CHANGELOG.md

**Note:** This file is automatically generated. Please see the [developer
documentation](doc/development/changelog.md) for instructions on adding your own
entry.

## 11.5.3 (2018-12-06)

### Security (1 change)

- Prevent a path traversal attack on global file templates.


## 11.5.2 (2018-12-03)

### Removed (1 change)

- Removed Site Statistics optimization as it was causing problems. !23314

### Fixed (6 changes, 1 of them is from the community)

- Display impersonation token value only after creation. !22916
- Fix not render emoji in filter dropdown. !23112 (Hiroyuki Sato)
- Fixes stuck tooltip on stop env button. !23244
- Correctly handle data-loss scenarios when encrypting columns. !23306
- Clear BatchLoader context between Sidekiq jobs. !23308
- Fix handling of filenames with hash characters in tree view. !23368


## 11.5.1 (2018-11-26)

### Security (17 changes)

- Escape user fullname while rendering autocomplete template to prevent XSS.
- Fix CRLF vulnerability in Project hooks.
- Fix possible XSS attack in Markdown urls with spaces.
- Redact sensitive information on gitlab-workhorse log.
- Do not follow redirects in Prometheus service when making http requests to the configured api url.
- Don't expose confidential information in commit message list.
- Provide email notification when a user changes their email address.
- Restrict Personal Access Tokens to API scope on web requests.
- Resolve reflected XSS in Ouath authorize window.
- Fix SSRF in project integrations.
- Fixed ability to comment on locked/confidential issues.
- Fixed ability of guest users to edit/delete comments on locked or confidential issues.
- Fix milestone promotion authorization check.
- Configure mermaid to not render HTML content in diagrams.
- Fix a possible symlink time of check to time of use race condition in GitLab Pages.
- Removed ability to see private group names when the group id is entered in the url.
- Fix stored XSS for Environments.


## 11.5.0 (2018-11-22)

### Security (10 changes, 1 of them is from the community)

- Escape entity title while autocomplete template rendering to prevent XSS. !2556
- Update moment to 2.22.2. !22648 (Takuya Noguchi)
- Redact personal tokens in unsubscribe links.
- Escape user fullname while rendering autocomplete template to prevent XSS.
- Persist only SHA digest of PersonalAccessToken#token.
- Monkey kubeclient to not follow any redirects.
- Prevent SSRF attacks in HipChat integration.
- Prevent templated services from being imported.
- Validate Wiki attachments are valid temporary files.
- Fix XSS in merge request source branch name.

### Removed (2 changes)

- Remove Git circuit breaker. !22212
- Remove Koding integration and documentation. !22334

### Fixed (74 changes, 15 of them are from the community)

- Hide all tables on Pipeline when no Jobs for the Pipeline. !18540 (Takuya Noguchi)
- Fixing count on Milestones. !21446
- Use case insensitve username lookups. !21728 (William George)
- Correctly process Bamboo API result array. !21970 (Alex Lossent)
- Fix 'merged with' UI being displayed when merge request has no merge commit. !22022
- Fix broken file name navigation on MRs. !22109
- Fix incorrect spacing between buttons when commenting on a MR. !22135
- Vertical align Pipeline Graph in Commit Page. !22173 (Johann Hubert Sonntagbauer)
- Reject invalid branch names in repository compare controller. !22186
- Fix size of emojis of user status in user menu. !22194
- Use the standard PIP_CACHE_DIR for Python dependency caching template. !22211 (Takuya Noguchi)
- Fix bug with wiki attachments content disposition. !22220
- Does not allow a SSH URI when importing new projects. !22309
- fix duplicated key in license management job auto devops gitlab ci template. !22311 (Adam Lemanski)
- Fix commit signature error when project is disabled. !22344
- Show available clusters when installed or updated. !22356
- Fix auto-corrected upload URLs in webhooks. !22361
- Fix a bug displaying certain wiki pages. !22377
- Fix prometheus graphs in firefox. !22400
- Resolve assign-me quick action doesn't work if there is extra white space. !22402
- Remove base64 encoding from files that contain plain text. !22425
- Strip whitespace around GitHub personal access tokens. !22432
- Fix 500 error when testing webhooks with redirect loops. !22447 (Heinrich Lee Yu)
- Fix rendering of 'Protected' value on Runner details page. !22459
- Fix bug stopping non-admin users from changing visibility level on group creation. !22468
- Make Issue Board sidebar show project-specific labels based on selected Issue. !22475
- Fix EOF detection with CI artifacts metadata. !22479
- Fix transient spec error in the bar_chart component. !22495
- Resolve LFS not correctly showing enabled. !22501
- If user was not found, service hooks won't run on post receive background job. !22519
- Fix broken "Show whitespace changes" button on MRs. !22539
- Always show new issue button in boards' Open list. !22557 (Heinrich Lee Yu)
- Add transparent background to markdown header tabs. !22565 (George Tsiolis)
- Use gitlab_environment for ldap rake task. !22582
- Add commit message to commit tree anchor title. !22585
- Cache pipeline status per SHA. !22589
- Change HELM_HOST in Auto-DevOps template to work behind proxy. !22596 (Sergej Nikolaev <kinolaev@gmail.com>)
- Show user status for label events in system notes. !22609
- Fix extra merge request versions created from forked merge requests. !22611
- Remove PersonalAccessTokensFinder#find_by method. !22617
- Fix search "all in GitLab" not working with relative URLs. !22644
- Fix quick links button styles. !22657 (George Tsiolis)
- Fix #53298: JupyterHub restarts should work without errors. !22671 (Amit Rathi)
- Fix incompatibility with IE11 due to non-transpiled gitlab-ui components. !22695
- Fix bug when links in tabs of the labels index pages ends with .html. !22716
- Fixed label removal from issue. !22762
- Align toggle sidebar button across all browsers and OSs. !22771
- Disable replication lag check for Aurora PostgreSQL databases. !22786
- Render unescaped link for failed pipeline status. !22807
- Fix misaligned approvers dropdown. !22832
- Fix bug with wiki page create message. !22849
- Fix rendering of filter bar tokens for special values. !22865 (Heinrich Lee Yu)
- Align sign in button. !22888 (George Tsiolis)
- Fix error handling bugs in kubernetes integration. !22922
- Fix deployment jobs using nil KUBE_TOKEN due to migration issue. !23009
- Avoid returning deployment metrics url to MR widget when the deployment is not successful. !23010
- Fix a race condition intermittently breaking GitLab startup. !23028
- Adds margin after a deleted branch name in the activity feed. !23038
- Ignore environment validation failure. !23100
- Fixes broken borders for reports section in MR widget.
- Adds CI favicon back to jobs page.
- Redirect to the pipeline builds page when a build is canceled. (Eva Kadlecova)
- Fixed diff stats not showing when performance bar is enabled.
- Show expand all diffs button when a single diff file is collapsed.
- Clear fetched file templates when changing template type in Web IDE.
- Fix bug causing not all emails to show up in commit email selectbox.
- Remove duplicate escape in job sidebar.
- Fixing styling issues on the scheduled pipelines page.
- Renders stuck block when runners are stuck.
- Removes extra border from test reports in the merge request widget.
- Only render link to branch when branch still exists in pipeline page.
- Fixed source project not filtering in merge request creation compare form.
- Do not reload self on hooks when creating deployment.
- Fixes broken test in master.

