GitLab CE - 15.6.0
Security
(2022-11-21)
Added (150 changes)
- Migration to backfill users into elastic index (merge request) GitLab Enterprise Edition
- Enable Group-level Scan Result Policies feature by default (merge request) GitLab Enterprise Edition
- Create the first dynamic partition for builds metadata (merge request)
- Allows cascading package forward settings from admin to group (merge request)
- Add enterprise information to Metadata API (merge request)
- Introduce a limit of 200 assignees to issues/MRs (merge request)
- Add a rake task to sanitize internal note todos (merge request)
- Create Telesign services for phone verification (merge request)
- Add trend indicators to the Exec dashboard comparative table (merge request)
- Add database migrations for dependency proxy blobs in SSF (merge request) GitLab Enterprise Edition
- Bulk delete packages for package list (merge request)
- Add global alert for non-owners read-only namespace (merge request) GitLab Enterprise Edition
- [355137] Migrate MR review requests (merge request)
- Merge trains GET API by @markus.ferrell (merge request) GitLab Enterprise Edition
- Add issue health status sorting to GraphQL (merge request) GitLab Enterprise Edition
- Support for highlighting text in content editor (merge request)
- Add UserCounts to the OpenAPI documentation (merge request)
- Removes ci_variable_expansion_in_rules_exists (merge request)
- Add supporting index for Feedback migration (merge request)
- Add Projects::WikiRepository model (merge request)
- Support creation of Objective via work-items (merge request) GitLab Enterprise Edition
- Add index to vulnerability reads to account for no status filtering (merge request)
- Add matchingBranchesCount to branch rules endpoint (merge request)
- Add keyboard shortcut for review requests page (merge request)
- Add a service to create a merge request from a security finding (merge request) GitLab Enterprise Edition
- Add repository actor support to Feature api (merge request) GitLab Enterprise Edition
- Add API::Wikis to OpenAPI V2 (merge request)
- Add top level securityReportFinding query (merge request) GitLab Enterprise Edition
- Upgrade Pages to v1.63.0 (merge request)
- Log CI artifact size when downloaded via UI (merge request)
- Branch rules status check integration (merge request)
- Audit log when a merge request is merged with invalid approval rules (merge request)
- Allow caching of mergeability checks (merge request)
- Allow delete runners in bulk in group runner page (merge request)
- Support Google Cloud CDN for Web UI artifacts downloads (merge request)
- Provide support for multiple approval rules (merge request) GitLab Enterprise Edition
- API annotations for status checks apis (merge request) GitLab Enterprise Edition
- Save vulnerability findings data into
security_findings
table (merge request) GitLab Enterprise Edition - Re-enqueue update of epic cached counts (merge request)
- Add temporary column ci_project_monthly_usages.new_amount_used (merge request)
- Fix robocop failures (merge request) GitLab Enterprise Edition
- Readd member namespace id not null (merge request)
- Add querystring sync component for vulnerability report (merge request) GitLab Enterprise Edition
- Add
disable_download_button
settings for JH-only feature by @LXY1226 (merge request) - Truncate the title of the issue while creating from vulnerability (merge request)
- Add committer name check to push_rules by @zhzhang93 (merge request) GitLab Enterprise Edition
- Add associations alert to
Delete user and contributions
modal (merge request) - Add API::VulnerabilityFindings to OpenApi V2 (merge request) GitLab Enterprise Edition
- Add
purl_type
to sbom_components (merge request) - Update deployment tags to only match the current deployment commit (merge request)
- Add OpenApi documentation for CiLint (merge request)
- Add external status checks failed MR widget (merge request) GitLab Enterprise Edition
- Realtime updates for task descriptions (merge request)
- Add API::ProjectSnippets to OpenAPI V2 (merge request)
- Update GroupActivityAnalytics docs for OpenAPI (merge request) GitLab Enterprise Edition
- Background migrations split and retry on ActiveRecord::QueryCanceled (merge request)
- Add externalStatusChecks to graphql endpoint (merge request) GitLab Enterprise Edition
- Include iteration on create issue page by @songhuangcn (merge request) GitLab Enterprise Edition
- Add Rss Memory Growth monitor for Watchdog (merge request)
- Rollout
incident_timeline_events_for_severity
feature flag (merge request) - Add AddIndexOnPasswordLastChangedAtToUserDetails migration by @qt-gith (merge request)
- Add API::PersonalAccessToken to OpenAPI V2 (merge request)
- Add OpenAPI documentation for keys (merge request)
- Added pagination to Other Versions packages list by @geriley (merge request)
- Contribution analytics, expose user contributions (merge request) GitLab Enterprise Edition
- Add limited capacity job to destroy container repositories (merge request)
- Add create mutation for timeline event tags (merge request)
- Allow Releases to be published without giving access to source code (merge request)
- Import 'Allow force pushes - everyone' GitHub branch protection rule (merge request)
