Merge branch 'master' into ide-file-finder

.use-mysql: &use-mysql

.use-mysql: &use-mysql

  services:

  services:

    - mysql:latest

    - mysql:5.7

    - redis:alpine

    - redis:alpine

.rails5-variables: &rails5-variables

.rails5-variables: &rails5-variables

documentation](doc/development/changelog.md) for instructions on adding your own

documentation](doc/development/changelog.md) for instructions on adding your own

entry.

entry.

## 10.7.0 (2018-04-22)

### Security (6 changes, 2 of them are from the community)

- Fixed some SSRF vulnerabilities in services, hooks and integrations. !2337

- Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0. !17734 (Takuya Noguchi)

- Update rack-protection to 2.0.1. !17835 (Takuya Noguchi)

- Adds confidential notes channel for Slack/Mattermost.

- Fix XSS on diff view stored on filenames.

- Fix GitLab Auth0 integration signing in the wrong user.

### Fixed (65 changes, 20 of them are from the community)

- File uploads in remote storage now support project renaming. !4597

- Fixed bug in dropdown selector when selecting the same selection again. !14631 (bitsapien)

- Fixed group deletion linked to Mattermost. !16209 (Julien Millau)

- Create commit API and Web IDE obey LFS filters. !16718

- Set breadcrumb for admin/runners/show. !17431 (Takuya Noguchi)

- Enable restore rake task to handle nested storage directories. !17516 (Balasankar C)

- Fix hover style of dropdown items in the right sidebar. !17519

- Improve empty state for canceled job. !17646

- Fix generated URL when listing repoitories for import. !17692

- Use singular in the diff stats if only one line has been changed. !17697 (Jan Beckmann)

- Long instance urls do not overflow anymore during project creation. !17717

- Fix importing multiple assignees from GitLab export. !17718

- Correct copy text for the promote milestone and label modals. !17726

- Fix search results stripping last endline when parsing the results. !17777 (Jasper Maes)

- Add read-only banner to all pages. !17798

- Fix viewing diffs on old merge requests. !17805

- Fix forking to subgroup via API when namespace is given by name. !17815 (Jan Beckmann)

- Fix UI breakdown for Create merge request button. !17821 (Takuya Noguchi)

- Unify format for nested non-task lists. !17823 (Takuya Noguchi)

- UX re-design branch items with flexbox. !17832 (Takuya Noguchi)

- Use porcelain commit lookup method on CI::CreatePipelineService. !17911

- Update dashboard milestones breadcrumb link. !17933 (George Tsiolis)

- Deleting a MR you are assigned to should decrements counter. !17951 (m b)

- Update no repository placeholder. !17964 (George Tsiolis)

- Drop JSON response in Project Milestone along with avoiding error. !17977 (Takuya Noguchi)

- Fix personal access token clipboard button style. !17978 (Fabian Schneider)

- Avoid validation errors when running the Pages domain verification service. !17992

- Project creation will now raise an error if a service template is invalid. !18013

- Add better LDAP connection handling. !18039

- Fix autolinking URLs containing ampersands. !18045

- Fix exceptions raised when migrating pipeline stages in the background. !18076

- Always display Labels section in issuable sidebar, even when the project has no labels. !18081 (Branka Martinovic)

- Fixed gitlab:uploads:migrate task ignoring some uploads. !18082

- Fixed gitlab:uploads:migrate task failing for Groups' avatar. !18088

- Increase dropdown width in pipeline graph & center action icon. !18089

- Fix `JobsController#raw` endpoint can not read traces in database. !18101

- Fix `gitlab-rake gitlab:two_factor:disable_for_all_users`. !18154

- Adjust 404's for LegacyDiffNote discussion rendering. !18201

- Work around Prometheus Helm chart name changes to fix integration. !18206 (joshlambert)

- Prioritize weight over title when sorting charts. !18233

- Verify that deploy token has valid access when pulling container registry image. !18260

- Stop redirecting the page in pipeline main actions.

- Fixed IDE button opening the wrong URL in tree list.

- Ensure hooks run when a deploy key without a user pushes.

- Fix 404 in group boards when moving issue between lists.

- Display state indicator for issuable references in non-project scope (e.g. when referencing issuables from group scope).

- Add missing port to artifact links.

- Fix data race between ObjectStorage background_upload and Pages publishing.

- Fixes unresolved discussions rendering the error state instead of the diff.

- Don't show Jump to Discussion button on Issues.

- Fix bug rendering group icons when forking.

- Automatically cleanup stale worktrees and lock files upon a push.

- Use the GitLab version as part of the appearances cache key.

