Newer
Older
**Note:** This file is automatically generated. Please see the [developer
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 11.5.3 (2018-12-06)
### Security (1 change)
- Prevent a path traversal attack on global file templates.
## 11.5.2 (2018-12-03)
### Removed (1 change)
- Removed Site Statistics optimization as it was causing problems. !23314
### Fixed (6 changes, 1 of them is from the community)
- Display impersonation token value only after creation. !22916
- Fix not render emoji in filter dropdown. !23112 (Hiroyuki Sato)
- Fixes stuck tooltip on stop env button. !23244
- Correctly handle data-loss scenarios when encrypting columns. !23306
- Clear BatchLoader context between Sidekiq jobs. !23308
- Fix handling of filenames with hash characters in tree view. !23368
## 11.5.1 (2018-11-26)
### Security (17 changes)
- Escape user fullname while rendering autocomplete template to prevent XSS.
- Fix CRLF vulnerability in Project hooks.
- Fix possible XSS attack in Markdown urls with spaces.
- Redact sensitive information on gitlab-workhorse log.
- Do not follow redirects in Prometheus service when making http requests to the configured api url.
- Don't expose confidential information in commit message list.
- Provide email notification when a user changes their email address.
- Restrict Personal Access Tokens to API scope on web requests.
- Resolve reflected XSS in Ouath authorize window.
- Fix SSRF in project integrations.
- Fixed ability to comment on locked/confidential issues.
- Fixed ability of guest users to edit/delete comments on locked or confidential issues.
- Fix milestone promotion authorization check.
- Configure mermaid to not render HTML content in diagrams.
- Fix a possible symlink time of check to time of use race condition in GitLab Pages.
- Removed ability to see private group names when the group id is entered in the url.
- Fix stored XSS for Environments.
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
## 11.5.0 (2018-11-22)
### Security (10 changes, 1 of them is from the community)
- Escape entity title while autocomplete template rendering to prevent XSS. !2556
- Update moment to 2.22.2. !22648 (Takuya Noguchi)
- Redact personal tokens in unsubscribe links.
- Escape user fullname while rendering autocomplete template to prevent XSS.
- Persist only SHA digest of PersonalAccessToken#token.
- Monkey kubeclient to not follow any redirects.
- Prevent SSRF attacks in HipChat integration.
- Prevent templated services from being imported.
- Validate Wiki attachments are valid temporary files.
- Fix XSS in merge request source branch name.
### Removed (2 changes)
- Remove Git circuit breaker. !22212
- Remove Koding integration and documentation. !22334
### Fixed (74 changes, 15 of them are from the community)
- Hide all tables on Pipeline when no Jobs for the Pipeline. !18540 (Takuya Noguchi)
- Fixing count on Milestones. !21446
- Use case insensitve username lookups. !21728 (William George)
- Correctly process Bamboo API result array. !21970 (Alex Lossent)
- Fix 'merged with' UI being displayed when merge request has no merge commit. !22022
- Fix broken file name navigation on MRs. !22109
- Fix incorrect spacing between buttons when commenting on a MR. !22135
- Vertical align Pipeline Graph in Commit Page. !22173 (Johann Hubert Sonntagbauer)
- Reject invalid branch names in repository compare controller. !22186
- Fix size of emojis of user status in user menu. !22194
- Use the standard PIP_CACHE_DIR for Python dependency caching template. !22211 (Takuya Noguchi)
- Fix bug with wiki attachments content disposition. !22220
- Does not allow a SSH URI when importing new projects. !22309
- fix duplicated key in license management job auto devops gitlab ci template. !22311 (Adam Lemanski)
- Fix commit signature error when project is disabled. !22344
- Show available clusters when installed or updated. !22356
- Fix auto-corrected upload URLs in webhooks. !22361
- Fix a bug displaying certain wiki pages. !22377
- Fix prometheus graphs in firefox. !22400
- Resolve assign-me quick action doesn't work if there is extra white space. !22402
- Remove base64 encoding from files that contain plain text. !22425
- Strip whitespace around GitHub personal access tokens. !22432
- Fix 500 error when testing webhooks with redirect loops. !22447 (Heinrich Lee Yu)
- Fix rendering of 'Protected' value on Runner details page. !22459
- Fix bug stopping non-admin users from changing visibility level on group creation. !22468
- Make Issue Board sidebar show project-specific labels based on selected Issue. !22475
- Fix EOF detection with CI artifacts metadata. !22479
- Fix transient spec error in the bar_chart component. !22495
- Resolve LFS not correctly showing enabled. !22501
- If user was not found, service hooks won't run on post receive background job. !22519
- Fix broken "Show whitespace changes" button on MRs. !22539
- Always show new issue button in boards' Open list. !22557 (Heinrich Lee Yu)
- Add transparent background to markdown header tabs. !22565 (George Tsiolis)
- Use gitlab_environment for ldap rake task. !22582
- Add commit message to commit tree anchor title. !22585
- Cache pipeline status per SHA. !22589
- Change HELM_HOST in Auto-DevOps template to work behind proxy. !22596 (Sergej Nikolaev <kinolaev@gmail.com>)
- Show user status for label events in system notes. !22609
- Fix extra merge request versions created from forked merge requests. !22611
- Remove PersonalAccessTokensFinder#find_by method. !22617
- Fix search "all in GitLab" not working with relative URLs. !22644
- Fix quick links button styles. !22657 (George Tsiolis)
- Fix #53298: JupyterHub restarts should work without errors. !22671 (Amit Rathi)
- Fix incompatibility with IE11 due to non-transpiled gitlab-ui components. !22695
- Fix bug when links in tabs of the labels index pages ends with .html. !22716
- Fixed label removal from issue. !22762
- Align toggle sidebar button across all browsers and OSs. !22771
- Disable replication lag check for Aurora PostgreSQL databases. !22786
- Render unescaped link for failed pipeline status. !22807
- Fix misaligned approvers dropdown. !22832
- Fix bug with wiki page create message. !22849
- Fix rendering of filter bar tokens for special values. !22865 (Heinrich Lee Yu)
- Align sign in button. !22888 (George Tsiolis)
- Fix error handling bugs in kubernetes integration. !22922
- Fix deployment jobs using nil KUBE_TOKEN due to migration issue. !23009
- Avoid returning deployment metrics url to MR widget when the deployment is not successful. !23010
- Fix a race condition intermittently breaking GitLab startup. !23028
- Adds margin after a deleted branch name in the activity feed. !23038
- Ignore environment validation failure. !23100
- Fixes broken borders for reports section in MR widget.