### Changed (38 changes, 12 of them are from the community)

- Link button in markdown editor recognize URLs. !1983 (Johann Hubert Sonntagbauer)
- Replace i to icons in vue components. !20748 (George Tsiolis)
- Remove Linguist gem, reducing Rails memory usage by 128MB per process. !21008
- Issue board card design. !21229
- On deletion of a file in sub directory in web IDE redirect to the sub directory instead of project root. !21465 (George Thomas @thegeorgeous)
- Change single-item breadcrumbs to page titles. !22155
- Improving branch filter sorting by listing exact matches first and added support for begins_with (^) and ends_with ($) matching. !22166 (Jason Rutherford)
- Remove legacy unencrypted webhook columns from the database. !22199
- Show canary status in the performance bar. !22222
- Add failure reason for execution timeout. !22224
- Rename "scheduled" label/badge of delayed jobs to "delayed". !22245
- Update the empty state on wiki-only projects to display an empty state that is more consistent with the rest of the system. !22262
- Add IID headers to E-Mail notifications. !22263
- Allow finding the common ancestor for multiple revisions through the API. !22295
- Add status to Deployment. !22380
- Add dynamic timer to delayed jobs. !22382
- No longer require a deploy to start Prometheus monitoring. !22401
- Secret Variables renamed to CI Variables in the codebase, to match UX. !22414 (Marcel Amirault @ravlen)
- Automatically navigate to last board visited. !22430
- Use merge request prefix symbol in event feed title. !22449 (George Tsiolis)
- Update Ruby version in README. !22466 (J.D. Bean)
- Reword error message for internal CI unknown pipeline status. !22474
- Bump mermaid to 8.0.0-rc.8. !22509 (@blackst0ne)
- Update Todo icons in collapsed sidebar for Issues and MRs. !22534
- Support backward compatibility when introduce new failure reason. !22566
- Add dynamic timer for delayed jobs in pipelines list. !22621
- Truncate milestone title on collapsed sidebar. !22624 (George Tsiolis)
- Standardize milestones filter in APIs to None / Any. !22637 (Heinrich Lee Yu)
- Add dynamic timer for delayed jobs in job list. !22656
- Allowing issues with single letter identifiers to be linked to external issue tracker (f.ex T-123). !22717 (Dídac Rodríguez Arbonès)
- Update project and group labels empty state. !22745 (George Tsiolis)
- Fix environment status in merge request widget. !22799
- Paginate Bitbucket Server importer projects. !22825
- Drop `allow_overflow` option in `TimeHelper.duration_in_numbers`. !52284
- Add 'only history' option to notes filter.
- Adds filtered dropdown with changed files in review.
- Expose {closed,merged}_{at,by} in merge requests API index.
- Make all legacy security reports to use raw format.

### Performance (27 changes, 6 of them are from the community)

- Add preload for routes and namespaces for issues controller. !21651
- Enhance performance of counting local LFS objects. !22143
- Use cached readme contents when available. !22325
- Experimental support for running Puma multithreaded web-server. !22372
- Enhance performance of counting local Uploads. !22522
- Reduce SQL queries needed to load open merge requests. !22709
- Significantly cut memory usage and SQL queries when reloading diffs. !22725
- Optimize merge request refresh by using the database to check commit SHAs. !22731
- Remove dind from license_management auto-devops job definition. !22732
- Add index to find stuck merge requests. !22749
- Allow Rails concurrency when running in Puma. !22751
- Improve performance of rendering large reports. !22835
- Improves performance of stuck import jobs detection. !22879
- Rewrite SnippetsFinder to improve performance by a factor of 1500.
- Enable more frozen string in lib/**/*.rb. (gfyoung)
- Enable some frozen string in lib/gitlab. (gfyoung)
- Enable even more frozen string in lib/**/*.rb. (gfyoung)
- Improve performance of tree rendering in repositories with lots of items.
- Remove gitlab-ui's tooltip from global.
- Remove gitlab-ui's progress bar from global.
- Remove gitlab-ui's pagination from global.
- Remove gitlab-ui's modal from global.
- Remove gitlab-ui's loading icon from global.
- Enable frozen string for lib/gitlab/*.rb. (gfyoung)
- Enable frozen string for lib/gitlab/ci. (gfyoung)
- Enable frozen string for remaining lib/gitlab/ci/**/*.rb. (gfyoung)
- Adds pagination to pipelines table in merge request page.

### Added (33 changes, 11 of them are from the community)

- Add endpoint to update a git submodule reference. !20949
- Add license data to projects endpoint. !21606 (J.D. Bean (@jdbean))
- Allow to configure when to retry failed CI jobs. !21758 (Markus Doits)
- Add API endpoint to list issue related merge requests. !21806 (Helmut Januschka)
- Add the Play button for delayed jobs in environment page. !22106
- Switch between tree list & file list in diffs file browser. !22191
- Re-arrange help-related user menu items into new Help menu. !22195
- Adds trace of each access check when git push times out. !22265
- Add email for milestone change. !22279
- Show post-merge pipeline in merge request page. !22292
- Add Applications API endpoints for listing and deleting entries. !22296 (Jean-Baptiste Vasseur)
- Added `Any` option to milestones filter. !22351 (Heinrich Lee Yu)
- Improve validation errors for external CI/CD configuration. !22394
- Introduce new model to persist specific cluster information. !22404
- Add background migration to populate Kubernetes namespaces. !22433
- Add support for JSON logging for audit events. !22471
- Adds option to override commit email with a noreply private email. !22560
- Add None/Any option for assignee_id in Issues and Merge Requests API. !22598 (Heinrich Lee Yu)
- Add None/Any option for assignee_id in search bar. !22599 (Heinrich Lee Yu)
- Implement parallel job keyword. !22631
- Add None / Any options to reactions filter. !22638 (Heinrich Lee Yu)
- Make index.* render like README.* when it's present in a repository. !22639 (Jakub Jirutka)
- Allow adding patches when creating a merge request via email. !22723 (Serdar Dogruyol)
- Bump Gitaly to 0.129.0. !22868
- Allow commenting on any diff line in Merge Requests. !22914
- Add revert to commits API. !22919
- Introduce Knative support. !43959 (Chris Baumbauer)
- Reimplemented image commenting in merge request diffs.
- Soft-archive old jobs.
- Renders warning info when job is archieved.
- Support licenses and performance.
- Filter notes by comments or activity for issues and merge requests.
- Bump Gitaly to 0.128.0.