- Fix Firefox stealing formatting characters on issue notes.

- Include matching branches and tags in protected branches / tags count. (Jan Beckmann)

- Fix 500 error when a merge request from a fork has conflicts and has not yet been updated.

- Test if remote repository exists when importing wikis.

- Hide emoji popup after multiple spaces. (Jan Beckmann)

- Fix relative uri when "#" is in branch name. (Jan)

- Escape Markdown characters properly when using autocomplete.

- Ignore project internal references in group context.

- Fix finding wiki file when Gitaly is enabled.

- Fix listing commit branch/tags that contain special characters.

- Ensure internal users (ghost, support bot) get assigned a namespace.

- Fix links to subdirectories of a directory with a plus character in its path.

### Deprecated (1 change)

- Remove support for legacy tar.gz pages artifacts. !18090

### Changed (22 changes, 2 of them are from the community)

- Add yellow favicon when `CANARY=true` to differientate canary environment. !12477

- Use human readable value build_timeout in Project. !17386

- Improved visual styles and consistency for commit hash and possible actions across commit lists. !17406

- Don't create permanent redirect routes. !17521

- Add empty repo check before running AutoDevOps pipeline. !17605

- Update wording to specify create/manage project vs group labels in labels dropdown. !17640

- Add tooltips to icons in lists of issues and merge requests. !17700

- Change avatar error message to include allowed file formats. !17747 (Fabian Schneider)

- Polish design for verifying domains. !17767

- Move email footer info to a single line. !17916

- Add average and maximum summary statistics to the prometheus dashboard. !17921

- Add additional cluster usage metrics to usage ping. !17922

- Move 'Registry' after 'CI/CD' in project navigation sidebar. !18018 (Elias Werberich)

- Redesign application settings to match project settings. !18019

- Allow HTTP(s) when git request is made by GitLab CI. !18021

- Added hover background color to IDE file list rows.

- Make project avatar in IDE consistent with the rest of GitLab.

- Show issues of subgroups in group-level issue board.

- Repository checksum calculation is handled by Gitaly when feature is enabled.

- Allow viewing timings for AJAX requests in the performance bar.

- Fixes remove source branch checkbox being visible when user cannot remove the branch.

- Make /-/ delimiter optional for search endpoints.

### Performance (24 changes, 11 of them are from the community)

- Move AssigneeTitle vue component. !17397 (George Tsiolis)

- Move TimeTrackingCollapsedState vue component. !17399 (George Tsiolis)

- Move MemoryGraph and MemoryUsage vue components. !17533 (George Tsiolis)

- Move UnresolvedDiscussions vue component. !17538 (George Tsiolis)

- Move NothingToMerge vue component. !17544 (George Tsiolis)

- Move ShaMismatch vue component. !17546 (George Tsiolis)

- Stop caching highlighted diffs in Redis unnecessarily. !17746

- Add i18n and update specs for ShaMismatch vue component. !17870 (George Tsiolis)

- Update spec import path for vue mount component helper. !17880 (George Tsiolis)

- Move TimeTrackingComparisonPane vue component. !17931 (George Tsiolis)

- Improves the performance of projects list page. !17934

- Remove N+1 query for Noteable association. !17956

- Improve performance of loading issues with lots of references to merge requests. !17986

- Reuse root_ref_hash for performance on Branches. !17998 (Takuya Noguchi)

- Update asciidoctor-plantuml to 0.0.8. !18022 (Takuya Noguchi)

- Cache personal projects count. !18197

- Reduce complexity of issuable finder query. !18219

- Reduce number of queries when viewing a merge request.

- Free open file descriptors and libgit2 buffers in UpdatePagesService.

- Memoize Git::Repository#has_visible_content?.

- Require at least one filter when listing issues or merge requests on dashboard page.

- lazy load diffs on merge request discussions.

- Bulk deleting refs is handled by Gitaly by default.

- ListCommitsByOid is executed by Gitaly by default.

### Added (38 changes, 7 of them are from the community)

- Add HTTPS-only pages. !16273 (rfwatson)

- adds closed by informations in issue api. !17042 (haseebeqx)

- Projects and groups badges settings UI. !17114

- Add per-runner configured job timeout. !17221

- Add alternate archive route for simplified packaging. !17225

- Add support for pipeline variables expressions in only/except. !17316

- Add object storage support for LFS objects, CI artifacts, and uploads. !17358

- Added confirmation modal for changing username. !17405

- Implement foreground verification of CI artifacts. !17578

- Extend API for exporting a project with direct upload URL. !17686

- Move ci/lint under project's namespace. !17729

- Add Total CPU/Memory consumption metrics for Kubernetes. !17731

- Adds the option to the project export API to override the project description and display GitLab export description once imported. !17744

