CHANGELOG.md 481 KB
Newer Older
1
2
3
**Note:** This file is automatically generated. Please see the [developer
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
4

5
6
7
8
9
10
## 13.11.7 (2021-07-07)

### Security (1 change)

- [Disable file and network premailer strategies](gitlab-org/security/gitlab@511ed3746b48a26e95c851f76ac6fdcd44c28fd8) ([merge request](gitlab-org/security/gitlab!1546))

11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
## 13.11.6 (2021-07-01)

### Added (1 change)

- [Added omniauth_user check when verifying user cap](gitlab-org/security/gitlab@60bc8ff36c41871271dbd4e07db960d09204607d) ([merge request](gitlab-org/security/gitlab!1503)) **GitLab Enterprise Edition**

### Security (15 changes)

- [Bump rails gem version to 6.0.3.7](gitlab-org/security/gitlab@23e4317622532de2564b7a7b0efb0812e5601a2e) ([merge request](gitlab-org/security/gitlab!1516))
- [Update rdoc to 6.3.1](gitlab-org/security/gitlab@452f9c7370c844ea728cda7ae96f990d10c32ca2) ([merge request](gitlab-org/security/gitlab!1535))
- [Prevent GraphQL API access by deactivated users](gitlab-org/security/gitlab@fdedb77bc2190dd87988171396bbb335fd8c47cd) ([merge request](gitlab-org/security/gitlab!1527))
- [Add sanitizing for name field](gitlab-org/security/gitlab@d49da0e57d91fcc59f0732eb978f68b68619a761) ([merge request](gitlab-org/security/gitlab!1491))
- [Copy feature visibility settings to a fork](gitlab-org/security/gitlab@5fd56f01c69edaefb64143ea593d680a0477cb28) ([merge request](gitlab-org/security/gitlab!1524))
- [Avoid disclosing project in web IDE](gitlab-org/security/gitlab@6cba97cef6fa1ab0808db98c64baa33597e54979) ([merge request](gitlab-org/security/gitlab!1513))
- [Add new username validation](gitlab-org/security/gitlab@9a5f5264f4c30248e83747e4ac79e2c2396461dd) ([merge request](gitlab-org/security/gitlab!1497))
- [Allow only same-origin URLs for Edit Release Cancel button](gitlab-org/security/gitlab@b959550cf4cd057d42b4a1ae76aee968cc9133b4) ([merge request](gitlab-org/security/gitlab!1485))
- [Limit creation of issues based on issue type](gitlab-org/security/gitlab@e8713df5341a6c54a4607d6eef0fbb70f93a375f) ([merge request](gitlab-org/security/gitlab!1481))
- [Update Nokogiri to 1.11.4](gitlab-org/security/gitlab@ac29afd195e19cd5c38d9030ecf7fabdea9214d1) ([merge request](gitlab-org/security/gitlab!1480))
- [Fix deploy key fallback issue in protected branch](gitlab-org/security/gitlab@bb0c95595c2b0db98af1feb882aa09870cee3600) ([merge request](gitlab-org/security/gitlab!1477))
- [Fix XSS on audit log for feature flag actions](gitlab-org/security/gitlab@e0140c81b2d7eea963248f2c2bd103b1b5a908ee) ([merge request](gitlab-org/security/gitlab!1475))
- [Sanitize input on pasteGFM](gitlab-org/security/gitlab@b47f364dfe82e59d480bb42adccc24ce691b18b1) ([merge request](gitlab-org/security/gitlab!1452))
- [Add total http read timeout](gitlab-org/security/gitlab@2179f835eadec3afa3233d649fbcdad6125a92c5) ([merge request](gitlab-org/security/gitlab!1393))
- [Fix merge request diff display issue with unsupported encoding](gitlab-org/security/gitlab@33971ea6fba1c493b2d8da4a82c8a0af71ef7e0f) ([merge request](gitlab-org/security/gitlab!1425))

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
## 13.11.5 (2021-06-01)

### Security (10 changes)

- [Bump BinData version](gitlab-org/security/gitlab@73d2b47b0d79f2fde671c916abec368b8fabae35) ([merge request](gitlab-org/security/gitlab!1403))
- [Block access to GitLab for users with expired password](gitlab-org/security/gitlab@1ec1603ab6159068ef9109173092f7aa6ce8b989) ([merge request](gitlab-org/security/gitlab!1445))
- [Adds redirect page to OAuth](gitlab-org/security/gitlab@48fcdb7291392490d94be3d97adadc0b3bcbf605) ([merge request](gitlab-org/security/gitlab!1442))
- [Update users two factor required from group](gitlab-org/security/gitlab@28db889db25734c873058dac85eda2c3c0124f50) ([merge request](gitlab-org/security/gitlab!1433))
- [Updates authorization for lint](gitlab-org/security/gitlab@114bd1a6316bc9cebfcaf221486634dbd1c667fa) ([merge request](gitlab-org/security/gitlab!1430))
- [Opt in to Atlassians new context qsh](gitlab-org/security/gitlab@52401b9bef947130701e36fe066de34e0433fa84) ([merge request](gitlab-org/security/gitlab!1405))
- [Only verify commit signatures if the user email is verified](gitlab-org/security/gitlab@78d266e3d7738c107aabe2c207be81efc34ef224) ([merge request](gitlab-org/security/gitlab!1386))
- [Prevent XSS on notebooks](gitlab-org/security/gitlab@123300cdbc980cc418482e74a7c5c9764d3ea5ea) ([merge request](gitlab-org/security/gitlab!1422))
- [Use xpath search of Nokogiri instead of css search](gitlab-org/security/gitlab@626bc425caf4a3e7ed071676af8538529f8daae0) ([merge request](gitlab-org/security/gitlab!1415))
- [Truncate all non-blob markdown to 1MB by default](gitlab-org/security/gitlab@d94d150bb339a8d269c45abdba90ef73614785bc) ([merge request](gitlab-org/security/gitlab!1419))

50
51
52
53
54
55
56
57
58
## 13.11.4 (2021-05-14)

### Fixed (3 changes)

- Fix N+1 SQL queries in PipelinesController#show. !60794
- Omit trailing slash when proxying pre-authorized routes with no suffix. !61638
- Omit trailing slash when checking allowed requests in the read-only middleware. !61641


59
60
61
62
63
64
65
## 13.11.3 (2021-04-30)

### Fixed (1 change)

- Fix Instance-level Project Integration Management page for GitLab FOSS. !60354


66
67
68
69
70
71
72
73
74
75
76
## 13.11.2 (2021-04-27)

### Security (5 changes)

- Prevent tokens with only read_api scope from executing mutations.
- Do not allow deploy tokens in the dependency proxy authentication service.
- Disable keyset pagination for branches by default.
- Bump Carrierwave gem to v1.3.2.
- Restrict setting system_note_timestamp to owners.


77
78
79
80
81
82
83
84
85
86
87
## 13.11.1 (2021-04-22)

### Changed (1 change)

- Change unsubscribe language for email campaign on self managed. !59121

### Added (1 change)

- Add documentation about Pages deployment migration. !59475


88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
## 13.11.0 (2021-04-22)

### Security (3 changes)

- Update to Rails v6.0.3.6. !59328
- Update mermaid to version 8.9.2.
- Allow to disable exiftool depending on env variable.

### Removed (10 changes, 1 of them is from the community)

- Redirect deprecated pipeline routes. !53990
- Remove CI lint button from Jobs page nav. !56854
- Remove graphql_individual_release_page feature flag. !56882
- Remove deprecated repository archive routes. !57236
- Remove add issues modal from issue boards (this has been disabled since 13.6). !57329
- Remove unused feature flag ':roadmap_buffered_rendering'. !57486
- Remove HipChat integration from frontend and docs. !57556
- Remove temporary index from vulnerabilities table. !57656 (Huzaifa Iftikhar @huzaifaiftikhar)
- Remove unused feature flag checks. !58469
- Remove ability to create new service templates. !58624

### Fixed (175 changes, 90 of them are from the community)

- Update gatsby project template to address the pipeline failure. !37410 (Takuya Noguchi)
- Fixed an issue where the link commit message did not end with a newline. !49086 (Kazuya Kojima)
- Partially fix incorrect icons for non-standard license files. !53207
- Add language- prefix to CSS class of markdown code blocks. !55076 (Camil Staps)
- Filter out pipelines that were excluded in the relation scope in Ci::Pipeline#latest_pipeline_per_commit. !55657 (Cong Chen @gentcys)
- Fix mermaid diagrams in dark mode. !56183
- Catch network errors. !56457 (Shubham Kumar (@imskr))
- Fix the Maven sync worker to not fail if the versionless package is not found. !56514
- Fix `#current_authenticated_job` when used with `.authenticate_with` in Grape APIs. !56564
- Move graphql timelogs to CE. !56633 (Lee Tickett @leetickett)
- Fix bug in wiki link rewriter filter. !56636
- Fix bug in Gollum Tags filter. !56638
- Fix derivation of effective permissions (access level) of group members. !56677 (Jonas Wälter @wwwjon)
- Fix word wrapping in parallel diffs. !56713
- Don't close issue label select box on click if only mouseup outside. !56721 (Simon Stieger @sim0)
- Fix reference widget icon and text spacing. !56759
- Fix test report merge request widget summary and issues alignment. !56768
- Fix artifacts section from showing up when no artifacts are present. !56784
- Push confidential_notes feature flag to mr frontend. !56798 (Lee Tickett @leetickett)
- Fixed offenses Layout/BeginEndAlignment. !56827 (Shubham Kumar (@imskr))
- Close DropLab dropdowns on click instead of mousedown. !56847 (Simon Stieger @sim0)
- Add labels to UI toggles. !56848
- Fix offense Layout/RescueEnsureAlignment. !56870 (Shubham Kumar (@imskr))
- Fixes offense Lint/RedundantSafeNavigation. !56884 (Shubham Kumar (@imskr))
- In admin new user page, fix external checkbox warning hide with keyboard interaction. !56896
- Fix Conan project-level API to return correct download-urls and fix Conan project-level functionality. !56899
- Remove Kramdown patch and update to v2.3.1 gem. !56917
- Fixed styling of commit comment buttons. !56982
- Update weight transaltion for Russian locale. !56986 (Gennady Kovalev (@belolap))
- Fixes rubocop offense Migration/DepartmentName. !56997 (Shubham Kumar (@imskr))
- Do not render empty title in HelpPopover. !57025
- Validate import manifest url scheme. !57071
- Inherit default branch name for subgroups. !57101
- Fix ruby alpine CI template. !57109
- Fix rails binding for ruby alpine template. !57112
- Update admin edit button icon class. !57151
- Fix branch switch to be exact instead of partial match. !57197
- Add aria labels to icon buttons. !57261
- Ensure search param is kept in scrolled commit. !57307
- Fix remote_mirrors usage ping metric. !57332
- Remove calls to jQuery animations to fix infinite scrolling on the Repository commits page. !57379
- Hide project-specific views on group / instance level integrations. !57381
- A blocked URL for a push mirror is a hard failure. !57392
- Fix usage data count start/finish export issue. !57403
- Fix tooltip position in mini pipeline chart. !57425
- Use search param in refs call to filter revisions. !57442
- Update the Package settings to use the blue primary button. !57468
- Always save default on empty values in Exp Policies. !57470
- Allow all file types to be uploaded from the repo file upload tool. !57498
- Fix Assignee dropdown showing assignee(s) twice. !57513
- Fix inconsistent production environment definition on VSA. !57557
- Fix namespace validation (unique path) on group creation. !57563 (Jonas Wälter @wwwjon)
- Give better feedback when quick actions have no effect. !57570 (Hilco van der Wilk)
- Fix security report fetching in Merge Requests. !57574
- Display error message when runner installation instructions modal cannot be loaded correctly. !57588
- Fix two data races in the branch names cache. !57607
- Add aria labels to icon-only buttons. !57610
- Fix Rails/SaveBang rubocop offenses in spec/controllers/projects/*. !57643 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang Rubocop offenses for admin controllers. !57644 (Huzaifa Iftikhar @huzaifaiftikhar)
- Make NuGet SearchQueryService q parameter optional. !57654 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix MR Source Branch styling. !57662
- Fix updating GraphQL boards cards on assignees update. !57687
- Revert Ignore default_enabled value in Feature.enabled?. !57707
- Simplify Build Group name correction. !57739
- Fix force_random_password option when creating Users via API. !57751
- Fix issue where merge description not showing when merged with merge train. !57787
- Covert has-tooltip on commit page to pajamas. !57858
- Fix Rails/SaveBang rubocop offenses in spec/controllers/groups*. !57879 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang Rubocop offenses for requests module. !57883 (Huzaifa Iftikhar @huzaifaiftikhar)
- Disable trigger manual job button after click. !57885
- Fix Rails/SaveBang rubocop offenses in auth controllers. !57886 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang Rubocop offenses for requests/api module. !57887 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang Rubocop offenses for presenters. !57888 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang rubocop offenses in profiles & projects controllers. !57890 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang rubocop offenses in spec/features/admin. !57891 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang rubocop offenses in spec/features/dashboard. !57898 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang rubocop offenses in spec/features/issues. !57900 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang rubocop offenses in spec/features/projects. !57904 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang rubocop offenses in spec/features/. !57907 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang Rubocop offenses for hooks module. !57918 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fixes rubocop offenses Style/RedundantSelfAssignment. !57920 (Shubham Kumar (@imskr))
- Fix closed icon for merge requests to match close issue icon. !57981 (jesus beltran)
- Resolves offenses Style/ParallelAssignment. !57999 (Shubham Kumar (@imskr))
- Resolves offenses Style/RedundantAssignment. !58013 (Shubham Kumar (@imskr))
- Fix Rails/SaveBang Rubocop offenses for deployment modules. !58040 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang Rubocop offenses for mattermost modules. !58048 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang rubocop offenses in spec/initializers. !58049 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang Rubocop offenses for issue models. !58052 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang Rubocop offenses for legacy github import. !58054 (Huzaifa Iftikhar @huzaifaiftikhar)
- Resolves rubocop offenses Rails/WhereNot. !58062 (Shubham Kumar (@imskr))
- Fix Rails/SaveBang Rubocop offenses for markdown cache modules. !58063 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang Rubocop offenses for commit models. !58069 (Huzaifa Iftikhar @huzaifaiftikhar)
- Only link merge requests to successful deployments. !58072
- Fix Rails/SaveBang Rubocop offenses for gitaly client models. !58089 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang Rubocop offenses for email handlers. !58095 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang rubocop offenses in spec/factories_spec.rb. !58102 (Abdul Wadood @abdulwd)
- Fix Rails/SaveBang Rubocop offenses for ci models. !58104 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix Rails/SaveBang Rubocop offenses for banzai modules. !58108 (Huzaifa Iftikhar @huzaifaiftikhar)
- Ensures that the "Suggest GitLab CI" popover is shown after selecting a template type. !58120
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for groups controller. !58174 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for boards module. !58180 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses for error tracking module. !58182 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for groups module. !58183 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses for design management module. !58189 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for metrics module. !58190 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for helpers. !58192 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for api entities. !58193 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for api helpers. !58194 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix overflow UI bug with longer commit title on Wiki Page History. !58212 (Takuya Noguchi)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/graphql/types. !58241 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/banzai. !58242 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe in spec/lib/gitlab/alert_management. !58244 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/gitlab/analytics. !58245 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/gitlab/auth. !58246 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/gitlab/checks. !58248 (Huzaifa Iftikhar @huzaifaiftikhar)
- Disable pages_serve_with_zip_file_protocol by default. !58253
- Fix EmptyLineAfterFinalLetItBe offenses spec/lib/gitlab/github_import. !58256 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/gitlab/graphql. !58261 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/gitlab/hook_data. !58262 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses spec/lib/gitlab/import_export. !58264 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/gitlab/jira_import. !58266 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix visibility filter on explore projects page. !58293 (Jonas Wälter @wwwjon)
- Fix EmptyLineAfterFinalLetItBe in spec/lib/gitlab/phabricator_import. !58297 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/lib/gitlab. !58314 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/mailers. !58319 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/models/blob_viewer. !58325 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/models/ci. !58327 (Huzaifa Iftikhar @huzaifaiftikhar)
- Update the group permission check in packages finder helper. !58329
- Fix EmptyLineAfterFinalLetItBe offenses in spec/models/concerns. !58367 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/models/project. !58372 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/policies. !58393 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/serializers. !58406 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/services/award_emojis. !58407 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/services/boards. !58413 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe in spec/services/design_management. !58416 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/services/environments. !58418 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/services/groups. !58423 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/services/ide. !58424 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/services/issues. !58425 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fix EmptyLineAfterFinalLetItBe offenses in spec/services/merge_requests. !58429 (Huzaifa Iftikhar @huzaifaiftikhar)
- Add aria labels to icon-only buttons. !58459
- Fixes admin ci variables not showing up. !58496
- Fix previous deployment fetches wrong deployment. !58567
- Fix delete source branch status message. !58605
- Fix member autocomplete sort order. !58652
- Show bottom border on milestones sidebar widget for incident issues. !58662
- Fix project access token creation group settings link. !58686
- Avoid listing snippets through GraphQL when user profile is private. !58739
- Fix notification when new Service Desk Issue is created. !58803
- Fix dark mode colors of retried jobs in job details page. !58855
- Fix Forward Deployment Worker causes deadlock. !58861
- Fix select2 dropdowns in dark mode. !58862
- Fix badge s and borders in dark mode info wells. !58875
- Dark mode nav improvements. !58891
- Fix style for adding a related issue in free tiers. !58893 (Michael Telgkamp @michael.telgkamp)
- Fix user reference transformation in EpicsPipeline. !58913
- Avoid inflating Redis memory when aborting pipelines. !59018
- Fix sign out button in error pages. !59030
- Add aria labels to icon-only buttons. !59037
- Skip Rack Attack rate limiting for container registry event API. !59085
- Fix loading pipelines by commit SHA for GraphQL. !59110
- Drop user pipelines async when user is blocked. !59129
- IPython KaTeX rendering of comparison operators for markdown. !59132 (Reinhold Gschweicher <pyro4hell@gmail.com>)
- Fix MR diff file tree being hidden behind review bar. !59150
- Add invited group members to search results on assignees widget. !59152
- Fix tooltip not rendering. !59202
- Fix revert commit query. !59356
- Do not show sort by project in Package project page. !59367
- Return 403 status code to the Runner when CI Job is deleted. !59382
- Fix character escaping in Resolved By tooltips. !59428
- Fix Jenkins integration for GitLab FOSS. !59476
- Exclude projects dropdown from revert modal. !59504
- Ensure all tooltips appear with a 500ms delay. !59561
- Added feature flag to show/hide assignees GraphQL widget. !59620
- Fix rare race condition in GitLab-internal feature flags with database load balancing enabled.

### Deprecated (5 changes, 1 of them is from the community)

- Rename event to action in Snowplow helpers and FE event handlers. !55698
- Deprecate Product Intelligence test aggregated metrics. !57377
- Bump recommended Redis version from 4.0 to 5.0. !59072 (Takuya Noguchi)
- Deprecate Alerts for Managed Prometheus. !59433
- Deprecate assigneeUsername issue filter in GraphQL. !59538

