diff options
Diffstat (limited to 'changelogs/archive-11-ee.md')
| -rw-r--r-- | changelogs/archive-11-ee.md | 1731 |
1 files changed, 0 insertions, 1731 deletions
diff --git a/changelogs/archive-11-ee.md b/changelogs/archive-11-ee.md deleted file mode 100644 index a8459fc34ed..00000000000 --- a/changelogs/archive-11-ee.md +++ /dev/null @@ -1,1731 +0,0 @@ -## 11.11.8 - -- No changes. - -## 11.11.7 - -### Security (5 changes) - -- Don't override approval rules if not allowed. -- Grant admin note permissions in epics for maintainers and owners. -- Prevent an XSS vector in the add approver email. -- Ensure the Insights configuration project is part of the group and is accessible to the current user. -- Make vulnerability feedback invisible if limited access to repo. - - -## 11.11.4 (2019-06-26) - -### Fixed (1 change) - -- Use quarantine size to check push size against repository size limit. !14269 - - -## 11.11.3 (2019-06-10) - -### Fixed (1 change) - -- Fix create mr from vuln modal regression. !13524 - - -## 11.11.2 (2019-06-04) - -### Performance (1 change) - -- Geo - Does not apply selective sync restrictions while counting registries on the tracking database. !13257 - - -## 11.11.0 (2019-05-22) - -### Security (1 change) - -- Destroy project remote pull mirrors instead of disabling. !10355 - -### Fixed (26 changes) - -- Add missing endpoint for user information to GitHub API. !10482 -- Remove slack slash commands double up. !10555 -- Display Scoped Labels on Issue Board. !10669 -- Ensure custom group template feature is available only for groups on gold and silver. !10678 -- Fix removing and updating insights config, and foreign key constraints. !11030 -- Geo: Fix broken button to delete orphaned upload registries through Admin. !11156 -- Resolve: Epic labels in system notes point to the epic itself. !11234 -- Geo: Fix: Project sync failures usually double-increment *_retry_count. !11381 -- Fix unauthenticated GET of public Epics API. !11485 -- Hide ScopedBadge overflow notes. !11548 -- Fixes a CI failure in jest. !11586 -- Fix error when reordering/deleting subgroup epics. !11837 -- Fix some filter bar tokens not showing up when multiple assignees are enabled. !11939 -- Geo: Fix OAuth authentication with relative URLs. !11976 -- Fix for not being able to remove the last namespace/project from elasticsearch limited namespaces/projects. !11989 -- Fix approvals project settings section when merge requests disabled. !12070 -- Enable alert bot to use quick actions. !12127 -- Geo: Remove counts over geo_event_log table. !12146 -- Geo: Prevent RegistryFinder calls on the primary. !12183 -- Fix placement of LDAP icon in members list. !12304 -- Use path instead of a URL for accessing approval settings. !12414 -- Remove non-semantic use of `.row` in member listing controls. !12466 -- Force tag overwrite on mirror update. !12491 -- Fixes the feedback paths on the project security dashboard. !12849 -- Fixed starting a review on images. -- Fix updating board attributes through API. - -### Changed (13 changes) - -- Group SAML enforcement requires active SSO session for group access. !10034 -- Geo: Rename "Disable" to "Pause|Resume" (Admin > Geo Nodes). !10297 -- Upgrade group security dashboard to use gitlab-ui line chart. !10479 -- Geo - Implement selective sync support for the LFS objects FDW queries. !10757 -- Documentation : Improve selective sync documentation. !11072 -- Geo: Implement selective sync support for the FDW queries to count the number of attachments to sync. !11107 -- Allowing Elasticsearch indexing gap recovering. !11408 -- Geo - Implement selective sync support for the FDW queries to count attachments. !11518 -- Geo - Implement selective sync support for the FDW queries to find attachments. !11544 -- Geo - Add selective sync support for the job artifacts FDW queries. !11892 -- Fetch all available groups when creating MR approval rule. !12096 -- SSO enforcement requires active SAML session for web access to project resources. !12109 -- Perform LDAP group sync on sign in only for new users. - -### Performance (3 changes) - -- Swap conditions to reduce frequency of database query. !11217 -- Add index for mirror_user_id to projects table. !11422 -- Geo - Improve performance of the selective sync cleanup worker. !11998 - -### Added (27 changes, 2 of them are from the community) - -- Proxy websocket requests to build services. !9723 -- Add dependency proxy for containers. !9750 -- Added gitlab:elastic:projects_not_indexed rake task. !9854 (Jason Colyer) -- Added Snowplow tracking to notes. !10104 -- Support multiple assignees for merge requests. !10161 -- Add UI to enable/disable a dependency proxy on a group level. !10386 -- Let the GitLab Alert bot open incident issues. !10460 -- Remove feature flag `:incident_management`. !10569 -- Allow multiple secondary nodes behind a load balancer. !10755 -- Copy LFS objects from pull mirror. !10779 -- Geo: Inform users about current replication lag in the UI on secondaries. !10807 -- Autosave description in epics. !10844 -- Keep track of packages_file in ProjectStatistics. !11020 -- Adds a dismissal item to the vulnerability modal. !11028 -- Add project level config for merge train. !11065 -- Support pie charts in Insights. !11186 -- Create ActiveRecordModel and table for Merge Train feature. !11204 -- Allow adding GitLab license at installation time. !11244 -- Added ZAP Full Scan support for DAST. !11269 -- Add created_at and updated_at filters to Epics API. !11315 (jramsay) -- Add API to retrieve security vulnerabilities. !11539 -- Basic Rails implementation for BOM. !11613 -- Add Frontend Store and UI For Environments Dashboard MVC. !11702 -- Track clicks on uninstall button for kubernetes implementation. !12048 -- Add Vulnerabilities API scoping: severity, confidence, and dismissal. !12076 -- Alert users that protected environments affects feature flags. !12168 -- Support creating a new child epic from the API. - -### Other (8 changes, 1 of them is from the community) - -- Improve project settings page layout and UX. !10388 -- Uses the more explicit vulnerability feedback endpoints on the front end. !10461 -- Automatically enable multiple MR assignees feature flag. !10558 -- Move geo_log_cursor binary to the ee folder. !10821 -- Move sidekiq-cluster to ee/bin. !11001 -- Move ee-specific code from boards/components/issue_card_inner.vue. !11032 (Roman Rodionov) -- Make all billing cards fit in view. !11602 -- Extracted EE specific lines for spec/javascripts/vue_mr_widget/mock_data.js. !11847 - - -## 11.10.8 (2019-06-27) - -- No changes. -### Security (2 changes) - -- Gate MR head_pipeline behind read_pipeline ability. -- Do not allow localhost urls in GitHub Integration. - - -## 11.10.7 (2019-06-26) - -### Fixed (1 change) - -- Use quarantine size to check push size against repository size limit. !14271 - - -## 11.10.6 (2019-06-04) - -### Fixed (5 changes, 1 of them is from the community) - -- Fix removing and updating insights config, and foreign key constraints. !11030 -- Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng) -- Fix approvals project settings section when merge requests disabled. !12070 -- Use path instead of a URL for accessing approval settings. !12414 -- Fix relative url root issues with license management. !12488 - - -## 11.10.4 (2019-05-01) - -### Fixed (1 change, 1 of them is from the community) - -- Fix error retrieving licenses when relative URL in use. !11717 (Hiroyuki Sato) - -### Changed (1 change) - -- [Insights] Change the default weeks period limit to 12. !11498 - - -## 11.10.3 (2019-04-30) - -- No changes. - -## 11.10.2 (2019-04-25) - -### Security (1 change) - -- Handle race condition when creating an MR approval. - - -## 11.10.1 (2019-04-23) - -### Fixed (4 changes) - -- Fix approval rules when used with relative url root. !10819 -- Fix add/remove pipeline dashboard issue. !11029 -- Fix JWT token check when repository does not exist. !11033 -- Fix preventing approval of merge requests by an author. !11263 - -### Changed (2 changes) - -- Improve SAML settings with validation, design, and help text. !10450 -- Use a single color for the Insights time series bar charts. !11076 - - -## 11.10.0 (2019-04-22) - -### Security (3 changes) - -- Check label_ids parent when updating issue board. -- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary. -- Expose only basic group attributes in boards API. - -### Fixed (25 changes) - -- User Statistics in Admin Dashboard now a button. !8807 -- Fix misalignment of dropdowns in edit board modal of issue boards. !9909 -- Geo: Support archive recovery or streaming replication types in health check. !9935 -- Geo: Only display Geo-specific clone instructions button on a Geo Secondary node. !10007 -- Resolve Deletion of vulnerability-associated issuables prevents security report from loading. !10016 -- Elasticsearch API: Fix project_id showing as 0 for all blobs. A reindex will be required. !10020 -- Make editing the filters in the Group Security Dashboard easier. !10138 -- Geo - Reset the verification checksum after deployment refs are