CHANGELOG.md



To find the state of this project's repository at the time of any of these versions, check out the tags.


Note: This file is automatically generated. Please see the developer
documentation for instructions on adding your own
entry.

12.7.4

Security (1 change)

Update workhorse to v8.20.0.


12.7.3

Security (17 changes, 1 of them is from the community)

Fix xss on frequent groups dropdown. !50
Bump rubyzip to 2.0.0. (Utkarsh Gupta)
Disable access to last_pipeline in commits API for users without read permissions.
Add constraint to group dependency proxy endpoint param.
Limit number of AsciiDoc includes per document.
Prevent API access for unconfirmed users.
Enforce permission check when counting activity events.
Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type.
Cleanup todos for users from a removed linked group.
Fix XSS vulnerability on custom project templates form.
Protect internal CI builds from external overrides.
ImportExport::ExportService to require admin_project permission.
Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
Disable caching of repository/files/:file_path/raw API endpoint.
Make cross-repository comparisons happen in the source repository.
Update excon to 0.71.1 to fix CVE-2019-16779.
Add workhorse request verification to package upload endpoints.


12.7.2

No changes.


12.7.1

Fixed (6 changes)

Fix loading of sub-epics caused by wrong subscription check. !23184
Fix Bitbucket Server importer error handler. !23310
Fixes random passwords generated not conforming to minimum_password_length setting. !23387
Reverts MR diff redesign which fixes Web IDE visual bugs including file dropdown not showing up. !23428
Allow users to sign out on a read-only instance. !23545
Remove invalid data from jira_tracker_data table. !23621


Added (1 change)

Close Issue when resolving corresponding Sentry error. !22744


12.7.0

Security (6 changes, 2 of them are from the community)

Ensure content matches extension on image uploads. !20697
Update set-value from 2.0.0 to 2.0.1. !22366 (Takuya Noguchi)
Update rdoc to 6.1.2. !22434
Upgrade json-jwt to v1.11.0. !22440
Update webpack from 4.40.2 to 4.41.5. !22452 (Takuya Noguchi)
Update rack-cors to 1.0.6. !22809


Removed (2 changes)

Remove feature flag 'use_legacy_pipeline_triggers' and remove legacy tokens. !21732
Add deprecation warning to Rake tasks in sidekiq namespace.


Fixed (91 changes, 7 of them are from the community)

Remove extra whitespace in user popover. !19938
Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !19956
Fix pages size limit setting in database if it is above the hard limit. !20154
Support dashes in LDAP group CN for sync on users first log in. !20402
Users without projects use a license seat in a non-premium license. !20664
Add fallbacks and proper errors for diff file creation. !21034
Authenticate API requests with job tokens for Rack::Attack. !21412
Tasks in HTML comments are no longer incorrectly detected. !21434
Hide mirror admin actions from developers. !21569
!21542 Part 3: Handle edge cases in stage and unstage mutations. !21676
Web IDE: Fix Incorrect diff of deletion and addition of the same file. !21680
Fix bug when clicking on same note twice in Firefox. !21699 (Jan Beckmann)
Fix "No changes" empty state showing up in changes tab, despite there being changes. !21713
Require group owner to have linked SAML before enabling Group Managed Accounts. !21721
Fix README.txt not showing up on a project page. !21763 (Alexander Oleynikov)
Fix MR diffs file count increments while batch loading. !21764
When sidekiq-cluster is asked to shutdown, actively terminate any sidekiq processes that don't finish cleanly in short order. !21796
Prevent MergeRequestsController#ci_environment_status.json from making HTTP requests. !21812
Fix issue: Discard button in Web IDE does nothing. !21902
Fix "Discard" for newly-created and renamed files. !21905
Add epic milestone sourcing foreign key. !21907
Fix transferring groups to root when EE features are enabled. !21915
Show regular rules without approvers. !21918
Resolve "Merge request discussions API doesn't reject an error input in some case". !21936
fix CSS when board issue is collapsed. !21940 (allenlai18)
Properly check a task embedded in a list with no text. !21947
Process quick actions when using Service Desk templates. !21948
Sidebar getting partially hidden behind the content block. !21978 (allenlai18)
Fix bug in Container Scanning report remediations. !21980
Return empty body for 204 responses in API. !22086
Limit the amount of time ChatNotificationWorker waits for the build trace. !22132
Return 503 error when metrics dashboard has no connectivity. !22140
Cancel running pipelines when merge request is dropped from merge train. !22146
Fix: undefined background migration classes for EE-CE downgrades. !22160
Check both SAST_DISABLE and SAST_DISABLE_DIND when executing SAST job template. !22166
Check both DEPENDENCY_SCANNING_DISABLED and DS_DISABLE_DIND when executing Dependency Scanning job template. !22172
Stop exposing MR refs in favor of persistent pipeline refs. !22198
Display login or register widget only if user is not logged in. !22211
Fix milestone quick action to handle ancestor group milestones. !22231
Fix RefreshMergeRequestsService raises an exception and unnecessary sidekiq retry. !22262
Make BackgroundMigrationWorker backward compatible. !22271
Update foreign key constraint for personal access tokens. !22305
Fix markdown table border colors. !22314
Retry obtaining Let's Encrypt certificates every 2 hours if it wasn't successful. !22336
Disable Prometheus metrics if initialization fails. !22355
Make jobs with resource group cancellable. !22356
Fix bug when trying to expose artifacts and no artifacts are produced by the job. !22378
Gracefully error handle CI lint errors in artifacts section. !22388
Fix GitLab plugins not working without hooks configured. !22409
Prevent omniauth signup redirect loop. !22432 (Balazs Nagy)
Fix deploy tokens erroneously triggering unique IP limits. !22445
Add support to export and import award emojis for issues, issue notes, MR, MR notes and snippet notes. !22493
Fix Delete Selected button being active after uploading designs after a deletion. !22516
Fix releases page when tag contains a slash. !22527
Reverts Add RBAC permissions for getting knative version. !22560
Fix error in Wiki when rendering the AsciiDoc include directive. !22565
Fix Error 500 in parsing invalid CI needs and dependencies. !22567
Fix discard all to behave like discard single file in Web IDE. !22572
Update IDE discard of renamed entry to also discard file changes. !22573
Avoid pre-populating form for MR resolve issues. !22593
Fix relative links in Slack message. !22608
Hide merge request tab popover for anonymous users. !22613
Remove unused keyword from EKS provision service. !22633
Prevent job log line numbers from being selected. !22691
Fix CAS users being signed out repeatedly. !22704
Make Sidekiq timestamps consistently ISO 8601. !22750
Merge a merge request immediately when passing merge when pipeline succeeds to the merge API when the head pipeline already succeeded. !22777
Fix Issue API: creating with manual IID returns conflict when IID already in use. !22788 (Mara Sophie Grosch)
Project issue board names now sorted correctly in FOSS. !22807
Fix upload redirections when project has moved. !22822
Update Mermaid to v8.4.5. !22830
Prevent builds from halting unnecessarily when completing prerequisites. !22938
Fix discarding renamed directories in Web IDE. !22943
Gracefully handle marking a project deletion multiple times. !22949
Fix: WebIDE doesn't work on empty repositories again. !22950
Fix rebase error message translation in merge requests. !22952 (briankabiro)
Geo: Fix Docker repository synchronization for local storage. !22981
Include subgroups when searching inside a group. !22991
Geo: Handle repositories in Docker Registry with no tags gracefully. !23022
Fix group issue list and group issue board filters not showing ancestor group milestones. !23038
Add returning relation from GroupMembersFinder if called on root group with only inherited param. !23161
Fix extracting Sentry external URL when URL is nil. !23162
Fix issue CSV export failing for some projects. !23223
Fix unexpected behaviour of the commit form after committing in Web IDE. !23238
Fix analytics tracking for new merge request notes. !23273
Identify correct sentry id in error tracking detail. !23280
Fix for 500 when error stack trace is empty. !119205
Removes incorrect help text from EKS Kubernetes version field.
Exclude snippets from external caching handling.
Validate deployment SHAs and refs.
Increase size of issue boards sidebar collapse button.


Changed (42 changes, 4 of them are from the community)

Restores user's ability to revoke sessions from the active sessions page. !17462 (Jesse Hall @jessehall3)
Add documentation & helper text information regarding securing a GitLab instance. !18987
Add activity across all projects to /events endpoint. !19816 (briankabiro)
Don't run Auto DevOps when no dockerfile or matching buildpack exists. !20267
Expose full reference path for issuables in API. !20354
Add measurement details for programming languages graph. !20592
Move instance statistics into analytics namespace. !21112
Improve warning for Promote issue to epic. !21158
Added Conan recipe in place of the package name on the package details page. !21247
Expose description_html for labels. !21413
Add audit events to the adding members to project or group API endpoint. !21633
Include commit message instead of entire page content in Wiki chat notifications. !21722 (Ville Skyttä)
Add fetching of Grafana Auth via the GraphQL API. !21756
Update prometheus chart version to 9.5.2. !21935
Turns on backend MR reports for DAST by default. !22001
Changes to template dropdown location. !22049
Copy merge request routes to the - scope. !22082
Copy repository route under - scope. !22092
Add back feature flag for cache invalidator. !22106
Update jupyterhub chart. !22127
Enable ability to install Crossplane app by default. !22141
Apply word-diff highlighting to Suggestions. !22182
Update auto-deploy-image to v0.8.3 for DAST default branch deploy. !22227
Restyle changes header & file tree. !22364
Upgrade to Gitaly v1.79.0. !22515
Save Instance Administrators group ID in DB. !22600
Resolve Create new project: Auto-populate project slug string to project name if name is empty. !22627
Bump cluster-applications image to v0.4.0, adding support to install cert-manager. !22657
Pass log source to the frontend. !22694
Allow Unicode 11 emojis in project names. !22776 (Harm Berntsen)
Update name max length. !22840
Update button label in MR widget pipeline footer. !22900
Exposes tiller.log as artifact in Managed-Cluster-Applications GitLab CI template. !22940
Rename GitLab Plugins feature to GitLab File Hooks. !22979
Allow to share groups with other groups. !23185
Upgrade to Gitaly v1.81.0. !23198
Enable Code Review Analytics by default. !23285
Add JSON error context to extends error in CI lint. !30066
Fix embedded snippets UI polish issues.
Align embedded snippet mono space font with GitLab mono space font.
Updates AWS EKS service role name help text to clarify it is distinct from provision role.
Adds quickstart doc link to ADO CICD settings.


Performance (27 changes)

Reduce redis key size for the Prometheus proxy and the amount of queries by half. !20006
Implement Atomic Processing that updates status of builds, stages and pipelines in one go. !20229
Request less frequent updates from Runner when job log is not being watched. !20841
Don't let Gitaly calls exceed a request time of 55 seconds. !21492
Reduce CommitIsAncestor RPCs with environments. !21778
LRU object caching for GroupProjectObjectBuilder. !21823
Preload project, user and group to reuse objects during project import. !21853
Fix slow query on blob search when doing path filtering. !21996
Add index to optimize loading pipeline charts. !22052
Avoid Gitaly RPCs in rate-limited raw blob requests. !22123
Remove after_initialize and before_validation for Note. !22128
Execute Gitaly LFS call once when Vue file enabled. !22168
Speed up path generation with build artifacts. !22257
Performance improvements on milestone burndown chart. !22380
Added smart virtual list component to test reports to enhance rendering performance. !22381
Add Index to help Hashed Storage migration on big instances. !22391
Use GraphQL to load error tracking detail page content. !22422
Improve link generation performance. !22426
Create optimal indexes for created_at order (Projects API). !22623
Avoid making Gitaly calls when some Markdown text links to an uploaded file. !22631
Remove unused index on project_mirror_data. !22647
Add more indexes for other order_by options (Projects API). !22784
Add indexes for authenticated Project API calls. !22886
Enable redis HSET diff caching by default. !23105
Add importing? to disable some callbacks.
Remove N+1 query issue when checking group root ancestor.
Reduce Gitaly calls needed for issue discussions.


Added (95 changes, 18 of them are from the community)

Add previous revision link to blame. !17088 (Hiroyuki Sato)
Render whitespaces in code. !17244 (Mathieu Parent)
Add an option to configure forking restriction. !17988
Add support for operator in filter bar. !19011
Add epics to project import/export. !19883
Load MR diff types lazily to reduce initial diff payload size. !19930
Metrics and network referee artifact types added to job artifact types. !20181
Auto stop environments after a certain period. !20372
Implement application appearance API endpoint. !20674 (Fabio Huser)
Add build metadata to package API. !20682
Add support for Liquid format in Prometheus queries. !20793
Adds created_at object to package api response. !20816
Stage all changes by default in Web IDE. !21067
25968-activity-filter-to-notes-api. !21159 (jhenkens)
Improve error list UI on mobile viewports. !21192
New API endpoint GET /projects/:id/services. !21330
Add child and parent labels to pipelines. !21332
Add release count to project homepage. !21350
Add pipeline deletion button to pipeline details page. !21365 (Fabio Huser)
Add support for Rust Cargo.toml dependency vizualisation and linking. !21374 (Fabio Huser)
Expose issue link type in REST API. !21375
Implement customizable commit messages for applied suggested changes. !21411 (Fabio Huser)
Add stacktrace to issue created from the sentry error detail page. !21438
add background migration for sha256 fingerprints of ssh keys. !21579 (Roger Meier)
Add a cron job and worker to run the Container Expiration Policies. !21593
Add feature flag override toggle. !21598
Add 'resource_group' keyword to .gitlab-ci.yml for pipeline job concurrency limitation. !21617
Add full text search to pod logs. !21656
Add capability to disable issue auto-close feature per project. !21704 (Fabio Huser)
Add API for getting sentry error tracking settings of a project. !21788 (raju249)
Allow a pipeline (parent) to create a child pipeline as downstream pipeline within the same project. !21830
Add API support for retrieving merge requests deployed in a deployment. !21837
Add remaining project services to usage ping. !21843
Add ability to duplicate the common metrics dashboard. !21929
Custom snowplow events for monitoring alerts. !21963
Add enable_modsecurity setting to managed ingress. !21966
Add modsecurity_enabled setting to managed ingress. !21968
Allow admins to disable users ability to change profile name. !21987
Allow administrators to enforce access control for all pages web-sites. !22003
Setup storage for multiple milestones. !22043
Generate Prometheus sample metrics over pre-set intervals. !22066
Add tags to sentry detailed error response. !22068
Extend Design view sidebar with issue link and a list of participants. !22103
Add Gitlab version and revision to export. !22108
Add language and error urgency level for Sentry issue details page. !22122
Document MAVEN_CLI_OPTS defaults for maven project dependency scanning and update when the variable is used. !22126
Show sample metrics for an environment without prometheus configured. !22133
Download cross-project artifacts by using needs keyword in the CI file. !22161
Add GitLab commit to error detail endpoint. !22174
Container expiration policies can be updated with the project api. !22180
Allow CI_JOB_TOKENS for Conan package registry authentication. !22184
Add option to configure branches for which to send emails on push. !22196
Add a config for disabling CSS and jQuery animations. !22217
Add API for rollout Elasticsearch per plan level. !22240
Add retry logic for failures during import. !22265
Add migrations for version control snippets. !22275
Update tooltip content for deployment instances. !22289 (Rajendra Kadam)
Cut and paste Markdown table from a spreadsheet. !22290
Add CI variable to provide GitLab base URL. !22327 (Aidin Abedi)
Bump kubeclient version from 4.4.0 to 4.6.0. !22347
Accept Envelope-To as possible location for Service Desk key. !22354 (Max Winterstein)
Added Conan installation instructions to Conan package details page. !22390
Add API endpoint for creating a Geo node. !22392 (Rajendra Kadam)
Link to GitLab commit in Sentry error details page. !22431
Geo: Check current node in gitlab:geo:check Rake task. !22436
Add internal API to update Sentry error status. !22454
Add ability to ignore/resolve errors from error tracking detail page. !22475
Add informational message about page limits to environments dashboard. !22489
Add slug to services API response. !22518
Allow an upstream pipeline to create a downstream pipeline in the same project. !22663
Display SHA fingerprint for Deploy Keys and extend api to query those. !22665 (Roger Meier r.meier@siemens.com)
Add getDateInFuture util method. !22671
Detect go when doing dependency scanning. !22712
Fix aligment for icons on alerts. !22760 (Rajendra Kadam)
Allow "skip_ci" flag to be passed to rebase operation. !22800
Add gitlab_commit_path to Sentry Error Details Response. !22803
Document go support for dependency scanning. !22806
Implement ability to ignore Sentry errrors from the list view. !22819
Add ability to create an issue in an epic. !22833
Drop support for ES5 add support for ES7. !22859
Add View Issue button to error tracking details page. !22862
Resolve Design View: Left/Right keyboard arrows through Designs. !22870
Add Org to the list of available markups for project wikis. !22898 (Alexander Oleynikov)
Backend for allowing sample metrics to be toggled from ui. !22901
Display fn, line num and column in stacktrace entry caption. !22905
Get Project's environment names via GraphQL. !22932
Filter deployments using the environment & status. !22996
Assign labels to the GMA and project k8s namespaces. !23027
Expose mentions_disabled value via group API. !23070 (Fabio Huser)
Bump cluster-applications image to v0.5.0 (Adds GitLab Runner support). !23110
Resolve Sentry errors from error tracking list. !23135
Expose active field in the Error Tracking API. !23150
Track deployed merge requests using GitLab environments and deployments.
Enable the linking of merge requests to all non review app deployments.
Add comment_on_event_enabled to services API.


Other (31 changes, 7 of them are from the community)

Migrate issue trackers data. !18639
refactor javascript to remove Immediately Invoked Function Expression from project file search. !19192 (Brian Luckenbill)
Remove IIFEs from users_select.js. !19290 (minghuan lei)
Remove milestone_id from epics. !20539 (Lee Tickett)
Update d3 to 5.12. !20627 (Praveen Arimbrathodiyil)
Add Ci Resource Group models. !20950
Display in MR if security report is outdated. !20954
Fix CI job's scroll down icon and update animation. !21442
Implement saving config content for pipelines in a new table 'ci_pipelines_config'. !21827
Display SSL limitations warning for project's pages under namespace that contains dot. !21874
Updated monaco-editor dependency. !21938
fix: EKS credentials form does not reset after error. !21958
Fix regex matching for gemnasium dependency scanning jobs. !22025 (Maximilian Stendler)
User signout and admin mode disable use now POST instead of GET. !22113 (Diego Louzán)
Update to clarify slightly misleading tool tip. !22222
Replace Font Awesome cog icon with GitLab settings icon. !22259
Drop redundant index on ci_pipelines.project_id. !22325
Display location in the Security Project Dashboard. !22376
Add structured logging for application logs. !22379
Remove ActiveRecord patch to ignore limit on text columns. !22406
Update Ruby to 2.6.5. !22417
Log database time in Sidekiq JSON logs. !22548
Update GitLab Runner Helm Chart to 0.12.0. !22566
Update project hooks limits to 100 for all plans. !22604
Update Gitaly to v1.80.0. !22654
Update GitLab's codeclimate to 0.85.6. !22659 (Takuya Noguchi)
Updated no commit verbiage. !22765
Use IS08601.3 format for app level logging of timestamps. !22793
Upgrade octokit and its dependencies. !22946
Remove feature flag for import graceful failures.
Update the Net-LDAP gem to 0.16.2.


12.6.4

Security (1 change)

Fix private objects exposure when using Project Import functionality.


12.6.2

Security (6 changes)

GraphQL: Add timeout to all queries.
Filter out notification settings for projects that a user does not have at least read access.
Hide project name and path when unsusbcribing from an issue or merge request.
Fix 500 error caused by invalid byte sequences in uploads links.
Return only runners from groups where user is owner for user CI owned runners.
Fix Vulnerability of Release Evidence.


12.6.1

Fixed (2 changes)

Handle forbidden error when checking for knative. !22170
Fix stack trace highlight for PHP. !22258


Performance (1 change)

Eliminate N+1 queries in PipelinesController#index. !22189


12.6.0

Security (4 changes)

Update Rugged to v0.28.4.1. !21869
Update maven_file_name_regex for full string match.
Add maven file_name regex validation on incoming files.
Update Workhorse and Gitaly to fix a security issue.


Removed (1 change)

Remove downstream pipeline connecting lines. !21196


Fixed (101 changes, 16 of them are from the community)

Fix delete user dialog bypass caused by hitting enter. !17343
Fix broken UI on Environment folder. !17427 (Takuya Noguchi)
Fix award emoji tooltip being escaped twice if multiple people voted. !19273 (Brian T)
Use cascading deletes for deleting oauth_openid_requests upon deleting an oauth_access_grant. !19617
Update merging an MR behavior on the API when pipeline fails. !19641 (briankabiro)
Vertically align collapse button on epic sidebar. !19656
Fix projects list to show info in user's locale. !20015 (Arun Kumar Mohan)
Update padding for cluster alert warning. !20036 (George Tsiolis)
Show correct warning on issue when project is archived. !20078
Resets aria-describedby on mouseleave. !20092 (carolcarvalhosa)
Allow patch notes on repo tags page to word wrap. !20135
Remove Release edit url for users not allowed to update a release. !20136
Fix group managed accounts members cleanup. !20157
Epic tree bug fixes. !20209
Add missing external-link icon for Crossplane managed app. !20283
Fixes MR approvers tooltip wrong color. !20287 (Dheeraj Joshi)
Ignore empty MR diffs when migrating to external storage. !20296
Add link color to design comments. !20302
Fix graph groups in monitor dashboard that are hidden on load. !20312
Update Container Registry naming restrictions to allow for sequential '-'. !20318
Fixed monitor charts from throwing error when zoomed. !20331
Validate the merge sha before merging, confirming that the merge will only contain what the user saw. !20348
Change container registry column name from Tag ID to Image ID. !20349
Fix dropdown location on the monitoring charts. !20400
Fixed project import from export ignoring namespace selection. !20405
Backup: Disable setting of ACL for Google uploads. !20407
Fix documentation link from empty environment dashboard. !20415
Move persistent_ref.create into run_after_commit. !20422
Update external link to provider in cluster settings. !20425
Fix issue trying to edit weight with collapsed sidebar as guest. !20431
Handle empty stacktrace and entries with no code. !20458
Refactor the Deployment model so state machine events are used by both CI and the API. !20474
Guest users should not delete project snippets they created. !20477
Accept user-defined dashboard uids in Grafana embeds. !20486
Fix multi select input padding in project and group user select. !20520 (Kevin Lee)
Use correct fragment identifier for vulnerability help path. !20524
Fix group search in groups dropdown. !20535
Fix removing of child epics that belong to subgroups. !20610
Fix opening Sentry error details in new tab. !20611
Ensure next unresolved discussion button takes user to the right place. !20620
Allow Gitlab GKE clusters to access Google Cloud Registry private images. !20662 (Tan Yee Jian)
Fix cron parsing for Daylight Savings. !20667
Fix incorrect new branch name from issue. !20677 (Lee Tickett)
Improve the way the metrics dashboard waits for data. !20687
Remove destroy_personal_snippet ability. !20717
Try longer to clean up after using a gpg-keychain and raise exption if the cleanup fails. !20718
Fix tooltip hovers in environments table. !20737
Remove DB transaction from Rebase operation. !20739
Improve UX for vulnerability dismissal note. !20768
Fix change to default foreground and backgorund colors in job log. !20787
Display Labels item in sidebar when Issues are disabled. !20817
Junit success percentage no longer displays 100% if there are failures. !20835
Ensure to check create_personal_snippet ability. !20838
Fix a display bug in the fork removal description message. !20843
Validate unique environment scope for instance clusters. !20886
Add empty region when group metrics are missing. !20900
Adjust issue metrics first_mentioned_in_commit_at calculation. !20923
Update copy on managed namespace prefixes. !20935
Add protected branch permission check to run downstream pipelines. !20964
Fix assignee url in issue board sidebar. !20992 (Lee Tickett)
Retrieve issues from subgroups when rendering group milestone. !21024
Adds 409 when user cannot be soft deleted through the API. !21037
Respect the timezone reported from Gitaly. !21066
Fix Container repositories can not be replicated when s3 is used. !21068
Remove redundant toast.scss file and variables. !21105
Respect snippet query params when displaying embed urls. !21131
Remove action buttons from designs tab if there are no designs. !21186
Correctly return stripped PGP text. !21187 (Roger Meier)
Fix error when linking already linked issue to epic. !21213
Do not attribute unverified commit e-mails to GitLab users. !21214
Add nonunique indexes to Labels. !21230
Fix snippet routes. !21248
Fix Zoom Quick Action server error when creating a GitLab Issue. !21262
Rename snippet refactored routes. !21267
Validate connection section in direct upload config. !21270
Fix pipeline retry in a CI DAG. !21296
Authenticate runner requests in Rack::Attack. !21311
Fix top border of README file header in file list. !21314
Fix forking a deduplicated project after it was moved to a different shard. !21339
Fix misaligned approval tr. !21368 (Lee Tickett)
Fix crash registry contains helm charts. !21381
Web IDE: Fix the console error that happens when discarding a newly added/uploaded file. !21537
Authenticate requests with job token as basic auth header for request limiting. !21562
Fix Single-File-Editor-Layout breaking when branch name is too long. !21577 (Roman Kuba)
Fix top border of README in vue_file_list. !21578 (Hector Bustillos)
Stage dropdown lists style corrections. !21607 (Hector Bustillos)
Change commit_id type on commit_user_mentions table. !21651
Do not clean the prometheus metrics directory for sidekiq. !21671
!21542 Part 1: Add new utils for Web IDE store. !21673
Update auto-deploy-image to v0.8.3. !21696
Match external user new snippet button visibility to permissions. !21718
Links to design comments now lead to specific note. !21724
Re-enable the cloud run feature. !21762
Ensure forks count cache refresh for source project. !21771
Fix padding on the design comments. !21839
Fix "Discard all" for new and renamed files. !21854
Fix project file finder url encoding file path separators. !21861
Ensure namespace is present for Managed-Cluster-Applications CI template. !21903
Rename common template jobs in sast and ds. !22084
Fixed query behind release filter on merge request search page. !38244
Activate projects Prometheus service integration when Prometheus managed application is installed on shared cluster.


Deprecated (4 changes)

Drop deprecated column from projects table. !18914
Limit number of projects displayed in GET /groups/:id API. !20023
Move operations project routes under - scope. !20456
Move wiki routing under /-/ scope. !21185


Changed (60 changes, 10 of them are from the community)

Use better context-specific empty state screens for the Security Dashboards. !18382
Add evidence collection for Releases. !18874
Update information and button text for deployment footer. !18918
Move merge request description into discussions tab. !18940
Keep details in MR when changing target branch. !19138
Make internal projects poolable. !19295 (briankabiro)
Enable support for multiple content query in GraphQL Todo API. !19576
Allow merge without refresh when new commits are pushed. !19725
Correct link to Merge trains documentation on MR widget. !19726
Preserve merge train history. !19864
Support go-source meta tag for godoc.org. !19888 (Ethan Reesor (@firelizzard))
Display a better message when starting a discussion on a deleted comment. !20031 (Jacopo Beschi @jacopo-beschi)
Add sort param to error tracking issue index. !20101
Add template repository usage to the usage ping. !20126 (minghuan lei)
Convert flash epic error to form validation error. !20130
Add 'download' button to Performance Bar. !20205 (Will Chandler)
SaaS trial copy shows plan. !20207
Add rbac access to knative-serving namespace deployments to get knative version information. !20244
Unlock button changed from Icon to String. !20307
Upgrade to Gitaly v1.72.0. !20313
Increase upper limit of start_in attribute to 1 week. !20323 (Will Layton)
Add CI variable to show when Auto-DevOps is explicitly enabled. !20332
Hashed Storage attachments migration: exclude files in object storage as they are all hashed already. !20338
Removes caching for design tab discusisons. !20374
Fixes to inconsistent margins/sapcing in the project detail page. !20395
Changes to how the search term is styled in the results. !20416
Move confidence column in the security dashboard. !20435 (Dheeraj Joshi)
Upgrade to Gitaly v1.73.0. !20443
Replacing incorrect icon in security dashboard. !20510
Rework pod logs navigation scheme. !20578
Reduce start a trial rocket emoji size. !20579
Upgrade auto-deploy-image for helm default values file. !20588
Exposed deployment build manual actions for merge request page. !20615
Upgrade to Gitaly v1.74.0. !20706
Fetches initial merge request widget data async. !20719
Add service desk information to project graphQL endpoint. !20722
Add admin mode controller path to Rack::Attack defaults. !20735 (Diego Louzán)
Add more filters to SnippetsFinder. !20767
Clean up the cohorts table. !20779
Remove vulnerability counter from security tab. !20800
Only blacklist IPs from Git requests. !20828
Optimize Deployments endpoint by preloading associations and make record ordering more consistent. !20848
Update deploy instances color scheme. !20890
Add service desk information to projects API endpoint. !20913
Added event tracking to the package details installation components. !20967
Hide Merge Request information on milestones when MRs are disabled for project. !20985 (Wolfgang Faust)
Upgrade to Gitaly v1.75.0. !21045
Evidence - Added restriction for guest on Release page. !21102
Increase lower DAG needs limit from five to ten. !21237
Add doc links to features on admin dashboard. !21419
Autofocus cluster dropdown search input. !21440
Add autofocus to label search fields. !21508
When a forked project is less visible than its source, merge requests opened in the fork now target the less visible project by default. !21517
UI improvements in the views for new project from template and the user groups and snippets. !21524 (Hector Bustillos)
Show merge immediately dialog even if the MR's pipeline hasn't finished. !21556
Support toggling service desk from API. !21627
Make workflow:rules to work well with Merge Requests. !21742
Upgrade to Gitaly v1.76.0. !21857
Remove authentication step from visual review tools instructions.
Fixes wording on runner admin.


