CHANGELOG.md 774 KB
Newer Older
1 2 3
**Note:** This file is automatically generated. Please see the [developer
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
Felipe's avatar
Felipe committed
4

5 6 7 8
## 13.1.3 (2020-07-06)

- No changes.

9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
## 13.1.2 (2020-07-01)

### Security (18 changes)

- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.


33 34 35 36 37 38 39 40 41 42 43 44 45 46
## 13.1.1 (2020-06-23)

### Fixed (4 changes)

- Fix missing templating vars set from URL in metrics dashboard. !34668
- Fix edit status dropdown overflow. !34847
- Load user before logging git http-requests. !34923
- Do not mask key comments for DeployKeys. !35014

### Added (1 change)

- Periodically recompute project authorizations. !34071


47 48 49 50 51 52 53
## 13.0.10 (2020-07-09)

### Fixed (1 change)

- Fix gitlab:*:check Rake tasks. !35944


54 55 56 57
## 13.0.9 (2020-07-06)

- No changes.

58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
## 13.0.8 (2020-07-01)

### Security (18 changes)

- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.


82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
## 13.0.7 (2020-06-25)

### Fixed (7 changes)

- Group authorization refresh to consider shared groups. !31204
- Fix Value Stream Analytics summary when using non-english locale. !33717
- Fix bug with variable substitution in alerts. !33772
- Fix relative URL root in wiki_base_path. !33841
- Adjust wrong column reference for ResetMergeStatus (background job). !33899
- Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup. !34657
- Load user before logging git http-requests. !34923

### Added (2 changes)

- Provide `__range` variable for Prometheus queries. !33521
- Periodically recompute project authorizations. !34071


100 101 102 103
## 13.0.6 (2020-06-10)

- No changes.

104 105 106 107 108 109 110
## 13.0.4 (2020-06-03)

### Security (1 change)

- Prevent fetching repository code with unauthorized ci token.


111 112 113 114 115 116 117 118 119 120 121 122 123 124
## 13.0.3 (2020-05-29)

### Fixed (8 changes, 1 of them is from the community)

- Fixed redirection to project snippets. !32530
- Fix Geo replication for design thumbnails. !32703
- Fix 404s downloading build artifacts. !32741
- Fix Auto DevOps manual rollout jobs not being allowed to fail. !32865
- Update deprecated routes in irker integration. !32923 (Marc Jeanmougin)
- Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062
- Fix issue and MR API performance regression when Markdown cache is stale. !33235
- Fix close issue when user created the issue. !33294


125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
## 13.0.1 (2020-05-27)

### Security (12 changes)

- Add an extra validation to Static Site Editor payload.
- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.


143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711
## 13.0.0 (2020-05-22)

### Removed (20 changes, 5 of them are from the community)

- Remove project routes that were deprecated before 12.1. !26808
- Drop x-y-stable version pinning for Secure templates. !29603
- Remove logs from the admin pages. !30485
- Remove deprecated /admin/application_settings redirect. !30532
- Drop support for License-Management CI template. !30645
- Remove deprecated InfluxDB. !30786
- Remove deprecated Release Evidence endpoints. !30975
- Remove deprecated Release Evidence endpoints documentation. !30978
- Drop support for `license_management` artifact. !31247
- Remove deprecated container scanning report parser. !31294
- Remove rake task `gitlab:track_deployment`. !31404
- Remove token attribute from Runners API. !31448
- Remove support for Ruby format variable interpolation (`%{variable}`) in custom dashboards. !31581
- Remove JenkinsDeprecatedService. !31607 (tnwx)
- Remove ruby_memory_bytes metric, duplicate of ruby_process_resident_memory_bytes. !31705
- Remove project_list_show_mr_count feature flag. !31789 (Gilang Gumilar)
- Remove project_list_show_issue_count feature flag. !31793 (Gilang Gumilar)
- Remove set_user_last_activity feature flag. !31795 (Gilang Gumilar)
- Remove registrations_recaptcha feature flag. !31797 (Gilang Gumilar)
- Remove deprecated Sidekiq rake tasks.

### Fixed (171 changes, 54 of them are from the community)

- Allow public access to pipeline schedules. !20806 (Lee Tickett)
- Add user last_activity logging in GraphQL. !23063
- Render TestReport parsing errors back to pipeline test summary. !24188
- Add user popovers to system notes. !24241
- Fix missing RSS feed events. !28054
- Resolve Text for future Release date grammatically incorrect. !28075
- Fix number of approvals given calculation. !28293 (Steffen Köhler)
- Always display new subgroup button when permission is granted. !28309 (Mattias Michaux)
- Correct the permission according to docs. !28657
- Fix duplicated activity and events on deletion of tag. !28861 (Sashi Kumar)
- Fix init.d script to correctly set web server PID. !29164
- Honor per_page in Search API. !29197
- fix: use the source project to generate commit links for un-persisted merge requests. !29243 (Chieh-Min Wang)
- Fix display of some overflowing merge request diffs. !29267
- Move prepend to last line in helper files. !29327 (Rajendra Kadam)
- Prevent duplicate tooltips when hovering over status emoji in comments. !29356
- Update Elastic Stack chart to 2.0.0 to support kubernetes 1.16. !29601
- Fix minor spacing issue at Snippet blob viewer. !29625 (Karthick Venkatesan)
- Eliminate errors in wiki controller during edit. !29645
- Fixed copy as GFM not copying upload links. !29683
- Bump max search depth from 2 to 4 when looking for files SAST analyzers can handle. !29732
- Move snippet raw_url attribute to base entity. !29776
- Return content from repo in snippet raw endpoint. !29781
- Return file name from repo in snippet endpoints. !29785
- Propagation of service templates also covers services with separate data tables. !29805
- Fix bug in personal snippets when somebody is mentioned. !29835 (Sashi Kumar)
- Embed metrics charts for both /metrics and /metrics_dashboard routes. !29838
- Fix admin mode access on GraphiQL controller. !29845 (Diego Louzán)
- Exclude html entities from haml lint. !29847 (Lee Tickett)
- Fixed JS error for anonymous views of a snippet. !29854
- Destroy Dropzone hidden input when form is destroyed. !29882
- Move prepend to last line in lib/gitlab files. !29938 (Rajendra)
- Match Jira keys with trailing characters. !29953
- Fixed Cancel action on Snippet edit for existing snippets. !29993
- Warn user before losing wiki content. !30037
- Move prepend to last line in lib/gitlab files. !30070 (Rajendra Kadam)
- Fix an issue where the Search dropdown results would not be clickable. !30087 (mbergeron)
- Capture all errors when updating repository storage. !30119
- Move alert management behind a feature flag. !30133
- Fix bug when services appear active even though they are not. !30160
- Fix moving an issue when there is a group reference. !30185
- Move prepend to last line in lib/gitlab files. !30194 (Rajendra Kadam)
- Move prepend to last line in lib/gitlab files. !30289 (Rajendra Kadam)
- Move prepend to last line in lib/gitlab files. !30291 (Rajendra Kadam)
- Set NULL `lock_version` values to 0 for CI objects. !30305
- Fix errors creating project with active Prometheus service template. !30340
- Add Activity icons for Wiki updated and destroyed events. !30349
- Gracefully handle orphaned member invites. !30355
- Fix incorrect commits number in commits list. !30412
- Fix second 500 error with NULL restricted visibility levels. !30414
- Move prepend to last line in ee/services. !30425 (Rajendra Kadam)
- Add LFS badge feature flag to RefsController#logs_tree. !30442
- Fix mirror repos docs link. !30443
- Added right margin to Clone Snippet button. !30471
- Fix blob link for the code search. !30473
- Use Jira import owner as the issue author when importing issues from Jira. !30504
- Correctly count wiki pages in sidebar. !30508
- Stretch heatmap metrics full column size. !30524
- Upgrade Unicorn to v5.5.1. !30541
- Avoid copying diffs as Markdown tables. !30572
- Fixes overlapping tooltips when clicking copy buttons. !30622
- Fix 500 error for non-existing snippet on graphql mutations. !30632 (Sashi Kumar)
- Change validation rules for profile email addresses. !30633
- Set timeout for Google OAuth to prevent 503 error. !30653
- Remove extra sleep when obtaining exclusive lease. !30654
- Fix GitLab CI/CD Scala template. !30667
- Fix checkmark position on dropdowns. !30685
- Remove Visibility from terraform widget. !30737
- Use migration bot user in snippet migration. !30762
- Fix discard button not showing for new empty files in Web IDE. !30767
- Disable schema dumping after migrations in production. !30812
- Fix mapping group membets as Jira issues authors/assignees. !30820
- Align styling of snippet search results. !30837
- Move daily create users statistics cronjob to CE. !30843
- Fixed alignment of Snippet Clone copy buttons. !30897
- Increase constrast ratio of text in some tables. !30903
- Ignore .gitattributes if they contain invalid byte sequences. !30922
- Fix bug in Snippet BlobViewer GraphQL definition. !30927
- Fix layout in issue view, on large screen some buttons were misaligned. !30947 (Michele (macno) Azzolari)
- Fix error renaming files using web IDE. !30969
- Handle Snippet file name errors in backfill. !30981
- Correctly track the store that external MR diffs are placed on. !31005
- Fix duplicate index removal on ci_pipelines.project_id. !31043
- Update recursive-open-struct to 1.1.1 to make it compatible with ruby 2.7. !31047
- Revert CODEOWNERS validation of Web requests in diff check. !31087
- Wrap wiki blob search result in its own object. !31155
- Allow multiple usage of EE extension/inclusion on last lines. !31183 (Rajendra Kadam)
- Fix 500 error loading environments index. !31184
- Fix 500 on creating an invalid domains and verification. !31190
- Fix redirect loop on .com when 2FA is required. !31229
- Fix regression and allow SCIM to create SAML identity. !31238
- Fix incorrect number of errors returned when querying sentry errors. !31252
- Fix RST rendering hanging on large files. !31287
- Trim whitespace in directory names in the Web IDE. !31305
- Fix 'not enough data' in Value Stream Analytics when low median values are returned. !31315
- Add tooltip to container registry tags last update column. !31317
- Fix Istio broken Istio metrics installation. !31382
- Link to subgroup milestones correctly from group milestones page. !31383
- Remove kwargs from storage move worker. !31412
- Make edit board text sentence case. !31418
- Katex render and vscode output improvements for markdown. !31433 (Reinhold Gschweicher <[email protected]>)
- Fix overwrite check in GitLab import/export. !31439
- Fix API requests for branch names ending in .txt. !31446 (Daniel Stone)
- Avoid repository size checkings in snippet migrations for migration bot. !31473
- Use iso 8601 timestamp format in metrics dashboard annotations graphql resource to assure multi browser compatibility. !31474
- In WebIDE get files with relative path instead of web_url. !31478
- Fix snippet migration when user has invalid info. !31488
- Add elipsis to container registry tag name. !31584
- Add instance column to services table if it's missing. !31631
- Fix issue with broken images in Web IDE markdown. !31638
- Fixes bug where variables were not protected by default when using the correct CI/CD admin setting. !31655
- Decode dashboard_path when creating annotations. !31665
- Fix "how to checkout MR" help link. !31688
- Fixed redirection when deleting a project snippet. !31709
- Fix templates API endpoint when project name has dots. !31758
- Remove detection of file in Dependency Scanning template. !31819
- Move prepend to last line in app models. !31826 (Rajendra Kadam)
- Move prepend to last line in app models 2. !31827 (Rajendra Kadam)
- Move prepend to last line in app models 3. !31829 (Rajendra Kadam)
- Move include_if_ee to last line in ee/app 1. !31832 (Rajendra Kadam)
- Restore original sort order of the metrics dashboard select list. !31859
- Fix Snippet update error bug losing changes. !31873
- Replace the outdated link. !31874 (Renamoo)
- Replace let! with let_it_be in user api spec. !31901 (Rajendra Kadam)
- Replace let! with let_it_be in merge request spec. !31909 (Rajendra Kadam)
- angelog Replace let! with let_it_be in pipelines spec. !31916 (Rajendra Kadam)
- Fix public metrics dashboard visibility bug. !31925
- Add nested file detection for Dependency Scanning. !31932
- Add class stubs and fix leaky constant cop alert. !31938 (Rajendra Kadam)
- Add class stubs and fix leaky constant alert in content whitelist spec. !31946 (Rajendra Kadam)
- Fix broken heading of Vue 3 migration guide doc. !31951 (Gilang Gumilar)
- Add class stubs and fix leaky constant alert in query recorder spec. !31954 (Rajendra Kadam)
- Fix no scroll when overflow in IDE right pane. !31961
- Fix leaky constant cop issue in clone dashboard service spec. !31962 (Rajendra Kadam)
- Stub class constant in resolve discussion spec. !31965 (Rajendra Kadam)
- Fix leaky constant issue in upgrade progress service check. !31969 (Rajendra Kadam)
- Clear merge request error on push to source branch. !32001
- Allow only users with `adminNote` permission to edit the design note. !32035
- Fix leaky constant issue in retry build service check. !32038 (Rajendra Kadam)
- Fix leaky constant issue in env assignment spec. !32040 (Rajendra Kadam)
- Fix leaky constant issue in statistics api spec. !32042 (Rajendra Kadam)
- Fix leaky constant issue in merge request policy spec. !32044 (Rajendra Kadam)
- Fix leaky constant issue in tree spec. !32045 (Rajendra Kadam)
- Fix leaky constant issue in mentionable spec. !32049 (Rajendra Kadam)
- Fix leaky constant issue in json serialization spec. !32051 (Rajendra Kadam)
- Fix leaky constant issue in cluster spec. !32053 (Rajendra Kadam)
- Fix bug in Groups API when statistics are requested in an unauthenticated API call. !32057
- Fix leaky constant issue in nulls pt2 spec. !32058 (Rajendra Kadam)
- Fix leaky constant issue in application settings encrypt spec. !32066 (Rajendra Kadam)
- Fix leaky constant issue in system check spec. !32080 (Rajendra Kadam)
- Fix leaky constant issue in simple executor spec. !32082 (Rajendra Kadam)
- Fix leaky constant issue in jwt spec. !32093 (Rajendra Kadam)
- Update android template. !32096
- Fix leaky constant issue in factory spec. !32099 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware spec. !32101 (Rajendra Kadam)
- Fix leaky constant issue connection, master check and attr config spec. !32144 (Rajendra Kadam)
- Fix updating of Markdown fields when Markdown cache version is incremented. !32219
- Fix incorrect regex used in FileUploader#extract_dynamic_path. !32271
- Improve responses in the snippet create/update API endpoints. !32282
- Send Devise emails triggered from the 'Email' model asynchronously. !32286
- Re-enable negative filters for Boards. !32348
- Fix missing space character in alert header. !32395
- Fix display of embedded snippets. !32411 (Jan Beckmann)
- Fixed redirection to project snippets. !32530
- Rake task gitlab:cleanup:orphan_lfs_files should clear the cached value or repository size. !32541
- Fixed enabled merge button incorrectly showing to users who can't merge.
- Fixed misaligned avatar in commit discussion form.
- Fixed cancel reply button not alerting the user.
- Fixes commit message emojis not rendering in Vue file list.
- Fix logging of username in /jwt/auth.
- Fixes branch name not getting escaped correctly on frontend.

### Deprecated (2 changes)

- Deprecate /plugins directory. !29678
- Implement external database checker in dashboard controller. !30389

### Changed (121 changes, 42 of them are from the community)

- Support limits for offset based pagination. !28460
- Redirect issues routes under /-/ scope. !28655
- Add Fluentd into cluster apps page. !28847
- Disallow developers to delete builds of protected branches. !28881 (Alexander Kutelev)
- Store status of repository storage moves. !29095
- Update the example regex in the image expiration policy UI. !29348
- Add WAF and Cilium Log column for Fluentd table. !29457
- Update Fluentd model to support multiple logs. !29458
- Add Cilium to Fluentd UI controls on the Cluster Application page. !29511
- Use alerts instead of toasts in Image Repository details. !29685
- Avoid commit when snippet file_name and content are not present. !29761
- Recreate foreign key in project settings to use nullify instead of cascade. !29767
- Surface alerts add sidebar link. !29775
- Make setting alerts on the monitoring dashboard available to GitLab Core users. !29789
- Keep latest artifact for each ref. !29802
- Change placeholder in search input for Analytics features. !29858 (Gilang Gumilar)
- Test Jira connection before running import. !29926
- Remove snippet file_name from snippet lists. !29937
- Add new keep regex to expiration policy settings ui. !29940
- Alert management can user enable. !30024
- Expose the updated_at attribute in the todos API. !30035
- Update GitLab-managed helm from 2.16.3 to 2.16.6, improving the reliability of GitLab's Kubernetes integration. !30067
- Show correct label and count on Jira import form. !30072
- Copy pipelines routing under - scope. !30159
- Return validation errors for invalid pod name or container name when viewing pod logs. !30165 (Sashi Kumar)
- Move global autocomplete routes to /-/ scope. !30173
- Update the cancel comment note text to a less ambiguous statement. !30189
- Use stricter regex for broadcast target path. !30210
- Change wording of merge request threads counter. !30217
- Indicate topics are optional. !30264 (Ben Bodenmiller)
- Rename Client Side Evaluation to Live Preview. !30309
- Decouple partial clone config from max input size. !30354 (Son Luong Ngoc)
- Update managed jupyter chart to 0.9.0 (stable). !30393
- Hide broadcast messages until the end of the period. !30432
- Add severity icons for alert management. !30472
- Move to supported Elastic helm charts. !30528
- Updated snippet view to show path instead of name for a blob. !30550
- Handle possible RSA key exceptions when generating CI_JOB_JWT. !30702
- Update sidebar packages name. !30712
- Update cron job schedule to have a random time generated on page load. !30729
- Migrate Container-Scanning template to rules syntax. !30775
- Migrate DAST CI template to rules syntax. !30776
- Migrate License-Scanning CI template to rules syntax. !30784
- Code review analytics: Change margin between title and description. !30834
- Productivity Analytics: Remove separator and cleanup title margins. !30839
- Move Auto DevOps Test.gitlab-ci.yml template to rules syntax instead of only/except. !30876
- Change Var to Variable text. !30878
- Move Build.gitlab-ci.yml to `rules` syntax. !30895
- Move Code-Quality.gitlab-ci.yml to `rules` syntax. !30896
- Migrate Dependency-Scanning CI template to rules syntax. !30907
- Apply shared integrations view to project level. !30971
- Exposes description, hosts, details, and timestamps for Alert Management Alert GraphQL. !31091
- Update the example regex in the image expiration policy UI. !31104
- Add clear explanation to the MR widget when no CI is available and Pipeline must succeed option is activated. !31112
- Migrate SAST CI template to rules syntax. !31127
- Update style of buttons on the Releases page. !31129 (Özgür Adem Işıklı @iozguradem)
- Changed test success calculation to exclude skipped tests. !31154
- app:gitlab:check rake task now warns when projects are not in hashed storage. !31172
- Moves embedded metrics for Prometheus alerts to Core. !31203
- Move Deploy.gitlab-ci.yml to `rules` syntax. !31290
- Modify Snippet git path errors to be more helpful. !31333
- Move Browser-Perfomance-Testing.gitlab-ci.yml to `rules` syntax. !31413
- Use gsub instead of the Liquid gem for variable substitution in the Prometheus proxy API. !31482
- Changed terminology of security scanner status from configure to enable. !31503
- Update auto-deploy-image to v0.14.0 with helm 2.16.6, --atomic deployments and improved kubernetes 1.16 support. !31505
- Add ability to add or remove MR labels via API. !31522 (Lee Tickett)
- Disable Docker-in-Docker for Dependency Scanning by default. !31588
- Disable Docker-in-Docker for SAST by default. !31589
- Add migration to import changes to the system dashboard Prometheus queries into DB. !31618
- Ensure links generated by the copy link feature contain variables. !31636
- Migrate from Vue event hub to Mitt in issuables list. !31652 (Arun Kumar Mohan)
- URL params in the monitoring dashboard update variable values defined in yml file. !31662
- Migrate from Vue event hub to Mitt. !31666 (Arun Kumar Mohan)
- Add prefix to template variables in URL in the monitoring dashboard. !31690
- Add fields to GraphQL snippet blob type. !31710
- Make protected_ci_variables setting enabled by default. !31715
- Prepare group import feature to use ndjson. !31741
- Prepare group export feature to use ndjson. !31742
- Remove a lonely dot in Batch Comments. !31783 (Gilang Gumilar)
- Update auto-deploy-image to v0.15.0, with an upgraded PostgreSQL chart used by default for Auto DevOps deployments. !31799
- Force hashed storage to always be enabled. !31801
- Add alert counts by status to GraphQL API. !31818
- Show warning message to user if raw text search is used when filtering pipelines. !31942
- Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/delete_milestone_modal.vue. !31990 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/confidential_merge_request/components/dropdown.vue. !31999 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/diffs/components/diff_discussions.vue. !32004 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/boards/components/board_form.vue. !32005 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/repository/components/breadcrumbs.vue. !32017 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/users/calendar_activities.html.haml. !32094 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/users/_deletion_guidance.html.haml. !32097 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_ref_dropdown.html.haml. !32102 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_recaptcha_form.html.haml. !32106 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_project_limit.html.haml. !32110 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_personal_access_tokens_table.html.haml. !32116 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_milestones_filter.html.haml. !32120 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_milestone_expired.html.haml. !32121 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_label_row.html.haml. !32124 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_group_tips.html.haml. !32127 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_group_form.html.haml. !32132 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_field.html.haml. !32136 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_delete_label_modal.html.haml. !32138 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_commit_message_container.html.haml. !32139 (Gilang Gumilar)
- Externalize i18n aria-label strings from ./app/views/shared/*. !32142 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_top.html.haml. !32148 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_milestone.html.haml. !32154 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_merge_requests_tab.haml. !32158 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_labels_tab.html.haml. !32159 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_issues_tab.html.haml. !32160 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_issuable.html.haml. !32161 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_sidebar.html.haml. !32164 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_nav.html.haml. !32165 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_label_*. !32167 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_report_toggle.html.haml. !32168 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_button.html.haml. !32172 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_bulk_update_sidebar.html.haml. !32173 (Gilang Gumilar)
- Add files param to snippet create mutation. !32309
- Cluster index refactor: Add missing pagination. !32338
- Refactored render errors for blob to Vue. !32345
- Format the alert payload into a table view. !32423
- Add presence validation to content and title in snippet rest endpoints. !32522
- Fix jump to definition linking to same file opening a new tab.