created. !10160 -- Search snippets via elasticsearch. !10325 -- Fixed bug preventing users from adding child epics with multiple children. !10331 -- Fix merge requests being added to Jira Development Panel. !10342 -- Fix authors of merge commits being excluded from approving an MR. !10359 -- Fix ChatOps Slack responder for gitlab.com. !10416 -- Fix sorting by priority with filtering by approvers. !10446 -- Make UpdateRepositoryStorageService idempotent. !10457 -- Fix broken links to protected environments on the CI/CD settings page. !10470 -- Notify owner that group is invalid when LDAP "Sync now" fails. !10509 -- Fix user agent string for Hosted Jira. !10545 -- Fix query used to calculate number of users over license. !10556 -- Fix pipeline bridge serialization error. !10565 -- Correct path to cluster health partial. !10638 -- Ensure Insights charts show all periods even if there are no data. !10733 -- Hide scoped labels help text without corresponding license. !10737 -- Fix merge request operation failure (e.g. assigning user) when project approvers required increases. !10766 -- Include subgroups when finding Insights issuables. !10801 - -### Changed (27 changes) - -- Move project search bar into modal dialog on Operations Dashboard page. !9260 -- Geo - Add selective sync support for the FDW queries to count synced registries. !9445 -- Geo - Add selective sync support for the FDW queries to count failed registries. !9527 -- Convert enable group authentication checkbox to toggle button. !9816 -- Geo: Limit max backoff time by 1 hour, instead of 7 days. !9893 -- Documented Guide to using Geo in HA with RDS cross-region replicas. !9985 -- Dynamically resize security group dashboard vuln graph. !10028 -- Add self approval of merge requests setting to merge requests approvals API. !10050 -- elasticsearch: Switch from LZ4 to DEFLATE compression. !10072 -- Geo - Store the invalid checksum when we have a mismatch. !10101 -- Add requested resources to cluster health metrics. !10135 -- Allow self-approvals in fallback approval rules. !10218 -- Geo - Add selective sync support for FDW queries to find verified registries. !10255 -- Add file line number to vuln modal. !10265 -- Geo - Add selective sync support for FDW queries to find registries where verification has failed. !10266 -- Enforce Geo JWT tokens scope for repository sync. !10303 -- Display link to review note in text email, similar to HTML email. !10401 -- Geo - Add selective sync support for the FDW queries to find mismatch registries. !10434 -- Geo - Add selective sync support for queries to find registries retrying verification. !10436 -- Geo - Add selective sync support for the FDW queries to find registries to verify. !10438 -- Improve DAST location fingerprints. !10487 -- Change order in dast location fingerprint. !10487 -- Geo: Add selective sync support for the FDW queries to find unsynced projects. !10522 -- Enrich container scanning with more data on the frontend. !10526 -- [Geo] Don't mark sync as successful if repo does not exist because of some problems. !10578 -- Move operations dashboard from Ultimate to Premium. !10586 -- Support multiple chart per page for Insights. - -### Performance (3 changes) - -- Avoid a Gitaly N+1 when loading commits for Elasticsearch search results. !9760 -- Geo: Optimize repository and wiki verification counts. !9939 -- Avoid N+1 when loading Code search results with Elasticsearch enabled. !10394 - -### Added (31 changes, 1 of them is from the community) - -- Add approval and unapproval webhooks. !8742 -- Adding pipelines to the operations dashboard. !9197 -- Add operations dashboard usage counts to usage data. !9291 -- Automatically deprovision and update users from a configured identity via SCIM. !9388 -- Add SCIM Token section to SAML SSO Settings. !9619 -- Use merge request MERGE ref for attached merge request pipelines. !9622 -- Geo: Support syncing over non-publicly accessible URLs. !9634 -- Prevent merge if the merge request pipeline is stale. !9643 -- Block possibility to change email for users with group managed account. !9712 -- Geo admin panel for upload verification. !9720 -- Geo: Create separate models for different registries. !9755 -- Add ability to purchase extra CI minutes. !9815 -- Update Web IDE config to accept ports. !9818 -- Allow per-project and per-group enabling of Elasticsearch indexing. !9861 -- Geo: Help admins diagnose configuration problems. !9988 -- Added MAVEN_CLI_OPTS env var support to License Management CI job. !10012 -- Show DAST vulnerabilities in the Group Security Dashboard. !10271 -- Show DAST in Group Security Dashboard Back-End. !10277 -- Removing pipeline dashboard feature flag. !10302 -- Update user name upon LDAP sync. !10316 (@icode1) -- Collect usage of pod logs feature. !10370 -- Added metrics reports widget to merge request page. !10380 -- IP whitelisting for Geo-enabling functionality in the primary. !10383 -- Persist in the URL the page and day range of vulnerabilities viewed in the Group Security Dashboard. !10402 -- Add 'Metrics' job artifact report type. !10452 -- Create a user via SCIM. !10456 -- Geo: Display secondary replication lag on console (if lag > 0 seconds). !10471 -- Add Roadmap to Epic page. !10488 -- Expose merge request pipeline parameters for MR widget. !10502 -- Allow instance admins to link all projects to Jira DVCS. !10541 -- Added mutually exclusive key value labels. - -### Other (4 changes) - -- Simplify admin instance licenses page. !9785 -- Extract EE specific files and externalize strings in admin application settings. !9930 -- Add specs for coerced labels parameter in Epics API. !9932 -- Improve project service desk settings. !10381 - - -## 11.9.12 (2019-05-30) - -### Security (3 changes, 1 of them is from the community) - -- Filter relative links in wiki for XSS. (kerrizor) -- Fix XSS in Ancestor tooltip title. -- Ignore out of range epic IDs. - - -## 11.9.10 (2019-04-26) - -### Security (1 change) - -- Handle race condition when creating an MR approval. - -### Fixed (1 change, 1 of them is from the community) - -- Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !11312 (wdmcheng) - - -## 11.9.9 (2019-04-23) - -### Fixed (1 change) - -- Fix approval rules when used with relative url root. !10819 - - -## 11.9.8 (2019-04-11) - -### Fixed (1 change) - -- Fix sorting by priority with filtering by approvers. !10446 - - -## 11.9.7 (2019-04-09) - -### Security (1 change) - -- Expose only basic group attributes in boards API. - - -## 11.9.6 (2019-04-04) - -### Fixed (3 changes) - -- Fix project approval rule with only private group being considered as approved when override is allowed. !10356 -- Fix approval rule sourcing from forked MR. !10474 -- Guard against ldap_sync_last_sync_at being nil. !10505 - -### Added (1 change) - -- Add Insights frontend to retrieve and render chart. !9856 - - -## 11.9.5 (2019-04-03) - -### Fixed (3 changes) - -- Fix project approval rule with only private group being considered as approved when override is allowed. !10356 -- Fix approval rule sourcing from forked MR. !10474 -- Guard against ldap_sync_last_sync_at being nil. !10505 - -### Added (1 change) - -- Add Insights frontend to retrieve and render chart. !9856 - - -## 11.9.3 (2019-03-27) - -### Security (1 change) - -- Check label_ids parent when updating issue board. - - -## 11.9.2 (2019-03-26) - -### Security (2 changes) - -- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary. -- Check label_ids parent when updating issue board. - - -## 11.9.1 (2019-03-25) - -### Fixed (1 change) - -- Fix date save for Epic to reflect on UI immediately after save. !10321 - - -## 11.9.0 (2019-03-22) - -### Security (4 changes) - -- Prevent Group SAML authorizing sign in without prior user approval. -- Respect group membership lock when importing a member from another group. -- Remove the possibility to share a project with a group that a user is not a member of. -- Prevent SAML access when disabled by group admin on GitLab.com. - -### Fixed (22 changes) - -- Allow assigning Prometheus alerts to multiple environments. !7361 -- Fix repo pushes while initial Elasticsearch indexing not permitting initial indexing to complete. !9478 -- Fix vulnerability occurrence scope to trailing 30 days. !9494 -- Skip whitelisted vulnerabilities in Container Scanning reports. !9528 -- Fix npm registry for yarn. !9599 -- Renders inline downstream & upstream pipelines. !9627 -- Prunes whole Geo event when there's only a primary. !9630 -- Fix alert notifications for non-public projects. !9636 -- Fix 500 error when visiting merged merge request. !9648 -- Allow plus symbol in maven package version. !9657 -- Show commands applied message when promoting issues to epics. !9669 -- Ensure comments from merge request review is displayed in the same order as user commenting order. !9684 -- Geo - Fix selective sync by namespace. !9732 -- Fix bridge jobs than can be hidden keys too. !9796 -- Fix approval-related UI showing up in free plan. !9819 -- Add 'No approvals required' view to approval rules (behind feature flag). !9899 -- Fix npm package