- Adds CI favicon back to jobs page.
- Redirect to the pipeline builds page when a build is canceled. (Eva Kadlecova)
- Fixed diff stats not showing when performance bar is enabled.
- Show expand all diffs button when a single diff file is collapsed.
- Clear fetched file templates when changing template type in Web IDE.
- Fix bug causing not all emails to show up in commit email selectbox.
- Remove duplicate escape in job sidebar.
- Fixing styling issues on the scheduled pipelines page.
- Renders stuck block when runners are stuck.
- Removes extra border from test reports in the merge request widget.
- Only render link to branch when branch still exists in pipeline page.
- Fixed source project not filtering in merge request creation compare form.
- Do not reload self on hooks when creating deployment.
- Fixes broken test in master.
### Changed (38 changes, 12 of them are from the community)
- Link button in markdown editor recognize URLs. !1983 (Johann Hubert Sonntagbauer)
- Replace i to icons in vue components. !20748 (George Tsiolis)
- Remove Linguist gem, reducing Rails memory usage by 128MB per process. !21008
- Issue board card design. !21229
- On deletion of a file in sub directory in web IDE redirect to the sub directory instead of project root. !21465 (George Thomas @thegeorgeous)
- Change single-item breadcrumbs to page titles. !22155
- Improving branch filter sorting by listing exact matches first and added support for begins_with (^) and ends_with ($) matching. !22166 (Jason Rutherford)
- Remove legacy unencrypted webhook columns from the database. !22199
- Show canary status in the performance bar. !22222
- Add failure reason for execution timeout. !22224
- Rename "scheduled" label/badge of delayed jobs to "delayed". !22245
- Update the empty state on wiki-only projects to display an empty state that is more consistent with the rest of the system. !22262
- Add IID headers to E-Mail notifications. !22263
- Allow finding the common ancestor for multiple revisions through the API. !22295
- Add status to Deployment. !22380
- Add dynamic timer to delayed jobs. !22382
- No longer require a deploy to start Prometheus monitoring. !22401
- Secret Variables renamed to CI Variables in the codebase, to match UX. !22414 (Marcel Amirault @ravlen)
- Automatically navigate to last board visited. !22430
- Use merge request prefix symbol in event feed title. !22449 (George Tsiolis)
- Update Ruby version in README. !22466 (J.D. Bean)
- Reword error message for internal CI unknown pipeline status. !22474
- Bump mermaid to 8.0.0-rc.8. !22509 (@blackst0ne)
- Update Todo icons in collapsed sidebar for Issues and MRs. !22534
- Support backward compatibility when introduce new failure reason. !22566
- Add dynamic timer for delayed jobs in pipelines list. !22621
- Truncate milestone title on collapsed sidebar. !22624 (George Tsiolis)
- Standardize milestones filter in APIs to None / Any. !22637 (Heinrich Lee Yu)
- Add dynamic timer for delayed jobs in job list. !22656
- Allowing issues with single letter identifiers to be linked to external issue tracker (f.ex T-123). !22717 (Dídac Rodríguez Arbonès)
- Update project and group labels empty state. !22745 (George Tsiolis)
- Fix environment status in merge request widget. !22799
- Paginate Bitbucket Server importer projects. !22825
- Drop `allow_overflow` option in `TimeHelper.duration_in_numbers`. !52284
- Add 'only history' option to notes filter.
- Adds filtered dropdown with changed files in review.
- Expose {closed,merged}_{at,by} in merge requests API index.
- Make all legacy security reports to use raw format.
### Performance (27 changes, 6 of them are from the community)
- Add preload for routes and namespaces for issues controller. !21651
- Enhance performance of counting local LFS objects. !22143
- Use cached readme contents when available. !22325
- Experimental support for running Puma multithreaded web-server. !22372
- Enhance performance of counting local Uploads. !22522
- Reduce SQL queries needed to load open merge requests. !22709
- Significantly cut memory usage and SQL queries when reloading diffs. !22725
- Optimize merge request refresh by using the database to check commit SHAs. !22731
- Remove dind from license_management auto-devops job definition. !22732
- Add index to find stuck merge requests. !22749
- Allow Rails concurrency when running in Puma. !22751
- Improve performance of rendering large reports. !22835
- Improves performance of stuck import jobs detection. !22879
- Rewrite SnippetsFinder to improve performance by a factor of 1500.
- Enable more frozen string in lib/**/*.rb. (gfyoung)
- Enable some frozen string in lib/gitlab. (gfyoung)
- Enable even more frozen string in lib/**/*.rb. (gfyoung)
- Improve performance of tree rendering in repositories with lots of items.
- Remove gitlab-ui's tooltip from global.
- Remove gitlab-ui's progress bar from global.
- Remove gitlab-ui's pagination from global.
- Remove gitlab-ui's modal from global.
- Remove gitlab-ui's loading icon from global.
- Enable frozen string for lib/gitlab/*.rb. (gfyoung)
- Enable frozen string for lib/gitlab/ci. (gfyoung)
- Enable frozen string for remaining lib/gitlab/ci/**/*.rb. (gfyoung)
- Adds pagination to pipelines table in merge request page.
### Added (33 changes, 11 of them are from the community)
- Add endpoint to update a git submodule reference. !20949
- Add license data to projects endpoint. !21606 (J.D. Bean (@jdbean))
- Allow to configure when to retry failed CI jobs. !21758 (Markus Doits)
- Add API endpoint to list issue related merge requests. !21806 (Helmut Januschka)
- Add the Play button for delayed jobs in environment page. !22106
- Switch between tree list & file list in diffs file browser. !22191
- Re-arrange help-related user menu items into new Help menu. !22195
- Adds trace of each access check when git push times out. !22265
- Add email for milestone change. !22279
- Show post-merge pipeline in merge request page. !22292
- Add Applications API endpoints for listing and deleting entries. !22296 (Jean-Baptiste Vasseur)
- Added `Any` option to milestones filter. !22351 (Heinrich Lee Yu)
- Improve validation errors for external CI/CD configuration. !22394
- Introduce new model to persist specific cluster information. !22404
- Add background migration to populate Kubernetes namespaces. !22433
- Add support for JSON logging for audit events. !22471
- Adds option to override commit email with a noreply private email. !22560
- Add None/Any option for assignee_id in Issues and Merge Requests API. !22598 (Heinrich Lee Yu)
- Add None/Any option for assignee_id in search bar. !22599 (Heinrich Lee Yu)
- Implement parallel job keyword. !22631
- Add None / Any options to reactions filter. !22638 (Heinrich Lee Yu)
- Make index.* render like README.* when it's present in a repository. !22639 (Jakub Jirutka)
- Allow adding patches when creating a merge request via email. !22723 (Serdar Dogruyol)
- Bump Gitaly to 0.129.0. !22868
- Allow commenting on any diff line in Merge Requests. !22914
- Add revert to commits API. !22919
- Introduce Knative support. !43959 (Chris Baumbauer)
- Reimplemented image commenting in merge request diffs.
