exist.
  • Set target_branch to the ref branch when creating MR from issue.
  • Fix closed text for issues on Todos page.
  • [API] Fix creating issue when assignee_id is empty.
  • Fix false positive issue references in merge requests caused by header anchor links.
  • Fixed chanages dropdown ellipsis positioning.
  • Fix shortcut links on help page.
  • Clears visual token on second backspace. (Martin Wortschack)
  • Fix onion-skin re-entering state.
  • fix button alignment on MWPS component.
  • Add optional search param for Merge Requests API.
  • Normalizing Identity extern_uid when saving the record.
  • Fixed typo for issue description field declaration. (Marcus Amargi)
  • Fix ANSI 256 bold colors in pipelines job output.

Changed (18 changes, 3 of them are from the community)

  • Make mail notifications of discussion notes In-Reply-To of each other. !14289
  • Migrate existing data from KubernetesService to Clusters::Platforms::Kubernetes. !15589
  • Implement checking GCP project billing status in cluster creation form. !15665
  • Present multiple clusters in a single list instead of a tabbed view. !15669
  • Remove soft removals related code. !15789
  • Only mark import and fork jobs as failed once all Sidekiq retries get exhausted. !15844
  • Translate date ranges on contributors page. !15846
  • Update issuable status icons. !15898
  • Update feature toggle design to use icons and make it i18n friendly. !15904
  • Update groups tree to use GitLab SVG icons, add last updated at information for projects. !15980
  • Allow forking a public project to a private group. !16050
  • Expose project_id on /api/v4/pages/domains. !16200 (Luc Didry)
  • Display graph values on hover within monitoring page. !16261
  • removed tabindexes from tag form. (Marcus Amargi)
  • Move edit button to second row on issue page (and change it to a pencil icon).
  • Run background migrations with a minimum interval.
  • Provide additional cookies to JIRA service requests to allow Oracle WebGates Basic Auth. (Stanislaw Wozniak)
  • Hide markdown toolbar in preview mode.

Performance (11 changes)

  • Improve the performance for counting diverging commits. Show 999+ if it is more than 1000 commits. !15963
  • Treat empty markdown and html strings as valid cached text, not missing cache that needs to be updated.
  • Cache merged and closed events data in merge_request_metrics table.
  • Speed up generation of commit stats by using Rugged native methods.
  • Improve search query for issues.
  • Improve search query for merge requests.
  • Eager load event target authors whenever possible.
  • Use simple Next/Prev paging for jobs to avoid large count queries on arbitrarily large sets of historical jobs.
  • Improve performance of MR discussions on large diffs.
  • Add index on namespaces lower(name) for UsersController#exists.
  • Fix timeout when filtering issues by label.

Added (26 changes, 8 of them are from the community)

  • Support new chat notifications parameters in Services API. !11435
  • Add online and status attribute to runner api entity. !11750
  • Adds ordering to projects contributors in API. !15469 (Jacopo Beschi @jacopo-beschi)
  • Add assets_sync gem to Gemfile. !15734
  • Add a gitlab:tcp_check rake task. !15759
  • add support for sorting in tags api. !15772 (haseebeqx)
  • Add Prometheus to available Cluster applications. !15895
  • Validate file status when committing multiple files. !15922
  • List of avatars should never show +1. !15972 (Jacopo Beschi @jacopo-beschi)
  • Do not generate NPM links for private NPM modules in blob view. !16002 (Mario de la Ossa)
  • Backport fast database lookup of SSH authorized_keys from EE. !16014
  • Add i18n helpers to branch comparison view. !16031 (James Ramsay)
  • Add pause/resume button to project runners. !16032 (Mario de la Ossa)
  • Added option to user preferences to enable the multi file editor. !16056
  • Implement project jobs cache reset. !16067
  • Rendering of emoji's in Group-Overview. !16098 (Jacopo Beschi @jacopo-beschi)
  • Allow automatic creation of Kubernetes Integration from template. !16104
  • API: get participants from merge_requests & issues. !16187 (Brent Greeff)
  • Added option to disable commits stats in the commit endpoint. !16309
  • Disable creation of new Kubernetes Integrations unless they're active or created from template. !41054
  • Added badge to tree & blob views to indicate LFS tracked files.
  • Enable ordering of groups and their children by name.
  • Add button to run scheduled pipeline immediately.
  • Allow user to rebase merge requests.
  • Handle GitLab hashed storage repositories using the repo import task.
  • Hide runner token in CI/CD settings page.

Other (12 changes, 3 of them are from the community)

  • Adds the multi file editor as a new beta feature. !15430
  • Use relative URLs when linking to uploaded files. !15751
  • Add docs for why you might be signed out when using the Remember me token. !15756
  • Replace '.team << [user, role]' with 'add_role(user)' in specs. !16069 (@blackst0ne)
  • Add id to modal.vue to support data-toggle="modal". !16189
  • Update scss-lint to 0.56.0. !16278 (Takuya Noguchi)
  • Fix web ide user preferences copy and buttons. !41789
  • Update redis-rack to 2.0.4.
  • Import some code and functionality from gitlab-shell to improve subprocess handling.
  • Update Browse file to Choose file in all occurrences.
  • Bump mysql2 gem version from 0.4.5 to 0.4.10. (asaparov)
  • Use a background migration for issues.closed_at.

10.3.9 (2018-03-16)

Security (3 changes)

  • Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337
  • Update nokogiri to 1.8.2. !16807
  • Fix GitLab Auth0 integration signing in the wrong user.

10.3.8 (2018-03-01)

Security (1 change)

  • Ensure that OTP backup codes are always invalidated.

10.3.7 (2018-02-05)

Security (4 changes)

  • Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
  • Fix stored XSS in code blocks that ignore highlighting.
  • Fix wilcard protected tags protecting all branches.
  • Restrict Todo API mark_as_done endpoint to the user's todos only.

10.3.6 (2018-01-22)

Fixed (17 changes, 2 of them are from the community)

  • Fix abuse reports link url in admin area navbar. !16068 (megos)
  • Fix gitlab-rake gitlab:import:repos import schedule. !16115
  • Fixing bug when wiki last version. !16197
  • Prevent excessive DB load due to faulty DeleteConflictingRedirectRoutes background migration. !16205
  • Default merge request title is set correctly again when external issue tracker is activated. !16356 (Ben305)
  • Prevent invalid Route path if path is unchanged. !16397
  • Fixing rack request mime type when using rack attack. !16427
  • Prevent RevList failing on non utf8 paths. !16440
  • Fix 500 error when visiting a commit where the blobs do not exist.
  • Fix viewing merge request diffs where the underlying blobs are unavailable.
  • Gracefully handle garbled URIs in Markdown.
  • Fix hooks not being set up properly for bare import Rake task.
  • Fix Mermaid drawings not loading on some browsers.
  • Fixed chanages dropdown ellipsis positioning.
  • Avoid leaving a push event empty if payload cannot be created.
  • Set target_branch to the ref branch when creating MR from issue.
  • Fix shortcut links on help page.

10.3.5 (2018-01-18)

  • Fix error that prevented the 'deploy_keys' migration from working in MySQL databases.

10.3.4 (2018-01-10)

Security (7 changes, 1 of them is from the community)

  • Prevent a SQL injection in the MilestonesFinder.
  • Fix RCE via project import mechanism.
  • Prevent OAuth login POST requests when a provider has been disabled.
  • Filter out sensitive fields from the project services API. (Robert Schilling)
  • Check user authorization for source and target projects when creating a merge request.
  • Fix path traversal in gitlab-ci.yml cache:key.
  • Fix writable shared deploy keys.

10.3.3 (2018-01-02)

Fixed (3 changes)

  • Fix links to old commits in merge request comments.
  • Fix 404 errors after a user edits an issue description and solves the reCAPTCHA.
  • Gracefully handle orphaned write deploy keys in /internal/post_receive.

10.3.2 (2017-12-28)

Fixed (1 change)

  • Fix migration for removing orphaned issues.moved_to_id values in MySQL and PostgreSQL.

10.3.1 (2017-12-27)

Fixed (3 changes)

  • Don't link LFS objects to a project when unlinking forks when they were already linked. !16006
  • Execute project hooks and services after commit when moving an issue.
  • Fix Error 500s with anonymous clones for a project that has moved.