install with a dot in the name. !9900 -- GroupSAML for GitLab.com prevents blank NameID. !9907 -- Fix protected environment initializer. !10150 -- Fix SSH pull mirrors not working. !10272 -- Fix HTML spew in Locked Files page. -- Fixes Broken new/edit feature flag form. - -### Changed (9 changes, 1 of them is from the community) - -- Remove authorization from /managed_licenses. !8541 -- Consider dismissed items in security reports summary. !9275 -- Add backend for cross-project pipeline dashboard MVC. !9396 -- Create merge request approval rule for each code owner entry. !9455 -- Split severity and confidence values for vulnerabilities. !9495 -- Enforce Geo JWT tokens scope for file uploads and Geo API. !9502 -- Update cluster health empty state. !9540 (George Tsiolis) -- Add extra graph spacing on the Security Dashboard Group Vulnerability Chart. !9780 -- Add Kerberos URL back to clone panel. !9840 - -### Performance (1 change) - -- Eliminate N+1 queries in Epics API. !9897 - -### Added (23 changes, 1 of them is from the community) - -- Enabled setting the Security Dashboard as a default view for groups. !7889 -- Add reordering of child epics. !9283 -- Create MR from Vulnerability Solution. !9326 -- Create pool repositories on Geo secondaries. !9428 -- Add date range for security dashboard graph. !9446 -- Add filtering merge requests by approvers. !9468 -- Add audit log for managing feature flags. !9487 -- Add DELETE package API endpoint. !9623 -- Enrich container scanning report. !9641 -- Adapt feedback for Container Scanning vulnerabilities. !9655 -- Enforce merge request approvals from code owners. !9656 -- Added vendored CI/CD template for Dependency Scanning job. !9660 -- Add Insights config behind the "group_insights" feature flag. !9665 -- Add single package API endpoint. !9667 -- Added GET /licenses and DELETE /license/:id endpoints. !9733 -- Add container scanning results to group security dashboard. !9736 -- Add an incident management settings form and create issues from alertmanager alerts. !9773 -- Add API for reordering child epics. !9781 -- Allow guests to comment on epics. !9783 -- Display Recent Boards in Board switcher. !9808 -- Add Ancestors in Epic Sidebar. !9817 -- Add vendored templates for SAST, DAST, Container Scanning and License Management job definitions. !9921 -- Add realtime validation for user fullname and username on validation. !25017 (Ehsan Abdulqader @EhsanZ) - -### Other (12 changes, 1 of them is from the community) - -- Use export-import svg from gitlab-svgs. !9453 -- Renames 'revert dismissal' to 'undo dismiss' on the Group security dashboard. !9500 -- Using positional arguments in request specs have been deprecated. !9506 (Jasper Maes) -- Splits the severity and confidence constants in the group security dashboard frontend. !9535 -- Add Gitlab.com gold trial callout to /billings. !9611 -- Update project settings section titles and info. !9614 -- Improve visual consistency of values in vulnerability modal. !9616 -- Limit Group Security Dashboard to selected types of report. !9626 -- Make related issues components reusable. !9730 -- sidekiq-cluster: put each sidekiq in a new pgroup. !9775 -- License Management: Load up to a 100 licenses per default. !9913 -- Adds documentation for autoremediation. !10054 - - -## 11.8.10 (2019-04-30) - -- No changes. - -## 11.8.3 (2019-03-19) - -- No changes. - -## 11.8.2 (2019-03-13) - -### Fixed (4 changes) - -- Fix 500 error when visiting merged merge request. !9648 -- Fix bridge jobs than can be hidden keys too. !9796 -- Fix approval-related UI showing up in free plan. !9819 -- Add 'No approvals required' view to approval rules (behind feature flag). !9899 - - -## 11.8.0 (2019-02-22) - -### Security (2 changes) - -- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !790 -- Hide personal access tokens from other maintainers. - -### Fixed (28 changes, 1 of them is from the community) - -- Add keyboard navigation to issue board switcher and remove duplicate scroll bar. !8591 -- Geo: Always update the default branch on the secondary. !9064 -- Fix public group milestones not shown in epics autocomplete. !9068 -- Check hosts file for nameserver IP. !9071 -- Fixes the icon for fixed vulnerability in Container Scanning report. !9120 -- Return 400 error instead of 500 when upload maven package with invalid version. !9125 -- Fix mirrors that have invalid SSH public auth mode set. !9135 -- Hide packages without version from UI. !9151 -- Remove duplicate "Operations Dashboard" header/breadcrumb. !9152 (Nathan Friend) -- Create UTC date in subscription table. !9166 -- Display epic icon in related epics list. !9166 -- Don't validate Jenkins username if password is blank. !9198 -- Don't show Alert widget for non-licensed users. !9224 -- Group security dashboard: Fix overflow for Vulnerabilities with long titles. !9271 -- Geo - Respect shard restriction while loading new resources to verify on the Geo secondary node. !9343 -- When cleaning up repositories, ensure orphaned entries do not remain in the tracking database. !9344 -- Geo - Make sure project does not meet selective sync rule before deleting it. !9345 -- Fix alert notification emails are not being sent. !9393 -- Fix alert notifications for managed Prometheus. !9402 -- Replacing old blob methods in ElasticSerach module. !9418 -- Add checks to prevent cycling hierarchy in epics structure. !9438 -- Fix bug where users could not be added in protected branch rules. !9474 -- Avoid SAML required_groups indiscriminately unblocking users on login. !9489 -- Resolve Cannot scroll forwards in time for roadmap view. !9530 -- Fix unleash server side cannot return feature flags. !9532 -- Show alerts settings only for manual configuration. !9538 -- Fix access to constant Gitlab::RepositorySizeError. !9579 -- Clear our import data credentials when adding new mirrors. !24339 - -### Deprecated (1 change) - -- Geo: Show hashed storage warnings on geo nodes page. !8433 - -### Changed (14 changes) - -- Prevent commit authors from self approvaling merge requests. !9007 -- Add docs link to explain legacy and new email format. !9020 -- Recursively expands upstream and downstream pipelines. !9073 -- Geo: Don't show external link icon on current node. !9130 -- Issues created from vulnerabilities are now confidential by default. !9157 -- Validate custom metrics. !9178 -- Change paginate number to 20. !9213 -- Convert buttons to button group on Group Security Dashboard. !9220 -- Make it possible to edit Geo primary through API. !9328 -- Geo: Handle repository and wiki sync separately in Geo::ProjectSyncWorker. !9360 -- Geo: Add settings page empty state. !9415 -- Renders New and Edit forms for feature flag in Vue and allow to define scopes. -- Improves title in feature flags empty states. -- Adds environment column to the feature flags page. - -### Performance (5 changes) - -- Solve a N+1 issue in Groups::AnalyticsController. !4508 -- Refactored Epic app in Vuex for better performance and maintenance. !9361 -- Optimize slow pipelines.js response. !9387 -- Disable commit checks when no push rules are active. !9569 -- Enable some frozen string in ee/lib. - -### Added (22 changes, 1 of them is from the community) - -- Elasticsearch: Support for Gitaly. !7434 -- Canary deployment callout on the environments page. !8457 -- Allow to filter notes in epics. !8978 -- Multiple blocking merge request approval rules (behind feature flag). !9001 -- Add support for auto-expanding Roadmap timeline on horizontal scroll. !9018 -- Added Snowplow tracking to issues import. !9067 -- Persist Group Level Security Dashboard state in URL. !9108 -- Multiple environments support for feature flags (Unleash API standpoint). !9110 -- Shows the approval given/required counts and its status for each MR when viewing the Merge Requests page. !9142 (Glavin Wiechert, Andy Steele) -- Support CURD operation for feature flag scopes. !9182 -- Add epic links API endpoints. !9188 -- Store DAST scan results in the database. !9192 -- Add LDAP integration to smartcard authentication. !9235 -- Allow SSO enforcement in group settings for GitLab.com. !9240 -- Add API endpoint for project packages. !9259 -- Add upvote/downvote information to epics API. !9264 -- Resolve Implement access controls when SSO enforcement enabled. !9270 -- Add package files API endpoint. !9305 -- Support alerts from external Prometheus servers. !9334 -- Cross-project pipelines support in .gitlab-ci.yml. !9374 -- Enable mails for external alerts. !9457 -- Moving repository across shards leaves the pool. - -### Other (13 changes, 7 of them are from the community) - -- Gather JIRA DVCS integration usage data. !8949 -- ActiveRecord::Migration -> ActiveRecord::Migration[5.0] for AddAlertManagerTokenToClustersApplicationPrometheus and EnqueuePrometheusUpdates. !9049 (Jasper Maes) -- Track navbar links in Snowplow. !9059 -- Adds snowplough tracking for the group security dashboard filters. !9119 -- Support Ajax endpoints for FeatureFlagsController. !9127 -- Fix deprecation: Passing an argument to force an association to reload is now