**Note:** This file is automatically generated. Please see the [developer documentation](doc/development/changelog.md) for instructions on adding your own entry. ## 13.7.7 (2021-02-11) ### Security (9 changes) - Cancel running and pending jobs when a project is deleted. !1220 - Prevent Denial of Service Attack on gitlab-shell. - Prevent exposure of confidential issue titles in file browser. - Updates authorization for linting API. - Check user access on API merge request read actions. - Limit daily invitations to groups and projects. - Enforce the analytics enabled project setting for project-level analytics features. - Perform SSL verification for FortiTokenCloud Integration. - Prevent Server-side Request Forgery for Prometheus when secured by Google IAP. ## 13.7.6 (2021-02-01) ### Security (5 changes) - Filter sensitive GraphQL variables from logs. - Avoid exposing release links when the user cannot read git-tag/repository. - Sanitize target branch on MR page. - Fix DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting. - Add routes for unmatched url for not-get requests. ## 13.7.5 (2021-01-25) ### Fixed (2 changes, 1 of them is from the community) - New project guidelines are no longer displayed. !50736 (Roger Meier) - Fix LFS not working with S3 specific-storage settings. !52296 ## 13.7.4 (2021-01-13) ### Security (1 change) - Deny implicit flow for confidential apps. ## 13.7.3 (2021-01-08) ### Fixed (7 changes) - Fix Canary Ingress weight is not reflected on UI immediately. !50246 - Change pages deployments size to bigint. !50262 - Fix viewing container repositories with tags with corrupted manifest. !50362 - Fix the graphQL type for container repository tags. !50419 - Fix(eetrialbanner): fix EE trial banner to allow dismiss. !50436 - Update Helm 2 version to 2.17.0. !50547 - Fix project access token regression. !50800 ## 13.7.2 (2021-01-07) ### Security (7 changes) - Forbid public cache for private repos. - Deny implicit flow for confidential apps. - Update NuGet regular expression to protect against ReDoS. - Fix regular expression backtracking issue in package name validation. - Fix stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages. - Update trusted OAuth applications to set them as confidential. - Upgrade Workhorse to 8.58.2. ## 13.7.1 (2020-12-23) ### Fixed (1 change) - Fix project transfer corrupting shared runners state. !47316 ## 13.7.0 (2020-12-22) ### Security (1 change) - Fix regular expression backtracking issue in custom emoji name validation. ### Removed (2 changes, 1 of them is from the community) - Remove Google Code importer. !48139 (Getulio Valentin Sánchez) - Remove release notes from Tags page. !49979 ### Fixed (109 changes, 7 of them are from the community) - Update user mentions when markdown columns are directly saved to DB. !38034 - Retain spinner when applying MR suggestions. !46203 - Skipped jobs no longer trigger a cancelled deployment. !46614 (David Barr @davebarr) - Catch wiki timeouts when rendering pages. !46627 - Fix single file snippets display for Geo secondary sites. !46812 - Fix Jira Connect styles not loaded when startup_css is enabled. !47043 - Add migration that updated users that don't need to have 2fa established. !47193 - Fix project integration form validation when integration is inactive. !47201 - Fix project access token build authentication error. !47247 - Support S3 server side encryption in CI cloud native job logs. !47536 - Fix repository clone panel for wikis. !47676 - Hide Mark as draft button in a merged MR even on mobile. !47678 (Takuya Noguchi) - Eliminate N+1 performance issues in MergeRequest.pipelines in GraphQL API. !47784 - Add cascade delete foreign key to web_hooks on service_id without validation. !47821 - Implement passing dotenv variables to bridge jobs. !47905 - Allow canceling all pipelines with auto-cancel. !47906 - Fix error in Issuable::ImportCsv::BaseService when CSV file is empty. !47918 - Fixed editing labels on the swimlanes sidebar. !47946 - Scroll exactly to the top of a discussion on the MR Overview tab. !47970 - Search page: fix empty results status. !48034 - Move fuzz license check to .pre stage. !48076 - Add link in Access Request API. !48081 (jimcser) - Add gitlab:db:active task. !48083 - Fix overscroll for MR diffs in mobile view. !48091 - Fix incorrect line height in file header. !48117 - Repopulate historical vulnerability statistics. !48128 - Fixed image diff comments positioning. !48132 - Manually trigger pipelines correctly when branches and tags have the same name. Separate tags and branches in trigger pipeline form. !48142 - Allow failure for Secret Detection job. !48152 - Change services.inherit_from_id foreign key to ON DELETE CASCADE. !48163 - Avoid exception when validating diff_note support. !48187 - Avoid invalid notes on Project Import. !48189 - Update alert setting form to handle JSON payload submit when mapping builder is not enabled. !48231 - Adds id desc to index_ci_builds_on_runner_id_and_id_desc. !48241 - Adds type="button" to the close button for the issue type selector to prevent accidental form submission. !48249 - Remove orphan service hooks. !48263 - Fix console error being thrown when file is renamed. !48275 - Update alert details sidebar assignee dropdown to use correct styling and formatting. !48285 - Consider design repositories when determining if there is a git transfer in progress. !48304 - Set Retry-After header when RackAttack throttling. !48310 - Fix misaligned buttons for CI Jobs page. !48332 (mgandres) - Use incident instead of issue for operation settings. !48406 - Fix missing item with same name in autocomplete suggestions. !48410 (Paul Ungureanu @ungps) - Fix misalignment of commit search by message input. !48430 - Prometheus integration name should not have a modifiable input field. !48437 - Fix stretched flash in project commit show page. !48439 - Ensure job trace endpoint is not called if the current job has not started or the browser is not visible. !48516 - Update fog-aws to v3.6.7. !48519 - Fixed double-border style on WebIDE button. !48605 - Fix spacing between buttons on pipeline header. !48660 - Fix vulnerability deduplication logic for the "pipeline security tab". !48704 - Add type filtering in appearance page of the admin panel. !48709 (Paul Ungureanu @ungps) - Fix confirmation modal showing on project integration. !48720 - Fix import of LFS files in GitHub import. !48722 - Github importer - Avoid touching MR when importing pull request `merged by` field. !48729 - Fix styling of various dropdowns. !48800 - Fix MR buttons when fork is deleted. !48813 - Add menu-item class to non-details-job-component. !48834 - GraphQL: Add gitlay field to CiStatusAction. !48892 - Global Search - Fix Dark Mode Font. !48927 - Fix flex overflow bug. !48931 - Restrict access to job page to developers only when use CI_DEBUG_TRACE is true. !48932 - Resolve Cannot remove namespace. !48973 - Resolve Save button should have a different color on press. !48975 - Fix last_value record in internal_ids for epics. !48988 - Fix failed group imports getting stuck by long error messages. !48989 - Avoid branch name checking when creating a new snippet. !48995 - Ensure default_branch from settings is not blank. !49018 - Make sure Sourcegraph asset always loads successfully. !49030 - Fix avatar size in profile activity. !49047 - Fix margin and selected state in file header. !49059 - Fix comment highlighting for unified diff components. !49061 - Fix Jupyter notebook code and image rendering. !49067 - Fix bug in ProjectRepositoryStorageMove transition to scheduled. !49105 - Do not crash the ingestion of all security reports if there is an invalid report artifact. !49181 - Do not automatically reapply incident label after user removes it. !49188 - Update fog-google to v1.12. !49196 - Check for a status in the current user dropdown. !49203 - Fix pipeline page in dark mode. !49214 - Handle prometheus-formatted alert notifications through HTTP integrations. !49268 - Update repository size after import. !49319 - Fix typo on merge locally step. !49330 - Fix getting security report information on merge requests from forks. !49354 - Conan packages show build and commit information when published using CI. !49426 - Clear emoji status in issue/mr header. !49439 - Hide extra breadcrumb arrow that overlaps with last breadcrumb item. !49456 - Fix division by error when upload max size is set to 0. !49482 - Capture subgroup creation failure during Group Import via archive file. !49484 - Alert Service integration only available for projects. !49561 - Update projects_imported.total usage metric. !49568 - Fix usage data tracking of some issue events. !49571 - Fix copy to clipboard on Firefox. !49648 - Fix outline on selected button in Snippets Rendered/Source buttons. !49676 - Add final newline on submit in blob editor. !49681 - Fail import state whenever repository import fails. !49682 - Fix author on /clone quickaction usage to be current user. !49830 - Upgrade mailroom to v0.0.8. !49834 - Fix the header name for basic auth authentication in package managers APIs. !49836 - Allow opsgenie manage form to be displayed when opsgenie is enabled. !49863 - Add custom cop to prevent invalid HTTParty usage. !49878 (Ethan Reesor (@firelizzard)) - Remove last-child bottom-margin: 0 from page-title class. !49884 - Fix wording of some 400 Bad request API responses. !49895 - Set Web IDE Live Preview default background to white. !49901 - Fix bug in snippets mark as spam mutation. !49912 - Make the strategies env wrap. !49951 - Fix get endpoint not returning members with minimal access. !49996 - Fix feature flag logging is not working on API. !50025 - Resolve No boards found message showing when loading boards. !50140 - Fix Markdown attachments in Releases not rendering with full URL. !50146 ### Deprecated (1 change) - Drop unused feature_filter_type experiment column. !48221 ### Changed (124 changes, 12 of them are from the community) - Move Jenkins to Core. !37797 (Ben Bodenmiller (@bbodenmiller)) - Migrate Bootstrap button to GitLab UI GlButton in IDE. !39988 - Replace bootstrap alerts in ee/app/views/admin/licenses/new.html.haml. !41275 (Gilang Gumilar) - Replace bootstrap alerts in app/views/profiles/notifications/show.html.haml. !41310 (Gilang Gumilar) - Replace bootstrap alerts in app/views/admin/runners/show.html.haml. !41378 (Gilang Gumilar) - Replace Runner Page Title with Runner’s Hash. !44854 (Kev @KevSlashNull) - Rename Piwik config items and layout file after rebranding to Matomo. !45658 (Kate Grechishkina @kategrechishkina) - Improve clarity of admin Rate Limiting UI. !46142 - Replace fa-exclamation-triangle icons with GitLab SVG warning-solid icon. !47089 - Add `converted_at` timestamp column to `experiment_users` to record when the user performs an experiment's conversion action. !47093 - Preserve cross references in AsciiDoc documents. !47131 (Guillaume Grossetie) - Darker background for dark mode, plus small fixes to MR page. !47359 - Add option to uninstall the legacy Tiller server for clusters added before GitLab 13.2. !47457 - Use GitLab UI styles on Integrations page. !47478 - Add a job to the DAST template that shows an error in the console if the user is not licensed to use DAST. !47484 - Add BulkImports::Failure to store import failures of the Group Migration (BulkImports) process. !47526 - Remove brackets in no scopes selected message in access and deploy tokens lists. !47628 - Begin auto-stop countdown for environment after initial creation. !47702 - Change default project listing sort order to name. !47734 (Lee Tickett) - Finalize new create project UI experiment. !47804 - Make ImportIssuesCsvWorker idempotent. !47808 - Remove "Details" from breadcrumb item and LD+JSON from Project top. !47817 (Takuya Noguchi) - Convert knative error alert to glalert. !47840 - Remember last used project ordering option across groups. !47850 (Lee Tickett) - Remove "Details" from breadcrumb and JSON+JD on Group top page. !47854 (Takuya Noguchi) - Hide open registration user callout on gitlab.com. !47865 - Make "How to merge" modal in merge requests conform to correct modal styling. !47889 - Remove `Add Issues` button and a related modal. !47898 - Remove Feature Flag that controls data limit on Deploy Boards, thus making 10MB limits mandatory. !47950 - Removed boards promotion. !47972 - Replace fa-chevron-down in template selector dropdown. !48015 - Remove http_integrations_list feature flag. !48030 - Add filtering by current iteration to issue lists and issue boards. !48040 - Implement smart cobertura class path correction. !48048 - Replace fa-chevron-down icon in pikaday. !48054 - Add User.location field to GraphQL API. !48059 - Add support for filtering direct group members by 2FA enabled/disabled. !48084 - Iterate on the copy in the “Novice or Experienced” page of the registration onboarding flow. !48086 - Add metrics for count of unique users of alerts and incidents to usage ping. !48087 - Allow Pages to define a storage-specific connection. !48098 - Replace fa-exclamation-triangle in users select. !48116 - Add a generic packages tab to the Packages UI. !48121 - Replace fa icons in single file diff. !48136 - Add `checksum` column into the `vulnerability_remediations` table. !48165 - Replace fa-chevron-down with GitLab SVG in dropdowns. !48171 - Add ldap encrypted credentials to the usage data. !48210 - Replace fa-spinner in metrics dashboard yaml definition. !48227 - Update Design of the Container Registry Cleanup Policy for tags. !48243 - Enable LFS chunked encoding. !48269 - Authorize the project for the cluster agent if it is the agent's project. !48314 - Add GlFormCheckbox to squash commits. !48338 - Add metric for dead Sidekiq jobs. !48361 - Make How to merge modal in merge requests widget conform to correct modal styling. !48370 - Allow filtering project and group members by relationship in GraphQL. !48372 - Add Attributes cleaner to Group Migration. !48374 - Add additional fields to GraphQl terraform state version. !48411 - Bumps Managed-Cluster-Applications CI template to v0.36.0, which upgrades Runner. !48444 - Expose public email field for