CHANGELOG 146 KB
Newer Older
1 2
Please view this file on the master branch, on stable branches it's out of date.

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
3
v 8.9.0 (unreleased)
4
  - Allow enabling wiki page events from Webhook management UI
5
  - Make EmailsOnPushWorker use Sidekiq mailers queue
6
  - Fix wiki page events' webhook to point to the wiki repository
7
  - Fix issue todo not remove when leave project !4150 (Long Nguyen)
8
  - Allow forking projects with restricted visibility level
9
  - Improve note validation to prevent errors when creating invalid note via API
10
  - Reduce number of fog gem dependencies
11
  - Remove project notification settings associated with deleted projects
12
  - Fix 404 page when viewing TODOs that contain milestones or labels in different projects
13
  - Redesign navigation for project pages
14
  - Fix groups API to list only user's accessible projects
15
  - Redesign account and email confirmation emails
16
  - Use gitlab-shell v3.0.0
17
  - Add `sha` parameter to MR merge API, to ensure only reviewed changes are merged
18
  - Don't allow MRs to be merged when commits were added since the last review / page load
Stan Hu's avatar
Stan Hu committed
19
  - Add DB index on users.state
20
  - Add rake task 'gitlab:db:configure' for conditionally seeding or migrating the database
Aran Koning's avatar
Aran Koning committed
21
  - Changed the Slack build message to use the singular duration if necessary (Aran Koning)
22
  - Fix issues filter when ordering by milestone
Alfredo Sumaran's avatar
Alfredo Sumaran committed
23
  - Todos will display target state if issuable target is 'Closed' or 'Merged'
24
  - Fix bug when sorting issues by milestone due date and filtering by two or more labels
Sean McGivern's avatar
Sean McGivern committed
25
  - Link to blank group icon doesn't throw a 404 anymore
Josh Frye's avatar
Josh Frye committed
26
  - Remove 'main language' feature
27
  - Pipelines can be canceled only when there are running builds
28
  - Use downcased path to container repository as this is expected path by Docker
29
  - Projects pending deletion will render a 404 page
30
  - Measure queue duration between gitlab-workhorse and Rails
31
  - Make authentication service for Container Registry to be compatible with < Docker 1.11
32
  - Add Application Setting to configure Container Registry token expire delay (default 5min)
33
  - Cache assigned issue and merge request counts in sidebar nav
Josh Frye's avatar
Josh Frye committed
34
  - Cache project build count in sidebar nav
35
  - Reduce number of queries needed to render issue labels in the sidebar
James Lopez's avatar
James Lopez committed
36
  - Improve error handling importing projects
37
  - Put project Files and Commits tabs under Code tab
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
38

39 40
v 8.8.4
  - Fix todos page throwing errors when you have a project pending deletion
41
  - Reduce number of SQL queries when rendering user references
42

43 44 45
v 8.8.4 (unreleased)
  - Ensure branch cleanup regardless of whether the GitHub import process succeeds

James Lopez's avatar
James Lopez committed
46
v 8.8.3
Robert Speicher's avatar
Robert Speicher committed
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
  - Fix 404 page when viewing TODOs that contain milestones or labels in different projects. !4312
  - Fixed JS error when trying to remove discussion form. !4303
  - Fixed issue with button color when no CI enabled. !4287
  - Fixed potential issue with 2 CI status polling events happening. !3869
  - Improve design of Pipeline view. !4230
  - Fix gitlab importer failing to import new projects due to missing credentials. !4301
  - Fix import URL migration not rescuing with the correct Error. !4321
  - Fix health check access token changing due to old application settings being used. !4332
  - Make authentication service for Container Registry to be compatible with Docker versions before 1.11. !4363
  - Add Application Setting to configure Container Registry token expire delay (default 5 min). !4364
  - Pass the "Remember me" value to the 2FA token form. !4369
  - Fix incorrect links on pipeline page when merge request created from fork.  !4376
  - Use downcased path to container repository as this is expected path by Docker. !4420
  - Fix wiki project clone address error (chujinjin). !4429
  - Fix serious performance bug with rendering Markdown with InlineDiffFilter.  !4392
  - Fix missing number on generated ordered list element. !4437
  - Prevent disclosure of notes on confidential issues in search results.
James Lopez's avatar
James Lopez committed
64

Robert Speicher's avatar
Robert Speicher committed
65 66 67 68 69 70 71 72 73 74
v 8.8.2
  - Added remove due date button. !4209
  - Fix Error 500 when accessing application settings due to nil disabled OAuth sign-in sources. !4242
  - Fix Error 500 in CI charts by gracefully handling commits with no durations. !4245
  - Fix table UI on CI builds page. !4249
  - Fix backups if registry is disabled. !4263
  - Fixed issue with merge button color. !4211
  - Fixed issue with enter key selecting wrong option in dropdown. !4210
  - When creating a .gitignore file a dropdown with templates will be provided. !4075
  - Fix concurrent request when updating build log in browser. !4183
75

Robert Speicher's avatar
Robert Speicher committed
76 77
v 8.8.1
  - Add documentation for the "Health Check" feature
Robert Speicher's avatar
Robert Speicher committed
78
  - Allow anonymous users to access a public project's pipelines !4233
79
  - Fix MySQL compatibility in zero downtime migrations helpers
80
  - Fix the CI login to Container Registry (the gitlab-ci-token user)
81