deprecated. !9140 (Jasper Maes) -- Fix deprecation: #original_exception is deprecated. Use #cause instead. !9141 (Jasper Maes) -- Uses GLDropdown for licence management. !9237 -- Replace deprecated render text. !9346 (Jasper Maes) -- Fix several ActionController::Parameters deprecations. !9347 (Jasper Maes) -- Fix deprecation: uniq is deprecated and will be removed from Rails 5.1. !9348 (Jasper Maes) -- Turn on rubocop for frozen string in ee/. (gfyoung) -- Creates an EE component for the pipeline graph. - - -## 11.7.12 (2019-04-23) - -- No changes. - -## 11.7.11 (2019-04-09) - -### Security (1 change) - -- Expose only basic group attributes in boards API. - - -## 11.7.10 (2019-03-28) - -### Security (1 change) - -- Check label_ids parent when updating issue board. - - -## 11.7.8 (2019-03-26) - -### Security (2 changes) - -- Geo - Improve security while redirecting user back to the secondary after a logout & re-login via the primary. -- Check label_ids parent when updating issue board. - - -## 11.7.7 (2019-03-19) - -- No changes. - -## 11.7.5 (2019-02-05) - -### Fixed (2 changes) - -- Fix Kerberos authentication. !9390 -- Fix background migration error when project repository is missing. !9392 - - -## 11.7.2 (2019-01-29) - -### Security (6 changes) - -- Avoid leaking unauthorized approver group members. !766 -- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791 -- Check access rights when creating/updating ProtectedRefs. -- Fix locked file visibility issue for private repositories. -- Filter out non-project member approvers. -- Remove HTTP POST in JIRA OAuth access_token endpoint. - - -## 11.7.1 (2019-01-28) - -### Security (6 changes) - -- Avoid leaking unauthorized approver group members. !766 -- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !791 -- Check access rights when creating/updating ProtectedRefs. -- Fix locked file visibility issue for private repositories. -- Filter out non-project member approvers. -- Remove HTTP POST in JIRA OAuth access_token endpoint. - - -## 11.7.0 (2019-01-22) - -### Security (1 change) - -- Add a shared secret to prevent abuse of the alert endpoint. - -### Fixed (27 changes, 2 of them are from the community) - -- Defaults to feature flags link for Operations entry. !8622 -- Fix error on explore page when logged out due to gold trial callout. !8674 -- Prevents the empty state from showing when the dashboard errors. !8703 -- Allow matching only the repo-root for CODEOWNERS. !8708 -- Fix adding labels to epics using quick actions. !8772 -- Geo: Keep the minimum cursor last event. !8832 -- Reinstate sorting issuable by weight. !8834 -- Geo - Show the proper label for the last repository check run on Geo projects page. !8844 -- Resolve Reorder gitlab:elastic:index rake tasks to ensure wikis and database are completed even if projects error out. !8852 -- Remove dash on issue weight for unauthorized users. !8882 (George Tsiolis) -- Dismiss epic promotion and persist it across reloads. !8885 -- Fix JIRA Development Panel links with subgroups. !8908 -- Remove epic field in sidebar for projects without groups. !8919 -- Remove duplicate padding from issue board switcher. !8928 -- Resolve Ctrl+Enter immediately adds MR comment. !8932 -- Geo: Ignore invalid attributes when updating Geo node status. !8957 -- Fix border-radius for related issues. !8958 (Johann Hubert Sonntagbauer) -- Fix Security Dashboard Header font size. !9011 -- Fix title and description for issue created from a vulnerability. !9022 -- Pseudonymizer: Gracefully handle empty pseudo entries. !9044 -- Fix permission check when creating an issue from a vulnerability. !9055 -- Docfix - broken doc links for Secure/Autodevops features. !9058 -- Fix Error 500 when deleting a pipeline via the API. !9104 -- Uses project_id instead of project on the group security dashboard. !9109 -- Recursively get all of a groups projects. !9205 -- Fix data migration failure if approvals_before_merge is set to too high. !9217 -- Don't remove milestones when moving issues to board backlog from non-milestone list. - -### Changed (5 changes, 1 of them is from the community) - -- Update Geo nodes empty state. !8576 (George Tsiolis) -- Add search field to issue board switcher. !8862 -- Allow downloading package files from UI. !8888 -- Changes to the data model for counts on the Group Security Dashboard. !9035 -- Fix packages UI mentioned only Maven packages support. !9132 - -### Performance (2 changes, 1 of them is from the community) - -- Fix timeout loading Open list when board contains assignee lists. -- Enable some frozen string in ee/lib. (gfyoung) - -### Added (17 changes) - -- Add an instance-level endpoint for downloading maven packages. !8274 -- Add NPM registry support to GitLab packages. !8673 -- Store container scanning CI jobs results into the database. !8797 -- Add a group-level endpoint for downloading maven packages. !8798 -- Add Filtering vulnerabilities in the Group Security Dashboard. !8817 -- Allow to filter Feature Flags. !8821 -- Geo - Show last verification time on Geo projects page. !8845 -- Adds basic filtering to the Group Security Dashboard frontend. !8886 -- Autocomplete issues and MRs in epics. !8936 -- Adds project filtering to the GSD. !8944 -- Allow using TCP for DB load balancing DNS lookups. !8961 -- Add filtering for summary and history on security dashboard. !8972 -- Add solution card to the vulnerability modal. !9030 -- Allows the Group Security Dashboard to select multiple filters. !9031 -- Added Snowplow tracking to issues export. !9045 -- Add support for relationship between epics. !9051 -- Added pagination to epics API endpoint. - -### Other (13 changes, 3 of them are from the community) - -- Promote starting a GitLab.com Gold trial on the dashboard. !6947 -- Adds event tracking to navbar. !7787 -- Update tracing settings to match error tracking settings. !8786 -- Adapt subscriptions page for free plans and trials. !8838 -- Support for new SAST and dependency scanning report format. !8869 -- Remove deprecated ActionDispatch::ParamsParser. !8897 (Jasper Maes) -- Fix deprecation: Comparing equality between ActionController::Parameters and a Hash is deprecated. !8914 (Jasper Maes) -- Removes Notes from GitLab Pseudonymizer config. !8923 -- Add count of projects with tracing enabled to usage ping data. !8940 -- Adds dependency scanning to the report type filters on GSD. !9034 -- Fix deprecation: Using positional arguments in specs for EE spes in spec/. !9040 (Jasper Maes) -- Pass issuable-type in AddIssuableForm. !9111 -- Gather deepest epic relationship data. - - -## 11.6.11 (2019-04-23) - -- No changes. - -## 11.6.10 (2019-02-28) - -### Security (5 changes) - -- Remove the possibility to share a project with a group that a user is not a member of. -- Prevent Group SAML authorizing sign in without prior user approval. -- Prevent SAML access when disabled by group admin on GitLab.com. -- Respect group membership lock when importing a member from another group. -- Ignore out of range epic IDs. - - -## 11.6.9 (2019-02-04) - -- No changes. - -## 11.6.8 (2019-01-30) - -- No changes. - -## 11.6.5 (2019-01-17) - -### Fixed (1 change) - -- Fix Error 500 when deleting a pipeline via the API. !9104 - - -## 11.6.4 (2019-01-15) - -- No changes. - -## 11.6.3 (2019-01-04) - -### Fixed (1 change) - -- Fix instance project templates no longer working. !9019 - - -## 11.6.2 (2019-01-02) - -### Fixed (1 change) - -- Fix issue ID wrapping and avatar counter shrinking in Related Issues list. !8854 - - -## 11.6.1 (2018-12-28) - -### Security (1 change) - -- Add a shared secret to prevent abuse of the alert endpoint. - - -## 11.6.0 (2018-12-22) - -### Security (7 changes) - -- Switch from CBC to GCM for Geo logout tokens. !8518 -- Prevent reporter roles from viewing the Jaeger tracing settings page. -- Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues. -- Fix IDOR at /drafts/publish. -- Authorize users when listing board users and milestones. -- Resolve: Guest can set weight of a new issue. -- Fixes XSS with merge request approvers selection. - -### Fixed (27 changes, 2 of them are from the community) - -- Ensure that avatars in approvals have correct tooltip. !6269 -- Geo: Fix push to secondary over SSH for LFS. !8044 -- Don't show packages tab and settings for starter license. !8270 -- Makes the vulnerability name on the Group Security Dashboard a button for better A11y. !8341 -- Used the iid instead of the id for linked issues on the Group Security Dashboard. !8357 -- Show navigation line separator when instance etrics is disabled. !8379 (George Tsiolis) -- Fix project deploy key creation and deletion as admin. !8432 -- Changes initial state for disabled prometheus integrations. !8434 -- Fix a typo in Admin: intergration -> integration. !8444 (Vincent AUBERT) -- Geo: Moving registry deletion into the job that deletes the files and project record. !8480 -- Parameterize alerting rules with variables. !8481 -- Fix PostReceive failing for project mirrors missing local branch. !8495 -- Rails 5: Fix the check whether the database is in read-only mode. !8594 -- Raisl 