Please view this file on the master branch, on stable branches it's out of date.
## 12.0.11
- Unreleased due to build failures
## 12.0.10
- Unreleased due to build failures
## 12.0.9
### Security (1 change)
- Do not allow creation of projects from group templates if project is not descendant of that group.
## 12.0.8
### Security (3 changes)
- Limit number of jobs in running pipelines for the past hour on per plan basis. !1182
- Queries for Upload should be scoped by model.
- Filter out old system notes for epics in notes api endpoint response.
## 12.0.7
- Unreleased due to QA failure.
## 12.0.6
- No changes.
## 12.0.5
### Security (1 change)
- Ensure the Insights configuration project is part of the group and is accessible to the current user.
## 12.0.4
### Security (5 changes)
- Don't override approval rules if not allowed.
- Grant admin note permissions in epics for maintainers and owners.
- Fix bypass email verification when SCIM user is created via API.
- Prevent an XSS vector in the add approver email.
- Make vulnerability feedback invisible if limited access to repo.
## 12.0.3 (2019-06-27)
- No changes.
### Security (2 changes)
- Gate MR head_pipeline behind read_pipeline ability.
- Do not allow localhost urls in GitHub Integration.
## 12.0.2 (2019-06-25)
### Fixed (1 change)
- Take into account events created before milestone start. !14184
## 12.0.1 (2019-06-24)
- No changes.
## 12.0.0 (2019-06-22)
### Security (2 changes)
- Filter relative links in wiki for XSS.
- Fix XSS in Ancestor tooltip title.
### Removed (2 changes)
- Remove old approver system in favor of new approval rule system. !12436
- Geo: Remove deprecated wikis_count and repositories_count fields from the public API. !13025
### Fixed (36 changes, 1 of them is from the community)
- Group SAML identities cleaned up when leaving a group. !5817
- Make root relative URLs clickable in vulnerability modal. !9767
- Make burndown chart timezone aware. !10328
- Prevent files paths from overflowing in vulnerability info modal. !10606
- Fixed a bug where removing related issues could get stuck. !12316
- Fix anchor link in UI. !12737
- Add feature flag to group_scim javascript. !13078
- Geo - Enable Cron job to perform repository checks on a Geo secondary node. !13103
- Restrict child_epic and remove_child_epic quick actions when using mysql. !13152
- Disable licenses_app feature flag by default. !13291
- Fix security dashboard errors on IE11. !13319
- Respect limited indexing settings in rake tasks. !13437
- Geo - Does not redirect user to the custom home page URL on a Geo secondary. !13447
- Use quarantine size to check push size against repository size limit. !13460
- Fix SSO Enforcement when used with 2FA. !13473
- Fix Git over HTTP when using SAML SSO Enforcement. !13485
- Only use elasticsearch when it is enabled. !13495
- Add referenced-commands in no overflow list. !13550
- Hide action buttons while security dashboard is loading. !13576
- Fix alignment of label for admin notes on admin. !13592 (Takuya Noguchi)
- Use elasticsearch go indexer for wikis. !13743
- Handle case where site property is an array in DAST report. !13775
- Fix dast report parsing regression caused by change in zaproxy. !13789
- Fix port validation in .gitlab-webide.yml. !13846
- Fix "rule_type does not exist" error during consume_remaining_migrate_approver_to_approval_rules_in_batch_jobs migration. !13947
- Hide operations nav icon for small screens. !13960
- Remove free user info from non-ultimate license. !14010
- Use fallback approval rule if no eligible rules exist. !14042
- Fix 'Group > Usage Quota' menu item. !14043
- Fix incorrect epic ancestor links. !14092
- Show Usage Quotas regardless of namespace subscription. !14135
- Fix calculation of used extra CI minutes. !14217
- Remove class hiding spinner in board switcher.
- Fix broken filter by approvers.
- Remove extra spaces in MR list view approval counts.
- Remove extra border on tracing empty state page.
### Changed (18 changes)
- Allow merge requests to be merged even when it does not have up-to-date pipeline when merge request pipeline is enabled. !12309
- Migrate code_owners to rule_type enum on approval_merge_request_rules. !13036
- Avoid failing pull mirroring if LFS import fails. !13133
- Updates Pipeline Quota page to accomodate for Storage Quotas. !13139
- Align group and project level security dashboard UX. !13180
- Remove shared_runner_minutes_on_root_namespace feature flag. !13208
- Enable dependency proxy per group by default. !13574
- Move dependencies API endpoint to "security" namespace. !13897
- Allow developers to configure dependency proxy. !13899
- Use real data in `:project/security/dependencies` endpoint. !13906
- Use bulk-indexing API for project associations. !13917
- Update response schema for DependencyList endpoint and add status. !13918
- Geo - Make foreign data wrapper a hard requirement. !13940
- Polish SAML SSO configuration page. !13982
- Make Insights Generally Available. !14067
- Automatically index wikis in elasticsearch. !14095
- Require Hashed Storage to be enabled to create new Geo Nodes. !14102
- Changes to default insights charts.
### Performance (7 changes)
- Omit page counts in admin audit logs. !1306
- Improve scheduling of mirror updates to reduce frequency of database queries. !11217
- Limit count to improve query performance. !12231
- Avoid loading database objects for Elasticsearch results. !12691
- Avoid hitting Elasticsearch more than once on search. !13120
- Add index to count pending mirror updates. !13901
- Performance improvement when loading epics list. !13904
### Added (34 changes, 1 of them is from the community)
- Provide application-wide LDAP membership lock setting. !4354
- Added a "Require user password to approve" option on projects for merge request approvals to enable compliance in FDA regulated fields". !10364 (James Davila, Paul Knopf, Greg Smethells)
- Add "Allow merge trains" option to project settings page. !10803
- Add optional reason when dismissing vulnerabilities. !11226
- System notes for adding and removing epic relationships. !11416
- Show if user is using a license seat on admin user page. !11449
- Allow merge requests to block other MRs from being merged. !11600
- SSO enforement redirects to group sign in when not using SAML. !12246
- When a merge request is blocked by other unmerged merge requests, display them on the show page of a merge request. !12357
- Group SAML can be used to sign into a GitLab instance. !12660
- IP address restriction for groups. !12669
- Make the number of Elasticsearch shards and replicas configurable. !12713
- Add quick actions for adding and removing child epic relations to epic. !12772
- Adds a confidence filter to the Group Security Dashboard. !12805
- Expose Design blobs through GraphQL. !13037
- Expand pipeline variables passed downstream. !13197
- Add support for querying epics with GraphQL. !13248
- Add Merge Train auto merge strategy. !13278
- Adds Storage Counter. !13294
- Allow design blobs to be stored in Git LFS. !13389
- JIT users provisioning for group SAML. !13552
- Add Ability for Maintainers to Rotate Instance Id in Feature Flags. !13722
- Notify users when their CI minutes quota has run out. !13735
- Use Flipper as an A/B testing framework. !13755
- [New Auto Merge Strategy] Add To Merge Train When Pipeline Succeeds. !13767
- Add `dependency_list` report. !13900
- Add admin form to enforce a pipeline on an instance. !13923
- Count usage of DependencyList endpoint. !13962
- Add preliminary Dependency List frontend implementation. !13968
- Add Admin settings to disable project deletion. !14002
- Usage ping: Track amount of incident issues. !14013
- Sync file changes from Web IDE to Web Terminal. !14035
- Add report_approver to approval_merge_request_rules. !14050
- Add merge train position message under pipeline in merge request widget. !14064
### Other (9 changes, 2 of them are from the community)
- New user flow for SSOing into a GitLab.com group. !10338
- Improve vulnerability API. !12760 (Robert Schilling)
- Add action popover component for user onboarding. !13346
- Add help content popover component for user onboarding. !13363
- Expose services in the web ide terminal entity. !13665
- Rename boards spec name. !13725 (George Tsiolis)
- Fix typos in i18n strings for onboarding tour. !14153
- Externalize strings of chat page in user profile. !28632
- Remove commit count from storage quotass.
## 11.11.3 (2019-06-10)
### Fixed (1 change)
- Fix create mr from vuln modal regression. !13524
## 11.11.2 (2019-06-04)
### Performance (1 change)
- Geo - Does not apply selective sync restrictions while counting registries on the tracking database. !13257
## 11.11.0 (2019-05-22)
### Security (1 change)
- Destroy project remote pull mirrors instead of disabling. !10355
### Fixed (26 changes)
- Add missing endpoint for user information to GitHub API. !10482
- Remove slack slash commands double up. !10555
- Display Scoped Labels on Issue Board. !10669
- Ensure custom group template feature is available only for groups on gold and silver. !10678
- Fix removing and updating insights config, and foreign key constraints. !11030
- Geo: Fix broken button to delete orphaned upload registries through Admin. !11156
- Resolve: Epic labels in system notes point to the epic itself. !11234
- Geo: Fix: Project sync failures usually double-increment * _retry_ count. !11381
- Fix unauthenticated GET of public Epics API. !11485
- Hide ScopedBadge overflow notes. !11548
- Fixes a CI failure in jest. !11586
- Fix error when reordering/deleting subgroup epics. !11837
- Fix some filter bar tokens not showing up when multiple assignees are enabled. !11939
- Geo: Fix OAuth authentication with relative URLs. !11976
- Fix for not being able to remove the last namespace/project from elasticsearch limited namespaces/projects. !11989
- Fix approvals project settings section when merge requests disabled. !12070
- Enable alert bot to use quick actions. !12127
- Geo: Remove counts over geo_event_log table. !12146
- Geo: Prevent RegistryFinder calls on the primary. !12183
- Fix placement of LDAP icon in members list. !12304
- Use path instead of a URL for accessing approval settings. !12414
- Remove non-semantic use of `.row` in member listing controls. !12466
- Force tag overwrite on mirror update. !12491
- Fixes the feedback paths on the project security dashboard. !12849
- Fixed starting a review on images.
- Fix updating board attributes through API.
### Changed (13 changes)
- Group SAML enforcement requires active SSO session for group access. !10034
- Geo: Rename "Disable" to "Pause|Resume" (Admin > Geo Nodes). !10297
- Upgrade group security dashboard to use gitlab-ui line chart. !10479
- Geo - Implement selective sync support for the LFS objects FDW queries. !10757
- Documentation : Improve selective sync documentation. !11072
- Geo: Implement selective sync support for the FDW queries to count the number of attachments to sync. !11107
- Allowing Elasticsearch indexing gap recovering. !11408
- Geo - Implement selective sync support for the FDW queries to count attachments. !11518
- Geo - Implement selective sync support for the FDW queries to find attachments. !11544
- Geo - Add selective sync support for the job artifacts FDW queries. !11892
- Fetch all available groups when creating MR approval rule. !12096
- SSO enforcement requires active SAML session for web access to project resources. !12109
- Perform LDAP group sync on sign in only for new users.
### Performance (3 changes)
- Swap conditions to reduce frequency of database query. !11217
- Add index for mirror_user_id to projects table. !11422
- Geo - Improve performance of the selective sync cleanup worker. !11998
### Added (27 changes, 2 of them are from the community)
- Proxy websocket requests to build services. !9723
- Add dependency proxy for containers. !9750
- Added gitlab:elastic:projects_not_indexed rake task. !9854 (Jason Colyer)
- Added Snowplow tracking to notes. !10104
- Support multiple assignees for merge requests. !10161
- Add UI to enable/disable a dependency proxy on a group level. !10386
- Let the GitLab Alert bot open incident issues. !10460
- Remove feature flag `:incident_management` . !10569
- Allow multiple secondary nodes behind a load balancer. !10755
- Copy LFS objects from pull mirror. !10779
- Geo: Inform users about current replication lag in the UI on secondaries. !10807
- Autosave description in epics. !10844
- Keep track of packages_file in ProjectStatistics. !11020
- Adds a dismissal item to the vulnerability modal. !11028
- Add project level config for merge train. !11065
- Support pie charts in Insights. !11186
- Create ActiveRecordModel and table for Merge Train feature. !11204
- Allow adding GitLab license at installation time. !11244
- Added ZAP Full Scan support for DAST. !11269
- Add created_at and updated_at filters to Epics API. !11315 (jramsay)
- Add API to retrieve security vulnerabilities. !11539
- Basic Rails implementation for BOM. !11613
- Add Frontend Store and UI For Environments Dashboard MVC. !11702
- Track clicks on uninstall button for kubernetes implementation. !12048
- Add Vulnerabilities API scoping: severity, confidence, and dismissal. !12076
- Alert users that protected environments affects feature flags. !12168
- Support creating a new child epic from the API.
### Other (8 changes, 1 of them is from the community)
- Improve project settings page layout and UX. !10388
- Uses the more explicit vulnerability feedback endpoints on the front end. !10461
- Automatically enable multiple MR assignees feature flag. !10558
- Move geo_log_cursor binary to the ee folder. !10821
- Move sidekiq-cluster to ee/bin. !11001
- Move ee-specific code from boards/components/issue_card_inner.vue. !11032 (Roman Rodionov)
- Make all billing cards fit in view. !11602
- Extracted EE specific lines for spec/javascripts/vue_mr_widget/mock_data.js. !11847
## 11.10.6 (2019-06-04)
### Fixed (5 changes, 1 of them is from the community)
- Fix removing and updating insights config, and foreign key constraints. !11030
- Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng)
- Fix approvals project settings section when merge requests disabled. !12070
- Use path instead of a URL for accessing approval settings. !12414
- Fix relative url root issues with license management. !12488
## 11.10.4 (2019-05-01)
### Fixed (1 change, 1 of them is from the community)
- Fix error retrieving licenses when relative URL in use. !11717 (Hiroyuki Sato)
### Changed (1 change)
- [Insights] Change the default weeks period limit to 12. !11498
## 11.10.3 (2019-04-30)
- No changes.
## 11.10.2 (2019-04-25)
### Security (1 change)
- Handle race condition when creating an MR approval.
## 11.10.1 (2019-04-23)
### Fixed (4 changes)
- Fix approval rules when used with relative url root. !10819
- Fix add/remove pipeline dashboard issue. !11029
- Fix JWT token check when repository does not exist. !11033
- Fix preventing approval of merge requests by an author. !11263
### Changed (2 changes)
- Improve SAML settings with validation, design, and help text. !10450
- Use a single color for the Insights time series bar charts. !11076
## 11.10.0 (2019-04-22)
### Security (3 changes)
- Check label_ids parent when updating issue board.
- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary.
- Expose only basic group attributes in boards API.
### Fixed (25 changes)
- User Statistics in Admin Dashboard now a button. !8807
- Fix misalignment of dropdowns in edit board modal of issue boards. !9909
- Geo: Support archive recovery or streaming replication types in health check. !9935
- Geo: Only display Geo-specific clone instructions button on a Geo Secondary node. !10007
- Resolve Deletion of vulnerability-associated issuables prevents security report from loading. !10016
- Elasticsearch API: Fix project_id showing as 0 for all blobs. A reindex will be required. !10020
- Make editing the filters in the Group Security Dashboard easier. !10138
- Geo - Reset the verification checksum after deployment refs are created. !10160
- Search snippets via elasticsearch. !10325
- Fixed bug preventing users from adding child epics with multiple children. !10331
- Fix merge requests being added to Jira Development Panel. !10342
- Fix authors of merge commits being excluded from approving an MR. !10359
- Fix ChatOps Slack responder for gitlab.com. !10416
- Fix sorting by priority with filtering by approvers. !10446
- Make UpdateRepositoryStorageService idempotent. !10457
- Fix broken links to protected environments on the CI/CD settings page. !10470
- Notify owner that group is invalid when LDAP "Sync now" fails. !10509
- Fix user agent string for Hosted Jira. !10545
- Fix query used to calculate number of users over license. !10556
- Fix pipeline bridge serialization error. !10565
- Correct path to cluster health partial. !10638
- Ensure Insights charts show all periods even if there are no data. !10733
- Hide scoped labels help text without corresponding license. !10737
- Fix merge request operation failure (e.g. assigning user) when project approvers required increases. !10766
- Include subgroups when finding Insights issuables. !10801
### Changed (27 changes)
- Move project search bar into modal dialog on Operations Dashboard page. !9260
- Geo - Add selective sync support for the FDW queries to count synced registries. !9445
- Geo - Add selective sync support for the FDW queries to count failed registries. !9527
- Convert enable group authentication checkbox to toggle button. !9816
- Geo: Limit max backoff time by 1 hour, instead of 7 days. !9893
- Documented Guide to using Geo in HA with RDS cross-region replicas. !9985
- Dynamically resize security group dashboard vuln graph. !10028
- Add self approval of merge requests setting to merge requests approvals API. !10050
- elasticsearch: Switch from LZ4 to DEFLATE compression. !10072
- Geo - Store the invalid checksum when we have a mismatch. !10101
- Add requested resources to cluster health metrics. !10135
- Allow self-approvals in fallback approval rules. !10218
- Geo - Add selective sync support for FDW queries to find verified registries. !10255
- Add file line number to vuln modal. !10265
- Geo - Add selective sync support for FDW queries to find registries where verification has failed. !10266
- Enforce Geo JWT tokens scope for repository sync. !10303
- Display link to review note in text email, similar to HTML email. !10401
- Geo - Add selective sync support for the FDW queries to find mismatch registries. !10434
- Geo - Add selective sync support for queries to find registries retrying verification. !10436
- Geo - Add selective sync support for the FDW queries to find registries to verify. !10438
- Improve DAST location fingerprints. !10487
- Change order in dast location fingerprint. !10487
- Geo: Add selective sync support for the FDW queries to find unsynced projects. !10522
- Enrich container scanning with more data on the frontend. !10526
- [Geo] Don't mark sync as successful if repo does not exist because of some problems. !10578
- Move operations dashboard from Ultimate to Premium. !10586
- Support multiple chart per page for Insights.
### Performance (3 changes)
- Avoid a Gitaly N+1 when loading commits for Elasticsearch search results. !9760
- Geo: Optimize repository and wiki verification counts. !9939
- Avoid N+1 when loading Code search results with Elasticsearch enabled. !10394
### Added (31 changes, 1 of them is from the community)
- Add approval and unapproval webhooks. !8742
- Adding pipelines to the operations dashboard. !9197
- Add operations dashboard usage counts to usage data. !9291
- Automatically deprovision and update users from a configured identity via SCIM. !9388
- Add SCIM Token section to SAML SSO Settings. !9619
- Use merge request MERGE ref for attached merge request pipelines. !9622
- Geo: Support syncing over non-publicly accessible URLs. !9634
- Prevent merge if the merge request pipeline is stale. !9643
- Block possibility to change email for users with group managed account. !9712
- Geo admin panel for upload verification. !9720
- Geo: Create separate models for different registries. !9755
- Add ability to purchase extra CI minutes. !9815
- Update Web IDE config to accept ports. !9818
- Allow per-project and per-group enabling of Elasticsearch indexing. !9861
- Geo: Help admins diagnose configuration problems. !9988
- Added MAVEN_CLI_OPTS env var support to License Management CI job. !10012
- Show DAST vulnerabilities in the Group Security Dashboard. !10271
- Show DAST in Group Security Dashboard Back-End. !10277
- Removing pipeline dashboard feature flag. !10302
- Update user name upon LDAP sync. !10316 (@icode1)
- Collect usage of pod logs feature. !10370
- Added metrics reports widget to merge request page. !10380
- IP whitelisting for Geo-enabling functionality in the primary. !10383
- Persist in the URL the page and day range of vulnerabilities viewed in the Group Security Dashboard. !10402
- Add 'Metrics' job artifact report type. !10452
- Create a user via SCIM. !10456
- Geo: Display secondary replication lag on console (if lag > 0 seconds). !10471
- Add Roadmap to Epic page. !10488
- Expose merge request pipeline parameters for MR widget. !10502
- Allow instance admins to link all projects to Jira DVCS. !10541
- Added mutually exclusive key value labels.
### Other (4 changes)
- Simplify admin instance licenses page. !9785
- Extract EE specific files and externalize strings in admin application settings. !9930
- Add specs for coerced labels parameter in Epics API. !9932
- Improve project service desk settings. !10381
## 11.9.12 (2019-05-30)
### Security (3 changes, 1 of them is from the community)
- Filter relative links in wiki for XSS. (kerrizor)
- Fix XSS in Ancestor tooltip title.
- Ignore out of range epic IDs.
## 11.9.10 (2019-04-26)
### Security (1 change)
- Handle race condition when creating an MR approval.
### Fixed (1 change, 1 of them is from the community)
- Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng)
## 11.9.9 (2019-04-23)
### Fixed (1 change)
- Fix approval rules when used with relative url root. !10819
## 11.9.8 (2019-04-11)
### Fixed (1 change)
- Fix sorting by priority with filtering by approvers. !10446
## 11.9.7 (2019-04-09)
### Security (1 change)
- Expose only basic group attributes in boards API.
## 11.9.6 (2019-04-04)
### Fixed (3 changes)
- Fix project approval rule with only private group being considered as approved when override is allowed. !10356
- Fix approval rule sourcing from forked MR. !10474
- Guard against ldap_sync_last_sync_at being nil. !10505
### Added (1 change)
- Add Insights frontend to retrieve and render chart. !9856
## 11.9.5 (2019-04-03)
### Fixed (3 changes)
- Fix project approval rule with only private group being considered as approved when override is allowed. !10356
- Fix approval rule sourcing from forked MR. !10474
- Guard against ldap_sync_last_sync_at being nil. !10505
### Added (1 change)
- Add Insights frontend to retrieve and render chart. !9856
## 11.9.3 (2019-03-27)
### Security (1 change)
- Check label_ids parent when updating issue board.