- Recreate async index for vulnerability reads location image (merge request)
- Add product analytics admin section (merge request) GitLab Enterprise Edition
- Add API::PersonalAccessTokens::SelfInformation to OpenAPI V2 (merge request)
- Added temporary index for uploads_size (merge request)
- Create GroupCommitEmail model and database table (merge request)
- Track users updating milestone for work items (merge request)
- Add GIT_SUBMODULES_DEPTH variable documentation by @bollenn (merge request)
- Add the Geo::ProjectWikiRepositoryRegistry model (merge request) GitLab Enterprise Edition
- Add the registry table to track replication/verification state (merge request) GitLab Enterprise Edition
- Adds search bar to Usage Quotas > Storage tab (merge request) GitLab Enterprise Edition
- Map 'Require review from Code Owners' GitHub rule with GitLab setting (merge request) GitLab Enterprise Edition
- Add error message to insights when query times out (merge request) GitLab Enterprise Edition
- Add OpenAPI documentation for Keys (merge request)
- Add create service, finder for tags (merge request)
- Add
findings_data
column tosecurity_findings
table (merge request) - Add default_preferred_language to application_settings by @icbd (merge request)
- Prepare for uuid type change (merge request)
- Event type information for group merge request setting updates (merge request) GitLab Enterprise Edition
- Implemented get RPM repository files endpoint by @Mshab (merge request)
- Allow OR params in GraphQL issue resolvers (merge request)
- Add API::Suggestions to OpenAPI V2 (merge request)
- Add API::ResourceAccessToken to OpenAPI V2 (merge request)
- Add project headers to release notifications (merge request)
- Implement Check constraint preventing redundant state transitions (merge request)
- Add status checks must succeed setting to project merge request settings (merge request) GitLab Enterprise Edition
- Add commit_committer_name_check to push_rules by @zhzhang93 (merge request)
- Add 'mirror_branch_regex' to 'project_settings' and 'remote_mirrors' by @lyb124553153 (merge request)
- Allow setting max PG replicas rails process connects to (merge request)
- Add query param to remove deprecated GraphQL schema items by @fabsrc (merge request)
- Adds ml candidate and experiment lists (merge request)
- Add detailed_merge_status to web hooks (merge request)
- Add API annotations for Product Analytics APIs (merge request) GitLab Enterprise Edition
- Add a foreign key on
Project#creator_id
(merge request) - Enable
dast_api_scanner
feature flag (merge request) GitLab Enterprise Edition - Add detailed_merge_status to REST API (merge request)
- Add anon and file-backed RSS metrics (merge request)
- Add GraphQL subscription for milestone assignment (merge request)
- Add API::MergeRequestDiffs to OpenApi V2 (merge request)
- Add confidential quick command for epics (merge request)
- Add secure schemas version 15.0.4 (merge request)
- Migration and model for audit event type streaming filter (merge request)
- Configure branch name for creating MR from an issue (merge request)
- GraphQL: add commit signature field by @brianjaustin (merge request)
- Add admin OAuth limit setting (merge request)
- Add work item milestone widget (merge request)
- Add take ownership mutation (merge request)
- Expose id field for protected ref API entities (merge request)
- Lock tables for partitioning (merge request)
- Add assignRunner to user permissions (merge request)
- Add index for id on scan finding approval_merge_request_rules (merge request)
- Add languages field to GraphQL Project type by @fabsrc (merge request)
- Add metrics for users creating MRs with applied scan result policies (merge request)
- Update(webhook): support both wildcard & regex by @JeremyWuuuuu (merge request) GitLab Enterprise Edition
- Improve CRM contacts quick actions suggestions by @zillemarco (merge request)
- Add JC proxy_url application setting (merge request)
- Add instrumentation for cache efficiency metrics (merge request)
- Add info popover MR security report widget (merge request) GitLab Enterprise Edition
- Add descending index for vulnerability reads group filters (merge request)
- Allow epics having child issues from different group hierarchies (merge request) GitLab Enterprise Edition
- Add API::AccessRequests to OpenAPI V2 (merge request)
- New API endpoint to display the user's count of associations (merge request)
- Add Rake task to migrate queued jobs (merge request)
- Cascading settings for package forwarding (merge request)
- Add database and model support for "Group-level Protected Branches" by @songhuangcn (merge request)
- Added the ability to move issues in bulk by @zillemarco (merge request)
- Enables MLFlow artifact storage (merge request)
- Update issue references during GitLab Migration (merge request)
- Add product_analytics_enabled application setting (merge request)
- Allow filtering work items by status widget (merge request) GitLab Enterprise Edition
- Backfill project namespace metadata (merge request)
- Group owners to disable 2FA auth for members (merge request) GitLab Enterprise Edition
- Add GraphQL APIs for updating the group's default compliance framework (merge request) GitLab Enterprise Edition