- Soft-archive old jobs.
- Renders warning info when job is archieved.
- Support licenses and performance.
- Filter notes by comments or activity for issues and merge requests.
- Bump Gitaly to 0.128.0.
### Other (54 changes, 18 of them are from the community)
- Remove .card-title from .card-header for BS4 migration. !19335 (Takuya Noguchi)
- Update group settings/edit page to new design. !21115
- Change markdown header tab anchor links to buttons. !21988 (George Tsiolis)
- Replace tooltip in markdown component with gl-tooltip. !21989 (George Tsiolis)
- Extend RBAC by having a service account restricted to project's namespace. !22011
- Update images in group docs. !22031 (Marc Schwede)
- Add gitlab:gitaly:check task for Gitaly health check. !22063
- Add new sort option "most_stars" to "Group > Children" pages. !22121 (Rene Hennig)
- Fix inaccessible dropdown for code-less projects. !22137
- Rails5: fix user edit profile clear status spec. !22169 (Jasper Maes)
- Rails 5: fix mysql milliseconds problems in scheduled build specs. !22170 (Jasper Maes)
- Focus project slug on tab navigation. !22198
- Redesign activity feed. !22217
- Update used version of Runner Helm Chart to 0.1.34. !22274
- Update environments empty state. !22297 (George Tsiolis)
- Adds model and migrations to enable group level clusters. !22307
- Use literal instead of constructor for creating regex. !22367
- Remove prometheus configuration help text. !22413 (George Tsiolis)
- Rails5: fix deployment model spec. !22428 (Jasper Maes)
- Change to top level controller for clusters so that we can use it for project clusters (now) and group clusters (later). !22438
- Remove empty spec describe blocks. !22451 (George Tsiolis)
- Change branch font type in tag creation. !22454 (George Tsiolis)
- Rails5: fix delete blob. !22456 (Jasper Maes)
- Start tracking shards and pool repositories in the database. !22482
- Allow kubeclient to call RoleBinding methods. !22524
- Introduce new kubernetes helpers. !22525
- Adds container to pager to enable scoping. !22529
- Update used version of Runner Helm Chart to 0.1.35. !22541
- Removes experimental labels from cluster views. !22550
- Combine all datetime library functions into 'datetime_utility.js'. !22570
- Upgrade Prometheus to 2.4.3 and Alertmanager to 0.15.2. !22600
- Fix stage dropdown not rendering in different languages. !22604
- Remove asset_sync gem from Gemfile and related code from codebase. !22610
- Use key-value pair arrays for API query parameter logging instead of hashes. !22623
- Replace deprecated uniq on a Relation with distinct. !22625 (Jasper Maes)
- Remove mousetrap-rails gem. !22647 (Takuya Noguchi)
- Fix IDE typos in props. !22685 (George Tsiolis)
- Add scheduled flag to job entity. !22710
- Remove `ci_enable_scheduled_build` feature flag. !22742
- Add endpoints for simulating certain failure modes in the application. !22746
- Bump KUBERNETES_VERSION for Auto DevOps to latest 1.10 series. !22757
- Fix statement timeouts in RemoveRestrictedTodos migration. !22795
- Rails5: fix mysql milliseconds issue in deployment model specs. !22850 (Jasper Maes)
- Update GitLab-Workhorse to v7.1.0. !22883
- Update JIRA service UI to accept email and API token.
- Update wiki empty state. (George Tsiolis)
- Only renders dropdown for review app changes when we have a list of files to show. Otherwise will render the regular review app button.
- Associate Rakefile with Ruby icon in diffs.
- Uses gitlab-ui components in jobs components.
- Create new group: Rename form fields and update UI.
- Transform job page into a single Vue+Vuex application.
- Updates svg dependency.
- Adds missing i18n to pipelines table.
- Disables stop environment button while the deploy is in progress.
## 11.4.9 (2018-12-03)
### Fixed (2 changes)
- Display impersonation token value only after creation. !22916
- Correctly handle data-loss scenarios when encrypting columns. !23306
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
## 11.4.8 (2018-11-27)
### Security (24 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !2571
- Resolve reflected XSS in Ouath authorize window.
- Fix XSS in merge request source branch name.
- Escape user fullname while rendering autocomplete template to prevent XSS.
- Fix CRLF vulnerability in Project hooks.
- Fix possible XSS attack in Markdown urls with spaces.
- Redact sensitive information on gitlab-workhorse log.
- Do not follow redirects in Prometheus service when making http requests to the configured api url.
- Persist only SHA digest of PersonalAccessToken#token.
- Don't expose confidential information in commit message list.
- Provide email notification when a user changes their email address.
- Restrict Personal Access Tokens to API scope on web requests.
- Redact personal tokens in unsubscribe links.
- Fix SSRF in project integrations.
- Fixed ability to comment on locked/confidential issues.
- Fixed ability of guest users to edit/delete comments on locked or confidential issues.
- Fix milestone promotion authorization check.
- Monkey kubeclient to not follow any redirects.
- Configure mermaid to not render HTML content in diagrams.
- Fix a possible symlink time of check to time of use race condition in GitLab Pages.
- Removed ability to see private group names when the group id is entered in the url.
- Fix stored XSS for Environments.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.
## 11.4.7 (2018-11-20)
- No changes.
## 11.4.6 (2018-11-18)
### Security (1 change)
- Escape user fullname while rendering autocomplete template to prevent XSS.
## 11.4.5 (2018-11-04)
### Fixed (4 changes, 1 of them is from the community)
- fix link to enable usage ping from convdev index. !22545 (Anand Capur)
- Update gitlab-ui dependency to 1.8.0-hotfix.1 to fix IE11 bug.
- Remove duplicate escape in job sidebar.
- Fixed merge request fill tree toggling not respecting fluid width preference.
### Other (1 change)
- Fix stage dropdown not rendering in different languages.
## 11.4.4 (2018-10-30)
### Security (1 change)
- Monkey kubeclient to not follow any redirects.
## 11.4.3 (2018-10-26)
- No changes.
## 11.4.2 (2018-10-25)
### Security (5 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !2571
- Persist only SHA digest of PersonalAccessToken#token.