Performance (22 changes)

Optimize query for CI pipelines of merge request. !19653
Replace index on environments table project_id and state with project_id, state, and environment_type. !19902
Remove reactive caching value keys once the alive key has expired. !20111
Suggest squash commit messages based on recent commits. !20231
Improve performance of /api/:version/snippets/public API and only return public personal snippets. !20339
Add limit for snippet content size. !20346
Reduce Gitaly calls in BuildHooksWorker. !20365
Enable ETag caching for MR notes polling. !20440
Disable public project counts on welcome page. !20517
Optimize query when Projects API requests private visibility level. !20594
Improve issues search performance on GraphQL. !20784
UpdateProjectStatistics updates after commit. !20852
Run housekeeping after moving a repository between shards. !20863
Require group_id or project_id for MR target branch autocomplete action. !20933
Cache the ancestor? Gitaly call to speed up polling for the merge request widget. !20958
Optimize loading the repository deploy keys page. !20970
Added lightweight check when retrieving Prometheus metrics. !21099
Limit max metrics embeds in GFM to 100. !21356
Fork Puma to validate scheduler fixes. !21547
Remove an N+1 call rendering projects search results. !21626
Skip updating LFS objects in mirror updates if repository has not changed. !21744
Add indexes on deployments to improve environments search. !21789


Added (119 changes, 18 of them are from the community)

Add upvote/downvotes attributes to GraphQL Epic query. !14311
Delete kubernetes cluster association and resources. !16954
Add badge name field. !16998 (Lee Tickett)
Add OmniAuth authentication support to admin mode feature. !18214 (Diego Louzán)
Creates DB tables for storing mentioned users, groups, projects referenced in a note or issuable description. !18316
Add body data elements for pageview context. !18450
Added filtering of inherited members for subgroups. !18842
Added responsiveness to audit events table. !18859
Add ability to make Jira comments optional. !19004
Store users, groups, projects mentioned in Markdown to DB tables. !19088
Upgrade mail_room gem to 0.10.0 and enable structured logging. !19186
Add possibility to save max issue weight on lists. !19220
Return 422 status code in case of error in submitting comments. !19276 (raju249)
Add Personal Access Token expiration reminder. !19296
Add recent search to error tracking. !19301
Resolve Limit the number of stored sessions per user. !19325
Add services for 'soft-delete for groups' feature. !19358
Notify user when over 1000 epics in roadmap. !19419
Search list of Sentry errors by title in GitLab. !19439
Add issue statistics to releases on the Releases page. !19448
Add snowplow events for monitoring dashboard. !19455
Add snowplow events for APM. !19463
Add GraphQL mutation to mark all todos done for a user. !19482
Added rules configuration for Ci::Bridge. !19605
Add workers for 'soft-delete for groups' feature. !19679
add tagger within tag view. !19681 (Roger Meier)
Strong validate import export references. !19682
Update Release API with evidence related data. !19706
Graphql query for issues can now be sorted by weight. !19721
GraphQL for Sentry rror details. !19733
View closed issues in epic. !19741
Add API endpoint to unpublish GitLab Pages. !19781
Add Pipeline Metadata to Packages. !19796
Create data model for serverless domains. !19835
Add Unify Circuit project integration service. !19849 (Fabio Huser)
add sha256 fingerprint to keys model, view and extend users API to search user via fingerprint. !19860 (Roger Meier)
Allow order_by updated_at in Pipelines API. !19886
Implement pagination for project releases page. !19912 (Fabio Huser)
Add migrations for secret snippets. !19939
Control passing artifacts from CI DAG needs. !19943
Genereate a set of sample prometheus metrics and route to the sample metrics when enabled. !19987
Add warning dialog when users click the "Merge immediately" merge train option. !20054
Expose moved_to_id in issues API. !20083 (Lee Tickett)
Relate issues when they are marked as duplicated. !20161 (minghuan lei)
Asks for confirmation before changing project visibility level. !20170
Allow CI config path to point to a URL or file in a different repository. !20179
Allow groups to disable mentioning their members, if the group is mentioned. !20184 (Fabio Huser)
Add modsecurity deployment counts to usage ping. !20196
Added legend to deploy boards. !20208
Support passing CI variables via git push options. !20255
Add GraphQL mutation to restore a Todo. !20261
Allow specifying Kubernetes namespace for an environment in gitlab-ci.yml. !20270
Add migrations for 'soft-delete for groups' feature. !20276
Add Maven installation commands to package detail page for Maven packages. !20300
Add feature to allow specifying userWithId strategies per environment spec. !20325
Enable creating Amazon EKS clusters from GitLab. !20333
Add ability to create new issue from sentry error detail page. !20337
Convert flash alerts to toasts. !20356
Return project commit url instead of commits url. !20369 (raju249)
Collect the date a SaaS trial starts on. !20384
Add option to delete cached Kubernetes namespaces. !20411
Create container expiration policies for projects. !20412
Adjust fork network relations upon project visibility change. !20466
Create a license info rake task. !20501 (Jason Colyer)
Add GraphQL mutation for changing due date of an issue. !20577
Add Snippet GraphQL resolver endpoints. !20613
Allow Job-Token authentication on Releases creation API. !20632
Add created_before/after filter to group/project audit events. !20641
Allow searching of projects by full path. !20659
Allow administrators to set a minimum password length. !20661
Update helper text for sentry error tracking settings. !20663 (Rajendra Kadam)
Adds ability to create issues from sentry details page. !20666
Add coverage difference visualization to merge request page. !20676 (Fabio Huser)
Use CI configured namespace for deployments to unmanaged clusters. !20686
Resolve Design view: Download single issue design image. !20703
Import large gitlab_project exports via rake task. !20724
Added Total/Frontend metrics to the performance bar. !20725
Add dependency scanning flag for skipping automatic bundler audit update. !20743
Add GraphQL mutation for setting an issue as confidential. !20785
Track adding metric via monitoring dashboard. !20818
Add _links object to package api response. !20820
CI template for installing cluster applications. !20822
Add SalesforceDX project template. !20831
Allow NPM package downloads with CI_JOB_TOKEN. !20868
Allow raw blobs to be served from an external storage. !20936
Added Snippets GraphQL mutations. !20956
Added WebHookLogs for ServiceHooks. !20976
Surface GitLab issue in error detail page. !21019
Add type to broadcast messages. !21038
add OpenAPI file viewer. !21106 (Roger Meier)
Add updated_before and updated_after filters to the Pipelines API endpoint. !21133
Implement pagination for sentry errors. !21136
Add support for Conan package management in the package registry. !21152
Add syntax highlight for Sentry error stack trace. !21182
Keyset pagination for REST API (Project endpoint). !21194
CI template for Sentry managed app. !21208
Add CI variable to set the version of pip when scanning dependencies of Python projects. !21218
Add dependency scanning flag for specifying pip requirements file for scanning. !21219
Do not allow specifying a Kubernetes namespace via CI template for managed clusters. !21223
Sort Sentry error list by first seen, last seen or frequency. !21250
Add documentation about dependency scanning gradle support. !21253
Allow PDF attachments to be opened on browser. !21272
Add child label to commit box. !21323
Update Knative to 0.9.0. !21361 (cab105)
Add target_path to broadcast message API. !21430
Allow Kubernetes namespaces specified via CI template to be used for terminals, pod logs and deploy boards. !21460
Allow styling broadcast messages. !21522
Enable new job log by default. !21543
Document support for sbt dependency scanning. !21588
Return multiple errors from CI linter. !21589
Add specific error states to dashboard. !21618
Add timestamps to pod logs. !21663
Hide profile information when user is blocked. !21706
link to group on group admin page. !21709
Added migration which adds service desk username column. !21733
Add SentryIssue table to store a link between issue and sentry issue. !37026
Add path based targeting to broadcast messages.
Add allow failure in pipeline webhook event. !20978 (Gaetan Semet)
Add runner information in build web hook event. !20709 (Gaetan Semet)


Other (51 changes, 28 of them are from the community)

Remove done callbacks from vue_shared/components/markdown. !16842 (Lee Tickett)
Update timeago to the latest release. !19407
Improve job tokens and provide access helper. !19793
Add post deployment migration to complete pages metadata migration. !19928
Resolve Document - Make using GitLab auth with Vault easy. !19980
Remove IIFEs from gl_dropdown.js. !19983 (nuwe1)
Improve sparkline chart in MR widget deployment. !20085
Updated jekyll project_template. !20090 (Marc Schwede)
Updated hexo project_template. !20105 (Marc Schwede)
Updated hugo project_template. !20109 (Marc Schwede)
Resolve environment rollback was not friendly. !20121
Removed all references of BoardService. !20144 (nuwe1)
Removes references of BoardService in list file. !20145 (nuwe1)
replace var gl_dropdown.js. !20166 (nuwe1)
delete board_service.js. !20168 (nuwe1)
Improve create confidential MR dropdown styling. !20176 (Lee Tickett)
Remove milestone_id from epics. !20187 (Lee Tickett)
Remove build badge path from route. !20188 (Lee Tickett)
Add worker attributes to Sidekiq metrics. !20292
Update GitLab Runner Helm Chart to 0.11.0. !20461
add missing test for add_index rubocop rule. !20464 (Eric Thomas)
Suppress progress on pulling image on Code Quality of Auto DevOps. !20604 (Takuya Noguchi)
Increase margin between project stats. !20606
Remove extra spacing below sidebar time tracking info. !20657 (Lee Tickett)
Add e2e qa test for email delivery. !20675 (Diego Louzán)
Collect project import failures instead of failing fast. !20727
Removed unused methods in monitoring dashboard. !20819
removes references of BoardService. !20872 (nuwe1)
removes references of BoardService. !20874 (nuwe1)
removes references of BoardService. !20875 (nuwe1)
removes references of BoardService. !20876 (nuwe1)
removes references of BoardService. !20877 (nuwe1)
removes references of BoardService. !20879 (nuwe1)
removes references of BoardService. !20880 (nuwe1)
removes references of BoardService. !20881 (nuwe1)
Remove whitespaces between tree-controls elements. !20952
Add Project Export request/download rate limits. !20962
Remove feature flag for limiting diverging commit counts. !20999
Changed 'Add approvers' to 'Approval rules'. !21079
Resolve Add missing popover and remove none in MR widget. !21095
Change Puma log format to JSON. !21101
Update GitLab Shell to v10.3.0. !21151
Improve diff expansion text. !21616
Remove var from app/assets/javascripts/commit/image_file.js. !21649 (Abubakar Hassan)
Rename User#full_private_access? to User#can_read_all_resources?. !21668 (Diego Louzán)
Replace CI_COMMIT_REF with CI_COMMIT_SHA on CI docs. !21781 (Takuya Noguchi)
Add reportSnippet permission to Snippet GraphQL. !21836
Harmonize capitalization on cluster UI. !21878 (Evan Read)
Add mark as spam snippet mutation. !21912
Update Workhorse to v8.18.0. !22091
Replace Font Awesome bullhorn icon with GitLab bullhorn icon.


12.5.5

Security (1 change)

Upgrade Akismet gem to v3.0.0. !21786


Fixed (2 changes)

Fix error in updating runner session. !20902
Fix Asana integration. !21501


12.5.4

Security (1 change)

Update maven_file_name_regex for full string match.


12.5.3

Fixed (4 changes)

Fix project creation with templates using /projects/user/:id API. !20590
Fix merging merge requests from push options. !20639
Fix Crossplane help link in cluster applications page. !20668
Fixes job log not scrolling to the bottom.


Changed (1 change)

Flatten exception details in API and controller logs. !20434


12.5.1

Security (11 changes)

Do not create todos for approvers without access. !1442
Hide commit counts from guest users in Cycle Analytics.
Encrypt application setting tokens.
Update Workhorse and Gitaly to fix a security issue.
Add maven file_name regex validation on incoming files.
Check permissions before showing a forked project's source.
Limit potential for DNS rebind SSRF in chat notifications.
Ensure are cleaned by ImportExport::AttributeCleaner.
Remove notes regarding Related Branches from Issue activity feeds for guest users.
Escape namespace in label references to prevent XSS.
Add authorization to using filter vulnerable in Dependency List.


12.5.0

Security (15 changes)

Enable the HttpOnly flag for experimentation_subject_id cookie. !19189
Update incrementing of failed logins to be thread-safe. !19614
Sanitize all wiki markup formats with GitLab sanitization pipelines.
Sanitize search text to prevent XSS.
Remove deploy access level when project/group link is deleted.
Mask sentry auth token in Error Tracking dashboard.
Return 404 on LFS request if project doesn't exist.
Don't leak private members in project member autocomplete suggestions.
Require Maintainer permission on group where project is transferred to.
Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
Disallow unprivileged users from commenting on private repository commits.
Analyze incoming GraphQL queries and check for recursion.
Show cross-referenced label and milestones in issues' activities only to authorized users.
Do not display project labels that are not visible for user accessing group labels.
Standardize error response when route is missing.


Fixed (100 changes, 15 of them are from the community)

Fix incorrect selection of custom templates. !17205
Smaller width for design comments layout, truncate image title. !17547
Correctly cleanup orphan job artifacts. !17679 (Adam Mulvany)
Add Infinite scroll to Add Projects modal in the operations dashboard. !17842
Allow emojis to be linkable. !18014
Enable image link and lazy loading in AsciiDoc documents. !18164 (Guillaume Grossetie)
Expose prometheus status to monitor dashboard. !18289
Time limit the database lock when rebasing a merge request. !18481
Fix missing admin mode UI buttons on bigger screen sizes. !18585 (Diego Louzán)
Abort only MWPS when FF only merge is impossible. !18591
Remove pointer cursor from MemoryUsage chart on MR widget deployment. !18599
Fix keyboard shortcuts in header search autocomplete. !18685
Fix empty chart in collapsed sections. !18699
Fix error when viewing group billing page. !18740
Fix query validation in custom metrics form. !18769
Fix Gitaly call duration measurements. !18785
Resolve Error when uploading a few designs in a row. !18811
Block MR with OMIPS on skipped pipelines. !18838
Pipeline vulnerability dashboard sort vulnerabilities by severity then confidence. !18863
Remove empty Github service templates from database. !18868
Fix broken images when previewing markdown files in Web IDE. !18899
fixed #27164 Image cannot be collapsed on merge request changes tab. !18917 (Jannik Lehmann)
Let ANSI \r code replace the current job log line. !18933
Fix serverless function descriptions not showing on Knative 0.7. !18973
Fix "project or group was moved" alerts showing up in the wrong pages. !18985
Add missing breadcrumb in Project > Settings > Integrations. !18990
Fixed admin geo collapsed sidebar fly out not showing. !19012
Serialize short sha as nil if head commit is blank. !19014
Add max width on manifest file attachment input. !19028
Do not generate To-Dos additional when editing group mentions. !19037
Fix previewing quick actions for epics. !19042
Fix errors in GraphQL Todos API due to missing TargetTypeEnum values. !19052
Hashed Storage Migration: Handle failed attachment migrations with existing target path. !19061
Set shorter TTL for all unauthenticated requests. !19064
Fix Todo IDs in GraphQL API. !19068
Triggers the correct endpoint on licence approval. !19078
Fix search button height on 404 page. !19080
Fix Kubernetes help text link. !19121
Make jobs/request to be resillient. !19150
Disable pull mirror if repository is in read-only state. !19182
Only enable protected paths for POST requests. !19184
Enforce default, global project and snippet visibilities. !19188
Make Bitbucket Cloud superseded pull requests as closed. !19193
Fix crash when docker fails deleting tags. !19208
Fix environment name in rollback dialog. !19209
Fixed a typo in the "Keyboard Shortcuts" pop-up. !19217 (Manuel Stein)
Fix unable to expand or collapse files in merge request by clicking caret. !19222 (Brian T)
Allow release block edit button to be visible. !19226
Fix double escaping in /tableflip quick action. !19271 (Brian T)
Add missing bottom padding in CI/CD settings. !19284 (George Tsiolis)
Prevents console warning on design upload. !19297
Resolve: Web IDE does not create POSIX Compliant Files. !19339
Use initial commit SHA instead of branch id to request IDE files and contents. !19348 (David Palubin)
Resolve: Web IDE Throws Error When Viewing Diff for Renamed Files. !19348
Fix project service API 500 error. !19367
Fix cluster feature highlight popover image. !19372
Fix template selector filename bug. !19376
Fixes mobile styling issues on security modals. !19391
Only move repos for legacy project storage. !19410
Show correct total number of commit diff's changes. !19424
Increase the timeout for GitLab-managed cert-manager installation to 90 seconds (was 30 seconds). !19447
Fix uninitialized constant SystemDashboardService. !19453
Properly handle exceptions in StuckCiJobsWorker. !19465
Fix user popover not being displayed when the user has a status message. !19519
Update omniauth_openid_connect to v0.3.3. !19525
Fix project clone dropdown button width. !19551 (George Tsiolis)
Do not escape HTML tags in Ansi2json as they are escaped in the frontend. !19610
[Geo] Fix: undefined Gitlab::BackgroundMigration::PruneOrphanedGeoEvents. !19638
Revert btn-xs styling in projects scss. !19640
Fix canary badge and favicon inconsistency. !19645
Use fingerprint when comparing security reports in MR widget. !19654
Update GCP credit URLs. !19683
Update squash_commit_sha only on successful merge. !19688
Fix import of snippets having award_emoji (Project Export/Import). !19690
Allow admins to administer personal snippets. !19693 (Oren Kanner)
Re-add missing file sizes in 2-Up diff file viewer. !19710
Fix checking task item when previous tasks contain only spaces. !19724
Fix Bitbucket Cloud importer pull request state. !19734
Fix merge train is not refreshed when the system aborts/drops a merge request. !19763
Resolve Hide Delete selected in designs when viewing an old version. !19889
Use new trial registration URL in billing. !19978
Helm v2.16.1. !19981
Ensure milestone titles are never empty. !19985
Remove unused image/screenshot. !20030 (Lee Tickett)
Remove local qualifier from geo sync indicators. !20034 (Lee Tickett)
Fixed the scale of embedded videos to fit the page. !20056
Fix broken monitor cluster health dashboard. !20120
Fix expanding collapsed threads when reference link clicked. !20148
Fix sub group export to export direct children. !20172
Remove update hook from date filter to prevent js from getting stuck. !20215
Prevent Dropzone.js initialisation error by checking target element existence. !20256 (Fabio Huser)
Fix style reset in job log when empty ANSI sequence is encoutered. !20367
Add productivity analytics merge date filtering limit. !32052
Fix productivity analytics listing with multiple labels. !33182
Fix closed board list loading issue.
Apply correctly the limit of 10 designs per upload.
Only allow confirmed users to run pipelines.
Fix scroll to bottom with new job log.
Fixed protected branches flash styling.
Show tag link whenever it's a tag in chat message integration for push events and pipeline events. !18126 (Mats Estensen)


Deprecated (2 changes)

Ignore deprecated column and remove references to it. !18911
Move some project routes under - scope. !19954


Changed (56 changes, 6 of them are from the community)

Upgrade design/copy for issue weights locked feature. !17352
Reduce new MR page redundancy by moving the source/target branch selector to the top. !17559
Replace raven-js with @sentry/browser. !17715
Ask if the user is setting up GitLab for a company during signup. !17999
When a user views a file's blame or blob and switches to a branch where the current file does not exist, they will now be redirected to the root of the repository. !18169 (Jesse Hall @jessehall3)
Propagate custom environment variables to SAST analyzers. !18193
Fix any approver project rule records. !18265
Minor UX improvements to Environments Dashboard page. !18280
Reduce the allocated IP for Cluster and Services. !18341
Update flash messages color sitewide. !18369
Add modsecurity template for ingress-controller. !18485
Hide projects without access to admin user when admin mode is disabled. !18530 (Diego Louzán)
Update Runners Settings Text + Link to Docs. !18534
Store Zoom URLs in a table rather than in the issue description. !18620
Improve admin dashboard features. !18666
Drop id column from ci_build_trace_sections table. !18741
Truncate recommended branch name to a sane length. !18821
Add support for YAML anchors in CI scripts. !18849
Save dashboard changes by the user into the vuex store. !18862
Update expired trial status copy. !18962
Can directly add approvers to approval rule. !18965
Rename Vulnerabilities API to Vulnerability Findings API. !19029
Improve clarity of text for merge train position. !19031
Updated Auto-DevOps to kubectl v1.13.12 and helm v2.15.1. !19054 (Leo Antunes)
Refactor maximum user counts in license. !19071 (briankabiro)
Change return type of getDateInPast to Date. !19081
Show approval required status in license compliance. !19114
Handle new Container Scanning report format. !19123
Allow container scanning to run offline by specifying the Clair DB image to use. !19161
Add maven cli opts flag to maven security analyzer (part of dependency scanning). !19174
Added report_type attribute to Vulnerabilities. !19179
Migrate enabled flag on grafana_integrations table. !19234
Improve handling of gpg-agent processes. !19311
Update help text of "Tag name" field on Edit Release page. !19321
Add user filtering to abuse reports page. !19365
Move add license button to project buttons. !19370
Update to Mermaid v8.4.2 to support more graph types. !19444
Move release meta-data into footer on Releases page. !19451
Expose subscribed field in issue lists queried with GraphQL. !19458 (briankabiro)
[Geo] Fix: rake gitlab:geo:check on the primary is cluttered. !19460
Hide trial banner for namespaces with expired trials. !19510
Hide repeated trial offers on self-hosted instances. !19511
Add loading icon to error tracking settings page. !19539
Upgrade to Gitaly v1.71.0. !19611
Make role required when editing profile. !19636
Made name optional parameter of Release entity. !19705
Vulnerabilities history chart - use sparklines. !19745
Add event tracking to container registry. !19772
Update SaaS trial header to include the tier Gold. !19970
Update start a trial option in top right drop down to include Gold. !19971
Improve merge request description placeholder. !20032 (Jacopo Beschi @jacopo-beschi)
Add backtrace to production_json.log. !20122
Change the default concurrency factor of merge train to 20. !20201
Upgrade to Gitaly v1.72.0.
Require explicit null parameters to remove pages domain certificate and allow to use Let's Encrypt certificates through API.
Replace wording trace with log.


Performance (13 changes)

Record latencies for Sidekiq failures. !18909
Fix N+1 for group container repositories view. !18979
Do not render links in commit message on blame page. !19128
Puma only: database connection pool now always >= number of worker threads. !19286
Run check_mergeability only if merge status requires it. !19364
Execute limited request for diff commits instead of preloading. !19485
Improve performance of admin/abuse_reports page. !19630
Remove N+1 DB calls from branches API. !19661
Improve performance of linking LFS objects during import. !19709
Optimize MergeRequest#mergeable_discussions_state? method. !19988
Add index for unauthenticated requests to projects API default endpoint. !19989
Add index for authenticated requests to projects API default endpoint. !19993
Increase PumaWorkerKiller memory limit in development environment. !20039


Added (83 changes, 8 of them are from the community)

Adds Application Settings and ui settings in the integration admin area for Pendo. !15086
Add endpoint for a group's vulnerable projects. !15317
Added new chart component to display an anomaly boundary. !16530
Add links to associated releases on the Milestones page. !16558
Merge Details Page and Edit Page for Page Domains. !16687
Share groups with groups. !17117
Add links to associated release(s) to the milestone detail page. !17278
New group path uniqueness check. !17394
Unify html email layout for member html emails. !17699 (Diego Louzán)
The Security Dashboard displays DAST vulnerabilities for all the scanned sites, not just the first. !17779
Create table for elastic stack. !18015
Allow to define a default CI configuration path for new projects. !18073 (Mathieu Parent)
Issues queried in GraphQL now sortable by due date. !18094
Add cleanup status to clusters. !18144
Added Tests tab to pipeline detail that contains a UI for browsing test reports produced by JUnit. !18255
Users can verify SAML configuration and view SamlResponse XML. !18362
Support Enable/Disable operations in Feature Flag API. !18368
Expose arbitrary job artifacts in Merge Request widget. !18385
Add project option for deleting source branch. !18408 (Zsolt Kovari)
Adds ability to set management project for cluster via API. !18429
Close issues on Prometheus alert recovery. !18431
Add ApplicationSetting for snowplow_iglu_registry_url. !18449
Allow Grafana charts to be embedded in Gitlab Flavored Markdown. !18486
Mark todo done by GraphQL API. !18581
Create a users_security_dashboard_projects table to store the projects a user has added to their personal security dashboard. !18708
New API endpoint for creating anonymous merge request discussions from Visual Review Tools. !18710
Enable the color chip in AsciiDoc documents. !18723
Add prevent_ldap_sign_in option so LDAP can be used exclusively for sync. !18749
Show inherited group variables in project view. !18759
Add "release" filter to issue search page. !18761
Search list of Sentry errors by title in Gitlab. !18772
Add migrations and changes for soft-delete for projects. !18791
Support for Crossplane as a managed app. !18797 (Mahendra Bagul)
Bump Auto-Deploy image to v0.3.0. !18809
Set X-GitLab-NotificationReason header if notification reason is explicit subscription. !18812
Add issues, MRs, participants, and labels tabs in group milestone page. !18818
Add ability to reorder projects on operations dashboard. !18855
Make Job, Bridge and Default inheritable. !18867
Show epic events on group activity page. !18869
Detail view of Sentry error in GitLab. !18878
Expose mergeable state of a merge request. !18888 (briankabiro)
Add ability to select a Cluster management project. !18928
Add a Slack slash command to add a comment to an issue. !18946
Added installation commands for npm and yarn packages to package detail page. !18999
Show start and end dates in Epics list page. !19006
Populate new pipeline CI vars from params. !19023
Add warnings about pages access control settings. !19067
Graphql mutation for (un)subscribing to an epic. !19083
API for stack trace & detail view of Sentry error in GitLab. !19137
Add grafana integration active status checkbox. !19255
GraphQL: Add Merge Request milestone mutation. !19257
Add MergeRequestSetAssignees GraphQL mutation. !19272
Add edit button to metrics dashboard. !19279
Add "release" filter to merge request search page. !19315
Add dead jobs to Sidekiq metrics API. !19350 (Marco Peterseil)
Add pipeline information to dependency list header. !19352
Build CI cache key from commit SHAs that changed given files. !19392
Adding support for searching tags using '^' and '$'. !19435 (Cauhx Milloy)
Sentry error stacktrace. !19492
Add an error_code attribute to the API response when a cherry-pick or revert fails. !19518
Add documentation for sign-in application setting. !19561 (Horatiu Eugen Vlad)
Create AWS EKS cluster. !19578
Add modsecurity logging sidecar to ingress controller. !19600
Add start a trial option in the top-right user dropdown. !19632
Manage and display labels from epic in the GraphQL API. !19642
Allow order_by updated_at in Deployments API. !19658
Add can_edit and project_blob_path to metrics_dashboard endpoint. !19663
Add usage ping data for project services. !19687
Graphql query for issues can now be sorted by relative_position. !19713
Add API endpoint to trigger Group Structure Export. !19779
Show Tree UI containing child Epics and Issues within an Epic. !19812
Enable environments dashboard by default. !19838
Update the DB schema to allow linking between Vulnerabilities and Issues. !19852
Add Group Audit Events API. !19868
Adds a copy button next to package metadata on the details page. !19881
GraphQL: Create MR mutations needed for the sidebar. !19913
Add id_before, id_after filter param to projects API. !19949
Add modsecurity feature flag to usage ping. !20194
Specify management project for a Kubernetes cluster. !20216
Upgrade pages to 1.12.0. !20217
Support template_project_id parameter in project creation API. !20258
Add heatmap chart support. !32424
Add template for Serverless Framework/JS. !33805


Other (59 changes, 26 of them are from the community)

Add EKS cluster count to usage data. !17059
Track the starting and stopping of the current signup flow and the experimental signup flow. !17521
Attribute Sidekiq workers according to their workloads. !18066
Add ApplicationSetting entries for EKS integration. !18307
Geo: Add resigns-related fields to Geo Node Status table. !18379
Allow adding requests to performance bar manually. !18464
Removes export_designs feature flag. !18507 (nate geslin)
Update AWS SDK to 2.11.374. !18601
Remove required dependecy of Postgresql for Gitaly. !18659
Add deployment_merge_requests table. !18755
Bump Gitaly to 1.70.0 and remove cache invalidation feature flag. !18766
Update gRPC to v1.24.0. !18837
Update GitLab Runner Helm Chart to 0.10.0. !18879
Adds a Sidekiq queue duration metric. !19005
Create explicit Default and Free plans. !19033
Improve instance mirroring help text. !19047
Add Codesandbox metrics to usage ping. !19075
Add internal_socket_dir to gitaly config in setup helper. !19170
Use Rails 5.2 Redis caching store. !19202
Update GitLab Runner Helm Chart to 0.10.1. !19232
Rename snowplow_site_id to snowplow_app_id in application_settings table. !19252
Removed IIFEs from network.js file. !19254 (nuwe1)
Remove IIFEs from project_select.js. !19288 (minghuan lei)
Remove IIFEs from merge_request.js. !19294 (minghuan lei)
Make snippet list easier to scan. !19490
Removed IIFEs from image_file.js. !19548 (nuwe1)
Fix api docs for deleting project cluster. !19558
Change blob edit view button styling. !19566
Include exception and backtrace in API logs. !19671
Add index on marked_for_deletion_at in projects table. !19788
Visual design for edit buttons in blob view. !19932
Refactor disabled sidebar notifications to Vue. !20007 (minghuan lei)
Remove IIFEs from branch_graph.js. !20008 (minghuan lei)
Remove IIFEs from new_branch_form.js. !20009 (minghuan lei)
Remove duplication from slugifyWithUnderscore function. !20016 (Arun Kumar Mohan)
Update registry.gitlab.com/gitlab-org/security-products/codequality to 12-5-stable. !20046 (Takuya Noguchi)
Add mb-2 class to global alerts. !20081 (2knal)
Remove var from syntax_highlight_spec.js. !20086 (Lee Tickett)
Remove var from merge_request_tabs_spec.js. !20087 (Lee Tickett)
Remove var from bootstrap_jquery_spec.js. !20089 (Lee Tickett)
Remove var from project_select.js. !20091 (Lee Tickett)
Remove var from new_commit_form.js. !20095 (Lee Tickett)
Remove var from issue.js. !20098 (Lee Tickett)
Remove var from new_branch_form.js. !20099 (Lee Tickett)
Remove var from tree.js. !20103 (Lee Tickett)
Remove var from line_highlighter.js. !20108 (Lee Tickett)
Remove var from preview_markdown.js. !20115 (Lee Tickett)
remove all references of BoardService in boards_selector.vue. !20147 (nuwe1)
Remove all references to BoardsService in index.vue. !20152 (nuwe1)
Remove var from labels_select.js. !20153 (Lee Tickett)
Remove all reference to BoardService in board_form.vue. !20158 (nuwe1)
Remove calendar icon from personal access tokens. !20183
Move margin-top from flash container to flash. !20211
Bump Auto DevOps deploy image to v0.7.0. !20250
Make 'Sidekiq::Testing.fake!' mode as default. !31662 (@blackst0ne)
Replace task-done icon with list-task icon to better align with other toolbar list icons.
Dependency Scanning template that doesn't rely on Docker-in-Docker.
Adding dropdown arrow icon and updated text alignment.
Change selects from default browser style to custom style.


12.4.8

Security (1 change)

Fix private objects exposure when using Project Import functionality.


12.4.5

No changes.


12.4.3

Fixed (2 changes)

Only enable protected paths for POST requests. !19184
Fix Bitbucket Cloud importer pull request state. !19734


12.4.2

Fixed (10 changes)

Increase timeout for FetchInternalRemote RPC call. !18908
Clean up duplicate indexes on ci_trigger_requests. !19053
Fix project imports not working with serialized data. !19124
Fixed welcome screen icons not showing. !19148
Disable protected path throttling by default. !19185
Fix Prometheus duplicate metrics. !19327
Fix ref switcher not working on Microsoft Edge. !19335
Extend gRPC timeouts for Rake tasks. !19461
Disable upload HTTP caching to fix case when object storage is enabled and proxy_download is disabled. !19494
Removes arrow icons for old collapsible sections.


Changed (2 changes)

Increased deactivation threshold to 180 days. !18902
Add extra sentence about registry to AutoDevOps popup. !19092


12.4.1

Security (14 changes)

Standardize error response when route is missing.
Do not display project labels that are not visible for user accessing group labels.
Show cross-referenced label and milestones in issues' activities only to authorized users.
Show cross-referenced label and milestones in issues' activities only to authorized users.
Analyze incoming GraphQL queries and check for recursion.
Disallow unprivileged users from commenting on private repository commits.
Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
Require Maintainer permission on group where project is transferred to.
Don't leak private members in project member autocomplete suggestions.
Return 404 on LFS request if project doesn't exist.
Mask sentry auth token in Error Tracking dashboard.
Fixes a Open Redirect issue in InternalRedirect.
Remove deploy access level when project/group link is deleted.
Sanitize all wiki markup formats with GitLab sanitization pipelines.


12.4.0

Security (14 changes)

HTML-escape search term in empty message. !18319
Fix private feature Elasticsearch leak.
Prevent bypassing email verification using Salesforce.
Fix new project path being disclosed through unsubscribe link of issue/merge requests.
Do not show resource label events referencing not accessible labels.
Check permissions before showing head pipeline blocking merge requests.
Cancel all running CI jobs triggered by the user who is just blocked.
Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
Display only participants that user has permission to see on milestone page.
Fix Gitaly SearchBlobs flag RPC injection.
Add a policy check for system notes that may not be visible due to cross references to private items.
Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.
Prevent GitLab accounts takeover if SAML is configured.
Only render fixed number of mermaid blocks.


Fixed (103 changes, 12 of them are from the community)

When user toggles task list item, keep details open until user closes the details manually. !16153
Fix formatting welcome screen external users. !16667
Fix signup link in admin area not being disabled. !16726 (Illya Klymov)
Fix routing bugs in security dashboards. !16738
Fix Jira integration favicon image with relative URL. !16802
Add timeout mechanism for CI config validation. !16807
Fix for count in todo badge when user has over 1,000 todos. Will now correctly display todo count after user marks some todos as done. !16844 (Jesse Hall @jessehall3)
Naming a project "shared" will no longer automatically open the "Shared Projects" tab. !16847 (Jesse Hall @jessehall3)
Adds the ability to delete single tags from the docker registry. Fix the issue that caused all related tags and image to be deleted at the same time. !16886
Changed confidential quick action to only be available on non confidential issues. !16902 (Marc Schwede)
Stop sidebar icons from jumping when expanded & collapsed. !16971
Set name and updated_at properly in GitHub ReleaseImporter. !17020
Remove thin white line at top of diff view code blocks. !17026
Show correct CI indicator when build succeeded with warnings. !17034
Create a persistent ref per pipeline for keeping pipelines run from force-push and merged results. !17043
Move SMAU usage counters to the UsageData count field. !17074
Allow maintainers to toggle write permission for public deploy keys. !17210
Fix GraphQL for read-only instances. !17225
Fix visibility level error when updating group from API. !17227 (Mathieu Parent)
Fix stylelint errors in epics.scss. !17243
Fix new discussion replies sometimes showing up twice. !17255
Adjust unnapliable suggestions in expanded lines. !17286
Show all groups user belongs to in Notification settings. !17303
Alphabetically sorts selected sidebar labels. !17309
Show issue weight when weight is 0. !17329 (briankabiro)
Generate LFS token authorization for user LFS requests. !17332
Backfill releases table updated_at column and add not null constraints to created_at and updated_at. !17400
Log Sidekiq exceptions properly in JSON format. !17412
Redo fix for related issues border radius. !17480
Show the original branch name and link of merge request in pipeline emails. !17513
Fixes issues with the security reports migration. !17519
Users can view the blame or history of a file with newlines in its filename. !17543 (Jesse Hall @jessehall3)
Display reCAPTCHA modal when making issue public. !17553
Fix css selector for details in issue description. !17557
Prevents a group path change when a project inside the group has container registry images. !17583
Show 20 labels in dropdown instead of 5. !17596
Nullify platform Kubernetes namespace if blank. !17657
Fix Issue: WebIDE asks for confirmation to leave the page when committing and creating a new MR. !17671
Catch unhandled exceptions in health checks. !17694
Suppress error messages shown when navigating to a new page. !17706
Specify sort order explicitly for Group and Project audit events. !17739
Merge Request: Close JIRA issues when issues are disabled. !17743
Disable gitlab-workhorse static error page on health endpoints. !17770
Fix notes race condition when linking to specific note. !17777
Fix relative positioning when moving items down and there is no space. !17781
Fix project imports for pipelines for merge requests. !17799
Increase the limit of includes in CI file to 100. !17807
Geo: Fix race condition for container synchronization. !17823
Geo: Invalidate cache after refreshing foreign tables. !17885
Abort Merge When Pipeline Succeeds when Fast Forward merge is impossible. !17886
Fix viewing merge reqeust from a fork that's being deleted. !17894
Fix empty security dashboard for public projects. !17915
Fix inline rendering of videos for uploads with uppercase file extensions. !17924
Hide redundant labels in issue boards. !17937
Time window filter in monitor dashboard gets reset. !17972
Use cache_method_asymmetrically with Repository#has_visible_content?. !17975
Allow users to compare Git revisions on a read-only instance. !18038
Enable Google API retries for uploads. !18040
Fix bug with new wiki not being indexed. !18051
Stops the expand button in reports from expanding. !18064
Make sure project insights stick on its own. !18082
Embed metrics time window scroll no longer affects other embeds. !18109
Fix broken notes avatar rendering in Chrome 77. !18110
Ignore incoming emails with X-Autoreply header. !18118
Enable grid, frame and stripes styling on AsciiDoc tables. !18165 (Guillaume Grossetie)
Add backend support for selecting custom templates by ID. !18178
Fix notifications for private group mentions in Notes, Issues, and Merge Requests. !18183
Do not strip forwarded message body when creating an issue from Service Desk email. !18196
Fix protected branch detection used by notification service. !18221
Fix error where helper was incorrectly returning true. !18231
Adjust placeholder to solve misleading regex. !18235
Fix Flaky spec/finders/members_finder_spec.rb:85. !18257 (Jacopo Beschi @jacopo-beschi)
Fix 500 error on clicking to LetsEncrypt Terms of Service. !18263
Fix error tracking table layout on small screens. !18325
GitHub import: Handle nil published_at dates. !18355
Do not allow deactivated users to use slash commands. !18365
Fix creating epics with dates from api. !18393
JIRA Service: Improve username/email validation. !18397
Stopped CRD apply retrying from allowing silent failures. !18421
Fix erroneous "No activities found" message. !18434
Support ES searches for project snippets. !18459
Fix styling of set status emoji picker. !18509
Fix showing diff when it has legacy diff notes. !18510
JIRA Integration API URL works having a trailing slash. !18526
Fixes embedded metrics chart tooltip spacing. !18543
Bump GITLAB_ELASTICSEARCH_INDEXER_VERSION=v1.4.0. !18558
Fix pod logs failure when pod contains more than 1 container. !18574
Prevent the slash command parser from removing leading whitespace from content that is unrelated to slash commands. !18589 (Jared Deckard)
Fix inability to set snippet visibility via API. !18612
Fix Web IDE tree not updating modified status. !18647
Fix button link foreground color. !18669
Resolve missing design system notes icons. !18693
Remove duplicate primary button in dashboard snippets. !32048 (George Tsiolis)
Allow to view productivity analytics page without a license. !33876
Fix container registry delete tag modal title and button. !34032
Fixes variables overflowing in sm screens.
Update top nav bar to fit all content in at all screen sizes.
Fix permissions for group milestones.
Removes Collapsible Sections from Job Log.
Fixes job overflow in stages dropdown.
Fix moved help URL for monitoring performance.
Fix issue with wiki TOC links being treated as external links. (Oren Kanner)
Show error message when setting an invalid group ID for the performance bar.


