GitLab CE - 15.2.0
Security
(2022-07-21)
Added (171 changes)
- Add user id to profile page by @TrueKalix (merge request)
- [API] Get endpoint for latest TF module version by @renehernandez (merge request)
- Adds package cleanup policy project settings (merge request) GitLab Enterprise Edition
- Display users that have been banned in a namespace (merge request) GitLab Enterprise Edition
- Introduce :gitlab_geo schema for Geo tracking DB (merge request) GitLab Enterprise Edition
- Add request-URL to vulnerability details (merge request) GitLab Enterprise Edition
- Add link to change failure rate chart from tile (merge request)
- Add watchdog to observe memory fragmentation (merge request)
- Add background jobs for cleanup policies for packages (merge request)
- Adds sidekiq_jobs_interrupted counter (merge request)
- Add timeline feature to incidents (merge request)
- Respect parent namespace for gitlab migration (merge request)
- Allow users to delete releases from edit page (merge request)
- Add verification token to audit events streams list (merge request) GitLab Enterprise Edition
- Add index on security_findings(uuid id DESC) (merge request)
- Add
environment_scope
toVariableType
(merge request) - Add
manual_variables
field toJobType
(merge request) - Work Items - Tasks First Time Experience (merge request)
- Add unique contraint for parent link work_item_id (merge request)
- Upgrade GitLab Pages to 1.61.0 (merge request)
- Event type information in approval rule audit event streaming (merge request) GitLab Enterprise Edition
- Include epic color widget on epic board sidebar by @espadav8 (merge request) GitLab Enterprise Edition
- Hash passwords with PBKDF2+SHA512 (merge request)
- Add upgrade status filter to runners (merge request) GitLab Enterprise Edition
- Preview free user cap only for specific namespaces (merge request)
- Add frontend form password complexity validation (merge request) GitLab Enterprise Edition
- Pipeline Performance insights (merge request)
- Add
partition_number
and related indices tosecurity_findings
table (merge request) - Enable the
use_unnested_queries
by removing the FF globally (merge request) GitLab Enterprise Edition - Allow passing arrays of labels in Epic GraphQL mutations by @espadav8 (merge request) GitLab Enterprise Edition
- Add GraphQL support for removing namespace bans (merge request) GitLab Enterprise Edition
- Copy failed spec names to clipboard from MR widget (merge request)
- Add 3 dot menu in work item link (merge request)
- Add frontend form password complexity validation (merge request) GitLab Enterprise Edition
- Event type information for ci variable audit event (merge request) GitLab Enterprise Edition
- Limit number of project and group CI variables (merge request)
- Adding search bar to group MR search with no results (merge request)
- Expose CI_MERGE_REQUEST_TARGET_BRANCH_PROTECTED as CI Variable by @Taucher2003 (merge request)
- Add Members page link to Project settings (merge request)
- Add the packages execute cleanup policy service (merge request)
- Consume new id format for security training (merge request) GitLab Enterprise Edition
- Generate package.json links (merge request)
- Introduce new jobs table (merge request)
- Event type information in streaming access token audit events (merge request) GitLab Enterprise Edition
- Enable use_keyset_aware_user_search_query FF (merge request)
- Add Vulnerabilities::MergeRequestLink model (merge request)
- Add vulnerability_merge_request_links table (merge request)
- Add group audit event keyset pagination (merge request) GitLab Enterprise Edition
- Event type information in protected branch audit event stream (merge request) GitLab Enterprise Edition
- Ensure namespace_id is set when issue is saved (merge request)
- Upgrade GitLab Pages to 1.60.0 (merge request)
- Add evidence fields to Vulnerability Issue template (merge request) GitLab Enterprise Edition
- Add error_tracking_access_token to application settings (merge request)
- Include commit message templates when forking project by @nejc (merge request)
- Create new rake task with Advanced Search integration details (merge request) GitLab Enterprise Edition
- Periodically reconcile ci_runner_versions (merge request)
- Cleanup BackfillDraftStatusOnMergeRequests migration (merge request)
- Implement granular access for Protected Tags API (merge request) GitLab Enterprise Edition
- [issue-354239] Import github 'renamed' issue events (merge request)
- Format multiple quick actions with
for MD preview by @espadav8 (merge request) - Track when user uses a verify action on an environment (merge request)
- Add sbom_occurrences table and model (merge request)
- Expose historical_release in GraphQL API (merge request)
- GraphQL: Add upgrade_status filter (merge request)
- Add update of the number of required approvals (merge request) GitLab Enterprise Edition
- Add BanFromNamespaceService and policies to prevent read access (merge request) GitLab Enterprise Edition
- Disable legacy OpenSource license for inactive public projects (merge request)
- Enable coverage report from child pipelines (merge request)
- Add praefect list virtual storages subcommand documentation (merge request)
- Show epic colours on epic boards by @espadav8 (merge request) GitLab Enterprise Edition
- Create index on security_findings asynchronously (merge request)
- Add tooltip to Colour label on new epic page by @espadav8 (merge request) GitLab Enterprise Edition
- [issue-354235] Import github 'un/labeled' issue eventsq: (merge request)
- Add vulnerableMethod to vulnerability details (merge request) GitLab Enterprise Edition
- Add metrics for runner authentication success/failure by @KyleFromKitware (merge request)
- Add a service to promote security findings to vulnerability findings (merge request) GitLab Enterprise Edition
- Add deployment tier to CI_JOB_JWT (merge request)