user in GraphQL. !48468 - Add MAU counter for snippet show action. !48477 - Refine group creation form. !48490 - Geo: Remove unused indexes. !48504 - Update empty state for no commits result. !48538 - Github Importer - import the pull request `merged by` field. !48561 - Refactor container registry list page to grapqhl. !48602 - Transfer a project/group to a new namespace inheriting integrations. !48621 - Replace fa-chevron-down icons with GitLab SVG in gcp cluster form. !48656 - Add containerRepositoriesCount to project and group queries. !48685 - Track test failures on pipeline completion. !48695 - Include actual limit in pipeline limit errors. !48710 - Replace how to merge HAML with Vue component. !48766 - Global Search - Fix Sidebar Whitespace. !48832 - Move CanaryIngress to core. !48836 - Finish removing unused replication columns from terraform state. !48839 - The dependency proxy caches manifests and makes HEAD requests to help with rate limiting. !48845 - Update package_file table to display commits when present. !48882 - Avoid creating wiki empty repo when not present in export files. !48890 - Update nodejs-scan rule to wildcard prefix. !48902 - Add primary key to elasticsearch_indexed_projects. !48919 - Upgrade fog-aws to v3.7.0. !48921 - Add new column `finding_uuid` into `vulnerability_feedback` table. !48923 - Add primary key to elasticsearch_indexed_namespaces. !48944 - Add ability to type a number in related issues and prepend #. !48952 - Improve CI for external repo with configurable maximum mirroring frequency on self-hosted. !48955 - Enable pages_serve_from_deployments FF by default. !48974 - Replace fa-cirlce in runners helper. !48981 - Add GitHub Importer pagination. !48983 - Add primary key to merge_request_context_commit_diff_files. !49024 - Update template to use codequality 0.85.18-gitlab.1. !49034 - Display more pipelines info in package history. !49040 - Use a separate commit to store formatting changes in the Static Site Editor. !49052 - Delete manifests when purging the dependency proxy using the API. !49056 - Auto approve users if Admin approval after sign up setting is disabled. !49068 - Boards - Remove default labels lists generation. !49071 - Sort merge request diff files directory first. !49118 - Add user ID based allowlist for Rack::Attack. !49127 - Sort commit/compare diff files directory first. !49136 - Move IssueType notes and discussions count logic to resolvers. !49160 - Let `rake gitlab:workhorse:install` use vendored workhorse. !49250 - Allow alert list to be visible when alerts exist, even if alerting integrations are disabled. !49257 - EKS: Provide user feedback on AWS authorization errors. !49278 - Remove user_search_secondary_email feature flag. !49312 - Update gitlab-kas to v13.7.0. !49318 - Convert fa-caret-down icons to chevron-down SVG. !49332 - Enable file tree highlighting by default. !49356 - Merge 'Sample Data' and 'Built-in' tabs on Project Templates page. !49374 - Add Merge Train Setting to the graphql api. !49402 - Migrate HAML buttons to Pajamas in app/views/profiles/keys. !49421 (Jonston Chan @JonstonChan) - Migrate `createBoard` away from boardStore. !49450 - Support merge requests filtered by reviewer in GraphQL API. !49464 - Gradually load more diffs async. !49476 - Require users to copy, download, or print 2FA recovery codes. !49493 - Convert group member filter dropdowns to filtered search bar. !49505 - Update GitLab Workhorse to v8.58.0. !49534 - Refactor container registry to use GraphQL API. !49584 - Remove unneeded pagination code for project importers. !49589 - Update deprecated button on pipeline security table. !49620 - Update ide pipeline alert to use gitlab ui. !49634 - Updates the copy on empty users list tabs. !49642 - Enable LFS chunked encoding by default. !49649 - Add visibility and last updated image repository details. !49703 - Allow updating `hideBacklogList` and `hideClosedList` board attributes. !49947 - Add expires_at param to GroupMemberBuilder data. !49981 - Change the unique index on `security_findings` table. !50046 - Remove dast_unlicensed job. !50129 ### Performance (24 changes, 2 of them are from the community) - Remove redundant index. !47072 - Add database index for deployment rollback targets. !47159 - Add index for API Fuzzing usage data. !47692 - Paginate unit test report. !47953 - Remove .issue-box from static (classic) Issuable list. !47998 (Takuya Noguchi) - Remove Bootstrap 4's Cards components from Issuables and Todos. !48004 (Takuya Noguchi) - Fix N+1 when looking up user's solo owned groups. !48340 - Paginate first page of branches using Gitaly. !48595 - Add approvals created_at index. !48684 - Update index for notes to include `system`. !48864 - Remove unnecessary Gitaly calls from raw endpoint. !48917 - Reduce SQL queries when no pipeline hooks are active. !49186 - Improve query that finds all pipelines in the same family. !49240 - Rendering Loading State of Last Commit earlier. !49362 - Fix N+1 queries loading milestones when exporting CSVs. !49429 - Update snippet repository finder for namespace replication. !49518 - Reduce object allocations for large merge request. !49563 - Remove unnecessary Gitaly calls from projects#show. !49565 - Expand index on ci_pipelines. !49604 - Remove unnecessary queries in milestone page. !49662 - Improve the performance of the diff change access check. !49803 - Remove initial data check on project level value stream page. !49936 - Improve UI and performance of branches overview page. !50096 - Use the improved version of Value Stream Analytics backend on the project level. !50141 ### Added (125 changes, 13 of them are from the community) - Configurable personal access token prefix. !20968 (Max Wittig & Diego Louzán) - Add CI_OPEN_MERGE_REQUESTS environment variable. !38673 (Ben Bodenmiller @bbodenmiller) - Add Kroki to support more diagrams in AsciiDoc and Markdown. !44851 (Guillaume Grossetie) - Fix the unreachable CLI image in OpenShift CI template. !44933 (Klaus Mueller @klml) - Add other role column in user details table. !45635 - Add encrypted ldap secrets support. !45712 - Add the gitlab-experiment gem, with configuration. !45840 - Support Git access for group wikis. !45892 - Add toggle to remove Analytics left nav item. !46011 - Add merge requests total time to merge field to the GraphQL API. !46040 - Cleanup webauthn background migration. !46179 (Jan Beckmann) - Add GraphQL mutation to update a release. !46611 - Capture design detail views via usage ping. !46751 - Add metric image uploading to incidents via REST API. !46845 - Expose GraphQL resolver for processing CI config. !46912 - Limit maximum deployments per pipeline to 500. !46931 - Enable Crowd auth for git-over-https. !46935 (Thomas Mendoza @tgmachina) - Create a new `ExperimentSubject` model, associated to the `Experiment` model, and related database migrations. !47042 - Add GraphQL mutations for Devops Adoption Segment. !47066 - Allow passing `commit_id` when creating MR discussions via the API and expose `commit_id` for MR diff notes. !47130 (Johannes Altmanninger @krobelus) - Adds bulk project repository storage move API. !47142 - Add packages_size to ProjectStatistics API entity. !47156 (Roger Meier) - Create `vulnerability_findings_remediations` and `vulnerability_remediations` tables. !47166 - Geo: Add verification state machine fields to package files table. !47260 - Add `increment_counter` to Usage Ping API. !47309 - Geo: Add verification indexes for package files. !47372 - Add SEO structured markup for groups. !47374 - Create `incident_management_oncall_schedules` table. !47407 - Add confirm modal to unblock user. !47442 - Add API endoint for Administrators to approve pending users. !47564 - Allow secondary emails in user search. !47587 - Frontend client for increment_counter API. !47622 - Schedule CreateEvidenceWorker jobs in a sliding window. !47638 - Send Static Site Editor events to Usage Ping API. !47640 - Add rake task to disable personal project and group creation. !47655 - Add assign self to group boards sidebar. !47705 - Toggle File-By-File setting from the MR settings dropdown. !47726 - Add regulated field to compliance management frameworks. !47761 - Add lock button to the Terraform State list view. !47842 - Adds migration for user permission uploads. !47846 - Add loading state to boards assignees header dropdown. !47848 - Use CS_ANALYZER_IMAGE in CS template. !47856 - Add cloud_license_enabled column to application_settings. !47882 - Add invitation reminders. !47920 - Create namespace onboarding actions table. !48018 - Expose creation/update times for issue links. !48051 - Add upcoming deployment column to Environments page. !48062 - Add `service_desk_reply_to` to issues list and header. !48089 (Lee Tickett) - Add iteration_id column to lists. !48103 - Add Epic Board Position model to store relative positioning of epics on a board. !48120 - Add code coverage overall activity to group repository analytics. !48155 - Add confirm modal to reactivate user. !48173 - Email user when registration request is rejected. !48185 - Add artifacts field to JobType. !48207 - Add database index on deployments. !48265 - Add secondary indexes to partitioned audit_events. !48270 - Obfuscate user profile for unconfirmed users. !48271 - Add flash message for setAssignees on group issue boards. !48277 - Add an URL to get user's GPG key if registerd. !48321 (Shimura Rin @blackenedgold) - Add Operations project setting logic. !48347 - Add GraphQL mutation to delete a release. !48364 - Track MAU for SSE edit. !48377 - Add loading state to assignees header. !48392 - Implement a /clone quick-action to quickly clone an Issue. !48394 - Expose upcoming deployment in environment.json. !48449 - Add Vulnerabilities External Link model. !48465 - Add migration to populate remaining dismissal information for vulnerabilities. !48472 - Mark SCIM-created accounts as provisioned by group. !48483 - Add delete button to terraform list vue. !48485 - Show if a Pipeline was Ran in a Fork. !48517 - Added email notifications when an Issue is cloned. !48534 - Add dependency_proxy_manifests table and associations. !48535 - Add usage metrics for issue clone. !48537 - Implement a /clone_with_notes quick-action to quickly clone an Issue will all its notes. !48539 - Tracks guest package events. !48547 - Retry rsync when source files vanish during backup. !48568 - Add Setting to disable feed_tokens. !48600 - Enable by default usage data API tracking. !48607 - Add GraphQL API to delete container repository tags. !48617 - Github Importer - import pull request reviews from Github. !48632 - Added epic boards and epic board labels tables. !48658 - Allow alerts to be filtered by monitoring tool. !48699 - Adds guest package events to usage data. !48734 - Render http and https URLs as clickable links in Job logs. !48758 (Łukasz Groszkowski @falxcerebri) - Add Merge Request diff CI variables. !48764 (Jonas Hahnfeld) - Add admin users serializer and entity. !48791 - Set vulnerability as dismissed when there is dismissal feedback. !48795 - Create package build_info records for Conan, NuGet, PyPI, and Composer packages and package files. !48811 - Add download action to the Terraform state listing. !48837 - Add context to the experiment user records. !48896 - Add index for the `vulnerabilities` table on `project_id`, `state`, and `severity` columns. !48930 - Add uuid column into security_findings table. !48968 (Harrison Brock @harrisonbrock) - Detect corrupted build logs and report them by incrementing Prometheus counter. !49004 - Add details column to vulnerability findings table. !49005 - Add Project to ContainerRepository GraphQL type. !49019 - Add pipeline information to Terraform state list. !49042 - Add oncall rotations and participants tables. !49058 - Add domain column to alerts table. !49120 - Add dependency proxy predefined environment variables. !49133 - Add usage data rake tasks to prettify JSON output. !49137 - Resolve Transition ID section should include help text. !49204 - Support instance profiles for IAM role for Amazon EKS integration. !49212 - Add `project_id` column into the `vulnerability_remediations` table to scope the records with projects. !49219 - Add member_events column to web_hooks table. !49273 - Upgrade Pages to 1.31.0. !49352 - Add CI/CD analytics GraphQL types. !49384 - Truncate the `security_findings` table. !49385 - Add validating jsonb fields with json schema draft-07. !49451 - Adds sha checksum to composer URL. !49511 - Dependency Proxy for private groups and Dependency Proxy authentication. !49519 - Save usage ping payload in raw_usage_data table. !49559 - Allow downloading of security reports directly from merge request page. !49572 - Show upgrade popover in security widget in merge requests when the user is able to upgrade. !49613 - Introduce frontend for group migration MVC. !49709 - Add issue header mobile dropdown loading state. !49734 - Support extensions as configurable ES6 classes in Editor Lite. !49813 - Allow job to download artifacts in parent-child pipeline hierarchy. !49837 - Add ability to aggregated metrics in Usage Ping. !49886 - Add expiration policy completed at support in container repositories. !49924 - Allow to configure custom service desk email address suffix. !49932 - Add payload_example and payload_attribute_mapping columns to alert_management_http_integrations table. !49941 - Add prefilled variables for run pipeline page. !49985 - Add operations_access_level to project settings API. !50023 - Upgrade GitLab Pages to 1.32.0. !50062 - Add MergeRequest to VulnerabilityType in GraphQL. !50082 ### Other (49 changes, 15 of them are from the community) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/boards. !41410 (nuwe1) - Migrate bootstrap dropdown to GlDropdown in app/assets/javascripts/diffs. !41451 (nuwe1) - Migrate awards list buttons to new buttons. !43061 - Apply GitLab UI button styles to buttons in app/views/projects/graphs directory. !44295 (Lakshit) - Use GitLab's standard dropdown for the review mode chooser in the WebIDE. !46820 - Replaces elements with the bs-callout class with gl-alert vue component. !47331 (Gary