GitLab EE - 15.11.0
Security
(2023-04-21)
Added (175 changes)
- Add error logic for admin jobs vue by @TrueKalix (merge request)
- Added migration and models for instance external audit events (merge request) GitLab Enterprise Edition
- Add "explain this vulnerability" feature to vuln details page (merge request) GitLab Enterprise Edition
- Add empty state to admins jobs vue by @TrueKalix (merge request)
- Add support for snowplow PA configurator (merge request)
- GraphQL project fields to get refs tipping at a commit (merge request)
- Add vulnerabilityIssueLinkCreate GraphQL mutation (merge request) GitLab Enterprise Edition
- Add milestone reference to removed milestone note (merge request)
- Add user_identities field to JWTv2 by @joe-snyder (merge request)
- Create GraphQL endpoint for Explain Vulnerability (merge request) GitLab Enterprise Edition
- Automatically index projects in Zoekt when namespace is enabled (merge request) GitLab Enterprise Edition
- Add AwardEmoji widget update (merge request)
- Add runner's creator to runner admin and group (merge request)
- Include Jira issue keys for related MRs (merge request)
- Adds service desk verification result email (merge request)
- Enable pages unique domain feature flag by default (merge request)
- Add "explain this vulnerability" feature to vuln details page (merge request) GitLab Enterprise Edition
- Prepare job artifacts file_final_path column (merge request)
- Add awardEmoji field to merge request graphql type by @Taucher2003 (merge request)
- Event tracking for Debian packages by @sathieu (merge request)
- Show pods on Environment index page (merge request)
- Add table and data to view by @TrueKalix (merge request)
- Add llm_bot for LLM-generated content attribution (merge request)
- Allow pasting raw content in content editor (merge request)
- Add frontend testing guidelines for apollo mock queries/mutations (merge request)
- Add pnpm to Dependency API (merge request) GitLab Enterprise Edition
- Add link to feedback issue (merge request) GitLab Enterprise Edition
- Project specific runner registration control for admins by @markus.ferrell (merge request)
- Adds navigation menu for Model experiments (merge request)
- Enable CI Interpolation feature flag (merge request)
- Add ability to filter compliance violations by target branch (merge request) GitLab Enterprise Edition
- Enable multi-doc YAML parsing by default (merge request)
- Add index for namespaces by root namespace lookup (merge request)
- Add issue/merge_request_assignment_events tables (merge request)
- Add PNPM support (merge request)
- Adds package forwarding warning to delete modal (merge request)
- Add /admin/search/zoekt APIs for controlling Zoekt rollout (merge request) GitLab Enterprise Edition
- Record work item linking events (merge request)
- Adds new MergeRequests::Llm::SummarizeMergeRequestService (merge request) GitLab Enterprise Edition
- Add worker to sync approval rules from security_findings (merge request) GitLab Enterprise Edition
- Expose unified approvals via GraphQL (merge request) GitLab Enterprise Edition
- Add abuse_trust_scores table (merge request)
- Allow project migrations in GitLab Direct Transfer (merge request)
- Add admin setting to sync license db (merge request)
- Add REST endpoint to create runner associated to a user (merge request)
- Groups - Remove show_group_readme FF (merge request)
- Notification widget for work items (merge request) GitLab Enterprise Edition
- Download candidate data as csv (merge request)
- Add missing approval rule settings to group project templates (merge request)
- Backfill the missing wiki permissions in the main index (merge request) GitLab Enterprise Edition
- Add UI to summarize notes (merge request) GitLab Enterprise Edition
- Update runner manager records when runner managers poll for jobs (merge request)
- Enable creation of runner manager records for active runner managers (merge request)
- Prepare system_note_metadata for bigint migration (merge request)
- Expose GitLab Maintenance Mode to internal metrics (merge request)
- Change order for issue_user_mentions PK swap (merge request)
- Adds new MergeRequests::Llm::SummarizeMergeRequestService (merge request) GitLab Enterprise Edition
- Add Silent mode application setting (merge request)
- Added the AiGenie component (merge request) GitLab Enterprise Edition
- Adds new MergeRequests::Llm::SummarizeMergeRequestService (merge request) GitLab Enterprise Edition
- Swap issue_user_mentions.note_id to bigint (merge request)
- Implement GraphQL mutation/subscription for AI (merge request) GitLab Enterprise Edition
- Roll out Import remote file from AWS S3 (merge request)
- Allow users to delete experiments (merge request)
- Feat(Subscription Purchase): error_attribute_map (merge request) GitLab Enterprise Edition
- Track npm dist tags routes via snowplow (merge request)
- Add User Identities toggle to User Preferences by @joe-snyder (merge request)
- Add AwardEmoji widget to work items (merge request)
- Add audit event for code suggestions (merge request) GitLab Enterprise Edition
- Instrument database mode in service ping report (merge request)
- Work item comment reply changes (merge request)
- Add shared examples to ci, issues und pages tests by @TrueKalix (merge request)
- Add code suggestions UI (merge request) GitLab Enterprise Edition
- Add reveal-conceal password option (merge request) GitLab Enterprise Edition
- Add create mr button (merge request)
- Add service for syncing approval rules from security_findings (merge request) GitLab Enterprise Edition
- Adds service desk custom email verification email (merge request)
- Add audit event schema definitions (merge request) GitLab Enterprise Edition
- feat: Bump Code-Quality image to 0.94.0 (merge request)
- Send e-mail when achievements are awarded (merge request)
- Audit unban action (merge request) GitLab Enterprise Edition
- Add support for project wiki repositories in the Geo SSF (merge request) GitLab Enterprise Edition
- Add ability to cycle around with keyboard in the header search (merge request)
- Allows for fetching candidate data as csv (merge request)
- Add link to branch rules from codeowners block (merge request)
- Enable Web IDE Beta by default (merge request)
- Create ResourceLinkEvent model and table (merge request)
- Add parent_oid and is_valid to postgres_foreign_keys (merge request)
- Add global time tracking report by @zillemarco (merge request)
- Add API endpoint for retrieving limit exclusions (merge request) GitLab Enterprise Edition
- Adds mutation to create a catalog resource (merge request)
- Added the FE support to Experimental API (merge request) GitLab Enterprise Edition
- Add API for deleting limit exclusion records (merge request) GitLab Enterprise Edition
- Add project group link delete cascade fk (merge request)
- Add API for creating limit exclusions (merge request) GitLab Enterprise Edition