Changed (1 change)

  • Reduce the number of buckets in gitlab_cache_operation_duration_seconds metric. !15881

10.3.0 (2017-12-22)

Security (1 change, 1 of them is from the community)

  • Upgrade jQuery to 2.2.4. !15570 (Takuya Noguchi)

Fixed (55 changes, 8 of them are from the community)

  • Fail jobs if its dependency is missing. !14009
  • Fix errors when selecting numeric-only labels in the labels autocomplete selector. !14607 (haseebeqx)
  • Fix pipeline status transition for single manual job. This would also fix pipeline duration becuse it is depending on status transition. !15251
  • Fix acceptance of username for Mattermost service update. !15275
  • Set the default gitlab-shell timeout to 3 hours. !15292
  • Make sure a user can add projects to subgroups they have access to. !15294
  • OAuth identity lookups case-insensitive. !15312
  • Fix filter by my reaction is not working. !15345 (Hiroyuki Sato)
  • Avoid deactivation when pipeline schedules execute a branch includes [ci skip] comment. !15405
  • Add recaptcha modal to issue updates detected as spam. !15408
  • Fix item name and namespace text overflow in Projects dropdown. !15451
  • Removed unused rake task, 'rake gitlab:sidekiq:drop_post_receive'. !15493
  • Fix commits page throwing 500 when the multi-file editor was enabled. !15502
  • Fix Issue comment submit button being disabled when pasting content from another GFM note. !15530
  • Reenable Prometheus metrics, add more control over Prometheus method instrumentation. !15558
  • Fix broadcast message not showing up on login page. !15578
  • Initializes the branches dropdown when the 'Start new pipeline' failed due to validation errors. !15588 (Christiaan Van den Poel)
  • Fix merge requests where the source or target branch name matches a tag name. !15591
  • Create a fork network for forks with a deleted source. !15595
  • Fix search results when a filename would contain a special character. !15606 (haseebeqx)
  • Strip leading & trailing whitespaces in CI/CD secret variable keys. !15615
  • Correctly link to a forked project from the new fork page. !15653
  • Fix the fork project functionality for projects with hashed storage. !15671
  • Added default order to UsersFinder. !15679
  • Fix graph notes number duplication. !15696 (Vladislav Kaverin)
  • Fix updateEndpoint undefined error for issue_show app root. !15698
  • Change boards page boards_data absolute urls to paths. !15703
  • Using appropriate services in the API for managing forks. !15709
  • Confirming email with invalid token should no longer generate an error. !15726
  • fix #39233 - 500 in merge request. !15774 (Martin Nowak)
  • Use Markdown styling for new project guidelines. !15785 (Markus Koller)
  • Fix error during schema dump. !15866
  • Fix broken illustration images for monitoring page empty states. !15889
  • Make sure user email is read only when synced with LDAP. !15915
  • Fixed outdated browser flash positioning.
  • Fix gitlab:import:repos Rake task moving repositories into the wrong location.
  • Gracefully handle case when repository's root ref does not exist.
  • Fix GitHub importer using removed interface.
  • Align retry button with job title with new grid size.
  • Fixed admin welcome screen new group path.
  • Fix related branches/Merge requests failing to load when the hostname setting is changed.
  • Init zen mode in snippets pages.
  • Remove extra margin from wordmark in header.
  • Fixed long commit links not wrapping correctly.
  • Fixed deploy keys remove button loading state not resetting.
  • Use app host instead of asset host when rendering image blob or diff.
  • Hide log size for mobile screens.
  • Fix sending notification emails to users with the mention level set who were mentioned in an issue or merge request description.
  • Changed validation error message on wrong milestone dates. (Xurxo Méndez Pérez)
  • Fix access to the final page of todos.
  • Fixed new group milestone breadcrumbs.
  • Fix image diff notification email from showing wrong content.
  • Fixed merge request lock icon size.
  • Make sure head pippeline always corresponds with the head sha of an MR.
  • Prevent 500 error when inspecting job after trigger was removed.

Changed (14 changes, 2 of them are from the community)

  • Only owner or master can erase jobs. !15216
  • Allow password authentication to be disabled entirely. !15223 (Markus Koller)
  • Add the option to automatically run a pipeline after updating AutoDevOps settings. !15380
  • Add total_time_spent to the changes hash in issuable Webhook payloads. !15381
  • Monitor NFS shards for circuitbreaker in a separate process. !15426
  • Add inline editing to issues on mobile. !15438
  • Add custom brand text on new project pages. !15541 (Markus Koller)
  • Show only group name by default and put full namespace in tooltip in Groups tree. !15650
  • Use custom user agent header in all GCP API requests. !15705
  • Changed the deploy markers on the prometheus dashboard to be more verbose. !38032
  • Animate contextual sidebar on collapse/expand.
  • Update emojis. Add :gay_pride_flag: and :speech_left:. Remove extraneous comma in :cartwheel_tone4:.
  • When a custom header logo is present, don't show GitLab type logo.
  • Improved diff changed files dropdown design.

Performance (19 changes)

  • Add timeouts for Gitaly calls. !15047
  • Performance issues when loading large number of wiki pages. !15276
  • Add performance logging to UpdateMergeRequestsWorker. !15360
  • Keep track of all circuitbreaker keys in a set. !15613
  • Improve the performance for counting commits. !15628
  • Reduce requests for project forks on show page of projects that have forks. !15663
  • Perform SQL matching of Build&Runner tags to greatly speed-up job picking.
  • Only load branch names for protected branch checks.
  • Optimize API /groups/:id/projects by preloading associations.
  • Remove allocation tracking code from InfluxDB sampler for performance.
  • Throttle the number of UPDATEs triggered by touch.
  • Make finding most recent merge request diffs more efficient.
  • Fetch blobs in bulk when generating diffs.
  • Cache commits for MergeRequest diffs.
  • Use fuzzy search with minimum length of 3 characters where appropriate.
  • Add axios to common file.
  • Remove template selector from global namespace.
  • check the import_status field before doing SQL operations to check the import url.
  • Stop sending milestone and labels data over the wire for MR widget requests.

Added (22 changes, 15 of them are from the community)

  • Limit autocomplete menu to applied labels. !11110 (Vitaliy @blackst0ne Klachkov)
  • Make diff notes created on a commit in a merge request to persist a rebase. !12148
  • Allow creation of merge request from email. !13817 (janp)
  • Add an ability to use a custom branch name on creation from issues. !13884 (Vitaliy @blackst0ne Klachkov)
  • Add anonymous rate limit per IP, and authenticated (web or API) rate limits per user. !14708
  • Create a new form to add Existing Kubernetes Cluster. !14805
  • Add support of Mermaid (generation of diagrams and flowcharts from text). !15107 (Vitaliy @blackst0ne Klachkov)
  • Add total time spent to milestones. !15116 (George Andrinopoulos)
  • Add /groups/:id/subgroups endpoint to API. !15142 (marbemac)
  • Add administrative endpoint to list all pages domains. !15160 (Travis Miller)
  • Adds Rubocop rule for line break after guard clause. !15188 (Jacopo Beschi @jacopo-beschi)
  • Add edit button to mobile file view. !15199 (Travis Miller)
  • Add dropdown sort to group milestones. !15230 (George Andrinopoulos)
  • added support for ordering and sorting in notes api. !15342 (haseebeqx)
  • Hashed Storage migration script now supports migrating project attachments. !15352
  • New API endpoint - list jobs for a specified runner. !15432
  • Add new API endpoint - get a namespace by ID. !15442
  • Disables autocomplete in filtered searc. !15477 (Jacopo Beschi @jacopo-beschi)
  • Update empty state page of merge request 'changes' tab. !15611 (Vitaliy @blackst0ne Klachkov)
  • Allow git pull/push on group/user/project redirects. !15670
  • show status of gitlab reference links in wiki. !15694 (haseebeqx)
  • Add email confirmation parameters for user creation and update via API. (Daniel Juarez)

Other (17 changes, 7 of them are from the community)

  • Enable UnnecessaryMantissa in scss-lint. !15255 (Takuya Noguchi)
  • Add untracked files to uploads table. !15270
  • Move update_project_counter_caches? out of issue and merge request. !15300 (George Andrinopoulos)
  • Removed tooltip from clone dropdown. !15334
  • Clean up empty fork networks. !15373
  • Create issuable destroy service. !15604 (George Andrinopoulos)
  • Upgrade seed-fu to 2.3.7. !15607 (Takuya Noguchi)
  • Rename GKE as Kubernetes Engine. !15608 (Takuya Noguchi)
  • Prefer ci_config_path validation for leading slashes instead of sanitizing the input. !15672 (Christiaan Van den Poel)
  • Fix typo in docs about Elasticsearch. !15699 (Takuya Noguchi)
  • Add internationalization support for the prometheus integration. !33338
  • Export text utils functions as es6 module and add tests.
  • Stop reloading the page when using pagination and tabs - use API calls - in Pipelines table.
  • Clean up schema of the "issues" table.
  • Clarify wording of protected branch settings for the default branch.
  • Update svg external dependency.
  • Clean up schema of the "merge_requests" table.

