## 11.11.8 - No changes. ## 11.11.7 ### Security (5 changes) - Don't override approval rules if not allowed. - Grant admin note permissions in epics for maintainers and owners. - Prevent an XSS vector in the add approver email. - Ensure the Insights configuration project is part of the group and is accessible to the current user. - Make vulnerability feedback invisible if limited access to repo. ## 11.11.4 (2019-06-26) ### Fixed (1 change) - Use quarantine size to check push size against repository size limit. !14269 ## 11.11.3 (2019-06-10) ### Fixed (1 change) - Fix create mr from vuln modal regression. !13524 ## 11.11.2 (2019-06-04) ### Performance (1 change) - Geo - Does not apply selective sync restrictions while counting registries on the tracking database. !13257 ## 11.11.0 (2019-05-22) ### Security (1 change) - Destroy project remote pull mirrors instead of disabling. !10355 ### Fixed (26 changes) - Add missing endpoint for user information to GitHub API. !10482 - Remove slack slash commands double up. !10555 - Display Scoped Labels on Issue Board. !10669 - Ensure custom group template feature is available only for groups on gold and silver. !10678 - Fix removing and updating insights config, and foreign key constraints. !11030 - Geo: Fix broken button to delete orphaned upload registries through Admin. !11156 - Resolve: Epic labels in system notes point to the epic itself. !11234 - Geo: Fix: Project sync failures usually double-increment *_retry_count. !11381 - Fix unauthenticated GET of public Epics API. !11485 - Hide ScopedBadge overflow notes. !11548 - Fixes a CI failure in jest. !11586 - Fix error when reordering/deleting subgroup epics. !11837 - Fix some filter bar tokens not showing up when multiple assignees are enabled. !11939 - Geo: Fix OAuth authentication with relative URLs. !11976 - Fix for not being able to remove the last namespace/project from elasticsearch limited namespaces/projects. !11989 - Fix approvals project settings section when merge requests disabled. !12070 - Enable alert bot to use quick actions. !12127 - Geo: Remove counts over geo_event_log table. !12146 - Geo: Prevent RegistryFinder calls on the primary. !12183 - Fix placement of LDAP icon in members list. !12304 - Use path instead of a URL for accessing approval settings. !12414 - Remove non-semantic use of `.row` in member listing controls. !12466 - Force tag overwrite on mirror update. !12491 - Fixes the feedback paths on the project security dashboard. !12849 - Fixed starting a review on images. - Fix updating board attributes through API. ### Changed (13 changes) - Group SAML enforcement requires active SSO session for group access. !10034 - Geo: Rename "Disable" to "Pause|Resume" (Admin > Geo Nodes). !10297 - Upgrade group security dashboard to use gitlab-ui line chart. !10479 - Geo - Implement selective sync support for the LFS objects FDW queries. !10757 - Documentation : Improve selective sync documentation. !11072 - Geo: Implement selective sync support for the FDW queries to count the number of attachments to sync. !11107 - Allowing Elasticsearch indexing gap recovering. !11408 - Geo - Implement selective sync support for the FDW queries to count attachments. !11518 - Geo - Implement selective sync support for the FDW queries to find attachments. !11544 - Geo - Add selective sync support for the job artifacts FDW queries. !11892 - Fetch all available groups when creating MR approval rule. !12096 - SSO enforcement requires active SAML session for web access to project resources. !12109 - Perform LDAP group sync on sign in only for new users. ### Performance (3 changes) - Swap conditions to reduce frequency of database query. !11217 - Add index for mirror_user_id to projects table. !11422 - Geo - Improve performance of the selective sync cleanup worker. !11998 ### Added (27 changes, 2 of them are from the community) - Proxy websocket requests to build services. !9723 - Add dependency proxy for containers. !9750 - Added gitlab:elastic:projects_not_indexed rake task. !9854 (Jason Colyer) - Added Snowplow tracking to notes. !10104 - Support multiple assignees for merge requests. !10161 - Add UI to enable/disable a dependency proxy on a group level. !10386 - Let the GitLab Alert bot open incident issues. !10460 - Remove feature flag `:incident_management`. !10569 - Allow multiple secondary nodes behind a load balancer. !10755 - Copy LFS objects from pull mirror. !10779 - Geo: Inform users about current replication lag in the UI on secondaries. !10807 - Autosave description in epics. !10844 - Keep track of packages_file in ProjectStatistics. !11020 - Adds a dismissal item to the vulnerability modal. !11028 - Add project level config for merge train. !11065 - Support pie charts in Insights. !11186 - Create ActiveRecordModel and table for Merge Train feature. !11204 - Allow adding GitLab license at installation time. !11244 - Added ZAP Full Scan support for DAST. !11269 - Add created_at and updated_at filters to Epics API. !11315 (jramsay) - Add API to retrieve security vulnerabilities. !11539 - Basic Rails implementation for BOM. !11613 - Add Frontend Store and UI For Environments Dashboard MVC. !11702 - Track clicks on uninstall button for kubernetes implementation. !12048 - Add Vulnerabilities API scoping: severity, confidence, and dismissal. !12076 - Alert users that protected environments affects feature flags. !12168 - Support creating a new child epic from the API. ### Other (8 changes, 1 of them is from the community) - Improve project settings page layout and UX. !10388 - Uses the more explicit vulnerability feedback endpoints on the front end. !10461 - Automatically enable multiple MR assignees feature flag. !10558 - Move geo_log_cursor binary to the ee folder. !10821 - Move sidekiq-cluster to ee/bin. !11001 - Move ee-specific code from boards/components/issue_card_inner.vue. !11032 (Roman Rodionov) - Make all billing cards fit in view. !11602 - Extracted EE specific lines for spec/javascripts/vue_mr_widget/mock_data.js. !11847 ## 11.10.8 (2019-06-27) - No changes. ### Security (2 changes) - Gate MR head_pipeline behind read_pipeline ability. - Do not allow localhost urls in GitHub Integration. ## 11.10.7 (2019-06-26) ### Fixed (1 change) - Use quarantine size to check push size against repository size limit. !14271 ## 11.10.6 (2019-06-04) ### Fixed (5 changes, 1 of them is from the community) - Fix removing and updating insights config, and foreign key constraints. !11030 - Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng) - Fix approvals project settings section when merge requests disabled. !12070 - Use path instead of a URL for accessing approval settings. !12414 - Fix relative url root issues with license management. !12488 ## 11.10.4 (2019-05-01) ### Fixed (1 change, 1 of them is from the community) - Fix error retrieving licenses when relative URL in use. !11717 (Hiroyuki Sato) ### Changed (1 change) - [Insights] Change the default weeks period limit to 12. !11498 ## 11.10.3 (2019-04-30) - No changes. ## 11.10.2 (2019-04-25) ### Security (1 change) - Handle race condition when creating an MR approval. ## 11.10.1 (2019-04-23) ### Fixed (4 changes) - Fix approval rules when used with relative url root. !10819 - Fix add/remove pipeline dashboard issue. !11029 - Fix JWT token check when repository does not exist. !11033 - Fix preventing approval of merge requests by an author. !11263 ### Changed (2 changes) - Improve SAML settings with validation, design, and help text. !10450 - Use a single color for the Insights time series bar charts. !11076 ## 11.10.0 (2019-04-22) ### Security (3 changes) - Check label_ids parent when updating issue board. - Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary. - Expose only basic group attributes in boards API. ### Fixed (25 changes) - User Statistics in Admin Dashboard now a button. !8807 - Fix misalignment of dropdowns in edit board modal of issue boards. !9909 - Geo: Support archive recovery or streaming replication types in health check. !9935 - Geo: Only display Geo-specific clone instructions button on a Geo Secondary node. !10007 - Resolve Deletion of vulnerability-associated issuables prevents security report from loading. !10016 - Elasticsearch API: Fix project_id showing as 0 for all blobs. A reindex will be required. !10020 - Make editing the filters in the Group Security Dashboard easier. !10138 - Geo - Reset the verification checksum after deployment refs are created. !10160 - Search snippets via elasticsearch. !10325 - Fixed bug preventing users from adding child epics with multiple children. !10331 - Fix merge requests being added to Jira Development Panel. !10342 - Fix authors of merge commits being excluded from approving an MR. !10359 - Fix ChatOps Slack responder for gitlab.com. !10416 - Fix sorting by priority with filtering by approvers. !10446 - Make UpdateRepositoryStorageService idempotent. !10457 - Fix broken links to protected environments on the CI/CD settings page. !10470 - Notify owner that group is invalid when LDAP "Sync now" fails. !10509 - Fix user agent string for Hosted Jira. !10545 - Fix query used to calculate number of users over license. !10556 - Fix pipeline bridge serialization error. !10565 - Correct path to cluster health partial. !10638 - Ensure Insights charts show all periods even if there are no data. !10733 - Hide scoped labels help text without corresponding license. !10737 - Fix merge request operation failure (e.g. assigning user) when project approvers required increases. !10766 - Include subgroups when finding Insights issuables. !10801 ### Changed (27 changes) - Move project search bar into modal dialog on Operations Dashboard page. !9260 - Geo - Add selective sync support for the FDW queries to count synced registries. !9445 - Geo - Add selective sync support for the FDW queries to count failed registries. !9527 - Convert enable group authentication checkbox to toggle button. !9816 - Geo: Limit max backoff time by 1 hour, instead of 7 days. !9893 - Documented Guide to using Geo in HA with RDS cross-region replicas. !9985 - Dynamically resize security group dashboard vuln graph. !10028 - Add self approval of merge requests setting to merge requests approvals API. !10050 - elasticsearch: Switch from LZ4 to DEFLATE compression. !10072 - Geo - Store the invalid checksum when we have a mismatch. !10101 - Add requested resources to cluster health metrics. !10135 - Allow self-approvals in fallback approval rules. !10218 - Geo - Add selective sync support for FDW queries to find verified registries. !10255 - Add file line number to vuln modal. !10265 - Geo - Add selective sync support for FDW queries to find registries where verification has failed. !10266 - Enforce Geo JWT tokens scope for repository sync. !10303 - Display link to review note in text email, similar to HTML email. !10401 - Geo - Add selective sync support for the FDW queries to find mismatch registries. !10434 - Geo - Add selective sync support for queries to find registries retrying verification. !10436 - Geo - Add selective sync support for the FDW queries to find registries to verify. !10438 - Improve DAST location fingerprints. !10487 - Change order in dast location fingerprint. !10487 - Geo: Add selective sync support for the FDW queries to find unsynced projects. !10522 - Enrich container scanning with more data on the frontend. !10526 - [Geo] Don't mark sync as successful if repo does not exist because of some problems. !10578 - Move operations dashboard from Ultimate to Premium. !10586 - Support multiple chart per page for Insights. ### Performance (3 changes) - Avoid a Gitaly N+1 when loading commits for Elasticsearch search results. !9760 - Geo: Optimize repository and wiki verification counts. !9939 - Avoid N+1 when loading Code search results with Elasticsearch enabled. !10394 ### Added (31 changes, 1 of them is from the community) - Add approval and unapproval webhooks. !8742 - Adding pipelines to the operations dashboard. !9197 - Add operations dashboard usage counts to usage data. !9291 - Automatically deprovision and update users from a configured identity via SCIM. !9388 - Add SCIM Token section to SAML SSO Settings. !9619 - Use merge request MERGE ref for attached merge request pipelines. !9622 - Geo: Support syncing over non-publicly accessible URLs. !9634 - Prevent merge if the merge request pipeline is stale. !9643 - Block possibility to change email for users with group managed account. !9712 - Geo admin panel for upload verification. !9720 - Geo: Create separate models for different registries. !9755 - Add ability to purchase extra CI minutes. !9815 - Update Web IDE config to accept ports. !9818 - Allow per-project and per-group enabling of Elasticsearch indexing. !9861 - Geo: Help admins diagnose configuration problems. !9988 - Added MAVEN_CLI_OPTS env var support to License Management CI job. !10012 - Show DAST vulnerabilities in the Group Security Dashboard. !10271 - Show DAST in Group Security Dashboard Back-End. !10277 - Removing pipeline dashboard feature flag. !10302 - Update user name upon LDAP sync. !10316 (@icode1) - Collect usage of pod logs feature. !10370 - Added metrics reports widget to merge request page. !10380 - IP whitelisting for Geo-enabling functionality in the primary. !10383 - Persist in the URL the page and day range of vulnerabilities viewed in the Group Security Dashboard. !10402 - Add 'Metrics' job artifact report type. !10452 - Create a user via SCIM. !10456 - Geo: Display secondary replication lag on console (if lag > 0 seconds). !10471 - Add Roadmap to Epic page. !10488 - Expose merge request pipeline parameters for MR widget. !10502 - Allow instance admins to link all projects to Jira DVCS. !10541 - Added mutually exclusive key value labels. ### Other (4 changes) - Simplify admin instance licenses page. !9785 - Extract EE specific files and externalize strings in admin application settings. !9930 - Add specs for coerced labels parameter in Epics API. !9932 - Improve project service desk settings. !10381 ## 11.9.12 (2019-05-30) ### Security (3 changes, 1 of them is from the community) - Filter relative links in wiki for XSS. (kerrizor) - Fix XSS in Ancestor tooltip title. - Ignore out of range epic IDs. ## 11.9.10 (2019-04-26) ### Security (1 change) - Handle race condition when creating an MR approval. ### Fixed (1 change, 1 of them is from the community) - Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng) ## 11.9.9 (2019-04-23) ### Fixed (1 change) - Fix approval rules when used with relative url root. !10819 ## 11.9.8 (2019-04-11) ### Fixed (1 change) - Fix sorting by priority with filtering by approvers. !10446 ## 11.9.7 (2019-04-09) ### Security (1 change) - Expose only basic group attributes in boards API. ## 11.9.6 (2019-04-04) ### Fixed (3 changes) - Fix project approval rule with only private group being considered as approved when override is allowed. !10356 - Fix approval rule sourcing from forked MR. !10474 - Guard against ldap_sync_last_sync_at being nil. !10505 ### Added (1 change) - Add Insights frontend to retrieve and render chart. !9856 ## 11.9.5 (2019-04-03) ### Fixed (3 changes) - Fix project approval rule with only private group being considered as approved when override is allowed. !10356 - Fix approval rule sourcing from forked MR. !10474 - Guard against ldap_sync_last_sync_at being nil. !10505 ### Added (1 change) - Add Insights frontend to retrieve and render chart. !9856 ## 11.9.3 (2019-03-27) ### Security (1 change) - Check label_ids parent when updating issue board. ## 11.9.2 (2019-03-26) ### Security (2 changes) - Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary. - Check label_ids parent when updating issue board. ## 11.9.1 (2019-03-25) ### Fixed (1 change) - Fix date save for Epic to reflect on UI immediately after save. !10321 ## 11.9.0 (2019-03-22) ### Security (4 changes) - Prevent Group SAML authorizing sign in without prior user approval. - Respect group membership lock when importing a member from another group. - Remove the possibility to share a project with a group that a user is not a member of. - Prevent SAML access when disabled by group admin on GitLab.com. ### Fixed (22 changes) - Allow assigning Prometheus alerts to multiple environments. !7361 - Fix repo pushes while initial Elasticsearch indexing not permitting initial indexing to complete. !9478 - Fix vulnerability occurrence scope to trailing 30 days. !9494 - Skip whitelisted vulnerabilities in Container Scanning reports. !9528 - Fix npm registry for yarn. !9599 - Renders inline downstream & upstream pipelines. !9627 - Prunes whole Geo event when there's only a primary. !9630 - Fix alert notifications for non-public projects. !9636 - Fix 500 error when visiting merged merge request. !9648 - Allow plus symbol in maven package version. !9657 - Show commands applied message when promoting issues to epics. !9669 - Ensure comments from merge request review is displayed in the same order as user commenting order. !9684 - Geo - Fix selective sync by namespace. !9732 - Fix bridge jobs than can be hidden keys too. !9796 - Fix approval-related UI showing up in free plan. !9819 - Add 'No approvals required' view to approval rules (behind feature flag). !9899 - Fix npm package install with a dot in the name. !9900 - GroupSAML for GitLab.com prevents blank NameID. !9907 - Fix protected environment initializer. !10150 - Fix SSH pull mirrors not working. !10272 - Fix HTML spew in Locked Files page. - Fixes Broken new/edit feature flag form. ### Changed (9 changes, 1 of them is from the community) - Remove authorization from /managed_licenses. !8541 - Consider dismissed items in security reports summary. !9275 - Add backend for cross-project pipeline dashboard MVC. !9396 - Create merge request approval rule for each code owner entry. !9455 - Split severity and confidence values for vulnerabilities. !9495 - Enforce Geo JWT tokens scope for file uploads and Geo API. !9502 - Update cluster health empty state. !9540 (George Tsiolis) - Add extra graph spacing on the Security Dashboard Group Vulnerability Chart. !9780 - Add Kerberos URL back to clone panel. !9840 ### Performance (1 change) - Eliminate N+1 queries in Epics API. !9897 ### Added (23 changes, 1 of them is from the community) - Enabled setting the Security Dashboard as a default view for groups. !7889 - Add reordering of child epics. !9283 - Create MR from Vulnerability Solution. !9326 - Create pool repositories on Geo secondaries. !9428 - Add date range for security dashboard graph. !9446 - Add filtering merge requests by approvers. !9468 - Add audit log for managing feature flags. !9487 - Add DELETE package API endpoint. !9623 - Enrich container scanning report. !9641 - Adapt feedback for Container Scanning vulnerabilities. !9655 - Enforce merge request approvals from code owners. !9656 - Added vendored CI/CD template for Dependency Scanning job. !9660 - Add Insights config behind the "group_insights" feature flag. !9665 - Add single package API endpoint. !9667 - Added GET /licenses and DELETE /license/:id endpoints. !9733 - Add container scanning results to group security dashboard. !9736 - Add an incident management settings form and create issues from alertmanager alerts. !9773 - Add API for reordering child epics. !9781 - Allow guests to comment on epics. !9783 - Display Recent Boards in Board switcher. !9808 - Add Ancestors in Epic Sidebar. !9817 - Add vendored templates for SAST, DAST, Container Scanning and License Management job definitions. !9921 - Add realtime validation for user fullname and username on validation. !25017 (Ehsan Abdulqader @EhsanZ) ### Other (12 changes, 1 of them is from the community) - Use export-import svg from gitlab-svgs. !9453 - Renames 'revert dismissal' to 'undo dismiss' on the Group security dashboard. !9500 - Using positional arguments in request specs have been deprecated. !9506 (Jasper Maes) - Splits the severity and confidence constants in the group security dashboard frontend. !9535 - Add Gitlab.com gold trial callout to /billings. !9611 - Update project settings section titles and info. !9614 - Improve visual consistency of values in vulnerability modal. !9616 - Limit Group Security Dashboard to selected types of report. !9626 - Make related issues components reusable. !9730 - sidekiq-cluster: put each sidekiq in a new pgroup. !9775 - License Management: Load up to a 100 licenses per default. !9913 - Adds documentation for autoremediation. !10054 ## 11.8.10 (2019-04-30) - No changes. ## 11.8.3 (2019-03-19) - No changes. ## 11.8.2 (2019-03-13) ### Fixed (4 changes) - Fix 500 error when visiting merged merge request. !9648 - Fix bridge jobs than can be hidden keys too. !9796 - Fix approval-related UI showing up in free plan. !9819 - Add 'No approvals required' view to approval rules (behind feature flag). !9899 ## 11.8.0 (2019-02-22) ### Security (2 changes) - Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !790 - Hide personal access tokens from other maintainers. ### Fixed (28 changes, 1 of them is from the community) - Add keyboard navigation to issue board switcher and remove duplicate scroll bar. !8591 - Geo: Always update the default branch on the secondary. !9064 - Fix public group milestones not shown in epics autocomplete. !9068 - Check hosts file for nameserver IP. !9071 - Fixes the icon for fixed vulnerability in Container Scanning report. !9120 - Return 400 error instead of 500 when upload maven package with invalid version. !9125 - Fix mirrors that have invalid SSH public auth mode set. !9135 - Hide packages without version from UI. !9151 - Remove duplicate "Operations Dashboard" header/breadcrumb. !9152 (Nathan Friend) - Create UTC date in subscription table. !9166 - Display epic icon in related epics list. !9166 - Don't validate Jenkins username if password is blank. !9198 - Don't show Alert widget for non-licensed users. !9224 - Group security dashboard: Fix overflow for Vulnerabilities with long titles. !9271 - Geo - Respect shard restriction while loading new resources to verify on the Geo secondary node. !9343 - When cleaning up repositories, ensure orphaned entries do not remain in the tracking database. !9344 - Geo - Make sure project does not meet selective sync rule before deleting it. !9345 - Fix alert notification emails are not being sent. !9393 - Fix alert notifications for managed Prometheus. !9402 - Replacing old blob methods in ElasticSerach module. !9418 - Add checks to prevent cycling hierarchy in epics structure. !9438 - Fix bug where users could not be added in protected branch rules. !9474 - Avoid SAML required_groups indiscriminately unblocking users on login. !9489 - Resolve Cannot scroll forwards in time for roadmap view. !9530 - Fix unleash server side cannot return feature flags. !9532 - Show alerts settings only for manual configuration. !9538 - Fix access to constant Gitlab::RepositorySizeError. !9579 - Clear our import data credentials when adding new mirrors. !24339 ### Deprecated (1 change) - Geo: Show hashed storage warnings on geo nodes page. !8433 ### Changed (14 changes) - Prevent commit authors from self approvaling merge requests. !9007 - Add docs link to explain legacy and new email format. !9020 - Recursively expands upstream and downstream pipelines. !9073 - Geo: Don't show external link icon on current node. !9130 - Issues created from vulnerabilities are now confidential by default. !9157 - Validate custom metrics. !9178 - Change paginate number to 20. !9213 - Convert buttons to button group on Group Security Dashboard. !9220 - Make it possible to edit Geo primary through API. !9328 - Geo: Handle repository and wiki sync separately in Geo::ProjectSyncWorker. !9360 - Geo: Add settings page empty state. !9415 - Renders New and Edit forms for