### Changed (211 changes, 76 of them are from the community)

- Adds CI pipeline and job features to GraphQL API. !44703
- Unify the Docker Image build CI template and use the default branch instead of hardcoded 'master'. !51931 (dnsmichi)
- Update performance bar background color to use Pajamas compliant colour palette. !52775 (Yogi (@yo))
- Remove extra tooltip from pipelines overview page. !52902 (Yogi (@yo))
- Update RubyGems metadata constraints and add gem metadata extraction. !53673
- Returns deep stringified keys for merged_yaml in linting endpoint. !54336
- Add space to graph in contributor page. !54431 (Yogi (@yo))
- Move from btn-success to btn-confirm in app/views/profiles directory. !54748 (Yogi (@yo))
- Add multi-line styling within contribution tooltip. !54765 (Yogi (@yo))
- Update import statuses texts and icons. !54957
- Add branch names field to repository GraphQL type. !55074
- Remove referencing TokenWithIv model in the codebase and dynamic nonce creation feature flag. !55209
- Move to btn-confirm from btn-success in views/invites directory. !55293 (Yogi (@yo))
- Add validation for emails on push recipients. !55550
- Migrate bootstrap modal to GlModal for repo single file uploads. !55587
- Record sent in-product marketing emails and don't send the same email twice. !55840
- Alerts integration form UX cleanup. !55892
- Sync single-file mode user preference when changed from the MR cog menu checkbox. !55931
- Remove group member: add option to also remove direct user membership from subgroups and projects. !55980 (Jonas Wälter @wwwjon)
- Move to btn-danger for delete button in applications. !56088 (Yogi (@yo))
- Apply new GitLab UI for badge in starrers page. !56091 (Yogi (@yo))
- Move to btn-confirm from btn-primary in wiki empty state. !56192 (Yogi (@yo))
- Move to btn-confirm in download directory dropdown. !56193 (Yogi (@yo))
- Add btn-default class for Service Desk toggle in settings. !56195 (Yogi (@yo))
- Move to confirm variant from success in pipeline_new directory. !56199 (Yogi (@yo))
- Move to confirm varient from success in pipeline_editor directory. !56200 (Yogi (@yo))
- Move from btn-success to btn-confirm in pipeline_schedules directory. !56201 (Yogi (@yo))
- Move to confirm variant from success in feature_flags directory. !56202 (Yogi (@yo))
- Move to confirm variant from success in alert_management directory. !56206 (Yogi (@yo))
- Move from btn-success to btn-confirm in tracings directory. !56209 (Yogi (@yo))
- Move from btn-success to btn-confirm in logs directory. !56211 (Yogi (@yo))
- Move from btn-success to btn-confirm in environments directory. !56212 (Yogi (@yo))
- Move from btn-success to btn-confirm in blob directory. !56213 (Yogi (@yo))
- BulkImports: Track pipeline worker with BulkImports::Tracker#status. !56242
- Update master to main inside monitor copy. !56264
- Project Settings Operations headers Alerts/Error tracking/Jeager tracing/Jeager tracing expand/collapse on-click/on-tap. !56269 (Daniel Schömer)
- Project Settings Operations header Grafana authentication expand/collapse on-click/on-tap. !56270 (Daniel Schömer)
- Add support for commit_email to Users API. !56272
- Project Settings Operations header Incidents expand/collapse on-click/on-tap. !56273 (Daniel Schömer)
- Project Settings Operations header Metrics dashboard expand/collapse on-click/on-tap. !56274 (Daniel Schömer)
- Clean up integration form titles and password fields. !56309
- Move from btn-success to btn-confirm in branches directory. !56325 (Yogi (@yo))
- Move from btn-success to btn-confirm in cleanup directory. !56329 (Yogi (@yo))
- Move from btn-success to btn-confirm in default_branch directory. !56330 (Yogi (@yo))
- Move from btn-success to btn-confirm in deploy_keys directory. !56331 (Yogi (@yo))
- Move from btn-success to btn-confirm in forks directory. !56333 (Yogi (@yo))
- Move from btn-success to btn-confirm in hooks directory. !56334 (Yogi (@yo))
- Move from btn-success to btn-confirm in imports directory. !56336 (Yogi (@yo))
- Allow setting the shard/replica separately for standalone indexes. !56344
- Move from btn-success to btn-confirm in network directory. !56345 (Yogi (@yo))
- Move usage of delayed_project_removal to namespace settings. !56397
- Update buttons on issue page. !56425
- Create new policies for read, destroy, and create tokens. !56464
- Update Jira issues list to use new UI components. !56465
- Move from btn-success to btn-confirm in protected_branches directory. !56477 (Yogi (@yo))
- Move from btn-success to btn-confirm in protected_tags directory. !56478 (Yogi (@yo))
- Move from btn-success to btn-confirm in runners directory. !56485 (Yogi (@yo))
- Enable new RPC call to retrieve wiki files. !56491
- Center the pipeline stages dropdown in the commit details page. !56505
- Update mini pipeline appearance in commit page to match other mini pipelines in the application. !56510
- Disable pipeline schedules when a user is blocked. !56513
- Add Username to Email From Header in Notifications. !56588
- WebIDE show fork button when cannot push code. !56608
- Add empty state CTA in pipeline editor section for new root CI files. !56665
- Support newlines for the chatops "run" command. !56668
- Adds skipped state to duration cell for single stage manual pipelines. !56669
- Support for --prefer-source option for Composer registry. !56693
- Allow Email Replies to Notes to Create Discussions. !56711
- Add id and short_sha GraphQL fields to jobType in the CI namespace. !56714
- Remove the commit message from the package details UI. !56716
- Assignee dropdown in issue page displays only participants by default. !56742
- Render Kramdown format using Gitlab markup. !56750
- Relax version validation on generic packages. !56755
- Show popovers on hover and focus by default. !56778
- Change icon size in the pipeline editor. !56780
- Show password hint only if password_authentication_enabled_for_web? on new location logins. !56783 (Roger Meier)
- Add Vulnerabilities::FindingEvidence model. !56790
- Update compare branches button to btn-confirm. !56791
- Update buttons and spacing on commit page. !56793
- Update secondary nav elements right margin to 8px. !56794
- Add created_at to job webhooks. !56835
- Rename pipelines setting to CI/CD and move out from under repository section. !56857
- Change the way deprecation information is presented in GraphQL documentation. !56864
- Validate null constraint for cluster token name. !56868
- Move from btn-success to btn-confirm in projects/services directory. !56937 (Yogi (@yo))
- Move from btn-success to btn-confirm in projects/settings directory. !56938 (Yogi (@yo))
- Move from btn-success to btn-confirm in projects/snippets directory. !56939 (Yogi (@yo))
- Move from btn-success to btn-confirm in projects/tags directory. !56940 (Yogi (@yo))
- Move from btn-success to btn-confirm in projects directory. !56943 (Yogi (@yo))
- Move from btn-success to btn-confirm in registrations directory. !56944 (Yogi (@yo))
- Move from btn-success to btn-confirm in users directory. !56945 (Yogi (@yo))
- Adjust gitlab_database_transaction_seconds histogram bucket. !56952
- Add extra fields to the external pipeline validation payload. !56969
- Change assignee dropdown invite to utilize invite modal. !57002
- Enable DISTINCT optimization for ObjectHierarchy globally. !57052
- Redirect to the pipeline editor when clicking on CI/CD quick links. !57085
- Update learn gitlab template for new registrations. !57098
- Add loading icon to create merge request button. !57105
- Move Pipeline Editor repo link outside of feature flag conditional. !57144
- Show the Contribution Analytics promotion page for users without permission. !57222
- Show skipped duration state for all skipped pipelines. !57242
- Add Runner ID as title in Runner details page. !57247
- Remove feature flag usage_data_track_ci_templates_unique_projects. !57280
- Deprecate but keep support for Klar up to version 3. A new analyzer based on Trivy will be used from version 4 onwards. !57281
- Hydrate some of the variables in the Overview tab suggestion commit placeholder by switching the Diffs data source for it. !57419
- Remove Slack attachment from new issues created via Slash commands. !57431
- Make VALIDATION_REQUEST_TIMEOUT configurable. !57521
- Remove programmatic access to registration tokens. !57524
- Update Jira subscriptions list to use Vue. !57561
- Update runner badges look and feel in admin runners table. !57566
- Rename jobs to promote a smoother transition between Klar and Trivy based scanners. !57593
- Do not trim input for sample & test payload on alerts integration form. !57617
- Allow a Global ID to be used when filtering issue by iterationId in GraphQL. !57620
- Add tags field to jobType in the CI namespace. !57631
- Expose createdAt and updatedAt fields for Board in the GraphQL API. !57645
- Update validation trigger flow on the alerts integration form. !57697
- Remove groupId and projectId arguments to Runner install instructions. !57720
- GraphQL: expose milestone iid. !57732
- Move commit neighbor buttons to sticky MR controls. !57743
- Update title on revoke member invite modal and hide unneeded related issues and merge requests checkbox. !57755
- Deprecate btn-warning on admin area delete user modal. !57761
- Remove deprecated button classes from issue detail view. !57763
- Utilize btn-tertiary for copy project id on project overview. !57766
- Remove top margin for print layout. !57824
- Fail batch-aborted pipelines with reason. !57838
- Replace deprecated Close Milestone button on list view. !57871
- Replace deprecated button on new epic creation form. !57874
- Hide pipeline filtered search when no pipeline exists. !57881
- Add gl-badge for badges in group members page. !57933 (Yogi (@yo))
- Add gl-badge for badges in project members page. !57934 (Yogi (@yo))
- Display error message when dashboard activity fetch fails. !57935
- Add gl-badge for badges in dashboard nav. !57936 (Yogi (@yo))
- Update GIicon size in geo_node_header.vue. !57952 (singhanshuman)
- Move to confirm variant for buttons in vulnerabilities page. !57961 (Yogi (@yo))
- Add gl-badge for badges in MR page nav. !57969 (Yogi (@yo))
- Align project stars and date to center of project in groups page. !57972 (Yogi (@yo))
- Add btn-icon class for GPG key delete button. !57974 (Yogi (@yo))
- Add btn-default for mirror update button. !57978 (Yogi (@yo))
- Update ruby-magic-static to v0.3.5. !57984
- Reduce button size for revoke button in PAT page. !57989 (Yogi (@yo))
- Apply gl-form-input for fields in GPG keys page. !58002 (Yogi (@yo))
- Apply gl-form-input for fields in new schedule page. !58015 (Yogi (@yo))
- Move to btn-confirm from btn-success in licenses directory. !58024 (Yogi (@yo))
- Move to btn-confirm from btn-success in geo directory. !58031 (Yogi (@yo))
- Move to btn-confirm from btn-success in push_rules directory. !58033 (Yogi (@yo))
- Move to btn-confirm from btn-success in devise directory. !58035 (Yogi (@yo))
- Add btn-default class for toggle button in admin templates. !58041 (Yogi (@yo))
- Move to btn-confirm from btn-success in ee project settings. !58047 (Yogi (@yo))
- Improve UI of Runner Installation instructions: add a loading indicator, use checkmark on selected options, reduce height of modal. !58055
- Update New Issue form description copy from 'wite a comment' to 'wite a description'. !58068
- BulkImports: Import milestone iid. !58107
- Replace deprecated buttons on epic detail view. !58152
- Replace deprecated buttons on board view. !58153
- Small text updates on the SAST Config UI page. !58188
- Update GlIcon size in environments.vue. !58208 (Md. Pial Ahamed (@root.pial))
- Link to revision in version on admin dashboard. !58225 (Yogi (@yo))
- Rename Gitlab to GitLab in admin dashboard. !58228 (Yogi (@yo))
- Remove underline in apply for credit button in k8s page alert. !58232 (Yogi (@yo))
- Add btn-default class for file picker button. !58238 (Yogi (@yo))
- Rename Submit issue to Create issue in boards and docs. !58243 (Yogi (@yo))
- Update label container background and border colour from dark grey to use the same light grey as the board's containers. !58279
- UI improvement of Admin Dashboard top page. !58373 (Takuya Noguchi)
- Add warning icon beside in progress text if pipeline is stuck. !58427
- Set workhorse_extract_filename_base feature flag to default. !58504
- Update resolving alert system notes to use term Recovery Alert. !58513
- Update default spinner color to pajamas. !58517
- Update ruby-magic to v0.3.2. !58537
- Fix HAML in _promote_issue_weights.html.haml. !58546 (Yogi (@yo))
- Update popover placement and cursor on warning icon in PB. !58552 (Yogi (@yo))
- Remove vertical-align-middle from user location and work in profile. !58554 (Yogi (@yo))
- Enable chronological sort order for other items in the performance bar. !58572
- Use GlTable design system component for pipelines table. !58581
- Update MobSF to version 3.4.0 in the SAST template. !58594
- Add count of unique users to receive on-call notification to usage ping. !58606
- Add global callout for Service template deprecation. !58613
- Remove cached_api_merge_request_version feature flag. !58670
- Bump minimum git version to v2.31.0. !58737
- Add a chaos endpoint that signals QUIT. !58755
- Improve runners status icon usability and accessibility in the project settings view. !58781
- Make ref parameter optional in get raw file api. !58787
- Centralize shared state in Authoring section. !58790
- Update default branch in divergence graph. !58871
- Update Pipeline Graph Visualization. !58889
- Move initial pipeline processing to Sidekiq. !58901
- Display runner token and description consistently in the job sidebar and admin list. !58904
- Update ruby-magic to v0.4.0. !58947
- Update search and sort from the branches page. !58951
- Return email confirmation time from email entity. !58957
- Update runner type indicators in view/edit pages. !59005
- Default enable cascading settings feature flag. !59026
- Fix gl-emoji in abuse report page. !59078 (Yogi (@yo))
- Adds new clusters_integrations_prometheus table and model for Prometheus Cluster Integration. !59091
- Include project and build ID in Pages tmp directory. !59106
- Deactivate prune webhook logs worker. !59120
- Reduce pipeline tooltip delay to 0. !59155
- Remove gldropdown_branches feature flag. !59179
- Clarify on welcome page that we do not share any data. !59183
- Schedule artifact expiry backfill again. !59270
- Create prometheus service asynchronously by default when creating a project. !59273
- Show archive notice on empty project. !59286
- Enable in-product emails only for free instances. !59290
- Log all API uploads that exceed max attachment size. !59292
- Pages: Add feature flag to disable deployment to legacy storage. !59298
- Hide What's New for unauthenticated users. !59330
- Add queue label to metrics dispatched by background transaction. !59344
- Update Ruby from 2.5 to 2.7 in Dockerfile templates. !59345 (Takuya Noguchi)
- Update profile SSH key labels to refer to expired keys as "Expired". !59381
- Display project settings runners identifiers consistently. !59383
- Migrate Start Review button on MRs to use confirm variant. !59523
- Update auto-build-image to v0.6.0, updating the included docker to 20.10.6 and pack to 0.18.0. !59525
- Apply new GitLab UI for buttons in create tag page. (Yogi (@yo))

### Performance (107 changes, 1 of them is from the community)

- Cache namespace traversal path. !52854
- Use empty-query by default to check database connection. !54366 (Leandro Gomes @leandrogs)
- API JSON caching for tags endpoint. !54975
- Cache open merge requests count in group sidebar. !55971
- Add index on ci_stages to speed up batch pipeline cancellation. !56126
- Backfill traversal_ids for gitlab-org staging. !56293
- Linear version of Namespace#self_and_descendants. !56296
- Add database index for cancelable ci_pipelines on user and id. !56314
- Improve the performance of Merge Request Analytics table. !56380
- Move fetching projects and groups on todos page to API call. !56507
- Fix Workhorse acceleration for encoded project IDs in API. !56731
- Prevent sticking to DB primary when experiments are tracked. !56852
- Move link icon to CSS. !56980
- Drop unused preload from PipelineSerializer. !56988
- Speed up destroying of group Todos when user leaves group. !56995
- Optimise query for Deployment#previous_environment_deployment in LinkMergeRequestWorker. !57039
- Optimize database performance of loading assigned issue count on header bar. !57073
- Backfill traversal_ids for gitlab-org .com. !57075
- Check access only for requesting user when checking if subscribed. !57201
- Add gin index for namespaces.traversal_ids. !57207
- Accelerate uploads via API with Workhorse. !57250
- Add additional index to merge_requests table for project/status/created_at. !57267
- Preload group parent to fix N+1 queries for project search. !57277
- Preload additional data to fix N+1 queries for merge request search. !57284
- Remove N+1 for API commits/:sha/merge_requests. !57290
- Remove N+1 for API :id/deploy_keys. !57295
- Reduce query count for ExpirePipelineCacheWorker. !57304
- Remove N + 1 for milestones issues. !57349
- Add partial index to improve mirrors update. !57353
- Apply optimizations to JobsController#show.json. !57367
- Fix N+1 issue when loading merge request comments. !57374
- Perform more merge request creation tasks asynchronously to improve response times. !57453
- Fix N+1 for searching notes (comments) scope. !57460
- Resolve N + 1 for JIRA pulls. !57482
- Make `ci_runner_builds_queue_on_replicas` default. !57484
- Reduce queries on group labels controller. !57517
- Reduce number of queries in mergeRequestSetAssignees GraphQL mutation. !57523
- Reduce N+1 queries in creating todos after user mentions in a note. !57525
- Optimize Deploy Keys Presenter. !57551
- Add index to improve project deployments endpoint performance. !57554
- Resolve N + 1 for deployments API. !57558
- Cache merge request diff version API. !57568
- Reduce SQL requests number for issue links. !57602
- Avoid N+1 query when updating todo count cache. !57622
- Resolve N + 1 for commits notes API. !57641
- Resolve more N+1 issues in Jira pulls API. !57658
- Reduce number of SQL queries in Profiles::SlacksController#edit. !57674
- Preload all user callouts in a single request. !57679
- Add TargetProject And SourceBranch Index To MergeRequest. !57691
- Optimize group level Maven package finder query. !57692
- Remove ci_lower_frequency_trace_update feature flag. !57713
- Cache MRs count on milestone page. !57714
- Fix N+1 for searching milestone scope. !57715
- Avoid N+1 queries in breadcrumbs. !57725
- Move project hooks routes under /-/ scope. !57734
- Add composite index to support epic filtering by award emoji. !57759
- Reduce query count for popular worker ExpireJobCacheWorker. !57773
- Remove feature flag optimize_issue_filter_assigned_to_self. !57775
- Ensure a project iid is set before transitioning on pipeline error. !57783
- Fix N+1 in projects REST endpoint with forked projects. !57798
- Bulk-abort user pipelines on block. !57801
- Move pipelines calculation from widget.json to cached_widget.json. !57822
- Delete all issuable todos asynchronously when issuable is destroyed. !57830
- Reduce queries on projects labels controller. !57864
- Optimize database query for last deployment. !57979
- Fix N + 1 for MilestonesController#merge_requests. !57980
- Minor performance improvement for ref finder. !58099
- Reduce milestone issue list display limit to 500. !58168
- Partial index optimization for namespaces id. !58220
- Add caching to variables calculation of builds. !58286
- Reduce SQL requests on building artifacts. !58339
- Drop unused mirror_data index. !58349
- Add index on file_store for pages_deployments table. !58355
- Eliminage N+1 database queries on the user notifications page. !58397
- Create finder for searching branch names via redis. !58439
- Preload associations in Ci::Pipeline#cancel_running. !58484
- Add new MergeRequests::SyncCodeOwnerApprovalRulesWorker. !58512
- Create the pipelines asynchronously when refreshing merge requests. !58542
- Optimize searching cherry-picked merge requests for linking deployments. !58568
- Use object quarantine directory to enumerate new LFS pointers. !58634
- Resolve merge request todos asynchronously on update. !58647
- Enable cached avatar lookups by email. !58659
- Resolve group_member policy n+1. !58668
- Move CI related paths to cached MR widget. !58711
- Fix N+1 in REST projects and service desk. !58747
- Optimize environment serializer to reduce N+1 problems. !58748
- Handle assignee changes side effects asynchronously. !58783
- Remove paths from BuildArtifactEntity. !58818
- Use fast path helpers in BuildDetailsEntity. !58824
- Add framework for using specialized services to improve performance of MergeRequests::UpdateService. !58836
- Fix N+1 for searching commits. !58867
- Fix N+1 queries to find or initialize services. !58879
- Adjust indices to improve query performance for notification_settings. !58895
- Fix N+1 queries for issues search. !58915
- Optimize query for cherry picked merge requests. !58967
- Cache issues count in sidebar at group level. !59004
- Improve performance by moving TODO creation out of the jobs/request path. !59022
- Eliminate N+1 database queries on the user notifications page within the project notifications section. !59029
- Add migration to index members on user_id, source_id, and source_type. !59051
- Reduce the number of SQL queries executed on Maven file API endpoints. !59136
- Add user index on spam logs. !59151
- Limit number of GraphQL requests tracked in performance bar to 10. !59158
- Add index for the path column on the packages_maven_metadata table. !59241
- Reduce timeouts on tab counts for searches to 5s. !59435
- Add partial index on members to optimize highest access level query. !59455
- Optimize issuable updates. !59468
- Ensure the project iid is set before dropping pipeline. !59626

### Added (108 changes, 11 of them are from the community)

- Support adding and removing assignees w/ push opts. !25904
- Add Go Packages as a cache for the Go proxy. !34558 (Ethan Reesor (@firelizzard))
- Allow admin users to define admin notes on groups. !47825
- Resolve nested variable values sent to the runner. !48627
- Hide "Resolve conflicts" button when source branch is protected. !51121 (Marcin Majkowski @marcinmajkowski)
- Allow Add Comment To Review. !51718 (Lee Tickett @leetickett)
- Add click to copy button over project ID. !53224 (Virgile MATHIEU @vmathieu)
- Convert admin mode feature flag to system application setting. !53610 (Diego Louzán)
- Send in-product marketing emails to guide users setting up their groups. !53715
- Automatically try to migrate gitlab pages to zip storage. !54578
- Add user-merge request interaction type. !54588
- Save usage_data_id from versions app in raw_usage_data. !54738
- Create UserPreferences API. !55033
- Support group applications. !55152 (Jonas Wälter @wwwjon, Bastian Blank)
- Ability to add Prometheus as cluster integration. !55244
- Add JavaScript, TypeScript, and React support to the semgrep analyzer. !55257
- Added local_store to Pages settings in gitlab.yml file. !55470
- Add additional fields to dast_site_profiles database table. !55579
- Cascade delayed project removal setting lookup to parent namespace. !55678
- Support automatic transitions of Jira issues. !55773
- Add blocked issues detail popover for boards cards. !55821
- Allow users to mark pages projects as not deployed during migration to zip storage. !55862
- Add dast_profile_secret_variables table. !56067
- Support daily DORA metrics API. !56080
- Track agent token last_used. !56143
- Add CI_COMMIT_AUTHOR predefined variable. !56144 (Craig Andrews @candrews)
- Linking to a single line number in Web IDE. !56159
- Migrate group badges when using Bulk Import. !56357
- Add Ability to Edit Freeze Periods. !56407
- Add GraphQL mutation to delete an existing release asset link. !56417
- Personal access token revoke for managed accounts (feature flag removed). !56427
- Migration: add trial extension type to gitlab_subscription. !56460
- Geo: Prepare snippet_repositories and snippet_repository_registry tables for adding verification. !56596
- User Availability - Allow users to schedule un-setting of their status values. !56649
- Add missing icon for files with .c++ extension. !56650 (Peter Kovář @peter.kovar)
- Add in-page search for all settings pages. !56659
- Support include_ancestors when querying group milestones via GraphQL. !56667
- Add recaptcha to top-level group creation behind feature flag. !56707
- Configure issue and merge request description templates at group level and rolldown description templates in the group hierarchy. !56737
- Enabled phabricator importer by default. !56765
- Generalize alert details status. !56800
- Create database table dast_profiles_pipelines. !56821
- Allow selecting a CI template by providing the template name as a URL param gitlab_ci_yml. !56861
- Group SAML - Check SSO status on Git activity. !56867
- Send email notification on SSH key expiration. !56888
- Support custom tag formats for changelogs. !56889
- Delete records from security_findings table with missing UUID values. !56975
- Link squashed commits using the changelog API. !56985
- Allow users to enable force push to protected branches. !57053
- Add rake tasks for Pages deployment migration. !57120
- Code suggestions correctly add based on multi-line comments. !57125
- BulkImports: Add `BulkImports::PipelineWorker` to process each BulkImport pipeline on its own background job. !57153
- Connect Registries searches to URL. !57251
- Sort code quality degradations in MR Widget comparison reports. !57258
- Add unified metrics definition YAML file API endpoint. !57270
- Clarify what coverage means on the merge request pipeline section. !57275
- Improve payload format of DORA metrics API. !57314
- Expose timelogs against issues and merge requests in GraphQL. !57321 (Lee Tickett @leetickett)
- Populate missing dismissal information for vulnerabilities. !57347
- Clarify the impact of selecting incidents in the new issue form. !57373
- Add jobs field to the project type. !57376
- When removing a user, warn Admin user is part of an on-call schedule. !57397
- Exposes schedulingType on CiJobType and adds usesNeeds to PipelineType. !57398
- '/projects/:id/repository/compare' supports comparing branches/commits on different projects. !57418 (Exchizz (@Exchizz))
- Add geo database changes for pipeline artifact replication. !57506
- Add more fields to the job type. !57530
- Capture test report summary widget views via usage ping. !57543
- Allow filtering GraphQL alertManagementIntegrations and alertManagementHttpIntegrations by ID. !57590
- Add search functionality to Jira Connect App namespaces. !57669
- Add Conan GraphQL type to package. !57719
- Log message when upload via API exceeds limit. !57774
- Migration: Add cloud column to licenses. !57781
- Re-add swap revisions feature (legacy). !57802
- Add support for SMTP connection pooling when sending emails. !57805
- Add a migration to insert trail plans within SAAS for Ultimate and Premium plans. !57814
- Add link to test case file in the test report for merge requests. !57911
- Upgrade GitLab Pages to v1.37.0. !57946
- Add negative filters for merge requests API. !58021
- Add setting to change default target project for merge requests from forks. !58093
- Support negated filtering of issues by iids, label_name, milestone_title, assignee_usernames and assignee_id in GraphQL. !58154
- User notification when SSH key is set to expire soon. !58171
- Allow user to filter epics by their reaction emoji via GraphQL. !58211
- Add config support for using Microsoft Graph with MailRoom. !58250
- Let users create groups and projects at signup and onboard them through issues on gitlab.com. !58301
- Reschedule background migration to copy projects.container_registry_enabled to project_features.container_registry_access_level. !58360
- Prettify JSON of sample alert payload. !58433
- Add spent quick action alias. !58539 (Lee Tickett @leetickett)
- Add GraphQL endpoint for test report summary for pipelines. !58596
- Show pipeline finished timestamp on MR widget. !58618
- Add Hello World CI Template. !58649
- Make blobs directly accessible through the graphql repository. !58677
- Add target_type column to dast_site_profiles database table. !58723
- Add GraphQL endpoint for a specific test suite in pipelines. !58924
- Add blob filename to attachment content disposition. !58977
- Rollout product_intelligence_metrics_names_suggestions feature flag. !58995
- Support filtering by assignee wildcard in GraphQL board list issues query. !58996
- Remove pages_serve_from_migrated_zip feature flag. !59002
- Enables multiple_cache_per_job feature flag by default. !59016
- Add CODECLIMATE_PREFIX variable to code quality template. !59041
- Add instance_url column to the jira_connect_installations table. !59148
- Remove codequality_backend_comparison feature flag. !59320
- Allow cherry-picking to a fork's parent. !59399
- Add kotlin support to spotbugs-sast job. !59431
- Upgrade GitLab Pages to 1.38.0. !59464
- Add documentation about Pages deployment migration. !59475
- Re-enable serving pages with zip file protocol. !59486
- Enable pipeline_status_for_pipeline_editor by default. !59495
- Extract creation of prometheus service from Projects::CreateService.