Robert Speicher's avatar
Robert Speicher committed
82
v 8.8.0
Douwe Maan's avatar
Douwe Maan committed
83
  - Implement GFM references for milestones (Alejandro Rodríguez)
84
  - Snippets tab under user profile. !4001 (Long Nguyen)
85
  - Fix error when using link to uploads in global snippets
86
  - Fix Error 500 when attempting to retrieve project license when HEAD points to non-existent ref
87
  - Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
88
  - Use a case-insensitive comparison in sanitizing URI schemes
89
  - Toggle sign-up confirmation emails in application settings
90
  - Make it possible to prevent tagged runner from picking untagged jobs
91 92
  - Added `InlineDiffFilter` to the markdown parser. (Adam Butler)
  - Added inline diff styling for `change_title` system notes. (Adam Butler)
93
  - Project#open_branches has been cleaned up and no longer loads entire records into memory.
94
  - Escape HTML in commit titles in system note messages
95
  - Improve design of Pipeline View
Kamil Trzcinski's avatar
Kamil Trzcinski committed
96
  - Fix scope used when accessing container registry
97
  - Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios
98
  - Improve multiple branch push performance by memoizing permission checking
99
  - Log to application.log when an admin starts and stops impersonating a user
100
  - Changing the confidentiality of an issue now creates a new system note (Alex Moore-Niemi)
101 102
  - Updated gitlab_git to 10.1.0
  - GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
103
  - Reduce delay in destroying a project from 1-minute to immediately
104
  - Make build status canceled if any of the jobs was canceled and none failed
Stan Hu's avatar
Stan Hu committed
105
  - Upgrade Sidekiq to 4.1.2
DJ Mountney's avatar
DJ Mountney committed
106
  - Added /health_check endpoint for checking service status
107
  - Make 'upcoming' filter for milestones work better across projects
108
  - Sanitize repo paths in new project error message
109
  - Bump mail_room to 0.7.0 to fix stuck IDLE connections
110
  - Remove future dates from contribution calendar graph.
111
  - Support e-mail notifications for comments on project snippets
112
  - Fix API leak of notes of unauthorized issues, snippets and merge requests
113
  - Use ActionDispatch Remote IP for Akismet checking
114
  - Fix error when visiting commit builds page before build was updated
115
  - Add 'l' shortcut to open Label dropdown on issuables and 'i' to create new issue on a project
116
  - Update SVG sanitizer to conform to SVG 1.1
117
  - Speed up push emails with multiple recipients by only generating the email once
Phil Hughes's avatar
Phil Hughes committed
118
  - Updated search UI
Kamil Trzcinski's avatar
Kamil Trzcinski committed
119
  - Added authentication service for Container Registry
120
  - Display informative message when new milestone is created
121
  - Sanitize milestones and labels titles
122
  - Support multi-line tag messages. !3833 (Calin Seciu)
123
  - Force users to reset their password after an admin changes it
124
  - Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
Alfredo Sumaran's avatar
Alfredo Sumaran committed
125
  - Added button to toggle whitespaces changes on diff view
126
  - Backport GitHub Enterprise import support from EE
127
  - Create tags using Rugged for performance reasons. !3745
Felipe Artur's avatar
Felipe Artur committed
128
  - Allow guests to set notification level in projects
129
  - API: Expose Issue#user_notes_count. !3126 (Anton Popov)
130
  - Don't show forks button when user can't view forks
131
  - Fix atom feed links and rendering
132
  - Files over 5MB can only be viewed in their raw form, files over 1MB without highlighting !3718
133
  - Add support for supressing text diffs using .gitattributes on the default branch (Matt Oakes)
134
  - Add eager load paths to help prevent dependency load issues in Sidekiq workers. !3724
Jacob Schatz's avatar
Jacob Schatz committed
135
  - Added multiple colors for labels in dropdowns when dups happen.
136
  - Show commits in the same order as `git log`
137
  - Improve description for the Two-factor Authentication sign-in screen. (Connor Shea)
138
  - API support for the 'since' and 'until' operators on commit requests (Paco Guzman)
139
  - Fix Gravatar hint in user profile when Gravatar is disabled. !3988 (Artem Sidorenko)
140
  - Expire repository exists? and has_visible_content? caches after a push if necessary
141
  - Fix unintentional filtering bug in Issue/MR sorted by milestone due (Takuya Noguchi)
142
  - Fix adding a todo for private group members (Ahmad Sherif)
Alfredo Sumaran's avatar
Alfredo Sumaran committed
143
  - Bump ace-rails-ap gem version from 2.0.1 to 4.0.2 which upgrades Ace Editor from 1.1.2 to 1.2.3
144
  - Total method execution timings are no longer tracked
Andrei Gliga's avatar
Andrei Gliga committed
145
  - Allow Admins to remove the Login with buttons for OAuth services and still be able to import !4034. (Andrei Gliga)
146
  - Add API endpoints for un/subscribing from/to a label. !4051 (Ahmad Sherif)
147 148
  - Hide left sidebar on phone screens to give more space for content
  - Redesign navigation for profile and group pages
149
  - Add counter metrics for rails cache
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
150
  - Import pull requests from GitHub where the source or target branches were removed
151
  - All Grape API helpers are now instrumented
152
  - Improve Issue formatting for the Slack Service (Jeroen van Baarsen)
Ludovic Perrine's avatar
Ludovic Perrine committed
153
  - Fixed advice on invalid permissions on upload path !2948 (Ludovic Perrine)
154
  - Allows MR authors to have the source branch removed when merging the MR. !2801 (Jeroen Jacobs)
Alfredo Sumaran's avatar
Alfredo Sumaran committed
155
  - When creating a .gitignore file a dropdown with templates will be provided
156

James Lopez's avatar
James Lopez committed
157 158 159
v 8.7.7
  - Fix import by `Any Git URL` broken if the URL contains a space

160 161
v 8.7.6
  - Fix links on wiki pages for relative url setups. !4131 (Artem Sidorenko)
Rémy Coutable's avatar
Rémy Coutable committed
162 163
  - Fix import from GitLab.com to a private instance failure. !4181
  - Fix external imports not finding the import data. !4106
164
  - Fix notification delay when changing status of an issue
James Lopez's avatar
James Lopez committed
165

Timothy Andrew's avatar
Timothy Andrew committed
166 167
v 8.7.5
  - Fix relative links in wiki pages. !4050
Yorick Peterse's avatar
Yorick Peterse committed
168 169
  - Fix always showing build notification message when switching between merge requests !4086
  - Fix an issue when filtering merge requests with more than one label. !3886
170
  - Fix short note for the default scope on build page (Takuya Noguchi)
Timothy Andrew's avatar
Timothy Andrew committed
171

172
v 8.7.4
173 174 175 176 177 178 179
  - Links for Redmine issue references are generated correctly again !4048 (Benedikt Huss)
  - Fix setting trusted proxies !3970
  - Fix BitBucket importer bug when throwing exceptions !3941
  - Use sign out path only if not empty !3989
  - Running rake gitlab:db:drop_tables now drops tables with cascade !4020
  - Running rake gitlab:db:drop_tables uses "IF EXISTS" as a precaution !4100
  - Use a case-insensitive comparison in sanitizing URI schemes
180

181 182
v 8.7.3
  - Emails, Gitlab::Email::Message, Gitlab::Diff, and Premailer::Adapter::Nokogiri are now instrumented
183
  - Merge request widget displays TeamCity build state and code coverage correctly again.
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
184
  - Fix the line code when importing PR review comments from GitHub. !4010
185
  - Wikis are now initialized on legacy projects when checking repositories
186
  - Remove animate.css in favor of a smaller subset of animations. !3937 (Connor Shea)
187