10.2.8 (2018-02-07)

Security (4 changes)

  • Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
  • Fix stored XSS in code blocks that ignore highlighting.
  • Fix wilcard protected tags protecting all branches.
  • Restrict Todo API mark_as_done endpoint to the user's todos only.

10.2.7 (2018-01-18)

  • No changes.

10.2.6 (2018-01-11)

Security (9 changes, 1 of them is from the community)

  • Fix writable shared deploy keys.
  • Filter out sensitive fields from the project services API. (Robert Schilling)
  • Fix RCE via project import mechanism.
  • Fixed IPython notebook output not being sanitized.
  • Prevent OAuth login POST requests when a provider has been disabled.
  • Prevent a SQL injection in the MilestonesFinder.
  • Check user authorization for source and target projects when creating a merge request.
  • Fix path traversal in gitlab-ci.yml cache:key.
  • Fix XSS vulnerability in pipeline job trace.

10.2.5 (2017-12-15)

Fixed (8 changes)

  • Create a fork network for forks with a deleted source. !15595
  • Correctly link to a forked project from the new fork page. !15653
  • Fix the fork project functionality for projects with hashed storage. !15671
  • Fix updateEndpoint undefined error for issue_show app root. !15698
  • Fix broken illustration images for monitoring page empty states. !15889
  • Fix related branches/Merge requests failing to load when the hostname setting is changed.
  • Fix gitlab:import:repos Rake task moving repositories into the wrong location.
  • Gracefully handle case when repository's root ref does not exist.

Performance (3 changes)

  • Keep track of all circuitbreaker keys in a set. !15613
  • Only load branch names for protected branch checks.
  • Optimize API /groups/:id/projects by preloading associations.

10.2.4 (2017-12-07)

Security (5 changes)

  • Fix e-mail address disclosure through member search fields
  • Prevent creating issues through API when user does not have permissions
  • Prevent an information disclosure in the Groups API
  • Fix user without access to private Wiki being able to see it on the project page
  • Fix Cross-Site Scripting (XSS) vulnerability while editing a comment

10.2.3 (2017-11-30)

Fixed (7 changes)

  • Fix hashed storage for Import/Export uploads. !15482
  • Ensure that rake gitlab:cleanup:repos task does not mess with hashed repositories. !15520
  • Ensure that rake gitlab:cleanup:dirs task does not mess with hashed repositories. !15600
  • Fix WIP system note not being created.
  • Fix link text from group context.
  • Fix defaults for MR states and merge statuses.
  • Fix pulling and pushing using a personal access token with the sudo scope.

Performance (3 changes)

  • Drastically improve project search performance by no longer searching namespace name.
  • Reuse authors when rendering event Atom feeds.
  • Optimise StuckCiJobsWorker using cheap SQL query outside, and expensive inside.

10.2.2 (2017-11-23)

Fixed (5 changes)

  • Label addition/removal are not going to be redacted wrongfully in the API. !15080
  • Fix bitbucket wiki import with hashed storage enabled. !15490
  • Impersonation no longer gets stuck on password change. !15497
  • Fix blank states using old css.
  • Fix promoting milestone updating all issuables without milestone.

Performance (3 changes)

  • Update Issue Boards to fetch the notification subscription status asynchronously.
  • Update composite pipelines index to include "id".
  • Use arrays in Pipeline#latest_builds_with_artifacts.

Other (2 changes)

  • Don't move repositories and attachments for projects using hashed storage. !15479
  • Add logs for monitoring the merge process.

10.2.1 (2017-11-22)

Fixed (1 change)

  • Force disable Prometheus metrics.

10.2.0 (2017-11-22)

Security (4 changes)

  • Upgrade Ruby to 2.3.5 to include security patches. !15099
  • Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization.
  • Convert private tokens to Personal Access Tokens with sudo scope.
  • Remove private tokens from web interface and API.

Removed (5 changes)

  • Remove help text from group issues page and group merge requests page. !14963
  • Remove overzealous tooltips in projects page tabs. !15017
  • Stop merge requests from fetching their refs when the data is already available. !15129
  • Remove update merge request worker tagging.
  • Remove Session API now that private tokens are removed from user API endpoints.

Fixed (75 changes, 18 of them are from the community)

  • Fix 404 errors in API caused when the branch name had a dot. !14462 (gvieira37)
  • Remove unnecessary alt-texts from pipeline emails. !14602 (gernberg)
  • Renders 404 in commits controller if no commits are found for a given path. !14610 (Guilherme Vieira)
  • Cleanup data-page attribute after each Karma test. !14742
  • Removed extra border radius from .file-editor and .file-holder when editing a file. !14803 (Rachel Pipkin)
  • Add support for markdown preview to group milestones. !14806 (Vitaliy @blackst0ne Klachkov)
  • Fixed 'Removed source branch' checkbox in merge widget being ignored. !14832
  • Fix unnecessary ajax requests in admin broadcast message form. !14853
  • Make NamespaceSelect change URL when filtering. !14888
  • Get true failure from evalulate_script by checking for element beforehand. !14898
  • Fix SAML error 500 when no groups are defined for user. !14913
  • Fix 500 errors caused by empty diffs in some discussions. !14945 (Alexander Popov)
  • Fix the atom feed for group events. !14974
  • Hides pipeline duration in commit box when it is zero (nil). !14979 (gvieira37)
  • Add new diff discussions on MR diffs tab in "realtime". !14981
  • Returns a ssh url for go-get=1. !14990 (gvieira37)
  • Case insensitive search for branches. !14995 (George Andrinopoulos)
  • Fixes 404 error to 'Issues assigned to me' and 'Issues I've created' when issues are disabled. !15021 (Jacopo Beschi @jacopo-beschi)
  • Update the groups API documentation. !15024 (Robert Schilling)
  • Validate username/pw for Jiraservice, require them in the API. !15025 (Robert Schilling)
  • Update Merge Request polling so there is only one request at a time. !15032
  • Use project select dropdown not only as a combobutton. !15043
  • Remove create MR button from issues when MRs are disabled. !15071 (George Andrinopoulos)
  • Tighten up whitelisting of certain Geo routes. !15082
  • Allow to disable the Performance Bar. !15084
  • Refresh open Issue and Merge Request project counter caches when re-opening. !15085 (Rob Ede @robjtede)
  • Fix markdown form tabs toggling preview mode from double clicking write mode button. !15119
  • Fix cancel button not working while uploading on the new issue page. !15137
  • Fix webhooks recent deliveries. !15146 (Alexander Randa (@randaalex))
  • Fix issues with forked projects of which the source was deleted. !15150
  • Fix GPG signature popup info in Safari and Firefox. !15228
  • Fix GFM reference links for closed milestones. !15234 (Vitaliy @blackst0ne Klachkov)
  • When deleting merged branches, ignore protected tags. !15252
  • Revert a regression on runners sorting (!15134). !15341 (Takuya Noguchi)
  • Don't use JS to delete memberships from projects and groups. !15344
  • Don't try to create fork network memberships for forks with a missing source. !15366
  • Fix gitlab:backup rake for hashed storage based repositories. !15400
  • Fix issue where clicking a GPG verification badge would scroll to the top of the page. !15407
  • Update container repository path reference and allow using double underscore. !15417
  • Fix crash when navigating to second page of the group dashboard when there are projects and groups on the first page. !15456
  • Fix flash errors showing up on a non configured prometheus integration. !35652
  • Fix timezone bug in Pikaday and upgrade Pikaday version.
  • Fix arguments Import/Export error importing project merge requests.
  • Moves mini graph of pipeline to the end of sentence in MR widget. Cleans HTML and tests.
  • Fix user autocomplete in subgroups.
  • Fixed user profile activity tab being off-screen on mobile.
  • Fix diff parser so it tolerates to diff special markers in the content.
  • Fix a migration that adds merge_requests_ff_only_enabled column to MR table.
  • Don't create build failed todos when the job is automatically retried.
  • Render 404 when polling commit notes without having permissions.
  • Show error message when fast-forward merge is not possible.
  • Prevents position update for image diff notes.
  • Mobile-friendly table on Admin Runners. (Takuya Noguchi)
  • Decreases z-index of select2 to a lower number of our navigation bar.
  • Fix broken Members link when relative URL root paths are used.
  • Avoid regenerating the ref path for the environment.
  • Memoize GitLab logger to reduce open file descriptors.
  • Fix hashed storage with project transfers to another namespace.
  • Fix bad type checking to prevent 0 count badge to be shown.
  • Fix problem with issuable header wrapping when content is too long.
  • Move retry button in job page to sidebar.
  • Formats bytes to human reabale number in registry table.
  • Fix commit pipeline showing wrong status.
  • Include link to issue in reopen message for Slack and Mattermost notifications.
  • Fix double border UI bug on pipelines/environments table and pagination.
  • Remove native title tooltip in pipeline jobs dropdown in Safari.
  • Fix namespacing for MergeWhenPipelineSucceedsService in MR API.
  • Prevent error when authorizing an admin-created OAauth application without a set owner.
  • Always return full avatar URL for private/internal groups/projects when asset host is set.
  • Make sure group and project creation is blocked for new users that are external by default.
  • Make sure NotesActions#noteable returns a Noteable in the update action.
  • Reallow project paths ending in periods.
  • Only set Auto-Submitted header once for emails on push.
  • Fix overlap of right-sidebar and main content when creating a Wiki page.
  • Enables scroll to bottom once user has scrolled back to bottom in job log.

