GitLab CE - 16.0.0
Security
(2023-05-18)
Added (168 changes)
- Add X-GitLab-ConfidentialIssue: header boolean by @micah (merge request)
- Adds CI information to candidate detail (merge request)
- Added pipelines shortcut by @AlexNewson (merge request)
- Add user deactivate service (merge request) GitLab Enterprise Edition
- Updated code based on suggestion (merge request)
- feat: Add lock_version to milestone by @gerardo-navarro (merge request)
- Enable import_details_page ff by default (merge request)
- Add audit events schema definitions (merge request) GitLab Enterprise Edition
- Add specs for ApprovalProjectRule creation (merge request)
- Add environment tier to deployment webhooks (merge request)
- Add keyword to allow multiple cache fallback keys by @renehernandez (merge request)
- Add emoji awards for work item (merge request) GitLab Enterprise Edition
- GraphQL project fields for refs containing a commit (merge request)
- Make group-level git protocol control available (merge request)
- [Audit Events] Asynchronous database index addition (merge request) GitLab Enterprise Edition
- Show alert about any configured deploy freezes (merge request)
- Model and table for google cloud logging integration (merge request)
- Add to do widget for work items (merge request) GitLab Enterprise Edition
- Add Zola template for .gitlab-ci.yml by @homersimpsons (merge request)
- Allow sending secret detection vulnerabilities to the AI API (merge request) GitLab Enterprise Edition
- Enable realtime approval updates by default (merge request)
- Add coverage fuzzing to registration features (merge request) GitLab Enterprise Edition
- Add update_design permission to check user rights to edit description (merge request)
- Add blocked_by and blocks quick actions for issues (merge request) GitLab Enterprise Edition
- Implement YAML config file for the Value stream dashboard (merge request) GitLab Enterprise Edition
- Add branches to the initial Jira data sync (merge request)
- Adds PAT based auth (merge request)
- Add model for storing ai ci editor conversations (merge request)
- Add dismissal reason and comment to vulnerability bulk updates (merge request) GitLab Enterprise Edition
- Add a Breach and Attack Simulation CI template (merge request) GitLab Enterprise Edition
- Add support for npm group level endpoints in compressed json middleware (merge request)
- Add RTL support in content editor (merge request)
- Add support for basic auth on Maven registry download endpoints (merge request)
- Add health_status to webhook payload data (merge request) GitLab Enterprise Edition
- Add update action and update service for Abuse Reports (merge request)
- Resource access token rotation API (merge request)
- Add model for storing ai ci editor conversations (merge request)
- Add ability to read_vulnerability to custom roles (merge request)
- Extend VertexAi::Client to add text/code/message_chat methods (merge request) GitLab Enterprise Edition
- Add documentation for Compliance Framework CSV Export (merge request) GitLab Enterprise Edition
- Enable feature flags for new runner creation (merge request)
- Add SecureFlag training provider by @bruce.lay (merge request)
- Support + and +s reference expansion for work items (merge request)
- Shows link to jobs on the list of Ml::Candidate (merge request)
- Create a service to build npm metadata cache record (merge request)
- Enable the feature flag
ci_include_components
(merge request) - Add HLL counter for projects that initialize product analytics (merge request) GitLab Enterprise Edition
- Add merged merge request delete audit event (merge request) GitLab Enterprise Edition
- PAT rotation API (merge request)
- Enable work item conversion (merge request)
- Add GraphQL query for inherited CI variables (merge request)
- Allow remember me to be set in Admin area general settings (merge request)
- Add truncated text component (merge request)
- Show services on Environments index page (merge request)
- Backend to allow remember me to be disabled (merge request)
- Remote Development feature behind a feature flag (merge request)
- Add vulnerabilities counts to VSD (merge request) GitLab Enterprise Edition
- Add GraphQL support for visibility_pipeline_id (merge request)
- Add type quick action for work items (merge request)
- Expose reference and createNoteEmail fields (merge request)
- Add runner field to job_type by @TrueKalix (merge request)
- Create routing table for ci_builds (merge request)
- Geo Sites - Add primary last event id (merge request) GitLab Enterprise Edition
- Add data migration for human user type (merge request)
- Implement Gitlab::Llm::Anthropic::Client (merge request)
- Skip copy job artifacts uploaded to final location (merge request)
- Implement runner backoff for migrations (merge request)
- Expose Issues Completed under GraphQL flow metrics (merge request) GitLab Enterprise Edition
- Preload SamlProvider for cross child epics groups (merge request) GitLab Enterprise Edition
- Only allow user to be remembered if application setting enabled (merge request)
- Enable vsa_group_and_project_parity FF by default (merge request) GitLab Enterprise Edition
- Add RedisHLL counter for creating dashboards (merge request) GitLab Enterprise Edition
- Add redis counter for viewing dashboard (merge request) GitLab Enterprise Edition
- Geo Sites - Read Help Icon to Secondary Site (merge request) GitLab Enterprise Edition
- Add new properties to
GET /users/:user_id/projects
(merge request) - Add export button for framework report (merge request) GitLab Enterprise Edition
- Add support for cancelling drag on Esc key press (merge request) GitLab Enterprise Edition
- Add ability to filter github repositories by relation type (merge request)
- Enable GlFilteredSearch terms-as-tokens prop on Plan pages (merge request)
- Add output moderation to OpenAI::Client (merge request) GitLab Enterprise Edition
- Add ability to add/edit compliance frameworks directly from report (merge request) GitLab Enterprise Edition
- Add Value Stream Dashboard tracking table (merge request)
- Skip phone verification when TeleSign is down (merge request) GitLab Enterprise Edition
- Disallow runner registration if allow_runner_registration_token disabled (merge request)
- Add new table to store note metadata (merge request)
- Allow all users to opt-in to the navigation redesign beta (merge request)
- Adding create API for instance audit external destinations (merge request) GitLab Enterprise Edition
- Adds link to settings from dependency proxy (merge request)
- Reflect state transition comments in system notes (merge request) GitLab Enterprise Edition
- Associate Ml::Candidate to Ci::Build (merge request)