- Stream audit event for project group link create/destroy/update actions by @zhanglinjie (merge request) GitLab Enterprise Edition
- Add import_creation_level to namespace settings (merge request)
- [API] Get endpoint for a specific TF module version by @renehernandez (merge request)
- Add security report ingestion information to dashboard seed data (merge request)
- Add heap fragmentation metric (merge request)
- Add the 'first_contribution' attribute to the MR webhook event (merge request)
- Add GitLab Error Tracking to /admin settings (merge request)
- Add NamespaceBan model (merge request)
- Stream audit event on project fork by @zhanglinjie (merge request) GitLab Enterprise Edition
- Adds change failure rate charts to ci/cd analytics (merge request) GitLab Enterprise Edition
- Add 'never' option to auto_stop_in for an environment (merge request)
- Submit rename/new modal in web IDE on enter by @leetickett (merge request)
- Add namespace_id column to issues table (merge request)
- Add canceled state to import state and stage methods (merge request)
- Add approved_by_usernames param to merge request api (merge request) GitLab Enterprise Edition
- Stream audit event on merge request create by @zhanglinjie (merge request) GitLab Enterprise Edition
- Add
topic_id
attribute to Projects API by @wwwjon (merge request) - Add due_date and improve CSV issue import docs by @leetickett (merge request)
- Add page size selector to issues list having options for 20, 50 and 100 (merge request)
- Added BackgroundMigration for ProjectStatistics (merge request)
- Add settings for rate limiting unique project downloads per namespace (merge request)
- Add crashType to vulnerability details (merge request) GitLab Enterprise Edition
- Add security trial actions (merge request)
- GraphQL: lists the groups to where a project can be transferred to (merge request)
- Require email verification (merge request)
- Added Civo logo to the create cluster page (merge request)
- Add super/subscript support in content editor (merge request)
- Add cycle and lead times time series endpoint (merge request)
- Improved search bar tokens for CRM contacts and organizations by @zillemarco (merge request)
- Add ci_runner_versions table (merge request)
- Add sbom_sources table and model (merge request)
- Displays the queued duration of a job (merge request)
- Disable Conan registry in FIPS mode (merge request)
- Allow editing of the released at date for Releases (merge request)
- Query
vulnerability_reads
by the cartesian product of given filters (merge request) GitLab Enterprise Edition - Extend the DAST-Default-Branch-Deploy template to support ECS (merge request) GitLab Enterprise Edition
- Add project export relations models to Import/Export (merge request)
- Add false-positive alert to vulnerability details (merge request) GitLab Enterprise Edition
- [epic 354234] Import github closed issue events (merge request)
- Include inherited group links on project members page by @wwwjon (merge request)
- Add crashState to vulnerability details (merge request) GitLab Enterprise Edition
- Add has_vulnerabilities argument to ClusterAgent GraphQL API (merge request) GitLab Enterprise Edition
- Support TLS in dedicated metrics servers (merge request)
- Add "all protected branches" as a project approval (merge request) GitLab Enterprise Edition
- Add instrumentations for average number of approvals required (merge request) GitLab Enterprise Edition
- Add VariableType and variables fields (merge request)
- Enable ci_docker_image_pull_policy (merge request)
- Add member limit banner to usage quota seats page (merge request) GitLab Enterprise Edition
- Add Pages::PageDeployedEvent (merge request)
- Added ability to sort issues by closed date on frontend by @zillemarco (merge request)
- Enable streaming audit event headers by default (merge request) GitLab Enterprise Edition
- Add freeUserCapEnforced field to Group type (merge request) GitLab Enterprise Edition
- Finalise member_namespace_id migration (merge request)
- Provide deletion of project topics in UI by @wwwjon (merge request)
- Add SBoM Component tables and models (merge request)
- Add columns for operations toggle split (merge request)
- Add multiple tiers aggregaion to DORA API (merge request) GitLab Enterprise Edition
- Enable Blame page pagination by default (merge request)
- Return build failure_reason in pipeline's webhooks by @albertvaka (merge request)
- Enable highlight_js by default (merge request)
- Ban user when they exceed projects download limit within a time period (merge request) GitLab Enterprise Edition
- Remove temporary index and validate constraint on routes table (merge request)
- Enable closed_as_duplicate_of in issues API (merge request)
- Add colour widget to epic create form and epic sidebar by @espadav8 (merge request) GitLab Enterprise Edition
- Reject Maven md5 requests in FIPS mode (merge request)
- Add clusterAgents field to Project/Group/Security Dashboard GraphQL API (merge request) GitLab Enterprise Edition
- [API] Endpoint to download latest Terraform module version by @renehernandez (merge request)
- Add schedule delay for RepositoryUpdateMirrorWorker (merge request)
- Finalize cleanup orphaned routes migration (merge request)
- Add GraphQL API to list resource links (merge request) GitLab Enterprise Edition
- Add GraphQL API to delete resource links (merge request) GitLab Enterprise Edition
- Add documentation for CWE 209.2 (merge request)
- Prevent users from using known insecure public key (merge request)
- Add Query.todo(id) to GraphQL API by @Taucher2003 (merge request)
- Link cc from service desk emails to CRM contacts by @leetickett (merge request)
- Add git abuse rate limit settings for admins (merge request)
- Make ECS Review apps work with DAST (merge request) GitLab Enterprise Edition
- Always respect namespace_id for OAuth-based importers (merge request)
- Allow ci_separated_caches to be updated from API by @Taucher2003 (merge request)