Bell @garybell) - Add analytics_devops_adoption_snapshots table. !47388 - Add relation name to indexes view. !47422 - Migrate chevron-down icon to svg. !47591 - Disable auto admin mode in features. !47670 (Diego Louzán) - Remove avg_cycle_analytics from usage ping. !47812 - Remove unused .issue-box CSS. !48002 (Takuya Noguchi) - Convert shared runner limit alert to gl-alert. !48063 - Remove temporary blocking issues scheduling indexes. !48064 - Update icons to svg in several sort dropdowns. !48092 - Move Terraform state versioning default to database. !48194 - Replace wrong index definition on labels (project_id, title). !48238 - Update GitLab Runner Helm Chart to 0.23.0. !48284 - Add `external_author` alias to `service_desk_reply_to`. !48363 (Lee Tickett) - Migrate bs-callout to GlAlert in …/unmet_prerequisites_block.vue. !48398 - Improve logging on feature flag modification. !48417 - Replace bootstrap caret-down with chevron-down. !48424 - Convert bootstrap carets to svg chevrons. !48492 - Rename "Cycle Analytics" with "Value Stream Analytics" under /spec. !48531 (Takuya Noguchi) - Update GitLab Workhorse to v8.56.0. !48592 - Update gitaly gem to 13.6.1. !48601 - Rename "CYCLE_ANALYTICS_*" variables for CI with "VSA_*". !48675 (Takuya Noguchi) - Adds gl button classes to manifest imports. !48697 - Add btree bloat estimation view. !48698 - Disable auto admin mode on requests and views specs. !48700 (Diego Louzán) - Move users#show.json to users#activity.json. !48712 (Takuya Noguchi) - Remove `view_diffs_file_by_file` feature flag. !48966 - Move profiles/keys#get_keys to users#ssh_keys. !48991 (Takuya Noguchi) - Replace wiki fontawesome icons with emojis. !49097 - Add a project setting to allow editing commit messages. !49152 - Updated UI text to match style guidelines. !49275 - Move profiles/gpg_keys#get_keys to users#gpg_keys. !49448 (Takuya Noguchi) - Remove references to cross_project_pipeline source in documentation. !49579 - Updated UI text to match style guidelines. !49632 - Migrate bs-callout to GlAlert for components using app/assets/javascripts/vue_shared/components/callout.vue. !49732 (Gary Bell @garybell) - Bump gitlab-shell version to v13.14.0. !49810 - Track index bloat estimate. !49822 - Conver create merge request button to gl. !49864 - Adds gitlab ui classes to project dir buttons. !49939 - Removed count_uploads_size_in_storage_stats feature flag. !49998 - Delete MockDeploymentService records, used only in development environments. !50030 - Add feed_token specs to spec/features/profiles/personal_access_tokens_spec.rb. !50059 - Replace spec/controllers/ide_controller_spec.rb with request spec. !50075 (Takuya Noguchi) - Update GitLab Workhorse to v8.57.0. ## 13.6.3 (2020-12-10) ### Fixed (5 changes) - Fix error 500s creating projects concurrently. !48571 - Fix container_registry url for relative urls. !48661 - Resolve Members page 500 error after Invitation sent via API. !48937 - Add different string encoding method in rack middleware. !49044 - Fix MR rendering issue when user is tool admin and not project member. !49258 ### Changed (1 change) - Update Rake check and docs to require Ruby 2.7. !48552 ## 13.6.2 (2020-12-07) ### Security (10 changes) - Validate zoom links to start with https only. !1055 - Require at least 3 characters when searching for project in the Explore page. - Do not show emails of users in confirmation page. - Forbid setting a gitlabUserList strategy to a list from another project. - Fix mermaid resource consumption in GFM fields. - Ensure group and project memberships are not leaked via API for users with private profiles. - GraphQL User: do not expose email if set to private. - Filter search parameter to prevent data leaks. - Do not expose starred projects of users with private profile via API. - Do not show starred & contributed projects of users with private profile. ## 13.6.1 (2020-11-23) ### Fixed (5 changes) - Fix project transfer corrupting shared runners state. !48032 - Fix project select split button bug. !48065 - Fix tags pages erroring for projects with private pipelines. !48184 - Ensure Alerts list loads when only HTTP integrations are enabled. !48247 - Does not track package events on a read-only instance. !48257 ### Changed (1 change) - Re-name Instance Statistics as Usage Trends. !48183 ## 13.6.0 (2020-11-22) ### Removed (3 changes) - Removed ACE editor from the codebase. !46420 - Remove storage limit column from application settings. !46676 - Remove the ability to resole individual notes. !46775 ### Fixed (140 changes, 11 of them are from the community) - Fix rendering of markdown headings and floated images. !25442 (Gwen_) - Fix release assets link redirection. !35381 - Fix chatbot replies not including job log. !42010 - Show tar warning message when file/folder changed during backup instead of failing whole backup operation. !42197 - Remove default EKS Region dropdown in cluster create form. !43017 - Remove all records from `security_findings` table. !44312 - Add `position` column into security_findings table. !44815 - Render script newlines in CI Lint view. !45087 (Nejc Habjan) - Fix a race condition checking whether a project is read-only. !45160 - Limit number of times a background migration is rescheduled. !45298 - Improve project labels page card layout consistency. !45311 - Do not convert unicode versions of trademark, copyright, and registered trademark to emoji. !45457 - Gracefully recover from deleted LFS file. !45459 - Fix Bad Escape in Issue Board Empty State. !45465 (Kev @KevSlashNull) - Update cluster applications CI template to 0.34.1. !45487 - Fixed multi line comment options in parallel mode. !45557 - Removed not equal filter option for drafts on merge requests. !45649 - Fixed target branch not filtering. !45652 - Fix Merge Request "Edit in Web IDE" dropdown link on MR diffs page. !45653 - Handle malformed strings in URL. !45701 - Reset the pagination cursor when a search result filter changes. !45708 - Fix aria label on IDE tab close button. !45709 - Fix danger-secondary button in the Web IDE dark theme. !45714 - Removes the hamburger icon in the Changes tab in Web IDE. !45717 - Fix exception when saving Jira integration info for an instance. !45718 - Make sure the http_requests_total and http_request_duration_seconds metrics are not empty on application start. !45755 - Configure CSP for displaying Youtube videos in the Static Site Editor. !45767 - Render correct URLs for uploads in service desk issues when custom template is used. !45772 - Upgrade Workhorse to v8.52.0. !45778 - Fix project callbacks when propagating integrations. !45781 - Fix project import search box and make it case insensitive. !45783 - Remove the native styles for modal-dialog - Currently off center. !45789 - Fix when Feature Flags link is shown in search bar results. !45803 - Reset search results filters whenever a user changes scope. !45808 - Project Access Tokens - Delete project bot after token expires. !45828 - Paginate project_runners in ci_cd settings. !45830 - Fix bug with robots and .git suffix. !45866 - Block LFS requests on snippets. !45874 - Fix an N+1 issue in Packages::GroupPackagesFinder. !45875 - Fix sticky header issue status not syncing. !45895 - Download LFS files when importing from Bitbucket Server. !45908 - Fix viewing GitHub-imported diff notes in discussions. !45920 - Boards - Fix Milestone icon alignment in header. !45965 - Reduce whitespace on MR page header. !45966 - Fix CSS for To-Do List on mobile. !45969 (Takuya Noguchi) - Fix wide content overflow on Notebook output. !45971 - Fix auto-deploy-image fetches deprecated stable repository and causes an error. !45984 - Fixed long paths truncating in merge request sidebar incorrectly. !45994 - Remove positive tabindexes. !46003 - Remove "Report abuse" button from a merged Merge Request. !46031 (Takuya Noguchi) - Fix single file editor patch branch name. !46044 - Updated list view MR icon. !46059 - Tolerate UTF8 BOM character during frontmatter rendering. !46062 - Fix dropzone paperclip and loading icons. !46093 - Copyedit Project Issue Boards API docs. !46110 (Takuya Noguchi) - Fix typos when deleting a project repository. !46204 (Edstub207) - Enable rendering avatars with full url. !46206 - Fix bug accessing import route with no user. !46215 - Fix transaction usage in ContainerExpirationPolicyWorker. !46217 - Remove page_title from single project and group pages. !46223 - Skip GMA and SSO validation when creating project access tokens for project bots. !46257 - Make loading icon on feature flag edit page larger. !46268 - Allow semver versions in composer packages. !46301 - Don't return target-specific broadcasts without a current path supplied. !46322 - Fix tracking of frequently visited projects / groups. !46348 - Do not query snippet infromation on the new snippet's creation. !46355 - Populate missing `dismissed_at` and `dismissed_by_id` attributes of vulnerabilities. !46370 - Add CI Status CSS to the Environments Page. !46382 - Allow project storage to be updated when no repositories exist. !46385 - Add licensed check for wip limits. !46387 - Fix problems with Groups API search query parameter. !46394 - Fix QuickActions not working if written before a codeblock. !46401 - Resolve User stuck in 2FA setup page even if group disable 2FA enforce. !46432 - Job dropdown: Hide tooltip explicitly on click. !46465 - Fix loading current directory when changing branches. !46479 - Allow to apply group labels with service desk templates. !46492 - Fix CI artifacts not uploading with tracing enabled and without NGINX. !46513 - Fix logging handling for API integer params. !46551 - Bugfix email notification recipients for comments on Designs. !46642 - Fix linebreak issue in last commit anchor. !46643 - Upgrade fog-google to v1.11.0. !46648 - Fix 'File name too long' error happening during Project Export when exporting project uploads. !46674 - container registry: show delete selected button on medium viewports. !46699 - Improve thread safety of Ci::BuildTraceChunk data stores. !46717 - Fix 404 error from Commit Signature API when using Rugged. !46736 - Fix example responses for Project Issue Board creation API in the docs. !46749 (Takuya Noguchi) - Autofocus on search input within labels dropdown after labels are loaded. !46750 - Fix example responses for Group Issue Board creation API in the docs. !46760 (Takuya Noguchi) - Make the Merge Train process flow more resilient by always refreshing merge requests from beginning. !46768 - Show "No user list selected" in feature flags. !46790 - Skip disabled features when importing a project from Gitea. !46800 (John Kristensen (@jerrykan)) - Fixed create merge request dropdown not re-opening after typing invalid source branch. !46802 - Fix broadcast notification close icon appearance. !46804 - Fix remove label inconsistency. !46805 - Assign new incoming diff lines for renamed files to the correct view type. !46823 - Display submodules in MR tree and file header. !46840 - Fix empty state message in explore projects page. !46860 - Better-behaved tooltips in pipeline dropdown. !46866 - Ensure security report is displayed correctly in merge requests with a lot of CI jobs. !46870 - Fix code lines being cut-off on failed job tab. !46885 - Populate values for `has_vulnerabilities` column of `project_settings` table. !46890 - Fix group destroy not working with Gitaly Cluster. !46934 - Fix setting Comment detail for Jira and modal for groups. !46945 - Fix retried builds icon sprite to use css_class. !46955 - Remove unnecessary expand sha button in pipelines page. !47012 - Fix operations settings when Pipelines are disabled. !47062 - Fix duplicate epic iids and add uniqueness constraint. !47081 - Fix relative path not found on production web server. !47090 - Moved template warning below type. !47103 - Fix top margin in new project page. !47109 - Make delete repo prompts consistent. !47117 - Make register_instructions optional for RunnerSetup. !47123 - Fix milestones param validation for releases API PUT method. !47169 - Fixed create branch button not hiding when issue is closed. !47187 - Fix config variables when having includes. !47189 - Handle nullbytes in auth headers. !47206 - Fix error when updating releases with milestone associations through the UI. !47222 - Fixed diff metadata endpoint being called twice. !47265 - Fix pipeline security tab filters not showing. !47294 - Fix unified component inline display. !47345 - Fix secure MR widget colors in dark mode. !47352 - Fix status emoji tooltip trigger. !47378 - Fix workflow:rules not accessing passed-upstream and trigger variables. !47399 - Fix internal lfs_authenticate API for non-project repositories. !47404 - Fix alerts integration list Snowplow tracking event. !47413 - Resolve Suggest Pipeline flow second step not loading. !47419 - Fix overly aggressive prevent call. !47455 - Fix syntax highlight issue with regular expressions. !47469 - Stop finding commit with empty ref. !47497 - Fix issues list when due date parameter is invalid. !47524 - Bump versions of secrets and klar in the Secure-Binaries template. !47531 - Fixed copy contents functionality for snippets. !47646 - Reject incomplete multibyte chars in UTF8 params. !47658 - Fix deploy token permissions for write_package_registry. !47675 - Fix comment cells not rendering in unified component inline view. !47693 - Replace poorly performing auth event providers query in usage ping. !47710 - Do not fail when cleaning up MR with no repository. !47744 - Clear cached merge_ref_sha on reopen. !47747 - Refactor and UI-polish around activity calendar on user profile. !47797 (Takuya Noguchi) - Fix for missing user info for Terraform State. !47814 ### Deprecated (1 change) - Deprecate support for Elasticsearch 6.x. !45619 ### Changed (143 changes, 5 of them are from the community) - Match Jira users by email, username or name on jira issues import. !33883 - Use global IDs for GraphQL arguments accepting sentry IDs. !36098 - GraphQL Snippets: use Global-ID scalar. !36117 - Add Google Tag Manger to sign in/up and trial pages. !38395 - Prune loose objects during git garbage collection. !39592 - Throttle