- Add metrics for user merge request with assigned security policy project (merge request)
- Partition ci_builds_metadata table (merge request)
- Add AI Assist allowed status endpoint (merge request) GitLab Enterprise Edition
- Add duration and queued duration to runner jobs (merge request)
- Trigger mergeRequestMergeStatusUpdated when MR gets approved/unapproved (merge request)
- Add basic JSON helpers (merge request)
- Graphql query for deployment approval summary (merge request)
- Add unprotectAccessLevels to EE graphql endpoint (merge request) GitLab Enterprise Edition
- Pull mirror GET API by @markus.ferrell (merge request) GitLab Enterprise Edition
Fixed (131 changes)
- Improve delete merged branches modal UX (merge request)
- Use project full_path and project iterations query rather than group (merge request)
- Fix: new merge request locale issue by @JeremyWuuuuu (merge request)
- Do not allow forward usage of .strong_memoize_attr() by @KyleFromKitware (merge request)
- Fix: devops adoption locale issue by @JeremyWuuuuu (merge request) GitLab Enterprise Edition
- Don't use redundant validation in ChangedLabel importer (merge request)
- Fix: pipeline minigraph wrong offset issue by @JeremyWuuuuu (merge request)
- Do not allow the last direct owner to leave top-level group (merge request)
- Convert relative repository file link into absolute link by @wwwjon (merge request)
- GitHub integration: use unique context for each pipeline by @KyleFromKitware (merge request) GitLab Enterprise Edition
- Fix sub-language highlighting (merge request)
- Improve statistic calculation for Vulnerabilities (merge request) GitLab Enterprise Edition
- Fix OpenAPI V2 document generation (merge request)
- Ensure Gitlab::Json::RailsEncoder fails the same on invalid UTF-8 (merge request)
- Set max limit to items in suggestions to 15 (merge request)
- Ignores ingress fetch failure for k8s less than 1.19 (merge request)
- Fix tabbing issue on the agents' list (merge request)
- Allow SCIM deprovision when user is not a group member (merge request) GitLab Enterprise Edition
- Dont fail RepositoryImportWorker when ImportService returns an error (merge request) GitLab Enterprise Edition
- Fix Environment Nil error in allowed_agents API (merge request)
- Handle case where selecting a tree entry parent may not have a tree (merge request)
- Keep job expanded while deleting artifact from it (merge request)
- Increase X509 subject attribute column limit by @L11R (merge request)
- Guard On-call Schedule and Escalation Policies URLs if disabled (merge request) GitLab Enterprise Edition
- Update oj-introspect to 0.7.1 (merge request)
- Fix 500 error when tag_name or ref_name are empty (merge request)
- Add auto-scrolling to dropdown during keyboard nav by @kbal11 (merge request)
- Fix a link to incident management configuration docs (merge request) GitLab Enterprise Edition
- Fix undefined method error when merge request is missing (merge request)
- GraphQL: Fix error when bulk deleting runners (merge request)
- Correct text colours on the dark-mode billing page (merge request) GitLab Enterprise Edition
- Revert Sidekiq default routing rules (merge request)
- Allow rollout of older deployment jobs if it's the same SHA (merge request)
- Remove "currently" from some UI text (merge request)
- Prevent impersonation of users with expired passwords (merge request)
- Geo: Fix redirect to secondary after SAML sign in (merge request) GitLab Enterprise Edition
- Show group access tokens in admin cred inventory (merge request) GitLab Enterprise Edition
- Show link to Terms of Use on Sign In only if terms exist by @wwwjon (merge request)
- Associate iteration with work item only when the FF is on (merge request)
- Fix redeploy button behavior (merge request)
- Improve source file syntax highlighting (merge request)
- Update create merge request service to be compatible with transactions (merge request)
- Allow links to be opened from Swagger UI (merge request)
- Update
cache
keyword for the JSON schema (merge request) - Fix pipeline state machine when retrying by @qt-gith (merge request)
- Clean up feature flag ajax_new_deploy_token (merge request)
- Fix checkboxes on work item descriptions (merge request)
- Fix
TF_STATE_NAME
default value in Terraform ci templates (merge request) - Fix artifacts available for terraform template latest by @benjamincerigo (merge request)
- Allow '..' in resource group keys for use in the API (merge request)
- Avoid streaming audit events when there is no change (merge request) GitLab Enterprise Edition
- Remove the foreign key on
Project#creator_id
(merge request) - Update broken heading link (merge request) GitLab Enterprise Edition
- Update verification state in the project_wiki_repository_state (merge request) GitLab Enterprise Edition
- Avoid empty metadata render in container registry (merge request)
- Add partial index for
security_scans
onid
for non-purged records (merge request) - Fix support for
nil
values for push rules validations (merge request) GitLab Enterprise Edition - Update pg_query to v2.2.0 (merge request)
- Allow underscores in full text search query (merge request)