- Include Jira issue keys for related MRs (merge request)
- Adds adjacentWorkItemId and relativePosition fields to Work Item Update by @pkor-ext (merge request)
- Show which CI job currently uses the resource group (merge request)
- Check if user has exceeded git rate limits before forking project (merge request) GitLab Enterprise Edition
- Add CurrentUserTodos widget to add and mark todos (merge request)
- Adds Projects::Ml::CandidatesController.detroy (merge request)
- Expose server SSH host and port in predefined CI variables by @nejc (merge request)
- Exclude namespace-banned users from being counted as billable members (merge request) GitLab Enterprise Edition
- Add a "root_directory" to the pages deployment (merge request)
- Prepare issue_user_mentions for bigint migration (merge request)
- Add audit events schema definition (merge request) GitLab Enterprise Edition
- Remove flag: multiple environment approval rules (merge request)
- Display how far a fork is behind/ahead of its upstream by default (merge request)
- Add forks storage size columns to root storage statistics table (merge request)
- Adds link to settings from package registry list page (merge request)
- Show promotional blurb when applicable (merge request) GitLab Enterprise Edition
- Assign/Unassign WI note to commentator (merge request)
- Make menu items in new navigation sidebar pinnable (merge request)
- Add secret detection in Issue description (merge request)
- Enable parallel execution for batched migrations (merge request)
- Add batched migrations parallel limit setting (merge request)
- Add filtering to compliance framework report (merge request) GitLab Enterprise Edition
- Add user toggle for achievements (merge request)
- Add audit event schema definitions (merge request) GitLab Enterprise Edition
- Add achievement update GraphQL mutation (merge request)
- Introduce a model for npm metadata (merge request)
- Add CurrentUserTodos widget (merge request)
- Cleanup Debian incoming files daily by @sathieu
- Rolls out incident_event_tags feature
- Add sync index vulnerability_finding_signatures_on_signature_sha
- Enable Value Stream Dashboard FF (merge request) GitLab Enterprise Edition
- Rolls out incident_event_tags feature (merge request)
- Initialize conversion of events.target_id (merge request)
- Add workItemConvert mutation (merge request)
- Audit ban action (merge request) GitLab Enterprise Edition
- Cleanup Debian incoming files daily by @sathieu (merge request)
- Add a "publish" instruction to the pages job (merge request)
- Pause batched migration when patroni apdex drop below SLO (merge request)
- Make frequent projects/groups list editable (merge request)
- Expose Agent ID in agent view page (merge request)
- Implement bulk applying compliance framework (merge request) GitLab Enterprise Edition
- Add plan limits of access tokens (merge request)
- Add screenshot field to report abuse form (merge request)
- Prepare async index security_scans_on_pipeline_id_and_scan_type (merge request)
- Add audit event schema definitions (merge request) GitLab Enterprise Edition
- Update group-level branch selector to a dropdown (merge request) GitLab Enterprise Edition
- Release CODEOWNERS default owners (merge request)
- Adds UI sorting by total storage size column (merge request) GitLab Enterprise Edition
- Removes ci_recreate_downstream_pipeline feature flag (merge request)
- Adds internal_id and project_id to Ml::Candidate (merge request)
- Initialize conversion of awardable_id to bigint (merge request)
- Add sync index vulnerability_finding_signatures_on_signature_sha (merge request)
- Add rails endpoint for work item import (merge request)
- Add DoraPerformanceScore model (merge request)
- Validate ci_builds partitioning constraint (merge request)
- User unblock audit event (merge request) GitLab Enterprise Edition
- Add secret detection for replies (merge request)
- Add
approved
filter to merge requests api by @Taucher2003 (merge request) - Index vulnerability findings on uuid including vuln id (merge request)
- Support quick actions for new work item comments (merge request)
- Prepare note_diff_files for bigint migration (merge request)
- Added support for CODEOWNERS syntax highlighting (merge request)
- Add updated_after and updated_before to projects REST API (merge request)
- Add role_approvers to scan result policy (merge request) GitLab Enterprise Edition
- Add index to package files on package_id and created_at DESC (merge request)
- Add a table for design repo and a class for the corresponding git repo (merge request)
- Finalize issues iids scoping to namespace_id (merge request)
- Allow WIT changes and fix issue types changes (merge request)
- Perform asynchronous index creation (merge request)
- Add role_approvers to graphql response (merge request) GitLab Enterprise Edition
- Warn users about tokens in the comments (merge request)
- Log slowest HTTP requests (merge request)
- Enable Slack slash command to declare incidents (merge request)
- Add bulk publish endpoint to Draft Notes API (merge request)
- Adds check for release service (merge request)
- Add delete achievement mutation and service (merge request)
- Add tracking to language filter component (merge request)
- Clean-up feature-flag git_abuse_rate_limit_feature_flag & keep code (merge request)
- Update issue epic links in real-time (merge request) GitLab Enterprise Edition
- Set email confirmation setting from ff (merge request)
Fixed (197 changes)
- GraphQL: Fix sort order of CiRunner.projects (merge request)
- Use proxied_site for geo proxied clone urls (merge request) GitLab Enterprise Edition
- Add migration to re-sync scan result policies for namepsaces (merge request) GitLab Enterprise Edition
- Fix "Something went wrong. Please try again" error after merging (merge request)
- Update gitlab-net-dns to v0.9.2 (merge request)
- Fix Todo Dashboard SAML reauth for projects in user namespaces (merge request) GitLab Enterprise Edition
- Fix divergence counts for tags and commits (merge request)
- Fix subscribe to label dropdown (merge request)
- Allow to select project value stream using URL parameter (merge request) GitLab Enterprise Edition
- Change copy for conflicts modal (merge request)
- Remove max width restriction from state loader (merge request)
- Fix for notification toggle not working on modal (merge request)
- Remove
allow_dots_on_tf_state_names
FF (merge request) - Place dependency proxy skeleton loader underneath the images list header by @glauciellesa (merge request)
- Fix User missing attribute error during audit (merge request) GitLab Enterprise Edition
- Fallback to start commit when merge base is missing (merge request)
- Fix merge request Jira sync problems due to branch (merge request)
- Fixed explain code button background color (merge request) GitLab Enterprise Edition
- Skip DNS rebinding checks if HTTP_PROXY present (merge request)