- Persist markdown editor type in wikis (merge request)
- Add filtering security policies to return only inherited policies (merge request) GitLab Enterprise Edition
- Add a toggle for opt-in JWT to project settings (merge request)
- Add an overflow button in content editor (merge request)
- Render link-name on vulnerability details (merge request) GitLab Enterprise Edition
- Add state transition entry (merge request) GitLab Enterprise Edition
- Implement
/metadata
REST API endpoint by @tuxtimo (merge request) - Added previously prepared indexes for issues to sort on closed_at by @zillemarco (merge request)
- GraphQL: Add lazy load for blocking epics count (merge request) GitLab Enterprise Edition
- Add PATCH /users/:id/disable_two_factor API (merge request)
- Display disabled card state for non ultimate users (merge request)
- Update Rails project template with BUNDLE_FROZEN (merge request)
- Enable rebalance_issues feature flag by default (merge request)
- Make FF default enabled and fix additional N+1 queries (merge request)
- Enable feature flag 'tag_list_keyset_pagination' by default (merge request)
Fixed (149 changes)
- Fix move deploy keys during project imports in FIPS mode (merge request)
- Fixes container registry popover not displaying on all rows (merge request)
- Fixed some alignments on the pipeline page by @zillemarco (merge request)
- Group audit event keyset pagination order (merge request) GitLab Enterprise Edition
- Fix blob binary state detection for preloaded files (merge request)
- Don't allow notes created_at too much in past (merge request)
- Remove full stops from end of checkboxes (merge request) GitLab Enterprise Edition
- Fixed some margins and widths on the issue page by @zillemarco (merge request)
- GraphQL: Fix filtering for INVALID runners (merge request) GitLab Enterprise Edition
- Update approval count options to include 0 (merge request) GitLab Enterprise Edition
- Fix description list item reorder for incidents (merge request)
- Prefer non-expired licenses first (merge request) GitLab Enterprise Edition
- Fix AR scopes to support keyset pagination (merge request)
- Fixed loading spinner misalignment on fork page by @zillemarco (merge request)
- Fixes all visible mentions of work items in UI (merge request)
- Fix gitlab project imports releases having nil authors (merge request)
- Track description change when creating a task from markdown (merge request)
- Add second event handler oninput to help mitigate the issue (merge request)
- Retain checklist item when deleting task (merge request)
- Fix recommendation for unpublished runner release (merge request)
- Change color for inherited classes (merge request)
- Improved layout of the create merge request's contribution section by @zillemarco (merge request)
- Corrected the logic on duplicate package toggles (merge request)
- Corrected the logic on duplicate package toggles (merge request)
- Made paths lowercase for deduplicated_size api (merge request)
- Use current time as created_at when cloning issues (merge request)
- Properly fail LDAP logins if GitLab user not persisted (merge request)
- Fix artifact empty state (merge request)
- Fix attribute validations for the
Vulnerabilities::FindingLink
model (merge request) GitLab Enterprise Edition - Don't fail StoreSecurityReportsWorker if the pipeline does not exist (merge request) GitLab Enterprise Edition
- Refactor Header Search bar event handlers out of requestIdleCallback (merge request)
- Delete MR files separately on project deletion (merge request)
- Aligns order of sidebar items in bulk update (merge request)
- Make /merge quick action to work in GraphQL via createDiffNote (merge request)
- Migration to correct vulnerability state (merge request)
- Add blame link to the file blob view (merge request)
- Fix deploy keys breaking protected branch dropdown in FIPS mode (merge request)
- Fix scrolling to anchor tags on wiki pages (merge request)
- Fix double scroll in labels dropdown on MR sidebar (merge request)
- Retrieve pageSize from local storage as soon as possible (merge request) GitLab Enterprise Edition
- Make dark scroll bar in Chromium-based browsers by @rakleed (merge request)
- Fix the sentry URL in the CSP (merge request)
- Fix exception when Group relation is empty (merge request) GitLab Enterprise Edition
- Mark environments as available when restarting a deployment build (merge request)
- Fix streaming audit event for sub group event and project destroy event by @zhanglinjie (merge request) GitLab Enterprise Edition
- Fix the broken member search GraphQL query (merge request)
- Default project path to empty when creating from group template (merge request) GitLab Enterprise Edition
- Fix broken syntax highlight for shell scripts (merge request)
- Parse conflict lines with CRLF endings correctly (merge request)
- Fix broken external links by @leetickett (merge request)
- Load TLS intermediate certificates in metrics exporter (merge request)
- Render 404 when Jira issue not found (merge request) GitLab Enterprise Edition
- Fix: notify locale on changed milestone email by @JeremyWuuuuu (merge request)
- Correcting the spelling of 'receive' (merge request)
- Update diffs export for backwards compatibility (merge request)
- Fix pagniator issue in different timezone by @chaomao (merge request) GitLab Enterprise Edition
- Handle errors fetching GitLab Runner releases (merge request) GitLab Enterprise Edition
- Fix creating epic in scoped epic board (merge request) GitLab Enterprise Edition
- Fixed small misalignment on releases card footer by @zillemarco (merge request)
- Do not allow to override jobs defined by Security Policies (merge request) GitLab Enterprise Edition
- Remove stray gl-mt-2 from Label input on new epic page by @espadav8 (merge request)
- Fix contributing to EE link by @leetickett (merge request)
- Fix scss syntax highlighting (merge request)
- Fix BulkImport pipeline retries (merge request)