5: Fix Gitlab::Database::LoadBalancing#caught_up? check. !8595 -- Renders upstream and downstream pipelines in the main pipeline graph. !8607 -- Fix issue board api with special milestones. !8653 -- fix pod dropdown not switching pod logs. !8660 -- Geo - Respect the next retry time when re-verifying failed repositories. !8661 -- Update elasticsearch system check to check for new supported versions. !8683 -- Handle null start or due dates for dates sourcing milestone in Epics. !8689 -- Fixed license managment path in MR widget for fork cases. !8700 -- Fix gitlab:geo:check rake task. !8714 -- Fix ability to choose shards for selective sync. !8717 -- Add Rails.version to the Geo cache keys. !8775 -- Support older NGINX version forwarding the client certificate for smartcard auth. !8784 -- Remove duplicated smartcard login button. !8793 -- Disable password autocomplete in mirror form fill. - -### Deprecated (1 change) - -- Deprecate non-hashed repository storage for Geo installations. !8739 - -### Changed (17 changes, 1 of them is from the community) - -- Adds Group SAML metadata endpoint. !5782 -- Group SAML SSO page warns when linking account. !8295 -- Change the delete custom metric alert. !8430 -- Replace weight icon. !8448 (George Tsiolis) -- Switch snowplows stateStorageStrategy to cookie. !8461 -- Move merge request approval settings. !8493 -- Geo: Constantly reverify repositories. !8550 -- Add file and line numbers to issues created from SAST vulnerabilities. !8578 -- Redesign MR header sections and approvals (EE). !8593 -- Add packages_enabled attribute to Projects API. !8604 -- Run geo check task from gitlab check. !8616 -- Change issue create weight dropdown to an input. !8648 -- Add epics state filtering in roadmap view. !8658 -- Users can unlink Group SAML from accounts page. !8682 -- Update casing in Built-in on project templates tab. !8688 -- Epic issue list and related issue list re-design. -- Add sort direction button with sort dropdown for Epics and Roadmap. - -### Performance (5 changes, 3 of them are from the community) - -- Remove partial index for projects on mirror and mirror_last_update_at. !8585 -- Enable some frozen string in ee/app. !8667 (gfyoung) -- Remove redundant indices for is_sample on push_rules and next_execution_timestamp on project_mirror_data. !8695 -- Enable some frozen string in ee/app. (gfyoung) -- Enable some frozen string in ee/app. (gfyoung) - -### Added (10 changes) - -- Add support for Group-level project templates. !6878 -- Added web terminals to Web IDE. !7386 -- Promote an Issue to an Epic using quick action. !8051 -- Smartcard authentication. !8120 -- Adds Security dashboard empty state. !8443 -- Add vulnerability history at group level. !8603 -- Adds group security dashboard metrics chart. !8631 -- Add milestones autocomplete for epics. !8632 -- Parse and store dependency scanning reports in database. !8642 -- Adds EE store to handle upstream & downstream pipelines. - -### Other (13 changes, 4 of them are from the community) - -- Add subscription table to GitLab.com billing areas. !7885 -- UX improvements for the group security dashboard. !8217 -- Restyles the dismissed vulnerabilities. !8401 -- Adds PHILOSOPHY.md and references GitLab Product Handbook. !8515 -- Make sidekiq-cluster play well with Sidekiq 5.2.2+. !8522 -- Rails5: Passing a class as a value in an Active Record query is deprecated. !8540 (Jasper Maes) -- render :nothing option is deprecated, Use head method to respond with empty response body. !8560 (Jasper Maes) -- Add help page link for licence management in CI/CD settings. !8561 (George Tsiolis) -- Re-orders the Group Security Dashboard. !8624 -- Move EE only differences for finders. !8629 (George Tsiolis) -- Add count of projects with at least one package to a usage ping data. !8641 -- Added recommendations for handling deleted documents in Elasticsearch. -- Use new information-o icon for Security Dashboard. - - -## 11.5.11 (2019-04-23) - -### Security (1 change) - -- Respect group membership lock when importing a member from another group. - - -## 11.5.8 (2019-01-28) - -### Security (6 changes) - -- Avoid leaking unauthorized approver group members. !766 -- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !793 -- Check access rights when creating/updating ProtectedRefs. -- Fix locked file visibility issue for private repositories. -- Filter out non-project member approvers. -- Remove HTTP POST in JIRA OAuth access_token endpoint. - - -## 11.5.5 (2018-12-20) - -- No changes. - -## 11.5.3 (2018-12-06) - -- No changes. - -## 11.5.2 (2018-12-03) - -### Fixed (2 changes) - -- Fix inability to scroll dashboard. !8459 -- Fix issues analytics query when ordering issues by priority. !8509 - - -## 11.5.1 (2018-11-26) - -### Security (6 changes) - -- Sanitize tracing external_urls before saving to DB and when displaying the URL to prevent XSS issues. -- Prevent reporter roles from viewing the Jaeger tracing settings page. -- Fix IDOR at /drafts/publish. -- Authorize users when listing board users and milestones. -- Resolve: Guest can set weight of a new issue. -- Fixes XSS with merge request approvers selection. - - -## 11.5.0 (2018-11-22) - -### Security (2 changes) - -- Escape entity title while autocomplete template rendering to prevent XSS. !696 -- Prevent templated services from being imported. - -### Removed (1 change) - -- Remove security report summary from pipelines view. !7844 - -### Fixed (25 changes, 3 of them are from the community) - -- Geo: Remove connectivity check from primary to secondary from gitlab:geo:check rake task. !7821 -- Include (closed) for closed epics in parsed text. !7946 -- Add new state to the cluster application vue app. !7954 -- Do not allow to assign an issue to an epic twice. !8004 -- [Geo] Fix: Deleting a project leaves orphaned LFS objects and CI Job artifacts around. !8031 -- Support `/client/features` Unleash endpoint. !8045 -- Fix button rendering in license management in FF. !8046 -- Geo: Handle orphaned Uploads records. !8054 -- Geo - Redirect user back to the secondary after a logout & re-login via the primary. !8157 -- Fix approver removal still being conducted even when "Cancel" is clicked in confirmation prompt. !8178 -- Link project short SHA to commit url. !8214 -- Update ops dashboard remove dropdown button. !8236 (George Tsiolis) -- Clear ops dashboard project search input on submit. !8239 (George Tsiolis) -- Fixes a dismissed vulnerability bug on the group security dashboard. !8343 -- Fixes missing fields on the group security dashboard. !8360 -- Fixes the view issue button in the Group Security Dashboard. !8385 -- Ops Dashboard should be available for public projects on GitLab.com. !8399 -- Update draft comments design to match new design. !8405 -- Change issues analytics breadcrumb. !8414 (George Tsiolis) -- Include classification label in project API. !8426 -- Fix Pod Log topbar position when perf bar is disabled. -- Always proxy reports downloads. -- Removes extra rigth margin from job page. -- Geo: Rails console message display primary/secondary state incorrectly. -- Disable Feature Flags and Packages if repository is disabled. - -### Changed (13 changes, 1 of them is from the community) - -- Add test button to Group SAML settings. !5622 -- Group SAML status badges on members page. !5807 -- Update related issues list styling to be more space efficient. !7784 -- Refactor test reports to use new artifact architecture. !7827 -- Add timeline icon for issue weights. !7847 (George Tsiolis) -- Added a search bar to `Admin > Geo > Projects`. !8079 -- Geo: Deprecate source installations instructions. !8134 -- Does not synchronize default branch for pull mirrors. !8138 -- Adds split error states for the group security dashboard. !8208 -- Geo: Improve read-only message in secondary nodes for actionable screens. !8238 -- Improve error messages for operations dashboard. !8244 -- Add documentation link to ops dashboard. !8296 -- Issue board card design. !21229 - -### Added (24 changes, 1 of them is from the community) - -- Group-level file templates. !7391 -- Adds group-level Security Dashboard counts. !7564 -- Parse SAST reports and store vulnerabilities in database. !7578 -- elasticsearch 6 support - migrate from parent/child relationships to join. !7618 -- Geo: Admin > Geo > Projects support for batch operations. !7806 -- Create system notes for epic close and reopen. !7850 -- Add Tracing landing and settings page. !7903 -- Add modals and actions to the vulnerabilities in the Group security dashboard. !7910 -- Assign code owner as approver. !7933 -- Enable previewing of draft review comments. !7936 -- Audit log: Add logging for project feature changes. !7962 -- Add project operations dashboard. !7973 -- Audit log: Add audit events for group setting changes. !7987 -- Add approve quick action. !7989 -- Show actual Milestone dates within tooltips for Milestones in Epics sidebar. !8048 -- Allow filtering by weight in issues API. !8140 (Heinrich Lee Yu) -- Filter epics by state in API. !8179 -- Support epics autocomplete for project objects. !8180 -- Add 