- Redact personal tokens in unsubscribe links.
- Block loopback addresses in UrlBlocker.
- Validate Wiki attachments are valid temporary files.
## 11.4.1 (2018-10-23)
### Security (2 changes)
- Fix XSS in merge request source branch name.
- Prevent SSRF attacks in HipChat integration.
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
## 11.4.0 (2018-10-22)
### Security (9 changes)
- Filter user sensitive data from discussions JSON. !2536
- Encrypt webhook tokens and URLs in the database. !21645
- Redact confidential events in the API.
- Set timeout for syntax highlighting.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Markdown API no longer displays confidential title references unless authorized.
- Properly filter private references from system notes.
- Fix stored XSS in merge requests from imported repository.
- Fix xss vulnerability sourced from package.json.
### Removed (2 changes)
- Remove background job throttling feature. !21748
- Remove sidekiq info from performance bar.
### Fixed (68 changes, 18 of them are from the community)
- Fixes 500 for cherry pick API with empty branch name. !21501 (Jacopo Beschi @jacopo-beschi)
- Fix sorting by priority or popularity on group issues page, when also searching issue content. !21521
- Fix vertical alignment of text in diffs. !21573
- Fix performance bar modal position. !21577
- Bump KaTeX version to 0.9.0. !21625
- Correctly show legacy diff notes in the merge request changes tab. !21652
- Synchronize the default branch when updating a remote mirror. !21653
- Filter group milestones based on user membership. !21660
- Fix double title in merge request chat messages. !21670 (Kukovskii Vladimir)
- Delete container repository tags outside of transaction. !21679
- Images are no longer displayed in Todo descriptions. !21704
- Fixed merge request widget discussion state not updating after resolving discussions. !21705
- Vendor Auto-DevOps.gitlab-ci.yml to fix bug where the deploy job does not wait for Deployment to complete. !21713
- Use Reliable Sidekiq fetch. !21715
- No longer show open issues from archived projects in group issue board. !21721
- Issue and MR count now ignores archived projects. !21721
- Fix resizing of monitoring dashboard. !21730
- Fix object storage uploads not working with AWS v2. !21731
- Don't ignore first action when assign and unassign quick actions are used in the same comment. !21749
- Align form labels following Bootstrap 4 docs. !21752
- Respect the user commit email in more places. !21773
- Use stats RPC when comparing diffs. !21778
- Show commit details for selected commit in MR diffs. !21784
- Resolve "Geo: Does not mark repositories as missing on primary due to stale cache". !21789
- Fix leading slash in redirects and add rubocop cop. !21828 (Sanad Liaquat)
- Fix activity titles for MRs in chat notification services. !21834
- Hides Close Merge request btn on merged Merge request. !21840 (Jacopo Beschi @jacopo-beschi)
- Doesn't synchronize the default branch for push mirrors. !21861
- Fix broken styling when issue board is collapsed. !21868 (Andrea Leone)
- Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse. !21870 (David Piegza)
- Fix resolved discussions being unresolved when commented on. !21881
- Fix timeout when running the RemoveRestrictedTodos background migration. !21893
- Enable the ability to use the force env for rebuilding authorized_keys during a restore. !21896
- Fix link handling for issue cards to avoid too sensitive drag events. !21910 (Johann Hubert Sonntagbauer)
- Guard against a login attempt with invalid CSRF token. !21934
- Allow setting user's organization and location attributes through the API by adding them to the list of allowed parameters. !21938 (Alexis Reigel)
- Includes commit stats in POST project commits API. !21968 (Jacopo Beschi @jacopo-beschi)
- Fix loading issue on some merge request discussion. !21982
- Prevent Error 500s with invalid relative links. !22001
- Fix stale issue boards after browser back. !22006 (Johann Hubert Sonntagbauer)
- Filter issues without an Assignee via the API. !22009 (Eva Kadlecová)
- Fixes modal button alignment. !22024 (Jacopo Beschi @jacopo-beschi)
- Fix rendering placeholder notes. !22078
- Instance Configuration page now displays correct SSH fingerprints. !22081
- Fix showing diff file header for renamed files. !22089
- Fix LFS uploaded images not being rendered. !22092
- Fix the issue where long environment names aren't being truncated, causing the environment name to overlap into the column next to it. !22104
- Trim whitespace when inviting a new user by email. !22119 (Jacopo Beschi @jacopo-beschi)
- Fix incorrect parent path on group settings page. !22142
- Update copy to clipboard button data for application secret. !22268 (George Tsiolis)
- Improve MR file tree in smaller screens. !22273
- Fix project deletion when there is a export available. !22276
- Fixes stuck block URL linking to documentation instead of settings page. !22286
- Fix caching issue with pipelines URL. !22293
- Fix erased block not being rendered when job was erased. !22294
- Load correct stage in the stages dropdown. !22317
- Fixes close/reopen quick actions preview for issues and merge_requests. !22343 (Jacopo Beschi @jacopo-beschi)
- Allow Issue and Merge Request sidebar to be toggled from collapsed state. !22353
- Fix filter bar height bug when a tag is added.
- Fix the state of the Done button when there is an error in the GitLab Todos section. (marcos8896)
- Fix wrong text color of help text in merge request creation. (Gerard Montemayor)
- Add borders and white background to markdown tables.
- Fixed mention autocomplete in edit merge request.
- Fix long webhook URL overflow for custom integration. (Kukovskii Vladimir)
- Fixed file templates not fully being fetched in Web IDE.
- Fixes performance bar looking for a key in a undefined prop.
- Hides sidebar for job page in mobile.
- Fixes triggered/created labeled in job header.
### Changed (26 changes, 4 of them are from the community)
- Enable unauthenticated access to public SSH keys via the API. !20118 (Ronald Claveau)
- Support Kubernetes RBAC for GitLab Managed Apps when creating new clusters. !21401
- Highlight current user in comments. !21406
- Excludes project marked from deletion to projects API. !21542 (Jacopo Beschi @jacopo-beschi)
- Improve install flow of Kubernetes cluster apps. !21567
- Move including external files in .gitlab-ci.yml from Starter to Libre. !21603
- Simplify runner registration token resetting. !21658
- Filter any parameters ending with "key" in logs. !21688
- Ensure the schema is loaded with post_migrations included. !21689
- Updated icons used in filtered search dropdowns. !21694
- Enable omniauth by default. !21700
- Vendor Auto-DevOps.gitlab-ci.yml to refactor registry_login. !21714 (Laurent Goderre @LaurentGoderre)
- Add Gitaly diff stats RPC client. !21732
- Allow user to revoke an authorized application even if User OAuth applications setting is disabled in admin settings. !21835
- Change vertical margin of page titles to 16px. !21888
- Preserve order of project tags list. !21897
- Avoid close icon leaving the modal header. !21904
- Allow /copy_metadata for new issues and MRs. !21953
- Link to the tag for a version on the help page instead of to the commit. !22015
- Show SHA for pre-release versions on the help page. !22026
- Use local tiller for Auto DevOps. !22036
- Remove 'rbac_clusters' feature flag. !22096
- Increased retained event data by extending events pruner timeframe to 2 years. !22145
- Add installation type to backup information file. !22150
- Remove duplicate button from the markdown header toolbar. !22192 (George Tsiolis)
- Update to Rouge 3.3.0 including frozen string literals for improved memory usage.