- Fix group access dropdown failure if no subgroups are available (merge request) GitLab Enterprise Edition
- License feature availability checks in Auditor (merge request) GitLab Enterprise Edition
- Fix 500 error for Tags API when repository is missing (merge request)
- Fix group name conflict when migrating groups via BulkImport (merge request)
- Fix resolving cluster image scanning vulnerabilities (merge request) GitLab Enterprise Edition
- This MR removes sticky footer from sidebar (merge request) GitLab Enterprise Edition
- Allow job tokens to access internal packages (merge request) GitLab Enterprise Edition
- Collapse Edit lock form when clicked outside sidebar in issues (merge request)
- Error Tracking: Disable show next button when next pagination is empty (merge request)
- Fix SSH mirrors not working in FIPS mode (merge request)
- This MR fixes list of corpuses (merge request) GitLab Enterprise Edition
- Correct padding for change password screen (merge request)
- Only show
Changes to free tier open source projects
banner to members (merge request) GitLab Enterprise Edition - Fixes diff case where .ipynb line contains '\n' (merge request)
- Fix deployment approval popup to support multiple approval rules (merge request) GitLab Enterprise Edition
- Fixes Semantic diffs displaying twice (merge request)
- Fix vertical alignment of compliance report rows so they are centred (merge request) GitLab Enterprise Edition
- Query only distinct OAuth access tokens by application ID (merge request)
- Fix duplicates in pages when sorting members by last_activity_on (merge request)
- Remove attention request docs (merge request)
- Fix avatar size for issue and MR placeholder notes (merge request)
- Correct call to computed hasSelectedColor by @espadav8 (merge request)
- Upgrade version of Swagger UI by @mulka (merge request)
- Add spec for buildkit cache image replication (merge request) GitLab Enterprise Edition
- Index vulnerability_reads on casted_cluster_agent_id (merge request)
- Fix GraphQL API to fetch clusterAgents from instanceSecurity Dashboard (merge request) GitLab Enterprise Edition
- Do not show guest users as participants when mentioned on internal note (merge request)
- Require project membership for merge request approvals (merge request)
- Use UTC for trial end date in popover (merge request) GitLab Enterprise Edition
- Does not generate ipynb diff if file is collapsed (merge request)
- Fix avatars displaying as block elements (merge request)
- Allow filtering by multiple negated milestones (merge request)
- Allow 16 character SubjectKeyIdentifier for x509 signed commits feature by @.wolf (merge request)
- Add sanity check for inputs (merge request)
- Update Vulnerabilities::DismissService (merge request) GitLab Enterprise Edition
- Sets vulnerability state properly (merge request) GitLab Enterprise Edition
- Simplify issue policy, allow bots metadata access (merge request)
- Fixes the remove group button to look correct (merge request)
- Fix
Integration#boolean_accessor
to work with data fields (merge request) - Update Vulnerabilities Confirm Service (merge request) GitLab Enterprise Edition
- Fix plural name "Failed jobs" for the pipeline failed email (merge request)
- Improve keyboard UX for toggle replies widget (merge request)
- gitaly_client: Fix error handling for structured AlreadyApplied error (merge request)
- Fix env var check for DISABLE_PUMA_WORKER_KILLER (merge request)
- Maintain namespace_id when connection error occurs in fogbugz importer (merge request)
- Fix LDAP sign in button padding (merge request)
- Remove valid epic check (merge request) GitLab Enterprise Edition
- Fix incorrect links when coming to 'Find file' from a file view by @shelld3v (merge request)
- Improve performance of loading OAuth apps and tokens (merge request)
- Patched Rails model generator to use GitLab template by @zillemarco (merge request)
- Allow epic_color_highlight flag to be applied to groups by @espadav8 (merge request) GitLab Enterprise Edition
- Add auditor access for group compliance report (merge request) GitLab Enterprise Edition
- Fix performance regression in issuable lists (merge request)
- Fix bitbucket cloud importer (merge request)
- Update Vulnerabilities::RevertToDetected Service (merge request) GitLab Enterprise Edition
- Fix nil error for last deployment group (merge request)
- Respect namespace_id for bitbucket server importer (merge request)
- Adjust members index flex spacing for longer text (merge request)
- Fix future iterations not being scheduled correctly (merge request)
- Show only top-level epics in roadmap page (merge request) GitLab Enterprise Edition
- Fix querying vulnerability_reads by cluster_agent_id (merge request) GitLab Enterprise Edition
- Poll for linked pipelines (merge request)
- Cancelling a merge request edit does not reset the autosaver (merge request)
- Revert Only send signed upload params from Wkhse (merge request)
- Fix deploy boards for Kubernetes 1.22 (merge request)
- Respect namespace_id in fogbugz importer (merge request)
- Improves css in ipynb mrs (merge request)
- GlTabsBehavior - Support hash updating (merge request)
- Merge details in audit event json log (merge request) GitLab Enterprise Edition
- Use i18n translations on reassigned issueable emails by @JeremyWuuuuu (merge request)
- Fix autocomplete in wikis (merge request)
- Insert job taggings in batches (merge request)
- Allow public access to awardables API (merge request)
- Fix GET /groups/:id to include runners token (merge request)
- Update Vulnerabilities::ResolveService (merge request) GitLab Enterprise Edition
- Fix agent token modal (merge request)
- Fix private contributions missing on the calendar if user leaves project by @eggerd (merge request)
- Pass status explicitly to Deployment Hook Worker (merge request)
- Fix eslint error (merge request)
- Prevent popovers from showing on group references (merge request)