- Add project information to scanner for authorize (merge request) GitLab Enterprise Edition
- Use the same sanitize method for advanced and basic search (merge request) GitLab Enterprise Edition
- Prevent rewriting of joined table in statements to make queries work (merge request)
- Hide delete branch button when user doesn't have permission (merge request)
- Bump the size of elastic query for getting migrations (merge request) GitLab Enterprise Edition
- Fix markdown editor autofocus behavior (merge request)
- Issue: Fix spacing on emoji status in title (merge request)
- Add Hashie::Array to allowed YAML serialization classes (merge request)
- Keep milestone status when a project is transferred (merge request)
- Fix MR notes not showing author badges (merge request)
- Handle events that target vulnerabilities (merge request) GitLab Enterprise Edition
- Iterations bug fixed for task without a parent (merge request)
- Audit security policy project changes (merge request) GitLab Enterprise Edition
- Update loading state styling (merge request)
- Allow all http and https sources for media-src (merge request)
- Prevent search for when under 3 characters (merge request)
- Fix merge request header button alignment (merge request)
- Gracefully ignore non-string search parameters (merge request)
- Ensure additional_params is passed through (merge request)
- Approvers group does not persist after adding it to the approval rules (merge request)
- Container Repository, implement delete event (merge request) GitLab Enterprise Edition
- Test coverage: Extract source path OS-agnostically (merge request)
- Fix Opensearch compatibility check (merge request) GitLab Enterprise Edition
- Support Markdown in Jupyter output (merge request)
- Nullify
created_projects
relation on User delete (merge request) - Refetch stage jobs in job log (merge request)
- Hide Tree view button on epics for Premium (merge request) GitLab Enterprise Edition
- Fix to allow empty array of associatedProjects (merge request)
- Correctly position tree view with performance bar (merge request)
- Remove deprecated attribute from cve_value logic (merge request) GitLab Enterprise Edition
- Show play button on environment detail page to deployment-only users (merge request) GitLab Enterprise Edition
- Fix GitHub company name on import page by @Taucher2003 (merge request)
- Adds block to label dropdown (merge request)
- Handle password manager auto-fill-then-submit (merge request) GitLab Enterprise Edition
- Add auditor access for group CI/CD Analytics (merge request) GitLab Enterprise Edition
- Fix comment preview of issuable link+ on epics (merge request) GitLab Enterprise Edition
- Wrap artifact names (merge request)
- Fix Jira namespace subscription bug (merge request)
- Add auditor access for group container registry (merge request) GitLab Enterprise Edition
- Include version suffix in agent install command (merge request)
- Fix audit event date-range inputs responsiveness (merge request) GitLab Enterprise Edition
- Truncate Legacy Tables should error on multiple-shared databases (merge request)
- Fix: locale on commits detail page by @JeremyWuuuuu (merge request)
- Fix header create new button vertical alignment (merge request)
- Add ability for top-level group owners to unban subgroup members (merge request)
- Improve mobile layout of MR widget (merge request)
- Vertically align MR badge and branch info (merge request)
- Fix issues with some scopes not being sent during token creation (merge request)
- Optimize UnestedInFilters query rewriter (merge request)
- GitLab Version - Fix nested links in help dropdown (merge request)
- Fixing cotaining => containing typo (merge request)
- Show re-deploy/rollback button to deployment-only users (merge request) GitLab Enterprise Edition
- Prevent web_hooks.recent_failures overflowing (merge request)
- Fix Ci::RegisterJobService return value (merge request)
- Fix design management styling in MR diff (merge request)
- Updated bulk move issues milestone in the docs by @zillemarco (merge request)
- Disable commenting on lines that will fail to save the comment (merge request)
- Preload indexing records in batches (merge request) GitLab Enterprise Edition
- Show mergedYaml content whenever available (merge request)
- Ensure schemas are up-to-date after migration tests complete (merge request)
- Admin email form - disable submit until required fields are completed (merge request) GitLab Enterprise Edition
- Update scrolling issue (merge request)
- Specify certificates when connecting to KAS using TLS (merge request)
- Fix vertical alignment of system note icon (merge request)
- Fix wrong behavior when CI keyword "when" is an array (merge request)
- Updates the PlayBuildService to use can_enqueue (merge request)
- Add terms disclaimer to Group SAML sign in page (merge request) GitLab Enterprise Edition
- Allow dashes in datadog site (merge request)
- Fix flaky tests for git rate-limiting services (merge request) GitLab Enterprise Edition
- Paths that aren't strings are considered invalid (merge request)
- Fix: locale on create protected tag page by @JeremyWuuuuu (merge request) GitLab Enterprise Edition
- Delete state transtions with no state change (merge request)
Changed (195 changes)