### Performance (15 changes, 2 of them are from the community)

- Speed up NOT Issue filters. !27639
- Add indexes on ingress, enabled clusters and successful deployments. !28331
- Add clusters index to improve usage data queries. !28626
- Uses Kubernetes API conventions to create or update a resource leandrogs. !29010 (Leandro Silva)
- Cache TreeSummary response for logs_tree. !29828
- Move release notification from model callbacks to service. !29853 (Ravishankar)
- Delete orphaned rows in application_settings table. !29981
- Improve cacheability of monaco-editor code. !30032
- Project import queries are now partially batched. !30057
- Upgrade json gem to 2.3.0. !30852
- Use process-wide cache for application settings and performance bar. !31135
- Record usage ping finish time. !31222
- Use NOT VALID to enforce a not null constraint on file store columns. !31261
- Enable ref name caching for merge request diffs. !31530
- Skip mergeability check when listing MRs in the API. !31890

### Added (146 changes, 13 of them are from the community)

- Graphql query for issues can now be sorted by priority. !18901
- Add test report API route. !24648
- Add GraphQL support for querying a board's lists. !24812
- Define remove_label quick action as alias of unlabel. !24962 (Jacopo Beschi @jacopo-beschi)
- Create Wiki activity events on pushes to Wiki git repository. !26624
- Allow users to download a CSV of the recent daily code coverage values per job. !27094
- Display x509 signed tags. !27211 (Roger Meier)
- Enabling git versioned snippets. !27705
- Add option to hide the default "thumbs up" and "thumbs down" buttons on issues, merge requests, and snippets. !27734 (Steve Mokris)
- Add sorting issues by label priority to graphQL endpoint. !27936
- Add certification revocation list download and certificate revoke. !28336 (Roger Meier)
- Add WebIDE Dark Theme Support. !28407
- Add secure binaries template. !28566
- LDAP authentication support for admin mode. !28572 (Diego Louzán)
- Add UI for exporting group data to the group settings. !28573
- Allow to assign milestones to a release on the "Edit Release page". !28583
- Add Previous and Next buttons for commit-by-commit navigation. !28596
- Add the global var SECURE_ANALYZERS_PREFIX. !28617
- Allow users to retry obtaining Let's Encrypt certificates for GitLab Pages. !28784
- Add support for cluster applications CI artifact report. !28866
- Add resource_state_events table. !28926
- Migration to add partitioned_foreign_keys table that tracks foreign keys for partitioned tables. !29064
- Collect object store config in usage data. !29149
- Add freeze period model. !29162
- Moved issue board focus mode to Core and available for for everyone. !29200
- Add freeze periods via CI_DEPLOY_FREEZE variable. !29244
- Add intermediate CAs capability to S/MIME email signature. !29352 (Diego Louzán)
- Add responding to ChatOps jobs triggered in Mattermost. !29366 (Brian Kintz)
- Expose Freeze Periods in REST API. !29382
- Add read/write_package_registry to deploy_tokens. !29383
- Add public API for feature flag user lists. !29415
- Create cluster annotations API endpoint. !29502
- Add ability to change metrics dashboard visibility. !29634
- Add percentage of actors feature flag rollout. !29698
- Add metric dashboard public visibility toggle. !29718
- Route to feature flags based on internal id. !29740
- Send email notification for unknown sign-ins. !29741
- Add search by name to registry image repositories. !29763
- Surface alerts add empty state. !29775
- Enable uploadpack filters by default. !29787
- Select the first option if there is only one metric option on alerts dropdown. !29857 (Gilang Gumilar)
- Add table for Alert Management alerts. !29864
- Add policies for managing 'default_branch_protection' setting in groups. !29879
- Add comment_detail column to services. !29891
- Add option to add custom profile image guidelines. !29894 (Roger Meier)
- View a details of a panel in 'full screen mode'. !29902
- Add database relation to preserve users starred metrics dashboard information. !29912
- Add jira imports to usage data. !29925
- Add issues_create_limit to settings api. !29960
- Map labels from Jira to labels in GitLab. !29970
- Add Deployment to ECS process to AutoDevOps. !29971
- GraphQL issue queries can now be sorted by milestone due date. !29992
- Add table for tracking issues published to status page. !29994
- Create Sprints table and barebones model. !30125
- When viewing a single panel, return to a full dashboard by pressing the Escape key. !30126
- Flesh out Sprints relationships and constraints. !30127
- Add GraphQL type for reading Alert Management Alerts. !30140
- Add ability to query Projects using GraphQL API. !30146
- Add `web_url` to branch API response. !30147
- Fix Jira importer URLs. !30155
- Add migrations for global CI variables. !30156
- Add vue routes support to Static Site Editor. !30163
- Integrate CI instance variables in the build process. !30186
- Add raw_blob_request_limit to Application Settings API. !30211
- Empty state for alerts list. !30215
- Create operations_strategies_user_lists table. !30243
- Adds URL parameter for confidential new issue creation. !30250
- Update Jira comment to include more information. !30258
- Add scheduled_at field to jira_imports table. !30284
- Alerts list loading & error state. !30315
- Deploy token authentication for API with Maven endpoints. !30332
- Add metrics dashboard annotations feature, which enables marking interesting events over metrics dashboard charts. !30371
- Add non_archived argument to issues API endpoint. !30381
- Add admin controller actions for interacting with instance variables. !30385
- Add mutation to create a new branch in GraphQL. !30388
- Introduce API for fetching shared projects in a group. !30461
- Display expanded dashboard from a panel's "Link to chart" URL. !30476
- Resolve Design Comment: Edit Comment text. !30479
- Map Jira issue assignee and author. !30498
- Add email notification on group export complete. !30522
- Add option to restrict emails that match a configured regular expression. !30548
- In metrics dashboard use custom variables from URL in queries. !30560
- Add mutation for AlertManagement's Alert status. !30576
- Multiple metrics edit navigates to prom edit page. !30666
- Update metrics dashboard url when a panel is expanded or contracted. !30704
- Add migration bot user. !30738
- Issues Analytics: Add title to page. !30836
- Contribution Analytics: Add title to page. !30842
- Insights Analytics: Add title to page. !30853
- Repository Analytics: Add title to page. !30855
- CI / CD Analytics: Add title to page. !30891
- Enable Monaco for editing Snippets by default. !30892
- Disabled Edit button for binary snippets. !30904
- Monokai and Solarized Dark syntax highlighting theme for Web IDE. !30931
- Updated deprecated buttons in release page. !30941 (Özgür Adem Işıklı @iozguradem)
- Add sorting to AlertManagement Alert Graphql. !30964
- Web IDE: Introduce syntax highlighting for .vue files. !30986
- Solarized light syntax highlighting theme for the Web IDE. !30989
- Deploy tokens can be used in the API with Basic Auth Headers enabling NuGet and PyPI to be used with deploy tokens. !31035
- Skip spam check for GitLab team members on gitlab.com. !31052
- None syntax highlighting theme for Web IDE. !31056
- Issues Analytics: Add title to group-level page. !31057
- Display metrics dashboards starred by user at the top of dashboard select field. !31059
- Add WYSIWYG editor to the Static Site Editor. !31099
- Conan registry is accessible using deploy tokens. !31114
- Add container registry settings to application_settings table. !31125
- Added provider icon to cluster index display. !31134
- Add a CI variable CI_KUBERNETES_ACTIVE as an alternative to only:kubernetes/except:kubernetes that works with the rules syntax. !31146
- Enable Alert Management functionality. !31171
- Allow monitoring dashboard users to open single panels in a new tab. !31206
- Create dashboard annotations via Graphql. !31249
- Enable deploy token authentication for the NPM registry. !31264
- Add read and write package registry scopes to deploy tokens. !31267
- Read only storage move API. !31285
- Add Design Management (via Designs tab on Issues) to GitLab FOSS. !31309
- Exposes issue IID in Alert Management Alert's GraphQL endpoint. !31313
- New API endpoint for starring metrics dashboards. !31316
- Add search bar to container registry image list. !31322
- Highlight focused Design discussion in image markers. !31323
- Allow showing merge request diffs compared to current version of target branch. !31325
- Add alert on project issues page to show Jira import is in progress. !31329
- Add API CRUD actions for instance-level CI/CD variables. !31342
- Add alert on project issues page to show Jira import has finished. !31375
- Filter pipelines by trigger author and branch name. !31386
- Add incident_labeled_issues to usage ping. !31406
- Refactored Snippet view to Vue. !31450
- Make report-type artifacts available for download. !31513
- Render dropdown and text elements based on variables defined in monitoring dashboard yml file. !31524
- Add expunge deleted messages option to mailroom. !31531 (Diego Louzán)
- Log Cloudflare request headers. !31532
- Allow Web IDE markdown to preview uncommitted images. !31540
- Add Webex Teams project integration service. !31543 (Sebastian Leuser)
- Add Rubocop cop to flag keyword arguments usage in Sidekiq workers. !31551 (Arun Kumar Mohan)
- Allow users to star/unstar dashboards which will appear at the top of their dashboards options. !31597
- Add ability to create merge request from vulnerability page. !31620
- Add confidential status support for comment and replies. !31622
- Add Web IDE pipelines usage counter. !31658
- Ruby metrics now include USS and PSS memory readings. !31707
- Add issues_created_gitlab_alerts to usage ping. !31802
- Add Alert Detail view. !31877
- New API endpoint for removing stars from metrics dashboards. !31892
- View raw file of any zip artifacts. !31912
- Add search to Alert Management Alerts GraphQL query. !32047
- Add "Keep divergent refs" option for push mirrors. !32381
- Add fields to Alert Details view. !32392
- Update GitLab Pages to 1.18.0.

### Other (70 changes, 25 of them are from the community)

- Remove Admin -> Settings -> Geo navigation. !21005 (Lee Tickett)
- removes store logic from issue board models. !21400 (nuwe1)
- removes store logic from issue board models. !21408 (nuwe1)
- Moves updateIssue from issue model to board store. !21414 (nuwe1)
- Improve error handling of squash and rebase. !23740
- Remove obsolete bot_type column. !27076
- Remove obsolete columns from resource_milestone_events. !28536
- Add index to issue_id and created_at of resource_weight_events. !28930
- Clean up & Re-arrange the keyboard shortcuts modal. !28992
- Remove ci_expose_arbitrary_artifacts_in_mr feature flag. !29363 (Lee Tickett)
- Remove git_archive_path feature flag. !29369 (Lee Tickett)
- Rename Snippet search results title. !29599
- Update to Rails 6.0.2.2. !29743
- Log server responses of API bad requests in api_json.log. !29839
- Clean up refresh fix for cancel automatic merge. !29844
- Add snippet repository backfilling migration. !29927
- Remove the SIDEKIQ_REQUEST_STORE configuration. !29955
- Increase label list label column width. !29963
- Refactor count queries to single query on Projects::EnvironmentsController. !30073 (Sashi Kumar)
- Update text on self-managed sign in page. !30135
- Remove namespaces.plan_id column. !30351
- Migrate models and policies specs to consider admin mode. !30430 (Diego Louzán)
- Upgrade Nokogiri to v1.10.9. !30435
- Add snippet migration rake tasks. !30489
- Error tracking target blank empty state. !30525
- Remove elasticsearch_experimental_indexer column. !30628
- Update the template for Static Site Editor / Middleman. !30642
- Remove unused cluster configuration workers. !30695
- Remove deprecated Snippet `code` attribute from Project Snippets API. !30739
- Update merge request widget question mark icons. !30759
- Value Stream Analytics: Add title and remove separator. !30841
- Remove mention of github-markup in Wiki clone help. !30962
- Alert Management mobile styling. !31082
- Allow Auto DevOps Test stage to start immediately. !31185
- Enable async_merge_request_check_mergeability by default. !31196
- Cleanup background migration for populating user_highest_roles table. !31218
- Add docs for alert management list. !31225
- Remove extra spaces from markdown toolbar items. !31288
- Use cookies with metadata to prevent reuse as another cookie. !31311
- Add inherit_from_id column to services table. !31320
- Organize package models by package type. !31346 (Sashi Kumar)
- Apply active class on active link element in HAML pagination. !31396
- Update GitLab Runner Helm Chart to 0.16.1. !31492
- Log when container registry permissions are denied. !31536
- Add epic_id to resource_state_events. !31587
- Update doorkeeper to latest version 5.0.3. !31673
- Add Foreign Key on projects.namespaces_id. !31675
- Fix misalignment of author dropdown on the commits search page. !31686
- Update css-loader ^1.0.0 -> ^2.1.1. !31743 (Pirate Praveen)
- Fix database schema inconsistency with not-null checks. !31930
- Removes create_confidential_merge_request feature flag leandrogs. !31968 (Leandro Silva)
- Update deprecated slot syntax in ./app/assets/javascripts/issue_show/components/fields/description.vue. !31979 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue. !31980 (Gilang Gumilar)
- Update group and project export info messages. !31981 (briankabiro)
- Relocate Nuget presenter helpers to presenters module. !31985 (Sashi Kumar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue. !31992 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/performance_bar/components/detailed_metric.vue. !32006 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/profile/account/components/delete_account_modal.vue. !32007 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/environments/components/stop_environment_modal.vue. !32012 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/serverless/components/area.vue. !32015 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/releases/components/app_edit.vue. !32018 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/releases/components/evidence_block.vue. !32019 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/ide/components/ide_review.vue. !32025 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/ide/components/pipelines/list.vue. !32027 (Gilang Gumilar)
- Update alert management table background colour to correct gray. !32068
- Validate package types in package metadatum models. !32091 (Sashi Kumar)
- Update error tracking table background colour to correct gray. !32133
- Update GitLab Elasticsearch Indexer to v2.3.0. !32199
- Update asciidoctor-plantuml gem to v0.0.12. !32376
- Use visitUrl in Alert management. !32414


712 713 714 715
## 12.10.14 (2020-07-06)

- No changes.

716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736
## 12.10.13 (2020-07-01)

### Security (15 changes)

- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.


737 738 739 740 741 742 743
## 12.10.12 (2020-06-24)

### Fixed (1 change)

- Correctly count wiki pages in sidebar. !30508


744 745 746 747
## 12.10.11 (2020-06-10)

- No changes.

748 749 750 751 752 753 754 755
## 12.10.8 (2020-05-28)

### Fixed (2 changes)

- Fix Geo replication for design thumbnails. !32703
- Fix 404s downloading build artifacts. !32741


756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775
## 12.10.7 (2020-05-27)

### Security (14 changes)

- Add an extra validation to Static Site Editor payload.
- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Disable caching on repo/blobs/[sha]/raw endpoint.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.
- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API.


776 777 778 779 780 781 782 783 784 785 786
## 12.10.6 (2020-05-15)

### Fixed (5 changes)

- Fix duplicate index removal on ci_pipelines.project_id. !31043
- Fix 500 on creating an invalid domains and verification. !31190
- Fix incorrect number of errors returned when querying sentry errors. !31252
- Add instance column to services table if it's missing. !31631
- Fix incorrect regex used in FileUploader#extract_dynamic_path. !32271


787 788 789 790 791 792 793
## 12.10.5 (2020-05-13)

### Added (1 change)

- Consider project group and group ancestors when processing CODEOWNERS entries. !31804


794 795 796 797 798 799 800
## 12.10.4 (2020-05-05)

### Fixed (1 change)

- Add a Project's group to list of groups when parsing for codeowner entries. !30934


801 802 803 804 805 806 807 808 809 810 811 812 813 814
## 12.10.2 (2020-04-30)

### Security (8 changes)

- Ensure MR diff exists before codeowner check.
- Apply CODEOWNERS validations to web requests.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Change GitHub service integration token input to password.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.


815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833
## 12.10.1 (2020-04-24)

### Fixed (5 changes)

- Fix bug creating project from git ssh. !29771
- Fix Web IDE handling of deleting newly added files. !29783
- Fix null dereference in /import status REST endpoint. !29886
- Fix Service Templates missing Active toggle. !29936
- Fix 500 error on accessing restricted levels. !30313

### Changed (1 change)

- Move Group Deploy Tokens to new Group-scoped Repository settings. !29290

### Other (1 change)

- Migration of dismissals to vulnerabilities. !29711


834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275
## 12.10.0 (2020-04-22)

### Removed (3 changes)

- Revert LDAP readonly attributes feature. !28541
- Remove deprecated /ci/lint page. !28562
- Remove open in file view link from Web IDE. !28705