Changed (21 changes, 7 of them are from the community)

  • Added possibility to enter past date in /spend command to log time in the past. !3044 (g3dinua, LockiStrike)
  • Add Prometheus equivalent of all InfluxDB metrics. !13891
  • Show collapsible project lists. !14055
  • Make Prometheus metrics endpoint return empty response when metrics are disabled. !14490
  • Support custom attributes on groups and projects. !14593 (Markus Koller)
  • Avoid fetching all branches for branch existence checks. !14778
  • Update participants and subscriptions button in issuable sidebar to be async. !14836
  • Replace WikiPage::CreateService calls with wiki_page factory in specs. !14850 (Jacopo Beschi @jacopo-beschi)
  • Add lazy option to UserAvatarImage. !14895
  • Add readme only option as project view. !14900
  • Todos spelled correctly on Todos list page. !15015
  • Support uml:: and captions in reStructuredText. !15120 (Markus Koller)
  • Add system hooks user_rename and group_rename. !15123
  • Change tags order in refs dropdown. !15235 (Vitaliy @blackst0ne Klachkov)
  • Change default cluster size to n1-default-2. !39649 (Fabio Busatto)
  • Change 'Sign Out' route from a DELETE to a GET. !39708 (Joe Marty)
  • Change background color of nav sidebar to match other gl sidebars.
  • Update i18n section in FE docs for marking and interpolation.
  • Add a count of changes to the merge requests API.
  • Improve GitLab Import rake task to work with Hashed Storage and Subgroups.
  • 14830 Move GitLab export option to top of import list when creating a new project.

Performance (14 changes)

  • Improve branch listing page performance. !14729
  • Improve DashboardController#activity.json performance. !14985
  • Add a latest_merge_request_diff_id column to merge_requests. !15035
  • Improve performance of the /projects/:id/repository/branches API endpoint. !15215
  • Ensure merge requests with lots of version don't time out when searching for pipelines.
  • Speed up issues list APIs.
  • Remove Filesystem check metrics that use too much CPU to handle requests.
  • Disable Unicorn sampling in Sidekiq since there are no Unicorn sockets to monitor.
  • Truncate tree to max 1,000 items and display notice to users.
  • Add Performance improvement as category on the changelog.
  • Cache commits fetched from the repository.
  • Cache the number of user SSH keys.
  • Optimise getting the pipeline status of commits.
  • Improve performance of commits list by fully using DB index when getting commit note counts.

Added (26 changes, 10 of them are from the community)

  • Expose duration in Job entity. !13644 (Mehdi Lahmam (@mehlah))
  • Prevent git push when LFS objects are missing. !13837
  • Automatic configuration settings page. !13850 (Francisco Lopez)
  • Add API endpoints for Pages Domains. !13917 (Travis Miller)
  • Include the changes in issuable webhook payloads. !14308
  • Add Packagist project service. !14493 (Matt Coleman)
  • Add sort runners on admin runners. !14661 (Takuya Noguchi)
  • Repo Editor: Add option to start a new MR directly from comit section. !14665
  • Issue JWT token with registry:catalog:* scope when requested by GitLab admin. !14751 (Vratislav Kalenda)
  • Support show-all-refs for git over HTTP. !14834
  • Add loading button for new UX paradigm. !14883
  • Get Project Branch API shows an helpful error message on invalid refname. !14884 (Jacopo Beschi @jacopo-beschi)
  • Refactor have_http_status into have_gitlab_http_status. !14958 (Jacopo Beschi @jacopo-beschi)
  • Suggest to rename the remote for existing repository instructions. !14970 (helmo42)
  • Adds project_id to pipeline hook data. !15044 (Jacopo Beschi @jacopo-beschi)
  • Hashed Storage support for Attachments. !15068
  • Add metric tagging for sidekiq workers. !15111
  • Expose project visibility as CI variable - CI_PROJECT_VISIBILITY. !15193
  • Allow multiple queries in a single Prometheus graph to support additional environments (Canary, Staging, et al.). !15201
  • Allow promoting project milestones to group milestones.
  • Added submodule support in multi-file editor.
  • Add applications section to GKE clusters page to easily install Helm Tiller, Ingress.
  • Allow files to uploaded in the multi-file editor.
  • Add Ingress to available Cluster applications.
  • Adds typescript support.
  • Add sudo scope for OAuth and Personal Access Tokens to be used by admins to impersonate other users on the API.

Other (18 changes, 8 of them are from the community)

  • Decrease Perceived Complexity threshold to 14. !14231 (Maxim Rydkin)
  • Replace the 'features/explore/projects.feature' spinach test with an rspec analog. !14755 (Vitaliy @blackst0ne Klachkov)
  • While displaying a commit, do not show list of related branches if there are thousands of branches. !14812
  • Removed d3.js from the graph and users bundles and used the common_d3 bundle instead. !14826
  • Make contributors page translatable. !14915
  • Decrease ABC threshold to 54.28. !14920 (Maxim Rydkin)
  • Clarify system_hook triggers in documentation. !14957 (Joe Marty)
  • Free up some reserved group names. !15052
  • Bump carrierwave to 1.2.1. !15072 (Takuya Noguchi)
  • Enable NestingDepth (level 6) on scss-lint. !15073 (Takuya Noguchi)
  • Enable BorderZero rule in scss-lint. !15168 (Takuya Noguchi)
  • Internationalized tags page. !38589
  • Moves placeholders components into shared folder with documentation. Makes them easier to reuse in MR and Snippets comments.
  • Reorganize welcome page for new users.
  • Refactor GroupLinksController. (15121)
  • Remove filter icon from search bar.
  • Use title as placeholder instead of issue title for reusability.
  • Add Gitaly metrics to the performance bar.

10.1.7 (2018-01-18)

  • No changes.

10.1.6 (2018-01-11)

Security (8 changes, 1 of them is from the community)

  • Fix writable shared deploy keys.
  • Filter out sensitive fields from the project services API. (Robert Schilling)
  • Fix RCE via project import mechanism.
  • Prevent OAuth login POST requests when a provider has been disabled.
  • Prevent a SQL injection in the MilestonesFinder.
  • Check user authorization for source and target projects when creating a merge request.
  • Fix path traversal in gitlab-ci.yml cache:key.
  • Fix XSS vulnerability in pipeline job trace.

10.1.5 (2017-12-07)

Security (5 changes)

  • Fix e-mail address disclosure through member search fields
  • Prevent creating issues through API when user does not have permissions
  • Prevent an information disclosure in the Groups API
  • Fix user without access to private Wiki being able to see it on the project page
  • Fix Cross-Site Scripting (XSS) vulnerability while editing a comment

10.1.4 (2017-11-14)

Fixed (4 changes)

  • Don't try to create fork network memberships for forks with a missing source. !15366
  • Formats bytes to human reabale number in registry table.
  • Prevent error when authorizing an admin-created OAauth application without a set owner.
  • Prevents position update for image diff notes.

10.1.3 (2017-11-10)

  • [SECURITY] Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization.
  • [FIXED] Fix cancel button not working while uploading on the new issue page. !15137
  • [FIXED] Fix webhooks recent deliveries. !15146 (Alexander Randa (@randaalex))
  • [FIXED] Fix issues with forked projects of which the source was deleted. !15150
  • [FIXED] Fix GPG signature popup info in Safari and Firefox. !15228
  • [FIXED] Make sure group and project creation is blocked for new users that are external by default.
  • [FIXED] Fix arguments Import/Export error importing project merge requests.
  • [FIXED] Fix diff parser so it tolerates to diff special markers in the content.
  • [FIXED] Fix a migration that adds merge_requests_ff_only_enabled column to MR table.
  • [FIXED] Render 404 when polling commit notes without having permissions.
  • [FIXED] Show error message when fast-forward merge is not possible.
  • [FIXED] Avoid regenerating the ref path for the environment.
  • [PERFORMANCE] Remove Filesystem check metrics that use too much CPU to handle requests.