- Create the Organization model (merge request)
- Adds digest label & copy button for dependency proxy UI (merge request)
- Add support for new vulnerability status filtering (merge request) GitLab Enterprise Edition
- Enable sync_approval_rules_from_findings by default (merge request)
- Add option to keep quick actions in text (merge request)
- Add Abuse Reports Detail View (merge request)
- Add moderation to OpenAI::Client (merge request) GitLab Enterprise Edition
- Add settings to database (merge request)
- Add runners to job/pipeline seed data by @TrueKalix (merge request)
- Create Abuse Report Events table (merge request)
- Add project cell admin jobs vue by @TrueKalix (merge request)
- Add Remember Me Enabled to Application Settings (merge request)
- Create a new table to hold diff summaries (merge request)
- Create bot user when security policy is linked (merge request)
- Autofocus link URL when editing link (merge request)
- Add geo_sites API endpoint (merge request) GitLab Enterprise Edition
- Add PA configuration to project level settings (merge request)
- Add
ref_path
to CI job JWTs (merge request) - Allow uploading more image types (merge request)
- Add maximum length validation for ci_builds columns (merge request)
- Add cost tracking to OpenAi::Client (merge request) GitLab Enterprise Edition
- Create partitioned table for VSD counts (merge request)
- Feature Flag: Add FF for Rust metrics marshaling (merge request)
- Add registry table to track replication and verification state (merge request)
- Add column visibility_pipeline_id (merge request)
- Enable feedback deprecation by default (merge request)
- Improve the performance of the "vulnerability report" page (merge request) GitLab Enterprise Edition
- Add maintenance mode to registration features (merge request) GitLab Enterprise Edition
- Adds link to settings on container registry image list page (merge request)
- Add first assigned to Issue and MR events to VSA (merge request) GitLab Enterprise Edition
- Add the tanuki_bot migration/model (merge request) GitLab Enterprise Edition
- Enable mr widget V2 by default (merge request)
- Improve error messages by @TrueKalix (merge request)
- Enable use_merge_base_for_security_widget by default (merge request)
- Add support for TOFA AI API (merge request)
- Add private endpoint to show github import errors (merge request)
- Track spam scores for users (merge request)
- Add ci_max_includes to application settings (merge request)
- Add tooltips to Value Stream Dashboard sparkline charts (merge request) GitLab Enterprise Edition
- Add jobs count admin jobs vue by @TrueKalix (merge request)
- Add geo sites fixtures schemas (merge request) GitLab Enterprise Edition
- Add Tanuki Bot backend service and API (merge request) GitLab Enterprise Edition
- Add artifacts management page (merge request)
- Show services on Environments index page (merge request)
- Add
ciPipelineStage
toQueryType
(merge request) - Add the tanuki_bot migration/model (merge request) GitLab Enterprise Edition
- Introduce "update filters" popover after assigning framework (merge request) GitLab Enterprise Edition
- Enable dismissal_reason feature flag by default (merge request) GitLab Enterprise Edition
- Report abuse to admin for WI notes (merge request)
- Enable Fetching upstream to the fork (merge request)
- Add ability to add/remove compliance framework from single item (merge request) GitLab Enterprise Edition
- Add backend for setWorkItemMetadata (merge request)
- Add display_color to epic_boards (merge request)
- Add ability to disable social feature (following) (merge request)
- Add job filter admin jobs vue by @TrueKalix (merge request)
- Add user feedback (merge request) GitLab Enterprise Edition
- Add intersection observer admin jobs vue by @TrueKalix (merge request)
- Add audit event schema definitions (merge request) GitLab Enterprise Edition
- Set minimum role for importing projects to Maintainer (merge request)
- feat: New REST api endpoint to fetch CI_JOB_TOKEN access settings by @gerardo-navarro (merge request)
- Store MR and issue assignment events (merge request)
- Index for namespaces by root namespace lookup (merge request)
- Add skeleton loader to admin jobs vue by @TrueKalix (merge request)
- Show work item id in breadcrumb (merge request)
- Admins can edit arkose_risk_band (merge request) GitLab Enterprise Edition
- Introduce circuit breaker for OpenAI client (merge request)
- Switch status tabs by @TrueKalix (merge request)
- Promote Key Result to Objective (merge request)
- Add Environments::Stop mutation (merge request)
- Add branch filtering for compliance violations report (merge request) GitLab Enterprise Edition
- Add Sidekiq execution SLI as apdex (merge request)
- Add API to toggle pass_user_identities_to_ci_jwt by @joe-snyder (merge request)
- Add sync index security_scans_on_pipeline_id_and_scan_type (merge request)
- Adds request forwarding warning to package details modal (merge request)
- Adds confirmation prompt to container image repository delete modal (merge request)
- Prepare todos for bigint migration (merge request)
- Change fetch policy for work item detail (merge request)
- Populate missing dismissal info (merge request)
Fixed (163 changes)
- Add top margin to admin email alert (merge request) GitLab Enterprise Edition
- Update by_parent filter in EpicsFinder (merge request) GitLab Enterprise Edition
- View projects pending deletion from subgroup (merge request) GitLab Enterprise Edition
- Fixes roadmap timeline bar alignment (merge request) GitLab Enterprise Edition
- Fix no_proxy not working when DNS rebinding protection enabled (merge request)
- Handle String response in ResponseLogger (merge request)
- Fix case sensitive GraphQL username argument (merge request)
- Fix bridge status not inheriting canceled (merge request)
- Fixed how series render and legend in VSA Overview "Total time" chart (merge request) GitLab Enterprise Edition
- Updating PipelineJobResolver for type filter (merge request)
- Make new jira_auth_type Jira API argument optional (merge request)
- Fix pending status when SecureFlag has no content (merge request) GitLab Enterprise Edition
- Fix auditing of merged merge request when metrics are nil (merge request) GitLab Enterprise Edition
- Skip to main content interactive when super sidebar is inert (merge request)
- Remove extra top padding on collapsible discussion (merge request)
- Fix the query when migration add_suffix_project_in_wiki_rid not finished (merge request) GitLab Enterprise Edition
- Fix event location detection for the branch list (merge request)
- Add a boolean field hidden in the MergeRequest ES mapping (merge request) GitLab Enterprise Edition