- Clean up ci_variable_settings_graphql ff (merge request)
- Improve user impersonation button UX by @geriley (merge request)
- Remove unusable feature flag (merge request)
- Remove index_user_callback feature flag (merge request)
- Fix a typo in suggestions REST API doc (merge request)
- Service account list links back to Google Cloud Console (merge request)
- Removed duplicated build package information (merge request)
- Pass search curation flag to elasticsearch indexer (merge request) GitLab Enterprise Edition
- Disable spellcheck on CI variables value field (merge request)
- Change validation for name in scan finding approval rules (merge request)
- Update merge request loading error message (merge request)
- Enable watchdog by default for Puma (merge request)
- This MR transfers method to vue_shared (merge request) GitLab Enterprise Edition
- Add highlight.js plugin to highlight podspec.json files (merge request)
- Add status checks and approval rules to branch details (merge request)
- Remove misleading strong emphasis in MR widget for vulnerabilities (merge request) GitLab Enterprise Edition
- Locked files: Update copy and UI (merge request) GitLab Enterprise Edition
- Update topics open api (merge request)
- Remove project-key-support conditional (merge request)
- Enable split_operations_visibility_permissions by default (merge request)
- Hide env scope field in Admin CI/CD variables (merge request)
- Add updated_at datetime to billable users blocks (merge request) GitLab Enterprise Edition
- Add dry_run parameter to Search::IndexCurator (merge request) GitLab Enterprise Edition
- Add namespace to token access (merge request)
- Implement AccessLevel User and Group types with limited fields (merge request) GitLab Enterprise Edition
- Update suggestions REST API documentation and include batch_apply (merge request)
- Add max_seats_used_changed_at index (merge request)
- Add title to runner delete error alert (merge request)
- Enable
use_introspect_parser
feature flag by default (merge request) GitLab Enterprise Edition - Add highlight.js plugin to highlight podspec.json files (merge request)
- Adapt Maven API to consider the package registry access level by @wwwjon (merge request)
- Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/376870 (merge request)
- Adapt npm API to consider the package registry access level by @wwwjon (merge request)
- Refactor vulnerability report status filter (merge request) GitLab Enterprise Edition
- Add pipeline name to Slack pipeline messages (merge request)
- Remove Sidekiq jobs migration in 15.6 (merge request)
- Add new field
webUrl
to VulnerabilityType (merge request) GitLab Enterprise Edition - Drop use_cdn_with_job_artifacts_ui_downloads feature flag (merge request)
- Pass column name to mount_file_store_uploader by @sathieu (merge request)
- Support structured error for UserCommitFiles (merge request)
- This MR alert message for pre-scan verification (merge request) GitLab Enterprise Edition
- Update messages for CI include validation errors (merge request)
- Allow using different icons for the help popover (merge request)
- Hide webhook value in chat integrations (merge request)
- Fixed broken links (merge request)
- Update global alert for read-only namespace (merge request)
- Open api invitations (merge request)
- Add new field webUrl to Code Quality Reports API response (merge request) GitLab Enterprise Edition
- Skip create rule for group when creating group by @lyb124553153 (merge request) GitLab Enterprise Edition
- Remove trigger_mr_subscription_on_merge_status_change feature flag (merge request)
- Open api badges (merge request)
- Clean up temporary code that fixed the wrongly backfilled
expire_at
(merge request) - Project events open api (merge request)
- Remove temporary index on project_features (merge request)
- Move usage_quotas/pipelines directory (merge request) GitLab Enterprise Edition
- Update CI/CD variable value textarea maxRow to 10 (merge request)
- Require security approval when scans are removed in MR (merge request)
- Fix SSO enforcement for public projects (merge request) GitLab Enterprise Edition
- Remove highlighting from new issues (merge request)
- Add highlight.js plugin to highlight gemfiles (merge request)
- Include database name in Unsupported PostgreSQL warning (merge request)
- Update star_count on hooks and user state transitions by @bufferoverflow (merge request)
- Polish the UI for the projects list (merge request)
- Change job limit message (merge request) GitLab Enterprise Edition
- This MR migrates submit buttons to pajamas component (merge request) GitLab Enterprise Edition
- Search Page Vue vertical navigation (merge request)
- Add h1 to user profile page (merge request)
- Add
raw
to CI variable REST endpoints (merge request) - Refactor vulnerability report image filter tooltip into image filter (merge request) GitLab Enterprise Edition
- Search Page Vue vertical navigation (merge request)
- Add notes summary into csv export (merge request) GitLab Enterprise Edition
- This MR adds stepped list for pre-scan verification (merge request) GitLab Enterprise Edition
- Migrate email_confirmation_setting value (merge request)
- Move usage_quotas/ci_minutes_usage directory (merge request) GitLab Enterprise Edition