10.1.2 (2017-11-08)

  • [SECURITY] Add X-Content-Type-Options header in API responses to make it more difficult to find other vulnerabilities.
  • [SECURITY] Properly translate IP addresses written in decimal, octal, or other formats in SSRF protections in project imports.
  • [FIXED] Fix TRIGGER checks for MySQL.

10.1.1 (2017-10-31)

  • [FIXED] Auto Devops kubernetes default namespace is now correctly built out of gitlab project group-name. !14642 (Mircea Danila Dumitrescu)
  • [FIXED] Forbid the usage of Redis#keys. !14889
  • [FIXED] Make the circuitbreaker more robust by adding higher thresholds, and multiple access attempts. !14933
  • [FIXED] Only cache last push event for existing projects when pushing to a fork. !14989
  • [FIXED] Fix bug preventing secondary emails from being confirmed. !15010
  • [FIXED] Fix broken wiki pages that link to a wiki file. !15019
  • [FIXED] Don't rename paths that were freed up when upgrading. !15029
  • [FIXED] Fix bitbucket login. !15051
  • [FIXED] Update gitaly in GitLab 10.1 to 0.43.1 for temp file cleanup. !15055
  • [FIXED] Use the correct visibility attribute for projects in system hooks. !15065
  • [FIXED] Normalize LDAP DN when looking up identity.
  • [FIXED] Adds callback functions for initial request in clusters page.
  • [FIXED] Fix missing Import/Export issue assignees.
  • [FIXED] Allow boards as top level route.
  • [FIXED] Fix widget of locked merge requests not being presented.
  • [FIXED] Fix editing issue description in mobile view.
  • [FIXED] Fix deletion of container registry or images returning an error.
  • [FIXED] Fix the writing of invalid environment refs.
  • [CHANGED] Store circuitbreaker settings in the database instead of config. !14842
  • [CHANGED] Update default disabled merge request widget message to reflect a general failure. !14960
  • [PERFORMANCE] Stop merge requests with thousands of commits from timing out. !15063

10.1.0 (2017-10-22)