- Removing Ci:Bridge jobs from ProjectJob#show (merge request)
- Replace stable Terraform CI templates with latest templates (merge request)
- Status checks widget: Remove double bottom border (merge request)
- Fix border on description box (merge request)
- Fix syntax highlighting on Wiki Diff pages (merge request)
- Update GraphQl spec to include SHARED_INTO_ANCESTORS (merge request)
- Fix height calculations with roadmap to prevent extra scrollers (merge request) GitLab Enterprise Edition
- Fix comments template dropdown being hidden (merge request)
- Include shared from groups members in the projects members (merge request)
- Fix container scanning via group level policy (merge request)
- Append bubble menus to body (merge request)
- Fix MR activity filtering (merge request)
- Do not autofocus the description field (merge request)
- Remove epic date fields authorization (merge request) GitLab Enterprise Edition
- Namespace the Gitlab constant to avoid NameError (merge request)
- Fixes missing background in tasks (merge request)
- Alter installation_creation_date metric logic (merge request)
- Move feature-flag to outside pipelined block (merge request)
- Return the error when failed to register runner (merge request)
- Fix avatar when commit email is an empty string (merge request)
- Allow merge when rules are invalid for security policy project (merge request) GitLab Enterprise Edition
- Fix redirect for work items notes for diffPath and deletePath (merge request)
- Lock tables before dropping the LFK trigger (merge request)
- Update new navigation nav item badge positon and hover styles (merge request)
- Do not limit batch_size in migration (merge request) GitLab Enterprise Edition
- Clicking task item doesn’t when using “1)” (merge request)
- Prevent logged in user from blocking themselves in abuse reports (merge request)
- Fix incorrect handler location for list of branches (merge request)
- Show detected licenses with their URLs (merge request) GitLab Enterprise Edition
- Fix active state overlay in content editor (merge request)
- Add missing license check for project approval rules endpoints (merge request) GitLab Enterprise Edition
- Fixes Content-Type for Service Desk emails with attachments (merge request)
- Fix DORA deployment frequency calculation (merge request) GitLab Enterprise Edition
- Resolve "Immediately preview when editing a broadcast message" (merge request)
- Fix group blobs search permission when migration is not complete (merge request) GitLab Enterprise Edition
- Fix arguments in container replication event (merge request) GitLab Enterprise Edition
- Fixes NoMethod when tags are empty (merge request)
- Fixing a misspelling of "absence" (merge request)
- Fixed issue description editor keeping autosaved data after save by @zillemarco (merge request)
- Do not show issuable email address when FF is on (merge request)
- SSO enforcement shouldn't require SSO for non-members and public groups (merge request) GitLab Enterprise Edition
- Fallback to highlighting HAML with Rouge (merge request)
- Hide Add button in issue if user has Guest role (merge request)
- Fix TypeError exceptions in UpdateMergeRequestWorker (merge request)
- Fixes shortcut not working without focus (merge request)
- Fixes rich text editor not wrapping on mobile (merge request)
- Fix loading Web IDE Beta outside gitlab_url (merge request)
- Follow k6's rename of ex/sample folder (merge request)
- Fixes registry search alignment (merge request)
- Fix tab count admin jobs vue by @TrueKalix (merge request)
- Enable "inherit_approval_rules_on_creation" feature flag (merge request)
- SSO enforcement should respect Admin Mode for groups access (merge request) GitLab Enterprise Edition
- Remove counter_attribute_db_lease_for_update FF (merge request)
- Fix empty attachments 500 error in NPM package PUT request (merge request)
- Fix conan search to not find instance-wide packages on project-level (merge request)
- Fix Stop Environment Diaglog shows wrong text (merge request)
- Use trueup_period_seat_count for true-up check (merge request) GitLab Enterprise Edition
- Make sure
/api/v4/geo_nodes/current/failures
works with the unified URL (merge request) - Inject apollo for pipelines table (merge request)
- Checks loaded visualisation for tree traversal (merge request) GitLab Enterprise Edition
- Cleanup leftovers in packages_dependencies table (merge request)
- Globally enable ff filter_vulnerability_findings_dismissed_on_default (merge request) GitLab Enterprise Edition
- Fix root_ancestor undefined method error (merge request) GitLab Enterprise Edition
- Fix custom template import permission (merge request)
- Set static page size for fetching notes (merge request)
- Put actual default branch in readme on project creation (merge request)
- Change API endpoint used when inviting a group to a project (merge request)
- Fix N+1 issue for GraphQL VulnerabilityType (merge request) GitLab Enterprise Edition
- Enable remove_scan_result_policy_transaction by default (merge request) GitLab Enterprise Edition
- Search without project namespaces (merge request)
- View projects pending deletion from subgroup (merge request) GitLab Enterprise Edition
- Crop long texts in the MR Security Reports widget (merge request) GitLab Enterprise Edition
- Fix: display correct duration for pipeline >24 hour runtime by @endera_ (merge request)
- Use fallback when avatar fails to load (merge request)
- Fix vue3 spec violation in environments_folder_view_spec.js (merge request)
- Update chat prompt to move references to the end (merge request) GitLab Enterprise Edition
- Fix installation activation bug (merge request) GitLab Enterprise Edition
- Fix for the rebase merge request state being shown incorrectly (merge request)
- Prevent errors when focusing platform button (merge request)
- Do not touch last_downloaded_at when on a geo secondary (merge request) GitLab Enterprise Edition
- Make it possible to run Puma v6 (merge request)
- Fix signing-up page renders by @lyb124553153 (merge request)
- Fix extra social dot divider (merge request)
- Make propmpt_location dynamic, fix spacing in chat (merge request)
- Allow individual pages to set super sidebar open on page load (merge request)
- Fix member source determination in group members report (merge request) GitLab Enterprise Edition
- Fix Merge request tabs page bundle loading (merge request)
- Fixes random questions being answered by Tanuki Bot (merge request) GitLab Enterprise Edition
- Fix vue3 spec violations for tree_content_spec.js (merge request)
- Fix sidekiq_remove_jobs not to run in transaction (merge request)
- Reject invalid repository archive request formats (merge request)
