## 9.5.10 (2017-11-08) - [SECURITY] Add SSRF protections for hostnames that will never resolve but will still connect to localhost - [SECURITY] Include X-Content-Type-Options (XCTO) header into API responses ## 9.5.9 (2017-10-16) - [SECURITY] Move project repositories between namespaces when renaming users. - [SECURITY] Prevent an open redirect on project pages. - [SECURITY] Prevent a persistent XSS in user-provided markup. - [FIXED] Allow using newlines in pipeline email service recipients. !14250 - Escape user name in filtered search bar. ## 9.5.8 (2017-10-04) - [FIXED] Fixed fork button being disabled for users who can fork to a group. ## 9.5.7 (2017-10-03) - Fix gitlab rake:import:repos task. ## 9.5.6 (2017-09-29) - [FIXED] Fix MR ready to merge buttons/controls at mobile breakpoint. !14242 - [FIXED] Fix errors thrown in merge request widget with external CI service/integration. - [FIXED] Update x/x discussions resolved checkmark icon to be green when all discussions resolved. - [FIXED] Fix 500 error on merged merge requests when GitLab is restored from a backup. ## 9.5.5 (2017-09-18) - [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller) - [FIXED] Fix division by zero error in blame age mapping. !13803 (Jeff Stubler) - [FIXED] Fix problems sanitizing URLs with empty passwords. !14083 - [FIXED] Fix a wrong `X-Gitlab-Event` header when testing webhooks. !14108 - [FIXED] Fixes the 500 errors caused by a race condition in GPG's tmp directory handling. !14194 (Alexis Reigel) - [FIXED] Fix Pipeline Triggers to show triggered label and predefined variables (e.g. CI_PIPELINE_TRIGGERED). !14244 - [FIXED] Fix project feature being deleted when updating project with invalid visibility level. - [FIXED] Fix new navigation wrapping and causing height to grow. - [FIXED] Fix buttons with different height in merge request widget. - [FIXED] Normalize styles for empty state combo button. - [FIXED] Fix broken svg in jobs dropdown for success status. - [FIXED] Improve migrations using triggers. - [FIXED] Disable GitLab Project Import Button if source disabled. - [CHANGED] Update the GPG verification semantics: A GPG signature must additionally match the committer in order to be verified. !13771 (Alexis Reigel) - [OTHER] Fix repository equality check and avoid fetching ref if the commit is already available. This affects merge request creation performance. !13685 - [OTHER] Update documentation for confidential issue. !14117 ## 9.5.4 (2017-09-06) - [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller) - [SECURITY] Prevent a persistent XSS in the commit author block. - Fix XSS issue in go-get handling. - Resolve CSRF token leakage via pathname manipulation on environments page. - Fixes race condition in project uploads. - Disallow arbitrary properties in `th` and `td` `style` attributes. - Disallow the `name` attribute on all user-provided markup. ## 9.5.3 (2017-09-03) - [SECURITY] Filter additional secrets from Rails logs. - [FIXED] Make username update fail if the namespace update fails. !13642 - [FIXED] Fix failure when issue is authored by a deleted user. !13807 - [FIXED] Reverts changes made to signin_enabled. !13956 - [FIXED] Fix Merge when pipeline succeeds button dropdown caret icon horizontal alignment. - [FIXED] Fixed diff changes bar buttons from showing/hiding whilst scrolling. - [FIXED] Fix events error importing GitLab projects. - [FIXED] Fix pipeline trigger via API fails with 500 Internal Server Error in 9.5. - [FIXED] Fixed fly-out nav flashing in & out. - [FIXED] Remove closing external issues by reference error. - [FIXED] Re-allow appearances.description_html to be NULL. - [CHANGED] Update and fix resolvable note icons for easier recognition. - [OTHER] Eager load head pipeline projects for MRs index. - [OTHER] Instrument MergeRequest#fetch_ref. - [OTHER] Instrument MergeRequest#ensure_ref_fetched. ## 9.5.2 (2017-08-28) - [FIXED] Fix signing in using LDAP when attribute mapping uses simple strings instead of arrays. - [FIXED] Show un-highlighted text diffs when we do not have references to the correct blobs. - [FIXED] Fix display of push events for removed refs. - [FIXED] Testing of some integrations were broken due to missing ServiceHook record. - [FIXED] Fire system hooks when a user is created via LDAP. - [FIXED] Fix new project form not resetting the template value. ## 9.5.1 (2017-08-23) - [FIXED] Fix merge request pipeline status when pipeline has errors. !13664 - [FIXED] Commit rows would occasionally render with the wrong language. - [FIXED] Fix caching of future broadcast messages. - [FIXED] Only require Sidekiq throttling library when enabled, to reduce cache misses. - Raise Housekeeping timeout to 24 hours. !13719 ## 9.5.0 (2017-08-22) - [FIXED] Fix timeouts when creating projects in groups with many members. !13508 - [FIXED] Improve API pagination headers when no record found. !13629 (Jordan Patterson) - [FIXED] Fix deleting GitLab Pages files when a project is removed. !13631 - [FIXED] Fix commit list not loading the correct page when scrolling. - [OTHER] Cache the number of forks of a project. !13535 - GPG signed commits integration. !9546 (Alexis Reigel) - Alert the user if a Wiki page changed while they were editing it in order to prevent overwriting changes. !9707 (Hiroyuki Sato) - Add custom linter for inline JavaScript to haml_lint. !9742 (winniehell) - Add /shrug and /tableflip commands. !10068 (Alex Ives) - Allow wiki pages to be renamed in the UI. !10069 (wendy0402) - Insert user name directly without encoding. !10085 (Nathan Neulinger ) - Avoid plucking Todo ids in TodoService. !10845 - Handle errors while a project is being deleted asynchronously. !11088 - Decrease ABC threshold to 56.96. !11227 (Maxim Rydkin) - Remove Mattermost team when deleting a group. !11362 - Block access to failing repository storage. !11449 - Add coordinator url to admin area runner page. !11603 - Allow testing any events for project hooks and system hooks. !11728 (Alexander Randa (@randaalex)) - Disallow running the pipeline if ref is protected and user cannot merge the branch or create the tag. !11910 - Remove project_key from the Jira configuration. !12050 - Add CSRF token verification to API. !12154 (Vitaliy @blackst0ne Klachkov) - Fixes needed when GitLab sign-in is not enabled. !12491 (Robin Bobbitt) - Lazy load images for better Frontend performance. !12503 - Replaces dashboard/event_filters.feature spinach with rspec. !12651 (Alexander Randa (@randaalex)) - Toggle import description with import_sources_enabled. !12691 (Brianna Kicia) - Bump scss-lint to 0.54.0. !12733 (Takuya Noguchi) - Enable SpaceAfterComma in scss-lint. !12734 (Takuya Noguchi) - Remove CSS for nprogress removed. !12737 (Takuya Noguchi) - Enable UnnecessaryParentReference in scss-lint. !12738 (Takuya Noguchi) - Extract "@request.env[devise.mapping] = Devise.mappings[:user]" to a test helper. !12742 (Jacopo Beschi @jacopo-beschi) - Enable ImportPath in scss-lint. !12749 (Takuya Noguchi) - Enable PropertySpelling in scss-lint. !12752 (Takuya Noguchi) - Add API for protected branches to allow for wildcard matching and no access restrictions. !12756 (Eric Yu) - refactor initializations in dropzone_input.js. !12768 (Brandon Everett) - Improve CSS for global nav dropdown UI. !12772 (Takuya Noguchi) - Remove public/ci/favicon.ico. !12803 (Takuya Noguchi) - Enable DeclarationOrder in scss-lint. !12805 (Takuya Noguchi) - Increase width of dropdown menus automatically. !12809 (Thomas Wucher) - Enable BangFormat in scss-lint [ci skip]. !12815 (Takuya Noguchi) - Added /duplicate quick action to close a duplicate issue. !12845 (Ryan Scott) - Make all application-settings accessible through the API. !12851 - Remove Inactive Personal Access Tokens list from Access Tokens page. !12866 - Replaces dashboard/dashboard.feature spinach with rspec. !12876 (Alexander Randa (@randaalex)) - Reduce memory usage of the GitHub importer. !12886 - Bump fog-core to 1.44.3 and fog providers' plugins to latest. !12897 (Takuya Noguchi) - Use only CSS to truncate commit message in blame. !12900 (Takuya Noguchi) - Protect manual actions against protected tag too. !12908 - Allow to configure automatic retry of a failed CI/CD job. !12909 - Remove help message about prioritized labels for non-members. !12912 (Takuya Noguchi) - Add link to doc/api/ci/lint.md. !12914 (Takuya Noguchi) - Add RequestCache which makes caching with RequestStore easier. !12920 - Free up some top level words, reject top level groups named like files in the public folder. !12932 - Extend API for Group Secret Variable. !12936 - Hide description about protected branches to non-member. !12945 (Takuya Noguchi) - Support custom directory in gitlab:backup:create task. !12984 (Markus Koller) - Raise guessed encoding confidence threshold to 50. !12990 - Add author_id & assignee_id param to /issues API. !13004 - Fix today day highlight in calendar. !13048 - Prevent LDAP login callback from being called with a GET request. !13059 - Add top-level merge_requests API endpoint. !13060 - Handle maximum pages artifacts size correctly. !13072 - Enable gitaly_post_upload_pack by default. !13078 - Add Prometheus metrics exporter to Sidekiq. !13082 - Fix improperly skipped backups of wikis. !13096 - Projects can be created from templates. !13108 - Fix the /projects/:id/repository/branches endpoint to handle dots in the branch name when the project full path contains a `/`. !13115 - Fix project logos that are not centered vertically on list pages. !13124 (Florian Lemaitre) - Derive project path from import URL. !13131 - Fix deletion of deploy keys linked to other projects. !13162 - repository archive download url now ends with selected file extension. !13178 (haseebeqx) - Show auto-generated avatars for Groups without avatars. !13188 - Allow any logged in users to read_users_list even if