GitLab 12.9.2

GitLab is a development collaboration tool and git DVCS frontend. It includes repository management features, code reviews, an issue tracker, activity feeds and wikis. GitLab provides fine-grained access control, user management, 5 permission levels and branch constraints, and can utilize LDAP/AD intranet authorization. Powered by Ruby on Rails it comes as open source package, and as commercial supported enterprise version.

Tags ruby ruby-on-rails git dvcs wiki bugtracker version-control
License MITL
State initial

Recent Releases

12.9.201 Apr 2020 13:05 minor feature: (2020-03-31). ### (5 changes). Ensure import by URL works after a failed import. !27546. /MR state not being preserved when importing a project using Project Import/Export. !27816. Leave upload Content-Type unchaged. !27864. Disable archive rate limit by default. !28264. rake gitlab:setup failing on new installs. !28270. ### Changed (1 change). Rename feature on the FE and locale. ### Performance (1 change). Index on sent_notifications table. !27034.
12.9.127 Mar 2020 16:45 minor bugfix: (2020-03-26). ### Security (16 changes). Add permission check for pipeline status of MR. Ignore empty remote_id params from Workhorse accelerated uploads. External user can not create personal snippet through API. Prevent malicious entry for group name. Restrict mirroring changes to admins only when mirroring is disabled. Reject all container registry requests from blocked users. Deny localhost requests on fogz importer. Redact notes in moved confidential. UploadRewriter Path Traversal vulnerability. Block hotlinking to repository archives. Restrict access to project pipeline metrics reports. vulnerability_feedback records should be restricted to a dev role and above. Exclude Carrierwave remote URL methods from import. Update Nokogiri to CVE-2020-7595. Prevent updating trigger by other maintainers. XSS vulnerability in `admin/email` "Recipient Group" dropdown. ### (1 change). updating the authorized_keys file. !27798.
12.9.022 Mar 2020 17:25 major bugfix: (2020-03-22). ### Security (1 change). Update Puma to 4.3.3. !27232. ### Removed (3 changes). Remove staging from commit workflow in the Web IDE. !26151. Remove and deprecate snippet content search. !26359. Remove "Analytics" suffrom the sidebar menu items. !26415. ### (117 changes, 19 of them are from the community). Set all NULL `lock_version` values to 0 for issuables. !18418. Support finding namespace by ID or path on fork API. !20603 (leoleoasd). caret position after pasting an image 15011. !21382 (Carolina Carvalhosa). Use of sha instead of ref when creating a new ref on deployment creation. !23170. logic to determine project export state and add regeneration_in_progress state. !23664. Create child pipelines dynamically using content from artifact as CI configuration. !23790. Handle Gitaly failure when fetching license. !24310. error details layout and alignment for mobile view. !24390. Added the multiSelect option to stop event propagation when clicking on the dropdown. !24611 (Gwen_). Activate Prometheus integration service for newly created project if this project has access to shared Prometheus application. !24676. Jump to next unresolved thread. !24728. Require a logged in user to accept or decline a term. !24771. quick actions executing in multiline inline code when placed on its own line. !24933 (Pavlo Dudchenko). timezones for popovers. !24942. Prevent "Select project to create merge request" button from overflowing out of the viewport on mobile. !25195. Add validation for updated_at parameter in update API. !25201 (Filip Stybel). Elasticsearch: when index is absent warn users and disable index button. !25254. pipeline details page initialisation on invalid pipeline. !25302 (Fabio Huser). with sidebar not expanding at certain resolutions. !25313 (Lee t). Rescue elasticsearch server error in pod logs. !25367. project setting approval input in non-sequential order. !25391. Add responsivity to cluster environments table.
12.8.717 Mar 2020 17:05 minor bugfix: (2020-03-16). ### (1 change, 1 of them is from the community). Crl_url parsing and certificate visualization. !25876 (Roger Meier).
12.8.613 Mar 2020 12:25 minor security: (2020-03-11). ### Security (1 change). Do not enable soft email confirmation by default.
12.8.509 Mar 2020 12:25 minor bugfix: ### (8 changes). Group Import API file upload when object storage is disabled. !25715. Web IDE fork modal showing no text. !25842. regression when URL was encoded in a loop. !25849. repository browsing for folders with non-ascii characters. !25877. search for Sentry error list. !26129. Send credentials with GraphQL fetch requests. !26386. Show CI status in project dashboards. !26403. Rescue invalid URLs during badge retrieval in asset proxy. !26524. ### Performance (2 changes). Disable Marginalia line backtrace in production. !26199. Remove unnecessary Redis deletes for broadcast messages. !26541. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.205 Mar 2020 15:25 minor bugfix: ### Security (17 changes). Update container registry authentication to account for login request when checking permissions. Update ProjectAuthorization when deleting or updating GroupGroupLink. Prevent an endless checking loop for two merge requests targeting each other. Update user 2fa when accepting a group invite. for XSS in branch names. Prevent directory traversal through FileUploader. Run project badge images through the asset proxy. Check merge requests read permissions before showing them in the pipeline widget. Respect member access level for group shares. Remove OID filtering during LFS imports. Protect against denial of service using pipeline webhook recursion. Expire account confirmation token. Prevent XSS in admin grafana URL setting. Don't require base_sha in DiffRefsType. Sanitize output by dependency linkers. Recalculate ProjectAuthorizations for all users. Escape special chars in Sentry error header. ### Other (1 change, 1 of them is from the community). tures for Error Tracking Web UI. !26233 (Takuya Noguchi).