### Performance (17 changes, 6 of them are from the community)
- Enable frozen string in app/controllers/**/*.rb.
- Improve lazy image loading performance by using IntersectionObserver where available. !21565
- Adds support for Gitaly ListLastCommitsForTree RPC in order to make bulk-fetch of commits more performant. !21921
- Dont create license_management build when not included in license. !21958
- Skip creating auto devops jobs for sast, container_scanning, dast, dependency_scanning when not licensed. !21959
- Reduce queries needed to compute notification recipients. !22050
- Banzai label ref finder - minimize SQL calls by sharing context more aggresively. !22070
- Removes expensive dead code on main MR page request. !22153
- Lazy load xterm custom colors css.
- Mitigate N+1 queries when parsing commit references in comments.
- Enable more frozen string in app/controllers/. (gfyoung)
- Increase performance when creating discussions on diff.
- Enable frozen string in lib/api and lib/backup. (gfyoung)
- Enable frozen string in vestigial files. (gfyoung)
- Enable frozen string for app/helpers/**/*.rb. (gfyoung)
- Enable frozen string in app/graphql + app/finders. (gfyoung)
- Enable even more frozen string in app/controllers. (gfyoung)
### Added (37 changes, 21 of them are from the community)
- Allow file templates to be requested at the project level. !7776
- Add /lock and /unlock quick actions. !15197 (Mehdi Lahmam (@mehlah))
- Added search functionality for Work In Progress (WIP) merge requests. !18119 (Chantal Rollison)
- pipeline webhook event now contain pipeline variables. !18171 (Pierre Tardy)
- Add markdown header toolbar button to insert table. !18480 (George Tsiolis)
- Add link button to markdown editor toolbar. !18579 (Jan Beckmann)
- Add access control to GitLab pages and make it possible to enable/disable it in project settings. !18589 (Tuomo Ala-Vannesluoma)
- Add a filter bar to the admin runners view and add a state filter. !19625 (Alexis Reigel)
- Add a type filter to the admin runners view. !19649 (Alexis Reigel)
- Allow user to choose the email used for commits made through GitLab's UI. !21213 (Joshua Campbell)
- Add autocomplete drop down filter for project snippets. !21458 (Fabian Schneider)
- Allow events filter to be set in the URL in addition to cookie. !21557 (Igor @igas)
- Adds a initialize_with_readme parameter to POST /projects. !21617 (Steve)
- Add ability to skip user email confirmation with API. !21630
- Add sorting for labels on labels page. !21642
- Set user status from within user menu. !21643
- Copy nurtch demo notebooks at Jupyter startup. !21698 (Amit Rathi)
- Allows to sort projects by most stars. !21762 (Jacopo Beschi @jacopo-beschi)
- Allow pipelines to schedule delayed job runs. !21767
- Added tree of changed files to merge request diffs. !21833
- Add GitLab version components to CI environment variables. !21853
- Allows to chmod file with commits API. !21866 (Jacopo Beschi @jacopo-beschi)
- Make single diff patch limit configurable. !21886
- Extend reports feature to support Security Products. !21892
- Adds the user's public_email attribute to the API. !21909 (Alexis Reigel)
- Update all gitlab CI templates from gitlab-org/gitlab-ci-yml. !21929
- Add support for setting the public email through the api. !21938 (Alexis Reigel)
- Support db migration and initialization for Auto DevOps. !21955
- Add subscribe filter to group and project labels pages. !21965
- Add support for pipeline only/except policy for modified paths. !21981
- Docs for Project/Groups members API with inherited members. !21984 (Jacopo Beschi @jacopo-beschi)
- Adds Web IDE commits to usage ping. !22007
- Add timed incremental rollout to Auto DevOps. !22023
- Show percentage of language detection on the language bar. !22056 (Johann Hubert Sonntagbauer)
- Allows to filter issues by Any milestone in the API. !22080 (Jacopo Beschi @jacopo-beschi)
- Add button to download 2FA codes. (Luke Picciau)
- Render log artifact files in GitLab.
### Other (42 changes, 16 of them are from the community)
- Send deployment information in job API. !21307
- Split admin settings into multiple sub pages. !21467
- Remove Rugged and shell code from Gitlab::Git. !21488
- Add trigger information in job API. !21495
- Add empty state illustration information in job API. !21532
- Add retried jobs to pipeline stage. !21558
- Rails 5: fix issue move service In rails 5, the attributes method for an enum returns the name instead of the database integer. !21616 (Jasper Maes)
- Expose project runners in job API. !21618
- create from template: hide checkbox for initializing repository with readme. !21646
- Adds new 'Overview' tab on user profile page. !21663
- Add clean-up phase for ScheduleDiffFilesDeletion migration. !21734
- Prevents private profile help link from toggling checkbox. !21757
- Make AutoDevOps work behind proxy. !21775 (Sergej - @kinolaev)
- Use Vue components and new API to render Artifacts, Trigger Variables and Commit blocks on Job page. !21777
- Add wrapper rake task to migrate all uploads to OS. !21779
- Retroactively fill pipeline source for external pipelines. !21814
- Rename squash before merge vue component. !21851 (George Tsiolis)
- Fix merge request header margins. !21878
- Fix committer typo. !21899 (George Tsiolis)
- Adds an extra width to the responsive tables. !21928
- Expose has_trace in job API. !21950
- Rename block scope local variable in table pagination spec. !21969 (George Tsiolis)
- Fix blue, orange, and red color inconsistencies. !21972
- Update operations metrics empty state. !21974 (George Tsiolis)
- Improve empty project placeholder for non-members and members without write access. !21977 (George Tsiolis)
- Add copy to clipboard button for application id and secret. !21978 (George Tsiolis)
- Add link component to UserAvatarLink component. !21986 (George Tsiolis)
- Add link component to DownloadViewer component. !21987 (George Tsiolis)
- Rephrase 2FA and TOTP documentation and view. !21998 (Marc Schwede)
- Update project path on project name autofill. !22016
- Improve logging when username update fails due to registry tags. !22038
- Align collapsed sidebar avatar container. !22044 (George Tsiolis)
- Rails5: fix artifacts controller download spec Rails5 has params[:file_type] as '' if file_type is included as nil in the request. !22123 (Jasper Maes)
- Hide pagination for personal projects on profile overview tab. !22321
- Extracts scroll position check into reusable functions.