it's restricted. !13201 - Unlock stuck merge request and set the proper state. !13207 - Fix timezone inconsistencies in user contribution graph. !13208 - Fix Issue board when using Ruby 2.4. !13220 - Don't rename namespace called system when upgrading from 9.1.x to 9.5. !13228 - Fix encoding error for WebHook logging. !13230 (Alexander Randa (@randaalex)) - Uniquify reserved word usernames on OAuth user creation. !13244 (Robin Bobbitt) - Expose target_iid in Events API. !13247 (sue445) - Add star for action scope, in order to delete image from registry. !13248 (jean) - Make Delete Merged Branches handle wildcard protected branches correctly. !13251 - Fix an order of operations for CI connection error message in merge request widget. !13252 - Don't send rejection mails for all auto-generated mails. !13254 - Expose noteable_iid in Note. !13265 (sue445) - Fix pipeline_schedules pages when active schedule has an abnormal state. !13286 - Move some code from services to workers in order to improve performance. !13326 - Fix destroy of case-insensitive conflicting redirects. !13357 - Fix the /projects/:id/repository/tags endpoint to handle dots in the tag name when the project full path contains a `/`. !13368 - Fix the /projects/:id/repository/commits endpoint to handle dots in the ref name when the project full path contains a `/`. !13370 - Project pending delete no longer return 500 error in admins projects view. !13389 - Use full path of user's avatar in webhooks. !13401 (Vitaliy @blackst0ne Klachkov) - Make GPGME temporary directory handling thread safe. !13481 (Alexis Reigel) - Add support for kube_namespace in Metrics queries. !16169 - Fix bar chart does not display label at 0 hour. !35136 (Jason Dai) - Use project_ref_path to create the link to a branch to fix links that 404. - Declare related resources into V4 API entities. - Add Slack and JIRA services counts to Usage Data. - Prevent web hook and project service background jobs from going to the dead jobs queue. - Display specific error message when JIRA test fails. - clean up merge request widget UI. - Associate Issues tab only with internal issues tracker. - Remove events column from notification settings table. - Clarifies and rearranges the input variables on the kubernetes integration page and adjusts the docs slightly to meet the same order. - Respect blockquote line breaks in markdown. - Update confidential issue UI - add confidential visibility and settings to sidebar. - Add icons to contextual sidebars. - Make contextual sidebar collapsible. - Update Pipeline's badge count in Merge Request and Commits view to match real-time content. - Added link to the MR widget that directs to the monitoring dashboard. - Use jQuery to control scroll behavior in job log for cross browser consistency. - move edit comment button outside of dropdown. - Updates vue resource and code according to breaking changes. - Add GitHub imported projects count to usage data. - Rename about to overview for group and project page. - Prevent disabled pagination button to be clicked. - Remove coffee-rails gem. (Takuya Noguchi) - Remove net-ssh gem. (Takuya Noguchi) - Bump rubocop to 0.49.1 and rubocop-rspec to 1.15.1. (Takuya Noguchi) - improve file upload/replace experience. - allow closing Cycle Analytics intro box in firefox. - Fix label creation from new list for subgroup projects. - fix transient js error in rspec tests. - fix jump to next discussion button. - Fix translations for Star/Unstar in JS file. - Improve mobile sidebar. - Rename Pipelines tab to CI / CD in new navigation. - Fix display of new diff comments after changing b between diff views. - Store & use ConvDev percentages returned by the Version app. - Fixes new issue button for failed job returning 404. - Align OR separator to center in new project page. - Add filtered search to group issue dashboard. - Cache Appearance instances in Redis. - Fixed breadcrumbs title aggressively collapsing. - Better caching and indexing of broadcast messages. - Moved diff changed files into a dropdown. - Improve performance of large (initial) push into default branch. - Improve performance of checking for projects on the projects dashboard. - Eager load project creators for project dashboards. - Modify if condition to be more readable. - Fix links to group milestones from issue and merge request sidebar. - Remove hidden symlinks from project import files. - Fixed sign-in restrictions buttons not toggling active state. - Fix replying to commit comments on merge requests created from forks. - Support Markdown references, autocomplete, and quick actions for group milestones. - Cache recent projects for group-level new resource creation. - Fix API responses when dealing with txt files. - Fix project milestones import when projects belongs to a group. - Fix Mattermost integration. - Memoize the number of personal projects a user has to reduce COUNT queries. - Merge issuable "reopened" state into "opened". - Migrate events into a new format to reduce the storage necessary and improve performance. - MR branch link now links to tree instead of commits. - Use Prev/Next pagination for exploring projects. - Pass before_script and script as-is preserving arrays. - Change project FK migration to skip existing FKs. - Remove redundant query when retrieving the most recent push of a user. - Re-organise "issues" indexes for faster ordering. - Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character. - Fix search box losing focus when typing. - Add structured logging for Rails processes. - Skip oAuth authorization for trusted applications. - Use a specialized class for querying events to improve performance. - Update build badges to be pipeline badges and display passing instead of success. ## 9.4.7 (2017-10-16) - [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller) - [SECURITY] Move project repositories between namespaces when renaming users. - [SECURITY] Prevent an open redirect on project pages. - [SECURITY] Prevent a persistent XSS in user-provided markup. - [FIXED] Allow using newlines in pipeline email service recipients. !14250 - Escape user name in filtered search bar. ## 9.4.6 (2017-09-06) - [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller) - [SECURITY] Prevent a persistent XSS in the commit author block. - Fix XSS issue in go-get handling. - Remove hidden symlinks from project import files. - Fixes race condition in project uploads. - Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character. - Disallow arbitrary properties in `th` and `td` `style` attributes. - Resolve CSRF token leakage via pathname manipulation on environments page. - Disallow the `name` attribute on all user-provided markup. ## 9.4.5 (2017-08-14) - Fix deletion of deploy keys linked to other projects. !13162 - Allow any logged in users to read_users_list even if it's restricted. !13201 - Make Delete Merged Branches handle wildcard protected branches correctly. !13251 - Fix an order of operations for CI connection error message in merge request widget. !13252 - Fix pipeline_schedules pages when active schedule has an abnormal state. !13286 - Add missing validation error for username change with container registry tags. !13356 - Fix destroy of case-insensitive conflicting redirects. !13357 - Project pending delete no longer return 500 error in admins projects view. !13389 - Fix search box losing focus when typing. - Use jQuery to control scroll behavior in job log for cross browser consistency. - Use project_ref_path to create the link to a branch to fix links that 404. - improve file upload/replace experience. - fix jump to next discussion button. - Fixes new issue button for failed job returning 404. - Fix links to group milestones from issue and merge request sidebar. - Fixed sign-in restrictions buttons not toggling active state. - Fix Mattermost integration. - Change project FK migration to skip existing FKs. ## 9.4.4 (2017-08-09) - Remove hidden symlinks from project import files. - Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character. ## 9.4.3 (2017-07-31) - Fix Prometheus client PID reuse bug. !13130 - Improve deploy environment chatops slash command. !13150 - Fix asynchronous javascript paths when GitLab is installed under a relative URL. !13165 - Fix LDAP authentication to Git repository or container registry. - Fixed new navigation breadcrumb title on help pages. - Ensure filesystem metrics test files are deleted. - Properly affixes nav bar in job view in microsoft edge. ## 9.4.2 (2017-07-28) - Fix job merge request link to a forked source project. !12965 - Improve redirect route query performance. !13062 - Allow admin to read_users_list even if it's restricted. !13066 - Fixes 500 error caused by pending delete projects in admin dashboard. !13067 - Add instrumentation to MarkupHelper#link_to_gfm. !13069 - Pending delete projects should not show in deploy keys. !13088 - Fix sizing of custom header logo in new navigation. - Fix crash on /help/ui. - Fix creating merge request diffs when diff contains bytes that are invalid in UTF-8. - fix vertical alignment of New Project button. - Add LDAP SSL certificate verification option. - Fix vertical alignment in firefox and safari for pipeline mini graph. ## 9.4.1 (2017-07-25) - Fix pipeline_schedules pages throwing error 500 (when ref is empty). !12983 - Fix editing project with container images present. !13028 - Fix some invalid entries in PO files. !13032 - Fix cross site request protection when logging in as a regular user when LDAP is enabled. !13049 - Fix bug causing metrics files to be truncated. !35420 - Fix anonymous access to public projects in groups with pending invites. - Fixed issue boards sidebar close icon size. - Fixed duplicate new milestone buttons when new navigation is turned on. - Fix margins in the mini graph for pipeline in commits box. ## 9.4.0 (2017-07-22) - Add blame view age mapping. !7198 (Jeff Stubler) - Add support for image and services configuration in .gitlab-ci.yml. !8578 - Fix an email parsing bug where brackets would be inserted in emails from some Outlook clients. !9045 (jneen) - Use fa-chevron-down on dropdown arrows for consistency. !9659 (TM Lee) - Update the devise mail templates to match the design of the pipeline emails. !10483 (Alexis Reigel) - Handle renamed submodules in repository browser. !10798 (David Turner) - Display all current broadcast messages, not just the last one. !11113 (rickettm) - Fix CI/CD status in case there are only allowed to failed jobs in the pipeline. !11166 - Omit trailing / leading hyphens in CI_COMMIT_REF_SLUG variable to make it usable as a hostname. !11218 (Stefan Hanreich) - Moved "Members in a project" menu entry and path locations. !11560 - Additional Prometheus metrics support. !11712 - Rename all reserved paths that could have been created. !11713 - Move uploads from `uploads/system` to `uploads/-/system` to free up `system` as a group name. !11713 - Fix offline runner detection. !11751 (Alessio Caiazza) - Use authorize_update_pipeline_schedule in PipelineSchedulesController. !11846 - Rollback project repo move if there is an error in Projects::TransferService. !11877 - Help landing page customizations. !11878 (Robin Bobbitt) - Fixes "sign in / Register" active state underline misalignment. !11890 (Frank Sierra) - Honor the "Remember me" parameter for OAuth-based login. !11963 - Instruct user to use personal access token for Git over HTTP. !11986 (Robin Bobbitt) - Accept image for avatar in project API. !11988 (Ivan Chernov) - Supplement Simplified Chinese translation of Project Page & Repository Page. !11994 (Huang Tao) - Supplement Traditional Chinese in Hong Kong translation of Project Page & Repository Page. !11995 (Huang Tao) - Make the revision on the `/help` page clickable. !12016 - Display issue state in issue links section of merge request widget. !12021 - Enable support for webpack code-splitting by dynamically setting publicPath at runtime. !12032 - Replace PhantomJS with headless Chrome for karma test suite. !12036 - Prevent description change notes when toggling tasks. !12057 (Jared Deckard ) - Update QA Dockerfile to lock Chrome browser version. !12071 - Fix FIDO U2F for Opera browser. !12082 (Jakub Kramarz and Jonas Kalderstam) - Supplement Bulgarian translation of Project Page & Repository Page. !12083 (Lyubomir Vasilev) - Removes deleted_at and pending_delete occurrences in Project related queries. !12091 - Provide hint to create a personal access token for Git over HTTP. !12105 (Robin Bobbitt) - Display own user id in account settings page. !12141 (Riccardo Padovani) - Accept image for avatar in user API. !12143 (Ivan Chernov) - Disable fork button on project limit. !12145 (Ivan Chernov) - Added "created_after" and "created_before" params to issuables. !12151 (Kyle Bishop @kybishop) - Supplement Portuguese Brazil translation of Project Page & Repository Page. !12156 (Huang Tao) - Add review apps to usage metrics. !12185 - Adding French translations. !12200 (Erwan "Dremor" Georget) - Ensures default user limits when external user is unchecked. !12218 - Provide KUBECONFIG from KubernetesService for runners. !12223 - Filter archived project in API v3 only if param present. !12245 (Ivan Chernov) - Add explicit message when no runners on admin. !12266 (Takuya Noguchi) - Split pipelines as internal and external in the usage data. !12277 - Fix API Scoping. !12300 - Remove registry image delete button if user cant delete it. !12317 (Ivan Chernov) - Allow the feature flags to be enabled/disabled with more granularity. !12357 - Allow to enable the performance bar per user or Feature group. !12362 - Rename duplicated variables with the same key for projects. Add environment_scope column to variables and add unique constraint to make sure that no variables could be created with the same key within a project. !12363 - Add variables to pipelines schedules. !12372 - Add User#full_private_access? to check if user has access to all private groups & projects. !12373 - Change milestone endpoint for groups. !12374 (Takuya Noguchi) - Improve performance of the pipeline charts page. !12378 - Add option to run Gitaly on a remote server. !12381 - #20628 Enable implicit grant in GitLab as OAuth Provider. !12384 (Mateusz Pytel) - Replace 'snippets/snippets.feature' spinach with rspec. !12385 (Alexander Randa @randaalex) - Add Simplified Chinese translations of Commits Page. !12405 (Huang Tao) - Add Traditional Chinese in HongKong translations of Commits Page. !12406 (Huang Tao) - Add Traditional Chinese in Taiwan translations of Commits Page. !12407 (Huang Tao) - Add Portuguese Brazil translations of Commits Page. !12408 (Huang Tao) - Add French translations of Commits Page. !12409 (Huang Tao) - Add Esperanto translations of Commits Page. !12410 (Huang Tao) - Add Bulgarian translations of Commits Page. !12411 (Huang Tao) - Remove bin/ci/upgrade.rb as not working all. !12414 (Takuya Noguchi) - Store merge request ref_fetched status in the database. !12424 - Replace 'dashboard/merge_requests' spinach with rspec. !12440 (Alexander Randa (@randaalex)) - Add Esperanto translations for Cycle Analytics, Project, and Repository pages. !12442 (Huang Tao) - Allow unauthenticated access to the /api/v4/users API. !12445 - Drop GFM support for the title of Milestone/MergeRequest in template. !12451 (Takuya Noguchi) - Replace 'dashboard/todos' spinach with rspec. !12453 (Alexander Randa (@randaalex)) - Cache open issue and merge request counts for project tabs to speed up project pages. !12457 - Introduce cache policies for CI jobs. !12483 - Improve support for external issue references. !12485 - Fix errors caused by attempts to report already blocked or deleted users. !12502 (Horacio Bertorello) - Allow customize CI config path. !12509 (Keith Pope) - Supplement Traditional Chinese in Taiwan translation of Project Page & Repository Page. !12514 (Huang Tao) - Closes any open Autocomplete of the markdown editor when the form is closed. !12521 - Inserts exact matches of name, username and email to the top of the search list. !12525 - Use smaller min-width for dropdown-menu-nav only on mobile. !12528 (Takuya Noguchi) - Hide archived project labels from group issue tracker. !12547 (Horacio Bertorello) - Replace 'dashboard/new-project.feature' spinach with rspec. !12550 (Alexander Randa (@randaalex)) - Remove group modal like remove project modal (requires typing + confirmation). !12569 (Diego Souza) - Add Italian translation of Cycle Analytics Page & Project Page & Repository Page. !12578 (Huang Tao) - Add Group secret variables. !12582 - Update jobs page output to have a scrollable page. !12587 - Add user projects API. !12596 (Ivan Chernov) - Allow creation of files and directories with spaces through Web UI. !12608 - Improve members view on mobile. !12619 - Fixed the chart legend not being set correctly. !12628 - Add Italian translations of Commits Page. !12645 (Huang Tao) - Allow admins to disable all restricted visibility levels. !12649 - Allow admins to retrieve user agent details for an issue or snippet. !12655 - Update welcome page UX for new users. !12662 - N+1 problems on milestone page. !12670 (Takuya Noguchi) - Upgrade GitLab Workhorse to v2.3.0. !12676 - Remove option to disable Gitaly. !12677 - Improve the performance of the project list API. !12679 - Add creation time filters to user search API for admins. !12682 - Add Japanese translations for Cycle Analytics & Project pages & Repository pages & Commits pages & Pipeline Charts. !12693 (Huang Tao) - Undo adding the /reassign quick action. !12701 - Fix dashboard labels dropdown. !12708 - Username and password are no longer stripped from import url on mirror update. !12725 - Add Russian translations for Cycle Analytics & Project pages & Repository pages & Commits pages & Pipeline Charts. !12743 (Huang Tao) - Add Ukrainian translations for Cycle Analytics & Project pages & Repository pages & Commits pages & Pipeline Charts. !12744 (Huang Tao) - Prevent bad data being added to application settings when Redis is unavailable. !12750 - Do not show pipeline schedule button for non-member. !12757 (Takuya Noguchi) - Return `is_admin` attribute in the GET /user endpoint for admins. !12811 - Recover from renaming project that has container images. !12840 - Exact matches of username and email are now on top of the user search. !12868 - Use Ghost user for last_edited_by and merge_user when original user is deleted. !12933 - Fix docker tag reference routing constraints. !12961 - Optimize creation of commit API by using Repository#commit instead of Repository#commits. - Speed up used languages calculation on charts page. - Make loading new merge requests (those created after the 9.4 upgrade) faster. - Ensure participants for issues, merge requests, etc. are calculated correctly when sending notifications. - Handle nameless legacy jobs. - Bump Faraday and dependent OAuth2 gem version to support no_proxy variable. - Renders 404 if given project is not readable by the user on Todos dashboard. - Render CI statuses with warnings in orange. - Document the Delete Merged Branches functionality. - Add wells to admin dashboard overview to fix spacing problems. - Removes hover style for nodes that are either links or buttons in the pipeline graph. - more visual contrast in pagination widget. - Deprecate Healthcheck Access Token in favor of IP whitelist. - Drop GFM support for issuable title on milestone for consistency and performance. (Takuya Noguchi) - fix left & right padding on sidebar. - Cleanup minor UX issues in the performance dashboard. - Remove two columned layout from project member settings. - Make font size of contextual sub menu items 14px. - Fix