## 11.9.2 (2019-03-26)
### Security (2 changes)
- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary.
- Check label_ids parent when updating issue board.
## 11.9.1 (2019-03-25)
### Fixed (1 change)
- Fix date save for Epic to reflect on UI immediately after save. !10321
## 11.9.0 (2019-03-22)
### Security (4 changes)
- Prevent Group SAML authorizing sign in without prior user approval.
- Respect group membership lock when importing a member from another group.
- Remove the possibility to share a project with a group that a user is not a member of.
- Prevent SAML access when disabled by group admin on GitLab.com.
### Fixed (22 changes)
- Allow assigning Prometheus alerts to multiple environments. !7361
- Fix repo pushes while initial Elasticsearch indexing not permitting initial indexing to complete. !9478
- Fix vulnerability occurrence scope to trailing 30 days. !9494
- Skip whitelisted vulnerabilities in Container Scanning reports. !9528
- Fix npm registry for yarn. !9599
- Renders inline downstream & upstream pipelines. !9627
- Prunes whole Geo event when there's only a primary. !9630
- Fix alert notifications for non-public projects. !9636
- Fix 500 error when visiting merged merge request. !9648
- Allow plus symbol in maven package version. !9657
- Show commands applied message when promoting issues to epics. !9669
- Ensure comments from merge request review is displayed in the same order as user commenting order. !9684
- Geo - Fix selective sync by namespace. !9732
- Fix bridge jobs than can be hidden keys too. !9796
- Fix approval-related UI showing up in free plan. !9819
- Add 'No approvals required' view to approval rules (behind feature flag). !9899
- Fix npm package install with a dot in the name. !9900
- GroupSAML for GitLab.com prevents blank NameID. !9907
- Fix protected environment initializer. !10150
- Fix SSH pull mirrors not working. !10272
- Fix HTML spew in Locked Files page.
- Fixes Broken new/edit feature flag form.
### Changed (9 changes, 1 of them is from the community)
- Remove authorization from /managed_licenses. !8541
- Consider dismissed items in security reports summary. !9275
- Add backend for cross-project pipeline dashboard MVC. !9396
- Create merge request approval rule for each code owner entry. !9455
- Split severity and confidence values for vulnerabilities. !9495
- Enforce Geo JWT tokens scope for file uploads and Geo API. !9502
- Update cluster health empty state. !9540 (George Tsiolis)
- Add extra graph spacing on the Security Dashboard Group Vulnerability Chart. !9780
- Add Kerberos URL back to clone panel. !9840
### Performance (1 change)
- Eliminate N+1 queries in Epics API. !9897
### Added (23 changes, 1 of them is from the community)
- Enabled setting the Security Dashboard as a default view for groups. !7889
- Add reordering of child epics. !9283
- Create MR from Vulnerability Solution. !9326
- Create pool repositories on Geo secondaries. !9428
- Add date range for security dashboard graph. !9446
- Add filtering merge requests by approvers. !9468
- Add audit log for managing feature flags. !9487
- Add DELETE package API endpoint. !9623
- Enrich container scanning report. !9641
- Adapt feedback for Container Scanning vulnerabilities. !9655
- Enforce merge request approvals from code owners. !9656
- Added vendored CI/CD template for Dependency Scanning job. !9660
- Add Insights config behind the "group_insights" feature flag. !9665
- Add single package API endpoint. !9667
- Added GET /licenses and DELETE /license/:id endpoints. !9733
- Add container scanning results to group security dashboard. !9736
- Add an incident management settings form and create issues from alertmanager alerts. !9773
- Add API for reordering child epics. !9781
- Allow guests to comment on epics. !9783
- Display Recent Boards in Board switcher. !9808
- Add Ancestors in Epic Sidebar. !9817
- Add vendored templates for SAST, DAST, Container Scanning and License Management job definitions. !9921
- Add realtime validation for user fullname and username on validation. !25017 (Ehsan Abdulqader @EhsanZ)
### Other (12 changes, 1 of them is from the community)
- Use export-import svg from gitlab-svgs. !9453
- Renames 'revert dismissal' to 'undo dismiss' on the Group security dashboard. !9500
- Using positional arguments in request specs have been deprecated. !9506 (Jasper Maes)
- Splits the severity and confidence constants in the group security dashboard frontend. !9535
- Add Gitlab.com gold trial callout to /billings. !9611
- Update project settings section titles and info. !9614
- Improve visual consistency of values in vulnerability modal. !9616
- Limit Group Security Dashboard to selected types of report. !9626
- Make related issues components reusable. !9730
- sidekiq-cluster: put each sidekiq in a new pgroup. !9775
- License Management: Load up to a 100 licenses per default. !9913
- Adds documentation for autoremediation. !10054
## 11.8.10 (2019-04-30)
- No changes.
## 11.8.3 (2019-03-19)
- No changes.
## 11.8.2 (2019-03-13)
### Fixed (4 changes)
- Fix 500 error when visiting merged merge request. !9648
- Fix bridge jobs than can be hidden keys too. !9796
- Fix approval-related UI showing up in free plan. !9819
- Add 'No approvals required' view to approval rules (behind feature flag). !9899
## 11.8.0 (2019-02-22)
### Security (2 changes)
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !790
- Hide personal access tokens from other maintainers.
### Fixed (28 changes, 1 of them is from the community)
- Add keyboard navigation to issue board switcher and remove duplicate scroll bar. !8591
- Geo: Always update the default branch on the secondary. !9064
- Fix public group milestones not shown in epics autocomplete. !9068
- Check hosts file for nameserver IP. !9071
- Fixes the icon for fixed vulnerability in Container Scanning report. !9120
- Return 400 error instead of 500 when upload maven package with invalid version. !9125
- Fix mirrors that have invalid SSH public auth mode set. !9135
- Hide packages without version from UI. !9151
- Remove duplicate "Operations Dashboard" header/breadcrumb. !9152 (Nathan Friend)
- Create UTC date in subscription table. !9166
- Display epic icon in related epics list. !9166
- Don't validate Jenkins username if password is blank. !9198
- Don't show Alert widget for non-licensed users. !9224
- Group security dashboard: Fix overflow for Vulnerabilities with long titles. !9271
- Geo - Respect shard restriction while loading new resources to verify on the Geo secondary node. !9343
- When cleaning up repositories, ensure orphaned entries do not remain in the tracking database. !9344
- Geo - Make sure project does not meet selective sync rule before deleting it. !9345
- Fix alert notification emails are not being sent. !9393
- Fix alert notifications for managed Prometheus. !9402
- Replacing old blob methods in ElasticSerach module. !9418
- Add checks to prevent cycling hierarchy in epics structure. !9438
- Fix bug where users could not be added in protected branch rules. !9474
- Avoid SAML required_groups indiscriminately unblocking users on login. !9489
- Resolve Cannot scroll forwards in time for roadmap view. !9530
- Fix unleash server side cannot return feature flags. !9532
- Show alerts settings only for manual configuration. !9538
- Fix access to constant Gitlab::RepositorySizeError. !9579
- Clear our import data credentials when adding new mirrors. !24339
### Deprecated (1 change)
- Geo: Show hashed storage warnings on geo nodes page. !8433
### Changed (14 changes)
- Prevent commit authors from self approvaling merge requests. !9007
- Add docs link to explain legacy and new email format. !9020
- Recursively expands upstream and downstream pipelines. !9073
- Geo: Don't show external link icon on current node. !9130
- Issues created from vulnerabilities are now confidential by default. !9157
- Validate custom metrics. !9178
- Change paginate number to 20. !9213
- Convert buttons to button group on Group Security Dashboard. !9220
- Make it possible to edit Geo primary through API. !9328
- Geo: Handle repository and wiki sync separately in Geo::ProjectSyncWorker. !9360
- Geo: Add settings page empty state. !9415
- Renders New and Edit forms for feature flag in Vue and allow to define scopes.
- Improves title in feature flags empty states.
- Adds environment column to the feature flags page.
### Performance (5 changes)
- Solve a N+1 issue in Groups::AnalyticsController. !4508
- Refactored Epic app in Vuex for better performance and maintenance. !9361
- Optimize slow pipelines.js response. !9387
- Disable commit checks when no push rules are active. !9569
- Enable some frozen string in ee/lib.
### Added (22 changes, 1 of them is from the community)
- Elasticsearch: Support for Gitaly. !7434
- Canary deployment callout on the environments page. !8457
- Allow to filter notes in epics. !8978
- Multiple blocking merge request approval rules (behind feature flag). !9001
- Add support for auto-expanding Roadmap timeline on horizontal scroll. !9018
- Added Snowplow tracking to issues import. !9067
- Persist Group Level Security Dashboard state in URL. !9108
- Multiple environments support for feature flags (Unleash API standpoint). !9110
- Shows the approval given/required counts and its status for each MR when viewing the Merge Requests page. !9142 (Glavin Wiechert, Andy Steele)
- Support CURD operation for feature flag scopes. !9182
- Add epic links API endpoints. !9188
- Store DAST scan results in the database. !9192
- Add LDAP integration to smartcard authentication. !9235
- Allow SSO enforcement in group settings for GitLab.com. !9240
- Add API endpoint for project packages. !9259
- Add upvote/downvote information to epics API. !9264
- Resolve Implement access controls when SSO enforcement enabled. !9270
- Add package files API endpoint. !9305
- Support alerts from external Prometheus servers. !9334
- Cross-project pipelines support in .gitlab-ci.yml. !9374
- Enable mails for external alerts. !9457
- Moving repository across shards leaves the pool.
### Other (13 changes, 7 of them are from the community)
- Gather JIRA DVCS integration usage data. !8949
- ActiveRecord::Migration -> ActiveRecord::Migration[5.0] for AddAlertManagerTokenToClustersApplicationPrometheus and EnqueuePrometheusUpdates. !9049 (Jasper Maes)
- Track navbar links in Snowplow. !9059
- Adds snowplough tracking for the group security dashboard filters. !9119
- Support Ajax endpoints for FeatureFlagsController. !9127
- Fix deprecation: Passing an argument to force an association to reload is now deprecated. !9140 (Jasper Maes)
- Fix deprecation: #original_exception is deprecated. Use #cause instead. !9141 (Jasper Maes)
- Uses GLDropdown for licence management. !9237
- Replace deprecated render text. !9346 (Jasper Maes)
- Fix several ActionController::Parameters deprecations. !9347 (Jasper Maes)
- Fix deprecation: uniq is deprecated and will be removed from Rails 5.1. !9348 (Jasper Maes)
- Turn on rubocop for frozen string in ee/. (gfyoung)
- Creates an EE component for the pipeline graph.
## 11.7.12 (2019-04-23)
- No changes.
## 11.7.11 (2019-04-09)
### Security (1 change)
- Expose only basic group attributes in boards API.
## 11.7.10 (2019-03-28)
### Security (1 change)
- Check label_ids parent when updating issue board.
## 11.7.8 (2019-03-26)
### Security (2 changes)
- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary.
- Check label_ids parent when updating issue board.
## 11.7.7 (2019-03-19)
- No changes.
## 11.7.5 (2019-02-05)
### Fixed (2 changes)
- Fix Kerberos authentication. !9390
- Fix background migration error when project repository is missing. !9392
## 11.7.2 (2019-01-29)
### Security (6 changes)
- Avoid leaking unauthorized approver group members. !766
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791
- Check access rights when creating/updating ProtectedRefs.
- Fix locked file visibility issue for private repositories.
- Filter out non-project member approvers.
- Remove HTTP POST in JIRA OAuth access_token endpoint.
## 11.7.1 (2019-01-28)
### Security (6 changes)
- Avoid leaking unauthorized approver group members. !766
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791
- Check access rights when creating/updating ProtectedRefs.
- Fix locked file visibility issue for private repositories.
- Filter out non-project member approvers.
- Remove HTTP POST in JIRA OAuth access_token endpoint.
## 11.7.0 (2019-01-22)
### Security (1 change)
- Add a shared secret to prevent abuse of the alert endpoint.
### Fixed (27 changes, 2 of them are from the community)
- Defaults to feature flags link for Operations entry. !8622
- Fix error on explore page when logged out due to gold trial callout. !8674
- Prevents the empty state from showing when the dashboard errors. !8703
- Allow matching only the repo-root for CODEOWNERS. !8708
- Fix adding labels to epics using quick actions. !8772
- Geo: Keep the minimum cursor last event. !8832
- Reinstate sorting issuable by weight. !8834
- Geo - Show the proper label for the last repository check run on Geo projects page. !8844
- Resolve Reorder gitlab:elastic:index rake tasks to ensure wikis and database are completed even if projects error out. !8852
- Remove dash on issue weight for unauthorized users. !8882 (George Tsiolis)
- Dismiss epic promotion and persist it across reloads. !8885
- Fix JIRA Development Panel links with subgroups. !8908
- Remove epic field in sidebar for projects without groups. !8919
- Remove duplicate padding from issue board switcher. !8928
- Resolve Ctrl+Enter immediately adds MR comment. !8932
- Geo: Ignore invalid attributes when updating Geo node status. !8957
- Fix border-radius for related issues. !8958 (Johann Hubert Sonntagbauer)
- Fix Security Dashboard Header font size. !9011
- Fix title and description for issue created from a vulnerability. !9022
- Pseudonymizer: Gracefully handle empty pseudo entries. !9044
- Fix permission check when creating an issue from a vulnerability. !9055
- Docfix - broken doc links for Secure/Autodevops features. !9058
- Fix Error 500 when deleting a pipeline via the API. !9104
- Uses project_id instead of project on the group security dashboard. !9109
- Recursively get all of a groups projects. !9205
- Fix data migration failure if approvals_before_merge is set to too high. !9217
- Don't remove milestones when moving issues to board backlog from non-milestone list.
### Changed (5 changes, 1 of them is from the community)
- Update Geo nodes empty state. !8576 (George Tsiolis)
- Add search field to issue board switcher. !8862
- Allow downloading package files from UI. !8888
- Changes to the data model for counts on the Group Security Dashboard. !9035
- Fix packages UI mentioned only Maven packages support. !9132
### Performance (2 changes, 1 of them is from the community)
- Fix timeout loading Open list when board contains assignee lists.
- Enable some frozen string in ee/lib. (gfyoung)
### Added (17 changes)
- Add an instance-level endpoint for downloading maven packages. !8274
- Add NPM registry support to GitLab packages. !8673
- Store container scanning CI jobs results into the database. !8797
- Add a group-level endpoint for downloading maven packages. !8798
- Add Filtering vulnerabilities in the Group Security Dashboard. !8817
- Allow to filter Feature Flags. !8821
- Geo - Show last verification time on Geo projects page. !8845
- Adds basic filtering to the Group Security Dashboard frontend. !8886
- Autocomplete issues and MRs in epics. !8936
- Adds project filtering to the GSD. !8944
- Allow using TCP for DB load balancing DNS lookups. !8961
- Add filtering for summary and history on security dashboard. !8972
- Add solution card to the vulnerability modal. !9030
- Allows the Group Security Dashboard to select multiple filters. !9031
- Added Snowplow tracking to issues export. !9045
- Add support for relationship between epics. !9051
- Added pagination to epics API endpoint.
### Other (13 changes, 3 of them are from the community)
- Promote starting a GitLab.com Gold trial on the dashboard. !6947
- Adds event tracking to navbar. !7787
- Update tracing settings to match error tracking settings. !8786
- Adapt subscriptions page for free plans and trials. !8838
- Support for new SAST and dependency scanning report format. !8869
- Remove deprecated ActionDispatch::ParamsParser. !8897 (Jasper Maes)
- Fix deprecation: Comparing equality between ActionController::Parameters and a Hash is deprecated. !8914 (Jasper Maes)
- Removes Notes from GitLab Pseudonymizer config. !8923
- Add count of projects with tracing enabled to usage ping data. !8940
- Adds dependency scanning to the report type filters on GSD. !9034
- Fix deprecation: Using positional arguments in specs for EE spes in spec/. !9040 (Jasper Maes)
- Pass issuable-type in AddIssuableForm. !9111
- Gather deepest epic relationship data.
## 11.6.11 (2019-04-23)
- No changes.
## 11.6.10 (2019-02-28)
### Security (5 changes)
- Remove the possibility to share a project with a group that a user is not a member of.
- Prevent Group SAML authorizing sign in without prior user approval.
- Prevent SAML access when disabled by group admin on GitLab.com.
- Respect group membership lock when importing a member from another group.
- Ignore out of range epic IDs.
## 11.6.9 (2019-02-04)
- No changes.
## 11.6.8 (2019-01-30)
- No changes.
## 11.6.5 (2019-01-17)
### Fixed (1 change)
- Fix Error 500 when deleting a pipeline via the API. !9104
## 11.6.4 (2019-01-15)
- No changes.
## 11.6.3 (2019-01-04)
### Fixed (1 change)
- Fix instance project templates no longer working. !9019
## 11.6.2 (2019-01-02)
### Fixed (1 change)
- Fix issue ID wrapping and avatar counter shrinking in Related Issues list. !8854
## 11.6.1 (2018-12-28)
### Security (1 change)
- Add a shared secret to prevent abuse of the alert endpoint.
## 11.6.0 (2018-12-22)
### Security (7 changes)
- Switch from CBC to GCM for Geo logout tokens. !8518
- Prevent reporter roles from viewing the Jaeger tracing settings page.
- Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues.
- Fix IDOR at /drafts/publish.
- Authorize users when listing board users and milestones.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
### Fixed (27 changes, 2 of them are from the community)
- Ensure that avatars in approvals have correct tooltip. !6269
- Geo: Fix push to secondary over SSH for LFS. !8044
- Don't show packages tab and settings for starter license. !8270
- Makes the vulnerability name on the Group Security Dashboard a button for better A11y. !8341
- Used the iid instead of the id for linked issues on the Group Security Dashboard. !8357
- Show navigation line separator when instance etrics is disabled. !8379 (George Tsiolis)
- Fix project deploy key creation and deletion as admin. !8432
- Changes initial state for disabled prometheus integrations. !8434
- Fix a typo in Admin: intergration -> integration. !8444 (Vincent AUBERT)
- Geo: Moving registry deletion into the job that deletes the files and project record. !8480
- Parameterize alerting rules with variables. !8481
- Fix PostReceive failing for project mirrors missing local branch. !8495
- Rails 5: Fix the check whether the database is in read-only mode. !8594
- Raisl 5: Fix Gitlab::Database::LoadBalancing#caught_up? check. !8595
- Renders upstream and downstream pipelines in the main pipeline graph. !8607
- Fix issue board api with special milestones. !8653
- fix pod dropdown not switching pod logs. !8660
- Geo - Respect the next retry time when re-verifying failed repositories. !8661
- Update elasticsearch system check to check for new supported versions. !8683
- Handle null start or due dates for dates sourcing milestone in Epics. !8689
- Fixed license managment path in MR widget for fork cases. !8700
- Fix gitlab:geo:check rake task. !8714
- Fix ability to choose shards for selective sync. !8717
- Add Rails.version to the Geo cache keys. !8775
- Support older NGINX version forwarding the client certificate for smartcard auth. !8784
- Remove duplicated smartcard login button. !8793
- Disable password autocomplete in mirror form fill.
### Deprecated (1 change)
- Deprecate non-hashed repository storage for Geo installations. !8739
### Changed (17 changes, 1 of them is from the community)
- Adds Group SAML metadata endpoint. !5782
- Group SAML SSO page warns when linking account. !8295
- Change the delete custom metric alert. !8430
- Replace weight icon. !8448 (George Tsiolis)
- Switch snowplows stateStorageStrategy to cookie. !8461
- Move merge request approval settings. !8493
- Geo: Constantly reverify repositories. !8550
- Add file and line numbers to issues created from SAST vulnerabilities. !8578
- Redesign MR header sections and approvals (EE). !8593
- Add packages_enabled attribute to Projects API. !8604
- Run geo check task from gitlab check. !8616
- Change issue create weight dropdown to an input. !8648
- Add epics state filtering in roadmap view. !8658
- Users can unlink Group SAML from accounts page. !8682
- Update casing in Built-in on project templates tab. !8688
- Epic issue list and related issue list re-design.
- Add sort direction button with sort dropdown for Epics and Roadmap.
### Performance (5 changes, 3 of them are from the community)
- Remove partial index for projects on mirror and mirror_last_update_at. !8585
- Enable some frozen string in ee/app. !8667 (gfyoung)
- Remove redundant indices for is_sample on push_rules and next_execution_timestamp on project_mirror_data. !8695
- Enable some frozen string in ee/app. (gfyoung)
- Enable some frozen string in ee/app. (gfyoung)
### Added (10 changes)
- Add support for Group-level project templates. !6878
- Added web terminals to Web IDE. !7386
- Promote an Issue to an Epic using quick action. !8051
- Smartcard authentication. !8120
- Adds Security dashboard empty state. !8443
- Add vulnerability history at group level. !8603
- Adds group security dashboard metrics chart. !8631
- Add milestones autocomplete for epics. !8632
- Parse and store dependency scanning reports in database. !8642
- Adds EE store to handle upstream & downstream pipelines.