- Bump gitlab-metrics-exporter version (merge request)
- Exclude Sidekiq retry errors from reportable Sentry events (merge request)
- Removes unused feature flag (merge request)
- Improve error handling of runners bulk deletion (merge request)
- Enabled
purge_stale_security_findings
flag by default (merge request) GitLab Enterprise Edition - Update toggle description button to pajamas (merge request)
- Update delete milestone button to pajamas (merge request)
- Add tooltip to issue header ellipsis button (merge request)
- Recognize 'time' for time tracking quick actions by @Taucher2003 (merge request)
- Add custom context to active_users_project_repo event (merge request) GitLab Enterprise Edition
- Move API::BroadcastMessages endpoint (merge request)
- Enable new test summary widget (merge request)
- Squelch "Can't verify CSRF token authenticity" messages (merge request)
- Update access levels from protected branch api (merge request) GitLab Enterprise Edition
- Add search index curation (merge request) GitLab Enterprise Edition
- Remove End-of-Support analyzers from SAST config UI (merge request)
- Bump gitlab-metrics-exporter version (merge request)
- Add a keyword mapping for username (merge request) GitLab Enterprise Edition
- Add job to /api/v4/job/allowed_agents context (merge request)
- Email says user was banned only when auto-ban setting is enabled (merge request) GitLab Enterprise Edition
- Move pipeline_schedules directory (merge request)
- Track wiki verification in the project_wiki_repository_registry table (merge request) GitLab Enterprise Edition
- Track wiki replication in the project_wiki_repository_registry table (merge request) GitLab Enterprise Edition
- Add validationStartedAt to DastSiteProfileType (merge request) GitLab Enterprise Edition
- Remove GitHub Import from database codeowners (merge request)
- Drop Go 1.17 support and mandate Go 1.18 (merge request)
- Adapt Go API to consider the package registry access level by @wwwjon (merge request)
- Limit all Sentry responses for Error Tracking (merge request)
- Remove refactor_code_quality_extension feature flag (merge request)
- Rename columns and add tooltip to path column (merge request)
- Add i18n support to default brand title by @icbd (merge request)
- Removed work_items_hierarchy ff (merge request)
- Add token endpoint to the alllowed sources (merge request)
- Highlight Godeps.json on client (merge request)
- Enable lazy_load_commits feature flag by default (merge request)
- Display incident's severity name and label in timeline events (merge request)
- Change timeline event length validation to 280 on user input (merge request)
- Reduce cleanup package registry worker cadence to every hour (merge request)
- Removed work_items_hierarchy definition (merge request)
- Migrate Sidekiq jobs outside of current routing rules (merge request)
- Drop ci_job_artifacts_cdn feature flag (merge request)
- Update related items empty states (merge request)
- Remove stroke from contrib calender (merge request)
- Move ci_minutes_usage directory (merge request) GitLab Enterprise Edition
- Adding metadata to Secure Files API response (merge request)
- Change the wording of retry button for passed jobs (merge request)
- This MR migrates legacy html button to Pajamas button (merge request)
- Updated the placeholder logic for trigger fields (merge request)
- Backward compatible behavior in alert management client side router by @dannyelcf (merge request)
- Add feature flags user lists endpoints to OpenApi v2 docs (merge request)
- Add Objective and Keyresult to work item types (merge request)
- Remove
dast_ui_redesign
feature flag (merge request) - Update documentation for troubleshooting limited job pipelines (merge request)
- Mask the "Secret token" input in the webhook form (merge request)
- Add MigrateSharedVulnerabilityScannersV2 background migration (merge request)
- Use full-text search with in param (merge request)
- Add new columns into vulnerability export (merge request) GitLab Enterprise Edition
- Improve UX for release assets screen (merge request)
- Guard for when user index migration has not been completed (merge request) GitLab Enterprise Edition
- Use inline error when adding existing item to linked items (merge request)
- Remove project_id from sprints (merge request)
- Re-linked Preview tab to live-preview on .md files (merge request)
- Move and refactor PATCH endpoint (merge request)
- Moving default branch setting to branch default (merge request)
- Update CI/CD variables table (merge request)
- Add has_many alerts association to issues (merge request)
- Update user cap description (merge request) GitLab Enterprise Edition
- Change order of items in deployment sidebar (merge request)
- Clean up and tie PBKDF2+SHA512 user passwords to FIPS (merge request)
- Create a user elasticsearch index and index users (merge request)
- Update CLI messages when action is rejected due to storage limit (merge request) GitLab Enterprise Edition
- Improve issuable confirm modal by @ali_o_kan (merge request)
- Update gitlab-labkit to v0.26.0 (merge request)
- Display formatted health status in issue sidebar (merge request) GitLab Enterprise Edition