Deprecated (1 change)

Removing cleanup:repo, cleanup:dirs. !18087


Changed (51 changes, 3 of them are from the community)

Links on Releases page to commits and tags. !16128
Add status to deployments and state to environments in API responses. !16242
Use search scope label in empty results message. !16324
Add step 2 of the experimental signup flow. !16583
Add property to enable metrics dashboards to be rearranged. !16605
Allow intra-project MR dependencies. !16799
Use scope param instead of hide_dismissed. !16834
Add empty state in file search. !16851
Warn before applying issue templates. !16865
MR Test Summary now shows errors as failures. !17039
Add support for the association of multiple milestones to the Releases page. !17091
Display if an issue was moved in issue list. !17102
Improve UI for admin/projects and group/settings/projects pages. !17247
Update registry tag delete popup message. !17257
Show the "Set up CI/CD" prompt in empty repositories when applicable. !17274 (Ben McCormick)
Knative version bump 0.6 -> 0.7. !17367 (Chris Baumbauer)
Fix usability problems with the file template picker. !17522
Make commit status created for any pipelines. !17524 (Aufar Gilbran)
Add warnings to performance bar when page shows signs of poor performance. !17612
Banners should only be dismissable by clicking x button. !17642
Changes response body of liveness check to be more accurate. !17655
Enable Request Access functionality by default for new projects and groups. !17662
Add more attributes to issues GraphQL endpoint. !17802
Improve admin/system_info page ui. !17829
Adds management project for a cluster. !17866
Upgrade gitlab-workhorse to 8.12.0. !17892
Geo: Fix instruction from rake geo:gitlab:check. !17895
Upgrade to Gitaly v1.66.0. !17900
Do not start mirroring via API when paused. !17930
Use MR links in PipelinePresenter#ref_text for branch pipelines. !17947
Avoid knative and prometheus uninstall race condition. !18020
Deprecate usage of state column for issues and merge requests. !18099
Add missing page title to projects/container-registry. !18114
Port over EE pipeline functionality to CE. !18136
Aggregate push events when there are too many. !18239
Cleanup background migrations for any approval rules. !18256
Container registry tag(s) delete button pluralization. !18260
Create clusters with VPC-Native enabled. !18284
Update cluster link text. !18322
Upgrade to Gitaly v1.67.0. !18326
Improve UI of documentation under /help. !18331
Cross-link unreplicated Geo types to issues. !18443
Make designs read-only if the issue has been moved, or if its discussion has been locked. !18551
Do not show new issue button on archived projects. !18590
Increase group avatar size to 40px. !18654
Sort vulnerabilities by severity then confidence for dashboard and pipeline views. !18675
Add timeouts for each RPC call. !31766
Add more specific message to clarify the role of empty images in container registry. !32919
Embed Jaeger in Gitlab UI.
Use text instead of icon for recent searches dropdown.
Export liveness and readiness probes.


Performance (25 changes, 1 of them is from the community)

Limit diverging commit counts requests. !16737
Use GetBlobs RPC for uri type. !16824
Reduce Gitaly calls when viewing a commit. !17095
Limit snippets search count. !17585
Narrow snippet search scope in GitLab.com. !17625
Handle wiki and graphql attachments in gitlab-workhorse. !17690
Reduce lock contention of deployment creation by allocating IID outside of the pipeline transaction. !17696
Update PumaWorkerKiller defaults. !17758
Add trigram index on snippet content. !17806
Fix Gitaly N+1 queries in related merge requests API. !17850
Don't execute webhooks/services when above limit. !17874
Only schedule updating push-mirrors once per push. !17902
Show only personal snippets on explore page. !18092
Priority bump authorized_projects sidekiq queue. !18125
Avoid dumping files on disk when direct_upload is enabled. !18135
Check if mapping is empty before caching in File Collections. !18290 (briankabiro)
Avoid unnecessary locks on internal_ids. !18328
Fix N+1 queries in Jira Development Panel API endpoint. !18329
Optimize SQL requests for BlameController and CommitsController. !18342
Remove N+1 for fetching commits signatures. !18389
Reduce idle in transaction time when updating a merge request. !18493
Use cascading deletes for deleting logs upon deleting a webhook. !18642
Replace index on ci_triggers. !18652
Hide license breakdown in /admin if user count is high. !18825
Cache branch and tag names as Redis sets. !30476


Added (78 changes, 12 of them are from the community)

Adds sorting of packages at the project level. !15448
Add projects.only option to Insights. !15930
Add kubernetes section to group runner settings. !16338
Enable Cloud Run on GKE cluster creation. !16566
Add file matching rule to flexible CI rules. !16574
Enable preview of private artifacts. !16675 (Tuomo Ala-Vannesluoma)
Upgrade Gitaly to v1.64. !16788
Render xml artifact files in GitLab. !16790
Add GitHub & Gitea importers project filtering. !16823
Add project filtering to Bitbucket Cloud import. !16828
Provides internationalization support to chart legends. !16832
Expose name property in imports API. !16848
Add allowFilter and allowAnySHA1InWant for partial clones. !16850
[ObjectStorage] Allow migrating back to local storage. !16868
Require admins to enter admin-mode by re-authenticating before performing administrative operations. !16981 (Roger Rüttimann & Diego Louzán)
Deactivate a user (with self-service reactivation). !17037
Add database tables to store AWS roles and cluster providers. !17057
Collect docker registry related metrics. !17063
Allow releases to be targeted by URL anchor links on the Releases page. !17150
Add project_pages_metadata DB table. !17197
Add index on ci_builds for successful Pages deploys. !17204
Creation of Evidence collection of new releases. !17217
API: Add missing group parameters. !17220 (Mathieu Parent)
Allow to exclude ancestor groups on group labels API. !17221 (Mathieu Parent)
Added 'copy link' in epic comment dropdown. !17224
Add columns for per project/group max pages/artifacts sizes. !17231
Create table for grafana api token for metrics embeds. !17234
Add proper label REST API for update, delete and promote. !17239 (Mathieu Parent)
Allow cross-project pipeline triggering with CI_JOB_TOKEN in core. !17251
Add user_id and created_at columns to design_management_versions table. !17316
Add pull_mirror_branch_prefix column on projects table. !17368
Expose web_url for epics on API. !17380
Improve time window filtering on metrics dashboard. !17554
Group level Container Registry browser. !17615
Add API for manually creating and updating deployments. !17620
Introduce diffs_batch JSON endpoint for paginated diffs. !17651
Web IDE button should fork and open forked project when selected from read-only project. !17672
Allow users to be searched with a @ prefix. !17742
Add individual inherited member lookup API. !17744
Preserve custom .gitlab-ci.yml config path when forking. !17817 (Mathieu Parent)
Introduce CI_PROJECT_TITLE as predefined environment variable. !17849 (Nejc Habjan)
Feature enabling embedded audio elements in markdown. !17860 (Jesse Hall @jessehall3)
Add 'New release' to the project custom notifications. !17877
Added timestamps (created_at and updated_at) to API pipelines response. !17911
Added timestamp (updated_at) to API deployments response. !17913
Add pipeline preparing status icons. !17923
Creates Vue and Vuex app to render exposed artifacts. !17934
Add web_exporter to expose Prometheus metrics. !17943
Schedule background migration to populate pages metadata. !17993
Add "Edit Release" page. !18033
Unpin ingress image version, upgrade chart to 1.22.1. !18047
Adds sorting of packages at the group level. !18062
Introduce a lightweight diffs_metadata endpoint. !18104
Limit the number of comments on an issue, MR, or commit. !18111
Introduce new Ansi2json parser to convert job logs to JSON. !18133
Use new Ansi2json job log converter via feature flag. !18134
Snowplow custom events for Monitor: Health Product Categories. !18157
Support Create/Read/Destroy operations in Feature Flag API. !18198
Add two new predefined stages to pipelines. !18205
Add endpoint to proxy requests to grafana's proxy endpoint. !18210
Add ability to query todos using GraphQL. !18218
Include in the callout message a list of jobs that caused missing dependencies failure. !18219
Adds login input with copy box and supporting copy to empty container registry view. !18244 (nate geslin)
Add max_artifacts_size fields under project and group settings. !18286
Provide Merge requests and Issue links through the Release API. !18311
Adds separate parsers for mentions of users, groups, projects in markdown content. !18318
Add matching branch info to branch column. !18352
Users can preview audio files in a repository. !18354 (Jesse Hall @jessehall3)
Add edit button to release blocks on Releases page. !18411
Add "Custom HTTP Git clone URL root" setting. !18422
Add support for epic update through GraphQL API. !18440
Expose subscribed attribute for epic on API. !18475
Geo: Enable replicating uploads, LFS objects, and artifacts in Object Storage. !18482
Show related merge requests in pipeline view. !18697
Allow users to configure protected paths from Admin panel. !31246
persist the refs when open the link of refs in a new tab of browser. !31998 (minghuan lei)
Add first_parent option to list commits api. !32410 (jhenkens)
Allow users to add and remove zoom rooms on an issue using quick action commands.


Other (23 changes, 5 of them are from the community)

Sync issuables state_id with null values. !16480
Experimental separate sign up flow. !16482
Upgrade Rouge to v3.11.0. !17011
Better job naming for Docker.gitlab-ci.yml. !17218 (luca.orlandi@gmail.com)
Update GitLab Runner Helm Chart to 0.9.0. !17326
Change welcome message and make translatable. !17391
Remove map-get($grid-breakpoints, xs) for max-width. !17420 (Takuya Noguchi)
Document Git LFS and max file size interaction. !17609
Refactor email notification code. !17741 (briankabiro)
Ignore id column of ci_build_trace_sections table. !17805
Extend graphql query endpoint for merge requests to return more attributes to support sidebar implementation. !17813
Project list: Align star icons. !17833
Moves the license compliance reports to the Backend. !17905
Fixes wrong link on Protected paths admin settings. !17945
Update Pages to v1.11.0. !18010
Refactor checksum code in uploads. !18065 (briankabiro)
Make instance configuration user friendly. !18363 (Takuya Noguchi)
Update Workhorse to v8.14.0. !18391
Attribute each Sidekiq worker to a feature category. !18462
Update GitLab Shell to v10.2.0. !18735
Use correct icons for issue actions.
Increase color contrast of select option path.
Remove Postgresql specific setup tasks and move to schema.rb.


12.3.9

Security (1 change)

Update maven_file_name_regex for full string match.


12.3.7

Security (12 changes)

Do not create todos for approvers without access. !1442
Limit potential for DNS rebind SSRF in chat notifications.
Encrypt application setting tokens.
Update Workhorse and Gitaly to fix a security issue.
Add maven file_name regex validation on incoming files.
Hide commit counts from guest users in Cycle Analytics.
Check permissions before showing a forked project's source.
Fix 500 error caused by invalid byte sequences in links.
Ensure are cleaned by ImportExport::AttributeCleaner.
Remove notes regarding Related Branches from Issue activity feeds for guest users.
Escape namespace in label references to prevent XSS.
Add authorization to using filter vulnerable in Dependency List.


12.3.4

Fixed (2 changes)

Fix cannot merge icon showing in dropdown for users who can merge. !17306
Fix pipelines for merge requests in project exports. !17844


12.3.2

Security (12 changes)

Fix Gitaly SearchBlobs flag RPC injection.
Add a policy check for system notes that may not be visible due to cross references to private items.
Display only participants that user has permission to see on milestone page.
Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
Check permissions before showing head pipeline blocking merge requests.
Fix new project path being disclosed through unsubscribe link of issue/merge requests.
Prevent bypassing email verification using Salesforce.
Do not show resource label events referencing not accessible labels.
Cancel all running CI jobs triggered by the user who is just blocked.
Fix Gitaly SearchBlobs flag RPC injection.
Only render fixed number of mermaid blocks.
Prevent GitLab accounts takeover if SAML is configured.


12.3.1

Fixed (4 changes)

Fix ordering of issue board lists not being persisted. !17356
Fix error when duplicate users are merged in approvers list. !17406
Fix bug that caused a merge to show an error message. !17466
Fix CSS leak in job log.


12.3.0

Security (23 changes)

Filter out old system notes for epics in notes api endpoint response.
Fix SSRF via DNS rebinding in Kubernetes Integration.
Fix project import restricted visibility bypass via API.
Prevent disclosure of merge request ID via email.
Use admin_group authorization in Groups::RunnersController.
Gitaly: ignore git redirects.
Prevent DNS rebind on JIRA service integration.
Make sure HTML text is always escaped when replacing label/milestone references.
Fix HTML injection for label description.
Avoid exposing unaccessible repo data upon GFM post processing.
Remove EXIF from users/personal snippet uploads.
Fix weak session management by clearing password reset tokens after login (username/email) are updated.
Added image proxy to mitigate potential stealing of IP addresses.
Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
Ensure only authorised users can create notes on Merge Requests and Issues.
Send TODOs for comments on commits correctly.
Check permissions before responding in MergeController#pipeline_status.
Limit the size of issuable description and comments.
Enforce max chars and max render time in markdown math.
Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
Upgrade pages to 1.8.1.
Show cross-referenced MR-id in issues' activities only to authorized users.


Removed (1 change)

Removed redundant index on releases table. !31487


Fixed (78 changes, 25 of them are from the community)

Avoid Devise "401 Unauthorized" responses. !16519
Allow close status to be shown on locked issues. !16685
Changed todo/done quick actions to work not only for first usage. !16837 (Marc Schwede)
Adds missing error handling. !16896 (toptalo)
Prevent the user from seeing an invalid "Purchase more minutes" prompt. !16979
Fix missing board lists when other users collapse / expand the list. !17318
Uses projects_authorizations.access_level in MembersFinder. !28887 (Jacopo Beschi @jacopo-beschi)
Let project reporters create issue from group boards. !29866
Remove margin from user header. !30878 (lucyfox)
Improve application settings API. !31149 (Mathieu Parent)
Fix encoding of special characters in "Find File". !31311 (Jan Beckmann)
Avoid conflicts between ArchiveTracesCronWorker and ArchiveTraceWorker. !31376
Disable "Transfer group" button when no group is selected. !31387 (Jan Beckmann)
Prevent archived projects from showing up in global search. !31498 (David Palubin)
Fixed embeded metrics tooltip inconsistent styling. !31517
Fix 500 errors caused by pattern matching with variables in CI Lint. !31719
Fixed removing directories in Web IDE. !31727
All of discussion expand/collapse button is clickable. !31730
Only show /copy_metadata quick action when usable. !31735 (Lee Tickett)
Read pipelines from public projects through API without an access token. !31816
fix charts scroll handle icon to use gitlab svg. !31825
Remove "Commit" from pipeline status tooltips. !31861
Fix top-nav search bar dropdown on xl displays. !31864 (Kemais Ehlers)
Fix loading icon causing text to jump in file row of Web IDE. !31884
Fix MR reports section loading icon alignment. !31897
Fix broken git clone box on wiki git access page. !31898
Exempt user gitlab-ci-token from rate limiting. !31909
Fix search preserving space when change branch. !31973 (minghuan lei)
Fix file header style and position during scroll in a merge conflict resolution. !31991
Allow latency measurements of sidekiq jobs taking > 2.5s. !32001
Return correct user for manual deployments. !32004
Fix style of secondary profile tab buttons. !32010 (Wolfgang Faust)
Fix serverless entry page layout. !32029
Fix HTML rendering for fast-forward rebases in merge request widget. !32032
Update the timestamp in Operations > Environments to show correct deployment date for manual deploy jobs. !32072
Fix dropdowns closing when click is released outside the dropdown. !32084
Hide duplicate board list while dragging. !32099
Don't check external authorization when disabling the service. !32102 (Robert Schilling)
Makes custom Pages domain open as external link in new tab. !32130 (jakeburden)
Change default visibility level for FogBugz imported projects to Private. !32142
Move visual review toolbar code to NPM. !32159
Fix parsing of months in time tracking commands. !32165
Wrong format on MS teams integration push events with multi line commit messages. !32180 (Massimeddu Cireddu)
Guard against deleted project feature entry in project permissions. !32187
Fix ref switcher separators from conflicting with branch names. !32198
Fix performance bar on Puma. !32213
Remove token field from runners edit form. !32231
Fix 500 error in CI lint when included templates are an array. !32232
Fix users cannot access job detail page when deployable does not exist. !32247
Do not translate system notes into author's language. !32264
Fix moving issues API failing when text includes commit URLs. !32317
Fix issue due notification emails not being threaded correctly. !32325
Allow project feature permissions to be overridden during import with override_params. !32348
Handle invalid mirror url. !32353 (Lee Tickett)
New project milestone primary button. !32355 (Lee Tickett)
Display more information docs link on error tracking page when users do not have permissions to enable that feature. !32365 (Romain Maneschi)
Quick action label must be first in issue comment. !32367 (Romain Maneschi)
Fix for missing avatar images dislpayed in commit trailers. !32374 (Jesse Hall @jessehall3)
Make it harder to delete issuables accidentally. !32376
Replaced vue resource to axios in the  Markdown field preview component. !32386 (Prakash Chokalingam @prakash_Chokalingam)
Fix create MR from issue using a tag as ref. !32392 (Jacopo Beschi @jacopo-beschi)
Add X-GitLab-NotificationReason header to note emails. !32422
Expand textarea for CA cert in cluster form. !32508
Prevent empty external authorization classification labels from overriding the default label. !32517 (Will Chandler)
Allow not resolvable urls when dns rebind protection is disabled. !32523
Avoid checking dns rebind protection when validating. !32577
Passing job rules downstream and E2E specs for job:rules configuration. !32609
Quote branch names in how to merge instructions. !32639 (Lee Tickett)
Fix removal of install pods. !32667
Fix sharing localStorage with all MRs. !32699
Default the asset proxy whitelist to the installation domain. !32703
Add some padding to details markdown element. !32716
Use ChronicDuration in a thread-safe way. !32817
Fix watch button styling and notifications buttons consistency. !32827
Fix encoding error in MR diffs when using external diffs. !32862 (Hiroyuki Sato)
Add bottom margin to snippet title. !32877
Bump markdown cache version to fix any incorrect links from asset proxy defaults.
Persist needs: validation as config error.


Changed (39 changes, 6 of them are from the community)

Extend pipeline graph scroll area to full width. !14870
Frontend support for saving issue board preferences on the current user. !16421
Switch Milestone and Release to a many-to-many relationship. !16517
Align project selector search box better with design system. !16795
Adds the runners_token of the group if the user that requests the group info is admin of it. !16831 (Ignacio Lorenzo Subirá Otal nachootal@gmail.com)
Upgrade to Gitaly v1.65.0. !17135
Make flash notifications sticky. !30141
Add Issue and Merge Request titles to Todo items. !30435 (Arun Kumar Mohan)
Remove wiki page slug dialog step when creating wiki page. !31362
Improve system notes for Zoom links. !31410 (Jacopo Beschi @jacopo-beschi)
Updated WebIDE default commit options. !31449
Remove oauth form from GitHub CI/CD only import authentication. !31488
Update assignee (cannot merge) style. !31545
Updated latest pipeline tag tooltip to be more descriptive. !31624
Add optional label_id parameter to label API for PUT and DELETE. !31804
Updates issues REST API to allow extended sort options. !31849
Fix to show renamed file in mr. !31888
Replaced expand diff icons. !31907
Upgrade to Gitaly 1.60.0. !31981
Make MR pipeline widget text more descriptive. !32025
Fix wording on milestone due date when milestone is due today. !32096
Improve search result labels. !32101
Limit access request emails to ten most recently active owners or maintainers. !32141
Improve chatops help output. !32208
Update merge train documentation. !32218
Add caret icons to the monitoring dashboard. !32239
Install cert-manager v0.9.1. !32243
Bring text mail for new issue & MR more in line. !32254
Add cluster domain warning. !32260
Rename epic column state to state_id. !32270
Use moved instead of closed in issue references. !32277 (juliette-derancourt)
Standardize use of content parameter in snippets API. !32296
Show meaningful message on /due quick action with invalid date. !32349 (Jacopo Beschi @jacopo-beschi)
Remove dynamically constructed feature flags starting with prometheus_transaction_. !32395 (Jacopo Beschi @jacopo-beschi)
Indicate on Issue Status if an Issue was Duplicated. !32472
Avoid dns rebinding checks when the domain is whitelisted. !32603
Upgrade to Gitaly v1.62.0. !32608
Unified presentation of the filter input field for projects listings. !32706
Hide resolve thread button from guest. !32859


Performance (20 changes)

Lower search counters. !11777
Considerably improve the query performance for MR discussions load. !16635
Eliminate Gitaly N+1 queries with notes API. !32089
Optimise UpdateBuildQueueService. !32095
Remove N+1 SQL query loading project feature in dashboard. !32169
Reduce the number of SQL requests on MR-show. !32192
Makes LFS object linker process OIDs in batches. !32268
Preload routes information to fix N+1 issue. !32352
Reduce N+1 when doing project export. !32423
Skip requesting diverging commit counts if no branches are listed. !32496
Support selective highlighting of lines. !32514
Replace indexes for counting active users. !32538
Create partial index for gitlab-monitor CI metrics. !32546
Optimize queries for snippet listings. !32576
Preprocess wiki attachments with GitLab-Workhorse. !32663
Create index for users.unconfirmed_email. !32664
Optimize /admin/applications so that it does not timeout. !32852
Replace events index with partial one. !32874
Partial index for namespaces.type. !32876
Fix member expiration not always working. !32951


Added (42 changes, 10 of them are from the community)

Enable modsecurity in nginx-ingress apps. !15774
Database table for tracking programming language trends over time. !16491
Add DAST full scan domain validation. !16680
Add not param to Issues API endpoint. !16748
Allow specifying timeout per-job in .gitlab-ci.yml. !16777 (Michał Siwek)
Document forwarding CI variables to docker build in Auto DevOps. !16783
Add links for latest pipelines. !20865 (Alex Ives)
New interruptible attribute for CI/CD jobs. !23464 (Cédric Tabin)
API: Promote project labels to group labels. !25218 (Robert Schilling)
Introduced Build::Rules configuration for Ci::Build. !29011
Notification emails can be signed with SMIME. !30644 (Diego Louzán)
Allow milestones to be associated with a release (backend). !30816
Enable serving static objects from an external storage. !31025
Save collapsed option for board lists in database. !31069
Apply quickactions when modifying comments. !31136
Add SwaggerUI Pages template for .gitlab-ci.yml. !31183 (mdhtr)
Add ability to see project deployments at cluster level (FE). !31575
Create component to display area and line charts in monitor dashboards. !31639
Add persistance to last choice of projects sorting on projects dashboard page. !31669
Run Pipeline button & API for MR Pipelines. !31722
Add service to transfer Group Milestones when transferring a Project. !31778
Allow $CI_REGISTRY_USER to delete tags. !31796
Support adding and removing labels w/ push opts. !31831
Enable line charts in dashbaord panels and embedded charts. !31920
Add First and Last name columns to User model. !31985
Add option to allow OAuth providers to bypass two factor. !31996 (Dodocat)
Expose namespace storage statistics with GraphQL. !32012
Add usage pings for merge request creating. !32059
Add warning about initial deployment delay for GitLab Pages sites. !32122
Allow Knative to be installed on group and instance level clusters. !32128
Add a close issue slack slash command. !32150
Support chat notifications to be fired for protected branches. !32176
Add system hooks for project/group membership updates. !32371 (Brandon Williams)
Add source and merge_request fields to pipeline event webhook. !32373 (Bian Jiaping)
Allow ECDSA certificates for pages domains. !32393
Show link to cluster used on job page. !32446
Group level JupyterHub. !32512
Creates utility parser for the job log. !32555
Expose update project service endpoint JSON. !32759
Expose 'protected' field for Tag API endpoint. !32790 (Andrea Leone)
Create table alerts_service_data. !32860
Creates base components for the new job log.


Other (42 changes, 13 of them are from the community)

Setting NOT NULL constraint to users.private_profile column. !14838
Schedule productivity analytics recalculation for EE. !15137
Document Lambda deploys via GitLab CI/CD. !16858
Add Redis interceptor tracing. !30238
Encrypt existing and new deploy tokens. !30679
Clean up keyboard shortcuts help modal, removing and adding as needed. !31642
Add warning to pages domains that obtaining/deploying SSL certificates through Let's Encrypt can take some time. !31765
Add new API method in Api.js: projectUsers. !31801
Upgrade babel to 7.5.5. !31819 (Takuya Noguchi)
Update docs to reflect the rename of gitlab-monitor to gitlab-exporter. !31901
Count comments on commits and merge requests. !31912
Resolve Badge counter: Very low contrast between foreground and background colors. !31922
Add index to improve group cluster deployments query performance. !31988
Replace finished_at with deployed_at for the internal API Deployment entity. !32000
Update to GitLab Shell v9.4.0. !32009
Default clusters namespace_per_environment column to true. !32139
Remove deprecation message for milestone tabs. !32252
Refactored Karma spec to Jest for mr_widget_auto_merge_failed. !32282 (Illya Klymov)
Update GitLab Runner Helm Chart to 0.8.0. !32289
Refactor showStagedIcon property to reflect the behavior its name represents. !32333 (Arun Kumar Mohan)
Upgrade pages to 1.8.0. !32334
Change prioritized labels empty state message. !32338 (Lee Tickett)
make test of note app with comments disabled dry. !32383 (Romain Maneschi)
Use new location for gitlab-runner helm charts. !32384
Mention in docs how to disable project snippets. !32391 (Jacopo Beschi @jacopo-beschi)
delete animation width on global search input. !32399 (Romain Maneschi)
Remove vue resource from sidebar service. !32400 (Lee Tickett)
Remove vue resource from issue. !32421 (Lee Tickett)
Remove vue resource from remove issue. !32425 (Lee Tickett)
Remove vue-resource from PerformanceBarService. !32428 (Lee Tickett)
Added warning note on the project container registry setting informing users that the registry is public for public projects. !32447
Admin dashboard: Fetch and render statistics async. !32449
Update GitLab Workhorse to v8.10.0. !32501
Remove Users.support_bot column. !32554
Add padding to left of "Sort by" in members dropdown. !32602
Log errors for failed pipeline creation in PostReceive. !32633
Avoid prefilling target branch when source branch is the default one. !32701
Bump Kubeclient to 4.4.0. !32811
Remove vue-resource from notes service. !32934 (Lee Tickett)
Added board name to page title in boards view.
Remove vue resource from group service. (Lee Tickett)
Updates tooltip of 'detached' label/state.


12.2.11

No changes.


12.2.8

Security (1 change)

Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.


12.2.7

Security (1 change)

Fix private feature Elasticsearch leak.


12.2.6

Security (11 changes)

Add a policy check for system notes that may not be visible due to cross references to private items.
Display only participants that user has permission to see on milestone page.
Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
Check permissions before showing head pipeline blocking merge requests.
Fix new project path being disclosed through unsubscribe link of issue/merge requests.
Prevent bypassing email verification using Salesforce.
Do not show resource label events referencing not accessible labels.
Cancel all running CI jobs triggered by the user who is just blocked.
Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.59.3].
Only render fixed number of mermaid blocks.
Prevent GitLab accounts takeover if SAML is configured.


12.2.5

Security (1 change)

Upgrade pages to 1.7.2.


12.2.4

Fixed (7 changes)

Add syntax highlighting for line expansion. !31821
Fix issuable sidebar icon on notification disabled. !32134
Upgrade Mermaid to v8.2.4. !32186
Fix Piwik not working. !32234
Fix snippets API not working with visibility level. !32286
Fix upload URLs in Markdown for users without access to project repository. !32448
Update Mermaid to v8.2.6. !32502


Performance (1 change)

Fix N+1 Gitaly calls in /api/v4/projects/:id/issues. !32171


12.2.3

No changes.


12.2.2

Security (22 changes)

Ensure only authorised users can create notes on Merge Requests and Issues.
Gitaly: ignore git redirects.
Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
Limit the size of issuable description and comments.
Send TODOs for comments on commits correctly.
Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
Added image proxy to mitigate potential stealing of IP addresses.
Filter out old system notes for epics in notes api endpoint response.
Avoid exposing unaccessible repo data upon GFM post processing.
Fix HTML injection for label description.
Make sure HTML text is always escaped when replacing label/milestone references.
Prevent DNS rebind on JIRA service integration.
Use admin_group authorization in Groups::RunnersController.
Prevent disclosure of merge request ID via email.
Show cross-referenced MR-id in issues' activities only to authorized users.
Enforce max chars and max render time in markdown math.
Check permissions before responding in MergeController#pipeline_status.
Remove EXIF from users/personal snippet uploads.
Fix project import restricted visibility bypass via API.
Fix weak session management by clearing password reset tokens after login (username/email) are updated.
Fix SSRF via DNS rebinding in Kubernetes Integration.


12.2.1

Fixed (2 changes)

Fix for embedded metrics undefined params. !31975
Fix "ERR value is not an integer or out of range" errors. !32126


Performance (1 change)

Fix Gitaly N+1 calls with listing issues/MRs via API. !31938


Fixed (3 changes)

Fix for embedded metrics undefined params. !31975
Fix "ERR value is not an integer or out of range" errors. !32126
Prevent duplicated trigger action button.


Performance (1 change)

Fix Gitaly N+1 calls with listing issues/MRs via API. !31938


12.2.0

Security (4 changes, 1 of them is from the community)

Update mini_magick to 4.9.5. !31505 (Takuya Noguchi)
Upgrade Rugged to 0.28.3. !31794
Queries for Upload should be scoped by model.
Restrict slash commands to users who can log in.


Removed (3 changes)

Remove Kubernetes service integration page. !31365
Remove line profiler from performance bar.
Remove GC metrics from performance bar.


Fixed (74 changes, 4 of them are from the community)

Resolve Incorrect empty state message on Explore projects. !25578
Search issuables by iids. !28302 (Riccardo Padovani)
Make it easier to find invited group members. !28436
fix: updates to include units for the y axis label. !30330
Align access permissions for wiki history to those of wiki pages. !30470
Add index for issues on relative position, project, and state for manual sorting. !30542
Fix suggestion on lines that are not part of an MR. !30606
Add empty chart component. !30682
Remove blank block from job sidebar. !30754
Remove duplicate buttons in diff discussion. !30757
Order projects in 'Move issue' dropdown by name. !30778
Fix bug in dashboard display of closed milestones. !30820
Fixes alignment issues with reports. !30839
Ensure visibility icons in group/project listings are grey. !30858
Fix admin labels page when there are invalid records. !30885
Extra logging for new live trace architecture. !30892
Fix pipeline emails not respecting group notification email setting. !30907
Handle trailing slashes when generating Jira issue URLs. !30911
Optimize relative re-positioning when moving issues. !30938
Better support clickable tasklists inside blockquotes. !30952
Add space to "merged by" widget. !30972
Remove duplicated mapping key in config/locales/en.yml. !30980 (Peter Dave Hello)
Update Mermaid to v8.2.3. !30985
Use persistent Redis cluster for Workhorse pub/sub notifications. !30990
Remove :livesum from RubySampler metrics. !31047
Fix pid discovery for Unicorn processes in PidProvider. !31056
Respect group notification email when sending group access notifications. !31089
Default dependency job stage index to Infinity, and correctly report it as undefined in prior stages. !31116
Fix incorrect use of message interpolation. !31121
Moved labels out of fields on Search page. !31137
Ensure Warden triggers after_authentication callback. !31138
Fix admin area user access level radio button labels. !31154
Ignore Gitaly errors if cache flushing fails on project destruction. !31164
Prevent double slash in review apps path. !31212
Make pdf.js render CJK characters. !31220
Prevent discussion filter from persisting to Show all activity when opening links to notes. !31229
Improve layout of dropdowns in the metrics dashboard page. !31239
Remove pdf.js deprecation warnings. !31253
Fix GC::Profiler metrics fetching. !31331
Jupyter fixes. !31332 (Amit Rathi)
Fix first-time contributor notes not rendering. !31340
Fix inline rendering of relative paths to SVGs from the current repository. !31352
Make bin/web_puma consider RAILS_ENV. !31378
Removed extrenal dashboard legend border. !31407
Fix visual review app storage keys. !31427
Fix flashing conflict warning when editing issues. !31469
Fix broken issue links and possible 500 error on cycle analytics page when project name and path are different. !31471
Prevent turning plain links into embedded when moving issues. !31489
Add a field for released_at to GH importer. !31496
Adjust size and align MR-widget loading icon. !31503
Fix an issue where clicking outside the MR/branch search box in WebIDE closed the dropdown. !31523
Don't attempt to contact registry if it is disabled. !31553
Fix IDE new files icon in tree. !31560
Fix missing author line (Created by: <user>) in MRs/issues/comments of imported Bitbucket Cloud project. !31579
Add missing report-uri to CSP config. !31593
Fixed display of some sections and externalized all text in the shortcuts modal overlay. !31594
Remove extra padding from disabled comment box. !31603
Allow CI to clone public projects when HTTP protocol is disabled. !31632
error message for general settings. !31636 (Mesut Güneş)
Invalidate branches cache on PostReceive. !31653
Fix active metric files being wiped after the app starts. !31668
Fix :wiki_can_not_be_created_total counter. !31673
Fix job logs where style changes were broken down into separate lines. !31674
Properly save suggestions in project exports. !31690
Fix project avatar image in Slack pipeline notifications. !31788
Fix empty error flash message on profile:account page when updating username with username that has already been taken. !31809
Fix starrers counts after searching. !31823
Fix pipelines not always being created after a push. !31927
Fix 500 errors in commits api caused by empty ref_name parameter.
Center loading icon in CI action component.
Prevents showing 2 tooltips in pipelines table.
Fix tag page layout.
Prevent duplicated trigger action button.
Hides loading spinner in pipelines actions after request has been fullfiled.


