CHANGELOG.md 611 KB
Newer Older
1
2
3
**Note:** This file is automatically generated. Please see the [developer
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
Felipe Artur's avatar
Felipe Artur committed
4

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
## 12.6.3

### Security (1 change)

- Upgrade json-jwt to v1.11.0. !22440

### Fixed (9 changes)

- Fix RefreshMergeRequestsService raises an exception and unnecessary sidekiq retry. !22262
- Disable Prometheus metrics if initialization fails. !22355
- Fix bug when trying to expose artifacts and no artifacts are produced by the job. !22378
- Gracefully error handle CI lint errors in artifacts section. !22388
- Fix GitLab plugins not working without hooks configured. !22409
- Fix releases page when tag contains a slash. !22527
- Reverts Add RBAC permissions for getting knative version. !22560
- Remove unused keyword from EKS provision service. !22633
- Fix CAS users being signed out repeatedly. !22704


24
25
26
27
28
29
30
31
32
33
34
35
## 12.6.2

### Security (6 changes)

- GraphQL: Add timeout to all queries.
- Filter out notification settings for projects that a user does not have at least read access.
- Hide project name and path when unsusbcribing from an issue or merge request.
- Fix 500 error caused by invalid byte sequences in uploads links.
- Return only runners from groups where user is owner for user CI owned runners.
- Fix Vulnerability of Release Evidence.


36
37
38
39
40
41
42
43
44
45
46
47
## 12.6.1

### Fixed (2 changes)

- Handle forbidden error when checking for knative. !22170
- Fix stack trace highlight for PHP. !22258

### Performance (1 change)

- Eliminate N+1 queries in PipelinesController#index. !22189


48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
## 12.6.0

### Security (4 changes)

- Update Rugged to v0.28.4.1. !21869
- Update maven_file_name_regex for full string match.
- Add maven file_name regex validation on incoming files.
- Update Workhorse and Gitaly to fix a security issue.

### Removed (1 change)

- Remove downstream pipeline connecting lines. !21196

### Fixed (101 changes, 16 of them are from the community)

- Fix delete user dialog bypass caused by hitting enter. !17343
- Fix broken UI on Environment folder. !17427 (Takuya Noguchi)
- Fix award emoji tooltip being escaped twice if multiple people voted. !19273 (Brian T)
- Use cascading deletes for deleting oauth_openid_requests upon deleting an oauth_access_grant. !19617
- Update merging an MR behavior on the API when pipeline fails. !19641 (briankabiro)
- Vertically align collapse button on epic sidebar. !19656
- Fix projects list to show info in user's locale. !20015 (Arun Kumar Mohan)
- Update padding for cluster alert warning. !20036 (George Tsiolis)
- Show correct warning on issue when project is archived. !20078
- Resets aria-describedby on mouseleave. !20092 (carolcarvalhosa)
- Allow patch notes on repo tags page to word wrap. !20135
- Remove Release edit url for users not allowed to update a release. !20136
- Fix group managed accounts members cleanup. !20157
- Epic tree bug fixes. !20209
- Add missing external-link icon for Crossplane managed app. !20283
- Fixes MR approvers tooltip wrong color. !20287 (Dheeraj Joshi)
- Ignore empty MR diffs when migrating to external storage. !20296
- Add link color to design comments. !20302
- Fix graph groups in monitor dashboard that are hidden on load. !20312
- Update Container Registry naming restrictions to allow for sequential '-'. !20318
- Fixed monitor charts from throwing error when zoomed. !20331
- Validate the merge sha before merging, confirming that the merge will only contain what the user saw. !20348
- Change container registry column name from Tag ID to Image ID. !20349
- Fix dropdown location on the monitoring charts. !20400
- Fixed project import from export ignoring namespace selection. !20405
- Backup: Disable setting of ACL for Google uploads. !20407
- Fix documentation link from empty environment dashboard. !20415
- Move persistent_ref.create into run_after_commit. !20422
- Update external link to provider in cluster settings. !20425
- Fix issue trying to edit weight with collapsed sidebar as guest. !20431
- Handle empty stacktrace and entries with no code. !20458
- Refactor the Deployment model so state machine events are used by both CI and the API. !20474
- Guest users should not delete project snippets they created. !20477
- Accept user-defined dashboard uids in Grafana embeds. !20486
- Fix multi select input padding in project and group user select. !20520 (Kevin Lee)
- Use correct fragment identifier for vulnerability help path. !20524
- Fix group search in groups dropdown. !20535
- Fix removing of child epics that belong to subgroups. !20610
- Fix opening Sentry error details in new tab. !20611
- Ensure next unresolved discussion button takes user to the right place. !20620
- Allow Gitlab GKE clusters to access Google Cloud Registry private images. !20662 (Tan Yee Jian)
- Fix cron parsing for Daylight Savings. !20667
- Fix incorrect new branch name from issue. !20677 (Lee Tickett)
- Improve the way the metrics dashboard waits for data. !20687
- Remove destroy_personal_snippet ability. !20717
- Try longer to clean up after using a gpg-keychain and raise exption if the cleanup fails. !20718
- Fix tooltip hovers in environments table. !20737
- Remove DB transaction from Rebase operation. !20739
- Improve UX for vulnerability dismissal note. !20768
- Fix change to default foreground and backgorund colors in job log. !20787
- Display Labels item in sidebar when Issues are disabled. !20817
- Junit success percentage no longer displays 100% if there are failures. !20835
- Ensure to check create_personal_snippet ability. !20838
- Fix a display bug in the fork removal description message. !20843
- Validate unique environment scope for instance clusters. !20886
- Add empty region when group metrics are missing. !20900
- Adjust issue metrics first_mentioned_in_commit_at calculation. !20923
- Update copy on managed namespace prefixes. !20935
- Add protected branch permission check to run downstream pipelines. !20964
- Fix assignee url in issue board sidebar. !20992 (Lee Tickett)
- Retrieve issues from subgroups when rendering group milestone. !21024
- Adds 409 when user cannot be soft deleted through the API. !21037
- Respect the timezone reported from Gitaly. !21066
- Fix Container repositories can not be replicated when s3 is used. !21068
- Remove redundant toast.scss file and variables. !21105
- Respect snippet query params when displaying embed urls. !21131
- Remove action buttons from designs tab if there are no designs. !21186
- Correctly return stripped PGP text. !21187 (Roger Meier)
- Fix error when linking already linked issue to epic. !21213
- Do not attribute unverified commit e-mails to GitLab users. !21214
- Add nonunique indexes to Labels. !21230
- Fix snippet routes. !21248
- Fix Zoom Quick Action server error when creating a GitLab Issue. !21262
- Rename snippet refactored routes. !21267
- Validate connection section in direct upload config. !21270
- Fix pipeline retry in a CI DAG. !21296
- Authenticate runner requests in Rack::Attack. !21311
- Fix top border of README file header in file list. !21314
- Fix forking a deduplicated project after it was moved to a different shard. !21339
- Fix misaligned approval tr. !21368 (Lee Tickett)
- Fix crash registry contains helm charts. !21381
- Web IDE: Fix the console error that happens when discarding a newly added/uploaded file. !21537
- Authenticate requests with job token as basic auth header for request limiting. !21562
- Fix Single-File-Editor-Layout breaking when branch name is too long. !21577 (Roman Kuba)
- Fix top border of README in vue_file_list. !21578 (Hector Bustillos)
- Stage dropdown lists style corrections. !21607 (Hector Bustillos)
- Change commit_id type on commit_user_mentions table. !21651
- Do not clean the prometheus metrics directory for sidekiq. !21671
- !21542 Part 1: Add new utils for Web IDE store. !21673
- Update auto-deploy-image to v0.8.3. !21696
- Match external user new snippet button visibility to permissions. !21718
- Links to design comments now lead to specific note. !21724
- Re-enable the cloud run feature. !21762
- Ensure forks count cache refresh for source project. !21771
- Fix padding on the design comments. !21839
- Fix "Discard all" for new and renamed files. !21854
- Fix project file finder url encoding file path separators. !21861
- Ensure namespace is present for Managed-Cluster-Applications CI template. !21903
- Rename common template jobs in sast and ds. !22084
- Fixed query behind release filter on merge request search page. !38244
- Activate projects Prometheus service integration when Prometheus managed application is installed on shared cluster.