### Other (160 changes, 74 of them are from the community)

- Resolve Improve text for error No issue found for given params in UI. !45064
- Update gon gem to 6.4.0. !51210
- Initialize conversion of events.id to bigint, and add execute_batched_migrations_on_schedule feature flag to control scheduled background migrations. !51332
- Apply new GitLab UI buttons in the webhooks list. !51977 (Yogi (@yo))
- Fix alignment of folder-caret and actions button in the subgroup list. !52400 (Yogi (@yo))
- Remove JSON endpoint for project container index. !52407 (Takuya Noguchi)
- Update HIPAA logo for project templates. !53270
- Apply GitLab UI button styles to buttons in app/views/shared directory. !53474 (Yogi (@yo))
- Drop non-partitioned audit_events_archived table. !53880
- Add message for repository backup skip. !54285
- Updated MR Approvals to specify settings section. !54985
- Remove markdown from comment search result. !55255
- Deduplicate issue_metrics table. !55285
- Document how to use custom omniauth button icon. !55388 (Diego Louzán)
- Create Cop to enforce using policies framework for administrators. !55693 (Diego Louzán)
- Remove tabindex on skip link that could negatively impact keyboard focus management and order. !55756
- Mark merge request as preparing on create. !56086
- Update Search and Apply buttons to confirm variant to align with Pajamas design system. !56122
- Decrease spacing between controls on the Commit page header. !56129
- Create new unit test tables. !56137
- Convert Commit dropdown to Vue. !56142
- Enable the instance variables UI. !56255
- Set the scope in search context from group issue and MR pages. !56383
- Remove On-call Edit feature flag. !56445
- Fix cop offenses for Style/HashTransformation in app directory. !56579 (Karthik Sivadas @karthik.sivadas)
- Fix cop offenses for Style/HashTransformation in ee directory. !56581 (Karthik Sivadas @karthik.sivadas)
- Fix cop offenses for Style/HashTransformation in lib directory. !56583 (Karthik Sivadas @karthik.sivadas)
- Fix cop offenses for Style/HashTransformation in spec directory. !56586 (Karthik Sivadas @karthik.sivadas)
- Track epic note created via usage ping. !56609
- Aggregate code review metrics. !56734
- Update android template to default branch. !56738
- Stop using json-schema gem for production. !56745
- Refactor docs and UI for Jaeger tracing. !56819
- Add support for the MATERIALIZED keyword when using WITH (CTE) queries in PostgreSQL 12. !56976
- Externalize project deploy keys (edit) strings. !57015 (Jonston Chan @JonstonChan)
- Migrates the expand button in MR reports to GitLab UI. !57021
- Update GitLab Runner Helm Chart to 0.27.0. !57048
- Remove unnecessary use of freeze. !57056 (Lee Tickett @leetickett)
- Remove unnecessary use of freeze. !57057 (Lee Tickett @leetickett)
- Remove unnecessary use of freeze. !57058 (Lee Tickett @leetickett)
- Remove unnecessary use of freeze. !57059 (Lee Tickett @leetickett)
- Remove unnecessary use of freeze. !57060 (Lee Tickett @leetickett)
- Remove the FF skip_dag_manual_and_delayed_jobs. !57086
- Remove the FF ci_trigger_payload_into_pipeline. !57087
- Updated documented K8s snippet to undeprecated API. !57100 (Raimund Hook (@stingrayza))
- Validate NOT NULL constraint on gitlab_subscriptions namespace_id. !57113
- Update button variants on the project boards controller to better align with the Pajamas Design System. !57129
- Remove the recursive_namespace_lookup_as_inner_join feature flag. !57131
- Only display focus mode button at md+ breakpoint and make it the tertiary style. !57139
- Remove feature flag for customize homepage banner. !57147
- Update issuable submit content order, button variants, and button alignment. !57172
- Send invited users to sign up instead of sign in when possible. !57240
- Updated UI text to match style guidelines. !57276
- Enable RedundantFreeze Cop and Remove Remaining Offenses. !57288 (Lee Tickett @leetickett)
- Review and revise Integrations/Asana UI text. !57362
- Add enqueueing of Onboarding Progress to the Invite Service. !57372
- Validate foreign key on ServiceHooks. !57483
- Removed migrate_delayed_project_removal feature flag. !57541
- Migration to cleanup after partitioned web_hook_logs backfill. !57580
- Update BulkImport default page size to 500 in order to process larger page of data. !57594
- Refactor member/invitation services to share common code. !57618
- Fix triggers page externalization. !57637 (Jonston Chan @JonstonChan)
- Add foreign key from web_hooks to groups. !57735
- Remove batch_suggestions feature flag. !57745
- Remove remove_resolve_note feature flag. !57757
- Remove deprecated info button from issue list view. !57762
- Track the different overflows for diff collections. !57790
- Update Jira plugin UI copy. !57793 (Russell Dickenson rdickenson@gitlab.com)
- Rename table/model vulnerability_finding_fingerprints to *_signatures. !57840
- Move to btn-confirm from btn-success in pipelines quotas page. !57861 (Yogi (@yo))
- Remove records without group from webhooks table. !57863
- Updated UI text to match style guidelines. !57884
- Add a template for using Indeni Cloudrail in GitLab. !57919
- Externalise-strings in _ip_limits.html.haml. !58003 (nuwe1)
- Externalise strings in application_settings/_pages.html.haml. !58011 (nuwe1)
- Externalize strings in _performance.html.haml. !58016 (nuwe1)
- Externalise strings in application_settings/_performance_bar.html.haml. !58018 (nuwe1)
- Externalise strings in /application_settings/_realtime.html.haml. !58039 (nuwe1)
- Externalise strings in _registry.html.haml. !58051 (nuwe1)
- Externalise strings in /application_settings/_repository_check.html.haml. !58058 (nuwe1)
- Update Design Management added design icon to be slightly smaller which conforms to the Pajamas design guide. !58086 (Andreas Resch @reschandreas)
- Externalise strings in admin/users/_head.html.haml. !58101 (nuwe1)
- Updating success button to confirm variant and reordering buttons per Pajamas Design System guidelines for buttons. !58112
- Externalize strings in /abuse_reports/index.html.haml. !58132 (nuwe1)
- Use Gitlab::AppLogger in settings. !58134 (Huzaifa Iftikhar @huzaifaiftikhar)
- Fill in all placeholder values in the apply suggestion commit message placeholder text. !58136
- Externalize strings in broadcast_messages/index.html.haml. !58146 (nuwe1)
- Externalize strings in deploy_keys/new.html.haml. !58148 (nuwe1)
- Externalize strings in hook_logs/_index.html.haml. !58155 (nuwe1)
- Externalize strings in projects/_projects.html.haml. !58158 (nuwe1)
- Externalize strings in projects/index.html.haml. !58160 (nuwe1)
- Externalize strings in services/index.html.haml. !58167 (nuwe1)
- Externalise strings in runners/_runner.html.haml. !58168 (nuwe1)
- Externalise strings in spam_logs/_spam_log.html.haml. !58169 (nuwe1)
- Fix EmptyLineAfterFinalLetItBe Rubocop offenses for projects controller. !58176 (Huzaifa Iftikhar @huzaifaiftikhar)
- Externalize strings in _confirmation_instructions_account.html.haml. !58214 (nuwe1)
- Externalize strings in _confirmation_instructions_account.text.erb. !58215 (nuwe1)
- Externalize strings in _confirmation_instructions_secondary.text.erb. !58218 (nuwe1)
- Externalise strings in password_change files. !58219 (nuwe1)
- Externalize strings in unlock_instructions.html.haml. !58227 (nuwe1)
- Externalize strings in passwords/edit.html.haml. !58233 (nuwe1)
- Externalize strings in passwords/new.html.haml. !58236 (nuwe1)
- Externalize strings in sessions/_new_ldap.html.haml. !58267 (nuwe1)
- Externalize strings in registrations/edit.html.erb. !58268 (nuwe1)
- Externalize strings in sessions/_new_crowd.html.haml. !58269 (nuwe1)
- Externalise strings in sessions/new.html.haml. !58274 (nuwe1)
- Externalize strings in sessions/two_factor.html.haml. !58275 (nuwe1)
- Externalize strings in shared/_omniauth_box.html.haml. !58281 (nuwe1)
- Externalize strings in shared/_sign_in_link.html.haml. !58283 (nuwe1)
- Externalise strings in shared/_tabs_ldap.html.haml. !58285 (nuwe1)
- Externalize strings in unlocks/new.html.haml. !58289 (nuwe1)
- Externalise strings in labels/edit.html.haml. !58294 (nuwe1)
- Externalize strings in milestones/_form.html.haml. !58298 (nuwe1)
- Externalize strings in milestones/edit.html.haml. !58306 (nuwe1)
- Externalise strings in runners/edit.html.haml. !58315 (nuwe1)
- Externalise strings in groups/_activities.html.haml. !58324 (nuwe1)
- Externalize strings in groups/_create_chat_team.html.haml. !58328 (nuwe1)
- Externalise strings in groups/_group_admin_settings.html.haml. !58331 (nuwe1)
- Externalises strings in groups/activity.html.haml. !58332 (nuwe1)
- Update pipeline email service UI text. !58377
- Update pot file. !58392
- Updated UI text for Assembla integration to match style guidelines. !58400
- Externalize strings in instance_configuration/_gitlab_ci.html.haml. !58435 (nuwe1)
- Externalize strings in instance_configuration/_gitlab_pages.html.haml. !58437 (nuwe1)
- Externalize strings in help/index.html.haml. !58441 (nuwe1)
- Externalize strings in instance_configuration.html.haml. !58443 (nuwe1)
- Externalize strings in chat_names/_chat_name.html.haml. !58444 (nuwe1)
- Externalizes strings in viewers/_empty.html.haml. !58451 (nuwe1)
- Externalize strings in viewers/_loading_auxiliary.html.haml. !58454 (nuwe1)
- Review and revise Pages settings-related UI text. !58479
- Updated Alert integration UI text to match style guidelines. !58507
- If creating a new issue fails in boards, remove the issue card from a list. !58558
- Enable Layout/SpaceAfterColon cop for HAML. !58564 (Takuya Noguchi)
- Update mattermost integration UI text. !58570
- Update Emails on push UI Text to match style guidelines. !58597
- Updated outdated UI text and docs. !58600
- Update UI text of Jenkins integration. !58623
- Track total_tuple_count for batched migrations. !58675
- Update Project Management metrics definitions. !58710
- Add correlation id in X-Request-ID for external pipeline validation. !58741
- Update UI text from timing to Duration. !58838
- Update Discord integration UI text. !58842
- Update UI text for slack notifications integration. !58845
- Review and revise Redmine Integration UI text. !58899
- Bump devise-two-factor version. !58929
- Update metric definition under verify testing group. !59028
- Remove issue_perform_after_creation_tasks_async feature flag. !59042
- Obtain pipeline validation service token from config not ENV. !59101
- Bump rspec-rails to 4.1.2. !59130
- Add index services on project and type where inherit is null. !59168
- Replace deprecated skeleton loader in the user popover with slightly darker SVG based skelton loader. !59180
- Bump rspec-rails to 5.0.1. !59194
- Update drone integration UI text. !59231
- Add index on (created_at, web_hook_id) to the partitioned web_hook_logs. !59261
- Add index on web_hook_id to partitioned web_hook_logs. !59266
- Add a foreign key from the partitioned web_hook_logs to web_hooks. !59282
- Bump minimum required Go version for workhorse to 1.15. !59347
- Update UI text for TeamCity integration. !59493
- Remove redundant index from epics. !59494
- Externalize strings in labels/new.html.haml. (nuwe1)


894
895
896
897
898
899
900
901
902
## 13.10.3 (2021-04-13)

### Security (3 changes)

- Check image content type before running exiftool in workhorse.
- Clean only legitimate JPG and TIFF files.
- Update ruby-saml and rexml gems.


903
904
905
906
907
908
909
910
911
912
913
## 13.10.2 (2021-04-01)

### Fixed (1 change)

- Fixed rendering of the image blobs. !57479

### Added (1 change)

- Improve performance for composer v2 clients. !55169


914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
## 13.10.1 (2021-03-31)

### Security (6 changes)

- Leave pool repository on fork unlinking.
- Fixed XSS in merge requests sidebar.
- Fix arbitrary read/write in AsciiDoctor and Kroki gems.
- Prevent infinite loop when checking if collaboration is allowed.
- Disable arbitrary URI and file reads in JSON validator.
- Require POST request to trigger system hooks.

### Removed (1 change)

- Make HipChat project service do nothing. !57434

### Other (3 changes)

- Remove direct mimemagic dependency. !57387
- Refactor MimeMagic calls to new MimeType class. !57421
- Switch to using a fake mimemagic gem. !57443


936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
## 13.10.0 (2021-03-22)

### Security (3 changes)

- Workhorse: prevent escaped router path traversal.
- Workhorse: Stop logging when path is excluded.
- Patch Kramdown syntax highlighter gem.

### Removed (2 changes)

- Remove Remove from board button from board sidebar. !53946
- Remove workaround for icon loading in Chrome 84. !56114

### Fixed (99 changes, 23 of them are from the community)

- Fix button alignment in design management header. !48003
- Updated UI text to match style guidelines. !50383
- Don't close auto suggest select boxes on click if only the mouseup (but not the mousedown) event happened outside the box. !51139 (Simon Stieger @sim0)
- Fix Auto DevOps deploys that use a default branch that's not named 'master'. !53280 (Mitchell Cash @MitchellCash)
- Correct job artifacts API download for expired and locked files. !53567 (Fabio Huser)
- Fix project import error occurring due to default visibility. !53827 (Jonas Wälter @wwwjon)
- Fix relative URL with composer package. !53918
- Cleanup incorrect data in projects.has_external_issue_tracker. !53936
- Fix not skipped manual and delayed DAG jobs. !54073
- Skip orphaned pool repositories on restore. !54112
- Add space next to icons in epic issue list. !54138 (Yogi (@yo))
- Render version dropdowns in MR changes view above tab navbar. !54159 (Simon Stieger @sim0)
- Do not show button to resolve discussion opening an issue when issues are disabled. !54263
- Hide issue count and link in project list for projects with disabled issues. !54275 (Simon Stieger @sim0)
- Handle GlobalIDs with invalid resource names. !54290
- Fix overflowing width - at mention container. !54377
- Update k8s version for EKS cluster. !54389 (Vincent Firmin @winkies)
- React to new DOM nodes being added to the page to bind the user information popover to them. !54411
- move create_release_evidence sidekiq queue out of the cronjob namespace. !54432
- Fix copy to clipboard tooltip button. !54472
- Fix bold text mismatch in MR ⚙ menu. !54531
- Wrap long code lines in markdown. !54540
- Hide repeated trial offers on self-hosted instances. !54550
- Fix bug when snippet blobs array contain a nil value. !54552
- Fix the npm instance level API to exclude subgroups. !54554
- Fix the value of `$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX` when used in group with a name containing uppercase letters. !54559 (Eric Engestrom @1ace)
- Fixed typo on Two-Factor Authentication page. !54565 (Jani Uusitalo @uusijani)
- Forcibly load OpenSSL::X509::DEFAULT_CERT_FILE. !54569
- Stop scrollbar stretching filtered search box. !54574
- Correctly style Dark Mode application header in profile preferences. !54575 (Simon Stieger @sim0)
- Prevent removal of the last group owner if the last group owner is a blocked user. !54587 (Jonas Wälter @wwwjon)
- Fix style issue with "reply" placeholder textarea in firefox. !54592
- Update batch_loader gem to v2.0.0. !54639
- Fix rendering of projects when the last pipeline changes during rendering. !54651
- Search: Log search.scope for the default scope. !54684
- Fix double scrollbar in ref selector dropdown. !54719
- Fix double scrollbar issue in milestone selector dropdown. !54734
- Skip two factor setup for help pages. !54739
- Fixed diff notes GraphQL mutation not allowing comments on deleted lines. !54801
- Expand left sidebar `Issues` when viewing project iterations. !54815
- Added a missing class to reply placeholder. !54817
- Renamed the second project panel to group. !54834 (Niklas van Schrick @Taucher2003)
- Fix double scrollbars in some dropdowns. !54837
- Fix pipeline notifications for Webex Teams / Unify Circuit integrations. !54852
- Github Importer: Import Pull request "merged_at" attribute. !54862
- Fix UTF-8 characters not working with Azure Blob storage. !54875
- Upgrade gitlab-sidekiq-fetcher for correctly detecting interrupted jobs when Sidekiq pods are restarted. !54881
- Include shared with groups in list of authorized groups. !54894
- Fix `@` autocomplete selecting the loading icon. !54925
- Fix status cache for upstream pipelines. !54937
- Update gitlab-sidekiq-fetcher to 0.5.5 to handle namespaced queues. !55013
- Use gitlab_web_url (if it exists) for issue title links in Issue lists. !55021
- Fix issue with loading the repository compare page. !55058
- Fix argument type for background migration. !55097
- reconcile source installation and upgrade docs. !55170 (Jörg Behrmann @behrmann)
- Sync the maven metadata file upon package deletion through the UI. !55207
- Fix empty field in custom notification events modal. !55313 (Kev @KevSlashNull)
- Fix 500 error for long commit messages. !55320
- Include MRs for merge commits for changelogs. !55371
- GithubImporter: Add Merge request approval only if it does not exists yet. !55376
- Fix assignees search to show only project members. !55396
- Do not break word in the code blocks under Safari. !55405
- Fix typo in pipeline status email. !55412 (Gabriel Berke-Williams)
- Fix inconsistent heading style in email diffs. !55420
- Ensure Project Approvals API casts to boolean. !55492
- Update fog-aws to v3.9.0. !55528
- Handle relative position on issue move or clone. !55555
- Fix horizontal alignment of MR Changes cog menu dropdown checkboxes. !55591
- checks: Skip LFS checks when deleting refs. !55609
- Fix edited timestamp updated when transforming / resolving comments. !55671 (Mycroft Kang @TaehyeokKang)
- Allow saving repository weights after a storage has been removed. !55689
- Resolve project from branch in commit resolver. !55694
- Update validate_url gem. !55706
- Fixes: No such file or directory lib/pager_duty/validator/schemas/message.json. !55725
- Fix fork thumbnail overflow. !55764
- Change terraform_states.locked_by_user_id foreign key to SET NULL. !55813
- Fix invite member modal dropdown checkbox styling. !55832 (Kev @KevSlashNull)
- Reenable OAuth password grants without client credentials. !55873
- Fixed vestigial Anchor links in doc/development/usage_ping/dictionary.md. !55874 (Raimund Hook)
- Fix 'viewed' checkbox in single-file view mode. !55922
- Fix Web Project Export rate limiting scope. !55975
- Remove merge manually message. !56016
- fix stringify empty position object. !56037
- Fix diff comment hidden dropdown. !56072
- Handle RestClient errors in Discord integration. !56112
- Turn off native autocomplete for ref selector components. !56128
- Handle commits without descriptions for changelogs. !56224
- Support maven plugins packaging in the maven metadata sync worker. !56229
- Use gitlab-fog-google instead of upstream fog-google gem. !56245
- Fix styling of "Enabled OAuth sign-in sources" checkboxes. !56254
- Sanitize issue description in search result. !56256
- Fix bug in wiki page destroy API endpoint when an error is raised. !56285
- Correct generated maven repository instruction for Gradle Groovy DSL. !56318 (Cromefire_ (@cromefire_))
- Add labels to GlToggles. !56387
- Fixed error handling GraphQL API when issue board creation fails. !56467
- Hide fork count and link in project list where forks are disabled. !56520 (Simon Stieger @sim0)
- Fix upgrade banner for Jira issues showing on group / instance level integrations. !56628
- Fix tooltips failing to hide in commit graph on Firefox. !56631 (Jonathan Duncan)
- Hide MR count and link in project list where MRs are disabled. (Simon Stieger @sim0)