  • [SECURITY] Use a timeout on certain git operations. !14872
  • [SECURITY] Move project repositories between namespaces when renaming users.
  • [SECURITY] Prevent an open redirect on project pages.
  • [SECURITY] Prevent a persistent XSS in user-provided markup.
  • [REMOVED] Remove the ability to visit the issue edit form directly. !14523
  • [REMOVED] Remove animate.js and label animation.
  • [FIXED] Perform prometheus data endpoint requests in parallel. !14003
  • [FIXED] Escape quotes in git username. !14020 (Brandon Everett)
  • [FIXED] Fixed non-UTF-8 valid branch names from causing an error. !14090
  • [FIXED] Read import sources from setting at first initialization. !14141 (Visay Keo)
  • [FIXED] Display full pre-receive and post-receive hook output in GitLab UI. !14222 (Robin Bobbitt)
  • [FIXED] Fix incorrect X-axis labels in Prometheus graphs. !14258
  • [FIXED] Fix the default branches sorting to actually be 'Last updated'. !14295
  • [FIXED] Fixes project denial of service via gitmodules using Extended ASCII. !14301
  • [FIXED] Fix the filesystem shard health check to check all configured shards. !14341
  • [FIXED] Compare email addresses case insensitively when verifying GPG signatures. !14376 (Tim Bishop)
  • [FIXED] Allow the git circuit breaker to correctly handle missing repository storages. !14417
  • [FIXED] Fix rake gitlab:incoming_email:check and make it report the actual error. !14423
  • [FIXED] Does not check if an invariant hashed storage path exists on disk when renaming projects. !14428
  • [FIXED] Also reserve refs/replace after importing a project. !14436
  • [FIXED] Fix profile image orientation based on EXIF data gvieira37. !14461 (gvieira37)
  • [FIXED] Move the deployment flag content to the left when deployment marker is near the end. !14514
  • [FIXED] Fix notes type created from import. This should fix some missing notes issues from imported projects. !14524
  • [FIXED] Fix bottom spacing for dropdowns that open upwards. !14535
  • [FIXED] Adjusts tag link to avoid underlining spaces. !14544 (Guilherme Vieira)
  • [FIXED] Add missing space in Sidekiq memory killer log message. !14553 (Benjamin Drung)
  • [FIXED] Ensure no exception is raised when Raven tries to get the current user in API context. !14580
  • [FIXED] Fix edit project service cancel button position. !14596 (Matt Coleman)
  • [FIXED] Fix case sensitive email confirmation on signup. !14606 (robdel12)
  • [FIXED] Whitelist authorized_keys.lock in the gitlab:check rake task. !14624
  • [FIXED] Allow merge in MR widget with no pipeline but using "Only allow merge requests to be merged if the pipeline succeeds". !14633
  • [FIXED] Fix navigation dropdown close animation on mobile screens. !14649
  • [FIXED] Fix the project import with issues and milestones. !14657
  • [FIXED] Use explicit boolean true attribute for show-disabled-button in Vue files. !14672
  • [FIXED] Make tabs on top scrollable on admin dashboard. !14685 (Takuya Noguchi)
  • [FIXED] Fix broken Y-axis scaling in some Prometheus graphs. !14693
  • [FIXED] Search or compare LDAP DNs case-insensitively and ignore excess whitespace. !14697
  • [FIXED] Allow prometheus graphs to correctly handle NaN values. !14741
  • [FIXED] Don't show an "Unsubscribe" link in snippet comment notifications. !14764
  • [FIXED] Fixed duplicate notifications when added multiple labels on an issue. !14798
  • [FIXED] Fix alignment for indeterminate marker in dropdowns. !14809
  • [FIXED] Fix error when updating a forked project with deleted ForkedProjectLink. !14916
  • [FIXED] Correctly render asset path for locales with a region. !14924
  • [FIXED] Fix the external URLs generated for online view of HTML artifacts. !14977
  • [FIXED] Reschedule merge request diff background migrations to catch failures from 9.5 run.
  • [FIXED] fix merge request widget status icon for failed CI.
  • [FIXED] Fix the number representing the amount of commits related to a push event.
  • [FIXED] Sync up hover and legend data across all graphs for the prometheus dashboard.
  • [FIXED] Fixes mini pipeline graph in commit view.
  • [FIXED] Fix comment deletion confirmation dialog typo.
  • [FIXED] Fix project snippets breadcrumb link.
  • [FIXED] Make usage ping scheduling more robust.
  • [FIXED] Make "merge ongoing" check more consistent.
  • [FIXED] Add 1000+ counters to job page.
  • [FIXED] Fixed issue/merge request breadcrumb titles not having links.
  • [FIXED] Fixed commit avatars being centered vertically.
  • [FIXED] Tooltips in the commit info box now all face the same direction. (Jedidiah Broadbent)
  • [FIXED] Fixed navbar title colors leaking out of the navbar.
  • [FIXED] Fix bug that caused merge requests with diff notes imported from Bitbucket to raise errors.
  • [FIXED] Correctly detect multiple issue URLs after 'Closes...' in MR descriptions.
  • [FIXED] Set default scope on PATs that don't have one set to allow them to be revoked.
  • [FIXED] Fix application setting to cache nil object.
  • [FIXED] Fix image diff swipe handle offset to correctly align with the frame.
  • [FIXED] Force non diff resolved discussion to display when collapse toggled.
  • [FIXED] Fix resolved discussions not expanding on side by side view.
  • [FIXED] Fixed the sidebar scrollbar overlapping links.
  • [FIXED] Issue board tooltips are now the correct width when the column is collapsed. (Jedidiah Broadbent)
  • [FIXED] Improve autodevops banner UX and render it only in project page.
  • [FIXED] Fix typo in cycle analytics breaking time component.
  • [FIXED] Force two up view to load by default for image diffs.
  • [FIXED] Fixed milestone breadcrumb links.
  • [FIXED] Fixed group sort dropdown defaulting to empty.
  • [FIXED] Fixed notes not being scrolled to in merge requests.
  • [FIXED] Adds Event polyfill for IE11.
  • [FIXED] Update native unicode emojis to always render as normal text (previously could render italicized). (Branka Martinovic)
  • [FIXED] Sort JobsController by id, not created_at.
  • [FIXED] Fix revision and total size missing for Container Registry.
  • [FIXED] Fixed milestone issuable assignee link URL.
  • [FIXED] Fixed breadcrumbs container expanding in side-by-side diff view.
  • [FIXED] Fixed merge request widget merged & closed date tooltip text.
  • [FIXED] Prevent creating multiple ApplicationSetting instances.
  • [FIXED] Fix username and ID not logging in production_json.log for Git activity.
  • [FIXED] Make Redcarpet Markdown renderer thread-safe.
  • [FIXED] Two factor auth messages in settings no longer overlap the button. (Jedidiah Broadbent)
  • [FIXED] Made the "remember me" check boxes have consistent styles and alignment. (Jedidiah Broadbent)
  • [FIXED] Prevent branches or tags from starting with invalid characters (e.g. -, .).
  • [DEPRECATED] Removed two legacy config options. (Daniel Voogsgerd)
  • [CHANGED] Show notes number more user-friendly in the graph. !13949 (Vladislav Kaverin)
  • [CHANGED] Link SAML users to LDAP by email. !14216
  • [CHANGED] Display whether branch has been merged when deleting protected branch. !14220
  • [CHANGED] Make the labels in the Compare form less confusing. !14225
  • [CHANGED] Confirmation email shows link as text instead of human readable text. !14243 (bitsapien)
  • [CHANGED] Return only group's members in user dropdowns on issuables list pages. !14249
  • [CHANGED] Added defaults for protected branches dropdowns on the repository settings. !14278
  • [CHANGED] Show confirmation modal before deleting account. !14360
  • [CHANGED] Allow creating merge requests across a fork network. !14422
  • [CHANGED] Re-arrange script HTML tags before template HTML tags in .vue files. !14671
  • [CHANGED] Create idea of read-only database. !14688
  • [CHANGED] Add active states to nav bar counters.
  • [CHANGED] Add view replaced file link for image diffs.
  • [CHANGED] Adjust tooltips to adhere to 8px grid and make them more readable.
  • [CHANGED] breadcrumbs receives padding when double lined.
  • [CHANGED] Allow developer role to admin milestones.
  • [CHANGED] Stop using Sidekiq for updating Key#last_used_at.
  • [CHANGED] Include GitLab full name in Slack messages.
  • [ADDED] Expose last pipeline details in API response when getting a single commit. !13521 (Mehdi Lahmam (@mehlah))
  • [ADDED] Allow to use same periods for different housekeeping tasks (effectively skipping the lesser task). !13711 (cernvcs)
  • [ADDED] Add GitLab-Pages version to Admin Dashboard. !14040 (travismiller)
  • [ADDED] Commenting on image diffs. !14061
  • [ADDED] Script to migrate project's repositories to new Hashed Storage. !14067
  • [ADDED] Hide close MR button after merge without reloading page. !14122 (Jacopo Beschi @jacopo-beschi)
  • [ADDED] Add Gitaly version to Admin Dashboard. !14313 (Jacopo Beschi @jacopo-beschi)
  • [ADDED] Add 'closed_at' attribute to Issues API. !14316 (Vitaliy @blackst0ne Klachkov)
  • [ADDED] Add tooltip for milestone due date to issue and merge request lists. !14318 (Vitaliy @blackst0ne Klachkov)
  • [ADDED] Improve list of sorting options. !14320 (Vitaliy @blackst0ne Klachkov)
  • [ADDED] Add client and call site metadata to Gitaly calls for better traceability. !14332
  • [ADDED] Strip gitlab-runner section markers in build trace HTML view. !14393
  • [ADDED] Add online view of HTML artifacts for public projects. !14399
  • [ADDED] Create Kubernetes cluster on GKE from k8s service. !14470
  • [ADDED] Add support for GPG subkeys in signature verification. !14517
  • [ADDED] Parse and store gitlab-runner timestamped section markers. !14551
  • [ADDED] Add "implements" to the default issue closing message regex. !14612 (Guilherme Vieira)
  • [ADDED] Replace tag: true into :tag in the specs. !14653 (Jacopo Beschi @jacopo-beschi)
  • [ADDED] Discussion lock for issues and merge requests.
  • [ADDED] Add an API endpoint to determine the forks of a project.
  • [ADDED] Add help text to runner edit: tags should be separated by commas. (Brendan O'Leary)
  • [ADDED] Only copy old/new code when selecting left/right side of parallel diff.
  • [ADDED] Expose avatar_url when requesting list of projects from API with simple=true.
  • [ADDED] A confirmation email is now sent when adding a secondary email address. (digitalmoksha)
  • [ADDED] Move Custom merge methods from EE.
  • [ADDED] Makes @mentions links have a different styling for better separation.
  • [ADDED] Added tabs to dashboard/projects to easily switch to personal projects.
  • [OTHER] Extract AutocompleteController#users into finder. !13778 (Maxim Rydkin, Mayra Cabrera)
  • [OTHER] Replace 'project/wiki.feature' spinach test with an rspec analog. !13856 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Expand docs for changing username or group path. !13914
  • [OTHER] Move lib/ci to lib/gitlab/ci. !14078 (Maxim Rydkin)
  • [OTHER] Decrease Cyclomatic Complexity threshold to 13. !14152 (Maxim Rydkin)
  • [OTHER] Decrease Perceived Complexity threshold to 15. !14160 (Maxim Rydkin)
  • [OTHER] Replace project/group_links.feature spinach test with an rspec analog. !14169 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the project/milestone.feature spinach test with an rspec analog. !14171 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the profile/emails.feature spinach test with an rspec analog. !14172 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the project/team_management.feature spinach test with an rspec analog. !14173 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'project/merge_requests/accept.feature' spinach test with an rspec analog. !14176 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'project/builds/summary.feature' spinach test with an rspec analog. !14177 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Optimize the boards' issues fetching. !14198
  • [OTHER] Replace the 'project/merge_requests/revert.feature' spinach test with an rspec analog. !14201 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'project/issues/award_emoji.feature' spinach test with an rspec analog. !14202 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'profile/active_tab.feature' spinach test with an rspec analog. !14239 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'search.feature' spinach test with an rspec analog. !14248 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Load sidebar participants avatars only when visible. !14270
  • [OTHER] Adds gitlab features and components to usage ping data. !14305
  • [OTHER] Replace the 'project/archived.feature' spinach test with an rspec analog. !14322 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'project/commits/revert.feature' spinach test with an rspec analog. !14325 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'project/snippets.feature' spinach test with an rspec analog. !14326 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Add link to OpenID Connect documentation. !14368 (Markus Koller)
  • [OTHER] Upgrade doorkeeper-openid_connect. !14372 (Markus Koller)
  • [OTHER] Upgrade gitlab-markup gem. !14395 (Markus Koller)
  • [OTHER] Index projects on repository storage. !14414
  • [OTHER] Replace the 'project/shortcuts.feature' spinach test with an rspec analog. !14431 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace the 'project/service.feature' spinach test with an rspec analog. !14432 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Improve GitHub import performance. !14445
  • [OTHER] Add basic sprintf implementation to JavaScript. !14506
  • [OTHER] Replace the 'project/merge_requests.feature' spinach test with an rspec analog. !14621 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Update GitLab Pages to v0.6.0. !14630
  • [OTHER] Add documentation to summarise project archiving. !14650
  • [OTHER] Remove 'Repo' prefix from API entites. !14694 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Removes cycle analytics service and store from global namespace.
  • [OTHER] Improves i18n for Auto Devops callout.
  • [OTHER] Exports common_utils utility functions as modules.
  • [OTHER] Use simple=true for projects API in Projects dropdown for better search performance.
  • [OTHER] Change index on ci_builds to optimize Jobs Controller.
  • [OTHER] Add index for merge_requests.merge_commit_sha.
  • [OTHER] Add (partial) index on Labels.template.
  • [OTHER] Cache issue and MR template names in Redis.
  • [OTHER] changed dashed border button color to be darker.
  • [OTHER] Speed up permission checks.
  • [OTHER] Fix docs for lightweight tag creation via API.
  • [OTHER] Clarify artifact download via the API only accepts branch or tag name for ref.
  • [OTHER] Change recommended MySQL version to 5.6.
  • [OTHER] Bump google-api-client Gem from 0.8.6 to 0.13.6.
  • [OTHER] Detect when changelog entries are invalid.
  • [OTHER] Use a UNION ALL for getting merge request notes.
  • [OTHER] Remove an index on ci_builds meant to be only temporary.
  • [OTHER] Remove a SQL query from the todos index page.
  • Support custom attributes on users. !13038 (Markus Koller)
  • made read-only APIs for public merge requests available without authentication. !13291 (haseebeqx)
  • Hide read_registry scope when registry is disabled on instance. !13314 (Robin Bobbitt)
  • creation of keys moved to services. !13331 (haseebeqx)
  • Add username as GL_USERNAME in hooks.