- Change from
path
toto_param
(merge request) - Fix bug in SyncFindingsToApprovalRulesWorker (merge request) GitLab Enterprise Edition
- Show groups from group shares in fork targets (merge request)
- Reschedule migration to add admin_mode scope for PATs (merge request)
- Use primary ssh_url_to_repo for geo proxied ssh clone url (merge request) GitLab Enterprise Edition
- Use root ancestor path for filtering in frameworks table (merge request) GitLab Enterprise Edition
- Use root ancestor for listing compliance frameworks (merge request) GitLab Enterprise Edition
- Fix vulnerability status bulk updates (merge request) GitLab Enterprise Edition
- Patch doorkeeper-openid_connect to use RFC7638 thumbprint (merge request)
- Send password reset email to approved users when user caps are enabled (merge request)
- Diff header: Fix checkbox alignment (merge request)
- Fix NoMethodError for empty repositories (merge request)
- Fix duplicate name validation in ProcessScanResultPolicyWorker (merge request) GitLab Enterprise Edition
- Changes order of text style in Content Editor (merge request)
- Fix milestone_id=0 not clearing milestone (merge request)
- This MR fixes growing width of preview panel (merge request) GitLab Enterprise Edition
- Requeue the BackfillProjectWikiRepositories migration (merge request)
- Show error message from API if any while adding Epic (merge request) GitLab Enterprise Edition
- Fix NoMethodError for BlameController (merge request)
- Fix gitlab_username_claim by reading also extra.raw_info by @bufferoverflow (merge request)
- Calculate correct access level of shared group member (merge request)
- Patch mail gem to handle TLS settings properly (merge request)
- Fixing pipeline minutes calculations (merge request) GitLab Enterprise Edition
- Remove unnecessary write tab for content editor (merge request)
- Fix invite a group on project wording and link (merge request)
- Make ProcessScanResultPolicyWorker idempotent and add deduplication (merge request) GitLab Enterprise Edition
- Add admin_parent_link permission to hide Add button in issue (merge request)
- Sign and verify ansi2json state (merge request)
- Approvals widget: Fix approvers table cell width (merge request)
- Force nowrap on tree body container (merge request)
- Show reference in root Work Item breadcrumb (merge request)
- Fix harbor registry menu item active status by @orozot (merge request)
- Do not display security widget when pipeline is active (merge request) GitLab Enterprise Edition
- Use dummy email address for Ghost gitea users (merge request)
- Apply correct background for dark mode (merge request) GitLab Enterprise Edition
- Update codeowners default owner regex (merge request) GitLab Enterprise Edition
- Convert some regex to use Gitlab::UntrustedRegexp (merge request)
- Remove cascading delete of scan_result_policy_reads (merge request) GitLab Enterprise Edition
- Only enqueue Sbom::IngestReportsWorker on default branches (merge request) GitLab Enterprise Edition
- Replace find with find_by_id in SyncScanPoliciesWorker (merge request) GitLab Enterprise Edition
- Fix NoMethodError for WebHook (merge request)
- Fix job filtering after token clear (merge request)
- Fix minor bug with checkboxes in a table (merge request)
- Fix bugs in Groups::AcceptingProjectSharesFinder (merge request)
- Fix SD blob path when scan is run in "no git" mode (merge request) GitLab Enterprise Edition
- Generate system notes for same state dismissals (merge request) GitLab Enterprise Edition
- Fix: mr approvers alignment (merge request)
- Remove extra space above mermaid sequence diagrams (merge request)
- Fix awardEmoji authorization in epic type by @Taucher2003 (merge request) GitLab Enterprise Edition
- Merge request: fix status icon color (merge request)
- Approvals table: Fix overflow issue (merge request)
- Resolve setWorkItemMetadata in apollo client (merge request)
- Enable FF pages_deploy_upload_file_outside_transaction by default (merge request)
- Merge request: Fixes a console error (merge request)
- Allow CI job to need an undefined, optional job (merge request)
- Disallow field licenseText for npm (merge request)
- Replace message by name for vulnerabilities (merge request) GitLab Enterprise Edition
- Verify deploy keys settings for protected tags (merge request)
- Resolve ambiguous references for archive metadata (merge request)
- Fix Authorize user page for Mattermost (merge request)
- Fix poor performing groups list API query (merge request)
- Updates foreign_keys for Ml::Candidate relations (merge request)
- Fix unreadable text in dark-themed editor tooltips (merge request)
- Dont show Security::Findings dismissed on the default branch (merge request) GitLab Enterprise Edition
- FIx markdown toolbar button actions in MRs (merge request)
- Fix collapse button alignment (merge request)
- Update bulk_imports entity validation for destination_name (merge request)
- Always update compliance report filtered projects list (merge request) GitLab Enterprise Edition
- Fix user reference styles in content editor (merge request)
- Fix border radius of clear filter button (merge request)
- Use admin_bot for adding the default compliance framework (merge request) GitLab Enterprise Edition
- Fix duplication of thread comments on commit page (merge request)
- Fix invite redirect for use of relative root (merge request)
- Changes path for ML::Candidate artifacts (merge request)
- Don't enforce SSO for public groups (merge request) GitLab Enterprise Edition
- Fix a replica latency bug on the Maven package registry upload endpoint (merge request)
- Increase padding for dropdown in content editor (merge request)
- Fix JS error for dropdown widget on issue board (merge request)
- Vue 3 spec violations fixed (merge request)
- Work item copy link fixed for modals (merge request)
- Fix markdown toolbar button actions (merge request)
- Start pipeline in after_commit callback when retrying jobs (merge request)
- When replying comments, the text box isn't focused (merge request)
- Fix demoting of the admin with OIDC enabled (merge request) GitLab Enterprise Edition
- Fix alignment of file tree search icon (merge request)
- Deletes compliance framework setting when transferring project (merge request) GitLab Enterprise Edition
- Fix spacing of referenced commands in comment preview (merge request)
- Use read_code to authorize GET protected_branches (merge request) GitLab Enterprise Edition
- Refetch container image tags list after deletion (merge request)
- [Geo] Fix token timeout for container registry sync (merge request)
- Remove subtransaction in Security::ProcessScanResultPolicyWorker (merge request) GitLab Enterprise Edition
- Fix incorrectly added VSA FF check (merge request) GitLab Enterprise Edition
- Enhance license dependency equality (merge request) GitLab Enterprise Edition
- Fix commits ref switcher (merge request)