### Other (54 changes, 18 of them are from the community)

- Remove .card-title from .card-header for BS4 migration. !19335 (Takuya Noguchi)
- Update group settings/edit page to new design. !21115
- Change markdown header tab anchor links to buttons. !21988 (George Tsiolis)
- Replace tooltip in markdown component with gl-tooltip. !21989 (George Tsiolis)
- Extend RBAC by having a service account restricted to project's namespace. !22011
- Update images in group docs. !22031 (Marc Schwede)
- Add gitlab:gitaly:check task for Gitaly health check. !22063
- Add new sort option "most_stars" to "Group > Children" pages. !22121 (Rene Hennig)
- Fix inaccessible dropdown for code-less projects. !22137
- Rails5: fix user edit profile clear status spec. !22169 (Jasper Maes)
- Rails 5: fix mysql milliseconds problems in scheduled build specs. !22170 (Jasper Maes)
- Focus project slug on tab navigation. !22198
- Redesign activity feed. !22217
- Update used version of Runner Helm Chart to 0.1.34. !22274
- Update environments empty state. !22297 (George Tsiolis)
- Adds model and migrations to enable group level clusters. !22307
- Use literal instead of constructor for creating regex. !22367
- Remove prometheus configuration help text. !22413 (George Tsiolis)
- Rails5: fix deployment model spec. !22428 (Jasper Maes)
- Change to top level controller for clusters so that we can use it for project clusters (now) and group clusters (later). !22438
- Remove empty spec describe blocks. !22451 (George Tsiolis)
- Change branch font type in tag creation. !22454 (George Tsiolis)
- Rails5: fix delete blob. !22456 (Jasper Maes)
- Start tracking shards and pool repositories in the database. !22482
- Allow kubeclient to call RoleBinding methods. !22524
- Introduce new kubernetes helpers. !22525
- Adds container to pager to enable scoping. !22529
- Update used version of Runner Helm Chart to 0.1.35. !22541
- Removes experimental labels from cluster views. !22550
- Combine all datetime library functions into 'datetime_utility.js'. !22570
- Upgrade Prometheus to 2.4.3 and Alertmanager to 0.15.2. !22600
- Fix stage dropdown not rendering in different languages. !22604
- Remove asset_sync gem from Gemfile and related code from codebase. !22610
- Use key-value pair arrays for API query parameter logging instead of hashes. !22623
- Replace deprecated uniq on a Relation with distinct. !22625 (Jasper Maes)
- Remove mousetrap-rails gem. !22647 (Takuya Noguchi)
- Fix IDE typos in props. !22685 (George Tsiolis)
- Add scheduled flag to job entity. !22710
- Remove `ci_enable_scheduled_build` feature flag. !22742
- Add endpoints for simulating certain failure modes in the application. !22746
- Bump KUBERNETES_VERSION for Auto DevOps to latest 1.10 series. !22757
- Fix statement timeouts in RemoveRestrictedTodos migration. !22795
- Rails5: fix mysql milliseconds issue in deployment model specs. !22850 (Jasper Maes)
- Update GitLab-Workhorse to v7.1.0. !22883
- Update JIRA service UI to accept email and API token.
- Update wiki empty state. (George Tsiolis)
- Only renders dropdown for review app changes when we have a list of files to show. Otherwise will render the regular review app button.
- Associate Rakefile with Ruby icon in diffs.
- Uses gitlab-ui components in jobs components.
- Create new group: Rename form fields and update UI.
- Transform job page into a single Vue+Vuex application.
- Updates svg dependency.
- Adds missing i18n to pipelines table.
- Disables stop environment button while the deploy is in progress.


## 11.4.9 (2018-12-03)

### Fixed (2 changes)

- Display impersonation token value only after creation. !22916
- Correctly handle data-loss scenarios when encrypting columns. !23306


## 11.4.8 (2018-11-27)

### Security (24 changes)

- Escape entity title while autocomplete template rendering to prevent XSS. !2571
- Resolve reflected XSS in Ouath authorize window.
- Fix XSS in merge request source branch name.
- Escape user fullname while rendering autocomplete template to prevent XSS.
- Fix CRLF vulnerability in Project hooks.
- Fix possible XSS attack in Markdown urls with spaces.
- Redact sensitive information on gitlab-workhorse log.
- Do not follow redirects in Prometheus service when making http requests to the configured api url.
- Persist only SHA digest of PersonalAccessToken#token.
- Don't expose confidential information in commit message list.
- Provide email notification when a user changes their email address.
- Restrict Personal Access Tokens to API scope on web requests.
- Redact personal tokens in unsubscribe links.
- Fix SSRF in project integrations.
- Fixed ability to comment on locked/confidential issues.
- Fixed ability of guest users to edit/delete comments on locked or confidential issues.
- Fix milestone promotion authorization check.
- Monkey kubeclient to not follow any redirects.
- Configure mermaid to not render HTML content in diagrams.
- Fix a possible symlink time of check to time of use race condition in GitLab Pages.
- Removed ability to see private group names when the group id is entered in the url.
- Fix stored XSS for Environments.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.


## 11.4.7 (2018-11-20)

- No changes.

## 11.4.6 (2018-11-18)

### Security (1 change)

- Escape user fullname while rendering autocomplete template to prevent XSS.


## 11.4.5 (2018-11-04)

### Fixed (4 changes, 1 of them is from the community)

- fix link to enable usage ping from convdev index. !22545 (Anand Capur)
- Update gitlab-ui dependency to 1.8.0-hotfix.1 to fix IE11 bug.
- Remove duplicate escape in job sidebar.
- Fixed merge request fill tree toggling not respecting fluid width preference.

### Other (1 change)

- Fix stage dropdown not rendering in different languages.


## 11.4.4 (2018-10-30)

### Security (1 change)

- Monkey kubeclient to not follow any redirects.


## 11.4.3 (2018-10-26)

- No changes.