### Fixed (118 changes, 26 of them are from the community)

- Return 202 for command only notes in REST API. !19624
- Run SAST using awk to pass env variables directly to docker without creating .env file. !21174 (Florian Gaultier)
- #42671: Project and group storage statistics now support values up to 8 PiB (up from 4GiB)
. !23131 (Matthias van de Meent)
- Fix 500 error on profile/chat_names for deleted projects. !24341
- Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !24684
- Fix archived corrupted projects not displaying in admin. !25171 (erickcspice)
- Fix some Web IDE bugs with empty projects. !25463
- Fix failing ci variable e2e test. !25924
- Fix new file not being created in non-ascii character folders. !26165
- Validate uniqueness of project_id and type when a new project service is created. !26308
- Fix assignee dropdown on new issue page. !26971
- Resolve Unable to expand multiple downstream pipelines. !27029
- Hide admin user actions for ghost and bot users. !27162
- Fix invalid ancestor group milestones when moving projects. !27262
- Fix right sidebar when scrollbars are always visible. !27314 (Shawn @CasualBot)
- Fix OpenAPI file detector. !27321 (Roger Meier)
- Fix managed_free_namespaces scope to only groups without a license or a free license. !27356
- Set commit status to failed if the TeamCity connection is refused. !27395
- Resolve Improve format support message in issue design. !27409
- Add tooltips with full path to file headers on file tree. !27437
- Scope WAF Statistics anomalies to environment.external_url. !27466
- Show the proper information in snippet edit form. !27479
- Fixes the repository Vue router not working with Chinese characters. !27494
- Fix smartcard config initialization. !27560
- Fix audit event that weren't being created for failed LDAP log-in tries. !27608
- Fix filtered search tokenization. !27648
- Fix processing of GrapqhQL query complexity based on used resolvers. !27652
- Update board scopes when promoting a label. !27662
- Reuse default generated snippet file name in repository. !27673
- Revert user bio back to non-italicized font to fix rendering of emojis. !27693
- Filter out Releases with missing tags. !27716
- Update detected languages for dependency scanning in no dind mode. !27723
- Fix logic for ingress can_uninstall?. !27729
- Fix dropped filter when paging groups. !27737 (Lee Tickett)
- Amend GraphQL merge requests resolver to check for project presence. !27783
- Fix bug issue template handling of markdown. !27808 (Lee Tickett)
- Update discord notifications to be a single embed and include log messages. !27812 (Sam Bingner)
- Update detected languages for sast in no dind mode. !27831
- Fix bug inviting members whose emails start with numbers. !27848 (Lee Tickett)
- Allow self monitoring project to query internal Prometheus even when "Allow local requests in webhooks and services" setting is false. !27865
- Add missing docstring to Prometheus metric. !27868
- Resolve Snippet creation failure bug. !27891
- Fix optional params for deploy token API. !27961 (Nejc Habjan)
- Use Ci::Pipeline#all_merge_requests.first as Ci::Build#merge_request. !27968
- Fix bug tracking snippet shard name. !27979
- Add `discussion_locked` to Webhook. !28018
- Fix invalid class option for ionice. !28023
- Improve SAST NO_DIND file detection with proper boundary conditions. !28036
- Detect skipped specs in JUnit reports and set TestCase status. !28053
- Allow 0 for pages size limit setting in admin settings. !28086
- Fix wrong colors displayed in charts. !28095
- Fix incorrect content returned on empty dotfile. !28144
- Include LDAP UID attribute in default attributes for all LDAP lookups. !28148
- Fix deploy token API to properly delete all associated deploy token records. !28156
- Fix Gitlab::Auth to handle orphaned oauth tokens. !28159
- Protect sidekiq admin UI with admin mode. !28164 (Diego Louzán)
- Prevent overriding the username when creating a Deploy Token via the API. !28175 (Ayoub Mrini)
- Resolve Snippet actions with binary data. !28191
- Make all HTTPS cookies set SameSite to none. !28205
- Don't send 'accept-encoding' in HttpIO requests. !28239
- Gracefully handle missing latest CI pipeline. !28263
- Fix error removing secondary email. !28267 (Lee Tickett)
- Fix name of approvals column in merge requests. !28274 (Steffen Köhler)
- Add management_project_id to group and project cluster creation, clarifies docs. !28289
- Check first if feature flag version_snippet is enabled. !28352
- Fix single stat panel percentile format support. !28365
- Use CTE optimization for searching board issues. !28430
- Fix missing synthetic milestone change notes for disabled milestone change event tracking feature flag. !28440
- Fix Releases page for Guest users of private projects. !28447
- Prevent ProjectUpdateRepositoryStorageWorker from moving to same filesystem. !28469
- Return error message for create_merge_request. !28482
- Include MR times in Milestone time overview. !28519 (Bob van de Vijver)
- Fix daily report result to use average of coverage values if there are multiple builds for a given group name. !28556
- Token creation uses HTTP status CREATED. !28587
- Allow award emoji same name & user duplicates when Importing. !28588
- Fix pagination in Merge Request GraphQL api. !28667 (briankabiro)
- Remove duplicate spec in web hook service spec. !28669 (Rajendra Kadam)
- Fix GraphQL SnippetType repo urls. !28673
- Add missing ON DELETE FK constraints referencing users table. !28720
- Update duplicate specs in notification service spec. !28742 (Rajendra Kadam)
- Fix styling of MR dropdown in Web IDE. !28746
- Better error message when importing a Github project and Github API rate limit is exceeded. !28785
- Prevent false positives in Ci::Pipeline#all_merge_requests. !28800
- Enable toggle all discussions button for logged out users. !28809 (Diego Louzán)
- Fix display of PyCharm generated Jupyter notebooks. !28810 (Jan Beckmann)
- Resolve Snippet update error with version flag disabled. !28815
- Show multimetric embeds on a single chart. !28841
- Fix race condition updating snippet without repository. !28851
- Normalize signature mime types when filtering attachments in emails. !28865 (Diego Louzán)
- Add autostop check to folder table. !28937
- Fix 500 error on create release API when providing an invalid tag_name. !28969 (Sashi Kumar)
- Fix missing group icons on profile page when screen < 576px. !28973
- Stringify Sidekiq job args in exception logs. !28996
- Ensure members are always added on Project Import when importing as admin. !29046
- Elasticsearch recommendation alert does not appears while screen is loaded. !29097
- Prevent wrong environment being used when processing Prometheus alert. !29119
- Fix Slack slash commands using relative URL. !29160
- Exclude 'trial_ends_on', 'shared_runners_minutes_limit' & 'extra_shared_runners_minutes_limit' from list of exported Group attributes. !29259
- Group level container registry show subgroups repos. !29263
- Move prepend to last line in finders files. !29274 (Rajendra Kadam)
- Remove 'error' from diff note error message. !29281
- Migrate legacy uploads out of deprecated paths. !29295
- Move prepend to last line in commit status presenter. !29328 (Rajendra Kadam)
- Move prepend to last line in app serializers. !29332 (Rajendra Kadam)
- Move prepend to last line in app workers and uploaders. !29379 (Rajendra Kadam)
- fix: Publish toolbar dissappears when submitting empty content. !29410
- Replace deprecated GlLoadingIcon sizes. !29417
- fix display head and base in version dropdowns. !29433
- Fix Web IDE not showing diff when opening commit tab. !29439
- Use music icon for files with .ogg extension. !29514
- Fix dashboard processing error which prevented dashboards with unknown attributes inside panels from being displayed. !29517
- Fix Deploy Token creation when no scope selected. !29614
- Update auto-build-image to v0.2.2 with fixes for docker caching. !29730
- Fix resolve WIP clearing merge request area. !29757
- Enable the Add metric button for CE users. !29769
- Fix Error 500 when inviting user to a few projects. !29778
- Fixed whitespace toggle not showing the correct diff.
- Fixed upload file creating a file in the wrong directory.

### Deprecated (1 change)

- Deprecate 'token' attribute from Runners API. !29481

### Changed (62 changes, 7 of them are from the community)

- Only enable searching of projects by full path / name on certain dropdowns. !21910
- Support wiki events in activity streams. !23869
- Fix for issue 26426: Details of runners of nested groups of an owned group are now available for users with enough permissions. !24169 ([email protected])
- Rename "Project Services" to "Integrations" in frontend and docs. !26244
- Support multiple Evidences for a Release. !26509
- Move some global routes to - scope. !27106
- Only display mirrored URL to users who can manage Repository settings. !27166
- Disable lookup of other ActiveSessions to determine admin mode status. !27318 (Diego Louzán)
- Extract X509::Signature from X509::Commit. !27327 (Roger Meier)
- Show user statistics in admin area also in CE, and use daily generated data for these statistics. !27345
- Update aws-ecs image location in CI template. !27382
- Update More Pages button on Wiki Page. !27499
- Update ApplicationLimits to prefer defaults. !27574
- Allow external diff files to be removed. !27602
- Add atomic and cleanup-on-fail parameters for Helm. !27721
- Change the url when the timeslider changes. !27726
- Add user_details.bio column and migrate data from users.bio. !27773
- WAF settings will be read-only if there is a new version of ingress available. !27845
- Add an helper to check if a notification_event is enabled. !27880 (Jacopo Beschi @jacopo-beschi)
- Ensure freshness of settings with snippet creation. !27897
- Update copies in Admin Panel > Repository Storage section. !27986
- Add event tracking to Container regstry quickstart. !27990
- Render snippet repository blobs. !28085
- Accept `author_username` as a param in Merge Requests API. !28100
- Use rich icons for thw rows on the file tree. !28112
- Renamed Contribution Charts as Repository Analytics. !28162
- Move Alerting feature to Core. !28196
- Add file-based pipeline conditions to default Auto DevOps CI template. !28242
- Make pipeline info in chat notifications concise. !28284
- Use different approval icon if current user approved. !28290 (Steffen Köhler)
- Remove repeated examples in user model specs. !28450 (Rajendra Kadam)
- Show only active environments in monitoring dropdown. !28456
- Enable container expiration policies by default for new projects. !28480
- Show snippet error update to the user. !28516
- Move 'Additional Metrics' feature to GitLab Core. !28527
- Add ability to search by environment state in environments GraphQL API. !28567
- Add correlation_id to project_mirror_data, expose in /import API endpoints. !28662
- Add status column to container_registry. !28682
- Cleanup the descriptions of some fields of GraphQL ProjectType. !28735
- Add Project template for Static Site Editor / Middleman. !28758
- Remove duplicate show spec in admin routing. !28790 (Rajendra Kadam)
- Add Fluentd model for cluster apps. !28846
- Add grab cursor for operations dashboard cards. !28868
- Update copy when snippet git feature disabled. !28913
- Expose relations that failed to import in /import endpoints. !28915
- Update informational text on Edit Release page. !28938
- Add support for dot (.) in variables masking. !29022
- Update Auto DevOps docker version to 19.03.8. !29081
- Make search redaction more robust. !29166
- Enable async delete in container repository list. !29175
- Make manual prometheus configuration section always editable. !29209
- Adjust label title applied to issues on import from Jira. !29246
- Track statistics per project for jira imported issues. !29406
- Display local timezone in log explorer. !29409
- Allow to retry submitting changes when an error occurs. !29434
- Define dashboard dropdowns layout in flex to improve support smaller screens. !29477
- Update auto-deploy-image to v0.13.0 for deploy job, enabling more granular control over service.enabled. !29524
- Do not display branch link in saved changes message UI. !29611
- Redesign Jira issue import UI. !29671
- Add support for /file_hooks directory. !29675
- Sort the project dropdown by star count when moving issues. !29766
- Increase the timing of polling for the merge request widget.

### Performance (45 changes)

- Limits issues displayed on milestones. !23102
- Optimize suggestions counters. !26443
- Prefetch DNS for asset host. !26868
- Move bots functionality to user_type column. !26981
- Optimize projects_service_active queries performance in usage data. !27093
- Optimize projects_mirrored_with_pipelines_enabled query performance in usage data. !27110
- Optimize ldap keys counters query performance in usage data. !27309
- Enable Workhorse upload acceleration for Project Import uploads via UI. !27332
- Cache ES enabled namespaces and projects. !27348
- Optimize template_repositories query by using batch counting. !27352
- Reduce SQL queries when rendering webhook settings. !27359
- Reduce number of SQL queries for service templates. !27396
- Improve Advanced global search performance by using routing. !27398
- Improve performance of the container repository cleanup tags service. !27441
- Optimize usage ping queries by using batch counting. !27455
- Fix redundant query execution when loading board issues. !27505
- Optimize projects_enforcing_code_owner_approval counter query performance for usage ping. !27526
- Optimize projects_reporting_ci_cd_back_to_github query performance for usage data. !27533
- Optimize service desk enabled projects counter. !27589
- Improve pagination in discussions API. !27697
- Improve API response for archived project searchs. !27717
- Optimize ci builds counters in usage data. !27770
- Enable streaming serializer feature flag by default. !27813
- Harden jira usage data. !27973
- Create merge request pipelines in background jobs. !28024
- Optimize ci builds non distinct counters in usage data. !28027
- Remove feature flag 'export_fast_serialize' and 'export_fast_serialize_with_raw_json'. !28037
- Improve API response for descending internal project searches. !28038
- Make Rails.cache and Gitlab::Redis::Cache share the same Redis connection pool. !28074
- Introduce rate limit for creating issues via web UI. !28129
- Introduce rate limit for creating issues via API. !28130
- Remove unnecessary index index_ci_builds_on_name_for_security_reports_values. !28224
- Disallow distinct count for regular batch count. !28518
- Resolve an N+1 in merge request CI variables. !28688
- Use faster streaming serializer for project exports. !28925
- Add index for created_at of resource_milestone_events. !28929
- Optimize issues with embedded grafana charts usage counter. !28936
- Avoid scheduling duplicate sidekiq jobs. !29116
- Optimize projects with repositories enabled usage data. !29117
- Use diff-stats for calculating raw diffs modified paths. !29134
- Optimize protected branches usage data. !29148
- Refresh only existing MRs on push. !29420
- Reduce SQL requests number for CreateCommitSignatureWorker. !29479
- Remove redundant index from projects table. !29507
- Add index on users.unlock_token. !276298

### Added (140 changes, 33 of them are from the community)

- New package list is enabled which includes filtering by type. !18860
- Create a rake task to cleanup unused LFS files. !21747
- Support Asciidoc docname attribute. !22313 (Jouke Witteveen)
- Adds features to delete stopped environments. !22629
- Highlight line which includes search term is code search results. !22914 (Alex Terekhov (terales))
- Allow embedded metrics charts to be hidden. !23929
- Add toggle all discussions button to MRs. !24670 (Martin Hobert & Diego Louzán)
- Store daily code coverages into ci_daily_report_results table. !24695
- Add cluster management project template. !25318
- Add limit metric to lists. !25532
- Add support for Okta as a SCIM provider. !25649
- Add grape custom validator for git reference params. !26102 (Rajendra Kadam)
- Add healthy column to clusters_applications_prometheus table. !26168
- Add API endpoint to list runners for a group. !26328
- Add unlock_membership_to_ldap boolean to Groups. !26474
- Adds wiki metadata models. !26529
- Create model to store Terraform state files. !26619
- Improve logs dropdown with more clear labels. !26635
- Add all pods view to logs explorer. !26883
- Add first_contribution to single merge request API. !26926
- Populate user_highest_roles table. !27127
- Add option for switching between blocking and logging for WAF. !27133
- Add bar chart support to monitoring dashboard. !27155
- Start merge request for custom dashboard if new branch is provided. !27189
- Update user's highest role to keep the users statistics up to date. !27231
- Make "Value Stream" the default page that appears when clicking the project-level "Analytics" sidebar item. !27279 (Gilang Gumilar)
- Add metric to derive new users count. !27351
- Display cluster type in cluster info page. !27366
- Improve logs filters on mobile, simplify kubernetes API logs filters. !27484
- Adds branch information to the package details title section. !27488
- Add forking_access_level to projects API. !27514 (Mathieu Parent)
- Add a DB column to track external issue and epic ids when importing from external sources. !27522
- Added Edit Title shared component. !27582
- Add metrics dashboard annotation model, relation, policy, create and delete services. To provide interface for create and delete operations. !27583
- Adds filter by name to the packages list. !27586
- Allow querying of Jira imports and their status via GraphQL. !27587
- Update Gitaly to 12.9.0-rc5. !27631
- Add filtered search for elastic search in logs. !27654
- Add cost factor fields to ci runners. !27666
- Add auto_ssl_failed to pages_domains. !27671
- Allow to start Jira import through graphql mutation. !27684
- Add terraform report to merge request widget. !27700
- Read metadata from Wiki front-matter. !27706
- Support custom graceful timeout for Sidekiq Cluster processes. !27710
- Show storage size on project page. !27724 (Roger Meier)
- Upload a design by copy/pasting the file into the Design Tab. !27776
- Update Active checkbox component to use toggle. !27778
- Add namespace_storage_size_limit to application settings. !27786
- Add issues to graphQL group endpoint. !27789
- Enable container registry at the group level. !27814
- Expose created_at property in Groups API. !27824
- Add an endpoint to allow group admin users to purge the dependency proxy for a group. !27843
- Filter health endpoint metrics. !27847
- Add support for system note metadata in project Import/Export. !27853 (Melvin Vermeeren)
- Add daily job to create users statistics. !27883
- Add DS_REMEDIATE env var to dependency scanning template. !27947
- Add Swift Dockerfile to GitLab templates. !28035
- Generate JWT and provide it to CI jobs for integration with other systems. !28063
- Update user's highest role to keep the users statistics up to date. !28087
- Add jira_imports table to track current jira import progress as well as historical imports data. !28108
- Add initial support for Cloud Native Buildpacks in Auto DevOps builds. !28165
- Add app server type to usage ping. !28189
- Add last_activity_before and last_activity_after filter to /api/projects endpoint. !28221 (Roger Meier)
- Expose basic project services attributes through GraphQL. !28234
- Add environment-state flag to metrics data. !28237
- Allow defining of metric step in dashboard yml. !28247
- Separate validators into own class files. !28266 (Rajendra Kadam)
- Refactor push rules and add push_rule_id columns in project settings and application settings. !28286
- Added support for single-token deletion via option/ctrl-backspace or search-filter clearing via command-backspace in filtered search. !28295 (James Becker)
- Enable log explorer to use the full height of the screen. !28312
- Automatically assign id to each panel within dashboard to support panel scoped annotations. !28341
- Add Praefect rake task to print out replica checksums. !28369
- Add rake task to update x509 signatures. !28406 (Roger Meier)
- Add application setting to enable container expiration and retention policies on pre 12.8 projects. !28479
- Add Prometheus alerts automatically after Prometheus Service was created. !28503
- Add ability to filter commits by author. !28509
- Add usage data metrics for instance level clusters and clusters with management projects. !28510
- Add slash command support for merge train. !28532
- Add metrics dashboard annotations to GraphQL API. !28550
- Refactor duplicate specs in wiki page specs. !28551 (Rajendra Kadam)
- Refactor duplicate member specs. !28574 (Rajendra Kadam)
- Remove design management as a license feature. !28589
- Add api endpoint to get x509 signature. !28590 (Roger Meier)
- Refactored Snippet edit form to Vue. !28600
- Add support for database-independent embedded metric charts. !28618
- Fix issuable duplicate spec. !28632 (Rajendra Kadam)
- Fix build duplicate spec. !28633 (Rajendra Kadam)
- Remove duplicate specs in ability model. !28644 (Rajendra Kadam)
- Remove duplicate specs in update service spec. !28650 (Rajendra Kadam)
- Add added_lines and removed_lines columns to merge_request_metrics table. !28658
- Remove duplicate specs in pipeline message spec. !28664 (Rajendra Kadam)
- Implement Terraform State API with locking. !28692
- Move export issues feature to core. !28703
- Add status endpoint to Pages Internal API. !28743
- Enable last user activity logging on the REST API. !28755
- Refresh metrics dashboard data without reloading the page. !28756
- Update duplicate specs in update large table spec. !28787 (Rajendra Kadam)
- Fix duplicate spec in factory relation spec. !28794 (Rajendra Kadam)
- Remove duplicate spec from changelog spec. !28801 (Rajendra Kadam)
- Remove duplicate spec from closing issue spec. !28803 (Rajendra Kadam)
- Allow Release links to be edited on the Edit Release page. !28816
- Create operations_user_lists table. !28822
- Added the clone button for Snippet view. !28840
- Add Fluentd table for cluster apps. !28844
- Fix duplicate spec from user helper spec. !28854 (Rajendra Kadam)
- Add missing spec for gitlab schema. !28855 (Rajendra Kadam)
- Fix duplciate spec in merge requests. !28856 (Rajendra Kadam)
- Fix duplicate spec in environment finder. !28857 (Rajendra Kadam)
- Fix duplicate spec in template dropdown spec. !28858 (Rajendra Kadam)
- Fix duplicate spec in user post diff notes. !28859 (Rajendra Kadam)
- Fix duplicate spec in filter issues. !28860 (Rajendra Kadam)
- Remove `ci_dag_support` feature flag. !28863 (Lee Tickett)
- Validate dependency on job generating a CI config when using dynamic child pipelines. !28901
- Add read_api scope to personal access tokens for granting read only API access. !28944
- Add a new default format(engineering notation) for yAxis labels in monitor charts. !28953
- Add write_registry scope to deploy tokens for container registry push access. !28958
- Add Nginx error percentage metric. !28983
- Provide configuration options for Static Site Editor. !29058
- Remove blobs_fetch_in_batches feature flag. !29069
- API endpoint to create annotations for environments dashboard. !29089
- Add graphQL interface to fetch metrics dashboard. !29112
- Add typed AWS environment variables for access keys & region. !29124
- Add line range to diff note position. !29135
- Add push rules association for groups. !29144
- Gather historical pod list from Elasticsearch. !29168
- Save changes in Static Site Editor using REST GitLab API. !29286
- Add temporary empty message when no result is found. !29306
- Add API endpoint to get users without projects. !29347
- Add status page url field to DB and setting model. !29357
- Add metrics_dashboard_access_level to project features. !29371
- Add a database column to enable or disable group owners from changing the default branch protection setting of a group. !29397
- Allow sorting of issue and MR discussions. !29492
- Update UI for project and group settings CI variables. !29584
- Add GRADLE_CLI_OPTS and SBT_CLI_OPTS env vars to dependency scanning orchestrator. !29595
- Add name_regex_keep to container_expiration_policies. !29618
- Adds Knative and Fluentd as CI/CD managed applications. !29637
- Add jira issues import feature.
- Add wildcard case in documentation for artifacts. (Fábio Matavelli)
- Add namespace storage size limit setting.
- Add placeholders to broadcast message notifications.