### Changed (202 changes, 88 of them are from the community)

- Mark `startDate` and `endDate` arguments as deprecated in the GraphQL schema for `Project.milestones` and `Group.milestones` (FOSS and EE), and `Project.iterations`, `Project.milestones`, `Group.epic`, `Group.epics`, `Group.iterations`, `Group.milestones`, `BoardEpic.children`, and `Epic.children` fields (EE-only). Previously these arguments were marked as deprecated only in their descriptions. !45229
- Improve Linked Issues Usability. !50879 (Andrew Minion)
- Make new issue title look like wiki. !50940 (Jacopo Beschi @jacopo-beschi)
- Introduce WebIDE as an extension for Editor Lite. !51527
- Update LaTeX Docker image in CI Templates to TexLive 2020. !52043 (Michael Schmitt @schmitmd)
- Allow creation of iterations in the past. !52403
- Allow overlapping iteration dates with ancestor group iterations and restrict dates overlapping for iterations within same group. !52403
- Send gitlab_standard context with events from the frontend. !52959
- Prefill first multiline commit message for new MRs. !52984 (Max Coplan @vegerot)
- Auto-enable admin mode on privileged environments. !53015 (Diego Louzán)
- Add loading indicator to "Update username" button in account settings. !53142 (Kev @KevSlashNull)
- Replace btn-primary with btn-confirm in Start your free trial button. !53215 (Yogi (@yo))
- Update project page buttons to conform to design system. !53260
- Lift the NPM package naming convention for the project level API. !53266
- Adds ability to have multiple cache per job. !53410
- Improve Jira connect app styling and i18n. !53441
- Restyle the repository compare show page. !53523
- API: include external users in user search for non-admins. !53584 (Jonas Wälter @wwwjon)
- Record onboarding action for issue creation. !53611
- Merge Sentry's contexts into Gitlab::ApplicationContext. !53691
- Add divergedFromTargetBranch field to MergeRequestType to indicate the target branch has diverged from the source branch. !53759
- Provide name of expiring token in personal access token expiration mail. !53766
- Convert merge request widget state to use GraphQL. !53846
- Sidebar confidentiality component updates in real-time. !53858
- Add creator to custom emoji. !53879
- Migrate namespaces delayed_project_removal to namespace_settings. !53916
- Add name field to cluster agent token. !53920
- Apply new GitLab UI for request email button. !53966 (Yogi (@yo))
- Add support for ETag caching when using GraphQL. !53978
- Allow anonymous access to public Conan packages. !54047 (Steve Mokris @smokris)
- Make the Geo OAuth application trusted by default. !54079
- Add description field to cluster agent token. !54091
- Project Settings CI/CD headers expand/collapse on click / tap. !54114 (Daniel Schömer)
- Project Settings CI/CD Variables header expands/collapses on click / tap. !54117 (Daniel Schömer)
- Add Role and Rolebinding for CiliumNetworkPolicies. !54130
- Add btn-default and remove extra right margin. !54134 (Yogi (@yo))
- Update user avatar in sidebar realtime. !54135 (Yogi (@yo))
- Remove illustration in export/import CSV modal. !54136 (Yogi (@yo))
- Update to btn-confirm and align subscription banner. !54137 (Yogi (@yo))
- Remove service desk issue prefix. !54140 (Lee Tickett @leetickett)
- Apply new GitLab UI for learn more button in time tracking. !54142 (Yogi (@yo))
- Apply new GitLab UI for apply template button in new issue. !54143 (Yogi (@yo))
- Remove gl-overflow-scroll in merge instructions modal. !54144 (Yogi (@yo))
- Align merge conflict warning text to center. !54145 (Yogi (@yo))
- Deprecate instanceStatisticsMeasurements in favor of usageTrendsMeasurements GraphQL field. !54153
- Web IDE disallow commit when project has 'reject unsigned commits' rule. !54166
- Add space next to download icon in download artifacts button. !54228 (Yogi (@yo))
- Convert IDE nav form tab to GlTab. !54274
- Add btn-icon class for commit action buttons. !54286 (Yogi (@yo))
- Convert Threat Monitoring environment picker to GlDropdown. !54309
- Allow importing groups as new top-level groups. !54323
- Show user follow button first instead of center. !54326 (Yogi (@yo))
- Update 'Get Started with CI/CD' button with latest URL. !54344
- Log individual user usage of Slack service. !54347
- Add duration and finishedAt GraphQL fields to jobType in the CI namespace. !54358
- Show icon next to reviewers who have approved. !54365
- Add btn-icon for buttons in pipeline schedules. !54426 (Yogi (@yo))
- Restore Sentry functionaly to the frontend. !54441
- Github Importer: Validate repository size before importing. !54449
- Allow search for pipeline by SHA as well as IID via GraphQL. !54471
- Change default API content_type to JSON. !54479
- Added environment details to Job Hook and Pipeline Hook. !54480 (AdrianLC)
- GraphQL: Expose Label "created_at" and "updated_at". !54487
- Move CI_CONFIG_PATH as project variable and deprecate CI_PROJECT_CONFIG_PATH. !54498
- Registry: make delete icon buttons secondary. !54545
- Add GlToggle label in edit feature flag. !54546 (Yogi (@yo))
- Add GlToggle label in sidebar subscription toggle. !54548 (Yogi (@yo))
- Refine Registry Lists and Search Bar UI. !54549
- Remove outdated ci db columns. !54564
- BulkImports: Avoid import ProjectLabels in the Group import level. !54580
- Update default title of alerts to New: Alert. !54621
- Clear Environment Search in CI/CD Variables. !54626
- Only show 2FA badge to project maintainers and group owners. !54646
- Enable pages_serve_with_zip_file_protocol by default. !54650
- Auto-scroll to top of page upon committing in pipeline editor. !54657
- Remove Expiration Policy text from container registry header. !54665
- Reduce elements in Pipeline page dropdowns with lazy. !54674
- BulkImports: Import Label timestamps. !54678
- Improve at.js members autocomplete matching. !54681
- Use Root Image for images with missing name. !54693
- Change the order of action buttons in the configure feature flags modal. !54731
- Remove deprecated button variant in groups, projects and snippets. !54747 (Yogi (@yo))
- Add selected state for ellipsis button in a commit. !54754 (Yogi (@yo))
- Apply new GitLab UI for button in promotion link. !54755 (Yogi (@yo))
- Apply new GitLab UI for buttons in empty label placeholder. !54760 (Yogi (@yo))
- Add selected state for diff view in commit page. !54762 (Yogi (@yo))
- Add selected state for chart button in vulnerabilities dashboard. !54763 (Yogi (@yo))
- Add btn-default class for settings toggle button. !54764 (Yogi (@yo))
- Apply new GitLab UI for badge in runners list. !54766 (Yogi (@yo))
- Better error message when import fails due to backend validation. !54827
- Moved CODEOWNERS tip into approvals Vue app. !54830
- Add a new project feature called container_registry. !54831
- Relax tag requirements when generating changelogs. !54832
- Regroup alerts integration form into tabs. !54842
- Reverts default sort order for Explore Projects to Last updated. !54879
- Fix DOS on Math blocks. !54898
- Added non-null constraint to terraform state name. !54940
- Remove MergeRequestAssigneesMigrationProgressCheck background migration. !54943
- Adjust text explaining content of Operations menu from visibility section of project settings. !54963
- Use info colour for merged search results instead of primary. !55008
- Update button variant to confirm on integration settings page. !55017
- Allow `$CI_JOB_TOKEN` to access the "Download a single artifact file" endpoints of the Jobs Artifacts API. !55042 (Eric Engestrom @1ace)
- Ignore prerelease tags when generating changelogs. !55065
- Rename comment form textarea label to `Comment`. !55088
- Add runners api context metadata. !55089
- Reschedule artifact expiry backfill. !55093
- Small visual updates to Git ref selector dropdown on New/Edit Release page. !55121
- Group integration settings buttons to the left. !55139
- Optimize Metrics Dictionary. !55145
- Show nested environments when change tab, page. !55167
- Move to btn-confirm in app/views/devise directory. !55200 (Yogi (@yo))
- Move to btn-confirm in app/views/shared/empty_states directory. !55203 (Yogi (@yo))
- Change the button to Primary Blue. !55204 (Yogi (@yo))
- Update button to btn-confirm on merge requests page. !55218
- Add empty state to pipeline editor section. !55227
- Project Settings Repository Default branch header expand/collaps on click. !55228 (Daniel Schömer)
- Project Settings Repository Mirroring repositories header expands/collapses on click / tap. !55229 (Daniel Schömer)
- Project Settings CI/CD Variables header expands/collapses on click / tap. !55230 (Daniel Schömer)
- Project Settings Repository Protected tags header expands/collapses on click / tap. !55231 (Daniel Schömer)
- Project Settings Repository Cleanup header expands/collapses on click / tap. !55232 (Daniel Schömer)
- Project Settings Repository Deploy tokens header expands/collapses on click / tap. !55233 (Daniel Schömer)
- Project Settings Repository Deploy keys header expands/collapses on click / tap. !55234 (Daniel Schömer)
- Collapse deployments in merge request if many. !55239
- Move to btn-confirm from btn-success in abuse_reports folder. !55262 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin application_settings directory. !55263 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/appearances directory. !55264 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/applications directory. !55265 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/broadcast_messages directory. !55266 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/deploy_keys directory. !55267 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/groups directory. !55268 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/hooks directory. !55272 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/labels directory. !55273 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/projects directory. !55274 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/serverless directory. !55275 (Yogi (@yo))
- Move to btn-confirm from btn-success in admin/users directory. !55276 (Yogi (@yo))
- Move to btn-confirm from btn-success in views/doorkeeper directory. !55277 (Yogi (@yo))
- Move to btn-confirm from btn-success in groups/milestones directory. !55278 (Yogi (@yo))
- Move to btn-confirm from btn-success in groups/settings directory. !55281 (Yogi (@yo))
- Move to btn-confirm from btn-success in groups directory. !55282 (Yogi (@yo))
- Move to btn-confirm from btn-success in views/import directory. !55291 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/access_token directory. !55298 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/deploy_keys directory. !55299 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/deploy_tokens directory. !55300 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/gitpod directory. !55301 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/groups directory. !55302 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/issuable directory. !55303 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/labels directory. !55304 (Yogi (@yo))
- Bump swagger-ui-dist to 3.44.1. !55310 (Roger Meier)
- Move from btn-success to btn-confirm in shared/members directory. !55315 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared/wikis directory. !55316 (Yogi (@yo))
- Move from btn-success to btn-confirm in shared directory. !55317 (Yogi (@yo))
- Remove suggestions custom commit feature flag. !55344
- Use policies for group access rights as admin. !55349 (Diego Louzán)
- Increase contrast of Solarized Light in Web IDE. !55361
- Enable `trace_memory_allocations` by default. !55369
- Expose project access token value with create API. !55408
- Allow alert to link to incidents. !55426
- Send notifications to subscribers when merge request draft status removed. !55444
- Show number of files in snippet lists. !55452
- Use CodeQuality packaged with CodeClimate 0.85.23 by default in CI template. !55508
- Simplify notifications dropdown. !55522
- Improve Marginalia comments for API. !55564
- Clarify epic delete warning. !55574
- Exclude duplicates from emails on push recipients. !55588
- Move IDE routes to Rails. !55597
- Update cluster agent tokens with null names. !55673
- Expand nested stopped environments. !55676
- Add fields to BulkImports::Tracker for concurrent work. !55686
- Move to confirm variant from success in 2fa codes component. !55729 (Yogi (@yo))
- Move to confirm variant from success in badges component. !55730 (Yogi (@yo))
- Add Gradle instructions and instruction selector to package details. !55738
- Update text for email config under Incidents in Settings > Operations. !55753
- Display suite errors on test summary page. !55770
- Alert integrations UX cleanup. !55786
- Remove project_transactionless_destroy feature flag. !55795
- Update code owner approval tooltip message. !55842
- Sort milestones within autocomplete dropdown. !55850
- Adjust debug button icon size in job detail page. !55886
- Link fields to types in GraphQL reference documentation. !55901
- Remove `vue_project_members_list` feature flag. !55902
- Public generic packages can now be accessed by developer, guest and anonymous users. !55978 (Mathieu Parent)
- Port essential database metrics to Sidekiq. !56005
- Add API Fuzzing to Security Configuration page, and re-order scanners. !56022
- Add last_used_at field to cluster agent token. !56023
- Change the default batch_class_name for batched_background_migrations to the unqualified class name. !56036
- Improve styling of user access role badges. !56061
- Temporary make `GC.compact` no-op. !56079
- Move to btn-default and selected class in toggle comment button. !56090 (Yogi (@yo))
- Apply new GitLab UI for buttons in GitLab Import page. !56095 (Yogi (@yo))
- Apply new GitLab UI for buttons on GitHub Import page. !56096 (Yogi (@yo))
- Move to confirm variant from success in environments directory. !56203 (Yogi (@yo))
- Move from btn-success to btn-confirm in clusters directory. !56205 (Yogi (@yo))
- Remove security & compliance config page feature flag. !56219
- Display in progress for pipeline duration cell when pipeline has not finished running. !56266
- Add project_id to pipeline api. !56339
- Move from btn-success to btn-confirm in milestones directory. !56342 (Yogi (@yo))
- Move from btn-success to btn-confirm in mirrors directory. !56343 (Yogi (@yo))
- Move from btn-success to btn-confirm in pages directory. !56348 (Yogi (@yo))
- Move from btn-success to btn-confirm in pages_domains directory. !56349 (Yogi (@yo))
- Consume check if user is bot from Users API. !56362
- Hide archived projects from group boards project select dropdown. !56452
- Update mailroom to v0.0.9. !56592

### Performance (32 changes)

- Limit Project Authorizations refresh for shared groups only to direct members of the group being shared with. !51869
- Remove unneeded transitions on MR for mark_as_unchecked event. !53537
- Preload certain data used in the updating of a merge request. !53802
- Enable codequality report comparison with backend. !54241
- Add preload attribute to markdown videos. !54350
- Improve pull mirroring performance. !54353
- Remove coverage_data_new_finder feature flag. !54486
- Improve performance of builds queuing by introducing a limit on the queue depth. !54579
- Added composite index to epic_issues table and improved performance of loading bigger epic roadmaps. !54677
- Consider only distinct user ids for project authorizations refresh jobs for group members. !54697
- Improve performance of validations when a group has a lot of runners. !54774
- Hardened "add" arithmetic for usage data. !54794
- Harden added metrics. !54805
- Cache /search/count requests in the browser. !55036
- Use recursive approach to query all projects for a namespace. !55043
- Fix N+1s related to per-build metadata lookups. !55053
- Fetch build one-by-one. !55194
- Improve build contention. !55202
- Move branch deletion on merge to async worker. !55390
- Improve performance of manual pipeline form by limiting the refs loaded on page load. !55394
- Fix N+1 queries in api/v3/repos/:namespace/:project/events endpoint. !55442
- Refactor blame view. !55488
- Reduce queries when ticking runner queue. !55496
- Shortcircuit expensive queries in Runner#can_pick?. !55518
- Preload runner tags for `UpdateBuildQueueService`. !55543
- Batch-load vulnerability findings by UUID. !55642
- Improve a11y of the new project form by marking required fields. !55682
- Reduce DB load when resetting CI minute notifications. !55765
- Remove latest_builds_report_results preloading in pipeline serializer. !56181
- Optimize branch commit resolution. !56204
- Use `Namespace#all_projects` for NPM package finder. !56415
- Project sharing to use specialized worker to calculate project authorizations. !56606

### Added (91 changes, 11 of them are from the community)

- Add setting to control merge when pipeline succeeds notification. !37880 (Ravishankar)
- Adds Request CVE ID button to issue sidebar. !41203
- convert to GlTabs in app/assets/javascripts/ide/components/repo_tabs.vue. !42162 (Brandon Everett)
- Add invite_email Quick Action. !49264 (Lee Tickett)
- Add API endpoint for fetching a single job by CI_JOB_TOKEN. !51727 (ahmet2mir)
- Add API endpoint for deleting stale review envs. !52224
- Add active period columns to on-call rotations. !52998
- Add user preference to turn off selected text keystroke formatting. !53079
- Display success message after successfully adding a namespace in Jira Connect. !53332
- Add groups endpoint for Projects API. !53642
- Add suppport for an end time on on-call rotations. !53675
- Replace scss with stylelint in documentation. !53700
- Add composer cache rake task. !53772
- Limit the payload size of Sidekiq jobs before scheduling. !53829
- Expose `failure_reasons` in `Build#features`. !53964
- Create ExternalApprovalRule table and associations. !54002
- Jira Connect app: add ability to select namespace from list of available namespaces. !54037
- Expose container_registry_image_prefix to project API. !54090 (Mathieu Parent)
- Default confidentiality of replies. !54122 (Lee Tickett @leetickett)
- Add environment to custom CI_JOB_JWT claims. !54168
- Make `to` in the changelog API optional. !54229
- Add API endpoint /application/plan_limits for package file size limits. !54232 (Jonas Wälter @wwwjon)
- Add pagination of file diffs when viewing a large commit. !54236
- Add internal and external URL config for KAS. !54260
- Add Azure ActiveDirectory v2 OmniAuth provider. !54265
- Add application setting for enabling in-product marketing emails. !54324
- Enable customize homepage banner by default. !54357
- Expose epic board list collapsed value via GraphQL. !54541
- Implement passing trigger payload into pipeline variable. !54544
- Support "view_diffs_file_by_file" param in the Users create and update API. !54595
- Add GraphQL mutation to create release asset link. !54605
- Create tables to track auto-batched background migrations. !54628
- Create system note on alert when its auto-resolved via alert integration. !54645
- Add package list to group graphql type. !54672
- Add Import options to projects and groups dropdown. !54749
- Add mutation to accept merge requests. !54758
- Add Operating System details to usage ping. !54778
- Add is_removed column on Oncall Participant model. !54779
- Add reviewers detail to new merge request email. !54781
- Add wiki_size and storage_size to NamespaceStatistics. !54786
- Add branch_name to dast_profiles table. !54891
- Support composer v2 metadata-url. !54906
- Bump auto-deploy-image tag in Deploy.latest.gitlab-ci.yml to v2.6.0, which includes changes to ciliumnetworkpolicies. !54983
- Add CI_JOB_STARTED_AT and CI_PIPELINE_CREATED_AT variables. !54989 (Vincent Firmin @winkies)
- Add styling to de-emphasize nested test reports in merge requests. !55001
- Display parsing errors in test reports MR widget. !55037
- Add user callouts to GraphQL. !55099
- Add 'Followed User Activity' as dashboard user choices. !55165 (Benj Fassbind @randombenj)
- Improve Vulnerability Tracking: Store Fingerprints. !55173
- Cleanup invite_members_version_a experiment. !55178
- Incident management: add issue state to alerts table. !55185
- Document propagate_correlation_id configuration for GitLab Pages. !55205 (Ercan Ucan @ercan.ucan)
- Add Allow force push option to Protected branches. !55261 (Mycroft Kang @TaehyeokKang)
- Add a background migration to copy projects.container_registry_enabled to project_features.container_registry_access_level. !55327
- Add trigger support for matrix jobs. !55348
- Add more explanation about the presented data and show the last updated time on the DevOps Score page. !55357
- Query group projects by ids with GraphQL. !55383
- Allow users to work on non-default branch in pipeline editor. !55413
- Add reviewers detail to merge when pipeline succeeds email. !55463
- Implement needs:job:optional for CI pipelines. !55468
- Add tier column to the environments table. !55471
- Add DORA daily metrics modeling. !55473
- Add setting to control Rails.application.config.hosts. !55491
- Ignore reverted commits when generating changelogs. !55537
- Add reviewers detail to merge request unmergeable email. !55582
- Add reviewers detail to merge request status email. !55584
- Add reviewers detail to merged merge request email. !55589
- Add reviewers detail to text version of closed merge request email. !55594
- Add client_id to application context. !55683
- Allow release to be created on existing tag through the UI. !55697
- Add index for pages migration. !55757
- Remove improved_merge_diff_highlighting feature flag. !55771
- Usage ping: Histogram for enabled integrations per project. !55782
- Add Pages cache configuration settings. !55812
- Add package and quickaction metrics to Metrics Dictionary. !55846
- Enable serving GitLab Pages sites migrated to zip storage. !55847
- Log large multipart messages from Rack. !55933
- Add update GraphQL mutation for Oncall Rotations. !55955
- Cache open issues count in group sidebar. !55968
- Add the ability to cherry pick accross forks. !55970
- Migrate group milestones when using Bulk Import. !55981
- Introduce `info` column for the `security_scans` table. !55983
- Support environment deployment tier. !56081
- Add Prometheus metrics for ActionCable subscription events. !56157
- Add reviewers detail to new mention in merge request email. !56184
- Add more settings to group MR approval settings. !56215
- Automatically retarget merge requests upon merge (default on). !56233
- Add section headers for the test report widget on the merge request page. !56252
- Add GraphQL mutation to update existing release asset link. !56265
- Upgrade Pages to v1.36.0. !56295
- Add plan limit for Terraform Module package file size. !56414

### Other (74 changes, 9 of them are from the community)

- Add a confirmation prompt to lock and unlock path locks. !44849
- Recalculate UUID for all Vulnerability::Findings. !47529
- Use Created instead of opened when describing issue creation. !49478
- Removes collect_package_events_redis feature flag. !49897
- Fix a crash when logging in using SAML for the first time when sign-ups are disabled. !50216
- Add iterations_cadences table and respective model. !50707
- Migrated Bootstrap dropdown to GitLab UI GlDropdown used for comment submit button. !50933
- Rename indexes to remove inconsistencies. !51011
- Notify issue email participants instead of external author. !51023 (Lee Tickett @leetickett)
- Remove usage_data_i_source_code_code_intelligence flag. !51765
- Apply GitLab UI button styles to buttons in ee/app/views/subscriptions/groups directory. !51784 (Yogi (@yo))
- Updated UI text to match style guidelines. !53179
- Update the Sign In button to use the new confirm button variant, migrate OAuth buttons to use the default variant of GlButton. !53254
- Apply new GitLab UI for button is project settings/repository page. !53346 (Yogi (@yo))
- Add btn-default class for edit buttons in admin projects and groups. !53453
- Add btn-default for cancel button in issueable form. !53458 (Yogi (@yo))
- Set MobSF version to 3.2.9 in SAST template. !53545
- Move add reaction button of note to gl-button. !53565 (Yogi (@yo))
- Improve Service Desk empty states. !54006
- Spell "npm" with lowercase letters in Package Registry UI. !54163 (Simon Stieger @sim0)
- Replace import/export CSV modal with Vue component. !54214
- Add quick action data to usage ping. !54293
- Add documentation for graphQL queries. !54302
- Add NOT NULL constraint to gitlab_subscriptions namespace_id. !54319
- Update accessibility of the "Reply to discussion" UX. !54380
- Remove temporary index on issues. !54387 (Lee Tickett @leetickett)
- Add Vue notifications dropdown component. !54422
- Move wiki helper alert to Vue. !54517
- Composer cache update worker. !54551
- Fix setting default cadences migration. !54598
- Update protected branches buttons to pajamas style. !54612
- Dry up notes build service spec. !54632 (Lee Tickett @leetickett)
- Updating general Chef .gitlab-ci.yml template. !54676
- Enable `nakayoshi_fork` by default. !54688
- Remove backup_labels table. !54856
- Update GitLab Runner Helm Chart to 0.26.0. !54863
- Add notification templates for merge request draft/WIP status change events. !54870
- Remove pipeline editor feature flag. !54971
- Remove graphql_logging feature flag. !54984
- Add tracking to merge request time estimate/spent changes. !55046
- Track usage pings when MR gets locked/unlocked. !55069
- Deemphasize comment and close button. !55075
- Log Optimistic Locks with retries. !55187
- Add environment_scope column to ci_group_variables. !55256
- Align heading style with subheadings in markdown. !55284
- Restore accidental changes to structure.sql. !55352
- Show API errors when a command-only comment fails. !55457
- Remove dashboard_pipeline_status feature flag. !55472
- Add tracking to merge request labels/milestone changes. !55484
- Add tracking to merge request assignees/reviewers changes. !55486
- Remove unique index and add composite key index to Security Orchestration. !55521
- Fix Sidekiq system check for cluster mode. !55530 (Horst Prote)
- Rename vulnerability fingerprints indexes. !55552
- Refactor docs and UI for embedding Grafana panels. !55567
- Remove the optimized_merge_request_count_with_merged_at_filter feature flag. !55600
- Add histogram for optimistic lock retries. !55614
- Replace Bootstrap popover with GitLab UI popover for merge conflict. !55652
- Use more common help icon in security report MR widget. !55741
- Schedule removal of duplicate Findings. !55749
- Update spacing between Notifications dropdown, New Subgroup button, and New Project buttons while using the new confirm variant instead of the deprecated success variant for the New Project button. Better left alignment of Notifications dropdown at smaller breakpoints. variant. !55819
- Update buttons on a job page to conform to the Pajamas design system. !55858
- Add web_hook_logs partitioning migration. !55938
- Updating usage dictionary generator. !55956
- Reorder user profile actions and use the confirm variant for the follow button. !55999
- Link to the merge request in its creation email notification. !56064
- Update UI text to CI/CD from CI / CD. !56070
- Harden Prometheus client usage data wrapper. !56210
- Update Pages template examples to default branch. !56298
- Update CI template examples to default branch. !56301
- Update templates to refer to default branch. !56304
- Remove bottom border from header. !56315
- Remove merge_request_rebase_nowait_lock flag. !56406
- Update mobsf version in the SAST template. !56413
- Convert mattermost alert to pajamas. !56556


1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
## 13.9.6 (2021-04-13)

### Security (2 changes)

- Clean only legitimate JPG and TIFF files.
- Update ruby-saml and rexml gems.