feature flag in Vue and allow to define scopes. - Improves title in feature flags empty states. - Adds environment column to the feature flags page. ### Performance (5 changes) - Solve a N+1 issue in Groups::AnalyticsController. !4508 - Refactored Epic app in Vuex for better performance and maintenance. !9361 - Optimize slow pipelines.js response. !9387 - Disable commit checks when no push rules are active. !9569 - Enable some frozen string in ee/lib. ### Added (22 changes, 1 of them is from the community) - Elasticsearch: Support for Gitaly. !7434 - Canary deployment callout on the environments page. !8457 - Allow to filter notes in epics. !8978 - Multiple blocking merge request approval rules (behind feature flag). !9001 - Add support for auto-expanding Roadmap timeline on horizontal scroll. !9018 - Added Snowplow tracking to issues import. !9067 - Persist Group Level Security Dashboard state in URL. !9108 - Multiple environments support for feature flags (Unleash API standpoint). !9110 - Shows the approval given/required counts and its status for each MR when viewing the Merge Requests page. !9142 (Glavin Wiechert, Andy Steele) - Support CURD operation for feature flag scopes. !9182 - Add epic links API endpoints. !9188 - Store DAST scan results in the database. !9192 - Add LDAP integration to smartcard authentication. !9235 - Allow SSO enforcement in group settings for GitLab.com. !9240 - Add API endpoint for project packages. !9259 - Add upvote/downvote information to epics API. !9264 - Resolve Implement access controls when SSO enforcement enabled. !9270 - Add package files API endpoint. !9305 - Support alerts from external Prometheus servers. !9334 - Cross-project pipelines support in .gitlab-ci.yml. !9374 - Enable mails for external alerts. !9457 - Moving repository across shards leaves the pool. ### Other (13 changes, 7 of them are from the community) - Gather JIRA DVCS integration usage data. !8949 - ActiveRecord::Migration -> ActiveRecord::Migration[5.0] for AddAlertManagerTokenToClustersApplicationPrometheus and EnqueuePrometheusUpdates. !9049 (Jasper Maes) - Track navbar links in Snowplow. !9059 - Adds snowplough tracking for the group security dashboard filters. !9119 - Support Ajax endpoints for FeatureFlagsController. !9127 - Fix deprecation: Passing an argument to force an association to reload is now deprecated. !9140 (Jasper Maes) - Fix deprecation: #original_exception is deprecated. Use #cause instead. !9141 (Jasper Maes) - Uses GLDropdown for licence management. !9237 - Replace deprecated render text. !9346 (Jasper Maes) - Fix several ActionController::Parameters deprecations. !9347 (Jasper Maes) - Fix deprecation: uniq is deprecated and will be removed from Rails 5.1. !9348 (Jasper Maes) - Turn on rubocop for frozen string in ee/. (gfyoung) - Creates an EE component for the pipeline graph. ## 11.7.12 (2019-04-23) - No changes. ## 11.7.11 (2019-04-09) ### Security (1 change) - Expose only basic group attributes in boards API. ## 11.7.10 (2019-03-28) ### Security (1 change) - Check label_ids parent when updating issue board. ## 11.7.8 (2019-03-26) ### Security (2 changes) - Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary. - Check label_ids parent when updating issue board. ## 11.7.7 (2019-03-19) - No changes. ## 11.7.5 (2019-02-05) ### Fixed (2 changes) - Fix Kerberos authentication. !9390 - Fix background migration error when project repository is missing. !9392 ## 11.7.2 (2019-01-29) ### Security (6 changes) - Avoid leaking unauthorized approver group members. !766 - Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791 - Check access rights when creating/updating ProtectedRefs. - Fix locked file visibility issue for private repositories. - Filter out non-project member approvers. - Remove HTTP POST in JIRA OAuth access_token endpoint. ## 11.7.1 (2019-01-28) ### Security (6 changes) - Avoid leaking unauthorized approver group members. !766 - Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791 - Check access rights when creating/updating ProtectedRefs. - Fix locked file visibility issue for private repositories. - Filter out non-project member approvers. - Remove HTTP POST in JIRA OAuth access_token endpoint. ## 11.7.0 (2019-01-22) ### Security (1 change) - Add a shared secret to prevent abuse of the alert endpoint. ### Fixed (27 changes, 2 of them are from the community) - Defaults to feature flags link for Operations entry. !8622 - Fix error on explore page when logged out due to gold trial callout. !8674 - Prevents the empty state from showing when the dashboard errors. !8703 - Allow matching only the repo-root for CODEOWNERS. !8708 - Fix adding labels to epics using quick actions. !8772 - Geo: Keep the minimum cursor last event. !8832 - Reinstate sorting issuable by weight. !8834 - Geo - Show the proper label for the last repository check run on Geo projects page. !8844 - Resolve Reorder gitlab:elastic:index rake tasks to ensure wikis and database are completed even if projects error out. !8852 - Remove dash on issue weight for unauthorized users. !8882 (George Tsiolis) - Dismiss epic promotion and persist it across reloads. !8885 - Fix JIRA Development Panel links with subgroups. !8908 - Remove epic field in sidebar for projects without groups. !8919 - Remove duplicate padding from issue board switcher. !8928 - Resolve Ctrl+Enter immediately adds MR comment. !8932 - Geo: Ignore invalid attributes when updating Geo node status. !8957 - Fix border-radius for related issues. !8958 (Johann Hubert Sonntagbauer) - Fix Security Dashboard Header font size. !9011 - Fix title and description for issue created from a vulnerability. !9022 - Pseudonymizer: Gracefully handle empty pseudo entries. !9044 - Fix permission check when creating an issue from a vulnerability. !9055 - Docfix - broken doc links for Secure/Autodevops features. !9058 - Fix Error 500 when deleting a pipeline via the API. !9104 - Uses project_id instead of project on the group security dashboard. !9109 - Recursively get all of a groups projects. !9205 - Fix data migration failure if approvals_before_merge is set to too high. !9217 - Don't remove milestones when moving issues to board backlog from non-milestone list. ### Changed (5 changes, 1 of them is from the community) - Update Geo nodes empty state. !8576 (George Tsiolis) - Add search field to issue board switcher. !8862 - Allow downloading package files from UI. !8888 - Changes to the data model for counts on the Group Security Dashboard. !9035 - Fix packages UI mentioned only Maven packages support. !9132 ### Performance (2 changes, 1 of them is from the community) - Fix timeout loading Open list when board contains assignee lists. - Enable some frozen string in ee/lib. (gfyoung) ### Added (17 changes) - Add an instance-level endpoint for downloading maven packages. !8274 - Add NPM registry support to GitLab packages. !8673 - Store container scanning CI jobs results into the database. !8797 - Add a group-level endpoint for downloading maven packages. !8798 - Add Filtering vulnerabilities in the Group Security Dashboard. !8817 - Allow to filter Feature Flags. !8821 - Geo - Show last verification time on Geo projects page. !8845 - Adds basic filtering to the Group Security Dashboard frontend. !8886 - Autocomplete issues and MRs in epics. !8936 - Adds project filtering to the GSD. !8944 - Allow using TCP for DB load balancing DNS lookups. !8961 - Add filtering for summary and history on security dashboard. !8972 - Add solution card to the vulnerability modal. !9030 - Allows the Group Security Dashboard to select multiple filters. !9031 - Added Snowplow tracking to issues export. !9045 - Add support for relationship between epics. !9051 - Added pagination to epics API endpoint. ### Other (13 changes, 3 of them are from the community) - Promote starting a GitLab.com Gold trial on the dashboard. !6947 - Adds event tracking to navbar. !7787 - Update tracing settings