Yorick Peterse's avatar
Yorick Peterse committed
188
v 8.7.2
189
  - The "New Branch" button is now loaded asynchronously
190
  - Fix error 500 when trying to create a wiki page
Yorick Peterse's avatar
Yorick Peterse committed
191
  - Updated spacing between notification label and button
192
  - Label titles in filters are now escaped properly
193 194

v 8.7.1
195
  - Throttle the update of `project.last_activity_at` to 1 minute. !3848
196 197 198
  - Fix .gitlab-ci.yml parsing issue when hidde job is a template without script definition. !3849
  - Fix license detection to detect all license files, not only known licenses. !3878
  - Use the `can?` helper instead of `current_user.can?`. !3882
199
  - Prevent users from deleting Webhooks via API they do not own
200
  - Fix Error 500 due to stale cache when projects are renamed or transferred
201
  - Update width of search box to fix Safari bug. !3900 (Jedidiah)
202
  - Use the `can?` helper instead of `current_user.can?`
203 204

v 8.7.0
205
  - Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
206
  - Fix vulnerability that made it possible to gain access to private labels and milestones
207
  - The number of InfluxDB points stored per UDP packet can now be configured
208
  - Fix error when cross-project label reference used with non-existent project
209
  - Transactions for /internal/allowed now have an "action" tag set
210
  - Method instrumentation now uses Module#prepend instead of aliasing methods
211
  - Repository.clean_old_archives is now instrumented
212
  - Add support for environment variables on a job level in CI configuration file
213
  - SQL query counts are now tracked per transaction
Rémy Coutable's avatar
Rémy Coutable committed
214 215 216 217
  - The Projects::HousekeepingService class has extra instrumentation
  - All service classes (those residing in app/services) are now instrumented
  - Developers can now add custom tags to transactions
  - Loading of an issue's referenced merge requests and related branches is now done asynchronously
218
  - Enable gzip for assets, makes the page size significantly smaller. !3544 / !3632 (Connor Shea)
Robert Speicher's avatar
Robert Speicher committed
219
  - Add support to cherry-pick any commit into any branch in the web interface (Minqi Pan)
Rémy Coutable's avatar
Rémy Coutable committed
220
  - Project switcher uses new dropdown styling
221
  - Load award emoji images separately unless opening the full picker. Saves several hundred KBs of data for most pages. (Connor Shea)
222
  - Do not include award_emojis in issue and merge_request comment_count !3610 (Lucas Charles)
Felipe Artur's avatar
Felipe Artur committed
223
  - Restrict user profiles when public visibility level is restricted.
Rémy Coutable's avatar
Rémy Coutable committed
224
  - Add ability set due date to issues, sort and filter issues by due date (Mehmet Beydogan)
225
  - All images in discussions and wikis now link to their source files !3464 (Connor Shea).
226
  - Return status code 303 after a branch DELETE operation to avoid project deletion (Stan Hu)
227
  - Add setting for customizing the list of trusted proxies !3524
Felipe Artur's avatar
Felipe Artur committed
228
  - Allow projects to be transfered to a lower visibility level group
229
  - Fix `signed_in_ip` being set to 127.0.0.1 when using a reverse proxy !3524
Rémy Coutable's avatar
Rémy Coutable committed
230
  - Improved Markdown rendering performance !3389
231
  - Make shared runners text in box configurable
232
  - Don't attempt to look up an avatar in repo if repo directory does not exist (Stan Hu)
233
  - API: Ability to subscribe and unsubscribe from issues and merge requests (Robert Schilling)
234
  - Expose project badges in project settings
235
  - Make /profile/keys/new redirect to /profile/keys for back-compat. !3717
236
  - Preserve time notes/comments have been updated at when moving issue
Rémy Coutable's avatar
Rémy Coutable committed
237
  - Make HTTP(s) label consistent on clone bar (Stan Hu)
238
  - Add support for `after_script`, requires Runner 1.2 (Kamil Trzciński)
239
  - Expose label description in API (Mariusz Jachimowicz)
240
  - API: Ability to update a group (Robert Schilling)
241
  - API: Ability to move issues (Robert Schilling)
242
  - Fix Error 500 after renaming a project path (Stan Hu)
243
  - Fix a bug whith trailing slash in teamcity_url (Charles May)
244
  - Allow back dating on issues when created or updated through the API
245
  - Allow back dating on issue notes when created through the API
246 247
  - Propose license template when creating a new LICENSE file
  - API: Expose /licenses and /licenses/:key
Alfredo Sumaran's avatar
Alfredo Sumaran committed
248
  - Fix avatar stretching by providing a cropping feature
249
  - API: Expose `subscribed` for issues and merge requests (Robert Schilling)
Patricio Cano's avatar
Patricio Cano committed
250
  - Allow SAML to handle external users based on user's information !3530
Patricio Cano's avatar
Patricio Cano committed
251
  - Allow Omniauth providers to be marked as `external` !3657
252
  - Add endpoints to archive or unarchive a project !3372
253
  - Fix a bug whith trailing slash in bamboo_url
254
  - Add links to CI setup documentation from project settings and builds pages
255
  - Display project members page to all members
256
  - Handle nil descriptions in Slack issue messages (Stan Hu)
257
  - Add automated repository integrity checks (OFF by default)
Robert Schilling's avatar
Robert Schilling committed
258
  - API: Expose open_issues_count, closed_issues_count, open_merge_requests_count for labels (Robert Schilling)
259
  - API: Ability to star and unstar a project (Robert Schilling)
260
  - Add default scope to projects to exclude projects pending deletion
261
  - Allow to close merge requests which source projects(forks) are deleted.
262
  - Ensure empty recipients are rejected in BuildsEmailService
P.S.V.R's avatar
P.S.V.R committed
263
  - Use rugged to change HEAD in Project#change_head (P.S.V.R)
264
  - API: Ability to filter milestones by state `active` and `closed` (Robert Schilling)
265
  - API: Fix milestone filtering by `iid` (Robert Schilling)
266
  - Make before_script and after_script overridable on per-job (Kamil Trzciński)
Robert Schilling's avatar
Robert Schilling committed
267
  - API: Delete notes of issues, snippets, and merge requests (Robert Schilling)
268
  - Implement 'Groups View' as an option for dashboard preferences !3379 (Elias W.)
Felipe Artur's avatar
Felipe Artur committed
269
  - Better errors handling when creating milestones inside groups
270
  - Fix high CPU usage when PostReceive receives refs/merge-requests/<id>
271
  - Hide `Create a group` help block when creating a new project in a group
272
  - Implement 'TODOs View' as an option for dashboard preferences !3379 (Elias W.)
273
  - Allow issues and merge requests to be assigned to the author !2765
Kamil Trzcinski's avatar
Kamil Trzcinski committed
274
  - Make Ci::Commit to group only similar builds and make it stateful (ref, tag)
275
  - Gracefully handle notes on deleted commits in merge requests (Stan Hu)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
276
  - Decouple membership and notifications
277
  - Fix creation of merge requests for orphaned branches (Stan Hu)
Robert Schilling's avatar
Robert Schilling committed
278
  - API: Ability to retrieve a single tag (Robert Schilling)
279
  - While signing up, don't persist the user password across form redisplays
Rémy Coutable's avatar
Rémy Coutable committed
280
  - Fall back to `In-Reply-To` and `References` headers when sub-addressing is not available (David Padilla)
281
  - Remove "Congratulations!" tweet button on newly-created project. (Connor Shea)
PotHix's avatar
PotHix committed
282
  - Fix admin/projects when using visibility levels on search (PotHix)
283
  - Build status notifications
Phil Hughes's avatar
Phil Hughes committed
284
  - Update email confirmation interface
285
  - API: Expose user location (Robert Schilling)
286
  - API: Do not leak group existence via return code (Robert Schilling)
Jacob Schatz's avatar
Jacob Schatz committed
287
  - ClosingIssueExtractor regex now also works with colons. e.g. "Fixes: #1234" !3591
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
288
  - Update number of Todos in the sidebar when it's marked as "Done". !3600
Timothy Andrew's avatar
Timothy Andrew committed
289
  - Sanitize branch names created for confidential issues
290
  - API: Expose 'updated_at' for issue, snippet, and merge request notes (Robert Schilling)
291
  - API: User can leave a project through the API when not master or owner. !3613
292
  - Fix repository cache invalidation issue when project is recreated with an empty repo (Stan Hu)
293
  - Fix: Allow empty recipients list for builds emails service when pushed is added (Frank Groeneveld)
Phil Hughes's avatar
Phil Hughes committed
294
  - Improved markdown forms
295 296 297
  - Diff design updates (colors, button styles, etc)
  - Copying and pasting a diff no longer pastes the line numbers or +/-
  - Add null check to formData when updating profile content to fix Firefox bug
Arinde Eniola's avatar
Arinde Eniola committed
298
  - Disable spellcheck and autocorrect for username field in admin page
Robert Schilling's avatar
Robert Schilling committed
299
  - Delete tags using Rugged for performance reasons (Robert Schilling)
Sebastian Klier's avatar
Sebastian Klier committed
300
  - Add Slack notifications when Wiki is edited (Sebastian Klier)
Phil Hughes's avatar
Phil Hughes committed
301 302
  - Diffs load at the correct point when linking from from number
  - Selected diff rows highlight
Valery Sizov's avatar
Valery Sizov committed
303
  - Fix emoji categories in the emoji picker
304
  - API: Properly display annotated tags for GET /projects/:id/repository/tags (Robert Schilling)
James Lopez's avatar
James Lopez committed
305
  - Add encrypted credentials for imported projects and migrate old ones
306
  - Properly format all merge request references with ! rather than # !3740 (Ben Bodenmiller)
Alfredo Sumaran's avatar
Alfredo Sumaran committed
307
  - Author and participants are displayed first on users autocompletion
BaldinoF's avatar
BaldinoF committed
308
  - Show number sign on external issue reference text (Florent Baldino)
Phil Hughes's avatar
Phil Hughes committed
309
  - Updated print style for issues
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
310
  - Use GitHub Issue/PR number as iid to keep references
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
311
  - Import GitHub labels
Alfredo Sumaran's avatar
Alfredo Sumaran committed
312
  - Add option to filter by "Owned projects" on dashboard page
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
313
  - Import GitHub milestones
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
314
  - Execute system web hooks on push to the project
315
  - Allow enable/disable push events for system hooks
316
  - Fix GitHub project's link in the import page when provider has a custom URL
Tomasz Maczukin's avatar
Tomasz Maczukin committed
317
  - Add RAW build trace output and button on build page
Tomasz Maczukin's avatar
Tomasz Maczukin committed
318
  - Add incremental build trace update into CI API
Rémy Coutable's avatar
Rémy Coutable committed
319

