|Tags||ruby ruby-on-rails git dvcs wiki bugtracker version-control|
13.1.308 Jul 2020 00:45 minor feature: (2020-07-06). No changes.
13.1.202 Jul 2020 07:25 minor security: (2020-07-01). ### Security (18 changes). Update xterm js dependency to latest stable 3.x version. Do not show activity for users with private profiles. stored XSS in markdown renderer. Upgrade swagger-ui to solve XSS. group deploy token API authorizations. Check access when sending TODOs related to merge requests. Change from hybrid to JSON cookies serializer. Prevent XSS in group name validations. Disable caching for wiki attachments. Disable Github Importer API by settings. null byte error in upload path. Update permissions for time tracking endpoints. Add snippet repository validation after bundle import. Update Kaminari gem. note author name rendering. Sanitize bitbucket repo urls to mitigate XSS. Stored XSS on the Error Tracking page. security when rendering issuable.
13.1.124 Jun 2020 13:05 minor bugfix: (2020-06-23). ### (4 changes). Missing templating vars set from URL in metrics dashboard. !34668. Edit status dropdown overflow. !34847. Load user before logging git http-requests. !34923. Do not mask key comments for DeployKeys. !35014. ### Added (1 change). Periodically recompute project authorizations. !34071.
13.0.611 Jun 2020 20:05 minor feature: (2020-06-10). No changes.
13.0.407 Jun 2020 03:05 minor security: (2020-06-03). ### Security (1 change). Prevent fetching repository code with unauthorized ci token.
13.0.302 Jun 2020 18:05 minor bugfix: (2020-05-29). ### (8 changes, 1 of them is from the community). redirection to project snippets. !32530. Geo replication for design thumbnails. !32703. s downloading build artifacts. !32741. Auto DevOps manual rollout jobs not being allowed to fail. !32865. Update deprecated routes in irker integration. !32923 (Marc Jeanmougin). Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062. and MR API performance regression when Markdown cache is stale. !33235. when user created the. !33294.
13.0.129 May 2020 10:45 minor feature: (2020-05-27). ### Security (12 changes). Add an extra validation to Static Site Editor payload. Hide EKS secret key in admin integrations settings. Added data integrity check before updating a deploy key. Display only verified emails on notifications and profile page. Require confirmed email address for GitLab OAuth authentication. Kubernetes cluster details page no longer exposes Service Token. confirming unverified emails with soft email confirmation flow enabled. Disallow user to control PUT request using mermaid markdown in description. Check forked project permissions before allowing fork. Limit memory footprint of a command that generates ZIP artifacts metadata. file enuming using Group Import. Prevent XSS in the monitoring dashboard.
13.0.025 May 2020 21:45 major feature: (2020-05-22). ### Removed (20 changes, 5 of them are from the community). Remove project routes that were deprecated before 12.1. !26808. Drop x-y-stable version pinning for Secure templates. !29603. Remove logs from the admin pages. !30485. Remove deprecated /admin/application_settings redirect. !30532. Drop support for License-Management CI template. !30645. Remove deprecated InfluxDB. !30786. Remove deprecated Release Evidence endpoints. !30975. Remove deprecated Release Evidence endpoints documentation. !30978. Drop support for `license_management` artifact. !31247. Remove deprecated container scanning report parser. !31294. Remove rake task `gitlab:track_deployment`. !31404. Remove token attribute from Runners API. !31448. Remove support for Ruby format variable interpolation (` variable `) in custom dashboards. !31581. Remove JenkinsDeprecatedService. !31607 (tnwx). Remove ruby_memory_bytes metric, duplicate of ruby_process_resident_memory_bytes. !31705. Remove project_list_show_mr_count feature flag. !31789 (Gilang Gumilar). Remove project_list_show__count feature flag. !31793 (Gilang Gumilar). Remove set_user_last_activity feature flag. !31795 (Gilang Gumilar). Remove registrations_recaptcha feature flag. !31797 (Gilang Gumilar). Remove deprecated Sidekiq rake tasks. ### (171 changes, 54 of them are from the community). Allow public access to pipeline schedules. !20806 (Lee t). Add user last_activity logging in GraphQL. !23063. Render TestReport parsing errors back to pipeline test summary. !24188. Add user popovers to system notes. !24241. missing RSS feed events. !28054. Resolve Text for future Release date grammatically incorrect. !28075. number of approvals given calculation. !28293 (Steffen Köhler). Always display new subgroup button when permission is granted. !28309 (Mattias Michaux). Correct the permission according to docs. !28657. duplicated activity and events on deletion of tag. !28861 (Sashi Kumar). init.d s
12.10.621 May 2020 12:05 minor bugfix: (2020-05-15). ### (5 changes). Duplicate index removal on ci_pipelines.project_id. !31043. on creating an invalid domains and verification. !31190. Incorrect number of errors returned when querying sentry errors. !31252. Add instance column to services table if it's missing. !31631. Incorrect regex used in FileUploader#extract_dynamic_path. !32271.