- Port direct upload of LFS artifacts from EE. !17752

- Adds support for OmniAuth JWT provider. !17774

- Display error message on job's tooltip if this one fails. !17782

- Add 'Assigned Issues' and 'Assigned Merge Requests' as dashboard view choices for users. !17860 (Elias Werberich)

- Extend API for importing a project export with overwrite support. !17883

- Create Deploy Tokens to allow permanent access to repository and registry. !17894

- Detect commit message trailers and link users properly to their accounts on Gitlab. !17919 (cousine)

- Adds cancel btn to new pages domain page. !18026 (Jacopo Beschi @jacopo-beschi)

- API: Add parameter merge_method to projects. !18031 (Jan Beckmann)

- Introduce simpler env vars for auto devops REPLICAS and CANARY_REPLICAS #41436. !18036

- Allow overriding params on project import through API. !18086

- Support LFS objects when importing/exporting GitLab project archives. !18115

- Store sha256 checksum of artifact metadata. !18149

- Limit the number of failed logins when using LDAP for authentication. !43525

- Allow assigning and filtering issuables by ancestor group labels.

- Include subgroup issues when searching for group issues using the API.

- Allow to store uploads by default on Object Storage.

- Add slash command for moving issues. (Adam Pahlevi)

- Render MR commit SHA instead "diffs" when viable.

- Send @mention notifications even if a user has explicitly unsubscribed from item.

- Add support for Sidekiq JSON logging.

- Add Gitaly call details to performance bar.

- Add support for patch link extension for commit links on GitLab Flavored Markdown.

- Allow feature gates to be removed through the API.

- Allow merge requests related to a commit to be found via API.

### Other (27 changes, 11 of them are from the community)

- Send notification emails when push to a merge request. !7610 (YarNayar)

- Rename modal.vue to deprecated_modal.vue. !17438

- Atomic generation of internal ids for issues. !17580

- Use object ID to prevent duplicate keys Vue warning on Issue Boards page during development. !17682

- Update foreman from 0.78.0 to 0.84.0. !17690 (Takuya Noguchi)

- Add realtime pipeline status for adding/viewing files. !17705

- Update documentation to reflect current minimum required versions of node and yarn. !17706

- Update knapsack to 1.16.0. !17735 (Takuya Noguchi)

- Update CI services documnetation. !17749

- Added i18n support for the prometheus memory widget. !17753

- Use specific names for filtered CI variable controller parameters. !17796

- Apply NestingDepth (level 5) (framework/dropdowns.scss). !17820 (Takuya Noguchi)

- Clean up selectors in framework/header.scss. !17822 (Takuya Noguchi)

- Bump `state_machines-activerecord` to 0.5.1. !17924 (blackst0ne)

- Increase the memory limits used in the unicorn killer. !17948

- Replace the spinach test with an rspec analog. !17950 (blackst0ne)

- Remove unused index from events table. !18014

- Make all workhorse gitaly calls opt-out, take 2. !18043

- Update brakeman 3.6.1 to 4.2.1. !18122 (Takuya Noguchi)

- Replace the `project/issues/labels.feature` spinach test with an rspec analog. !18126 (blackst0ne)

- Bump html-pipeline to 2.7.1. !18132 (@blackst0ne)

- Remove test_ci rake task. !18139 (Takuya Noguchi)

- Add documentation for Pipelines failure reasons. !18352

- Improve JIRA event descriptions.

- Add query counts to profiler output.

- Move Sidekiq exporter logs to log/sidekiq_exporter.log.

- Upgrade Gitaly to upgrade its charlock_holmes.

## 10.6.4 (2018-04-09)

## 10.6.4 (2018-04-09)

### Fixed (8 changes, 1 of them is from the community)

### Fixed (8 changes, 1 of them is from the community)

- Type: ~"feature proposal", ~bug, ~customer, etc.

- Type: ~"feature proposal", ~bug, ~customer, etc.

- Subject: ~wiki, ~"container registry", ~ldap, ~api, ~frontend, etc.

- Subject: ~wiki, ~"container registry", ~ldap, ~api, ~frontend, etc.

- Team: ~"CI/CD", ~Discussion, ~Edge, ~Platform, etc.

- Team: ~"CI/CD", ~Discussion, ~Edge, ~Platform, etc.

- Priority: ~Deliverable, ~Stretch, ~"Next Patch Release"

- Milestone: ~Deliverable, ~Stretch, ~"Next Patch Release"

All labels, their meaning and priority are defined on the

All labels, their meaning and priority are defined on the

[labels page][labels-page].