### Other (13 changes, 4 of them are from the community)
- Add subscription table to GitLab.com billing areas. !7885
- UX improvements for the group security dashboard. !8217
- Restyles the dismissed vulnerabilities. !8401
- Adds PHILOSOPHY.md and references GitLab Product Handbook. !8515
- Make sidekiq-cluster play well with Sidekiq 5.2.2+. !8522
- Rails5: Passing a class as a value in an Active Record query is deprecated. !8540 (Jasper Maes)
- render :nothing option is deprecated, Use head method to respond with empty response body. !8560 (Jasper Maes)
- Add help page link for licence management in CI/CD settings. !8561 (George Tsiolis)
- Re-orders the Group Security Dashboard. !8624
- Move EE only differences for finders. !8629 (George Tsiolis)
- Add count of projects with at least one package to a usage ping data. !8641
- Added recommendations for handling deleted documents in Elasticsearch.
- Use new information-o icon for Security Dashboard.
## 11.5.11 (2019-04-23)
### Security (1 change)
- Respect group membership lock when importing a member from another group.
## 11.5.8 (2019-01-28)
### Security (6 changes)
- Avoid leaking unauthorized approver group members. !766
- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !793
- Check access rights when creating/updating ProtectedRefs.
- Fix locked file visibility issue for private repositories.
- Filter out non-project member approvers.
- Remove HTTP POST in JIRA OAuth access_token endpoint.
## 11.5.5 (2018-12-20)
- No changes.
## 11.5.3 (2018-12-06)
- No changes.
## 11.5.2 (2018-12-03)
### Fixed (2 changes)
- Fix inability to scroll dashboard. !8459
- Fix issues analytics query when ordering issues by priority. !8509
## 11.5.1 (2018-11-26)
### Security (6 changes)
- Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues.
- Prevent reporter roles from viewing the Jaeger tracing settings page.
- Fix IDOR at /drafts/publish.
- Authorize users when listing board users and milestones.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
## 11.5.0 (2018-11-22)
### Security (2 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !696
- Prevent templated services from being imported.
### Removed (1 change)
- Remove security report summary from pipelines view. !7844
### Fixed (25 changes, 3 of them are from the community)
- Geo: Remove connectivity check from primary to secondary from gitlab:geo:check rake task. !7821
- Include (closed) for closed epics in parsed text. !7946
- Add new state to the cluster application vue app. !7954
- Do not allow to assign an issue to an epic twice. !8004
- [Geo] Fix: Deleting a project leaves orphaned LFS objects and CI Job artifacts around. !8031
- Support `/client/features` Unleash endpoint. !8045
- Fix button rendering in license management in FF. !8046
- Geo: Handle orphaned Uploads records. !8054
- Geo - Redirect user back to the secondary after a logout & re-login via the primary. !8157
- Fix approver removal still being conducted even when "Cancel" is clicked in confirmation prompt. !8178
- Link project short SHA to commit url. !8214
- Update ops dashboard remove dropdown button. !8236 (George Tsiolis)
- Clear ops dashboard project search input on submit. !8239 (George Tsiolis)
- Fixes a dismissed vulnerability bug on the group security dashboard. !8343
- Fixes missing fields on the group security dashboard. !8360
- Fixes the view issue button in the Group Security Dashboard. !8385
- Ops Dashboard should be available for public projects on GitLab.com. !8399
- Update draft comments design to match new design. !8405
- Change issues analytics breadcrumb. !8414 (George Tsiolis)
- Include classification label in project API. !8426
- Fix Pod Log topbar position when perf bar is disabled.
- Always proxy reports downloads.
- Removes extra rigth margin from job page.
- Geo: Rails console message display primary/secondary state incorrectly.
- Disable Feature Flags and Packages if repository is disabled.
### Changed (13 changes, 1 of them is from the community)
- Add test button to Group SAML settings. !5622
- Group SAML status badges on members page. !5807
- Update related issues list styling to be more space efficient. !7784
- Refactor test reports to use new artifact architecture. !7827
- Add timeline icon for issue weights. !7847 (George Tsiolis)
- Added a search bar to `Admin > Geo > Projects` . !8079
- Geo: Deprecate source installations instructions. !8134
- Does not synchronize default branch for pull mirrors. !8138
- Adds split error states for the group security dashboard. !8208
- Geo: Improve read-only message in secondary nodes for actionable screens. !8238
- Improve error messages for operations dashboard. !8244
- Add documentation link to ops dashboard. !8296
- Issue board card design. !21229
### Added (24 changes, 1 of them is from the community)
- Group-level file templates. !7391
- Adds group-level Security Dashboard counts. !7564
- Parse SAST reports and store vulnerabilities in database. !7578
- elasticsearch 6 support - migrate from parent/child relationships to join. !7618
- Geo: Admin > Geo > Projects support for batch operations. !7806
- Create system notes for epic close and reopen. !7850
- Add Tracing landing and settings page. !7903
- Add modals and actions to the vulnerabilities in the Group security dashboard. !7910
- Assign code owner as approver. !7933
- Enable previewing of draft review comments. !7936
- Audit log: Add logging for project feature changes. !7962
- Add project operations dashboard. !7973
- Audit log: Add audit events for group setting changes. !7987
- Add approve quick action. !7989
- Show actual Milestone dates within tooltips for Milestones in Epics sidebar. !8048
- Allow filtering by weight in issues API. !8140 (Heinrich Lee Yu)
- Filter epics by state in API. !8179
- Support epics autocomplete for project objects. !8180
- Add 'l', 'r' and 'e' keyboard shortcuts support in Epic. !8203
- Configurable GitHub static context for statuses integration. !8235
- Send notifications for epic status change. !8247
- Support license management and performance using new reports syntax.
- Support reports: for project security dashboard.
- Add chart of issues created per month.
### Other (17 changes, 11 of them are from the community)
- Update boards list selector specs. !6266 (George Tsiolis)
- Write some Geo development documentation. !7452
- Connects the Group Security Dashboard API and Frontend. !7793
- Rails5: Fix epics finder count_key method In Rails5, the state enum value is passed instead of the database integer. !7822 (Jasper Maes)
- Rails 5: fix presence message validation for prometheus_alert. !7823 (Jasper Maes)
- Rails 5: fix mysql milliseconds problem in prometheus alert event spec. !7828 (Jasper Maes)
- Rails5: fix VulnerabilitySummaryEntity. !7893 (Jasper Maes)
- Update feature flags empty state. !7967 (George Tsiolis)
- Adds the security dashboard link. !7974
- Remove tooltip on sidebar text buttons. !8021 (George Tsiolis)
- Add a metric to the usage ping data to track the number of projects with at least one alert. !8058
- Remove unneeded permission checks from the mirror repositories partial. !8077
- Rails5: fix flaky mysql reset pipeline minutes spec. !8122 (Jasper Maes)
- Move `prepend` outside the `class` block for finders. !8192 (George Tsiolis)
- Rails5: fix operations controller spec nil parameter. !8209 (Jasper Maes)
- Update related issues title typography. !8267 (George Tsiolis)
- Geo: Clarify Geo HA documentation.
## 11.4.9 (2018-12-03)
- No changes.
## 11.4.8 (2018-11-27)
### Security (5 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !707
- Authorize users when listing board users and milestones.
- Fix IDOR at /drafts/publish.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
## 11.4.7 (2018-11-20)
### Fixed (1 change)
- Fix code owner as merge request suggestion not available under Starter plan. !8248
## 11.4.6 (2018-11-18)
### Security (1 change)
- Prevent templated services from being imported.
## 11.4.5 (2018-11-04)
### Fixed (1 change)
- Stops showing review actions on commit discussions in merge requests. !8007
### Performance (1 change)
- Add indexes to all geo event foreign keys. !7990
## 11.4.4 (2018-10-30)
- No changes.
## 11.4.3 (2018-10-26)
- No changes.
## 11.4.2 (2018-10-25)
### Security (1 change)
- Escape entity title while autocomplete template rendering to prevent XSS. !707
## 11.4.1 (2018-10-23)
- No changes.
## 11.4.0 (2018-10-22)
### Security (3 changes)
- Properly filter private references from system notes.
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
### Removed (1 change)
- remove unnecessary help text from container scanning results. !7304
### Fixed (18 changes, 1 of them is from the community)
- Prune all the Geo event log tables correctly. !6175
- Synchronize the default branch when updating a pull mirror. !7242
- Pushing to a merge request clears the approvals list even if the respective project setting is enabled and there is no fixed required number of approvals configured. !7328
- Align epics and roadmap empty state buttons to the center. !7358 (George Tsiolis)
- Add link to issue on epic. !7407
- Check for force env var when rebuilding auth_keys. !7419
- Update popover URL to point to help page of same domain. !7446
- Geo - Does not raise error 500 on Geo projects list page for orphaned entries. !7565
- Show promotion for epics on issues. !7602
- Fix Epic subscription toggle behaviour. !7723
- Geo - Send a cache invalidation event via the log cursor whenever features are changed on the primary. !7738
- Fix epic milestone dates incorrect after issue is linked to another epic. !7809
- Fixes warning for used minutes in runner showing when user still has minutes. !7843
- Fix disappearing weight input in Firefox. !7869
- Don't synchronize default branch when updating a SSH mirror. !7891
- Fix broken tokenization for filtered search bar in Epics. !7972
- Fix bug when resolving a discussion via a batch comment published right away.
- Fix wrong color in resolve/unresolve checkbox when using MR reviews.
### Changed (14 changes)
- Geo: Decrease frequency of project shard schedulers when few projects to schedule. !7287
- Added placeholder to weight input for issue sidebar. !7346
- updated icons used in filtered search dropdowns. !7356
- Geo: Display helpful feedback when proxying an SSH git push to secondary request. !7357
- Geo - Include keep-around and other Gitlab-specific references in the checksum calculation. !7367
- Polish security report externalizations. !7373
- Listen for resolved Prometheus alerts. !7382
- Rename date related labels for Epics. !7447
- Add reports CI syntax for Code Quality reports. !7465
- Support short reference to epics from project entities. !7475
- Geo: Downgrade Exclusive Lease warnings from Log Cursor to debug. !7476
- Geo: Allow nodes to be editable in more scenarios. !7832
- Account for issues created in the middle of a milestone in burndown chart.
- [Geo] Add CI job artifact numbers to rake geo:status.
### Performance (1 change)
- Update DB model for security reports.
### Added (20 changes, 1 of them is from the community)
- Batch comments on merge requests. !4213
- Use Geo log to remove files when migrated to object storage. !5966
- Add support for closing epics. !7302
- Add `auditor_groups` configuration so Audit users can be specified using SAML groups. !7340 (St. John Johnson)
- Geo - Add an event to reset checksums on Geo secondary nodes. !7394
- Starts adding the dashboard page view. !7400
- Add `Manage licenses` button to MR widget and pipelines view. !7411
- Add Open/Closed epics tabs in list view. !7424
- Add Feature Flags MVC. !7433
- Suggest approvers based on code owners. !7437
- Geo: Add a backoff time to few Geo workers to save resources. !7470
- Persist Prometheus alert events. !7493
- Geo: Added a button to Admin UI > Geo Nodes to open Geo Projects screen of any secondary node. !7512
- Show Alert Thresholds on monitoring dashboards. !7538
- Support autocomplete for commands in epics. !7588
- Add form to enter licenses manually. !7603
- Geo: Added `All` tab in Geo Nodes > Projects. !7745
- Geo: Add a Geo Status Widget to Admin > Projects. !7789
- Add data model and migration for vulnerabilities.
- Adds Batch Comments to Merge Requests [EEP].
### Other (8 changes, 1 of them is from the community)
- Add runner quota information to job API. !7233
- Resolve "ee:geo QA specs are failing as of !7210". !7315
- remove readme checkbox from "create project" page. !7332
- Create a generic JS function that we can apply to being able to track arbitrary events. !7403
- Rename Admin Area Geo Nodes nav item to Geo. !7466
- Group weight icon and text on issue list and issue boards. !7484 (George Tsiolis)
- Adds expandable/collapsable section for Snowplow. !7798
- API: Allow issue weight parameter to be greater than or equal to zero.
## 11.3.14 (2018-12-20)
- No changes.
## 11.3.13 (2018-12-13)
- No changes.
## 11.3.11 (2018-11-26)
### Security (7 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !697
- Properly filter private references from system notes.
- Authorize users when listing board users and milestones.
- Project groups approvers no longer leak private groups info.
- Resolve: Guest can set weight of a new issue.
- Fixes XSS with merge request approvers selection.
- Protect against CSRF attacks when adding Slack app.
## 11.3.10 (2018-11-18)
- No changes.
## 11.3.9 (2018-10-31)
- No changes.
## 11.3.8 (2018-10-27)
- No changes.
## 11.3.7 (2018-10-26)
### Security (1 change)
- Escape entity title while autocomplete template rendering to prevent XSS. !697
## 11.3.6 (2018-10-17)
### Fixed (1 change)
- Don't reset the default branch when repository mirroring is enabled. !7944
## 11.3.5 (2018-10-15)
### Fixed (1 change)
- Fix epic milestone dates incorrect after issue is linked to another epic. !7809
## 11.3.4 (2018-10-05)
### Security (1 change)
- Properly filter private references from system notes.
## 11.3.3 (2018-10-04)
- No changes.
## 11.3.2 (2018-10-03)
### Fixed (1 change)
- Geo: repository shard verification job should have unique lease keys per shard name. !7474
## 11.3.1 (2018-09-26)
### Security (2 changes)
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
## 11.3.0 (2018-09-22)
### Security (1 change)
- Prevent regular users from moving projects to different storage shards.
### Fixed (29 changes, 11 of them are from the community)
- don't add empty query params to boards. !4441
- Geo: sync disabled wikis. !6420
- Rails 5 fix alerts controller spec for post json parameters. !6795 (Jasper Maes)
- Fixes 500 error on user creation from admin panel with spaced username. !6804 (Jacopo Beschi @jacopo-beschi)
- Don't show search results for projects that have been deleted when using elastic search. !6830
- Geo: Use database-cached status if redis-cached status is unavailable. !6854
- [Geo] Fix: Custom favicons not being replicated by Geo. !6860
- Rails5 fix AddMilestoneToLists migration rollback deleting wrong foreign key. !6865 (Jasper Maes)
- Rails5 fix passing Group objects array into for_projects_and_groups milestone scope. !6873 (Jasper Maes)
- Rails5: fix mysql milliseconds problem in project_import_state_spec. !6874 (Jasper Maes)
- Fix Jira integration duplicating branches and MRs. !6876
- Rails5: fix mysql milliseconds problem in project_spec. !6880 (Jasper Maes)
- Remove https from Snowplow Collector URI placeholder in Admin Areawq. !6886
- Geo: Replicate keep around refs. !6922
- Fixes bug that prevented a user from seeing the system header and footer settings on the admin dashboard. !6926
- Rails5 fix duplicate gpg signature in path lock spec. !6939 (Jasper Maes)
- Rails5: Fix audit event spec. !6940 (Jasper Maes)
- Rails5: fix mysql milliseconds problem in project registry spec. !6943 (Jasper Maes)
- LDAP - Does not update permissions on a read-only database. !6965
- Rails5 fix project import spec. !6981 (Jasper Maes)
- Geo: Resolve sticky failures when attachments are missing on primary. !6991
- Geo: LFS batch downloads are OK to be handled by secondary. !7209
- Geo - Synchronize the default branch in secondary nodes. !7218
- Handle fixed dates seperately from selected dates in Epics. !7227
- Fix tooltip string to support dynamic date type in Epic sidebar. !7243
- Fix an error in docs about fetching artifacts using API. !7244
- Return proper status code when creation of an alert fails. !7360 (Peter Leitzen)
- Geo - Find the remote root ref using a JWT header for authentication. !7405
- Add weight to issue hook.
### Changed (3 changes, 1 of them is from the community)
- Allow push_code when auth'd via Geo JWT. !6455
- Prefer From address over Sender for Service Desk emails. !7006 (Andreas Josephson)
- Add CI Job token support to Maven packages API. !7249
### Performance (3 changes)
- Reduce queries needed for CI artifacts on merge request widget. !6978
- Use limited count approach on Protected Environments view. !6987
- Limit sidekiq-cluster concurrency to a maximum of 50. !7025
### Added (15 changes, 2 of them are from the community)
- Allow custom notification for new epic event. !5863
- Geo: SSH git push to secondary -> proxy to Primary. !6456
- Allow epic start/due dates to be sourceable from issue milestones. !6470
- Add ability to upload and download maven packages from/to GitLab. !6607
- Added an instance-level license template project. !6631 (Dan Barker)
- Add backend structure for ProtectedEnvironments. !6672
- Add UI for GitLab private Maven repository feature. !6781
- Add support for sorting epics. !6885
- Allow specifying code owners in a CODEOWNERS file. !6916
- Quick action for adding/removing epic to issues. !6934
- Show total and completed instances deployed on deploy boards. !6955
- Show security analysis status on the environments page. !6987
- Add Instance Review for Core users. !6995
- Introduce custom instance-level templates for Dockerfile, .gitignore, and .gitlab-ci.yml files. !7000
- Adds Rubocop rule to enforce class_methods over module ClassMethods. !7044 (Jacopo Beschi @jacopo-beschi)
### Other (4 changes)
- Removes feature flag code surrounding Protected Environments feature. !7338
- Creates vue component for shared runner limit.
- Allow MR authors to approve their MRs.
- Remove differences between CE and EE settings panel component.
## 11.2.8 (2018-10-31)
- No changes.
## 11.2.7 (2018-10-27)
- No changes.
## 11.2.6 (2018-10-26)
### Security (1 change)
- Escape entity title while autocomplete template rendering to prevent XSS. !698
## 11.2.5 (2018-10-05)
### Security (1 change)
- Properly filter private references from system notes.
## 11.2.4 (2018-09-26)
### Security (2 changes)
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
## 11.2.3 (2018-08-28)
- No changes.
## 11.2.2 (2018-08-27)
### Security (1 change)
- Prevent regular users from moving projects to different storage shards.
## 11.2.1 (2018-08-22)
- No changes.
## 11.2.0 (2018-08-22)
### Security (1 change)
- Don't expose project names in EE counters.
### Fixed (32 changes, 11 of them are from the community)
- Allow Geo node to be edited once the database is failed over. !6248
- Fix a bug where user was unable to delete a branch when repo size was above the limit. !6373
- Rails5 fix AttachmentRegistryFinder arel queries. !6396 (Jasper Maes)
- Add Premium license checks for system messages. !6460
- Fixes arrow-icon color and alignment in linked pipeline in merge request widget. !6479
- Rails 5 fix the matcher expected the ApplicationSetting to be invalid, but it was valid instead. !6488 (Jasper Maes)
- Geo: Gracefully handle deleted events from Geo event log. !6506
- Rails5 fix NoMethodError: undefined method 'message' for nil:NilClass. !6507 (Jasper Maes)
- Fix billing card title colors. !6563
- Rails5 fix undefined method 'namespace_project_settings_repository_path'. !6581 (Jasper Maes)
- Rails5 fix no implicit conversion of Symbol into Integer. !6582 (Jasper Maes)
- Rails 5 fix NoMethodError: undefined method 'message' for nil:NilClass in host_spec.rb. !6589 (Jasper Maes)
- Fix mobile view of pod logs. !6597
- Add left-padding to diverged-from-upstream label. !6647
- List groups with developer maintainer access on project creation. !6678
- no longer fail when setting up Geo database with GDK. !6680
- Allow Pseudonymizer to write to a bucket without having permissions to see all buckets. !6682
- Hide Expand button on empty MR widget Performance section. !6685
- Ensure that Create issue button is shown in vulnerability dialog. !6708
- Use same gem versions for Rails 5 as for Rails 4. !6712 (Jasper Maes)
- Rails5 correct wrong geo job name. !6713 (Jasper Maes)
- Elasticsearch: Fix a bug causing some types of note to miss being indexed. !6736
- Rails 5 fix product array method delagation by manually calling .to_a in NotificationService. !6753 (Jasper Maes)
- Adjust self-hosted Jira development panel integration. !6756
- Ensure that push size checks only count the size of newly-pushed files. !6767
- Fix the UI for listing system-level labels. !6805
- Rails5: fix slice in burndown fixture. !6813 (Jasper Maes)
- Rails5: fix Arel::UpdateManager in MigrateOldElasticsearchSettings migration. !6815 (Jasper Maes)
- Corrected URL for snowplow client side JS. !6899
- [Geo] Fix the Storage config parameter in Geo nodes admin page.
- Fix exporting issues to CSV when sorting by label priority is used.
- Fix handling of annotated tags when Gitaly is not in use.
### Changed (9 changes, 2 of them are from the community)
- Add related issues loading icon top margin. !6527 (George Tsiolis)
- Add security products to usage ping. !6602
- Changed copy for "Approved" state in merge request widget. !6635 (Constance Okoghenun)
- Track the Geo event log gaps in redis and handle them later. !6640
- Replace clipboard icon in Service Desk settings. !6643
- Removes "show all" on security reports and adds a button to take you to the pipeline page. !6675
- Shows license reports when there are no reports in the source branch. !6720
- Removes status text from licence reports. !6802
- Opens "view full report" links in a new window. !6806
### Performance (2 changes)
- Geo: Improve Geo Status API performance with cached counters in SiteStatistic. !6328
- Geo: Improve performance in Log Cursor gap tracking. !6754
### Added (19 changes)
- Geo: Add repository verification failures to API. !6137
- Add support for todos on epics. !6142
- Summed issue weights in board columns. !6218
- Add an API endpoint for managed licenses of a project. !6246
- Implement custom project templates. !6436
- Projects page under Admin > Geo Nodes to display detailed synchronization information. !6452
- Enables configuration of pull mirroring through API. !6485
- Adds SLI alerts to custom prometheus metrics. !6590
- Add support for milestones lists on the issue boards. !6615
- Persist Epic Roadmap timescale choice. !6637
- Add license management frontend. !6638
- Add Snowplow integration. !6642
- Add Security Dashboard to project quick links. !6652
- Show License Management at pipeline level. !6688
- Add Frontend for Instance-level project templates. !6740
- Geo - Actively try to correct verification failures on the secondary. !6759
- Add Prometheus metrics to track Geo autocorrect numbers. !6778
- Link the License Management report in the MR widget with the pipeline level one. !6800
- Allow creating assignee lists via API.