320 321 322 323 324 325 326 327 328 329 330 331 332
v 8.6.8
  - Prevent privilege escalation via "impersonate" feature
  - Prevent privilege escalation via notes API
  - Prevent privilege escalation via project webhook API
  - Prevent XSS via Git branch and tag names
  - Prevent XSS via custom issue tracker URL
  - Prevent XSS via `window.opener`
  - Prevent XSS via label drop-down
  - Prevent information disclosure via milestone API
  - Prevent information disclosure via snippet API
  - Prevent information disclosure via project labels
  - Prevent information disclosure via new merge request page

333
v 8.6.7
Robert Speicher's avatar
Robert Speicher committed
334 335
  - Fix persistent XSS vulnerability in `commit_person_link` helper
  - Fix persistent XSS vulnerability in Label and Milestone dropdowns
336 337
  - Fix vulnerability that made it possible to enumerate private projects belonging to group

338
v 8.6.6
Rémy Coutable's avatar
Rémy Coutable committed
339 340 341
  - Expire the exists cache before deletion to ensure project dir actually exists (Stan Hu). !3413
  - Fix error on language detection when repository has no HEAD (e.g., master branch) (Jeroen Bobbeldijk). !3654
  - Fix revoking of authorized OAuth applications (Connor Shea). !3690
Jeroen Bobbeldijk's avatar
Jeroen Bobbeldijk committed
342
  - Fix error on language detection when repository has no HEAD (e.g., master branch). !3654 (Jeroen Bobbeldijk)
Phil Hughes's avatar
Phil Hughes committed
343 344
  - Issuable header is consistent between issues and merge requests
  - Improved spacing in issuable header on mobile
345

346 347 348 349 350 351 352 353
v 8.6.5
  - Fix importing from GitHub Enterprise. !3529
  - Perform the language detection after updating merge requests in `GitPushService`, leading to faster visual feedback for the end-user. !3533
  - Check permissions when user attempts to import members from another project. !3535
  - Only update repository language if it is not set to improve performance. !3556
  - Return status code 303 after a branch DELETE operation to avoid project deletion (Stan Hu). !3583
  - Unblock user when active_directory is disabled and it can be found !3550
  - Fix a 2FA authentication spoofing vulnerability.
354

Rémy Coutable's avatar
Rémy Coutable committed
355 356
v 8.6.4
  - Don't attempt to fetch any tags from a forked repo (Stan Hu)
357
  - Redesign the Labels page
Rémy Coutable's avatar
Rémy Coutable committed
358

359 360
v 8.6.3
  - Mentions on confidential issues doesn't create todos for non-members. !3374
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
361 362
  - Destroy related todos when an Issue/MR is deleted. !3376
  - Fix error 500 when target is nil on todo list. !3376
363 364 365 366
  - Fix copying uploads when moving issue to another project. !3382
  - Ensuring Merge Request API returns boolean values for work_in_progress (Abhi Rao). !3432
  - Fix raw/rendered diff producing different results on merge requests. !3450
  - Fix commit comment alignment (Stan Hu). !3466
367
  - Fix Error 500 when searching for a comment in a project snippet. !3468
368 369 370
  - Allow temporary email as notification email. !3477
  - Fix issue with dropdowns not selecting values. !3478
  - Update gitlab-shell version and doc to 2.6.12. gitlab-org/gitlab-ee!280
371

Rémy Coutable's avatar
Rémy Coutable committed
372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392
v 8.6.2
  - Fix dropdown alignment. !3298
  - Fix issuable sidebar overlaps on tablet. !3299
  - Make dropdowns pixel perfect. !3337
  - Fix order of steps to prevent PostgreSQL errors when running migration. !3355
  - Fix bold text in issuable sidebar. !3358
  - Fix error with anonymous token in applications settings. !3362
  - Fix the milestone 'upcoming' filter. !3364 + !3368
  - Fix comments on confidential issues showing up in activity feed to non-members. !3375
  - Fix `NoMethodError` when visiting CI root path at `/ci`. !3377
  - Add a tooltip to new branch button in issue page. !3380
  - Fix an issue hiding the password form when signed-in with a linked account. !3381
  - Add links to CI setup documentation from project settings and builds pages. !3384
  - Fix an issue with width of project select dropdown. !3386
  - Remove redundant `require`s from Banzai files. !3391
  - Fix error 500 with cancel button on issuable edit form. !3392 + !3417
  - Fix background when editing a highlighted note. !3423
  - Remove tabstop from the WIP toggle links. !3426
  - Ensure private project snippets are not viewable by unauthorized people.
  - Gracefully handle notes on deleted commits in merge requests (Stan Hu). !3402
  - Fixed issue with notification settings not saving. !3452
393