- Uses Vuex store in job details page and removes old mediator pattern.
- Render 412 when invalid UTF-8 parameters are passed to controller.
- Renders Job show page in new Vue app.
- Add link to User Snippets in breadcrumbs of New User Snippet page. (J.D. Bean)
- Log project services errors when executing async.
- Update docs regarding frozen string. (gfyoung)
- Check frozen string in style builds. (gfyoung)
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
## 11.3.11 (2018-11-26)
### Security (33 changes)
- Filter user sensitive data from discussions JSON. !2537
- Escape entity title while autocomplete template rendering to prevent XSS. !2557
- Restrict Personal Access Tokens to API scope on web requests.
- Fix XSS in merge request source branch name.
- Escape user fullname while rendering autocomplete template to prevent XSS.
- Fix CRLF vulnerability in Project hooks.
- Fix possible XSS attack in Markdown urls with spaces.
- Redact sensitive information on gitlab-workhorse log.
- Set timeout for syntax highlighting.
- Do not follow redirects in Prometheus service when making http requests to the configured api url.
- Persist only SHA digest of PersonalAccessToken#token.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Don't expose confidential information in commit message list.
- Markdown API no longer displays confidential title references unless authorized.
- Provide email notification when a user changes their email address.
- Properly filter private references from system notes.
- Redact personal tokens in unsubscribe links.
- Resolve reflected XSS in Ouath authorize window.
- Fix SSRF in project integrations.
- Fix stored XSS in merge requests from imported repository.
- Fixed ability to comment on locked/confidential issues.
- Fixed ability of guest users to edit/delete comments on locked or confidential issues.
- Fix milestone promotion authorization check.
- Monkey kubeclient to not follow any redirects.
- Configure mermaid to not render HTML content in diagrams.
- Redact confidential events in the API.
- Fix xss vulnerability sourced from package.json.
- Fix a possible symlink time of check to time of use race condition in GitLab Pages.
- Removed ability to see private group names when the group id is entered in the url.
- Fix stored XSS for Environments.
- Block loopback addresses in UrlBlocker.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.
## 11.3.10 (2018-11-18)
### Security (1 change)
- Escape user fullname while rendering autocomplete template to prevent XSS.
## 11.3.9 (2018-10-31)
### Security (1 change)
- Monkey kubeclient to not follow any redirects.
## 11.3.8 (2018-10-27)
- No changes.
## 11.3.7 (2018-10-26)
### Security (6 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !2557
- Persist only SHA digest of PersonalAccessToken#token.
- Fix XSS in merge request source branch name.
- Redact personal tokens in unsubscribe links.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.
## 11.3.6 (2018-10-17)
- No changes.
## 11.3.5 (2018-10-15)
### Fixed (2 changes)
- Fix loading issue on some merge request discussion. !21982
- Fix project deletion when there is a export available. !22276
## 11.3.3 (2018-10-04)
- No changes.
## 11.3.2 (2018-10-03)
### Fixed (4 changes)
- Fix NULL pipeline import problem and pipeline user mapping issue. !21875
- Fix migration to avoid an exception during upgrade. !22055
- Fixes admin runners table not wrapping content.
- Fix Error 500 when forking projects with Gravatar disabled.
### Other (1 change)
- Removes the 'required' attribute from the 'project name' field. !21770
## 11.3.1 (2018-09-26)
### Security (6 changes)
- Redact confidential events in the API.
- Set timeout for syntax highlighting.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Fix stored XSS in merge requests from imported repository.
- Fix xss vulnerability sourced from package.json.
- Block loopback addresses in UrlBlocker.
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
## 11.3.0 (2018-09-22)
### Security (5 changes, 1 of them is from the community)
- Disable the Sidekiq Admin Rack session. !21441
- Set issuable_sort, diff_view, and perf_bar_enabled cookies to secure when possible. !21442
- Update rubyzip to 1.2.2 (CVE-2018-1000544). !21460 (Takuya Noguchi)
- Fixed persistent XSS rendering/escaping of diff location lines.
- Block link-local addresses in URLBlocker.