- Fix broken trait specs - package by @sathieu (merge request)
- Fix reconcile needed message for offline license (merge request) GitLab Enterprise Edition
- Diff: Fix border radius of thread
- Skip epic cache update if epic can not be saved (merge request) GitLab Enterprise Edition
- Fix date issue for broadcast message edit on firefox (merge request)
- Fix licensed VSA page without parity FF (merge request) GitLab Enterprise Edition
- Diff: Fix border radius of thread (merge request)
- Fix bug in scope
Group.project_creation_allowed
(merge request) - Ensure backup restore clears storages before restoring (merge request)
- User with custom role + read_code can view MD link (merge request) GitLab Enterprise Edition
- Append tag notes when creating a new tag too (merge request)
- Fix N+1 query for max access level in project lists (merge request)
- Fix item height in wiki sidebar by @qk44077907 (merge request)
- Add a loading indicator for suggestions (merge request)
- Fix autofocus on work item description (merge request)
- Hide pipeline links tip in Stage view by @homersimpsons (merge request)
- Fix assignee avatars alignment on issues list (merge request)
- Fix missing caller_id for GraphQL subscriptions (merge request)
- Security Finding: fix note link to project (merge request) GitLab Enterprise Edition
- Fix loading multi-doc YAMLs for CI configurations (merge request)
- Do not change object reference when body is nil (merge request)
- Fix reference styles in content editor (merge request)
- Add relative root to broadcast messages (merge request)
- Fix board_list_spec.js vue3 test violations (merge request)
- Adds relation package_id to ml_candidates (merge request)
- Enforce merge request approval settings (merge request) GitLab Enterprise Edition
- Display fallback emoji images with correct aspect ratio (merge request)
- Use UUID to match findings with issue feedback records (merge request) GitLab Enterprise Edition
- Cells: Fix loose foreign key trigger validation routine (merge request)
- Hide achievements on private profiles by @Taucher2003 (merge request)
- Fix unlocking of job artifacts on pipeline state transitions (merge request)
- Hide inactive approvers (merge request) GitLab Enterprise Edition
- Correctly compute blob URL for Secret Detection (merge request) GitLab Enterprise Edition
- Add top margin to merge request description (merge request)
- Allow HEAD ref when viewing blob, commits and compare page (merge request)
- Do not serialize data image urls (merge request)
- Update mail gem to v2.8.1 (merge request)
- Don't generate invalid SQL checking foreign keys (merge request)
- Fix agent version comparison with KAS rc (merge request)
- Improves dataframe rendering in Python Notebooks (merge request)
- Jobs list: remove double bottom border (merge request)
- Fix(Purchase): handle email taken error (merge request) GitLab Enterprise Edition
- Fixes the ref switcher encoding (merge request)
- Child issues and epics: fix closed state (merge request) GitLab Enterprise Edition
- Add sync_name check to Gitlab::Auth::Ldap::Access by @zhzhang93 (merge request) GitLab Enterprise Edition
- Unstuck VSA background aggregations (merge request)
- Fix trial creation action reload with select (merge request) GitLab Enterprise Edition
- Improve paste markdown behavior in Content Editor (merge request)
- Fixing CI mirrored tables mermaid chart (merge request)
- Remove temporary workaround for DeployAccessLevel (merge request)
- Show Projects menu as active while on Starred or Trending projects pages (merge request)
- Add constraint for deploy_access_level (merge request)
- Fix alignment of commit changes block (merge request)
- Fix invalid protected environment access levels (merge request) GitLab Enterprise Edition
- Fix Debian doc for direct upload with older curl by @sathieu (merge request)
- Validate DeployAccessLevel options (merge request) GitLab Enterprise Edition
- Use
method
to resolve access_level_description field (merge request) - Fix dropdown closing prematurely when clicking inside (merge request)
- Fix alignment of user readme breadcrumb chevron (merge request)
- Fix inconsistent behaviour in work items comments (merge request)
- Remove long-running transaction while deduplicating the findings (merge request) GitLab Enterprise Edition
- Fix issue dashboard returning issues from archived projects (merge request)
- Fix command-only note not clearing commment form (merge request)
- Widget item: fix status :focus (merge request)
- Canonicalize dependency list names (merge request) GitLab Enterprise Edition
- Fix branch rules details breadcrumbs (merge request)
- Merge request widget: Fix alignment of cancel button (merge request)
- Prevent updating a comment with empty text (deprecated_notes.js) (merge request)
- Search only descendant groups when applicable (merge request) GitLab Enterprise Edition
- Sync security policy rule schedules that may have been deleted by bug (merge request)
- Fix clipping of review bar component when system footer exists (merge request)
- Fixing database backup rake task in single-db-two-connections mode (merge request)
- Fix 500 error for diff_files endpoint (merge request)
- Fix LDAP sync_name option bug by @zhzhang93 (merge request)
- Fix license available of group-protected branches by @songhuangcn (merge request) GitLab Enterprise Edition
- Decrease indent for profile page bio (merge request)
- This MR fixes radio button overlay (merge request) GitLab Enterprise Edition
- Fix openapi viewer for relative url instances (merge request)
- Avoid duplicate key error messages when inserting state record (merge request)
- Fix Google CDN not encoding UTF-8 characters (merge request)
- Linked items fixes (merge request) GitLab Enterprise Edition
- Fix caching to cover whole Service Ping payload (merge request)
- Update wiki repository size after migration (merge request)
- Fix TypeError when json file is an array (merge request)
Changed (275 changes)
- Add support for npm deprecate (merge request)
- Extend issue type change note (merge request)
- Update new label form (merge request)
- Visual tweaks for new sidebar nav search menu (merge request)
- Backfill code suggestions to true for all namespaces (merge request)
- Removing FF lazy_load_pipeline_dropdown_actions (merge request)
- Leave candidate as default code path (merge request) GitLab Enterprise Edition
- Extend approvals UI with fail-closed rules (merge request) GitLab Enterprise Edition
- Guard legacy runner status in graphql by feature flag (merge request)
- Change code suggestions namespace setting default to true (merge request)
- Format explain vulnerability responses with markdown format headers (merge request) GitLab Enterprise Edition
- Animate approval icon in merge request sidebar (merge request)
- Remove top border to prevent overlap (merge request)
- Add "fork" to word list and remove docs link from UI (merge request)