12.10.514 May 2020 06:45 minor feature: (2020-05-13). ### Added (1 change). Consider project group and group ancestors when processing CODEOWNERS entries. !31804.
12.10.406 May 2020 15:45 minor feature: (2020-05-05). ### (1 change). Add a Project's group to list of groups when parsing for codeowner entries. !30934.
12.10.201 May 2020 15:25 minor security: (2020-04-30). ### Security (8 changes). Ensure MR diff exists before codeowner check. Apply CODEOWNERS validations to web requests. Prevent unauthorized access to default branch. Do not return private project ID without permission. doorkeeper CVE-2020-10187. Change GitHub service integration token input to password. Return only safe urls for mirrors. Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
12.10.127 Apr 2020 17:45 minor bugfix: (2020-04-24). ### (5 changes). creating project from git ssh. !29771. Web IDE handling of deleting newly added files. !29783. null dereference in /import status REST endpoint. !29886. Service Templates missing Active toggle. !29936. error on accessing restricted levels. !30313. ### Changed (1 change). Move Group Deploy Tokens to new Group-scoped Repository settings. !29290. ### Other (1 change). Migration of dismissals to vulnerabilities. !29711.
12.10.023 Apr 2020 10:25 major feature: (2020-04-22). ### Removed (3 changes). Revert LDAP readonly attributes feature. !28541. Remove deprecated /ci/lint page. !28562. Remove open in file view link from Web IDE. !28705. ### (118 changes, 26 of them are from the community). Return 202 for command only notes in REST API. !19624. Run SAST using awk to pass env variables directly to docker without creating.env file. !21174 (Florian Gaultier). #42671: Project and group storage statistics now support values up to 8 PiB. !23131 (Matthias van de Meent). error on profile/chat_names for deleted projects. !24341. Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !24684. archived corrupted projects not displaying in admin. !25171 (erickcspice). some Web IDE with empty projects. !25463. failing ci variable e2e test. !25924. new file not being created in non-ascii character folders. !26165. Validate uniqueness of project_id and type when a new project service is created. !26308. assignee dropdown on new page. !26971. Resolve Unable to expand multiple downstream pipelines. !27029. Hide admin user actions for ghost and bot users. !27162. invalid ancestor group milestones when moving projects. !27262. right sidebar when scrollbars are always visible. !27314. OpenAPI file detector. !27321 (Roger Meier). managed_free_namespaces scope to only groups without a license or a free license. !27356. Set commit status to failed if the TeamCity connection is refused. !27395. Resolve Improve format support message in design. !27409. Add tooltips with full path to file headers on file tree. !27437. Scope WAF Statistics anomalies to environment.external_url. !27466. Show the proper information in snippet edit form. !27479. the repository Vue router not working with Chinese characters. !27494. smartcard config initialization. !27560. audit event that weren't being created for failed LDAP log-in tries. !27608. filtere
12.9.419 Apr 2020 14:45 minor bugfix: (2020-04-16). No changes. ### (5 changes, 1 of them is from the community). Not working File upload from Project overview page. !26828 (Gilang Gumilar). Storage rollback regression caused by previous refactor. !28496. Incorrect regex used in FileUploader#extract_dynamic_path. !28683. Fully qualify id columns for keyset pagination (Projects API). !29026. Slack notifications when upgrading from old GitLab versions. !29111.