to match error tracking settings. !8786 - Adapt subscriptions page for free plans and trials. !8838 - Support for new SAST and dependency scanning report format. !8869 - Remove deprecated ActionDispatch::ParamsParser. !8897 (Jasper Maes) - Fix deprecation: Comparing equality between ActionController::Parameters and a Hash is deprecated. !8914 (Jasper Maes) - Removes Notes from GitLab Pseudonymizer config. !8923 - Add count of projects with tracing enabled to usage ping data. !8940 - Adds dependency scanning to the report type filters on GSD. !9034 - Fix deprecation: Using positional arguments in specs for EE spes in spec/. !9040 (Jasper Maes) - Pass issuable-type in AddIssuableForm. !9111 - Gather deepest epic relationship data. ## 11.6.11 (2019-04-23) - No changes. ## 11.6.10 (2019-02-28) ### Security (5 changes) - Remove the possibility to share a project with a group that a user is not a member of. - Prevent Group SAML authorizing sign in without prior user approval. - Prevent SAML access when disabled by group admin on GitLab.com. - Respect group membership lock when importing a member from another group. - Ignore out of range epic IDs. ## 11.6.9 (2019-02-04) - No changes. ## 11.6.8 (2019-01-30) - No changes. ## 11.6.5 (2019-01-17) ### Fixed (1 change) - Fix Error 500 when deleting a pipeline via the API. !9104 ## 11.6.4 (2019-01-15) - No changes. ## 11.6.3 (2019-01-04) ### Fixed (1 change) - Fix instance project templates no longer working. !9019 ## 11.6.2 (2019-01-02) ### Fixed (1 change) - Fix issue ID wrapping and avatar counter shrinking in Related Issues list. !8854 ## 11.6.1 (2018-12-28) ### Security (1 change) - Add a shared secret to prevent abuse of the alert endpoint. ## 11.6.0 (2018-12-22) ### Security (7 changes) - Switch from CBC to GCM for Geo logout tokens. !8518 - Prevent reporter roles from viewing the Jaeger tracing settings page. - Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues. - Fix IDOR at /drafts/publish. - Authorize users when listing board users and milestones. - Resolve: Guest can set weight of a new issue. - Fixes XSS with merge request approvers selection. ### Fixed (27 changes, 2 of them are from the community) - Ensure that avatars in approvals have correct tooltip. !6269 - Geo: Fix push to secondary over SSH for LFS. !8044 - Don't show packages tab and settings for starter license. !8270 - Makes the vulnerability name on the Group Security Dashboard a button for better A11y. !8341 - Used the iid instead of the id for linked issues on the Group Security Dashboard. !8357 - Show navigation line separator when instance etrics is disabled. !8379 (George Tsiolis) - Fix project deploy key creation and deletion as admin. !8432 - Changes initial state for disabled prometheus integrations. !8434 - Fix a typo in Admin: intergration -> integration. !8444 (Vincent AUBERT) - Geo: Moving registry deletion into the job that deletes the files and project record. !8480 - Parameterize alerting rules with variables. !8481 - Fix PostReceive failing for project mirrors missing local branch. !8495 - Rails 5: Fix the check whether the database is in read-only mode. !8594 - Raisl 5: Fix Gitlab::Database::LoadBalancing#caught_up? check. !8595 - Renders upstream and downstream pipelines in the main pipeline graph. !8607 - Fix issue board api with special milestones. !8653 - fix pod dropdown not switching pod logs. !8660 - Geo - Respect the next retry time when re-verifying failed repositories. !8661 - Update elasticsearch system check to check for new supported versions. !8683 - Handle null start or due dates for dates sourcing milestone in Epics. !8689 - Fixed license managment path in MR widget for fork cases. !8700 - Fix gitlab:geo:check rake task. !8714 - Fix ability to choose shards for selective sync. !8717 - Add Rails.version to the Geo cache keys. !8775 - Support older NGINX version forwarding the client certificate for smartcard auth. !8784 - Remove duplicated smartcard login button. !8793 - Disable password autocomplete in mirror form fill. ### Deprecated (1 change) - Deprecate non-hashed repository storage for Geo installations. !8739 ### Changed (17 changes, 1 of them is from the community) - Adds Group SAML metadata endpoint. !5782 - Group SAML SSO page warns when linking account. !8295 - Change the delete custom metric alert. !8430 - Replace weight icon. !8448 (George Tsiolis) - Switch snowplows stateStorageStrategy to cookie. !8461 - Move merge request approval settings. !8493 - Geo: Constantly reverify repositories. !8550 - Add file and line numbers to issues created from SAST vulnerabilities. !8578 - Redesign MR header sections and approvals (EE). !8593 - Add packages_enabled attribute to Projects API. !8604 - Run geo check task from gitlab check. !8616 - Change issue create weight dropdown to an input. !8648 - Add epics state filtering in roadmap view. !8658 - Users can unlink Group SAML from accounts page. !8682 - Update casing in Built-in on project templates tab. !8688 - Epic issue list and related issue list re-design. - Add sort direction button with sort dropdown for Epics and Roadmap. ### Performance (5 changes, 3 of them are from the community) - Remove partial index for projects on mirror and mirror_last_update_at. !8585 - Enable some frozen string in ee/app. !8667 (gfyoung) - Remove redundant indices for is_sample on push_rules and next_execution_timestamp on project_mirror_data. !8695 - Enable some frozen string in ee/app. (gfyoung) - Enable some frozen string in ee/app. (gfyoung) ### Added (10 changes) - Add support for Group-level project templates. !6878 - Added web terminals to Web IDE. !7386 - Promote an Issue to an Epic using quick action. !8051 - Smartcard authentication. !8120 - Adds Security dashboard empty state. !8443 - Add vulnerability history at group level. !8603 - Adds group security dashboard metrics chart. !8631 - Add milestones autocomplete for epics. !8632 - Parse and store dependency scanning reports in database. !8642 - Adds EE store to handle upstream & downstream pipelines. ### Other (13 changes, 4 of them are from the community) - Add subscription table to GitLab.com billing areas. !7885 - UX improvements for the group security dashboard. !8217 - Restyles the dismissed vulnerabilities. !8401 - Adds PHILOSOPHY.md and references GitLab Product Handbook. !8515 - Make sidekiq-cluster play well with Sidekiq 5.2.2+. !8522 - Rails5: Passing a class as a value in an Active Record query is deprecated. !8540 (Jasper Maes) - render :nothing option is deprecated, Use head method to respond with empty response body. !8560 (Jasper Maes) - Add help page link for licence management in CI/CD settings. !8561 (George Tsiolis) - Re-orders the Group Security Dashboard. !8624 - Move EE only differences for finders. !8629 (George Tsiolis) - Add count of projects with at least one package to a usage ping data. !8641 - Added recommendations for handling deleted documents in Elasticsearch. - Use new information-o icon for Security Dashboard. ## 11.5.11 (2019-04-23) ### Security (1 change) - Respect group membership lock when importing a member from another group. ## 11.5.8 (2019-01-28) ### Security (6 changes) - Avoid leaking unauthorized approver group members. !766 - Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !793 - Check access rights when creating/updating ProtectedRefs. - Fix locked file visibility issue for private repositories. - Filter out non-project member approvers. - Remove HTTP POST in JIRA OAuth access_token endpoint. ## 11.5.5 (2018-12-20) - No changes. ## 11.5.3 (2018-12-06) - No changes. ## 11.5.2 (2018-12-03) ### Fixed (2 changes) - Fix inability to scroll dashboard. !8459 - Fix issues analytics query when ordering issues by priority. !8509 ## 11.5.1 (2018-11-26) ### Security (6 changes) - Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues. - Prevent reporter roles from viewing the Jaeger tracing settings page. - Fix IDOR at /drafts/publish. - Authorize users when listing board users and milestones. - Resolve: Guest can set weight of a new issue. - Fixes XSS with merge request approvers selection. ## 11.5.0 (2018-11-22) ### Security (2 changes) - Escape entity title while autocomplete template rendering to prevent XSS. !696 - Prevent templated services from being imported. ### Removed (1 change) - Remove security report summary from pipelines view. !7844 ### Fixed (25 changes, 3 of them are from the community) - Geo: Remove connectivity check from primary to secondary from gitlab:geo:check rake task. !7821 - Include (closed) for closed epics in parsed text. !7946 - Add new state to the cluster application vue app. !7954 - Do not allow to assign an issue to an epic twice. !8004 - [Geo] Fix: Deleting a project leaves orphaned LFS objects and CI Job artifacts around. !8031 - Support `/client/features` Unleash endpoint. !8045 - Fix button rendering in license management in FF. !8046 - Geo: Handle orphaned Uploads records. !8054 - Geo - Redirect user back to the secondary after a logout & re-login via the primary. !8157 - Fix approver removal still being conducted even when "Cancel" is clicked in confirmation prompt. !8178 - Link project short SHA to commit url. !8214 - Update ops dashboard remove dropdown button. !8236 (George Tsiolis) - Clear ops dashboard project search input on submit. !8239 (George Tsiolis) - Fixes a dismissed vulnerability bug on the group security dashboard. !8343 - Fixes missing fields on the group security dashboard. !8360 - Fixes the view issue button in the Group Security Dashboard. !8385 - Ops Dashboard should be available for public projects on GitLab.com. !8399 - Update draft comments design to match new design. !8405 - Change issues analytics breadcrumb. !8414 (George Tsiolis) - Include classification label in project API. !8426 - Fix Pod Log topbar position when perf bar is disabled. - Always proxy reports downloads. - Removes extra rigth margin from job page. - Geo: Rails console message display primary/secondary state incorrectly. - Disable Feature Flags and Packages if repository is disabled. ### Changed (13 changes, 1 of them is from the community) - Add test button to Group SAML settings. !5622 - Group SAML status badges on members page. !5807 - Update related issues list styling to be more space efficient. !7784 - Refactor test reports to use new artifact architecture. !7827 - Add timeline icon for issue weights. !7847 (George Tsiolis) - Added a search bar to `Admin > Geo > Projects`. !8079 - Geo: Deprecate source installations instructions. !8134 - Does not synchronize default branch for pull mirrors. !8138 - Adds split error states for the group security dashboard. !8208 - Geo: Improve read-only message in secondary nodes for actionable screens. !8238 - Improve error messages for operations dashboard. !8244 - Add documentation link to ops dashboard. !8296 - Issue board card design. !21229 ### Added (24 changes, 1 of them is from the community) - Group-level file templates. !7391 - Adds group-level Security Dashboard counts. !7564 - Parse SAST reports and store vulnerabilities in database. !7578 - elasticsearch 6 support - migrate from parent/child relationships to join. !7618 - Geo: Admin > Geo > Projects support for batch operations. !7806 - Create system notes for epic close and reopen. !7850 - Add Tracing landing and settings page. !7903 - Add modals and actions to the vulnerabilities in the Group security dashboard. !7910 - Assign code owner as approver. !7933 - Enable previewing of draft review comments. !7936 - Audit log: Add logging for project feature changes. !7962 - Add project operations dashboard. !7973 - Audit log: Add audit events for group setting changes. !7987 - Add approve quick action. !7989 - Show actual Milestone dates within tooltips for Milestones in Epics sidebar. !8048 - Allow filtering by weight in issues API. !8140 (Heinrich Lee Yu) - Filter epics by state in API. !8179 - Support epics autocomplete for project objects. !8180 - Add 'l', 'r' and 'e' keyboard shortcuts support in Epic. !8203 - Configurable GitHub static context for statuses integration. !8235 - Send notifications for epic status change. !8247 - Support license management and performance using new reports syntax. - Support reports: for project security dashboard. - Add chart of issues created per month. ### Other (17 changes, 11 of them are from the community) - Update boards list selector specs. !6266 (George Tsiolis) - Write some Geo development documentation. !7452 - Connects the Group Security Dashboard API and Frontend. !7793 - Rails5: Fix epics finder count_key method In Rails5, the state enum value is passed instead of the database integer. !7822 (Jasper Maes) - Rails 5: fix presence message validation for prometheus_alert. !7823 (Jasper Maes) - Rails 5: fix mysql milliseconds problem in prometheus alert event spec. !7828 (Jasper Maes) - Rails5: fix VulnerabilitySummaryEntity. !7893 (Jasper Maes) - Update feature flags empty state. !7967 (George Tsiolis) - Adds the security dashboard link. !7974 - Remove tooltip on sidebar text buttons. !8021 (George Tsiolis) - Add a metric to the usage ping data to track the number of projects with at least one alert. !8058 - Remove unneeded permission checks from the mirror repositories partial. !8077 - Rails5: fix flaky mysql reset pipeline minutes spec. !8122 (Jasper Maes) - Move `prepend` outside the `class` block for finders. !8192 (George Tsiolis) - Rails5: fix operations controller spec nil parameter. !8209 (Jasper Maes) - Update related issues title typography. !8267 (George Tsiolis) - Geo: Clarify Geo HA documentation. ## 11.4.9 (2018-12-03) - No changes. ## 11.4.8 (2018-11-27) ### Security (5 changes) - Escape entity title while autocomplete template rendering to prevent XSS. !707 - Authorize users when listing board users and milestones. - Fix IDOR at /drafts/publish. - Resolve: Guest can set weight of a new issue. - Fixes XSS with merge request approvers selection. ## 11.4.7 (2018-11-20) ### Fixed (1 change) - Fix code owner as merge request suggestion not available under Starter plan. !8248 ## 11.4.6 (2018-11-18) ### Security (1 change) - Prevent templated services from being imported. ## 11.4.5 (2018-11-04) ### Fixed (1 change) - Stops showing review actions on commit discussions in merge requests. !8007 ### Performance (1 change) - Add indexes to all geo event foreign keys. !7990 ## 11.4.4 (2018-10-30) - No changes. ## 11.4.3 (2018-10-26) - No changes. ## 11.4.2 (2018-10-25) ### Security (1 change) - Escape entity title while autocomplete template rendering to prevent XSS. !707 ## 11.4.1 (2018-10-23) - No changes. ## 11.4.0 (2018-10-22) ### Security (3 changes) - Properly filter private references from system notes. - Project groups approvers no longer leak private groups info. - Protect against CSRF attacks when adding Slack app. ### Removed (1 change) - remove unnecessary help text from container scanning results. !7304 ### Fixed (18 changes, 1 of them is from the community) - Prune all the Geo event log tables correctly. !6175 - Synchronize the default branch when updating a pull mirror. !7242 - Pushing to a merge request clears the approvals list even if the respective project setting is enabled and there is no fixed required number of approvals configured. !7328 - Align epics and roadmap empty state buttons to the center. !7358 (George Tsiolis) - Add link to issue on epic. !7407 - Check for force env var when rebuilding auth_keys. !7419 - Update popover URL to point to help page of same domain. !7446 - Geo - Does not raise error 500 on Geo projects list page for orphaned entries. !7565 - Show promotion for epics on issues. !7602 - Fix Epic subscription toggle behaviour. !7723 - Geo - Send a cache invalidation event via the log cursor whenever features are changed on the primary. !7738 - Fix epic milestone dates incorrect after issue is linked to