### Other (48 changes, 16 of them are from the community)

- Convert schema to plain SQL using structure.sql. !22808
- Provide link to a survey for Knative users. !23025
- Complete the migration of Job Artifact to Security Scan. !24244
- Migrate .fa-spinner to .spinner for app/views/shared/notes. !25028 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/ci/variables. !25030 (nuwe1)
- Migrate .fa-spinner to .spinner for ee/app/views/projects/settings. !25038 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/projects/mirrors. !25041 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/projects/network. !25050 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/groups. !25053 (nuwe1)
- Replace underscore with lodash for ./app/assets/javascripts/vue_shared. !25108 (Tobias Spagert)
- Remove health_status column from epics. !26302
- Show object access warning when disabling repo LFS. !26696
- Update icons in Sentry Error Tracking list for ignored/resolved errors. !27125
- Use Ruby 2.7 in specs to remove Ruby 2.1/2.2/2.3. !27269 (Takuya Noguchi)
- Fill user_type for ghost users. !27387
- Add Bitbucket Importer metrics. !27524
- Consume remaining LinkLFsObjectsProjects jobs. !27558
- Update GitLab Runner Helm Chart to 0.15.0. !27670
- Log Redis call count and duration to log files. !27735
- Use id instead of cve where possible when parsing remediations. !27815
- Log member additions when importing Project/Group. !27930
- Change project_export_worker urgency to throttled. !27941
- Add missing track_exception() call to Ci::CreateJobArtifactsService. !27954
- Add possibility to conigure additional rails hosts with env variable. !28133
- Remove new issue tooltip. !28261 (Victor Wu)
- Improve message when promoting project labels. !28265
- Change the link to chart copy text. !28371
- Conditional mocking of admin mode in specs by directory. !28420 (Diego Louzán)
- Align color and font-weight styles of heading elements and their typography classes. !28422
- Fix merge request thread’s icon buttons color. !28465
- Updated spinner next to forking message. !28506 (Victor Wu)
- Replaced old-style buttons with the new ones on Snippet view. !28614
- Change redo for retry icon in metrics dashboard. !28670
- Remove User's association max_access_level_membership. !28757
- Reduce urgency of EmailsOnPushWorker. !28783
- Use concern instead of service to update highest role. !28791
- Normalize error message between Gitea and Fogbugz importers. !28802
- Fix keyboard shortcut to navigate to your groups. !28873 (Victor Wu)
- Fix keyboard shortcut to navigate to dashboard activity. !28985 (Victor Wu)
- Remove unused index for vulnerability severity levels. !29023
- Update query labels dynamically for embedded charts. !29034
- Refactor projects/:id/packages API to supply only necessary params to PackagesFinder. !29052 (Sashi Kumar)
- Implement showing CI bridge error messages. !29123
- Update GitLab Shell to v12.1.0. !29167
- Update GitLab Elasticsearch Indexer. !29256
- Add Gitlab User-Agent to ContainerRegistry::Client. !29294 (Sashi Kumar)
- Improve error message in DAST CI template. !29388
- Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar)


1276 1277 1278 1279
## 12.9.10 (2020-06-10)

- No changes.

1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298
## 12.9.8 (2020-05-27)

### Security (13 changes)

- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Disable caching on repo/blobs/[sha]/raw endpoint.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.
- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API.


1299 1300 1301 1302 1303 1304 1305
## 12.9.6 (2020-05-05)

### Fixed (1 change)

- Add a Project's group to list of groups when parsing for codeowner entries. !30934


1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320
## 12.9.5 (2020-04-30)

### Security (9 changes)

- Ensure MR diff exists before codeowner check.
- Apply CODEOWNERS validations to web requests.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Prevent ES credentials leak.
- Change GitHub service integration token input to password.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.


1321 1322
## 12.9.4 (2020-04-16)

1323
- No changes.
1324 1325 1326 1327 1328 1329 1330 1331 1332
### Fixed (5 changes, 1 of them is from the community)

- Fix not working File upload from Project overview page. !26828 (Gilang Gumilar)
- Fix storage rollback regression caused by previous refactor. !28496
- Fix incorrect regex used in FileUploader#extract_dynamic_path. !28683
- Fully qualify id columns for keyset pagination (Projects API). !29026
- Fix Slack notifications when upgrading from old GitLab versions. !29111


1333 1334 1335 1336 1337 1338 1339 1340 1341
## 12.9.3 (2020-04-14)

### Security (3 changes)

- Refresh ProjectAuthorization during Group deletion.
- Prevent filename bypass on artifact upload.
- Update rack and related gems to 2.0.9 to fix security issue.


1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360
## 12.9.2 (2020-03-31)

### Fixed (5 changes)

- Ensure import by URL works after a failed import. !27546
- Fix issue/MR state not being preserved when importing a project using Project Import/Export. !27816
- Leave upload Content-Type unchaged. !27864
- Disable archive rate limit by default. !28264
- Fix rake gitlab:setup failing on new installs. !28270

### Changed (1 change)

- Rename feature on the FE and locale.

### Performance (1 change)

- Index issues on sent_notifications table. !27034


1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386
## 12.9.1 (2020-03-26)

### Security (16 changes)

- Add permission check for pipeline status of MR.
- Ignore empty remote_id params from Workhorse accelerated uploads.
- External user can not create personal snippet through API.
- Prevent malicious entry for group name.
- Restrict mirroring changes to admins only when mirroring is disabled.
- Reject all container registry requests from blocked users.
- Deny localhost requests on fogbugz importer.
- Redact notes in moved confidential issues.
- Fix UploadRewriter Path Traversal vulnerability.
- Block hotlinking to repository archives.
- Restrict access to project pipeline metrics reports.
- vulnerability_feedback records should be restricted to a dev role and above.
- Exclude Carrierwave remote URL methods from import.
- Update Nokogiri to fix CVE-2020-7595.
- Prevent updating trigger by other maintainers.
- Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown.

### Fixed (1 change)

- Fix updating the authorized_keys file. !27798


1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838
## 12.9.0 (2020-03-22)

### Security (1 change)

- Update Puma to 4.3.3. !27232

### Removed (3 changes)

- Remove staging from commit workflow in the Web IDE. !26151
- Remove and deprecate snippet content search. !26359
- Remove "Analytics" suffix from the sidebar menu items. !26415

### Fixed (117 changes, 19 of them are from the community)

- Set all NULL `lock_version` values to 0 for issuables. !18418
- Support finding namespace by ID or path on fork API. !20603 (leoleoasd)
- Fixes caret position after pasting an image 15011. !21382 (Carolina Carvalhosa)
- Use of sha instead of ref when creating a new ref on deployment creation. !23170
- Fix logic to determine project export state and add regeneration_in_progress state. !23664
- Create child pipelines dynamically using content from artifact as CI configuration. !23790
- Handle Gitaly failure when fetching license. !24310
- Fix error details layout and alignment for mobile view. !24390
- Added the multiSelect option to stop event propagation when clicking on the dropdown. !24611 (Gwen_)
- Activate Prometheus integration service for newly created project if this project has access to shared Prometheus application. !24676
- Fix Jump to next unresolved thread. !24728
- Require a logged in user to accept or decline a term. !24771
- Fix quick actions executing in multiline inline code when placed on its own line. !24933 (Pavlo Dudchenko)
- Fix timezones for popovers. !24942
- Prevent "Select project to create merge request" button from overflowing out of the viewport on mobile. !25195
- Add validation for updated_at parameter in update Issue API. !25201 (Filip Stybel)
- Elasticsearch: when index is absent warn users and disable index button. !25254
- Fix pipeline details page initialisation on invalid pipeline. !25302 (Fabio Huser)
- Fix bug with sidebar not expanding at certain resolutions. !25313 (Lee Tickett)
- Rescue elasticsearch server error in pod logs. !25367
- Fix project setting approval input in non-sequential order. !25391
- Add responsivity to cluster environments table. !25501
- Board issue due dates appear grey for closed past-due issues. !25507 (rachelfox)
- Fix self monitoring project link. !25516
- Don't track MR deployment multiple times. !25537
- Fix an issue with Group Import members with Owner access level being imported with Maintainer access level. Owner access level is now preserved. !25595
- Allow 0 to be set for pages maximum size per project/group to indicate unlimited size. !25677
- Fix variable passthrough in the SAST CI/CD template when using DinD. !25697
- Drop bridge if downstream pipeline has errors. !25706
- Clean stale background migration jobs. !25707
- Inject CSP values when repository static objects external caching is enabled. !25711
- Fix bug deleting internal project snippets by project maintainer. !25792
- Fix Insights displaying JSON on back navigation. !25801
- Don't show issue as blocked on the issue board if blocking issue is closed. !25817
- Return 503 to the Runner when the object storage is unavailable. !25822
- Ensure temp export data is removed if Group/Project export failed. !25828
- Fix Kubernetes namespace resolution for new DeploymentCluster records. !25853
- Fix links to exposed artifacts in MRs from forks. !25868 (Daniel Stone)
- Keep needs association on the retried build. !25888
- Remove unreachable link from embded dashboard context menu. !25892
- Fix issue importer so it matches issue export format. !25896
- Fix snippet blob viewers for rich and plain data. !25945
- Fix White syntax highlighting theme in Monaco to closely match the Pygments theme. !25966
- Markup tips for Markdown shown while editing wiki pages in other formats. !25974
- Fix code search pagination on a custom branch. !25984
- Fix Snippet content incorrectly caching. !25985
- Fix 500 error caused by Kubernetes logs not being encoded in UTF-8. !25999
- Fix "Add an epic" form. !26003
- Ensure weight changes no longer render duplicate system notes. !26014
- Geo: Show secondary-only setting on only on secondaries. !26029
- Fixes project import failures when user is not part of any groups. !26038
- Fix ImportFailure when restore ci_pipelines:external_pull_request relation. !26041
- Code Review Analytics: Fix review time display. !26057
- Allow to fork to the same namespace and different path via API call. !26062
- Change back internal api return code. !26063
- Create approval todos on update. !26077
- Fix issues missing on epic's page after project import. !26099
- Fix scoped labels rendering in To-Do List. !26146
- Fix 500 Error when using Gitea Importer. !26166
- Fix dev vulnerabilities seeder. !26169
- Use uncached SQL queries for Geo long-running workers. !26187
- Fix infinite spinner on error detail page. !26188
- Generate proper link for Pipeline tab. !26193
- Issue Analytics: Fix svg illustration path for empty state. !26219
- Fix dashboards dropdown if custom dashboard is broken. !26228
- Refresh widget after canceling "Merge When Pipeline Succeeds". !26232
- Fix package file finder for conan packages with a conan_package_reference filter. !26240
- Fixed bug where processing NuGet packages are returned from the Packages API. !26270
- Fix bug committing snippet content when creating the snippet. !26287
- Fix error messages for dashboard clonning process. !26290
- Fix saving preferences with unrelated changes when gitaly timeouts became invalid. !26292
- Allow creating default branch in snippet repositories. !26294
- Container expiration policy settings hide form on API error. !26303
- Prevent unauthorized users to lock an issue from the collapsed sidebar. !26324 (Gilang Gumilar)
- Mark existing LFS object for upload for forks. !26344
- Fix scoped labels rendering in emails. !26347
- Fix issues with non-ASCII plain text files being incorrectly uploaded as binary in the Web IDE. !26360
- Polyfill fetch for Internet Explorer 11. !26366
- Fix avg_cycle_analytics uncaught error and optimize query. !26381
- Fix reversed pipeline order on Project Import. !26390
- Display GitLab issues created via Sentry global integration. !26418
- Fix MergeToRefService raises Gitlab::Git::CommandError. !26465
- Render special references for releases. !26554
- Show git error message updating snippet. !26570
- Support Rails 6 `insert_all!`. !26595
- Fix evidence SHA clipboard hover text. !26608 (Gilang Gumilar)
- Prevent editing weight to scroll to the top. !26613 (Gilang Gumilar)
- Fix spinner in Create MR dropdown. !26679
- Added a padding-right to items in subgroup list. !26791
- Prevent default overwrite for theme and color ID in user API. !26792 (Fabio Huser)
- Fix user registration when smartcard authentication is enabled. !26800
- Correctly send notification on pipeline retry. !26803 (Jacopo Beschi @jacopo-beschi)
- Default to generating blob links for missing paths. !26817
- Fix Mermaid flowchart width. !26848 (julien MILLAU)
- Ensure valid mount point is used by attachments on notes. !26849
- Validate that users selects at least two subnets in EKS Form. !26936
- Fix embeds so that a chart appears only once. !26997
- Fix capybara screenshots path name for rails configuration. !27002
- Fix access to logs when multiple pods exist. !27008
- Fix installation of GitLab-managed crossplane chart. !27040
- Fix bug displaying snippet update error. !27082
- Fix WikiPage#title_changed for paths with spaces. !27087
- Fix backend validation of numeric emoji names. !27101
- Reorder exported relations by primary_key when using Project Export. !27117
- Ensure freshness of settings with project creation. !27156
- Fix bug setting hook env with personal snippets. !27235
- Fix Conan package download_urls and snapshot to return files based on requested conan_package_reference. !27250
- Fixes stop_review job upon expired artifacts from previous stages. !27258 (Jack Lei)
- Fix duplicate labels when moving projects within the same ancestor group. !27261
- Fix project moved message after git operation. !27341
- Fix submodule links to gist.github.com. !27346
- Fix remove special chars from snippet url_to_repo. !27390
- Validate actor against CODEOWNERS entries.
- Fix: tableflip quick action is interpreted even if inside code block. (Pavlo Dudchenko)
- Fix an error with concat method.
- Improved selection of multiple cards. (Gwen_)
- Resolves the disappearance of a ticket when it was moved from the closed list. (Gwen_)

### Deprecated (1 change)

- Remove state column from issues and merge_requests. !25561

### Changed (81 changes, 18 of them are from the community)

- Remove kubernetes workaround in container scanning. !21188
- New styles for scoped labels. !21377
- Update labels in Vue with GlLabel component. !21465
- Update Web IDE clientside preview bundler to use GitLab managed server. !21520
- Allow default time window on grafana embeds. !21884
- Default to first valid panel in unspecified Grafana embeds. !21932
- Correctly style scoped labels in sidebar after updating. !22071
- Add id and image_v432x230 columns to design_management_designs_versions. !22860
- Decouple Webhooks from Integrations within Project > Settings. !23136
- Sort closed issues on issue boards using time of closing. !23442 (briankabiro)
- Differentiate between errors and failures in xUnit result. !23476
- Add 'shard' label for 'job_queue_duration_seconds' metric. !23536
- Migrate mentions for design notes to design_user_mentions DB table. !23704
- Migrate mentions for commit notes to commit_user_mentions DB table. !23859
- Update files when snippet is updated. !23993
- Move issues routes under /-/ scope. !24791
- Migrated the sidebar label select dropdown title component spinner to utilize GlLoadingIcon. !24914 (Raihan Kabir)
- Migrated from .fa-spinner to .spinner in 'app/assets/javascripts/notes.js. !24916 (Raihan Kabir (gitlab/rk4bir))
- Migrated from .fa-spinner to .spinner in app/assets/javascripts/create_merge_request_dropdown.js. !24917 (Raihan Kabir (gitlab/rk4bir))
- Migrated from .fa-spinner to .spinner in app/assets/javascripts/sidebar/components/assignees/assignee_title.vue. !24919 (rk4bir)
- Replace underscore with lodash for ./app/assets/javascripts/deploy_keys. !24965 (Jacopo Beschi @jacopo-beschi)
- Replace underscore with lodash for ./app/assets/javascripts/badges. !24966 (Jacopo Beschi @jacopo-beschi)
- Add commits limit text at graphs page. !24990
- Migrated from .fa-spinner to .spinner in app/assets/javascripts/blob/template_selector.js. !25045 (Raihan Kabir (gitlab/rk4bir))
- Update iOS (Swift) project template logo. !25049
- Sessionless and API endpoints bypass session for admin mode. !25056 (Diego Louzán)
- New loading spinner for attachemnt uploads via discussion boxes. !25057 (Philip Jonas)
- Hide the private commit email in Notification email list. !25099 (briankabiro)
- Replace underscore with lodash in /app/assets/javascripts/blob/. !25113 (rkpattnaik780)
- Allow access to /version API endpoint with read_user scope. !25211
- Use only the first line of the commit message on chat service notification. !25224 (Takuya Noguchi)
- Include invalid directories in wiki title message. !25376
- Replace avatar and favicon upload type consistency validation with content whitelist validation. !25401
- Showing only "Next" button for snippet explore page. !25404
- Moved Deploy Keys from Repository to CI/CD settings. !25444
- Move pod logs to core. !25455
- Improve error messages of failed migrations. !25457
- Hides the "Allowed to fail" tag on jobs that are successful. !25458
- Disable CSRF protection on logout endpoint. !25521 (Diego Louzán)
- Ensure all errors are logged in Group Import. !25619
- Tweak wiki page title handling. !25647
- Add refresh dashboard button. !25716
- Disable draggable behavior on the epic tree chevron (collapse/expand) button. !25729
- Rate limit archive endpoint by user. !25750
- Improve audit log header layout. !25821
- Migrate mentions for merge requests to DB table. !25826
- Align git returned error codes. !25936
- Split cluster info page into tabs. !25940
- Remove visibility check from epic descendant counts. !25975
- Use colon to tokenize input in filtered search. !26072
- Add link to dependency proxy docs on the dependency proxy page. !26092
- Remove Puma notices from AdminArea banner. !26137
- Add airgap support to Dependency Scanning template. !26145
- 27880 Make release notes optional and do not delete release when they are removed. !26231 (Pavlo Dudchenko)
- Limit notification-type broadcast display to web interface. !26236 (Aleksandrs Ļedovskis)
- Update renewal banner link for clearer instructions. !26240
- Special handling for the rich viewer on specific file types. !26260
- Rename pod logs to logs. !26313
- Ensure checksums match when updating repository storage. !26334
- Bump Auto Deploy image to v0.12.1. !26336
- Use cert-manager 0.10 instead of 0.9 for new chart installations. !26345
- Use y-axis format configuration in column charts. !26356
- Add Prometheus metrics for Gitaly and database time in background jobs. !26384
- Batch processing LFS objects downloads. !26434
- Add edit custom metric link to metrics dashboard. !26511
- Remove unused file_type column from packages_package_files. !26527
- Enable client-side GRPC keepalive for Gitaly. !26536
- Use ReplicateRepository when moving repo storage. !26550
- Add functionality to render individual mermaids. !26564
- Sync snippet after Git action. !26565
- In single-file editor set syntax highlighting theme according to user's preference. !26606
- Introduce a feature flag for Notifications for when pipelines are fixed. !26682 (Jacopo Beschi @jacopo-beschi)
- Replace checkbox by toggle for ModSecurity on Cluster App Page. !26720
- Change capybara screenshots files names taken on tests failures. !26788
- Update cluster-applications image to v0.11 with a runner bugfix, updated cert-manager, and vault as a new app. !26842
- Store first commit's authored_date for value stream calculation on merge. !26885
- Group repository contributors by email instead of name. !26899 (Hilco van der Wilk)
- Move authorized_keys operations into their own Sidekiq queue. !26913
- Upgrade Elastic Stack helm chart to 1.9.0. !27011
- Enable customizable_cycle_analytics feature flag by default. !27418
- Deemphasized styles for inline code blocks.

### Performance (41 changes, 1 of them is from the community)

- Cache milestone issue counters and make them independent of user permissions. !21554
- Persist expanded environment name in ci build metadata. !22374
- Diffs load each view style separately, on demand. !24821
- Project repositories are no longer cloned by default when running DAST. !25320
- Enable Workhorse upload acceleration for Project Import API. !25361
- Add API pagination for deployed merge requests. !25733
- Upgrade to Bootsnap 1.4.6. !25844
- Improve performance of Repository#merged_branch_names. !26005
- Fix N+1 in Group milestone view. !26051
- Project Snippets API endpoints check feature status. !26064
- Memoize loading of CI variables. !26147
- Refactor workhorse passthrough URL checker. !26157 (Takuya Noguchi)
- Project Snippets GraphQL resolver checks feature status. !26158
- Improved MR toggle file performance by hiding instead of removing. !26181
- Use Workhorse acceleration for Project Import file upload via UI. !26278
- Improve SnippetsFinder performance with disabled project snippets. !26295
- Add trigram index on snippet description. !26341
- Optimize todos counters in usage data. !26442
- Optimize event counters query performance in usage data. !26444
- Ensure RepositoryLinkFilter handles Gitaly failures gracefully. !26531
- Fix N+1 queries for PipelinesController#index.json. !26643
- Optimize Project related count with slack service. !26686
- Optimize Project counters with respository enabled counter. !26698
- Optimize Deployment related counters. !26757
- Optimize ci_pipelines counters in usage data. !26774
- Improve performance of the "has this commit been reverted?" check. !26784
- Optimize Project counters with pipelines enabled counter. !26802
- Optimize notes counters in usage data. !26871
- Optimize clusters counters query performance in usage data. !26887
- Enable Workhorse upload acceleration for Project Import uploads via API. !26914
- Use process-wide memory cache for feature flags. !26935
- Optimize services usage counters using batch counters. !26973
- Optimize Project related count service desk enabled. !27115
- Swap to UNLINK for Redis set cache. !27116
- Optimize members counters query performance in usage data. !27197
- Use batch counters instead of approximate counters in usage data. !27218
- Enable Redis cache key compression. !27254
- Move feature flag list into process cache. !27511
- Remove duplicate authorization refresh for group members on project creation.
- Optimize project representation in large imports.
- Replace several temporary indexes with a single one to save time when running mentions migration.