vertical space in job details sidebar. - Fix alignment of controls in mr issuable list. - Add wip message to new navigation preference section. - Add group members counting and plan related data on namespaces API. - Fix spacing on runner buttons. - Remove uploads/appearance symlink. A leftover from a previous migration. - Change order of monospace fonts to fix bug on some linux distros. - Limit commit & snippets comments width. - Fixed dashboard milestone tabs not loading. - Detect if file that appears to be text in the first 1024 bytes is actually binary afer loading all data. - Fix inconsistent display of the "Browse files" button in the commit list. - Implement diff viewers. - Fix 'New merge request' button for users who don't have push access to canonical project. - Fix issues with non-UTF8 filenames by always fixing the encoding of tree and blob paths. - Show group name instead of path on group page. - Don't check if MailRoom is running on Omnibus. - Limit OpenGraph image size to 64x64. - Don't show auxiliary blob viewer for README when there is no wiki. - Strip trailing whitespace in relative submodule URL. - Update /target_branch slash command description to be more consistent. - Remove unnecessary top padding on group MR index. - Added printing_merge_requst_link_enabled to the API. (David Turner ) - Re-enable realtime for environments table. - Create responsive mobile view for pipelines table. - Adds realtime feature to job show view header and sidebar info. Updates UX. - Use color inputs for broadcast messages. - Center dropdown for mini graph. - Users can subscribe to group labels on the group labels page. - Add issuable-list class to shared mr/issue lists to fix new responsive layout design. - Rename "Slash commands" to "Quick actions" and deprecate "chat commands" in favor of "slash commands". - Don't mark empty MRs as merged on push to the target branch. - Improve issue rendering performance with lots of notes from other users. - Fixed overflow on mobile screens for the slash commands. - Fix an infinite loop when handling user-supplied regular expressions. - Fixed sidebar not collapsing on merge requests in mobile screens. - Speed up project removals by adding foreign keys with cascading deletes to various tables. - Fix mobile view of files view buttons. - Fixed dropdown filter input not focusing after transition. - Fixed GFM references not being included when updating issues inline. - Remove issues/merge requests drag n drop and sorting from milestone view. - Add native group milestones. - Fix API bug accepting wrong parameter to create merge request. - Clean up UI of issuable lists and make more responsive. - Improve the overall UX for the new monitoring dashboard. - Fixed the y_label not setting correctly for each graph on the monitoring dashboard. - Changed utilities imports from ~ to relative paths. - Remove unused space in sidebar todo toggle when not signed in. - Limit the width of the projects README text. - Add a simple mode to merge request API. - Make Project#ensure_repository force create a repo. - Use uploads/system directory for personal snippets. - Defer project destroys within a namespace in Groups::DestroyService#async_execute. - Log rescued exceptions to Sentry. - Remove remaining N+1 queries in merge requests API with emojis and labels. ## 9.3.11 (2017-09-06) - [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller) - [SECURITY] Prevent a persistent XSS in the commit author block. - Improve support for external issue references. !12485 - Use uploads/system directory for personal snippets. - Remove uploads/appearance symlink. A leftover from a previous migration. - Fix XSS issue in go-get handling. - Remove hidden symlinks from project import files. - Fix an infinite loop when handling user-supplied regular expressions. - Fixes race condition in project uploads. - Fixes race condition in project uploads. - Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character. - Disallow arbitrary properties in `th` and `td` `style` attributes. - Resolve CSRF token leakage via pathname manipulation on environments page. - Disallow the `name` attribute on all user-provided markup. - Renders 404 if given project is not readable by the user on Todos dashboard. ## 9.3.10 (2017-08-09) - Remove hidden symlinks from project import files. - Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character. ## 9.3.9 (2017-07-20) - Fix an infinite loop when handling user-supplied regular expressions. ## 9.3.8 (2017-07-19) - Improve support for external issue references. !12485 - Renders 404 if given project is not readable by the user on Todos dashboard. - Use uploads/system directory for personal snippets. - Remove uploads/appearance symlink. A leftover from a previous migration. ## 9.3.7 (2017-07-18) - Prevent bad data being added to application settings when Redis is unavailable. !12750 - Return `is_admin` attribute in the GET /user endpoint for admins. !12811 ## 9.3.6 (2017-07-12) - Fix API Scoping. !12300 - Username and password are no longer stripped from import url on mirror update. !12725 - Fix issues with non-UTF8 filenames by always fixing the encoding of tree and blob paths. - Fixed GFM references not being included when updating issues inline. ## 9.3.5 (2017-07-05) - Remove "Remove from board" button from backlog and closed list. !12430 - Do not delete protected branches when deleting all merged branches. !12624 - Set default for Remove source branch to false. - Prevent accidental deletion of protected MR source branch by repeating checks before actual deletion. - Expires full_path cache after a repository is renamed/transferred. ## 9.3.4 (2017-07-03) - Update gitlab-shell to 5.1.1 !12615 ## 9.3.3 (2017-06-30) - Fix head pipeline stored in merge request for external pipelines. !12478 - Bring back branches badge to main project page. !12548 - Fix diff of requirements.txt file by not matching newlines as part of package names. - Perform housekeeping only when an import of a fresh project is completed. - Fixed issue boards closed list not showing all closed issues. - Fixed multi-line markdown tooltip buttons in issue edit form. ## 9.3.2 (2017-06-27) - API: Fix optional arguments for POST :id/variables. !12474 - Bump premailer-rails gem to 1.9.7 and its dependencies to prevent network retrieval of assets. ## 9.3.1 (2017-06-26) - Fix reversed breadcrumb order for nested groups. !12322 - Fix 500 when failing to create private group. !12394 - Fix linking to line number on side-by-side diff creating empty discussion box. - Don't match tilde and exclamation mark as part of requirements.txt package name. - Perform project housekeeping after importing projects. - Fixed ctrl+enter not submit issue edit form. ## 9.3.0 (2017-06-22) - Refactored gitlab:app:check into SystemCheck liberary and improve some checks. !9173 - Add an ability to cancel attaching file and redesign attaching files UI. !9431 (blackst0ne) - Add Aliyun OSS as the backup storage provider. !9721 (Yuanfei Zhu) - Add support for find_local_branches GRPC from Gitaly. !10059 - Allow manual bypass of auto_sign_in_with_provider with a new param. !10187 (Maxime Besson) - Redirect to user's keys index instead of user's index after a key is deleted in the admin. !10227 (Cyril Jouve) - Changed Blame to Annotate in the UI to promote blameless culture. !10378 (Ilya Vassilevsky) - Implement ability to update deploy keys. !10383 (Alexander Randa) - Allow numeric values in gitlab-ci.yml. !10607 (blackst0ne) - Add a feature test for Unicode trace. !10736 (dosuken123) - Notes: Warning message should go away once resolved. !10823 (Jacopo Beschi @jacopo-beschi) - Project authorizations are calculated much faster when using PostgreSQL, and nested groups support for MySQL has been removed . !10885 - Fix long urls in the title of commit. !10938 (Alexander Randa) - Update gem sidekiq-cron from 0.4.4 to 0.6.0 and rufus-scheduler from 3.1.10 to 3.4.0. !10976 (dosuken123) - Use relative paths for group/project/user avatars. !11001 (blackst0ne) - Enable cancelling non-HEAD pending pipelines by default for all projects. !11023 - Implement web hook logging. !11027 (Alexander Randa) - Add indices for auto_canceled_by_id for ci_pipelines and ci_builds on PostgreSQL. !11034 - Add post-deploy migration to clean up projects in `pending_delete` state. !11044 - Limit User's trackable attributes, like `current_sign_in_at`, to update at most once/hour. !11053 - Disallow multiple selections for Milestone dropdown. !11084 - Link to commit author user page from pipelines. !11100 - Fix the last coverage in trace log should be extracted. !11128 (dosuken123) - Remove redirect for old issue url containing id instead of iid. !11135 (blackst0ne) - Backported new SystemHook event: `repository_update`. !11140 - Keep input data after creating a tag that already exists. !11155 - Fix support for external CI services. !11176 - Translate backend for Project & Repository pages. !11183 - Fix LaTeX formatting for AsciiDoc wiki. !11212 - Add foreign key for pipeline schedule owner. !11233 - Print Go version in rake gitlab:env:info. !11241 - Include the blob content when printing a blob page. !11247 - Sync email address from specified omniauth provider. !11268 (Robin Bobbitt) - Disable reference prefixes in notes for Snippets. !11278 - Rename build_events to job_events. !11287 - Add API support for pipeline schedule. !11307 (dosuken123) - Use route.cache_key for project list cache key. !11325 - Make environment table realtime. !11333 - Cache npm modules between pipelines with yarn to speed up setup-test-env. !11343 - Allow GitLab instance to start when InfluxDB hostname cannot be resolved. !11356 - Add ConvDev Index page to admin area. !11377 - Fix Git-over-HTTP error statuses and improve error messages. !11398 - Renamed users 'Audit Log'' to 'Authentication Log'. !11400 - Style people in issuable search bar. !11402 - Change /builds in the URL to /-/jobs. Backward URLs were also added. !11407 - Update password field label while editing service settings. !11431 - Add an optional performance bar to view performance metrics for the current page. !11439 - Update task_list to version 2.0.0. !11525 (Jared Deckard ) - Avoid resource intensive login checks if password is not provided. !11537 (Horatiu Eugen Vlad) - Allow numeric pages domain. !11550 - Exclude manual actions when checking if pipeline can be canceled. !11562 - Add server uptime to System Info page in admin dashboard. !11590 (Justin Boltz) - Simplify testing and saving service integrations. !11599 - Fixed handling of the `can_push` attribute in the v3 deploy_keys api. !11607 (Richard Clamp) - Improve user experience around slash commands in instant comments. !11612 - Show current user immediately in issuable filters. !11630 - Add extra context-sensitive functionality for the top right menu button. !11632 - Reorder Issue action buttons in order of usability. !11642 - Expose atom links with an RSS token instead of using the private token. !11647 (Alexis Reigel) - Respect merge, instead of push, permissions for protected actions. !11648 - Job details page update real time. !11651 - Improve performance of ProjectFinder used in /projects API endpoint. !11666 - Remove redundant data-turbolink attributes from links. !11672 (blackst0ne) - Minimum postgresql version is now 9.2. !11677 - Add protected variables which would only be passed to protected branches or protected tags. !11688 - Introduce optimistic locking support via optional parameter last_commit_sha on File Update API. !11694 (electroma) - Add $CI_ENVIRONMENT_URL to predefined variables for pipelines. !11695 - Simplify project repository settings page. !11698 - Fix pipeline_schedules pages throwing error 500. !11706 (dosuken123) - Add performance deltas between app deployments on Merge Request widget. !11730 - Add feature toggles and API endpoints for admins. !11747 - Replace 'starred_projects.feature' spinach test with an rspec analog. !11752 (blackst0ne) - Introduce an Events API. !11755 - Display Shared Runner status in Admin Dashboard. !11783 (Ivan Chernov) - Persist pipeline stages in the database. !11790 - Revert the feature that would include the current user's username in the HTTP clone URL. !11792 - Enable Gitaly by default in installations from source. !11796 - Use zopfli compression for frontend assets. !11798 - Add tag_list param to project api. !11799 (Ivan Chernov) - Add changelog for improved Registry description. !11816 - Automatically adjust project settings to match changes in project visibility. !11831 - Add slugify project path to CI environment variables. !11838 (Ivan Chernov) - Add all pipeline sources as special keywords to 'only' and 'except'. !11844 (Filip Krakowski) - Allow pulling of container images using personal access tokens. !11845 - Expose import_status in Projects API. !11851 (Robin Bobbitt) - Allow admins to delete users from the admin users page. !11852 - Allow users to be hard-deleted from the API. !11853 - Fix hard-deleting users when they have authored issues. !11855 - Fix missing optional path parameter in "Create project for user" API. !11868 - Allow users to be hard-deleted from the admin panel. !11874 - Add a Rake task to aid in rotating otp_key_base. !11881 - Fix submodule link to then project under subgroup. !11906 - Fix binary encoding error on MR diffs. !11929 - Limit non-administrators to adding 100 members at a time to groups and projects. !11940 - add bulgarian translation of cycle analytics page to I18N. !11958 (Lyubomir Vasilev) - Make backup task to continue on corrupt repositories. !11962 - Fix incorrect ETag cache key when relative instance URL is used. !11964 - Reinstate is_admin flag in users api when authenticated user is an admin. !12211 (rickettm) - Fix edit button for deploy keys available from other projects. !12301 (Alexander Randa) - Fix passing CI_ENVIRONMENT_NAME and CI_ENVIRONMENT_SLUG for CI_ENVIRONMENT_URL. !12344 - Disable environment list refresh due to bug https://gitlab.com/gitlab-org/gitlab/issues/2677. !12347 - Standardize timeline note margins across different viewport sizes. !12364 - Fix Ordered Task List Items. !31483 (Jared Deckard ) - Upgrade dependency to Go 1.8.3. !31943 - Add prometheus metrics on pipeline creation. - Fix etag route not being a match for environments. - Sort folder for environments. - Support descriptions for snippets. - Hide clone panel and file list when user is only a guest. (James Clark) - Don’t create comment on JIRA if it already exists for the entity. - Update Dashboard Groups UI with better support for subgroups. - Confirm Project forking behaviour via the API. - Add prometheus based metrics collection to gitlab webapp. - Fix: Wiki is not searchable with Guest permissions. - Center all empty states. - Remove 'New issue' button when issues search returns no results. - Add API URL to JIRA settings. - animate adding issue to boards. - Update session cookie key name to be unique to instance in development. - Single click on filter to open filtered search dropdown. - Makes header information of pipeline show page realtine. - Creates a mediator for pipeline details vue in order to mount several vue apps with the same data. - Scope issue/merge request recent searches to project. - Increase individual diff collapse limit to 100 KB, and render limit to 200 KB. - Fix Pipelines table empty state - only render empty state if we receive 0 pipelines. - Make New environment empty state btn lowercase. - Removes duplicate environment variable in documentation. - Change links in issuable meta to black. - Fix border-bottom for project activity tab. - Adds new icon for CI skipped status. - Create equal padding for emoji. - Use briefcase icon for company in profile page. - Remove overflow from comment form for confidential issues and vertically aligns confidential issue icon. - Keep trailing newline when resolving conflicts by picking sides. - Fix /unsubscribe slash command creating extra todos when you were already mentioned in an issue. - Fix math rendering on blob pages. - Allow group reporters to manage group labels. - Use pre-wrap for commit messages to keep lists indented. - Count badges depend on translucent color to better adjust to different background colors and permission badges now feature a pill shaped design similar to labels. - Allow reporters to promote project labels to group labels. - Enabled keyboard shortcuts on artifacts pages. - Perform filtered search when state tab is changed. - Remove duplication for sharing projects with groups in project settings. - Change order of commits ahead and behind on divergence graph for branch list view. - Creates CI Header component for Pipelines and Jobs details pages. - Invalidate cache for issue and MR counters more granularly. - disable blocked manual actions. - Load tree readme asynchronously. - Display extra info about files on .gitlab-ci.yml, .gitlab/route-map.yml and LICENSE blob pages. - Fix replying to a commit discussion displayed in the context of an MR. - Consistently use monospace font for commit SHAs and branch and tag names. - Consistently display last push event widget. - Don't copy empty elements that were not selected on purpose as GFM. - Copy as GFM even when parts of other elements are selected. - Autolink package names in Gemfile. - Resolve N+1 query issue with discussions. - Don't match email addresses or foo@bar as user references. - Fix title of discussion jump button at top of page. - Don't return nil for missing objects from parser cache. - Make .gitmodules parsing more resilient to syntax errors. - Add username parameter to gravatar URL. - Autolink package names in more dependency files. - Return nil when looking up config for unknown LDAP provider. - Add system note with link to diff comparison when MR discussion becomes outdated. - Don't wrap pasted code when it's already inside code tags. - Revert 'New file from interface on existing branch'. - Show last commit for current tree on tree page. - Add documentation about adding foreign keys. - add username field to push webhook. (David Turner) - Rename CI/CD Pipelines to Pipelines in the project settings. - Make environment tables responsive. - Expand/collapse backlog & closed lists in issue boards. - Fix GitHub importer performance on branch existence check. - Fix counter cache for acts as taggable. - Github - Fix token interpolation when cloning wiki repository. - Fix token interpolation when setting the Github remote. - Fix N+1 queries for non-members in comment threads. - Fix terminals support for Kubernetes Service. - Fix: A diff comment on a change at last line of a file shows as two comments in discussion. - Instrument MergeRequestDiff#load_commits. - Introduce source to Pipeline entity. - Fixed create new label form in issue form not working for sub-group projects. - Fixed style on unsubscribe page. (Gustav Ernberg) - Enables inline editing for an issues title & description. - Ask for an example project for bug reports. - Add summary lines for collapsed details in the bug report template. - Prevent commits from upstream repositories to be re-processed by forks. - Avoid repeated queries for pipeline builds on merge requests. - Preloads head pipeline for merge request collection. - Handle head pipeline when creating merge requests. - Migrate artifacts to a new path. - Rescue OpenSSL::SSL::SSLError in JiraService & IssueTrackerService. - Repository browser: handle in-repository submodule urls. (David Turner) - Prevent project transfers if a new group is not selected. - Allow 'no one' as an option for allowed to merge on a procted branch. - Reduce time spent waiting for certain Sidekiq jobs to complete. - Refactor