- Queue Terraform state destroy worker outside of transaction (merge request)
- Fix Auth#token_bot_in_resource? check (merge request)
- Expand diff when navigating to pending comment by @JonstonChan (merge request)
- Migrate
Group name
andGroup URL
fields to Vue (merge request) - Update color preview shades to match header color (merge request)
Changed (224 changes)
- Update project stats for container reg deletes (merge request)
- Update triggers creating
vulnerability_reads
records (merge request) - Adds project-scoped callouts for failed web-hooks (merge request)
- Added creation time-range filters for Snippets API by @spmarisa (merge request)
- Update runners form error to pajamas (merge request)
- Changed instances of
(Any )[Ee]ligible user
toAll eligible users
(merge request) GitLab Enterprise Edition - Hide expand button for empty simple widgets (merge request)
- Add config file param to repository changelog api by @zhanglinjie (merge request)
- Show reports immediately after job completes by @kdabrowski (merge request)
- Remove commits from the main Advanced Search index (merge request) GitLab Enterprise Edition
- Add warning next to public projects shared with a private group (merge request)
- Remove omniauth_login_minimal_scopes feature flag (merge request)
- Create vulnerability state transitions as a better form of tracking (merge request) GitLab Enterprise Edition
- Disable creation of vulnerability feedback when dismissing vulns (merge request) GitLab Enterprise Edition
- Added snowplow tracking for package assets (merge request)
- Apply the VSA filters to the task by type charts (merge request) GitLab Enterprise Edition
- Give 300k minutes to contributors to spend on GitLab contributions (merge request) GitLab Enterprise Edition
- Use field level validation errors (merge request) GitLab Enterprise Edition
- Move header search events out of main.js (merge request)
- Prevent hidden projects to be downloaded via git actions (merge request) GitLab Enterprise Edition
- Bump Gitlab Shell version to v14.9.0 (merge request)
- Increase number of includes from 100 to 250 (merge request)
- Migrate mirror repos form errors (merge request)
- Migrate protected tag error form (merge request)
- Allow escalation for all incidents (merge request) GitLab Enterprise Edition
- Migrate CI/CD settings form error (merge request)
- Migrate errors form for autodeops settings (merge request)
- Return if FIPS enabled (merge request)
- Admin App-Settings Network header expand/collapse by @quatauta (merge request) GitLab Enterprise Edition
- Define LDAP omniauth_callbacks routes from GitLab config (merge request)
- Show all errors on invites for invite modal (merge request)
- Improve Admin Area settings UI text (merge request)
- Improve alert UX when updating existing design (merge request)
- Add tmp index for vuln findings with potentially mismatched scanners (merge request)
- Add Rebase without CI button to MR rebase widget by @KevSlashNull (merge request)
- Stop syncing alert and incident statuses (merge request)
- Add indices for protected environments and approval rules on created_at (merge request)
- Removes ci_value_change_for_processable_and_rules_entry ff (merge request)
- Remove standard_context_type_check ff (merge request)
- Remove
refactor_blob_viewer
FF references (merge request) - Migrates the spacing for icon of related item (merge request)
- Migrate
form_errors
in integration settings page (merge request) - Create Vue form to configure git abuse rate limits (merge request) GitLab Enterprise Edition
- Migrates spacing classes for approval checks (merge request) GitLab Enterprise Edition
- Bump omniauth-oauth version to v1.2.0 (merge request)
- Update admin edit group layout (merge request)
- Migrate
form_errors
increations/new_compare
form to Pajamas alert (merge request) - Bump prometheus-client-mmap to v0.16.1 (merge request)
- Remove banner about free project changes (merge request)
- Replace ci_runner_versions indices (merge request)
- Make CI/CD form error to be Pajamas compliant (merge request)
- Update gitlab_omniauth-ldap to v2.2.0 (merge request)
- Promote 'New identity' button as a primary action (merge request)
- Update Node.js from 10 to 14 used in CI by @tnir (merge request)
- Updated Secure Files Settings UI (merge request)
- Disable DS auto-remediate when FIPS mode (merge request) GitLab Enterprise Edition
- Make Application Settings sections headers collapsible (merge request)
- Use approvers information which are available (merge request) GitLab Enterprise Edition
- Add uuid to VulnerabilityFindingDismiss (merge request) GitLab Enterprise Edition
- Disable OAuth access token reuse (merge request)
- Move Title and Format fields in the same row by @ssurbhi560 (merge request)
- Migrate
form_errors
intwo_factor_auths/show
form to Pajamas alert (merge request) - Move link to the last item in formatting toolbar (merge request)
- Allow members invited by email to be re-invited (merge request)
- Application Settings General h4 Expand/Collapse by @quatauta (merge request) GitLab Enterprise Edition
- This MR replaces outdated skeleton-loading (merge request) GitLab Enterprise Edition
- Adds package group settings side-by-side layout (merge request)
- Track process commit limit overflow (merge request)
- Application Settings General h4 Expand/Collapse by @quatauta (merge request)
- Migrate error alert in user identity form (merge request)
- Migrate error alert in doorkeeper application form (merge request)
- Admin App-Settings Templates header expand by @quatauta (merge request) GitLab Enterprise Edition
- Refactor user popover to use
GlAvatarLabeled
(merge request) - Improve label of delete comment button (merge request)
- Use user_application_theme helper instead of hard-coded theme classes by @dreedy (merge request)
- Simplify scanner logic for security reports (merge request) GitLab Enterprise Edition
- Increase Webauthn credential XID length by @spotlightishere (merge request)