Rémy Coutable's avatar
Rémy Coutable committed
394 395 396 397 398 399 400 401 402 403 404 405 406 407
v 8.6.1
  - Add option to reload the schema before restoring a database backup. !2807
  - Display navigation controls on mobile. !3214
  - Fixed bug where participants would not work correctly on merge requests. !3329
  - Fix sorting issues by votes on the groups issues page results in SQL errors. !3333
  - Restrict notifications for confidential issues. !3334
  - Do not allow to move issue if it has not been persisted. !3340
  - Add a confirmation step before deleting an issuable. !3341
  - Fixes issue with signin button overflowing on mobile. !3342
  - Auto collapses the navigation sidebar when resizing. !3343
  - Fix build dependencies, when the dependency is a string. !3344
  - Shows error messages when trying to create label in dropdown menu. !3345
  - Fixes issue with assign milestone not loading milestone list. !3346
  - Fix an issue causing the Dashboard/Milestones page to be blank. !3348
Rémy Coutable's avatar
Rémy Coutable committed
408 409

v 8.6.0
410
  - Add ability to move issue to another project
James Lopez's avatar
James Lopez committed
411
  - Prevent tokens in the import URL to be showed by the UI
412
  - Fix bug where wrong commit ID was being used in a merge request diff to show old image (Stan Hu)
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
413
  - Add confidential issues
Stan Hu's avatar
Stan Hu committed
414
  - Bump gitlab_git to 9.0.3 (Stan Hu)
415
  - Fix diff image view modes (2-up, swipe, onion skin) not working (Stan Hu)
416
  - Support Golang subpackage fetching (Stan Hu)
Stan Hu's avatar
Stan Hu committed
417
  - Bump Capybara gem to 2.6.2 (Stan Hu)
418
  - New branch button appears on issues where applicable
419
  - Contributions to forked projects are included in calendar
420
  - Improve the formatting for the user page bio (Connor Shea)
421
  - Easily (un)mark merge request as WIP using link
422
  - Use specialized system notes when MR is (un)marked as WIP
423 424 425
  - Removed the default password from the initial admin account created during
    setup. A password can be provided during setup (see installation docs), or
    GitLab will ask the user to create a new one upon first visit.
James Lopez's avatar
James Lopez committed
426
  - Fix issue when pushing to projects ending in .wiki
Rémy Coutable's avatar
Rémy Coutable committed
427
  - Properly display YAML front matter in Markdown
428
  - Add support for wiki with UTF-8 page names (Hiroyuki Sato)
429
  - Fix wiki search results point to raw source (Hiroyuki Sato)
430
  - Don't load all of GitLab in mail_room
Rémy Coutable's avatar
Rémy Coutable committed
431
  - Add information about `image` and `services` field at `job` level in the `.gitlab-ci.yml` documentation (Pat Turner)
432
  - HTTP error pages work independently from location and config (Artem Sidorenko)
433
  - Update `omniauth-saml` to 1.5.0 to allow for custom response attributes to be set
434
  - Memoize @group in Admin::GroupsController (Yatish Mehta)
435
  - Indicate how much an MR diverged from the target branch (Pierre de La Morinerie)
436
  - Added omniauth-auth0 Gem (Daniel Carraro)
437
  - Add label description in tooltip to labels in issue index and sidebar
438
  - Strip leading and trailing spaces in URL validator (evuez)
439
  - Add "last_sign_in_at" and "confirmed_at" to GET /users/* API endpoints for admins (evuez)
440
  - Return empty array instead of 404 when commit has no statuses in commit status API
441
  - Decrease the font size and the padding of the `.anchor` icons used in the README (Roberto Dip)
442
  - Rewrite logo to simplify SVG code (Sean Lang)
443 444
  - Allow to use YAML anchors when parsing the `.gitlab-ci.yml` (Pascal Bach)
  - Ignore jobs that start with `.` (hidden jobs)
445
  - Hide builds from project's settings when the feature is disabled
446
  - Allow to pass name of created artifacts archive in `.gitlab-ci.yml`
447
  - Refactor and greatly improve search performance
448
  - Add support for cross-project label references
449
  - Ensure "new SSH key" email do not ends up as dead Sidekiq jobs
450
  - Update documentation to reflect Guest role not being enforced on internal projects
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
451
  - Allow search for logged out users
452
  - Allow to define on which builds the current one depends on
453
  - Allow user subscription to a label: get notified for issues/merge requests related to that label (Timothy Andrew)
454
  - Fix bug where Bitbucket `closed` issues were imported as `opened` (Iuri de Silvio)
Rubén Dávila's avatar
Rubén Dávila committed
455
  - Don't show Issues/MRs from archived projects in Groups view
456
  - Fix wrong "iid of max iid" in Issuable sidebar for some merged MRs
457
  - Fix empty source_sha on Merge Request when there is no diff (Pierre de La Morinerie)
Alfredo Sumaran's avatar
Alfredo Sumaran committed
458
  - Increase the notes polling timeout over time (Roberto Dip)
459
  - Add shortcut to toggle markdown preview (Florent Baldino)
460
  - Show labels in dashboard and group milestone views
461
  - Fix an issue when the target branch of a MR had been deleted
tiagonbotelho's avatar
tiagonbotelho committed
462
  - Add main language of a project in the list of projects (Tiago Botelho)
463
  - Add #upcoming filter to Milestone filter (Tiago Botelho)
464
  - Add ability to show archived projects on dashboard, explore and group pages
465
  - Remove fork link closes all merge requests opened on source project (Florent Baldino)
466
  - Move group activity to separate page
467
  - Create external users which are excluded of internal and private projects unless access was explicitly granted
Zeger-Jan van de Weg's avatar
Zeger-Jan van de Weg committed
468
  - Continue parameters are checked to ensure redirection goes to the same instance
469
  - User deletion is now done in the background so the request can not time out
Geoffrey Lalonde's avatar
Geoffrey Lalonde committed
470
  - Canceled builds are now ignored in compound build status if marked as `allowed to fail`
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
471
  - Trigger a todo for mentions on commits page
472
  - Let project owners and admins soft delete issues and merge requests
Rémy Coutable's avatar
Rémy Coutable committed
473

474 475 476 477 478 479 480 481 482 483 484
v 8.5.12
  - Prevent privilege escalation via "impersonate" feature
  - Prevent privilege escalation via notes API
  - Prevent privilege escalation via project webhook API
  - Prevent XSS via Git branch and tag names
  - Prevent XSS via custom issue tracker URL
  - Prevent XSS via `window.opener`
  - Prevent information disclosure via snippet API
  - Prevent information disclosure via project labels
  - Prevent information disclosure via new merge request page

485 486 487
v 8.5.11
  - Fix persistent XSS vulnerability in `commit_person_link` helper

488 489 490
v 8.5.10
  - Fix a 2FA authentication spoofing vulnerability.