'l', 'r' and 'e' keyboard shortcuts support in Epic. !8203 -- Configurable GitHub static context for statuses integration. !8235 -- Send notifications for epic status change. !8247 -- Support license management and performance using new reports syntax. -- Support reports: for project security dashboard. -- Add chart of issues created per month. - -### Other (17 changes, 11 of them are from the community) - -- Update boards list selector specs. !6266 (George Tsiolis) -- Write some Geo development documentation. !7452 -- Connects the Group Security Dashboard API and Frontend. !7793 -- Rails5: Fix epics finder count_key method In Rails5, the state enum value is passed instead of the database integer. !7822 (Jasper Maes) -- Rails 5: fix presence message validation for prometheus_alert. !7823 (Jasper Maes) -- Rails 5: fix mysql milliseconds problem in prometheus alert event spec. !7828 (Jasper Maes) -- Rails5: fix VulnerabilitySummaryEntity. !7893 (Jasper Maes) -- Update feature flags empty state. !7967 (George Tsiolis) -- Adds the security dashboard link. !7974 -- Remove tooltip on sidebar text buttons. !8021 (George Tsiolis) -- Add a metric to the usage ping data to track the number of projects with at least one alert. !8058 -- Remove unneeded permission checks from the mirror repositories partial. !8077 -- Rails5: fix flaky mysql reset pipeline minutes spec. !8122 (Jasper Maes) -- Move `prepend` outside the `class` block for finders. !8192 (George Tsiolis) -- Rails5: fix operations controller spec nil parameter. !8209 (Jasper Maes) -- Update related issues title typography. !8267 (George Tsiolis) -- Geo: Clarify Geo HA documentation. - - -## 11.4.9 (2018-12-03) - -- No changes. - -## 11.4.8 (2018-11-27) - -### Security (5 changes) - -- Escape entity title while autocomplete template rendering to prevent XSS. !707 -- Authorize users when listing board users and milestones. -- Fix IDOR at /drafts/publish. -- Resolve: Guest can set weight of a new issue. -- Fixes XSS with merge request approvers selection. - - -## 11.4.7 (2018-11-20) - -### Fixed (1 change) - -- Fix code owner as merge request suggestion not available under Starter plan. !8248 - - -## 11.4.6 (2018-11-18) - -### Security (1 change) - -- Prevent templated services from being imported. - - -## 11.4.5 (2018-11-04) - -### Fixed (1 change) - -- Stops showing review actions on commit discussions in merge requests. !8007 - -### Performance (1 change) - -- Add indexes to all geo event foreign keys. !7990 - - -## 11.4.4 (2018-10-30) - -- No changes. - -## 11.4.3 (2018-10-26) - -- No changes. - -## 11.4.2 (2018-10-25) - -### Security (1 change) - -- Escape entity title while autocomplete template rendering to prevent XSS. !707 - - -## 11.4.1 (2018-10-23) - -- No changes. - -## 11.4.0 (2018-10-22) - -### Security (3 changes) - -- Properly filter private references from system notes. -- Project groups approvers no longer leak private groups info. -- Protect against CSRF attacks when adding Slack app. - -### Removed (1 change) - -- remove unnecessary help text from container scanning results. !7304 - -### Fixed (18 changes, 1 of them is from the community) - -- Prune all the Geo event log tables correctly. !6175 -- Synchronize the default branch when updating a pull mirror. !7242 -- Pushing to a merge request clears the approvals list even if the respective project setting is enabled and there is no fixed required number of approvals configured. !7328 -- Align epics and roadmap empty state buttons to the center. !7358 (George Tsiolis) -- Add link to issue on epic. !7407 -- Check for force env var when rebuilding auth_keys. !7419 -- Update popover URL to point to help page of same domain. !7446 -- Geo - Does not raise error 500 on Geo projects list page for orphaned entries. !7565 -- Show promotion for epics on issues. !7602 -- Fix Epic subscription toggle behaviour. !7723 -- Geo - Send a cache invalidation event via the log cursor whenever features are changed on the primary. !7738 -- Fix epic milestone dates incorrect after issue is linked to another epic. !7809 -- Fixes warning for used minutes in runner showing when user still has minutes. !7843 -- Fix disappearing weight input in Firefox. !7869 -- Don't synchronize default branch when updating a SSH mirror. !7891 -- Fix broken tokenization for filtered search bar in Epics. !7972 -- Fix bug when resolving a discussion via a batch comment published right away. -- Fix wrong color in resolve/unresolve checkbox when using MR reviews. - -### Changed (14 changes) - -- Geo: Decrease frequency of project shard schedulers when few projects to schedule. !7287 -- Added placeholder to weight input for issue sidebar. !7346 -- updated icons used in filtered search dropdowns. !7356 -- Geo: Display helpful feedback when proxying an SSH git push to secondary request. !7357 -- Geo - Include keep-around and other Gitlab-specific references in the checksum calculation. !7367 -- Polish security report externalizations. !7373 -- Listen for resolved Prometheus alerts. !7382 -- Rename date related labels for Epics. !7447 -- Add reports CI syntax for Code Quality reports. !7465 -- Support short reference to epics from project entities. !7475 -- Geo: Downgrade Exclusive Lease warnings from Log Cursor to debug. !7476 -- Geo: Allow nodes to be editable in more scenarios. !7832 -- Account for issues created in the middle of a milestone in burndown chart. -- [Geo] Add CI job artifact numbers to rake geo:status. - -### Performance (1 change) - -- Update DB model for security reports. - -### Added (20 changes, 1 of them is from the community) - -- Batch comments on merge requests. !4213 -- Use Geo log to remove files when migrated to object storage. !5966 -- Add support for closing epics. !7302 -- Add `auditor_groups` configuration so Audit users can be specified using SAML groups. !7340 (St. John Johnson) -- Geo - Add an event to reset checksums on Geo secondary nodes. !7394 -- Starts adding the dashboard page view. !7400 -- Add `Manage licenses` button to MR widget and pipelines view. !7411 -- Add Open/Closed epics tabs in list view. !7424 -- Add Feature Flags MVC. !7433 -- Suggest approvers based on code owners. !7437 -- Geo: Add a backoff time to few Geo workers to save resources. !7470 -- Persist Prometheus alert events. !7493 -- Geo: Added a button to Admin UI > Geo Nodes to open Geo Projects screen of any secondary node. !7512 -- Show Alert Thresholds on monitoring dashboards. !7538 -- Support autocomplete for commands in epics. !7588 -- Add form to enter licenses manually. !7603 -- Geo: Added `All` tab in Geo Nodes > Projects. !7745 -- Geo: Add a Geo Status Widget to Admin > Projects. !7789 -- Add data model and migration for vulnerabilities. -- Adds Batch Comments to Merge Requests [EEP]. - -### Other (8 changes, 1 of them is from the community) - -- Add runner quota information to job API. !7233 -- Resolve "ee:geo QA specs are failing as of !7210". !7315 -- remove readme checkbox from "create project" page. !7332 -- Create a generic JS function that we can apply to being able to track arbitrary events. !7403 -- Rename Admin Area Geo Nodes nav item to Geo. !7466 -- Group weight icon and text on issue list and issue boards. !7484 (George Tsiolis) -- Adds expandable/collapsable section for Snowplow. !7798 -- API: Allow issue weight parameter to be greater than or equal to zero. - - -## 11.3.14 (2018-12-20) - -- No changes. - -## 11.3.13 (2018-12-13) - -- No changes. - -## 11.3.11 (2018-11-26) - -### Security (7 changes) - -- Escape entity title while autocomplete template rendering to prevent XSS. !697 -- Properly filter private references from system notes. -- Authorize users when listing board users and milestones. -- Project groups approvers no longer leak private groups info. -- Resolve: Guest can set weight of a new issue. -- Fixes XSS with merge request approvers selection. -- Protect against CSRF attacks when adding Slack app. - - -## 11.3.10 (2018-11-18) - -- No changes. - -## 11.3.9 (2018-10-31) - -- No changes. - -## 11.3.8 (2018-10-27) - -- No changes. - -## 11.3.7 (2018-10-26) - -### Security (1 change) - -- Escape entity title while autocomplete template rendering to prevent XSS. !697 - - -## 11.3.6 (2018-10-17) - -### Fixed (1 change) - -- Don't reset the default branch when repository mirroring is enabled. !7944 - - -## 11.3.5 (2018-10-15) - -### Fixed (1 change) - -- Fix epic milestone dates incorrect after issue is linked to another epic. !7809 - - -## 11.3.4 (2018-10-05) - -### Security (1 change) - -- Properly filter private references from system notes. - - -## 11.3.3 (2018-10-04) - -- No changes. - -## 11.3.2 (2018-10-03) - -### Fixed (1 change) - -- Geo: repository shard verification job should have unique lease keys per shard name. !7474 - - -## 11.3.1 (2018-09-26) - -### Security (2 changes) - -- Project groups approvers no longer leak private groups info. -- Protect against CSRF attacks when adding Slack app. - - -## 11.3.0 (2018-09-22) - -### Security (1 change) - -- Prevent regular users from moving projects to different storage shards. - -### Fixed (29 changes, 11 of them are from the community) - -- don't add empty query params to boards. !4441 -- Geo: sync disabled wikis. !6420 -- Rails 5 fix alerts controller spec for post json parameters. !6795 (Jasper Maes) -- Fixes 500 error on user creation from admin panel with spaced username. !6804 (Jacopo Beschi @jacopo-beschi) -- Don't show search results for projects that have been deleted when using elastic search. !6830 -- Geo: Use database-cached status if redis-cached status is unavailable. !6854 -- [Geo] Fix: Custom favicons not being replicated by Geo. !6860 -- Rails5 fix AddMilestoneToLists migration rollback deleting wrong foreign key. !6865 (Jasper Maes) -- Rails5 fix passing Group objects array into for_projects_and_groups milestone scope. !6873 (Jasper Maes) -- Rails5: fix mysql milliseconds problem in project_import_state_spec. !6874 (Jasper Maes) -- Fix Jira integration duplicating branches and MRs. !6876 -- Rails5: fix mysql milliseconds problem in project_spec. !6880 (Jasper Maes) -- Remove https from Snowplow Collector URI placeholder in Admin Areawq. !6886 -- Geo: Replicate keep around refs. !6922 -- Fixes bug that prevented a user from seeing the system header and footer settings on the admin dashboard. !6926 -- Rails5 fix duplicate gpg signature in path lock spec. !6939 (Jasper Maes) -- Rails5: Fix audit event spec. !6940 (Jasper Maes) -- Rails5: fix mysql milliseconds problem in project registry spec. !6943 (Jasper Maes) -- LDAP - Does not update permissions on a read-only database. !6965 -- Rails5 fix project import spec. !6981 (Jasper Maes) -- Geo: Resolve sticky failures when attachments are missing on primary. !6991 -- Geo: LFS batch downloads are OK to be handled by secondary. !7209 -- Geo - Synchronize the default branch in secondary nodes. !7218 -- Handle fixed dates seperately from selected dates in Epics. !7227 -- Fix tooltip string to support dynamic date type in Epic sidebar. !7243 -- Fix an error in docs about fetching artifacts using API. !7244 -- Return proper status code when creation of an alert fails. !7360 (Peter Leitzen) -- Geo - Find the remote root ref using a JWT header for authentication. !7405 -- Add weight to issue hook. - -### Changed (3 changes, 1 of them is from the community) - -- Allow push_code when auth'd via Geo JWT. !6455 -- Prefer From address over Sender for Service Desk emails. !7006 (Andreas Josephson) -- Add CI Job token support to Maven packages API. !7249 - -### Performance (3 changes) - -- Reduce queries needed for CI artifacts on merge request widget. !6978 -- Use limited count approach on Protected Environments view. !6987 -- Limit sidekiq-cluster concurrency to a maximum of 50. !7025 - -### Added (15 changes, 2 of them are from the community) - -- Allow custom notification for new epic event. !5863 -- Geo: SSH git push to secondary -> proxy to Primary. !6456 -- Allow epic start/due dates to be sourceable from issue milestones. !6470 -- Add ability to upload and download maven packages from/to GitLab. !6607 -- Added an instance-level license template project. !6631 (Dan Barker) -- Add backend structure for ProtectedEnvironments. !6672 -- Add UI for GitLab private Maven repository feature. !6781 -- Add support for sorting epics. !6885 -- Allow specifying code owners in a CODEOWNERS file. !6916 -- Quick action for adding/removing epic to issues. !6934 -- Show total and completed instances deployed on deploy boards. !6955 -- Show security analysis status on the environments page. !6987 -- Add Instance Review for Core users. !6995 -- Introduce custom instance-level templates for Dockerfile, .gitignore, and .gitlab-ci.yml files. !7000 -- Adds Rubocop rule to enforce class_methods over module ClassMethods. !7044 (Jacopo Beschi @jacopo-beschi) - -### Other (4 changes) - -- Removes feature flag code surrounding Protected Environments feature. !7338 -- Creates vue component for shared runner limit. -- Allow MR authors to approve their MRs. -- Remove differences between CE and EE settings panel component. - - -## 11.2.8 (2018-10-31) - -- No changes. - -## 11.2.7 (2018-10-27) - -- No changes. - -## 11.2.6 (2018-10-26) - -### Security (1 change) - -- Escape entity title while autocomplete template rendering to prevent XSS. !698 - - -## 11.2.5 (2018-10-05) - -### Security (1 change) - -- Properly filter private references from system notes. - - -## 11.2.4 (2018-09-26) - -### Security (2 changes) - -- Project groups approvers no longer leak private groups info. -- Protect against CSRF attacks when adding Slack app. - - -## 11.2.3 (2018-08-28) - -- No changes. - -## 11.2.2 (2018-08-27) - -### Security (1 change) - -- Prevent regular users from moving projects to different storage shards. - - -## 11.2.1 (2018-08-22) - -- No changes. - -## 11.2.0 (2018-08-22) - -### Security (1 change) - -- Don't expose project names in EE counters. - -### Fixed (32 changes, 11 of them are from the community) - -- Allow Geo node to be edited once the database is failed over. !6248 -- Fix a bug where user was unable to delete a branch when repo size was above the limit. !6373 -- Rails5 fix AttachmentRegistryFinder arel queries. !6396 (Jasper Maes) -- Add Premium license checks for system messages. !6460 -- Fixes arrow-icon color and alignment in linked pipeline in merge request widget. !6479 -- Rails 5 fix the matcher expected the ApplicationSetting to be invalid, but it was valid instead. !6488 (Jasper Maes) -- Geo: Gracefully handle deleted events from Geo event log. !6506 -- Rails5 fix NoMethodError: undefined method 'message' for nil:NilClass. !6507 (Jasper Maes) -- Fix billing card title colors. !6563 -- Rails5 fix undefined method 'namespace_project_settings_repository_path'. !6581 (Jasper Maes) -- Rails5 fix no implicit conversion of Symbol into Integer. !6582 (Jasper Maes) -- Rails 5 fix NoMethodError: undefined method 'message' for nil:NilClass in host_spec.rb. !6589 (Jasper Maes) -- Fix mobile view of pod logs. !6597 -- Add left-padding to diverged-from-upstream label. !6647 -- List groups with developer maintainer access on project creation. !6678 -- no longer fail when setting up Geo database with GDK. !6680 -- Allow Pseudonymizer to write to a bucket without having permissions to see all buckets. !6682 -- Hide Expand button on empty MR widget Performance section. !6685 -- Ensure that Create issue button is shown in vulnerability dialog. !6708 -- Use same gem versions for Rails 5 as for Rails 4. !6712 (Jasper Maes) -- Rails5 correct wrong geo job name. !6713 (Jasper Maes) -- Elasticsearch: Fix a bug causing some types of note to miss being indexed. !6736 -- Rails 5 fix product array method delagation by manually calling .to_a in NotificationService. !6753 (Jasper Maes) -- Adjust self-hosted Jira development panel integration. !6756 -- Ensure that push size checks only count the size of newly-pushed files. !6767 -- Fix the UI for listing system-level labels. !6805 -- Rails5: fix slice in burndown fixture. !6813 (Jasper Maes) -- Rails5: fix Arel::UpdateManager in MigrateOldElasticsearchSettings migration. !6815 (Jasper Maes) -- Corrected URL for snowplow client side JS. !6899 -- [Geo] Fix the Storage config parameter in Geo nodes admin page. -- Fix exporting issues to CSV when sorting by label priority is used. -- Fix handling of annotated tags when Gitaly is not in use. - -### Changed (9 changes, 2 of them are from the community) - -- Add related issues loading icon top margin. !6527 (George Tsiolis) -- Add security products to usage ping. !6602 -- Changed copy for "Approved" state in merge request widget. !6635 (Constance Okoghenun) -- Track the Geo event log gaps in redis and handle them later. !6640 -- Replace clipboard icon in Service Desk settings. !6643 -- Removes "show all" on security reports and adds a button to take you to the pipeline page. !6675 -- Shows license reports when there are no reports in the source branch. !6720 -- Removes status text from licence reports. !6802 -- Opens "view full report" links in a new window. !6806 - -### Performance (2 changes) - -- Geo: Improve Geo Status API performance with cached counters in SiteStatistic. !6328 -- Geo: Improve performance in Log Cursor gap tracking. !6754 - -### Added (19 changes) - -- Geo: Add repository verification failures to API. !6137 -- Add support for todos on epics. !6142 -- Summed issue weights in board columns. !6218 -- Add an API endpoint for managed licenses of a project. !6246 -- Implement custom project templates. !6436 -- Projects page under Admin > Geo Nodes to display detailed synchronization information. !6452 -- Enables configuration of pull mirroring through API. !6485 -- Adds SLI alerts to custom prometheus metrics. !6590 -- Add support for milestones lists on the issue boards. !6615 -- Persist Epic Roadmap timescale choice. !6637 -- Add license management frontend. !6638 -- Add Snowplow integration. !6642 -- Add Security Dashboard to project quick links. !6652 -- Show License Management at pipeline level. !6688 -- Add Frontend for Instance-level project templates. !6740 -- Geo - Actively try to correct verification failures