### Added (115 changes, 16 of them are from the community)

- Notifications for when pipelines are fixed. !16951 (Jacopo Beschi @jacopo-beschi)
- Backport API support to move between repository storages/shards. !18721 (Ben Bodenmiller)
- Add ability to trigger pipelines when project is rebuilt. !20063
- Add user dismiss option to broadcast messages. !20665 (Fabio Huser)
- Show notices in Admin area when detected any of these cases: Puma, multi-threaded Puma, multi-threaded Puma + Rugged. !21403
- Update git workflows and routes to allow snippets. !21739
- Add Cobertura XML coverage visualization to merge request diff view. !21791 (Fabio Huser)
- Add 2FA support to admin mode feature. !22281 (Diego Louzán)
- GraphQL: Add Board type. !22497 (Alexander Koval)
- Add/update services to delete snippets repositories. !22672
- Render single snippet blob in repository. !23848
- Commit file when snippet is created. !23953
- Addition of the Group Deploy Token interface. !24102
- Allow multiple Slack channels for notifications. !24132
- Import/Export snippet repositories. !24150
- Add custom validator for validating file path. !24223 (Rajendra Kadam)
- Add a bulk processor for elasticsearch incremental updates. !24298
- Send alert emails for generic incident alerts. !24414
- Introduce default branch protection at the group level. !24426
- Add "New release" button to Releases page. !24516
- Nudge users to select a gitlab-ci.yml template. !24622
- Allow enabling/disabling modsecurity from UI. !24747
- Add possibility to track milestone changes on issues and merge requests. !24780
- Allow group/project board to be queried by ID via GraphQL. !24825
- Add functionality to revoke a X509Certificate and update related X509CommitSignatures. !24889 (Roger Meier)
- Update file content of an existing custom dashboard. !25024
- Add deploy tokens instance API endpoint. !25066
- Add support for alert-based metric embeds in GFM. !25075
- Add restrictions for signup email addresses. !25122
- Add accessibility scanning CI template. !25144
- Expose `plan` and `trial` to `/users/:id` endpoint. !25151
- Add "Job Title" field in user settings and display on profile. !25155
- Add endpoint for listing all deploy tokens for a project. !25186
- Add api endpoint for listing deploy tokens for a group. !25219
- Add API endpoint for deleting project deploy tokens. !25220
- Add API endpoint for deleting group deploy tokens. !25222
- Allow users to get Merge Trains entries via Public API. !25229
- Added CI_MERGE_REQUEST_CHANGED_PAGE_* to Predefined Variables reference. !25256
- Add missing arguments to UpdateIssue mutation. !25268
- Add api endpoint to create deploy tokens. !25270
- Automatically include embedded metrics for GitLab alert incidents. !25277
- Allow to create masked variable from group variables API. !25283 (Emmanuel CARRE)
- Add migration to create self monitoring project environment. !25289
- Add deploy and re-deploy buttons to deployments. !25427
- Replaced ACE with Monaco editor for Snippets. !25465
- Add support for user Job Title. !25483
- Add name_regex_keep param to container registry bulk delete API endpoint. !25484
- Add Project template for Gatsby. !25486
- Add filepath to ReleaseLink. !25512
- Added Drop older active deployments project setting. !25520
- Add filepath to release links API. !25533
- Adds new activity panel to package details page. !25534
- Add filepath redirect url. !25541
- Add version column to operations_feature_flags table. !25552
- Filter commits by author. !25597
- Add api endpoint for creating group deploy tokens. !25629
- Expose assets filepath URL on UI. !25635
- Update moved service desk issues notifications. !25640
- Allow chart descriptions for Insights. !25686
- Allow to disable inheritance of default job settings. !25690
- Support more query variables in custom dashboards per project. !25732
- All image diffs (except for renamed files) show the image file size in the diff. !25734
- Optional custom icon in the OmniAuth login labels. !25744 (Tobias Wawryniuk, Luca Leonardo Scorcia)
- Add avatar upload support for create and update group APIs. !25751 (Rajendra Kadam)
- Add properties to the dashboard definition to customize y-axis format. !25785
- Empty state for Code Review Analytics. !25793
- Search issues in GraphQL API by milestone title and assignees. !25794
- Add package_type as a filter option to the packages list API endpoint. !25816
- Add support for configuring remote mirrors via API. !25825 (Rajendra Kadam)
- Display base label in versions drop down. !25834
- Create table & setup operations endpoint for Status Page Settings. !25863
- Update Ingress chart version to 1.29.7. !25949
- Include snippet description as part of snippet title search (basic search). !25961
- Add admin API endpoint to delete Sidekiq jobs matching metadata. !25998
- Add documentation for create remote mirrors API. !26012 (Rajendra Kadam)
- Update charts documentation and common_metrics.yml to enable data formatting. !26048
- Allow issues/merge_requests as an issuable_type in Insights configuration. !26061
- Add migration for Requirement model. !26097
- Create scim_identities table in preparation for newer SCIM features in the future. !26124
- Add web_url attribute to API response for Commits. !26173
- Filter sentry error list by status (unresolved/ignored/resolved). !26205
- Add grape custom validator for sha params. !26220 (Rajendra Kadam)
- Update cluster-applications to v0.9.0. !26242
- Support DotEnv Variables through report type artifact. !26247
- More logs entries are loaded when logs are scrolled to the top. !26254
- Introduce db table to store users statistics. !26261
- Add title to Analytics sidebar menus. !26265
- Added package_name as filter parameter to packages API. !26291
- Added tracking to merge request jump to next thread buttons. !26319 (Martin Hobert)
- Introduce optional expiry date for SSH Keys. !26351
- Show cluster status (FE). !26368
- Add CI template to deploy to ECS. !26371
- Make hostname configurable for smartcard authentication. !26411
- Filter rules by target_branch in approval_settings. !26439
- Add CRUD for Instance-Level Integrations. !26454
- Add vars to allow air-gapped usage of Retire.js (Dependency Scanning). !26463
- Upgrade Pages to 1.17.0. !26478
- Add dedicated Release page for viewing a single Release. !26502
- Allow selecting all queues with sidekiq-cluster. !26594
- Enable feature Dynamic Child Pipeline creation via artifact. !26648
- Generate JSON-formatted a11y CI artifacts. !26687
- Add anchor tags to related issues and related merge requests. !26756 (Gilang Gumilar)
- Added Blob Description Edit component in Vue. !26762
- Added Edit Visibility Vue compoenent for Snippet. !26799
- Add package_type as a filter option to the group packages list API endpoint. !26833
- Update UI for project and group settings CI variables. !26901
- Track merge request cherry-picks. !26907
- Introduce database table for user highest roles. !26987
- Add ability to whitelist ports. !27025
- Add issue summary to Release blocks on the Releases page. !27032
- Support sidekiq-cluster supervision through bin/background_jobs. !27042
- Adds crossplane as CI/CD Managed App. !27374
- Update UI for project and group settings CI variables. !27411
- Add remote mirrors API.
- Add changed pages dropdown to visual review modal.

### Other (66 changes, 22 of them are from the community)

- Make design_management_versions.created_at not null. !20182 (Lee Tickett)
- Drop forked_project_links table. !20771 (Lee Tickett)
- Moves refreshData from issue model to board store. !21409 (nuwe1)
- Use DNT: 1 as an experiment opt-out mechanism. !22100
- Include full path to an upload in api response. !23500 (briankabiro)
- Update Ruby version in official CI templates. !23585 (Takuya Noguchi)
- Schedule worker to migrate security job artifacts to security scans. !24125
- Move namespace of Secure Sidekiq queues. !24340
- Remove spinner from app/views/projects/notes. !25015 (nuwe1)
- Migrate .fa-spinner to .spinner for ee/app/views/shared/members. !25019 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/ide. !25022 (nuwe1)
- Remove spinner from app/views/award_emoji. !25032 (nuwe1)
- Remove .fa-spinner from app/views/projects/forks. !25034 (nuwe1)
- Remove .fa-spinner from app/views/snippets/notes. !25036 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/help. !25037 (nuwe1)
- Replaced underscore with lodash for app/assets/javascripts/lib. !25042 (Shubham Pandey)
- Remove unused loading spinner from badge_settings partial. !25044 (nuwe1)
- Migrate .fa-spinner to .spinner for app/views/projects/find_file. !25051 (nuwe1)
- Migrate .fa-spinner to .spinner for app/assets/javascripts/notes/components/discussion_resolve_button.vue. !25055 (nuwe1)
- Change OmniAuth log format to JSON. !25086
- migrate fa spinner for notification_dropdown.js. !25141 (minghuan)
- Use new loading spinner in Todos dashboard buttons. !25142 (Tsegaselassie Tadesse)
- Refuse to start web server without a working ActiveRecord connection. !25160
- Simplifying colors in the Web IDE. !25304
- Clean up conditional `col-` classes in `nav_dropdown_button.vue`. !25312
- Only load usage ping cron schedule for Sidekiq. !25325
- Update rouge to v3.16.0. !25334 (Konrad Borowski)
- Update project's permission settings description to reflect actual permissions. !25523
- Use clearer error message for pages deploy job when the SHA is outdated. !25659
- Add index on LOWER(domain) for pages_domains. !25664
- Remove repository_storage column from snippets. !25699
- Add instance column to services table. !25714
- Update GitLab Runner Helm Chart to 0.14.0. !25749
- Update loader for various project views. !25755 (Phellipe K Ribeiro)
- Clarify private visibility for projects. !25852
- Do not parse undefined severity and confidence from reports. !25884
- Remove special chars from previous and next items in pagination. !25891
- Update Auto DevOps deployment template's auto-deploy-image to v0.10.0 (updates the included glibc). !25920
- Update DAST auto-deploy-image to v0.10.0. !25922
- Optimize storage usage for newly created ES indices. !25992
- Replace undefined severity with unknown severity for occurrences. !26085
- Replace undefined severity with unknown severity for vulnerabilities. !26305
- Remove unused Snippets#content_types method. !26306
- Change tooltip text for pipeline on last commit widget. !26315
- Resolve Change link-icons on security configuration page to follow design system. !26340
- Put System Metrics chart group first in default dashboard. !26355
- Validates only one service template per type. !26380
- update table layout for error tracking list on medium view ports. !26479
- Validate absence of project_id if service is a template. !26563
- Move sidekiq-cluster script to Core. !26703
- Update GitLab's codeclimate to 0.85.9. !26712 (Eddie Stubbington)
- Bump minimum node version to v10.13.0. !26831
- Remove promoted notes temporary index. !26896
- Update Project Import API rate limit. !26903
- Backfill LfsObjectsProject records of forks. !26964
- Add migration for creating open_project_tracker_data table. !26966
- Fixed SSH warning style. !26992
- Use new codequality docker image from ci-cd group. !27098
- Add tooltip to modification icon in the file tree. !27158
- Upgrade Gitaly gem and fix UserSquash RPC usage. !27372
- Replace issue-external icon with external-link. !208827
- Add keep_divergent_refs to remote_mirrors table.
- Replace issue-duplicate icon with duplicate icon.
- Add confidential attribute to notes table.
- Replace content_viewer_spec setTimeouts with semantic actions / events. (Oregand)
- Improvement in token reference.


1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851
## 12.8.10 (2020-04-30)

### Security (7 changes)

- Ensure MR diff exists before codeowner check.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Prevent ES credentials leak.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.


1852 1853 1854 1855 1856 1857 1858 1859 1860
## 12.8.9 (2020-04-14)

### Security (3 changes)

- Refresh ProjectAuthorization during Group deletion.
- Prevent filename bypass on artifact upload.
- Update rack and related gems to 2.0.9 to fix security issue.


1861 1862
## 12.8.7 (2020-03-16)

1863 1864 1865 1866
### Fixed (1 change, 1 of them is from the community)

- Fix crl_url parsing and certificate visualization. !25876 (Roger Meier)

1867

1868 1869 1870 1871 1872 1873 1874
## 12.8.6 (2020-03-11)

### Security (1 change)

- Do not enable soft email confirmation by default.


1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897
## 12.8.5

### Fixed (8 changes)

- Fix Group Import API file upload when object storage is disabled. !25715
- Fix Web IDE fork modal showing no text. !25842
- Fixed regression when URL was encoded in a loop. !25849
- Fixed repository browsing for folders with non-ascii characters. !25877
- Fix search for Sentry error list. !26129
- Send credentials with GraphQL fetch requests. !26386
- Show CI status in project dashboards. !26403
- Rescue invalid URLs during badge retrieval in asset proxy. !26524

### Performance (2 changes)

- Disable Marginalia line backtrace in production. !26199
- Remove unnecessary Redis deletes for broadcast messages. !26541

### Other (1 change, 1 of them is from the community)

- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)


1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920
## 12.8.4

### Fixed (8 changes)

- Fix Group Import API file upload when object storage is disabled. !25715
- Fix Web IDE fork modal showing no text. !25842
- Fixed regression when URL was encoded in a loop. !25849
- Fixed repository browsing for folders with non-ascii characters. !25877
- Fix search for Sentry error list. !26129
- Send credentials with GraphQL fetch requests. !26386
- Show CI status in project dashboards. !26403
- Rescue invalid URLs during badge retrieval in asset proxy. !26524

### Performance (2 changes)

- Disable Marginalia line backtrace in production. !26199
- Remove unnecessary Redis deletes for broadcast messages. !26541

### Other (1 change, 1 of them is from the community)

- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)


1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943
## 12.8.3

### Fixed (8 changes)

- Fix Group Import API file upload when object storage is disabled. !25715
- Fix Web IDE fork modal showing no text. !25842
- Fixed regression when URL was encoded in a loop. !25849
- Fixed repository browsing for folders with non-ascii characters. !25877
- Fix search for Sentry error list. !26129
- Send credentials with GraphQL fetch requests. !26386
- Show CI status in project dashboards. !26403
- Rescue invalid URLs during badge retrieval in asset proxy. !26524

### Performance (2 changes)

- Disable Marginalia line backtrace in production. !26199
- Remove unnecessary Redis deletes for broadcast messages. !26541

### Other (1 change, 1 of them is from the community)

- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)


1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970
## 12.8.2

### Security (17 changes)

- Update container registry authentication to account for login request when checking permissions.
- Update ProjectAuthorization when deleting or updating GroupGroupLink.
- Prevent an endless checking loop for two merge requests targeting each other.
- Update user 2fa when accepting a group invite.
- Fix for XSS in branch names.
- Prevent directory traversal through FileUploader.
- Run project badge images through the asset proxy.
- Check merge requests read permissions before showing them in the pipeline widget.
- Respect member access level for group shares.
- Remove OID filtering during LFS imports.
- Protect against denial of service using pipeline webhook recursion.
- Expire account confirmation token.
- Prevent XSS in admin grafana URL setting.
- Don't require base_sha in DiffRefsType.
- Sanitize output by dependency linkers.
- Recalculate ProjectAuthorizations for all users.
- Escape special chars in Sentry error header.

### Other (1 change, 1 of them is from the community)

- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)


1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981
## 12.8.1

### Fixed (5 changes)

- Fix markdown layout of incident issues. !25352
- Time series extends axis options correctly. !25399
- Fix "Edit Release" page. !25469
- Fix upgrade failure in EE displaying license. !25788
- Fixed last commit widget when Gravatar is disabled.


1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450
## 12.8.0

### Security (6 changes, 2 of them are from the community)

- Upgrade Doorkeeper to 4.4.3 to address CVE-2018-1000211. !20953
- Upgrade Doorkeeper to 5.0.2. !21173
- Update webpack related packages. !22456 (Takuya Noguchi)
- Update rubyzip gem in qa tests to 1.3.0 to fix CVE-2019-16892. !24119
- Update GraphicsMagick from 1.3.33 to 1.3.34. !24225 (Takuya Noguchi)
- Update handlebars to remove issues from dependency dashboard.

### Removed (2 changes, 1 of them is from the community)

- Remove temporary index at services on project_id. !24263
- Remove CI status from Projects Dashboard. !25225 (George Thomas @thegeorgeous)