### Deprecated (4 changes)

- Drop deprecated column from projects table. !18914
- Limit number of projects displayed in GET /groups/:id API. !20023
- Move operations project routes under - scope. !20456
- Move wiki routing under /-/ scope. !21185

### Changed (60 changes, 10 of them are from the community)

- Use better context-specific empty state screens for the Security Dashboards. !18382
- Add evidence collection for Releases. !18874
- Update information and button text for deployment footer. !18918
- Move merge request description into discussions tab. !18940
- Keep details in MR when changing target branch. !19138
- Make internal projects poolable. !19295 (briankabiro)
- Enable support for multiple content query in GraphQL Todo API. !19576
- Allow merge without refresh when new commits are pushed. !19725
- Correct link to Merge trains documentation on MR widget. !19726
- Preserve merge train history. !19864
- Support go-source meta tag for godoc.org. !19888 (Ethan Reesor (@firelizzard))
- Display a better message when starting a discussion on a deleted comment. !20031 (Jacopo Beschi @jacopo-beschi)
- Add sort param to error tracking issue index. !20101
- Add template repository usage to the usage ping. !20126 (minghuan lei)
- Convert flash epic error to form validation error. !20130
- Add 'download' button to Performance Bar. !20205 (Will Chandler)
- SaaS trial copy shows plan. !20207
- Add rbac access to knative-serving namespace deployments to get knative version information. !20244
- Unlock button changed from Icon to String. !20307
- Upgrade to Gitaly v1.72.0. !20313
- Increase upper limit of start_in attribute to 1 week. !20323 (Will Layton)
- Add CI variable to show when Auto-DevOps is explicitly enabled. !20332
- Hashed Storage attachments migration: exclude files in object storage as they are all hashed already. !20338
- Removes caching for design tab discusisons. !20374
- Fixes to inconsistent margins/sapcing in the project detail page. !20395
- Changes to how the search term is styled in the results. !20416
- Move confidence column in the security dashboard. !20435 (Dheeraj Joshi)
- Upgrade to Gitaly v1.73.0. !20443
- Replacing incorrect icon in security dashboard. !20510
- Rework pod logs navigation scheme. !20578
- Reduce start a trial rocket emoji size. !20579
- Upgrade auto-deploy-image for helm default values file. !20588
- Exposed deployment build manual actions for merge request page. !20615
- Upgrade to Gitaly v1.74.0. !20706
- Fetches initial merge request widget data async. !20719
- Add service desk information to project graphQL endpoint. !20722
- Add admin mode controller path to Rack::Attack defaults. !20735 (Diego Louzán)
- Add more filters to SnippetsFinder. !20767
- Clean up the cohorts table. !20779
- Remove vulnerability counter from security tab. !20800
- Only blacklist IPs from Git requests. !20828
- Optimize Deployments endpoint by preloading associations and make record ordering more consistent. !20848
- Update deploy instances color scheme. !20890
- Add service desk information to projects API endpoint. !20913
- Added event tracking to the package details installation components. !20967
- Hide Merge Request information on milestones when MRs are disabled for project. !20985 (Wolfgang Faust)
- Upgrade to Gitaly v1.75.0. !21045
- Evidence - Added restriction for guest on Release page. !21102
- Increase lower DAG `needs` limit from five to ten. !21237
- Add doc links to features on admin dashboard. !21419
- Autofocus cluster dropdown search input. !21440
- Add autofocus to label search fields. !21508
- When a forked project is less visible than its source, merge requests opened in the fork now target the less visible project by default. !21517
- UI improvements in the views for new project from template and the user groups and snippets. !21524 (Hector Bustillos)
- Show merge immediately dialog even if the MR's pipeline hasn't finished. !21556
- Support toggling service desk from API. !21627
- Make `workflow:rules` to work well with Merge Requests. !21742
- Upgrade to Gitaly v1.76.0. !21857
- Remove authentication step from visual review tools instructions.
- Fixes wording on runner admin.

### Performance (22 changes)

- Optimize query for CI pipelines of merge request. !19653
- Replace index on environments table project_id and state with project_id, state, and environment_type. !19902
- Remove reactive caching value keys once the alive key has expired. !20111
- Suggest squash commit messages based on recent commits. !20231
- Improve performance of /api/:version/snippets/public API and only return public personal snippets. !20339
- Add limit for snippet content size. !20346
- Reduce Gitaly calls in BuildHooksWorker. !20365
- Enable ETag caching for MR notes polling. !20440
- Disable public project counts on welcome page. !20517
- Optimize query when Projects API requests private visibility level. !20594
- Improve issues search performance on GraphQL. !20784
- UpdateProjectStatistics updates after commit. !20852
- Run housekeeping after moving a repository between shards. !20863
- Require group_id or project_id for MR target branch autocomplete action. !20933
- Cache the ancestor? Gitaly call to speed up polling for the merge request widget. !20958
- Optimize loading the repository deploy keys page. !20970
- Added lightweight check when retrieving Prometheus metrics. !21099
- Limit max metrics embeds in GFM to 100. !21356
- Fork Puma to validate scheduler fixes. !21547
- Remove an N+1 call rendering projects search results. !21626
- Skip updating LFS objects in mirror updates if repository has not changed. !21744
- Add indexes on deployments to improve environments search. !21789