- Use Pajamas alert in milestones form (merge request)
- Add tooltip to shortcut element in navbar search field (merge request)
- Migrate form errors to Pajamas for grafana setting (merge request)
- Add the merge date to the Chain of Custody report (merge request) GitLab Enterprise Edition
- Rename CycloneDX artifact files (merge request) GitLab Enterprise Edition
- Feature search bar scope tokens (merge request)
- Add git_rate_limit_users_allowlist column to application_settings (merge request)
- Update supported browser versions (merge request)
- Warn user of feature flags risks (merge request)
- Migrate errors in new password to Pajamas alert (merge request)
- Send root_namespace_id to the Projects::ProjectDeletedEvent (merge request)
- Disable Geo proxy internal API polling when Geo not enabled (merge request)
- Apply rate limiting for paid plan customer hooks (merge request) GitLab Enterprise Edition
- Use auditor when auditing using audit changes (merge request) GitLab Enterprise Edition
- Omit MD5 fingerprints in deploy key API response (merge request)
- Replace deprecated createFlash, add loading icon and tabs query param (merge request) GitLab Enterprise Edition
- Drop empty fingerprint attribute in Vue access dropdown (merge request)
- Add hover state for button and remove border (merge request)
- Parse GitLab Runner release version suffixes (merge request)
- Add quick action support for group members (merge request)
- Move commit documents to new index (merge request) GitLab Enterprise Edition
- Removes noisy lines from transformed notebook (merge request)
- Support language filter for blob searches (merge request) GitLab Enterprise Edition
- Migrates spacing class for board card loader (merge request)
- Fix status box styling on Jira issue details page (merge request)
- Migrate errors in GPG keys to Pajamas alert (merge request)
- Container registry: stop appending Root image (merge request)
- Use Pajamas alert in repository check form (merge request)
- Consider versions with suffix in runner upgrades (merge request)
- Show more details for testing integration error (merge request)
- Migrate button to delete account (merge request)
- Vendor omniauth-gitlab gem to provide backwards compatibility (merge request)
- Use Pajamas alert in gitpod settings (merge request)
- Migrate buttons to switch stl viewer type (merge request)
- Replace Geo node with Geo site (merge request) GitLab Enterprise Edition
- Add ignore rule for migrated_to_new_structure (merge request) GitLab Enterprise Edition
- Change group recent activity window to 30 days (merge request) GitLab Enterprise Edition
- Add a keyword for default values in the CSP (merge request)
- Fixes the spacing of buttons on the compare page (merge request)
- Remove variable override on related tree item (merge request)
- Have Security Policies Enabled by Default (merge request) GitLab Enterprise Edition
- Hide the 'Resync' button when there are no results by @shelld3v (merge request)
- Hide 'New Epic' button on roadmap for unauthorized users by @shelld3v (merge request) GitLab Enterprise Edition
- Admin App-Settings Preferences header expand/collapse by @quatauta (merge request)
- Allow using pre tag outside of code blocks (merge request)
- Add queued_duration to the job entity (merge request)
- Migrates modal to delete pipeline (merge request)
- Update text for rollback modal (merge request)
- Admin App-Settings Advanced Search header expand by @quatauta (merge request) GitLab Enterprise Edition
- Add new column vulnerability_reads.casted_cluster_agent_id as bigint (merge request)
- Remove feature flag ci_build_finished_worker_namespace_changed (merge request)
- Replace YAML approver info with persisted data (merge request) GitLab Enterprise Edition
- In email footers, explicitly link to the GitLab host by @smokris (merge request)
- Updated agent status icons (merge request)
- Add root_namespace_id to Pages::PageDeletedEvent (merge request)
- Use Pajamas alert in repository mirroring settings (merge request)
- DB additions for CI Secure Files Replicator (merge request)
- Consolidate pipeline mini graph code (merge request) GitLab Enterprise Edition
- Migrates view seat usage button in alert (merge request) GitLab Enterprise Edition
- Migrates button to promote milestone (merge request)
- Remove GraphQL check for feature flag and return null by @espadav8 (merge request) GitLab Enterprise Edition
- Use Pajamas alert in visibility and access settings (merge request)
- Change in wording related to SAML experience (merge request) GitLab Enterprise Edition
- Fix: notify locale on failed builds by @JeremyWuuuuu (merge request)
- Migrates the spacing for icon in user dropdown (merge request)
- This MR enables sticky footer in Drawer (merge request) GitLab Enterprise Edition
- Modifies Package Registry group settings (merge request)
- Migrate LDAP sync buttons on member page (merge request) GitLab Enterprise Edition
- Convert admin users and admin group edit/new to be Pajamas compliant (merge request)
- Add Expand/Collapse to application settings CI/CD h4 by @quatauta (merge request)
- This adds the queued_at field to the job entity (merge request)
- Remove form_errors from the groups settings ci_cd form (merge request)
- Migrates the spacing class for job name (merge request)
- Migrates the spacing for buttons in dashboard (merge request)
- Use Pajamas alert in webhooks form (merge request)
- Replace repeat icon with retry icon for jobs (merge request)
- Migrate form errors (merge request) GitLab Enterprise Edition
- Migrates button to add previously merged commits (merge request)
- Accept runner patch upgrades from newer major releases (merge request)
- More informative timeout message (merge request)
- Replace jQuery in init_details_button.js by @quatauta (merge request)
- Remove callouts_trials_link_url (merge request) GitLab Enterprise Edition
- Update oauth2 gem to v2.0.2 (merge request)