## 11.4.2 (2018-10-25)

### Security (5 changes)

- Escape entity title while autocomplete template rendering to prevent XSS. !2571
- Persist only SHA digest of PersonalAccessToken#token.
- Redact personal tokens in unsubscribe links.
- Block loopback addresses in UrlBlocker.
- Validate Wiki attachments are valid temporary files.


## 11.4.1 (2018-10-23)

### Security (2 changes)

- Fix XSS in merge request source branch name.
- Prevent SSRF attacks in HipChat integration.


## 11.4.0 (2018-10-22)

### Security (9 changes)

- Filter user sensitive data from discussions JSON. !2536
- Encrypt webhook tokens and URLs in the database. !21645
- Redact confidential events in the API.
- Set timeout for syntax highlighting.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Markdown API no longer displays confidential title references unless authorized.
- Properly filter private references from system notes.
- Fix stored XSS in merge requests from imported repository.
- Fix xss vulnerability sourced from package.json.

### Removed (2 changes)

- Remove background job throttling feature. !21748
- Remove sidekiq info from performance bar.

### Fixed (68 changes, 18 of them are from the community)

- Fixes 500 for cherry pick API with empty branch name. !21501 (Jacopo Beschi @jacopo-beschi)
- Fix sorting by priority or popularity on group issues page, when also searching issue content. !21521
- Fix vertical alignment of text in diffs. !21573
- Fix performance bar modal position. !21577
- Bump KaTeX version to 0.9.0. !21625
- Correctly show legacy diff notes in the merge request changes tab. !21652
- Synchronize the default branch when updating a remote mirror. !21653
- Filter group milestones based on user membership. !21660
- Fix double title in merge request chat messages. !21670 (Kukovskii Vladimir)
- Delete container repository tags outside of transaction. !21679
- Images are no longer displayed in Todo descriptions. !21704
- Fixed merge request widget discussion state not updating after resolving discussions. !21705
- Vendor Auto-DevOps.gitlab-ci.yml to fix bug where the deploy job does not wait for Deployment to complete. !21713
- Use Reliable Sidekiq fetch. !21715
- No longer show open issues from archived projects in group issue board. !21721
- Issue and MR count now ignores archived projects. !21721
- Fix resizing of monitoring dashboard. !21730
- Fix object storage uploads not working with AWS v2. !21731
- Don't ignore first action when assign and unassign quick actions are used in the same comment. !21749
- Align form labels following Bootstrap 4 docs. !21752
- Respect the user commit email in more places. !21773
- Use stats RPC when comparing diffs. !21778
- Show commit details for selected commit in MR diffs. !21784
- Resolve "Geo: Does not mark repositories as missing on primary due to stale cache". !21789
- Fix leading slash in redirects and add rubocop cop. !21828 (Sanad Liaquat)
- Fix activity titles for MRs in chat notification services. !21834
- Hides Close Merge request btn on merged Merge request. !21840 (Jacopo Beschi @jacopo-beschi)
- Doesn't synchronize the default branch for push mirrors. !21861
- Fix broken styling when issue board is collapsed. !21868 (Andrea Leone)
- Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse. !21870 (David Piegza)
- Fix resolved discussions being unresolved when commented on. !21881
- Fix timeout when running the RemoveRestrictedTodos background migration. !21893
- Enable the ability to use the force env for rebuilding authorized_keys during a restore. !21896
- Fix link handling for issue cards to avoid too sensitive drag events. !21910 (Johann Hubert Sonntagbauer)
- Guard against a login attempt with invalid CSRF token. !21934
- Allow setting user's organization and location attributes through the API by adding them to the list of allowed parameters. !21938 (Alexis Reigel)
- Includes commit stats in POST project commits API. !21968 (Jacopo Beschi @jacopo-beschi)
- Fix loading issue on some merge request discussion. !21982
- Prevent Error 500s with invalid relative links. !22001
- Fix stale issue boards after browser back. !22006 (Johann Hubert Sonntagbauer)
- Filter issues without an Assignee via the API. !22009 (Eva Kadlecová)
- Fixes modal button alignment. !22024 (Jacopo Beschi @jacopo-beschi)
- Fix rendering placeholder notes. !22078
- Instance Configuration page now displays correct SSH fingerprints. !22081
- Fix showing diff file header for renamed files. !22089
- Fix LFS uploaded images not being rendered. !22092
- Fix the issue where long environment names aren't being truncated, causing the environment name to overlap into the column next to it. !22104
- Trim whitespace when inviting a new user by email. !22119 (Jacopo Beschi @jacopo-beschi)
- Fix incorrect parent path on group settings page. !22142
- Update copy to clipboard button data for application secret. !22268 (George Tsiolis)
- Improve MR file tree in smaller screens. !22273
- Fix project deletion when there is a export available. !22276
- Fixes stuck block URL linking to documentation instead of settings page. !22286
- Fix caching issue with pipelines URL. !22293
- Fix erased block not being rendered when job was erased. !22294
- Load correct stage in the stages dropdown. !22317
- Fixes close/reopen quick actions preview for issues and merge_requests. !22343 (Jacopo Beschi @jacopo-beschi)
- Allow Issue and Merge Request sidebar to be toggled from collapsed state. !22353
- Fix filter bar height bug when a tag is added.
- Fix the state of the Done button when there is an error in the GitLab Todos section. (marcos8896)
- Fix wrong text color of help text in merge request creation. (Gerard Montemayor)
- Add borders and white background to markdown tables.
- Fixed mention autocomplete in edit merge request.
- Fix long webhook URL overflow for custom integration. (Kukovskii Vladimir)
- Fixed file templates not fully being fetched in Web IDE.
- Fixes performance bar looking for a key in a undefined prop.
- Hides sidebar for job page in mobile.
- Fixes triggered/created labeled in job header.

### Changed (26 changes, 4 of them are from the community)

- Enable unauthenticated access to public SSH keys via the API. !20118 (Ronald Claveau)
- Support Kubernetes RBAC for GitLab Managed Apps when creating new clusters. !21401
- Highlight current user in comments. !21406
- Excludes project marked from deletion to projects API. !21542 (Jacopo Beschi @jacopo-beschi)
- Improve install flow of Kubernetes cluster apps. !21567
- Move including external files in .gitlab-ci.yml from Starter to Libre. !21603
- Simplify runner registration token resetting. !21658
- Filter any parameters ending with "key" in logs. !21688
- Ensure the schema is loaded with post_migrations included. !21689
- Updated icons used in filtered search dropdowns. !21694
- Enable omniauth by default. !21700
- Vendor Auto-DevOps.gitlab-ci.yml to refactor registry_login. !21714 (Laurent Goderre @LaurentGoderre)
- Add Gitaly diff stats RPC client. !21732
- Allow user to revoke an authorized application even if User OAuth applications setting is disabled in admin settings. !21835
- Change vertical margin of page titles to 16px. !21888
- Preserve order of project tags list. !21897
- Avoid close icon leaving the modal header. !21904
- Allow /copy_metadata for new issues and MRs. !21953
- Link to the tag for a version on the help page instead of to the commit. !22015
- Show SHA for pre-release versions on the help page. !22026
- Use local tiller for Auto DevOps. !22036
- Remove 'rbac_clusters' feature flag. !22096
- Increased retained event data by extending events pruner timeframe to 2 years. !22145
- Add installation type to backup information file. !22150
- Remove duplicate button from the markdown header toolbar. !22192 (George Tsiolis)
- Update to Rouge 3.3.0 including frozen string literals for improved memory usage.