- Update groups header (merge request)
- Remove global audit events stream page refreshes on edits (merge request) GitLab Enterprise Edition
- Fix compliance framework creation error on GitLab premium plans (merge request) GitLab Enterprise Edition
- Fix expanded avatars list display in the MR widget (merge request)
- Work item tree tooltip fix (merge request)
- User profile fix bg for fixed with layout (merge request)
- Fix cadence description box width (merge request) GitLab Enterprise Edition
- Fix search cron worker when indexing is disabled (merge request) GitLab Enterprise Edition
- Fix invite project members modal closing on error (merge request)
- Vertically align epic colors in dropdown (merge request)
- Create unique digests for email verification tokens (merge request)
- Fix encoding error for commits endpoint (merge request)
- Fix data in import_sources column of application_settings (merge request)
- Fix burnup chart line going backwards (merge request) GitLab Enterprise Edition
- Spread sidekiq jobs on reschedule during github import (merge request)
- Remove transaction in ProcessScanResultPolicyWorker (merge request) GitLab Enterprise Edition
- Fail transfer only with namespaced npm packages (merge request)
- Removes hardcoded path to svg (merge request)
- Fix use of the bootstrap form group with label (merge request)
- Bugfix invite members modal (merge request)
- Putting CI/CD settings behind appropriate permission levels (merge request)
- Fix Web IDE Beta icons not loading in Safari by @gitlab-dependency-update-bot (merge request)
- Provide a single line of vulnerable code (merge request) GitLab Enterprise Edition
- Improve Vale's ElementDescriptors rule to catch previous false negatives by @JonstonChan (merge request)
- Fix GraphQL timelog Int overflow bug (merge request)
- Fix bug in UpdateApprovalsService when target pipeline is empty (merge request) GitLab Enterprise Edition
- Fix broken mermaid markdown rendering of milestone detail views by @gerardo-navarro (merge request)
- Use consistent orange color for low severity (merge request)
- Get rid of infinite work item calls in work item modal (merge request)
- Improve Vale's CIConfigFile rule to catch previous false negatives by @JonstonChan (merge request)
- Do not block project overview when wiki repository fails (merge request)
- Remove
operations_access_level
REST API field (merge request) - Fix error when scan result policy is missing actions or rules (merge request) GitLab Enterprise Edition
- Fix layout of mr widget checkboxes (merge request)
- Scroll to job line from hash (merge request)
- Fix work item children order by relative position (merge request)
- Revert "Merge branch 'revert-allow-dots-ff' into 'master'" (merge request)
- Fix assignee avatars alignment on issues list (merge request)
- Renders indexes for Jupyter Notebooks (merge request)
- Set retry limit 2 for Zoekt::IndexerWorker (merge request) GitLab Enterprise Edition
- Don't index empty or missing repositories in Zoekt::IndexerWorker (merge request) GitLab Enterprise Edition
- Add max-width and min-width to the chat component (merge request) GitLab Enterprise Edition
- Exclude any_approver rule from being marked as invalid (merge request) GitLab Enterprise Edition
- Do not require email verification for oAuth users (merge request)
- Include forks in github repository list (merge request)
- Fix docs (merge request)
- Hide
New project
button if visibility is restricted (merge request) - Ensure wiki errors are bubbled up to its form (merge request)
- Add correct widget list styles to MR dependencies (merge request)
- Fix namespace async index creation (merge request)
- Fix groups appearing for project create/import (merge request)
- Fix comments rendering in content editor (merge request)
- Fix Ci::CommitWithPipeline batch loader key (merge request)
- Do not use snapshots on single database instances (merge request)
Changed (250 changes)
- Merge request sticky header height and border bottom (merge request)
- Add default organization (merge request)
- Update external status check url visiblity (merge request) GitLab Enterprise Edition
- Upgrade DAST to version 4 (merge request) GitLab Enterprise Edition
- Added reveal/hide password input to login page (merge request)
- Enables the auto_merge_labels_mr_widget feature flag (merge request)
- Refactors ml_candidate_show (merge request)
- Move collaborators import to Advanced import setting (merge request)
- Update POST
approvals
endpoint (merge request) GitLab Enterprise Edition - Update package license json schema (merge request) GitLab Enterprise Edition
- Remove namespace storage limit dates (merge request) GitLab Enterprise Edition
- Add worker behind a feature flag to check missing repositories (merge request)
- Disable Compliance pipeline field for Premium licenses (merge request) GitLab Enterprise Edition
- Update expires_at column value to 365 days from now when its nil (merge request)
- Move code suggestions beta feature to free (merge request) GitLab Enterprise Edition
- Add password complexity to registration features (merge request)
- Update environments empty state by @catinbag (merge request)
- Update new entity pages crumbs by @catinbag (merge request)
- Add description_diffs to Registration Features (merge request)
- Expose link to runner if admin (merge request)
- Stores job exceptions into sampling artifacts (merge request)
- Two column format in sign in/up page (merge request)
- Move external issue trackers and wikis from Uncategorized to Plan (merge request)
- Remove formatting bubble menu (merge request)
- Add a warning about a db requirement (merge request)
- Gitlab Chat guarded by AI toggle (merge request) GitLab Enterprise Edition
- Designs: add widget styles (merge request)
- Extend dependencies finder to group level (merge request) GitLab Enterprise Edition
- Set PostgreSQL 13 as the minimum supported version (merge request)
- Lower ProcessSyncEventsWorker dedupe TTL to 1 minute (merge request)
- Return
HTTP 410 Gone
status code fromPOST /runners
endpoint (merge request) - Upgrade to doorkeeper-openid_connect v1.8.6 (merge request)
- Disable invalid_scan_result_policy_prevents_merge by default (merge request) GitLab Enterprise Edition
- Remove "merged" icon for merge train in activity (merge request)
- Add feature flag and show new tab (merge request) GitLab Enterprise Edition
- Rename
widgets
to panels to align with pajamas guidelines (merge request) GitLab Enterprise Edition - Add admin access option to protected branches and tags (merge request)
- Adds backfill migration for secure file metadata fix (merge request)
- Updates keep rules text for container cleanup policies (merge request)