ProjectsFinder#init_collection to produce more efficient queries for retrieving projects. - Remove unused code and uses underscore. - Restricts search projects dropdown to group projects when group is selected. - Properly handle container registry redirects to fix metadata stored on a S3 backend. - Fix LFS timeouts when trying to save large files. - Set artifact working directory to be in the destination store to prevent unnecessary I/O. - Strip trailing whitespaces in submodule URLs. - Make sure reCAPTCHA configuration is loaded when spam checks are initiated. - Fix up arrow not editing last discussion comment. - Added application readiness endpoints to the monitoring health check admin view. - Use wait_for_requests for both ajax and Vue requests. - Cleanup ci_variables schema and table. - Remove foreigh key on ci_trigger_schedules only if it exists. - Allow translation of Pipeline Schedules. ## 9.2.10 (2017-08-09) - Remove hidden symlinks from project import files. - Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character. ## 9.2.9 (2017-07-20) - Fix an infinite loop when handling user-supplied regular expressions. ## 9.2.8 (2017-07-19) - Improve support for external issue references. !12485 - Renders 404 if given project is not readable by the user on Todos dashboard. - Fix incorrect project authorizations. - Remove uploads/appearance symlink. A leftover from a previous migration. ## 9.2.7 (2017-06-21) - Reinstate is_admin flag in users api when authenticated user is an admin. !12211 (rickettm) ## 9.2.6 (2017-06-16) - Fix the last coverage in trace log should be extracted. !11128 (dosuken123) - Respect merge, instead of push, permissions for protected actions. !11648 - Fix pipeline_schedules pages throwing error 500. !11706 (dosuken123) - Make backup task to continue on corrupt repositories. !11962 - Fix incorrect ETag cache key when relative instance URL is used. !11964 - Fix math rendering on blob pages. - Invalidate cache for issue and MR counters more granularly. - Fix terminals support for Kubernetes Service. - Fix LFS timeouts when trying to save large files. - Strip trailing whitespaces in submodule URLs. - Make sure reCAPTCHA configuration is loaded when spam checks are initiated. - Remove foreigh key on ci_trigger_schedules only if it exists. ## 9.2.5 (2017-06-07) - No changes. ## 9.2.4 (2017-06-02) - Fix visibility when referencing snippets. ## 9.2.3 (2017-05-31) - Move uploads from 'public/uploads' to 'public/uploads/system'. - Escapes html content before appending it to the DOM. - Restrict API X-Frame-Options to same origin. - Allow users autocomplete by author_id only for authenticated users. ## 9.2.2 (2017-05-25) - Fix issue where real time pipelines were not cached. !11615 - Make all notes use equal padding. ## 9.2.1 (2017-05-23) - Fix placement of note emoji on hover. - Fix migration for older PostgreSQL versions. ## 9.2.0 (2017-05-22) - API: Filter merge requests by milestone and labels. (10924) - Reset New branch button when issue state changes. !5962 (winniehell) - Frontend prevent authored votes. !6260 (Barthc) - Change issues list in MR to natural sorting. !7110 (Jeff Stubler) - Add animations to all the dropdowns. !8419 - Add update time to project lists. !8514 (Jeff Stubler) - Remove view fragment caching for project READMEs. !8838 - API: Add parameters to allow filtering project pipelines. !9367 (dosuken123) - Database SSL support for backup script. !9715 (Guillaume Simon) - Fix UI inconsistency different files view (find file button missing). !9847 (TM Lee) - Display slash commands outcome when previewing Markdown. !10054 (Rares Sfirlogea) - Resolve "Add more tests for spec/controllers/projects/builds_controller_spec.rb". !10244 (dosuken123) - Add keyboard edit shotcut for wiki. !10245 (George Andrinopoulos) - Redirect old links after renaming a user/group/project. !10370 - Add system note on description change of issue/merge request. !10392 (blackst0ne) - Improve validation of namespace & project paths. !10413 - Add board_move slash command. !10433 (Alex Sanford) - Update all instances of the old loading icon. !10490 (Andrew Torres) - Implement protected manual actions. !10494 - Implement search by extern_uid in Users API. !10509 (Robin Bobbitt) - add support for .vue templates. !10517 - Only add newlines between multiple uploads. !10545 - Added balsamiq file viewer. !10564 - Remove unnecessary test helpers includes. !10567 (Jacopo Beschi @jacopo-beschi) - Add tooltip to header of Done board. !10574 (Andy Brown) - Fix redundant cache expiration in Repository. !10575 (blackst0ne) - Add hashie-forbidden_attributes gem. !10579 (Andy Brown) - Add spec for schema.rb. !10580 (blackst0ne) - Keep webpack-dev-server process functional across branch changes. !10581 - Turns true value and false value database methods from instance to class methods. !10583 - Improve text on todo list when the todo action comes from yourself. !10594 (Jacopo Beschi @jacopo-beschi) - Replace rake cache:clear:db with an automatic mechanism. !10597 - Remove heading and trailing spaces from label's color and title. !10603 (blackst0ne) - Add webpack_bundle_tag helper to improve non-localhost GDK configurations. !10604 - Added quick-update (fade-in) animation to newly rendered notes. !10623 - Fix rendering emoji inside a string. !10647 (blackst0ne) - Dockerfiles templates are imported from gitlab.com/gitlab-org/Dockerfile. !10663 - Add support for i18n on Cycle Analytics page. !10669 - Allow OAuth clients to push code. !10677 - Add configurable timeout for git fetch and clone operations. !10697 - Move labels of search results from bottom to title. !10705 (dr) - Added build failures summary page for pipelines. !10719 - Expand/collapse button -> Change to make it look like a toggle. !10720 (Jacopo Beschi @jacopo-beschi) - Decrease ABC threshold to 57.08. !10724 (Rydkin Maxim) - Removed target blank from the metrics action inside the environments list. !10726 - Remove Repository#version method and tests. !10734 - Refactor Admin::GroupsController#members_update method and add some specs. !10735 - Refactor code that creates project/group members. !10735 - Add Slack slash command api to services documentation and rearrange order and cases. !10757 (TM Lee) - Disable test settings on chat notification services when repository is empty. !10759 - Add support for instantly updating comments. !10760 - Show checkmark on current assignee in assignee dropdown. !10767 - Remove pipeline controls for last deployment from Environment monitoring page. !10769 - Pipeline view updates in near real time. !10777 - Fetch pipeline status in batch from redis. !10785 - Add username to activity atom feed. !10802 (winniehell) - Support Markdown previews for personal snippets. !10810 - Implement ability to edit hooks. !10816 (Alexander Randa) - Allow admins to sudo to blocked users via the API. !10842 - Don't display the is_admin flag in most API responses. !10846 - Refactor add_users method for project and group. !10850 - Pipeline schedules got a new and improved UI. !10853 - Fix updating merge_when_build_succeeds via merge API endpoint. !10873 - Add index on ci_builds.user_id. !10874 (blackst0ne) - Improves test settings for chat notification services for empty projects. !10886 - Change Git commit command in Existing folder to git commit -m. !10900 (TM Lee) - Show group name on flash container when group is created from Admin area. !10905 - Make markdown tables thinner. !10909 (blackst0ne) - Ensure namespace owner is Master of project upon creation. !10910 - Updated CI status favicons to include the tanuki. !10923 - Decrease Cyclomatic Complexity threshold to 16. !10928 (Rydkin Maxim) - Replace header merge request icon. !10932 (blackst0ne) - Fix error on CI/CD Settings page related to invalid pipeline trigger. !10948 (dosuken123) - rickettm Add repo parameter to gitaly:install and workhorse:install rake tasks. !10979 (M. Ricketts) - Generate and handle a gl_repository param to pass around components. !10992 - Prevent 500 errors caused by testing the Prometheus service. !10994 - Disable navigation to Project-level pages configuration when Pages disabled. !11008 - Fix caching large snippet HTML content on MySQL databases. !11024 - Hide external environment URL button on terminal page if URL is not defined. !11029 - Always show the latest pipeline information in the commit box. !11038 - Fix misaligned buttons in wiki pages. !11043 - Colorize labels in search field. !11047 - Sort the network graph both by commit date and topographically. !11057 - Remove carriage returns from commit messages. !11077 - Add tooltips to user contribution graph key. !11138 - Add German translation for Cycle Analytics. !11161 - Fix skipped manual actions problem when processing the pipeline. !11164 - Fix cross referencing for private and internal projects. !11243 - Add state to MR widget that prevent merges when branch changes after page load. !11316 - Fixes the 500 when accessing customized appearance logos. !11479 (Alexis Reigel) - Implement Users::BuildService. !30349 (George Andrinopoulos) - Display comments for personal snippets. - Support comments for personal snippets. - Support uploaders for personal snippets comments. - Handle incoming emails from aliases correctly. - Re-rewrites pipeline graph in vue to support realtime data updates. - Add issues/:iid/closed_by api endpoint. (mhasbini) - Disallow merge requests from fork when source project have disabled merge requests. (mhasbini) - Improved UX on project members settings view. - Clear emoji search in awards menu after picking emoji. - Cleanup markdown spacing. - Separate CE params on Grape API. - Allow to create new branch and empty WIP merge request from issue page. - Prevent people from creating branches if they don't have persmission to push. - Redesign auth 422 page. - 29595 Update callout