another epic. !7809 - Fixes warning for used minutes in runner showing when user still has minutes. !7843 - Fix disappearing weight input in Firefox. !7869 - Don't synchronize default branch when updating a SSH mirror. !7891 - Fix broken tokenization for filtered search bar in Epics. !7972 - Fix bug when resolving a discussion via a batch comment published right away. - Fix wrong color in resolve/unresolve checkbox when using MR reviews. ### Changed (14 changes) - Geo: Decrease frequency of project shard schedulers when few projects to schedule. !7287 - Added placeholder to weight input for issue sidebar. !7346 - updated icons used in filtered search dropdowns. !7356 - Geo: Display helpful feedback when proxying an SSH git push to secondary request. !7357 - Geo - Include keep-around and other Gitlab-specific references in the checksum calculation. !7367 - Polish security report externalizations. !7373 - Listen for resolved Prometheus alerts. !7382 - Rename date related labels for Epics. !7447 - Add reports CI syntax for Code Quality reports. !7465 - Support short reference to epics from project entities. !7475 - Geo: Downgrade Exclusive Lease warnings from Log Cursor to debug. !7476 - Geo: Allow nodes to be editable in more scenarios. !7832 - Account for issues created in the middle of a milestone in burndown chart. - [Geo] Add CI job artifact numbers to rake geo:status. ### Performance (1 change) - Update DB model for security reports. ### Added (20 changes, 1 of them is from the community) - Batch comments on merge requests. !4213 - Use Geo log to remove files when migrated to object storage. !5966 - Add support for closing epics. !7302 - Add `auditor_groups` configuration so Audit users can be specified using SAML groups. !7340 (St. John Johnson) - Geo - Add an event to reset checksums on Geo secondary nodes. !7394 - Starts adding the dashboard page view. !7400 - Add `Manage licenses` button to MR widget and pipelines view. !7411 - Add Open/Closed epics tabs in list view. !7424 - Add Feature Flags MVC. !7433 - Suggest approvers based on code owners. !7437 - Geo: Add a backoff time to few Geo workers to save resources. !7470 - Persist Prometheus alert events. !7493 - Geo: Added a button to Admin UI > Geo Nodes to open Geo Projects screen of any secondary node. !7512 - Show Alert Thresholds on monitoring dashboards. !7538 - Support autocomplete for commands in epics. !7588 - Add form to enter licenses manually. !7603 - Geo: Added `All` tab in Geo Nodes > Projects. !7745 - Geo: Add a Geo Status Widget to Admin > Projects. !7789 - Add data model and migration for vulnerabilities. - Adds Batch Comments to Merge Requests [EEP]. ### Other (8 changes, 1 of them is from the community) - Add runner quota information to job API. !7233 - Resolve "ee:geo QA specs are failing as of !7210". !7315 - remove readme checkbox from "create project" page. !7332 - Create a generic JS function that we can apply to being able to track arbitrary events. !7403 - Rename Admin Area Geo Nodes nav item to Geo. !7466 - Group weight icon and text on issue list and issue boards. !7484 (George Tsiolis) - Adds expandable/collapsable section for Snowplow. !7798 - API: Allow issue weight parameter to be greater than or equal to zero. ## 11.3.14 (2018-12-20) - No changes. ## 11.3.13 (2018-12-13) - No changes. ## 11.3.11 (2018-11-26) ### Security (7 changes) - Escape entity title while autocomplete template rendering to prevent XSS. !697 - Properly filter private references from system notes. - Authorize users when listing board users and milestones. - Project groups approvers no longer leak private groups info. - Resolve: Guest can set weight of a new issue. - Fixes XSS with merge request approvers selection. - Protect against CSRF attacks when adding Slack app. ## 11.3.10 (2018-11-18) - No changes. ## 11.3.9 (2018-10-31) - No changes. ## 11.3.8 (2018-10-27) - No changes. ## 11.3.7 (2018-10-26) ### Security (1 change) - Escape entity title while autocomplete template rendering to prevent XSS. !697 ## 11.3.6 (2018-10-17) ### Fixed (1 change) - Don't reset the default branch when repository mirroring is enabled. !7944 ## 11.3.5 (2018-10-15) ### Fixed (1 change) - Fix epic milestone dates incorrect after issue is linked to another epic. !7809 ## 11.3.4 (2018-10-05) ### Security (1 change) - Properly filter private references from system notes. ## 11.3.3 (2018-10-04) - No changes. ## 11.3.2 (2018-10-03) ### Fixed (1 change) - Geo: repository shard verification job should have unique lease keys per shard name. !7474 ## 11.3.1 (2018-09-26) ### Security (2 changes) - Project groups approvers no longer leak private groups info. - Protect against CSRF attacks when adding Slack app. ## 11.3.0 (2018-09-22) ### Security (1 change) - Prevent regular users from moving projects to different storage shards. ### Fixed (29 changes, 11 of them are from the community) - don't add empty query params to boards. !4441 - Geo: sync disabled wikis. !6420 - Rails 5 fix alerts controller spec for post json parameters. !6795 (Jasper Maes) - Fixes 500 error on user creation from admin panel with spaced username. !6804 (Jacopo Beschi @jacopo-beschi) - Don't show search results for projects that have been deleted when using elastic search. !6830 - Geo: Use database-cached status if redis-cached status is unavailable. !6854 - [Geo] Fix: Custom favicons not being replicated by Geo. !6860 - Rails5 fix AddMilestoneToLists migration rollback deleting wrong foreign key. !6865 (Jasper Maes) - Rails5 fix passing Group objects array into for_projects_and_groups milestone scope. !6873 (Jasper Maes) - Rails5: fix mysql milliseconds problem in project_import_state_spec. !6874 (Jasper Maes) - Fix Jira integration duplicating branches and MRs. !6876 - Rails5: fix mysql milliseconds problem in project_spec. !6880 (Jasper Maes) - Remove https from Snowplow Collector URI placeholder in Admin Areawq. !6886 - Geo: Replicate keep around refs. !6922 - Fixes bug that prevented a user from seeing the system header and footer settings on the admin dashboard. !6926 - Rails5 fix duplicate gpg signature in path lock spec. !6939 (Jasper Maes) - Rails5: Fix audit event spec. !6940 (Jasper Maes) - Rails5: fix mysql milliseconds problem in project registry spec. !6943 (Jasper Maes) - LDAP - Does not update permissions on a read-only database. !6965 - Rails5 fix project import spec. !6981 (Jasper Maes) - Geo: Resolve sticky failures when attachments are missing on primary. !6991 - Geo: LFS batch downloads are OK to be handled by secondary. !7209 - Geo - Synchronize the default branch in secondary nodes. !7218 - Handle fixed dates seperately from selected dates in Epics. !7227 - Fix tooltip string to support dynamic date type in Epic sidebar. !7243 - Fix an error in docs about fetching artifacts using API. !7244 - Return proper status code when creation of an alert fails. !7360 (Peter Leitzen) - Geo - Find the remote root ref using a JWT header for authentication. !7405 - Add weight to issue hook. ### Changed (3 changes, 1 of them is from the community) - Allow push_code when auth'd via Geo JWT. !6455 - Prefer From address over Sender for Service Desk emails. !7006 (Andreas Josephson) - Add CI Job token support to Maven packages API. !7249 ### Performance (3 changes) - Reduce queries needed for CI artifacts on merge request widget. !6978 - Use limited count approach on Protected Environments view. !6987 - Limit sidekiq-cluster concurrency to a maximum of 50. !7025 ### Added (15 changes, 2 of them are from the community) - Allow custom notification for new epic event. !5863 - Geo: SSH git push to secondary -> proxy to Primary. !6456 - Allow epic start/due dates to be sourceable from issue milestones. !6470 - Add ability to upload and download maven packages from/to GitLab. !6607 - Added an instance-level license template project. !6631 (Dan Barker) - Add backend structure for ProtectedEnvironments. !6672 - Add