GitLab CE - 14.0.1

2 (2021-11-05)

Changed (4 changes)

• Geo: Alternate redownload and normal design sync attempts (merge request) GitLab Enterprise Edition
• Geo: Alternate redownload and normal SSF sync attempts (merge request) GitLab Enterprise Edition
• Geo: Alternate redownload and normal project syncs (merge request) GitLab Enterprise Edition
• Geo: Reduce frequency of redownload attempts (merge request) GitLab Enterprise Edition

14.0.11 (2021-09-23)

Fixed (1 change)

• Fix Elastic::MigrationWorker current_migration (merge request) GitLab Enterprise Edition

14.0.10 (2021-09-02)

No changes.

14.0.9 (2021-08-31)

Security (9 changes)

• Update apollo_upload_server dependency (merge request)
• Ensure shared group members lose project access after group deletion (merge request)
• Fix stored XSS vulnerability in Datadog settings form (merge request)
• Inherit user external status while creating project bots (merge request)
• Escape issue reference and title for Jira issues (merge request) GitLab Enterprise Edition
• Require sign in for .keys endpoint on non-public instances (merge request)
• Update Import/Export to use public email when mapping users (merge request) GitLab Enterprise Edition
• Only create jira connect NS subscriptions for admins (merge request)
• Prevent non-admins from configuring Jira connect app (merge request)

14.0.8 (2021-08-25)

Fixed (1 change)

• Fix: Sidekiq workers delete each other's metrics (merge request)

Changed (1 change)

• Resolve "operator does not exist: integer[] || bigint in... (merge request)

Other (1 change)

• Revert backfill on ci_build_trace_sections (merge request)

14.0.7 (2021-08-03)

Security (18 changes)

• Add project member validation for domain limitation (merge request)
• Hide project-level CI/CD Analytics for Guests (merge request)
• Only allow invite to be accepted by user with matching email (merge request)
• Add html escaping for default branch name (merge request)
• Configure OmniAuth to use GitLab AppLogger (merge request)
• Add permissions check to pipelines#show action (merge request)
• Prevent impersonation in gitlab-shell SSH certs (merge request)
• Fix Protected Environment Accesses Cleanup (merge request) GitLab Enterprise Edition
• Do not show email address in error message (merge request) GitLab Enterprise Edition
• Disallow non-members to set issue metadata on issue create (merge request)
• Prevent guests from linking issues with errors (merge request)
• Block impersonation token use if it is not permitted (merge request)
• Updates oauth to 0.5.6 (merge request)
• Remove impersonation token from api response for non-admin user (merge request)
• Filter todos whose target users no longer have access to (merge request)
• Fix tag ref detection for pipelines (merge request)
• Restrict access to instance-level security features for reporters (merge request) GitLab Enterprise Edition
• Fix XSS in Mermaid Markdown rendering (merge request)

14.0.6 (2021-07-20)

Fixed (4 changes)

• Fix validation method regarding MIME type keys (merge request)
• Geo: Fix snippet verification by replicating the HEAD ref (merge request) GitLab Enterprise Edition
• Fix LFS objects not downloading with Bitbucket (merge request)
• Replace Excon with Faraday for requesting object storage (merge request)

14.0.5 (2021-07-08)

Fixed (4 changes)

• Return empty strings for Jira links when URL is not set (merge request)
• Add prefix to autocomplete path (merge request)
• Do not create audit event for failed logins on read-only DB (merge request) GitLab Enterprise Edition
• Fix git clone for projects with a trailing dot over HTTP (merge request)

Other (1 change)

• Initialize conversion of ci_builds_metadata.id for bigint migration (merge request)

14.0.4 (2021-07-07)

Security (1 change)

• Disable file and network premailer strategies (merge request)

14.0.3 (2021-07-06)

Fixed (7 changes)

• Fix deploy keys not working with LFS auth check (merge request)
• DevOps Adoption - ensure displayNamespaceId is included (merge request) GitLab Enterprise Edition
• Geo - Fix state value in the lfs_object_registry table (merge request) GitLab Enterprise Edition
• Fix broken Time Tracking Reports on Issuable sidebar (merge request)
• Fix bug where Milestone page led to console error (merge request)
• Fix frequent items timestamps not updated (merge request)
• Fix pages deployment storage migration (merge request)

Changed (2 changes)

• Geo - Move migration to a pre-deployment migration (merge request) GitLab Enterprise Edition
• Reintroduce recursive_approach_for_all_projects default-enabled (merge request)

14.0.2 (2021-07-01)

Added (1 change)

• Added omniauth_user check when verifying user cap (merge request) GitLab Enterprise Edition

Security (14 changes)

• Update rdoc to 6.3.1 (merge request)
• Forbid GET requests with mutations (merge request)
• Prevent GraphQL API access by deactivated users (merge request)
• Add sanitizing for name field (merge request)
• Copy feature visibility settings to a fork (merge request)
• Fix XSS on audit log for feature flag actions (merge request)
• Avoid disclosing project in web IDE (merge request)
• Sanitize input on pasteGFM (merge request)
• Fix merge request diff display issue with unsupported encoding (merge request)
• Fix deploy key fallback issue in protected branch (merge request)
• Add total http read timeout (merge request)
• Allow only same-origin URLs for Edit Release Cancel button (merge request)
• Update Nokogiri to 1.11.4 (merge request)
• Add new username validation (merge request)

14.0.1 (2021-06-24)

Fixed (3 changes)

• Remove add button from Devops Adoption (merge request) GitLab Enterprise Edition
• DevOps Adoption - ensure displayNamespaceId is included (merge request) GitLab Enterprise Edition
• Add Helm-2to3.gitlab-ci.yml to Auto DevOps (merge request)