## 13.9.5 (2021-03-31)

### Security (6 changes)

- Leave pool repository on fork unlinking.
- Fixed XSS in merge requests sidebar.
- Fix arbitrary read/write in AsciiDoctor and Kroki gems.
- Prevent infinite loop when checking if collaboration is allowed.
- Disable arbitrary URI and file reads in JSON validator.
- Require POST request to trigger system hooks.

### Removed (1 change)

- Make HipChat project service do nothing. !57434

### Other (3 changes)

- Remove direct mimemagic dependency. !57387
- Refactor MimeMagic calls to new MimeType class. !57421
- Switch to using a fake mimemagic gem. !57443


## 13.9.4 (2021-03-17)

### Security (1 change)

- Patch Kramdown syntax highlighter gem.


1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
## 13.9.3 (2021-03-08)

### Fixed (4 changes)

- Upgrade gitlab-shell to v13.17.0. !55295
- Update Kroki to fix Wavedrom graphs. !55659
- Fix disabling of Kroki optional formats. !55665
- Rename asset_proxy_allowlist column. !55884


1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
## 13.9.2 (2021-03-04)

### Security (6 changes)

- Bump thrift gem to 0.14.0.
- Allow only owners to manage group variables.
- Do not store marshalled sessions ids in Redis.
- Fix XSS in wiki author email and name.
- Workhorse: prevent escaped router path traversal.
- Fix XSS vulnerability for swagger file viewer.


1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
## 13.9.1 (2021-02-23)

### Fixed (6 changes, 1 of them is from the community)

- Send SIGINT instead of SIGQUIT to puma. !54446 (Jörg Behrmann @behrmann)
- Reset description template names cache key to reload an updated templates structure. !54614
- Restore missing horizontal scrollbar on issue boards. !54634
- Fix keep latest artifacts checkbox being always disabled. !54669
- Fix Metric tab not showing up on operations page. !54736
- Fix S3 object storage failing when endpoint is not specified. !54868

### Changed (1 change)

- Updates authorization for linting endpoint. !54492

### Performance (1 change)

- Fix N+1 SQL regression in exporting issues to CSV. !54287

### Other (1 change)

- Fix creating the idx_on_issues_where_service_desk_reply_to_is_not_null index before the post migration. !54346

Felipe Artur's avatar
Felipe Artur committed
1545

1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
## 13.9.0 (2021-02-22)

### Security (1 change)

- Add token_with_iv table.

### Removed (4 changes)

- Remove implicit FF check on `Featurable`. !52223
- Remove merge_request_reviewers feature flag. !52468
- Removed unused Text dropdown. !53464
- Remove legacy alerts service data and table. !53534

### Fixed (131 changes, 29 of them are from the community)

- Allow to retrieve all jobs for a given pipeline. !48589 (Alexander Kutelev)
- Include submodule information for files in diff metadata. !50346 (Simon Stieger @sim0)
- Fix "Stay on Page" alert showing in empty snippet. !50400 (Kev @KevSlashNull)
- Add css to fix fluid layout for index file. !50626
- Make System OAuth app index table responsive and externalize text. !50979 (Kev @KevSlashNull)
- Prevent long variable names from overflowing the popover in CI/CD settings. !51018 (Kev @KevSlashNull)
- Fix long CI variable name overflows on origin. !51021 (Kev @KevSlashNull)
- Fix breadcrumb dropdown on mobile being too narrow. !51092 (Kev @KevSlashNull)
- Show correct ref name in code coverage statistics header. !51385 (Andreas Schmidt)
- Change Jira Connect update sequence id to use Unix Time. !51697
- Fix batch query issue when primary key is -1. !51716
- Allow versionless maven-metadata.xml file duplicates even when maven duplicates are disabled. !51758
- Fix comment form dropdown check alignment. !51787 (Lee Tickett @leetickett)
- Schedule artifact expiry date backfill background jobs. !51822
- Fix alignment and font issues in project operations settings page. !51825 (Yogi (@yo))
- Fix broken testsuite link if the suite contains a dot. !51828 (Michael Aigner @tonka3000)
- Move Social connect button to new GitLab UI. !51835 (Yogi (@yo))
- Fix border bottom color collapsed replies. !51871 (Yogi (@yo))
- Fix alignment of chevron-down icon in toggle replies. !51872 (Yogi (@yo))
- Remove container_class in project activity which removes extra padding. !51878 (Yogi (@yo))
- Add btn-default to MR edit button. !51879 (Yogi (@yo))
- Remove duplicates from related_commit_sha query. !51888
- Add btn-default class to button in project breadcrumb. !51910 (Yogi (@yo))
- Fix top border-radius of the login box. !51950 (Yogi (@yo))
- Improve duplication validation on Release Links. !51951
- Update Project/Group Exporter temp folder cleanup. !51969
- Migrate incorrect value stream group stage records. !51975
- Fixed notes polling incorrectly overwriting suggestions in the DOM. !51988
- Global Search - Project Filter sets Group. !52015
- Fix Y axis units of pipeline charts when values are small. !52024
- Apply new GitLab UI for report abuse button. !52049 (Yogi (@yo))
- Fix gitlab:cleanup:orphan_job_artifact_files rake task limit. !52056
- Remove extra border-top on pipeline quota in the settings page. !52059 (Yogi (@yo))
- Disable board configuration options for users without edit permission. !52077
- Fixed merge requests locked status not showing. !52078
- Fix reply box border on diffs. !52084
- Fixed sdiff suggestions not working when replying to comments. !52100
- Allow multiple comments on diff lines in inline view. !52111
- Breaking change: Prevent mutual recursion in GraphQL Package. !52131
- Update hamlit to v2.14.2. !52177
- Fix pipeline and stage show success without considering bridge status. !52192 (Cong Chen @gentcys)
- Update GitLab Workhorse to v8.61.0. !52195
- Scope milestones on swimlane boards to project and its ancestors. !52199
- Fixes GraphQl merge request types commits count. !52218
- Fix URL in JiraConnect feature flag serializer. !52221
- Allow user SSH public key endpoint to be publicly accessible again. !52227
- Update max number of NuGet packages returned. !52265
- Fix bug branch change with line selected. !52285
- Resolve User cannot merge an issue. !52311
- Fix Net::HTTP proxy encoding username and password. !52368
- Correct the egress 'deny all' policy preview from Allow to Deny. !52370
- Missing action prop on group page. !52379
- Improve search filter by taking space in file path into account. !52392
- Remove space next to the icon in email button on admin/users page. !52451 (Yogi (@yo))
- Fix assignee avatar alignment in edit board modal. !52453 (Yogi (@yo))
- Remove extra margin below tab on project template page. !52454 (Yogi (@yo))
- Fix retry option does not work in Merge Trains. !52463
- Fix action button alignment for application inside the table in oauth/applications. !52465 (Yogi (@yo))
- Fix viewing blobs for broken MRs. !52483
- Fix bug in personal snippet thread discussions. !52490
- Fix exclude path for backup rsync command. !52503
- Make CI Icon in merge request pipeline detail consistent with other widget icons. !52516
- Make text on Repository Cleanup page translatable. !52529
- Fix charts sometimes being hidden on milestone page. !52552
- Fix diff discussions rendering on the wrong side. !52579
- Add tooltips to requirement import and export buttons. !52582 (Kev @KevSlashNull)
- Allow dots in label names through REST API. !52591
- Fix tooltip when drag comment selection is enabled. !52595
- Allow Environment Scopes to Wrap on Feature Flags Table. !52617
- Allow cross-origin requests on /oauth/token. !52641
- Show more appropriate error message when merging fails. !52671
- Handle IPv6 hostname in ExternalHTTP instrumenter. !52691
- Remove MR List counts if they cannot be generated. !52698
- API: do not mangle dots when creating project with a name. !52725
- Fix size of group member user status emoji. !52730
- Fix bad request error when applying suggestions. !52735
- Update the database when moving repos between identical storages. !52743
- Don't expose project existence by redirecting from its .git URL. !52818
- Fill default commit message values in the placeholder instead of showing the variable slugs. !52851
- Make LifecycleEvents exceptions to be fatal. !52881
- BulkImports: avoid infinity recursion on group migration. !52931
- Fix to show auditor badging in admin user view. !52943
- Fix empty pipeline analytics charts when time_zone is non-UTC. !52971
- Fix fullscreen mode not working for comments in merge request changes view. !53009 (Simon Stieger @sim0)
- Fix formatting of "to do" in alert sidebar and error. !53037
- Change to-do formatting in Design error messages and sidebar. !53040
- Fix opensearch for anonymous users. !53056
- Allow HEAD requests for read_api and read_user scope tokens. !53088
- Adjust job report artifacts downloads to handle multiple types. !53141
- Fixed discussions on merge request commits not showing. !53143
- Send only latest jobs in pipeline webhook payload. !53159
- Fix snippet repository storage move API when snippet does not exist. !53211
- Use user-provided timestamp when updating issue and merge request milestones, iterations, and weights using the API. !53237
- Switch to correct localization function that strips namespaces. !53244
- Fix welcome page alignment on CE. !53265
- Fixes broken password reset link in account deletion message. !53274
- Support multi-line string variable values when running a manual pipeline in the UI. !53292
- Support fog-aws host options for Workhorse S3 client. !53326
- Vertically centre CI icons on pipeline page. !53427
- gitaly: Fix access checks with transactions and quarantine environments. !53449
- Back Button now switches to last active analytics tab. !53495
- Conditionally render test case file. !53497
- Remove dependency_proxy_manifests records with content_type to prevent Dependency Proxy failures. !53506
- Ensure note is promoted to discussion within reply create transaction. !53542
- Allow users to fork to a group when their personal namespace is full. !53632
- Fix some image diff URLs with special characters causing the diff to not show. !53638
- Adds only_group_labels and include_ancestor_labels and include_descendant_groups arguments to the project and group labels resolvers respectively. !53639
- Fix misalignment of assignee dropdown checkmark. !53664
- Fix timeouts affecting certain test webhooks. !53676
- Fix missing known usage data event. !53729
- Align note actions icons. !53753 (Claudius Ellsel (@clel))
- Fix left margin of Merge button in FF merge mode. !53756
- Fix spurious not-adjacent error when moving designs. !53771
- Cleanup incorrect data in projects.has_external_wiki. !53790
- Update column 'updated_at' in container after repository storage move. !53821
- Add post migration to backfill projects updated at after repository move. !53845
- Fix Web IDE open MR to show opened files consistently. !53927
- Removed ugly border around ellipsis dropdown Gitlab IDE. !53963 (Shubham Kumar @imskr)
- Fix bug rendering snippet activity. !53993
- Handle severity for generic payloads more gracefully. !53999
- Fix gap in tree table header. !54025
- Move GMA user badging in admin to EE only. !54125
- Fix alignment of 'Rebase in progress' label. !54189
- Fix incorrect breadcrumb path for import groups page. !54211
- Update Sample GitLab Project Template with MR conflicts fix. !54248
- Fix search functionality in Jira issues list. !54312
- Fix force-routing to Gitaly primary with empty hook env. !54317
- Fix pipeline test report not rendering when missing properties. !54363
- Safe guard repo compare when data is undefined. !54371
- Fix unneeded left margin in discussion filter container on mobile. !54379
- Fix overflowing design buttons on mobile. !54381

### Deprecated (1 change)

- Deprecate GitLab-managed (v1) apps that will be removed in 14.0. !54162

### Changed (107 changes, 16 of them are from the community)

- Migrate button to gitlab ui in note form. !42221
- Escaped markdown should not be interpreted as shortcuts. !45922
- Display the user busy status in the MR sidebar. !47769
- Move integration inheritance override dropdown above grid layout. !49325
- Code extraction - refactoring of MR services classes. !49827
- Create new assignees widget for boards. !50054
- Update the HEX values and names of the color options for labels. !50393
- Rename asset_proxy_whitelist column on application_settings. !50824
- Prevent creating duplicate pipelines manually. !51076 (Kev @KevSlashNull)
- Render WebP attachments as image by default. !51088 (Kev @KevSlashNull)
- Add warning message for GitLab group migration. !51214
- Display Terraform list errors to user. !51397
- Global Search - UX Cleanup of Search Bar. !51409
- Display full design name in tooltip. !51421
- Change the project avatar preview into a rectangle. !51511 (Austin Regnery)
- Add 'tags' field to runners in job/pipeline webhook payloads. !51633
- Move to CE: mutation to create MR for SAST Configuration. !51634
- Add converted_at(timestamp) & context(jsonb) columns to the experiment_subjects table. !51659
- Link to more helpful docs from alert management pages. !51665
- Move Cohorts page to Overiew-Users. !51707
- Web IDE shows alert and disable buttons when user cannot push code. !51710
- Add entity columns to vulnerability occurrences. !51739
- Add PostgreSQL trigger to maintain projects.has_external_issue_tracker. !51852
- Reduce vertical padding of registry list item. !51961
- Update Workhorse to v8.60.0. !51965
- Track exceptions when using Bulk Import. !52011
- Remove redundant text in Terraform Widget. !52013
- Add "What's new" item to the help dropdown. !52020
- Change UI text for failed pipeline on an MR. !52023
- Remove group owner data from webhooks. !52071
- Move btn-primary to btn-confirm class as a part of Pajamas migration. !52090 (Yogi (@yo))
- Add name validation to Terraform state. !52102
- Change error message for user approval error. !52103
- Admin dashboard basic stats redesign. !52176 (Yogi (@yo))
- Drop repository_read_only column from namespaces table. !52181
- Update styling of validation messages in New Feature Flag form. !52217
- Add callout disabling feature to cleanup policy alert. !52327
- Add pagination and filtering to htoup imports. !52340
- BulkImports: Add pipeline step to the failures log. !52345
- Improve accessibility of gray color CI status icons. !52356
- Global Search - UX Refresh for Sort Button. !52387
- Add 404 state to container registry details page. !52466
- Monitor RackAttack redis usage and enrich auth structured logs. !52471
- Remove compare switch revision button. !52547
- Improve merge failed error. !52555
- Add unique index on services project_id and type. !52563
- Clean up uniqueness validations for service type. !52565
- Redesign the search UI for the package list. !52575
- Fix margins in social connect button on account settings. !52581 (Yogi (@yo))
- Move the sub-section to gl-card in advanced search settings in admin. !52585 (Yogi (@yo))
- Update styles for terraform MR widget. !52627
- Bypass admin mode for internal api operations (ssh git & http rails). !52697 (Diego Louzán)
- Increase the complexity score of GraphQL detailedStatus#label as it can call Gitaly. !52708
- Migrate toggle button in subscription to GitLab UI component. !52717
- Migrate feature flags page toggles to GlToggle. !52728
- Migrate project settings to use GlToggle. !52729
- Run pipeline_schedule_worker at every 10th minute from 3 through 59. !52756 (Ben Bodenmiller (@bbodenmiller))
- Use realtime_changes endpoint for reporting group import status. !52796
- Add content_type column to dependency_proxy_manifests. !52805
- Replace erase job alert background color with color consistent with UI. !52810
- Fix protected branches/tags border. !52816
- Update download button size to sm from xs and add btn-default. !52867 (Yogi (@yo))
- Change DevopsAdoption feature to work with single group only. !52871
- Refactored admin user table headers. !52891 (Shubham Kumar (@imskr))
- Show helper link on a new line in GPG status popover. !52894 (Yogi (@yo))
- Fix bug, where the download email patches and plain diffs links did not download from the commit page. !52899 (Yogi (@yo))
- Update code quality template to use 0.85.22. !52913
- Remove ci_live_trace_use_fog_attributes feature flag. !52939
- Only Display One Chart at a Time. !52952
- Unwrap Sidekiq exceptions and jobs in the structured logs and metrics. !53006
- GraphQL: Add mergedYaml to CiConfigResolver response. !53081
- Add runner instructions modal in the CI/CD settings section. !53087
- Align action buttons in jobs page. Reduce icon buttons width in jobs, artifacts and environment pages. !53155
- Change the badge design in the jobs page. !53168
- Improve user dropdown items. !53175
- Update Rugged to v1.0.1. !53212
- Introduce automatic class path correction in Cobertura parser. !53236
- Sort milestone dropdown items by due date. !53242
- Change pipeline empty state language. !53281
- Stop notifying users of acknowledged alerts and stop changing the status of acknowledged Prometheus alerts to Triggered. !53330
- Enable suggestions custom commit message feature flag by default. !53342
- Redesign SSH keys list. !53351 (Yogi (@yo))
- Track YAML-less Auto DevOps inclusions separately. !53383
- Add sort argument to container_repositories graphql resolver. !53404
- Update Ruby detection rules for SAST. !53414
- Add loading display to Terraform lock action. !53475
- Search: Add Sort by Last Updated to Issue/MR. !53589
- Replace bootstrap modal in issuable_by_email HAML template. !53599
- Change UI text for 2FA setup. !53677
- Align and reorder boards search bar buttons. !53690
- Skip new note notifications when author is deleted. !53699
- Add release tooltip for guest users. !53722 (Jonas Wälter @wwwjon)
- Accept deeply nested arrays for CI script keyword. !53737
- Reset CI minutes only for namespaces that used minutes. !53740
- Update Sample GitLab Project Template to be clearer and adjust prominent placement. !53750
- Update blob page buttons to gitlab-ui pajamas styles. !53775
- Highlight board lists when they are added. !53779
- Add sort to container registry list page. !53820
- Filter deployments by finished_at in Value Stream Analytics. !53861
- Display loading when removing Terraform state. !53897
- Improve project members management, filtering, and sorting. !53935
- Add updated_at output to search results. !53958
- Prepend the Marginalia comment in SQL query. !54015
- Add OpenID SSO icon. !54026
- Select the newest records for webhook test payloads. !54030
- Upgrade Asciidoctor to 2.0.12. !54121 (Guillaume Grossetie)
- Remove position sticky polyfill. !54299

### Performance (14 changes)

- Add database index to improve performance of usage ping metrics calculation. !48671
- Add indexes for onboarding progress table. !50679
- Support batch loading of merge head diffs. !51078
- Extend index on ci_builds_metadata. !52123
- Improve the performance of merge request and issue search by label(s). !52495
- Project creation to use specialized worker to calculate project authorizations. !52719
- Paginate single commit view. !52819
- Introduce a rendering limit for commit titles. !52904
- Add index to incident management oncall shifts table. !52961
- Lower allocations in _collapsed partial. !53233
- Memoize the fork suggestion button partial. !53256
- Optimized loading of descendant group labels. !53356
- Use Gitaly keyset pagination to optimize branches page. !53409
- Speed up update merge request worker by memoizing whether a push is a force or not. !53536

### Added (107 changes, 15 of them are from the community)

- Add tag_list attribute to the JSON output for Jobs API. !44859 (Alon Liszt)
- Add follow each other model, API and UI(profile, activity view). !45451 (Roger Meier)
- Add Banzai filter for CustomEmoji. !47122 (Rajendra Kadam)
- Deployments::CreateService executions are idempotent for duplicate params. !47610
- Populate and migrate issue_email_participants. !48711 (Lee Tickett @leetickett)
- Enable local file reviews (marking files as viewed) by default and add documentation for that feature. !48976
- Add finder for getting commits with a trailer set. !49243
- Enable/disable additional diagram formats on Kroki. !49304 (Guillaume Grossetie)
- Allow opening projects with VS Code. !49460 (Kev @KevSlashNull)
- Allow users to re-request a review from a reviewer. !50068
- Add job to persist On-call shifts. !50239
- Improve visibility of time spent with external HTTP calls. !50696
- Add rake task to migrate Terraform states to object storage. !50740
- Map common severity values from a Prometheus alert payload. !50871
- Add keep latest artifact option for instances. !50889
- Add GraphQL query for single Terraform state. !51145
- Move "number of changed files" into Web IDE sidebar badge. !51166 (Kev @KevSlashNull)
- Allow reviewers to be updated via MergeRequest API. !51186
- Instrument CI parsers. !51241
- Add a commit message parameter for the suggestion endpoints. !51245
- Add dast_profiles database table. !51296
- Editor Lite: support for Diff Instance. !51470
- Populate the `uuid` attributes of the `security_findings` records and the `finding_uuid` attribute of the related `vulnerability_feedback` records. !51472
- Add the Manage::Import total GMAU metric. !51496
- Mark files as reviewed locally. !51513
- Sync pipeline builds to Jira. !51627
- Send deployment information to Jira. !51629
- Database migration for compliance pipeline configuration location. !51663
- Debian Group and Project Distribution Components. !51732 (Mathieu Parent)
- Add a /request_review alias for /assign_reviewer. !51751
- Log user approval/rejection in application logs. !51768
- Enable synchronization of feature flags to Jira. !51796
- Create Groups::RepositoryStorageMove table. !51803
- Keyboard shortcut for switching to GitLab next (Canary). !51834 (Yogi (@yo))
- Add On-call Rotations destroy mutation to GraphQL. !51860
- Add enforced SSH key expiration. !51921
- Pass dependency proxy credentials to runners to log in automatically. !51927
- Add captcha-related fields to snippet GraphQL mutations. !51956
- Support setting more attributes when forking a project. !51962
- Add delete functionality to the Image Repository detail view. !51980
- Expose if user is a bot in the REST api. !52003
- Add chat notification label support. !52105
- Support Project variables in `include` section of `gitlab-ci.yml`. !52108
- Add API for generating Markdown changelogs. !52116
- Add Jira proxy settings columns. !52119
- Project access token management via API. !52139
- BulkImports: Import Group Labels. !52260
- Add repository_read_only column to NamespaceSettings table. !52300
- Use a custom Ruby patch to instrument memory usage. !52306
- Added ability to re-request a review from a reviewer. !52321
- Add rake task to reset user password. !52347
- Track monthly active users for QuickActions. !52398
- Add `patch_hard_limit_bytes_hit` metric for monitoring diff patch size limit hits. !52456
- Show confirmation dialog when exiting pipeline editor. !52458
- Search across full name for mentions autocomplete. !52488
- Add site landmarks for screen readers. !52514
- Add `security_and_compliance_access_level` column into the `project_features` table. !52551
- Add OpenSearch support. !52583
- Show recent test case failures in the pipeline test report. !52606
- Display epic related events on user activity feed. !52611
- Adds README to OpenAPI docs. !52637 (Jim Cser @jimcser)
- Add rubygems metadata table. !52639
- Add subgroup_events column to web_hooks table. !52648
- Improve Vulnerability Tracking: Add fingerprints table. !52720
- Add git_two_factor_session_expiry column to application_settings table. !52761
- Add auto_delete_at to environments. !52788
- Matomo: Support the disabling of cookies. !52831 (otheus@gmail.com)
- Debian Group and Project Distribution Component Files. !52885 (Mathieu Parent)
- Adds jira issue enforcement field. !52896
- Track CI minutes for namespace on a monthly basis. !52915
- Debian Publications. !52916 (Mathieu Parent)
- Add bot to User GraphQL Type. !52933
- Support setting confidential note attribute in UI. !52949 (Lee Tickett @leetickett)
- Pipeline-level concurrency control with Cross-Project/Parent-Child pipelines. !53007
- Enable housekeeping for project and group wiki repos. !53011
- Add GFM reference format for feature flags. !53021
- BulkImports: Migrate Group Membership. !53083
- Add metrics for merge request approvals and revoking approvals. !53201
- Add empty jobs page with link to editor. !53240
- Add status attribute to packages and ability to set 'hidden' for generic packages. !53385
- Display unload warning if MR edit changed. !53438
- Track CI minutes on a monthly basis at project level. !53460
- Migration to add new Premium and Ultimate plan records. !53465
- Add group_id to ci_daily_build_group_report_result. !53494
- Enable group setting to allow or prevent duplicate Maven uploads. !53591
- Add application rate limit for Notes creation. !53637
- Add link to test case file in pipeline test report. !53650
- Automatically retarget merge requests. !53710
- Add Security Orchestration Policy Configuration. !53743
- Import epic award emojis when using Bulk Import. !53747
- Allow deploy keys to push to a protected branch. !53812
- Add semgrep SAST analyzer. !53815 (Daniel Paul Searles)
- Support Markdown for Feature Flags. !53816
- Add an allowlist to exclude users from the rate limit on notes creation. !53866
- Add user setting for opting into marketing emails. !53921
- Improve highlighting for merge diffs. !53980
- Add created_by_user to cluster agents. !54011
- Make merge-ref base the default comparison mode. !54017
- Add created_by_user to cluster agent tokens. !54019
- Add indicator in admin dashboard if user is group managed. !54027
- Add state events to merge request update mutation. !54133
- Display user busy status in issue sidebar. !54165
- Upgrade GitLab Pages to v1.35.0. !54167
- Add '!reference' YAML tag to help merge CI configurations. !54198
- Schedule user status cleanup after a given time interval via the REST API. !54207
- Add merged Yaml tab feature to Pipeline Editor. !54223
- Added warnings field to the pipelines GraphQL type. !54296