container cleanup policies execution by using a limited capacity worker. !40740 - Update leave group modal to gl-modal. !41817 - Split sign in and sign up pages. !42592 - Improve messaging for emails from alerts. !43054 - Replace fa-check icons with GitLab SVG check icon. !43353 - Manually collapsed diff files are now significantly shorter and less visually intrusive. !43911 - Update change username modal. !44325 - Add support for search and inclusion of project labels within Group Labels API. !44415 - Add usage ping for unique users importing issues via CSV. !44742 - Add default regexes and prevent blank regexes for container cleanup policies. !44757 - Enable Sidekiq argument logging by default. !44853 - Search Autocomplete add GFM support for issues. !44930 - New group and project invite mail design. !44940 - Make the repository read-only while running cleanup. !45058 - Use existing group label when promoting project label. !45122 - Update Rack to v2.2.3. !45183 - Remove feedback alert from on-demand scans form. !45217 - Expand scope of coverage badge query to all successful builds. !45321 - Forbid top-level route sitemap.xml. !45359 - Update GraphQL input ids for Board Lists and Issues to be more type specific. !45398 - Update copy branch keyboard shortcut to click sidebar button. !45436 - Rename "a whole number" to "an integer number" in feature flags strategies. !45444 - Expose humanTimeEstimate and humanTotalTimeSpent via graphql. !45508 - Add link to the note on the email sent after adding a comment on an issue. !45511 - Add usage ping for unique users importing groups and projects via the group migration tool. !45536 - Remove resolve comment functionality. !45549 - Render 404 to search engine crawlers instead of redirecting to login. !45552 - Use GitLab SVGs in audit_icon helper. !45562 - Remove temp index on job artifacts. !45565 - Move test report system output to modal. !45575 - Generate a longer Kuberntes Agent Token by default (was 20 characters, now 50). !45620 - Update system note when marking merge request as draft or ready. !45644 - Replaced GlDeprecatedBadge for GlBadge in requirements tabs. !45647 - Add EC2 to AutoDevOps template. !45651 - Replace external-link icons with GitLab SVG. !45685 - Update loading icon for buttons used in MR's set to merge automatically. !45693 - Add fuzzy-search on full path in Groups API. !45729 - Minor UI improvements to Wiki Delete Page button and modal. !45740 - Add canonical link for default explore route. !45746 - Replaced GlDeprecatedBadge for GlBadge in environment header. !45768 - Replace fa-refresh icon with GitLab SVG. !45777 - Allow user snippets to be indexed by search crawlers. !45793 - Add total count to Terraform state GraphQL API. !45798 - Adds feature flag to disable package events. !45802 - increase allowed dotenv variables from 10 to 20. !45815 (jrreid) - Remove search_filter_by_confidential Feature Flag. !45819 - Replace fa-caret-down with chevron-down SVG in pipeline action buttons. !45881 - Add new search params to metadata. !45896 - Add suggest pipeline for viable merge requests without pipelines. !45926 - Change permanent routable redirect to 301. !45980 - Disallow realtime_changes route in robots.txt. !45986 - Limits the Deploy Boards data to 10 MB. This change is enabled by default behind a feature flag. !46043 - Migrate DeprecatedModal to GitLab UI Modal for promoted labels. !46047 - Remove admin_approval_for_new_user_signups feature flag. !46051 - Show error in pipeline when API Fuzzing not licensed. !46064 - Improving Container Registry Delete Tags Service to log number of successfully deleted tags even if deletion process was interrupted by a timeout. !46079 (Maksim Stankevic, @maksimstankevic) - Remove scanned_resources_count column from security scan. !46108 - Resolve request IP address on audit event. !46114 - Disallow /autocomplete/projects route in robots.txt. !46115 - Disallow WebIDE route in robots.txt. !46117 - Replace fa-chevron-up with GitLab SVG icon. !46118 - Pre-fetched GraphQL queries for snippet view. !46130 - Make all Project Issue Boards API available even in CE. !46137 (Takuya Noguchi) - Move Personal Access Token API to Core. !46145 - Update stop all jobs modal to latest modal. !46157 - Replaced GlDeprecated Badge in clusters.vue. !46165 - Update whitelist/blacklist to allowlist/denylist in Signup restrictions window. !46168 - Use allowlist/denylist in application settings backend. !46170 - Update detailed_metric.vue modal to match Pajamas guidelines. !46183 - Use toasts for wiki notifications. !46201 - Refresh design zooming buttons. !46205 - Replace fa-warning icons with GitLab SVG warning-solid icon. !46214 - Disallow some project routes in robots.txt. !46218 - Improve empty search results message for group and project scopes. !46237 - Add minimal access users to group members api endpoints. !46238 - Replace ACE with Editor Lite. !46250 - Use CodeQuality 0.85.18 in the CI template. !46253 - Add rate limit bypass. !46259 - Use Helm 3 by default for GitLab-managed apps in new clusters. !46267 - Update diff_max_patch_bytes from 100kb -> 200kb. !46276 - Expand Diff File collapsed UI to be significantly more obvious. !46286 - Use standard loading state for Design Upload button. !46292 - Allow for return of scoped broadcast messages on shell. !46333 - Add filtering by recorded date to instance statistics measurements GraphQL API. !46344 - Background migration for setting Jira tracker data deployment type. !46368 - Use updated base report for CodeQuality MergeRequest widdget. !46384 - Make files header responsive and remove truncate name. !46406 - Switch to admin clusterRole for GitLab created environment Kubernetes service account. !46417 - Require Git v2.29.0. !46433 - Generate canonical url and remove trailing slash. !46435 - Moves projects_with_error_tracking_enabled ping usage to Core. !46556 - Mark Sidekiq queue selector as no longer experimental. !46562 - Add new incident counts to usage ping. !46602 - Added code coverage regex for Scala Scoverage. !46638 (opensorceror) - Show error in pipeline when Coverage Fuzzing not licensed. !46652 - Forbid top level route sitemap. !46677 - Package details: on mobile show all the tags. !46679 - Add message in CI linter that it was validated with all the includes. !46713 - Reschedule again background migration which convers 'blocked_by' issue links to 'block'. !46770 - Load CI lint checks without refreshing the page. !46801 - Show code quality severity rating in the merge request details page. !46829 - Move "New subgroup" and "New project" out of the dropdown into individual buttons. !46907 - Admin approval required on user registration by default. !46937 - Update merge request search results design. !46944 - Add emailsDisabled field for issue type. !46947 - Enable 'instance_statistics' feature flag by default. !46962 - Update image upload path (SSE). !46967 - Changes limit for lsif artifacts to 100MB. !46980 - Add user info to Terraform State List. !46984 - Improve the container registry client tags delete method. !46989 - Filter GitHub projects to import using GitHub Search API. !47002 - Add BulkImport::Tracker to store the pagination information of the Group Migration (BulkImport) requests. !47009 - Use new image details API in container registry details. !47054 - Hide apply suggestion button for anonymous users. !47071 - Change the mutation and permissions for image note reposition. !47161 - Extend GraphQL API to commit to a new branch in a single operation. !47203 - Add region field to AWS Role. !47209 - Cache repository raw endpoint. !47225 - Update the tag name field helper text on the Edit Release page. !47234 - Make Terraform/Base.latest.gitlab-ci.yml template safer to use in projects that have non-terraform jobs. !47254 - MR Analytics: Fix chart tooltip covering filter dropdown. !47274 - Replace fa-check icon in custom notifications. !47288 - Use dedicated signing key for CI_JOB_JWT by default. !47336 - Replace fa-check icon in importer status. !47373 - Add pagination to Terraform list view. !47412 - Add new text and tab name for DAG. !47415 - Enable `vue_group_members_list` feature flag by default. !47427 - Improve the look of wikis in search results. !47470 - Dependency proxy feature is moved to GitLab core. !47471 - Remove ci_trace_new_fog_store feature flag. !47522 - Make schema breadcrumb urls absolute. !47523 - Add type annotation for snippet resolvers. !47548 - Remove feature flag to enable tracking unique test cases parsed globally. !47662 - Replace font-awesome icons in prometheus config. !47713 - Replace fa-chevron-down in dropdown button. !47758 - Replace fa-exclamation-triangle in markdown field MERGE_REQUEST_ID. !47786 - Update rack-oauth2 to v1.16.0. !47839 (Vincent Fazio @vfazio) - Replace fa-chevron-down in project level VSA. !47885 ### Performance (14 changes, 2 of them are from the community) - Don't refresh all discussions for a new diff note on a merge request. !43015 - Add default_branch to ci_daily_build_group_report_result. !45702 - Upgrade labkit to 0.13.1. !45788 - Add Caching to BitBucket Server Import for pull requests. !45790 (Simon Schrottner) - Resolve admin/license timeout on large instances. !46336 - Gracefully degrade when counting takes too long for a filtered search. !46350 - Add Batch Support for Importing Pull Requests from Bitbucket. !46696 (Simon Schrottner) - Schedule clean up of merge request refs efficiently. !46758 - Only set an ETag for the notes endpoint after all notes have been sent. !46810 - Parallelize the removal of expired job artifacts. !46971 - Fix pipelines chart query timeout. !47069 - Add NULLS LAST to index on merge request metrics. !47300 - Add missing expression indexes. !47424 - Enable HTTP caching of repository raw, archive, and avatar endpoints. !47430 ### Added (119 changes, 6 of them are from the community) - Show build status in tag list. !34307 (Lee Tickett) - Enable the ability to upload images via the SSE. !36299 - Add webhooks for feature flag. !41863 (Sashi) - Add until_executed deduplication strategy. !42223 - Add support for .md.erb files in Static Site Editor. !42353 - Add install GitLab runner popup. !42877 - Add Default Initial Branch Name for Repositories Group Setting. !43290 - Update the milestone dropdown combobox to display separated sections and badge counters. !43427 - Jira Connect automatically synchronizes up to 400 existing merge requests per project when a namespace is connected. !43880 - Add CI JWT signing key to application_setings. !43950 - Add GraphQL endpoints to lock, unlock and delete Terraform states. !43955 - Add ability to sort releases on Releases page. !43963 - Debian RFC822 and .deb metadata extractor. !44029 (Mathieu Parent) - Add assignees multiselect wrapper. !44087 - Show the environment link on alert details page. !44130 - Associate multiple pipelines with packages and package files. !44348 - Add a stop review job for ECS. !44717 - Add assignee dropdown to group issue boards. !44830 - Add Total Duration to CI/CD Analytics Page. !44863 (Kev @KevSlashNull) - Add webhooks for creating and updating a release. !44881 (David Barr @davebarr) - GraphQL API for listing container repositories. !44926 - Add ability to sort search results for issues and merge requests. !45003 - Add db index for DastSiteValidation#state. !45019 - Store test failure data when build finishes. !45027 - Add GraphQL burnup endpoint under milestone and iteration reports. !45121 - Add hostname to GitHub import API. !45188 - GraphQL: Adds downstream, upstream, source job, path, and project to PipelineType. !45212 - Associate Terraform state versions with the CI job that created them. !45347 - Add sha256 and file count to pages_deployments. !45522 - Add basic top level keys license, settings, and counts_weekly for usage data payload. !45540 - Allow sorting of releases from GraphQL. !45577 - UsageData for issues added/removed/edited. !45609 - Enable dashboard security discover button and ignore feature_filter_type column cleanup. !45636 - Add Support for Canary-Weight ingress annotation via API. !45637 - Add default sitemap generator for gitlab-org group. !45645 - Add new Terraform state list page. !45700 - Add Search for User Lists in Strategy. !45820 - Add jobs field with secureReportTypes argument to Ci::PipelineType. !45837 - Add latest version field to Terraform state GraphQL type. !45848 - Add repository_read_only column to Snippets. !45868 - Add availability to user status. !45888 - Add secret detection token revocation columns. !45912 - Add `has_vulnerabilities` column into project_settings table. !45944 - Email user on admin account approval. !45947 - Add API post /invitations by email. !45950 - Add repositionImageDiffNote GraphQL mutation to specifically reposition DiffNotes on images. !45958 - Create snippet_repository_storage_moves database table. !45990 - Expose issue updated by on GraphQL. !46015 - Allow to create todo on GraphQL. !46029 - Add API get /invitations for project and group. !46046 - Migrate Configure Feature Flags Modal to GitLab UI. !46055 - Add User-Agent to web hook service. !46070 - Add links to GraphQL release object for searching related issues and merge requests. !46161 - Migrate Alert Service to HTTP Integrations model. !46188 - Determine image relative paths. !46208 - Add releaseCreate mutation to GraphQL endpoint. !46263 - Add migration to populate pipeline_id in Vulnerability Feedback. !46266 - Add a /draft alias to the /wip quick action. !46277 - Add usage ping for web users of geo secondaries. !46278 - Enable refactored union set operator. !46295 - Add userDiscussionsCount to issues and merge requests GraphQL. !46311 - Add a service for token revocation. !46356 - Forward deployment, add modal to warn users on Retry action. !46416 - Expose moved and movedTo attributes in Issues query. !46447 - Add merge request description templates to Static Site Editor. !46488 - Add container repositories API. !46495 - Track usage of CI Secrets Management (Vault secrets). !46515 - Added GraphQL mutation for creating project and group labels. !46534 - Add total projects imported usage ping. !46541 - Add structured