Rémy Coutable's avatar
Rémy Coutable committed
491 492 493
v 8.5.9
  - Don't attempt to fetch any tags from a forked repo (Stan Hu).

494 495 496
v 8.5.8
  - Bump Git version requirement to 2.7.4

Douwe Maan's avatar
Douwe Maan committed
497
v 8.5.7
498
  - Bump Git version requirement to 2.7.3
Rémy Coutable's avatar
Rémy Coutable committed
499

Rémy Coutable's avatar
Rémy Coutable committed
500 501 502
v 8.5.6
  - Obtain a lease before querying LDAP

Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
503
v 8.5.5
Rémy Coutable's avatar
Rémy Coutable committed
504 505 506 507
  - Ensure removing a project removes associated Todo entries
  - Prevent a 500 error in Todos when author was removed
  - Fix pagination for filtered dashboard and explore pages
  - Fix "Show all" link behavior
Rémy Coutable's avatar
Rémy Coutable committed
508

509
v 8.5.4
510 511
  - Do not cache requests for badges (including builds badge)

Rémy Coutable's avatar
Rémy Coutable committed
512 513
v 8.5.3
  - Flush repository caches before renaming projects
514
  - Sort starred projects on dashboard based on last activity by default
Rubén Dávila's avatar
Rubén Dávila committed
515
  - Show commit message in JIRA mention comment
516
  - Makes issue page and merge request page usable on mobile browsers.
Phil Hughes's avatar
Phil Hughes committed
517
  - Improved UI for profile settings
Rémy Coutable's avatar
Rémy Coutable committed
518

Robert Speicher's avatar
Robert Speicher committed
519 520
v 8.5.2
  - Fix sidebar overlapping content when screen width was below 1200px
521 522
  - Don't repeat labels listed on Labels tab
  - Bring the "branded appearance" feature from EE to CE
Robert Speicher's avatar
Robert Speicher committed
523
  - Fix error 500 when commenting on a commit
524
  - Show days remaining instead of elapsed time for Milestone
525
  - Fix broken icons on installations with relative URL (Artem Sidorenko)
526
  - Fix issue where tag list wasn't refreshed after deleting a tag
Kazuki Sawada's avatar
Kazuki Sawada committed
527
  - Fix import from gitlab.com (KazSawada)
528 529
  - Improve implementation to check read access to forks and add pagination
  - Don't show any "2FA required" message if it's not actually required
530
  - Fix help keyboard shortcut on relative URL setups (Artem Sidorenko)
531 532
  - Update Rails to 4.2.5.2
  - Fix permissions for deprecated CI build status badge
533
  - Don't show "Welcome to GitLab" when the search didn't return any projects
534
  - Add Todos documentation
Rémy Coutable's avatar
Rémy Coutable committed
535 536 537

v 8.5.1
  - Fix group projects styles
538
  - Show Crowd login tab when sign in is disabled and Crowd is enabled (Peter Hudec)
Rémy Coutable's avatar
Rémy Coutable committed
539 540 541 542 543 544 545 546 547 548
  - Fix a set of small UI glitches in project, profile, and wiki pages
  - Restrict permissions on public/uploads
  - Fix the merge request side-by-side view after loading diff results
  - Fix the look of tooltip for the "Revert" button
  - Add when the Builds & Runners API changes got introduced
  - Fix error 500 on some merged merge requests
  - Fix an issue causing the content of the issuable sidebar to disappear
  - Fix error 500 when trying to mark an already done todo as "done"
  - Fix an issue where MRs weren't sortable
  - Issues can now be dragged & dropped into empty milestone lists. This is also
549
    possible with MRs
Rémy Coutable's avatar
Rémy Coutable committed
550 551 552
  - Changed padding & background color for highlighted notes
  - Re-add the newrelic_rpm gem which was removed without any deprecation or warning (Stan Hu)
  - Update sentry-raven gem to 0.15.6
553
  - Add build coverage in project's builds page (Steffen Köhler)
554
  - Changed # to ! for merge requests in activity view
555 556