### Added (117 changes, 16 of them are from the community)

- Add upvote/downvotes attributes to GraphQL Epic query. !14311
- Delete kubernetes cluster association and resources. !16954
- Add badge name field. !16998 (Lee Tickett)
- Add OmniAuth authentication support to admin mode feature. !18214 (Diego Louzán)
- Creates DB tables for storing mentioned users, groups, projects referenced in a note or issuable description. !18316
- Add body data elements for pageview context. !18450
- Added filtering of inherited members for subgroups. !18842
- Added responsiveness to audit events table. !18859
- Add ability to make Jira comments optional. !19004
- Store users, groups, projects mentioned in Markdown to DB tables. !19088
- Upgrade `mail_room` gem to 0.10.0 and enable structured logging. !19186
- Add possibility to save max issue weight on lists. !19220
- Return 422 status code in case of error in submitting comments. !19276 (raju249)
- Add Personal Access Token expiration reminder. !19296
- Add recent search to error tracking. !19301
- Resolve Limit the number of stored sessions per user. !19325
- Add services for 'soft-delete for groups' feature. !19358
- Notify user when over 1000 epics in roadmap. !19419
- Search list of Sentry errors by title in GitLab. !19439
- Add issue statistics to releases on the Releases page. !19448
- Add snowplow events for monitoring dashboard. !19455
- Add snowplow events for APM. !19463
- Add GraphQL mutation to mark all todos done for a user. !19482
- Added rules configuration for Ci::Bridge. !19605
- Add workers for 'soft-delete for groups' feature. !19679
- add tagger within tag view. !19681 (Roger Meier)
- Strong validate import export references. !19682
- Update Release API with evidence related data. !19706
- Graphql query for issues can now be sorted by weight. !19721
- GraphQL for Sentry rror details. !19733
- View closed issues in epic. !19741
- Add API endpoint to unpublish GitLab Pages. !19781
- Add Pipeline Metadata to Packages. !19796
- Create data model for serverless domains. !19835
- Add Unify Circuit project integration service. !19849 (Fabio Huser)
- add sha256 fingerprint to keys model, view and extend users API to search user via fingerprint. !19860 (Roger Meier)
- Allow order_by updated_at in Pipelines API. !19886
- Implement pagination for project releases page. !19912 (Fabio Huser)
- Add migrations for secret snippets. !19939
- Control passing artifacts from CI DAG needs. !19943
- Genereate a set of sample prometheus metrics and route to the sample metrics when enabled. !19987
- Add warning dialog when users click the "Merge immediately" merge train option. !20054
- Expose moved_to_id in issues API. !20083 (Lee Tickett)
- Relate issues when they are marked as duplicated. !20161 (minghuan lei)
- Asks for confirmation before changing project visibility level. !20170
- Allow CI config path to point to a URL or file in a different repository. !20179
- Allow groups to disable mentioning their members, if the group is mentioned. !20184 (Fabio Huser)
- Add modsecurity deployment counts to usage ping. !20196
- Added legend to deploy boards. !20208
- Support passing CI variables via git push options. !20255
- Add GraphQL mutation to restore a Todo. !20261
- Allow specifying Kubernetes namespace for an environment in gitlab-ci.yml. !20270
- Add migrations for 'soft-delete for groups' feature. !20276
- Add Maven installation commands to package detail page for Maven packages. !20300
- Add feature to allow specifying userWithId strategies per environment spec. !20325
- Enable creating Amazon EKS clusters from GitLab. !20333
- Add ability to create new issue from sentry error detail page. !20337
- Convert flash alerts to toasts. !20356
- Return project commit url instead of commits url. !20369 (raju249)
- Collect the date a SaaS trial starts on. !20384
- Add option to delete cached Kubernetes namespaces. !20411
- Create container expiration policies for projects. !20412
- Adjust fork network relations upon project visibility change. !20466
- Create a license info rake task. !20501 (Jason Colyer)
- Add GraphQL mutation for changing due date of an issue. !20577
- Add Snippet GraphQL resolver endpoints. !20613
- Allow Job-Token authentication on Releases creation API. !20632
- Add created_before/after filter to group/project audit events. !20641
- Allow searching of projects by full path. !20659
- Allow administrators to set a minimum password length. !20661
- Update helper text for sentry error tracking settings. !20663 (Rajendra Kadam)
- Adds ability to create issues from sentry details page. !20666
- Add coverage difference visualization to merge request page. !20676 (Fabio Huser)
- Use CI configured namespace for deployments to unmanaged clusters. !20686
- Resolve Design view: Download single issue design image. !20703
- Import large gitlab_project exports via rake task. !20724
- Added Total/Frontend metrics to the performance bar. !20725
- Add dependency scanning flag for skipping automatic bundler audit update. !20743
- Add GraphQL mutation for setting an issue as confidential. !20785
- Track adding metric via monitoring dashboard. !20818
- Add _links object to package api response. !20820
- CI template for installing cluster applications. !20822
- Add SalesforceDX project template. !20831
- Allow NPM package downloads with CI_JOB_TOKEN. !20868
- Allow raw blobs to be served from an external storage. !20936
- Added Snippets GraphQL mutations. !20956
- Added WebHookLogs for ServiceHooks. !20976
- Surface GitLab issue in error detail page. !21019
- Add type to broadcast messages. !21038
- add OpenAPI file viewer. !21106 (Roger Meier)
- Add updated_before and updated_after filters to the Pipelines API endpoint. !21133
- Implement pagination for sentry errors. !21136
- Add support for Conan package management in the package registry. !21152
- Add syntax highlight for Sentry error stack trace. !21182
- Keyset pagination for REST API (Project endpoint). !21194
- CI template for Sentry managed app. !21208
- Add CI variable to set the version of pip when scanning dependencies of Python projects. !21218
- Add dependency scanning flag for specifying pip requirements file for scanning. !21219
- Do not allow specifying a Kubernetes namespace via CI template for managed clusters. !21223
- Sort Sentry error list by first seen, last seen or frequency. !21250
- Add documentation about dependency scanning gradle support. !21253
- Allow PDF attachments to be opened on browser. !21272
- Add child label to commit box. !21323
- Update Knative to 0.9.0. !21361 (cab105)
- Add target_path to broadcast message API. !21430
- Allow Kubernetes namespaces specified via CI template to be used for terminals, pod logs and deploy boards. !21460
- Allow styling broadcast messages. !21522
- Enable new job log by default. !21543
- Document support for sbt dependency scanning. !21588
- Return multiple errors from CI linter. !21589
- Add specific error states to dashboard. !21618
- Add timestamps to pod logs. !21663
- Hide profile information when user is blocked. !21706
- link to group on group admin page. !21709
- Added migration which adds service desk username column. !21733
- Add SentryIssue table to store a link between issue and sentry issue. !37026
- Add path based targeting to broadcast messages.