### Other (8 changes, 1 of them is from the community)
- Move merge requests EE helper methods. !6461 (George Tsiolis)
- Add additional logging for Geo Log Cursor. !6513
- Ensure no weight change system notes end with a superfluous comma. !6571
- Track registries marked as synced when repository does not found. !6694
- Removes EE specific CSS that was moved to CE. !6723
- Geo: Add rake task to resync projects where verification has failed. !6727
- updates column sizes in licence and security modals. !6808
- Geo: Log to geo.log when the Log Cursor skips an event.
## 11.1.7 (2018-09-26)
### Security (2 changes)
- Project groups approvers no longer leak private groups info.
- Protect against CSRF attacks when adding Slack app.
## 11.1.6 (2018-08-28)
- No changes.
## 11.1.5 (2018-08-27)
- No changes.
### Security (1 change)
- Prevent regular users from moving projects to different storage shards.
## 11.1.4 (2018-07-30)
- No changes.
## 11.1.3 (2018-07-27)
### Fixed (1 change)
- Resolve Environments dropdown is showing on the cluster health page. !6528
## 11.1.2 (2018-07-26)
### Security (1 change)
- Don't expose project names in EE counters.
## 11.1.1 (2018-07-23)
### Fixed (2 changes)
- Fix geo download service ImportExportDownloader unitialized constant. !6567
- Geo - Allow repository verification to be disabled on a secondary node. !6599
## 11.1.0 (2018-07-22)
### Removed (1 change)
- Drop ignored Geo repository_storage_path columns. !5468
### Fixed (19 changes, 7 of them are from the community)
- Log audit and Geo events within a project destroy transaction. !6059
- Do not pre-select previous user(s) when creating protected branches. !6112
- Group SAML settings link hidden when unlicensed. !6147
- Geo: Fix repository/wiki sync race condition with multiple updates, especially in quick succession. !6161
- [Rails5] Fix error on missed :authenticate_user callback. !6257 (@blackst0ne)
- Rails5 fix expected: ({...}) got: (<ActionController::Parameters {...}). !6271 (Jasper Maes)
- Rails5 fix ArgumentError: wrong number of arguments (given 1, expected 2). !6272 (Jasper Maes)
- Rails5 fix NoMethodError: undefined method `join' for "":String. !6278 (Jasper Maes)
- [Rails5] fix Boards::ListsController expected the response to have status code 200 but it was 403. !6318 (Jasper Maes)
- [Rails5] fix NoMethodError: undefined method 'downcase' for Hash. !6319 (Jasper Maes)
- [Rails5] fix Projects::VulnerabilityFeedbackController didn't match the schema. !6320 (Jasper Maes)
- Fix CI/CD pipelines when repository HEAD points to an invalid branch. !6325
- Geo - Recalculates the checksum for projects up to date. !6333
- Fixes an issue with security reports footers. !6450
- Add missing sourceBranchLink prop to CI widget. !6493
- Resync project repositories on secondaries nodes when import finishes. !6529
- Adds permission checks to dismiss issue in security reports.
- Allow all but "/" chars for groups and projects paths on Jira dev panel integration.
- Fix weight system notes ending in commas.
### Changed (6 changes)
- [Geo] Invert the direction of Geo metrics acquisition. !5934
- Update read-only message banner styling for Geo secondary node. !6135
- Removes action buttons from resolved vulnerability modal. !6155
- Redesign contribution analytics graphs. !6194
- Geo - Retry checksum calculation for failures on the primary node. !6295
- Don't show 'Contribute to GitLab' link on self-hosted Enterprise Edition instances. !6297
### Performance (5 changes, 1 of them is from the community)
- Geo - Optimize query to return outdated projects that need to be reverified. !5879
- Boost Geo prune worker to run every 2 hours instead of 6. !6074
- Use tooltip component in MrWidgetSecondaryGeoNode vue component. !6078 (George Tsiolis)
- Eliminate N+1 queries in path lock checks during a push.
- Memoize the global default for push rules within the request.
### Added (13 changes, 1 of them is from the community)
- Add a new push rule to allow negative matching of commit messages. !5453 (Hannes Rosenögger)
- Pseudonymizer to safely export data for analytics. !5532
- Add filename filtering to code search with Elasticsearch. !5590
- Add API endpoint for viewing and editing board config. !5954
- Log repository check and failed count to Prometheus. !5984
- Allow repository verification concurrency to be controlled on primary and secondary. !6102
- Geo: HTTP git-lfs push (upload) and locks (verify, lock and unlock) to secondary now redirects to the primary. !6109
- Adds pod selection dropdown to pod logs screen. !6111
- Add support for autocompleting Epics and Labels within Epics. !6195
- Add project Security Dashboard. !6197
- Support GitLab subgroups in Jira development panel. !6290
- Render container scanning and dast reports in pipeline view.
- Add link to Jenkins documentation within integration and service template.
### Other (2 changes)
- Enable Geo snapshot synchronization for everyone. !6286
- Geo - Make Geo repository verification flag opt-out by default. !6369
## 11.0.6 (2018-08-27)
### Security (1 change)
- Prevent regular users from moving projects to different storage shards.
## 11.0.5 (2018-07-26)
### Security (1 change)
- Don't expose project names in EE counters.
## 11.0.4 (2018-07-17)
- No changes.
## 11.0.3 (2018-07-05)
- No changes.
## 11.0.2 (2018-06-26)
- No changes.
## 11.0.1 (2018-06-21)
- No changes.
## 11.0.0 (2018-06-22)
### Security (2 changes)
- Escape name in merge request approvers dropdown.
- Fixes include directive to not allow SSRF requests.
### Fixed (15 changes)
- Hide Lock button if File Locking feature is not available in license. !5656
- Geo - Move out the replication slots items from verification section in Geo admin screen. !5723
- Fix approvers API not accepting empty form-encoded params. !5784
- Fix error when locking/unlocking directories. !5862
- Geo: Formatting fix for geo:status rake task. !6020
- Geo: Automatically clean up stale lock files on Geo secondary. !6034
- Remove LFS object warning from import UI. !6083
- Fix Web IDE status bar if System Footer message is present.
- [Geo] Fix: Deleted project events may be skipped on the secondary when selective sync is used.
- [Geo] Fix: Unauthenticated rate limits should not block Geo requests.
- Perform gitlab-ci-token authentication always using primary.
- Geo: Gracefully handle a non-JSON response from the node status.
- Geo: Fix FDW schema check when tables and columns are not in the same order.
- Fix sticking of runner to primary if new job is scheduled.
- When last Geo::EventLog is not available, geo:status rake task fails.
### Deprecated (2 changes)
- Rename Container Scanning job and artifact. !5770
- Rename Code Quality job and artifact. !5773
### Changed (7 changes)
- Removed "(Beta)" from "Auto DevOps" messages. !5583
- Make issue weight promotion in issuable sidebar dismissable. !5601
- Remove the comma from the weight system notes. !5854
- Enrich Security Reports with more data. !5878
- Truncate Geo event log with a delay. !5897
- Add support for non-negative integer weight values in issuable sidebar.
- Improve Failed Jobs tab in the Pipeline detail page.
### Performance (5 changes, 2 of them are from the community)
- Reorder LinkToMemberAvatar vue component props values. !5692 (George Tsiolis)
- Rename merge request widget author component. !5693 (George Tsiolis)
- Geo - Fix index for outdated projects on the project_repository_states table. !5986
- Preload Group plans in EpicsFinder.
- Only process Geo::EventLog events if associated shard is queryable and healthy.
### Added (12 changes)
- Allows the review of kubernetes pod logs within GitLab. !4752
- Geo: Rake task to force housekeeping on next sync. !5623
- Add ability to have zero approvers. !5635
- Show status information stale icon in Geo admin dashboard. !5653
- Add assignee board list type. !5743
- Geo: HTTP git push to secondary now redirects to the primary. !5785
- Add presets for navigating Epic Roadmap. !5798
- Guest users will not consume seats quote in Ultimate plan. !5816
- Create system note on epic date change.
- Add License Management results in the MR widget.
- Extract EE specific files.
- Add service discovery for the DB load balancer.
### Other (4 changes, 1 of them is from the community)
- Add promotion for epics to issuable sidebar. !5601
- Remove confusing statement in the message shown for Epics list empty state when filters are applied. !5630
- Fixed illustration alignment for group milestones promotion. !5677 (Constance Okoghenun)
- Allow viewing only one when multiple issue boards is not enabled.
## 10.8.6 (2018-07-17)
- No changes.
## 10.8.5 (2018-06-21)
- No changes.
## 10.8.4 (2018-06-06)
### Fixed (4 changes)
- Render a 403 when showing an access denied message. !5964
- Validate classification label on create & update. !5976
- Fix breadcrumbs being covered by System Header message.
- Treat external authorization service response status 403 as failure.
## 10.8.3 (2018-05-30)
- No changes.
- No changes.
### Fixed (1 change)
- Geo - Calculate the wiki checksum even when wiki is disabled. !5772
### Performance (1 change)
- Make Geo::PruneEventLogWorker delete rows more gently. !5835
## 10.8.2 (2018-05-28)
### Security (3 changes)
- Fixed XSS in protected branches & tags access dropdown.
- Escape name in merge request approvers dropdown.
- Fixes include directive to not allow SSRF requests.
## 10.8.1 (2018-05-23)
### Fixed (4 changes)
- Geo: Fix repo, wiki, and upload replication when renaming a namespace that has subgroups. !5704
- Shows the correct data in the verification information section for the primary node in Geo admin screen. !5722
- [Geo] Don't remove project registry records.
- Geo: Exclude tables that start with pg_ from FDW check.
## 10.8.0 (2018-05-22)
### Removed (1 change)
- Use of ENV['USE_SYSTEM_GIT_FOR_FETCH'] is no longer supported.
### Fixed (22 changes)
- Add missing fields to the API documentation for the status of Geo Nodes. !3865
- Large pushes were failing when max file size push rule was active. !4989
- Fix GITLAB_FEATURES CI/CD env var for public projects. !5242
- Reveal labels dropdown when labels icon is clicked on collapsed Epic sidebar. !5298
- Geo: Propagate broadcast messages to secondaries. !5303
- Geo: Exclude expired job artifacts from syncing and counts. !5380
- Exclude GroupSAML from sign in buttons. !5449
- Per-Group SAML (for GitLab.com) strips LRM chars from ADFS certificate fingerprints. !5466
- Refactor the Geo LogCursor Logger to make class more descriptive. !5483
- Geo - Returns a dummy checksum when there is no valid repository on disk. !5486
- ShaAttribute no longer stops startup if database is missing. !5502
- Fix network error message styling on Geo admin dashboard. !5530
- Fixes invalid link in html version of mirror was hard failed email. !5546
- During repository verification, ignore repositories/wikis that need to be resynced. !5568
- Group SAML skips forgery protection in production. !5621
- Does not log failed sign-in attempts when in a GitLab read-only instance. !5643
- [Geo] Fix rake geo:status when event_log is not found.
- Geo: Use a pre-built node status in admin area.
- [Geo] Mentioned in custom hooks doc that they won't be replicated to secondary.
- Fix: Geo: BaseSyncService should prune the @geo-temporary directory before fetching.
- Stop presenting burndown charts promotion for grouped by title milestones.
- Geo: When a repository or Wiki sync has failed, mark resync flag as true.
### Changed (13 changes, 1 of them is from the community)
- Shorten protected branch / tag access level dropdown text. !5091
- Improve tooltips on collapsible right sidebars. !5212
- Allow easier customization of included CI configurations. !5288 (King Chung Huang)
- Unprotect and update disabled in UI when prevented by branch unprotect rules. !5296
- Issues export CSV includes 'Weight' and 'Locked'. !5300
- Update item titles and add help text in Geo nodes admin dashboard. !5306
- Geo - Improve metrics for the checksum/verification feature. !5367
- Adds push mirrors to GitLab Community Edition. !5484
- Adds SSO page for GitLab.com per group SAML beta. !5508
- Adds authentication flow for GitLab.com per group SAML beta. !5575
- Add Geo information to console message. !5588
- Ability to edit, disable or remove Geo Nodes is now always available.
- Show pod name for each instance on deploy boards.
### Performance (4 changes)
- Port Group member contribution analytics table to Vue. !5269
- Improve performance of repository size limit check. !5476
- Improves database performance of mirrors, forks and imports. !5522
- Prevent Geo from unnecessarily syncing expired CI job artifacts.
### Added (11 changes)
- Geo: schedule a git repack after initial clone. !4266
- Present Burndown charts for group milestones. !5354
- Filtered search bar support for Roadmap view. !5417
- Allow user to dismiss a vulnerability or create an issue out of it. !5452
- Geo: enable housekeeping functionality when syncing repositories. !5461
- Enable username autocomplete inside Epics. !5475
- Present MRs on Jira development panel integration. !5534
- Run repository verification on Geo secondary. !5550
- Email notifications for epics.
- Add Epic count to usage pings.
- Add system note for weight change.
### Other (6 changes, 6 of them are from the community)
- Replace the ` admin/license.feature` spinach test with an rspec analog. !5477 (@blackst0ne)
- Replace the ` admin/push_rules.feature` spinach test with an rspec analog. !5512 (@blackst0ne)
- Replace the ` admin/emails.feature` spinach test with an rspec analog. !5513 (@blackst0ne)
- Replace the ` group_hooks.feature` spinach test with an rspec analog. !5515 (@blackst0ne)
- Replace the ` groups_management.feature` spinach test with an rspec analog. !5516 (@blackst0ne)
- Remove ` features/group_active_tab.feature`. !5554 (@blackst0ne)
## 10.7.7 (2018-07-17)
- No changes.
## 10.7.6 (2018-06-21)
- No changes.
## 10.7.5 (2018-05-28)
### Security (3 changes)
- Fixed XSS in protected branches & tags access dropdown.
- Escape name in merge request approvers dropdown.
- Fixes include directive to not allow SSRF requests.
## 10.7.4 (2018-05-21)
### Fixed (2 changes)
- Does not log failed sign-in attempts when in a GitLab read-only instance. !5643
- Fix: Geo: BaseSyncService should prune the @geo-temporary directory before fetching.
## 10.7.3 (2018-05-02)
### Fixed (3 changes)
- Geo - Fix undefined method pending_delete for nil class. !5470
- Geo: Admin page will not crash with 500 because of InvalidSignatureTimeError. !5495
- Fix DB LB errors when escaping input.
## 10.7.2 (2018-04-25)
- No changes.
## 10.7.1 (2018-04-23)
### Fixed (4 changes)
- Geo: Fix enabled wiki counts with FDW (impacts synced and verified counts). !5352
- Fix Epic timeline bar misalignment when start date is in last timeframe month and end date is out of range. !5360
- Adds border top to codeclimate report in MR widget.
- Avoid wrong closing dates being caught by the query on Burndown charts.
### Performance (1 change)
- Geo - Improve the query performance to find unverified projects on primary node. !5348
## 10.7.0 (2018-04-22)
### Fixed (25 changes)
- Issue Boards: Ensure that horizontal scroll bars are shown on overflow. !4944
- Fix validation error message when historical data is empty. !4961
- Fixes incorrect assignation of cluster details. !5047
- Fixed personal snippets uploads when background upload is enabled. !5049
- Fixed incorrect count of verified wikis on a Geo secondary node. !5084
- Fix unapproved unassigned merge request emails failing to send. !5092
- Geo secondary repository verification messages now appear in geo.log. !5095
- Geo: Sync wiki when it is enabled. !5139
- Geo: Make synced/failed scopes more consistent. !5171
- Updates style of arrown in downstream pipeline. !5172
- Add better LDAP connection handling in EE and fixing some LDAP group syncing problems. !5173
- Fix an exception in the Geo repository sync worker. !5223
- Geo - Fix wiki repository verification on a secondary node. !5315
- Show repository checksum UI elements only when feature is enabled. !5341
- Fix a bug migrating CI job artifact registry entries to a separate table. !5345
- Render show all report for sast and dependency scanning. !5363
- Fix label and issuable referencing in epics and epic notes.
- Add icons to epic system notes issue actions.
- [Geo] Fix project rename when wiki does not exist.
- Catch errors in LoadBalancing::Host#online?.
- Fix Scoped Boards bug filtering by No Milestone.
- Skip repository-changing events on Geo secondaries if the repository hasn't been backfilled yet.
- Ensure Geo secondary nodes only run cron jobs appropriate for secondaries.
- Geo - Returns a dummy checksum when there is no repository on disk.
- Fix Elasticsearch missing terms with special characters.
### Deprecated (1 change)
- Rename SAST:container to Container Scannning.
### Changed (9 changes)
- Geo - Perform the repository verification per shard on a secondary node. !5068
- Allow enabling classification policy control without external authorization service. !5083
- Update Geo nodes layout for better usability. !5199
- Document manual disaster recovery process for systems with multiple secondaries.
- Don't send schedule confirmations for chat jobs.
- Geo - Switch from time-based checking of outdated checksums to the nil-checksum-based approach.
- Make /-/ delimiter optional for epics and search endpoints.
- Order boards dropdown alphabetically.
- Renders grouped security reports in MR widget & split security reports in CI view.
### Performance (3 changes)
- Geo - Improve the query performance to find unsynced job artifacts. !5350
- Reimplement Roadmap timeline rendering for better performance.
- Geo: Migrate CI job artifacts into their own registry table.
### Added (11 changes)
- Geo ensure files moved to object storage are cleaned up. !4689
- Timeout for external authorization is now configurable. !4971
- Add system header and footer as new appearance options. !4972
- Authenticate using TLS certificate for requests to external authorization service. !5028
- Add admin setting for custom additional text in emails. !5031
- Mark files missing on primary as synced, but retry them. !5050
- Log every access when external authorization is enabled. !5117
- Add total CPU/Memory metrics, adds weighting for proper sorting. !5260
- Add comment thread to Epics.
- Render dependency scanning in MR widget and CI view.
- Add a Go back button to WebIDE to allow returning to where it was launched from.
### Other (4 changes, 1 of them is from the community)
- Move default group project creation level to Starter. !5148
- Replace the ` project/issues/weight.feature` spinach test with an rspec analog. !5194 (blackst0ne)
- [Geo] Log JID for sync related jobs.
- Breaks utils function to parse codeclimate and sast into separate functions.
## 10.6.6 (2018-05-28)
### Security (3 changes)
- Fixed XSS in protected branches & tags access dropdown.
- Escape name in merge request approvers dropdown.
- Fixes include directive to not allow SSRF requests.
## 10.6.5 (2018-04-24)
- No changes.
## 10.6.4 (2018-04-09)
### Fixed (4 changes)
- Fixes incorrect assignation of cluster details. !5047
- Geo: Make synced/failed scopes more consistent. !5171
- [Geo] Fix project rename when wiki does not exist.
- Fix Scoped Boards bug filtering by No Milestone.
### Other (1 change)
- [Geo] Log JID for sync related jobs.
## 10.6.3 (2018-04-03)
- No changes.
## 10.6.2 (2018-03-29)
- No changes.
## 10.6.1 (2018-03-27)
### Fixed (8 changes)
- Fix LDAP group sync permission override UI. !5003
- Hard failing a mirror no longer fails for a blocked user's personal project. !5063
- Geo - Avoid rescheduling the same project again in a backfill condition. !5069
- Mark disabled wikis as fully synced. !5104
- Fix excessive updates to file_registry when wiki is disabled. !5119
- Geo: Recovery from temporary directory doesn't work if the namespace directory doesn't exist.
- Define a chat responder for the Slack app.
- Resolve "undefined method 'log_transfer_error'".
### Added (1 change)
- Also log Geo Prometheus metrics from primary. !5058
### Other (1 change)
- Update Epic documentation to include labels.
## 10.6.0 (2018-03-22)
### Security (2 changes)
- Prevent new push rules from using non-RE2 regexes.
- Project can no longer be shared between groups when both member and group locks are active.
### Fixed (47 changes)
- Geo - Add a rake task to update Geo primary node URL. !4097
- Capture push rule regex errors and present them to user. !4102
- Fixed membership Lock should propagate from parent group to sub-groups. !4111
- Fix Epic sidebar toggle button icon positioning. !4138
- Update the Geo documentation to replicate all secrets to the secondary. !4188
- Update Geo documentation to reuse the primary node SSH host key on secondary node. !4198
- Improve Geo Disaster Recovery docs for systems in multi-secondary configurations. !4285
- Fix 500 errors caused by large replication slot wal retention. !4347
- Report the correct version and revision for Geo node status requests. !4353
- Don't show Member Lock setting for unlicensed system. !4355
- Fix the background_upload configuration being ignored. !4507
- Fix canary legends for single series charts. !4522
- Fixes and enhancements for Geo admin dashboard. !4536
- Fix license expiration duration to show trial info only for trial license. !4573
- File uploads in remote storage now support project renaming. !4597
- Use unique keys for token inputs while add same value twice to an epic. !4618
- Fix multiple assignees avatar alignment in issues list. !4664
- Improve security reports to handle big links and to work on mobile devices. !4671
- Supresses error being raised due to async remote removal being run outside a transaction. !4747
- Mark empty repos as synced in Geo. !4757
- Mirror owners now get assigned as mirror users when the assigned mirror users disable their accounts. !4827
- Geo: Ignore remote stored objects when calculating counts. !4864
- Fix Epics not getting created in a Group with existing Epics. !4865
- Generate ObjectStorage URL based on user provided schema. !4932
- Make Epic start and finish dates on Roadmap to be timezone neutral. !4964
- Support SendURL for performing indirect download of artifacts if clients does not specify that it supports that.