### Fixed (136 changes, 21 of them are from the community)

- When a namespace GitLab Subscription expires, disable SSO enforcement. !21135
- Fix bug with snippet counts not being scoped to current authorisation. !21705
- Log user last activity on REST API. !21725
- Create LfsObjectsProject record for forks as well. !22418
- Limit size of diffs returned by /projects/:id/repository/compare API endpoint. !22658
- Fix spacing and UI on Recent Deliveries section of Project Services. !22666
- Improve error messages when adding a child epic. !22688
- Fixes a new line issue with suggestions in the last line of a file. !22732
- Use POSTGRES_VERSION variable in Auto DevOps Test stage. !22884 (Serban Marti)
- Include milestones from subgroups in the list of Group Milestones. !22922
- Authenticate user when scope is passed to events api. !22956 (briankabiro)
- Limit productivity analytics graph y-axis scale to whole numbers. !23140
- Fix GraphiQL when GitLab is installed under a relative URL. !23143 (Mathieu Parent)
- Stop NoMethodError happening for 1.16+ Kubernetes clusters. !23149
- Fix advanced global search permissions for guest users. !23177
- Fix JIRA DVCS retrieving repositories. !23180
- Fix logs api etag issues with elasticsearch. !23249
- Add border radius and remove blue outline on recent searches filter. !23266
- Fix premailer and S/MIME emailer hooks order. !23293 (Diego Louzán)
- Fix Web IDE alert message look and feel. !23300 (Sean Nichols)
- Ensure that error tracking frontend only polls when required. !23305
- Fixes spacing issue in modal footers. !23327
- Fix POST method in dashboard link for disabling admin mode. !23363 (Diego Louzán)
- Fix Markdown not rendering on releases page. !23370
- Fix pipeline status loading errors on project dashboard page caused by Gitaly connection failures. !23378
- Improve message UI on Microsoft Teams notification. !23385 (Takuya Noguchi)
- Use state machine in Merge Train to avoid race conditions. !23395
- Prevent DAG builds to run after skipped need build. !23405
- Fixes AutoMergeProcessWorker failing when merge train service is not available for a merge request. !23407
- Fix error when assigning an existing asignee. !23416
- Fix outdated MR security warning message. !23496
- Fix missing API notification argument for Microsoft Teams. !23571 (Seiji Suenaga)
- Support the bypass 2FA function with ADFS SAML. !23615
- Require other stages than .pre and .post. !23629
- Remove the OpenSSL include within SMIME email signing. !23642 (Roger Meier)
- Fix custom charts in monitoring dashboard shrinking. !23649
- Correctly render mermaid digrams inside details blocks. !23662
- Fix Pipeline failed notification email not being delivered if the failed job is a bridge job. !23668
- Call DetectRepositoryLanguagesWorker only for project repositories. !23696
- Fix emails on push integrations created before 12.7. !23699
- Fix hash parameter of Permalink and Blame button. !23713
- Task lists work correctly again on closed MRs. !23714
- Fix broken link to documentation. !23715
- Trim extra period when merge error displayed. !23737
- Skip squashing with only one commit in a merge request. !23744
- Fix 500 error when trying to unsubscribe from an already deleted entity. !23747
- Fix some of the file encoding issues when uploading in the Web IDE. !23761
- Remove keep button for non archive artifacts. !23762
- Ensure all Project records have a corresponding ProjectFeature record. !23766
- Fix design of snippet search results page. !23780
- Fix Merge Request comments when some notes are corrupt. !23786
- Add optional angle brackets in address_regex. !23797 (Max Winterstein)
- Eliminate statement timeouts when namespace is blank. !23839
- Remove unstaged and staged modification tooltip. !23847
- Allow Owner access level for sharing groups with groups. !23868
- Allow running child pipelines as merge request pipelines. !23884
- Fix user popover glitch. !23904
- Return 404 when repository archive cannot be retrieved. !23926
- Fix 503 errors caused by Gitaly failures during project_icon lookup. !23930
- Fix showing 'NaN files' when a MR diff does not have any changes. !24002
- Label MR test modal execution time as seconds. !24019
- Fix copy markdown with elements with no text content. !24020
- Disable pull mirror importing for archived projects. !24029
- Remove gray color from diff buttons. !24041
- Prevent project path namespace overflow during import. !24042 (George Tsiolis)
- Fix JIRA::HTTPError initialize parameter. !24060
- Fix multiline issue when loading env vars from DinD in SAST. !24108
- Clean backgroud_migration queue from ActivatePrometheusServicesForSharedCluster jobs. !24135
- Fix quoted-printable encoding for unicode and newlines in mails. !24153 (Diego Louzán)
- Replace artifacts via Runner API if already exist. !24165
- Port `trigger` keyword in CI config to Core. !24191
- Fix race condition bug in Prometheus managed app update process. !24228
- Hide label tooltips when dragging board cards. !24239
- Fix dropdown caret not being positioned correctly. !24273
- Enable recaptcha check on sign up. !24274
- Avoid loading user activity calendar on mobile. !24277 (Takuya Noguchi)
- Resolve Design discussion note preview is broken. !24288
- Query projects of subgroups in productivity analytics. !24335
- Query projects of subgroups in Cycle Analytics. !24392
- Fix backup restoration with pre-existing wiki. !24394
- Fix duplicated user popovers. !24405
- Fix inconditionally setting user profile to public when updating via API and private_profile parameter is not present in the request. !24456 (Diego Louzán)
- Enable Web IDE on projects without Merge Requests. !24508
- Avoid double encoding of credential while importing a Project by URL. !24514
- Redact push options from error logs. !24540
- Fix merge train unnecessarily retries pipeline by a race condition. !24566
- Show selected template type when clicked. !24596
- Don't leak entire objects into the error log when rendering markup fails. !24599
- Fix blobs search API degradation. !24607
- Sanitize request parameters in exceptions_json.log. !24625
- Add styles for board list labels when text is too long. !24627
- Show blocked status for all blocked issues on issue boards. !24631
- Ensure board lists are sorted consistently. !24637
- Geo: Fix GeoNode name in geo:update_primary_node_url rake task. !24649
- Fix link to base domain help in clusters view. !24658
- Fix false matches of substitution-based quick actions in text. !24699
- Fix pipeline icon background in Web IDE. !24707
- Fix job page not loading because kuberenetes/prometheus URL is blocked. !24743
- Fix signature badge popover on Firefox. !24756
- Avoid autolinking YouTrack issue numbers followed by letters. !24770 (Konrad Borowski)
- Fix 500 error while accessing Oauth::ApplicationsController without a valid session. !24775
- Ensure a valid mount_point is used by the AvatarUploader. !24800
- Fix k8s logs alert display state. !24802
- Squelch Snowplow tracker log messages. !24809
- Fix code line and line number alignment in Safari. !24820
- Fixed default-branch link under Pipeline Subscription settings. !24834 (James Johnson)
- Do not remove space from project name in Slack. !24851
- Drop etag cache on logs API. !24864
- Revert rename services template to instance migration. !24885
- Geo: Don't clean up files in object storage when Geo is responsible of syncing them. !24901
- Add missing colors on the monitoring dashboards. !24921
- Upgrade omniauth-github gem to fix GitHub API deprecation notice. !24928
- dragoon20. !24958 (Jordan Fernando)
- Fix bug rendering BlobType markdown data. !24960
- Use closest allowed visibility level on group creation when importing groups using Group Import/Export. !25026
- Extend the list of excluded_attributes for group on Group Import. !25031
- Update broken links to Cloud Run for Anthos documentation. !25159
- Fix autocomplete limitation bug. !25167
- Fix Group Import existing objects lookup when description attribute is an empty string. !25187
- Fix N+1 queries caused by loading job artifacts archive in pipeline details entity. !25250
- Fix sidekiq jobs not always getting a database connection when running with low concurrency. !25261
- Fix overriding the image pull policy from a values file for Auto Deploy. !25271 (robcalcroft)
- Pin Auto DevOps Docker-in-Docker service image to work around pull timeouts. !25286
- Remove name & path from list of excluded attributes during Group Import. !25342
- Time series extends axis options correctly. !25399
- Fix "Edit Release" page. !25469
- Ensure New Snippet button is displayed based on the :create_snippet permission in Project Snippets page and User profile > Snippets tab. !55240
- Fix wrong MR link is shown on pipeline failure email.
- Fix issue count wrapping on board list.
- Allow long milestone titles on board lists to be truncated.
- Update styles for pipeline status badge to be correctly vertically centered in project pipeline card. (Oregand)
- MVC for assignees avatar dissapearing when opening issue sidebar in board. (Oregand)
- Fix application settings not working with pending migrations.
- Rename too long migration filename to address gem packaging limitations.
- Add more accurate way of counting remaining background migrations before upgrading.
- update main javascript file to only apply right sidebar class when an aside is present. (Oregand)

### Deprecated (2 changes)

- Move repository routes under - scope. !20455
- Move merge request routes under /-/ scope. !21126

### Changed (82 changes, 13 of them are from the community)

- Move the clone button to the tree controls area. !17752 (Ablay Keldibek)
- Add experimental --queue-selector option to sidekiq-cluster. !18877
- Truncate related merge requests list in pipeline view. !19404
- Increase pipeline email notification from 10 to 30 lines. !21728 (Philipp Hasper)
- Sets size limits on data loaded async, like deploy boards and merge request reports. !21871
- Deprecate /admin/application_settings in favor of /admin/application_settings/general. The former path is to be removed in 13.0. !22252 (Alexander Oleynikov)
- Migrate epic, epic notes mentions to respective DB table. !22333
- Restyle changes header & file tree. !22364
- Let tie breaker order follow primary sort direction (API). !22795
- Allow SSH keys API endpoint to be requested for a given username. !22899 (Rajendra Kadam)
- Allow to deploy only forward deployments. !22959
- Add blob and blob_viewer fields to graphql snippet type. !22960
- Activate new project integrations by default. !23009
- Rename Custom hooks to Server hooks. !23064
- Reorder signup omniauth options. !23082
- Cycle unresolved threads. !23123
- Rename 'GitLab Instance Administration' project to 'GitLab self monitoring' project. !23182
- Update pipeline status copy in deploy footer. !23199
- Allow users to read broadcast messages via API. !23298 (Rajendra Kadam)
- Default the `creation of a Mattermost team` checkbox to false. !23329 (briankabiro)
- Makes the generic alerts endpoint available with the free tier. !23339
- Allow to switch between cloud providers in cluster creation screen. !23362
- Rename cycle analytics interfaces to value stream analytics. !23427
- Upgrade to Gitaly v1.83.0. !23431
- Groups::ImportExport::ExportService to require admin_group permission. !23434
- Bump ingress managed app chart to 1.29.3. !23461
- Add support for stacked column charts. !23474
- Remove kibana_hostname column from clusters_applications_elastic_stacks table. !23503
- Update rebasing to use the new two-phase Gitaly Rebase RPC. !23546
- Fetch merge request widget data asynchronous. !23594
- Include issues created in GitLab on error tracking details page. !23605
- Add Epics Activity information to Group Export. !23613
- Copy issues routing under - scope. !23779
- Make Explore Projects default to All. !23811
- Migrate CI CD statistics + duration chart to VueJS. !23840
- Use NodeUpdateService for updating Geo node. !23894 (Rajendra Kadam)
- Add support for column charts. !23903
- Update PagesDomains data model for serverless domains. !23943
- Upgrade to Gitaly v1.85.0. !23945
- Change vague copy to clipboard icon to a clearer icon. !23983
- Add award emoji information of Epics and Epic Notes to Group Import/Export. !24003
- Make name, email, and location attributes readonly for LDAP enabled instances. !24049
- Migrate CI CD pipelines charts to ECharts. !24057
- Include license_scanning to index_ci_builds_on_name_for_security_products_values. !24090
- Add mode field to snippet blob in GraphQL. !24157
- Switch order of tabs in Web IDE nav dropdown. !24199
- Hide comment button if on diff HEAD. !24207
- Move commit routes under - scope. !24279
- Move security routes under - scope. !24287
- Restyle Merge Request diffs file tree. !24342
- Limit length of wiki file/directory names. !24364
- Admin mode support in sidekiq jobs. !24388 (Diego Louzán)
- Expose theme and color scheme user preferences in API. !24409
- Remove username lookup when mapping users when importing projects using Project Import/Export and rely on email only. !24464
- Extend logs retention to period from 15 to 30 days. !24466
- Move analytics pages under the sidebar for projects and groups. !24470
- Rename 'Kubernetes configured' button. !24487
- Test reports in the pipeline details page will now load when clicking the tests tab. !24577
- Move Settings->Operations->Incidents to the Core. !24600
- Upgrade to Gitaly v1.86.0. !24610
- Conan packages are validated based on full recipe instead of name/version alone. !24692
- WebIDE: Support # in branch names. !24717
- Move Merge Request from right sidebar of Web IDE to bottom bar. !24746
- Updated cluster-applications to v0.7.0. !24754
- Add migration to save Instance Administrators group ID in application_settings table. !24796
- Add percentile value support to single stat panel types. !24813
- Parse filebeat modsec logs as JSON. !24836
- Add plain_highlighted_data field to SnippetBlobType. !24856
- Add Board Lists to Group Export. !24863
- Replace underscore with lodash for ./app/assets/javascripts/mirrors. !24967 (Jacopo Beschi @jacopo-beschi)
- Replace underscore with lodash in /app/assets/javascripts/helpers. !25014 (rkpattnaik780)
- Migrate from class .fa-spinner to .spinner in app/assets/javascripts/gfm_auto_complete.js. !25039 (rk4bir)
- Update cluster-applications to v0.8.0. !25138
- Limit size of params array in JSON logs to 10 KiB. !25158
- Omit error details from previous attempt in Sidekiq JSON logs. !25161
- Remove unnecessary milestone join tables. !25198
- Upgrade to Gitaly v1.87.0. !25370
- Drop signatures in email replies. !25389 (Diego Louzán)
- update service desk project to use GlLoadingIcon over font awesome spinner. (Oregand)
- Search group-level objects among all ancestors during project import.
- Add broadcast type to API.
- Changed color of allowed to fail badge from danger to warning.

### Performance (22 changes, 1 of them is from the community)

- Check mergeability of MR asynchronously. !21026
- Fix query performance in PipelinesFinder. !21092
- Fix usage ping timeouts with batch counters. !22705
- Remove N+1 query for profile notifications. !22845 (Ohad Dahan)
- Limit page number on explore/projects. !22876
- Prevent unnecessary Gitaly calls when rendering comment excerpts in todos and activity feed. !23100
- Eliminate Gitaly N+1 queries loading submodules. !23292
- Optimize page loading of Admin::RunnersController#show. !23309
- Improve performance of the Container Registry delete tags API. !23325
- Don't allow Gitaly calls to exceed the worker timeout set for unicorn or puma. !23510
- Use CTE optimization fence for loading projects in dashboard. !23754
- Optimize ref name lookups in archive downloads. !23890
- Change broadcast message index. !23986
- Add index to audit_events (entity_id, entity_type, id). !23998
- Remove unneeded indexes on projects table. !24086
- Load maximum 1mb blob data for a diff file. !24160
- Optimize issue search when sorting by weight. !24208
- Optimize issue search when sorting by due date and position. !24217
- Refactored repository browser to use Vue and GraphQL. !24450
- Improvement to merged_branch_names cache. !24504
- Destroy user associations in batches like we do with projects. !24641
- Cache repository merged branch names by default. !24986

### Added (137 changes, 46 of them are from the community)

- x509 signed commits using openssl. !17773 (Roger Meier)
- Allow keyboard shortcuts to be disabled. !18782
- Add API endpoints for 'soft-delete for groups' feature. !19430
- Add UI for 'soft-delete for groups' feature. !19483
- Introduce project_settings table. !19761
- Expose current and last IPs to /users endpoint. !19781
- Add Group Import API endpoint & update Group Import/Export documentation. !20353
- Show Kubernetes namespace on job show page. !20983
- Add admin settings panel for instance-level serverless domain (behind feature flag). !21222
- Filter merge requests by approvals (API). !21379
- Expose is_using_seat attribute for Member in API. !21496
- Add querying of Sentry errors to Graphql. !21802
- Extends 'Duplicate dashboard' feature, by including custom metrics added to GitLab-defined dashboards. !21923
- Add tab width option to user preferences. !22063 (Alexander Oleynikov)
- Add iid to operations_feature_flags and backfill. !22175
- Support retrieval of disk statistics from Gitaly. !22226 (Nels Nelson)
- Implement allowing empty needs for jobs in DAG pipelines. !22246
- Create snippet repository when it's created. !22269
- When switching to a file permalink, just change the URL instead of triggering a useless page reload. !22340
- Packages published to the package registry via CI/CD with a CI_JOB_TOKEN will display pipeline information on the details page. !22485
- Add users memberships endpoints for admins. !22518
- Add cilium to the managed cluster apps template. !22557
- Add WAF Anomaly Summary service. !22736
- Introduce license_scanning CI template. !22773
- Add extra fields to the application context. !22792
- Add selective sync support to Geo Nodes API update endpoint. !22828 (Rajendra Kadam)
- Add validation for custom PrometheusDashboard. !22893
- Sync GitLab issue back to Sentry when created in GitLab. !23007
- Add new Elastic Stack cluster application for pod log aggregation. !23058
- NPM dist tags will now be displayed on the package details page. !23061
- Add show routes for group and project repositories_controllers and add pagination to the index responses. !23151
- Add pages_access_level to projects API. !23176 (Mathieu Parent)
- Document CI job activity limit for pipeline creation. !23246
- Update Praefect docs for subcommand. !23255
- Add CI variables to provide GitLab port and protocol. !23296 (Aidin Abedi)
- Seprate 5 classes in separate files from entities. !23299 (Rajendra Kadam)
- Upgrade pages to 1.14.0. !23317
- Indicate Sentry error severity in GitLab. !23346
- Sync GitLab issues with Sentry plugin integration. !23355
- Backfill missing GraphQL API Group type properties. !23389 (Fabio Huser)
- Allow setting minimum concurrency for sidekiq-cluster processes. !23408
- Geo: Add tables to prepare to replicate package files. !23447
- Update deploy token architecture to introduce group-level deploy tokens. !23460
- Add tags, external_base_url, gitlab_issue to Sentry Detailed Error graphql. !23483
- Reverse actions for resolve/ignore Sentry issue. !23516
- Add deploy_token_type column to deploy_tokens table. !23530
- Add ability to hide GraphQL fields using GitLab Feature flags. !23563
- Add can_create_merge_request_in to /project/:id API response. !23577
- Close related GitLab issue on Sentry error resolve. !23610
- Add emails_disabled to projects API. !23616 (Mathieu Parent)
- Expose group milestones on GraphQL. !23635
- Add support for lsif artifact report. !23672
- Displays package tags next to the name on the new package list page. !23675
- Collect release evidence at release timestamp. !23697
- Create conditional Enable Review App button. !23703
- Add CI variables to configure bundler-audit advisory database (Dependency Scanning). !23717
- Add API to "Play" a scheduled pipeline immediately. !23718
- Add selective sync support to Geo Nodes API create endpoint. !23729 (Rajendra Kadam)
- Refactor user entities into own class files. !23730 (Rajendra Kadam)
- Replace Net::HTTP with Gitlab::HTTP in rake gitlab:geo:check. !23741 (Rajendra Kadam)
- Add separate classes for user related entities for email, membership, status. !23748 (Rajendra Kadam)
- Add Sentry error stack trace to GraphQL API. !23750
- Allow for relative time ranges in metrics dashboard URLs. !23765
- Add non_archived param to issues API endpoint to filter issues from archived projects. !23785
- Add separate classes for project hook, identity, export status. !23789 (Rajendra Kadam)
- Create snippet repository model. !23796
- Add non_archived param to group merge requests API endpoint to filter MRs from non archived projects. !23809
- Change `Rename` to `Rename/Move` in Web IDE Dropdown. !23877
- Add separate classes for project related classes. !23887 (Rajendra Kadam)
- Added search box to dashboards dropdown in monitoring dashboard. !23906
- Display operations feature flag internal ids. !23914
- Enable search and filter in environments dropdown in monitoring dashboard. !23942
- Add GraphQL mutation to restore multiple todos. !23950
- Add migration to create resource milestone events table. !23965
- Add cycle analytics duration chart with median line. !23971
- Support require_password_to_approve in project merge request approvals API. !24016
- Add updateImageDiffNote mutation. !24027
- Upgrade Pages to 1.15.0. !24043
- Updated package details page header to begin updating the page design. !24055
- Added migration which adds project_key column to service_desk_settings. !24063
- Separate project and group entities into own class files. !24070 (Rajendra Kadam)
- Separate commit entities into own class files. !24085 (Rajendra Kadam)
- Add delete identity endpoint on the users API. !24122
- Add search support for protected branches API. !24137
- Dark syntax highlighting theme for Web IDE. !24158
- Added NuGet package installation instructions to package details page. !24162
- Expose issue link type in REST API. !24175
- Separate snippet entities into own class files. !24183 (Rajendra Kadam)
- Support for table of contents tag in GitLab Flavored Markdown. !24196
- Add GET endpoint to LDAP group link API. !24216
- Add API to enable and disable error tracking settings. !24220 (Rajendra Kadam)
- Separate protected and issuable entities into own class files. !24221 (Rajendra Kadam)
- Separate issue entities into own class files. !24226 (Rajendra Kadam)
- Make smarter user suggestions for assign slash commands. !24294
- Add loading icon to clusters being created. !24370
- Allow a grace period for new users to confirm their email. !24371
- Separate merge request entities into own class files. !24373 (Rajendra Kadam)
- Create an environment for self monitoring project. !24403
- Add blocked icon on issue board card. !24420
- Add blocking issues feature. !24460
- Wait for elasticsearch to be green on install. !24489
- Separate key and other entities into own class files. !24495 (Rajendra Kadam)
- Implement support of allow_failure keyword for CI rules. !24605
- Adds path to edit custom metrics in dashboard response. !24645
- Add tooltip when dates in date picker are too long. !24664
- API: Ability to list commits in order (--topo-order). !24702
- Separate note entities into own class files. !24732 (Rajendra Kadam)
- Separate 5 classes into own entities files. !24745 (Rajendra Kadam)
- Set default dashboard for self monitoring project. !24814
- Create operations strategies and scopes tables. !24819
- Separate access entities into own class files. !24845 (Rajendra Kadam)
- Refactor error tracking specs and add validation to enabled field in error tracking model. !24892 (Rajendra Kadam)
- Separate service entities into own class files. !24936 (Rajendra Kadam)
- Separate label entities into own class files. !24938 (Rajendra Kadam)
- Separate board, list and other entities into own class files. !24939 (Rajendra Kadam)
- Separate entities into own class files. !24941 (Rajendra Kadam)
- Separate tag and release entities into own class files. !24943 (Rajendra Kadam)
- Separate job entities into own class files. !24948 (Rajendra Kadam)
- Separate entities into own class files. !24950 (Rajendra Kadam)
- Separate environment entities into own class files. !24951 (Rajendra Kadam)
- Display the y-axis on the range of data value in the chart. !24953
- Separate token and template entities into own class files. !24955 (Rajendra Kadam)
- Separate token entities into own class files. !24974 (Rajendra Kadam)
- Separate JobRequest entities into own class files. !24977 (Rajendra Kadam)
- Separate entities into own class files. !24985 (Rajendra Kadam)
- Separate page domain entities into own class files. !24987 (Rajendra Kadam)
- add avatar_url in job webhook, and email in pipeline webhook. !24992 (Guillaume Micouin)
- Separate Application and Blob entities into own class files. !24997 (Rajendra Kadam)
- Separate badge entities into own class files. !25116 (Rajendra Kadam)
- Separate provider, platform and post receive entities into own class files. !25119 (Rajendra Kadam)
- Separate cluster entities into own class files. !25121 (Rajendra Kadam)
- Container Registry tag expiration policy settings. !25123
- Upgrade pages to 1.16.0. !25238
- Added "Prohibit outer fork" setting for Group SAML. !25246
- Separate project entity into own class file. !25297 (Rajendra Kadam)
- Add license FAQ link to license expired message.
- Add broadcast types to broadcast messages.