Changed (31 changes, 5 of them are from the community)

Update cluster page automatically when cluster is created. !27189
Add branch/tags/commits dropdown filter on the search page for searching codes. !28282 (minghuan lei)
Add support for start_sha to commits API. !29598
Maintainers can create subgroups. !29718 (Fabio Papa)
Extract Auto DevOps deploy functions into a base image. !30404
Add MR form to Visual Review (EE) runtime configuration. !30481
Adjust redis cache metrics. !30572
Add DS_PIP_DEPENDENCY_PATH option to configure Dependency Scanning for projects using pip. !30762
Bring scoped environment variables to core. !30779
Add Web IDE Usage Ping for Create SMAU. !30800
Update the container scanning CI template to use v12 of the clair scanner. !30809
Multiple pipeline support for Commit status. !30828 (Gaetan Semet)
Add support for exporting repository type data for LFS objects. !30830
Avoid increasing redis counters when usage_ping is disabled. !30949
Added navbar searches usage ping counter. !30953
Convert githost.log to JSON format. !30967
Adjusted the clickable area of collapsed sidebar elements. !30974 (Michel Engelen)
Mark push mirrors as failed after 1 hour. !30999
Allows masking @ and : characters. !31065
Remove incorrect fallback when determining which cluster to use when retrieving MR performance metrics. !31126
Retry push mirrors faster when running concurrently, improve error handling when push mirrors fail. !31247
Make issue boards importable. !31434 (Jason Colyer)
Allow users to resend a confirmation link when the grace period has expired. !31476
Remove counts from default labels API responses. !31543
Upgrade to Gitaly v1.57.0. !31568
Rename githost.log -> git_json.log. !31634
Load search result counts asynchronously. !31663
feat: adds a download to csv functionality to the dropdown in prometheus metrics. !31679
Adjust copy for adding additional members. !31726
Upgrade to Gitaly v1.59.0. !31743
Filter title, description, and body parameters from logs.


Performance (17 changes, 1 of them is from the community)

Add partial index on identities table to speed up LDAP lookups. !26710
Improve MembersFinder query performance using UNION. !30451 (Jacopo Beschi @jacopo-beschi)
Rake task to cleanup expired ActiveSession lookup keys. !30668
Update usage ping cron behavior. !30842
Make Bootsnap available via ENABLE_BOOTSNAP=1. !30963
Batch processing of commit refs in markdown processing. !31037
Use tablesample approximate counting by default. !31048
Create index on environments by state. !31231
Split MR widget into etag-cached and non-cached serializers. !31354
Speed up loading and filtering deploy keys and their projects. !31384
Only track Redis calls if Peek is enabled. !31438
Only expire tag cache once per push. !31641
Reduce Gitaly calls in PostReceive. !31741
Eliminate many Gitaly calls in discussions API. !31834
Optimize DB indexes for ES indexing of notes. !31846
Expire project caches once per push instead of once per ref. !31876
Look up upstream commits once before queuing ProcessCommitWorkers.


Added (51 changes, 11 of them are from the community)

Make starred projects and starrers of a project publicly visible. !24690
Make quick action commands applied banner more useful. !26672 (Jacopo Beschi @jacopo-beschi)
Allow Helm to be uninstalled from the UI. !27359
Improve pipeline status Slack notifications. !27683
Add links to relevant configuration areas in admin area overview. !29306
Display project id on project admin page. !29734 (Zsolt Kovari)
Display group id on group admin page. !29735 (Zsolt Kovari)
Resolve Keyboard shortcut for jump to NEXT unresolved discussion. !30144
Personal access tokens are accepted using OAuth2 header format. !30277
Add Outbound requests whitelist for local networks. !30350 (Istvan Szalai)
Allow multiple Auto DevOps projects to deploy to a single namespace within a k8s cluster. !30360 (James Keogh)
Allow Knative to be uninstalled from the UI. !30458
Add admin-configurable "Support page URL" link to top Help dropdown menu. !30459 (Diego Louzán)
Allow specifying variables when running manual jobs. !30485
Use predictable environment slugs. !30551
Return an ETag header for the archive endpoint. !30581
Add Rate Request Limiter to RawController#show endpoint. !30635
Add git blame to GitLab API. !30675 (Oleg Zubchenko)
Use separate Kubernetes namespaces per environment. !30711
Support remove source branch on merge w/ push options. !30728
Deploy serverless apps with gitlabktl. !30740
Adjust group level analytics to accept multiple ids. !30744
Adds event enum column to DesignsVersions join table. !30745
Allow email notifications to be disabled for all members of a group or project. !30755 (Dustin Spicuzza)
Export and download CSV from metrics charts. !30760
Add API endpoints to return container repositories and tags from the group level. !30817
Add support for deferred links in persistent user callouts. !30818
Add system notes for when a Zoom call was added/removed from an issue. !30857 (Jacopo Beschi @jacopo-beschi)
Count wiki creation, update and delete events. !30864
Add new expansion options for merge request diffs. !30927
Count snippet creation, update and comment events. !30930
Update namespace label for GitLab-managed clusters. !30935
UI for disabling group/project email notifications. !30961 (Dustin Spicuzza)
Support setting of merge request title and description using git push options. !31068
Add new table to store email domain per group. !31071
Redirect from a project wiki git route to the project wiki home. !31085
Link and embed metrics in GitLab Flavored Markdown. !31106
Moves snowplow tracking from ee to ce. !31160 (jejacks0n)
Allow Cert-Manager to be uninstalled. !31166
Add new outbound network requests application setting for system hooks. !31177
Allow links to metrics dashboard at a specific time. !31283
Enable embedding of specific metrics charts in GFM. !31304
Support creating DAGs in CI config through the needs key. !31328
Generate shareable link for specific metric charts. !31339
Add support for Content-Security-Policy. !31402
Add BitBucketServer project import filtering. !31420
Embed specific metrics chart in issue. !31644
Track page views for cycle analytics show page. !31717
Add usage pings for source code pushes. !31734
Makes collapsible title clickable in job log.
Adds highlight to the collapsible section.


Other (36 changes, 9 of them are from the community)

Rewrite if: argument in before_action and alike when only: is also used. !24412 (George Thomas @thegeorgeous)
Create rake tasks for migrating legacy uploads out of deprecated paths. !29409
Remove the warning style from the U2F device message in user settings > account. !30119 (matejlatin)
Set visibility level 'Private' for restricted 'Internal' imported projects when 'Internal' visibility setting is restricted in admin settings. !30522
Change BoardService in favor of boardsStore on board blank state of the component board. !30546 (eduarmreyes)
Adds Sidekiq scheduling latency structured logging field. !30784
Adds chaos endpoints to Sidekiq. !30814
Added multi-select deletion of container registry images. !30837
When GitLab import fails during importer user mapping step, add an explicit error message mentioning importer. !30838
Add Rugged calls and duration to API and Rails logs. !30871
Fixed distorted avatars when resource not reachable. !30904 (Marc Schwede)
Update GitLab Runner Helm Chart to 0.7.0. !30950
Use Rails 5.2 Redis caching store. !30966
Add Rugged calls to performance bar. !30983
add color selector to broadcast messages form. !30988
Harmonize selections in user settings. !31110 (Marc Schwede)
Update rouge to v3.7.0. !31254
Update 'Ruby on Rails' project template. !31310
Fix mirroring help text. !31348 (jramsay)
Enhance style of the shared runners limit. !31386
Enables storage statistics for root namespaces on database. !31392
Improve quick action error messages. !31451
Enable authenticated cookie encryption. !31463
Update karma to 4.2.0. !31495 (Takuya Noguchi)
Add max_replication_slots to PG HA documentation. !31534
Create database tables for the new cycle analytics backend. !31621
Updated the detached pipeline badge tooltip text to offer a better explanation. !31626
Add Gitaly and Rugged call timing in Sidekiq logs. !31651
Fix the style-lint errors and warnings for app/assets/stylesheets/pages/wiki.scss. !31656
Update GraphicsMagick from 1.3.29 to 1.3.33 for CI tests. !31692 (Takuya Noguchi)
Migrate remaining users with null private_profile. !31708
Bump Helm to 2.14.3 and kubectl to 1.11.10 for Kubernetes integration. !31716
Updated the personal access token api scope description to reflect the permissions it grants. !31759
Add finished_at to the internal API Deployment entity. !31808
Remove Security Dashboard feature flag. !31820
Update Packer.gitlab-ci.yml to use latest image. (Kelly Hair)


12.1.14

Security (1 change)

Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.


12.1.12

Security (12 changes)

Add a policy check for system notes that may not be visible due to cross references to private items.
Display only participants that user has permission to see on milestone page.
Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
Check permissions before showing head pipeline blocking merge requests.
Fix new project path being disclosed through unsubscribe link of issue/merge requests.
Prevent bypassing email verification using Salesforce.
Do not show resource label events referencing not accessible labels.
Cancel all running CI jobs triggered by the user who is just blocked.
Fix Gitaly SearchBlobs flag RPC injection.
Only render fixed number of mermaid blocks.
Prevent GitLab accounts takeover if SAML is configured.
Upgrade mermaid to prevent XSS.


12.1.10

No changes.


12.1.5

Security (2 changes)

Upgrade Gitaly to 1.53.2 to prevent revision flag injection exploits.
Upgrade pages to 1.7.1 to prevent gitlab api token recovery from cookie.


12.1.4

Fixed (3 changes, 1 of them is from the community)

Properly translate term in projects list. !30958
Add exclusive lease to mergeability check process. !31082
Fix Docker in Docker (DIND) listen port behavior change by adding DOCKER_TLS_CERTDIR in CI job templates. !31201 (Cameron Boulton)


Performance (1 change)

Improve job log rendering performance. !31262


12.1.3

Fixed (11 changes)

Prevent multiple confirmation modals from opening when deleting a repository. !30532
Fix the project auto devops API. !30946
Fix "Certificate misses intermediates" UI error when enabling Let's Encrypt integration for pages domain. !30995
Fix xterm css not loading for environment terminal. !31023
Set DOCKER_TLS_CERTDIR in Auto Dev-Ops CI template to fix jobs using Docker-in-Docker. !31078
Set DOCKER_TLS_CERTDIR in CI job templates to fix Docker-in-Docker service. !31080
Support Docker OCI images. !31127
Fix error rendering submodules in MR diffs when there is no .gitmodules. !31162
Fix pdf.js rendering pages in the wrong order. !31222
Fix exception handling in Gitaly autodetection. !31285
Fix bug that caused diffs not to show on MRs with changes to submodules.


Performance (1 change)

Optimise import performance. !31045


12.1.2

Security (1 change)

Use source project as permissions reference for MergeRequestsController#pipelines.


Security (9 changes)

Restrict slash commands to users who can log in.
Patch XSS issue in wiki links.
Queries for Upload should be scoped by model.
Filter merge request params on the new merge request page.
Fix Server Side Request Forgery mitigation bypass.
Show badges if pipelines are public otherwise default to project permissions.
Do not allow localhost url redirection in GitHub Integration.
Do not show moved issue id for users that cannot read issue.
Drop feature to take ownership of trigger token.


12.1.1

No changes.


12.1.0

Security (11 changes, 2 of them are from the community)

Update tar to 2.2.2. !29949 (Takuya Noguchi)
Update lodash to 4.7.14 and lodash.mergewith to 4.6.2. !30602 (Takuya Noguchi)
Correctly check permissions when creating snippet notes.
Gate MR head_pipeline behind read_pipeline ability.
Prevent Billion Laughs attack.
Add missing authorizations in GraphQL.
Fix Denial of Service for comments when rendering issues/MR comments.
Expose merge requests count based on user access.
Fix DoS vulnerability in color validation regex.
Prevent the detection of merge request templates by unauthorized users.
Persist tmp snippet uploads at users.


Removed (7 changes)

Disable Kubernetes credential passthrough for managed project-level clusters. !29262
Remove deprecated group routes. !29351
Remove support for creating non-RBAC kubernetes clusters. !29614
Remove Kubernetes service integration and Kubernetes service template from available deployment platforms. !29786
Remove MySQL support. !29790
Remove depreated /u/:username routing. !30044
Remove support for legacy pipeline triggers. !30133


Fixed (84 changes, 14 of them are from the community)

Update a user's routes after updating their name. !23272
Show poper panel when validation error occurs in admin settings panels. !25434
Expect bytes from Gitaly RPC GetRawChanges. !28164
Sanitize LDAP output in Rake tasks. !28427
Left align mr widget icons and text. !28561
Keep the empty folders in the tree. !29196
Fix incorrect emoji placement in commit diff discussion. !29445
Fix favicon path with uploads of object store. !29482 (Roger Meier)
Remove duplicate trailing +/- char in merge request discussions. !29518
Fix the signup form's username validation messages not displaying. !29678 (Jiaan Louw)
Fix broken environment selector and always display it on monitoring dashboard. !29705
Fix Container Scanning job timeout when using the kubernetes executor. !29706
Look for new branches more carefully. !29761
Fix nested lists unnecessary margin. !29775 (Kuba Kopeć)
Fix reports jobs timing out because of cache. !29780
Fix Double Border in Profile Page. !29784 (Yoginth <@yo>)
Remove minimum character limits for fuzzy searches when using a CTE. !29810
Set default sort method for dashboard projects list. !29830 (David Palubin)
Protect TeamCity builds from triggering when a branch has been deleted. And a MR-option. !29836 (Nikolay Novikov, Raphael Tweitmann)
Fix pipeline schedule does not run correctly when it's scheduled at the same time with the cron worker. !29848
Always shows author of created issue/started discussion/comment in HTML body and text of email. !29886 (Frank van Rest)
Build correct basenames for title search results. !29898
Resolve "500 error when forking via the web IDE button". !29909
Turn commit sha in monitor charts popover to link. !29914
Fix broken URLs for uploads with a plus in the filename. !29915
Retry fetching Kubernetes Secret#token (#63507). !29922
Enforce presence of pipeline when "Pipeline must succeed" project setting is enabled. !29926
Fix unresponsive reply button in discussions. !29936
Allow asynchronous rebase operations to be monitored. !29940
Resolve Avatar in Please sign in pattern too large. !29944
Persist the cluster a deployment was deployed to. !29960
Fix runner tags search dropdown being empty when there are tags. !29985
Display the correct amount of projects being migrated/rolled-back to Hashed Storage when specifying ranges. !29996
Resolve Environment details header border misaligned. !30011
Correct link to docs for External Dashboard. !30019
Fix Jupyter-Git integration. !30020 (Amit Rathi)
Update Mermaid to 8.1.0. !30036
Fix background migrations failing with unused replication slot. !30042
Disable Rails SQL query cache when applying service templates. !30060
Set higher TTL for write lock of trace to prevent concurrent archiving. !30064
Fix charts on Cluster health page. !30073
Display boards filter bar on mobile. !30120
Fix IDE editor not showing when switching back from preview. !30135
Support note position tracing on an image. !30158
Replace slugifyWithHyphens with improved slugify function. !30172 (Luke Ward)
'Open' and 'Closed' issue board lists no longer display a redundant tooltip. !30187
Fix pipelines table to update without refreshing after action. !30190
Change ruby_process_start_time_seconds metric to unix timestamp instead of seconds from boot. !30195
Fix attachments using the wrong URLs in e-mails. !30197
Make sure UnicornSampler is started only in master process. !30215
Don't show image diff note on text file. !30221
Fix median counting for cycle analytics. !30229
In WebIDE allow adding new entries of the same name as deleted entry. !30239
Don't let logged out user do manual order. !30264
Skip spam check for task list updates. !30279
Make Housekeeping button do a full garbage collection. !30289
Removing an image should not output binary data. !30314
Fix spacing issues for toasts. !30345
Fix race in forbid_sidekiq_in_transactions.rb. !30359
Fixed back navigation for projects filter. !30373
Fix environments broken terminal. !30401
Fix invalid SSL certificate errors on Drone CI service. !30422
Fix subgroup url in search drop down. !30457
Make unicorn_workers to return meaningful results. !30506
Fix wrong URL when creating milestones from instance milestones dashboard. !30512
Fixed incorrect line wrap for assignee label in issues. !30523 (Marc Schwede)
Improves section header whitespace on the CI/CD Charts page. !30531
Prevent multiple confirmation modals from opening when deleting a repository. !30532
Aligns CI icon in Merge Request dashboard. !30558
Add text-secondary to controls in project list. !30567
Review Tools: Add large z-index to toolbar. !30583
Hide restricted and disallowed visibility radios. !30590
Resolve Label picker: Line break on long label titles. !30610
Fix a bug that prevented projects containing merge request diff comments from being imported. !30630
I fixed z index bug in diff page. !30657 (Faruk Can)
Allow client authentication method to be configured for OpenID Connect. !30683 (Vincent Fazio)
Fix commenting before discussions are loaded. !30724
Fix linebreak rendering in Mermaid flowcharts. !30730
Make httpclient respect system SSL configuration. !30749
Bump fog-aws to v3.5.2. !30803
API: Allow changing only ci_default_git_depth. !30888 (Mathieu Parent)
Search issuables by iids. (Riccardo Padovani)
Fix broken warnings while Editing Issues and Edit File on MR.
Make sure we are receiving the proper information on the MR Popover by updating the IID in the graphql query.


Changed (39 changes, 8 of them are from the community)

Improve group list UI. !26542
Backport and Docs for Paginate license management and add license search. !27602
Update merge requests section description text on project settings page. !27838
Knative version bump 0.5 -> 0.6. !28798 (Chris Baumbauer)
Add salesforce logo for salesforce SSO. !28857
Enforced requirements for UltraAuth users. !28941 (Kartikey Tanna)
Return 400 when deleting tags more often than once per hour. !29448
Add identity information to external authorization requests. !29461
Enable just-in-time Kubernetes resource creation for project-level clusters. !29515
renamed discussion to thread in merge-request and issue timeline. !29553 (Michel Engelen)
Changed HTTP Status Code for disabled repository on /branches and /commits to 404. !29585 (Sam Battalio)
Enable Git object pools. !29595 (jramsay)
Updated container registry to display error message when special characters in path. Documentation has also been updated. !29616
Allow developers to delete tags. !29668
Will not update issue timestamps when changing positions in a list. !29677
Include a link back to the MR for Visual Review feedback form. !29719
Improve discussion reply buttons layout and how jump to next discussion button appears. !29779
Renders a pre-release tag for releases. !29797
Migrate NULL values for users.private_profile column and update users API to reject null value for private_profile. !29888
Re-name files in Web IDE in a more natural way. !29948
Include events from subgroups in group's activity. !29953 (Fabian Schneider @fabsrc)
Upgrade to Gitaly v1.49.0. !29990
Remove group and instance clusters feature flag. !30124
Add support for creating random passwords in user creation API. !30138
Support CIDR notation in IP rate limiter. !30146
Add Redis call details in Peek performance bar. !30191
Create Knative role and binding with service account. !30235
Add cleanup migration for MR's multiple assignees. !30261
Updates PHP template to php:latest to ensure always targeting latest stable. !30319 (Paul Giberson)
Format from and to fields in JSON audit log. !30333
Upgrade to Gitaly v1.51.0. !30353
Modify cycle analytics on project level. !30356
Extract clair version as CLAIR_EXECUTABLE_VERSION variable and update clair executable from v8 to v11. !30396
Upgrade Rouge to 3.5.1. !30431
Move multiple issue boards to core. !30503
Upgrade to Gitaly v1.52.0. !30568
Upgrade to Gitaly v1.53.0. !30614
Open WebIDE in fork when user doesn't have access. !30642
Propagate python version variable. (Can Eldem)


Performance (25 changes, 1 of them is from the community)

Remove tooltip directive on project avatar image component. !29631 (George Tsiolis)
Use Rugged if we detect storage is NFS and we can access the disk. !29725
Add endpoint for fetching diverging commit counts. !29802
Cache feature flag names in Redis for a minute. !29816
Avoid storing backtraces from Bitbucket Cloud imports in the database. !29862
Remove import columns from projects table. !29863
Enable Gitaly ref name caching for discussions.json. !29951
Allow caching of negative FindCommit matches. !29952
Eliminate N+1 queries in Dashboard::TodosController. !29954
Memoize non-existent custom appearances. !29957
Add a separate endpoint for fetching MRs serialized as widgets. !29979
Use CTE to fetch clusters hierarchy in single query. !30063
Enable Gitaly ref caching for SearchController. !30105
Avoid loading pipeline status in search results. !30111
Improve performance of MergeRequestsController#ci_environment_status endpoint. !30224
Add a memory cache local to the thread to reduce Redis load. !30233
Cache Flipper persisted names directly to local memory storage. !30265
Limit amount of JUnit tests returned. !30274
Cache Flipper feature flags in L1 and L2 caches. !30276
Prevent amplification of ReactiveCachingWorker jobs upon failures. !30432
Allow ReactiveCaching to support nil value. !30456
Improve performance of fetching environments statuses. !30560
Do Redis lookup in batches in ActiveSession.sessions_from_ids. !30561
Remove catfile cache feature flag. !30750
Fix Gitaly auto-detection caching. !30954


Added (46 changes, 12 of them are from the community)

Document the negative commit message push rule for the API. !14004 (Maikel Vlasman)
Expose saml_provider_id in the users API. !14045
Improve Project API. !28327 (Mathieu Parent)
Remove Sentry from application settings. !28447 (Roger Meier)
Implement borderless discussion design with new reply field. !28580
Enable terminals for instance and group clusters. !28613
Resolve Multiple discussions per line in merge request diffs. !28748
Adds link to Grafana in Admin > Monitoring settings when grafana is enabled in config. !28937 (Romain Maneschi)
Bring Manual Ordering on Issue List. !29410
Added commit type to tree GraphQL response. !29412
New API for User Counts, updates on success of an MR the count on top and in other tabs. !29441
Add option to limit time tracking units to hours. !29469 (Jon Kolb)
Add confirmation for registry image deletion. !29505
Sync merge ref upon mergeability check. !29569
Show an Upcoming Status for Releases. !29577
Add order_by and sort params to list runner jobs api. !29629 (Sujay Patel)
Allow custom username for deploy tokens. !29639
Add a verified pill next to email addresses under the admin users section. !29669
Add rake task to clean orphan artifact files. !29681
Render GFM in GraphQL. !29700
Upgrade asciidoctor version to 2.0.10. !29741 (Rajendra Kadam)
Allow auto-completing scoped labels. !29749
Enable syntax highlighting for AsciiDoc. !29835 (Guillaume Grossetie)
Expose placeholder element for metrics charts in GFM. !29861
Added a min schema version check to db:migrate. !29882
Extract zoom link from issue and pass to frontend. !29910 (raju249)
GraphQL mutations for add, remove and toggle emoji. !29919
Labeled issue boards can now collapse. !29955
Allow Ingress to be uninstalled from the UI. !29977
Add permission check to metrics dashboards endpoint. !30017
Allow JupyterHub to be uninstalled from the UI. !30097
Allow GitLab Runner to be uninstalled from the UI. !30176
GraphQL mutations for managing Notes. !30210
Add API for CRUD group clusters. !30213
Add endpoint to move multiple issues in boards. !30216
Enable terminals button for group clusters. !30255
Prevent excessive sanitization of AsciiDoc ouptut. !30290 (Guillaume Grossetie)
Extend MergeToRefService to create merge ref from an arbitrary ref. !30361
Add CI variable to provide GitLab HOST. !30417
Add migration for adding rule_type to approval_project_rules. !30575
Enable section anchors in Asciidoctor. !30666 (Guillaume Grossetie)
Preserve footnote link ids in Asciidoctor. !30790 (Guillaume Grossetie)
Add support for generating SSL certificates for custon pages domains through Let's Encrypt.
Introduce default: for gitlab-ci.yml.
Move Multiple Issue Boards for Projects to Core.
Add Gitaly data to the usage ping.


Other (35 changes, 15 of them are from the community)

Remove unresolved class and fixed height in discussion header. !28440 (David Palubin)
Moved EE/CE code differences for file app/views/search/_category.html.haml into CE. !28755 (Michel Engelen)
Changes "Todo" to "To Do" in the UI for clarity. !28844
Migrate GitLab managed project-level clusters to unmanaged if a Kubernetes namespace was unable to be created. !29251
Migrate GitLab managed project-level clusters to unmanaged if they are missing a Kubernetes service account token. !29648
Add strategies column to operations_feature_flag_scopes table. !29808
Disallow NULL values for geo_nodes.primary column. !29818 (Arun Kumar Mohan)
Replace 'JIRA' with 'Jira'. !29849 (Takuya Noguchi)
Support jsonb default in add_column_with_default migration helper. !29871
Update pagination prev and next texts. !29911
Adds metrics to measure cost of expensive operations. !29928
Always allow access to health endpoints from localhost in dev. !29930
Update GitLab Runner Helm Chart to 0.6.0. !29982
Use darker gray color for system note metadata and edited text. !30054
Fix typo in docs about Elasticsearch. !30162 (Takuya Noguchi)
Fix typo in code comments about Elasticsearch. !30163 (Takuya Noguchi)
Update mixin-deep to 1.3.2. !30223 (Takuya Noguchi)
Migrate markdown header_spec.js to Jest. !30228 (Martin Hobert)
Remove istanbul JavaScript package. !30232 (Takuya Noguchi)
Centralize markdownlint configuration. !30263
Use PostgreSQL 9.6.11 in CI tests. !30270 (Takuya Noguchi)
Fix typo in updateResolvableDiscussionsCounts action. !30278 (Frank van Rest)
Change color for namespace in commit search. !30312
Remove applySuggestion from notes service. !30399 (Frank van Rest)
Improved readability of storage statistics in group / project admin area. !30406
Alignign empty container registry message with design guidelines. !30502
Remove toggleAward from notes service. !30536 (Frank van Rest)
Remove deleteNote from notes service. !30537 (Frank van Rest)
change the use of boardService in favor of boardsStore on footer for the board component. !30616 (eduarmreyes)
Update example Prometheus scrape config. !30739
Update GitLab Pages to v1.7.0.
Add token_encrypted column to operations_feature_flags_clients table.
Removes EE diff for app/views/profiles/preferences/show.html.haml.
Removes EE differences for app/views/layouts/fullscreen.html.haml.
Removes EE differences for app/views/admin/users/show.html.haml.


12.0.12

No changes.


12.0.10

No changes.
No changes.


12.0.7

Security (22 changes)

Ensure only authorised users can create notes on Merge Requests and Issues.
Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
Queries for Upload should be scoped by model.
Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
Limit the size of issuable description and comments.
Send TODOs for comments on commits correctly.
Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
Added image proxy to mitigate potential stealing of IP addresses.
Filter out old system notes for epics in notes api endpoint response.
Avoid exposing unaccessible repo data upon GFM post processing.
Fix HTML injection for label description.
Make sure HTML text is always escaped when replacing label/milestone references.
Prevent DNS rebind on JIRA service integration.
Use admin_group authorization in Groups::RunnersController.
Prevent disclosure of merge request ID via email.
Show cross-referenced MR-id in issues' activities only to authorized users.
Enforce max chars and max render time in markdown math.
Check permissions before responding in MergeController#pipeline_status.
Remove EXIF from users/personal snippet uploads.
Fix project import restricted visibility bypass via API.
Fix weak session management by clearing password reset tokens after login (username/email) are updated.
Fix SSRF via DNS rebinding in Kubernetes Integration.


12.0.6

No changes.


12.0.3 (2019-06-27)

No changes.


Security (10 changes)

Persist tmp snippet uploads at users.
Gate MR head_pipeline behind read_pipeline ability.
Fix DoS vulnerability in color validation regex.
Expose merge requests count based on user access.
Fix Denial of Service for comments when rendering issues/MR comments.
Add missing authorizations in GraphQL.
Disable Rails SQL query cache when applying service templates.
Prevent Billion Laughs attack.
Correctly check permissions when creating snippet notes.
Prevent the detection of merge request templates by unauthorized users.


12.0.2 (2019-06-25)

Fixed (7 changes, 1 of them is from the community)

Fix missing API notification flags for Microsoft Teams. !29824 (Seiji Suenaga)
Fixed 'diff version changes' link not working. !29825
Fix label serialization in issue and note hooks. !29850
Include the GitLab version in the cache key for Gitlab::JsonCache. !29938
Prevent EE backport migrations from running if CE is not migrated. !30002
Silence backup warnings when CRON=1 in use. !30033
Fix comment emails not respecting group-level notification email.


Performance (1 change)

Omit issues links in merge request entity API response. !29917


12.0.1 (2019-06-24)

No changes.


12.0.0 (2019-06-22)

Security (10 changes)

Prevent bypass of restriction disabling web password sign in.
Hide confidential issue title on unsubscribe for anonymous users.
Resolve: Milestones leaked via search API.
Fix url redaction for issue links.
Add extra fields for handling basic auth on import by url page.
Fix confidential issue label disclosure on milestone view.
Filter relative links in wiki for XSS.
Prevent invalid branch for merge request.
Prevent XSS injection in note imports.
Protect Gitlab::HTTP against DNS rebinding attack.


Removed (5 changes, 1 of them is from the community)

Remove ability for group clusters to be automatically configured on creation. !27245
Removes support for AUTO_DEVOPS_DOMAIN. !28460
Remove the circuit breaker API. !28669
Make Kubernetes service templates readonly. !29044
Remove Content-Type override for Mattermost OAuth login. (Harrison Healey)


Fixed (115 changes, 28 of them are from the community)

Fix col-sm-* in forms to keep layout. !24885 (Takuya Noguchi)
Avoid 500 when rendering users ATOM data. !25408
Fix flyout nav on small viewports. !25998
Fix proxy support in Container Scanning. !27246
preventing blocked users and their PipelineSchdules from creating new Pipelines. !27318
Fix yaml linting for GitLab CI inside project (.gitlab/ci) *.yml files and CI template files. !27576 (Will Hall)
Fix yaml linting for project root *.yml files. !27579 (Will Hall)
Added a content field to atom feed. !27652
Bring secondary button styles up to design standard. !27920
Use FindOrCreateService to create labels and check for existing ones. !27987 (Matt Duren)
Fix "too many loops" error by handling gracefully cron schedules for non existent days. !28002
Fix 500 error when accessing charts with an anonymous user. !28091 (Diego Silva)
Allow user to set primary email first when 2FA is required. !28097 (Kartikey Tanna)
Auto-DevOps: allow to disable rollout status check. !28130 (Sergej Nikolaev kinolaev@gmail.com)
Resolved JIRA service: NoMethodError: undefined method 'find' for nil:NilClass. !28206
Supports Matomo/Piwik string website ID ("Protect Track ID" plugin). !28214 (DUVERGIER Claude)
Fix loading.. dropdown at search field. !28275 (Pavel Chausov)
Remove unintended error message shown when moving issues. !28317
Properly clear the merge error upon rebase failure. !28319
Upgrade dependencies for node 12 compatibility. !28323
Fix. db:migrate is failed on MySQL 8. !28351 (sue445)
Fix an error in projects admin when statistics are missing. !28355
Fix emojis URLs. !28371
Prevent common name collisions when requesting multiple Let's Encrypt certificates concurrently. !28373
Fix issue that causes "Save changes" button in project settings pages to be enabled/disabled incorrectly when changes are made to the form. !28377
Fix diff notes and discussion notes being exported as regular notes. !28401
Fix padding in MR widget. !28472
Updates loading icon in commits page. !28475
Fix border radius of discussions. !28490
Update broadcast message action icons. !28496 (Jarek Ostrowski @jareko)
Update icon color to match design system, pass accessibility. !28498 (Jarek Ostrowski @jareko)
Show data on Cycle Analytics page when value is less than a second. !28507
Fix dropdown position when loading remote data. !28526
Delete unauthorized Todos when project is made private. !28560
Change links in system notes to use relative paths. !28588 (Luke Picciau)
Update favicon from next. !28601 (Jarek Ostrowski @jareko)
Open visibility help link in a new tab. !28603 (George Tsiolis)
Fix issue importing members with owner access. !28636
Fix the height of the page headers on issues/merge request/snippets pages. !28650 (Erik van der Gaag)
Always show "Pipelines must succeed" checkbox. !28651
Resolve moving an issue results in broken image links in comments. !28654
Fix milestone references containing &, <, or >. !28667
Add hover and focus to Attach a file. !28682
Correctly word-wrapping project descriptions with very long words. !28695 (Erik van der Gaag)
Prevent icons from shrinking in User popover when contents exceed container. !28696
Allow removal of empty lines via suggestions. !28703
Throw an error when formatDate's input is invalid. !28713
Fix order dependency with user params during imports. !28719
Fix search dropdown not closing on blur if empty. !28730
Fixed ignored postgres version that occurs after the first autodevops deploy when specifying custom $POSTGRES_VERSION. !28735 (Brandon Dimcheff)
Limit milestone dates to before year 9999. !28742 (Luke Picciau)
Set project default visibility to max allowed. !28754
Cancel auto merge when merge request is closed. !28782
Fixes Ref link being displayed as raw HTML in the Pipelines page. !28823
Fix job name in graph dropdown overflowing. !28824
Add style to disable webkit icons for search inputs. !28833 (Jarek Ostrowski @jareko)
Fix email notifications for user excluded actions. !28835
Resolve Tooltip Consistency. !28839
Fix Merge Request merge checkbox alignment on mobile view. !28845
Add referenced-commands in no overflow list. !28858
Fix participants list wrapping. !28873
Excludes MR author from Review roulette. !28886 (Jacopo Beschi @jacopo-beschi)
Give labels consistent weight. !28895
Added padding to time window dropdown in monitor dashboard. !28897
Move text under p tag. !28901
Resolve Position is off when visiting files with anchors. !28913
Fix whitespace changes visibility when the related file was initially collapsed. !28950 (Ondřej Budai)
Fix emoji picker visibility issue. !28984
Resolve Merge request discussion text jumps when resolved. !28995
Allow lowercase prefix for Youtrack issue ids. !29057 (Matthias Baur)
Add support to view entirety of long branch name in dropdown instead of it being cut off. !29069
Fix inconsistent option dropdown button height to match adjacent button. !29096
Improve new user email markup unconsistency between text and html parts. !29111 (Haunui Saint-sevin)
Eliminate color inconsistencies in metric graphs. !29127
Avoid setting Gitlab::Session on sessionless requests and Git HTTP. !29146
Use the selected time window for metrics dashboard. !29152
Remove build policies from serverless app template. !29253
Fix serverless apps deployments by bumping 'tm' version. !29254
Include the port in the URLs of the API Link headers. !29267
Fix Fogbugz Importer not working. !29383
Fix GPG signature verification with recent GnuPG versions. !29388 (David Palubin)
Cancel Auto Merge when target branch is changed. !29416
Fix nil coercion updating storage size on project statistics. !29425
Ignore legacy artifact columns in Project Import/Export. !29427
Avoid DB timeouts when scheduling migrations. !29437
Handle encoding errors for MergeToRefService. !29440
Fix UTF-8 conversion issues when resolving conflicts. !29453
Enlarge metrics time-window dropdown links. !29458
Remove unnecessary decimals on Metrics chart axis. !29468
Fix scrolling to top on assignee change. !29500
Allow command/control click to open link in new tab on Merge Request tabs. !29506
Omit blocked admins from repository check e-mails. !29507
Fix diverged branch locals. !29508
Process up to 100 commit messages for references when pushing to a new default branch. !29511 (Fabio Papa)
Allow developer role to delete docker tags via container registry API. !29512
Fix "Resolve conflicts" button not appearing for some users. !29535
Fix: propagate all documented ENV vars to CI when using SAST. !29564
AutoDevops function ensure_namespace() now explicitly tests the namespace. !29567 (Jack Lei)
Fix sidebar flyout navigation. !29571
Fix missing deployment rockets in monitor dashboard. !29574
Fix inability to set visibility_level on project via API. !29578
Ensure a Kubernetes namespace is not used for deployments if there is no service account token associated with it. !29643
Refresh service_account_token for kubernetes_namespaces. !29657
Expose all current events properly on services API. !29736 (Zsolt Kovari)
Move Dropdown to Stick to MR View App Button. !29767
Fix IDE commit using latest ref in branch and overriding contents. !29769
Revert concurrent pipeline creation for pipeline schedules. !29794
Fix border radii on diff files and repo files.
Fix padding of unclickable pipeline dropdown items to match links.
Fix pipeline schedules when owner is nil.
Fix remote mirrors not updating after tag push.
Fix layout of group milestone header.
Fixed show whitespace button not refetching diff content.
Change resolve button text to mark comment as resolved.
Align system note within discussion with other notes.