- This MR migrates legacy html button to Pajamas button (merge request)
- Migrates spacing classes in modal to add commits (merge request)
- Add terminating newline to /:username.keys and /:username.gpg (merge request)
- Take migration state into account for size by @jeffpearce (merge request)
- Rewrote Project settings (merge request)
- Fixes truncation and tooltip on group selection (merge request)
- This MR migrates radio button to pajamas radio component (merge request)
- Change the revoke button to type
tertiary
(merge request) - Default on group_level_security_policies (merge request)
- Return :invalid for an invalid runner version (merge request)
- Modifies Dependency Proxy group settings (merge request)
- Use Pajamas alert in new application form (merge request)
- API: Backend support for manipulating web-hook variables (merge request)
- Migrate errors in group settings to Pajamas alert (merge request)
- Add Job ID to RepositoryUpdateMirrorWorker logs (merge request) GitLab Enterprise Edition
- Migrates spacing class on web ide tree (merge request)
- Remove artifacts storage warning (merge request) GitLab Enterprise Edition
- Improve UI text - group Permissions settings (merge request)
- Remove renamed workers and feature flag (merge request)
- Replace the menu icon on mobile (merge request)
- Remove custom override of breadcrumb separator (merge request) GitLab Enterprise Edition
- Migrate errors in password update to Pajamas alert (merge request)
- This MR enables sticky header in Drawer (merge request) GitLab Enterprise Edition
- Remove legacy
/-/integrations
routes from renamed controller (merge request) - Rollout prevent_abusive_searches feature flag (merge request)
- Migrates spacing classes for code review analytics (merge request) GitLab Enterprise Edition
- This MR defines behaviour of sidebar view mode (merge request) GitLab Enterprise Edition
- Update asana gem to v0.10.13 to relax oauth2 dependency (merge request)
- Remove usage of MD5 by wikicloth gem for FIPS (merge request)
- Migrates the spacing class for add commits button (merge request)
- Consider the certs specified via SSL_CERT_{DIR,FILE} variables (merge request)
- Backend support for manipulating web-hook variables (merge request)
- Migrates spacing classes to add related issue (merge request)
- Update gitaly_cgroups metric name (merge request)
- Use new cost factor 0.008 for public SaaS projects (merge request) GitLab Enterprise Edition
- Remove migrate_vulnerability_finding_uuids flag (merge request)
- Migrate edit profile errors to use Pajamas compliant alert (merge request)
- Migrates button to unprotect an environment (merge request) GitLab Enterprise Edition
- Admin App-Settings Metrics header expand/collapse by @quatauta (merge request)
- Update omniauth-oauth2 to v1.7.3 (merge request)
- Remove fallback calc of last sec report pipeline (merge request) GitLab Enterprise Edition
- Migrates buttons in warning to apply template (merge request)
- Default enable FF import_release_authors_from_github (merge request)
- Cleanup Project Settings > Repository > Protected branches (merge request)
- Adjust migration update query and refactor specs (merge request) GitLab Enterprise Edition
- Replace runners token indices in projects table (merge request)
- Migrates spacing class for requirements title (merge request) GitLab Enterprise Edition
- Migrates spacing class for commits author search (merge request)
- Migrates spacing on icon for hidden approvers (merge request) GitLab Enterprise Edition
- Admin App-Settings Reporting header expand/collapse by @quatauta (merge request)
- Application Settings Repository h4 Expand/Collapse by @quatauta (merge request)
- EE Application Settings CI/CD h4 Expand/Collapse by @quatauta (merge request) GitLab Enterprise Edition
- Migrate spacing class for reverify button in geo (merge request) GitLab Enterprise Edition
- Migrates spacing for applying suggestions message (merge request)
- Migrates spacing classes on snippets empty state (merge request)
- Migrates spacing class for clone button (merge request)
- Migrates spacing class on performance bar (merge request)
- Migrates the spacing class for discussion filters (merge request)
- Use popover for On-demand scans tooltip (merge request) GitLab Enterprise Edition
- Add upgrade indicators to runner details (merge request) GitLab Enterprise Edition
- Stop creating resolved alerts for self-recovering notifications (merge request)
- Update form to use pajamas_alert in spam application settings (merge request)
- Remove projects_build_artifacts_size_refresh flags (merge request)
- Clean up merge_request_pipelines_in_target_project feature flag (merge request)
Removed (23 changes)
- Remove onboarding experience survey and email from onboarding (merge request)
- Remove tracing ff and delete yml (merge request)
- Delete monitor logging ff (merge request)
- Add migrations to remove fk (merge request)
- Delete frontend code related to logs (merge request)
- Remove code for trigger job show page (merge request)
- Remove design resolved discussions popover (merge request)
- Add migrations for table and fk (merge request)
- Removethe optimized_followed_users_queries FF (merge request)
- Remove unused Projects::JobsController#status (merge request)
- Remove dead code from gitlab_ci settings (merge request)
- Remove old route for DAST profiles (merge request) GitLab Enterprise Edition
- Remove pod logs backend code (merge request)
- Remove pod logs service (merge request)
- Remove semver usage (merge request)
- Remove clusters_integrations_elastic_stack metric (merge request)
- Remove projects_enabled_with_tracing metric (merge request)
- Remove elastic cluster section on UI (merge request)
- Remove the
infinitely_collapsible_sections
feature flag (merge request) - Geo Sites Form - Remove Beta Badge (merge request) GitLab Enterprise Edition
- Remove old Sidekiq error logging fields (merge request)