- Fix LDAP group sync no longer configurable for regular users.
- [Geo] Skip attachments that is stored in the object storage.
- Fix: Geo WikiSyncService attempts to sync projects that have no Wiki.
- Fix broken CSS in modal for DAST report.
- Improve SAST description for no new vulnerabilities.
- Fix 'Geo: Don't attempt to expire the cache after a failed clone'.
- Geo - Remove duplicated message on on geo:update_primary_node_url rake task.
- Fix the geo::db:seeds rake task.
- Geo - Fix repository synchronization order for projects updated recently.
- Geo - Respect backoff time when repository have never been synced successfully.
- Ensure mirror can transition out of the started state when last_update_started_at is nil.
- Fix bug causing 'Import in progress' to be shown while a mirror is updating.
- Include epics from subgroups on Epic index page.
- Fix proxy_download support for lfs controller.
- Fixed IDE command palette options being hidden.
- Fixed IDE file list when multiple files have same name but different paths.
- Fixed IDE not showing the correct changes and diff markers.
- Update epic issue reference when moving an issue.
- Fix Geo Log Cursor not reconnecting after pgbouncer dies.
- Fix audit and Geo project deletion events not being logged under certain conditions.
- Geo: Fix Wiki resync when Wiki repository does not exist.
### Changed (15 changes)
- Geo Logger will use the same log level defined in Rails. !4066
- Approve merge requests additionally. !4134
- Geo: sync .gitattributes to info/attributes in secondary nodes. !4159
- Update behavior of MR widgets that require pipeline artifacts to allow jobs with multiple artifacts. !4203
- Add details on how to disable GitLab to the DR documentation. !4239
- Add users stats page for admin area with per role amount. !4539
- Group Roadmap enhancements. !4651
- Adds support to show added, fixed and all vulnerabilties for SAST in merge request widget.
- Ports remote removal to a background job.
- Update UI for merge widget reports.
- Geo: Improve formatting of can't push to secondary warning message.
- Replace check_name key with description in codeclimate results for a more human readable description.
- Add license ID number to usage ping.
- Schedule mirror updates in parallel.
- Geo: Don't attempt to schedule a repository sync for downed Gitaly shards.
### Performance (8 changes, 3 of them are from the community)
- Move Assignees vue component. !4467 (George Tsiolis)
- Speed up approvals calculations. !4492
- Move BoardNewIssue vue component. !16947 (George Tsiolis)
- Move RecentSearchesDropdownContent vue component. !16951 (George Tsiolis)
- Bump Geo JWT timeout from 1 minute to 10 minutes.
- Cache column_exists? for Elasticsearch columns.
- FIx N+1 queries with /api/v4/groups endpoint.
- Properly memoize ChangeAccess#validate_path_locks? to avoid excessive queries.
### Added (39 changes, 1 of them is from the community)
- Add ability to add Custom Metrics to environment and deployment metrics dashboards. !3799
- Add object storage support for uploads. !3867
- Add support within Browser Performance Testing for metrics where smaller is better. !3891 (joshlambert)
- Add more endpoints for Geo Nodes API. !3923
- (EEP) Allow developers to create projects in group. !4046
- Integrate current File Locking feature with LFS File Locking. !4091
- Add Epic information for selected issue in Issue boards sidebar. !4104
- Update CI/CD secret variables list to be dynamic and save without reloading the page. !4110
- Add object storage migration task for uploads. !4215
- Filtered search support for Epics list page. !4223
- Add multi-file editor usage metrics. !4226
- Dry up CI/CD gitlab-ci.yml configuration by allowing inclusion of external files. !4262
- Geo: FDW issues are displayed in the Geo Node Admin UI. !4266
- Implement selective synchronization by repository shard for Geo. !4286
- Show Group level Roadmap. !4361
- Add Geo Prometheus metrics about the various number of events. !4413
- Geo - Calculate repositories checksum on primary node. !4428
- If admin note exists, display it in admin user view. !4546
- Add option to overwrite diverged branches for pull mirrors. !4559
- Adds GitHub Service to send status updates for pipelines. !4591
- Projects and MRs Approvers API. !4636
- Add CI/CD for external repositories. !4642
- Authorize project access with an external service. !4675
- GitHub CI/CD import sets up pipeline notification integration. !4687
- Add GitHub support to CI/CD for external repositories. !4688
- Repository mirroring notifies when hard failed. !4699
- Query cluster status. !4701
- Geo - Verify repository checksums on the secondary node. !4749
- Move support of external gitlab-ci files from Premium to Starter. !4841
- Geo - Improve node status report by adding one more indicator of health: last time when primary pulled the status of the secondary.
- Render SAST report in Pipeline page.
- Add system notes when moving issues between epics.
- Add rake task to print Geo node status.
- Add basic searching and sorting to Epics API.
- gitlab:geo:check checks connection to the Geo tracking DB.
- Added basic implementation of GitLab Chatops.
- Add discussions API for Epics.
- Add proxy_download to enable passing all data through Workhorse.
- Add support for direct uploading of LFS artifacts.
### Other (8 changes)
- Geo: Improve replication status. Using pg_stat_wal_receiver.
- Remove unaproved typo check in sast:container report.
- Allow clicking on Staged Files in WebIDE to open them in the Editor.
- Translate Locked files page.
- Increase minimum mirror update interval from 15 to 30 minutes.
- Geo - add documentation about using shared a S3 bucket with GitLab Container Registry.
- Allow use of system git for git fetch if USE_SYSTEM_GIT_FOR_FETCH is defined.
- Rename "Approve Additionally" to "Add approval".
## 10.5.8 (2018-04-24)
- No changes.
## 10.5.7 (2018-04-03)
- No changes.
## 10.5.6 (2018-03-16)
- No changes.
## 10.5.5 (2018-03-15)
### Fixed (1 change)
- Geo: Fix Wiki resync when Wiki repository does not exist.
## 10.5.4 (2018-03-08)
### Fixed (4 changes)
- Supresses error being raised due to async remote removal being run outside a transaction. !4747
- Mark empty repos as synced in Geo. !4757
- Fix: Geo WikiSyncService attempts to sync projects that have no Wiki.
- Geo - Fix repository synchronization order for projects updated recently.
### Other (1 change)
- Rename "Approve Additionally" to "Add approval".
## 10.5.3 (2018-03-01)
### Security (2 changes)
- Project can no longer be shared between groups when both member and group locks are active.
- Prevent new push rules from using non-RE2 regexes.
### Fixed (1 change)
- Fix LDAP group sync no longer configurable for regular users.
## 10.5.2 (2018-02-25)
- No changes.
## 10.5.1 (2018-02-22)
- No changes.
## 10.5.0 (2018-02-22)
### Fixed (23 changes, 1 of them is from the community)
- Geo - Add a rake task to update Geo primary node URL. !4097
- Capture push rule regex errors and present them to user. !4102
- Fixed membership Lock should propagate from parent group to sub-groups. !4111
- Fix Epic sidebar toggle button icon positioning. !4138
- Update the Geo documentation to replicate all secrets to the secondary. !4188
- Update Geo documentation to reuse the primary node SSH host key on secondary node. !4198
- Override group sidebar links. !4234 (George Tsiolis)
- Improve Geo Disaster Recovery docs for systems in multi-secondary configurations. !4285
- Fix 500 errors caused by large replication slot wal retention. !4347
- Report the correct version and revision for Geo node status requests. !4353
- Don't show Member Lock setting for unlicensed system. !4355
- Fix the background_upload configuration being ignored. !4507
- Geo: Reset force_redownload flag after successful sync.
- [Geo] Skip attachments that is stored in the object storage.
- [Geo] Fix redownload repository recovery when there is not local repo at all.
- Fix broken CSS in modal for DAST report.
- Improve SAST description for no new vulnerabilities.
- Geo - Remove duplicated message on on geo:update_primary_node_url rake task.
- Fix the geo::db:seeds rake task.
- Allow project to be set up to push to and pull from same mirror.
- Include epics from subgroups on Epic index page.
- Fix validation of environment scope of variables.
- Support SendURL for performing indirect download of artifacts if clients does not specify that it supports that.
### Changed (9 changes)
- Geo Logger will use the same log level defined in Rails. !4066
- Approve merge requests additionally. !4134
- Geo: sync .gitattributes to info/attributes in secondary nodes. !4159
- Update behavior of MR widgets that require pipeline artifacts to allow jobs with multiple artifacts. !4203
- Add details on how to disable GitLab to the DR documentation. !4239
- Ports remote removal to a background job.
- Adds support to show added, fixed and all vulnerabilties for SAST in merge request widget.
- Geo: Don't attempt to schedule a repository sync for downed Gitaly shards.
- Update UI for merge widget reports.
### Performance (3 changes)
- Bump Geo JWT timeout from 1 minute to 10 minutes.
- FIx N+1 queries with /api/v4/groups endpoint.
- Properly memoize ChangeAccess#validate_path_locks? to avoid excessive queries.
### Added (17 changes, 1 of them is from the community)
- Add object storage support for uploads. !3867
- Add support within Browser Performance Testing for metrics where smaller is better. !3891 (joshlambert)
- Add more endpoints for Geo Nodes API. !3923
- (EEP) Allow developers to create projects in group. !4046
- Integrate current File Locking feature with LFS File Locking. !4091
- Add Epic information for selected issue in Issue boards sidebar. !4104
- Update CI/CD secret variables list to be dynamic and save without reloading the page. !4110
- Add object storage migration task for uploads. !4215
- Filtered search support for Epics list page. !4223
- Add multi-file editor usage metrics. !4226
- Dry up CI/CD gitlab-ci.yml configuration by allowing inclusion of external files. !4262
- Implement selective synchronization by repository shard for Geo. !4286
- Show Group level Roadmap. !4361
- Add Geo Prometheus metrics about the various number of events. !4413
- Geo - Improve node status report by adding one more indicator of health: last time when primary pulled the status of the secondary.
- Add rake task to print Geo node status.
- Add system notes when moving issues between epics.
### Other (3 changes)
- Activated the Web IDE Button also on the main project page. !4250
- Geo - add documentation about using shared a S3 bucket with GitLab Container Registry.
- Geo: Improve replication status. Using pg_stat_wal_receiver.
- Remove unaproved typo check in sast:container report.
## 10.4.7 (2018-04-03)
- No changes.
## 10.4.6 (2018-03-16)
- No changes.
## 10.4.5 (2018-03-01)
### Security (2 changes)
- Project can no longer be shared between groups when both member and group locks are active.
- Prevent new push rules from using non-RE2 regexes.
### Fixed (1 change)
- Fix LDAP group sync no longer configurable for regular users.
## 10.4.4 (2018-02-16)
### Fixed (4 changes)
- Handle empty event timestamp and larger memory units. !4206
- Geo: Reset force_redownload flag after successful sync.
- [Geo] Fix redownload repository recovery when there is not local repo at all.
- Allow project to be set up to push to and pull from same mirror.
## 10.4.3 (2018-02-05)
### Security (1 change)
- Restrict LDAP API to admins only.
## 10.4.2 (2018-01-30)
### Fixed (7 changes)
- Fix Epic issue item reordering to handle different scenarios. !4142
- Fix visually broken admin dashboard until license is added. !4196
- Handle empty event timestamp and larger memory units. !4206
- Use a fixed remote name for Geo mirrors. !4249
- Preserve updated issue order to store when reorder is completed. !4278
- Geo - Fix OPENSSH_EXPECTED_COMMAND in the geo:check rake task.
- Execute group hooks after-commit when moving an issue.
## 10.4.1 (2018-01-24)
### Fixed (1 change)
- Fix failed LDAP logins when sync_ssh_keys is included in config.
## 10.4.0 (2018-01-22)
### Security (2 changes)
- Fix LDAP external user/group bug on first sign in.
- Deny persisting milestones from outside project/group scope on boards.
### Fixed (19 changes, 1 of them is from the community)
- Issue count now refreshes quicker on geo secondary. !3639
- Prevent adding same role multiple times on repeated clicks. !3700
- Geo - Fix difference in FDW / non-FDW queries for Geo::FileRegistry queries. !3714
- Fix successful rebase throwing flash error message. !3727
- Fix Merge Rquest widget rebase action in Internet Explorer. !3732
- Geo - Use relative path for avatar images on a secondary node. !3857
- Add missing wiki counts to prometheus metrics. !3875
- Adjust content width for User Settings, Pipeline quota. !3895 (George Tsiolis)
- Fix a bug where branch could not be delete due to a push rule config. !3900
- Fix a few doc links to fast ssh key lookup. !3937
- Handle node details load failure gracefully on UI. !3992
- Use the fastest available method for various Geo status counts. !4024
- Fix neutralCount computation to prevent negative values. !4044
- Fix reordering of items when moved to top or bottom. !4050
- Geo - Fix repository clean up when selective replication changes with hashed storage enabled. !4059
- Fix JavaScript bundle running on Cluster update/destroy pages. !4112
- Record EE instances without a license correctly in usage ping.
- Fix export to CSV if a filter with multiple labels is used.
- Stop authorization attempts with instance profile when static credentials are provided for AWS Elasticsearch.
### Changed (6 changes)
- Change MR widget failed icons to warning icons. !3669
- Show clear message when set-geo-primary-node was successful. !3768
- More descriptive error when clocks between Geo nodes are out of sync. !3860
- Allow sidekiq to react to becoming a Geo primary or secondary without a restart. !3878
- Geo admin screen enhancements. !3902
- Geo UI polish.
### Added (13 changes)
- Split project repository and wiki repository status in Geo node status. !3560
- Add reset pipeline minutes button to admin overview of groups and users. !3656
- Show results from docker image scan in the merge request widget. !3672
- Geo: Added Authorized Keys specific checks. !3728
- Add some extra fields to Geo API node and status. !3858
- Show results from DAST scan in the merge request widget. !3885
- Add Geo support for CI job artifacts. !3935
- Make it possible to enable/disable PostgreSQL FDW for Geo. !4020
- Add support for reordering issues in epics.
- Check if shard configuration is same across Geo nodes.
- Add API for epics.
- Add group boards API endpoint.
- Add api for epic_issue associations.
### Other (6 changes)
- Document GitLab Geo with Object Storage. !3760
- Update disaster recovery documentation with detailed steps. !3845
- Fix broken alignment of database password in geo docs. !3939
- Remove unnecessary NTP checks now included in gitlab:geo:check. !3940
- Move geo status check after db replication to avoid anticipated failures. !3941
- Make scoped issue board specs more reliable.
## 10.3.9 (2018-03-16)
- No changes.
## 10.3.8 (2018-03-01)
### Security (2 changes)
- Project can no longer be shared between groups when both member and group locks are active.
- Prevent new push rules from using non-RE2 regexes.
### Fixed (1 change)
- Fix LDAP group sync no longer configurable for regular users.
## 10.3.7 (2018-02-05)
### Security (1 change)
- Restrict LDAP API to admins only.
### Fixed (1 change)
- Fix JavaScript bundle running on Cluster update/destroy pages.
## 10.3.6 (2018-01-22)
### Fixed (3 changes)
- Geo - Fix repository clean up when selective replication changes with hashed storage enabled. !4059
- Fix JavaScript bundle running on Cluster update/destroy pages. !4112
- Fix export to CSV if a filter with multiple labels is used.
## 10.3.5 (2018-01-18)
- No changes.
## 10.3.4 (2018-01-10)
### Security (2 changes)
- Fix LDAP external user/group bug on first sign in.
- Deny persisting milestones from outside project/group scope on boards.
## 10.3.3 (2018-01-02)
- No changes.
## 10.3.2 (2017-12-28)
- No changes.
## 10.3.1 (2017-12-27)
### Changed (1 change)
- Geo: Show sync percent on bar graph and count within tooltips. !3794
## 10.3.0 (2017-12-22)
### Removed (2 changes)
- Remove the full-scan option from the Geo log cursor. !3412
- Remove Geo SSH repo sync support. !3553
### Fixed (14 changes)
- Hide Approvals section when Merge Request Widget is showing the empty state. !3376
- Fix error when entering an invalid url to push to or pull from a remote repository. !3389
- Update gitlab.yml.example to match the default settings for Geo sync workers. !3488
- Remove duplicate read-only flash message on admin pages. !3495
- Strip leading & trailing whitespaces in CI/CD secret variable's environment scope. !3563
- Fix Advanced Search Syntax documentation. !3571
- Fix Git message when pushing to Geo secondary. !3616
- Fix a bug in the Geo metrics update service. !3623
- Fix validation of environment scope for Ci::Variable. !3641
- Fix an exception in Geo scheduler workers. !3740
- Fix Merge Request Widget Approvals responsiveness on mobile.
- Geo - Does not sync repositories on unhealthy shards in non-backfill conditions.
- Record EE Ultimate usage pings correctly.
- Fix board filter for predefined milestones.
### Changed (4 changes)
- Improve Geo logging of repository errors. !3402
- ProtectedBranches API allows individual users and group to be specified. !3516
- EE Protected Branches API access levels include user_id/group_id where relevant. !3535
- Enhancements for Geo admin screen. !3545
### Performance (1 change)
- Geo - Improve performance when calculating the node status. !3595
### Added (20 changes)
- Show SAST results in MR widget. !3207
- Add option for projects to only mirror protected branches. !3326
- Add option to remote mirrors to only push protected branches. !3350
- Add warning when Geo is configured insecurely. !3368
- Added enpoint that triggers the pull mirroring process. !3453
- Add performance metrics to the merge request widget. !3507
- Geo: replicate Attachments migration to Hashed Storage in secondary node. !3544
- View, add, and edit weight on Issue from the Issue Board contextual sidebar. !3566
- Decrease scheduling delay and add rate limiting to push mirror. !3575
- Allow admins to disable mirroring. !3586
- Support multiple Kubernetes cluster per project. !3603
- Geo: Increase parallelism by scheduling project repositories by shard. !3606
- Geo: rake task to refresh foreign table schema (FDW support). !3626
- Support mentioning epics.
- Handle outdated replicas in the DB load balancer.
- Add geo:set_secondary_as_primary rake task.
- Transfer job archives to object storage after creation.
- Geo - Show GitLab version for each node in the Geo status page.
- Add epic information to issue sidebar.
- Add system notes for issue - epic association.
### Other (3 changes)
- Add fade mask to the bottom of the boards selector dropdown list if it can be scrolled down. !3384
- Document how to set up GitLab Geo for HA. !3468
- Add border for epic edit button.
## 10.2.8 (2018-02-07)
### Security (1 change)
- Restrict LDAP API to admins only.
## 10.2.7 (2018-01-18)
- No changes.
## 10.2.6 (2018-01-11)
### Security (2 changes)
- Fix LDAP external user/group bug on first sign in.
- Deny persisting milestones from outside project/group scope on boards.
## 10.2.5 (2017-12-15)
### Fixed (1 change)
- Fix board filter for predefined milestones.
## 10.2.4 (2017-12-07)
- No changes.
## 10.2.3 (2017-11-30)
### Fixed (5 changes)
- Fix viewing default push rules on a Geo secondary. !3559
- Disable autocomplete for epics.
- Fix epic fullscreen editing.
- Fix tasklist for epics.
- Fix Geo wiki sync error not increasing retry count.
## 10.2.2 (2017-11-23)
### Fixed (6 changes)
- Fix in-progress repository syncs counting as failed. !3424
- Don't user issuable_sort cookie for epics collection.
- Enable scoped boards for Early Adopters.
- Account shared runner minutes to top-level namespace.
- Geo - Ensure that LFS object deletions are communicated to the secondary.
- Disable file attachments for epics.
### Other (1 change)
- Document a failure mode for large repositories in Geo. !3500
## 10.2.1 (2017-11-22)
- No changes.
## 10.2.0 (2017-11-22)
### Fixed (17 changes)
- Geo - Does not move projects backed by hashed storage when handling renamed events. !3066
- Geo: Don't sync disabled project wikis. !3109
- Reconfigure the Geo tracking database pool size when running as Sidekiq. !3181
- Geo - Ensures that leases were returned. !3241
- Fix (un)approver names not being shown in plaintext emails. !3266
- Add post-migration to drain all Geo related redis queues. !3289
- Prevent the Geo log cursor from running on primary nodes. !3411
- Reduce the number of Elasticsearch client instances that are created. !3432
- Fix generated clone URLs for wikis on Geo secondaries. !3448
- Remove duplicate delete button in epic.
- Fix: Failed to rebase MR from forked repo.
- Fix: Geo API bug. Statistic is not collected when prometheus is disabled.
- Geo - Ensure that repository deletions in a primary node are correctly deleted in a secondary node.
- Geo: Fix handling of nil values on advanced section in admin screen.
- Redirect to existing group boards using old URL if there is no subgroup called 'boards'.
- Geo - Allow Sidekiq to retry failed jobs to rename project repositories.
- Geo: Ensure database is connected before attempting to check for secondary status.
### Changed (4 changes)
- Add project actions in Audit events. !3160
- Add group actions in Audit events. !3176
- Geo: Don't retry repositories or files until everything has been backfilled. !3182
- Improve Codeclimate UI.