Changed (35 changes, 13 of them are from the community)

Include information if issue was clossed via merge request or commit. !15610 (Michał Zając)
Removes duplicated members from api/projects/:id/members/all. !24005 (Jacopo Beschi @jacopo-beschi)
Apply the group setting "require 2FA" across all subgroup members as well when changing the group setting. !24965 (rroger)
Enable function features for external Knative installations. !27173
Remove dind from DAST template. !28083
Update registration form to indicate invalid name or username length on input. !28095 (Jiaan Louw)
Default masked to false for new variables. !28186
Better isolated Docker.gitlab-ci.yml to avoid interference with other job configurations. !28213 (lrkwz)
Remove the mr_push_options feature flag. !28278
Replace Oxygen-Sans font with Noto Sans. !28322
Update new smiley icons, find n replace old names with new ones. !28338 (Jarek Ostrowski)
Adds a text label to color pickers to improve accessibility. !28343 (Chris Toynbee)
Prioritize login form on mobile breakpoint. !28360
Move some project routes under /-/ scope. !28435
I18n for issue closure reason in emails. !28489 (Michał Zając)
Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation and usage. !28546
Add check circle filled icon for resolved comments. !28663
Update project security dashboard documentation. !28681
Remove docker pull prefix when copying a tag from the registry. !28757 (Benedikt Franke)
Adjust milestone completion rate to be based on issues count. !28777
Enhance line-height of Activity feed UI. !28856 (Jacopo Beschi @jacopo-beschi)
Upgrade to Gitaly v1.43.0. !28867
Do not display Update app button when saving Knative domain name. !28904
Rebrush of flash-warning according to the new design (brighter background and darker font). !28916 (Michel Engelen)
Added reference, web_path, and relative_position fields to GraphQL Issue. !28998
Change logic behind cycle analytics. !29018
Add documentation links for confidental and locked discussions. !29073
Update GITALY_SERVER_VERSION to 1.45.0. !29109
Allow masking if 8 or more characters in base64. !29143 (thomas-nilsson-irfu)
Replaces sidekiq mtail metrics with ruby instrumentation metrics. !29215
Allow references to labels and milestones to contain emoji. !29284
changed the styles on Add List dropdown to look more like the EE vesion. !29338 (Michel Engelen)
Hashed Storage is enabled by default on new installations. !29586
Upgrade to Gitaly v1.47.0. !29789
Default MR checkbox to true in most cases.


Performance (11 changes)

Improve performance of jobs controller. !28093
Upgrade Ruby version to 2.6.3. !28117
Make pipeline schedule worker resilient. !28407
Fix performance issue with large Markdown content in issue or merge request description. !28597
Improve clone performance by using delta islands. !28871
Reduce Gitaly calls to improve performance when rendering suggestions. !29027
Use Redis for CacheMarkDownField on non AR models. !29054
Add index on public_email for users. !29430
Speed up commit loads by disabling BatchLoader replace_methods. !29633
Add index on invite_email for members. !29768
Improve performance of users autocomplete when there are lots of results.


Added (47 changes, 12 of them are from the community)

Added option to filter jobs by age in the /job/request API endpoint. !1340 (Dmitry Chepurovskiy)
Add ability to define notification email addresses for groups you belong to. !25299
Add wiki size to project statistics. !25321 (Peter Marko)
58404 - setup max depth for GraphQL. !25737 (Ken Ding)
Add auto SSL toggle option to Pages domain settings page. !26438
Empty project state for Web IDE. !26556
Add support for multiple job parents in GitLab CI YAML. !26801 (Wolphin (Nikita))
Pass user's identity and token from JupyterHub to user's Jupyter environment. !27314 (Amit Rathi)
Add issues_statistics api endpoints and extend issues search api. !27366
Validate Kubernetes credentials at cluster creation. !27403
Update the merge request widget's "Merge" button to support merge trains. !27594
Style the toast component according to design specs. !27734
Add API support for committing changes to different projects in same fork network. !27915
Add support for && and || to CI Pipeline Expressions. Change CI variable expression matching for Lexeme::Pattern to eagerly return tokens. !27925 (Martin Manelli)
Added ref querystring parameter to project search API to allow searching on branches/tags other than the default. !28069 (Lee Tickett)
Add notify_only_default_branch option to PipelinesEmailService. !28271 (Peter Marko)
Support multiplex GraphQL queries. !28273
Add Namespace and ProjectStatistics to GraphQL API. !28277
Display classname JUnit attribute in report modal. !28376
API: Allow to get and set "masked" attribute for variables. !28381 (Mathieu Parent)
Add allow_failure attribute to Job API. !28406
Add support for AsciiDoc include directive. !28417 (Jakub Jirutka & Guillaume Grossetie)
Migrate Kubernetes service integration templates to clusters. !28534
Allow issue list to be sorted by relative order. !28566
Implement borderless discussion design with new reply field. !28580
Add expand/collapse to error tracking settings. !28619
Adds collapsible sections for job log. !28642
Add LFS oid to GraphQL blob type. !28666
Allow users to specify a time range on metrics dashboard. !28670
Add a New Copy Button That Works in Modals. !28676
Add Kubernetes logs to Admin Logs UI. !28685
Set up git client in Jupyter installtion. !28783 (Amit Rathi)
Add task count and completed count to responses of Issue and MR. !28859
Add project level git depth CI/CD setting. !28919
Use global IDs when exposing GraphQL resources. !29080
Expose wiki_size on GraphQL API. !29123
Expose notes and discussions in GraphQL. !29212
Use to 'gitlabktl' build serverless applications. !29258
Adds pagination component for graphql api. !29277
Allow switching clusters between managed and unmanaged. !29322
Get and edit ci_default_git_depth via project API. !29353
Link to an external dashboard from metrics dashboard. !29369
Add labels to note event payload. !29384 (Sujay Patel)
Add Join meeting button to issues with Zoom links. !29454
Add backtraces to Peek performance bar for SQL calls.
Added diff suggestion feature discovery popover.
Make task completion status available via GraphQL.


Other (62 changes, 14 of them are from the community)

Unified EE/CS differences in repository/show.html. !13562
Remove legacy artifact related code. !26475
Backport the EE schema and migrations to CE. !26940 (Yorick Peterse)
Add dedicated logging for GraphQL queries. !27885
i18n: externalize strings from user profile settings. !28088 (Antony Liu)
Omit max-count for diverging_commit_counts behind feature flag. !28157
Fix alignment of resend button in members page. !28202
Update indirect dependency fsevents from 1.2.4 to 1.2.9. !28220 (Takuya Noguchi)
Update get_process_mem to 0.2.3. !28248
Add Pool repository to the usage ping. !28267
Forbid NULL in project_statistics.packages_size. !28400
Update Gitaly to v1.42.1. !28425
Upgrade babel to 7.4.4. !28437 (Takuya Noguchi)
Externalize profiles preferences. !28470 (George Tsiolis)
Update GitLab Runner Helm Chart to 0.5.0. !28497
Change collapse icon size to size of profile picture. !28512
Resolve Snippet icon button is misaligned. !28522
Bumps Kubernetes in Auto DevOps to 1.11.10. !28525
Bump Helm version in Auto-DevOps.gitlab-ci.yml to 2.14.0. !28527
Migrate the monitoring dashboard store to vuex. !28555
Give New Snippet button green outline. !28559
Removes project_auto_devops#domain column. !28574
Externalize strings of email page in user profile. !28587 (antony liu)
Externalize strings of active sessions page in user profile. !28590 (antony liu)
Refactor and abstract Auto Merge Processes. !28595
Add section to dev docs on accessing chatops. !28623
Externalize strings of chat page in user profile. !28632
Externalize strings of PGP Keys and SSH Keys page in user profile. !28653 (Antony Liu)
Added the .extended-height class to the labels-dropdown. !28659 (Michel Engelen)
Moved EE/CE code differences for app/assets/javascripts/gl_dropdown.js into CE. !28711 (Michel Engelen)
Update GitLab Runner Helm Chart to 0.5.1. !28720
Remove support for using Geo with an installation from source. !28737
API: change masked attribute type to Boolean. !28758
API: change protected attribute type to Boolean. !28766
Add a column header to admin/jobs page. !28837
Reset merge status from mergeable MRs. !28843
Show tooltip on truncated commit title. !28865 (Timofey Trofimov)
Added conditional rendering to app/views/search/_form.html.haml for CE/EE code base consistency. !28883 (Michel Engelen)
Change "Report abuse to GitLab" to more generic wording. !28884 (Marc Schwede)
Update GitLab Pages to v1.6.0. !29048
Update GitLab Runner Helm Chart to 0.5.2. !29050
User link styling for commits. !29150
Fix null source_project_id in pool_repositories. !29157
Add deletion protection setting column to application_settings table. !29268
Added code differnces from EE in file 'app/assets/javascripts/pages/projects/project.js' to CE. !29271 (Michel Engelen)
Update to GitLab Shell v9.3.0. !29283
Document when milestones and labels links are missing. !29355
Make margin between buttons consistent. !29378
Changed the 'Created' label to 'Last Updated' on the container registry table to more accurately reflect what the date represents. !29464
Update GitLab Pages to v1.6.1. !29559
Indent collapsible sections. !29804
Use grid and correct border radius for status badge.
Remove fixed height from MR diff headers.
Use blue for activity stream links; use monospace font for commit sha.
Moves snowplow to CE repo.
Reduce height of issue board input to align with buttons.
Change default color of award emoji button.
Group download buttons into a .btn-group.
Add warning that gitlab-secrets isn't included in backup.
Increase height of move issue dropdown.
Update merge request tabs so they no longer scroll.
Moves the table pagination shared component.


11.11.8

Security (2 changes)

Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits.
Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie.


11.11.7

Security (9 changes)

Restrict slash commands to users who can log in.
Patch XSS issue in wiki links.
Filter merge request params on the new merge request page.
Fix Server Side Request Forgery mitigation bypass.
Show badges if pipelines are public otherwise default to project permissions.
Do not allow localhost url redirection in GitHub Integration.
Do not show moved issue id for users that cannot read issue.
Use source project as permissions reference for MergeRequestsController#pipelines.
Drop feature to take ownership of trigger token.


11.11.4 (2019-06-26)

Fixed (3 changes)

Fix Fogbugz Importer not working. !29383
Fix scrolling to top on assignee change. !29500
Fix IDE commit using latest ref in branch and overriding contents. !29769


11.11.3 (2019-06-10)

Fixed (5 changes)

Fix invalid visibility string comparison in project import. !28612
Remove a default git depth in Pipelines for merge requests. !28926
Fix connection to Tiller error while uninstalling. !29131
Fix label click scrolling to top. !29202
Make OpenID Connect work without requiring a name. !29312


11.11.2 (2019-06-04)

Fixed (7 changes)

Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL. !28607
Fix OmniAuth OAuth2Generic strategy not loading. !28680
Use source ref in pipeline webhook. !28772
Fix migration failure when groups are missing route. !29022
Stop two-step rebase from hanging when errors occur. !29068
Fix project settings not being able to update. !29097
Fix display of 'Promote to group label' button.


Other (1 change)

Fix input group height.


11.11.0 (2019-05-22)

Security (1 change)

Destroy project remote mirrors instead of disabling. !27087


Fixed (75 changes, 19 of them are from the community)

Don't create a temp reference for branch comparisons within project. !24038
Fix some label links not appearing on group labels page and label title being a link on project labels page. !24060 (Tanya Pazitny)
Fix extra emails for custom notifications. !25607
Rewind IID on Ci::Pipelines. !26490
Fix duplicate merge request pipelines created by Sidekiq worker retry. !26643
Catch and report OpenSSL exceptions while fetching external configuration files in CI::Config. !26750 (Drew Cimino)
stop rendering download links for expired artifacts on the project tags page. !26753 (Drew Cimino)
Format extra help page text like wiki. !26782 (Bastian Blank)
Always show instance configuration link. !26783 (Bastian Blank)
Display maximum artifact size from runtime config. !26784 (Bastian Blank)
Resolve issue where list labels did not have the correct text color on creation. !26794 (Tucker Chapman)
Set release name when adding release notes to an existing tag. !26807
Fix the bug that the project statistics is not updated. !26854 (Hiroyuki Sato)
Client side changes for ListLastCommitsForTree response update. !26880
Fix api group visibility. !26896
Require all templates to use default stages. !26954
Remove a "reopen merge request button" on a "merged" merge request. !26965 (Hiroyuki Sato)
Fix misaligned image diff swipe view. !26969 (ftab)
Add badge-pill class on group member count. !27019
Remove leading / trailing spaces from heading when generating header ids. !27025 (Willian Balmant)
Respect updated_at attribute in notes produced by API calls. !27124 (Ben Gamari)
Fix GitHub project import visibility. !27133 (Daniel Wyatt)
Fixes actions dropdowns in environments page. !27160
Fixes create button background for Environments form. !27161
Display scoped labels in Issue Boards. !27164
Align UrlValidator to validate_url gem implementation. !27194 (Horatiu Eugen Vlad)
Resolve Web IDE template dropdown showing duplicates. !27237
Update GitLab Workhorse to v8.6.0. !27260
Only show in autocomplete when author active. !27292
Remove deadline for Git fsck. !27299
Show prioritized labels to guests. !27307
Properly expire all pipeline caches when pipeline is deleted. !27334
Replaced icon for external URL with doc-text icon. !27365
Add auto direction for issue title. !27378 (Ahmad Haghighi)
fix wiki search result links in titles. !27400 (khm)
Fix system notes timestamp when creating issue in the past. !27406
Fix approvals sometimes being reset after a merge request is rebased. !27446
Fix empty block in MR widget when user doesn't have permission. !27462
Fix wrong use of ActiveRecord in PoolRepository. !27464
Show proper preview for uploaded images in Web IDE. !27471
Resolve Renaming an image via Web IDE corrupts it. !27486
Clean up CarrierWave's import/export files. !27487
Fix autocomplete dropdown for usernames starting with period. !27533 (Jan Beckmann)
Disable password autocomplete in mirror repository form. !27542
Always use internal ID tables in development and production. !27544
Only show the "target branch has advanced" message when the merge request is open. !27588
Resolve Misalignment on suggested changes diff table. !27612
Update Workhorse to v8.7.0. !27630
Fix FE API and IDE handling of '/' relative_url_root. !27635
Hide ScopedBadge overflow notes. !27651
Fix base domain help text update. !27746
Upgrade letter_opener_web to support Rails 5.1. !27829
Fix webpack assets handling when relative url root is '/'. !27909
Fix IDE get file data with '/' as relative root. !27911
Allow a member to have an access level equal to parent group. !27913
Fix issuables state_id nil when importing projects from GitHub. !28027
Fix uploading of LFS tracked file through UI. !28052
Render Next badge only for gitlab.com. !28056
Fix update head pipeline process of Pipelines for merge requests. !28057
Handle errors in successful notes reply. !28082
Fix visual issues in set status modal. !28147
Use a path for the related merge requests endpoint. !28171
disable SSH key validation in key details view. !28180 (Roger Meier)
Fix MR discussion border missing in chrome sometimes. !28185
Fix Error 500 when inviting user already present. !28198
Remove non-semantic use of .row in member listing controls. !28204
Properly handle LFS Batch API response in project import. !28223
Fix project visibility level validation. !28305 (Peter Marko)
Fix incorrect prefix used in new uploads for personal snippets. !28337
Fix Rugged get_tree_entries recursive flag not working. !28494
Next badge must visible when canary flag is true.
Vertically aligns the play button for stages.
Fixes next badge being always visible.
Adds arrow icons to select option in CI/CD settings.
Allow replying to individual notes from API.


Changed (19 changes, 3 of them are from the community)

Sort by due date and popularity in both directions for Issues and Merge requests. !25502 (Nermin Vehabovic)
Improve pipelines table spacing, add triggerer column. !26136
Allow extra arguments in helm commands when deploying the application in Auto-DevOps.gitlab-ci.yml. !26171 (tortuetorche)
Switch to sassc-rails for faster stylesheet compilation. !26224
Reorganize project merge request settings. !26834
Display a toast message when the Kubernetes runner has successfully upgraded. !27206
Allow guests users to access project releases. !27247
Add help texts to K8 form fields. !27274
Support prometheus for group level clusters. !27280
Include link to raw job log in plain-text emails. !27409
Only escape Markdown emphasis characters in autocomplete when necessary. !27457
Move location of charts/auto-deploy-app -> gitlab-org/charts/auto-deploy-app. !27477
Make canceled jobs not retryable. !27503
Upgrade to Gitaly v1.36.0. !27831
Update deployment event chat notification message. !27972
Upgrade to Gitaly v1.42.0. !28135
Resolve discussion when apply suggestion. !28160
Improve expanding diff to full file performance.
Knative version bump 0.3 -> 0.5. (Chris Baumbauer cab@cabnetworks.net)


Performance (5 changes)

Added list_pages method to avoid loading all wiki pages content. !22801
Add gitaly session id & catfile-cache feature flag. !27472
Add improvements to global search of issues and merge requests. !27817
Disable method replacement in avatar loading. !27866
Fix Blob.lazy always loading all previously-requested blobs when a new request is made.


Added (36 changes, 10 of them are from the community)

Add time preferences for user. !25381
Added write_repository scope for personal access token. !26021 (Horatiu Eugen Vlad)
Mark disabled pages domains for removal, but don't remove them yet. !26212
Remove pages domains if they weren't verified for 1 week. !26227
Expose pipeline variables via API. !26501 (Agustin Henze tin@redhat.com)
Download a folder from repository. !26532 (kiameisomabes)
Remove cleaned up OIDs from database and cache. !26555
Disables kubernetes resources creation if a cluster is not managed. !26565
Add CI_COMMIT_REF_PROTECTED CI variable. !26716 (Jason van den Hurk)
Add new API endpoint to expose a single environment. !26887
Allow Sentry configuration to be passed on gitlab.yml. !27091 (Roger Meier)
CI variables of type file. !27112
Allow linking to a private helm repository by providing credentials, and customisation of repository name. !27123 (Stuart Moore @stjm-cc)
Add time tracking information to Issue Boards sidebar. !27166
Play all manual jobs in a stage. !27188
Instance level kubernetes clusters. !27196
Adds if InfluxDB and Prometheus metrics are enabled to usage ping data. !27238
Autosave description in epics. !27296
Add deployment events to chat notification services. !27338
Add packages_size to ProjectStatistics. !27373
Added OmniAuth OpenID Connect strategy. !27383 (Horatiu Eugen Vlad)
Test using Git 2.21. !27418
Use official Gitea logo in importer. !27424 (Matti Ranta (@techknowlogick))
Add option to set access_level of runners upon registration. !27490 (Zelin L)
Add initial GraphQL query for Groups. !27492
Enable Sidekiq Reliable Fetcher for background jobs by default. !27530
Add backend support for a External Dashboard URL setting. !27550
Implement UI for uninstalling Cluster’s managed apps. !27559
Resolve Salesforce.com omniauth support. !27834
Leave project/group from access granted email. !27892
Allow Sentry client-side DSN to be passed on gitlab.yml. !27967
GraphQL: improve evaluation of query complexity based on arguments and query limits. !28017
Support negative matches.
Added Omniauth UltraAuth strategy to GitLab. (Kartikey Tanna)
Adds badge for Canary environment and help link.
Show category icons in user popover.


Other (29 changes, 8 of them are from the community)

Validate refs used in controllers don't have spaces. !24037
Migrate correlation and tracing code to LabKit. !25379
Update node.js to 10.15.3 in CI template for Hexo. !25943 (Takuya Noguchi)
Improve icons and button order in project overview. !26796
Add instructions on how to contribute a Built-In template for project. !26976
Extract DiscussionNotes component from NoteableDiscussion. !27066
Bump gRPC to 1.19.0 and protobuf to 3.7.1. !27086
Extract DiscussionActions component from NoteableDiscussion. !27227
Show disabled project repo mirrors in settings. !27326
Add backtrace to Gitaly performance bar. !27345
Moved EE/CE differences for dropdown_value_collapsed into CE. !27367
Remove "You are already signed in" banner. !27377
Move ee-specific code from boards/components/issue_card_inner.vue. !27394 (Roman Rodionov)
Upgrade to Rails 5.1. !27480 (Jasper Maes)
Update GitLab Runner Helm Chart to 0.4.0. !27508
Update GitLab Runner Helm Chart to 0.4.1. !27627
Refactored notes tests from Karma to Jest. !27648 (Martin Hobert)
refactor(issue): Refactored issue tests from Karma to Jest. !27673 (Martin Hobert)
Refactored Karma spec files to Jest. !27688 (Martin Hobert)
Add CSS fix for  elements on IE11. !27846

Update clair-local-scan to v2.0.8 for container scanning. !27977
Use PostgreSQL 10.7 in tests. !28020
Document EE License Auto Import During Install. !28106
Remove the note in the docs that multi-line suggestions are not yet available. !28119 (hardysim)
Update gitlab-shell to v9.1.0. !28184
Add EE fixtures to SeedFu list. !28241
Add some frozen string to spec/**/*.rb. (gfyoung)
Replaces CSS with BS4 utility class for pipeline schedules.
Creates a vendors folder for external CSS.


Performance (1 change)

Add improvements to global search of issues and merge requests. !27817


11.10.7 (2019-06-26)

Fixed (3 changes)

Remove a default git depth in Pipelines for merge requests. !28926
Fix label click scrolling to top. !29202
Fix scrolling to top on assignee change. !29500


11.10.8 (2019-06-27)

No changes.


Security (10 changes)

Fix Denial of Service for comments when rendering issues/MR comments.
Gate MR head_pipeline behind read_pipeline ability.
Fix DoS vulnerability in color validation regex.
Expose merge requests count based on user access.
Persist tmp snippet uploads at users.
Add missing authorizations in GraphQL.
Disable Rails SQL query cache when applying service templates.
Prevent Billion Laughs attack.
Correctly check permissions when creating snippet notes.
Prevent the detection of merge request templates by unauthorized users.


Performance (1 change)

Add improvements to global search of issues and merge requests. !27817


11.10.6 (2019-06-04)

Fixed (7 changes, 1 of them is from the community)

Allow a member to have an access level equal to parent group. !27913
Fix uploading of LFS tracked file through UI. !28052
Use 3-way merge for squashing commits. !28078
Use a path for the related merge requests endpoint. !28171
Fix project visibility level validation. !28305 (Peter Marko)
Fix Rugged get_tree_entries recursive flag not working. !28494
Use source ref in pipeline webhook. !28772


Other (1 change)

Fix input group height.


11.10.4 (2019-05-01)

Fixed (12 changes)

Fix MR popover on ToDos page. !27382
Fix 500 in general pipeline settings when passing an invalid build timeout. !27416
Fix bug where system note MR has no popover. !27589
Fix bug when project export to remote url fails. !27614

on_stop is not automatically triggered with pipelines for merge requests. !27618
Update Workhorse to v8.5.2. !27631
Show proper wiki links in search results. !27634
Make CI_COMMIT_REF_NAME and SLUG variable idempotent. !27663
Fix Kubernetes service template deployment jobs broken as of 11.10.0. !27687
Prevent text selection when dragging in issue boards. !27724
Fix pipelines for merge requests does not show pipeline page when source branch is removed. !27803
Fix Metrics Environments dropdown.


Performance (2 changes)

Prevent concurrent execution of PipelineScheduleWorker. !27781
Fix slow performance with compiling HAML templates. !27782


11.10.3 (2019-04-30)

Security (1 change)

Allow to see project events only with api scope token.


11.10.2 (2019-04-25)

Security (4 changes)

Loosen regex for exception sanitization. !3076
Resolve: moving an issue to private repo leaks namespace and project name.
Escape path in new merge request mail.
Stop sending emails to users who can't read commit.


11.10.1 (2019-04-23)

Fixed (2 changes)

Upgrade Gitaly to 1.34.0. !27494
Fix filtering of labels from system note link. !27507


Changed (1 change)

Disable just-in-time Kubernetes resource creation for project level clusters. !27352


Performance (1 change)

Bring back Rugged implementation of ListCommitsByOid. !27441


Other (1 change)

Bump required Ruby version check to 2.5.3. !27495


11.10.0 (2019-04-22)

Security (9 changes)

Update Rails to 5.0.7.2. !27022
Disallow guest users from accessing Releases.
Return cached languages if they've been detected before.
Added rake task for removing EXIF data from existing uploads.
Disallow updating namespace when updating a project.
Fix XSS in resolve conflicts form.
Hide "related branches" when user does not have permission.
Fix PDF.js vulnerability.
Use UntrustedRegexp for matching refs policy.


Fixed (81 changes, 21 of them are from the community)

Update border-radius of form controls and remove extra space above page titles. !24497
Disallow reopening of a locked merge request. !24882 (Jan Beckmann)
Align EmailValidator to validate_email gem implementation. !24971 (Horatiu Eugen Vlad)
add a uniq constraints on issues and mrs labels. !25435 (Antoine Huret)
Display draft when toggling replies. !25563
Fix markdown table header and table content borders. !25666
Fix authorized application count. !25715 (moyuru)
Added "Add List" checkbox to create label dropdown to make creation of list optional. !25716 (Tucker Chapman)
Makes emoji picker full width on mobile. !25883 (Jacopo Beschi @jacopo-beschi)
Don't cutoff letters in MR and Issue links. !25910 (gfyoung)
Fix unwanted character replacement on project members page caused by usage of sanitize function. !25946 (Elias Werberich)
Fix UI for closed MR when source project is removed. !25967 (Takuya Noguchi)
Keep inline as much as possible in system notes on issuable. !25968 (Takuya Noguchi)
Fixes long review app subdomains. !25990 (walkafwalka)
Fix counting of groups in admin dashboard. !26009
Disable inaccessible navigation links upon archiving a project. !26020 (Elias Werberich)
Fixed - Create project label window is cut off at the bottom. !26049
Fix error shown when loading links to specific comments. !26092
Fix group transfer selection possibilities. !26123 (Peter Marko)
Fix UI layout on Commits on mobile. !26133 (Takuya Noguchi)
Fix continuous bitbucket import loading spinner. !26175
Resolves Branch name is lost if I change commit mode in Web IDE. !26180
Fix removing remote mirror failure which leaves unnecessary refs behind. !26213
Fix Error 500 when user commits Wiki page with no commit message. !26247
Handle missing keys in sentry api response. !26264
Implemented whitespace-trimming for file names in Web IDE. !26270
Fix misalignment of group overview page buttons. !26292
Reject HEAD requests to info/refs endpoint. !26334
Prevent namespace dropdown in new project form from exceeding container. !26343
Fix hover animation consistency in top navbar items. !26345
Exclude system notes from commits in merge request discussions. !26396
Resolve Code in other column of side-by-side diff is highlighted when selecting code on one side. !26423
Prevent fade out transition on loading-button component. !26428
Fix merge commits being used as default squash commit messages. !26445
Expand resolved discussion when linking to a comment in the discussion. !26483
Show statistics also when repository is disabled. !26509 (Peter Marko)
Fix multiple series queries on metrics dashboard. !26514
Releases will now be automatically deleted when deleting corresponding tag. !26530
Make stylistic improvements to diff nav header. !26557
Clear pipeline status cache after destruction of pipeline. !26575
Update fugit which fixes a potential infinite loop. !26579
Fixes job link in artifacts page breadcrumb. !26592
Fix quick actions add label name middle word overlaps. !26602 (Jacopo Beschi @jacopo-beschi)
Fix Auto DevOps missing domain error handling. !26627
Fix jupyter rendering bug that ended in an infinite loop. !26656 (ROSPARS Benoit)
Use a fixed git abbrev parameter when we fetch a git revision. !26707
Enabled text selection highlighting in diffs in Web IDE. !26721 (Isaac Smith)
Remove path and branch labels from metrics. !26744
Resolve "Hide Kubernetes cluster warning if project has cluster related". !26749
Fix long label overflow on metrics dashboard. !26775
Group transfer now properly redirects to edit on failure. !26837
Only execute system hooks once when pushing tags. !26888
Fix UI anchor links after docs refactor. !26890
Fix MWPS does not work for merge request pipelines. !26906
Create pipelines for merge requests only when source branch is updated. !26921
Fix notfication emails having wrong encoding. !26931
Allow task lists that follow a blockquote to work correctly. !26937
Fix image diff swipe view on commit and compare pages. !26968 (ftab)
Fix IDE detection of MR from fork with same branch name. !26986
Fix single string values for the 'include' keyword validation of gitlab-ci.yml. !26998 (Paul Bonaud (@paulrbr))
Do not display Ingress IP help text when there isn’t an Ingress IP assigned. !27057
Fix real-time updates for projects that contain a reserved word. !27060
Remove duplicates from issue related merge requests. !27067
Add to white-space nowrap to all buttons. !27069
Handle possible HTTP exception for Sentry client. !27080
Guard against nil dereferenced_target. !27192
Update GitLab Workhorse to v8.5.1. !27217
Fix long file header names bug in diffs. !27233
Always return the deployment in the UpdateDeploymentService#execute method. !27322
Fix remove_source_branch merge request API handling. !27392
Fixed bug with hashes in urls in WebIDE. !54376 (Kieran Andrews)
Fix bug where MR popover doesn't go away on mouse leave.
Only consider active milestones when using the special Started milestone filter.
Scroll to diff file content when clicking on file header name and it is not a link to other page.
Remove non-functional add issue button on welcome list.
Fixed expand full file button showing on images.
Fixed Web IDE web workers not working with relative URLs.
Fixed Web IDE not loading merge request files.
Fixed duplicated diff too large error message.
Fixed sticky headers in merge request creation diffs.
Fix bug when reopening milestone from index page.


Deprecated (1 change)

Allow to use untrusted Regexp via feature flag. !26905


Changed (35 changes, 4 of them are from the community)

Create MR pipelines with refs/merge-requests/:iid/head. !25504
Create Kubernetes resources for projects when their deployment jobs run. !25586
Remove unnecessary folder prefix from environment name. !25600
Update deploy boards to additionally select on "app.gitlab.com" annotations. !25623
Allow failed custom hook script errors to safely appear in GitLab UI by filtering error messages by the prefix GL-HOOK-ERR:. !25625
Add link on two-factor authorization settings page to leave group that enforces two-factor authorization. !25731
Reduce height of instance system header and footer. !25752
Unify behaviour of 'Copy commit SHA to clipboard' to use full commit SHA. !25829 (Max Winterstein)
Show loading spinner while Ingress/Knative IP is being assigned. !25912
Hashed Storage: Prevent a migration and rollback running at the same time. !25976
Make time counters show 'just now' for everything under one minute. !25992 (Sergiu Marton)
Allow filtering labels list by one or two characters. !26012
Implements the creation strategy for multi-line suggestions. !26057
Automate base domain help text on Clusters page. !26124
Set user.name limit to 128 characters. !26146
Update gitlab-markup to 1.7.0 which requies python3. !26246
Update system message banner font size to 12px. !26293
Extend timezone dropdown. !26311
Upgrade to Gitaly v1.29.0. !26406
Automatically set Prometheus step interval. !26441
Knative version bump 0.2.2 -> 0.3.0. !26459 (Chris Baumbauer)
Display cluster form validation error messages inline. !26502
Split Auto-DevOps.gitlab-ci.yml into reusable templates. !26520
Update spinners in group list component. !26572
Allow removing last owner from subgroup if parent group has owners. !26718
Check mergeability in MergeToRefService. !26757
Show download diff links for closed MRs. !26772
Fix Container Scanning in Kubernetes Runners. !26793
Move "Authorize project access with external service" to Core. !26823
Localize notifications dropdown. !26844
Order labels alphabetically in issue boards. !26927
Upgrade to Gitaly v1.32.0. !26989
Upgrade to Gitaly v1.33.0. !27065
collapse file tree by default if the merge request changes only one file. (Riccardo Padovani riccardo@rpadovani.com)
Removes the undescriptive CI Charts header.


Performance (17 changes)

Drop legacy artifacts usage as there are no leftovers. !24294
Cache Repository#root_ref within a request. !25903
Allow ref name caching CommitService#find_commit. !26248
Avoid loading pipeline status in project search. !26342
Fix some N+1s in loading routes and counting members for groups in @-autocomplete. !26491
GitHub import: Run housekeeping after initial import. !26600
Add initial complexity limits to GraphQL queries. !26629
Cache FindCommit results in pipelines view. !26776
Fix and expand Gitaly FindCommit caching. !27018
Enable FindCommit caching for project and commits pages. !27048
Expand FindCommit caching to blob and refs. !27084
Enable Gitaly FindCommit caching for TreeController. !27100
Improve performance of PR import. !27121
Process at most 4 pipelines during push. !27205
Disable method instrumentation for diffs. !27235
Speed up filtering issues in a project when searching.
Speed up generation of avatar URLs when using object storage.