- Remove stickyness from Diff Stats Header (merge request)
- Update Scan Result Policy documentation (merge request)
- Remove broadcast messages for sign in/sign up flows (merge request) GitLab Enterprise Edition
- Change cancel running button (merge request)
- Refactor group level runner registration setting by @markus.ferrell (merge request)
- Reschedule evidences migration from raw_metadata (merge request) GitLab Enterprise Edition
- Use correct migration finalisation method (merge request)
- Add Admin Mode to new navigation (merge request) GitLab Enterprise Edition
- Improve file upload experience in content editor (merge request)
- Removed autofocus from fields throughout the registration flow (merge request) GitLab Enterprise Edition
- Disable rule mode when vulnerability_states are invalid (merge request) GitLab Enterprise Edition
- UI polish: Spacing in runner list (merge request)
- Cleanup disallow_environment_name_update feature flag (merge request)
- Clarify iteration rollover depends on timezone (merge request) GitLab Enterprise Edition
- Remove user legacy Web IDE toggle (merge request)
- Schedule database index on members (merge request)
- Ignore temp schema objects (merge request)
- Notify KAS on git push events (merge request)
- Refactor compliance framework create/edit to modals (merge request) GitLab Enterprise Edition
- Upgrade to Gemnasium v4 (merge request) GitLab Enterprise Edition
- Disable importers by default in new self-manages instances (merge request)
- Add tooltips to jobs table actions (merge request)
- Add extra instructions for self-managed setup (merge request)
- Enable New Environment Details Page (merge request)
- Update layout of admin labels page (merge request)
- Fixes incorrect expiration date in secure files metadata (merge request)
- Add metrics to GCP banner by @asadath1395 (merge request)
- Add filter by package_name for dependencies (merge request) GitLab Enterprise Edition
- Updated hide/reveal password input to be reuseable (merge request)
- Unlink achievement visibility from namespace visibility by @Taucher2003 (merge request)
- Hide banner when subscription is already on cloud licensing (merge request) GitLab Enterprise Edition
- Removed autofocus on fields throughout the registration flow (merge request) GitLab Enterprise Edition
- Update status and policy drawer tab titles (merge request) GitLab Enterprise Edition
- Reorganize Analytics tab in general settings (merge request) GitLab Enterprise Edition
- Migrate all daily aggregated RedisHLL events to weekly (merge request)
- Adapt status filtering to support new values (merge request) GitLab Enterprise Edition
- Enable mirror only branches match regex feature flag by default by @lyb124553153 (merge request) GitLab Enterprise Edition
- Increment the major version of DAST API and API Fuzzing (merge request) GitLab Enterprise Edition
- Clarify message about no analytics data to show (merge request)
- Rescue errors when dropping pg_stat_statements view (merge request)
- Support deduplicated package licenses (merge request) GitLab Enterprise Edition
- Mark environment URLs as unsafe (merge request)
- Fix runtime check for Puma v6 (merge request)
- Allow just one parallel job by @mcfedr (merge request)
- Remove IncubationAlert from ml_experiments_show (merge request)
- Update Settings/Pages layout by @catinbag (merge request)
- Remove Incubation Alert from ml_experiments_index (merge request)
- Delayed deletion, enabled by default (merge request)
- Removes Incubation alert from ml_candidate_show (merge request)
- Cleanup environment_search_api_min_chars feature flag (merge request)
- Updates mermaid to 10.0.2 (merge request)
- Mark
project_fingerprint
as experiment (merge request) GitLab Enterprise Edition - Enable restrict_merge_status_recheck feature flag (merge request)
- Remove feature flag ci_builds_columns_size_validation (merge request)
- Used GlBroadcastMessage for table preview by @catinbag (merge request)
- Default to two database connections for source install (merge request)
- Remove sub-nav transition animation in new sidebar (merge request)
- Update tags list (merge request)
- Remove draft_quick_action_non_toggle feature flag (merge request)
- Remove Blame page streaming feature flag (merge request)
- Enable password check on registration trial page (merge request)
- Upgrade
kas-grpc
gem to0.1.0
(merge request) - Linear groups finder queries (merge request)
- Update gitlab pages (merge request)
- Disable automatic Todo creation for approvers (merge request) GitLab Enterprise Edition
- Update commits list UI (merge request)
- Ensure all CI config loading uses correct loader (merge request)
- New layout for editors (merge request)
- Note actions: Dropdown migration to use Disclousre dropdown (merge request)
- Fix inconsistencies in new file form (merge request)
- Add empty state for jobs tab in runner details (merge request)
- Preselect trial on namespace if started inside namespace (merge request) GitLab Enterprise Edition
- Capture GRPC::ResourceExhausted error (merge request)
- Extract subscriptions comparison url to saas.rb by @orozot (merge request) GitLab Enterprise Edition
- Make operators prop required for NumberRangeSelect (merge request) GitLab Enterprise Edition
- Record first_contribution for all contributors (merge request)
- Add empty state for jobs tab in runner details by @glauciellesa (merge request)
- Enable invalid_scan_result_policy_prevents_merge by default (merge request) GitLab Enterprise Edition
- Add issue description to thank you email in SD (merge request)
- Branches list: move delete branches button into dropdown (merge request)
- Disallow negative integers for vulnerabilities_allowed (merge request) GitLab Enterprise Edition
- Disable rule mode when vulnerabilities_allowed is invalid (merge request) GitLab Enterprise Edition
- Initialize the migration to convert pk for ci_pipeline_variables (merge request)
- Set jira_dvcs_end_of_life_amnesty to default false (merge request)
- Confirm before disabling group shared runners (merge request)
- Update snippet form (merge request)
- Displays latest pipeline on package list page (merge request)
- Streamline notification style for deleting release by @catinbag (merge request)
- Restyle integrated error details info (merge request)
- Branches list: Improve list styling (merge request)
- Add backend for exporting compliance frameworks (merge request) GitLab Enterprise Edition
- Removed DORA metrics tiles from VSA Overview page (merge request)
- Add screen reader title to broadcast message (merge request)
- Reaction: Remove toast (merge request)
- Show alert when shared runners setting is disabled (merge request)