[labels page][labels-page].

Team labels are always capitalized so that they show up as the first label for

Team labels are always capitalized so that they show up as the first label for

any issue.

any issue.

### Priority labels (~Deliverable, ~Stretch, ~"Next Patch Release")

### Milestone labels (~Deliverable, ~Stretch, ~"Next Patch Release")

Priority labels help us clearly communicate expectations of the work for the

Milestone labels help us clearly communicate expectations of the work for the

release. There are two levels of priority labels:

release. There are three levels of Milestone labels:

- ~Deliverable: Issues that are expected to be delivered in the current

- ~Deliverable: Issues that are expected to be delivered in the current

  milestone.

  milestone.

or ~"Stretch". Any open issue for a previous milestone should be labeled 

or ~"Stretch". Any open issue for a previous milestone should be labeled 

~"Next Patch Release", or otherwise rescheduled to a different milestone.

~"Next Patch Release", or otherwise rescheduled to a different milestone.

### Severity labels (~S1, ~S2, etc.)

### Bug Priority labels (~P1, ~P2, ~P3 & etc.)

Bug Priority labels help us define the time a ~bug fix should be completed. Priority determines how quickly the defect turnaround time must be. If there are multiple defects, the priority decides which defect has to be fixed immediately versus later.

This label documents the planned timeline & urgency which is used to measure against our actual SLA on delivering ~bug fixes.

| Label | Meaning         | Estimate time to fix                                             | Guidance |

|-------|-----------------|------------------------------------------------------------------|----------|

| ~P1   | Urgent Priority | The current release                                              |  |

| ~P2   | High Priority   | The next release                                                 |  |

| ~P3   | Medium Priority | Within the next 3 releases (approx one quarter)                  |  |

| ~P4   | Low Priority    | Anything outside the next 3 releases (approx beyond one quarter) | The issue is prominent but does not impact user workflow and a workaround is documented  |

#### Specific Priority guidance

| Label | Availability / Performance                                   | 

|-------|--------------------------------------------------------------|

| ~P1   |                                                              | 

| ~P2   | The issue is (almost) guaranteed to occur in the near future |  

| ~P3   | The issue is likely to occur in the near future              |

| ~P4   | The issue _may_ occur but it's not likely                    |

### Bug Severity labels (~S1, ~S2, ~S3 & etc.)

Severity labels help us clearly communicate the impact of a ~bug on users. 

Severity labels help us clearly communicate the impact of a ~bug on users. 

| Label | Meaning                                  | Example |

| Label | Meaning           | Impact of the defect                                  | Example |

|-------|------------------------------------------|---------|

|-------|-------------------|-------------------------------------------------------|---------|

| ~S1   | Feature broken, no workaround            | Unable to create an issue |

| ~S1   | Blocker           | Outage, broken feature with no workaround             | Unable to create an issue. Data corruption/loss. Security breach. |

| ~S2   | Feature broken, workaround unacceptable  | Can push commits, but only via the command line |

| ~S2   | Critical Severity | Broken Feature, workaround too complex & unacceptable | Can push commits, but only via the command line. |

| ~S3   | Feature broken, workaround acceptable    | Can create merge requests only from the Merge Requests page, not through the Issue |

| ~S3   | Major Severity    | Broken Feature, workaround acceptable                 | Can create merge requests only from the Merge Requests page, not through the Issue. |

| ~S4   | Cosmetic issue                           | Label colors are incorrect / not being displayed |       

| ~S4   | Low Severity      | Functionality inconvenience or cosmetic issue         | Label colors are incorrect / not being displayed. |

#### Specific Severity guidance

| Label | Security Impact                                                   | 

|-------|-------------------------------------------------------------------|

| ~S1   | >50% customers impacted (possible company extinction level event) | 

| ~S2   | Multiple customers impacted (but not apocalyptic)                 |  

| ~S3   | A single customer impacted                                        |

| ~S4   | No customer impact, or expected impact within 30 days             |

### Label for community contributors (~"Accepting Merge Requests")

### Label for community contributors (~"Accepting Merge Requests")

0.95.0

0.96.1

Copyright (c) 2011-2017 GitLab B.V.

Copyright GitLab B.V.

With regard to the GitLab Software:

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

Permission is hereby granted, free of charge, to any person obtaining a copy

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

copies of the Software, and to permit persons to whom the Software is

furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

all copies or substantial portions of the Software.

 No newline at end of file

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

THE SOFTWARE.

For all third party components incorporated into the GitLab Software, those 

components are licensed under the original license provided by the owner of the 

applicable component.

 No newline at end of file