### Other (170 changes, 101 of them are from the community)

- Apply GitLab UI button styles to buttons in app/views/projects/notes directory. !44107 (Lakshit)
- Remove duplicates from vulnerability_occurrences. !49937
- Edited UI copy wording to comply with GitLab style. !50676
- New Shared Partial for SSH Key Deletion. !50825 (Mehul Sharma)
- Update buttons in _hook.html.haml to use GitLab UI. !51065 (nuwe1)
- Adds GitLabUI button styles in _test_button.html.haml. !51070 (nuwe1)
- Adds GitLabUI button styles in deploy tokens _table.html.haml. !51082 (nuwe1)
- Apply GitLab UI styles to buttons in notification directory _new_button.html.haml. !51148 (nuwe1)
- Apply GitLab UI styles to buttons in _comment_button.html.haml. !51152 (nuwe1)
- Adds GitLab UI styles to button in _edit_form.html.haml. !51156 (nuwe1)
- Adds GitLab UI styles to button in _form.html.haml. !51160 (nuwe1)
- Add gl-button to Set up new device button in 2fa settings. !51283 (Yogi (@yo))
- Add `gl-button` to promotion buttons on issue sidebar. !51287 (Yogi (@yo))
- Add gl-button to personal access token page. !51294 (Yogi (@yo))
- Add gl-button to new issues and MR page. !51295 (Yogi (@yo))
- Updated UI text to match style guidelines. !51348
- Add gl-button to nav buttons in the project page. !51427 (Yogi (@yo))
- Add Composer cache classes and table. !51509
- Bump doorkeeper to 5.4.0. !51559
- [Commit Page] Migrate to GlModal for cherry-pick commit. !51650
- Updated UI text to match style guidelines. !51658
- Apply GitLab UI button styles to button in geo. !51777 (Yogi (@yo))
- Apply GitLab UI button styles to button _blank_state_ee_trial. !51778 (Yogi (@yo))
- Apply GitLab UI button styles to buttons in group settings. !51781 (Yogi (@yo))
- Apply GitLab UI button styles to buttons in ee/app/views/users directory. !51783 (Yogi (@yo))
- Improve Performance bar design. !51788 (Yogi (@yo))
- Apply new GitLab UI for buttons in admin settings. !51789 (Yogi (@yo))
- Update empty labels container background color. !51792 (Yogi (@yo))
- Update milestone badge to gl-badge. !51794 (Yogi (@yo))
- Apply GitLab UI for create file button in MR. !51795 (Yogi (@yo))
- Remove huge bottom margin for expand file button. !51802 (Yogi (@yo))
- Apply new GitLab UI for commit browse file button. !51805 (Yogi (@yo))
- Update CI general pipeline settings UI text. !51806
- Apply new GitLab UI style to mirror update button and add space after icon. !51808 (Yogi (@yo))
- Migrate old button classes to our Pajamas style GitLab button in multiple areas. !51826 (Yogi (@yo))
- Update links in Pages settings. !51847
- Update button style for consistency in Settings > Integrations, Mermaid Diagram warning, and No SSH warning. !51864
- Add empty state placeholder for milestones. !51887 (Yogi (@yo))
- Move user action card to new GitLab UI card in admin. !51914 (Yogi (@yo))
- Move email badges to new GitLab UI badges. !51915 (Yogi (@yo))
- Apply GitLab UI to email status badge. !51916 (Yogi (@yo))
- Remove fuzzy search for awards emoji and refactor GFM autocomplete emoji support. !51972 (Ethan Reesor (@firelizzard))
- [MR Page] Migrate to GlModal for revert MR. !52019
- Increase splay of Puma worker restarts. !52079
- Add btn-default class for btn-build buttons. !52093 (Yogi (@yo))
- Update GitLab Runner Helm Chart to 0.25.0. !52095
- Apply new GitLab UI for form inputs project settings page. !52097 (Yogi (@yo))
- When an MR diff is Too Large, highlight it like other collapsed diffs. !52146
- Updated UI text to match style guidelines. !52152
- Remove temp index in oauth_applications table. !52157
- Apply new GitLab UI for input fields in auth screens. !52167 (Yogi (@yo))
- Update doorkeeper to 5.5.0.rc2. !52171
- Remove Avatar from Comment Forms. !52180 (Lee Tickett @leetickett)
- Add gl-button class in relevant places on project html. !52183 (Gary Bell @garybell)
- Track suggestion add/apply metrics. !52189
- Track the number of users who are assigned and get requested for reviews. !52194
- Apply new GitLab UI for badge and button in project's protected branch settings. !52207 (Yogi (@yo))
- Disable nakayoshi_fork by default in examples. !52209
- Remove graphql_pipeline_header feature flag. !52247
- Updated UI text to match style guidelines. !52267
- Update bundler-audit gem to 0.7.0.1. !52269
- Update default_value_for gem to 3.4.0. !52271
- Convert deploy token button to pajamas. !52277
- Updated UI text to match style guidelines. !52284
- Apply new GitLab UI badge for users in the admin page. !52289 (Yogi (@yo))
- Apply new GitLab UI for inputs in admin/users directory. !52290 (Yogi (@yo))
- Fix Add a to do spelling on epics. !52292 (Yogi (@yo))
- Expose user availablility data on issuable pages. !52333
- Convert project runner buttons to pajamas. !52358
- Replace angle-double-left icon with chevron-double-lg-left. !52393
- Apply new GitLab UI for subscribe buttons in issues. !52401 (Yogi (@yo))
- Apply new GitLab UI for inputs in admin/application_settings directory. !52402 (Yogi (@yo))
- Apply new GitLab UI for buttons and card in admin/license. !52408 (Yogi (@yo))
- Apply new GitLab UI for input field in admin/appearance. !52409 (Yogi (@yo))
- Apply new GitLab UI for input field in admin/applications. !52410 (Yogi (@yo))
- Apply new GitLab UI for input field in admin/broadcast_messages. !52411 (Yogi (@yo))
- Apply new GitLab UI for input field in admin/hooks. !52412 (Yogi (@yo))
- Apply new GitLab UI for input field in admin/labels. !52413 (Yogi (@yo))
- Move vulnerability report counts to GlCard. !52416 (Yogi (@yo))
- Bold metricDetailsLabel in the performance bar. !52417 (Yogi (@yo))
- Apply new GitLab UI for input field in user profile settings. !52424 (Yogi (@yo))
- Apply new GitLab UI for input field in user applications. !52425 (Yogi (@yo))
- Apply new GitLab UI for input field in user personal access token settings. !52426 (Yogi (@yo))
- Apply new GitLab UI for input field in user email settings. !52427 (Yogi (@yo))
- Apply new GitLab UI for buttons in blob header. !52429 (Yogi (@yo))
- Add btn-default to settings toggle button in push rules. !52430 (Yogi (@yo))
- Replace OpenSSL constants with strings. !52432 (Takuya Noguchi)
- Fix spacing before toggle subscribe button on labels. !52459 (Yogi (@yo))
- Apply new GitLab UI for input fields in file editor. !52461 (Yogi (@yo))
- Improve variable settings ui text. !52462
- Update starred empty state with new GitLab UI classes. !52467 (Yogi (@yo))
- Track API requests from the the VS Code extension. !52484
- Create constants for bv::show::modal and bv::hide::modal. !52518 (Kev @KevSlashNull)
- Add additional instructions on deleting account on Gitlab.com. !52538
- Remove v-html from mr_widget_pipeline.vue. !52564 (Kev @KevSlashNull)
- Apply new GitLab UI for buttons in 2fa and changed deprecated info to confirm. !52580 (Yogi (@yo))
- Allow new docs badges in UI links. !52651
- Update (?) link to sprite question icon. !52655 (Yogi (@yo))
- Improve overall copy, remove redundant reassurance in the form, and fix empty %p rendered in the DOM of the welcome page. !52660
- Apply new GitLab UI class for U2F try again button. !52759 (Yogi (@yo))
- Update question mark icon while checking pipeline status. !52760 (Yogi (@yo))
- Update table and ellipsis button in performance bar metrics modal. !52762 (Yogi (@yo))
- Replace bootstrap event strings with constants. !52777 (Kev @KevSlashNull)
- Apply new GitLab UI style for todo button in the issuable sidebar. !52779 (Yogi (@yo))
- Apply new GitLab UI for buttons in MR resolve conflicts page. !52783 (Yogi (@yo))
- Review UI text - deploy keys settings. !52830
- Add btn-default class for the download button in graphs page. !52857 (Yogi (@yo))
- Add btn-default class for unlock button in locked files page. !52858 (Yogi (@yo))
- Add btn-default class for history button in the contributors page. !52861 (Yogi (@yo))
- Apply new GitLab UI for buttons in tags page. !52862 (Yogi (@yo))
- Apply new GitLab UI for buttons in the tag edit page. !52863 (Yogi (@yo))
- Apply new GitLab UI for buttons and input in the project graph page. !52864 (Yogi (@yo))
- Add btn-default to buttons in tag action on the single tag page. !52866 (Yogi (@yo))
- Apply new GitLab UI for badges in the project branch list. !52868 (Yogi (@yo))
- Update rspec-* gem versions. !52873
- Review UI text - deploy freezes. !52884
- Apply new GitLab UI for RSS button in commits page. !52900 (Yogi (@yo))
- Add btn-icon class for action buttons in the user profile. !52901 (Yogi (@yo))
- Open CI/CD settings help links in new tab by default. !52948
- Update links to redirected docs. !53004
- Cleanup composer cache pages. !53005
- Re-add migration to fix invalid merge request index. !53042
- Update mermaid.js to v8.9.0. !53123
- Move CleanupMultiprocDirService out of config.ru. !53139
- Apply new GitLab UI for buttons in empty project snippets placeholder. !53157 (Yogi (@yo))
- [MR Page] Migrate to GlModal for Cherry-pick MR. !53169
- Bump cluster applications CI template to v0.40.0. !53183
- Remove inconsistent index in backup_labels table. !53189
- Set projects.has_external_wiki default to null if default value is present. !53216
- Update bullet gem version to 6.1.3. !53217
- Updated UI text to be sentence case. !53323
- Add btn-default class for social buttons in login and signup page. !53347 (Yogi (@yo))
- Apply new GitLab UI for buttons in pipeline page. !53364 (Yogi (@yo))
- Apply new GitLab UI for search in frequent items search. !53368 (Yogi (@yo))
- Apply new GitLab UI for badge in job page sidebar. !53386 (Yogi (@yo))
- Geo - Update Patroni replication docs to automatic recover from a leader change on the primary site. !53424
- Change secondary text color on Gitpod editor dropdown button. !53437
- Apply new GitLab UI for new trial page. !53447 (Yogi (@yo))
- Apply new GitLab UI for buttons in create project page. !53454 (Yogi (@yo))
- Apply new GitLab UI for buttons in connect repo buttons in new project page. !53455
- Apply new GitLab UI for buttons in new group page. !53456 (Yogi (@yo))
- Show bottom tooltip for edit button in user profile. !53459 (Yogi (@yo))
- Add Space before loading icon in toggle todo button. !53463 (Yogi (@yo))
- Apply new GitLab UI for create mr button from issue. !53467 (Yogi (@yo))
- Apply GitLab UI button styles to buttons in gitlab_slack_application file. !53478 (Yogi (@yo))
- Remove namespace_onboarding_actions table. !53488
- Update grape gem to 1.5.2. !53547
- Apply new GitLab UI for buttons in empty issue placeholder. !53554 (Yogi (@yo))
- Apply new GitLab UI for buttons in commit page. !53555 (Yogi (@yo))
- Apply new GitLab UI for toggle buttons in CI/CD settings page. !53556 (Yogi (@yo))
- Add margin and remove padding in project graph page. !53557 (Yogi (@yo))
- Add btn-icon class for icon only buttons in issues header. !53562 (Yogi (@yo))
- Remove gl-text-black-normal from detailed metric which is not visible in dark mode. !53563 (Yogi (@yo))
- Improve error message reporting in snippet create or update. !53576
- Add URL help text and edit other UI text. !53578
- Apply new GitLab UI for no repo action buttons. !53580 (Yogi (@yo))
- Track 5 mins production app template usage. !53618
- Add clear_status_at column to user_status table. !53620
- Fix /-/readiness probe for Puma Single. !53708
- Prevent blocked user from triggering notifications. !53788
- Track when a merge request is created from an issue. !53808
- Allow running Puma in Single mode. !53830
- Update GitLab Workhorse to v8.62.0. !53864
- Remove caching_experiments feature flag. !53901
- Improve profile status emoji alignment. !54078
- Add tracking to measure the number of unique users committing CI config. !54192
- Enable sorting diffs by default. !54210
- Update GitLab Workhorse to v8.63.0. !54315
- Add btn-default to buttons in todos page. (Yogi (@yo))
- Apply new GitLab UI for buttons in pipeline schedules.


2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
## 13.8.8 (2021-04-13)

### Security (2 changes)

- Clean only legitimate JPG and TIFF files.
- Update ruby-saml and rexml gems.


## 13.8.7 (2021-03-31)

### Security (5 changes)

- Fixed XSS in merge requests sidebar.
- Leave pool repository on fork unlinking.
- Fix arbitrary read/write in AsciiDoctor and Kroki gems.
- Prevent infinite loop when checking if collaboration is allowed.
- Require POST request to trigger system hooks.

### Removed (1 change)

- Make HipChat project service do nothing. !57434

### Other (3 changes)

- Remove direct mimemagic dependency. !57387
- Refactor MimeMagic calls to new MimeType class. !57421
- Switch to using a fake mimemagic gem. !57443


## 13.8.6 (2021-03-17)

### Security (1 change)

- Patch Kramdown syntax highlighter gem.


2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
## 13.8.5 (2021-03-04)

### Security (6 changes)

- Fix XSS in wiki author email and name.
- Bump thrift gem to 0.14.0.
- Allow only owners to manage group variables.
- Do not store marshalled sessions ids in Redis.
- Workhorse: prevent escaped router path traversal.
- Fix XSS vulnerability for swagger file viewer.


2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
## 13.8.4 (2021-02-11)

### Security (9 changes)

- Cancel running and pending jobs when a project is deleted. !1220
- Prevent Denial of Service Attack on gitlab-shell.
- Prevent exposure of confidential issue titles in file browser.
- Updates authorization for linting API.
- Check user access on API merge request read actions.
- Limit daily invitations to groups and projects.
- Enforce the analytics enabled project setting for project-level analytics features.
- Perform SSL verification for FortiTokenCloud Integration.
- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP.


2171
2172
2173
2174
2175
2176
2177
2178
## 13.8.3 (2021-02-05)

### Fixed (2 changes)

- Revert multipart URL optimization for AWS S3. !52561
- Fix regression with old wiki image uploads. !52656


2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
## 13.8.2 (2021-02-01)

### Security (5 changes)

- Filter sensitive GraphQL variables from logs.
- Avoid exposing release links when the user cannot read git-tag/repository.
- Sanitize target branch on MR page.
- Fix DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting.
- Add routes for unmatched url for not-get requests.


2190
2191
2192
2193
2194
2195
2196
2197
2198
## 13.8.1 (2021-01-26)

### Fixed (3 changes)

- Cancel artifact expiry backfill background jobs. !51821
- Fix LFS not working with S3 specific-storage settings. !52296
- Fix missing setting LDAP servers. !52512


2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
## 13.8.0 (2021-01-22)

### Security (4 changes, 1 of them is from the community)

- The NuGet endpoints will no longer ignore an invalid username when a personal access token or deploy token is passed via HTTP Basic authentication. !38627 (Ethan Reesor (@firelizzard))
- Update WEBrick to v1.6.1. !50720
- Prevent user-defined variables from being used by non-maintainers. !51682
- Upgrade Workhorse to 8.58.2.

### Removed (2 changes)

- Drop group_id column from compliance_management_frameworks table. !50829
- Remove deprecated generic alert integration in favor of HTTP Integrations. !50913

### Fixed (91 changes, 35 of them are from the community)

- Deduplicate labels with identical title and group. !37148
- Remove diff display preferences and file tree from changes empty state. !43467
- Upgrade to Grape v1.5.0. !44554
- Fix database timeout errors when removing expired job artifacts. !47496
- Return release milestones in predictable order. !47700
- Fix multiple simultaneous requests for vulnerabilities on pipeline security tab. !48426
- Remove duplicate service records. !49463
- Add LaTeX support for Jupyter Notebooks. !49497
- Fix confusing button text when importing from GitHub. !49684 (Kev @KevSlashNull)
- Fix identicon text color in dark mode. !49785 (@yo)
- Fix installation of Knative under Helm 3. !49843
- Hide inoperable group search Releases filter. !50010
- Fix visibility level validation for deep nested forks. !50081
- Change type of CiJob.needs. !50192
- Handle git errors when cleaning up MR refs. !50250
- Fix over-eagerly updating Web IDE Live Preview. !50255
- Persist updated_at value in state change events. !50272
- Enlarge the timeline toggle button. !50284
- Hide "Actions" label on group members view if no action buttons exist. !50304
- Fix bug with snippets in HEAD when default branch is not master. !50366
- Add project scope to ci clint graphql endpoint. !50418
- Fix the graphQL type for container repository tags. !50419
- Allow more actions on group members. !50445
- Don't allow filtering by release tag on groups. !50457
- Flash transfer errors in the admin project controller. !50541 (Vincent Fazio)
- Update cluster-applications to v0.37.0. !50548
- Fix codeowners superseding web ide and single file edit. !50608
- Update Terraform Pipline templaes to support 0.14 lockfile cache. !50647 (Aurelian Shuttleworth)
- Fix issue with the `default_merge_refs` feature flag removing version to version diffs. !50671
- Fix LDAP override throws 404 when member has Minimal access. !50680
- Maven will return the most recent maven-metadata.xml file if there are multiple matches accross different projects. !50700
- Avoid 409 StaleObjectError errors with /rebase. !50719
- New project guidelines are no longer displayed. !50736 (Roger Meier)
- Add RateLimit-* headers to RackAttack responses. !50833 (adam-moss)
- Fix 500 error on repository settings access when repository is empty. !50844 (Diego Louzán)
- Update toast position on set status. !50886
- Fix duplicated toggle button showing on right sidebar when signed out. !50892
- Fix fork icon shrinks if branch name is very long. !50915 (Kev @KevSlashNull)
- Fix 'copy sha' in 'add previous commits' modal doesn't copy. !50921 (Kev @KevSlashNull)
- Fix large S3 uploads failing to finalize. !50922
- Fix webhook badge color in darkmode. !50943 (Yogi (@yo))
- Remove border radius for sidekiq iframe card. !50955 (Yogi (@yo))
- Align checkbox in system hooks page in admin. !50958 (Yogi (@yo))
- Fix import issues button style. !50969 (Yogi (@yo))
- Fix mobile layout Error Tracking details page. !50970 (Kev @KevSlashNull)
- Fix cobertura parser when there is an empty sources node. !50971
- Fix branch name overflows in profile activity section. !50975 (Kev @KevSlashNull)
- Fix abuse reports contains html and does not show repoter. !50983 (Kev @KevSlashNull)
- Rename button "CI lint" to "CI Lint" on jobs page. !50987 (Kev @KevSlashNull)
- Align admin notes label to the left. !50992 (Kev @KevSlashNull)
- Fix multiple errors in custom server hook render improperly. !51001 (Kev @KevSlashNull)
- Fix Jira MR status not syncing by making workers idempotent. !51006
- Show status of snippet author in header. !51030 (Kev @KevSlashNull)
- Fix slack application helper card. !51034 (Yogi (@yo))
- Remove margin top for snippets empty state. !51038 (Yogi (@yo))
- Invalidate reviews counter cache when MR gets closed/merged/reopened. !51055
- Fix merge request analytics page filtering when multiple labels are given. !51060
- Fix admin project overview badge alignment. !51066 (Kev @KevSlashNull)
- Strip newline from commit description on project overview. !51099 (Kev @KevSlashNull)
- Fix alignment of protected tag and branch labels on mobile. !51100 (Kev @KevSlashNull)
- Fix 500 errors entering a webhook URL not encoded. !51109
- Fix long deploy token name overflows revocation modal. !51114 (Kev @KevSlashNull)
- Use an empty body when sending a file with X-Sendfile. !51115
- Ensure Rake DB create doesn't fail when LDAP is enabled. !51132
- Fix runner admin is missing CI status styles. !51158 (Kev @KevSlashNull)
- Fix jobs admin is missing CI status styles. !51161 (Kev @KevSlashNull)
- Fix color of hamburger in dark mode. !51168 (Kev @KevSlashNull)
- Fix padding of user admin search bar on mobile. !51170 (Kev @KevSlashNull)
- Make todo filter sort input full width on mobile. !51171 (Kev @KevSlashNull)
- Correctly handle Gitaly being unavailable in more locations. !51222
- Prevent rebase from being run in quick action when there are conflicts. !51243
- Fix cut off line number in file blame. !51259
- Add margin to user chat settings. !51282 (Yogi (@yo))
- Invalidate reviews counter cache when MR gets created. !51316
- Forbid snippet pushes when repo is read-only. !51318
- Fix tertiary button color in dark mode. !51349
- Fix table columm shift with table-layout fixed. !51416
- Conditionally show card footer in single group page in admin. !51426 (Yogi (@yo))
- Fix argument type for background migration. !51475
- Correct status indicator for jobs groups when failure is allowed. !51478 (Sune Keller (sirlatrom))
- In WebIDE switch files before closing the active one. !51483
- Fix behavior of maven_duplicates_allowed setting so new Maven packages can be uploaded. !51524
- Fix script typo in secret detection template causing the detection to be skipped. !51544 (Vicken Simonian @vicken.papaya)
- Rename Backlog list to Open in issue boards. !51562
- Update GraphqlExtractor return value to be original hash. !51596
- Fixed applied message showing before discussion gets resolved. !51605
- Generate page-info for connections of preloaded associations. !51642
- Fix typo in notice displayed when Design Management requires LFS to be enabled. !51644
- Fix coverage not showing for inline diffs. !51652
- Fix issues when Web IDE commits to new branch. !51654
- Remove EE references from FOSS code. !51832