- Replace Deployment Icon with Release Icon on Project Home by @glauciellesa (merge request)
- Update scheduled Scan Execution Policy for secret_detection (merge request)
- Allow logging of all IssuableExportCsvWorker parameters (merge request)
- Adds frontend for candidate deletion (merge request) GitLab Enterprise Edition
- Enable geo_project_wiki_repository_replication feature flag (merge request) GitLab Enterprise Edition
- Add reviewed but not approved state in MR sidebar (merge request)
- Better error message when branch name does not match push rules settings (merge request) GitLab Enterprise Edition
- Update status check documentation (merge request)
- Add extra information to the github identifiers of importer failures (merge request)
- Replace namespace_id with group_id and project_id for POST /user/runners (merge request)
- Apply changes to order of secure nav items (merge request)
- Add tables and columns support to database schema validations (merge request)
- Add experiment label to ai chat header (merge request)
- Use badge component for "busy" status (merge request)
- Replaced VSA Overview "Total time" line chart with stacked area chart (merge request) GitLab Enterprise Edition
- Extend GraphQL approval rules with indication of invalid rules (merge request) GitLab Enterprise Edition
- Fix spacing in content editor code blocks (merge request)
- Convert admin menu from haml to panel (merge request) GitLab Enterprise Edition
- Log warnings on invalid ansi2json state inputs (merge request)
- Clean up runners_availability_section experiment (merge request)
- Sets the default 'Documentation pages URL' to https://docs.gitlab.com (merge request)
- Remove tooltip from merge request actions dropdown (merge request)
- Enable license scanning feature again (merge request) GitLab Enterprise Edition
- Fix insert link in content editor (merge request)
- Only allow developers or higher to trigger merge_status_recheck (merge request)
- Synchronize temporary index (merge request)
- Experiment Cleanup: removed the
cart_abandonment_modal
experiment (merge request) GitLab Enterprise Edition - It casts EXTRACT as double precision (merge request)
- Adjust tests to api admin mode by @TrueKalix (merge request)
- Update security policies docs after fixing concurrent execution bug (merge request)
- Add 'broadcasting' label to Action Cable counter (merge request)
- Left align emoji picker on descriptions and notes (merge request)
- Finalize EncryptCiTriggerToken background migration (merge request)
- Allow immediate deletion of projects using API (merge request) GitLab Enterprise Edition
- Add table validators to schema validation framework (merge request)
- Merge request header: add icon to indicate fork (merge request)
- Enable strict_ip_enforcement by default (merge request) GitLab Enterprise Edition
- Improve rendering of HTML-only emails in issue responses (merge request)
- Add basic implementation of loading only a single diff file (merge request)
- Update wiki diagram editor to be fullscreen (merge request)
- Skip setting base path for GitLab.com (merge request)
- Introduce Breach and Attack Simulation features (merge request)
- Stop flashing issue description on details toggle (merge request)
- Feat(Subscription Purchase): update CDot link (merge request) GitLab Enterprise Edition
- Disable Net::HTTP monkey patch for Ruby 3.1 (merge request)
- This MR creates new filtering layout (merge request) GitLab Enterprise Edition
- Drop retry_job_start_pipeline_after_commit feature flag (merge request)
- Autofills create label form (merge request)
- Rename "Infrastructure Registry" menu to "Terraform modules" (merge request)
- Users list: change user actions (merge request)
- Change dashboard to homepage (merge request)
- Refactor compliance frameworks create/edit to modals (merge request) GitLab Enterprise Edition
- Related branches: add widget styles (merge request)
- Cache inexistence of the GitHub username (merge request)
- Change viewing to editing for editor switcher (merge request)
- Upgrade bundler to v2.4.11 (merge request)
- Add reviewed but not approved state in MR sidebar (merge request)
- Migration to backfill hashed_root_namespace_id to commit index (merge request) GitLab Enterprise Edition
- Update excon to v0.99.0 (merge request)
- Update ruby_parser to v3.20 (merge request)
- Remove the move_year_dropdown_usage_charts feature flag (merge request)
- Removing google_play_integration feature flag (merge request)
- Use YAML.safe_load_file for import/export config (merge request)
- Use YAML.safe_load_file for mail_room config loading (merge request)
- Rename CodeOwners::File#entries_for_path method (merge request) GitLab Enterprise Edition
- Add unlimited members during trial alert on all Project/Group pages (merge request) GitLab Enterprise Edition
- Update gitlab-pages version (merge request)
- Update output of backup timestamps by @quatauta (merge request)
- Remove option to create new issue to resolve all threads in widget (merge request)
- Ensure terraform artifacts are not public (merge request)
- added: Creating marketing cookie to log active user sessions (merge request)
- Adds a unique index for storage limit exclusions (merge request)
- Remove help icon on code review summary comment (merge request)
- Refactor default framework assignments (merge request) GitLab Enterprise Edition
- New/edit MR: Migrate merge options checkbox (merge request)
- Moves container registry to the far right on Usage Quotas (merge request) GitLab Enterprise Edition
- New merge request: change empty state (merge request)
- Approvals table: Update styling (merge request)
- Help icon refactor (merge request)
- Filtered search bar: Fix height & focus state (merge request)
- Issuable widgets: more improvements (merge request)
- Avoid double submission on app secret renewal (merge request)
- Allow NULL file_md5 to Debian component files by @sathieu (merge request)
- Update UI text on create issue to resolve all threads option (merge request)
- Allow updates to mail_room in Gemfile again (merge request)
- This MR adds base layout for security result policy (merge request) GitLab Enterprise Edition
- Reschedule async temp index on finding report types (merge request)
- Move admin jobs files by @TrueKalix (merge request)
- Add root level breadcrumb to "Your work" EE pages (merge request) GitLab Enterprise Edition
- Omit OpenGraph/Twitter tags in redirected sign-in page by @aubiyko (merge request)
- Cleanup of old help icons (merge request)
- Add toasts for variable actions (merge request)
- Add note that confirmation requires primary email (merge request)
- Updating UI text by @sselhorn1 (merge request)
- Add root level breadcrumb to "Your work" pages (merge request)
- Change the order of vulnerability creation (merge request) GitLab Enterprise Edition
- Update BBM best practices section (merge request)