markup for users. !46553 - Container repository details GraphQL API. !46560 - Add iid column to design_management_designs. !46596 - Add search param to Users GraphQL type. !46609 - Add metric count for projects with alerts created. !46636 - Add ability to sort to search API. !46646 - Enable MR CSV export. !46662 - Upgrade GitLab Pages to 1.29.0. !46665 - Add merge requests filters for filtering by environments and deployment dates. !46683 - Add projects_with_enabled_alert_integrations usage ping. !46693 - Remove graphql_lazy_authorization feature flag. !46819 - Allow setting the value of 'require_admin_approval_after_user_signup' via Settings API. !46851 - Add structured data for projects. !46858 - NPM project level API. !46867 - Send email notifications to admins about users pending approval. !46895 - Monokai theme for the Web IDE. !46901 - Enable issue and MR stat links on release progress review. !46910 - Default enable new_pipeline_form. !46915 - Add tooltips to design buttons. !46922 (Lee Tickett) - Account for uploads as part of used repository storage. !46941 - Add SEO schema markup to breadcrumbs. !46991 - Add locked and confidential badge to issue sticky header. !46996 - Add Web IDE Solarized Light theme support. !46999 - Add POST project CI lint API endpoint. !47026 - Display Group SAML provider ID in admin. !47034 - Adds warnings to API response for /lint. !47037 - Filter jobs by security report type in GraphQL. !47095 - Update container_scanning to version 3 to support FIPS. !47099 - Adds rake task to generate package events file. !47118 - Add container repository destroy GraphQL mutation. !47175 - Add search assignees to group issue boards. !47241 - Add Redis version to admin page. !47242 - Add CI job to Terraform state version GraphQL type. !47339 - Add pipeline to CI job GraphQL type. !47347 - Add group-level integration management for external services. !47391 - Add cloud_license_auth_token column to application_settings. !47396 - Add user callout to alert admins that registration is open by default. !47425 - Include aggregated git-write usage counts. !47511 - Add cleanup status field to graphQL ContainerRepositoryType. !47544 - Global Search - Left Sidebar. !47561 - Add group name and link in admin identities. !47563 - Implement including multiple files from a project. !47609 - Expose GraphQL API for managing HTTP alerting intergations. !47687 - Convert issue header actions to an ellipsis dropdown menu. !47690 - Add alerting support for custom dashboards. !47704 - Support fuzzing HTTP headers with API Fuzzing. !47727 - Store pages content in zip format. !47763 - Upgrade GitLab Pages to 1.30.0. !47780 - Add variable expansion to rules:changes. !47783 - GraphQL: Expose uploads_size for project_statistics and root_storage_statistics. !47820 ### Other (68 changes, 26 of them are from the community) - Migrate .fa-spinner to .spinner for app/helpers. !25033 (nuwe1) - Remove new_variables_ui feature flag. !41412 - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/error_tracking. !41420 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/monitoring. !41422 (nuwe1) - Replace Deprecated Dropdown in Container Registry Explorer Page. !41425 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/snippets/components/snippet_header.vue. !41428 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/vue_merge_request_widget. !41429 (nuwe1) - Migrate-Bootstrap-dropdown-to-GitLab-UI-GlDropdown-in-app/assets/javascripts/jobs/components/stages_dropdown.vue. !41452 (nuwe1) - Replace v-html with GlSprintf in notes/.../discussion_filter_note.vue. !41482 (Takuya Noguchi) - Update to Ruby v2.7.2. !44223 - Update haml_lint from 0.34.0 to 0.36.0. !44914 (Takuya Noguchi) - Update Web IDE pipelines panel to use our design system component. !45007 (matejlatin) - Replace existing Image Resizing FFs with a single of `ops` type enabled by default. !45050 - Remove Cycle Analytics message from en i18n message. !45178 (Takuya Noguchi) - Specify primary key for tables without. !45198 - Update Tooltip in Groups to use gl-tooltip. !45305 - Print Ruby version in console greeting. !45370 - Fix Rails/SaveBang offenses for spec/services/* and spec/sidekiq/*. !45391 (matthewbried) - Migrate collapsed notification tooltip. !45453 (artychan) - Add database view for partitioned tables. !45591 - Add database view for partitions. !45592 - Remove duplicated BS display properties from Issue. !45628 (Takuya Noguchi) - Replace quick_submit BSTooltip with GlTooltip. !45638 (Kristin Brooks @kristinbrooks) - Add migration to add a new configuration option for setting the new user signups count. !45643 - Remove unnecessary index on services for usage data. !45655 - Update GitLab Runner Helm Chart to 0.22.0. !45664 - Replace bootstrap classes for alerts in ping consent. !45723 - Add `analytics_devops_adoption_segment_selections` and `analytics_devops_adoption_segments` database tables. !45748 - Refactor secondary_navigation_elements.scss. !45763 (Takuya Noguchi) - Migrate toggle replies widget from Bootstrap to GlButton. !45780 - Simplify CSS for Merge Requests (list). !45785 (Takuya Noguchi) - Add auto_rollback_enabled column to project_ci_cd_settings table. !45816 - Add merge trains enabled setting to project ci cd settings. !45834 - Fix incorrect code in Load Performance Testing docs. !45877 - Migrate services specs to consider admin mode. !45988 (Diego Louzán) - Migrate tooltip in app/assets/javascripts/vue_merge_request_widget/components/mr_widget_author.vue. !46034 - Migrate Bootstrap buttons to GitLab UI buttons for attach a file form actions. !46041 - Replace chevron-down fa-icon in board sidebar. !46075 - Replace down chevron on invite member/group. !46076 - Clarify that external users cannot access all internal projects, groups, and snippets. !46087 (Ben Bodenmiller (@bbodenmiller)) - Declare and assign variable separately in Shell Script. !46121 (Peter Dave Hello @PeterDaveHello) - Execute `exit 1` when shell script `cd` fails. !46122 (Peter Dave Hello) - Migrate tooltip in app/assets/javascripts/ide/components/commit_sidebar/list.vue. !46148 - Migrate tooltip in app/assets/javascripts/vue_merge_request_widget/components/mr_file_icon.vue. !46156 (46156) - Migrate tooltip in app/assets/javascripts/vue_shared/components/awards_list.vue. !46171 - Replace close button in Scheduling Pipelines user notice with GlButton. !46264 - Add performance marks and measures to the MR Diffs app at critical moments. !46434 - Corrected grammar in Sign-in restrictions text. !46500 - Update access token fields to new input style. !46569 - Rename "cycle analytics" with "value stream analytics" under /spec. !46613 (Takuya Noguchi) - Resolve Implement GraphQL Startup.js for Design Management app. !46660 - Bump workhorse to 8.53.0. !46666 - Remove columns no longer used for replicating terraform state. !46742 - Backfill cleanup schedules for old closed/merged MRs. !46782 - Bump gitlab-shell version to 13.12.0. !47084 - Remove duplicated BS display properties from Merge Request title. !47124 (Takuya Noguchi) - Remove duplicated BS display properties from various Diffs. !47125 (Takuya Noguchi) - Expand postgres_indexes view. !47304 - Update terminal empty state alert to gl component. !47340 - Guard against existence of project_features.requirement_access_level in migration. !47458 (Lee Tickett) - Replace mirror chevron down icon with svg. !47459 - Update chevron-down icon on project branch page. !47460 - Update button styles in project tree header. !47562 - Update button styles in blob header. !47571 - Update icons to svg for issuable pages. !47596 - Update Workhorse version to 8.54.0. !47625 - Update GitLab Shell to v13.13.0. !47875 - Change wording on the project remove fork page. !47878 ## 13.5.5 (2020-12-07) ### Security (10 changes) - Validate zoom links to start with https only. !1055 - Require at least 3 characters when searching for project in the Explore page. - Do not show emails of users in confirmation page. - Forbid setting a gitlabUserList strategy to a list from another project. - Fix mermaid resource consumption in GFM fields. - Ensure group and project memberships are not leaked via API for users with private profiles. - GraphQL User: do not expose email if set to private. - Filter search parameter to prevent data leaks. - Do not expose starred projects of users with private profile via API. - Do not show starred & contributed projects of users with private profile. ## 13.5.4 (2020-11-13) ### Fixed (4 changes) - Fix Vue Labels Select dropdown keyboard scroll. !43874 - Hashed Storage: make migration and rollback resilient to exceptions. !46178 - Fix compliance framework database migration on CE instances. !46761 - Resolve problem when namespace_settings were not created for groups created via admin panel. !46875 ## 13.5.3 (2020-11-03) ### Fixed (3 changes) - Fix IDE issues with special characters. !46398 - Ensure that copy to clipboard button is visible. !46466 - Auto Deploy: fixes issues for fetching other charts from stable repo. !46531 ### Added (1 change) - Add environment variables to override backup/restore DB settings. !45855 ## 13.5.2 (2020-11-02) ### Security (9 changes) - Add CSRF protection to runner pause and resume. !1021 - Do not expose Terraform state record in API. - Path traversal to RCE via LFS upload. - Update container_repository_name_regex to prevent catastrophic backtracking. - Validate nuget package names. - Prevent private repo from being accessed via internal Kubernetes API. - Validate each upload param key in multipart.rb. - Fix XSS vulnerability for job build dependencies. - Fix unauthorized user is able to access schedule pipeline variables and values. ## 13.5.1 (2020-10-22) ### Other (1 change) - Update GitLab Shell to v13.11.0. !45660 ## 13.5.0 (2020-10-22) ### Security (1 change) - Update GitLab Runner Helm Chart to 0.21.1. ### Removed (3 changes, 2 of them are from the community) - Drop Iglu registry URL column. !42939 - Remove coverage_report_view feature flag. !43711 (David Barr @davebarr) - Remove release_evidence_collection feature flag. !44234 (David Barr @davebarr) ### Fixed (118 changes, 9 of them are from the community) - Include builds from child pipelines in latest sucessful build for ref/sha. !29710 - Fix branches_to_be_notified API param for hangouts chat service. !35599 - Add empty dependencies value to ECS Deploy job. !36862 - Fix issues with optional merge requests approval in CE. !42119 (Pavel Kuznetsov) - Fix type of SentryErrorType global ID. !42185 - Remove linux arch only rule for coverage fuzzing. !42316 - Do not show retried builds in the MR code coverage. !42402 (Simon Lenz @koala7) - Does not refresh project/snippet statistics on a read-only instance. !42417 - Rendering trailing slash in reference links (issue 205151). !42484 - Remove retry icon on failed job if merge pipeline. !42495 - Designs: return an error if uploading designs with duplicate names. !42514 (Sushil Khanchi) - Unit Test Report: Fix icon for errored status. !42540 - Copy designs to issue when an issue with designs is moved. !42548 - Fix triggering multiple children pipeline with the same artifact. !42595 - Fix caret sizes in navigation. !42605 - Revert required encryption on CI runner tokens. !42623 - Fix Markdown "Preview" tab on New/Edit Release and New Snippet pages. !42640 - Fixed a bug causing 'Missing author note' to be added to notes for mapped users when importing project using GitLab Import. !42648 - Hides batch suggestions button if there is only 1 suggestion. !42681 - Fix GraphQL token authentication when installed under a relative URL. !42706 - Update pipeline failed notification e-mail warning. !42736 - Fix clickable width of release asset links. !42757 - Fix size of edit button on releases page. !42779 - Move before_script into script for CQ template. !42782 (Vicken Simonian @vicken.papaya) - Resolve Error when quickly reordering designs. !42818 - Eliminate extra spacing on MR diffs from mobile/tablet screen. !42821 (Takuya Noguchi) - Fix migrating some empty diffs. !42825 - Fix filtering epics when sorting by dates. !42827 - Fix edge case when updating snippet with no repo. !42964 - Fix group deploy tokens permissions for package access. !43007 - Empty state Packages UI links to user docs. !43009 - Allow Unleash clients to request feature flags when repository is private. !43059 - Show incident list for users who can read issues. !43060 - Auto-accept TOS if project bot. !43067 - Fix checking of task lists when MR description starts with a blank line. !43125 - Fix iteration validation not checking parent groups. !43234 - Fix theme selector not working immediately for some themes. !43239 - Reset labels select search text on Enter. !43285 - Ensure JobWaiter keys always expire. !43320 - Make git lfs for push mirrors work to GitHub.com. !43321 - Fix incorrect HTTP response in deactivate user API for internal user. !43356 (Sashi Kumar) - Fix bug to allow container cleanup policies to properly run. !43359 - Delete project bot when token is revoked. !43373 - Allow to include project files in parent-child pipelines. !43404 - Fix button placement on pipeline graph. !43419 - Fix 500 error in block user API for internal user. !43461 (Sashi Kumar) - Fix Web hook deletion not working when many hook logs are present. !43464 - Fix copy_indexes migration helper skipping the opclass for indexes with operator classes defined for them. !43471 - Add markdown icon to more file extensions. !43479 - Fix suggested squashed messages for MR. !43508 - Ensure code search results link to searched ref. !43510 - Fix broken user avatars in Jira Development Panel. !43563 - Update database helpers to set the current_schema. !43568 - Remove project bot user membership when project access token expires. !43605 - Improve the Commit box on the Merge Request Changs tab when browsing per commit. !43613 - GraphQL: No longer allows to omit ID when querying for a single board. !43627 - Fix group deploy tokens to return all projects and work with the Maven group endpoint. !43628 - Fix GraphQL backward pagination when merge requests are ordered by merged_at. !43701 - Fix approvedBy