### Performance (17 changes, 6 of them are from the community)

- Enable frozen string in app/controllers/**/*.rb.
- Improve lazy image loading performance by using IntersectionObserver where available. !21565
- Adds support for Gitaly ListLastCommitsForTree RPC in order to make bulk-fetch of commits more performant. !21921
- Dont create license_management build when not included in license. !21958
- Skip creating auto devops jobs for sast, container_scanning, dast, dependency_scanning when not licensed. !21959
- Reduce queries needed to compute notification recipients. !22050
- Banzai label ref finder - minimize SQL calls by sharing context more aggresively. !22070
- Removes expensive dead code on main MR page request. !22153
- Lazy load xterm custom colors css.
- Mitigate N+1 queries when parsing commit references in comments.
- Enable more frozen string in app/controllers/. (gfyoung)
- Increase performance when creating discussions on diff.
- Enable frozen string in lib/api and lib/backup. (gfyoung)
- Enable frozen string in vestigial files. (gfyoung)
- Enable frozen string for app/helpers/**/*.rb. (gfyoung)
- Enable frozen string in app/graphql + app/finders. (gfyoung)
- Enable even more frozen string in app/controllers. (gfyoung)

### Added (37 changes, 21 of them are from the community)

- Allow file templates to be requested at the project level. !7776
- Add /lock and /unlock quick actions. !15197 (Mehdi Lahmam (@mehlah))
- Added search functionality for Work In Progress (WIP) merge requests. !18119 (Chantal Rollison)
- pipeline webhook event now contain pipeline variables. !18171 (Pierre Tardy)
- Add markdown header toolbar button to insert table. !18480 (George Tsiolis)
- Add link button to markdown editor toolbar. !18579 (Jan Beckmann)
- Add access control to GitLab pages and make it possible to enable/disable it in project settings. !18589 (Tuomo Ala-Vannesluoma)
- Add a filter bar to the admin runners view and add a state filter. !19625 (Alexis Reigel)
- Add a type filter to the admin runners view. !19649 (Alexis Reigel)
- Allow user to choose the email used for commits made through GitLab's UI. !21213 (Joshua Campbell)
- Add autocomplete drop down filter for project snippets. !21458 (Fabian Schneider)
- Allow events filter to be set in the URL in addition to cookie. !21557 (Igor @igas)
- Adds a initialize_with_readme parameter to POST /projects. !21617 (Steve)
- Add ability to skip user email confirmation with API. !21630
- Add sorting for labels on labels page. !21642
- Set user status from within user menu. !21643
- Copy nurtch demo notebooks at Jupyter startup. !21698 (Amit Rathi)
- Allows to sort projects by most stars. !21762 (Jacopo Beschi @jacopo-beschi)
- Allow pipelines to schedule delayed job runs. !21767
- Added tree of changed files to merge request diffs. !21833
- Add GitLab version components to CI environment variables. !21853
- Allows to chmod file with commits API. !21866 (Jacopo Beschi @jacopo-beschi)
- Make single diff patch limit configurable. !21886
- Extend reports feature to support Security Products. !21892
- Adds the user's public_email attribute to the API. !21909 (Alexis Reigel)
- Update all gitlab CI templates from gitlab-org/gitlab-ci-yml. !21929
- Add support for setting the public email through the api. !21938 (Alexis Reigel)
- Support db migration and initialization for Auto DevOps. !21955
- Add subscribe filter to group and project labels pages. !21965
- Add support for pipeline only/except policy for modified paths. !21981
- Docs for Project/Groups members API with inherited members. !21984 (Jacopo Beschi @jacopo-beschi)
- Adds Web IDE commits to usage ping. !22007
- Add timed incremental rollout to Auto DevOps. !22023
- Show percentage of language detection on the language bar. !22056 (Johann Hubert Sonntagbauer)
- Allows to filter issues by Any milestone in the API. !22080 (Jacopo Beschi @jacopo-beschi)
- Add button to download 2FA codes. (Luke Picciau)
- Render log artifact files in GitLab.

### Other (42 changes, 16 of them are from the community)

- Send deployment information in job API. !21307
- Split admin settings into multiple sub pages. !21467
- Remove Rugged and shell code from Gitlab::Git. !21488
- Add trigger information in job API. !21495
- Add empty state illustration information in job API. !21532
- Add retried jobs to pipeline stage. !21558
- Rails 5: fix issue move service In rails 5, the attributes method for an enum returns the name instead of the database integer. !21616 (Jasper Maes)
- Expose project runners in job API. !21618
- create from template: hide checkbox for initializing repository with readme. !21646
- Adds new 'Overview' tab on user profile page. !21663
- Add clean-up phase for ScheduleDiffFilesDeletion migration. !21734
- Prevents private profile help link from toggling checkbox. !21757
- Make AutoDevOps work behind proxy. !21775 (Sergej - @kinolaev)
- Use Vue components and new API to render Artifacts, Trigger Variables and Commit blocks on Job page. !21777
- Add wrapper rake task to migrate all uploads to OS. !21779
- Retroactively fill pipeline source for external pipelines. !21814
- Rename squash before merge vue component. !21851 (George Tsiolis)
- Fix merge request header margins. !21878
- Fix committer typo. !21899 (George Tsiolis)
- Adds an extra width to the responsive tables. !21928
- Expose has_trace in job API. !21950
- Rename block scope local variable in table pagination spec. !21969 (George Tsiolis)
- Fix blue, orange, and red color inconsistencies. !21972
- Update operations metrics empty state. !21974 (George Tsiolis)
- Improve empty project placeholder for non-members and members without write access. !21977 (George Tsiolis)
- Add copy to clipboard button for application id and secret. !21978 (George Tsiolis)
- Add link component to UserAvatarLink component. !21986 (George Tsiolis)
- Add link component to DownloadViewer component. !21987 (George Tsiolis)
- Rephrase 2FA and TOTP documentation and view. !21998 (Marc Schwede)
- Update project path on project name autofill. !22016
- Improve logging when username update fails due to registry tags. !22038
- Align collapsed sidebar avatar container. !22044 (George Tsiolis)
- Rails5: fix artifacts controller download spec Rails5 has params[:file_type] as '' if file_type is included as nil in the request. !22123 (Jasper Maes)
- Hide pagination for personal projects on profile overview tab. !22321
- Extracts scroll position check into reusable functions.
- Uses Vuex store in job details page and removes old mediator pattern.
- Render 412 when invalid UTF-8 parameters are passed to controller.
- Renders Job show page in new Vue app.
- Add link to User Snippets in breadcrumbs of New User Snippet page. (J.D. Bean)
- Log project services errors when executing async.
- Update docs regarding frozen string. (gfyoung)
- Check frozen string in style builds. (gfyoung)