10.0.7 (2017-12-07)

Security (5 changes)

  • Fix e-mail address disclosure through member search fields
  • Prevent creating issues through API when user does not have permissions
  • Prevent an information disclosure in the Groups API
  • Fix user without access to private Wiki being able to see it on the project page
  • Fix Cross-Site Scripting (XSS) vulnerability while editing a comment

10.0.5 (2017-11-03)

  • [FIXED] Fix incorrect X-axis labels in Prometheus graphs. !14258
  • [FIXED] Fix rake gitlab:incoming_email:check and make it report the actual error. !14423
  • [FIXED] Does not check if an invariant hashed storage path exists on disk when renaming projects. !14428
  • [FIXED] Fix bottom spacing for dropdowns that open upwards. !14535
  • [FIXED] Fix the project import with issues and milestones. !14657
  • [FIXED] Fix broken Y-axis scaling in some Prometheus graphs. !14693
  • [FIXED] Fixed duplicate notifications when added multiple labels on an issue. !14798
  • [FIXED] Don't rename paths that were freed up when upgrading. !15029
  • [FIXED] Fixed issue/merge request breadcrumb titles not having links.
  • [FIXED] Fix application setting to cache nil object.
  • [FIXED] Fix missing Import/Export issue assignees.
  • [FIXED] Allow boards as top level route.
  • [FIXED] Fixed milestone breadcrumb links.
  • [FIXED] Fixed merge request widget merged & closed date tooltip text.
  • [FIXED] fix merge request widget status icon for failed CI.

10.0.4 (2017-10-16)

  • [SECURITY] Move project repositories between namespaces when renaming users.
  • [SECURITY] Prevent an open redirect on project pages.
  • [SECURITY] Prevent a persistent XSS in user-provided markup.

10.0.3 (2017-10-05)

  • [FIXED] find_user Users helper method no longer overrides find_user API helper method. !14418
  • [FIXED] Fix CSRF validation issue when closing/opening merge requests from the UI. !14555
  • [FIXED] Kubernetes integration: ensure v1.8.0 compatibility. !14635
  • [FIXED] Fixes data parameter not being sent in ajax request for jobs log.
  • [FIXED] Improves UX of autodevops popover to match gpg one.
  • [FIXED] Fixed commenting on side-by-side commit diff.
  • [FIXED] Make sure API responds with 401 when invalid authentication info is provided.
  • [FIXED] Fix merge request counter updates after merge.
  • [FIXED] Fix gitlab-rake gitlab:import:repos task failing.
  • [FIXED] Fix pushes to an empty repository not invalidating has_visible_content? cache.
  • [FIXED] Ensure all refs are restored on a restore from backup.
  • [FIXED] Gitaly RepositoryExists remains opt-in for all method calls.
  • [FIXED] Fix 500 error on merged merge requests when GitLab is restored from a backup.
  • [FIXED] Adjust MRs being stuck on "process of being merged" for more than 2 hours.

10.0.2 (2017-09-27)

  • [FIXED] Notes will not show an empty bubble when the author isn't a member. !14450
  • [FIXED] Some checks in rake gitlab:check were failling with 'undefined method run_command'. !14469
  • [FIXED] Make locked setting of Runner to not affect jobs scheduling. !14483
  • [FIXED] Re-allow name attribute on user-provided anchor HTML.

10.0.1 (2017-09-23)

  • [FIXED] Fix duplicate key errors in PostDeployMigrateUserExternalMailData migration.

10.0.0 (2017-09-22)