### Deprecated (2 changes)

- Deprecate prometheus.listen_address and prometheus.enable. !50500
- Refactor(opsgenie): remove Opsgenie integration frontend code from Incident management. !50525

### Changed (75 changes, 9 of them are from the community)

- Increase the complexity score of GraphQL MergeRequest#approved, MergeRequest#approvalsLeft and Repository#exists fields as they can call Gitaly. !47039
- Move deploy boards to Core. !47147
- Improve error message when username and namespace conflict. !47537
- Improve error messages when adding namespaces in Jira Connect App. !48651
- Update puma & puma_worker_killer to upstream. !48897
- Replace dropdown-input-fa-color with gray-500. !49213
- Adds MergeRequest.reviewers to GraphQL API. !49707
- Reorganize project member management into tabs. !49764
- Standardize page title styles on all wiki pages. !49777
- Ensure container_expiration_policy keep_n is an integer. !49805 (Mathieu Parent)
- When retrying jobs associate subsequent jobs with triggering user. !49833
- Allow collaboration on merge requests across forks by default. !49904 (Jonston Chan @JonstonChan)
- Add PostgreSQL trigger to maintain projects.has_external_wiki. !49916
- Limit the number of container tags to delete when deleting them in bulk. !49961
- Remove extra space in API 403 Forbidden error message. !50016
- Enable collect_package_events_redis by default. !50092
- Remove total_pipeline_duration from project_type. !50093
- Use Patroni as the default in the replication docs. !50101
- Fix package event metrics aggregation. !50108
- Upgrade CodeQuality version in CI template to 0.85.19. !50118
- Defer tagsCount & add startup.js to container registry. !50147
- Update ci config type for GraphQL to use connection_type. !50160
- [RUN-AS-IF-FOSS] Move to `createBoard` mutation instead of REST API call + `updateBoard`. !50171
- Adjust container registry metadata during loading. !50181
- Allow group owners and auditors to login to SSO-enforced groups without SSO. !50199
- Update .net Project Template Archive. !50321
- Add button to edit custom Wiki sidebar. !50323 (Frank Li)
- Update Rails Project Template archive. !50325
- Updated Express Project Template archive. !50326
- Change clusters.helm_major_version default to 3. !50399
- More concise pipeline notification emails. !50405
- Rename coverage report sidekiq queue. !50424
- Use a dynamic segment not depending on the package id for Debian files. !50433 (Mathieu Parent)
- Remove lfs_chunked_encoding feature flag. !50557
- Adds annotations as part of metadata for CiliumNetworkPolicies wrapper. !50586
- Add manual bridge support to api. !50634
- Add issue link to due date emails. !50642
- Updates graphql gitlab-ci.yml linter implementation. !50664
- Add additional fields to diff_metadata.json endpoint. !50666
- Check namespace package settings when creating Maven packages. !50691
- Change onboarding actions table to use one record per namespace. !50711
- Improve the reliability and observability of the container registry client. !50750
- Remove inactive integrations indicator in index and show pages. !50753
- Add tags count and cleanup status to registry details. !50756
- Update merge request status box without reloading page. !50761
- Add error handling in the container registry delete tags service. !50763
- Update the maven package finder. !50774
- Move Group Migration entities import to individual sidekiq jobs. !50781
- Prevent locked Terraform states from being deleted. !50798
- API: Exposes errors in lint endpoint. !50891
- Indent child form elements in integrations form. !50929
- Wiki edit: automatically focus on the content field. !50941 (Jacopo Beschi @jacopo-beschi)
- Limit Group Migration extractors and loaders to 1 per pipeline. !50951
- Add space and helper to the group members page. !50954 (Yogi (@yo))
- Add access request endpoint to OpenAPI standard. !51000 (Jim Cser)
- Use GlBadge for badges in pipeline_url.vue. !51058 (Kev @KevSlashNull)
- Migrate `deleteBoard` board_store function to GraphQL mutation. !51069
- Skip secret_detection on tags. !51129
- Remove pagination from Deployment Frequency API endpoint. !51137
- Updates regex for group_name to support numbers in job name. !51157
- Migrate GitLab UI button for Merge Request Approvals settings. !51159 (George Tsiolis)
- Enable reviewer_approval_rules by default. !51183
- Remove limit of four features per plan. !51264
- Disable submit button on wiki if no title and content. !51272
- Wiki: Add author avatar and link. !51273
- Update the DAST latest template to run when configured even if the user doesn't have sufficient permission. !51279
- Resolve Grouping/swimlanes choice should persist after board has been edited. !51317
- Extract expired pipeline artifacts removal service into it's own background worker. !51323
- Bump workhorse to 8.59.0. !51329
- Update Issue Incidents to allow the milestones feature to be used in the sidebar and quick actions. !51456
- Remove test_failure_history flag. !51464
- Update pipeline graphs on CI/CD Analytics page to use GraphQL endpoint. !51504
- Redirect deprecated profile paths to scoped path. !51646
- Default enable set_user_availability_status. !51668
- Add visibility mismatch warning to the branch chooser. !51671

### Performance (16 changes)

- Lower /explore page limit. !50233
- Cache license data in a process-memory cache. !50318
- Fix N+1 queries with loading group issues with GraphQL. !50328
- Performance improvements for CI GraphQL resources. !50386
- Index ci_pipelines on pipeline_schedule_id and id. !50478
- Fix N+1 when rendering snippets in the dashboard. !50569
- During group deletion, only enqueue jobs for project_authorizations refresh if the group being deleted has other groups shared with it. !50617
- Switch to 2x faster PRNG. !50811
- Improve the database query performance on the pipeline loading in merge requests. !50818
- Reduce per-page size in release index pages for loading faster. !50934
- Spread monthly CI minutes reset from 8 to 24 hours. !51084
- CI: use commit SHA in persistent refspec. !51208
- Use Puma `nakayoshi_fork`. !51467
- Limit rendering of commit messages. !51485
- Remove pipeline status from /explore page. !51621
- Lower allocations when building nav. !51628

### Added (66 changes, 6 of them are from the community)

- Add ability to get admins via REST and GraphQL API. !46244
- Add flutter CI/CD template. !46968
- Add migration to swap partitioned audit_events. !47581
- Add the NuGet group level API. !48356
- Instrument viewing merge request diffs file by file. !48470
- Allow HTTP Basic Auth and deploy token authentication for generic packages. !48540 (Moshe Katz @kohenkatz)
- Stop unlinking the fork when changing visibility. !49013
- New user/issue specific email address for creating/forwarding to an issue. !49050
- Add GraphQL mutation to create on-call rotations. !49206
- Add ability for admins to create PAT for other users via API. !49222
- Add snippet repository storage move API endpoints. !49228
- Add keep latest artifact option for projects. !49256
- Debian Group and Project Distributions. !49405 (Mathieu Parent)
- Add table for tracking on-call shifts. !49423
- Add 5-minute-production-app CI template. !49487
- UI to opt out of keeping the artifacts from the last job at project level. !49500
- Debian File Metadata. !49692 (Mathieu Parent)
- Add epic board list table. !49728
- Enable OAuth PKCE flow. !49756
- Add artifacts:public boolean. !49775
- Add a quick action for /rebase. !49800
- Populate `finding_uuid` attribute for the existing `vulnerability_feedback` records. !49807
- Expose hide_backlog_list and hide_closed_list to project and group boards REST API. !49815 (Mathieu Parent)
- Expose notes resolved_at via API. !49821 (Lee Tickett)
- Add toggle to disable Operations in settings. !49919
- Add rake gitlab:git:checksum_projects. !49965
- Extend MergeRequestFinder to search by squash and merge commits. !49968
- Add delete metric image REST API endpoint. !50043
- Add namespace settings to allow or disallow duplicate Maven packages. !50104
- Add copy email to issue sidebar. !50127
- Add rake task for migrating legacy pages storage to zip deployments. !50153
- Project Template for Kotlin native. !50162
- Track usage for Terraform State API. !50224
- Add group MR approval settings table. !50256
- Add DevOps adoption end_time column. !50257
- Auto-assign merge request author when creating from issue. !50263
- Added epic board position database index. !50277
- Include the user id in the webhook payload. !50287
- Add project config path as a predefined project variable. !50301
- Send email when group member expiry is updated. !50310
- Implement variables for pipeline job rules. !50501
- Add DAST.latest.gitlab-ci.yml. !50539
- Add `dismissal_reason` column into the `vulnerability_feedback` table. !50632
- Add setting to enable Invisible Captcha. !50650
- Add include_versionless param to the Package API. !50669
- Allow custom response to be set when rate limits are exceeded. !50693
- Exposed web_path and web_url fields in Board's GraphQL API. !50947
- Add aggregate/union visit tracking for Compliance features. !50978
- Display Artifacts Dropdown on MR Pipeline Widget. !50998
- Add composer details GraphQL type and query. !51059
- Add skipped status to deployments. !51068
- Persist 'squash_commit_sha' when squashing. !51074
- Add confidentiality filtering to the epics REST API and GraphQL endpoints. !51105
- Add API command to remove pending member invitation. !51134
- Add configurable Gitpod button within projcet repository page. !51197
- Allow users to use IssueDeployedToProduction VSA event. !51199
- Show all quick actions in `/` autocomplete. !51239
- Debian Group and Project Distribution Architectures. !51265 (Mathieu Parent)
- Initially sync Merge Requests with Jira when a namespace is added through the GitLab for Jira app. !51341
- Adding /reviewer and /remove_reviewer aliases and specs. !51384
- Instrument CI template usage across projects. !51391
- Control job status using exit codes. !51439
- Enables the CI Pipeline Editor feature as a way to edit the GitLab CI/CD configuration. !51484
- Allow resetting group and instance level integrations. !51507
- Designate optional sections in the codeowners file. !51643
- Enable CI visualization by default. !51701

### Other (74 changes, 37 of them are from the community)

- Add a new Ruby API for specifying allowed authentication mechanisms for REST API endpoints. !38627 (Ethan Reesor (@firelizzard))
- Migrate-Bootstrap-dropdown-to-GitLab-UI-GlDropdown-in-app/assets/javascripts/vue_shared/components/pikaday.vue. !41458 (nuwe1)
- Add Icons to headings in system info on admin panel. !46618 (Yogi (@yo))
- Backfill artifact expiry date. !47723
- Convert navigation_tabs.vue to gl-tabs. !47841
- Fix UI on global breadcrumb on Project/Group Container Registry. !48288 (Takuya Noguchi)
- Dynamically load gapi on GKE cluster creation pages. !49512
- Update pipeline alert text to be more readable. !49575
- Remove users#show.json completely. !49670 (Takuya Noguchi)
- Visually enhance the difference between code that has and does not have test coverage. !49724
- Updated UI text to match style guidelines. !49871
- Update documentation for setting up database replication with Patroni on a Geo secondary node. !49986
- Disable auto admin mode for lib specs. !50056 (Diego Louzán)
- Add documentation for new Snippet repository storage move API. !50151
- Propagate client identity to gitaly. !50161
- Centered Markdown Preview in Web IDE with a set max width to limit the container size. !50291 (Mehul Sharma)
- Migrates the alert on the new branch page. !50307
- Fully disable auto admin mode and migrate remaining specs. !50331 (Diego Louzán)
- Refactor specs around gpg_keys in users_controller_spec.rb. !50337 (Takuya Noguchi)
- Refactor specs around ssh_keys in users_controller_spec.rb. !50338 (Takuya Noguchi)
- Improve badges UI text. !50351
- Update error message used in boards sidebar subscription. !50352
- Update GitLab Runner Helm Chart to 0.24.0. !50377
- Update Auto DevOps UI text to match style guidelines. !50398 (Amy Qualls @aqualls)
- Updated UI text to match style guidelines. !50403
- Improve service desk UI text. !50407
- Replace user controller spec with its request spec. !50435 (Takuya Noguchi)
- Updated UI text to match style guidelines. !50475 (Amy Qualls @aqualls)
- Updated UI text to match style guidelines. !50476
- Updated UI text to make runner lowercase. !50477
- Change failure message of missing job needs. !50492
- [Commit Page] Migrate to GlModal for revert commit. !50522
- Updated link text to match style guidelines. !50555
- Fix text color for 'no estimate or time spent' message in time tracker component. !50558
- Migrate runner_setup_controller_spec.rb to request spec. !50600 (Takuya Noguchi)
- Sampler intervals can now be configured via env vars. !50625
- Add test to check if /users/User is redirected to /User. !50651 (Takuya Noguchi)
- Add metrics to creating, closing, reopening and merging merge requests. !50654
- Update Docker from 19.03.0 to 20.10.1 on CI/CD. !50732 (Takuya Noguchi)
- Migrate jwks_controller specs to request specs of them. !50767 (Takuya Noguchi @tnir)
- Update copy on Feature Flags List view to be more descriptive for users. !50813 (Sarah Rosenshine)
- Add metrics to creating, editing or removing comments on merge requests. !50849
- Use git packages from buster on build-qa-image. !50867 (Takuya Noguchi @tnir)
- Upgrade factory_bot_rails to 6.1.0. !50875
- Update net-ldap gem version. !50888
- Add version cache field to composer metadata. !50906
- Drop temporary index on ci_builds. !50961
- Remove unnecessary use of .freeze. !50963 (Adam Davies @adamd92)
- Update canary(next) badge style with new GitLab UI. !50965 (Yogi (@yo))
- Remove tmp_index_for_email_unconfirmation_migration index in the emails table. !50981
- Improve delete snippet feature spec. !51020 (Lee Tickett @leetickett)
- Update toggle button in repo general settings. !51036 (Yogi (@yo))
- Reduce heading font size in validate CI lint page. !51042 (Yogi (@yo))
- Remove unnecessary use of .freeze. !51073 (Adam Davies @adamd92)
- Update button style of expand/collapse button on Deploy Tokens page. !51077 (nuwe1)
- Update button style of Revoke button on Deploy Tokens page. !51079 (nuwe1)
- Apply GitLab UI button styles to buttons in transactions show.html.haml files. !51096 (nuwe1)
- Add metrics to creating, editing or removing multiline comments on merge requests. !51098
- Update default value of applications_settings.max_import_size to 0. !51229
- Add one welcome email for account provisioned by group. !51271
- Add `gl-button` to move issue button in issue sidebar. !51285 (Yogi (@yo))
- Update to new GitLab UI button in members invite page. !51300 (Yogi (@yo))
- Update grape-path-helpers gem version. !51320
- Drop tmp_index_for_email_unconfirmation index from the emails table again. !51440
- Add metrics to starting and publishing a review. !51521
- Add gl-badge to members list badges. !51546 (Yogi (@yo))
- Add gl-badge to CI badges. !51547 (Yogi (@yo))
- Add gl-badge to CI runners. !51548 (Yogi (@yo))
- Add gl-mt-3 to no schedules nothing-here-block. !51551 (Yogi (@yo))
- Add gl-button to Add Jaeger URL. !51553 (Yogi (@yo))
- Add gl-button to dismiss feature highlight button. !51555 (Yogi (@yo))
- Remove unneeded group label index. !51676
- Apply GitLab UI button styles to buttons in project wiki. !51780 (Yogi (@yo))
- Add verbiage + link sast to show it's in core. !51935


2556
2557
2558
2559
2560
2561
2562
## 13.7.9 (2021-03-17)

### Security (1 change)

- Patch Kramdown syntax highlighter gem.


2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
## 13.7.8 (2021-03-04)

### Security (5 changes)

- Bump thrift gem to 0.14.0.
- Allow only owners to manage group variables.
- Do not store marshalled sessions ids in Redis.
- Workhorse: prevent escaped router path traversal.
- Fix XSS vulnerability for swagger file viewer.


2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
## 13.7.7 (2021-02-11)

### Security (9 changes)

- Cancel running and pending jobs when a project is deleted. !1220
- Prevent Denial of Service Attack on gitlab-shell.
- Prevent exposure of confidential issue titles in file browser.
- Updates authorization for linting API.
- Check user access on API merge request read actions.
- Limit daily invitations to groups and projects.
- Enforce the analytics enabled project setting for project-level analytics features.
- Perform SSL verification for FortiTokenCloud Integration.
- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP.


## 13.7.6 (2021-02-01)

### Security (5 changes)

- Filter sensitive GraphQL variables from logs.
- Avoid exposing release links when the user cannot read git-tag/repository.
- Sanitize target branch on MR page.
- Fix DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting.
- Add routes for unmatched url for not-get requests.


## 13.7.5 (2021-01-25)

### Fixed (2 changes, 1 of them is from the community)

- New project guidelines are no longer displayed. !50736 (Roger Meier)
- Fix LFS not working with S3 specific-storage settings. !52296


2608
2609
2610
2611
2612
2613
2614
## 13.7.4 (2021-01-13)

### Security (1 change)

- Deny implicit flow for confidential apps.


2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
## 13.7.3 (2021-01-08)

### Fixed (7 changes)

- Fix Canary Ingress weight is not reflected on UI immediately. !50246
- Change pages deployments size to bigint. !50262
- Fix viewing container repositories with tags with corrupted manifest. !50362
- Fix the graphQL type for container repository tags. !50419
- Fix(eetrialbanner): fix EE trial banner to allow dismiss. !50436
- Update Helm 2 version to 2.17.0. !50547
- Fix project access token regression. !50800


2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
## 13.7.2 (2021-01-07)

### Security (7 changes)

- Forbid public cache for private repos.
- Deny implicit flow for confidential apps.
- Update NuGet regular expression to protect against ReDoS.
- Fix regular expression backtracking issue in package name validation.
- Fix stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages.
- Update trusted OAuth applications to set them as confidential.
- Upgrade Workhorse to 8.58.2.


2641
2642
2643
2644
2645
2646
2647
## 13.7.1 (2020-12-23)

### Fixed (1 change)

- Fix project transfer corrupting shared runners state. !47316


2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
## 13.7.0 (2020-12-22)

### Security (1 change)

- Fix regular expression backtracking issue in custom emoji name validation.

### Removed (2 changes, 1 of them is from the community)

- Remove Google Code importer. !48139 (Getulio Valentin Sánchez)
- Remove release notes from Tags page. !49979

### Fixed (109 changes, 7 of them are from the community)

- Update user mentions when markdown columns are directly saved to DB. !38034
- Retain spinner when applying MR suggestions. !46203
- Skipped jobs no longer trigger a cancelled deployment. !46614 (David Barr @davebarr)
- Catch wiki timeouts when rendering pages. !46627
- Fix single file snippets display for Geo secondary sites. !46812
- Fix Jira Connect styles not loaded when startup_css is enabled. !47043
- Add migration that updated users that don't need to have 2fa established. !47193
- Fix project integration form validation when integration is inactive. !47201
- Fix project access token build authentication error. !47247
- Support S3 server side encryption in CI cloud native job logs. !47536
- Fix repository clone panel for wikis. !47676
- Hide Mark as draft button in a merged MR even on mobile. !47678 (Takuya Noguchi)
- Eliminate N+1 performance issues in MergeRequest.pipelines in GraphQL API. !47784
- Add cascade delete foreign key to web_hooks on service_id without validation. !47821
- Implement passing dotenv variables to bridge jobs. !47905
- Allow canceling all pipelines with auto-cancel. !47906
- Fix error in Issuable::ImportCsv::BaseService when CSV file is empty. !47918
- Fixed editing labels on the swimlanes sidebar. !47946
- Scroll exactly to the top of a discussion on the MR Overview tab. !47970
- Search page: fix empty results status. !48034
- Move fuzz license check to .pre stage. !48076
- Add link in Access Request API. !48081 (jimcser)
- Add gitlab:db:active task. !48083
- Fix overscroll for MR diffs in mobile view. !48091
- Fix incorrect line height in file header. !48117
- Repopulate historical vulnerability statistics. !48128
- Fixed image diff comments positioning. !48132
- Manually trigger pipelines correctly when branches and tags have the same name. Separate tags and branches in trigger pipeline form. !48142
- Allow failure for Secret Detection job. !48152
- Change services.inherit_from_id foreign key to ON DELETE CASCADE. !48163
- Avoid exception when validating diff_note support. !48187
- Avoid invalid notes on Project Import. !48189
- Update alert setting form to handle JSON payload submit when mapping builder is not enabled. !48231
- Adds id desc to index_ci_builds_on_runner_id_and_id_desc. !48241
- Adds type="button" to the close button for the issue type selector to prevent accidental form submission. !48249
- Remove orphan service hooks. !48263
- Fix console error being thrown when file is renamed. !48275
- Update alert details sidebar assignee dropdown to use correct styling and formatting. !48285
- Consider design repositories when determining if there is a git transfer in progress. !48304
- Set Retry-After header when RackAttack throttling. !48310
- Fix misaligned buttons for CI Jobs page. !48332 (mgandres)
- Use incident instead of issue for operation settings. !48406
- Fix missing item with same name in autocomplete suggestions. !48410 (Paul Ungureanu @ungps)
- Fix misalignment of commit search by message input. !48430
- Prometheus integration name should not have a modifiable input field. !48437
- Fix stretched flash in project commit show page. !48439
- Ensure job trace endpoint is not called if the current job has not started or the browser is not visible. !48516
- Update fog-aws to v3.6.7. !48519
- Fixed double-border style on WebIDE button. !48605
- Fix spacing between buttons on pipeline header. !48660
- Fix vulnerability deduplication logic for the "pipeline security tab". !48704
- Add type filtering in appearance page of the admin panel. !48709 (Paul Ungureanu @ungps)
- Fix confirmation modal showing on project integration. !48720
- Fix import of LFS files in GitHub import. !48722
- Github importer - Avoid touching MR when importing pull request `merged by` field. !48729
- Fix styling of various dropdowns. !48800
- Fix MR buttons when fork is deleted. !48813
- Add menu-item class to non-details-job-component. !48834
- GraphQL: Add gitlay field to CiStatusAction. !48892
- Global Search - Fix Dark Mode Font. !48927
- Fix flex overflow bug. !48931
- Restrict access to job page to developers only when use CI_DEBUG_TRACE is true. !48932
- Resolve Cannot remove namespace. !48973
- Resolve Save button should have a different color on press. !48975
- Fix last_value record in internal_ids for epics. !48988
- Fix failed group imports getting stuck by long error messages. !48989
- Avoid branch name checking when creating a new snippet. !48995
- Ensure default_branch from settings is not blank. !49018
- Make sure Sourcegraph asset always loads successfully. !49030
- Fix avatar size in profile activity. !49047
- Fix margin and selected state in file header. !49059
- Fix comment highlighting for unified diff components. !49061
- Fix Jupyter notebook code and image rendering. !49067
- Fix bug in ProjectRepositoryStorageMove transition to scheduled. !49105
- Do not crash the ingestion of all security reports if there is an invalid report artifact. !49181
- Do not automatically reapply incident label after user removes it. !49188
- Update fog-google to v1.12. !49196
- Check for a status in the current user dropdown. !49203
- Fix pipeline page in dark mode. !49214
- Handle prometheus-formatted alert notifications through HTTP integrations. !49268
- Update repository size after import. !49319
- Fix typo on merge locally step. !49330
- Fix getting security report information on merge requests from forks. !49354
- Conan packages show build and commit information when published using CI. !49426
- Clear emoji status in issue/mr header. !49439
- Hide extra breadcrumb arrow that overlaps with last breadcrumb item. !49456
- Fix division by error when upload max size is set to 0. !49482
- Capture subgroup creation failure during Group Import via archive file. !49484
- Alert Service integration only available for projects. !49561
- Update projects_imported.total usage metric. !49568
- Fix usage data tracking of some issue events. !49571
- Fix copy to clipboard on Firefox. !49648
- Fix outline on selected button in Snippets Rendered/Source buttons. !49676
- Add final newline on submit in blob editor. !49681
- Fail import state whenever repository import fails. !49682
- Fix author on /clone quickaction usage to be current user. !49830
- Upgrade mailroom to v0.0.8. !49834
- Fix the header name for basic auth authentication in package managers APIs. !49836
- Allow opsgenie manage form to be displayed when opsgenie is enabled. !49863
- Add custom cop to prevent invalid HTTParty usage. !49878 (Ethan Reesor (@firelizzard))
- Remove last-child bottom-margin: 0 from page-title class. !49884
- Fix wording of some 400 Bad request API responses. !49895
- Set Web IDE Live Preview default background to white. !49901
- Fix bug in snippets mark as spam mutation. !49912
- Make the strategies env wrap. !49951
- Fix get endpoint not returning members with minimal access. !49996
- Fix feature flag logging is not working on API. !50025
- Resolve No boards found message showing when loading boards. !50140
- Fix Markdown attachments in Releases not rendering with full URL. !50146