## 11.3.11 (2018-11-26)

### Security (33 changes)

- Filter user sensitive data from discussions JSON. !2537
- Escape entity title while autocomplete template rendering to prevent XSS. !2557
- Restrict Personal Access Tokens to API scope on web requests.
- Fix XSS in merge request source branch name.
- Escape user fullname while rendering autocomplete template to prevent XSS.
- Fix CRLF vulnerability in Project hooks.
- Fix possible XSS attack in Markdown urls with spaces.
- Redact sensitive information on gitlab-workhorse log.
- Set timeout for syntax highlighting.
- Do not follow redirects in Prometheus service when making http requests to the configured api url.
- Persist only SHA digest of PersonalAccessToken#token.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Don't expose confidential information in commit message list.
- Markdown API no longer displays confidential title references unless authorized.
- Provide email notification when a user changes their email address.
- Properly filter private references from system notes.
- Redact personal tokens in unsubscribe links.
- Resolve reflected XSS in Ouath authorize window.
- Fix SSRF in project integrations.
- Fix stored XSS in merge requests from imported repository.
- Fixed ability to comment on locked/confidential issues.
- Fixed ability of guest users to edit/delete comments on locked or confidential issues.
- Fix milestone promotion authorization check.
- Monkey kubeclient to not follow any redirects.
- Configure mermaid to not render HTML content in diagrams.
- Redact confidential events in the API.
- Fix xss vulnerability sourced from package.json.
- Fix a possible symlink time of check to time of use race condition in GitLab Pages.
- Removed ability to see private group names when the group id is entered in the url.
- Fix stored XSS for Environments.
- Block loopback addresses in UrlBlocker.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.


## 11.3.10 (2018-11-18)

### Security (1 change)

- Escape user fullname while rendering autocomplete template to prevent XSS.


## 11.3.9 (2018-10-31)

### Security (1 change)

- Monkey kubeclient to not follow any redirects.


## 11.3.8 (2018-10-27)

- No changes.

## 11.3.7 (2018-10-26)

### Security (6 changes)

- Escape entity title while autocomplete template rendering to prevent XSS. !2557
- Persist only SHA digest of PersonalAccessToken#token.
- Fix XSS in merge request source branch name.
- Redact personal tokens in unsubscribe links.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.


## 11.3.6 (2018-10-17)

- No changes.

## 11.3.5 (2018-10-15)

### Fixed (2 changes)

- Fix loading issue on some merge request discussion. !21982
- Fix project deletion when there is a export available. !22276


## 11.3.3 (2018-10-04)

- No changes.

## 11.3.2 (2018-10-03)

### Fixed (4 changes)

- Fix NULL pipeline import problem and pipeline user mapping issue. !21875
- Fix migration to avoid an exception during upgrade. !22055
- Fixes admin runners table not wrapping content.
- Fix Error 500 when forking projects with Gravatar disabled.

### Other (1 change)

- Removes the 'required' attribute from the 'project name' field. !21770


## 11.3.1 (2018-09-26)

### Security (6 changes)

- Redact confidential events in the API.
- Set timeout for syntax highlighting.
- Sanitize JSON data properly to fix XSS on Issue details page.
- Fix stored XSS in merge requests from imported repository.
- Fix xss vulnerability sourced from package.json.
- Block loopback addresses in UrlBlocker.


## 11.3.0 (2018-09-22)

### Security (5 changes, 1 of them is from the community)

- Disable the Sidekiq Admin Rack session. !21441
- Set issuable_sort, diff_view, and perf_bar_enabled cookies to secure when possible. !21442
- Update rubyzip to 1.2.2 (CVE-2018-1000544). !21460 (Takuya Noguchi)
- Fixed persistent XSS rendering/escaping of diff location lines.
- Block link-local addresses in URLBlocker.