- Add first_contribution field to MR metrics (merge request)
- Remove route_hll_to_snowplow_phase3 FF (merge request)
- Add advisories to package metadata (merge request) GitLab Enterprise Edition
- Hides users from protected branch setting dropdown (merge request) GitLab Enterprise Edition
- Use native number input for weight on "New issue" form (merge request) GitLab Enterprise Edition
- Success alert when runner is assigned to project (merge request)
- Bump major version of secrets (merge request)
- Renamed View Merged YAML to Full configuration by @catinbag (merge request)
- Update dependency auto-deploy-image to v2.48.2 (merge request)
- Update edit issuables button to bulk edit (merge request)
- Avoid redundant job refetching by @TrueKalix (merge request)
- Disable Role-based Approvals for Guests/Reporters (merge request) GitLab Enterprise Edition
- Change color function to check for relative luminance (merge request)
- Initialize the migration to convert pk to bigint for ci_pipelines (merge request)
- Add info popover to status checks (merge request) GitLab Enterprise Edition
- Swap system_note_metadata.note_id to bigint (merge request)
- Add allowed vulnerabilities number information to policy drawer (merge request) GitLab Enterprise Edition
- Update prometheus-client-mmap to v0.23.0 (merge request)
- Update sast analyzer major versions (merge request)
- Use new priority label illustration in empty state (merge request)
- Release reading fingerprints from UploadedFile instance in maven upload (merge request)
- Remove package icon from package row by @catinbag (merge request)
- This MR adds preserving state of selected filters (merge request) GitLab Enterprise Edition
- Splits mlflow.rb into multiple files (merge request)
- Remove admin override for ProtectedRef Access (merge request)
- Remove unnecessary attributes for filters in vulnerability_filters.vue (merge request) GitLab Enterprise Edition
- Update stackprof to v0.0.25 (merge request)
- Remove strict_ip_enforcement feature flag for universal enablement (merge request)
- Update labels page design (merge request)
- Fetch traces only when on tab (merge request)
- Add a note to about Azure Database for PostgreSQL Flexible Server (merge request)
- Enable GraphQL subscription load balancing (merge request)
- Retain selection in content editor on blur (merge request)
- Change warning text when adding a related issue as a Guest by @LXY1226 (merge request)
- Add sorting for the dependencies_resolver (merge request) GitLab Enterprise Edition
- Never show security configuration upgrade banner in CE (merge request)
- Select range for allowed vulnerabilities using dropdown (merge request) GitLab Enterprise Edition
- Pass namespace in the params (merge request) GitLab Enterprise Edition
- Add rake task to maintain Geo SSF metric schema (merge request) GitLab Enterprise Edition
- Restrict cleanup migrations only for GitLab.com (merge request)
- Remove group_analytics_dashboards_page feature flag (merge request)
- Add buttons to access docs and copy Terraform init command by @glauciellesa (merge request)
- Upgrade Container Scanning analyzer to version 6 (merge request) GitLab Enterprise Edition
- Combine import, export, and subscribe options into dropdown (merge request)
- Cleanup legacy_merge_request_state_check_for_merged_pipelines flag (merge request)
- Update cluster management project template to latest revision (merge request)
- Remove redundant alert message for CI/CD variables setting (merge request)
- Add support for separate wiki index (merge request) GitLab Enterprise Edition
- Update docs and Rake task to require Redis 6 (merge request)
- Sign ansi2json state by default (merge request)
- Update user admin header (merge request)
- Hide borders when entering admin mode - 2 (merge request)
- Group import/export requirements button into dropdown (merge request)
- Improve TeleSign logging (merge request) GitLab Enterprise Edition
- Support custom format in getTimeago (merge request)
- Make name in ScanExecutionPolicyCommit mutation mandatory (merge request) GitLab Enterprise Edition
- Move edit compliance form into modal (merge request) GitLab Enterprise Edition
- Remove margin class from related item component (merge request)
- Remove border on merge request sticky header (merge request)
- Remove "hash form" support in alert management router by @ali_o_kan (merge request)
- Implement timeout for the blockquote banzai filter (merge request)
- Remove unused shortcuts (merge request)
- Add runner_id, runner_environment and sha claims to CI JWT V2 (merge request)
- Activity sort filter dropdown migration (merge request)
- Add running Scan Execution Policies for merge_request_event pipelines (merge request)
- This MR adds empty state selector (merge request) GitLab Enterprise Edition
- Unscope i18n strings that are incorrectly scoped in HAML files by @JonstonChan (merge request)
- Improve job fixutre by @TrueKalix (merge request)
- GraphQL: Change runner.projects default sort (merge request)
- Action Cable metrics: add labels to transmit (merge request)
- Add data to Code Quality MR diff json (merge request)
- FOSS VSA spec reflects component dir structure by @catinbag (merge request)
- Rename include:with to include:inputs (merge request)
- Update parsing of *_DISABLED variables (merge request)
- Refactor/Clean up users specs by @TrueKalix (merge request)
- Disallow NO_ACCESS for UnprotectAccessLevel#access_level (merge request) GitLab Enterprise Edition
- Clean up soft_email_confirmation ff (merge request)
- Move edit label action into dropdown (merge request)
- Preinstall prettier for gitpod (merge request)
- Hide borders when entering admin mode (merge request)
- Replaced Feature flag to reduce aggregation schedule lease (merge request)
- Adapt MR widget to support fail-closed approval rules (merge request) GitLab Enterprise Edition
- Update vendored Express project to match project template by @JonstonChan (merge request)
- Improve repo forking layout by @catinbag (merge request)
- Simplify this_desctructuring in components by @catinbag (merge request)
- Set approval rule as invalid if there are not enough approvers (merge request) GitLab Enterprise Edition
- Make new label form pajamas-compliant (merge request)
- Update admin labels page (merge request)
- Update Value Streams Dashboard title and description (merge request) GitLab Enterprise Edition
- Create a utils helper to generate date ranges by @catinbag (merge request) GitLab Enterprise Edition
- Update label styling (merge request)
- Rename 'Terraform menu' to 'Terraform states' (merge request)
- Rate limit API deletion of member (merge request)
- Improve audit streams display (merge request) GitLab Enterprise Edition