### Performance (1 change)
- Reduce the quiet times between scheduler runs on Geo secondaries. !3185
### Added (20 changes, 1 of them is from the community)
- Add new push rule to enforce that only the author of a commit can push to the repository. !3086
- Make the maximum capacity of Geo backfill operations configurable. !3107
- Mirrors can now hard fail, keeping them from being retried until a project admin takes action. !3117
- View/edit epic at group level. !3126
- Add worker to prune the Geo Event Log. !3172
- julian7 Add required_groups option to SAML config, to restrict access to GitLab to specific SAML groups. !3223 (Balazs Nagy)
- Geo: Expire and resync attachments from renamed projects in secondary nodes when using legacy storage. !3259
- On Secondary read-only Geo Nodes now a flash banner is shown on all pages. !3260
- Make GeoLogCursor Highly Available. !3305
- Allow Geo repository sync over HTTPS. !3341
- Allow persisting board configuration in order to automatically filter issues.
- Improve error handling.
- Add epics list and add epics to nav sidebar.
- Introduce EEU lincese with epics as the first feature.
- Add ability to create new epics.
- Add sidebar for epic.
- Add delete epic button.
- Allow admins to globally disable all remote mirrors from application settings page.
- Add support for logging Prometheus metrics for Geo.
- Use PostgreSQL FDW for Geo downloads.
### Other (2 changes, 1 of them is from the community)
- Suppress MergeableSelector warning candidates in EE-only files. !3225 (Takuya Noguchi)
- Enhance the documentation for gitlab-ctl replicate-geo-database. !3268
## 10.1.7 (2018-01-18)
- No changes.
## 10.1.6 (2018-01-11)
### Security (2 changes)
- Fix LDAP external user/group bug on first sign in.
- Deny persisting milestones from outside project/group scope on boards.
## 10.1.5 (2017-12-07)
- No changes.
## 10.1.4 (2017-11-14)
- No changes.
## 10.1.3 (2017-11-10)
- [FIXED] Fix: Failed to rebase MR from forked repo.
## 10.1.2 (2017-11-08)
- [SECURITY] Fix vulnerability that could allow any user of a Geo instance to clone any repository on the secondary instance.
- [SECURITY] Geo JSON web tokens now expire after two minutes to reduce risk of compromise.
## 10.1.1 (2017-10-31)
- [FIXED] Fix LDAP group sync for nested groups e.g. when base has uppercase or extraneous spaces. !3217
- [FIXED] Geo: read-only safeguards was not working on Secondary node. !3227
- [FIXED] fix height of rebase and approve buttons.
- [FIXED] Move group boards routes under - and remove "boards" from reserved paths.
## 10.1.0 (2017-10-22)
- [SECURITY] Prevent Related Issues from leaking confidential issues. !541
- [FIXED] Geo - Selective replication allows admins to select any groups. !2779
- [FIXED] Fix CSV export when filtering issues by multiple labels. !2852
- [FIXED] Impersonation no longer gets stuck on password change. !2904
- [FIXED] Mirroring to remote repository no longer fails after a force push. !2919
- [FIXED] Fix a merge request validation error on forked projects. !2932
- [FIXED] Fix an error reporting some failures in the elasticsearch indexer. !2998
- [FIXED] Fix a Geo node validation, preventing admins from locking themselves out. !3040
- [FIXED] Find stuck scheduled import jobs and also mark them as failed. !3055
- [FIXED] Fix removing the username from the git repository URL for pull mirroring. !3060
- [FIXED] Prevent failed file syncs from stalling Geo backfill. !3101
- [FIXED] Fix reading the status of a secondary Geo node from the primary. !3140
- [FIXED] Always allow the default branch as a branch name. !3154
- [FIXED] Show errors when rebase onto target branch fails in the UI.
- [FIXED] Fix base link for issues on group boards.
- [FIXED] Don't create todos for old issue assignees.
- [FIXED] Geo: Fix attachments/avatars saving to the wrong directory.
- [FIXED] Save Geo files to a temporary file and rename after success.
- [FIXED] Fix personal snippets not downloading in Geo secondaries.
- [FIXED] Geo: Limit the huge cross-database pluck for LFS objects and attachments.
- [CHANGED] Schedule repository synchronization when processing events on a Geo secondary node. !2838
- [CHANGED] Create idea of read-only database and add method to check for it. !2954
- [CHANGED] Remove the backoff delay from Geo repository sync. !3009
- [CHANGED] Improves visibility of deploy boards.
- [CHANGED] Improve performance of rebasing by using worktree.
- [ADDED] Add suport for CI/CD pipeline policy management. !2986
- [ADDED] Add LDAP synchronization based on filter for GitLab groups.
- [OTHER] Add Geo rake task descriptions. !2925
- [OTHER] Improve logging output for several Geo background workers. !2961
- [OTHER] Add partial index on push_rules.is_sample.
- Add new push rule to reject unsigned commits. !2913
## 10.0.7 (2017-12-07)
- No changes.
## 10.0.5 (2017-11-03)
- [FIXED] Find stuck scheduled import jobs and also mark them as failed. !3055
- [FIXED] Fix removing the username from the git repository URL for pull mirroring. !3060
- [FIXED] Fix base link for issues on group boards.
- [FIXED] Move group boards routes under - and remove "boards" from reserved paths.
- [FIXED] Geo: Fix attachments/avatars saving to the wrong directory.
## 10.0.4 (2017-10-16)
- [SECURITY] Prevent Related Issues from leaking confidential issues. !541
- [SECURITY] Escape user name in filtered search bar.
## 10.0.3 (2017-10-05)
- [FIXED] Rewrite Geo database rake tasks so they operate on the correct database. !3052
- [FIXED] Show group tab if member lock is enabled.
- [FIXED] File uploaders do not perform hard check, only soft check.
- [FIXED] Only show Turn on Service Desk button when user has permissions.
- [FIXED] Fix EE delta size check handling with annotated tags.
## 10.0.2 (2017-09-27)
- [FIXED] Send valid project path as name for Jira dev panel.
- [FIXED] Fix delta size check to handle commit or nil objects.
## 10.0.1 (2017-09-23)
- No changes.
## 10.0.0 (2017-09-22)
- [SECURITY] Check if LDAP users are in external groups on login. !2720
- [FIXED] Fix typo for ` required` attribute. !2659
- [FIXED] Fix global code search when using negation queries. !2709
- [FIXED] Fixes activation of project mirror when new project is created. !2756
- [FIXED] Geo - Whitelist LFS requests to download objects on a secondary node. !2758
- [FIXED] Fix Geo::RepositorySyncWorker so attempts to sync all projects if some are failing. !2796
- [FIXED] Fix unsetting credentials data for pull mirrors. !2810
- [FIXED] Geo: Gracefully catch incorrect db key on primary. !2819
- [FIXED] Fix a regression breaking projects with an empty import URL. !2824
- [FIXED] Fix a 500 error in the SSH host keys lookup action. !2827
- [FIXED] Handle Geo DB replication lag as 24h/day & 7d/week. !2833
- [FIXED] Geo - Add a unique index on project_id to the Geo project_registry table. !2850
- [FIXED] Improve Geo repository sync performance for larger databases. !2887
- [FIXED] Ensure #route_setting is available before calling it. !2908
- [FIXED] Fix searching by assignee in the service desk. !2969
- [FIXED] Fix approvals before merge error while importing projects.
- [FIXED] Fix the gap in approvals in merge request widget.
- [FIXED] Fix branch name regex not saving in /admin/push_rule config.
- [FIXED] Fix merges not working when project is not licensed for squash.
- [CHANGED] Add Time estimate and Time spend fields in csv export. !2627 (g3dinua, LockiStrike)
- [CHANGED] Improve copy so users will set up SSH from DB for Geo. !2644
- [CHANGED] Support ` codequality` job name for Code Quality feature. !2704
- [CHANGED] Support Elasticsearch v5.1 - v5.5. !2751
- [CHANGED] Geo primary nodes no longer require SSH keys. !2861
- [CHANGED] Show Geo event log and cursor data in node status page.
- [CHANGED] Use a logger for the artifacts migration rake task.
- [ADDED] LFS files can be stored in remote object storage such as S3. !2760
- [ADDED] Add LDAP sync endpoint to Groups API. !2785
- [ADDED] Geo - Log a repository created event when a project is created. !2807
- [ADDED] Show geo.log in the Admin area. !2845
- [ADDED] Commits integration with Jira development panel.
- [OTHER] Add missing indexes to geo_event_log table. !2836
- [OTHER] Geo - Ignore S3-backed LFS objects on secondary nodes. !2889
- Fix a bug searching private projects with Elasticsearch as an admin or auditor. !2613
- Don't put the password in the SSH remote if using public-key authentication. !2837
- Support handling of rename events in Geo Log Cursor.
- Update delete board button text color to red and fix hover color.
- Search for issues with multiple assignees.
- Fix: When MR approvals are disabled, but approvers were previously assigned, all approvers receive a notification on every MR.
- Add group issue boards.
- Ports style changes fixed in a conflict in ce to ee upstream to master for new projects page.
## 9.5.10 (2017-11-08)
- [SECURITY] Ensure GitLab Geo JSON web tokens expire after 2 minutes.
## 9.5.9 (2017-10-16)
- [SECURITY] Prevent Related Issues from leaking confidential issues.
- Escape user name in filtered search bar.
## 9.5.8 (2017-10-04)
- [FIXED] Fix EE delta size check handling with annotated tags.
- [FIXED] Fix delta size check to handle commit or nil objects.
## 9.5.7 (2017-10-03)
- No changes.
## 9.5.6 (2017-09-29)
- [FIXED] Show group tab if member lock is enabled.
## 9.5.5 (2017-09-18)
- [FIXED] Fixes activation of project mirror when new project is created. !2756
- [FIXED] Geo - Whitelist LFS requests to download objects on a secondary node. !2758
- [FIXED] Fix unsetting credentials data for pull mirrors. !2810
- [FIXED] Fix a regression breaking projects with an empty import URL. !2824
- [FIXED] Fix a 500 error in the SSH host keys lookup action. !2827
- [FIXED] Ensure #route_setting is available before calling it. !2908
- [FIXED] Fix branch name regex not saving in /admin/push_rule config.
- [FIXED] Fix the gap in approvals in merge request widget.
- [FIXED] Fix merges not working when project is not licensed for squash.
- Don't put the password in the SSH remote if using public-key authentication. !2837
## 9.5.4 (2017-09-06)
- [FIXED] Validate branch name push rule when pushing branch without commits. !2685
## 9.5.3 (2017-09-03)
- [FIXED] Check if table exists before loading the current license. !2783
- [FIXED] Extend early adopters feature set.
## 9.5.2 (2017-08-28)
- [FIXED] Fix LDAP backwards-compatibility when using "method" or when "verify_certificates" is not defined. !2690
- [FIXED] Geo - Count projects where wiki sync failed in node status page.
## 9.5.1 (2017-08-23)
- [FIXED] Fix url for object store artifacts.
- [CHANGED] Ensure all database queries are routed through the database load balancer when load balancing is enabled
. !2707
## 9.5.0 (2017-08-22)
- [FIXED] Fix Copy to Clipboard for SSH Public Key on Pull Repository settings. !2692
- [FIXED] Enable mirror repository button.
- [FIXED] Create system notes only if issue was successfully related.
- [FIXED] Fix issue boards focus button not being visible to guest users.
- Namespace license checks Audit Events & Admin Audit Log. !2326
- Namespace license checks for Repository Mirrors. !2328
- Automatically link kerberos users to LDAP people. !2405
- Implement SSH public-key support for repository mirroring. !2423
- Shows project names for commits in elasticsearch global search. !2434
- Add admin application setting to allow group owners to manage LDAP. !2529
- Geo - Selectively choose which namespaces to replicate in DR. !2533
- Support variables on Trigger API for Cross-project pipeline. !2557
- Allow excluding sidekiq queues from execution in sidekiq-cluster. !2571
- Ensure artifacts are moved locally within the filesystem to prevent timeouts. !2572
- Audit failed login events. !2587
- Spread load across all nodes in an elasticsearch cluster. !2625
- Improves handling of stuck imports. !2628
- Improves handling of the mirror threshold. !2671
- Allow artifacts access with job_token parameter or CI_JOB_TOKEN header.
- Add initial Groups/Billing and Profile/Billing routing and template.
- Fix rebase from fork when upstream has protected branches.
- Present Related Issues add badge only when user can manage related issues (previously when user could edit issue).
- clean up merge request widget UI.
- Make contextual sidebar collapsible.
- Fix accessing individual files on Object Storage.
- Fix rebase button when merge request is created from a fork.
- Skip oAuth authorization for trusted applications.
## 9.4.7 (2017-10-16)
- [SECURITY] Prevent Related Issues from leaking confidential issues.
- Fix when pushing without a branch name. !2879
- Escape user name in filtered search bar.
## 9.4.6 (2017-09-06)
- [FIXED] Validate branch name push rule when pushing branch without commits. !2685
## 9.4.5 (2017-08-14)
- Ensure artifacts are moved locally within the filesystem to prevent timeouts. !2572
- Fix rebase from fork when upstream has protected branches.
- Present Related Issues add badge only when user can manage related issues (previously when user could edit issue).
- Fix accessing individual files on Object Storage.
## 9.4.4 (2017-08-09)
- No changes.
## 9.4.3 (2017-07-31)
- Present Related Issues widget for logged-out users when available.
## 9.4.2 (2017-07-28)
- Adds lower bound to pull mirror scheduling feature. !2366
- Add warning and option toggle when rebuilding authorized_keys. !2508
- Fix CSS for mini graph with downstream pipeline.
- Renamed board to boards in new project sidebar.
- Fix Rebasing not working with Merge Requests.
- Fixed issue boards focus mode when new navigation is turned on.
## 9.4.1 (2017-07-25)
- Cleans up mirror capacity in project destroy service if project is a scheduled mirror. !2445
- Fixes unscoping of imposed capacity limit by find_each method on Mirror scheduler. !2460
- Remove text underline from suggested approvers.
## 9.4.0 (2017-07-22)
- GeoLogCursor is part of a new experimental Geo replication system. !1988
- Add explicit licensing for Elasticsearch. !2108
- Add namespace license checks for Service Desk (EEP). !2109
- Add environment scope to secret variables to specify environments. !2112
- Namespace license checks for exporting issues (EES). !2164
- Retry Elasticsearch queries on failure. !2181
- Introduce namespace license checks for rebase before merge. !2200
- Geo: fix removal of repositories from disk on secondary nodes. !2210
- Add license checks for brundown charts. !2219
- Add namespace license checks for squash before merge. !2249
- Namespace license checks for fast-forward merge (EES). !2272
- Empty repository mirror no longer creates master branch with README automatically. !2276
- Introduce namespace licensing for issue weights (EES). !2291
- Add namespace license checks for Contribution Analytics. !2302
- Add license checks for focus mode on the issue board. !2303
- Add license checks for issue boards with milestones. !2315
- Add license checks for multiple issue boards. !2317
- Geo: Fix clone instructions in a secondary node for SSH protocol. !2319
- Namespace license checks Issue & MR template. !2321
- Introduce namespace license checks for merge request approvers (EES). !2324
- Introduce namespace license checks for Push Rules (EES). !2335
- Geo: Implement alternative to geo_{primary|secondary}_role in gitlab.yml. !2352
- Geo: Added extra SystemCheck checks. !2354
- Implement progressive elasticsearch indexing for project mirrors. !2393
- Fix undefined method quote when database load balancing is used. !2430
- Improve the performance of the project list API. !12679
- fix approver placeholder icon in ie11.
- Add public API for listing, creating and deleting Related Issues.
- All artifacts are now browsable.
- Escape symbols in exported CSV columns to prevent command execution in Microsoft Excel.
- Geo - Fix RepositorySyncService when cannot obtain a lease to sync a repository.
- Prevent mirror user to be assigned to users other than the current one.
- Geo - Makes the projects synchronization faster on secondaries nodes.
- Only show the LDAP sync banner on first login.
- Enable service desk be default.
- Fix creation of push rules via POST API.
- Fix Geo middleware to work properly with multiple requests.
- [GitLab.com only] Add Slack applicationq service.
- Speed up checking for approvers when approvers are specified on the MR.
- Allows manually adding bi-directional relationships between issues in the issue page (EES feature).
- Add Geo repository renamed event log.
- Merge states to allow realtime with deploy boards.
- Fix 500 error when approvals are enabled and editing an MR conflicts with another edit.
- add toggle for overriding approvers per MR.
- Add optional sha param when approving a merge request through the API.
- Allow updating shared_runners_minutes_limit on admin Namespace API.
- Allow to Store Artifacts on Object Storage.
- Adding support for AWS ec2 instance profile credentials with elasticsearch. (Matt Gresko)
- Fixed edit issue boards milestone action buttons not sticking to bottom of dropdown.
- Respect the external user setting in Elasticsearch.
## 9.3.11 (2017-09-06)
- [FIXED] Validate branch name push rule when pushing branch without commits. !2685
- Prevent mirror user to be assigned to users other than the current one.
## 9.3.10 (2017-08-09)
- No changes.
## 9.3.9 (2017-07-20)
- No changes.
## 9.3.8 (2017-07-19)
- Escape symbols in exported CSV columns to prevent command execution in Microsoft Excel.
- Prevent mirror user to be assigned to users other than the current one.
## 9.3.7 (2017-07-18)
- No changes.
## 9.3.6 (2017-07-12)
- Geo: Fix clone instructions in a secondary node for SSH protocol. !2319
- Implement progressive elasticsearch indexing for project mirrors. !2393
## 9.3.5 (2017-07-05)
- Make admin mirror application setting GitLab.com exclusive. !2307
- Make Geo::RepositorySyncService force create a repo.
## 9.3.4 (2017-07-03)
- Update gitlab-shell to 5.1.1 to fix Post Recieve errors
## 9.3.3 (2017-06-30)
- Add metrics to both remote and non remote mirroring. !2118
- Forces import worker with mirror to insert mirror in front of queue. !2231
- Fix locked and stale SSH keys file from 9.3.0 upgrade. !2240
- Fix crash in LDAP sync when user was removed. !2289
- allow rebase for unapproved merge requests.
- Geo - Fix path_with_namespace for instances of Geo::DeletedProject.
## 9.3.2 (2017-06-27)
- Fix GitLab check: Problem with Elastic Search. !2278
## 9.3.1 (2017-06-26)
- Geo: fix removal of repositories from disk on secondary nodes. !2210
- Fix Geo middleware to work properly with multiple requests.
## 9.3.0 (2017-06-22)
- Per user/group access levels for Protected Tags. !1629
- Add a user's memberships when logging in through LDAP. !1819
- Add server-wide Audit Log admin screen. !1852
- Move pull mirroring to adaptive scheduling. !1853
- Create a push rule to check the branch name. !1896 (Riccardo Padovani)
- Add shared_runners_minutes_limit to groups and users API. !1942
- Compare codeclimate artifacts on the merge request page. !1984
- Lookup users by email in LDAP if lookup by DN fails during sync. !2003
- Update mirror_user for project when mirror_user is deleted. !2013 (Athar Hameed)
- Geo: persist clone url prefix in the database. !2015
- Geo: prevent Gitlab::Git::Repository::NoRepository from stucking replication. !2115
- Geo: fixed Dynamic Backoff strategy that was not being used by workers. !2128
- [Elasticsearch] Improve code search for camel case.
- Fixed header being over issue boards when in focus mode.
- Fix: Approvals not reset if changing target branch.
- Fix bug where files over 2 GB would not be saved in Geo tracking DB.
- Add primary node clone URL to Geo secondary 'How to work faster with Geo' popover.
- Fix broken time sync leeway with Geo.
- Gracefully handle case when Geo secondary does not have the right db_key_base.
- Use the current node configuration to populate suggested new URL for Geo node.
- Check if a merge request is approved when merging from API or slash command.
- Add closed_at field to issue CSV export.
- Geo - Properly set tracking database connection and cron jobs on secondary nodes.
- Add push events to Geo event log.
- fix Rebase being disabled for unapproved MRs.
- Fix approvers dropdown when creating a merge request from a fork.
- Add relation between Pipelines.
- Allow to Trigger Pipeline using CI Job Token.
- Allow to view Personal pipelines quota.
- Geo - Use GeoNode#clone_url_prefix for the Geo::RepositorySyncService.
- Elasticsearch searches through the project description.
- Fix: /unassign by default unassigns everyone. Implement /reassign command.
- Speed up checking for approvers remaining.
## 9.2.10 (2017-08-09)
- No changes.
## 9.2.9 (2017-07-20)
- No changes.
## 9.2.8 (2017-07-19)
- Escape symbols in exported CSV columns to prevent command execution in Microsoft Excel.
- Prevent mirror user to be assigned to users other than the current one.
## 9.2.7 (2017-06-21)
- Geo: fixed Dynamic Backoff strategy that was not being used by workers. !2128
- fix Rebase being disabled for unapproved MRs.
## 9.2.6 (2017-06-16)
- Geo: backported fix from 9.3 for big repository sync issues. !2000
- Geo - Properly set tracking database connection and cron jobs on secondary nodes.
- Fix approvers dropdown when creating a merge request from a fork.
- Fixed header being over issue boards when in focus mode.
- Fix bug where files over 2 GB would not be saved in Geo tracking DB.
## 9.2.5 (2017-06-07)
- No changes.
## 9.2.4 (2017-06-02)
- No changes.
- No changes.