  • [SECURITY] Upgrade brace-expansion NPM package due to security issue. !13665 (Markus Koller)
  • [REMOVED] Remove CI API v1.
  • [FIXED] Ensure correct visibility level options shown on all Project, Group, and Snippets forms. !13442
  • [FIXED] Fix the /projects/:id/repository/files/:file_path/raw endpoint to handle dots in the file_path. !13512 (mahcsig)
  • [FIXED] Merge request reference in merge commit changed to full reference. !13518 (haseebeqx)
  • [FIXED] Removes Sortable default scope. !13558
  • [FIXED] Wiki table of contents are now properly nested to reflect header level. !13650 (Akihiro Nakashima)
  • [FIXED] Improve bare project import: Allow subgroups, take default visibility level into account. !13670
  • [FIXED] Fix group and project search for anonymous users. !13745
  • [FIXED] Fix searching for files by path. !13798
  • [FIXED] Fix division by zero error in blame age mapping. !13803 (Jeff Stubler)
  • [FIXED] Fix incorrect date/time formatting on prometheus graphs. !13865
  • [FIXED] Changes the password change workflow for admins. !13901
  • [FIXED] API: Respect default group visibility when creating a group. !13903 (Robert Schilling)
  • [FIXED] Unescape HTML characters in Wiki title. !13942 (Jacopo Beschi @jacopo-beschi)
  • [FIXED] Make blob viewer for rich contents wider for mobile. !14011 (Takuya Noguchi)
  • [FIXED] Fix typo in the API Deploy Keys documentation page. !14014 (Vitaliy @blackst0ne Klachkov)
  • [FIXED] Hide admin link from default search results for non-admins. !14015
  • [FIXED] Fix problems sanitizing URLs with empty passwords. !14083
  • [FIXED] Fix stray OR in New Project page. !14096 (Robin Bobbitt)
  • [FIXED] Fix a wrong X-Gitlab-Event header when testing webhooks. !14108
  • [FIXED] Fix the diff file header from being html escaped for renamed files. !14121
  • [FIXED] Image attachments are properly displayed in notification emails again. !14161
  • [FIXED] Fixes the 500 errors caused by a race condition in GPG's tmp directory handling. !14194 (Alexis Reigel)
  • [FIXED] Fix MR ready to merge buttons/controls at mobile breakpoint. !14242
  • [FIXED] Fix Pipeline Triggers to show triggered label and predefined variables (e.g. CI_PIPELINE_TRIGGERED). !14244
  • [FIXED] Allow using newlines in pipeline email service recipients. !14250
  • [FIXED] Fix errors when moving issue with reference to a group milestone. !14294
  • [FIXED] Fix the "resolve discussion in a new issue" button. !14357
  • [FIXED] File uploaders do not perform hard check, only soft check.
  • [FIXED] Add to_project_id parameter to Move Issue via API example.
  • [FIXED] Update x/x discussions resolved checkmark icon to be green when all discussions resolved.
  • [FIXED] Fixed add diff note button not showing after deleting a comment.
  • [FIXED] Fix broken svg in jobs dropdown for success status.
  • [FIXED] Fix buttons with different height in merge request widget.
  • [FIXED] Removes disabled state from dashboard project button.
  • [FIXED] Better align fallback image emojis.
  • [FIXED] Remove focus styles from dropdown empty links.
  • [FIXED] Fix inconsistent spacing for edit buttons on issues and merge request page.
  • [FIXED] Fix edit merge request and issues button inconsistent letter casing.
  • [FIXED] Improve Import/Export memory usage.
  • [FIXED] Fix Import/Export issue to do with fork merge requests.
  • [FIXED] Fix invite by email address duplication.
  • [FIXED] Adds tooltip to the branch name and improves performance.
  • [FIXED] Disable GitLab Project Import Button if source disabled.
  • [FIXED] Migrate issues authored by deleted user to the Ghost user.
  • [FIXED] Fix new navigation wrapping and causing height to grow.
  • [FIXED] Normalize styles for empty state combo button.
  • [FIXED] Fix external link to Composer website.
  • [FIXED] Prevents jobs dropdown from closing in pipeline graph.
  • [FIXED] Include the is_admin field in the GET /users/:id API when current user is an admin.
  • [FIXED] Fix breadcrumbs container in issue boards.
  • [FIXED] Fix project feature being deleted when updating project with invalid visibility level.
  • [FIXED] Truncate milestone title if sidebar is collapsed.
  • [FIXED] Prevents rendering empty badges when request fails.
  • [FIXED] Fixes margins on the top buttons of the pipeline table.
  • [FIXED] Bump jira-ruby gem to 1.4.1 to fix issues with HTTP proxies.
  • [FIXED] Eliminate N+1 queries in loading discussions.json endpoint.
  • [FIXED] Eliminate N+1 queries referencing issues.
  • [FIXED] Remove unnecessary loading of discussions in IssuesController#show.
  • [FIXED] Fix errors thrown in merge request widget with external CI service/integration.
  • [FIXED] Do not show the Auto DevOps banner when the project has a .gitlab-ci.yml on master.
  • [FIXED] Reword job to pipeline to reflect what the graphs are really about.
  • [FIXED] Sort templates in the dropdown.
  • [FIXED] Fix Auto DevOps banner to be shown on empty projects.
  • [FIXED] Resolve Image onion skin + swipe does not work anymore.
  • [FIXED] Fix mini graph pipeline breakin in merge request view.
  • [FIXED] Fixed merge request changes bar jumping.
  • [FIXED] Improve migrations using triggers.
  • [FIXED] Fix ConvDev Index nav item and Monitoring submenu regression.
  • [FIXED] disabling notifications globally now properly turns off group/project added emails !13325
  • [DEPRECATED] Deprecate custom SSH client configuration for the git user. !13930
  • [CHANGED] allow all users to delete their account. !13636 (Jacopo Beschi @jacopo-beschi)
  • [CHANGED] Use full path of project's avatar in webhooks. !13649 (Vitaliy @blackst0ne Klachkov)
  • [CHANGED] Add filtered search to group merge requests dashboard. !13688 (Hiroyuki Sato)
  • [CHANGED] Fire hooks asynchronously when creating a new job to improve performance. !13734
  • [CHANGED] Improve performance for AutocompleteController#users.json. !13754 (Hiroyuki Sato)
  • [CHANGED] Update the GPG verification semantics: A GPG signature must additionally match the committer in order to be verified. !13771 (Alexis Reigel)
  • [CHANGED] Support a multi-word fuzzy search issues/merge requests on search bar. !13780 (Hiroyuki Sato)
  • [CHANGED] Default LDAP config "verify_certificates" to true for security. !13915
  • [CHANGED] "Share with group lock" now applies to subgroups, but owner can override setting on subgroups. !13944
  • [CHANGED] Make Gitaly PostUploadPack mandatory. !13953
  • [CHANGED] Remove project select dropdown from breadcrumb. !14010
  • [CHANGED] Redesign project feature permissions settings. !14062
  • [CHANGED] Document version Group Milestones API introduced.
  • [CHANGED] Finish migration to the new events setup.
  • [CHANGED] restyling of OAuth authorization confirmation. (Jacopo Beschi @jacopo-beschi)
  • [CHANGED] Added support for specific labels and colors.
  • [CHANGED] Move "Move issue" controls to right-sidebar.
  • [CHANGED] Remove pages settings when not available.
  • [CHANGED] Allow all AutoDevOps banners to be turned off.
  • [CHANGED] Update Rails project template to use Postgresql by default.
  • [CHANGED] Added support the multiple time series for prometheus monitoring.
  • [ADDED] API: Respect the "If-Unmodified-Since" header when delting a resource. !9621 (Robert Schilling)
  • [ADDED] Protected runners. !13194
  • [ADDED] Add support for copying permalink to notes via more actions dropdown. !13299
  • [ADDED] Add API support for wiki pages. !13372 (Vitaliy @blackst0ne Klachkov)
  • [ADDED] Add a Last 7 days option for Cycle Analytics view. !13443 (Mehdi Lahmam (@mehlah))
  • [ADDED] inherits milestone and labels when a merge request is created from issue. !13461 (haseebeqx)
  • [ADDED] Add 'from commit' information to cherry-picked commits. !13475 (Saverio Miroddi)
  • [ADDED] Add an option to list only archived projects. !13492 (Mehdi Lahmam (@mehlah))
  • [ADDED] Extend API: Pipeline Schedule Variable. !13653
  • [ADDED] Add settings for minimum SSH key strength and allowed key type. !13712 (Cory Hinshaw)
  • [ADDED] Add div id to the readme in the project overview. !13735 (Riccardo Padovani @rpadovani)
  • [ADDED] Add CI/CD job predefined variables with user name and login. !13824
  • [ADDED] API: Add GPG key management. !13828 (Robert Schilling)
  • [ADDED] Add CI/CD active kubernetes job policy. !13849
  • [ADDED] Add dropdown to Projects nav item. !13866
  • [ADDED] Allow users and administrator to configure Auto-DevOps. !13923
  • [ADDED] Implement failure_reason on ci_builds. !13937
  • [ADDED] Add branch existence check to the APIv4 branches via HEAD request. !13979 (Vitaliy @blackst0ne Klachkov)
  • [ADDED] Add quick submission on user settings page. !14007 (Vitaliy @blackst0ne Klachkov)
  • [ADDED] Add my_reaction_emoji param to /issues and /merge_requests API. !14016 (Hiroyuki Sato)
  • [ADDED] Make it possible to download a single job artifact file using the API. !14027
  • [ADDED] Add repository toggle for automatically resolving outdated diff discussions. !14053 (AshleyDumaine)
  • [ADDED] Scripts to detect orphaned repositories. !14204
  • [ADDED] Created callout for auto devops.
  • [ADDED] Add option in preferences to change navigation theme color.
  • [ADDED] Add JSON logger in log/api_json.log for Grape API endpoints.
  • [ADDED] Add CI_PIPELINE_SOURCE variable on CI Jobs.
  • [ADDED] Changed message and title on the 404 page. (Branka Martinovic)
  • [ADDED] Handle if Auto DevOps domain is not set in project settings.
  • [ADDED] Add collapsable sections for Pipeline Settings.
  • [OTHER] Add badge for dependency status. !13588 (Markus Koller)
  • [OTHER] Migration to remove pending delete projects with non-existing namespace. !13598
  • [OTHER] Bump rouge to v2.2.0. !13633
  • [OTHER] Fix repository equality check and avoid fetching ref if the commit is already available. This affects merge request creation performance. !13685
  • [OTHER] Replace 'source/search_code.feature' spinach test with an rspec analog. !13697 (blackst0ne)
  • [OTHER] Remove unwanted refs after importing a project. !13766
  • [OTHER] Never wait for sidekiq jobs when creating projects. !13775
  • [OTHER] Gitaly feature toggles are on by default in development. !13802
  • [OTHER] Remove is_ prefix from predicate method names. !13810 (Maxim Rydkin)
  • [OTHER] Update 'Using Docker images' documentation. !13848
  • [OTHER] Update gpg documentation with gpg2. !13851 (M M Arif)
  • [OTHER] Replace 'project/star.feature' spinach test with an rspec analog. !13855 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Replace 'project/user_lookup.feature' spinach test with an rspec analog. !13863 (Vitaliy @blackst0ne Klachkov)
  • [OTHER] Bump rouge to v2.2.1. !13887
  • [OTHER] Add documentation for PlantUML in reStructuredText. !13900 (Markus Koller)
  • [OTHER] Decrease ABC threshold to 55.25. !13904 (Maxim Rydkin)
  • [OTHER] Decrease Cyclomatic Complexity threshold to 14. !13972 (Maxim Rydkin)
  • [OTHER] Update documentation for confidential issue. !14117
  • [OTHER] Remove redundant WHERE from event queries.
  • [OTHER] Memoize the latest builds of a pipeline on a project's homepage.
  • [OTHER] Re-use issue/MR counts for the pagination system.
  • [OTHER] Memoize pipelines for project download buttons.
  • [OTHER] Reorganize indexes for the "deployments" table.
  • [OTHER] Improves markdown rendering performance for commit lists.
  • [OTHER] Only update the sidebar count caches when needed.
  • [OTHER] Improves performance of vue code by using vue files and moving svg out of data function in pipeline schedule callout.
  • [OTHER] Rework how recent push events are retrieved.
  • [OTHER] Restyle dropdown menus to make them look consistent.
  • [OTHER] Upgrade grape to 1.0.
  • [OTHER] Add usage data for Auto DevOps.
  • [OTHER] Cache the number of open issues and merge requests.
  • [OTHER] Constrain environment deployments to project IDs.
  • [OTHER] Eager load namespace owners for project dashboards.
  • [OTHER] Add description template examples to documentation.
  • [OTHER] Disallow NULL values for environments.project_id.
  • Add my reaction filter to search bar. !12962 (Hiroyuki Sato)
  • Generalize profile updates from providers. !12968 (Alexandros Keramidas)
  • Validate PO-files in static analysis. !13000
  • First-time contributor badge. !13143 (Micaël Bergeron [email protected])
  • Add option to disable project export on instance. !13211 (Robin Bobbitt)
  • Hashed Storage support for Repositories (EXPERIMENTAL). !13246
  • Added tests for commits API unauthenticated user and public/private project. !13287 (Jacopo Beschi @jacopo-beschi)
  • Fix CI_PROJECT_PATH_SLUG slugify. !13350 (Ivan Chernov)
  • Add checks for branch existence before changing HEAD. !13359 (Vitaliy @blackst0ne Klachkov)
  • Fix the alignment of line numbers to lines of code in code viewer. !13403 (Trevor Flynn)
  • Allow users to move issues to other projects using a / command. !13436 (Manolis Mavrofidis)
  • Bumps omniauth-ldap gem version to 2.0.4. !13465
  • Implement the Gitaly RefService::RefExists endpoint. !13528 (Andrew Newdigate)
  • Changed all font-weight values to 400 and 600 and introduced 2 variables to manage them.
  • Simplify checking if objects exist code in new issaubles workers.
  • Present enqueued merge jobs as Merging as well.
  • Don't escape html entities in InlineDiffMarkdownMarker.
  • Move ConvDev Index location to after Cohorts.
  • Added type to CHANGELOG entries. (Jacopo Beschi @jacopo-beschi)
  • [BUGIFX] Improves subgroup creation permissions. !13418