### Other (51 changes, 28 of them are from the community)

- Remove done callbacks from vue_shared/components/markdown. !16842 (Lee Tickett)
- Update timeago to the latest release. !19407
- Improve job tokens and provide access helper. !19793
- Add post deployment migration to complete pages metadata migration. !19928
- Resolve Document - Make using GitLab auth with Vault easy. !19980
- Remove IIFEs from gl_dropdown.js. !19983 (nuwe1)
- Improve sparkline chart in MR widget deployment. !20085
- Updated jekyll project_template. !20090 (Marc Schwede)
- Updated hexo project_template. !20105 (Marc Schwede)
- Updated hugo project_template. !20109 (Marc Schwede)
- Resolve environment rollback was not friendly. !20121
- Removed all references of BoardService. !20144 (nuwe1)
- Removes references of BoardService in list file. !20145 (nuwe1)
- replace var gl_dropdown.js. !20166 (nuwe1)
- delete board_service.js. !20168 (nuwe1)
- Improve create confidential MR dropdown styling. !20176 (Lee Tickett)
- Remove milestone_id from epics. !20187 (Lee Tickett)
- Remove build badge path from route. !20188 (Lee Tickett)
- Add worker attributes to Sidekiq metrics. !20292
- Update GitLab Runner Helm Chart to 0.11.0. !20461
- add missing test for add_index rubocop rule. !20464 (Eric Thomas)
- Suppress progress on pulling image on Code Quality of Auto DevOps. !20604 (Takuya Noguchi)
- Increase margin between project stats. !20606
- Remove extra spacing below sidebar time tracking info. !20657 (Lee Tickett)
- Add e2e qa test for email delivery. !20675 (Diego Louzán)
- Collect project import failures instead of failing fast. !20727
- Removed unused methods in monitoring dashboard. !20819
- removes references of BoardService. !20872 (nuwe1)
- removes references of BoardService. !20874 (nuwe1)
- removes references of BoardService. !20875 (nuwe1)
- removes references of BoardService. !20876 (nuwe1)
- removes references of BoardService. !20877 (nuwe1)
- removes references of BoardService. !20879 (nuwe1)
- removes references of BoardService. !20880 (nuwe1)
- removes references of BoardService. !20881 (nuwe1)
- Remove whitespaces between tree-controls elements. !20952
- Add Project Export request/download rate limits. !20962
- Remove feature flag for limiting diverging commit counts. !20999
- Changed 'Add approvers' to 'Approval rules'. !21079
- Resolve Add missing popover and remove none in MR widget. !21095
- Change Puma log format to JSON. !21101
- Update GitLab Shell to v10.3.0. !21151
- Improve diff expansion text. !21616
- Remove var from app/assets/javascripts/commit/image_file.js. !21649 (Abubakar Hassan)
- Rename User#full_private_access? to User#can_read_all_resources?. !21668 (Diego Louzán)
- Replace CI_COMMIT_REF with CI_COMMIT_SHA on CI docs. !21781 (Takuya Noguchi)
- Add reportSnippet permission to Snippet GraphQL. !21836
- Harmonize capitalization on cluster UI. !21878 (Evan Read)
- Add mark as spam snippet mutation. !21912
- Update Workhorse to v8.18.0. !22091
- Replace Font Awesome bullhorn icon with GitLab bullhorn icon.


435
436
437
438
439
440
441
442
443
444
445
446
## 12.5.5

### Security (1 change)

- Upgrade Akismet gem to v3.0.0. !21786

### Fixed (2 changes)

- Fix error in updating runner session. !20902
- Fix Asana integration. !21501


447
448
## 12.5.4

449
450
451
452
### Security (1 change)

- Update maven_file_name_regex for full string match.

453

454
455
456
457
458
459
460
461
462
463
464
465
466
467
## 12.5.3

### Fixed (4 changes)

- Fix project creation with templates using /projects/user/:id API. !20590
- Fix merging merge requests from push options. !20639
- Fix Crossplane help link in cluster applications page. !20668
- Fixes job log not scrolling to the bottom.

### Changed (1 change)

- Flatten exception details in API and controller logs. !20434


468
469
## 12.5.1

470
### Security (11 changes)
471

472
473
- Do not create todos for approvers without access. !1442
- Hide commit counts from guest users in Cycle Analytics.
474
475
- Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue.
476
477
- Add maven file_name regex validation on incoming files.
- Check permissions before showing a forked project's source.
478
479
480
481
- Limit potential for DNS rebind SSRF in chat notifications.
- Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS.
482
- Add authorization to using filter vulnerable in Dependency List.
483
484


485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
## 12.5.0

### Security (15 changes)

- Enable the HttpOnly flag for experimentation_subject_id cookie. !19189
- Update incrementing of failed logins to be thread-safe. !19614
- Sanitize all wiki markup formats with GitLab sanitization pipelines.
- Sanitize search text to prevent XSS.
- Remove deploy access level when project/group link is deleted.
- Mask sentry auth token in Error Tracking dashboard.
- Return 404 on LFS request if project doesn't exist.
- Don't leak private members in project member autocomplete suggestions.
- Require Maintainer permission on group where project is transferred to.
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
- Disallow unprivileged users from commenting on private repository commits.
- Analyze incoming GraphQL queries and check for recursion.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Do not display project labels that are not visible for user accessing group labels.
- Standardize error response when route is missing.