v 8.5.0
557
  - Fix duplicate "me" in tooltip of the "thumbsup" awards Emoji (Stan Hu)
Rémy Coutable's avatar
Rémy Coutable committed
558
  - Cache various Repository methods to improve performance
ashleys's avatar
ashleys committed
559
  - Fix duplicated branch creation/deletion Webhooks/service notifications when using Web UI (Stan Hu)
560
  - Ensure rake tasks that don't need a DB connection can be run without one
561
  - Update New Relic gem to 3.14.1.311 (Stan Hu)
562
  - Add "visibility" flag to GET /projects api endpoint
563
  - Add an option to supply root email through an environmental variable (Koichiro Mikami)
564
  - Ignore binary files in code search to prevent Error 500 (Stan Hu)
Stan Hu's avatar
Stan Hu committed
565
  - Render sanitized SVG images (Stan Hu)
566
  - Support download access by PRIVATE-TOKEN header (Stan Hu)
567
  - Upgrade gitlab_git to 7.2.23 to fix commit message mentions in first branch push
568
  - Add option to include the sender name in body of Notify email (Jason Lee)
569
  - New UI for pagination
Robert Speicher's avatar
Robert Speicher committed
570 571
  - Don't prevent sign out when 2FA enforcement is enabled and user hasn't yet
    set it up
572
  - API: Added "merge_requests/:merge_request_id/closes_issues" (Gal Schlezinger)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
573
  - Fix diff comments loaded by AJAX to load comment with diff in discussion tab
574
  - Fix relative links in other markup formats (Ben Boeckel)
575
  - Whitelist raw "abbr" elements when parsing Markdown (Benedict Etzel)
576
  - Fix label links for a merge request pointing to issues list
577
  - Don't vendor minified JS
578
  - Increase project import timeout to 15 minutes
579
  - Be more permissive with email address validation: it only has to contain a single '@'
580
  - Display 404 error on group not found
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
581
  - Track project import failure
582
  - Support Two-factor Authentication for LDAP users
583
  - Display database type and version in Administration dashboard
584
  - Allow limited Markdown in Broadcast Messages
585
  - Fix visibility level text in admin area (Zeger-Jan van de Weg)
Robert Speicher's avatar
Robert Speicher committed
586
  - Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg)
Robert Speicher's avatar
Robert Speicher committed
587
  - Update the ExternalIssue regex pattern (Blake Hitchcock)
Robert Speicher's avatar
Robert Speicher committed
588
  - Remember user's inline/side-by-side diff view preference in a cookie (Kirill Katsnelson)
589
  - Optimized performance of finding issues to be closed by a merge request
590 591 592 593 594
  - Add `avatar_url`, `description`, `git_ssh_url`, `git_http_url`, `path_with_namespace`
    and `default_branch` in `project` in push, issue, merge-request and note webhooks data (Kirill Zaitsev)
  - Deprecate the `ssh_url` in favor of `git_ssh_url` and `http_url` in favor of `git_http_url`
    in `project` for push, issue, merge-request and note webhooks data (Kirill Zaitsev)
  - Deprecate the `repository` key in push, issue, merge-request and note webhooks data, use `project` instead (Kirill Zaitsev)
595
  - API: Expose MergeRequest#merge_status (Andrei Dziahel)
596
  - Revert "Add IP check against DNSBLs at account sign-up"
597
  - Actually use the `skip_merges` option in Repository#commits (Tony Chu)
598
  - Fix API to keep request parameters in Link header (Michael Potthoff)
599 600
  - Deprecate API "merge_request/:merge_request_id/comments". Use "merge_requests/:merge_request_id/notes" instead
  - Deprecate API "merge_request/:merge_request_id/...". Use "merge_requests/:merge_request_id/..." instead
James Lopez's avatar
James Lopez committed
601
  - Prevent parse error when name of project ends with .atom and prevent path issues
602
  - Discover branches for commit statuses ref-less when doing merge when succeeded
603
  - Mark inline difference between old and new paths when a file is renamed
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
604
  - Support Akismet spam checking for creation of issues via API (Stan Hu)
605
  - API: Allow to set or update a merge-request's milestone (Kirill Skachkov)
606
  - Improve UI consistency between projects and groups lists
607
  - Add sort dropdown to dashboard projects page
608
  - Fixed logo animation on Safari (Roman Rott)
609
  - Fix Merge When Succeeded when multiple stages
610
  - Hide remove source branch button when the MR is merged but new commits are pushed (Zeger-Jan van de Weg)
611
  - In seach autocomplete show only groups and projects you are member of
James Lopez's avatar
James Lopez committed
612
  - Don't process cross-reference notes from forks
613
  - Fix: init.d script not working on OS X
Valery Sizov's avatar
Valery Sizov committed
614
  - Faster snippet search
615
  - Added API to download build artifacts
616
  - Title for milestones should be unique (Zeger-Jan van de Weg)
617
  - Validate correctness of maximum attachment size application setting
618
  - Replaces "Create merge request" link with one to the "Merge Request" when one exists
619
  - Fix CI builds badge, add a new link to builds badge, deprecate the old one
620
  - Fix broken link to project in build notification emails
621
  - Ability to see and sort on vote count from Issues and MR lists
622
  - Fix builds scheduler when first build in stage was allowed to fail
623
  - User project limit is reached notice is hidden if the projects limit is zero
Tomasz Maczukin's avatar
Tomasz Maczukin committed
624
  - Add API support for managing runners and project's runners
625 626 627
  - Allow SAML users to login with no previous account without having to allow
    all Omniauth providers to do so.
  - Allow existing users to auto link their SAML credentials by logging in via SAML
628
  - Make it possible to erase a build (trace, artifacts) using UI and API
Rubén Dávila's avatar
Rubén Dávila committed
629
  - Ability to revert changes from a Merge Request or Commit
630
  - Emoji comment on diffs are not award emoji
Tap's avatar
Tap committed
631 632
  - Add label description (Nuttanart Pornprasitsakul)
  - Show label row when filtering issues or merge requests by label (Nuttanart Pornprasitsakul)
633
  - Add Todos
634

635 636 637 638 639 640 641 642 643 644 645
v 8.4.10
  - Prevent privilege escalation via "impersonate" feature
  - Prevent privilege escalation via notes API
  - Prevent privilege escalation via project webhook API
  - Prevent XSS via Git branch and tag names
  - Prevent XSS via custom issue tracker URL
  - Prevent XSS via `window.opener`
  - Prevent information disclosure via snippet API
  - Prevent information disclosure via project labels
  - Prevent information disclosure via new merge request page

646 647 648
v 8.4.9
  - Fix persistent XSS vulnerability in `commit_person_link` helper

649 650 651
v 8.4.8
  - Fix a 2FA authentication spoofing vulnerability.

652 653 654 655 656 657
v 8.4.7
  - Don't attempt to fetch any tags from a forked repo (Stan Hu).

v 8.4.6
  - Bump Git version requirement to 2.7.4

Robert Speicher's avatar
Robert Speicher committed
658 659 660
v 8.4.5
  - No CE-specific changes

Robert Speicher's avatar
Robert Speicher committed
661 662
v 8.4.4
  - Update omniauth-saml gem to 1.4.2
Robert Speicher's avatar
Robert Speicher committed
663 664
  - Prevent long-running backup tasks from timing out the database connection
  - Add a Project setting to allow guests to view build logs (defaults to true)
665
  - Sort project milestones by due date including issue editor (Oliver Rogers / Orih)
Robert Speicher's avatar
Robert Speicher committed
666

667
v 8.4.3
Robert Speicher's avatar
Robert Speicher committed
668 669 670 671 672 673
  - Increase lfs_objects size column to 8-byte integer to allow files larger
    than 2.1GB
  - Correctly highlight MR diff when MR has merge conflicts
  - Fix highlighting in blame view
  - Update sentry-raven gem to prevent "Not a git repository" console output
    when running certain commands
Robert Speicher's avatar
Robert Speicher committed
674 675 676
  - Add instrumentation to additional Gitlab::Git and Rugged methods for
    performance monitoring
  - Allow autosize textareas to also be manually resized
677

Robert Speicher's avatar
Robert Speicher committed
678
v 8.4.2
Robert Speicher's avatar
Robert Speicher committed
679 680 681
  - Bump required gitlab-workhorse version to bring in a fix for missing
    artifacts in the build artifacts browser
  - Get rid of those ugly borders on the file tree view
682
  - Fix updating the runner information when asking for builds
Robert Speicher's avatar
Robert Speicher committed
683 684 685 686
  - Bump gitlab_git version to 7.2.24 in order to bring in a performance
    improvement when checking if a repository was empty
  - Add instrumentation for Gitlab::Git::Repository instance methods so we can
    track them in Performance Monitoring.
Robert Speicher's avatar
Robert Speicher committed
687
  - Increase contrast between highlighted code comments and inline diff marker
688
  - Fix method undefined when using external commit status in builds
Douwe Maan's avatar
Douwe Maan committed
689
  - Fix highlighting in blame view.
690

Robert Speicher's avatar
Robert Speicher committed
691 692 693 694 695
v 8.4.1
  - Apply security updates for Rails (4.2.5.1), rails-html-sanitizer (1.0.3),
    and Nokogiri (1.6.7.2)
  - Fix redirect loop during import
  - Fix diff highlighting for all syntax themes
Josh Frye's avatar
Josh Frye committed
696
  - Delete project and associations in a background worker
Robert Speicher's avatar
Robert Speicher committed
697