### Removed (1 change)
- Remove Gemnasium service. !21185
### Fixed (83 changes, 24 of them are from the community)
- Hide PAT creation advice for HTTP clone if PAT exists. !18208 (George Thomas @thegeorgeous)
- Allow spaces in wiki markdown links when using CommonMark. !20417
- disable_statement_timeout no longer leak to other migrations. !20503
- Events API now requires the read_user or api scope. !20627 (Warren Parad)
- Fix If-Check the result that a function was executed several times. !20640 (Max Dicker)
- Add migration to cleanup internal_ids inconsistency. !20926
- Fix fallback logic for automatic MR title assignment. !20930 (Franz Liedke)
- Fixed bug when the project logo file is stored in LFS. !20948
- Fix buttons on the new file page wrapping outside of the container. !21015
- Solve tooltip appears under modal. !21017
- Fix Bitbucket Cloud importer omitting replies. !21076
- Fix pipeline fixture seeder. !21088
- Fix blocked user card style. !21095
- Fix empty merge requests not opening in the Web IDE. !21102
- Fix label list item container height when there is no label description. !21106
- Fixes input alignment in user admin form with errors. !21108 (Jacopo Beschi @jacopo-beschi)
- Rails5 fix specs duplicate key value violates unique constraint 'index_gpg_signatures_on_commit_sha'. !21119 (Jasper Maes)
- Add gitlab theme to spam logs pagination. !21145
- Split remembering sorting for issues and merge requests. !21153 (Jacopo Beschi @jacopo-beschi)
- Fix git submodule link for subgroup projects with relative path. !21154
- Fix: Project deletion may not log audit events during group deletion. !21162
- Fix 1px cutoff of emojis. !21180 (gfyoung)
- Auto-DevOps.gitlab-ci.yml: update glibc package to 2.28. !21191 (sgerrand)
- Show google icon in audit log. !21207 (Jan Beckmann)
- Fix bin/secpick error and security branch prefixing. !21210
- Importing a project no longer fails when visibility level holds a string value type. !21242
- Fix attachments not displaying inline with Google Cloud Storage. !21265
- Fix IDE issues with persistent banners. !21283
- Fix "Confidential comments" button not saving in project hooks. !21289
- Bump fog-google to 1.7.0 and google-api-client to 0.23.0. !21295
- Don't use arguments keyword in gettext script. !21296 (gfyoung)
- Fix breadcrumb link to issues on new issue page. !21305 (J.D. Bean)
- Show '< 1%' when percent value evaluated is less than 1 on Stacked Progress Bar. !21306
- API: Catch empty commit messages. !21322 (Robert Schilling)
- Fix SQL error when sorting 2FA-enabled users by name in admin area. !21324
- API: Catch empty code content for project snippets. !21325 (Robert Schilling)
- Avoid nil safe message. !21326 (Yi Siliang)
- Allow date parameters on Issues, Notes, and Discussions API for group owners. !21342 (Florent Dubois)
- Fix remote mirrors failing if Git remotes have not been added. !21351
- Removing a group no longer triggers hooks for project deletion twice. !21366
- Use slugs for default project path and sanitize names before import. !21367
- Vertically centres landscape avatars. !21371 (Vicary Archangel)
- Fix Web IDE unable to commit to same file twice. !21372
- Fix project transfer name validation issues causing a redirect loop. !21408
- Fix Error 500s due to encoding issues when Wiki hooks fire. !21414
- Rails 5: include opclasses in rails 5 schema dump. !21416 (Jasper Maes)
- Bump GitLab Pages to v1.1.0. !21419
- Fix links in RSS feed elements. !21424 (Marc Schwede)
- Allow gaps in multiseries metrics charts. !21427
- Auto-DevOps.gitlab-ci.yml: fix redeploying deleted app gives helm error. !21429
- Use sample data for push event when no commits created. !21440 (Takuya Noguchi)
- Fix importers not assigning a new default group. !21456
- Fix edge cases of JUnitParser. !21469
- Fix breadcrumb link to merge requests on new merge request page. !21502 (J.D. Bean)
- Handle database statement timeouts in usage ping. !21523
- Handles exception during file upload - replaces the stack trace with a small error message. !21528
- Fix closing issue default pattern. !21531 (Samuele Kaplun)
- Fix outdated discussions being shown on Merge Request Changes tab. !21543
- Remove orphaned label links. !21552
- Delete a container registry asynchronously. !21553
- Make MR diff file filter input Clear button functional. !21556
- Replace white spaces in wiki attachments file names. !21569
- API: Use find_branch! in all places. !21614 (Robert Schilling)
- Fixes double +/- on inline diff view. !21634
- Fix broken exports when they include a projet avatar. !21649
- Fix workhorse temp path for namespace uploads. !21650
- Fixed resolved discussions not toggling expanded state on changes tab. !21676
- Update GitLab Shell to v8.3.2. !21701
- Fix absent Click to Expand link on diffs not rendered on first load of Merge Requests Changes tab. !21716
- Update GitLab Shell to v8.3.3. !21750
- Fix import error when archive does not have the correct extension. !21765
- Fixed IDE deleting new files creating wrong state.
- Does not collapse runners section when using pagination.
- Fix Emojis cutting in the right way. (Alexander Popov)
- Fix NamespaceUploader.base_dir for remote uploads.
- Increase width of checkout branch modal box.
- Fixes SVGs for empty states in job page overflowing on mobile.
- Fix checkboxes on runner admin settings - The labels are now clickable.
- Fixed IDE file row scrolling into view when hovering.
- Accept upload files in public/uplaods/tmp when using accelerated uploads.
- Include correct CSS file for xterm in environments page.
- Increase padding in code blocks.
- Fix: Project deletion may not log audit events during user deletion.
### Changed (32 changes, 5 of them are from the community)
- Add default avatar to group. !17271 (George Tsiolis)
- Allow project owners to set up forking relation through API. !18104
- Limit navbar search for current project or group for small viewports. !18634 (George Tsiolis)
- Add Noto Color Emoji font support. !19036 (Alexander Popov)
- Update design of project overview page. !20536
- Improve visuals of language bar on projects. !21006
- Migrate NULL wiki_access_level to correct number so we count active wikis correctly. !21030
- Support a custom action, such as proxying to another server, after /api/v4/internal/allowed check succeeds. !21034
- Remove storage path dependency of gitaly install task. !21101
- Support Kubernetes RBAC for GitLab Managed Apps when adding a existing cluster. !21127
- Change 'Backlog' list title to 'Open' in Issue Boards. !21131
- Enable Auto DevOps Instance Wide Default. !21157
- Allow author to vote on their own issue and MRs. !21203
- Truncate branch names and update "commits behind" text in MR page. !21206
- Adds count for different board list types (label lists, assignee lists, and milestone lists) to usage statistics. !21208
- Render files (`.md`) and wikis using CommonMark. !21228
- Show deprecation message on project milestone page for category tabs. !21236
- Remove redundant header from metrics page. !21282
- Add default parameter to branches API. !21294 (Riccardo Padovani)
- Restrict reopening locked issues for non authorized issue authors. !21299
- Send back required object storage PUT headers in /uploads/authorize API. !21319
- Display default status emoji if only message is entered. !21330
- Move badge settings to general settings. !21333
- Move project settings for default branch under "Repository". !21380
- Import all common metrics into database. !21459
- Improved commit panel in Web IDE. !21471
- Administrative cleanup rake tasks now leverage Gitaly. !21588
- Remove health check feature flag in BackgroundMigrationWorker.
- Expose user's id in /admin/users/ show page. (Eva Kadlecova)
- Improved styling of top bar in IDE job trace pane.
- Make terminal button more visible.
- Shows download artifacts button for pipelines on small screens.
### Performance (13 changes, 2 of them are from the community)
- Enable frozen string in rest of app/models/**/*.rb.
- Add background migrations for legacy artifacts. !18615
- Optimize querying User#manageable_groups. !21050
- Incremental rendering with Vue on merge request page. !21063
- Remove redundant ci_builds (status) index. !21070
- Enable frozen in app/mailers/**/*.rb. !21147 (gfyoung)
- Improve performance when fetching related merge requests for an issue. !21237
- Speed up diff comparisons by limiting number of commit messages rendered. !21335
- Write diff highlighting cache upon MR creation (refactors caching). !21489
- Bulk-render commit titles in the tree view to improve performance. !21500
- Enable frozen string in vestigial app files. (gfyoung)
- Disable project avatar validation if avatar has not changed.