## 9.2.3 (2017-05-31)
- No changes.
- No changes.
- Respect the external user setting in Elasticsearch.
## 9.2.2 (2017-05-25)
- No changes.
## 9.2.1 (2017-05-23)
- No changes.
## 9.2.0 (2017-05-22)
- Stop using sidekiq cron for push mirrors. !1616
- Inline RSS button with Export Issues button for mobile. !1637
- Highlight Contribution Analytics tab under groups when active, remove sub-nav items. !1677
- Uses etag polling for deployboards. !1713
- Support more elasticsearch versions. !1716
- Support advanced search queries using elasticsearch. !1770
- Remove superfluous wording on push rules. !1811
- Geo - Fix signing out from secondary node when "Remember me" option is checked. !1903
- Add global wiki search using Elasticsearch.
- Remove warning about protecting Service Desk email from form.
- Geo: Resync repositories that have been updated recently.
- Respect project features when searching alternative branches with elasticsearch enabled.
- Backfill projects where the last attempt to backfill failed.
- Fix MR approvals sentence when all approvers need to approve the MR.
- Fix for XSS in project mirror errors caused by Hamlit filter usage.
- Feature availability check using feature list AND license addons.
- Disable mirror workers for Geo secondaries.
## 9.1.10 (2017-08-09)
- No changes.
## 9.1.9 (2017-07-20)
- No changes.
## 9.1.8 (2017-07-19)
- Escape symbols in exported CSV columns to prevent command execution in Microsoft Excel.
- Prevent mirror user to be assigned to users other than the current one.
## 9.1.7 (2017-06-07)
- No changes.
## 9.1.6 (2017-06-02)
- No changes.
## 9.1.5 (2017-05-31)
- Respect the external user setting in Elasticsearch.
## 9.1.4 (2017-05-12)
- Remove warning about protecting Service Desk email from form.
- Backfill projects where the last attempt to backfill failed.
## 9.1.3 (2017-05-05)
- No changes.
- No changes.
- No changes.
- Respect project features when searching alternative branches with elasticsearch enabled.
- Fix for XSS in project mirror errors caused by Hamlit filter usage.
## 9.1.2 (2017-05-01)
- No changes.
- No changes.
- No changes.
- Fix commit search on some elasticsearch indexes. !1745
- Fix emailing issues to projects when Service Desk is enabled.
- Fix bug where Geo secondary Sidekiq cron jobs would not be activated if settings changed.
## 9.1.1 (2017-04-26)
- No changes.
## 9.1.0 (2017-04-22)
- Fix rake gitlab:env:info elasticsearch datum. !1422
- Fix 500 errors caused by elasticsearch results referencing garbage-collected commits. !1430
- Adds timeout option to push mirrors. !1439
- elasticsearch: Add support for an experimental repository indexer. !1483
- Update color palette to a more harmonious and consistent one. !1500
- Cache Gitlab::Geo queries. !1507
- Add Service Desk feature. !1508
- Fix pre-receive hooks when using Git 2.11 or later. !1525
- Geo: Add support to sync avatars and attachments. !1562
- Fix Elasticsearch not working when URL ends with a forward slash. !1566
- Allow admins to perform global searches with Elasticsearch. !1578
- Periodically persists users activity to users.last_activity_on. !1597
- Removes duplicate count of LFS objects from repository_and_lfs_size method. !1599
- Fix searching notes and snippets as an auditor. !1674
- Fix searching for notes with elasticsearch when a user is a member of many projects. !1675
- Fix type declarations for spend/estimate values.
- Speed up suggested approvers on MR creation.
- Fix squashing MRs when the repository contains a ref named HEAD.
- Fix approver count reset when editing assignee or labels.
- Geo: handle git failures on GeoRepositoryFetchWorker.
- Give each elasticsearch worker its own sidekiq queue.
- Fixes broken link to pipeline quota.
- Prevent filtering issues by multiple Milestones or Authors.
- Fix 500 error when selecting a mirror user.
- Add index to approvals.merge_request_id.
- Added mock data for Deployboard.
- Add uuid to usage ping.
- Expose board project and milestone on boards API.
- Fix active user count to ignore internal users.
- Add warning when burndown data is not accurate.
- Check if incoming emails and email key are available for service desk.
- Add burndown chart to milestones.
- Make deployboard to be visible by default.
- Add a Rake task to make the current node the primary Geo node.
- Return 404 instead of a 500 error on API status endpoint if Geo tracking DB is not enabled.
- Remove N+1 queries for Groups::AnalyticsController.
- Show user cohorts data when usage ping is enabled.
- Visualise Canary Deployments.
## 9.0.13 (2017-08-09)
- No changes.
## 9.0.12 (2017-07-20)
- No changes.
## 9.0.11 (2017-07-19)
- Escape symbols in exported CSV columns to prevent command execution in Microsoft Excel.
- Prevent mirror user to be assigned to users other than the current one.
## 9.0.10 (2017-06-07)
- No changes.
## 9.0.9 (2017-06-02)
- No changes.
## 9.0.8 (2017-05-31)
- Respect the external user setting in Elasticsearch.
## 9.0.7 (2017-05-05)
- Respect project features when searching alternative branches with elasticsearch enabled.
- Fix for XSS in project mirror errors caused by Hamlit filter usage.
## 9.0.6 (2017-04-21)
- Cache Gitlab::Geo queries. !1507
- Fix searching for notes with elasticsearch when a user is a member of many projects. !1675
- Fix 500 error when selecting a mirror user.
- Fix active user count to ignore internal users.
## 9.0.5 (2017-04-10)
- Return 404 instead of a 500 error on API status endpoint if Geo tracking DB is not enabled.
## 9.0.4 (2017-04-05)
- No changes.
## 9.0.3 (2017-04-05)
- Allow to edit pipelines quota for user.
- Fixed label resetting when sorting by weight. (James Clark)
- Fixed issue boards milestone toggle text not updating when filtering.
- Fixed mirror user dropdown not displaying.
## 9.0.2 (2017-03-29)
- No changes.
## 9.0.1 (2017-03-28)
- No changes.
## 9.0.0 (2017-03-22)
- Geo: Replicate repository creation in Geo secondary node. !952
- Make approval system notes lowercase. !1125
- Issues can be exported as CSV, via email. !1126
- Try to update mirrors again after 15 minutes if the previous update failed. !1183
- Adds abitlity to render deploy boards in the frontend side. !1233
- Add filtered search to MR page. !1243
- Update project list API returns with approvals_before_merge attribute. !1245 (Geoff Webster)
- Catch Net::LDAP::DN exceptions in EE::Gitlab::Auth::LDAP::Group. !1260
- API: Use ` post ":id/#{type}/:subscribable_id/subscribe"` to subscribe and ` post ":id/#{type}/:subscribable_id/unsubscribe"` to unsubscribe from a resource. !1274 (Robert Schilling)
- API: Remove deprecated fields Notes#upvotes and Notes#downvotes. !1275 (Robert Schilling)
- Deploy board backend. !1278
- API: Remove the ProjectGitHook API. !1301 (Robert Schilling)
- Expose elasticsearch client params for AWS signing and HTTPS. !1305 (Matt Gresko)
- Fix LDAP DN case-mismatch bug in LDAP group sync. !1337
- Remove es6 file extension from JavaScript files. !1344 (winniehell)
- Geo: Don't load dependent models when fetching an existing GeoNode from the database. !1348
- Parallelise the gitlab:elastic:index_database Rake task. !1361
- Robustify reading attributes for elasticsearch. !1365
- Introduce one additional thread into bin/elastic_repo_indexer. !1372
- Show hook errors for fast-forward merges. !1375
- Allow all parameters of group webhooks to be set through the UI. !1376
- Fix Elasticsearch queries when a group_id is specified. !1423
- Check the right index mapping based on Rails environment for rake gitlab:elastic:add_feature_visiblity_levels_to_project. !1473
- Fix issues with another milestone that has a matching list label could not be added to a board.
- Only admins or group owners can set LDAP overrides.
- Add support for load balancing database queries.
- Only replace non-approval mr-widget-footer on getMergeStatus.
- Remove repository_storage from V4 "/application/settings" settings API.
- Added headers to protected branches access dropdowns.
- Remove support for Git Annex.
- Repositioned multiple issue boards selector.
- Added back weight in issue rows on issue list.
- Add basic support for GitLab Geo file transfers over HTTP.
- Added weight slash command.
- Set deployment status invalid when the environments does not match a k8s label.
- Combined deploy keys, push rules, protect branches and mirror repository settings options into a single one called Repository.
- Rebase - fix commiter email & name.
- Adds a EE specific dev favicon.
- Elastic security fix: Respect feature visibility level.
- Update Elasticsearch to 5.1.
- [Elasticsearch] More efficient search.
- Get Geo secondaries nodes statuses over AJAX.
## 8.17.8 (2017-08-09)
- No changes.
## 8.17.7 (2017-07-19)
- Prevent mirror user to be assigned to users other than the current one.
## 8.17.6 (2017-05-05)
- Respect project features when searching alternative branches with elasticsearch enabled.
## 8.17.5 (2017-04-05)
- No changes.
## 8.17.4 (2017-03-19)
- Elastic security fix: Respect feature visibility level.
## 8.17.3 (2017-03-07)
- No changes.
## 8.17.2 (2017-03-01)
- No changes.
## 8.17.1 (2017-02-28)
- Fix admin email notification recipient group select list.
- Add repository_storage field back to projects API for admin users.
- Don't try to update a project's external service caches on a secondary Geo node.
- Fixed merge request state not updating when approvals feature is active.
- Improve error messages when squashing fails.
## 8.17.0 (2017-02-22)
- Read-only "auditor" user role. !998
- Also reset approvals on push when merge request is closed. !1051
- Copy commit SHA to clipboard. !1066
- Pull EE specific Gitlab::Auth code in to its own module. !1112
- Geo: Added ` gitlab:geo:check` and improved ` gitlab:envinfo` rake tasks. !1120
- Geo: send the new event type with the backfill function. !1157
- Re-add removed params from projects and issues V3 API. !1209
- Add configurable minimum mirror sync time in admin section. !1217
- Move RepositoryUpdateRemoteMirrorWorker jobs to project_mirror Sidekiq queue. !1234
- Change Builds word to Pipelines in Mirror settings page.
- Fix bundle tag in anaytics page.
- Support v4 API for GitLab Geo endpoints.
- Fixed merge request environment link not displaying.
- Reduce queries needed to check if node is a primary or secondary Geo node.
- Allow squashing merge requests into a single commit.
## 8.16.9 (2017-04-05)
- No changes.
## 8.16.8 (2017-03-19)
- No changes.
- No changes.
- No changes.
- Elastic security fix: Respect feature visibility level.
## 8.16.7 (2017-02-27)
- Fixed merge request state not updating when approvals feature is active.
## 8.16.6 (2017-02-17)
- Geo: send the new event type with the backfill function. !1157
- Move RepositoryUpdateRemoteMirrorWorker jobs to project_mirror Sidekiq queue. !1234
- Fixed merge request environment link not displaying.
- Reduce queries needed to check if node is a primary or secondary Geo node.
- Read true-up info from license and validate it. !1159
## 8.16.5 (2017-02-14)
- No changes.
## 8.16.4 (2017-02-02)
- Disable all merge acceptance buttons pending MR approval.
## 8.16.3 (2017-01-27)
- Fix sidekiq cluster mishandling of queue names. !1117
## 8.16.2 (2017-01-25)
- Track Mattermost usage in usage ping. !1071
- Fix count of required approvals displayed on MR edit form. !1082
- Fix updating approvals count when editing an MR. !1106
- Don't try to show assignee in approved_merge_request_email if there's no assignee.
## 8.16.1 (2017-01-23)
- No changes.
## 8.16.0 (2017-01-22)
- Allow to limit shared runners minutes quota for group. !965
- About GitLab link in sidebar that links to help page. !1008
- Prevent 500 error when uploading/entering a blank license. !1016
- Add more push rules to the API. !1022 (Robert Schilling)
- Expose issue weight in the API. !1023 (Robert Schilling)
- Copy <some text> to clipboard. !1048
## 8.15.8 (2017-03-19)
- No changes.
- No changes.
- Elastic security fix: Respect feature visibility level.
## 8.15.7 (2017-02-15)
- No changes.
## 8.15.6 (2017-02-14)
- No changes.
## 8.15.5 (2017-01-20)
- No changes.
## 8.15.4 (2017-01-09)
- No changes.
## 8.15.3 (2017-01-06)
- Disable LDAP permission override in project members edit list.
- Perform only one fetch per push on Geo secondary nodes.
## 8.15.2 (2016-12-27)
- No changes.
- Fix ES search for non-default branches.
## 8.15.1 (2016-12-23)
- Fix 404/500 error while navigating to the 'show/destroy' pages. !993
## 8.15.0 (2016-12-22)
- Adds a check ensure only active, ie. non-blocked users can be emailed from the admin panel.
- Add user activities API.
- Add milestone total weight to the milestone summary.
- Allow master/owner to change permission levels when LDAP group sync is enabled. !822
- Geo: Improve project view UI to teach users how to clone from a secondary Geo node and push to a primary. !905
- Technical debt follow-up from restricting pushes / merges by group. !927
- Geo: Enables nodes to be removed even without proper license. !978
- Update validates_hostname to 1.0.6 to fix a bug in parsing hexadecimal-looking domain names. !982
## 8.14.10 (2017-02-15)
- No changes.
## 8.14.9 (2017-02-14)
- No changes.
## 8.14.8 (2017-01-25)
- No changes.
## 8.14.7 (2017-01-21)
- No changes.
## 8.14.6 (2017-01-10)
- No changes.
## 8.14.5 (2016-12-14)
- Add milestone total weight to the milestone summary.
## 8.14.4 (2016-12-08)
- No changes.
## 8.14.3 (2016-12-02)
- No changes.
## 8.14.2 (2016-12-01)
- No changes.
## 8.14.1 (2016-11-28)
- Fix: MergeRequestSerializer breaks on MergeRequest#rebase_dir_path when source_project doesn't exist anymore.
## 8.14.0 (2016-11-22)
- Added Backfill service for Geo. !861
- Fix for autosuggested approvers(https://gitlab.com/gitlab-org/gitlab-ee/issues/1273).
- Gracefully recover from previously failed rebase.
- Disable retries for remote mirror update worker. !848
- Fix Approvals API documentation.
- Add ability to set approvals_before_merge for project through the API.
- gitlab:check rake task checks ES version according to requirements
- Convert ASCII-8BIT LDAP DNs to UTF-8 to avoid unnecessary user deletions
- [Fix] Only owner can see "Projects" button in group edit menu
## 8.13.12 (2017-01-21)
- No changes.
## 8.13.11 (2017-01-10)
- No changes.
## 8.13.10 (2016-12-14)
- No changes.
## 8.13.9 (2016-12-08)
- No changes.
## 8.13.8 (2016-12-02)
- No changes.
## 8.13.7 (2016-11-28)
- No changes.
## 8.13.6 (2016-11-17)
- Disable retries for remote mirror update worker. !848
- Fixed cache clearing on secondary Geo nodes. !869
- Geo: fix a problem that prevented git cloning from secondary node. !873
## 8.13.5 (2016-11-08)
- No changes
## 8.13.4 (2016-11-07)
- Weight dropdown in issue filter form does not stay selected. !826
## 8.13.3 (2016-11-02)
- No changes
## 8.13.2 (2016-10-31)
- Don't pass a current user to Member#add_user in LDAP group sync. !830
## 8.13.1 (2016-10-25)
- Hide multiple board actions if user doesnt have permissions. !816
- Fix Elasticsearch::Transport::Transport::Errors::BadRequest when ES is enabled. !818
## 8.13.0 (2016-10-22)
- Cache the last usage data to avoid unicorn timeouts
- Add user activity table and service to query for active users
- Fix 500 error updating mirror URLs for projects
- Restrict protected branch access to specific groups !645
- Fix validations related to mirroring settings form. !773
- Add multiple issue boards. !782
- Fix Git access panel for Wikis when Kerberos authentication is enabled (Borja Aparicio)
- Decrease maximum time that GitLab waits for a mirror to finish !791 (Borja Aparicio)
- User groups (that can be assigned as approvers)
- Fix a search for non-default branches when ES is enabled
- Re-organized the Sidekiq queues for EE specific workers
## 8.12.12 (2016-12-08)
- No changes.
## 8.12.11 (2016-12-02)
- No changes.
## 8.12.10 (2016-11-28)
- No changes.
## 8.12.9 (2016-11-07)
- No changes
## 8.12.8 (2016-11-02)
- No changes
## 8.12.7
- No EE-specific changes
## 8.12.6
- No EE-specific changes
## 8.12.5
- No EE-specific changes
## 8.12.4
- [ES] Indexer works with smaller batches of repositories to not exceed NOFILE limit. !774
## 8.12.3
- Fix prevent_secrets checkbox on admin view
## 8.12.2
- Fix bug when protecting a branch due to missing url paramenter in request !760
- Ignore unknown project ID in RepositoryUpdateMirrorWorker
## 8.12.1
- Prevent secrets to be pushed to the repository
- Prevent secrets to be pushed to the repository
## 8.12.0 (2016-09-22)
- Include more data in EE usage ping
- Reduce UPDATE queries when moving between import states on projects
- [ES] Instrument Elasticsearch::Git::Repository
- Request only the LDAP attributes we need
- Add 'Sync now' to group members page !704
- Add repository size limits and enforce them !740
- [ES] Instrument other Gitlab::Elastic classes
- [ES] Fix: Elasticsearch does not find partial matches in project names
- Faster Active Directory group membership resolution !719
- [ES] Global code search
- [ES] Improve logging
- Fix projects with remote mirrors asynchronously destruction
## 8.11.11 (2016-11-07)
- No changes
## 8.11.10 (2016-11-02)
- No changes
## 8.11.9
- No EE-specific changes
## 8.11.8
- No EE-specific changes
## 8.11.7
- Refactor Protected Branches dropdown. !687
- Fix mirrored projects allowing empty import urls. !700
## 8.11.6
- Exclude blocked users from potential MR approvers.
## 8.11.5
- API: Restore backward-compatibility for POST /projects/:id/members when membership is locked
## 8.11.4
- No EE-specific changes
## 8.11.3
- [ES] Add logging to indexer
- Fix missing EE-specific service parameters for Jenkins CI
- Set the correct ` GL_PROTOCOL` when rebasing !691
- [ES] Elasticsearch workers checks ES settings before running
## 8.11.2
- Additional documentation on protected branches for EE
- Change slash commands docs location
## 8.11.1
- Pulled due to packaging error.
## 8.11.0 (2016-08-22)
- Allow projects to be moved between repository storages
- Add rake task to remove old repository copies from repositories moved to another storage
- Performance improvement of push rules
- Temporary fix for #825 - LDAP sync converts access requests to members. !655
- Optimize commit and diff changes access check to reduce git operations
- Allow syncing a group against all providers at once
- Change LdapGroupSyncWorker to use new LDAP group sync classes
- Allow LDAP ` sync_ssh_keys` setting to be set to ` true`
- Removed unused GitLab GEO database index
- Restrict protected branch access to specific users !581
- Enable monitoring for ES classes
- [Elastic] Improve code search
- [Elastic] Significant improvement of global search performance
- [Fix] Push rules check existing commits in some cases
- [ES] Limit amount of retries for sidekiq jobs
- Fix Projects::UpdateMirrorService to allow tags pointing to blob objects
## 8.10.12
- No EE-specific changes
## 8.10.11
- No EE-specific changes
## 8.10.10
- No EE-specific changes
## 8.10.9
- Exclude blocked users from potential MR approvers.
## 8.10.8
- No EE-specific changes
## 8.10.7
- No EE-specific changes
## 8.10.6
- Fix race condition with UpdateMirrorWorker Lease. !641
## 8.10.5
- Used cached value of project count in ` Elastic::RepositoriesSearch` to reduce DB load. !637
## 8.10.4
- Fix available users in userselect dropdown when there is more than one userselect on the page. !604 (Rik de Groot)
- Fix updating skipped approvers in search list on removal. !604 (Rik de Groot)
## 8.10.3
- Fix regression in Git Annex permission check. !599
- [Elastic] Fix commit search for some URLs. !605
- [Elastic][Fix] Commit search breaks for some URLs on gitlab-ce project
## 8.10.2
- Fix pagination on search result page when ES search is enabled. !592
- Decouple an ES index update from ` RepositoryUpdateMirrorWorker`. !593
- Fix broken ` user_allowed?` check in Git Annex push. !597
## 8.10.1
- No EE-specific changes
## 8.10.0 (2016-07-22)
- Add EE license usage ping !557
- Rename Git Hooks to Push Rules
- Fix EE keys fingerprint add index migration if came from CE
- Add todos for MR approvers !547
- Replace LDAP group sync exclusive lease with state machine
- Prevent the author of an MR from being on the approvers list
- Isolate EE LDAP library code in EE module (Part 1) !511
- Make Elasticsearch indexer run as an async task
- Fix of removing wiki data from index when project is deleted
- Ticket-based Kerberos authentication (SPNEGO)
- [Elastic] Suppress ActiveRecord::RecordNotFound error in ElasticIndexWorker
## 8.9.10
- No EE-specific changes
## 8.9.9
- No EE-specific changes
## 8.9.8
- No EE-specific changes
## 8.9.7
- No EE-specific changes
## 8.9.6
- Avoid adding index for key fingerprint if it already exists. !539
## 8.9.5
- Fix of quoted text in lock tooltip. !518
## 8.9.4
- Improve how File Lock feature works with nested items. !497
## 8.9.3
- Fix encrypted data backwards compatibility after upgrading attr_encrypted gem. !502
- Fix creating MRs on forks of deleted projects. !503
- Roll back Grack::Auth to fix Git HTTP SPNEGO. !504
## 8.9.2
- [Elastic] Fix visibility of snippets when searching.