12.9.315 Apr 2020 15:45 minor security: (2020-04-14). ### Security (3 changes). Refresh ProjectAuthorization during Group deletion. Prevent filename bypass on artifact upload. Update rack and related gems to 2.0.9 to security.
12.9.201 Apr 2020 13:05 minor feature: (2020-03-31). ### (5 changes). Ensure import by URL works after a failed import. !27546. /MR state not being preserved when importing a project using Project Import/Export. !27816. Leave upload Content-Type unchaged. !27864. Disable archive rate limit by default. !28264. rake gitlab:setup failing on new installs. !28270. ### Changed (1 change). Rename feature on the FE and locale. ### Performance (1 change). Index on sent_notifications table. !27034.
12.9.127 Mar 2020 16:45 minor bugfix: (2020-03-26). ### Security (16 changes). Add permission check for pipeline status of MR. Ignore empty remote_id params from Workhorse accelerated uploads. External user can not create personal snippet through API. Prevent malicious entry for group name. Restrict mirroring changes to admins only when mirroring is disabled. Reject all container registry requests from blocked users. Deny localhost requests on fogz importer. Redact notes in moved confidential. UploadRewriter Path Traversal vulnerability. Block hotlinking to repository archives. Restrict access to project pipeline metrics reports. vulnerability_feedback records should be restricted to a dev role and above. Exclude Carrierwave remote URL methods from import. Update Nokogiri to CVE-2020-7595. Prevent updating trigger by other maintainers. XSS vulnerability in `admin/email` "Recipient Group" dropdown. ### (1 change). updating the authorized_keys file. !27798.
12.9.022 Mar 2020 17:25 major bugfix: (2020-03-22). ### Security (1 change). Update Puma to 4.3.3. !27232. ### Removed (3 changes). Remove staging from commit workflow in the Web IDE. !26151. Remove and deprecate snippet content search. !26359. Remove "Analytics" suffrom the sidebar menu items. !26415. ### (117 changes, 19 of them are from the community). Set all NULL `lock_version` values to 0 for issuables. !18418. Support finding namespace by ID or path on fork API. !20603 (leoleoasd). caret position after pasting an image 15011. !21382 (Carolina Carvalhosa). Use of sha instead of ref when creating a new ref on deployment creation. !23170. logic to determine project export state and add regeneration_in_progress state. !23664. Create child pipelines dynamically using content from artifact as CI configuration. !23790. Handle Gitaly failure when fetching license. !24310. error details layout and alignment for mobile view. !24390. Added the multiSelect option to stop event propagation when clicking on the dropdown. !24611 (Gwen_). Activate Prometheus integration service for newly created project if this project has access to shared Prometheus application. !24676. Jump to next unresolved thread. !24728. Require a logged in user to accept or decline a term. !24771. quick actions executing in multiline inline code when placed on its own line. !24933 (Pavlo Dudchenko). timezones for popovers. !24942. Prevent "Select project to create merge request" button from overflowing out of the viewport on mobile. !25195. Add validation for updated_at parameter in update API. !25201 (Filip Stybel). Elasticsearch: when index is absent warn users and disable index button. !25254. pipeline details page initialisation on invalid pipeline. !25302 (Fabio Huser). with sidebar not expanding at certain resolutions. !25313 (Lee t). Rescue elasticsearch server error in pod logs. !25367. project setting approval input in non-sequential order. !25391. Add responsivity to cluster environments table.