Added (35 changes, 6 of them are from the community)

Add users search results to global search. !21197 (Alexis Reigel)
Add target branch filter to merge requests search bar. !24380 (Hiroyuki Sato)
Add Knative metrics to Prometheus. !24663 (Chris Baumbauer cab@cabnetworks.net)
Support multi-line suggestions. !25211
Allow to sort wiki pages by date and title. !25365
Allow external diffs to be used conditionally. !25432
Add usage counts for error tracking feature. !25472
Enable/disable Auto DevOps at the Group level. !25533
Update pipeline list view to accommodate post-merge pipeline information. !25690
GraphQL Types can be made to always authorize access to resources of that Type. !25724
Update clair-local-scan to 2.0.6. !25743 (Takuya Noguchi)
Update pipeline block on merge request page to accommodate post-merge pipeline information. !25745
Support multiple queries per chart on metrics dash. !25758
Update pipeline detail view to accommodate post-merge pipelines. !25775
Update job detail sidebar to accommodate post-merge pipeline information. !25777
Add merge request pipeline flag to pipeline entity. !25846
Expose group id on home panel. !25897 (Peter Marko)
Move allow developers to create projects in groups to Core. !25975
Add two new warning messages to the MR widget about merge request pipelines. !25983
Support installing Group runner on group-level cluster. !26260
Improve the Knative installation on Clusters. !26339
Show error when namespace/svc account missing. !26362
Add select by title to milestones API. !26573
Implemented support for creation of new files from URL in Web IDE. !26622
Add control for masking variable values in runner logs. !26751
Allow merge requests to be created via git push options. !26752
Create a shortcut for a new MR in the Web IDE. !26792
Allow reactive caching to be used in services. !26839
Add a Prometheus API per environment. !26841
Allow merge requests to be set to merge when pipeline succeeds via git push options. !26842
Use gitlabktl to build and deploy GitLab Serverless Functions. !26926
Make touch events work on image diff swipe view and onion skin. !26971 (ftab)
Add extended merge request tooltip.
Added prometheus monitoring to GraphQL.
Adding highest role property to admin's user details page.


Other (29 changes, 6 of them are from the community)

Update rack-oauth2 1.2.1 -> 1.9.3. !17868
Merge the gitlab-shell "gitlab-keys" functionality into GitLab CE. !25598
Refactor all_pipelines in Merge request. !25676
Show error backtrace when logging errors to kubernetes.log. !25726
Apply recaptcha API change in 4.0. !25921 (Praveen Arimbrathodiyil)
Remove fake repository_path response. !25942 (Fabio Papa)
Use curl silent/show-error options on Auto DevOps. !25954 (Takuya Noguchi)
Explicitly set master_auth setting to enable basic auth and client certificate for new GKE clusters. !26018
Project: Improve empty repository state UI. !26024
Externalize strings from /app/views/projects/pipelines. !26035 (George Tsiolis)
Prepare multi-line suggestions for rendering in Markdown. !26107
Improve mobile UI on User Profile page. !26240 (Takuya Noguchi)
Update GitLab Runner Helm Chart to 0.3.0/11.9.0. !26467
Improve project merge request settings. !26495
Bump kubectl to 1.11.9 and Helm to 2.13.1 in Auto-DevOps.gitlab-ci.yml. !26534
Upgrade bootstrap_form Gem. !26568
Add API access check to Graphql. !26570
Change project avatar remove button to a link. !26589
Log Gitaly RPC duration to api_json.log and production_json.log. !26652
Add cluster domain to Project Cluster API. !26735
Move project tags to separate line. !26797
Changed button label at /pipelines/new. !26893 (antfobe,leonardofl)
Update GitLab Shell to v9.0.0. !27002
Migrate clusters tests to jest. !27013
Rewrite related MRs widget with Vue. !27027
Restore HipChat project service. !27172
Externalize admin deploy keys strings.
Removes EE differences for environments_table.vue.
Removes EE differences for environment_item.vue.


11.9.12 (2019-05-30)

Security (12 changes, 1 of them is from the community)

Protect Gitlab::HTTP against DNS rebinding attack.
Fix project visibility level validation. (Peter Marko)
Update Knative version.
Add DNS rebinding protection settings.
Prevent XSS injection in note imports.
Prevent invalid branch for merge request.
Filter relative links in wiki for XSS.
Fix confidential issue label disclosure on milestone view.
Fix url redaction for issue links.
Resolve: Milestones leaked via search API.
Prevent bypass of restriction disabling web password sign in.
Hide confidential issue title on unsubscribe for anonymous users.


11.9.10 (2019-04-26)

Security (5 changes)

Loosen regex for exception sanitization. !3077
Resolve: moving an issue to private repo leaks namespace and project name.
Escape path in new merge request mail.
Stop sending emails to users who can't read commit.
Upgrade Rails to 5.0.7.2.


11.9.9 (2019-04-23)

Performance (1 change)

Bring back Rugged implementation of ListCommitsByOid. !27441


11.9.8 (2019-04-11)

Deprecated (1 change)

Allow to use untrusted Regexp via feature flag. !26905


Performance (2 changes)

Improve performance of PR import. !27121
Disable method instrumentation for diffs. !27235


Other (1 change)

Restore HipChat project service. !27172


11.9.7 (2019-04-09)

No changes.


11.9.6 (2019-04-04)

Fixed (3 changes)

Force to recreate all MR diffs on import. !26480
Fix API /project/:id/branches not returning correct merge status. !26785
Avoid excessive recursive calls with Rugged TreeEntries. !26813


Performance (1 change)

Force a full GC after importing a project. !26803


11.9.5 (2019-04-03)

Fixed (3 changes)

Force to recreate all MR diffs on import. !26480
Fix API /project/:id/branches not returning correct merge status. !26785
Avoid excessive recursive calls with Rugged TreeEntries. !26813


Performance (1 change)

Force a full GC after importing a project. !26803


11.9.3 (2019-03-27)

No changes.


11.9.2 (2019-03-26)

No changes.


11.9.1 (2019-03-25)

Fixed (7 changes)

Fix issue that caused the "Show all activity" button to appear on top of the mini pipeline status dropdown on the merge request page. !26274
Fix duplicated bottom match line on merge request parallel diff view. !26402
Allow users who can push to protected branches to create protected branches via CLI. !26413
Add missing .gitlab-ci.yml to Android template. !26415
Refresh commit count after repository head changes. !26473
Set proper default-branch for repository on GitHub Import. !26476
GitHub importer: Use the project creator to create branches from forks. !26510


Changed (1 change)

Upgrade to Gitaly v1.27.1. !26533


11.9.0 (2019-03-22)

Security (24 changes)

Use encrypted runner tokens. !25532
Stop linking to unrecognized package sources. !55518
Disable issue boards API when issues are disabled.
Forbid creating discussions for users with restricted access.
Fix leaking private repository information in API.
Fixed ability to see private groups by users not belonging to given group.
Prevent releases links API to leak tag existence.
Display the correct number of MRs a user has access to.
Block local URLs for Kubernetes integration.
Fix arbitrary file read via diffs during import.
Check if desired milestone for an issue is available.
Don't allow non-members to see private related MRs.
Check snippet attached file to be moved is within designated directory.
Fix blind SSRF in Prometheus integration by checking URL before querying.
Fix git clone revealing private repo's presence.
Remove project serialization in quick actions response.
Don't show new issue link after move when a user does not have permissions.
Limit mermaid rendering to 5K characters.
Show only merge requests visible to user on milestone detail page.
Display only information visible to current user on the Milestone page.
Do not display impersonated sessions under active sessions and remove ability to revoke session.
Validate session key when authorizing with GCP to create a cluster.
Do not disclose milestone titles for unauthorized users.
Remove the possibility to share a project with a group that a user is not a member of.


Removed (1 change)

Remove HipChat integration from GitLab. !22223


Fixed (86 changes, 21 of them are from the community)

Fixes issue with AWS V4 signatures not working with some S3 providers. !21788
Validate 'include' keywords in gitlab-ci.yml configuration files. !24098 (Paul Bonaud)
Close More Actions tooltip when menu opens. !24285
API: Support Jira transition ID as string. !24400 (Robert Schilling)
Fixed navigation sidebar flashing open on page load. !24555
Fix username escaping when using assign to me for issues. !24673
commit page info-well overflow fix #56436. !24799 (Gokhan Apaydin)
Fix error tracking list page. !24806
Fix overlapping empty-header logo. !24868 (Jonas L.)
Resolve Jobs tab border top in pipeline's page is 1px off. !24878
Require maintainer access to show pages domain settings. !24926
Display error message when API call to list Sentry issues fails. !24936
Fix rollout status for statefulsets and daemonsets. !24972 (Sergej Nikolaev kinolaev@gmail.com)
Display job names consistently on pipelines and environments list. !24984
Update new password breadcrumb. !25037 (George Tsiolis)
Fixes functions finder for upgraded Knative app. !25067
Provide expires_in in LFS authentication payload. !25082
Fix validation of certain ed25519 keys. !25115 (Merlijn B. W. Wajer)
Timer and action name aligned vertically for delayed jobs in pipeline actions. !25117 (Gokhan Apaydin)
Fix the border style of CONTRIBUTING button when it exists. !25124 (Takuya Noguchi)
Change badges.svg example to pipeline.svg. !25157 (Aviad Levy)
API: Fix docs and parameters for hangouts-chat service. !25180 (Robert Schilling)
API: Expose full commit title. !25189 (Robert Schilling)
API: Require only one parameter when updating a wiki. !25191 (Robert Schilling)
Hide pipeline status when pipelines are disabled on project. !25204
Fix alignment of dropdown icon on issuable on mobile. !25205 (Takuya Noguchi)
Add left margin to 1st time contributor badge. !25216 (Gokhan Apaydin)
Use limited counter for runner build count in admin page. !25220
API: Ensure that related merge requests are referenced cross-project. !25222 (Robert Schilling)
Ensure the base pipeline of a Merge Request belongs to its target branch. !25226
Fix import_jid error on project import. !25239
Fix commenting on commits having SHA1 starting with a large number. !25278
Allow empty values such as [] to be stored in reactive cache. !25283
Remove vertical connecting line placeholder from diff discussion notes. !25292
Fix hover and active state colors of award emoji button. !25295
Fix author layouts in issuable meta line UIs on mobile. !25332 (Takuya Noguchi)
Fix bug where project topics truncate. !25398
Fix ETag caching not being used for AJAX requests. !25400
Doc - fix the url of pipeline status badge. !25404 (Aviad Levy)
Fix pipeline status icon mismatch. !25407
Allow users to compare branches on a read-only instance. !25414
Fix 404s when C++ .gitignore template selected. !25416
Always fetch MR latest version when creating suggestions. !25441
Only show borders for markdown images in notes. !25448
Bring back Rugged implementation of find_commit. !25477
Remove duplicate units from metrics graph. !25485
Fix project import error importing releases. !25495
Remove duplicate XHR request when requesting new pipeline page. !25506
Properly handle multiple X-Forwarded-For addresses in runner IP. !25511
Fix weekday shift in issue board cards for UTC+X timezones by removing local timezone to UTC conversion. !25512 (Elias Werberich)
Fix large table horizontal scroll and prevent side-by-side tables. !25520 (Dany Jupille)
Fix error when viewing group issue boards when user doesn't have explicit group permissions. !25524
Respect the should_remove_source_branch parameter to the merge API. !25525
Externalize markdown toolbar buttons tooltips. !25529
Fix method to mark a project repository as writable. !25546
fix group without owner after transfer. !25573 (Peter Marko)
Fix pagination and duplicate requests in environments page. !25582
Improve the JS pagination to handle the case when the X-Total and X-Total-Pages headers aren't present. !25601
Add right padding to the repository mirror action buttons. !25606
Use 'folder-open' from sprite icons for Browse Files button in Tag page. !25635
Make merge to refs/merge-requests/:iid/merge not raise when FF-only enabled. !25653
Fixed "Copying comment with ordered list includes extraneous newlines". !25695
Fix bridge jobs only/except variables policy. !25710
Allow GraphQL requests without CSRF token. !25719
Skip Project validation during Hashed Storage migration or rollback. !25753
Resolve showing squash commit edit issue when only single commit is present. !25807
Fix the last-ditch memory killer pgroup SIGKILL. !25940
Disable timeout on merge request merging poll. !25988
Allow modifying squash commit message for fast-forward only merge method. !26017
Fix bug in BitBucket imports with SHA shorter than 40 chars. !26050
Fix health checks not working behind load balancers. !26055
Fix 500 error caused by CODEOWNERS with no matches. !26072
Fix notes being marked as edited after resolving. !26143
Fix error creating a merge request when diff includes a null byte. !26190
Fix undefined variable error on json project views. !26297
GitHub import: Create new branches as project owner. !26335
Gracefully handles excluded fields from attributes during serialization on JsonCache. !26368
Admin section finds users case-insensitively.
Fixes not working dropdowns in pipelines page.
Do not show file templates when creating a new directory in WebIDE.
Allow project members to see private group if the project is in the group namespace.
Allow maintainers to remove pages.
Fix inconsistent pagination styles.
Fixed blob editor deleting file content for certain file paths.
Fix upcoming milestone when there are milestones with far-future due dates.
Fixed alignment of changed icon in Web IDE.


Changed (31 changes, 10 of them are from the community)

Improve snippets empty state. !18348 (George Tsiolis)
Remove second primary button on wiki edit. !19959 (George Tsiolis)
Allow raw tls_options to be passed in LDAP configuration. !20678
Remove undigested token column from personal_access_tokens table from the database. !22743
Update activity filter for issues. !23423 (George Tsiolis)
Use auto-build-image for build job in Auto-DevOps.gitlab-ci.yml. !24279
Error tracking configuration - add a Sentry project selection dropdown. !24701
Move ChatOps to Core. !24780
Implement new arguments state, closed_before and closed_after for IssuesResolver in GraphQL. !24910
Validate kubernetes cluster CA certificate. !24990
Review App Link to Changed Page if Only One Change Present. !25048
Show pipeline ID, commit, and branch name on modal while stopping pipeline. !25059
Improve empty state for starred projects. !25138
Capture due date when importing milestones from Github. !25182 (dstanley)
Add a spinner icon which is rendered using pure css. !25186
Make emoji picker bigger. !25187 (Jacopo Beschi @jacopo-beschi)
API: Sort tie breaker with id DESC. !25311 (Nermin Vehabovic)
Add iOS-fastlane template for .gitlab-ci.yml. !25395
Move language setting to preferences. !25427 (Fabian Schneider @fabsrc)
Resolve Create Project Template for Netlify. !25453
Sort labels alphabetically on issues and merge requests list. !25470
Add Project template for .NET Core. !25486
Update operations settings breadcrumb trail. !25539 (George Tsiolis)
Add Project template for go-micro. !25553
Jira: make issue links title compact. !25609 (Elan Ruusamäe @glensc)
Project level filtering for JupyterHub. !25684 (Amit Rathi (amit1rrr))
Clean up vendored templates. !25794
Mask all TOKEN and PASSWORD CI variables. !25868
Add project template for Android. !25870
Add iOS project template. !25872
Upgrade to Gitaly v1.26.0. !25890


Performance (11 changes)

Improve performance for diverging commit counts. !24287
Optimize Redis usage in User::ActivityService. !25005
Only load syntax highlight CSS of selected theme. !25232
Improve label select rendering. !25281
Enable persisted pipeline stages by default. !25347
Speed up group issue search counts. !25411
Load repository language from the database if detected before. !25518
Remove N+1 query for tags in /admin/runners page. !25572
Eliminate most N+1 queries loading UserController#calendar_activities. !25697
Improve Web IDE launch performance. !25700
Significantly reduce N+1 queries in /api/v4/todos endpoint. !25711


Added (55 changes, 18 of them are from the community)

Add a tag filter to the admin runners view. !19740 (Alexis Reigel)
Add project fetch statistics. !23596 (Jacopo Beschi @jacopo-beschi)
Hashed Storage rollback mechanism. !23955
Allow to recursively expand includes. !24356
Allow expanding a diff to display full file. !24406
Support only: changes: on MR pipelines. !24490 (Hiroyuki Sato)
Expose additional merge request pipeline variables. !24595 (Hiroyuki Sato)
Add metadata about the GitLab server to GraphQL. !24636
Support merge ref writing (without merging to target branch). !24692
Add field mergeRequests for project in GraphQL. !24805
API support for MR merge to temporary merge ref path. !24918
Ability to filter confidential issues. !24960 (Robert Schilling)
Allow creation of branches that match a wildcard protection, except directly through git. !24969
Add related merge request count to api response. !24974
Add realtime validation for user fullname and username on validation. !25017 (Ehsan Abdulqader @EhsanZ)
Allow setting feature flags per GitLab group through the API. !25022
Add API endpoint to get a commit's GPG signature. !25032
Add support for FTP assets for releases. !25071 (Robert Schilling)
Add Confirmation Modal to Rollback on Environment. !25110
add title attribute to display file name. !25154 (Satoshi Nakamatsu @satoshicano)
API: Expose text_color for project and group labels. !25172 (Robert Schilling)
Added support for ingress hostnames. !25181 (walkafwalka)
API: Promote project milestone to a group milestone. !25203 (Nermin Vehabovic)
API: Expose if the current user can merge a MR. !25207 (Robert Schilling)
add readme to changelogs directory. !25209 (@glensc)
API: Indicate if label is a project label. !25219 (Robert Schilling)
Expose refspecs and depth to runner. !25233
Port System Header and Footer feature to Core. !25241
Sort Environments by Last Updated. !25260
Accept force option to overwrite branch on commit via API. !25286
Add support for masking CI variables. !25293
Add Link from Closed (moved) Issues to Moved Issue. !25300
Next/previous navigation between files in MR review. !25355
Add YouTrack integration service. !25361 (Yauhen Kotau @bessorion)
Add ability to set path and name for project on fork using API. !25363
Add project level config for merge pipelines. !25385
Edit Knative domain after it has been deployed. !25386
Add zoom and scroll to metrics dashboard. !25388
Persist source sha and target sha for merge pipelines. !25417
Add support for toggling discussion filter from notes section. !25426
Resolve Move files in the Web IDE. !25431
Show header and footer system messages in email. !25474
Allow configuring POSTGRES_VERSION in Auto DevOps. !25500
Add Saturday to Localization first day of the week. !25509 (Ahmad Haghighi)
Extend the Gitlab API for deletion of job_artifacts of a single job. !25522 (rroger)
Simplify CI/CD configuration on serverless projects. !25523
Add button to start discussion from single comment. !25575
sidekiq: terminate child processes at shutdown. !25669
Expose merge request entity for pipelines. !25679
Link to most recent MR from a branch. !25689
Adds Auto DevOps build job for tags. !25718 (walkafwalka)
Allow all snippets to be accessed by API. !25772
Make file tree in merge requests resizable.
Make the Web IDE the default editor.
File uploads are deleted asynchronously when deleting a project or group.


Other (28 changes, 6 of them are from the community)

Improve GitHub and Gitea project import table UI. !24606
Externalize strings from /app/views/projects/commit. !24668 (George Tsiolis)
Correct non-standard unicode spaces to regular unicode. !24795 (Marcel Amirault)
Provide a performance bar link to the Jaeger UI. !24902
Remove BATCH_SIZE from WikiFileFinder. !24933
Use export-import svgs from gitlab-svgs. !24954
Fix N+1 query in Issues and MergeRequest API when issuable_metadata is present. !25042 (Alex Koval)
Directly inheriting from ActiveRecord::Migration is deprecated. !25066 (Jasper Maes)
Bump Helm and kubectl in Auto DevOps to 2.12.3 and 1.11.7 respectively. !25072
Log queue duration in production_json.log. !25075
Extracted ResolveWithIssueButton to its own component. !25093 (Martin Hobert)
Add rectangular project and group avatars. !25098
Include note in the Rails filter_parameters configuration. !25238
Bump Helm and kubectl used in Kubernetes integration to 2.12.3 and 1.11.7 respectively. !25268
Include gl_project_path in API /internal/allowed response. !25314
Fix incorrect Pages Domains checkbox description. !25392 (Anton Melser)
Update GitLab Runner Helm Chart to 0.2.0. !25493
Add suffix (_event) to merge request source. !25508
Creates a helper function to check if repo is EE. !25647
If chpst is available, make fron-source installations run sidekiq as a process group leader. !25654
Bring back Rugged implementation of GetTreeEntries. !25674
Moves EE util into the CE file. !25680
Bring back Rugged implementation of CommitIsAncestor. !25702
Bring back Rugged implementation of TreeEntry. !25706
Enable syntax highlighting to other supported markups. !25761
Update GitLab Shell to v8.7.1. !25801
Bring back Rugged implementation of commit_tree_entry. !25896
Removes EE differences for jobs/getters.js.


11.8.10 (2019-04-30)

Security (1 change)

Allow to see project events only with api scope token.


11.8.8 (2019-04-23)

Fixed (5 changes)

Bring back Rugged implementation of find_commit. !25477
Fix bug in BitBucket imports with SHA shorter than 40 chars. !26050
Fix health checks not working behind load balancers. !26055
Fix error creating a merge request when diff includes a null byte. !26190
Avoid excessive recursive calls with Rugged TreeEntries. !26813


Performance (1 change)

Bring back Rugged implementation of ListCommitsByOid. !27441


Other (4 changes)

Bring back Rugged implementation of GetTreeEntries. !25674
Bring back Rugged implementation of CommitIsAncestor. !25702
Bring back Rugged implementation of TreeEntry. !25706
Bring back Rugged implementation of commit_tree_entry. !25896


11.8.3 (2019-03-19)

Security (1 change)

Remove project serialization in quick actions response.


11.8.2 (2019-03-13)

Security (1 change)

Fixed ability to see private groups by users not belonging to given group.


Fixed (5 changes)

Fix import_jid error on project import. !25239
Properly handle multiple X-Forwarded-For addresses in runner IP. !25511
Fix error when viewing group issue boards when user doesn't have explicit group permissions. !25524
Fix method to mark a project repository as writable. !25546
Allow project members to see private group if the project is in the group namespace.


11.8.0 (2019-02-22)

Security (7 changes, 1 of them is from the community)

Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2793
Update Helm to 2.12.2 to address Helm client vulnerability. !24418 (Takuya Noguchi)
Use sanitized user status message for user popover.
Validate bundle files before unpacking them.
Alias GitHub and BitBucket OAuth2 callback URLs.
Fixed XSS content in KaTex links.
Disallows unauthorized users from accessing the pipelines section.


Removed (2 changes, 1 of them is from the community)

Removed deprecated Redcarpet markdown engine.
Remove Cancel all jobs button in general jobs list view. (Jordi Llull)


Fixed (84 changes, 20 of them are from the community)

Fix ambiguous brackets in task lists. !18514 (Jared Deckard jared.deckard@gmail.com)
Fix lost line number when navigating to a specific line in a protected file before authenticating. !19165 (Scott Escue)
Fix suboptimal handling of checkbox and radio input events causing group general settings submit button to stay disabled after changing its visibility. !23022
Fix upcoming milestones filter not including group milestones. !23098 (Heinrich Lee Yu)
Update runner admin page to make description field larger. !23593 (Sascha Reynolds)
Fix Bitbucket Server import not allowing personal projects. !23601
Fix bug causing repository mirror settings UI to break. !23712
Fix foreground color for labels to ensure consistency of label appearance. !23873 (Nathan Friend)
Resolve In Merge Request diff screen, master is not a hyperlink. !23874
Show the correct error page when access is denied. !23932
Increase reliability and performance of toggling task items. !23938
Modify file restore to rectify tar issue. !24000
Fix default visibility_level for new projects. !24120 (Fabian Schneider @fabsrc)
Footnotes now render properly in markdown. !24168
Emoji and cancel button are taller than input in set user status modal. !24173 (Dhiraj Bodicherla)
Adjusts duplicated line when commenting on unfolded diff lines (in the bottom). !24201
Adjust height of "Add list" dropdown in issue boards. !24227
Improves restriction of multiple Kubernetes clusters through API. !24251
Fix files/blob api endpoints content disposition. !24267
Cleanup stale +deleted repo paths on project removal (adjusts project removal bug). !24269
Handle regular job dependencies next to parallelized job dependencies. !24273
Proper align Projects dropdown on issue boards page. !24277 (Johann Hubert Sonntagbauer)
Resolve When merging an MR, the squash checkbox isnt always supported. !24296
Fix Bitbucket Server importer error handling. !24343
Fix syntax highlighting for suggested changes preview. !24358
API: Support dots in wiki slugs. !24383 (Robert Schilling)
Show CI artifact file size with 3 significant digits on 'browse job artifacts' page. !24387
API: Support username with dots. !24395 (Robert Schilling)
API: Fix default_branch_protection admin setting. !24398 (Robert Schilling)
Remove unwanted margin above suggested changes. !24419
Prevent checking protected_ref? for ambiguous refs. !24437
Update metrics environment dropdown to show complete option set. !24441
Fix empty labels of CI builds for gitlab-pages on pipeline page. !24451
Do not run spam checks on confidential issues. !24453
Upgrade KaTeX to version 0.10.0. !24478 (Andrew Harmon)
Avoid overwriting default jaeger values with nil. !24482
Display SAML failure messages instead of expecting CSRF token. !24509
Adjust vertical alignment for project visibility icons. !24511 (Martin Hobert)
Load initUserInternalRegexPlaceholder only when required. !24522
Hashed Storage: AfterRenameService was receiving the wrong old_path under some circumstances. !24526
Resolve Runners IPv6 address overlaps other values. !24531
Fix 404s with snippet uploads in object storage. !24550
Fixed oversized custom project notification selector dropdown. !24557
Allow users with full private access to read private personal snippets. !24560
Resolve Pipeline stages job action button icon is not aligned. !24577
Fix cluster page non-interactive on form validation error. !24583
Fix 404s for snippet uploads when relative URL root used. !24588
Fix markdown table border. !24601
Fix CSS grid on a new Project/Group Milestone. !24614 (Takuya Noguchi)
Prevent unload when Recaptcha is open. !24625
Clean up unicorn sampler metric labels. !24626 (bjk-gitlab)
Support bamboo api polymorphism. !24680 (Alex Lossent)
Ensure Cert Manager works with Auto DevOps URLs greater than 64 bytes. !24683
Fix failed LDAP logins when nil user_id present. !24749
fix display comment avatars issue in IE 11. !24777 (Gokhan Apaydin)
Fix template labels not being created on new projects. !24803
Fix cluster installation processing spinner. !24814
Append prioritized label before pagination. !24815
Resolve UI bug adding group members with lower permissions. !24820
Make ActionController::Parameters serializable for sidekiq jobs. !24864
Fix Jira Service password validation on project integration services. !24896 (Daniel Juarez)
Fix potential Addressable::URI::InvalidURIError. !24908
Update Workhorse to v8.2.0. !24909
Encode Content-Disposition filenames. !24919
Avoid race conditions when creating GpgSignature. !24939
Create the source branch for a GitHub import. !25064
Fix suggested changes syntax highlighting. !25116
Fix counts in milestones dashboard. !25230
Fixes incorrect TLD validation errors for Kubernetes cluster domain. !25262
Fix 403 errors when adding an assignee list in project boards. !25263
Prevent Auto DevOps from trying to deploy without a domain name. !25308
Fix uninitialized constant with GitLab Pages.
Increase line height of project summaries. (gfyoung)
Remove extra space between MR tab bar and sticky file headers.
Correct spacing for comparison page.
Update CI YAML param table with include.
Return bottom border on MR Tabs.
Fixes z-index and margins of archived alert in job page.
Fixes archived sticky top bar without performance bar.
Fixed rebase button not showing in merge request widget.
Fixed double tooltips on note awards buttons.
Allow suggestions to be copied and pasted as GFM.
Fix bug that caused Suggestion Markdown toolbar button to insert snippet with leading +/-/.
Moved primary button for labels to follow the design patterns used on rest of the site. (Martin Hobert)


Changed (37 changes, 11 of them are from the community)

Change spawning of tooltips to be top by default. !21223
Standardize filter value capitlization in filter bar in both issues and boards pages. !23846 (obahareth)
Refresh group overview to match project overview. !23866
Build number does not need to be tweaked anymore for the TeamCity integration to work properly. !23898
Added empty project illustration and updated text to user profile overview. !23973 (Fernando Arias)
Modified Knative list view to provide more details. !24072 (Chris Baumbauer)
Move cancel & new issue button on job page. !24074
Make issuable empty states actionable. !24077
Fix code search when text is larger than max gRPC message size. !24111
Update string structure for available group runners. !24187 (George Tsiolis)
Remove multilingual translation from the word "in" in the job details sidebar. !24192 (Nathan Friend)
Fix duplicate project disk path in BackfillLegacyProjectRepositories. !24213
Ensured links to a comment or system note anchor resolves to the right note if a user has a discussion filter. !24228
Remove expansion hover animation from pipeline status icon buttons. !24268 (Nathan Friend)
Redesigned related merge requests in issue page. !24270
Return the maximum group access level in the projects API. !24403
Update project topics styling to use badges design. !24415
Display "commented" only for commit discussions on merge requests. !24427
Upgrade js-regex gem to version 3.1. !24433 (rroger)
Prevent Sidekiq arguments over 10 KB in size from being logged to JSON. !24493
Added Avatar in the settings sidebar. !24515 (Yoginth)
Refresh empty states for profile page tabs. !24549
remove red/green colors from diff view of no-color syntax theme. !24582 (khm)
Get remote IP address of runner. !24624
Update last_activity_on for Users on some main GET endpoints. !24642
Update metrics dashboard graph design. !24653
Update to GitLab SVG icon from Font Awesome in profile for location and work. !24671 (Yoginth)
Add template for Android with Fastlane. !24722
Display timestamps to messages printed by gitlab:backup:restore rake tasks. (Will Chandler)
Show MR statistics in diff comparisons.
Make possible to toggle file tree while scrolling through diffs.
Use delete instead of remove when referring to git branch -D.
Add folder header to files in merge request tree list.
Added fuzzy file finder to merge requests.
Collapse directory structure in merge request file tree.
Adds skeleton loading to releases page.
Support multiple outputs in jupyter notebooks.


Performance (8 changes, 1 of them is from the community)

Remove unused button classes btn-create and comment-btn. !23232 (George Tsiolis)
[API] Omit X-Total and X-Total-Pages headers when items count is more than 10,000. !23931
Improve efficiency of GitHub importer by reducing amount of locks needed. !24102
Improve milestone queries using subqueries instead of separate queries for ids. !24325
Efficiently remove expired artifacts in ExpireBuildArtifactsWorker. !24450
Eliminate N+1 queries in /api/groups/:id. !24513
Use deployment relation to get an environment name. !24890
Do not reload daemon if configuration file of pages does not change.


Added (35 changes, 18 of them are from the community)

Add badge count to projects. !18425 (George Tsiolis)
API: Add support for group labels. !21368 (Robert Schilling)
Add setting for first day of the week. !22755 (Fabian Schneider @fabsrc)
Pages for subgroups. !23505
Add support for customer provided encryption keys for Amazon S3 remote backups. !23797 (Pepijn Van Eeckhoudt)
Add Knative detailed view. !23863 (Chris Baumbauer)
Add group full path to project's shared_with_groups. !24052 (Mathieu Parent)
Added feature to specify a custom Auto DevOps chart repository. !24162 (walkafwalka)
Add flat-square badge style. !24172 (Fabian Schneider @fabsrc)
Display last activity and created at datetimes for users. !24181
Allow setting of feature gates per project. !24184
Save issues/merge request sorting options to backend. !24198
Added support for custom hosts/domains to Auto DevOps. !24248 (walkafwalka)
Adds milestone search. !24265 (Jacopo Beschi @jacopo-beschi)
Allow merge request diffs to be placed into an object store. !24276
Add Container Registry API with cleanup function. !24303
GitLab now supports the profile and email scopes from OpenID Connect. !24335 (Goten Xiao)
Add 'in' filter that modifies scope of 'search' filter to issues and merge requests API. !24350 (Hiroyuki Sato)
Add with_programming_language filter for projects to API. !24377 (Dylan MacKenzie)
API: Support searching for tags. !24385 (Robert Schilling)
Document graphicsmagick installation for source installation. !24404 (Alexis Reigel)
Redirect GET projects/:id to project page. !24467
Indicate on Issue Status if an Issue was Moved. !24470
Redeploy Auto DevOps deployment on variable updates. !24498 (walkafwalka)
Don't create new merge request pipeline without commits. !24503 (Hiroyuki Sato)
Add GitLab Pages predefined CI variables 'CI_PAGES_DOMAIN' and 'CI_PAGES_URL'. !24504 (Adrian Moisey)
Moves domain setting from Auto DevOps to Cluster's page. !24580
API allows setting the squash commit message when squashing a merge request. !24784
Added ability to upgrade cluster applications. !24789
Add argument iids for issues in GraphQL. !24802
Add repositories count to usage ping data. !24823
Add support for extensionless pages URLs. !24876
Add templates for most popular Pages templates. !24906
Introduce Internal API for searching environment names. !24923
Allow admins to invalidate markdown texts by setting local markdown version.