- Add laravel project template (merge request)
- Use YAML.safe_load_file for Bullet exclusions (merge request)
- Swap id columns on sent_notifications (merge request)
- Shows container registry image created time (merge request)
- Capitalize participants in sidebar (merge request)
- Debian package uniqueness by @sathieu (merge request)
- Add alert when project missing pipeline file (merge request) GitLab Enterprise Edition
- Remove the
security_reports_mr_widget_prompt
experiment (merge request) GitLab Enterprise Edition - Remove feature flag (merge request)
- Reschedule migration for links (merge request)
- Update copy of "Partial import" label (merge request)
- Splits up articats fields for Usage Quotas (merge request) GitLab Enterprise Edition
- Defer loading of other versions tab on package details page (merge request)
- Send queries to fetch schema cache to replicas (merge request)
- Update gitlab-mail_room to v0.0.23 (merge request)
- Cleaned up experiment cross_stage_fdm (merge request) GitLab Enterprise Edition
- Rename "Deployments > Feature Flags" to "Deployments > Feature flags" (merge request)
- Cells: Move
appearances
intoclusterwide
(merge request) - Adjust spacing of merge request widgets (merge request)
- Add hashed_root_namespace_id to commits index mapping (merge request) GitLab Enterprise Edition
- Refactor api admin mode shared example by @TrueKalix (merge request)
- Fixed unnecessary relayout if width is not changed (merge request)
- Remove limit-container-width from more pages (merge request)
- Update MR security widget to read from new properties (merge request) GitLab Enterprise Edition
- Approvals widget: improve styling (merge request) GitLab Enterprise Edition
- Update styling of pending comment (merge request) GitLab Enterprise Edition
- Update Issue's Due Date field real-time (merge request)
- Linked resources widget: change help icon (merge request)
- Diff: toggle file contents with keyboard (merge request)
- Changes the comments help icon (merge request)
- Approvals widget: change vertical alignment of approvals icon (merge request)
- Change container registry copy expiration policy to cleanup policies (merge request)
- Lock writes during gitlab:setup task (merge request)
- Add database migration (merge request)
- Prepare to drop unused jira indexes on projects (merge request)
- Right-align note actions dropdown (merge request)
- Add a throttle to sync service db usage GitLab Enterprise Edition
- Increase vertical spacing on MR header
- Fix add/edit/delete dismissal comment for pipeline security tab
- Migrate the existing RedisHLL keys to default slot (merge request)
- Add empty state for customizable dashboard panels (merge request) GitLab Enterprise Edition
- Add Drawer from CodeQuality Inline-diff findings (merge request) GitLab Enterprise Edition
- Merge blocked: change spacing of merge details (merge request)
- Reschedule the migration of evidences (merge request)
- Enable branch rules feature flag by default (merge request)
- Admin area: change help icons on dashboard (merge request)
- Add a throttle to sync service db usage (merge request) GitLab Enterprise Edition
- Merge request: unify help icons (merge request)
- Load commit diffs async by default (merge request)
- Fix add/edit/delete dismissal comment for pipeline security tab (merge request)
- Epic tree: item spacing improvement (merge request)
- Add a expiry date option for deploy tokens by @ChevronTango (merge request)
- Use state_transitions on pipeline security list (merge request) GitLab Enterprise Edition
- Python.gitlab-ci.yml: Suggest using the current version of Python by @cclauss (merge request)
- Increase vertical spacing on MR header (merge request)
- Add GraphQL mutation to create a merge request (merge request) GitLab Enterprise Edition
- Improve layout and text of "too many changes" alert (merge request)
- Google cloud pages: Remove container limited class (merge request)
- Issues list: change status to use badge component (merge request)
- MR widgets: Unify loading icon size (merge request)
- Add new application form: form cleanup (merge request)
- Diff: add file permission tooltip (merge request)
- Ensure visualizations have default values (merge request) GitLab Enterprise Edition
- Migrate checkbox to GlFormCheckbox (merge request)
- MR list: change alignment of labels (merge request)
- Merge request: Rename Email patches to Patches (merge request)
- Disallow NONE and ANY filter values for OR operator (merge request)
- Add data transfer graphql queries under feature flag (merge request) GitLab Enterprise Edition
- Hide upgrade billing for ramped subscriptions (merge request) GitLab Enterprise Edition
- Update parsing of *_DISABLED variables (merge request)
- Fix small UI inconsistencies in MR view (merge request)
- Update the breadcrumbs and pagetitles by @Mughees_ (merge request)
- Update vulnerability state change notes to include dismissal reasons (merge request) GitLab Enterprise Edition
- Update validation in order to allow (merge request)
- Remove real_time_issue_epic_links feature flag (merge request)
- Search::Index creates an Elasticsearch index on create (merge request)
- Consolidated product analytics feature flags (merge request)
- Adjust tests to api admin mode by @TrueKalix (merge request)
- Show "-" when the size of the MR diffs is 0 (merge request)
- Project: Remove container limited class (merge request) GitLab Enterprise Edition
- Enhance safe-html usage on SAST configuration (merge request) GitLab Enterprise Edition
- Replace bootstrap dropdown for issuable type (merge request)
- Remove extra settings content in CI/CD settings (merge request)
- Extended the syntax highlighting for CODEOWNERS (merge request)
- Update user_type value for humans (merge request)
- Change SVN migration link (merge request)
- Update dependency auto-build-image to v1.31.0 (merge request)
- Left align new branch form (merge request)
- Renames ml_candidates.iid to eid (merge request)
- Remove connecting lines between MR widgets (merge request)
- Format personal access token name in email (merge request)
- Use state_transitions on pipeline security list (merge request) GitLab Enterprise Edition
- Application: Remove container limited class (merge request)
- Cluster: Remove container limited class (merge request)
- Post-process leaked credentials on all branches (merge request) GitLab Enterprise Edition
- Improve error message for Security Features with alias usage in ci file (merge request)
- Create search index assignments for notes (merge request)
- User settings: remove container limited class (merge request)
- Restore breadcrumb border for all pages (merge request)
- Profile page: change border bottom color of personal projects (merge request)
- Merge request, Issue list: remove darker border from closed items (merge request)
- Issuable detail page: restore limited-container-width class (merge request)