- Backfill existing user_details fields from users table by @brianjaustin (merge request)
- Allow rollback with Prevent Outdated Deployment Job feature (merge request)
- Add details to security finding type (merge request) GitLab Enterprise Edition
- Remvs redundant var
temp_deployment_associations
by @afzal442 (merge request) - This MR adds summary component to a drawer (merge request) GitLab Enterprise Edition
- Replace token indices in ci_runners table (merge request)
- Revisit padding in test suite report table (merge request)
- Remove min_access_level check (merge request)
- Add back in migration (merge request)
- Enable masking the newly created access tokens (merge request)
- Update cluster management project template (merge request)
- Remove agent_authorization_include_descendants feature flag (merge request)
- Drop fingerprint column from sbom sources (merge request)
- Update commit note action buttons (merge request)
- Add DeletePackageModal shared component by @ali_o_kan (merge request)
- Display container image shortened path (merge request)
- Update VSA max date range tooltip text (merge request)
- Less padding for sidebar subfolders on diffs (merge request)
- Add DAST_API_EXCLUDE_URLS variable for api scans (merge request) GitLab Enterprise Edition
- Adapt PyPI API to consider the package registry access level by @wwwjon (merge request)
- Allow only project/group reporters to read confidential notes (merge request)
- Update elastic search filter for confidential notes (merge request) GitLab Enterprise Edition
- GitLab Version - Event naming changes (merge request)
- Add
environment
keyword to deploy jobs in CI/CD templates by @anshulriyal (merge request) - Add a meaningful event name for path in Project (merge request) GitLab Enterprise Edition
- Improve alert management client-side router usage by @dannyelcf (merge request)
- Add email confirmation setting enum (merge request)
- Update dependency auto-build-image to v1.21.0 (merge request)
- Group SAML Group Sync retains default membership (merge request) GitLab Enterprise Edition
- Stop returning alerts from prometheus alerts endpoint (merge request)
- Update dependency auto-deploy-image to v2.42.1 (merge request)
- Adds package registry migration survey banner (merge request)
- Create merge_request_diff asynchronously (merge request)
- Extract values and add them to constants by @TrueKalix (merge request)
- Remove remove_extra_primary_submenu_options feature flag (merge request)
- Remove new_navbar_layout feature flag (merge request)
- Add support for group level scan result policies (merge request) GitLab Enterprise Edition
- Update various buttons to use pajamas component (merge request)
- Add API_REQUEST_HEADERS variable for api scans (merge request) GitLab Enterprise Edition
- Show only active users on Starrers page of a project by @wwwjon (merge request)
- Cleanup admin/subscription page tables (merge request) GitLab Enterprise Edition
- Change "Self monitoring" to "Self-monitoring" by @scootergrisen (merge request)
- Optimise remediation ingestion with bulk insertion (merge request) GitLab Enterprise Edition
- Rename ci_pipeline_metadata.title to name (merge request)
- Remove unnecessary horizontal lines (merge request)
- Clean up logged_out_marketing_header (merge request)
- Remove without_deleted param (merge request)
Deprecated (2 changes)
- Deprecation notice for
merge_status
field (merge request) - Deprecate registration token in Runner Operator (merge request)
Removed (6 changes)
- Remove temp index invalid member (merge request)
- Remove unused method to check if we should re-download data (merge request) GitLab Enterprise Edition
- Remove missing_security_scan_types feature flag (merge request)
- Remove old product analytics features (merge request)
- Remove temp index on approval_merge_request_rules (merge request)
- Remove new layout feedback banner (merge request)
Security (13 changes)
- Handle JSON input correctly for swagger-ui (merge request)
- Redact confidential references in Jira issue descriptions (merge request)
- Forbid reading emojis on internal notes (merge request)
- Fix Running Upstream Pipelines Jobs Without Permission (merge request)
- Same-site redirect vulnerability (merge request)
- Update Gitaly Version (merge request)
- Resolve users can view audit events from other members (merge request)
- Add a redirect wall before artifact redirect to pages (merge request)
- Sandbox swagger-ui to prevent injection attacks (merge request)
- BYPASS: Stored-XSS with CSP-bypass via scoped labels' color (merge request)
- Fix external project permission when using CI prefill variables (merge request)
- Path traversal fix for Secure Files (merge request)
- Add length limit to addressable URLs (merge request)
Performance (22 changes)
- Remove
group_overview_tabs_vue
feature flag (merge request) - Use efficient in operator query for fetching group & project activities (merge request)
- Add in_product_marketing_emails index (merge request)
- Cleanup cache_unleash_client_api feature flag (merge request)
- Memoize Project#has_group_hooks? check (merge request) GitLab Enterprise Edition
- Only build MR hook data when needed (merge request)
- Fix Projects list API preloaders (merge request)