design. - Detect already enabled DeployKeys in EnableDeployKeyService. - Add transparent top-border to the hover state of done todos. - Refactor all CI vue badges to use the same vue component. - Update note edits in real-time. - Add button to delete filters from filtered search bar. - Added profile name to user dropdown. - Display GitLab Pages status in Admin Dashboard. - Fix label creation from issuable for subgroup projects. - Vertically align mini pipeline stage container. - prevent nav tabs from wrapping to new line. - Fix environments vue architecture to match documentation. - Enforce project features when searching blobs and wikis. - fix inline diff copy in firefox. - Note Ghost user and refer to user deletion documentation. - Expose project statistics on single requests via the API. - Job dropdown of pipeline mini graph updates in realtime when its opened. - Add default margin-top to user request table on project members page. - Add tooltips to note action buttons. - Remove `#` being added on commit sha in MR widget. - Remove spinner from loading comment. - Fixes an issue preventing screen readers from reading some icons. - Load milestone tabs asynchronously to increase initial load performance. - [BB Importer] Save the error trace and the whole raw document to debug problems easier. - Fixed branches dropdown rendering branch names as HTML. - Make Asciidoc & other markup go through pipeline to prevent XSS. - Validate URLs in markdown using URI to detect the host correctly. - Side-by-side view in commits correcly expands full window width. - Deploy keys load are loaded async. - Fixed spacing of discussion submit buttons. - Add hostname to usage ping. - Allow usage ping to be disabled completely in gitlab.yml. - Add artifact file page that uses the blob viewer. - Add breadcrumb, build header and pipelines submenu to artifacts browser. - Show Raw button as Download for binary files. - Add Source/Rendered switch to blobs for SVG, Markdown, Asciidoc and other text files that can be rendered. - Catch all URI errors in ExternalLinkFilter. - Allow commenting on older versions of the diff and comparisons between diff versions. - Paste a copied MR source branch name as code when pasted into a GFM form. - Fix commenting on an existing discussion on an unchanged line that is no longer in the diff. - Link to outdated diff in older MR version from outdated diff discussion. - Bump Sidekiq to 5.0.0. - Use blob viewers for snippets. - Add download button to project snippets. - Display video blobs in-line like images. - Gracefully handle failures for incoming emails which do not match on the To header, and have no References header. - Added title to award emoji buttons. - Fixed alignment of empty task list items. - Removed the target=_blank from the monitoring component to prevent opening a new tab. - Fix new admin integrations not taking effect on existing projects. - Prevent further repository corruption when resolving conflicts from a fork where both the fork and upstream projects require housekeeping. - Add missing project attributes to Import/Export. - Remove N+1 queries in processing MR references. - Fixed wrong method call on notify_post_receive. (Luigi Leoni) - Fixed search terms not correctly highlighting. - Refactored the anchor tag to remove the trailing space in the target branch. - Prevent user profile tabs to display raw json when going back and forward in browser history. - Add index to webhooks type column. - Change line-height on build-header so elements don't overlap. (Dino Maric) - Fix dead link to GDK on the README page. (Dino Maric) - Fixued preview shortcut focusing wrong preview tab. - Issue assignees are now removed without loading unnecessary data into memory. - Refactor backup/restore docs. - Fixed group issues assignee dropdown loading all users. - Fix for XSS in project import view caused by Hamlit filter usage. - Fixed avatar not display on issue boards when Gravatar is disabled. - Fixed create new label form in issue boards sidebar. - Add realtime descriptions to issue show pages. - Issue API change: assignee_id parameter and assignee object in a response have been deprecated. - Fixed bug where merge request JSON would be displayed. - Fixed Prometheus monitoring graphs not showing empty states in certain scenarios. - Removed the milestone references from the milestone views. - Show sizes correctly in merge requests when diffs overflow. - Fix notify_only_default_branch check for Slack service. - Make the `gitlab:gitlab_shell:check` task check that the repositories storage path are owned by the `root` group. - Optimise pipelines.json endpoint. - Pass docsUrl to pipeline schedules callout component. - Fixed alignment of CI icon in issues related branches. - Set the issuable sidebar to remain closed for mobile devices. - Sanitize submodule URLs before linking to them in the file tree view. - Upgrade Sidekiq to 4.2.10. - Cache Routable#full_path in RequestStore to reduce duplicate route loads. - Refactor snippets finder & dont return internal snippets for external users. - Fix snippets visibility for show action - external users can not see internal snippets. - Store retried in database for CI Builds. - repository browser: handle submodule urls that don't end with .git. (David Turner) - Fixed tags sort from defaulting to empty. - Do not show private groups on subgroups page if user doesn't have access to. - Make MR link in build sidebar bold. - Unassign all Issues and Merge Requests when member leaves a team. - Fix preemptive scroll bar on user activity calendar. - Pipeline chat notifications convert seconds to minutes and hours. ## 9.1.10 (2017-08-09) - Remove hidden symlinks from project import files. - Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character. ## 9.1.9 (2017-07-20) - Fix an infinite loop when handling user-supplied regular expressions. ## 9.1.8 (2017-07-19) - Improve support for external issue references. !12485 - Renders 404 if given project is not readable by the user on Todos dashboard. - Fix incorrect project authorizations. - Remove uploads/appearance symlink. A leftover from a previous migration. ## 9.1.7 (2017-06-07) - No changes. ## 9.1.6 (2017-06-02) - Fix visibility when referencing snippets. ## 9.1.5 (2017-05-31) - Move uploads from 'public/uploads' to 'public/uploads/system'. - Restrict API X-Frame-Options to same origin. - Allow users autocomplete by author_id only for authenticated users. ## 9.1.4 (2017-05-12) - Fix error on CI/CD Settings page related to invalid pipeline trigger. !10948 (dosuken123) - Sort the network graph both by commit date and topographically. !11057 - Fix cross referencing for private and internal projects. !11243 - Handle incoming emails from aliases correctly. - Gracefully handle failures for incoming emails which do not match on the To header, and have no References header. - Add missing project attributes to Import/Export. - Fixed search terms not correctly highlighting. - Fixed bug where merge request JSON would be displayed. ## 9.1.3 (2017-05-05) - Do not show private groups on subgroups page if user doesn't have access to. - Enforce project features when searching blobs and wikis. - Fixed branches dropdown rendering branch names as HTML. - Make Asciidoc & other markup go through pipeline to prevent XSS. - Validate URLs in markdown using URI to detect the host correctly. - Fix for XSS in project import view caused by Hamlit filter usage. - Sanitize submodule URLs before linking to them in the file tree view. - Refactor snippets finder & dont return internal snippets for external users. - Fix snippets visibility for show action - external users can not see internal snippets. ## 9.1.2 (2017-05-01) - Add index on ci_runners.contacted_at. !10876 (blackst0ne) - Fix pipeline events description for Slack and Mattermost integration. !10908 - Fixed milestone sidebar showing incorrect number of MRs when collapsed. !10933 - Fix ordering of commits in the network graph. !10936 - Ensure the chat notifications service properly saves the "Notify only default branch" setting. !10959 - Lazily sets UUID in ApplicationSetting for new installations. - Skip validation when creating internal (ghost, service desk) users. - Use GitLab Pages v0.4.1. ## 9.1.1 (2017-04-26) - Add a transaction around move_issues_to_ghost_user. !10465 - Properly expire cache for all MRs of a pipeline. !10770 - Add sub-nav for Project Integration Services edit page. !10813 - Fix missing duration for blocked pipelines. !10856 - Fix lastest commit status text on main project page. !10863 - Add index on ci_builds.updated_at. !10870 (blackst0ne) - Fix 500 error due to trying to show issues from pending deleting projects. !10906 - Ensures that OAuth/LDAP/SAML users don't need to be confirmed. - Ensure replying to an individual note by email creates a note with its own discussion ID. - Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled. - Fix usage ping docs link from empty cohorts page. - Eliminate N+1 queries in loading namespaces for every issuable in milestones. ## 9.1.0 (2017-04-22) - Add Jupyter notebook rendering !10017 - Added merge requests empty state. !7342 - Add option to start a new resolvable discussion in an MR. !7527 - Hide form inputs for group member without editing rights. !7816 - Create a new issue for a single discussion in a Merge Request. !8266 (Bob Van Landuyt) - Adding non_archived scope for counting projects. !8305 (Naveen Kumar) - Don't show links to tag a commit for users that are not permitted. !8407 - New file from interface on existing branch. !8427 (Jacopo Beschi @jacopo-beschi) - Strip reference prefixes on branch creation. !8498 (Matthieu Tardy) - Support 2FA requirement per-group. !8763 (Markus Koller) - Add Undo to Todos in the Done tab. !8782 (Jacopo Beschi @jacopo-beschi) - Shows 'Go Back' link only when browser history is