### Other (55 changes, 15 of them are from the community)

- Upgrade to Rails 6. !19891
- refactoring gl_dropdown.js to use ES6 classes instead of constructor functions. !20488 (nuwe1)
- Creates a standalone vulnerability page. !20734
- Auto generated wiki commit message containing HTML encoded entities. !21371 (2knal)
- removes store logic from issue board models. !21391 (nuwe1)
- removes store logic from issue board models. !21404 (nuwe1)
- Reducing whitespace in group list to show more on screen and reduce vertical scrolling. !21584
- Geo: Include host when logging. !22203
- Add rate limiter to Project Imports. !22644
- Use consistent layout in cluster advanced settings. !22656
- Replace custom action array in CI header bar with <slot>. !22839 (Fabio Huser)
- Fix visibility levels of subgroups to be not higher than their parents' level. !22889
- Update pg gem to v1.2.2. !23237
- Remove milestone_id from epics. !23282 (Lee Tickett)
- Remove button group for edit and web ide in file header. !23291
- Update GitLab Runner Helm Chart to 0.13.0/12.7.0. !23308
- Remove storage_version column from snippets. !23315
- Upgrade acme-client to v2.0.5. !23498
- Make rake -T output more consistent. !23550
- Show security report outdated message for only Active MRs. !23575
- Update Kaminari templates to match gl-pagination's markup. !23582
- Update GitLab Runner Helm Chart to 0.13.1 (GitLab Runner 12.7.1). !23588
- Remove unused Code Hotspots database tables. !23590
- Remove self monitoring feature flag. !23631
- Store security scans run in CI jobs. !23669
- More verbose JiraService error logs. !23688
- Rename Cloud Run on GKE to Cloud Run for Anthos. !23694
- Update links related to MR approvals in UI. !23948
- Migrate issue tracker data to data field tables. !24076
- Updated icon for copy-to-clipboard button. !24146
- Add specialized index to packages_packages database table. !24182
- Bump auto-deploy-image for Auto DevOps deploy to 0.9.1. !24231
- Bump DAST deploy auto-deploy-image to 0.9.1. !24232
- Move contribution analytics chart to echarts. !24272
- Minor text update to IDE commit to branch disabled tooltip. !24521
- Promote stackprof into a production gem. !24564
- Replace unstructured application logs with structured (JSON) application logs in the admin interface. !24614
- Move insights charts to echarts. !24661
- Improve UX of optional fields in Snippets form. !24762
- Update snippets empty state and remove explore snippets button. !24764
- Backfill LfsObjectsProject records of forks. !24767
- Update button margin of various empty states. !24806
- Update loading icon in Value Stream Analytics view. !24861
- Replace underscore with lodash for ./app/assets/javascripts/serverless. !25011 (Tobias Spagert)
- Replaced underscore with lodash for spec/javascripts/vue_shared/components. !25018 (Shubham Pandey)
- Replaced underscore with lodash for spec/javascripts/badges. !25135 (Shubham Pandey)
- Replace underscore with lodash for ./app/assets/javascripts/error_tracking. !25143 (Tobias Spagert)
- Destroy the OAuth application when Geo secondary becomes a primary. !25154 (briankabiro)
- Refactored snippets view to Vue. !25188
- Updated ui elements in wiki page creation. !25197 (Marc Schwede)
- Internationalize messages for group audit events. !25233 (Takuya Noguchi)
- Add a link to the variable priority override section from triggers page. !25264 (DFredell)
- Track usage of merge request file header buttons. (Oregand)
- Switch dropdown operators to lowercase.
- Add clarifying content to account fields.


2451 2452 2453 2454 2455 2456 2457 2458 2459
## 12.7.9 (2020-04-14)

### Security (3 changes)

- Refresh ProjectAuthorization during Group deletion.
- Prevent filename bypass on artifact upload.
- Update rack and related gems to 2.0.9 to fix security issue.


2460 2461
## 12.7.5

2462 2463 2464 2465 2466 2467 2468
### Fixed (4 changes, 1 of them is from the community)

- Add accidentally deleted project config for custom apply suggestions. !23687 (Fabio Huser)
- Fix database permission check for triggers on Amazon RDS. !24035
- Fix applying the suggestions with an empty custom message. !24144
- Remove invalid data from issue_tracker_data table.

2469

2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492
## 12.7.3

### Security (17 changes, 1 of them is from the community)

- Fix xss on frequent groups dropdown. !50
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type.
- Cleanup todos for users from a removed linked group.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.


2493 2494
## 12.7.1

2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507
### Fixed (6 changes)

- Fix loading of sub-epics caused by wrong subscription check. !23184
- Fix Bitbucket Server importer error handler. !23310
- Fixes random passwords generated not conforming to minimum_password_length setting. !23387
- Reverts MR diff redesign which fixes Web IDE visual bugs including file dropdown not showing up. !23428
- Allow users to sign out on a read-only instance. !23545
- Remove invalid data from jira_tracker_data table. !23621

### Added (1 change)

- Close Issue when resolving corresponding Sentry error. !22744

2508

2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826
## 12.7.0

### Security (6 changes, 2 of them are from the community)

- Ensure content matches extension on image uploads. !20697
- Update set-value from 2.0.0 to 2.0.1. !22366 (Takuya Noguchi)
- Update rdoc to 6.1.2. !22434
- Upgrade json-jwt to v1.11.0. !22440
- Update webpack from 4.40.2 to 4.41.5. !22452 (Takuya Noguchi)
- Update rack-cors to 1.0.6. !22809

### Removed (2 changes)

- Remove feature flag 'use_legacy_pipeline_triggers' and remove legacy tokens. !21732
- Add deprecation warning to Rake tasks in sidekiq namespace.

### Fixed (91 changes, 7 of them are from the community)

- Remove extra whitespace in user popover. !19938
- Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !19956
- Fix pages size limit setting in database if it is above the hard limit. !20154
- Support dashes in LDAP group CN for sync on users first log in. !20402
- Users without projects use a license seat in a non-premium license. !20664
- Add fallbacks and proper errors for diff file creation. !21034
- Authenticate API requests with job tokens for Rack::Attack. !21412
- Tasks in HTML comments are no longer incorrectly detected. !21434
- Hide mirror admin actions from developers. !21569
- !21542 Part 3: Handle edge cases in stage and unstage mutations. !21676
- Web IDE: Fix Incorrect diff of deletion and addition of the same file. !21680
- Fix bug when clicking on same note twice in Firefox. !21699 (Jan Beckmann)
- Fix "No changes" empty state showing up in changes tab, despite there being changes. !21713
- Require group owner to have linked SAML before enabling Group Managed Accounts. !21721
- Fix README.txt not showing up on a project page. !21763 (Alexander Oleynikov)
- Fix MR diffs file count increments while batch loading. !21764
- When sidekiq-cluster is asked to shutdown, actively terminate any sidekiq processes that don't finish cleanly in short order. !21796
- Prevent MergeRequestsController#ci_environment_status.json from making HTTP requests. !21812
- Fix issue: Discard button in Web IDE does nothing. !21902
- Fix "Discard" for newly-created and renamed files. !21905
- Add epic milestone sourcing foreign key. !21907
- Fix transferring groups to root when EE features are enabled. !21915
- Show regular rules without approvers. !21918
- Resolve "Merge request discussions API doesn't reject an error input in some case". !21936
- fix CSS when board issue is collapsed. !21940 (allenlai18)
- Properly check a task embedded in a list with no text. !21947
- Process quick actions when using Service Desk templates. !21948
- Sidebar getting partially hidden behind the content block. !21978 (allenlai18)
- Fix bug in Container Scanning report remediations. !21980
- Return empty body for 204 responses in API. !22086
- Limit the amount of time ChatNotificationWorker waits for the build trace. !22132
- Return 503 error when metrics dashboard has no connectivity. !22140
- Cancel running pipelines when merge request is dropped from merge train. !22146
- Fix: undefined background migration classes for EE-CE downgrades. !22160
- Check both SAST_DISABLE and SAST_DISABLE_DIND when executing SAST job template. !22166
- Check both DEPENDENCY_SCANNING_DISABLED and DS_DISABLE_DIND when executing Dependency Scanning job template. !22172
- Stop exposing MR refs in favor of persistent pipeline refs. !22198
- Display login or register widget only if user is not logged in. !22211
- Fix milestone quick action to handle ancestor group milestones. !22231
- Fix RefreshMergeRequestsService raises an exception and unnecessary sidekiq retry. !22262
- Make BackgroundMigrationWorker backward compatible. !22271
- Update foreign key constraint for personal access tokens. !22305
- Fix markdown table border colors. !22314
- Retry obtaining Let's Encrypt certificates every 2 hours if it wasn't successful. !22336
- Disable Prometheus metrics if initialization fails. !22355
- Make jobs with resource group cancellable. !22356
- Fix bug when trying to expose artifacts and no artifacts are produced by the job. !22378
- Gracefully error handle CI lint errors in artifacts section. !22388
- Fix GitLab plugins not working without hooks configured. !22409
- Prevent omniauth signup redirect loop. !22432 (Balazs Nagy)
- Fix deploy tokens erroneously triggering unique IP limits. !22445
- Add support to export and import award emojis for issues, issue notes, MR, MR notes and snippet notes. !22493
- Fix Delete Selected button being active after uploading designs after a deletion. !22516
- Fix releases page when tag contains a slash. !22527
- Reverts Add RBAC permissions for getting knative version. !22560
- Fix error in Wiki when rendering the AsciiDoc include directive. !22565
- Fix Error 500 in parsing invalid CI needs and dependencies. !22567
- Fix discard all to behave like discard single file in Web IDE. !22572
- Update IDE discard of renamed entry to also discard file changes. !22573
- Avoid pre-populating form for MR resolve issues. !22593
- Fix relative links in Slack message. !22608
- Hide merge request tab popover for anonymous users. !22613
- Remove unused keyword from EKS provision service. !22633
- Prevent job log line numbers from being selected. !22691
- Fix CAS users being signed out repeatedly. !22704
- Make Sidekiq timestamps consistently ISO 8601. !22750
- Merge a merge request immediately when passing merge when pipeline succeeds to the merge API when the head pipeline already succeeded. !22777
- Fix Issue API: creating with manual IID returns conflict when IID already in use. !22788 (Mara Sophie Grosch)
- Project issue board names now sorted correctly in FOSS. !22807
- Fix upload redirections when project has moved. !22822
- Update Mermaid to v8.4.5. !22830
- Prevent builds from halting unnecessarily when completing prerequisites. !22938
- Fix discarding renamed directories in Web IDE. !22943
- Gracefully handle marking a project deletion multiple times. !22949
- Fix: WebIDE doesn't work on empty repositories again. !22950
- Fix rebase error message translation in merge requests. !22952 (briankabiro)
- Geo: Fix Docker repository synchronization for local storage. !22981
- Include subgroups when searching inside a group. !22991
- Geo: Handle repositories in Docker Registry with no tags gracefully. !23022
- Fix group issue list and group issue board filters not showing ancestor group milestones. !23038
- Add returning relation from GroupMembersFinder if called on root group with only inherited param. !23161
- Fix extracting Sentry external URL when URL is nil. !23162
- Fix issue CSV export failing for some projects. !23223
- Fix unexpected behaviour of the commit form after committing in Web IDE. !23238
- Fix analytics tracking for new merge request notes. !23273
- Identify correct sentry id in error tracking detail. !23280
- Fix for 500 when error stack trace is empty. !119205
- Removes incorrect help text from EKS Kubernetes version field.
- Exclude snippets from external caching handling.
- Validate deployment SHAs and refs.
- Increase size of issue boards sidebar collapse button.

### Changed (42 changes, 4 of them are from the community)

- Restores user's ability to revoke sessions from the active sessions page. !17462 (Jesse Hall @jessehall3)
- Add documentation & helper text information regarding securing a GitLab instance. !18987
- Add activity across all projects to /events endpoint. !19816 (briankabiro)
- Don't run Auto DevOps when no dockerfile or matching buildpack exists. !20267
- Expose full reference path for issuables in API. !20354
- Add measurement details for programming languages graph. !20592
- Move instance statistics into analytics namespace. !21112
- Improve warning for Promote issue to epic. !21158
- Added Conan recipe in place of the package name on the package details page. !21247
- Expose description_html for labels. !21413
- Add audit events to the adding members to project or group API endpoint. !21633
- Include commit message instead of entire page content in Wiki chat notifications. !21722 (Ville Skyttä)
- Add fetching of Grafana Auth via the GraphQL API. !21756
- Update prometheus chart version to 9.5.2. !21935
- Turns on backend MR reports for DAST by default. !22001
- Changes to template dropdown location. !22049
- Copy merge request routes to the - scope. !22082
- Copy repository route under - scope. !22092
- Add back feature flag for cache invalidator. !22106
- Update jupyterhub chart. !22127
- Enable ability to install Crossplane app by default. !22141
- Apply word-diff highlighting to Suggestions. !22182
- Update auto-deploy-image to v0.8.3 for DAST default branch deploy. !22227
- Restyle changes header & file tree. !22364
- Upgrade to Gitaly v1.79.0. !22515
- Save Instance Administrators group ID in DB. !22600
- Resolve Create new project: Auto-populate project slug string to project name if name is empty. !22627
- Bump cluster-applications image to v0.4.0, adding support to install cert-manager. !22657
- Pass log source to the frontend. !22694
- Allow Unicode 11 emojis in project names. !22776 (Harm Berntsen)
- Update name max length. !22840
- Update button label in MR widget pipeline footer. !22900
- Exposes tiller.log as artifact in Managed-Cluster-Applications GitLab CI template. !22940
- Rename GitLab Plugins feature to GitLab File Hooks. !22979
- Allow to share groups with other groups. !23185
- Upgrade to Gitaly v1.81.0. !23198
- Enable Code Review Analytics by default. !23285
- Add JSON error context to extends error in CI lint. !30066
- Fix embedded snippets UI polish issues.
- Align embedded snippet mono space font with GitLab mono space font.
- Updates AWS EKS service role name help text to clarify it is distinct from provision role.
- Adds quickstart doc link to ADO CICD settings.

### Performance (27 changes)

- Reduce redis key size for the Prometheus proxy and the amount of queries by half. !20006
- Implement Atomic Processing that updates status of builds, stages and pipelines in one go. !20229
- Request less frequent updates from Runner when job log is not being watched. !20841
- Don't let Gitaly calls exceed a request time of 55 seconds. !21492
- Reduce CommitIsAncestor RPCs with environments. !21778
- LRU object caching for GroupProjectObjectBuilder. !21823
- Preload project, user and group to reuse objects during project import. !21853
- Fix slow query on blob search when doing path filtering. !21996
- Add index to optimize loading pipeline charts. !22052
- Avoid Gitaly RPCs in rate-limited raw blob requests. !22123
- Remove after_initialize and before_validation for Note. !22128
- Execute Gitaly LFS call once when Vue file enabled. !22168
- Speed up path generation with build artifacts. !22257
- Performance improvements on milestone burndown chart. !22380
- Added smart virtual list component to test reports to enhance rendering performance. !22381
- Add Index to help Hashed Storage migration on big instances. !22391
- Use GraphQL to load error tracking detail page content. !22422
- Improve link generation performance. !22426
- Create optimal indexes for created_at order (Projects API). !22623
- Avoid making Gitaly calls when some Markdown text links to an uploaded file. !22631
- Remove unused index on project_mirror_data. !22647
- Add more indexes for other order_by options (Projects API). !22784
- Add indexes for authenticated Project API calls. !22886
- Enable redis HSET diff caching by default. !23105
- Add `importing?` to disable some callbacks.
- Remove N+1 query issue when checking group root ancestor.
- Reduce Gitaly calls needed for issue discussions.

### Added (95 changes, 18 of them are from the community)

- Add previous revision link to blame. !17088 (Hiroyuki Sato)
- Render whitespaces in code. !17244 (Mathieu Parent)
- Add an option to configure forking restriction. !17988
- Add support for operator in filter bar. !19011
- Add epics to project import/export. !19883
- Load MR diff types lazily to reduce initial diff payload size. !19930
- Metrics and network referee artifact types added to job artifact types. !20181
- Auto stop environments after a certain period. !20372
- Implement application appearance API endpoint. !20674 (Fabio Huser)
- Add build metadata to package API. !20682
- Add support for Liquid format in Prometheus queries. !20793
- Adds created_at object to package api response. !20816
- Stage all changes by default in Web IDE. !21067
- 25968-activity-filter-to-notes-api. !21159 (jhenkens)
- Improve error list UI on mobile viewports. !21192
- New API endpoint GET /projects/:id/services. !21330
- Add child and parent labels to pipelines. !21332
- Add release count to project homepage. !21350
- Add pipeline deletion button to pipeline details page. !21365 (Fabio Huser)
- Add support for Rust Cargo.toml dependency vizualisation and linking. !21374 (Fabio Huser)
- Expose issue link type in REST API. !21375
- Implement customizable commit messages for applied suggested changes. !21411 (Fabio Huser)
- Add stacktrace to issue created from the sentry error detail page. !21438
- add background migration for sha256 fingerprints of ssh keys. !21579 (Roger Meier)
- Add a cron job and worker to run the Container Expiration Policies. !21593
- Add feature flag override toggle. !21598
- Add 'resource_group' keyword to .gitlab-ci.yml for pipeline job concurrency limitation. !21617
- Add full text search to pod logs. !21656
- Add capability to disable issue auto-close feature per project. !21704 (Fabio Huser)
- Add API for getting sentry error tracking settings of a project. !21788 (raju249)
- Allow a pipeline (parent) to create a child pipeline as downstream pipeline within the same project. !21830
- Add API support for retrieving merge requests deployed in a deployment. !21837
- Add remaining project services to usage ping. !21843
- Add ability to duplicate the common metrics dashboard. !21929
- Custom snowplow events for monitoring alerts. !21963
- Add enable_modsecurity setting to managed ingress. !21966
- Add modsecurity_enabled setting to managed ingress. !21968
- Allow admins to disable users ability to change profile name. !21987
- Allow administrators to enforce access control for all pages web-sites. !22003
- Setup storage for multiple milestones. !22043
- Generate Prometheus sample metrics over pre-set intervals. !22066
- Add tags to sentry detailed error response. !22068
- Extend Design view sidebar with issue link and a list of participants. !22103
- Add Gitlab version and revision to export. !22108
- Add language and error urgency level for Sentry issue details page. !22122
- Document MAVEN_CLI_OPTS defaults for maven project dependency scanning and update when the variable is used. !22126
- Show sample metrics for an environment without prometheus configured. !22133
- Download cross-project artifacts by using needs keyword in the CI file. !22161
- Add GitLab commit to error detail endpoint. !22174
- Container expiration policies can be updated with the project api. !22180
- Allow CI_JOB_TOKENS for Conan package registry authentication. !22184
- Add option to configure branches for which to send emails on push. !22196
- Add a config for disabling CSS and jQuery animations. !22217
- Add API for rollout Elasticsearch per plan level. !22240
- Add retry logic for failures during import. !22265
- Add migrations for version control snippets. !22275
- Update tooltip content for deployment instances. !22289 (Rajendra Kadam)
- Cut and paste Markdown table from a spreadsheet. !22290
- Add CI variable to provide GitLab base URL. !22327 (Aidin Abedi)
- Bump kubeclient version from 4.4.0 to 4.6.0. !22347
- Accept `Envelope-To` as possible location for Service Desk key. !22354 (Max Winterstein)
- Added Conan installation instructions to Conan package details page. !22390
- Add API endpoint for creating a Geo node. !22392 (Rajendra Kadam)
- Link to GitLab commit in Sentry error details page. !22431
- Geo: Check current node in gitlab:geo:check Rake task. !22436
- Add internal API to update Sentry error status. !22454
- Add ability to ignore/resolve errors from error tracking detail page. !22475
- Add informational message about page limits to environments dashboard. !22489
- Add slug to services API response. !22518
- Allow an upstream pipeline to create a downstream pipeline in the same project. !22663
- Display SHA fingerprint for Deploy Keys and extend api to query those. !22665 (Roger Meier <[email protected]>)
- Add getDateInFuture util method. !22671
- Detect go when doing dependency scanning. !22712
- Fix aligment for icons on alerts. !22760 (Rajendra Kadam)
- Allow "skip_ci" flag to be passed to rebase operation. !22800
- Add gitlab_commit_path to Sentry Error Details Response. !22803
- Document go support for dependency scanning. !22806
- Implement ability to ignore Sentry errrors from the list view. !22819
- Add ability to create an issue in an epic. !22833
- Drop support for ES5 add support for ES7. !22859
- Add View Issue button to error tracking details page. !22862
- Resolve Design View: Left/Right keyboard arrows through Designs. !22870
- Add Org to the list of available markups for project wikis. !22898 (Alexander Oleynikov)
- Backend for allowing sample metrics to be toggled from ui. !22901
- Display fn, line num and column in stacktrace entry caption. !22905
- Get Project's environment names via GraphQL. !22932
- Filter deployments using the environment & status. !22996
- Assign labels to the GMA and project k8s namespaces. !23027
- Expose mentions_disabled value via group API. !23070 (Fabio Huser)
- Bump cluster-applications image to v0.5.0 (Adds GitLab Runner support). !23110
- Resolve Sentry errors from error tracking list. !23135
- Expose `active` field in the Error Tracking API. !23150
- Track deployed merge requests using GitLab environments and deployments.
- Enable the linking of merge requests to all non review app deployments.
- Add comment_on_event_enabled to services API.