- Switch transfer group dropdown to API data source (merge request)
- Remove duplicate_jobs_cookie feature flag (merge request)
- Remove user_destroy_with_limited_execution_time_worker feature flag (merge request)
- Use partial GIN index for non-latin issue searches (merge request)
- Improve performance of MR changes count (merge request)
- Improve issue search performance for recent items (merge request)
- Change ActiveSupport::JSON to use Gitlab::Json (merge request)
- Add GhostUserMigration#consume_after column (merge request)
- Render first chunk immediately (merge request)
- Memoize Project#has_active_integrations? check (merge request)
- Replace Sidekiq JSON methods with Gitlab::Json (merge request)
- Optimize source viewer rendering (merge request)
- Add server-side pagination to SearchFilesByName (merge request)
- Optimize source viewer rendering (merge request)
- Disable fastupdate on issues and merge_requests GIN indexes (merge request)
Other (60 changes)
- Fix Style/Next offenses by @mhdasm3 (merge request)
- Propagate feature flag actors in all Gitaly RPC services (merge request)
- Add migration for new index (merge request)
- Enforce HTTP/HTTPS schemes in Octokit Middleware (merge request)
- RuboCop: Enable previously disabled Rails/ContentTag by @edith007 (merge request)
- RuboCop: Enable previously disabled Rails/LexicallyScopedActionFilter by @edith007 (merge request)
- Remove
ci_job_jwt
feature flag (merge request) - Stop tracking errors when deleting branches (merge request)
- Improve the specs in
invitations_spec.rb
(merge request) - Prepare removal of old issue trigram indexes (merge request)
- Propagate user_id to Gitaly via gRPC metadata (merge request)
- Remove experiment_users table (merge request)
- Removed realtime labels FF (merge request)
- Add more logs for CI config external files V2 (merge request)
- Removes truncate_long_blobs_in_search flag by @sd5869 (merge request)
- Deprecate merge_status from api and webhooks (merge request)
- Add post migration for deleting tag data (merge request)
- Propagate feature flag actors in Gitaly RPC calls (merge request) GitLab Enterprise Edition
- Add new job for solely deleting branchs from gitaly (merge request)
- Update invisible_captcha gem from 1.1.0 to 2.0.0 (merge request)
- Updated OAuth example links to https by @zillemarco (merge request)
- Documentation changes for latest release and release asset download API by @zillemarco (merge request)
- RuboCop: Enable Style/Lambda and change to
EnforcedStyle: literal
by @edith007 (merge request) - Validate environment_id foreign key on deployments table (merge request)
- RuboCop: Disable Rails/HasManyOrHasOneDependent permanently by @edith007 (merge request)
- Add more logs for CI config external files (merge request)
- Put requirements filter by test reports under feature flag (merge request) GitLab Enterprise Edition
- Removes ipynb_semantic_diffs feature flag (merge request)
- Add rubocop cop Graphql/EnumNames by @fabsrc (merge request)
- Stub license to fix JH integration factory spec by @chaomao (merge request)
- Change DuplicateJobs cookie key (merge request)
- Fix Style/RedundantInterpolation offenses in spec/ by @mhdasm3 (merge request)
- Add index to support filtering issues by last test report state (merge request)
- Remove externally_stored_diffs_caching_export feature flag (merge request)
- Consolidate Wiki model methods (merge request) GitLab Enterprise Edition
- Ensure that requirement belongs to same project of work item (merge request) GitLab Enterprise Edition
- Fix Style/CaseLikeIf offenses by @mhdasm3 (merge request)
- Another attempt to create issue trigram indexes (merge request)
- Update fogbugz gem to 0.3.0 (merge request)
- Edit pipeline-triggers API annotation (merge request)
- Remove FF ci_stop_expanding_file_vars_for_runners (merge request)
- Remove FF ci_requeue_with_dag_object_hierarchy (merge request)
- Remove outdated gocloud.dev backport (merge request)
- Use MessagePack for DuplicateJobs cookies (merge request)
- Improve Upgrade Path tool visibility by @zillemarco (merge request)
- Expose the raw attribute of ci-variables models (merge request)
- Cleanup task system note renaming background migration (merge request)
- Change DuplicateJobs Redis format (merge request)
- Move work item weight counters to CE (merge request)
- Update graph button to pajamas (merge request)
- Remove unused haml file that was moved to Vue (merge request)
- Remove default-enabled hash_oauth_tokens feature flag (merge request)
- Remove 'audit_event_streaming_git_operations' feature flag (merge request)
- Update profile buttons to pajamas (merge request)
- Remove disable_load_entire_blob_for_diff_viewer feature flag (merge request)
- Move the stale etag check before highlighting cache (merge request)
- Add variable name to file-variable logging (merge request)
- Add delay when performing refresh with delay (merge request)
- Update Gitlab Shell to 14.13.0 (merge request)
- Migrate card to Pajamas (merge request) GitLab Enterprise Edition
Security
Security wording was detected, but no CVEs were found.
Details
date
Nov. 21, 2022, midnight
name
15.6.0
type
Minor
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!