- Environment variable UNSTRUCTURED_RAILS_LOG removed from codebase (merge request)
- Update dependency auto-deploy-image to v2.48.0 (merge request)
- Broadcast Messages: form cleanup (merge request)
- Removes all uploads from usage_quotas storage pages (merge request) GitLab Enterprise Edition
- Update parsing of *_DISABLED variables (merge request)
- Update saved reply form layout (merge request)
- Move description templates help text below description title (merge request)
- Adjust tests to api admin mode by @TrueKalix (merge request)
- Remove .integration-settings-form CSS (merge request)
- Adds hashed_root_namespace_id to issue index (merge request) GitLab Enterprise Edition
- Pipeline editor improvements (merge request)
- Use YAML.safe_load_file for backup/restore (merge request)
- Add keyset pagination to Instance level audit events api (merge request) GitLab Enterprise Edition
- Adjust tests to api admin mode by @TrueKalix (merge request)
- Adding Package Name to Google Play Integration (merge request)
- Update UI action button when loading empty VSA (merge request) GitLab Enterprise Edition
- Remove elasticsearch_use_traversal_id_optimization flag (merge request) GitLab Enterprise Edition
- Remove tertiary category from collapse button (merge request)
- Update ipaddr to v1.2.5 (merge request)
- Add index for free_user_cap_over_limit_notified_at (merge request)
- Add prefix and custom match options for custom Jira issue matching by @jackorp (merge request)
- Add workers to clear notified at flags (merge request) GitLab Enterprise Edition
- Work items: Improve styling of child items (merge request)
- Show a loading spinner while searching (merge request)
- Not use the word retry to refer to webhook executions by @alexkalderimis (merge request)
- Includes namespace when searching for projects in autocomplete bar (merge request)
- Limit invitations to trial groups and projects (merge request)
- Project overview: remove container-limited class (merge request)
- Repository: Remove container limited class (merge request)
- Geo settings page cleanup (merge request) GitLab Enterprise Edition
- Merge request list: Change status to use badge component styles (merge request)
- Issuable list: change meta font-size (merge request)
- Improves the styling of Child issues and epcics (merge request) GitLab Enterprise Edition
- This MR extracts Runner Tags Dropdown (merge request) GitLab Enterprise Edition
- Clean up route_hll_to_snowplow_phase4 feature flag (merge request)
- Move issue checklist item counts to below description (merge request)
- Update gitlab-experiment gem to v0.8.0 (merge request)
- Refactor scan_pipeline_service_spec job list fetching (merge request)
- Cells: Move
broadcast_messages
intoclusterwide
(merge request) - Remove the new_header_search FF (merge request)
- Use state_transitions on pipeline security list (merge request) GitLab Enterprise Edition
- Use page_level_alert content_for on free user cap alerts (merge request) GitLab Enterprise Edition
- Default enable linear_group_descendants_finder_upto (merge request)
- Update UI warning when loading VSA (merge request)
- Move milestone actions into dropdown (merge request)
- Fixes broken docs link for Apple App Store integration (merge request)
- Projects list: style improvements (merge request)
- Removes the old UpdateMaxSeatsUsedForGitlabComSubscriptionsWorker (merge request) GitLab Enterprise Edition
- Revamp of the searchbox events handling (merge request)
- Clear button events (merge request)
- Pipeline list: style improvements (merge request)
- Added ff and flow to skip Namespace Aggregation Lease (merge request)
- Remove
caller_id
from Redis metrics (merge request) - Right sidebar: change left-border width to match left sidebar (merge request)
- Admin Area: remove container limited class (merge request)
- Group: Remove limited container class (merge request)
- Group settings: Remove limited container class (merge request)
- Remove
group_owners_to_disable_two_factor
FF (merge request) - Add MigrateSharedVulnerabilityIdentifiers background migration (merge request) GitLab Enterprise Edition
- Project settings: remove limited width class (merge request)
- Refactor: Card component to Pajamas comliant by @imrishabh18 (merge request)
- Convert admin system info cards to pajamas (merge request)
Deprecated (1 change)
Removed (27 changes)
- Add openSUSE 15.3 removal for GitLab 15.11 (merge request)
- Remove unnecessary admin mode shared examples by @TrueKalix (merge request)
- Hide some tracing instrumentations behind environment variables (merge request)
- Cleanup migration of sent_notifications to bigint (merge request)
- Remove project_export_as_ndjson feature flag (merge request) GitLab Enterprise Edition
- Remove require_verification_for_namespace_creation (merge request)
- Remove disable_vulnerability_feedback_controller FF (merge request) GitLab Enterprise Edition
- Async remove 'merge_request_mentions_temp_index' index (merge request)
- Async remove 'merge_requests_state_id_temp_index' index (merge request)
- Remove ProjectType.ci_config_variables arg (merge request)
- Delete gitbook.tar.gz template (merge request)
- Synchronously remove unused Jira indexes (merge request)
- Remove temporary index on vulnerability_occurrences (merge request)
- Remove release description in tag page (merge request)
- Remove temporary index for licenses cleanup
- Removed PipelinesController#config_variables endpoint (merge request)
- Drop runner_machine_id column from ci_builds_metadata (merge request)
- docs: Remove mentions of gitaly-ruby (merge request)
- Remove temporary index for licenses cleanup (merge request)
- Removing FF refactor_ci_minutes_consumption (merge request)
- Perform final removal of the learn gitlab creation worker (merge request)
- Stop writing v1 ActiveSession keys (merge request)
- Remove unused alert_metrics component (merge request)
- Drop packages_events table (merge request)
- Remove collect_package_events feature flag with relevant code (merge request)
- Remove duplicate metrics for group "editor" (merge request)
- Removes create_table_with_constraints (merge request)
Security (21 changes)
- Revert 'security-find_tag_before_send_git_archive'
- Fix security report authorization
- Check access to parent when creating and updating epics
- Revert security-383776-track-sha-of-last-approval
- Normalize some spaces in snapshot spec
- Check access to target project before looking for branch
- Verify that users have access to the parent of the fork
- Check access to reorder issues in epic tree
- Redirect to tree from project root on ref collision
- Fixes soft email confirmation alert vulnerability
- Record sha of approval
- Use UntrustedRegexp to limit scan of HTML comments
- Replace Unicode space chars with spaces
- Improve Gitlab::UrlSanitizer regex to match more URIs
- Restrict Prometheus API access on public projects