available. !9017 - Implement user create service. !9220 (George Andrinopoulos) - Incorporate Gitaly client for refs service. !9291 - Cancel pending pipelines if commits not HEAD. !9362 (Rydkin Maxim) - Add indication for closed or merged issuables in GFM. !9462 (Adam Buckland) - Periodically clean up temporary upload files to recover storage space. !9466 (blackst0ne) - Use toggle button to expand / collapse mulit-nested groups. !9501 - Fixes dismissable error close is not visible enough. !9516 - Fixes an issue in the new merge request form, where a tag would be selected instead of a branch when they have the same names. !9535 (Weiqing Chu) - Expose CI/CD status API endpoints with Gitlab::Ci::Status facility on pipeline, job and merge request for favicon. !9561 (dosuken123) - Use Gitaly for CommitController#show. !9629 - Order milestone issues by position ascending in api. !9635 (George Andrinopoulos) - Convert Issue into ES6 class. !9636 (winniehell) - Link issuable reference to itself in meta-header. !9641 (mhasbini) - Add ability to disable Merge Request URL on push. !9663 (Alex Sanford) - ProjectsFinder should handle more options. !9682 (Jacopo Beschi @jacopo-beschi) - Fix create issue form buttons are misaligned on mobile. !9706 (TM Lee) - Labels support color names in backend. !9725 (Dongqing Hu) - Standardize on core-js for es2015 polyfills. !9749 - Fix GitHub Import deleting branches for open PRs from a fork. !9758 - Do not show LFS object when LFS is disabled. !9779 (Christopher Bartz) - Fix symlink icon in project tree. !9780 (mhasbini) - Fix bug when system hook for deploy key. !9796 (billy.lb) - Make authorized projects worker use a specific queue instead of the default one. !9813 - Simplify trigger_docs build job for CE and EE. !9820 (winniehell) - Add `aria-label` for feature status accessibility. !9830 - Add dashboard and group milestones count badges. !9836 (Alex Braha Stoll) - Use Gitaly for Repository#is_ancestor. !9864 - After copying a diff file or blob path, pasting it into a comment field will format it as Markdown. !9876 - Fix visibility level on new project page. !9885 (blackst0ne) - Fix xml.updated field in rss/atom feeds. !9889 (blackst0ne) - Add Undo mark all as done to Todos. !9890 (Jacopo Beschi @jacopo-beschi) - Add a name field to the group form. !9891 (Douglas Lovell) - Add custom attributes in factories. !9892 (George Andrinopoulos) - Resolve project pipeline status caching problem on dashboard. !9895 - Display error message when deleting tag in web UI fails. !9906 - Add quick submit for snippet forms. !9911 (blackst0ne) - New directory from interface on existing branch. !9921 (Jacopo Beschi @jacopo-beschi) - Removes UJS from pipelines tables. !9929 - Fix project title validation, prevent clicking on disabled button. !9931 - Show correct user & creation time in heading of the pipeline page. !9936 - Include time tracking attributes in webhooks payload. !9942 - Add `requirements: { id: /.+/ }` for all projects and groups namespaced API routes. !9944 - Improved UX for the environments metrics view. !9946 - Remove whitespace in group links. !9947 (Xurxo Méndez Pérez) - Adds Frontend Styleguide to documentation. !9961 - Add metadata to system notes. !9964 - When viewing old wiki page version, edit button should be disabled. !9966 (TM Lee) - Added labels array to the issue web hook returned object. !9972 - Upgrade VueJS to v2.2.4 and disable dev mode warnings. !9981 - Only add code coverage instrumentation when generating coverage report. !9987 - Fix Project Wiki update. !9990 (Dongqing Hu) - Fix trigger webhook for ref with a dot. !10001 (George Andrinopoulos) - Fix quick submit short-cut on preview tab for comments. !10002 - Add option to receive email notifications about your own activity. !10032 (Richard Macklin) - Rename 'All issues' to 'Open issues' in Add issues modal. !10042 (blackst0ne) - Disable pipeline and environment actions that are not playable. !10052 - Added clarification to the Jira integration documentation. !10066 (Matthew Bender) - Move milestone summary content into the sidebar. !10096 - Replace closing MR icon. !10103 (blackst0ne) - Add support for multi-level container image repository names. !10109 (André Guede) - Add ECMAScript polyfills for Symbol and Array.find. !10120 - Add tooltip to user's calendar activities. !10123 (Alex Argunov) - Resolve "Run CI/CD pipelines on a schedule" - "Basic backend implementation". !10133 (dosuken123) - Change hint on first row of filters dropdown to `Press Enter or click to search`. !10138 - Remove useless queries with false conditions (e.g 1=0). !10141 (mhasbini) - Show CI status as Favicon on Pipelines, Job and MR pages. !10144 - Update color palette to a more harmonious and consistent one. !10154 - Add tooltip and accessibility for profile cover buttons. !10182 - Change Done column to Closed in issue boards. !10198 (blackst0ne) - Add metrics button to environments overview page. !10234 - Force unlimited terminal size when checking processes via call to ps. !10246 (Sebastian Reitenbach) - Fix sub-nav highlighting for `Environments` and `Jobs` pages. !10254 - Drop support for correctly processing legacy pipelines. !10266 - Fix project creation failure due to race condition in namespace directory creation. !10268 (Robin Bobbitt) - Introduced error/empty states for the environments performance metrics. !10271 - Improve performance of GitHub importer for large repositories. !10273 - Introduce "polling_interval_multiplier" as application setting. !10280 - Prevent users from disconnecting GitLab account from CAS. !10282 - Clearly show who triggered the pipeline in email. !10283 - Make user mentions case-insensitive. !10285 (blackst0ne) - Update rugged to 0.25.1.1. !10286 (Elan Ruusamäe) - Handle parsing OpenBSD ps output properly to display sidekiq infos on admin->monitoring->background. !10303 (Sebastian Reitenbach) - Log errors during generating of GitLab Pages to debug log. !10335 (Danilo Bargen) - Update issue board cards design. !10353 - Tags can be protected, restricting creation of matching tags by user role. !10356 - Set GIT_TERMINAL_PROMPT env variable in initializer. !10372 - Remove index for users.current sign in at. !10401 (blackst0ne) - Include reopened MRs when searching for opened ones. !10407 - Integrates Microsoft Teams webhooks with GitLab. !10412 - Fix subgroup repository disappearance if group was moved. !10414 - Add /-/readiness /-/liveness and /-/metrics endpoints to track application health. !10416 - Changed capitalisation of buttons across GitLab. !10418 - Fix blob highlighting in search. !10420 - Add remove_concurrent_index to database helper. !10441 (blackst0ne) - Fix wiki commit message. !10464 (blackst0ne) - Deleting a user should not delete associated records. !10467 - Include endpoint in metrics for ETag caching middleware. !10495 - Change project view default for existing users and anonymous visitors to files+readme. !10498 - Hide header counters for issue/mr/todos if zero. !10506 - Remove the User#is_admin? method. !10520 (blackst0ne) - Removed Milestone#is_empty?. !10523 (Jacopo Beschi @jacopo-beschi) - Add UI for Trigger Schedule. !10533 (dosuken123) - Add foreign key for ci_trigger_requests on ci_triggers. !10537 - Upgrade webpack to v2.3.3 and webpack-dev-server to v2.4.2. !10552 - Bugfix: POST /projects/:id/hooks and PUT /projects/:id/hook/:hook_id no longer ignore the the job_events param in the V4 API. !10586 - Fix MR widget bug that merged a MR when Merge when pipeline succeeds was clicked via the dropdown. !10611 - Hide new subgroup button if user has no permission to create one. !10627 - Fix PlantUML integration in GFM. !10651 - Show sub-nav under Merge Requests when issue tracker is non-default. !10658 - Fix bad query for PostgreSQL showing merge requests list. !10666 - Fix invalid encoding when showing some traces. !10681 - Add lighter colors and fix existing light colors. !10690 - Fix another case where trace does not have proper encoding set. !10728 - Fix trace cannot be written due to encoding. !10758 - Replace builds_enabled with jobs_enabled in projects API v4. !10786 (winniehell) - Add retry to system hook worker. !10801 - Fix error when an issue reference has a pending deleting project. !10843 - Update permalink/blame buttons with line number fragment hash. - Limit line length for project home page. - Fix filtered search input width for IE. - Update wikis_controller.rb to use strong params. - Fix API group/issues default state filter. (Alexander Randa) - Prevent builds dropdown to close when the user clicks in a build. - Display all closed issues in “done” board list. - Remove no-new annotation from file_template_mediator.js. - Changed dropdown style slightly. - Change gfm textarea to use monospace font. - Prevent filtering issues by multiple Milestones or Authors. - Recent search history for issues. - Remove duplicated tokens in issuable search bar. - Adds empty and error state to pipelines. - Allow admin to view all namespaces. (George Andrinopoulos) - allow offset query parameter for infinite list pages. - Fix wrong message on starred projects filtering. (George Andrinopoulos) - Adds pipeline mini-graph to system information box in Commit View. - Remove confusing placeholder for JIRA transition_id. - Remove extra margin at bottom of todos page. - Add back expandable folder behavior. - Create todos only for new mentions. - Linking to blob edit page handles anonymous users and users without enough permissions to edit directly. - Fix projects_limit RangeError on user create. (Alexander Randa) - Add helpful icons to profile events. - Refactor dropdown_milestone_spec.rb. (George Andrinopoulos) - Fix alignment of resolve button. - Change label for name on sign up form. - Don’t show source project name when user does not have access. - Update toggle buttons to be