### Fixed (99 changes, 14 of them are from the community)

- Fix incorrect selection of custom templates. !17205
- Smaller width for design comments layout, truncate image title. !17547
- Correctly cleanup orphan job artifacts. !17679 (Adam Mulvany)
- Add Infinite scroll to Add Projects modal in the operations dashboard. !17842
- Allow emojis to be linkable. !18014
- Enable image link and lazy loading in AsciiDoc documents. !18164 (Guillaume Grossetie)
- Expose prometheus status to monitor dashboard. !18289
- Time limit the database lock when rebasing a merge request. !18481
- Fix missing admin mode UI buttons on bigger screen sizes. !18585 (Diego Louzán)
- Abort only MWPS when FF only merge is impossible. !18591
- Remove pointer cursor from MemoryUsage chart on MR widget deployment. !18599
- Fix keyboard shortcuts in header search autocomplete. !18685
- Fix empty chart in collapsed sections. !18699
- Fix error when viewing group billing page. !18740
- Fix query validation in custom metrics form. !18769
- Fix Gitaly call duration measurements. !18785
- Resolve Error when uploading a few designs in a row. !18811
- Block MR with OMIPS on skipped pipelines. !18838
- Pipeline vulnerability dashboard sort vulnerabilities by severity then confidence. !18863
- Remove empty Github service templates from database. !18868
- Fix broken images when previewing markdown files in Web IDE. !18899
- fixed #27164 Image cannot be collapsed on merge request changes tab. !18917 (Jannik Lehmann)
- Let ANSI \r code replace the current job log line. !18933
- Fix serverless function descriptions not showing on Knative 0.7. !18973
- Fix "project or group was moved" alerts showing up in the wrong pages. !18985
- Add missing breadcrumb in Project > Settings > Integrations. !18990
- Fixed admin geo collapsed sidebar fly out not showing. !19012
- Serialize short sha as nil if head commit is blank. !19014
- Add max width on manifest file attachment input. !19028
- Do not generate To-Dos additional when editing group mentions. !19037
- Fix previewing quick actions for epics. !19042
- Fix errors in GraphQL Todos API due to missing TargetTypeEnum values. !19052
- Hashed Storage Migration: Handle failed attachment migrations with existing target path. !19061
- Set shorter TTL for all unauthenticated requests. !19064
- Fix Todo IDs in GraphQL API. !19068
- Triggers the correct endpoint on licence approval. !19078
- Fix search button height on 404 page. !19080
- Fix Kubernetes help text link. !19121
- Make `jobs/request` to be resillient. !19150
- Disable pull mirror if repository is in read-only state. !19182
- Only enable protected paths for POST requests. !19184
- Enforce default, global project and snippet visibilities. !19188
- Make Bitbucket Cloud superseded pull requests as closed. !19193
- Fix crash when docker fails deleting tags. !19208
- Fix environment name in rollback dialog. !19209
- Fixed a typo in the "Keyboard Shortcuts" pop-up. !19217 (Manuel Stein)
- Fix unable to expand or collapse files in merge request by clicking caret. !19222 (Brian T)
- Allow release block edit button to be visible. !19226
- Fix double escaping in /tableflip quick action. !19271 (Brian T)
- Add missing bottom padding in CI/CD settings. !19284 (George Tsiolis)
- Prevents console warning on design upload. !19297
- Resolve: Web IDE does not create POSIX Compliant Files. !19339
- Use initial commit SHA instead of branch id to request IDE files and contents. !19348 (David Palubin)
- Resolve: Web IDE Throws Error When Viewing Diff for Renamed Files. !19348
- Fix project service API 500 error. !19367
- Fix cluster feature highlight popover image. !19372
- Fix template selector filename bug. !19376
- Fixes mobile styling issues on security modals. !19391
- Only move repos for legacy project storage. !19410
- Show correct total number of commit diff's changes. !19424
- Increase the timeout for GitLab-managed cert-manager installation to 90 seconds (was 30 seconds). !19447
- Fix uninitialized constant SystemDashboardService. !19453
- Properly handle exceptions in StuckCiJobsWorker. !19465
- Fix user popover not being displayed when the user has a status message. !19519
- Update omniauth_openid_connect to v0.3.3. !19525
- Fix project clone dropdown button width. !19551 (George Tsiolis)
- Do not escape HTML tags in Ansi2json as they are escaped in the frontend. !19610
- [Geo] Fix: undefined Gitlab::BackgroundMigration::PruneOrphanedGeoEvents. !19638
- Revert btn-xs styling in projects scss. !19640
- Fix canary badge and favicon inconsistency. !19645
- Use fingerprint when comparing security reports in MR widget. !19654
- Update GCP credit URLs. !19683
- Update squash_commit_sha only on successful merge. !19688
- Fix import of snippets having `award_emoji` (Project Export/Import). !19690
- Allow admins to administer personal snippets. !19693 (Oren Kanner)
- Re-add missing file sizes in 2-Up diff file viewer. !19710
- Fix checking task item when previous tasks contain only spaces. !19724
- Fix Bitbucket Cloud importer pull request state. !19734
- Fix merge train is not refreshed when the system aborts/drops a merge request. !19763
- Resolve Hide Delete selected in designs when viewing an old version. !19889
- Use new trial registration URL in billing. !19978
- Helm v2.16.1. !19981
- Ensure milestone titles are never empty. !19985
- Remove unused image/screenshot. !20030 (Lee Tickett)
- Remove local qualifier from geo sync indicators. !20034 (Lee Tickett)
- Fixed the scale of embedded videos to fit the page. !20056
- Fix broken monitor cluster health dashboard. !20120
- Fix expanding collapsed threads when reference link clicked. !20148
- Fix sub group export to export direct children. !20172
- Remove update hook from date filter to prevent js from getting stuck. !20215
- Prevent Dropzone.js initialisation error by checking target element existence. !20256 (Fabio Huser)
- Fix style reset in job log when empty ANSI sequence is encoutered. !20367
- Add productivity analytics merge date filtering limit. !32052
- Fix productivity analytics listing with multiple labels. !33182
- Fix closed board list loading issue.
- Apply correctly the limit of 10 designs per upload.
- Only allow confirmed users to run pipelines.
- Fix scroll to bottom with new job log.
- Fixed protected branches flash styling.

### Deprecated (2 changes)

- Ignore deprecated column and remove references to it. !18911
- Move some project routes under - scope. !19954