12.8.717 Mar 2020 17:05 minor bugfix: (2020-03-16). ### (1 change, 1 of them is from the community). Crl_url parsing and certificate visualization. !25876 (Roger Meier).
12.8.613 Mar 2020 12:25 minor security: (2020-03-11). ### Security (1 change). Do not enable soft email confirmation by default.
12.8.509 Mar 2020 12:25 minor bugfix: ### (8 changes). Group Import API file upload when object storage is disabled. !25715. Web IDE fork modal showing no text. !25842. regression when URL was encoded in a loop. !25849. repository browsing for folders with non-ascii characters. !25877. search for Sentry error list. !26129. Send credentials with GraphQL fetch requests. !26386. Show CI status in project dashboards. !26403. Rescue invalid URLs during badge retrieval in asset proxy. !26524. ### Performance (2 changes). Disable Marginalia line backtrace in production. !26199. Remove unnecessary Redis deletes for broadcast messages. !26541. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.205 Mar 2020 15:25 minor bugfix: ### Security (17 changes). Update container registry authentication to account for login request when checking permissions. Update ProjectAuthorization when deleting or updating GroupGroupLink. Prevent an endless checking loop for two merge requests targeting each other. Update user 2fa when accepting a group invite. for XSS in branch names. Prevent directory traversal through FileUploader. Run project badge images through the asset proxy. Check merge requests read permissions before showing them in the pipeline widget. Respect member access level for group shares. Remove OID filtering during LFS imports. Protect against denial of service using pipeline webhook recursion. Expire account confirmation token. Prevent XSS in admin grafana URL setting. Don't require base_sha in DiffRefsType. Sanitize output by dependency linkers. Recalculate ProjectAuthorizations for all users. Escape special chars in Sentry error header. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.126 Feb 2020 08:05 minor bugfix: ### (5 changes). Markdown layout of incident. !25352. Time series extends axis options correctly. !25399. "Edit Release" page. !25469. Upgrade failure in EE displaying license. !25788. Last commit widget when Gravatar is disabled.
12.8.023 Feb 2020 00:05 major bugfix: ### Security (6 changes, 2 of them are from the community). Upgrade Doorkeeper to 4.4.3 to address CVE-2018-1000211. !20953. Upgrade Doorkeeper to 5.0.2. !21173. Update webpack related packages. !22456 (Takuya Noguchi). Update rubyzip gem in qa tests to 1.3.0 to CVE-2019-16892. !24119. Update GraphicsMagick from 1.3.33 to 1.3.34. !24225 (Takuya Noguchi). Update handlebars to remove from dependency dashboard. ### Removed (2 changes, 1 of them is from the community). Remove temporary index at services on project_id. !24263. Remove CI status from Projects Dashboard. !25225. ### (136 changes, 21 of them are from the community). When a namespace GitLab Subscription expires, disable SSO enforcement. !21135. with snippet counts not being scoped to current authorisation. !21705. Log user last activity on REST API. !21725. Create LfsObjectsProject record for forks as well. !22418. Limit size of diffs returned by /projects/:id/repository/compare API endpoint. !22658. spacing and UI on Recent Deliveries section of Project Services. !22666. Improve error messages when adding a child epic. !22688. a new line with suggestions in the last line of a file. !22732. Use POSTGRES_VERSION variable in Auto DevOps Test stage. !22884 (Serban Marti). Include milestones from subgroups in the list of Group Milestones. !22922. Authenticate user when scope is passed to events api. !22956 (briankabiro). Limit productivity analytics graph y-axis scale to whole numbers. !23140. GraphiQL when GitLab is installed under a relative URL. !23143 (Mathieu Parent). Stop NoMethodError happening for 1.16+ Kubernetes clusters. !23149. advanced global search permissions for guest users. !23177. JIRA DVCS retrieving repositories. !23180. logs api etag with elasticsearch. !23249. Add border radius and remove blue outline on recent searches filter. !23266. premailer and S/MIME emailer hooks order. !23293 (Diego Louzán). Web IDE alert message look and feel. !23300 (Sean Nichols
12.7.505 Feb 2020 05:45 minor bugfix: ### (4 changes, 1 of them is from the community). Add accidentally deleted project config for custom apply suggestions. !23687 (Fabio Huser). Database permission check for triggers on Amazon RDS. !24035. Applying the suggestions with an empty custom message. !24144. Remove invalid data from _tracker_data table.