### Deprecated (1 change)

- Drop unused feature_filter_type experiment column. !48221

### Changed (124 changes, 12 of them are from the community)

- Move Jenkins to Core. !37797 (Ben Bodenmiller (@bbodenmiller))
- Migrate Bootstrap button to GitLab UI GlButton in IDE. !39988
- Replace bootstrap alerts in ee/app/views/admin/licenses/new.html.haml. !41275 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/profiles/notifications/show.html.haml. !41310 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/admin/runners/show.html.haml. !41378 (Gilang Gumilar)
- Replace Runner Page Title with Runner’s Hash. !44854 (Kev @KevSlashNull)
- Rename Piwik config items and layout file after rebranding to Matomo. !45658 (Kate Grechishkina @kategrechishkina)
- Improve clarity of admin Rate Limiting UI. !46142
- Replace fa-exclamation-triangle icons with GitLab SVG warning-solid icon. !47089
- Add `converted_at` timestamp column to `experiment_users` to record when the user performs an experiment's conversion action. !47093
- Preserve cross references in AsciiDoc documents. !47131 (Guillaume Grossetie)
- Darker background for dark mode, plus small fixes to MR page. !47359
- Add option to uninstall the legacy Tiller server for clusters added before GitLab 13.2. !47457
- Use GitLab UI styles on Integrations page. !47478
- Add a job to the DAST template that shows an error in the console if the user is not licensed to use DAST. !47484
- Add BulkImports::Failure to store import failures of the Group Migration (BulkImports) process. !47526
- Remove brackets in no scopes selected message in access and deploy tokens lists. !47628
- Begin auto-stop countdown for environment after initial creation. !47702
- Change default project listing sort order to name. !47734 (Lee Tickett)
- Finalize new create project UI experiment. !47804
- Make ImportIssuesCsvWorker idempotent. !47808
- Remove "Details" from breadcrumb item and LD+JSON from Project top. !47817 (Takuya Noguchi)
- Convert knative error alert to glalert. !47840
- Remember last used project ordering option across groups. !47850 (Lee Tickett)
- Remove "Details" from breadcrumb and JSON+JD on Group top page. !47854 (Takuya Noguchi)
- Hide open registration user callout on gitlab.com. !47865
- Make "How to merge" modal in merge requests conform to correct modal styling. !47889
- Remove `Add Issues` button and a related modal. !47898
- Remove Feature Flag that controls data limit on Deploy Boards, thus making 10MB limits mandatory. !47950
- Removed boards promotion. !47972
- Replace fa-chevron-down in template selector dropdown. !48015
- Remove http_integrations_list feature flag. !48030
- Add filtering by current iteration to issue lists and issue boards. !48040
- Implement smart cobertura class path correction. !48048
- Replace fa-chevron-down icon in pikaday. !48054
- Add User.location field to GraphQL API. !48059
- Add support for filtering direct group members by 2FA enabled/disabled. !48084
- Iterate on the copy in the “Novice or Experienced” page of the registration onboarding flow. !48086
- Add metrics for count of unique users of alerts and incidents to usage ping. !48087
- Allow Pages to define a storage-specific connection. !48098
- Replace fa-exclamation-triangle in users select. !48116
- Add a generic packages tab to the Packages UI. !48121
- Replace fa icons in single file diff. !48136
- Add `checksum` column into the `vulnerability_remediations` table. !48165
- Replace fa-chevron-down with GitLab SVG in dropdowns. !48171
- Add ldap encrypted credentials to the usage data. !48210
- Replace fa-spinner in metrics dashboard yaml definition. !48227
- Update Design of the Container Registry Cleanup Policy for tags. !48243
- Enable LFS chunked encoding. !48269
- Authorize the project for the cluster agent if it is the agent's project. !48314
- Add GlFormCheckbox to squash commits. !48338
- Add metric for dead Sidekiq jobs. !48361
- Make How to merge modal in merge requests widget conform to correct modal styling. !48370
- Allow filtering project and group members by relationship in GraphQL. !48372
- Add Attributes cleaner to Group Migration. !48374
- Add additional fields to GraphQl terraform state version. !48411
- Bumps Managed-Cluster-Applications CI template to v0.36.0, which upgrades Runner. !48444
- Expose public email field for user in GraphQL. !48468
- Add MAU counter for snippet show action. !48477
- Refine group creation form. !48490
- Geo: Remove unused indexes. !48504
- Update empty state for no commits result. !48538
- Github Importer - import the pull request `merged by` field. !48561
- Refactor container registry list page to grapqhl. !48602
- Transfer a project/group to a new namespace inheriting integrations. !48621
- Replace fa-chevron-down icons with GitLab SVG in gcp cluster form. !48656
- Add containerRepositoriesCount to project and group queries. !48685
- Track test failures on pipeline completion. !48695
- Include actual limit in pipeline limit errors. !48710
- Replace how to merge HAML with Vue component. !48766
- Global Search - Fix Sidebar Whitespace. !48832
- Move CanaryIngress to core. !48836
- Finish removing unused replication columns from terraform state. !48839
- The dependency proxy caches manifests and makes HEAD requests to help with rate limiting. !48845
- Update package_file table to display commits when present. !48882
- Avoid creating wiki empty repo when not present in export files. !48890
- Update nodejs-scan rule to wildcard prefix. !48902
- Add primary key to elasticsearch_indexed_projects. !48919
- Upgrade fog-aws to v3.7.0. !48921
- Add new column `finding_uuid` into `vulnerability_feedback` table. !48923
- Add primary key to elasticsearch_indexed_namespaces. !48944
- Add ability to type a number in related issues and prepend #. !48952
- Improve CI for external repo with configurable maximum mirroring frequency on self-hosted. !48955
- Enable pages_serve_from_deployments FF by default. !48974
- Replace fa-cirlce in runners helper. !48981
- Add GitHub Importer pagination. !48983
- Add primary key to merge_request_context_commit_diff_files. !49024
- Update template to use codequality 0.85.18-gitlab.1. !49034
- Display more pipelines info in package history. !49040
- Use a separate commit to store formatting changes in the Static Site Editor. !49052
- Delete manifests when purging the dependency proxy using the API. !49056
- Auto approve users if Admin approval after sign up setting is disabled. !49068
- Boards - Remove default labels lists generation. !49071
- Sort merge request diff files directory first. !49118
- Add user ID based allowlist for Rack::Attack. !49127
- Sort commit/compare diff files directory first. !49136
- Move IssueType notes and discussions count logic to resolvers. !49160
- Let `rake gitlab:workhorse:install` use vendored workhorse. !49250
- Allow alert list to be visible when alerts exist, even if alerting integrations are disabled. !49257
- EKS: Provide user feedback on AWS authorization errors. !49278
- Remove user_search_secondary_email feature flag. !49312
- Update gitlab-kas to v13.7.0. !49318
- Convert fa-caret-down icons to chevron-down SVG. !49332
- Enable file tree highlighting by default. !49356
- Merge 'Sample Data' and 'Built-in' tabs on Project Templates page. !49374
- Add Merge Train Setting to the graphql api. !49402
- Migrate HAML buttons to Pajamas in app/views/profiles/keys. !49421 (Jonston Chan @JonstonChan)
- Migrate `createBoard` away from boardStore. !49450
- Support merge requests filtered by reviewer in GraphQL API. !49464
- Gradually load more diffs async. !49476
- Require users to copy, download, or print 2FA recovery codes. !49493
- Convert group member filter dropdowns to filtered search bar. !49505
- Update GitLab Workhorse to v8.58.0. !49534
- Refactor container registry to use GraphQL API. !49584
- Remove unneeded pagination code for project importers. !49589
- Update deprecated button on pipeline security table. !49620
- Update ide pipeline alert to use gitlab ui. !49634
- Updates the copy on empty users list tabs. !49642
- Enable LFS chunked encoding by default. !49649
- Add visibility and last updated image repository details. !49703
- Allow updating `hideBacklogList` and `hideClosedList` board attributes. !49947
- Add expires_at param to GroupMemberBuilder data. !49981
- Change the unique index on `security_findings` table. !50046
- Remove dast_unlicensed job. !50129

### Performance (24 changes, 2 of them are from the community)

- Remove redundant index. !47072
- Add database index for deployment rollback targets. !47159
- Add index for API Fuzzing usage data. !47692
- Paginate unit test report. !47953
- Remove .issue-box from static (classic) Issuable list. !47998 (Takuya Noguchi)
- Remove Bootstrap 4's Cards components from Issuables and Todos. !48004 (Takuya Noguchi)
- Fix N+1 when looking up user's solo owned groups. !48340
- Paginate first page of branches using Gitaly. !48595
- Add approvals created_at index. !48684
- Update index for notes to include `system`. !48864
- Remove unnecessary Gitaly calls from raw endpoint. !48917
- Reduce SQL queries when no pipeline hooks are active. !49186
- Improve query that finds all pipelines in the same family. !49240
- Rendering Loading State of Last Commit earlier. !49362
- Fix N+1 queries loading milestones when exporting CSVs. !49429
- Update snippet repository finder for namespace replication. !49518
- Reduce object allocations for large merge request. !49563
- Remove unnecessary Gitaly calls from projects#show. !49565
- Expand index on ci_pipelines. !49604
- Remove unnecessary queries in milestone page. !49662
- Improve the performance of the diff change access check. !49803
- Remove initial data check on project level value stream page. !49936
- Improve UI and performance of branches overview page. !50096
- Use the improved version of Value Stream Analytics backend on the project level. !50141

### Added (125 changes, 13 of them are from the community)

- Configurable personal access token prefix. !20968 (Max Wittig & Diego Louzán)
- Add CI_OPEN_MERGE_REQUESTS environment variable. !38673 (Ben Bodenmiller @bbodenmiller)
- Add Kroki to support more diagrams in AsciiDoc and Markdown. !44851 (Guillaume Grossetie)
- Fix the unreachable CLI image in OpenShift CI template. !44933 (Klaus Mueller @klml)
- Add other role column in user details table. !45635
- Add encrypted ldap secrets support. !45712
- Add the gitlab-experiment gem, with configuration. !45840
- Support Git access for group wikis. !45892
- Add toggle to remove Analytics left nav item. !46011
- Add merge requests total time to merge field to the GraphQL API. !46040
- Cleanup webauthn background migration. !46179 (Jan Beckmann)
- Add GraphQL mutation to update a release. !46611
- Capture design detail views via usage ping. !46751
- Add metric image uploading to incidents via REST API. !46845
- Expose GraphQL resolver for processing CI config. !46912
- Limit maximum deployments per pipeline to 500. !46931
- Enable Crowd auth for git-over-https. !46935 (Thomas Mendoza @tgmachina)
- Create a new `ExperimentSubject` model, associated to the `Experiment` model, and related database migrations. !47042
- Add GraphQL mutations for Devops Adoption Segment. !47066
- Allow passing `commit_id` when creating MR discussions via the API and expose `commit_id` for MR diff notes. !47130 (Johannes Altmanninger @krobelus)
- Adds bulk project repository storage move API. !47142
- Add packages_size to ProjectStatistics API entity. !47156 (Roger Meier)
- Create `vulnerability_findings_remediations` and `vulnerability_remediations` tables. !47166
- Geo: Add verification state machine fields to package files table. !47260
- Add `increment_counter` to Usage Ping API. !47309
- Geo: Add verification indexes for package files. !47372
- Add SEO structured markup for groups. !47374
- Create `incident_management_oncall_schedules` table. !47407
- Add confirm modal to unblock user. !47442
- Add API endoint for Administrators to approve pending users. !47564
- Allow secondary emails in user search. !47587
- Frontend client for increment_counter API. !47622
- Schedule CreateEvidenceWorker jobs in a sliding window. !47638
- Send Static Site Editor events to Usage Ping API. !47640
- Add rake task to disable personal project and group creation. !47655
- Add assign self to group boards sidebar. !47705
- Toggle File-By-File setting from the MR settings dropdown. !47726
- Add regulated field to compliance management frameworks. !47761
- Add lock button to the Terraform State list view. !47842
- Adds migration for user permission uploads. !47846
- Add loading state to boards assignees header dropdown. !47848
- Use CS_ANALYZER_IMAGE in CS template. !47856
- Add cloud_license_enabled column to application_settings. !47882
- Add invitation reminders. !47920
- Create namespace onboarding actions table. !48018
- Expose creation/update times for issue links. !48051
- Add upcoming deployment column to Environments page. !48062
- Add `service_desk_reply_to` to issues list and header. !48089 (Lee Tickett)
- Add iteration_id column to lists. !48103
- Add Epic Board Position model to store relative positioning of epics on a board. !48120
- Add code coverage overall activity to group repository analytics. !48155
- Add confirm modal to reactivate user. !48173
- Email user when registration request is rejected. !48185
- Add artifacts field to JobType. !48207
- Add database index on deployments. !48265
- Add secondary indexes to partitioned audit_events. !48270
- Obfuscate user profile for unconfirmed users. !48271
- Add flash message for setAssignees on group issue boards. !48277
- Add an URL to get user's GPG key if registerd. !48321 (Shimura Rin @blackenedgold)
- Add Operations project setting logic. !48347
- Add GraphQL mutation to delete a release. !48364
- Track MAU for SSE edit. !48377
- Add loading state to assignees header. !48392
- Implement a /clone quick-action to quickly clone an Issue. !48394
- Expose upcoming deployment in environment.json. !48449
- Add Vulnerabilities External Link model. !48465
- Add migration to populate remaining dismissal information for vulnerabilities. !48472
- Mark SCIM-created accounts as provisioned by group. !48483
- Add delete button to terraform list vue. !48485
- Show if a Pipeline was Ran in a Fork. !48517
- Added email notifications when an Issue is cloned. !48534
- Add dependency_proxy_manifests table and associations. !48535
- Add usage metrics for issue clone. !48537
- Implement a /clone_with_notes quick-action to quickly clone an Issue will all its notes. !48539
- Tracks guest package events. !48547
- Retry rsync when source files vanish during backup. !48568
- Add Setting to disable feed_tokens. !48600
- Enable by default usage data API tracking. !48607
- Add GraphQL API to delete container repository tags. !48617
- Github Importer - import pull request reviews from Github. !48632
- Added epic boards and epic board labels tables. !48658
- Allow alerts to be filtered by monitoring tool. !48699
- Adds guest package events to usage data. !48734
- Render http and https URLs as clickable links in Job logs. !48758 (Łukasz Groszkowski @falxcerebri)
- Add Merge Request diff CI variables. !48764 (Jonas Hahnfeld)
- Add admin users serializer and entity. !48791
- Set vulnerability as dismissed when there is dismissal feedback. !48795
- Create package build_info records for Conan, NuGet, PyPI, and Composer packages and package files. !48811
- Add download action to the Terraform state listing. !48837
- Add context to the experiment user records. !48896
- Add index for the `vulnerabilities` table on `project_id`, `state`, and `severity` columns. !48930
- Add uuid column into security_findings table. !48968 (Harrison Brock @harrisonbrock)
- Detect corrupted build logs and report them by incrementing Prometheus counter. !49004
- Add details column to vulnerability findings table. !49005
- Add Project to ContainerRepository GraphQL type. !49019
- Add pipeline information to Terraform state list. !49042
- Add oncall rotations and participants tables. !49058
- Add domain column to alerts table. !49120
- Add dependency proxy predefined environment variables. !49133
- Add usage data rake tasks to prettify JSON output. !49137
- Resolve Transition ID section should include help text. !49204
- Support instance profiles for IAM role for Amazon EKS integration. !49212
- Add `project_id` column into the `vulnerability_remediations` table to scope the records with projects. !49219
- Add member_events column to web_hooks table. !49273
- Upgrade Pages to 1.31.0. !49352
- Add CI/CD analytics GraphQL types. !49384
- Truncate the `security_findings` table. !49385
- Add validating jsonb fields with json schema draft-07. !49451
- Adds sha checksum to composer URL. !49511
- Dependency Proxy for private groups and Dependency Proxy authentication. !49519
- Save usage ping payload in raw_usage_data table. !49559
- Allow downloading of security reports directly from merge request page. !49572
- Show upgrade popover in security widget in merge requests when the user is able to upgrade. !49613
- Introduce frontend for group migration MVC. !49709
- Add issue header mobile dropdown loading state. !49734
- Support extensions as configurable ES6 classes in Editor Lite. !49813
- Allow job to download artifacts in parent-child pipeline hierarchy. !49837
- Add ability to aggregated metrics in Usage Ping. !49886
- Add expiration policy completed at support in container repositories. !49924
- Allow to configure custom service desk email address suffix. !49932
- Add payload_example and payload_attribute_mapping columns to alert_management_http_integrations table. !49941
- Add prefilled variables for run pipeline page. !49985
- Add operations_access_level to project settings API. !50023
- Upgrade GitLab Pages to 1.32.0. !50062
- Add MergeRequest to VulnerabilityType in GraphQL. !50082

### Other (49 changes, 15 of them are from the community)

- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/boards. !41410 (nuwe1)
- Migrate bootstrap dropdown to GlDropdown in app/assets/javascripts/diffs. !41451 (nuwe1)
- Migrate awards list buttons to new buttons. !43061
- Apply GitLab UI button styles to buttons in app/views/projects/graphs directory. !44295 (Lakshit)
- Use GitLab's standard dropdown for the review mode chooser in the WebIDE. !46820
- Replaces elements with the bs-callout class with gl-alert vue component. !47331 (Gary Bell @garybell)
- Add analytics_devops_adoption_snapshots table. !47388
- Add relation name to indexes view. !47422
- Migrate chevron-down icon to svg. !47591
- Disable auto admin mode in features. !47670 (Diego Louzán)
- Remove avg_cycle_analytics from usage ping. !47812
- Remove unused .issue-box CSS. !48002 (Takuya Noguchi)
- Convert shared runner limit alert to gl-alert. !48063
- Remove temporary blocking issues scheduling indexes. !48064
- Update icons to svg in several sort dropdowns. !48092
- Move Terraform state versioning default to database. !48194
- Replace wrong index definition on labels (project_id, title). !48238
- Update GitLab Runner Helm Chart to 0.23.0. !48284
- Add `external_author` alias to `service_desk_reply_to`. !48363 (Lee Tickett)
- Migrate bs-callout to GlAlert in …/unmet_prerequisites_block.vue. !48398
- Improve logging on feature flag modification. !48417
- Replace bootstrap caret-down with chevron-down. !48424
- Convert bootstrap carets to svg chevrons. !48492
- Rename "Cycle Analytics" with "Value Stream Analytics" under /spec. !48531 (Takuya Noguchi)
- Update GitLab Workhorse to v8.56.0. !48592
- Update gitaly gem to 13.6.1. !48601
- Rename "CYCLE_ANALYTICS_*" variables for CI with "VSA_*". !48675 (Takuya Noguchi)
- Adds gl button classes to manifest imports. !48697
- Add btree bloat estimation view. !48698
- Disable auto admin mode on requests and views specs. !48700 (Diego Louzán)
- Move users#show.json to users#activity.json. !48712 (Takuya Noguchi)
- Remove `view_diffs_file_by_file` feature flag. !48966
- Move profiles/keys#get_keys to users#ssh_keys. !48991 (Takuya Noguchi)
- Replace wiki fontawesome icons with emojis. !49097
- Add a project setting to allow editing commit messages. !49152
- Updated UI text to match style guidelines. !49275
- Move profiles/gpg_keys#get_keys to users#gpg_keys. !49448 (Takuya Noguchi)
- Remove references to cross_project_pipeline source in documentation. !49579
- Updated UI text to match style guidelines. !49632
- Migrate bs-callout to GlAlert for components using app/assets/javascripts/vue_shared/components/callout.vue. !49732 (Gary Bell @garybell)
- Bump gitlab-shell version to v13.14.0. !49810
- Track index bloat estimate. !49822
- Conver create merge request button to gl. !49864
- Adds gitlab ui classes to project dir buttons. !49939
- Removed count_uploads_size_in_storage_stats feature flag. !49998
- Delete MockDeploymentService records, used only in development environments. !50030
- Add feed_token specs to spec/features/profiles/personal_access_tokens_spec.rb. !50059
- Replace spec/controllers/ide_controller_spec.rb with request spec. !50075 (Takuya Noguchi)
- Update GitLab Workhorse to v8.57.0.


3110
3111
3112
3113
3114
3115