### Changed (56 changes, 6 of them are from the community)

- Upgrade design/copy for issue weights locked feature. !17352
- Reduce new MR page redundancy by moving the source/target branch selector to the top. !17559
- Replace raven-js with @sentry/browser. !17715
- Ask if the user is setting up GitLab for a company during signup. !17999
- When a user views a file's blame or blob and switches to a branch where the current file does not exist, they will now be redirected to the root of the repository. !18169 (Jesse Hall @jessehall3)
- Propagate custom environment variables to SAST analyzers. !18193
- Fix any approver project rule records. !18265
- Minor UX improvements to Environments Dashboard page. !18280
- Reduce the allocated IP for Cluster and Services. !18341
- Update flash messages color sitewide. !18369
- Add modsecurity template for ingress-controller. !18485
- Hide projects without access to admin user when admin mode is disabled. !18530 (Diego Louzán)
- Update Runners Settings Text + Link to Docs. !18534
- Store Zoom URLs in a table rather than in the issue description. !18620
- Improve admin dashboard features. !18666
- Drop `id` column from `ci_build_trace_sections` table. !18741
- Truncate recommended branch name to a sane length. !18821
- Add support for YAML anchors in CI scripts. !18849
- Save dashboard changes by the user into the vuex store. !18862
- Update expired trial status copy. !18962
- Can directly add approvers to approval rule. !18965
- Rename Vulnerabilities API to Vulnerability Findings API. !19029
- Improve clarity of text for merge train position. !19031
- Updated Auto-DevOps to kubectl v1.13.12 and helm v2.15.1. !19054 (Leo Antunes)
- Refactor maximum user counts in license. !19071 (briankabiro)
- Change return type of getDateInPast to Date. !19081
- Show approval required status in license compliance. !19114
- Handle new Container Scanning report format. !19123
- Allow container scanning to run offline by specifying the Clair DB image to use. !19161
- Add maven cli opts flag to maven security analyzer (part of dependency scanning). !19174
- Added report_type attribute to Vulnerabilities. !19179
- Migrate enabled flag on grafana_integrations table. !19234
- Improve handling of gpg-agent processes. !19311
- Update help text of "Tag name" field on Edit Release page. !19321
- Add user filtering to abuse reports page. !19365
- Move add license button to project buttons. !19370
- Update to Mermaid v8.4.2 to support more graph types. !19444
- Move release meta-data into footer on Releases page. !19451
- Expose subscribed field in issue lists queried with GraphQL. !19458 (briankabiro)
- [Geo] Fix: rake gitlab:geo:check on the primary is cluttered. !19460
- Hide trial banner for namespaces with expired trials. !19510
- Hide repeated trial offers on self-hosted instances. !19511
- Add loading icon to error tracking settings page. !19539
- Upgrade to Gitaly v1.71.0. !19611
- Make role required when editing profile. !19636
- Made `name` optional parameter of Release entity. !19705
- Vulnerabilities history chart - use sparklines. !19745
- Add event tracking to container registry. !19772
- Update SaaS trial header to include the tier Gold. !19970
- Update start a trial option in top right drop down to include Gold. !19971
- Improve merge request description placeholder. !20032 (Jacopo Beschi @jacopo-beschi)
- Add backtrace to production_json.log. !20122
- Change the default concurrency factor of merge train to 20. !20201
- Upgrade to Gitaly v1.72.0.
- Require explicit null parameters to remove pages domain certificate and allow to use Let's Encrypt certificates through API.
- Replace wording trace with log.

### Performance (13 changes)

- Record latencies for Sidekiq failures. !18909
- Fix N+1 for group container repositories view. !18979
- Do not render links in commit message on blame page. !19128
- Puma only: database connection pool now always >= number of worker threads. !19286
- Run check_mergeability only if merge status requires it. !19364
- Execute limited request for diff commits instead of preloading. !19485
- Improve performance of admin/abuse_reports page. !19630
- Remove N+1 DB calls from branches API. !19661
- Improve performance of linking LFS objects during import. !19709
- Optimize MergeRequest#mergeable_discussions_state? method. !19988
- Add index for unauthenticated requests to projects API default endpoint. !19989
- Add index for authenticated requests to projects API default endpoint. !19993
- Increase PumaWorkerKiller memory limit in development environment. !20039

### Added (83 changes, 8 of them are from the community)

- Adds Application Settings and ui settings in the integration admin area for Pendo. !15086
- Add endpoint for a group's vulnerable projects. !15317
- Added new chart component to display an anomaly boundary. !16530
- Add links to associated releases on the Milestones page. !16558
- Merge Details Page and Edit Page for Page Domains. !16687
- Share groups with groups. !17117
- Add links to associated release(s) to the milestone detail page. !17278
- New group path uniqueness check. !17394
- Unify html email layout for member html emails. !17699 (Diego Louzán)
- The Security Dashboard displays DAST vulnerabilities for all the scanned sites, not just the first. !17779
- Create table for elastic stack. !18015
- Allow to define a default CI configuration path for new projects. !18073 (Mathieu Parent)
- Issues queried in GraphQL now sortable by due date. !18094
- Add cleanup status to clusters. !18144
- Added Tests tab to pipeline detail that contains a UI for browsing test reports produced by JUnit. !18255
- Users can verify SAML configuration and view SamlResponse XML. !18362
- Support Enable/Disable operations in Feature Flag API. !18368
- Expose arbitrary job artifacts in Merge Request widget. !18385
- Add project option for deleting source branch. !18408 (Zsolt Kovari)
- Adds ability to set management project for cluster via API. !18429
- Close issues on Prometheus alert recovery. !18431
- Add ApplicationSetting for snowplow_iglu_registry_url. !18449
- Allow Grafana charts to be embedded in Gitlab Flavored Markdown. !18486
- Mark todo done by GraphQL API. !18581
- Create a users_security_dashboard_projects table to store the projects a user has added to their personal security dashboard. !18708
- New API endpoint for creating anonymous merge request discussions from Visual Review Tools. !18710
- Enable the color chip in AsciiDoc documents. !18723
- Add prevent_ldap_sign_in option so LDAP can be used exclusively for sync. !18749
- Show inherited group variables in project view. !18759
- Add "release" filter to issue search page. !18761
- Search list of Sentry errors by title in Gitlab. !18772
- Add migrations and changes for soft-delete for projects. !18791
- Support for Crossplane as a managed app. !18797 (Mahendra Bagul)
- Bump Auto-Deploy image to v0.3.0. !18809
- Set X-GitLab-NotificationReason header if notification reason is explicit subscription. !18812
- Add issues, MRs, participants, and labels tabs in group milestone page. !18818
- Add ability to reorder projects on operations dashboard. !18855
- Make `Job`, `Bridge` and `Default` inheritable. !18867
- Show epic events on group activity page. !18869
- Detail view of Sentry error in GitLab. !18878
- Expose mergeable state of a merge request. !18888 (briankabiro)
- Add ability to select a Cluster management project. !18928
- Add a Slack slash command to add a comment to an issue. !18946
- Added installation commands for npm and yarn packages to package detail page. !18999
- Show start and end dates in Epics list page. !19006
- Populate new pipeline CI vars from params. !19023
- Add warnings about pages access control settings. !19067
- Graphql mutation for (un)subscribing to an epic. !19083
- API for stack trace & detail view of Sentry error in GitLab. !19137
- Add grafana integration active status checkbox. !19255
- GraphQL: Add Merge Request milestone mutation. !19257
- Add MergeRequestSetAssignees GraphQL mutation. !19272
- Add edit button to metrics dashboard. !19279
- Add "release" filter to merge request search page. !19315
- Add dead jobs to Sidekiq metrics API. !19350 (Marco Peterseil)
- Add pipeline information to dependency list header. !19352
- Build CI cache key from commit SHAs that changed given files. !19392
- Adding support for searching tags using '^' and '$'. !19435 (Cauhx Milloy)
- Sentry error stacktrace. !19492
- Add an `error_code` attribute to the API response when a cherry-pick or revert fails. !19518
- Add documentation for sign-in application setting. !19561 (Horatiu Eugen Vlad)
- Create AWS EKS cluster. !19578
- Add modsecurity logging sidecar to ingress controller. !19600
- Add start a trial option in the top-right user dropdown. !19632
- Manage and display labels from epic in the GraphQL API. !19642
- Allow order_by updated_at in Deployments API. !19658
- Add can_edit and project_blob_path to metrics_dashboard endpoint. !19663
- Add usage ping data for project services. !19687
- Graphql query for issues can now be sorted by relative_position. !19713
- Add API endpoint to trigger Group Structure Export. !19779
- Show Tree UI containing child Epics and Issues within an Epic. !19812
- Enable environments dashboard by default. !19838
- Update the DB schema to allow linking between Vulnerabilities and Issues. !19852
- Add Group Audit Events API. !19868
- Adds a copy button next to package metadata on the details page. !19881
- GraphQL: Create MR mutations needed for the sidebar. !19913
- Add id_before, id_after filter param to projects API. !19949
- Add modsecurity feature flag to usage ping. !20194
- Specify management project for a Kubernetes cluster. !20216
- Upgrade pages to 1.12.0. !20217
- Support template_project_id parameter in project creation API. !20258
- Add heatmap chart support. !32424
- Add template for Serverless Framework/JS. !33805