698
v 8.4.0
699
  - Allow LDAP users to change their email if it was not set by the LDAP server
700
  - Ensure Gravatar host looks like an actual host
701
  - Consider re-assign as a mention from a notification point of view
702
  - Add pagination headers to already paginated API resources
703
  - Properly generate diff of orphan commits, like the first commit in a repository
704
  - Improve the consistency of commit titles, branch names, tag names, issue/MR titles, on their respective project pages
Robert Speicher's avatar
Robert Speicher committed
705 706 707
  - Autocomplete data is now always loaded, instead of when focusing a comment text area
  - Improved performance of finding issues for an entire group
  - Added custom application performance measuring system powered by InfluxDB
Robert Speicher's avatar
Robert Speicher committed
708
  - Add syntax highlighting to diffs
709
  - Gracefully handle invalid UTF-8 sequences in Markdown links (Stan Hu)
Stan Hu's avatar
Stan Hu committed
710
  - Bump fog to 1.36.0 (Stan Hu)
711
  - Add user's last used IP addresses to admin page (Stan Hu)
712
  - Add housekeeping function to project settings page
713
  - The default GitLab logo now acts as a loading indicator
714
  - Fix caching issue where build status was not updating in project dashboard (Stan Hu)
ashleys's avatar
ashleys committed
715
  - Accept 2xx status codes for successful Webhook triggers (Stan Hu)
716
  - Fix missing date of month in network graph when commits span a month (Stan Hu)
717
  - Expire view caches when application settings change (e.g. Gravatar disabled) (Stan Hu)
718
  - Don't notify users twice if they are both project watchers and subscribers (Stan Hu)
Robert Speicher's avatar
Robert Speicher committed
719
  - Remove gray background from layout in UI
720
  - Fix signup for OAuth providers that don't provide a name
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
721
  - Implement new UI for group page
Valery Sizov's avatar
Valery Sizov committed
722
  - Implement search inside emoji picker
723
  - Let the CI runner know about builds that this build depends on
724
  - Add API support for looking up a user by username (Stan Hu)
725
  - Add project permissions to all project API endpoints (Stan Hu)
Douwe Maan's avatar
Douwe Maan committed
726
  - Link to milestone in "Milestone changed" system note
727
  - Only allow group/project members to mention `@all`
Robert Speicher's avatar
Robert Speicher committed
728
  - Expose Git's version in the admin area (Trey Davis)
729
  - Add "Frequently used" category to emoji picker
730
  - Add CAS support (tduehr)
Robert Speicher's avatar
Robert Speicher committed
731
  - Add link to merge request on build detail page
732
  - Fix: Problem with projects ending with .keys (Jose Corcuera)
733
  - Revert back upvote and downvote button to the issue and MR pages
Robert Speicher's avatar
Robert Speicher committed
734
  - Swap position of Assignee and Author selector on Issuables (Zeger-Jan van de Weg)
735
  - Add system hook messages for project rename and transfer (Steve Norman)
736
  - Fix version check image in Safari
737
  - Show 'All' tab by default in the builds page
738
  - Add Open Graph and Twitter Card data to all pages
739
  - Fix API project lookups when querying with a namespace with dots (Stan Hu)
740
  - Enable forcing Two-factor authentication sitewide, with optional grace period
Robert Speicher's avatar
Robert Speicher committed
741 742
  - Import GitHub Pull Requests into GitLab
  - Change single user API endpoint to return more detailed data (Michael Potthoff)
743
  - Update version check images to use SVG
744
  - Validate README format before displaying
745
  - Enable Microsoft Azure OAuth2 support (Janis Meybohm)
746
  - Properly set task-list class on single item task lists
747
  - Add file finder feature in tree view (Kyungchul Shin)
748
  - Ajax filter by message for commits page
Robert Schilling's avatar
Robert Schilling committed
749
  - API: Add support for deleting a tag via the API (Robert Schilling)
750
  - Allow subsequent validations in CI Linter
751
  - Show referenced MRs & Issues only when the current viewer can access them
Jason Lee's avatar
Jason Lee committed
752
  - Fix Encoding::CompatibilityError bug when markdown content has some complex URL (Jason Lee)
Tomasz Maczukin's avatar
Tomasz Maczukin committed
753
  - Add API support for managing project's builds
Tomasz Maczukin's avatar
Tomasz Maczukin committed
754
  - Add API support for managing project's build triggers
Tomasz Maczukin's avatar
Tomasz Maczukin committed
755
  - Add API support for managing project's build variables
Robert Speicher's avatar
Robert Speicher committed
756
  - Allow broadcast messages to be edited
Robert Speicher's avatar
Robert Speicher committed
757
  - Autosize Markdown textareas
Douglas Barbosa Alexandre's avatar
Douglas Barbosa Alexandre committed
758
  - Import GitHub wiki into GitLab
759
  - Add reporters ability to download and browse build artifacts (Andrew Johnson)
Robert Speicher's avatar
Robert Speicher committed
760
  - Autofill referring url in message box when reporting user abuse.
761
  - Remove leading comma on award emoji when the user is the first to award the emoji (Zeger-Jan van de Weg)
762 763
  - Add build artifacts browser
  - Improve UX in builds artifacts browser
Robert Speicher's avatar
Robert Speicher committed
764
  - Increase default size of `data` column in `events` table when using MySQL
765
  - Expose button to CI Lint tool on project builds page
766
  - Fix: Creator should be added as a master of the project on creation
Robert Speicher's avatar
Robert Speicher committed
767
  - Added X-GitLab-... headers to emails from CI and Email On Push services (Anton Baklanov)
768
  - Add IP check against DNSBLs at account sign-up
769
  - Added cache:key to .gitlab-ci.yml allowing to fine tune the caching
770

771 772 773 774 775 776 777 778 779
v 8.3.9
  - Prevent privilege escalation via "impersonate" feature
  - Prevent privilege escalation via notes API
  - Prevent privilege escalation via project webhook API
  - Prevent XSS via custom issue tracker URL
  - Prevent XSS via `window.opener`
  - Prevent information disclosure via project labels
  - Prevent information disclosure via new merge request page

780 781 782
v 8.3.8
  - Fix persistent XSS vulnerability in `commit_person_link` helper

783 784 785
v 8.3.7
  - Fix a 2FA authentication spoofing vulnerability.

786 787 788 789 790 791
v 8.3.6
  - Don't attempt to fetch any tags from a forked repo (Stan Hu).

v 8.3.5
  - Bump Git version requirement to 2.7.4

792 793 794
v 8.3.4
  - Use gitlab-workhorse 0.5.4 (fixes API routing bug)

Robert Speicher's avatar
Robert Speicher committed
795
v 8.3.3
796
  - Preserve CE behavior with JIRA integration by only calling API if URL is set
797
  - Fix duplicated branch creation/deletion events when using Web UI (Stan Hu)
798
  - Add configurable LDAP server query timeout
799
  - Get "Merge when build succeeds" to work when commits were pushed to MR target branch while builds were running