filed in MR GraphQL API. !43705 - Customize value of note_target_type for designs. !43727 - Fix displaying a message when design copying is in progress. !43749 - Fix verifying LFS uploads with GitHub. !43852 - Fix Delete User dialog formatted strings. !43871 - Add cleanup migration for JobWaiter Redis keys. !43882 - Include Design Management git repositories in GitLab Backup. !43947 - Add fuzzy search support to labels dropdown. !43969 - Fix broken button default class. !43977 - Fix full screen comment button on snippets. !44083 - Allow unauthenticated users access to public Personal Snippets via the REST API. !44135 - Fix the ability to assign labels based on license feature availability. !44171 - Recover gracefully when issuable counts are too expensive. !44184 - Fix attach file button not working in description fields. !44216 - Fix design scale bug when navigating to a design after zooming. !44262 - Prefer server-provided authentication for LFS push mirroring. !44284 - Return nil when fetching a wiki page with invalid arguments. !44302 - Update Design thumbnail after uploading an image with the same filename. !44305 - Add tooltip for pipeline actions. !44317 - Ensure suggestion works for number text. !44332 - Update NuGet version validation to allow for extended versions. !44335 - Respect DNT when tracking experiments. !44420 - Fix merge conflict button text if "None" code style selected. !44427 (David Barr @davebarr) - Allow unauthenticated users access to public Project Snippets via the REST API. !44446 - Fix instance statistics GraphQL query with identifier. !44475 - Designs are moved with an Issue that is moved. !44524 - Fix Auto Deploy scale subcommand unintentionally recreates legacy PostgreSQL. !44535 - Fix emoji rendering in certain edge cases. !44542 - Return 422 error rather than 500 when composer.json is missing or malformed. !44587 (David Barr @davebarr) - Use optimistic locking to safely migrate a build trace chunk. !44588 - Avoid New Environment button glitching when changing tabs. !44603 - Perform git actions with a user with elevated git permissions during a design copy. !44662 - Align badge with avatar in MR List. !44671 - Fix regression when uploading / viewing binary files in the Web IDE. !44699 - Exclude policies with no container repositories when executing them. !44748 - Fix unnecessarily escaped merge error text. !44844 - Fix button row margin on empty project. !44860 - Add note about cross site cookies browser limitaion to Jira App page. !44898 - Allow re-sending invite to minimal access user. !44936 - Fix dark mode for boards and swimlanes. !44951 - Fix dark mode for milestones. !44952 - Add missing 90x avatar size for image scaling. !45025 - Allow size limit to be available by default in the project pages settings form. !45054 - Fixed incorrect parameter in GraphQL startup call. !45115 - Fix table border hover for incidents and alerts. !45117 - Fix Jira Connect App update webhooks. !45151 - Fix scoped label markdown padding. !45153 - Fix redirects to issue sidebar JSON when visiting the login page. !45194 - Revert of Background migration for setting Jira tracker data deployment type. !45205 - Delete any outstanding BackfillJiraTrackerDeploymentType. !45219 - Fix mobile view of filtering bar. !45226 - Fix the maven md5 upload endpoint. !45271 - Redirect when no user is signed in when updating registration. !45276 - Class and markup cleanup to prevent SVG header bar overlap in Static Site Editor. !45334 - Update to Rack v2.1.4. !45340 - Avooid opening 2 modals for enabling review app. !45361 - Fix undefined tooltip text flashing on clipboard icon. !45482 - Fix error when cleaning up MR with no head ref. !45504 - Disable target branch filter option on merge requests dashboard. - Fixed merge request tabs overlapping with system header. ### Deprecated (2 changes, 1 of them is from the community) - Set abuse_notification_email instead of admin_notification_email. !41319 (Hiromi Nozawa) - Drop column instance_statistics_visibility_private. !42969 ### Changed (141 changes, 11 of them are from the community) - Set default Referrer-Policy to strict-origin-when-cross-origin and set it in a header rather than HTML. !26065 (nhirokinet) - Background migration for setting Jira tracker data deployment type. !37002 - Update clipboard button to use Pajamas. !38421 - Parallelize removal of expired artifacts. !39464 - Update styling of design comment pins. !39797 - Update confidential form buttons to gl-button. !40893 - Replace bootstrap alerts in app/views/admin/broadcast_messages/_form.html.haml. !41271 (Gilang Gumilar) - Replace bootstrap alerts in app/views/import/shared/_errors.html.haml. !41288 (Gilang Gumilar) - Replace bootstrap alerts in app/views/projects/diffs/_warning.html.haml. !41295 (Gilang Gumilar) - Replace bootstrap alerts in app/views/profiles/accounts/show.html.haml. !41299 (Gilang Gumilar) - Replace bootstrap alerts in app/views/admin/projects/show.html.haml. !41389 (Gilang Gumilar) - Replace bootstrap alerts in app/views/projects/milestones/show.html.haml. !41396 (Gilang Gumilar) - Update lock form buttons to gl-button. !41454 - Updated Discard Changes button in WebIDE. !41899 - Migrate DeprecatedModal to GitLab UI Modal. !42113 - Migrate custom Tabs to GlTabs. !42236 - Revert justified-content-end settings buttons. !42273 - Add Web IDE as dropdown item to diff file edit. !42275 - Expose the option to use namespace-per-project instead of namespace-per-environment for Kubernetes clusters. !42309 - Split name to first and last name for signup. !42346 - Move job token specs to core. !42374 (Mathieu Parent) - Resolve Add filter capabilities to Incident list. !42377 - Remove angle brackets from empty name in U2F device settings. !42440 - Update sidebar operations order. !42493 - Add Gitpod enabled instance setting to Usage Data. !42563 - Add Gitpod enabled user setting to Usage Data. !42570 - Remove accept terms checkbox for signup. !42581 - Add user sign in indicator to Jira connect app. !42628 - Include monitoring tool from payload in system note for alert creation. !42631 - Rename Created to Published in package sort dropdown. !42677 - Breadcrumb like UI for project path in packages list. !42684 - Allow alerts to open on new tab. !42691 - Replace button component. !42716 - Add Issue Link to "Issue opened by" Integration Chat Message. !42785 (Kev @KevSlashNull) - Hide instance-level integrations on GitLab.com. !42808 - Remove banner that suggests Web IDE for editing gitlab-ci.yml. !42815 - Updated the admin and user SSH key delete confirmation to use GlModal. !42824 - Add confirmation modal on instance-level integration form. !42840 - Use Conan recipe as package name in package API. !42860 - Show wiki tree structure in sidebar and pages overview. !42867 - Allow member mapping to map importer user on Group/Project Import. !42882 - Migrate environments folder tabs to GlTabs. !42894 - Update pypi install command to work with external dependencies. !42916 - Allow designs to be added, changed, or destroyed on locked and moved issues. !42935 - Add a title section to the Package Registry UI. !42963 - Allow time tracking in incidents. !42965 - Feature flags form: Replace fa-chevron-down with GitLab SVG. !42968 - Create a set of models to store the temporary data needed for a bulk import. !42978 - Adjusted deactivation threshold from 180 to 90 days. !42989 - Fix profile scoped label CSS. !43005 - Store pipeline counts by status for instance statistics. !43027 - Remove internal fields from alert details table. !43076 - Add hosts field to alert detail table. !43087 - Update alert GFM reference in highlight bar. !43104 - Replace fa-search with GitLab SVG search icon. !43110 - Update programming language colors and metadata. !43111 - Global Search - Bold Issue's Search Term. !43124 - Replace fa-external-link with GitLab SVG in group folder. !43128 - Add sort by similarity to getProjects GraphQL call. !43136 - Improve two button review submit in merge requests. !43149 - Update user feedback to a dedicated page as opposed to solely a button with a loader. !43189 - Enable project access tokens on GitLab.com. !43190 - VSA: Replace fa-warning with GitLab SVG. !43262 - Add assignee usernames to issue resolver. !43294 - Create ComplianceManagement::Framework Model. !43301 - Add invitation declined page. !43305 - Move approval MR filter and quick actions to CE. !43326 (Pavel Kuznetsov) - Always set created_by_id when creating a user. !43342 - Description Templates: Replace fontawesome icons with GitLab SVGs. !43379 - Improve WebIDE error messages on committing. !43408 - Remove bootstrap usage from merge_requests/invalid. !43439 - Expose file path from XML Test Report artifact. !43594 - Always show the "Clear cluster cache" button among the advanced Kubernetes cluster configuration options. !43619 - Deprecate lowercase values for sort enums in GraphQL. !43650 - Replace double angle icons with GitLab SVG in issuables sidebar. !43655 - Set performance cookie to last for a year. !43692 - Add snippets to GitLab backups. !43694 - Restore snippet repositories from backups. !43696 - Update issue boards modal to gl-tabs. !43740 - Update nav icons to chevron-down. !43767 - Display alert for partially executed cleanup policies. !43831 - Show keep path for expired locked artifacts. !43866 - Replace fa-search fontawesome icons with GitLab SVG in Vue components. !43879 - Update toggle focus mode icon to gl-icon. !43888 - VSA: Replace fa-warning with GitLab SVG icon. !43994 - Add spam flag to snippet create/update mutations. !44010 - Include cached sql calls in performance bar. !44022 - Updated GraphQL mutation input ids to be more type specific. !44073 - Remove jquery tooltip API call from stop environment button. !44199 - Add filters on Milestone title in the GraphQL API. !44208 - Display conan recipe as package name on package detail page. !44294 - Respect Group's default branch name when present. !44370 - Enable automatic allocation of purchased storage. !44376 - Move remove board column button to sidebar. !44380 - Reposition wiki title on wiki pages. !44390 - Move wiki edit button inline with wiki title. !44391 - Allow users to navigate to the incidents show details page wrapper through `/issues/incidents/:id` from the Incident list. !44438 - Update delete badge modal to gl-modal. !44495 - Remove jquery tooltip from IDE activity bar. !44526 - Remove the `store_instance_statistics_measurements` feature flag. !44566 - Use GitLab SVG icons in file_type_icon_class helper. !44580 - Add pipeline_artifacts_size to RootStorageStatisticsType. !44595 - Copy project homepage default view for anonymous users. !44606 (George Tsiolis) - Handle the blacklisted ip error in the Go middleware. !44614 - Add limit to number of test cases parsed by JUnit parser. !44615 - Track unique wiki page views in Usage Ping. !44622 - Automatically expand diffs for merge requests with changes to a single file. !44629 - Move feature flags to core. !44642 - Indicate on signin page instance is self-managed. !44681 - Replace fa icon with GitLab SVG in repository preview. !44696 - Replace fa-file-text-o icons with GitLab SVG doc-text icon. !44706 - Replace bootstrap alert in app/views/shared/milestones/_top.html.haml. !44731 - Back-port free instance review for instances with 50+ users from EE Core to CE. !44770 - Search for python packages with normalized name to allow installs of packages with periods and underscores. !44807 - Update integration descriptions to not be project-specific. !44893 - Projects created from templates inherits integrations. !44932 - Update issue and MR sidebar labels to use Vue instead of Haml. !44942 - Replaced blob-content-edit with editor-lite compoennt for Snippet edit form. !44994 - Replace fa-chevron-down with GitLab SVG in project visibility settings. !45021 - Allow more naming conventions for VSA production environment. !45069 - GraphQL: Changes fields in detailedStatus to be nullable. !45072 - Truncate over-long alert fields instead of return error response. !45099 - Raise Puma Worker Killer RAM limits. !45116 - Replace fa icons in CI build table. !45123 - Replace switcher fa- icons in blob viewer models. !45124 - Replace fa-calendar icon with GitLab SVG. !45175 - Minor UI improvements to Wiki edit page. !45247 - Replace fa-angle-double-left and fa-angle-double-right icons with GitLab SVG. !45251 - Remove CSS that ligthens texts in the pipeline. !45253 - Support all stackprof profiling modes. !45277 - Allow automatically selecting repository storage on move. !45338 - Updated GraphQL note mutation input ids to be more type-specific. !45341 - Update GraphQL discussionToggleResolve mutation input id to be more type-specific. !45346 - Update GitLab-Shell to v13.9.0. !45358 - Replace fa-file icons with GitLab SVG document icon. !45380 - Migrate '.fa-spinner' to '.spinner' for 'awards_list.vue'. !45393 - Update gitlab-shell to v13.10.0. !45408 - Replace fa-bitbucket-* icons with GitLab SVG. !45437 - Replace fa-google with GitLab SVG. !45506 - Replace fa-github with GitLab SVG MERGE_REQUEST_ID. !45533 - Move diff header actions into dropdown menu. ### Performance (21 changes, 1 of them is from the community) - Improve n+1 in pipeline serializer for triggered pipelines. !42421 - Load issues tab in the milestone page asynchronously. !42473 - Add state_id index for merge_requests list. !42481 - Cleanup request http method/code metrics. !42618 - Optimise cleaning up LFS objects. !42830 - Modify time_period for last 28 days to improve batch counting performance. !42972 - Less inconsistent Edit links in sidebar. !43106 - Performance fix for issue placement. !43315 - Reduce cached SQL for JobsController#show. !43559 - Add index for project_id and sha to deployments table. !43836 - Don't expose http_request_duration_seconds metrics in sidekiq exporter. !43941 - Remove index on issues.relative_position. !43991 - Loads cropper css only when needed. !44137 - Preloading of Fontawesome Icon Font. !44282 - Remove duplicate index from the Vulnerabilities table. !44422 (Borivoje Tasovac @borivojetasovac) - Optionally use merge request metrics association for merge request