### Other (31 changes, 7 of them are from the community)

- Migrate issue trackers data. !18639
- refactor javascript to remove Immediately Invoked Function Expression from project file search. !19192 (Brian Luckenbill)
- Remove IIFEs from users_select.js. !19290 (minghuan lei)
- Remove milestone_id from epics. !20539 (Lee Tickett)
- Update d3 to 5.12. !20627 (Praveen Arimbrathodiyil)
- Add Ci Resource Group models. !20950
- Display in MR if security report is outdated. !20954
- Fix CI job's scroll down icon and update animation. !21442
- Implement saving config content for pipelines in a new table 'ci_pipelines_config'. !21827
- Display SSL limitations warning for project's pages under namespace that contains dot. !21874
- Updated monaco-editor dependency. !21938
- fix: EKS credentials form does not reset after error. !21958
- Fix regex matching for gemnasium dependency scanning jobs. !22025 (Maximilian Stendler)
- User signout and admin mode disable use now POST instead of GET. !22113 (Diego Louzán)
- Update to clarify slightly misleading tool tip. !22222
- Replace Font Awesome cog icon with GitLab settings icon. !22259
- Drop redundant index on ci_pipelines.project_id. !22325
- Display location in the Security Project Dashboard. !22376
- Add structured logging for application logs. !22379
- Remove ActiveRecord patch to ignore limit on text columns. !22406
- Update Ruby to 2.6.5. !22417
- Log database time in Sidekiq JSON logs. !22548
- Update GitLab Runner Helm Chart to 0.12.0. !22566
- Update project hooks limits to 100 for all plans. !22604
- Update Gitaly to v1.80.0. !22654
- Update GitLab's codeclimate to 0.85.6. !22659 (Takuya Noguchi)
- Updated no commit verbiage. !22765
- Use IS08601.3 format for app level logging of timestamps. !22793
- Upgrade octokit and its dependencies. !22946
- Remove feature flag for import graceful failures.
- Update the Net-LDAP gem to 0.16.2.


2827 2828 2829 2830 2831 2832 2833
## 12.6.7

### Security (1 change)

- Fix ProjectAuthorization calculation for shared groups.


2834 2835 2836 2837 2838 2839 2840
## 12.6.6

### Security (1 change)

- Update workhorse to v8.20.0.


2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865
## 12.6.5

### Security (19 changes, 1 of them is from the community)

- Update rack-cors to 1.0.6.
- Update rdoc to 6.1.2.
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Cleanup todos for users from a removed linked group.
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
- Fix xss on frequent groups dropdown.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.


2866 2867 2868 2869 2870 2871 2872
## 12.6.4

### Security (1 change)

- Fix private objects exposure when using Project Import functionality.


2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884
## 12.6.2

### Security (6 changes)

- GraphQL: Add timeout to all queries.
- Filter out notification settings for projects that a user does not have at least read access.
- Hide project name and path when unsusbcribing from an issue or merge request.
- Fix 500 error caused by invalid byte sequences in uploads links.
- Return only runners from groups where user is owner for user CI owned runners.
- Fix Vulnerability of Release Evidence.


2885 2886
## 12.6.1

2887 2888 2889 2890 2891 2892 2893 2894 2895
### Fixed (2 changes)

- Handle forbidden error when checking for knative. !22170
- Fix stack trace highlight for PHP. !22258

### Performance (1 change)

- Eliminate N+1 queries in PipelinesController#index. !22189

2896

2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108
## 12.6.0

### Security (4 changes)

- Update Rugged to v0.28.4.1. !21869
- Update maven_file_name_regex for full string match.
- Add maven file_name regex validation on incoming files.
- Update Workhorse and Gitaly to fix a security issue.

### Removed (1 change)

- Remove downstream pipeline connecting lines. !21196

### Fixed (101 changes, 16 of them are from the community)

- Fix delete user dialog bypass caused by hitting enter. !17343
- Fix broken UI on Environment folder. !17427 (Takuya Noguchi)
- Fix award emoji tooltip being escaped twice if multiple people voted. !19273 (Brian T)
- Use cascading deletes for deleting oauth_openid_requests upon deleting an oauth_access_grant. !19617
- Update merging an MR behavior on the API when pipeline fails. !19641 (briankabiro)
- Vertically align collapse button on epic sidebar. !19656
- Fix projects list to show info in user's locale. !20015 (Arun Kumar Mohan)
- Update padding for cluster alert warning. !20036 (George Tsiolis)
- Show correct warning on issue when project is archived. !20078
- Resets aria-describedby on mouseleave. !20092 (carolcarvalhosa)
- Allow patch notes on repo tags page to word wrap. !20135
- Remove Release edit url for users not allowed to update a release. !20136
- Fix group managed accounts members cleanup. !20157
- Epic tree bug fixes. !20209
- Add missing external-link icon for Crossplane managed app. !20283
- Fixes MR approvers tooltip wrong color. !20287 (Dheeraj Joshi)
- Ignore empty MR diffs when migrating to external storage. !20296
- Add link color to design comments. !20302
- Fix graph groups in monitor dashboard that are hidden on load. !20312
- Update Container Registry naming restrictions to allow for sequential '-'. !20318
- Fixed monitor charts from throwing error when zoomed. !20331
- Validate the merge sha before merging, confirming that the merge will only contain what the user saw. !20348
- Change container registry column name from Tag ID to Image ID. !20349
- Fix dropdown location on the monitoring charts. !20400
- Fixed project import from export ignoring namespace selection. !20405
- Backup: Disable setting of ACL for Google uploads. !20407
- Fix documentation link from empty environment dashboard. !20415
- Move persistent_ref.create into run_after_commit. !20422
- Update external link to provider in cluster settings. !20425
- Fix issue trying to edit weight with collapsed sidebar as guest. !20431
- Handle empty stacktrace and entries with no code. !20458
- Refactor the Deployment model so state machine events are used by both CI and the API. !20474
- Guest users should not delete project snippets they created. !20477
- Accept user-defined dashboard uids in Grafana embeds. !20486
- Fix multi select input padding in project and group user select. !20520 (Kevin Lee)
- Use correct fragment identifier for vulnerability help path. !20524
- Fix group search in groups dropdown. !20535
- Fix removing of child epics that belong to subgroups. !20610
- Fix opening Sentry error details in new tab. !20611
- Ensure next unresolved discussion button takes user to the right place. !20620
- Allow Gitlab GKE clusters to access Google Cloud Registry private images. !20662 (Tan Yee Jian)
- Fix cron parsing for Daylight Savings. !20667
- Fix incorrect new branch name from issue. !20677 (Lee Tickett)
- Improve the way the metrics dashboard waits for data. !20687
- Remove destroy_personal_snippet ability. !20717
- Try longer to clean up after using a gpg-keychain and raise exption if the cleanup fails. !20718
- Fix tooltip hovers in environments table. !20737
- Remove DB transaction from Rebase operation. !20739
- Improve UX for vulnerability dismissal note. !20768
- Fix change to default foreground and backgorund colors in job log. !20787
- Display Labels item in sidebar when Issues are disabled. !20817
- Junit success percentage no longer displays 100% if there are failures. !20835
- Ensure to check create_personal_snippet ability. !20838
- Fix a display bug in the fork removal description message. !20843
- Validate unique environment scope for instance clusters. !20886
- Add empty region when group metrics are missing. !20900
- Adjust issue metrics first_mentioned_in_commit_at calculation. !20923
- Update copy on managed namespace prefixes. !20935
- Add protected branch permission check to run downstream pipelines. !20964
- Fix assignee url in issue board sidebar. !20992 (Lee Tickett)
- Retrieve issues from subgroups when rendering group milestone. !21024
- Adds 409 when user cannot be soft deleted through the API. !21037
- Respect the timezone reported from Gitaly. !21066
- Fix Container repositories can not be replicated when s3 is used. !21068
- Remove redundant toast.scss file and variables. !21105
- Respect snippet query params when displaying embed urls. !21131
- Remove action buttons from designs tab if there are no designs. !21186
- Correctly return stripped PGP text. !21187 (Roger Meier)
- Fix error when linking already linked issue to epic. !21213
- Do not attribute unverified commit e-mails to GitLab users. !21214
- Add nonunique indexes to Labels. !21230
- Fix snippet routes. !21248
- Fix Zoom Quick Action server error when creating a GitLab Issue. !21262
- Rename snippet refactored routes. !21267
- Validate connection section in direct upload config. !21270
- Fix pipeline retry in a CI DAG. !21296
- Authenticate runner requests in Rack::Attack. !21311
- Fix top border of README file header in file list. !21314
- Fix forking a deduplicated project after it was moved to a different shard. !21339
- Fix misaligned approval tr. !21368 (Lee Tickett)
- Fix crash registry contains helm charts. !21381
- Web IDE: Fix the console error that happens when discarding a newly added/uploaded file. !21537
- Authenticate requests with job token as basic auth header for request limiting. !21562
- Fix Single-File-Editor-Layout breaking when branch name is too long. !21577 (Roman Kuba)
- Fix top border of README in vue_file_list. !21578 (Hector Bustillos)
- Stage dropdown lists style corrections. !21607 (Hector Bustillos)
- Change commit_id type on commit_user_mentions table. !21651
- Do not clean the prometheus metrics directory for sidekiq. !21671
- !21542 Part 1: Add new utils for Web IDE store. !21673
- Update auto-deploy-image to v0.8.3. !21696
- Match external user new snippet button visibility to permissions. !21718
- Links to design comments now lead to specific note. !21724
- Re-enable the cloud run feature. !21762
- Ensure forks count cache refresh for source project. !21771
- Fix padding on the design comments. !21839
- Fix "Discard all" for new and renamed files. !21854
- Fix project file finder url encoding file path separators. !21861
- Ensure namespace is present for Managed-Cluster-Applications CI template. !21903
- Rename common template jobs in sast and ds. !22084
- Fixed query behind release filter on merge request search page. !38244
- Activate projects Prometheus service integration when Prometheus managed application is installed on shared cluster.

### Deprecated (4 changes)

- Drop deprecated column from projects table. !18914
- Limit number of projects displayed in GET /groups/:id API. !20023
- Move operations project routes under - scope. !20456
- Move wiki routing under /-/ scope. !21185

### Changed (60 changes, 10 of them are from the community)

- Use better context-specific empty state screens for the Security Dashboards. !18382
- Add evidence collection for Releases. !18874
- Update information and button text for deployment footer. !18918
- Move merge request description into discussions tab. !18940
- Keep details in MR when changing target branch. !19138
- Make internal projects poolable. !19295 (briankabiro)
- Enable support for multiple content query in GraphQL Todo API. !19576
- Allow merge without refresh when new commits are pushed. !19725
- Correct link to Merge trains documentation on MR widget. !19726
- Preserve merge train history. !19864
- Support go-source meta tag for godoc.org. !19888 (Ethan Reesor (@firelizzard))
- Display a better message when starting a discussion on a deleted comment. !20031 (Jacopo Beschi @jacopo-beschi)
- Add sort param to error tracking issue index. !20101
- Add template repository usage to the usage ping. !20126 (minghuan lei)
- Convert flash epic error to form validation error. !20130
- Add 'download' button to Performance Bar. !20205 (Will Chandler)
- SaaS trial copy shows plan. !20207
- Add rbac access to knative-serving namespace deployments to get knative version information. !20244
- Unlock button changed from Icon to String. !20307
- Upgrade to Gitaly v1.72.0. !20313
- Increase upper limit of start_in attribute to 1 week. !20323 (Will Layton)
- Add CI variable to show when Auto-DevOps is explicitly enabled. !20332
- Hashed Storage attachments migration: exclude files in object storage as they are all hashed already. !20338
- Removes caching for design tab discusisons. !20374
- Fixes to inconsistent margins/sapcing in the project detail page. !20395
- Changes to how the search term is styled in the results. !20416
- Move confidence column in the security dashboard. !20435 (Dheeraj Joshi)
- Upgrade to Gitaly v1.73.0. !20443
- Replacing incorrect icon in security dashboard. !20510
- Rework pod logs navigation scheme. !20578
- Reduce start a trial rocket emoji size. !20579
- Upgrade auto-deploy-image for helm default values file. !20588
- Exposed deployment build manual actions for merge request page. !20615
- Upgrade to Gitaly v1.74.0. !20706
- Fetches initial merge request widget data async. !20719
- Add service desk information to project graphQL endpoint. !20722
- Add admin mode controller path to Rack::Attack defaults. !20735 (Diego Louzán)
- Add more filters to SnippetsFinder. !20767
- Clean up the cohorts table. !20779
- Remove vulnerability counter from security tab. !20800
- Only blacklist IPs from Git requests. !20828
- Optimize Deployments endpoint by preloading associations and make record ordering more consistent. !20848
- Update deploy instances color scheme. !20890
- Add service desk information to projects API endpoint. !20913
- Added event tracking to the package details installation components. !20967
- Hide Merge Request information on milestones when MRs are disabled for project. !20985 (Wolfgang Faust)
- Upgrade to Gitaly v1.75.0. !21045
- Evidence - Added restriction for guest on Release page. !21102
- Increase lower DAG `needs` limit from five to ten. !21237
- Add doc links to features on admin dashboard. !21419
- Autofocus cluster dropdown search input. !21440
- Add autofocus to label search fields. !21508
- When a forked project is less visible than its source, merge requests opened in the fork now target the less visible project by default. !21517
- UI improvements in the views for new project from template and the user groups and snippets. !21524 (Hector Bustillos)
- Show merge immediately dialog even if the MR's pipeline hasn't finished. !21556
- Support toggling service desk from API. !21627
- Make `workflow:rules` to work well with Merge Requests. !21742
- Upgrade to Gitaly v1.76.0. !21857
- Remove authentication step from visual review tools instructions.
- Fixes wording on runner admin.

### Performance (22 changes)

- Optimize query for CI pipelines of merge request. !19653
- Replace index on environments table project_id and state with project_id, state, and environment_type. !19902
- Remove reactive caching value keys once the alive key has expired. !20111
- Suggest squash commit messages based on recent commits. !20231
- Improve performance of /api/:version/snippets/public API and only return public personal snippets. !20339
- Add limit for snippet content size. !20346
- Reduce Gitaly calls in BuildHooksWorker. !20365
- Enable ETag caching for MR notes polling. !20440
- Disable public project counts on welcome page. !20517
- Optimize query when Projects API requests private visibility level. !20594
- Improve issues search performance on GraphQL. !20784
- UpdateProjectStatistics updates after commit. !20852
- Run housekeeping after moving a repository between shards. !20863
- Require group_id or project_id for MR target branch autocomplete action. !20933
- Cache the ancestor? Gitaly call to speed up polling for the merge request widget. !20958
- Optimize loading the repository deploy keys page. !20970
- Added lightweight check when retrieving Prometheus metrics. !21099
- Limit max metrics embeds in GFM to 100. !21356
- Fork Puma to validate scheduler fixes. !21547
- Remove an N+1 call rendering projects search results. !21626
- Skip updating LFS objects in mirror updates if repository has not changed. !21744
- Add indexes on deployments to improve environments search. !21789

3109
### Added (119 changes, 18 of them are from the community)
3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227

- Add upvote/downvotes attributes to GraphQL Epic query. !14311
- Delete kubernetes cluster association and resources. !16954
- Add badge name field. !16998 (Lee Tickett)
- Add OmniAuth authentication support to admin mode feature. !18214 (Diego Louzán)
- Creates DB tables for storing mentioned users, groups, projects referenced in a note or issuable description. !18316
- Add body data elements for pageview context. !18450
- Added filtering of inherited members for subgroups. !18842
- Added responsiveness to audit events table. !18859
- Add ability to make Jira comments optional. !19004
- Store users, groups, projects mentioned in Markdown to DB tables. !19088
- Upgrade `mail_room` gem to 0.10.0 and enable structured logging. !19186
- Add possibility to save max issue weight on lists. !19220
- Return 422 status code in case of error in submitting comments. !19276 (raju249)
- Add Personal Access Token expiration reminder. !19296
- Add recent search to error tracking. !19301
- Resolve Limit the number of stored sessions per user. !19325
- Add services for 'soft-delete for groups' feature. !19358
- Notify user when over 1000 epics in roadmap. !19419
- Search list of Sentry errors by title in GitLab. !19439
- Add issue statistics to releases on the Releases page. !19448
- Add snowplow events for monitoring dashboard. !19455
- Add snowplow events for APM. !19463
- Add GraphQL mutation to mark all todos done for a user. !19482
- Added rules configuration for Ci::Bridge. !19605
- Add workers for 'soft-delete for groups' feature. !19679
- add tagger within tag view. !19681 (Roger Meier)
- Strong validate import export references. !19682
- Update Release API with evidence related data. !19706
- Graphql query for issues can now be sorted by weight. !19721
- GraphQL for Sentry rror details. !19733
- View closed issues in epic. !19741
- Add API endpoint to unpublish GitLab Pages. !19781
- Add Pipeline Metadata to Packages. !19796
- Create data model for serverless domains. !19835
- Add Unify Circuit project integration service. !19849 (Fabio Huser)
- add sha256 fingerprint to keys model, view and extend users API to search user via fingerprint. !19860 (Roger Meier)
- Allow order_by updated_at in Pipelines API. !19886
- Implement pagination for project releases page. !19912 (Fabio Huser)
- Add migrations for secret snippets. !19939
- Control passing artifacts from CI DAG needs. !19943
- Genereate a set of sample prometheus metrics and route to the sample metrics when enabled. !19987
- Add warning dialog when users click the "Merge immediately" merge train option. !20054
- Expose moved_to_id in issues API. !20083 (Lee Tickett)
- Relate issues when they are marked as duplicated. !20161 (minghuan lei)
- Asks for confirmation before changing project visibility level. !20170
- Allow CI config path to point to a URL or file in a different repository. !20179
- Allow groups to disable mentioning their members, if the group is mentioned. !20184 (Fabio Huser)
- Add modsecurity deployment counts to usage ping. !20196
- Added legend to deploy boards. !20208
- Support passing CI variables via git push options. !20255
- Add GraphQL mutation to restore a Todo. !20261
- Allow specifying Kubernetes namespace for an environment in gitlab-ci.yml. !20270
- Add migrations for 'soft-delete for groups' feature. !20276
- Add Maven installation commands to package detail page for Maven packages. !20300
- Add feature to allow specifying userWithId strategies per environment spec. !20325
- Enable creating Amazon EKS clusters from GitLab. !20333
- Add ability to create new issue from sentry error detail page. !20337
- Convert flash alerts to toasts. !20356
- Return project commit url instead of commits url. !20369 (raju249)
- Collect the date a SaaS trial starts on. !20384
- Add option to delete cached Kubernetes namespaces. !20411
- Create container expiration policies for projects. !20412
- Adjust fork network relations upon project visibility change. !20466
- Create a license info rake task. !20501 (Jason Colyer)
- Add GraphQL mutation for changing due date of an issue. !20577
- Add Snippet GraphQL resolver endpoints. !20613
- Allow Job-Token authentication on Releases creation API. !20632
- Add created_before/after filter to group/project audit events. !20641
- Allow searching of projects by full path. !20659
- Allow administrators to set a minimum password length. !20661
- Update helper text for sentry error tracking settings. !20663 (Rajendra Kadam)
- Adds ability to create issues from sentry details page. !20666
- Add coverage difference visualization to merge request page. !20676 (Fabio Huser)
- Use CI configured namespace for deployments to unmanaged clusters. !20686
- Resolve Design view: Download single issue design image. !20703
- Import large gitlab_project exports via rake task. !20724
- Added Total/Frontend metrics to the performance bar. !20725
- Add dependency scanning flag for skipping automatic bundler audit update. !20743
- Add GraphQL mutation for setting an issue as confidential. !20785
- Track adding metric via monitoring dashboard. !20818
- Add _links object to package api response. !20820
- CI template for installing cluster applications. !20822
- Add SalesforceDX project template. !20831
- Allow NPM package downloads with CI_JOB_TOKEN. !20868
- Allow raw blobs to be served from an external storage. !20936
- Added Snippets GraphQL mutations. !20956
- Added WebHookLogs for ServiceHooks. !20976
- Surface GitLab issue in error detail page. !21019
- Add type to broadcast messages. !21038
- add OpenAPI file viewer. !21106 (Roger Meier)
- Add updated_before and updated_after filters to the Pipelines API endpoint. !21133
- Implement pagination for sentry errors. !21136
- Add support for Conan package management in the package registry. !21152
- Add syntax highlight for Sentry error stack trace. !21182
- Keyset pagination for REST API (Project endpoint). !21194
- CI template for Sentry managed app. !21208
- Add CI variable to set the version of pip when scanning dependencies of Python projects. !21218
- Add dependency scanning flag for specifying pip requirements file for scanning. !21219
- Do not allo