### Other (59 changes, 26 of them are from the community)

- Add EKS cluster count to usage data. !17059
- Track the starting and stopping of the current signup flow and the experimental signup flow. !17521
- Attribute Sidekiq workers according to their workloads. !18066
- Add ApplicationSetting entries for EKS integration. !18307
- Geo: Add resigns-related fields to Geo Node Status table. !18379
- Allow adding requests to performance bar manually. !18464
- Removes `export_designs` feature flag. !18507 (nate geslin)
- Update AWS SDK to 2.11.374. !18601
- Remove required dependecy of Postgresql for Gitaly. !18659
- Add deployment_merge_requests table. !18755
- Bump Gitaly to 1.70.0 and remove cache invalidation feature flag. !18766
- Update gRPC to v1.24.0. !18837
- Update GitLab Runner Helm Chart to 0.10.0. !18879
- Adds a Sidekiq queue duration metric. !19005
- Create explicit Default and Free plans. !19033
- Improve instance mirroring help text. !19047
- Add Codesandbox metrics to usage ping. !19075
- Add internal_socket_dir to gitaly config in setup helper. !19170
- Use Rails 5.2 Redis caching store. !19202
- Update GitLab Runner Helm Chart to 0.10.1. !19232
- Rename snowplow_site_id to snowplow_app_id in application_settings table. !19252
- Removed IIFEs from network.js file. !19254 (nuwe1)
- Remove IIFEs from project_select.js. !19288 (minghuan lei)
- Remove IIFEs from merge_request.js. !19294 (minghuan lei)
- Make snippet list easier to scan. !19490
- Removed IIFEs from image_file.js. !19548 (nuwe1)
- Fix api docs for deleting project cluster. !19558
- Change blob edit view button styling. !19566
- Include exception and backtrace in API logs. !19671
- Add index on marked_for_deletion_at in projects table. !19788
- Visual design for edit buttons in blob view. !19932
- Refactor disabled sidebar notifications to Vue. !20007 (minghuan lei)
- Remove IIFEs from branch_graph.js. !20008 (minghuan lei)
- Remove IIFEs from new_branch_form.js. !20009 (minghuan lei)
- Remove duplication from slugifyWithUnderscore function. !20016 (Arun Kumar Mohan)
- Update registry.gitlab.com/gitlab-org/security-products/codequality to 12-5-stable. !20046 (Takuya Noguchi)
- Add mb-2 class to global alerts. !20081 (2knal)
- Remove var from syntax_highlight_spec.js. !20086 (Lee Tickett)
- Remove var from merge_request_tabs_spec.js. !20087 (Lee Tickett)
- Remove var from bootstrap_jquery_spec.js. !20089 (Lee Tickett)
- Remove var from project_select.js. !20091 (Lee Tickett)
- Remove var from new_commit_form.js. !20095 (Lee Tickett)
- Remove var from issue.js. !20098 (Lee Tickett)
- Remove var from new_branch_form.js. !20099 (Lee Tickett)
- Remove var from tree.js. !20103 (Lee Tickett)
- Remove var from line_highlighter.js. !20108 (Lee Tickett)
- Remove var from preview_markdown.js. !20115 (Lee Tickett)
- remove all references of BoardService in boards_selector.vue. !20147 (nuwe1)
- Remove all references to BoardsService in index.vue. !20152 (nuwe1)
- Remove var from labels_select.js. !20153 (Lee Tickett)
- Remove all reference to BoardService in board_form.vue. !20158 (nuwe1)
- Remove calendar icon from personal access tokens. !20183
- Move margin-top from flash container to flash. !20211
- Bump Auto DevOps deploy image to v0.7.0. !20250
- Make 'Sidekiq::Testing.fake!' mode as default. !31662 (@blackst0ne)
- Replace task-done icon with list-task icon to better align with other toolbar list icons.
- Dependency Scanning template that doesn't rely on Docker-in-Docker.
- Adding dropdown arrow icon and updated text alignment.
- Change selects from default browser style to custom style.


836
837
838
839
840
841
842
843
844
845
846
847
## 12.4.5

- No changes.

## 12.4.3

### Fixed (2 changes)

- Only enable protected paths for POST requests. !19184
- Fix Bitbucket Cloud importer pull request state. !19734


848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
## 12.4.2

### Fixed (10 changes)

- Increase timeout for FetchInternalRemote RPC call. !18908
- Clean up duplicate indexes on ci_trigger_requests. !19053
- Fix project imports not working with serialized data. !19124
- Fixed welcome screen icons not showing. !19148
- Disable protected path throttling by default. !19185
- Fix Prometheus duplicate metrics. !19327
- Fix ref switcher not working on Microsoft Edge. !19335
- Extend gRPC timeouts for Rake tasks. !19461
- Disable upload HTTP caching to fix case when object storage is enabled and proxy_download is disabled. !19494
- Removes arrow icons for old collapsible sections.

### Changed (2 changes)

- Increased deactivation threshold to 180 days. !18902
- Add extra sentence about registry to AutoDevOps popup. !19092


869
870
## 12.4.1

871
### Security (14 changes)
872
873
874
875

- Standardize error response when route is missing.
- Do not display project labels that are not visible for user accessing group labels.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
876
- Show cross-referenced label and milestones in issues' activities only to authorized users.
877
878
879
880
881
882
883
884
- Analyze incoming GraphQL queries and check for recursion.
- Disallow unprivileged users from commenting on private repository commits.
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
- Require Maintainer permission on group where project is transferred to.
- Don't leak private members in project member autocomplete suggestions.
- Return 404 on LFS request if project doesn't exist.
- Mask sentry auth token in Error Tracking dashboard.
- Fixes a Open Redirect issue in `InternalRedirect`.
885
- Remove deploy access level when project/group link is deleted.
886
887
888
- Sanitize all wiki markup formats with GitLab sanitization pipelines.