- This MR creates new filtering layout (merge request) GitLab Enterprise Edition
- Geo: Reduce exclusive lease log noise (merge request) GitLab Enterprise Edition
- Update issuable list design (merge request)
- This MR migrates Dropdown to RefSelector (merge request)
- Add small animation to "Finish review" button (merge request)
- Move code suggestions feature to Premium (merge request) GitLab Enterprise Edition
- Use merge_base_pipeline for security report comparison MR widget by @jimmy-outschool (merge request) GitLab Enterprise Edition
- Auto-selects labels created in dropdown (merge request)
- Move streaming frontend bundle to separate action (merge request)
- Reschedule migration for (merge request) GitLab Enterprise Edition
- Expose valid_runner_registrars in Application Settings API by @tomsiewert (merge request)
- Always show target url on note email (merge request)
- Use textarea instead of text field for label description (merge request)
- Restyle color chips in label selector (merge request)
- Update issuable lists (merge request)
- Remove futile colon in userfacing Error Message util (merge request)
- Combine RSS and calendar options into dropdown on dashboard issues (merge request)
- Fix right padding on LDAP radio buttons (merge request) GitLab Enterprise Edition
- Adjusts param handling in namespace API (merge request) GitLab Enterprise Edition
- Update openssl gem to v3.1.0 (merge request)
- Update dependency auto-build-image to v1.32.0 (merge request)
- Update dependency auto-deploy-image to v2.48.1 (merge request)
Deprecated (15 changes)
- Add Metrics Dashboard GraphQL API to FF (merge request)
- Move merged_by under pull_request namespace (merge request)
- Announce deprecation of omnibus packaged Grafana (merge request)
- Return an empty
pipelines
in the package REST API payload (merge request) - Deprecate backfill traversal ids to blobs and wiki blobs (merge request) GitLab Enterprise Edition
- Analyzer consolidation for 16.0 (merge request)
- Deprecate obsolete migrations (merge request) GitLab Enterprise Edition
- Move reviews under to pull_request namespace (merge request)
- GraphQL: Rename RunnerMembershipFilter to CiRunnerMembershipFilter (merge request)
- Remove CreateCrossProjectPipelineWorker (merge request)
- Deprecate add hidden to issues migration (merge request) GitLab Enterprise Edition
- GraphQL: Rename CiRunnerUpgradeStatusType to CiRunnerUpgradeStatus (merge request)
- Deprecate CiRunner.projects default sort order value for removal in 17.0 (merge request)
- Deprecate user index migrations (merge request) GitLab Enterprise Edition
- Remove CreateCrossProjectPipelineWorker (merge request)
Removed (73 changes)
- Remove legacy project routes (merge request)
- Remove depricated Monitor Metrics feature (merge request)
- Remove unused ci_triggers.ref column (merge request)
- Geo Sites - Remove Full Details button (merge request) GitLab Enterprise Edition
- Set default PAT expiration to 365 days from now (merge request)
- Remove the
opt_in_jwt
feature (merge request) - Announce removal of Redis localhost ports (merge request)
- Add 16.0 Grafana Helm Chart removal notice (merge request)
- Revert "Merge branch 'suppress-schema-deprecation-warning' into 'master'" (merge request) GitLab Enterprise Edition
- Add 16.0 breaking change removal notice for PG12 (merge request)
- Remove deprecated security schemas (merge request) GitLab Enterprise Edition
- Remove deprecated 'started' state for iteration (merge request)
- Remove DS support for Java 13 to 16 (merge request) GitLab Enterprise Edition
- Remove POST /ci/lint (merge request)
- Remove deprecated environment_tier param (merge request) GitLab Enterprise Edition
- Remove License-Check feature (merge request) GitLab Enterprise Edition
- Remove unused sequence from VSD table (merge request)
- GH-style Jira OAuth endpoints default return 404 (merge request)
- Set ci_remove_legacy_predefined_variables default ON (merge request)
- Remove legacyMode for runner status in graphql (merge request)
- Remove obsolete npm packages tags shared example (merge request)
- Migration remove gitlab as import_source (merge request)
- Remove jira_connect/users page (merge request)
- Remove setting Redis config file path via env (merge request)
- Drop clusters_applications_prometheus table (merge request)
- Remove deprecated gitlab.com importer (merge request)
- Add migration to drop crossplane (merge request)
- Remove SoftwareLicensePolicies without ScanResultPolicy (merge request) GitLab Enterprise Edition
- Remove special Redis fallback URLs (merge request)
- Remove toggle for limiting JWT token access (merge request)
- Drop clusters_applications_jupyter table (merge request)
- Remove setting Redis config file path via env var (merge request)
- Drop clusters_applications_cert_managers table (merge request)
- Remove POST
approvals
endpoint (merge request) GitLab Enterprise Edition - Remove pql_three_cta_test (merge request) GitLab Enterprise Edition
- GH-style Jira DVCS endpoints return 404 by default (merge request)
- GraphQL: Remove CiCdSettingsUpdate (merge request)
- Remove redundant index from container_repositories (merge request)
- Enable frozen outbound job tokens by default (merge request)
- Add changelog item for redis 5 removal (merge request)
- Remove PipelineSecurityReportFinding.name GraphQL field (merge request) GitLab Enterprise Edition
- Remove preload_max_access_levels_for_labels_... FF (merge request)
- Remove the apiFuzzingCiConfigurationCreate GraphQL mutation (merge request) GitLab Enterprise Edition
- Remove revoked agent tokens from API (merge request)
- Remove Redownload button (merge request) GitLab Enterprise Edition
- Remove feature flag for ci_fix_for_runner_cache_prefix (merge request)
- Remove vulnerabilityFindingDismiss GraphQL mutation (merge request) GitLab Enterprise Edition
- Remove
confidence
field fromPipelineSecurityReportFinding
type (merge request) GitLab Enterprise Edition - Drop U2F foreign key from WebauthnRegistrations (merge request)
- Remove legacy Sidekiq Daemon Memory Killer (merge request)
- Remove 'external' field in ReleaseAssetLink type by @missy-davies (merge request)
- Remove external field from Releases and Release Links APIs by @missy-davies (merge request)
- Remove column application_settings clickhouse_connection_string (merge request)
- Remove Bare repository import rake task (merge request)
- Remove the feature flag npm_obtain_lease_to_create_package (merge request)
- Remove refactor_vulnerability_filters feature flag (merge request) GitLab Enterprise Edition
- Remove the legacy Contribution App and feature flag (merge request) GitLab Enterprise Edition