12.8.126 Feb 2020 08:05 minor bugfix: ### (5 changes). Markdown layout of incident. !25352. Time series extends axis options correctly. !25399. "Edit Release" page. !25469. Upgrade failure in EE displaying license. !25788. Last commit widget when Gravatar is disabled.
12.8.023 Feb 2020 00:05 major bugfix: ### Security (6 changes, 2 of them are from the community). Upgrade Doorkeeper to 4.4.3 to address CVE-2018-1000211. !20953. Upgrade Doorkeeper to 5.0.2. !21173. Update webpack related packages. !22456 (Takuya Noguchi). Update rubyzip gem in qa tests to 1.3.0 to CVE-2019-16892. !24119. Update GraphicsMagick from 1.3.33 to 1.3.34. !24225 (Takuya Noguchi). Update handlebars to remove from dependency dashboard. ### Removed (2 changes, 1 of them is from the community). Remove temporary index at services on project_id. !24263. Remove CI status from Projects Dashboard. !25225. ### (136 changes, 21 of them are from the community). When a namespace GitLab Subscription expires, disable SSO enforcement. !21135. with snippet counts not being scoped to current authorisation. !21705. Log user last activity on REST API. !21725. Create LfsObjectsProject record for forks as well. !22418. Limit size of diffs returned by /projects/:id/repository/compare API endpoint. !22658. spacing and UI on Recent Deliveries section of Project Services. !22666. Improve error messages when adding a child epic. !22688. a new line with suggestions in the last line of a file. !22732. Use POSTGRES_VERSION variable in Auto DevOps Test stage. !22884 (Serban Marti). Include milestones from subgroups in the list of Group Milestones. !22922. Authenticate user when scope is passed to events api. !22956 (briankabiro). Limit productivity analytics graph y-axis scale to whole numbers. !23140. GraphiQL when GitLab is installed under a relative URL. !23143 (Mathieu Parent). Stop NoMethodError happening for 1.16+ Kubernetes clusters. !23149. advanced global search permissions for guest users. !23177. JIRA DVCS retrieving repositories. !23180. logs api etag with elasticsearch. !23249. Add border radius and remove blue outline on recent searches filter. !23266. premailer and S/MIME emailer hooks order. !23293 (Diego Louzรกn). Web IDE alert message look and feel. !23300 (Sean Nichols
12.7.505 Feb 2020 05:45 minor bugfix: ### (4 changes, 1 of them is from the community). Add accidentally deleted project config for custom apply suggestions. !23687 (Fabio Huser). Database permission check for triggers on Amazon RDS. !24035. Applying the suggestions with an empty custom message. !24144. Remove invalid data from _tracker_data table.
12.7.331 Jan 2020 06:45 minor security: ### Security (17 changes, 1 of them is from the community). xss on frequent groups dropdown. !50. Bump rubyzip to 2.0.0. (Utkarsh Gupta). Disable access to last_pipeline in commits API for users without read permissions. Add constraint to group dependency proxy endpoint param. Limit number of AsciiDoc includes per document. Prevent API access for unconfirmed users. Enforce permission check when counting activity events. Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type. Cleanup todos for users from a removed linked group. XSS vulnerability on custom project templates form. Protect internal CI builds from external overrides. ImportExport::ExportService to require admin_project permission. Make sure that only system notes where all references are visible to user are exposed in GraphQL API. Disable caching of repository/files/:file_path/raw API endpoint. Make cross-repository comparisons happen in the source repository. Update excon to 0.71.1 to CVE-2019-16779. Add workhorse request verification to package upload endpoints.
12.7.124 Jan 2020 19:54 major feature:
8.0.621 Oct 2015 13:25 minor bugfix: Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.516 Oct 2015 13:25 minor bugfix: Correct lookup-by-email for LDAP logins. Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.406 Oct 2015 23:25 minor bugfix: Message-ID header to be RFC 2111-compliant to prevent e-mails being dropped (Stan Hu). Referrals for :back and relative URL installs. Anchors to comments in diffs. - Remove CI token from build traces. - "Assign All" button on Runner admin page.
8.0.301 Oct 2015 03:15 minor bugfix: URL shown in Slack notifications. - where projects would appear to be stuck in the forked import state (Stan Hu). - Error 500 in creating merge requests with 1000 diffs (Stan Hu).
8.0.227 Sep 2015 03:15 minor bugfix: default avatar not rendering in network graph (Stan Hu). - Skip check_initd_configured_correctly on omnibus installs. - Prevent double-preing of help page paths. - Clarify confirmation text on user deletion. - Make commit graphs responsive to window width changes (Stan Hu). - top margin for sign-in button on public pages. - LDAP attribute mapping. - Remove git refs used internally by GitLab from network graph (Stan Hu). - Use standard Markdown font in Markdown preview instead of -width font (Stan Hu). - Reply by email for non-UTF-8 messages. - Add option to use StartTLS with Reply by email IMAP server.
8.0.023 Sep 2015 08:15 major feature: Continuous integration fully integrated (all tests, deployments, packaging). Completely new look and feel. Turbo Merges. 50 less space used. Reply by Email. Quick open in Gmail. Easily upload files in GitLab. Public user profile and group pages. Notification settings within the project s main page. GitLab 8.0 can be upgraded online. Better HTTP Support. Single Sign On to authenticate with Mattermost beta1. SSL Verification for Web Hooks.
7.5.027 Nov 2014 07:05 major feature: GitLab Community Edition 7.5 brings custom git hooks, various performance improvements, API extensions and better GitLab CI support.
7.2.022 Aug 2014 21:41 major feature: This release adds an "Explore" page, project stars, a Log for Sidekiq arguments. It adds better labels: colors, ability to rename and remove. Improves the way merge request collects diffs, compare page for large diffs. Exposes the full commit message via API. Fixes 500 error on repository rename, bug when MR download patch return invalid diff. Repository import timeout increased from 2 to 4 minutes allowing larger repos to be imported. The API adds support for labels, and the ability to set an import url when creating project for specific user.