Other (50 changes, 18 of them are from the community)

Externalize strings from /app/views/projects/project_members. !23227 (Tao Wang)
Add CSS & JS global flags to represent browser and platform. !24017
Fix deprecation: Passing an argument to force an association to reload is now deprecated. !24136 (Jasper Maes)
Cleanup legacy artifact background migration. !24144
Bump kubectl in Auto DevOps to 1.11.6. !24176
Conditionally initialize the global opentracing tracer. !24186
Remove horizontal whitespace on user profile overview on small breakpoints. !24189
Bump nginx-ingress chart to 1.1.2. !24203
Use monospace font for registry table tag id and tag name. !24205
Rename project tags to project topics. !24219
Add uniqueness validation to url column in Releases::Link model. !24223
Update sidekiq-cron to 1.0.4 and use fugit to replace rufus-scheduler to parse cron syntax. !24235
Adds inter-service OpenTracing propagation. !24239
Fixes Auto DevOps title on CI/CD admin settings. !24249
Upgrade kubeclient to 4.2.2 and swap out monkey-patch to disallow redirects. !24284
i18n: externalize strings from 'app/views/search'. !24297 (Tao Wang)
Fix several ActionController::Parameters deprecations. !24332 (Jasper Maes)
Remove all $theme-gray-{weight} variables in favor of $gray-{weight}. !24333 (George Tsiolis)
Update gitlab-styles to 2.5.1. !24336 (Jasper Maes)
Modifies environment scope UI on cluster page. !24376
Extract process_name from GitLab::Sentry. !24422
Upgrade Gitaly to 1.13.0. !24429
Actually set raise_on_unfiltered_parameters to true. !24443 (Jasper Maes)
Refactored NoteableDiscussion by extracting ResolveDiscussionButton. !24505 (Martin Hobert)
Extracted JumpToNextDiscussionButton to its own component. !24506 (Martin Hobert)
Extracted ReplyPlaceholder to its own component. !24507 (Martin Hobert)
Block emojis and symbol characters from users full names. !24523
Update GitLab Runner Helm Chart to 0.1.45. !24564
Updated docs for fields in pushing mirror from GitLab to GitHub. !24566 (Joseph Yu)
Upgrade gitlab-workhorse to 8.1.0. !24571
Externalize strings from /app/views/sent_notifications. !24576 (George Tsiolis)
Adds tracing support for ActiveRecord notifications. !24604
Externalize strings from /app/views/projects/ci. !24617 (George Tsiolis)
Move permission check of manual actions of deployments. !24660
Externalize strings from /app/views/clusters. !24666 (George Tsiolis)
Update UI for admin appearance settings. !24685
Externalize strings from /app/views/projects/pages_domains. !24723 (George Tsiolis)
Externalize strings from /app/views/projects/milestones. !24726 (George Tsiolis)
Add OpenTracing instrumentation for Action View Render events. !24728
Expose version for each application in cluster_status JSON endpoint. !24791
Externalize strings from /app/views/instance_statistics. !24809 (George Tsiolis)
Update cluster application version on updated and installed status. !24810
Project list UI improvements. !24855
Externalize strings from /app/views/email_rejection_mailer. !24869 (George Tsiolis)
Update Gitaly to v1.17.0. !24873
Update Workhorse to v8.3.0. !24959
Upgrade gitaly to 1.18.0. !24981
Update Workhorse to v8.3.1.
Upgraded Codesandbox smooshpack package.
Creates mixin to reduce code duplication between CE and EE in graph component.


11.7.12 (2019-04-23)

Fixed (2 changes)

Bring back Rugged implementation of find_commit. !25477
Avoid excessive recursive calls with Rugged TreeEntries. !26813


Performance (1 change)

Bring back Rugged implementation of ListCommitsByOid. !27441


Other (4 changes)

Bring back Rugged implementation of GetTreeEntries. !25674
Bring back Rugged implementation of CommitIsAncestor. !25702
Bring back Rugged implementation of TreeEntry. !25706
Bring back Rugged implementation of commit_tree_entry. !25896


11.7.11 (2019-04-09)

No changes.


11.7.10 (2019-03-28)

Security (7 changes)

Disallow guest users from accessing Releases.
Fix PDF.js vulnerability.
Hide "related branches" when user does not have permission.
Fix XSS in resolve conflicts form.
Added rake task for removing EXIF data from existing uploads.
Disallow updating namespace when updating a project.
Use UntrustedRegexp for matching refs policy.


11.7.8 (2019-03-26)

No changes.


11.7.7 (2019-03-19)

Security (2 changes)

Remove project serialization in quick actions response.
Fixed ability to see private groups by users not belonging to given group.


11.7.5 (2019-02-05)

Fixed (8 changes)

Fix import handling errors in Bitbucket Server importer. !24499
Adjusts suggestions unable to be applied. !24603
Fix 500 errors with legacy appearance logos. !24615
Fix form functionality for edit tag page. !24645
Update Workhorse to v8.0.2. !24870
Downcase aliased OAuth2 callback providers. !24877
Fix Detect Host Keys not working. !24884
Changed external wiki query method to prevent attribute caching. !24907


11.7.2 (2019-01-29)

Fixed (1 change)

Fix uninitialized constant with GitLab Pages.


11.7.1 (2019-01-28)

Security (24 changes)

Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770 (closed)

Don't process MR refs for guests in the notes. !2771
Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2828
Fixed XSS content in KaTex links.
Disallows unauthorized users from accessing the pipelines section.
Verify that LFS upload requests are genuine.
Extract GitLab Pages using RubyZip.
Prevent awarding emojis to notes whose parent is not visible to user.
Prevent unauthorized replies when discussion is locked or confidential.
Disable git v2 protocol temporarily.
Fix showing ci status for guest users when public pipline are not set.
Fix contributed projects info still visible when user enable private profile.
Add subresources removal to member destroy service.
Add more LFS validations to prevent forgery.
Use common error for unauthenticated users when creating issues.
Fix slow regex in project reference pattern.
Fix private user email being visible in push (and tag push) webhooks.
Fix wiki access rights when external wiki is enabled.
Group guests are no longer able to see merge requests they don't have access to at group level.
Fix path disclosure on project import error.
Restrict project import visibility based on its group.
Expose CI/CD trigger token only to the trigger owner.
Notify only users who can access the project on project move.
Alias GitHub and BitBucket OAuth2 callback URLs.


11.7.0 (2019-01-22)

Security (14 changes, 1 of them is from the community)

Escape label and milestone titles to prevent XSS in GFM autocomplete. !2693
Bump Ruby on Rails to 5.0.7.1. !23396 (@blackst0ne)
Delete confidential todos for user when downgraded to Guest.
Project guests no longer are able to see refs page.
Set URL rel attribute for broken URLs.
Prevent leaking protected variables for ambiguous refs.
Authorize before reading job information via API.
Allow changing group CI/CD settings only for owners.
Fix SSRF with import_url and remote mirror url.
Don't expose cross project repositories through diffs when creating merge reqeusts.
Validate bundle files before unpacking them.
Issuable no longer is visible to users when project can't be viewed.
Escape html entities in LabelReferenceFilter when no label found.
Prevent private snippets from being embeddable.


Removed (3 changes, 1 of them is from the community)

Removes all instances of deprecated Gitlab Upgrader calls. !23603 (@jwolen)
Removed discard draft comment button form notes. !24185
Remove migration to backfill project_repositories for legacy storage projects. !24299


Fixed (42 changes, 7 of them are from the community)

Prevent awards emoji being updated when updating status. !23470
Allow merge after rebase without page refresh on FF repositories. !23572
Prevent admins from attempting hashed storage migration on read only DB. !23597
Correct the ordering of metrics on the performance dashboard. !23630
Display empty files properly on MR diffs. !23671 (Sean Nichols)
Allow GitHub imports via token even if OAuth2 provider not configured. !23703
Update header navigation theme colors. !23734 (George Tsiolis)
Fix login box bottom margins on signin page. !23739 (@gear54)
Return an ApplicationSetting in CurrentSettings. !23766
Fix bug commenting on LFS images. !23812
Only prompt user once when navigating away from file editor. !23820 (Sam Bigelow)
Display commit ID for discussions made on merge request commits. !23837
Stop autofocusing on diff comment after initial mount. !23849
Fix object storage not working properly with Google S3 compatibility. !23858
Fix project calendar feed when sorted by priority. !23870
Fix edit button disappearing in issue title. !23948 (Ruben Moya)
Aligns build loader animation with the job log. !23959
Allow 'rake gitlab:cleanup:remote_upload_files' to read bucket files without having permissions to see all buckets. !23981
Correctly externalize pipeline tags. !24028
Fix error when creating labels in a new issue in the boards page. !24039 (Ruben Moya)
Use 'parsePikadayDate' to parse due date string. !24045
Fix commit SHA not showing in merge request compare dropdown. !24084
Remove top margin in modal header titles. !24108
Drop Webhooks from project import/export config. !24121
Only validate project visibility when it has changed. !24142
Resolve About this feature link should open in new window. !24149
Add syntax highlighting to suggestion diff. !24156
Fix Bitbucket Server import only including first 25 pull requests. !24178
Enable caching for records which primary key is not id. !24245
Adjust applied suggestion reverting previous changes. !24250
Fix unexpected exception by failure of finding an actual head pipeline. !24257
Fix broken templated "Too many changes to show" text. !24282
Fix requests profiler in admin page not rendering HTML properly. !24291
Fix no avatar not showing in user selection box. !24346
Upgrade to gitaly 1.12.1. !24361
Fix runner eternal loop when update job result. !24481
Fix notification email for image diff notes.
Fixed merge request diffs empty states.
Fixed diff suggestions removing dashes.
Don't hide CI dropdown behind diff summary. (gfyoung)
Fix spacing on discussions.
Fixes missing margin in releases block.


Changed (22 changes, 8 of them are from the community)

Show clusters of ancestors in cluster list page. !22996
Remove unnecessary line before reply holder. !23092 (George Tsiolis)
Make the Pages permission setting more clear. !23146
Disable merging of labels with same names. !23265
Allow basic authentication on go get middleware. !23497 (Morty Choi @mortyccp)
No longer require email subaddressing for issue creation by email. !23523
Adjust padding of .dropdown-title to comply with design specs. !23546
Make commit IDs in merge request discussion header monospace. !23562
Update environments breadcrumb. !23751 (George Tsiolis)
Add date range in milestone change email notifications. !23762
Require Knative to be installed only on an RBAC kubernetes cluster. !23807 (Chris Baumbauer)
Fix label and header styles in the job details sidebar. !23816 (Nathan Friend)
Add % prefix to milestone reference links. !23928
Reorder sidebar menu item for group clusters. !24001 (George Tsiolis)
Support CURD operation for Links as one of the Release assets. !24056
Upgrade Omniauth and JWT gems to switch away from Google+ API. !24068
Renames Milestone sort into Milestone due date. !24080 (Jacopo Beschi @jacopo-beschi)
Discussion filter only displayed in discussions tab for merge requests. !24082
Make RBAC enabled default for new clusters. !24119
Hashed Storage: Only set as read_only when starting the per-project migration. !24128
Knative version bump 0.1.3 -> 0.2.2. (Chris Baumbauer)
Show message on non-diff discussions.


Performance (7 changes)

Fix some N+1 queries related to Admin Dashboard, User Dashboards and Activity Stream. !23034
Add indexes to speed up CI query. !23188
Improve the loading time on merge request's discussion page by caching diff highlight. !23857
Cache avatar URLs and paths within a request. !23950
Improve snippet search performance by removing duplicate counts. !23952
Skip per-commit validations already evaluated. !23984
Fix timeout issues retrieving branches via API. !24034


Added (29 changes, 6 of them are from the community)

Handle ci.skip push option. !15643 (Jonathon Reinhart)
Add NGINX 0.16.0 and above metrics. !22133
Add project milestone link. !22552
Support tls communication in gitaly. !22602
Add option to make ci variables protected by default. !22744 (Alexis Reigel)
Add project identifier as List-Id email Header to ease filtering. !22817 (Olivier Crête)
Add markdown helper buttons to file editor. !23480
Allow to include templates in gitlab-ci.yml. !23495
Extend override check to also check arity. !23498 (Jacopo Beschi @jacopo-beschi)
Add importing of issues from CSV file. !23532
Add submit feedback link to help dropdown. !23547
Send a notification email to project maintainers when a mirror update fails. !23595
Restore Object Pools when restoring an object pool. !23682
Creates component for release block. !23697
Configure Auto DevOps deployed applications with secrets from prefixed CI variables. !23719
Add name, author_id, and sha to releases table. !23763
Display a list of Sentry Issues in GitLab. !23770
Releases API. !23795
Creates frontend app for releases. !23796
Add new pipeline variable CI_COMMIT_SHORT_SHA. !23822
Create system notes on issue / MR creation when labels, milestone, or due date is set. !23859
Adds API documentation for releases. !23901
Add API Support for Kubernetes integration. !23922
Expose CI/CD predefined variable CI_API_V4_URL. !23936
Add Knative metrics to Prometheus. !23972 (Chris Baumbauer)
Use reports syntax for Dependency scanning in Auto DevOps. !24081
Allow to include files from another projects in gitlab-ci.yml. !24101
User Popovers for Commit Infos, Member Lists and Snippets. !24132
Add no-color theme for syntax highlighting. (khm)


Other (45 changes, 30 of them are from the community)

Redesign project lists UI. !22682
[Rails5.1] Update functional specs to use new keyword format. !23095 (@blackst0ne)
Update a condition to visibility a merge request collaboration message. !23104 (Harry Kiselev)
Remove framework/mobile.scss. !23301 (Takuya Noguchi)
Passing the separator argument as a positional parameter is deprecated. !23334 (Jasper Maes)
Clarifies docs about CI allow_failure. !23367 (C.J. Jameson)
Refactor issuable sidebar to use serializer. !23379
Refactor the logic of updating head pipelines for merge requests. !23502
Allow user to add Kubernetes cluster for clusterable when there are ancestor clusters. !23569
Adds explanatory text to input fields on user profile settings page. !23673
Externalize strings from /app/views/shared/notes. !23696 (Tao Wang)
Remove rails 4 support in CI, Gemfiles, bin/ and config/. !23717 (Jasper Maes)
Fix calendar events fetching error on private profile page. !23718 (Harry Kiselev)
Update GitLab Workhorse to v8.0.0. !23740
Hide confidential events in the API. !23746
Changed Userpopover Fixtures and shadow color. !23768
Fix deprecation: Passing conditions to delete_all is deprecated. !23817 (Jasper Maes)
Fix deprecation: Passing ActiveRecord::Base objects to sanitize_sql_hash_for_assignment. !23818 (Jasper Maes)
Remove rails4 specific code. !23847 (Jasper Maes)
Remove deprecated ActionDispatch::ParamsParser. !23848 (Jasper Maes)
Fix deprecation: Comparing equality between ActionController::Parameters and a Hash is deprecated. !23855 (Jasper Maes)
Fix deprecation: Directly inheriting from ActiveRecord::Migration is deprecated. !23884 (Jasper Maes)
Fix deprecation: alias_method_chain is deprecated. Please, use Module#prepend instead. !23887 (Jasper Maes)
Update specs to exclude possible false positive pass. !23893 (@blackst0ne)
Passing an argument to force an association to reload is now deprecated. !23894 (Jasper Maes)
ActiveRecord::Migration -> ActiveRecord::Migration[5.0]. !23910 (Jasper Maes)
Split bio into individual line in extended user tooltips. !23940
Fix deprecation: redirect_to :back is deprecated. !23943 (Jasper Maes)
Fix deprecation: insert_sql is deprecated and will be removed. !23944 (Jasper Maes)
Upgrade @gitlab/ui to 1.16.2. !23946
convert specs in javascripts/ and support/ to new syntax. !23947 (Jasper Maes)
Remove deprecated xhr from specs. !23949 (Jasper Maes)
Remove app/views/shared/issuable/_filter.html.haml. !24008 (Takuya Noguchi)
Fix deprecation: Using positional arguments in integration tests. !24009 (Jasper Maes)
UI improvements for redesigned project lists. !24011
Update cert-manager chart from v0.5.0 to v0.5.2. !24025 (Takuya Noguchi)
Hide spinner on empty activities list on user profile overview. !24063
Don't show Auto DevOps enabled banner for projects with CI file or CI disabled. !24067
Update GitLab Runner Helm Chart to 0.1.43. !24083
Fix navigation style in docs. !24090 (Takuya Noguchi)
Remove gem install bundler from Docker-based Ruby environments. !24093 (Takuya Noguchi)
Fix deprecation: Using positional arguments in integration tests. !24110 (Jasper Maes)
Fix deprecation: returning false in Active Record and Active Model callbacks will not implicitly halt a callback chain. !24134 (Jasper Maes)
ActiveRecord::Migration -> ActiveRecord::Migration[5.0] for AddIndexesToCiBuildsAndPipelines. !24167 (Jasper Maes)
Update url placeholder for the sentry configuration page. !24338


11.6.11 (2019-04-23)

Security (1 change)

Fixed ability to see private groups by users not belonging to given group.


Fixed (2 changes)

Bring back Rugged implementation of find_commit. !25477
Avoid excessive recursive calls with Rugged TreeEntries. !26813


Performance (1 change)

Bring back Rugged implementation of ListCommitsByOid. !27441


Other (4 changes)

Bring back Rugged implementation of GetTreeEntries. !25674
Bring back Rugged implementation of CommitIsAncestor. !25702
Bring back Rugged implementation of TreeEntry. !25706
Bring back Rugged implementation of commit_tree_entry. !25896


11.6.10 (2019-02-28)

Security (21 changes)

Stop linking to unrecognized package sources. !55518
Check snippet attached file to be moved is within designated directory.
Fix potential Addressable::URI::InvalidURIError.
Do not display impersonated sessions under active sessions and remove ability to revoke session.
Display only information visible to current user on the Milestone page.
Show only merge requests visible to user on milestone detail page.
Disable issue boards API when issues are disabled.
Don't show new issue link after move when a user does not have permissions.
Fix git clone revealing private repo's presence.
Fix blind SSRF in Prometheus integration by checking URL before querying.
Check if desired milestone for an issue is available.
Don't allow non-members to see private related MRs.
Fix arbitrary file read via diffs during import.
Display the correct number of MRs a user has access to.
Forbid creating discussions for users with restricted access.
Do not disclose milestone titles for unauthorized users.
Validate session key when authorizing with GCP to create a cluster.
Block local URLs for Kubernetes integration.
Limit mermaid rendering to 5K characters.
Remove the possibility to share a project with a group that a user is not a member of.
Fix leaking private repository information in API.


11.6.9 (2019-02-04)

Security (1 change)

Use sanitized user status message for user popover.


11.6.8 (2019-01-30)

No changes.


11.6.5 (2019-01-17)

Fixed (5 changes)

Add syntax highlighting to suggestion diff. !24156
Fix broken templated "Too many changes to show" text. !24282
Fix requests profiler in admin page not rendering HTML properly. !24291
Fix no avatar not showing in user selection box. !24346
Fixed diff suggestions removing dashes.


11.6.4 (2019-01-15)

Security (1 change)

Validate bundle files before unpacking them.


11.6.3 (2019-01-04)

Fixed (1 change)

Fix clone URL not showing if protocol is HTTPS. !24131


11.6.2 (2019-01-02)

Fixed (7 changes)

Hide cluster features that don't work yet with Group Clusters. !23935
Fix a 500 error that could occur until all migrations are done. !23939
Fix missing Git clone button when protocol restriction setting enabled. !24015
Fix clone dropdown parent inheritance issues in HAML. !24029
Fix content-disposition in blobs and files API endpoint. !24078
Fixed markdown toolbar buttons.
Adjust line-height of blame view line numbers.


11.6.1 (2018-12-28)

Security (15 changes)

Escape label and milestone titles to prevent XSS in GFM autocomplete. !2740
Prevent private snippets from being embeddable.
Add subresources removal to member destroy service.
Escape html entities in LabelReferenceFilter when no label found.
Allow changing group CI/CD settings only for owners.
Authorize before reading job information via API.
Prevent leaking protected variables for ambiguous refs.
Ensure that build token is only used when running.
Issuable no longer is visible to users when project can't be viewed.
Don't expose cross project repositories through diffs when creating merge reqeusts.
Fix SSRF with import_url and remote mirror url.
Fix persistent symlink in project import.
Set URL rel attribute for broken URLs.
Project guests no longer are able to see refs page.
Delete confidential todos for user when downgraded to Guest.


Other (1 change)

Fix due date test. !23845


11.6.0 (2018-12-22)

Security (24 changes, 1 of them is from the community)

Fix possible XSS attack in Markdown urls with spaces. !2599
Update rack to 2.0.6 (for QA environments). !23171 (Takuya Noguchi)
Bump nokogiri, loofah, and rack gems for security updates. !23204
Encrypt runners tokens. !23412
Encrypt CI/CD builds authentication tokens. !23436
Configure mermaid to not render HTML content in diagrams.
Fix a possible symlink time of check to time of use race condition in GitLab Pages.
Removed ability to see private group names when the group id is entered in the url.
Fix stored XSS for Environments.
Fix persistent symlink in project import.
Fixed ability of guest users to edit/delete comments on locked or confidential issues.
Fixed ability to comment on locked/confidential issues.
Fix CRLF vulnerability in Project hooks.
Fix SSRF in project integrations.
Resolve reflected XSS in Ouath authorize window.
Restrict Personal Access Tokens to API scope on web requests.
Provide email notification when a user changes their email address.
Don't expose confidential information in commit message list.
Validate LFS hrefs before downloading them.
Do not follow redirects in Prometheus service when making http requests to the configured api url.
Escape user fullname while rendering autocomplete template to prevent XSS.
Redact sensitive information on gitlab-workhorse log.
Fix milestone promotion authorization check.
Prevent a path traversal attack on global file templates.


Removed (1 change)

Remove obsolete gitlab_shell rake tasks. !22417


Fixed (86 changes, 13 of them are from the community)

Remove limit of 100 when searching repository code. !8671
Show error message when attempting to reopen an MR and there is an open MR for the same branch. !16447 (Akos Gyimesi)
Fix a bug where internal email pattern wasn't respected. !22516
Fix project selector consistency in groups issues / MRs / boards pages. !22612 (Heinrich Lee Yu)
Add empty state for graphs with no values. !22630
Fix navigating by unresolved discussions on Merge Request page. !22789
Fix "merged with [commit]" info for merge requests being merged automatically by other actions. !22794
Fixing regression issues on pages settings and details. !22821
Remove duplicate primary button in dashboard snippets on small viewports. !22902 (George Tsiolis)
Fix API::Namespaces routing to accept namepaces with dots. !22912
Switch kubernetes:active with checking in Auto-DevOps.gitlab-ci.yml. !22929
Avoid Gitaly RPC errors when fetching diff stats. !22995
Removes promote to group label for anonymous user. !23042 (Jacopo Beschi @jacopo-beschi)
Fix enabling project deploy key for admins. !23043
Align issue status label and confidential icon. !23046 (George Tsiolis)
Fix default sorting for subgroups and projects list. !23058 (Jacopo Beschi @jacopo-beschi)
Hashed Storage: allow migration to be retried in partially migrated projects. !23087
Fix line height of numbers in file blame view. !23090 (Johann Hubert Sonntagbauer)
Fixes an issue where default values from models would override values set in the interface (e.g. users would be set to external even though their emails matches the internal email address pattern). !23114
Remove display of local Sidekiq process in /admin/sidekiq. !23118
Fix unrelated deployment status in MR widget. !23175
Respect confirmed flag on secondary emails. !23181
Restrict member access level to be higher than that of any parent group. !23226
Return real deployment status to frontend. !23270
Handle force_remove_source_branch when creating merge request. !23281
Avoid creating invalid refs using rugged, shelling out for writing refs. !23286
Remove needless auto-capitalization on Wiki page titles. !23288
Modify the wording for the knative cluster application to match upstream. !23289 (Chris Baumbauer)
Change container width for project import. !23318 (George Tsiolis)
Validate chunk size when persist. !23341
Resolve Main navbar is broken in certain viewport widths. !23348
Gracefully handle references with null bytes. !23365
Display commit ID for commit diff discussion on merge request. !23370
Pass commit when posting diff discussions. !23371
Fix flash notice styling for fluid layout. !23382
Add monkey patch to unicorn to fix eof? problem. !23385
Commits API: Preserve file content in move operations if unspecified. !23387
Disable password autocomplete in mirror form fill. !23402
Fix "protected branches only" checkbox not set properly at init. !23409
Support RSA and ECDSA algorithms in Omniauth JWT provider. !23411 (Michael Tsyganov)
Make KUBECONFIG nil if KUBE_TOKEN is nil. !23414
Allow search and sort users at same time on admin users page. !23439
Fix: Unstar icon button is misaligned. !23444
Fix error when searching for group issues with priority or popularity sort. !23445
Fix Order By dropdown menu styling in tablet and mobile screens. !23446
Fix collapsing discussion replies. !23462
Gracefully handle unknown/invalid GPG keys. !23492
Fix multiple commits shade overlapping vertical discussion line. !23515
Use read_repository scope on read-only files API. !23534
Avoid 500's when serializing legacy diff notes. !23544
Fix web hook functionality when the database encryption key is too short. !23573
Hide Knative from group cluster applications until supported. !23577
Add top padding for nested environment items loading icon. !23580 (George Tsiolis)
Improve help and validation sections of maximum build timeout inputs. !23586
Fix milestone select in issue sidebar of issue boards. !23625
Fix gitlab:web_hook tasks. !23635
Avoid caching BroadcastMessage as an ActiveRecord object. !23662
Only allow strings in URL::Sanitizer.valid?. !23675
Fix a frozen string error in app/mailers/notify.rb. !23683
Fix a frozen string error in lib/gitlab/utils.rb. !23690
Fix MR resolved discussion counts being too low. !23710
Fix a potential frozen string error in app/mailers/notify.rb. !23728
Remove unnecessary div from MarkdownField to apply list styles correctly. !23733
Display reply field if resolved discussion has no replies. !23801
Restore kubernetes:active in Auto-DevOps.gitlab-ci.yml (reverts 22929). !23826
Fix mergeUrlParams with fragment URL. !54218 (Thomas Holder)
Fixed multiple diff line discussions not expanding.
Fixed diff files expanding not loading commit content.
Fixed styling of image comment badges on commits.
Resolve possible cherry pick API race condition.
When user clicks linenumber in MR changes, highlight that line.
Remove old webhook logs after 90 days, as documented, instead of after 2.
Add an external IP address to the knative cluster application page. (Chris Baumbauer)
Fixed duplicate discussions getting added to diff lines.
Fix deadlock on ChunkedIO.
Show tree collapse button for merge request commit diffs.
Use approximate count for big tables for usage statistics.
Lock writes to trace stream.
Ensure that SVG sprite icons are properly rendered in IE11.
Make new branch form fields' fonts consistent.
Open first 10 merge request files in IDE.
Prevent user from navigating away from file edit without commit.
Prevent empty button being rendered in empty state.
Adds margins between tags when a job is stuck.
Fix Image Lazy Loader for some older browsers.
Correctly styles tags in sidebar for job page.


Changed (34 changes, 9 of them are from the community)

Include new link in breadcrumb for issues, merge requests, milestones, and labels. !18515 (George Tsiolis)
Allow sorting issues and MRs in reverse order. !21438
Design improvements to project overview page. !22196
Remove auto deactivation when failed to create a pipeline via pipeline schedules. !22243
Use group clusters when deploying (DeploymentPlatform). !22308
Improve initial discussion rendering performance. !22607
removes partially matching of No Label filter and makes it case-insensitive. !22622 (Jacopo Beschi @jacopo-beschi)
Use search bar for filtering in dashboard issues / MRs. !22641 (Heinrich Lee Yu)
Show different empty state for filtered issues and MRs. !22775 (Heinrich Lee Yu)
Relocate JSONWebToken::HMACToken from EE. !22906
Resolve Add border around the repository file tree. !23018
Change breadcrumb title for contribution charts. !23071 (George Tsiolis)
Update environments metrics empty state. !23074 (George Tsiolis)
Refine cursor positioning in Markdown Editor for wrap tags. !23085 (Johann Hubert Sonntagbauer)
Use reports syntax for SAST in Auto DevOps. !23163
SystemCheck: Use a more reliable way to detect current Ruby version. !23291
Changed frontmatter filtering to support YAML, JSON, TOML, and arbitrary languages. !23331 (Travis Miller)
Don't remove failed install pods after installing GitLab managed applications. !23350
Expose merge request pipeline variables. !23398
Scope default MR search in WebIDE dropdown to current project. !23400
Show user contributions in correct timezone within user profile. !23419
Redesign of MR header sections (CE). !23465
Auto DevOps: Add echo for each branch of the deploy() function where we run helm upgrade. !23499
Updates service to update Kubernetes project namespaces and restricted service account if present. !23525
Adjust divider margin to comply with design specs. !23548
Adjust dropdown item and header padding to comply with design specs. !23552
Truncate merge request titles with periods instead of ellipsis. !23558
Remove close icon from projects dropdown in issue boards. !23567
Change dropdown divider color to gray-200 (#dfdfdf). !23592
Define the default value for only/except policies. !23765
Don't show Memory Usage for unmerged MRs.
reorder notification settings by noisy-ness. (C.J. Jameson)
Changed merge request filtering to be by path instead of name.
Make diff file headers sticky.


Performance (22 changes, 6 of them are from the community)

Upgrade to Ruby 2.5.3. !2806
Removes all the irrelevant code and columns that were migrated from the Project table over to the ProjectImportState table. !21497
Approximate counting strategy with TABLESAMPLE. !22650
Replace tooltip directive with gl-tooltip diretive in badges, cycle analytics, and diffs. !22770 (George Tsiolis)
Validate foreign keys being created and indexed for column with _id. !22808
Remove monospace extend. !23089 (George Tsiolis)
Use Nokogiri as the ActiveSupport XML backend. !23136
Improve memory performance by reducing dirty pages after fork(). !23169
Add partial index for ci_builds on project_id and status. !23268
Reduce Gitaly calls in projects dashboard. !23307
Batch load only data from same repository when lazy object is accessed. !23309
Add index for events on project_id and created_at. !23354
Remove index for notes on updated_at. !23356
Improves performance of Project#readme_url by caching the README path. !23357
Populate MR metrics with events table information (migration). !23564
Remove unused data from discussions endpoint. !23570
Speed up issue board lists in groups with many projects.
Use cached size when passing artifacts to Runner.
Enable even more frozen string for lib/gitlab. (gfyoung)
Enable even more frozen string in lib/gitlab/**/*.rb. (gfyoung)
Enable even more frozen string in lib/gitlab/**/*.rb. (gfyoung)
Enable even more frozen string for lib/gitlab. (gfyoung)


Added (32 changes, 13 of them are from the community)

Add ability to create group level clusters and install gitlab managed applications. !22450
Creates /create_merge_request quickaction. !22485 (Jacopo Beschi @jacopo-beschi)
Filter by None/Any for labels in issues/mrs API. !22622 (Jacopo Beschi @jacopo-beschi)
Chat message push notifications now include links back to GitLab branches. !22651 (Tony Castrogiovanni)
Added feature flag to signal content headers detection by Workhorse. !22667
Add Discord integration. !22684 (@blackst0ne)
Upgrade helm to 2.11.0 and upgrade on every install. !22693
Add knative client to kubeclient library. !22968 (cab105)
Allow SSH public-key authentication for push mirroring. !22982
Allow deleting a Pipeline via the API. !22988
#40635: Adds support for cert-manager. !23036 (Amit Rathi)
WebIDE: Pressing Ctrl-Enter while typing on the commit message now performs the commit action. !23049 (Thomas Pathier)
Adds Any option to label filters. !23111 (Jacopo Beschi @jacopo-beschi)
Added glob for CI changes detection. !23128 (Kirill Zaitsev)
Add model and relation to store repo full path in database. !23143
Add ability to render suggestions. !23147
Introduce Knative and Serverless Components. !23174 (Chris Baumbauer)
Use BFG object maps to clean projects. !23189
Merge request pipelines. !23217
Extended user centric tooltips on issue and MR page. !23231
Add a rebase API endpoint for merge requests. !23296
Add config to prohibit impersonation. !23338
Merge request pipeline tag, and adds tags to pipeline view. !23364
#52753: HTTPS for JupyterHub installation. !23479 (Amit Rathi)
Fill project_repositories for hashed storage projects. !23482
Ability to override email for cert-manager. !23503 (Amit Rathi)
Allow public forks to be deduplicated. !23508
Pipeline trigger variable values are hidden in the UI by default. Maintainers have the option to reveal them. !23518 (jhampton)
Add new endpoint to download single artifact file for a ref. !23538
Log and pass correlation-id between Unicorn, Sidekiq and Gitaly.
Allow user to scroll to top of tab on MR page.
Adds states to the deployment widget.


Other (54 changes, 30 of them are from the community)

Switch to Rails 5. !21492
Migration to write fullpath in all repository configs. !22322
Rails5: env is deprecated and will be removed from Rails 5.1. !22626 (Jasper Maes)
Update haml_lint to 0.28.0. !22660 (Takuya Noguchi)
Update ffaker to 2.10.0. !22661 (Takuya Noguchi)
Drop gcp_clusters table. !22713
Upgrade minimum required Git version to 2.18.0. !22803
Adds new icon size to Vue icon component. !22899
Make sure there's only one slash as path separator. !22954
Show HTTP response code for Kubernetes errors. !22964
Update config map for gitlab managed application if already present on install. !22969
Drop default value on status column in deployments table. !22971
UI improvements to user's profile. !22977
Update asana to 0.8.1. !23039 (Takuya Noguchi)
Update asciidoctor to 1.5.8. !23047 (Takuya Noguchi)
Make auto-generated icons for subgroups in the breadcrumb dropdown display as a circle. !23062 (Thomas Pathier)
Make reply shortcut only quote selected discussion text. !23096 (Thomas Pathier)
Fix typo in notebook props. !23103 (George Tsiolis)
Fix typos in lib. !23106 (George Tsiolis)
Rename diffs store variable. !23123 (George Tsiolis)
Fix overlapping navbar separator and overflowing navbar dropdown on small displays. !23126 (Thomas Pathier)
Show what RPC is called in the performance bar. !23140
Updated Gitaly to v0.133.0. !23148
Rails5: Passing a class as a value in an Active Record query is deprecated. !23164 (Jasper Maes)
Fix project identicon aligning Harry Kiselev. !23166 (Harry Kiselev)
Fix horizontal scrollbar overlapping on horizontal scrolling-tabs. !23167 (Harry Kiselev)
Fix bottom paddings of profile header and some markup updates of profile. !23168 (Harry Kiselev)
Fixes to AWS documentation spelling and grammar. !23198 (Brendan O'Leary)
Adds a PHILOSOPHY.md which references GitLab Product Handbook. !23200
Externalize strings from /app/views/invites. !23205 (Tao Wang)
Externalize strings from /app/views/project/runners. !23208 (Tao Wang)
Fix typo for scheduled pipeline. !23218 (Davy Defaud)
Force content disposition attachment to several endpoints. !23223
Upgrade kubeclient to 4.0.0. !23261 (Praveen Arimbrathodiyil @pravi)
Update used version of Runner Helm Chart to 0.1.38. !23304
render :nothing option is deprecated, Use head method to respond with empty response body. !23311 (Jasper Maes)
Passing an argument to force an association to reload is now deprecated. !23334 (Jasper Maes)
Externalize strings from /app/views/snippets. !23351 (Tao Wang)
Fix deprecation: You are passing an instance of ActiveRecord::Base to. !23369 (Jasper Maes)
Resolve status emoji being replaced by avatar on mobile. !23408
Fix deprecation: render :text is deprecated because it does not actually render a text/plain response. !23425 (Jasper Maes)
Fix lack of documentation on how to fetch a snippet's content using API. !23448 (Colin Leroy)
Upgrade GitLab Workhorse to v7.3.0. !23489
Fallback to admin KUBE_TOKEN for project clusters only. !23527
Update used version of Runner Helm Chart to 0.1.39. !23633
Show primary button when all labels are prioritized. !23648 (George Tsiolis)
Upgrade workhorse to 7.6.0. !23694
Upgrade Gitaly to v1.7.1 for correlation-id logging. !23732
Fix due date test. !23845
Remove unused project method. !54103 (George Tsiolis)
Uses new gitlab-ui components in Jobs and Pipelines components.
Replaces tooltip directive with the new gl-tooltip directive for consistency in some ci/cd code.
Bump gpgme gem version from 2.0.13 to 2.0.18. (asaparov)
Enable Rubocop on lib/gitlab. (gfyoung)


11.5.11 (2019-04-23)

Fixed (2 changes)

Bring back Rugged implementation of find_commit. !25477
Avoid excessive recursive calls with Rugged TreeEntries. !26813


Performance (1 change)

Bring back Rugged implementation of ListCommitsByOid. !27441


Other (4 changes)

Bring back Rugged implementation of GetTreeEntries. !25674
Bring back Rugged implementation of CommitIsAncestor. !25702
Bring back Rugged implementation of TreeEntry. !25706
Bring back Rugged implementation of commit_tree_entry. !25896


11.5.8 (2019-01-28)

Security (21 changes)

Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770 (closed)

Don't process MR refs for guests in the notes. !2771
Fixed XSS content in KaTex links.
Verify that LFS upload requests are genuine.
Extract GitLab Pages using RubyZip.
Prevent awarding emojis to notes whose parent is not visible to user.
Prevent unauthorized replies when discussion is locked or confidential.
Disable git v2 protocol temporarily.
Fix showing ci status for guest users when public pipline are not set.
Fix contributed projects info still visible when user enable private profile.
Disallows unauthorized users from accessing the pipelines section.
Add more LFS validations to prevent forgery.
Use common error for unauthenticated users when creating issues.
Fix slow regex in project reference pattern.
Fix private user email being visible in push (and tag push) webhooks.
Fix wiki access rights when external wiki is enabled.
Fix path disclosure on project import error.
Restrict project import visibility based on its group.
Expose CI/CD trigger token only to the trigger owner.
Notify only users who can access the project on project move.
Alias GitHub and BitBucket OAuth2 callback URLs.