889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
## 12.4.0

### Security (14 changes)

- HTML-escape search term in empty message. !18319
- Fix private feature Elasticsearch leak.
- Prevent bypassing email verification using Salesforce.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Do not show resource label events referencing not accessible labels.
- Check permissions before showing head pipeline blocking merge requests.
- Cancel all running CI jobs triggered by the user who is just blocked.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- Display only participants that user has permission to see on milestone page.
- Fix Gitaly SearchBlobs flag RPC injection.
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.
- Prevent GitLab accounts takeover if SAML is configured.
- Only render fixed number of mermaid blocks.

### Fixed (103 changes, 12 of them are from the community)

- When user toggles task list item, keep details open until user closes the details manually. !16153
- Fix formatting welcome screen external users. !16667
- Fix signup link in admin area not being disabled. !16726 (Illya Klymov)
- Fix routing bugs in security dashboards. !16738
- Fix Jira integration favicon image with relative URL. !16802
- Add timeout mechanism for CI config validation. !16807
- Fix for count in todo badge when user has over 1,000 todos. Will now correctly display todo count after user marks some todos as done. !16844 (Jesse Hall @jessehall3)
- Naming a project "shared" will no longer automatically open the "Shared Projects" tab. !16847 (Jesse Hall @jessehall3)
- Adds the ability to delete single tags from the docker registry. Fix the issue that caused all related tags and image to be deleted at the same time. !16886
- Changed confidential quick action to only be available on non confidential issues. !16902 (Marc Schwede)
- Stop sidebar icons from jumping when expanded & collapsed. !16971
- Set name and updated_at properly in GitHub ReleaseImporter. !17020
- Remove thin white line at top of diff view code blocks. !17026
- Show correct CI indicator when build succeeded with warnings. !17034
- Create a persistent ref per pipeline for keeping pipelines run from force-push and merged results. !17043
- Move SMAU usage counters to the UsageData count field. !17074
- Allow maintainers to toggle write permission for public deploy keys. !17210
- Fix GraphQL for read-only instances. !17225
- Fix visibility level error when updating group from API. !17227 (Mathieu Parent)
- Fix stylelint errors in epics.scss. !17243
- Fix new discussion replies sometimes showing up twice. !17255
- Adjust unnapliable suggestions in expanded lines. !17286
- Show all groups user belongs to in Notification settings. !17303
- Alphabetically sorts selected sidebar labels. !17309
- Show issue weight when weight is 0. !17329 (briankabiro)
- Generate LFS token authorization for user LFS requests. !17332
- Backfill releases table updated_at column and add not null constraints to created_at and updated_at. !17400
- Log Sidekiq exceptions properly in JSON format. !17412
- Redo fix for related issues border radius. !17480
- Show the original branch name and link of merge request in pipeline emails. !17513
- Fixes issues with the security reports migration. !17519
- Users can view the blame or history of a file with newlines in its filename. !17543 (Jesse Hall @jessehall3)
- Display reCAPTCHA modal when making issue public. !17553
- Fix css selector for details in issue description. !17557
- Prevents a group path change when a project inside the group has container registry images. !17583
- Show 20 labels in dropdown instead of 5. !17596
- Nullify platform Kubernetes namespace if blank. !17657
- Fix Issue: WebIDE asks for confirmation to leave the page when committing and creating a new MR. !17671
- Catch unhandled exceptions in health checks. !17694
- Suppress error messages shown when navigating to a new page. !17706
- Specify sort order explicitly for Group and Project audit events. !17739
- Merge Request: Close JIRA issues when issues are disabled. !17743
- Disable gitlab-workhorse static error page on health endpoints. !17770
- Fix notes race condition when linking to specific note. !17777
- Fix relative positioning when moving items down and there is no space. !17781
- Fix project imports for pipelines for merge requests. !17799
- Increase the limit of includes in CI file to 100. !17807
- Geo: Fix race condition for container synchronization. !17823
- Geo: Invalidate cache after refreshing foreign tables. !17885
- Abort Merge When Pipeline Succeeds when Fast Forward merge is impossible. !17886
- Fix viewing merge reqeust from a fork that's being deleted. !17894
- Fix empty security dashboard for public projects. !17915
- Fix inline rendering of videos for uploads with uppercase file extensions. !17924
- Hide redundant labels in issue boards. !17937
- Time window filter in monitor dashboard gets reset. !17972
- Use cache_method_asymmetrically with Repository#has_visible_content?. !17975
- Allow users to compare Git revisions on a read-only instance. !18038
- Enable Google API retries for uploads. !18040
- Fix bug with new wiki not being indexed. !18051
- Stops the expand button in reports from expanding. !18064
- Make sure project insights stick on its own. !18082
- Embed metrics time window scroll no longer affects other embeds. !18109
- Fix broken notes avatar rendering in Chrome 77. !18110
- Ignore incoming emails with X-Autoreply header. !18118
- Enable grid, frame and stripes styling on AsciiDoc tables. !18165 (Guillaume Grossetie)
- Add backend support for selecting custom templates by ID. !18178
- Fix notifications for private group mentions in Notes, Issues, and Merge Requests. !18183
- Do not strip forwarded message body when creating an issue from Service Desk email. !18196
- Fix protected branch detection used by notification service. !18221
- Fix error where helper was incorrectly returning `true`. !18231
- Adjust placeholder to solve misleading regex. !18235
- Fix Flaky spec/finders/members_finder_spec.rb:85. !18257 (Jacopo Beschi @jacopo-beschi)
- Fix 500 error on clicking to LetsEncrypt Terms of Service. !18263
- Fix error tracking table layout on small screens. !18325
- GitHub import: Handle nil published_at dates. !18355
- Do not allow deactivated users to use slash commands. !18365
- Fix creating epics with dates from api. !18393
- JIRA Service: Improve username/email validation. !18397
- Stopped CRD apply retrying from allowing silent failures. !18421
- Fix erroneous "No activities found" message. !18434
- Support ES searches for project snippets. !18459
- Fix styling of set status emoji picker. !18509
- Fix showing diff when it has legacy diff notes. !18510
- JIRA Integration API URL works having a trailing slash. !18526
- Fixes embedded metrics chart tooltip spacing. !18543
- Bump GITLAB_ELASTICSEARCH_INDEXER_VERSION=v1.4.0. !18558
- Fix pod logs failure when pod contains more than 1 container. !18574
- Prevent the slash command parser from removing leading whitespace from content that is unrelated to slash commands. !18589 (Jared Deckard)
- Fix inability to set snippet visibility via API. !18612
- Fix Web IDE tree not updating modified status. !18647
- Fix button link foreground color. !18669
For faster browsing, not all history is shown. View entire blame