### Removed (1 change)

- Remove Gemnasium service. !21185

### Fixed (83 changes, 24 of them are from the community)

- Hide PAT creation advice for HTTP clone if PAT exists. !18208 (George Thomas @thegeorgeous)
- Allow spaces in wiki markdown links when using CommonMark. !20417
- disable_statement_timeout no longer leak to other migrations. !20503
- Events API now requires the read_user or api scope. !20627 (Warren Parad)
- Fix If-Check the result that a function was executed several times. !20640 (Max Dicker)
- Add migration to cleanup internal_ids inconsistency. !20926
- Fix fallback logic for automatic MR title assignment. !20930 (Franz Liedke)
- Fixed bug when the project logo file is stored in LFS. !20948
- Fix buttons on the new file page wrapping outside of the container. !21015
- Solve tooltip appears under modal. !21017
- Fix Bitbucket Cloud importer omitting replies. !21076
- Fix pipeline fixture seeder. !21088
- Fix blocked user card style. !21095
- Fix empty merge requests not opening in the Web IDE. !21102
- Fix label list item container height when there is no label description. !21106
- Fixes input alignment in user admin form with errors. !21108 (Jacopo Beschi @jacopo-beschi)
- Rails5 fix specs duplicate key value violates unique constraint 'index_gpg_signatures_on_commit_sha'. !21119 (Jasper Maes)
- Add gitlab theme to spam logs pagination. !21145
- Split remembering sorting for issues and merge requests. !21153 (Jacopo Beschi @jacopo-beschi)
- Fix git submodule link for subgroup projects with relative path. !21154
- Fix: Project deletion may not log audit events during group deletion. !21162
- Fix 1px cutoff of emojis. !21180 (gfyoung)
- Auto-DevOps.gitlab-ci.yml: update glibc package to 2.28. !21191 (sgerrand)
- Show google icon in audit log. !21207 (Jan Beckmann)
- Fix bin/secpick error and security branch prefixing. !21210
- Importing a project no longer fails when visibility level holds a string value type. !21242
- Fix attachments not displaying inline with Google Cloud Storage. !21265
- Fix IDE issues with persistent banners. !21283
- Fix "Confidential comments" button not saving in project hooks. !21289
- Bump fog-google to 1.7.0 and google-api-client to 0.23.0. !21295
- Don't use arguments keyword in gettext script. !21296 (gfyoung)
- Fix breadcrumb link to issues on new issue page. !21305 (J.D. Bean)
- Show '< 1%' when percent value evaluated is less than 1 on Stacked Progress Bar. !21306
- API: Catch empty commit messages. !21322 (Robert Schilling)
- Fix SQL error when sorting 2FA-enabled users by name in admin area. !21324
- API: Catch empty code content for project snippets. !21325 (Robert Schilling)
- Avoid nil safe message. !21326 (Yi Siliang)
- Allow date parameters on Issues, Notes, and Discussions API for group owners. !21342 (Florent Dubois)
- Fix remote mirrors failing if Git remotes have not been added. !21351
- Removing a group no longer triggers hooks for project deletion twice. !21366
- Use slugs for default project path and sanitize names before import. !21367
- Vertically centres landscape avatars. !21371 (Vicary Archangel)
- Fix Web IDE unable to commit to same file twice. !21372
- Fix project transfer name validation issues causing a redirect loop. !21408
- Fix Error 500s due to encoding issues when Wiki hooks fire. !21414
- Rails 5: include opclasses in rails 5 schema dump. !21416 (Jasper Maes)
- Bump GitLab Pages to v1.1.0. !21419
- Fix links in RSS feed elements. !21424 (Marc Schwede)
- Allow gaps in multiseries metrics charts. !21427
- Auto-DevOps.gitlab-ci.yml: fix redeploying deleted app gives helm error. !21429
- Use sample data for push event when no commits created. !21440 (Takuya Noguchi)
- Fix importers not assigning a new default group. !21456
- Fix edge cases of JUnitParser. !21469
- Fix breadcrumb link to merge requests on new merge request page. !21502 (J.D. Bean)
- Handle database statement timeouts in usage ping. !21523
- Handles exception during file upload - replaces the stack trace with a small error message. !21528
- Fix closing issue default pattern. !21531 (Samuele Kaplun)
- Fix outdated discussions being shown on Merge Request Changes tab. !21543
- Remove orphaned label links. !21552
- Delete a container registry asynchronously. !21553
- Make MR diff file filter input Clear button functional. !21556
- Replace white spaces in wiki attachments file names. !21569
- API: Use find_branch! in all places. !21614 (Robert Schilling)
- Fixes double +/- on inline diff view. !21634
- Fix broken exports when they include a projet avatar. !21649
- Fix workhorse temp path for namespace uploads. !21650
- Fixed resolved discussions not toggling expanded state on changes tab. !21676
- Update GitLab Shell to v8.3.2. !21701
- Fix absent Click to Expand link on diffs not rendered on first load of Merge Requests Changes tab. !21716
- Update GitLab Shell to v8.3.3. !21750
- Fix import error when archive does not have the correct extension. !21765
- Fixed IDE deleting new files creating wrong state.
- Does not collapse runners section when using pagination.
- Fix Emojis cutting in the right way. (Alexander Popov)
- Fix NamespaceUploader.base_dir for remote uploads.
- Increase width of checkout branch modal box.
- Fixes SVGs for empty states in job page overflowing on mobile.
- Fix checkboxes on runner admin settings - The labels are now clickable.
- Fixed IDE file row scrolling into view when hovering.
- Accept upload files in public/uplaods/tmp when using accelerated uploads.
- Include correct CSS file for xterm in environments page.
- Increase padding in code blocks.
- Fix: Project deletion may not log audit events during user deletion.

### Changed (32 changes, 5 of them are from the community)

- Add default avatar to group. !17271 (George Tsiolis)
- Allow project owners to set up forking relation through API. !18104
- Limit navbar search for current project or group for small viewports. !18634 (George Tsiolis)
- Add Noto Color Emoji font support. !19036 (Alexander Popov)
- Update design of project overview page. !20536
- Improve visuals of language bar on projects. !21006
- Migrate NULL wiki_access_level to correct number so we count active wikis correctly. !21030
- Support a custom action, such as proxying to another server, after /api/v4/internal/allowed check succeeds. !21034
- Remove storage path dependency of gitaly install task. !21101
- Support Kubernetes RBAC for GitLab Managed Apps when adding a existing cluster. !21127
- Change 'Backlog' list title to 'Open' in Issue Boards. !21131
- Enable Auto DevOps Instance Wide Default. !21157
- Allow author to vote on their own issue and MRs. !21203
- Truncate branch names and update "commits behind" text in MR page. !21206
- Adds count for different board list types (label lists, assignee lists, and milestone lists) to usage statistics. !21208
- Render files (`.md`) and wikis using CommonMark. !21228
- Show deprecation message on project milestone page for category tabs. !21236
- Remove redundant header from metrics page. !21282
- Add default parameter to branches API. !21294 (Riccardo Padovani)
- Restrict reopening locked issues for non authorized issue authors. !21299
- Send back required object storage PUT headers in /uploads/authorize API. !21319
- Display default status emoji if only message is entered. !21330
- Move badge settings to general settings. !21333
- Move project settings for default branch under "Repository". !21380
- Import all common metrics into database. !21459
- Improved commit panel in Web IDE. !21471
- Administrative cleanup rake tasks now leverage Gitaly. !21588
- Remove health check feature flag in BackgroundMigrationWorker.
- Expose user's id in /admin/users/ show page. (Eva Kadlecova)
- Improved styling of top bar in IDE job trace pane.
- Make terminal button more visible.
- Shows download artifacts button for pipelines on small screens.

### Performance (13 changes, 2 of them are from the community)

- Enable frozen string in rest of app/models/**/*.rb.
- Add background migrations for legacy artifacts. !18615
- Optimize querying User#manageable_groups. !21050
- Incremental rendering with Vue on merge request page. !21063
- Remove redundant ci_builds (status) index. !21070
- Enable frozen in app/mailers/**/*.rb. !21147 (gfyoung)
- Improve performance when fetching related merge requests for an issue. !21237
- Speed up diff comparisons by limiting number of commit messages rendered. !21335
- Write diff highlighting cache upon MR creation (refactors caching). !21489
- Bulk-render commit titles in the tree view to improve performance. !21500
- Enable frozen string in vestigial app files. (gfyoung)
- Disable project avatar validation if avatar has not changed.
- Bitbucket Server importer: Eliminate most idle-in-transaction issues.