- Remove file_identifier_hash feature flag by @feistel (merge request)
- Remove vsa_reaggregation_worker FF (merge request)
Security (17 changes)
- Allow inviting only groups with subset of allowed domains to groups
- Sanitize ZenTao breadcrumb links
- Gitlab Runner version upgrade
- Update ProjectAttributesTransformer to use fixed number of attributes
- Fix open redirect vulnerability
- Escape deploy key title to prevent XSS
- Fix group IP restrictions not enforced for container registry requests (merge request) GitLab Enterprise Edition
- Filter milestone release by user access
- Adds a filter based on user access to Runner jobs endpoint
- Security fix sentry issue leaks and access level check
- Check permissions before exposing user two factor enabled
- Fix permissions in the project labels API
- Fix the required access level in the Conan packages finder
- Restrict CI lint access to pipeline creators
- Catch endless headers when reading HTTP responses
- Prevent runners from picking IP restricted jobs
- Add rate limit on integration testing feature (merge request)
Performance (22 changes)
- Implement hit ration for diff caching (merge request)
- Do not allow waiting project authorizations refreshes (merge request)
- Improve DependencyLinker sanitization (merge request)
- Reduce queries in revert / cherry pick button (merge request)
- Use paginated tree for the last commit query (merge request)
- Remove unnecessary Redis calls in issue endpoints (merge request)
- Improve performance of related branches finder (merge request)
- Improve logs tree fetching performance (merge request)
- Improve performance of users API under load (merge request)
- Uses OJ Saj Parser to speed up Ipynbdiff (merge request)
- Remove delayed_project_import_schedule_worker flag (merge request)
- Remove sticky_ci_archive_trace_worker feature flag (merge request)
- Do not allow waiting project authorizations refreshes (merge request)
- Reduce queries for adding members (merge request)
- Improve performance of finding related branches (merge request)
- Schedule index to improve performance of contribution analytics (merge request)
- Preload rich viewer (merge request)
- Set expire_in for protected branch cache keys (merge request)
- Remove paginated_issue_discussions FF (merge request)
- Enable full-text search of issues by default (merge request)
- Prevent N+1 queries when rendering pipeline stage (merge request)
- Move incident closing for recovery alerts into a background job (merge request)
Other (49 changes)
- Remove plaintext token index from ci_builds (merge request)
- Disallow any database calls, or connections in routes (merge request)
- Drop unused ci builds index (merge request)
- Revert "Merge branch 'soft-validation-on-environment-external-url' into 'master'" (merge request)
- Drop post migration test table (merge request)
- Clean up confidential_notes feature flag (merge request)
- Add uuid to Service Ping medatada report (merge request)
- Turn Project authorizations refresh on changes in ProjectMember async (merge request)
- Fix usage of distance_of_time_in_words_to_now by @edith007 (merge request)
- Use correct styling for clear user status button (merge request)
- Remove measure_service_ping_metric_collection ff (merge request)
- Move finalize background migration to post-deploy (merge request)
- Update delayed_project_removal to NULL for UserNamespaces (merge request)
- Cache payload for unleash clients (merge request)
- Remove legacy queuing code (merge request)
- Remove
group_name_path_vue
feature flag (merge request) - Move integration channel placeholder var into constant by @chaomao (merge request)
- Update docs to mention Epic Colours by @espadav8 (merge request)
- Reschedule batched background migration (merge request)
- Remove the gitlab_sli_new_counters feature flag (merge request)
- Remove not null constraints from requirements columns (merge request)
- Pass License sha256 in usage data (merge request) GitLab Enterprise Edition
- Validate requirements.requirement_issue NOT NULL constraint (merge request)
- Cache external MR diffs on disk for faster Project Export (merge request)
- Put migration on hold when autovacuum is active (merge request)
- Use lazy Workhorse upload preauth for fallback routes (merge request)
- Update multiple admin alerts to pajamas (merge request)
- Add Feishu Integration Foundation by @chaomao (merge request)
- Drop unused ci builds index (merge request)
- Rename queues for finishing and achiving workers (merge request)
- Switch ActiveSupport::HashDigest to SHA256 (merge request)
- Ignore ci_triggers.ref before removal (merge request)
- Moves ipynbdiff to vendor (merge request)
- Setting sliding-list Partition Fix FF to True (merge request)
- Moves ipynbdiff to vendor (merge request)
- Add background migration to backfill missing search_data (merge request)
- Add post-migration test table (merge request)
- Clean up fallbacks in Emails::MergeRequests#push_to_merge_request_email (merge request)
- Hide dependency proxy for personal namespaces (merge request) GitLab Enterprise Edition
- Remove prerecord_service_ping_data feature flag (merge request)
- Add skeleton loader for usage_quota's storage (merge request) GitLab Enterprise Edition
- Backfill runner semver column (merge request)
- Remove contacts_autocomplete feature flag (merge request)
- Only send signed upload params from Workhorse (merge request)
- Revert "Merge branch 'jnnkl-codequality-findings-diff-inline' into 'master'" (merge request)
- Fix display of times in access and deploy token table by @edith007 (merge request)
- Support push options when creating merge request pipelines (merge request) GitLab Enterprise Edition
- Update GitLab Runner Helm Chart to 0.42.0 (merge request)
- Address database documentation Vale warningss by @cgives (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
July 21, 2022, midnight
name
15.2.0
type
Minor
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!