## 8.9.1
- Improve Geo documentation. !431
- Fix remote mirror stuck on started issue. !491
- Fix MR creation from forks where target project has approvals enabled. !496
- Fix MR edit where target project has approvals enabled. !496
- Fix vertical alignment of git-hooks page. !499
## 8.9.0 (2016-06-22)
- Fix JenkinsService test button
- Fix nil user handling in UpdateMirrorService
- Allow overriding the number of approvers for a merge request
- Allow LDAP to mark users as external based on their group membership. !432
- Instrument instance methods of Gitlab::InsecureKeyFingerprint class
- Add API endpoint for Merge Request Approvals !449
- Send notification email when merge request is approved
- Distribute RepositoryUpdateMirror jobs in time and add exclusive lease on them by project_id
- [Elastic] Move ES settings to application settings
- Always allow merging a merge request whenever fast-forward is possible. !454
- Disable mirror flag for projects without import_url
- UpdateMirror service return an error status when no mirror
- Don't reset approvals when rebasing an MR from the UI
- Show flash notice when Git Hooks are updated successfully
- Remove explicit Gitlab::Metrics.action assignments, are already automatic.
- [Elastic] Project members with guest role can't access confidential issues
- Ability to lock file or folder in the repository
- Fix: Git hooks don't fire when committing from the UI
## 8.8.9
- No EE-specific changes
## 8.8.8
- No EE-specific changes
## 8.8.7
- No EE-specific changes
## 8.8.6
- [Elastic] Fix visibility of snippets when searching.
## 8.8.5
- Make sure OAuth routes that we generate for Geo matches with the ones in Rails routes !444
## 8.8.4
- Remove license overusage message
## 8.8.3
- Add standard web hook headers to Jenkins CI post. !374
- Gracefully handle malformed DNs in LDAP group sync. !392
- Reduce load on DB for license upgrade check. !421
- Make it clear the license overusage message is visible only to admins. !423
- Fix Git hook validations for fast-forward merges. !427
- [Elastic] In search results, only show notes on confidential issues that the user has access to.
## 8.8.2
- Fix repository mirror updates for new imports stuck in started
- [Elastic] Search through the filenames. !409
- Fix repository mirror updates for new imports stuck in "started" state. !416
## 8.8.1
- No EE-specific changes
## 8.8.0 (2016-05-22)
- [Elastic] Database indexer prints its status
- [Elastic][Fix] Database indexer skips projects with invalid HEAD reference
- Fix skipping pages when restoring backups
- Add EE license via API !400
- [Elastic] More efficient snippets search
- [Elastic] Add rake task for removing all indexes
- [Elastic] Add rake task for clearing indexing status
- [Elastic] Improve code search
- [Elastic] Fix encoding issues during indexing
- Warn admin if current active count exceeds license
- [Elastic] Search through the filenames
- Set KRB5 as default clone protocol when Kerberos is enabled and user is logged in (Borja Aparicio)
- Add support for Admin Groups to SAML
- Reduce emails-on-push HTML size by using a simple monospace font
- API requests to /internal/authorized_keys are now tagged properly
- Geo: Single Sign Out support !380
## 8.7.9
- No EE-specific changes
## 8.7.8
- [Elastic] Fix visibility of snippets when searching.
## 8.7.7
- No EE-specific changes
## 8.7.6
- Bump GitLab Pages to 0.2.4 to fix Content-Type for predefined 404
## 8.7.5
- No EE-specific changes
## 8.7.4
- Delete ProjectImportData record only if Project is not a mirror !370
- Fixed typo in GitLab GEO license check alert !379
- Fix LDAP access level spillover bug !499
## 8.7.3
- No EE-specific changes
## 8.7.2
- Fix MR notifications for slack and hipchat when approvals are fullfiled. !325
- GitLab Geo: Merge requests on Secondary should not check mergeable status
## 8.7.1
- No EE-specific changes
## 8.7.0 (2016-04-22)
- Update GitLab Pages to 0.2.1: support user-defined 404 pages
- Refactor group sync to pull access level logic to its own class. !306
- [Elastic] Stabilize database indexer if database is inconsistent
- Add ability to sync to remote mirrors. !249
- GitLab Geo: Many replication improvements and fixes !354
## 8.6.9
- No EE-specific changes
## 8.6.8
- No EE-specific changes
## 8.6.7
- No EE-specific changes
## 8.6.6
- Concat AD group recursive member results with regular member results. !333
- Fix LDAP group sync regression for groups with member value ` uid=<username> `. !335
- Don't attempt to include too large diffs in e-mail-on-push messages (Stan Hu). !338
## 8.6.5
- No EE-specific changes
## 8.6.4
- No EE-specific changes
## 8.6.3
- Fix other cases where git hooks would fail due to old commits. !310
- Exit ElasticIndexerWorker's job happily if record cannot be found. !311
- Fix "Reload with full diff" button not working (Stan Hu). !313
## 8.6.2
- Fix old commits triggering git hooks on new branches branched off another branch. !281
- Fix issue with deleted user in audit event (Stan Hu). !284
- Mark pending todos as done when approving a merge request. !292
- GitLab Geo: Display Attachments from Primary node. !302
## 8.6.1
- Only rename the ` light_logo` column in the ` appearances` table if its not there yet. !290
- Fix diffs in text part of email-on-push messages (Stan Hu). !293
- Fix an issue with methods not accessible in some controllers. !295
- Ensure Projects::ApproversController inherits from Projects::ApplicationController. !296
## 8.6.0 (2016-03-22)
- Handle duplicate appearances table creation issue with upgrade from CE to EE
- Add confidential issues
- Improve weight filter for issues
- Update settings and documentation for per-install LDAP sync time
- Fire merge request webhooks when a merge request is approved
- Add full diff highlighting to Email on push
- Clear "stuck" mirror updates before periodically updating all mirrors
- LDAP: Don't render Linked LDAP groups forms when LDAP is disabled
- [Elastic] Add elastic checker to gitlab:check
- [Elastic] Added UPDATE_INDEX option to rake task
- [Elastic] Removing repository and wiki index after removing project
- [Elastic] Update index on push to wiki
- [Elastic] Use subprocesses for ElasticSearch index jobs
- [Elastic] More accurate as_indexed_json (More stable database indexer)
- [Elastic] Fix: Don't index newly created system messages and awards
- [Elastic] Fixed exception on branch removing
- [Elastic] Fix bin/elastic_repo_indexer to follow config
- GitLab Geo: OAuth authentication
- GitLab Geo: Wiki synchronization
- GitLab Geo: ReadOnly Middleware improvements
- GitLab Geo: SSH Keys synchronization
- Allow SSL verification to be configurable when importing GitHub projects
- Disable git-hooks for git annex commits
## 8.5.13
- No EE-specific changes
## 8.5.12
- No EE-specific changes
## 8.5.11
- Fix vulnerability that made it possible to enumerate private projects belonging to group
## 8.5.10
- No EE-specific changes
## 8.5.9
- No EE-specific changes
## 8.5.8
- GitLab Geo: Documentation
## 8.5.7
- No EE-specific changes
## 8.5.6
- No EE-specific changes
## 8.5.5
- GitLab Geo: Repository synchronization between primary and secondary nodes
- Add documentation for GitLab Pages
- Fix importing projects from GitHub Enterprise Edition
- Fix syntax error in init file
- Only show group member roles if explicitly requested
- GitLab Geo: Improve GeoNodes Admin screen
- GitLab Geo: Avoid locking yourself out when adding a GeoNode
## 8.5.4
- [Elastic][Security] Notes exposure
## 8.5.3
- Prevent LDAP from downgrading a group's last owner
- Update gitlab-elastic-search gem to 0.0.11
## 8.5.2
- Update LDAP groups asynchronously
- Fix an issue when weight text was displayed in Issuable collapsed sidebar
## 8.5.2
- Fix importing projects from GitHub Enterprise Edition.
## 8.5.1
- Fix adding pages domain to projects in groups
## 8.5.0 (2016-02-22)
- Fix Elasticsearch blob results linking to the wrong reference ID (Stan Hu)
- Show warning when mirror repository default branch could not be updated because it has diverged from upstream.
- More reliable wiki indexer
- GitLab Pages gets support for custom domain and custom certificate
- Fix of Elastic indexer. It should not trigger record validation for projects
- Fix of Elastic indexer. Stabilze indexer when serialized data is corrupted
- [Elastic] Don't index unnecessary data into elastic
## 8.4.11
- No EE-specific changes
## 8.4.10
- No EE-specific changes
## 8.4.9
- Fix vulnerability that made it possible to enumerate private projects belonging to group
## 8.4.8
- No EE-specific changes
## 8.4.7
- No EE-specific changes
## 8.4.6
- No EE-specific changes
## 8.4.5
- Update LDAP groups asynchronously
## 8.4.4
- Re-introduce "Send email to users" link in Admin area
- Fix category values for Jenkins and JenkinsDeprecated services
- Fix Elasticsearch indexing for newly added snippets
- Make Elasticsearch indexer more stable
- Update gitlab-elasticsearch-git to 0.0.10 which contain a few important fixes
## 8.4.3
- Elasticsearch: fix partial blob indexing on push
- Elasticsearch: added advanced indexer for repositories
- Fix Mirror User dropdown
## 8.4.2
- Elasticsearch indexer performance improvements
- Don't redirect away from Mirror Repository settings when repo is empty
- Fix updating of branches in mirrored repository
- Fix a 500 error preventing LDAP users with 2FA enabled from logging in
- Rake task gitlab:elastic:index_repositories handles errors and shows progress
- Partial indexing of repo on push (indexing changes only)
## 8.4.1
- No EE-specific changes
## 8.4.0 (2016-01-22)
- Add ability to create a note for user by admin
- Fix "Commit was rejected by git hook", when max_file_size was set null in project's Git hooks
- Fix "Approvals are not reset after a new push is made if the request is coming from a fork"
- Fix "User is not automatically removed from suggested approvers list if user is deleted"
- Add option to enforce a semi-linear history by only allowing merge requests to be merged that have been rebased
- Add option to trigger builds when branches or tags are updated from a mirrored upstream repository
- Ability to use Elasticsearch as a search engine
## 8.3.10
- No EE-specific changes
## 8.3.9
- No EE-specific changes
## 8.3.8
- Fix vulnerability that made it possible to enumerate private projects belonging to group
## 8.3.7
- No EE-specific changes
## 8.3.6
- No EE-specific changes
## 8.3.5
- No EE-specific changes
## 8.3.4
- No EE-specific changes
## 8.3.3
- Fix undefined method call in Jenkins integration service
## 8.3.2
- No EE-specific changes
## 8.3.1
- Rename "Group Statistics" to "Contribution Analytics"
## 8.3.0 (2015-12-22)
- License information can now be retrieved via the API
- Show Kerberos clone url when Kerberos enabled and url different than HTTP url (Borja Aparicio)
- Fix bug with negative approvals required
- Add group contribution analytics page
- Add GitLab Pages
- Add group contribution statistics page
- Automatically import Kerberos identities from Active Directory when Kerberos is enabled (Alex Lossent)
- Canonicalization of Kerberos identities to always include realm (Alex Lossent)
## 8.2.6
- No EE-specific changes
## 8.2.5
- No EE-specific changes
## 8.2.4
- No EE-specific changes
## 8.2.3
- No EE-specific changes
## 8.2.2
- Fix 404 in redirection after removing a project (Stan Hu)
- Ensure cached application settings are refreshed at startup (Stan Hu)
- Fix Error 500 when viewing user's personal projects from admin page (Stan Hu)
- Fix: Raw private snippets access workflow
- Prevent "413 Request entity too large" errors when pushing large files with LFS
- Ensure GitLab fires custom update hooks after commit via UI
## 8.2.1
- Forcefully update builds that didn't want to update with state machine
- Fix: saving GitLabCiService as Admin Template
## 8.2.0 (2015-11-22)
- Invalidate stored jira password if the endpoint URL is changed
- Fix: Page is not reloaded periodically to check if rebase is finished
- When someone as marked as a required approver for a merge request, an email should be sent
- Allow configuring the Jira API path (Alex Lossent)
- Fix "Rebase onto master"
- Ensure a comment is properly recorded in JIRA when a merge request is accepted
- Allow groups to appear in the ` Share with group` share if the group owner allows it
- Add option to mirror an upstream repository.
## 8.1.4
- Fix bug in JIRA integration which prevented merge requests from being accepted when using issue closing pattern
## 8.1.3
- Fix "Rebase onto master"
## 8.1.2
- Prevent a 500 error related to the JIRA external issue tracker service
## 8.1.1
- Removed, see 8.1.2
## 8.1.0 (2015-10-22)
- Add documentation for "Share project with group" API call
- Added an issues template (Hannes Rosenögger)
- Add documentation for "Share project with group" API call
- Ability to disable 'Share with Group' feature (via UI and API)
## 8.0.6
- No EE-specific changes
## 8.0.5
- "Multi-project" and "Treat unstable builds as passing" parameters for
the Jenkins CI service are now correctly persisted.
- Correct the build URL when "Multi-project" is enabled for the Jenkins CI
service.
## 8.0.4
- Fix multi-project setup for Jenkins
## 8.0.3
- No EE-specific changes
## 8.0.2
- No EE-specific changes
## 8.0.1
- Correct gem dependency versions
- Re-add the "Help Text" feature that was inadvertently removed
## 8.0.0 (2015-09-22)
- Fix navigation issue when viewing Group Settings pages
- Guests and Reporters can approve merge request as well
- Add fast-forward merge option in project settings
- Separate rebase & fast-forward merge features
## 7.14.3
- No changes
## 7.14.2
- Fix the rebase before merge feature
## 7.14.1
- Fix sign in form when just Kerberos is enabled
## 7.14.0 (2015-08-22)
- Disable adding, updating and removing members from a group that is synced with LDAP
- Don't send "Added to group" notifications when group is LDAP synched
- Fix importing projects from GitHub Enterprise Edition.
- Automatic approver suggestions (based on an authority of the code)
- Add support for Jenkins unstable status
- Automatic approver suggestions (based on an authority of the code)
- Support Kerberos ticket-based authentication for Git HTTP access
## 7.13.3
- Merge community edition changes for version 7.13.3
- Improved validation for an approver
- Don't resend admin email to everyone if one delivery fails
- Added migration for removing of invalid approvers
## 7.13.2
- Fix group web hook
- Don't resend admin email to everyone if one delivery fails
## 7.13.1
- Merge community edition changes for version 7.13.1
- Fix: "Rebase before merge" doesn't work when source branch is in the same project
## 7.13.0 (2015-07-22)
- Fix git hook validation on initial push to master branch.
- Reset approvals on push
- Fix 500 error when the source project of an MR is deleted
- Ability to define merge request approvers
## 7.12.2
- Fixed the alignment of project settings icons
## 7.12.1
- No changes specific to EE
## 7.12.0 (2015-06-22)
- Fix error when viewing merge request with a commit that includes "Closes #<issue id>".
- Enhance LDAP group synchronization to check also for member attributes that only contain "uid=<username>"
- Enhance LDAP group synchronization to check also for submember attributes
- Prevent LDAP group sync from removing a group's last owner
- Add Git hook to validate maximum file size.
- Project setting: approve merge request by N users before accept
- Support automatic branch jobs created by Jenkins in CI Status
- Add API support for adding and removing LDAP group links
## 7.11.4
- no changes specific to EE
## 7.11.3
- Fixed an issue with git annex
## 7.11.2
- Fixed license upload and verification mechanism
## 7.11.0 (2015-05-22)
- Skip git hooks commit validation when pushing new tag.
- Add Two-factor authentication (2FA) for LDAP logins
## 7.10.1
- Check if comment exists in Jira before sending a reference
## 7.10.0 (2015-04-22)
- Improve UI for next pages: Group LDAP sync, Project git hooks, Project share with groups, Admin -> Appearance settigns
- Default git hooks for new projects
- Fix LDAP group links page by using new group members route.
- Skip email confirmation when updated via LDAP.
## 7.9.0 (2015-03-22)
- Strip prefixes and suffixes from synced SSH keys:
` SSHKey:ssh-rsa keykeykey` and ` ssh-rsa keykeykey (SSH key)` will now work
- Check if LDAP admin group exists before querying for user membership
- Use one custom header logo for all GitLab themes in appearance settings
- Escape wildcards when searching LDAP by group name.
- Group level Web Hooks
- Don't allow project to be shared with the group it is already in.
## 7.8.0 (2015-02-22)
- Improved Jira issue closing integration
- Improved message logging for Jira integration
- Added option of referencing JIRA issues from GitLab
- Update Sidetiq to 0.6.3
- Added Github Enterprise importer
- When project has MR rebase enabled, MR will have rebase checkbox selected by default
- Minor UI fixes for sidebar navigation
- Manage large binaries with git annex
## 7.7.0 (2015-01-22)
- Added custom header logo support (Drew Blessing)
- Fixed preview appearance bug
- Improve performance for selectboxes: project share page, admin email users page
## 7.6.2
- Fix failing migrations for MySQL, LDAP
## 7.6.1
- No changes
## 7.6.0 (2014-12-22)
- Added Audit events related to membership changes for groups and projects
- Added option to attempt a rebase before merging merge request
- Dont show LDAP groups settings if LDAP disabled
- Added member lock for groups to disallow membership additions on project level
- Rebase on merge request. Introduced merge request option to rebase before merging
- Better message for failed pushes because of git hooks
- Kerberos support for web interface and git HTTP
## 7.5.3
- Only set up Sidetiq from a Sidekiq server process (fixes Redis::InheritedError)
## 7.5.0 (2014-11-22)
- Added an ability to check each author commit's email by regex
- Added an ability to restrict commit authors to existing GitLab users
- Add an option for automatic daily LDAP user sync
- Added git hook for preventing tag removal to API
- Added git hook for setting commit message regex to API
- Added an ability to block commits with certain filenames by regex expression
- Improved a jenkins parser
## 7.4.4
- Fix broken ldap migration
## 7.4.0 (2014-10-22)
- Support for multiple LDAP servers
- Skip AD specific LDAP checks
- Do not show ldap users in dropdowns for groups with enabled ldap-sync
- Update the JIRA integration documentation
- Reset the homepage to show the GitLab logo by deleting the custom logo.
## 7.3.0 (2014-09-22)
- Add an option to change the LDAP sync time from default 1 hour
- User will receive an email when unsubscribed from admin notifications
- Show group sharing members on /my/project/team
- Improve explanation of the LDAP permission reset
- Fix some navigation issues
- Added support for multiple LDAP groups per GitLab group
## 7.2.0 (2014-08-22)
- Improve Redmine integration
- Better logging for the JIRA issue closing service
- Administrators can now send email to all users through the admin interface
- JIRA issue transition ID is now customizable
- LDAP group settings are now visible in admin group show page and group members page
## 7.1.0 (2014-07-22)
- Synchronize LDAP-enabled GitLab administrators with an LDAP group (Marvin Frick, sponsored by SinnerSchrader)
- Synchronize SSH keys with LDAP (Oleg Girko (Jolla) and Marvin Frick (SinnerSchrader))
- Support Jenkins jobs with multiple modules (Marvin Frick, sponsored by SinnerSchrader)
## 7.0.0 (2014-06-22)
- Fix: empty brand images are displayed as empty image_tag on login page (Marvin Frick, sponsored by SinnerSchrader)
## 6.9.4
- Fix bug in JIRA Issue closing triggered by commit messages
- Fix JIRA issue reference bug
## 6.9.3
- Fix check CI status only when CI service is enabled(Daniel Aquino)
## 6.9.2
- Merge community edition changes for version 6.9.2
## 6.9.1
- Merge community edition changes for version 6.9.1
## 6.9.0 (2014-05-22)
- Add support for closing Jira tickets with commits and MR
- Template for Merge Request description can be added in project settings
- Jenkins CI service
- Fix LDAP email upper case bug
## 6.8.0 (2014-04-22)
- Customise sign-in page with custom text and logo
## 6.7.1
- Handle LDAP errors in Adapter#dn_matches_filter?
## 6.7.0 (2014-03-22)
- Improve LDAP sign-in speed by reusing connections
- Add support for Active Directory nested LDAP groups
- Git hooks: Commit message regex
- Git hooks: Deny git tag removal
- Fix group edit in admin area
## 6.6.0 (2014-02-22)
- Permission reset button for LDAP groups
- Better performance with large numbers of users with access to one project
## 6.5.0 (2014-01-22)
- Add reset permissions button to Group#members page
## 6.4.0 (2013-12-22)
- Respect existing group permissions during sync with LDAP group (d3844662ec7ce816b0a85c8b40f66ee6c5ae90a1)
## 6.3.0 (2013-11-22)
- When looking up a user by DN, use single scope (bc8a875df1609728f1c7674abef46c01168a0d20)
- Try sAMAccountName if omniauth nickname is nil (9b7174c333fa07c44cc53b80459a115ef1856e38)
## 6.2.0 (2013-10-22)
- API: expose ldap_cn and ldap_access group attributes
- Use omniauth-ldap nickname attribute as GitLab username
- Improve group sharing UI for installation with many groups
- Fix empty LDAP group raises exception
- Respect LDAP user filter for git access