### Added (41 changes, 17 of them are from the community)

- API: Protected tags. !14986 (Robert Schilling)
- Include private contributions to contributions calendar. !17296 (George Tsiolis)
- Add an option to whitelist users based on email address as internal when the "New user set to external" setting is enabled. !17711 (Roger Rüttimann)
- Overhaul listing of projects in the group overview page. !20262
- Add the ability to reference projects in comments and other markdown text. !20285 (Reuben Pereira)
- Add branch filter to project webhooks. !20338 (Duana Saskia)
- Allows to cancel a Created job. !20635 (Jacopo Beschi @jacopo-beschi)
- First Improvements made to the contributor on-boarding experience. !20682 (Eddie Stubbington)
- `/tag` quick action on Commit comments. !20694 (Peter Leitzen)
- Allow admins to configure the maximum Git push size. !20758
- Expose all artifacts sizes in jobs api. !20821 (Peter Marko)
- Get the merge base of two refs through the API. !20929
- Add ability to suppress the global "You won't be able to use SSH" message. !21027 (Ævar Arnfjörð Bjarmason)
- API: Add expiration date for shared projects to the project entity. !21104 (Robert Schilling)
- Added tooltips to tree list header. !21138
- #47845 Add failure_reason to job webhook. !21143 (matemaciek)
- Vendor Auto-DevOps.gitlab-ci.yml with new proxy env vars passed through to docker. !21159 (kinolaev)
- Disable Auto DevOps for project upon first pipeline failure. !21172
- Add rake command to migrate archived traces from local storage to object storage. !21193
- Add Czech as an available language. !21201
- Add Galician as an available language. !21202
- Add support for extendable CI/CD config with. !21243
- Disable Web IDE button if user is not allowed to push the source branch. !21288
- Feature flag to disable Hashed Storage migration when renaming a repository. !21291
- Store wiki uploads inside git repository. !21362
- Adds Rubocop rule to enforce class_methods over module ClassMethods. !21379 (Jacopo Beschi @jacopo-beschi)
- Merge request copies all associated issue labels and milestone on creation. !21383
- Add group name badge under group milestone. !21384
- Adds diverged_commits_count field to GET api/v4/projects/:project_id/merge_requests/:merge_request_iid. !21405 (Jacopo Beschi @jacopo-beschi)
- Update Import/Export to only use new storage uploaders logic. !21409
- Ask user explicitly about usage stats agreement on single user deployments. !21423
- Added atom feed for tags. !21428
- Add search to a group labels page. !21480
- Display banner on project page if AutoDevOps is implicitly enabled. !21503
- Recognize 'UNLICENSE' license files. !21508 (J.D. Bean)
- Add git_v2 feature flag. !21520
- Added file templates to the Web IDE.
- Enabled multiple file uploads in the Web IDE.
- Allow to delete group milestones.
- Use separate model for tracking resource label changes and render label system notes based on data from this model.
- Add system note when due date is changed. (Eva Kadlecova)

### Other (48 changes, 16 of them are from the community)

- Remove extra spaces from MR discussion notes. !18946 (Takuya Noguchi)
- Add an example of the configuration of archive trace cron worker in gitlab.yml.example. !20583
- Add target branch name to cherrypick confirmation message. !20846 (George Andrinopoulos)
- CE Port of Protected Environments backend. !20859
- Added missing i18n strings to issue boards lables dropdown. !21081
- Combines emoji award spec files into single user_interacts_with_awards_in_issue_spec.rb file. !21126 (Nate Geslin)
- Clarify current runners online text. !21151 (Ben Bodenmiller)
- Rails5: Enable verbose query logs. !21231 (Jasper Maes)
- Update presentation for SSO providers on log in page. !21233
- Make margin of user status emoji consistent. !21268
- Move usage ping payload from User Cohorts page to admin application settings. !21343
- Add JSON logging for Bitbucket Server importer. !21378
- Re-add project name field on "Create new project" page. !21386
- Rails 5: replace removed silence_stream. !21387 (Jasper Maes)
- Rails5 update Gemfile.rails5.lock. !21388 (Jasper Maes)
- Rails5: fix can't quote ActiveSupport::HashWithIndifferentAccess. !21397 (Jasper Maes)
- Don't show flash messages for performance bar errors. !21411
- Backport schema_changed.sh from EE which prints the diff if the schema is different. !21422 (Jasper Maes)
- Remove unused CSS part in mobile framework. !21439 (Takuya Noguchi)
- Bump unauthenticated session time from 1 hour to 2 hours. !21453
- Run review-docs-cleanup job for gitlab-org repos only. !21463 (Takuya Noguchi)
- Rails 5: support schema t.index for mysql. !21485 (Jasper Maes)
- Add route information to lograge structured logging for API logs. !21487
- Add gitaly_calls attribute to API logs. !21496
- Ignore irrelevant sql commands in metrics. !21498
- Rails 5: fix hashed_path? method that looks up file_location that doesn't exist when running certain migration specs. !21510 (Jasper Maes)
- Explicit hashed path check for trace, prevents background migration from accessing file_location column that doesn't exist. !21533 (Jasper Maes)
- Add terminal_path to job API response. !21537
- Add User-Agent to production_json.log. !21546
- Make cluster page settings easier to read. !21550
- Remove striped table styling of Find files and Admin Area Applications views. !21560 (Andreas Kämmerle)
- Update ffi to 1.9.25. !21561 (Takuya Noguchi)
- Send max_patch_bytes to Gitaly via Gitaly::CommitDiffRequest. !21575
- Add margin between username and subsequent text in issuable header. !21697
- Send artifact information in job API. !50460
- Reduce differences between CE and EE code base in reports components.
- Move project services log to a separate file.
- Creates vue component for job log top bar with controllers.
- Creates Vue component for trigger variables block in job log page.
- Creates Vvue component for warning block about stuck runners.
- Creates vue component for job log trace.
- Creates vue component for erased block on job view.
- Creates vue component for environments information in job log view.
- Upgrade Monaco editor.
- Creates empty state vue component for job view.
- Creates vue component for commit block in job log page.
- Creates vue components for stage dropdowns and job list container for job log view.
- Creates Vue component for artifacts block on job page.


## 11.2.8 (2018-10-31)

### Security (1 change)

- Monkey kubeclient to not follow any redirects.


## 11.2.7 (2018-10-27)

- No changes.

## 11.2.6 (2018-10-26)