- Filter namespace environments by feature visibility
- Fix the potential leak of internal notes
- Update globalid gem to v1.1.0 (merge request)
- Prevent XSS attack in "Maximum page reached" page
- Protect webhook secrets by resetting url_variables
- Check for tag before send_git_archive
Performance (13 changes)
- Add migration for backfilling project permissions in blob documents (merge request) GitLab Enterprise Edition
- Remove sync index idx_merge_requests_on_state_id_and_merge_status (merge request)
- Remove index on events.action (merge request)
- Apply patch by @terrichu (merge request)
- Contribution analytics: Limit request time range to one week (merge request) GitLab Enterprise Edition
- Return error when updated_at filtering used without sorting (merge request)
- Use optimistic locking when updating Terraform state (merge request)
- Improve the performance of the labels queries
- Make Action Cable subscriptions use DB replicas (merge request)
- Improve the performance of the labels queries (merge request)
- Update ComplianceViolationsFinder to use InOperatorOptimization (merge request)
- Remove index idx_merge_requests_on_state_id_and_merge_status async (merge request)
- Add batch_counter to verifiable_replicator counters (merge request) GitLab Enterprise Edition
Other (80 changes)
- Refactoring audit events for projects (merge request) GitLab Enterprise Edition
- Remaining CTRT edits to Service Desk doc (merge request)
- Make the code suggestions default to be false (merge request)
- Revert the update to code suggestions (merge request)
- Remove refactor_code_quality_inline_findings feature-flag (merge request)
- Remove FF ci_simplify_dag_status_calculation_for_processing (merge request)
- Improves documentation for Model Experiments (merge request)
- Make DesignManagement::Repository a container for GitRepository (merge request)
- Delete webauthn feature flag (merge request)
- Introduce User Access Project/Group Authorizations (merge request)
- Use a mockApolloClient to test Design comments (merge request)
- Remove partition_id default for p_ci_builds_metadata (merge request)
- Track roadmap tab on epics detail page (merge request) GitLab Enterprise Edition
- Update compliance framework pipeline docs (merge request)
- Removes grace period for BackgroundMigration/MissingDictionaryFile (merge request)
- Blame controller refactoring (step 3) (merge request)
- Removes reduce_sub_batch_size_on_timeouts feature flag (merge request)
- Add migrations to truncate error_tracking tables on PostgresSQL (merge request)
- Blame controller refactoring (step 2) (merge request)
- Validate the projects.creator_id foregin key asynchronously (merge request)
- Add code suggestions to namespace settings (merge request)
- Remove FF github_import_gists (merge request)
- Update import workers to set memory resource boundary (merge request)
- Using BBM in TableManagementHelpers#enqueue_partitioning_data_migration (merge request)
- Simplify isEditing for Policy Editor Component (merge request) GitLab Enterprise Edition
- Rename variables used for project counts (merge request)
- Add index to
vulnerability_occurrences
table for override uuids logic (merge request) - Remove unused index asynchronously (merge request)
- Swap note_diff_file.diff_note_id to bigint (merge request)
- Prepare async index for vulnerability_occurrences table (merge request)
- Blame controller refactoring (merge request)
- Clean up old redirect route (merge request) GitLab Enterprise Edition
- Update handling of project names in bulk import (merge request)
- Reorder primary key columns for ci_runner_machine_builds (merge request)
- Remove unused index synchronously (merge request)
- Remove db_load_balance_audit_event_streaming_worker feature flag (merge request) GitLab Enterprise Edition
- Swap epic_user_mentions.note_id to bigint (merge request)
- Swap suggestions.note_id to bigint (merge request)
- Update Admin::GroupsController#reset_runners_minutes feature_category (merge request)
- Documenting testing for multiple databases (merge request)
- Make CI config fetch timeout configurable (merge request)
- Backfill Migrations for ML::Candidate.internal_id (merge request)
- Filter out BEGIN/COMMIT correctly in metrics (merge request)
- Set data_consistency to delayed for AuditEventStreamingWorker (merge request) GitLab Enterprise Edition
- Refactors Ml::Candidate.eid usages to internal_id (merge request)
- Remove use_traversal_ids_for_root_ancestor FF (merge request)
- Migrate button group to GlDisclosureDropdown (merge request) GitLab Enterprise Edition
- Update omniauth-auth0 rubygem to 3.1 by @pravi (merge request)
- Add new CI Variable
CI_API_GRAPHQL_URL
by @homersimpsons (merge request) - Remove partition_id default from ci_builds (merge request)
- Exposing Finalizing BBMs in Admin portal (merge request)
- Moves Service Desk custom email credentials to own table (merge request)
- Cleanup BigInt conversion for ci_build_needs (merge request)
- Backfill application_settings product_analytics_data_collector_host (merge request)
- Improve error message for application_settings#archive_builds_in_seconds (merge request)
- Remove download_code column from member_roles (merge request)
- Single database testing documentation (merge request)
- Fixing specs for single-db-two-connections (merge request)
- Validate direct transfer enabled on source (merge request)
- Removing 'dropped' from deduplication_type while logging (merge request)
- FileLineBlame feature flag cleanup (merge request)
- Query members via namespaces (merge request)
- Cleanup extend reactivate trial feature (merge request) GitLab Enterprise Edition
- Fix spec violation - spying on methods (merge request)
- Validate direct transfer enabled on source (merge request)
- Upgrade to Vue 2.7 (merge request)
- Handle invalid filter for compliance filters (merge request) GitLab Enterprise Edition
- Remove the legacy_open_source_license_worker feature flag (merge request)
- Swap snippet_user_mentions.note_id to bigint (merge request)
- Reorder primary key columns for ci_runner_machine_builds (merge request)
- Remove partition_id default from ci_builds (merge request)
- Add partitioning check constraint to ci_builds (merge request)
- Consistent naming in for CodeQuality Pipelines (merge request) GitLab Enterprise Edition
- Swap design_user_mentions.note_id to bigint (merge request)
- Swap vulnerability_user_mentions.note_id to bigint (merge request)
- Swap commit_user_mentions.note_id to bigint (merge request)
- Documenting Docker install method switching to two connections (merge request)
- Remove full_path_project_search feature flag (merge request)
- Update header section (merge request) GitLab Enterprise Edition
- Swap merge_request_user_mentions.note_id to bigint (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
April 21, 2023, midnight
name
15.11.0
type
Minor
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!