11.5.5 (2018-12-20)

Security (1 change)

Fix persistent symlink in project import.


11.5.3 (2018-12-06)

Security (1 change)

Prevent a path traversal attack on global file templates.


11.5.2 (2018-12-03)

Removed (1 change)

Removed Site Statistics optimization as it was causing problems. !23314


Fixed (6 changes, 1 of them is from the community)

Display impersonation token value only after creation. !22916
Fix not render emoji in filter dropdown. !23112 (Hiroyuki Sato)
Fixes stuck tooltip on stop env button. !23244
Correctly handle data-loss scenarios when encrypting columns. !23306
Clear BatchLoader context between Sidekiq jobs. !23308
Fix handling of filenames with hash characters in tree view. !23368


11.5.1 (2018-11-26)

Security (17 changes)

Escape user fullname while rendering autocomplete template to prevent XSS.
Fix CRLF vulnerability in Project hooks.
Fix possible XSS attack in Markdown urls with spaces.
Redact sensitive information on gitlab-workhorse log.
Do not follow redirects in Prometheus service when making http requests to the configured api url.
Don't expose confidential information in commit message list.
Provide email notification when a user changes their email address.
Restrict Personal Access Tokens to API scope on web requests.
Resolve reflected XSS in Ouath authorize window.
Fix SSRF in project integrations.
Fixed ability to comment on locked/confidential issues.
Fixed ability of guest users to edit/delete comments on locked or confidential issues.
Fix milestone promotion authorization check.
Configure mermaid to not render HTML content in diagrams.
Fix a possible symlink time of check to time of use race condition in GitLab Pages.
Removed ability to see private group names when the group id is entered in the url.
Fix stored XSS for Environments.


11.5.0 (2018-11-22)

Security (10 changes, 1 of them is from the community)

Escape entity title while autocomplete template rendering to prevent XSS. !2556
Update moment to 2.22.2. !22648 (Takuya Noguchi)
Redact personal tokens in unsubscribe links.
Escape user fullname while rendering autocomplete template to prevent XSS.
Persist only SHA digest of PersonalAccessToken#token.
Monkey kubeclient to not follow any redirects.
Prevent SSRF attacks in HipChat integration.
Prevent templated services from being imported.
Validate Wiki attachments are valid temporary files.
Fix XSS in merge request source branch name.


Removed (2 changes)

Remove Git circuit breaker. !22212
Remove Koding integration and documentation. !22334


Fixed (74 changes, 15 of them are from the community)

Hide all tables on Pipeline when no Jobs for the Pipeline. !18540 (Takuya Noguchi)
Fixing count on Milestones. !21446
Use case insensitive username lookups. !21728 (William George)
Correctly process Bamboo API result array. !21970 (Alex Lossent)
Fix 'merged with' UI being displayed when merge request has no merge commit. !22022
Fix broken file name navigation on MRs. !22109
Fix incorrect spacing between buttons when commenting on a MR. !22135
Vertical align Pipeline Graph in Commit Page. !22173 (Johann Hubert Sonntagbauer)
Reject invalid branch names in repository compare controller. !22186
Fix size of emojis of user status in user menu. !22194
Use the standard PIP_CACHE_DIR for Python dependency caching template. !22211 (Takuya Noguchi)
Fix bug with wiki attachments content disposition. !22220
Does not allow a SSH URI when importing new projects. !22309
fix duplicated key in license management job auto devops gitlab ci template. !22311 (Adam Lemanski)
Fix commit signature error when project is disabled. !22344
Show available clusters when installed or updated. !22356
Fix auto-corrected upload URLs in webhooks. !22361
Fix a bug displaying certain wiki pages. !22377
Fix prometheus graphs in firefox. !22400
Resolve assign-me quick action doesn't work if there is extra white space. !22402
Remove base64 encoding from files that contain plain text. !22425
Strip whitespace around GitHub personal access tokens. !22432
Fix 500 error when testing webhooks with redirect loops. !22447 (Heinrich Lee Yu)
Fix rendering of 'Protected' value on Runner details page. !22459
Fix bug stopping non-admin users from changing visibility level on group creation. !22468
Make Issue Board sidebar show project-specific labels based on selected Issue. !22475
Fix EOF detection with CI artifacts metadata. !22479
Fix transient spec error in the bar_chart component. !22495
Resolve LFS not correctly showing enabled. !22501
If user was not found, service hooks won't run on post receive background job. !22519
Fix broken "Show whitespace changes" button on MRs. !22539
Always show new issue button in boards' Open list. !22557 (Heinrich Lee Yu)
Add transparent background to markdown header tabs. !22565 (George Tsiolis)
Use gitlab_environment for ldap rake task. !22582
Add commit message to commit tree anchor title. !22585
Cache pipeline status per SHA. !22589
Change HELM_HOST in Auto-DevOps template to work behind proxy. !22596 (Sergej Nikolaev kinolaev@gmail.com)
Show user status for label events in system notes. !22609
Fix extra merge request versions created from forked merge requests. !22611
Remove PersonalAccessTokensFinder#find_by method. !22617
Fix search "all in GitLab" not working with relative URLs. !22644
Fix quick links button styles. !22657 (George Tsiolis)
Fix #53298: JupyterHub restarts should work without errors. !22671 (Amit Rathi)
Fix incompatibility with IE11 due to non-transpiled gitlab-ui components. !22695
Fix bug when links in tabs of the labels index pages ends with .html. !22716
Fixed label removal from issue. !22762
Align toggle sidebar button across all browsers and OSs. !22771
Disable replication lag check for Aurora PostgreSQL databases. !22786
Render unescaped link for failed pipeline status. !22807
Fix misaligned approvers dropdown. !22832
Fix bug with wiki page create message. !22849
Fix rendering of filter bar tokens for special values. !22865 (Heinrich Lee Yu)
Align sign in button. !22888 (George Tsiolis)
Fix error handling bugs in kubernetes integration. !22922
Fix deployment jobs using nil KUBE_TOKEN due to migration issue. !23009
Avoid returning deployment metrics url to MR widget when the deployment is not successful. !23010
Fix a race condition intermittently breaking GitLab startup. !23028
Adds margin after a deleted branch name in the activity feed. !23038
Ignore environment validation failure. !23100
Adds CI favicon back to jobs page.
Redirect to the pipeline builds page when a build is canceled. (Eva Kadlecova)
Fixed diff stats not showing when performance bar is enabled.
Show expand all diffs button when a single diff file is collapsed.
Clear fetched file templates when changing template type in Web IDE.
Fix bug causing not all emails to show up in commit email selectbox.
Remove duplicate escape in job sidebar.
Fixing styling issues on the scheduled pipelines page.
Fixes broken test in master.
Renders stuck block when runners are stuck.
Removes extra border from test reports in the merge request widget.
Fixes broken borders for reports section in MR widget.
Only render link to branch when branch still exists in pipeline page.
Fixed source project not filtering in merge request creation compare form.
Do not reload self on hooks when creating deployment.


Changed (38 changes, 12 of them are from the community)

Link button in markdown editor recognize URLs. !1983 (Johann Hubert Sonntagbauer)
Replace i to icons in vue components. !20748 (George Tsiolis)
Remove Linguist gem, reducing Rails memory usage by 128MB per process. !21008
Issue board card design. !21229
On deletion of a file in sub directory in web IDE redirect to the sub directory instead of project root. !21465 (George Thomas @thegeorgeous)
Change single-item breadcrumbs to page titles. !22155
Improving branch filter sorting by listing exact matches first and added support for begins_with (^) and ends_with ($) matching. !22166 (Jason Rutherford)
Remove legacy unencrypted webhook columns from the database. !22199
Show canary status in the performance bar. !22222
Add failure reason for execution timeout. !22224
Rename "scheduled" label/badge of delayed jobs to "delayed". !22245
Update the empty state on wiki-only projects to display an empty state that is more consistent with the rest of the system. !22262
Add IID headers to E-Mail notifications. !22263
Allow finding the common ancestor for multiple revisions through the API. !22295
Add status to Deployment. !22380
Add dynamic timer to delayed jobs. !22382
No longer require a deploy to start Prometheus monitoring. !22401
Secret Variables renamed to CI Variables in the codebase, to match UX. !22414 (Marcel Amirault @ravlen)
Automatically navigate to last board visited. !22430
Use merge request prefix symbol in event feed title. !22449 (George Tsiolis)
Update Ruby version in README. !22466 (J.D. Bean)
Reword error message for internal CI unknown pipeline status. !22474
Bump mermaid to 8.0.0-rc.8. !22509 (@blackst0ne)
Update Todo icons in collapsed sidebar for Issues and MRs. !22534
Support backward compatibility when introduce new failure reason. !22566
Add dynamic timer for delayed jobs in pipelines list. !22621
Truncate milestone title on collapsed sidebar. !22624 (George Tsiolis)
Standardize milestones filter in APIs to None / Any. !22637 (Heinrich Lee Yu)
Add dynamic timer for delayed jobs in job list. !22656
Allowing issues with single letter identifiers to be linked to external issue tracker (f.ex T-123). !22717 (Dídac Rodríguez Arbonès)
Update project and group labels empty state. !22745 (George Tsiolis)
Fix environment status in merge request widget. !22799
Paginate Bitbucket Server importer projects. !22825
Drop allow_overflow option in TimeHelper.duration_in_numbers. !52284
Add 'only history' option to notes filter.
Adds filtered dropdown with changed files in review.
Expose {closed,merged}_{at,by} in merge requests API index.
Make all legacy security reports to use raw format.


Performance (27 changes, 6 of them are from the community)

Add preload for routes and namespaces for issues controller. !21651
Enhance performance of counting local LFS objects. !22143
Use cached readme contents when available. !22325
Experimental support for running Puma multithreaded web-server. !22372
Enhance performance of counting local Uploads. !22522
Reduce SQL queries needed to load open merge requests. !22709
Significantly cut memory usage and SQL queries when reloading diffs. !22725
Optimize merge request refresh by using the database to check commit SHAs. !22731
Remove dind from license_management auto-devops job definition. !22732
Add index to find stuck merge requests. !22749
Allow Rails concurrency when running in Puma. !22751
Improve performance of rendering large reports. !22835
Improves performance of stuck import jobs detection. !22879
Rewrite SnippetsFinder to improve performance by a factor of 1500.
Enable more frozen string in lib/**/*.rb. (gfyoung)
Enable some frozen string in lib/gitlab. (gfyoung)
Enable even more frozen string in lib/**/*.rb. (gfyoung)
Improve performance of tree rendering in repositories with lots of items.
Remove gitlab-ui's tooltip from global.
Remove gitlab-ui's progress bar from global.
Remove gitlab-ui's pagination from global.
Remove gitlab-ui's modal from global.
Remove gitlab-ui's loading icon from global.
Enable frozen string for lib/gitlab/*.rb. (gfyoung)
Enable frozen string for lib/gitlab/ci. (gfyoung)
Enable frozen string for remaining lib/gitlab/ci/**/*.rb. (gfyoung)
Adds pagination to pipelines table in merge request page.


Added (33 changes, 11 of them are from the community)

Add endpoint to update a git submodule reference. !20949
Add license data to projects endpoint. !21606 (J.D. Bean (@jdbean))
Allow to configure when to retry failed CI jobs. !21758 (Markus Doits)
Add API endpoint to list issue related merge requests. !21806 (Helmut Januschka)
Add the Play button for delayed jobs in environment page. !22106
Switch between tree list & file list in diffs file browser. !22191
Re-arrange help-related user menu items into new Help menu. !22195
Adds trace of each access check when git push times out. !22265
Add email for milestone change. !22279
Show post-merge pipeline in merge request page. !22292
Add Applications API endpoints for listing and deleting entries. !22296 (Jean-Baptiste Vasseur)
Added Any option to milestones filter. !22351 (Heinrich Lee Yu)
Improve validation errors for external CI/CD configuration. !22394
Introduce new model to persist specific cluster information. !22404
Add background migration to populate Kubernetes namespaces. !22433
Add support for JSON logging for audit events. !22471
Adds option to override commit email with a noreply private email. !22560
Add None/Any option for assignee_id in Issues and Merge Requests API. !22598 (Heinrich Lee Yu)
Add None/Any option for assignee_id in search bar. !22599 (Heinrich Lee Yu)
Implement parallel job keyword. !22631
Add None / Any options to reactions filter. !22638 (Heinrich Lee Yu)
Make index.* render like README.* when it's present in a repository. !22639 (Jakub Jirutka)
Allow adding patches when creating a merge request via email. !22723 (Serdar Dogruyol)
Bump Gitaly to 0.129.0. !22868
Allow commenting on any diff line in Merge Requests. !22914
Add revert to commits API. !22919
Introduce Knative support. !43959 (Chris Baumbauer)
Reimplemented image commenting in merge request diffs.
Soft-archive old jobs.
Renders warning info when job is archieved.
Support licenses and performance.
Filter notes by comments or activity for issues and merge requests.
Bump Gitaly to 0.128.0.


Other (54 changes, 18 of them are from the community)

Remove .card-title from .card-header for BS4 migration. !19335 (Takuya Noguchi)
Update group settings/edit page to new design. !21115
Change markdown header tab anchor links to buttons. !21988 (George Tsiolis)
Replace tooltip in markdown component with gl-tooltip. !21989 (George Tsiolis)
Extend RBAC by having a service account restricted to project's namespace. !22011
Update images in group docs. !22031 (Marc Schwede)
Add gitlab:gitaly:check task for Gitaly health check. !22063
Add new sort option "most_stars" to "Group > Children" pages. !22121 (Rene Hennig)
Fix inaccessible dropdown for code-less projects. !22137
Rails5: fix user edit profile clear status spec. !22169 (Jasper Maes)
Rails 5: fix mysql milliseconds problems in scheduled build specs. !22170 (Jasper Maes)
Focus project slug on tab navigation. !22198
Redesign activity feed. !22217
Update used version of Runner Helm Chart to 0.1.34. !22274
Update environments empty state. !22297 (George Tsiolis)
Adds model and migrations to enable group level clusters. !22307
Use literal instead of constructor for creating regex. !22367
Remove prometheus configuration help text. !22413 (George Tsiolis)
Rails5: fix deployment model spec. !22428 (Jasper Maes)
Change to top level controller for clusters so that we can use it for project clusters (now) and group clusters (later). !22438
Remove empty spec describe blocks. !22451 (George Tsiolis)
Change branch font type in tag creation. !22454 (George Tsiolis)
Rails5: fix delete blob. !22456 (Jasper Maes)
Start tracking shards and pool repositories in the database. !22482
Allow kubeclient to call RoleBinding methods. !22524
Introduce new kubernetes helpers. !22525
Adds container to pager to enable scoping. !22529
Update used version of Runner Helm Chart to 0.1.35. !22541
Removes experimental labels from cluster views. !22550
Combine all datetime library functions into 'datetime_utility.js'. !22570
Upgrade Prometheus to 2.4.3 and Alertmanager to 0.15.2. !22600
Fix stage dropdown not rendering in different languages. !22604
Remove asset_sync gem from Gemfile and related code from codebase. !22610
Use key-value pair arrays for API query parameter logging instead of hashes. !22623
Replace deprecated uniq on a Relation with distinct. !22625 (Jasper Maes)
Remove mousetrap-rails gem. !22647 (Takuya Noguchi)
Fix IDE typos in props. !22685 (George Tsiolis)
Add scheduled flag to job entity. !22710
Remove ci_enable_scheduled_build feature flag. !22742
Add endpoints for simulating certain failure modes in the application. !22746
Bump KUBERNETES_VERSION for Auto DevOps to latest 1.10 series. !22757
Fix statement timeouts in RemoveRestrictedTodos migration. !22795
Rails5: fix mysql milliseconds issue in deployment model specs. !22850 (Jasper Maes)
Update GitLab-Workhorse to v7.1.0. !22883
Update JIRA service UI to accept email and API token.
Update wiki empty state. (George Tsiolis)
Only renders dropdown for review app changes when we have a list of files to show. Otherwise will render the regular review app button.
Associate Rakefile with Ruby icon in diffs.
Uses gitlab-ui components in jobs components.
Create new group: Rename form fields and update UI.
Transform job page into a single Vue+Vuex application.
Updates svg dependency.
Adds missing i18n to pipelines table.
Disables stop environment button while the deploy is in progress.


11.4.9 (2018-12-03)

Fixed (2 changes)

Display impersonation token value only after creation. !22916
Correctly handle data-loss scenarios when encrypting columns. !23306


11.4.8 (2018-11-27)

Security (24 changes)

Escape entity title while autocomplete template rendering to prevent XSS. !2571
Resolve reflected XSS in Ouath authorize window.
Fix XSS in merge request source branch name.
Escape user fullname while rendering autocomplete template to prevent XSS.
Fix CRLF vulnerability in Project hooks.
Fix possible XSS attack in Markdown urls with spaces.
Redact sensitive information on gitlab-workhorse log.
Do not follow redirects in Prometheus service when making http requests to the configured api url.
Persist only SHA digest of PersonalAccessToken#token.
Don't expose confidential information in commit message list.
Provide email notification when a user changes their email address.
Restrict Personal Access Tokens to API scope on web requests.
Redact personal tokens in unsubscribe links.
Fix SSRF in project integrations.
Fixed ability to comment on locked/confidential issues.
Fixed ability of guest users to edit/delete comments on locked or confidential issues.
Fix milestone promotion authorization check.
Monkey kubeclient to not follow any redirects.
Configure mermaid to not render HTML content in diagrams.
Fix a possible symlink time of check to time of use race condition in GitLab Pages.
Removed ability to see private group names when the group id is entered in the url.
Fix stored XSS for Environments.
Prevent SSRF attacks in HipChat integration.
Validate Wiki attachments are valid temporary files.


11.4.7 (2018-11-20)

No changes.


11.4.6 (2018-11-18)

Security (1 change)

Escape user fullname while rendering autocomplete template to prevent XSS.


11.4.5 (2018-11-04)

Fixed (4 changes, 1 of them is from the community)

fix link to enable usage ping from convdev index. !22545 (Anand Capur)
Update gitlab-ui dependency to 1.8.0-hotfix.1 to fix IE11 bug.
Remove duplicate escape in job sidebar.
Fixed merge request fill tree toggling not respecting fluid width preference.


Other (1 change)

Fix stage dropdown not rendering in different languages.


11.4.4 (2018-10-30)

Security (1 change)

Monkey kubeclient to not follow any redirects.


11.4.3 (2018-10-26)

No changes.


11.4.2 (2018-10-25)

Security (5 changes)

Escape entity title while autocomplete template rendering to prevent XSS. !2571
Persist only SHA digest of PersonalAccessToken#token.
Redact personal tokens in unsubscribe links.
Block loopback addresses in UrlBlocker.
Validate Wiki attachments are valid temporary files.


11.4.1 (2018-10-23)

Security (2 changes)

Fix XSS in merge request source branch name.
Prevent SSRF attacks in HipChat integration.


11.4.0 (2018-10-22)

Security (9 changes)

Filter user sensitive data from discussions JSON. !2536
Encrypt webhook tokens and URLs in the database. !21645
Redact confidential events in the API.
Set timeout for syntax highlighting.
Sanitize JSON data properly to fix XSS on Issue details page.
Markdown API no longer displays confidential title references unless authorized.
Properly filter private references from system notes.
Fix stored XSS in merge requests from imported repository.
Fix xss vulnerability sourced from package.json.


Removed (2 changes)

Remove background job throttling feature. !21748
Remove sidekiq info from performance bar.


Fixed (68 changes, 18 of them are from the community)

Fixes 500 for cherry pick API with empty branch name. !21501 (Jacopo Beschi @jacopo-beschi)
Fix sorting by priority or popularity on group issues page, when also searching issue content. !21521
Fix vertical alignment of text in diffs. !21573
Fix performance bar modal position. !21577
Bump KaTeX version to 0.9.0. !21625
Correctly show legacy diff notes in the merge request changes tab. !21652
Synchronize the default branch when updating a remote mirror. !21653
Filter group milestones based on user membership. !21660
Fix double title in merge request chat messages. !21670 (Kukovskii Vladimir)
Delete container repository tags outside of transaction. !21679
Images are no longer displayed in Todo descriptions. !21704
Fixed merge request widget discussion state not updating after resolving discussions. !21705
Vendor Auto-DevOps.gitlab-ci.yml to fix bug where the deploy job does not wait for Deployment to complete. !21713
Use Reliable Sidekiq fetch. !21715
No longer show open issues from archived projects in group issue board. !21721
Issue and MR count now ignores archived projects. !21721
Fix resizing of monitoring dashboard. !21730
Fix object storage uploads not working with AWS v2. !21731
Don't ignore first action when assign and unassign quick actions are used in the same comment. !21749
Align form labels following Bootstrap 4 docs. !21752
Respect the user commit email in more places. !21773
Use stats RPC when comparing diffs. !21778
Show commit details for selected commit in MR diffs. !21784
Resolve "Geo: Does not mark repositories as missing on primary due to stale cache". !21789
Fix leading slash in redirects and add rubocop cop. !21828 (Sanad Liaquat)
Fix activity titles for MRs in chat notification services. !21834
Hides Close Merge request btn on merged Merge request. !21840 (Jacopo Beschi @jacopo-beschi)
Doesn't synchronize the default branch for push mirrors. !21861
Fix broken styling when issue board is collapsed. !21868 (Andrea Leone)
Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse. !21870 (David Piegza)
Fix resolved discussions being unresolved when commented on. !21881
Fix timeout when running the RemoveRestrictedTodos background migration. !21893
Enable the ability to use the force env for rebuilding authorized_keys during a restore. !21896
Fix link handling for issue cards to avoid too sensitive drag events. !21910 (Johann Hubert Sonntagbauer)
Guard against a login attempt with invalid CSRF token. !21934
Allow setting user's organization and location attributes through the API by adding them to the list of allowed parameters. !21938 (Alexis Reigel)
Includes commit stats in POST project commits API. !21968 (Jacopo Beschi @jacopo-beschi)
Fix loading issue on some merge request discussion. !21982
Prevent Error 500s with invalid relative links. !22001
Fix stale issue boards after browser back. !22006 (Johann Hubert Sonntagbauer)
Filter issues without an Assignee via the API. !22009 (Eva Kadlecová)
Fixes modal button alignment. !22024 (Jacopo Beschi @jacopo-beschi)
Fix rendering placeholder notes. !22078
Instance Configuration page now displays correct SSH fingerprints. !22081
Fix showing diff file header for renamed files. !22089
Fix LFS uploaded images not being rendered. !22092
Fix the issue where long environment names aren't being truncated, causing the environment name to overlap into the column next to it. !22104
Trim whitespace when inviting a new user by email. !22119 (Jacopo Beschi @jacopo-beschi)
Fix incorrect parent path on group settings page. !22142
Update copy to clipboard button data for application secret. !22268 (George Tsiolis)
Improve MR file tree in smaller screens. !22273
Fix project deletion when there is a export available. !22276
Fixes stuck block URL linking to documentation instead of settings page. !22286
Fix caching issue with pipelines URL. !22293
Fix erased block not being rendered when job was erased. !22294
Load correct stage in the stages dropdown. !22317
Fixes close/reopen quick actions preview for issues and merge_requests. !22343 (Jacopo Beschi @jacopo-beschi)
Allow Issue and Merge Request sidebar to be toggled from collapsed state. !22353
Fix filter bar height bug when a tag is added.
Fix the state of the Done button when there is an error in the GitLab Todos section. (marcos8896)
Fix wrong text color of help text in merge request creation. (Gerard Montemayor)
Add borders and white background to markdown tables.
Fixed mention autocomplete in edit merge request.
Fix long webhook URL overflow for custom integration. (Kukovskii Vladimir)
Fixed file templates not fully being fetched in Web IDE.
Fixes performance bar looking for a key in a undefined prop.
Hides sidebar for job page in mobile.
Fixes triggered/created labeled in job header.


Changed (26 changes, 4 of them are from the community)

Enable unauthenticated access to public SSH keys via the API. !20118 (Ronald Claveau)
Support Kubernetes RBAC for GitLab Managed Apps when creating new clusters. !21401
Highlight current user in comments. !21406
Excludes project marked from deletion to projects API. !21542 (Jacopo Beschi @jacopo-beschi)
Improve install flow of Kubernetes cluster apps. !21567
Move including external files in .gitlab-ci.yml from Starter to Libre. !21603
Simplify runner registration token resetting. !21658
Filter any parameters ending with "key" in logs. !21688
Ensure the schema is loaded with post_migrations included. !21689
Updated icons used in filtered search dropdowns. !21694
Enable omniauth by default. !21700
Vendor Auto-DevOps.gitlab-ci.yml to refactor registry_login. !21714 (Laurent Goderre @LaurentGoderre)
Add Gitaly diff stats RPC client. !21732
Allow user to revoke an authorized application even if User OAuth applications setting is disabled in admin settings. !21835
Change vertical margin of page titles to 16px. !21888
Preserve order of project tags list. !21897
Avoid close icon leaving the modal header. !21904
Allow /copy_metadata for new issues and MRs. !21953
Link to the tag for a version on the help page instead of to the commit. !22015
Show SHA for pre-release versions on the help page. !22026
Use local tiller for Auto DevOps. !22036
Remove 'rbac_clusters' feature flag. !22096
Increased retained event data by extending events pruner timeframe to 2 years. !22145
Add installation type to backup information file. !22150
Remove duplicate button from the markdown header toolbar. !22192 (George Tsiolis)
Update to Rouge 3.3.0 including frozen string literals for improved memory usage.


Performance (17 changes, 6 of them are from the community)

Enable frozen string in app/controllers/**/*.rb.
Improve lazy image loading performance by using IntersectionObserver where available. !21565
Adds support for Gitaly ListLastCommitsForTree RPC in order to make bulk-fetch of commits more performant. !21921
Dont create license_management build when not included in license. !21958
Skip creating auto devops jobs for sast, container_scanning, dast, dependency_scanning when not licensed. !21959
Reduce queries needed to compute notification recipients. !22050
Banzai label ref finder - minimize SQL calls by sharing context more aggresively. !22070
Removes expensive dead code on main MR page request. !22153
Lazy load xterm custom colors css.
Mitigate N+1 queries when parsing commit references in comments.
Enable more frozen string in app/controllers/. (gfyoung)
Increase performance when creating discussions on diff.
Enable frozen string in lib/api and lib/backup. (gfyoung)
Enable frozen string in vestigial files. (gfyoung)
Enable frozen string for app/helpers/**/*.rb. (gfyoung)
Enable frozen string in app/graphql + app/finders. (gfyoung)
Enable even more frozen string in app/controllers. (gfyoung)


Added (37 changes, 21 of them are from the community)

Allow file templates to be requested at the project level. !7776 (closed)

Add /lock and /unlock quick actions. !15197 (Mehdi Lahmam (@mehlah))
Added search functionality for Work In Progress (WIP) merge requests. !18119 (Chantal Rollison)
pipeline webhook event now contain pipeline variables. !18171 (Pierre Tardy)
Add markdown header toolbar button to insert table. !18480 (George Tsiolis)
Add link button to markdown editor toolbar. !18579 (Jan Beckmann)
Add access control to GitLab pages and make it possible to enable/disable it in project settings. !18589 (Tuomo Ala-Vannesluoma)
Add a filter bar to the admin runners view and add a state filter. !19625 (Alexis Reigel)
Add a type filter to the admin runners view. !19649 (Alexis Reigel)
Allow user to choose the email used for commits made through GitLab's UI. !21213 (Joshua Campbell)
Add autocomplete drop down filter for project snippets. !21458 (Fabian Schneider)
Allow events filter to be set in the URL in addition to cookie. !21557 (Igor @igas)
Adds a initialize_with_readme parameter to POST /projects. !21617 (Steve)
Add ability to skip user email confirmation with API. !21630
Add sorting for labels on labels page. !21642
Set user status from within user menu. !21643
Copy nurtch demo notebooks at Jupyter startup. !21698 (Amit Rathi)
Allows to sort projects by most stars. !21762 (Jacopo Beschi @jacopo-beschi)
Allow pipelines to schedule delayed job runs. !21767
Added tree of changed files to merge request diffs. !21833
Add GitLab version components to CI environment variables. !21853
Allows to chmod file with commits API. !21866 (Jacopo Beschi @jacopo-beschi)
Make single diff patch limit configurable. !21886
Extend reports feature to support Security Products. !21892
Adds the user's public_email attribute to the API. !21909 (Alexis Reigel)
Update all gitlab CI templates from gitlab-org/gitlab-ci-yml. !21929
Add support for setting the public email through the api. !21938 (Alexis Reigel)
Support db migration and initialization for Auto DevOps. !21955
Add subscribe filter to group and project labels pages. !21965
Add support for pipeline only/except policy for modified paths. !21981
Docs for Project/Groups members API with inherited members. !21984 (Jacopo Beschi @jacopo-beschi)
Adds Web IDE commits to usage ping. !22007
Add timed incremental rollout to Auto DevOps. !22023
Show percentage of language detection on the language bar. !22056 (Johann Hubert Sonntagbauer)
Allows to filter issues by Any milestone in the API. !22080 (Jacopo Beschi @jacopo-beschi)
Add button to download 2FA codes. (Luke Picciau)
Render log artifact files in GitLab.


Other (42 changes, 16 of them are from the community)

Send deployment information in job API. !21307
Split admin settings into multiple sub pages. !21467
Remove Rugged and shell code from Gitlab::Git. !21488
Add trigger information in job API. !21495
Add empty state illustration information in job API. !21532
Add retried jobs to pipeline stage. !21558
Rails 5: fix issue move service In rails 5, the attributes method for an enum returns the name instead of the database integer. !21616 (Jasper Maes)
Expose project runners in job API. !21618
create from template: hide checkbox for initializing repository with readme. !21646
Adds new 'Overview' tab on user profile page. !21663
Add clean-up phase for ScheduleDiffFilesDeletion migration. !21734
Prevents private profile help link from toggling checkbox. !21757
Make AutoDevOps work behind proxy. !21775 (Sergej - @kinolaev)
Use Vue components and new API to render Artifacts, Trigger Variables and Commit blocks on Job page. !21777
Add wrapper rake task to migrate all uploads to OS. !21779
Retroactively fill pipeline source for external pipelines. !21814
Rename squash before merge vue component. !21851 (George Tsiolis)
Fix merge request header margins. !21878
Fix committer typo. !21899 (George Tsiolis)
Adds an extra width to the responsive tables. !21928
Expose has_trace in job API. !21950
Rename block scope local variable in table pagination spec. !21969 (George Tsiolis)
Fix blue, orange, and red color inconsistencies. !21972
Update operations metrics empty state. !21974 (George Tsiolis)
Improve empty project placeholder for non-members and members without write access. !21977 (George Tsiolis)
Add copy to clipboard button for application id and secret. !21978 (George Tsiolis)
Add link component to UserAvatarLink component. !21986 (George Tsiolis)
Add link component to DownloadViewer component. !21987 (George Tsiolis)
Rephrase 2FA and TOTP documentation and view. !21998 (Marc Schwede)
Update project path on project name autofill. !22016
Improve logging when username update fails due to registry tags. !22038
Align collapsed sidebar avatar container. !22044 (George Tsiolis)
Rails5: fix artifacts controller download spec Rails5 has params[:file_type] as '' if file_type is included as nil in the request. !22123 (Jasper Maes)
Hide pagination for personal projects on profile overview tab. !22321
Extracts scroll position check into reusable functions.
Uses Vuex store in job details page and removes old mediator pattern.
Render 412 when invalid UTF-8 parameters are passed to controller.
Renders Job show page in new Vue app.
Add link to User Snippets in breadcrumbs of New User Snippet page. (J.D. Bean)
Log project services errors when executing async.
Update docs regarding frozen string. (gfyoung)
Check frozen string in style builds. (gfyoung)


11.3.14 (2018-12-20)

Security (1 change)

Fix persistent symlink in project import.


11.3.13 (2018-12-13)

Security (1 change)

Validate LFS hrefs before downloading them.


11.3.12 (2018-12-06)

Security (1 change)