- Stop using file_md5 from debian component files by @sathieu (merge request)
- Revert "Merge branch 'issue_370251_remove_namespace_agg_scheduler_lease' into 'master'" (merge request)
- Migration to remove phabricator (merge request)
- Clean up role_targeted_broadcast_messages (merge request)
- Remove RT issue weight feature flag (merge request)
- Removes the feature flag use_sub_repositories_api (merge request)
- Remove index_security_scans_on_pipeline_id concurrently (merge request)
- Remove phabricator code, docs and metrics (merge request)
- Remove job_age from jobs/request API endpoint (merge request)
- Unset POSTGRES_ENABLED in Auto DevOps template (merge request)
- Removing Pipeline Activity Limit in 16.0 as the feature is deprecated (merge request)
- Cleanup the detect_android_projects (merge request)
- Remove exit_registration_verification feature (merge request)
- Remove temporary index tmp_idx_package_files_on_non_zero_size (merge request)
- Remove GitHub import deprecated workers (merge request)
- Remove gitbook project template (merge request)
Security (10 changes)
- Bump gitaly version (merge request)
- Only maintainers of projects should be able to assign runners to them
- Relay state to check for only allowing sub paths (merge request)
- Update policy to prevent banned members from accessing public projects (merge request)
- Handle invalid URLs in asset proxy (merge request)
- Add specs for external users flag (merge request)
- Commit trailers now only match public user email addresses (merge request)
- Authorize access to vulnerabilitiesCountByDay resolver (merge request)
- Use dummy filename as filename when viewing raw xml files (merge request)
- Prohibit 40 character hex sets at beginning of path-based branch name (merge request)
Performance (11 changes)
- Drop partial_index_deployments_for_project_id_and_tag (merge request)
- Use linear query to refresh the project authorizations (merge request)
- Enable Deployments API error on updated_at filter by default (merge request)
- Remove the ci_enforce_rate_limits_jobs_api feature flag (merge request)
- Set rate limit by default (merge request)
- Add code for the new permutation migration (merge request) GitLab Enterprise Edition
- Fix usage of enqueue_delete_todos (merge request)
- Optimise deployments table by removing an unused index (merge request)
- Allow using db replicas for GraphQL subs (merge request)
- Process limited number of refs in commit (merge request)
- Performance: Preload pipeline in PipelinesController to fix N+1 (merge request)
Other (56 changes)
- Add states and registry table to add SSF support for designs (merge request)
- Rate limits for unauthenticated Projects API use (merge request)
- Synchronously removing merge_request_mentions_temp_index (merge request)
- Add store labels to gitlab_cache_read_multikey_count metric (merge request)
- Update Gitlab Shell version to 14.20.0 (merge request)
- Logs all Exception errors from DB LB service discovery (merge request)
- Revert "Merge branch '388156-read-vuln-custom-role' into 'master'" (merge request)
- Use listbox in image_filter (merge request) GitLab Enterprise Edition
- Remove DropOlderDeploymentsWorker (merge request)
- Prepare async index for system_note_metadata (merge request)
- Remove recursive_approach_for_all_projects feature flag (merge request)
- Remove feature flag sign_and_verify_ansi2json_state (merge request)
- Update PipelineProcessWorker dedup strategy (merge request)
- Add a new worker for wiki indexing (merge request) GitLab Enterprise Edition
- Disable optional runner token encryption for groups and projects (merge request)
- Use clean_gitlab_redis_rate_limiting in search specs to avoid rate limit by @asadath1395 (merge request)
- Remove application_settings_tokens_optional_encryption feature flag (merge request)
- Update restore docs to reflect changes in restore process (merge request)
- Refactored project creation updation events (merge request) GitLab Enterprise Edition
- Add a migration to add prefix project in wiki rid (merge request) GitLab Enterprise Edition
- Record VSD total visits weekly and monthly (merge request) GitLab Enterprise Edition
- Prepare indexes for converting notes.id to bigint (merge request)
- Use invoice preview API to calculate plan pricing for SaaS purchase (merge request) GitLab Enterprise Edition
- Extract token masking code into a separate class by @asadath1395 (merge request)
- Clean up FF remove_job_age_from_jobs_api (merge request)
- Remove use_replica_for_mailers feature flag (merge request)
- Drop cycle analytics unused tables (merge request)
- Make DesignManagement::Repository a container for GitRepository (merge request)
- Update OpenAI::Client cost tracking to include feature category (merge request) GitLab Enterprise Edition
- Remove use_merge_base_for_security_widget feature flag (merge request)
- Refactored audit events for projects (merge request) GitLab Enterprise Edition
- Swap todos.note_id to bigint (merge request)
- Replace legacy variable CI_BUILD_TAG with CI_COMMIT_TAG (merge request)
- Remove 24h time setting (merge request)
- Fix existing incidents issue_type/work_item column out of sync (merge request)
- Add bulk_imports_batched_import_export feature flag (merge request)
- Use database replica for active jobs (merge request)
- Remove jira_connect_oauth FF (merge request)
- Refactored Contribution Analytics Jest test data to GraphQL Fixtures (merge request) GitLab Enterprise Edition
- Add tooltip to feature flag descriptions by @JonstonChan (merge request)
- Delete vue_issues_dashboard feature flag (merge request)
- Modify rubocop to allow revert (merge request)
- Remove dynamic_image_resizing feature flag (merge request)
- Remove ClusterRateLimiting and related feature flags (merge request)
- Fix Style/EmptyElse Cop by @JonstonChan (merge request)
- Adds more info in BBM health status logger (merge request)
- Updating partitioning docs to reflect BBM changes (merge request)
- Backfill design_management_repositories table (merge request) GitLab Enterprise Edition
- Swap award_emoji.awardable_id to bigint (merge request)
- Change Service Desk setting text (merge request)
- Change convert type to work item MVC feature flag (merge request)
- Clean up FF ci_fix_max_includes (merge request)
- Prepare async index creation. Temp issue_type for incidents index (merge request)
- Purges legacy bg migration helpers from partitioning helpers (merge request)
- Add index to group_group_links table (merge request)
- Validate the projects.creator_id foregin key synchronously (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
May 18, 2023, midnight
name
16.0.0
type
Major
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!