12.7.331 Jan 2020 06:45 minor security: ### Security (17 changes, 1 of them is from the community). xss on frequent groups dropdown. !50. Bump rubyzip to 2.0.0. (Utkarsh Gupta). Disable access to last_pipeline in commits API for users without read permissions. Add constraint to group dependency proxy endpoint param. Limit number of AsciiDoc includes per document. Prevent API access for unconfirmed users. Enforce permission check when counting activity events. Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type. Cleanup todos for users from a removed linked group. XSS vulnerability on custom project templates form. Protect internal CI builds from external overrides. ImportExport::ExportService to require admin_project permission. Make sure that only system notes where all references are visible to user are exposed in GraphQL API. Disable caching of repository/files/:file_path/raw API endpoint. Make cross-repository comparisons happen in the source repository. Update excon to 0.71.1 to CVE-2019-16779. Add workhorse request verification to package upload endpoints.
12.7.124 Jan 2020 19:54 major feature:
8.0.621 Oct 2015 13:25 minor bugfix: Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.516 Oct 2015 13:25 minor bugfix: Correct lookup-by-email for LDAP logins. Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.406 Oct 2015 23:25 minor bugfix: Message-ID header to be RFC 2111-compliant to prevent e-mails being dropped (Stan Hu). Referrals for :back and relative URL installs. Anchors to comments in diffs. - Remove CI token from build traces. - "Assign All" button on Runner admin page.
8.0.301 Oct 2015 03:15 minor bugfix: URL shown in Slack notifications. - where projects would appear to be stuck in the forked import state (Stan Hu). - Error 500 in creating merge requests with 1000 diffs (Stan Hu).
8.0.227 Sep 2015 03:15 minor bugfix: default avatar not rendering in network graph (Stan Hu). - Skip check_initd_configured_correctly on omnibus installs. - Prevent double-preing of help page paths. - Clarify confirmation text on user deletion. - Make commit graphs responsive to window width changes (Stan Hu). - top margin for sign-in button on public pages. - LDAP attribute mapping. - Remove git refs used internally by GitLab from network graph (Stan Hu). - Use standard Markdown font in Markdown preview instead of -width font (Stan Hu). - Reply by email for non-UTF-8 messages. - Add option to use StartTLS with Reply by email IMAP server.
8.0.023 Sep 2015 08:15 major feature: Continuous integration fully integrated (all tests, deployments, packaging). Completely new look and feel. Turbo Merges. 50 less space used. Reply by Email. Quick open in Gmail. Easily upload files in GitLab. Public user profile and group pages. Notification settings within the project s main page. GitLab 8.0 can be upgraded online. Better HTTP Support. Single Sign On to authenticate with Mattermost beta1. SSL Verification for Web Hooks.
7.5.027 Nov 2014 07:05 major feature: GitLab Community Edition 7.5 brings custom git hooks, various performance improvements, API extensions and better GitLab CI support.
7.2.022 Aug 2014 21:41 major feature: This release adds an "Explore" page, project stars, a Log for Sidekiq arguments. It adds better labels: colors, ability to rename and remove. Improves the way merge request collects diffs, compare page for large diffs. Exposes the full commit message via API. Fixes 500 error on repository rename, bug when MR download patch return invalid diff. Repository import timeout increased from 2 to 4 minutes allowing larger repos to be imported. The API adds support for labels, and the ability to set an import url when creating project for specific user.
Submitted bySven Wick
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.