- Bitbucket Server importer: Eliminate most idle-in-transaction issues.
### Added (41 changes, 17 of them are from the community)
- API: Protected tags. !14986 (Robert Schilling)
- Include private contributions to contributions calendar. !17296 (George Tsiolis)
- Add an option to whitelist users based on email address as internal when the "New user set to external" setting is enabled. !17711 (Roger Rüttimann)
- Overhaul listing of projects in the group overview page. !20262
- Add the ability to reference projects in comments and other markdown text. !20285 (Reuben Pereira)
- Add branch filter to project webhooks. !20338 (Duana Saskia)
- Allows to cancel a Created job. !20635 (Jacopo Beschi @jacopo-beschi)
- First Improvements made to the contributor on-boarding experience. !20682 (Eddie Stubbington)
- `/tag` quick action on Commit comments. !20694 (Peter Leitzen)
- Allow admins to configure the maximum Git push size. !20758
- Expose all artifacts sizes in jobs api. !20821 (Peter Marko)
- Get the merge base of two refs through the API. !20929
- Add ability to suppress the global "You won't be able to use SSH" message. !21027 (Ævar Arnfjörð Bjarmason)
- API: Add expiration date for shared projects to the project entity. !21104 (Robert Schilling)
- Added tooltips to tree list header. !21138
- #47845 Add failure_reason to job webhook. !21143 (matemaciek)
- Vendor Auto-DevOps.gitlab-ci.yml with new proxy env vars passed through to docker. !21159 (kinolaev)
- Disable Auto DevOps for project upon first pipeline failure. !21172
- Add rake command to migrate archived traces from local storage to object storage. !21193
- Add Czech as an available language. !21201
- Add Galician as an available language. !21202
- Add support for extendable CI/CD config with. !21243
- Disable Web IDE button if user is not allowed to push the source branch. !21288
- Feature flag to disable Hashed Storage migration when renaming a repository. !21291
- Store wiki uploads inside git repository. !21362
- Adds Rubocop rule to enforce class_methods over module ClassMethods. !21379 (Jacopo Beschi @jacopo-beschi)
- Merge request copies all associated issue labels and milestone on creation. !21383
- Add group name badge under group milestone. !21384
- Adds diverged_commits_count field to GET api/v4/projects/:project_id/merge_requests/:merge_request_iid. !21405 (Jacopo Beschi @jacopo-beschi)
- Update Import/Export to only use new storage uploaders logic. !21409
- Ask user explicitly about usage stats agreement on single user deployments. !21423
- Added atom feed for tags. !21428
- Add search to a group labels page. !21480
- Display banner on project page if AutoDevOps is implicitly enabled. !21503
- Recognize 'UNLICENSE' license files. !21508 (J.D. Bean)
- Add git_v2 feature flag. !21520
- Added file templates to the Web IDE.
- Enabled multiple file uploads in the Web IDE.
- Allow to delete group milestones.
- Use separate model for tracking resource label changes and render label system notes based on data from this model.
- Add system note when due date is changed. (Eva Kadlecova)
### Other (48 changes, 16 of them are from the community)
- Remove extra spaces from MR discussion notes. !18946 (Takuya Noguchi)
- Add an example of the configuration of archive trace cron worker in gitlab.yml.example. !20583
- Add target branch name to cherrypick confirmation message. !20846 (George Andrinopoulos)
- CE Port of Protected Environments backend. !20859
- Added missing i18n strings to issue boards lables dropdown. !21081
- Combines emoji award spec files into single user_interacts_with_awards_in_issue_spec.rb file. !21126 (Nate Geslin)
- Clarify current runners online text. !21151 (Ben Bodenmiller)
- Rails5: Enable verbose query logs. !21231 (Jasper Maes)
- Update presentation for SSO providers on log in page. !21233
- Make margin of user status emoji consistent. !21268
- Move usage ping payload from User Cohorts page to admin application settings. !21343
- Add JSON logging for Bitbucket Server importer. !21378
- Re-add project name field on "Create new project" page. !21386
- Rails 5: replace removed silence_stream. !21387 (Jasper Maes)
- Rails5 update Gemfile.rails5.lock. !21388 (Jasper Maes)
- Rails5: fix can't quote ActiveSupport::HashWithIndifferentAccess. !21397 (Jasper Maes)
- Don't show flash messages for performance bar errors. !21411
- Backport schema_changed.sh from EE which prints the diff if the schema is different. !21422 (Jasper Maes)
- Remove unused CSS part in mobile framework. !21439 (Takuya Noguchi)
- Bump unauthenticated session time from 1 hour to 2 hours. !21453
- Run review-docs-cleanup job for gitlab-org repos only. !21463 (Takuya Noguchi)
- Rails 5: support schema t.index for mysql. !21485 (Jasper Maes)
- Add route information to lograge structured logging for API logs. !21487
- Add gitaly_calls attribute to API logs. !21496
- Ignore irrelevant sql commands in metrics. !21498
- Rails 5: fix hashed_path? method that looks up file_location that doesn't exist when running certain migration specs. !21510 (Jasper Maes)
- Explicit hashed path check for trace, prevents background migration from accessing file_location column that doesn't exist. !21533 (Jasper Maes)
- Add terminal_path to job API response. !21537
- Add User-Agent to production_json.log. !21546
- Make cluster page settings easier to read. !21550
- Remove striped table styling of Find files and Admin Area Applications views. !21560 (Andreas Kämmerle)
- Update ffi to 1.9.25. !21561 (Takuya Noguchi)
- Send max_patch_bytes to Gitaly via Gitaly::CommitDiffRequest. !21575
- Add margin between username and subsequent text in issuable header. !21697
- Send artifact information in job API. !50460
- Reduce differences between CE and EE code base in reports components.
- Move project services log to a separate file.
- Creates vue component for job log top bar with controllers.
- Creates Vue component for trigger variables block in job log page.
- Creates Vvue component for warning block about stuck runners.
- Creates vue component for job log trace.
- Creates vue component for erased block on job view.
- Creates vue component for environments information in job log view.
- Upgrade Monaco editor.
- Creates empty state vue component for job view.
- Creates vue component for commit block in job log page.
- Creates vue components for stage dropdowns and job list container for job log view.
- Creates Vue component for artifacts block on job page.
## 11.2.8 (2018-10-31)
### Security (1 change)
- Monkey kubeclient to not follow any redirects.
## 11.2.7 (2018-10-27)
- No changes.