UI for GitLab private Maven repository feature. !6781 - Add support for sorting epics. !6885 - Allow specifying code owners in a CODEOWNERS file. !6916 - Quick action for adding/removing epic to issues. !6934 - Show total and completed instances deployed on deploy boards. !6955 - Show security analysis status on the environments page. !6987 - Add Instance Review for Core users. !6995 - Introduce custom instance-level templates for Dockerfile, .gitignore, and .gitlab-ci.yml files. !7000 - Adds Rubocop rule to enforce class_methods over module ClassMethods. !7044 (Jacopo Beschi @jacopo-beschi) ### Other (4 changes) - Removes feature flag code surrounding Protected Environments feature. !7338 - Creates vue component for shared runner limit. - Allow MR authors to approve their MRs. - Remove differences between CE and EE settings panel component. ## 11.2.8 (2018-10-31) - No changes. ## 11.2.7 (2018-10-27) - No changes. ## 11.2.6 (2018-10-26) ### Security (1 change) - Escape entity title while autocomplete template rendering to prevent XSS. !698 ## 11.2.5 (2018-10-05) ### Security (1 change) - Properly filter private references from system notes. ## 11.2.4 (2018-09-26) ### Security (2 changes) - Project groups approvers no longer leak private groups info. - Protect against CSRF attacks when adding Slack app. ## 11.2.3 (2018-08-28) - No changes. ## 11.2.2 (2018-08-27) ### Security (1 change) - Prevent regular users from moving projects to different storage shards. ## 11.2.1 (2018-08-22) - No changes. ## 11.2.0 (2018-08-22) ### Security (1 change) - Don't expose project names in EE counters. ### Fixed (32 changes, 11 of them are from the community) - Allow Geo node to be edited once the database is failed over. !6248 - Fix a bug where user was unable to delete a branch when repo size was above the limit. !6373 - Rails5 fix AttachmentRegistryFinder arel queries. !6396 (Jasper Maes) - Add Premium license checks for system messages. !6460 - Fixes arrow-icon color and alignment in linked pipeline in merge request widget. !6479 - Rails 5 fix the matcher expected the ApplicationSetting to be invalid, but it was valid instead. !6488 (Jasper Maes) - Geo: Gracefully handle deleted events from Geo event log. !6506 - Rails5 fix NoMethodError: undefined method 'message' for nil:NilClass. !6507 (Jasper Maes) - Fix billing card title colors. !6563 - Rails5 fix undefined method 'namespace_project_settings_repository_path'. !6581 (Jasper Maes) - Rails5 fix no implicit conversion of Symbol into Integer. !6582 (Jasper Maes) - Rails 5 fix NoMethodError: undefined method 'message' for nil:NilClass in host_spec.rb. !6589 (Jasper Maes) - Fix mobile view of pod logs. !6597 - Add left-padding to diverged-from-upstream label. !6647 - List groups with developer maintainer access on project creation. !6678 - no longer fail when setting up Geo database with GDK. !6680 - Allow Pseudonymizer to write to a bucket without having permissions to see all buckets. !6682 - Hide Expand button on empty MR widget Performance section. !6685 - Ensure that Create issue button is shown in vulnerability dialog. !6708 - Use same gem versions for Rails 5 as for Rails 4. !6712 (Jasper Maes) - Rails5 correct wrong geo job name. !6713 (Jasper Maes) - Elasticsearch: Fix a bug causing some types of note to miss being indexed. !6736 - Rails 5 fix product array method delagation by manually calling .to_a in NotificationService. !6753 (Jasper Maes) - Adjust self-hosted Jira development panel integration. !6756 - Ensure that push size checks only count the size of newly-pushed files. !6767 - Fix the UI for listing system-level labels. !6805 - Rails5: fix slice in burndown fixture. !6813 (Jasper Maes) - Rails5: fix Arel::UpdateManager in MigrateOldElasticsearchSettings migration. !6815 (Jasper Maes) - Corrected URL for snowplow client side JS. !6899 - [Geo] Fix the Storage config parameter in Geo nodes admin page. - Fix exporting issues to CSV when sorting by label priority is used. - Fix handling of annotated tags when Gitaly is not in use. ### Changed (9 changes, 2 of them are from the community) - Add related issues loading icon top margin. !6527 (George Tsiolis) - Add security products to usage ping. !6602 - Changed copy for "Approved" state in merge request widget. !6635 (Constance Okoghenun) - Track the Geo event log gaps in redis and handle them later. !6640 - Replace clipboard icon in Service Desk settings. !6643 - Removes "show all" on security reports and adds a button to take you to the pipeline page. !6675 - Shows license reports when there are no reports in the source branch. !6720 - Removes status text from licence reports. !6802 - Opens "view full report" links in a new window. !6806 ### Performance (2 changes) - Geo: Improve Geo Status API performance with cached counters in SiteStatistic. !6328 - Geo: Improve performance in Log Cursor gap tracking. !6754 ### Added (19 changes) - Geo: Add repository verification failures to API. !6137 - Add support for todos on epics. !6142 - Summed issue weights in board columns. !6218 - Add an API endpoint for managed licenses of a project. !6246 - Implement custom project templates. !6436 - Projects page under Admin > Geo Nodes to display detailed synchronization information. !6452 - Enables configuration of pull mirroring through API. !6485 - Adds SLI alerts to custom prometheus metrics. !6590 - Add support for milestones lists on the issue boards. !6615 - Persist Epic Roadmap timescale choice. !6637 - Add license management frontend. !6638 - Add Snowplow integration. !6642 - Add Security Dashboard to project quick links. !6652 - Show License Management at pipeline level. !6688 - Add Frontend for Instance-level project templates. !6740 - Geo - Actively try to correct verification failures on the secondary. !6759 - Add Prometheus metrics to track Geo autocorrect numbers. !6778 - Link the License Management report in the MR widget with the pipeline level one. !6800 - Allow creating assignee lists via API. ### Other (8 changes, 1 of them is from the community) - Move merge requests EE helper methods. !6461 (George Tsiolis) - Add additional logging for Geo Log Cursor. !6513 - Ensure no weight change system notes end with a superfluous comma. !6571 - Track registries marked as synced when repository does not found. !6694 - Removes EE specific CSS that was moved to CE. !6723 - Geo: Add rake task to resync projects where verification has failed. !6727 - updates column sizes in licence and security modals. !6808 - Geo: Log to geo.log when the Log Cursor skips an event. ## 11.1.7 (2018-09-26) ### Security (2 changes) - Project groups approvers no longer leak private groups info. - Protect against CSRF attacks when adding Slack app. ## 11.1.6 (2018-08-28) - No changes. ## 11.1.5 (2018-08-27) - No changes. ### Security (1 change) - Prevent regular users from moving projects to different storage shards. ## 11.1.4 (2018-07-30) - No changes. ## 11.1.3 (2018-07-27) ### Fixed (1 change) - Resolve Environments dropdown is showing on the cluster health page. !6528 ## 11.1.2 (2018-07-26) ### Security (1 change) - Don't expose project names in EE counters. ## 11.1.1 (2018-07-23) ### Fixed (2 changes) - Fix geo download service ImportExportDownloader unitialized constant. !6567 - Geo - Allow repository verification to be disabled on a secondary node. !6599 ## 11.1.0 (2018-07-22) ### Removed (1 change) - Drop ignored Geo repository_storage_path columns. !5468 ### Fixed (19 changes, 7 of them are from the community) - Log audit and Geo events within a project destroy transaction. !6059 - Do not pre-select previous user(s) when creating protected branches. !6112 - Group SAML settings link hidden when unlicensed. !6147 - Geo: Fix repository/wiki sync race condition with multiple updates, especially in quick succession. !6161 - [Rails5] Fix error on missed :authenticate_user callback. !6257 (@blackst0ne) - Rails5 fix expected: ({...}) got: (