on the secondary. !6759 -- Add Prometheus metrics to track Geo autocorrect numbers. !6778 -- Link the License Management report in the MR widget with the pipeline level one. !6800 -- Allow creating assignee lists via API. - -### Other (8 changes, 1 of them is from the community) - -- Move merge requests EE helper methods. !6461 (George Tsiolis) -- Add additional logging for Geo Log Cursor. !6513 -- Ensure no weight change system notes end with a superfluous comma. !6571 -- Track registries marked as synced when repository does not found. !6694 -- Removes EE specific CSS that was moved to CE. !6723 -- Geo: Add rake task to resync projects where verification has failed. !6727 -- updates column sizes in licence and security modals. !6808 -- Geo: Log to geo.log when the Log Cursor skips an event. - - -## 11.1.7 (2018-09-26) - -### Security (2 changes) - -- Project groups approvers no longer leak private groups info. -- Protect against CSRF attacks when adding Slack app. - - -## 11.1.6 (2018-08-28) - -- No changes. - -## 11.1.5 (2018-08-27) - -- No changes. -### Security (1 change) - -- Prevent regular users from moving projects to different storage shards. - - -## 11.1.4 (2018-07-30) - -- No changes. - -## 11.1.3 (2018-07-27) - -### Fixed (1 change) - -- Resolve Environments dropdown is showing on the cluster health page. !6528 - - -## 11.1.2 (2018-07-26) - -### Security (1 change) - -- Don't expose project names in EE counters. - - -## 11.1.1 (2018-07-23) - -### Fixed (2 changes) - -- Fix geo download service ImportExportDownloader unitialized constant. !6567 -- Geo - Allow repository verification to be disabled on a secondary node. !6599 - - -## 11.1.0 (2018-07-22) - -### Removed (1 change) - -- Drop ignored Geo repository_storage_path columns. !5468 - -### Fixed (19 changes, 7 of them are from the community) - -- Log audit and Geo events within a project destroy transaction. !6059 -- Do not pre-select previous user(s) when creating protected branches. !6112 -- Group SAML settings link hidden when unlicensed. !6147 -- Geo: Fix repository/wiki sync race condition with multiple updates, especially in quick succession. !6161 -- [Rails5] Fix error on missed :authenticate_user callback. !6257 (@blackst0ne) -- Rails5 fix expected: ({...}) got: (<ActionController::Parameters {...}). !6271 (Jasper Maes) -- Rails5 fix ArgumentError: wrong number of arguments (given 1, expected 2). !6272 (Jasper Maes) -- Rails5 fix NoMethodError: undefined method `join' for "":String. !6278 (Jasper Maes) -- [Rails5] fix Boards::ListsController expected the response to have status code 200 but it was 403. !6318 (Jasper Maes) -- [Rails5] fix NoMethodError: undefined method 'downcase' for Hash. !6319 (Jasper Maes) -- [Rails5] fix Projects::VulnerabilityFeedbackController didn't match the schema. !6320 (Jasper Maes) -- Fix CI/CD pipelines when repository HEAD points to an invalid branch. !6325 -- Geo - Recalculates the checksum for projects up to date. !6333 -- Fixes an issue with security reports footers. !6450 -- Add missing sourceBranchLink prop to CI widget. !6493 -- Resync project repositories on secondaries nodes when import finishes. !6529 -- Adds permission checks to dismiss issue in security reports. -- Allow all but "/" chars for groups and projects paths on Jira dev panel integration. -- Fix weight system notes ending in commas. - -### Changed (6 changes) - -- [Geo] Invert the direction of Geo metrics acquisition. !5934 -- Update read-only message banner styling for Geo secondary node. !6135 -- Removes action buttons from resolved vulnerability modal. !6155 -- Redesign contribution analytics graphs. !6194 -- Geo - Retry checksum calculation for failures on the primary node. !6295 -- Don't show 'Contribute to GitLab' link on self-hosted Enterprise Edition instances. !6297 - -### Performance (5 changes, 1 of them is from the community) - -- Geo - Optimize query to return outdated projects that need to be reverified. !5879 -- Boost Geo prune worker to run every 2 hours instead of 6. !6074 -- Use tooltip component in MrWidgetSecondaryGeoNode vue component. !6078 (George Tsiolis) -- Eliminate N+1 queries in path lock checks during a push. -- Memoize the global default for push rules within the request. - -### Added (13 changes, 1 of them is from the community) - -- Add a new push rule to allow negative matching of commit messages. !5453 (Hannes Rosenögger) -- Pseudonymizer to safely export data for analytics. !5532 -- Add filename filtering to code search with Elasticsearch. !5590 -- Add API endpoint for viewing and editing board config. !5954 -- Log repository check and failed count to Prometheus. !5984 -- Allow repository verification concurrency to be controlled on primary and secondary. !6102 -- Geo: HTTP git-lfs push (upload) and locks (verify, lock and unlock) to secondary now redirects to the primary. !6109 -- Adds pod selection dropdown to pod logs screen. !6111 -- Add support for autocompleting Epics and Labels within Epics. !6195 -- Add project Security Dashboard. !6197 -- Support GitLab subgroups in Jira development panel. !6290 -- Render container scanning and dast reports in pipeline view. -- Add link to Jenkins documentation within integration and service template. - -### Other (2 changes) - -- Enable Geo snapshot synchronization for everyone. !6286 -- Geo - Make Geo repository verification flag opt-out by default. !6369 - - -## 11.0.6 (2018-08-27) - -### Security (1 change) - -- Prevent regular users from moving projects to different storage shards. - - -## 11.0.5 (2018-07-26) - -### Security (1 change) - -- Don't expose project names in EE counters. - - -## 11.0.4 (2018-07-17) - -- No changes. - -## 11.0.3 (2018-07-05) - -- No changes. - -## 11.0.2 (2018-06-26) - -- No changes. - -## 11.0.1 (2018-06-21) - -- No changes. - -## 11.0.0 (2018-06-22) - -### Security (2 changes) - -- Escape name in merge request approvers dropdown. -- Fixes include directive to not allow SSRF requests. - -### Fixed (15 changes) - -- Hide Lock button if File Locking feature is not available in license. !5656 -- Geo - Move out the replication slots items from verification section in Geo admin screen. !5723 -- Fix approvers API not accepting empty form-encoded params. !5784 -- Fix error when locking/unlocking directories. !5862 -- Geo: Formatting fix for geo:status rake task. !6020 -- Geo: Automatically clean up stale lock files on Geo secondary. !6034 -- Remove LFS object warning from import UI. !6083 -- Fix Web IDE status bar if System Footer message is present. -- [Geo] Fix: Deleted project events may be skipped on the secondary when selective sync is used. -- [Geo] Fix: Unauthenticated rate limits should not block Geo requests. -- Perform gitlab-ci-token authentication always using primary. -- Geo: Gracefully handle a non-JSON response from the node status. -- Geo: Fix FDW schema check when tables and columns are not in the same order. -- Fix sticking of runner to primary if new job is scheduled. -- When last Geo::EventLog is not available, geo:status rake task fails. - -### Deprecated (2 changes) - -- Rename Container Scanning job and artifact. !5770 -- Rename Code Quality job and artifact. !5773 - -### Changed (7 changes) - -- Removed "(Beta)" from "Auto DevOps" messages. !5583 -- Make issue weight promotion in issuable sidebar dismissable. !5601 -- Remove the comma from the weight system notes. !5854 -- Enrich Security Reports with more data. !5878 -- Truncate Geo event log with a delay. !5897 -- Add support for non-negative integer weight values in issuable sidebar. -- Improve Failed Jobs tab in the Pipeline detail page. - -### Performance (5 changes, 2 of them are from the community) - -- Reorder LinkToMemberAvatar vue component props values. !5692 (George Tsiolis) -- Rename merge request widget author component. !5693 (George Tsiolis) -- Geo - Fix index for outdated projects on the project_repository_states table. !5986 -- Preload Group plans in EpicsFinder. -- Only process Geo::EventLog events if associated shard is queryable and healthy. - -### Added (12 changes) - -- Allows the review of kubernetes pod logs within GitLab. !4752 -- Geo: Rake task to force housekeeping on next sync. !5623 -- Add ability to have zero approvers. !5635 -- Show status information stale icon in Geo admin dashboard. !5653 -- Add assignee board list type. !5743 -- Geo: HTTP git push to secondary now redirects to the primary. !5785 -- Add presets for navigating Epic Roadmap. !5798 -- Guest users will not consume seats quote in Ultimate plan. !5816 -- Create system note on epic date change. -- Add License Management results in the MR widget. -- Extract EE specific files. -- Add service discovery for the DB load balancer. - -### Other (4 changes, 1 of them is from the community) - -- Add promotion for epics to issuable sidebar. !5601 -- Remove confusing statement in the message shown for Epics list empty state when filters are applied. !5630 -- Fixed illustration alignment for group milestones promotion. !5677 (Constance Okoghenun) -- Allow viewing only one when multiple issue boards is not enabled. |