diff stats in GraphQL. !44613 - Remove Sentry implementation to investigate performance impact. !44643 - Optimize the loading of diffStats in merge request GraphQL API. !44752 - Preload `user_notes_count` in MergeRequest GraphQL API. !44894 - Remove the commit count from the commits API. !44934 - Enable caching of markdown when viewing blob. !45367 ### Added (147 changes, 13 of them are from the community) - Add canonical links for moved/duplicated issues. !34604 - Change transfer, update and create services for groups and projects to take in consideration shared runners settings. !36080 (Arthur de Lapertosa Lisboa) - Add approval rules with approvers to usage ping. !36737 - Add index on ci_builds relation to improve Usage Ping metrics collection performance. !37581 - UI to disable shared runners by group. !39249 - Report auth events in manage stage usage ping. !39747 - Display youtube videos on the Static Site Editor. !39756 - Add LSIF to Go Auto DevOps gitlab-ci.yml. !40072 - Measure npm request forwarding usage. !40174 - Make URL links in job logs clickable. !40175 (Łukasz Groszkowski @falxcerebri) - Add No Access Role for top group members. !40942 - Clean up unused LFS objects during repository housekeeping. !40979 - Send chat notification when deployment starts. !41214 (Sashi Kumar) - Log failed BatchCount queries. !41552 - Add Group Import usage ping. !41663 - Add Sample Data. !41699 - Add Go(lang) to Packages. !41712 (Ethan Reesor (@firelizzard)) - Copy designs to new issue when issue is moved. !41714 - Add namespace setting to allow to mark if parent group allow subgroups to require 2FA. !41760 - Add cache:when keyword for ci yml config. !41822 - Adds package event tracking. !41846 - Add notification setting for merge request reviewers. !41851 - Track unique number of test cases parsed. !41918 - Introduce '.gitlab/static-site-editor.yml' config file, with support for 'static_site_generator' entry. !41957 - Migrate u2f registrations to webauthn registrations. !42159 (Jan Beckmann) - Add internal API to download LFS objects. !42161 - Add state field to DastSiteValidation. !42198 - Pre-Collapsed Sections in CI Job Logs. !42231 (Kev @KevSlashNull) - Improve issuable reaction search. !42321 (Ethan Reesor (@firelizzard)) - Show expanded CI config in CI lint API endpoint. !42380 - Display cluster list node information. !42396 - Validate not null file_store field on packages_package_files to maintain data integrity. !42400 - Add API endpoints to manage individual Terraform state versions. !42415 - Display Contributor badges on notes. !42576 (Mycroft Kang @TaehyeokKang) - Add expiration policy started at support in container repositories. !42598 - Add a REST API endpoint to list group's descendants. !42620 - Match against description and unicode character when autocompleting GFM emoji. !42669 (Ethan Reesor (@firelizzard)) - Add Debian API skeleton. !42670 (Mathieu Parent) - Use fuzzy matching for issuable awards. !42674 (Ethan Reesor (@firelizzard)) - Add Documentation URL to Admin Area. !42702 - Add close button to issue, MR, and epic sidebar labels. !42703 - Add :default_branch_name column to namespace_settings. !42778 - Add severity and published sorting for incident issues. !42800 - Replaced ACE with Editor Lite for CI linting. !42814 - Include `used_fields` and `used_deprecated_fields` in GraphQL logs. !42820 - Validate build traces using CRC32 checksums. !42829 - Reference pages_deployments in pages_metadata. !42834 - Display user project count on Admin Dashboard. !42871 - Add runner setup methods. !42878 - Add og:description meta tag to individual "Release" page. !42889 - Add validator for IP address/inet columns. !42893 - Add buttons in the Search page to clear Group and Project filters. !42897 - Update golang version in vendored Dockerfile template. !42917 - Strip markdown from og:description meta tags. !42918 - Add DesignCollection copyState GraphQL field. !42919 - Add projects_creating_incidents to usage ping counts. !42934 - Add project scoped CI lint API endpoint. !42998 - GrahphQL: Adds status to jobs, stages, and groups. !43069 - Destroy issue board list via GraphQL. !43081 - JS client for increment_unique_users API. !43084 - Add missing fontawesome file icon classes. !43091 - Adds button to update merge request draft status on merge request show page. !43098 - Sort incidents list by severity and published columns. !43121 - Update skeleton loader shape on releases pages. !43138 - Add security bot. !43147 - Redirect to documentation pages URL when configuration option is set. !43157 - Add on-demand DAST scan options (scanType, showDebugMessages, useAjaxSpider) ajax spider and set the scan type. !43240 - Enable snippet multiple files. !43246 - Add Debian regexps. !43259 (Mathieu Parent) - Add sort parameter to Issue and Merge Request scopes. !43295 - Add timeline toggle button for incidents comments. !43302 - Add Gitpod Spring Petclinic to Project Templates. !43319 - Allow a users public GPG Keys to be API accessible. !43332 - Add file name column to CI unit test report. !43338 - Add GraphQL endpoint for Terraform state metadata. !43375 - Store user mentions to DB. !43393 - Upgrade GitLab Pages to 1.26.0. !43416 - Remove graphql_lookahead_support feature flag. !43438 - Introduce 'image_upload_path' entry support for '.gitlab/static-site-editor.yml' config file. !43481 - Introduce 'mounts' entry support for '.gitlab/static-site-editor.yml' config file. !43485 - Introduce required_code_owners_sections table. !43573 - Adds flexible rollout strategy UX and documentation. !43611 - Add table for alert http integrations for project. !43634 - Add a database column to enable or disable the setting that puts newly registered users in a pending state, requiring admin approval for their activation. !43661 - Seed initial version for non-versioned terraform states. !43665 - API support for a specific GPG Key for given user. !43693 - Enable design management reference filter. !43731 - Add GraphQL mutation to create an issue. !43735 - Enable wiki events on git push. !43738 - Adds a Terraform.latest.gitlab-ci.yml to support quick development of Terraform related features. !43802 - Store pipeline counts by status for instance statistics. !43857 - Show labels origin path on project labels page. !43858 - Enable querying for merge requests within a group. !43863 - Add API Fuzzing plan limits db column. !43934 - Enable Gitpod button on file tree view. !43961 - Accept issue filters when getting board lists in GraphQL. !43968 - Add system note on incident severity change. !43998 - Move Tracing usage data ping to Core. !44006 - Update Add Members API to accept user_id array. !44051 - GraphQL: Adds scheduledAt to CiJob. !44054 - IDE editor - Adding syntax highlighting for terraform / hcl. !44056 - Allow to update issue state on GraphQL. !44061 - Add merge request title and description UI to Static Site Editor submission flow. !44071 - GraphQL: Adds action to DetailedStatusType and StatusActioType. !44088 - Feature Flags limits UX and documentation. !44089 - Add Incident Sla timer columns to DB. !44099 - Add the ability to insert a YouTube video. !44102 - Include LFS blobs in archives. !44116 - Add sorting parameters to Releases API. !44118 - Add product analytics for design created and modified events. !44129 - Upgrade GitLab Pages to 1.27.0. !44162 - Add the Alerts integrations table to Alert integrations settings in the Operations section. !44181 - Add Issuable Service Level Agreement (SLA) table. !44253 - Use Web IDE to create new files in empty repos. !44287 - Create an issue board via GraphQL mutation. !44298 - Status icons for alerts integratiosn list. !44318 - Added UsageData metrics for issues added/removed from Epics. !44371 - Added UsageData metrics for Issue designs' usage. !44373 - Add unattended database migration option. !44392 - Add feature flag for a phased rollout of cleanup policies. !44444 - Sync LFS objects when push mirroring over HTTPS. !44457 - Snowplow count of clicks on timeline toggle for incident comments. !44487 - Allow to move issues between projects on GraphQL. !44491 - Support ci_forward_deployment_enabled in edit API. !44510 - Preserve the merge request title and description in the static site editor upon modal close. !44512 - Schedule adding "Missed SLA" label to issues. !44546 - Add usage ping to count Static Site Editor views. !44573 - Move Tracing feature to Core. !44574 - Added new editor-lite Vue component. !44577 - Add Middleman Logo for Project Templates. !44617 - Allow groups to disable 2FA requirement for subgroups. !44712 - Editor Lite to saupport extensions in instance constructor. !44723 - Enable core_security_mr_widget feature flag by default. !44764 - Add apply button when user changes assignees. !44812 - Make alerts searchable by assignee username in GraphQL API. !44911 - Include PostgreSQL system identifier in usage ping. !44972 - Snowplow tracking of Incident details views. !45011 - Show origin path of labels on subgroup labels page. !45040 - Enable one_dimensional_matrix feature flag by default. !45086 - Add support for Generic packages. !45102 - Expose `created_at` in Group and Project members API response. !45156 (Rajendra Kadam) - Show all inherited labels in projects and subgroups. !45161 - Disallow NULL Bytes (U+0000) in requests. !45223 - Introduce 'admin approvals for new user signups' feature. !45233 - Upgrade GitLab Pages to 1.28.0. !45257 - Add vuex stores for milestone comboxbox. !45287 - Add support for manual bridges for CI pipelines. !45368 ### Other (114 changes, 53 of them are from the community) - Replace-GIDeprecatedDropdown-in-app/assets/javascripts/alert_management. !41409 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/ci_variable_list. !41413 (nuwe1) - Replace deprecated cluster dropdowns with updated dropdowns. !41414 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/confidential_merge_request/components/dropdown.vue. !41416 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/logs. !41421 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/pages/projects/graphs/components/code_coverage.vue. !41423 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_trigger_author_token.vue. !41424 (nuwe1) - Replace `GlDeprecatedDropdown` with `GlDropdown` in `app/assets/javascripts/repository/components/breadcrumbs.vue`. !41427 (nuwe1) - Replace `GlDeprecatedDropdown` with `GlDropdown` in app/assets/javascripts/vue_shared/components/split_button.vue. !41433 (nuwe1) - Replace GlDeprecatedDropdown with GlDropDown in timezone-dropdown.vue. !41434 (nuwe1) - Replace-GlDeprecatedDropdown-with-GlDropdown-in-ee/app/assets/javascripts/geo_node_form-and-ee/app/assets/javascripts/geo_replicable. !41438 (nuwe1) - Remove bootrap alert from gcp offer. !41814 - Update database index on namespaces for type and id. !42128 - Populate issues blocking_issues_count. !42277 - Move shared logic into utils. !42407 - Update button to gl-button on GitLab for Slack page. !42426 - Refactor the invites controller member method. !42727 - Set hook_log css to gl-button. !42730 (Mike Terhar @mterhar) - Remove an unnecessary element from every page. !42769 (Takuya Noguchi) - Revise tooltip text of note role badge. !42771 (Mycroft Kang @TaehyeokKang) - Fix Rails/SaveBang offenses for spec files in spec/services/milestones/*. !42775 (Rajendra Kadam) - Fix Rails/SaveBang offenses for spec files in spec/services/issuable/*. !42780 (Rajendra Kadam) - Fixes Rails/SaveBang cop for spec files in ee/spec/models/concerns/*. !42839 (Rajendra Kadam) - Update GitLab Runner Helm Chart to 0.21.0. !42844 - Notifications icon: Render empty string for custom setting. !42848 - Update GitLab Workhorse to v8.47.0. !42855 - Remove duplicate index on cluster_agents. !42902 - Fixes Rails/SaveBang cop for spec files in spec/models/concerns/*. !42942 (Rajendra Kadam) - Add issue_email_participants table and related model. !42943 - Add database view for postgres indexes. !42967 - Apply GitLab UI button styles to HAML buttons app/views/projects/blob. !42991 (Andrei Kyrnich @kyrnich) - Fixes Rails/SaveBang cop for spec files in spec/lib/gitlab/git/*. !43013 (Rajendra Kadam) - Migrate Recover hidden stage dropdown. !43032 - Remove unused cluster_providers_aws.created_by_user_id column. !43064 - Migrate badge list row buttons to new buttons. !43072 - Apply GitLab UI button styles to HAML buttons app/views/projects/forks. !43101 (Andrei Kyrnich @kyrnich) - Remove temporary index for fixing broken CS fingerprints. !43126 - Track statistics for index rebuilds. !43156 - Allow get approvals on merge request by GraphQL in CE. !43325 (Pavel Kuznetsov) - Apply GitLab UI styles to buttons in app/views/shared/labels directory. !43346 (Gary Bell @garybell) - Update IDE compare changes view button to link style. !43403 - Remove bootstrap from pages/form. !43442 - Update popover to gl-popover on WebIDE commit message. !43499 - Update GitLab Workhorse to v8.48.0. !43586 - Add gl-button class to import and cancel buttons for project member import page. !43620 (Gary Bell @garybell) - Update Design Management toolbar to use GitLab UI classes. !43682 - Remove type column on audit_events table. !43703 - Update button in modal_copy_button.vue to use GlButton from GitLab UI. !43714 - Migrate deprecated button to GlButton in ingress_modsecurity_settings.vue. !43717 - Migrate button in alert_widget_form.vue. !43720 - Migrate button in fluentd_output_settings.vue. !43724 - Apply GitLab UI button styles to HAML buttons app/views/projects/ci/builds. !43728 (Andrei Kyrnich @kyrnich) - Log CarrierWave::IntegrityError without sending exception. !43750 (gaga5lala) - Update node-sass from 4.12.0 to 4.14.1. !43808 (Takuya Noguchi) - Replace in-repo SVGs with @gitlab/svgs in Cycle Analytics. !43823 (Takuya Noguchi) - Add more issue change events to usage ping. !43828 - Limit postgres_indexes to owned schemas. !43834 - Add migration to validate design_management_designs.filename text limit constraint. !43952 - Enable track_unique_visits feature flag by default. !43989 - Update GitLab Workhorse to v8.49.0. !43999 - Rate limit documentation for non-configurable limits. !44003 - Fix spelling of PyPI. !44058 (Peter Bittner (@bittner)) - Apply gl-button class to projects/issues/export_csv directory. !44106 (Lakshit) - Apply GitLab UI button styles to buttons in app/views/sherlock/file_samples. !44109 (Lakshit) - Remove temporary index for container scanning findings. !44131 - Update doc links in app. !44134 - Add undo helpers for change_column_type_concurrently and cleanup_concurrent_column_type_change. !44155 - Add darkmode support for merge conflict page. !44168 - Remove jquery tooltip API call from delete environment button. !44191 - Add gl-button class to app/views/projects/deployments. !44203 (Lakshit) - Update Cycle Analytics with Value Stream Analytics in University. !44244 (Takuya Noguchi) - Apply GitLab UI button styles to buttons in app/views/invites directory. !44289 (Lakshit) - Apply GitLab UI button styles to buttons in app/views/admin/jobs directory. !44291 (Lakshit) - Apply GitLab UI button styles to buttons in app/views/projects/services/mattermost_slash_commands. !44293 (Lakshit) - Apply GitLab UI button styles to buttons in app/views/projects/commits directory. !44331 (Lakshit) - Apply GitLab UI button styles to buttons in app/views/shared/wikis directory. !44338 (Lakshit) - Apply GitLab UI button styles to buttons in app/views/projects/compare directory. !44342 (Lakshit) - Update buttons to use GitLab button class gl-button. !44361 (Gary Bell @garybell) - Track issue time tracking events in usage ping. !44404 - Fix Rails/SaveBang offenses for spec files in spec/support/shared_example/*. !44424 (matthewbried) - Bump mini_magick gem version. !44450 - Replace Font Awesome social icons with GitLab SVGs on user profile page. !44599 - Migrating deprecated buttons to GlButtons for modals that have not yet been migrated to the new GlModal component. !44611 - Add product analytics for group-level integrations. !44726 - Add migration helpers for copying check constraints. !44777 - Fix Rails/SaveBang offenses in spec/uploaders/* and spec/tasks/. !44820 (matthewbried) - Remove d-md-none/d-sm-none when d-sm-none/d-none exists. !44845 (Takuya Noguchi) - Remove duplicated BS display properties from Admin DevOps report' HAML. !44846 (Takuya Noguchi) - Remove duplicated BS display properties from Commit's HAML. !44847 (Takuya Noguchi) - Remove duplicated BS display properties from Diff's HAML. !44848 (Takuya Noguchi) - Upgrade gitlab-shell to v13.8.0. !44852 - Bump kubeclient to 4.9.1 which includes ability to integrate Kubernetes clusters where their API url is on a sub-path. !44856 - Remove an outdated comment. !44861 (Robin Dupret) - Migrate collapsed time tracking tooltip. !44874 - GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875 - Fix Rails/SaveBang offenses in spec/support/*. !44884 (matthewbried) - Track audit event searches via Snowplow. !44888 - Remove duplicated BS display property from Commit/Snippet's HAML. !44917 (Takuya Noguchi) - Update the copy in the insert image modal to align with copy guidelines. !44949 - Fix Rails/SaveBang offenses in spec/services/projects/*. !44980 (matthewbried) - Enable usage_data_api feature flag by default. !45004 - Copy profile route under - scope. !45045 - Replacing vue shared tooltip on calendar icon. !45059 - Remove duplicated BS display properties from Environments. !45167 (Takuya Noguchi) - Remove duplicated BS display properties from Pipelines. !45171 (Takuya Noguchi) - Populate blocking issues count. !45176 - Remove duplicated BS display properties from Issuables. !45177 (Takuya Noguchi) - Migrate auto devops message from bootstrap. !45221 - Update Rouge to v3.24. !45225 - Update GitLab Workhorse to v8.51.0. !45256 - Migrate blocked_by issue links to blocks type by swapping source and target. !45262 - Fix documentation link, spacing, and error handling in alert integrations list. !45304 - Replace tooltip with GLTooltip in epic sidebar datepicker. !45392 - Bump cluster applications CI template. !45472 ## 13.4.7 (2020-12-07) ### Security (10 changes) - Validate zoom links to start with https only. !1055 - Require at least 3 characters when searching for project in the Explore page. - Do not show emails of users in confirmation page. - Forbid setting a gitlabUserList strategy to a list from another project. - Fix mermaid resource consumption in GFM fields. - Ensure group and project memberships are not leaked via API for users with private profiles. - GraphQL User: do not expose email if set to private. - Filter search parameter to prevent data leaks. - Do not expose starred projects of users with private profile via API. - Do not show starred & contributed projects of users with private profile. ## 13.4.6 (2020-11-03) ### Fixed (1 change) - Auto Deploy: fixes issues for fetching other charts from stable repo. !46531 ### Other (1 change) - GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875 ## 13.4.5 (2020-11-02) ### Security (9 changes) - Add CSRF protection to runner pause and resume. !1021 - Do not expose Terraform state record in API. - Path traversal to RCE via LFS upload. - Update container_repository_name_regex to prevent catastrophic backtracking. - Validate nuget package names. - Prevent private repo from being accessed via internal Kubernetes API. - Validate each upload param key in multipart.rb. - Fix XSS vulnerability for job build dependencies. - Fix unauthorized user is able to access schedule pipeline variables and values. ## 13.4.4 (2020-10-15) ### Fixed (2 changes) - Fix rollback portion of migration that adds temporary index for container scanning findings. !44593 - Improve merge error when pre-receive hooks fail in fast-forward merge. !44843 ### Other (1 change) - Revert 42465 and 42343: Expanded collapsed diff files. !43361 ## 13.4.3 (2020-10-06) ### Fixed (3 changes) - Exclude 2FA from upload#show routes and 404s. !42784 - use create_wiki method on ensure_wiki_exists in update_service. !42910 - Fix large backups not working with Azure Blob storage. !44233 ## 13.4.0 (2020-09-22) ### Security (2 changes, 1 of them is from the community) - Update lodash to 4.17.20. !41036 (Takuya Noguchi) - Update GitLab Runner Helm Chart to 0.20.1. ### Removed (6 changes, 1 of them is from the community) - Remove secret_detection job from vendored SAST CI template. !40028 - Remove Docker-in-Docker mode from Dependency Scanning documentation. !40631 - Removes unused classes on initial Ci::Ref implementation. !41077 (Jacopo Beschi @jacopo-beschi) - Drop Docker-in-Docker mode for SAST and Dependency Scanning. !41260 - Remove application settings for Snowplow iglu registry url. !41556 - Remove Value Stream Total stage. !42345 ### Fixed (160 changes, 41 of them are from the community) - Conditionally render the packages scopes in deploy token settings. !35334 - Fix advanced filters in log explorer view for gitlab managed applications. !37926 - Fix RegExp for dotenv report artifact. !38562 - Fix composer 404 issues with http auth. !38641 - Update EKS Kubernetes versions. !38644 - Fix skipped status of DAG pipelines. !39205 - Fixes wrong MR pipeline link when FF-merge strategy is used. !39396 - Include also inherited project members in GraphQL API. !39444 - Refactor spec/support/shared_examples/services/* and ee/spec/support/shared_examples/services/* to fix Rails/SaveBang Cop. !39538 (Rajendra Kadam) - Removes extra spaces on MR/Epic tabs-containers on mobile. !39549 (Takuya Noguchi) - Milestone Dashboard: Move Gray Type Badge Next to the Milestone Title. !39617 (Kev @KevSlashNull) - Bug fix GraphQL file uploads accepting non-file input. !39763 - Fix Metrics dashboard embeds when using new URLs. !39876 - Respect original visibility for instrumented methods. !39951 - Take relative_url_path into account when building URLs in snippets. !39960 - Fix non-retrying bridges after retried builds in CI pipelines. !39989 - Support X-Envelope-To header as a location for Service Desk key. !40001 - Fix bug where conan does not properly check package channel when returning file download urls. !40029 - Fix example within file_hooks documentation. !40071 (Roger Meier) - Fix missing pipeline e-mails when job logs moved to object storage. !40075 - Bump gitlab-shell to v13.7.0. !40132 - Avoid raising errors when moving unpositioned items. !40152 - Refactor ee/spec/support/shared_examples/requests/* and spec/support/shared_examples/requests/* to fix Rails/SaveBang Cop. !40185 (Rajendra Kadam) - Fix Jira importer user mapping limit. !40310 - Fix design management Archive Selected button label. !40325 - Allow snippet move action without an existing file name. !40343 - Resolve Design comments: Text wrapping behavior. !40359 - Fix incorrect merge request diff file count after deletion. !40384 - Fix the broken CSS on the pipeline graph. !40386 - Fix tracking of frequently visited projects and groups. !40415 - Fix snippets edit not loading JSON values. !40417 - Fix incorrect project path warning after failed project path rename. !40422 - Ensure design comment is highlighted when comment is in URL. !40477 - Fixed merge request review styles not loading in FOSS. !40479 - Resolve Fix Resolved threads popup link and placement. !40489 - Fix create & manage label actions in Labels dropdown. !40511 - Always attempt retry of job trace read when file is missing. !40516 - Fix delete confirm message not displaying trailing spaces. !40549 - Fix reading some merge request diffs. !40598 - Fix snowplow tracking event error for new user invite page. !40628 - Fix file file input top position cutoff. !40634 - allow project bot account to clone through http. !40635 (Philippe Vienne @PhilippeVienne) - Fix spacing and borders in milestone title and description. !40649 - Don't send SameSite=None to incompatible browsers. !40667 - Remove the expiry on user passwords after a user resets their password. !40712 - Fix fork users cannot create pipelines in a fork project when parent project protects all branches. !40724 - Create IssueLink for Vulnerabilities that do not have them. !40726 - Fix auto-deploy-image external chart dependencies. !40730 - Fix client usage of max line rendering. !40741 - Fix docker file icon. !40785 - Fix GitLab file icon in Firefox. !40786 - Initialise charts when container display property is set. !40787 - Fix ActiveRecord::IrreversibleOrderError during restore from backup. !40789 - Fix the filtered search bar to work in the service desk issue list. !40797 - Validates pypi required_python size to avoid 500 error. !40803 - Fix wrong caching logic in ProcessRefChangesService. !40821 - Allow users with expired passwords to sign out. !40830 - Do not show all public groups in global notification settings page. !40879 - Flag errors from psql when restoring from backups. !40911 - Fix report abuse button in issues and mrs. !40918 - Fix issue causing 'Expand All' button to not work in MR diffs view (Remove `autoExpandCollapsedDiffs` feature flag). !40960 - Fix visibility param for ProjectSnippet REST endpoint. !40966 - Fixed an issue where not all URL query parameters would apply to the filter bar on initial load in the Value Stream Analytics page. !40975 - Make file upload button on MR edit page tab accessible. !40995 - Change merge request updated_at when assignees are changed. !41030 (Patrick Herlihy) - Fix deadlock in backup repositories rake task. !41042 - Change the warning message on project transfer to another namespace. !41059 (Takuya Noguchi) - Highlight design discussion if any comment in discussion is linked. !41062 - Update pipeline button SVG to be center aligned. !41066 - Fix Style/SelfAssignment cop. !41079 (Rajendra Kadam) - Multi-project pipelines in Web IDE lead to 404. !41082 - Fix Layout/ClosingParenthesisIndentation cop. !41084 (Rajendra Kadam) - Fix Layout/EmptyLinesAroundArguments cop. !41086 (Rajendra Kadam) - Prevent duplicate system notes and events when an issue is moved. !41087 - MR API: Allow `allow_{collaboration,maintainer_to_push}` to be updated. !41088 - Fix Layout/FirstParameterIndentation cop. !41089 - Fix Layout/RescueEnsureAlignment cop. !41093 (Rajendra Kadam) - Move Jobs/Deploy/ECS.gitlab-ci.yml to the top level of AutoDevOps template. !41096 - Fix Layout/SpaceBeforeFirstArg cop. !41097 (Rajendra Kadam) - Fix Lint/NonDeterministicRequireOrder cop. !41098 (Rajendra Kadam) - Fix Lint/RaiseException cop. !41099 (Rajendra Kadam) - Fix unfinished merge by Merge Train process. !41106 - Fix Style/RedundantSort cop. !41108 (Rajendra Kadam) - Fix Style/EmptyLiteral cop. !41110 (Rajendra Kadam) - Fix RSpec/ItBehavesLike cop. !41111 (Rajendra Kadam) - Fix Style/MultilineIfModifier cop. !41113 (Rajendra Kadam) - Fix Lint/UriRegexp cop. !41117 (Rajendra Kadam) - Fix Style/CommentedKeyword cop. !41119 (Rajendra Kadam) - Fix todos hover style in dark mode. !41122 - Handle todos api argument error. !41167 (gaga5lala) - Restore doorkeeper generator to hex due to breaking change. !41169 - Render reference definitions as code blocks. !41186 - Show default message in branch selection if none selected. !41211 (Jonston Chan) - Fix Style/PerlBackrefs cop. !41246 (Rajendra Kadam) - Fix Style/SingleLineMethods cop. !41247 (Rajendra Kadam) - Fix Style/EmptyLambdaParameter cop. !41248 (Rajendra Kadam) - Fix RSpec/LetBeforeExamples cop. !41250 (Rajendra Kadam) - Drop one of duplicated limit-container-width classname. !41251 (Takuya Noguchi) - Fix Style/AccessModifierDeclarations co cop. !41252 (Rajendra Kadam) - Centerize text on Mark all as done button on To-Do List. !41269 (Takuya Noguchi) - Fix Rails/SaveBang offenses for spec/serializers/*. !41309 (Rajendra Kadam) - Fix Rails/SaveBang offenses for spec/services/issues/*. !41312 (Rajendra Kadam) - Ensure issue creation is not blocked by positioning. !41313 - Propagate ENV variables to codequality template. !41318 - Fix Rails/SaveBang offenses for *spec/models/project_services*. !41320 (Rajendra Kadam) - Fix Rails/SaveBang offenses for spec/requests/api/pages/*. !41324 - Fix Rails/SaveBang offenses for spec/models/cycle_analytics/*. !41326 (Rajendra Kadam) - Update the 2FA user update check to account for rounding errors. !41327 - Fix Rails/SaveBang offenses for ee/spec/services/projects/*. !41332 (Rajendra Kadam) - Fix Rails/SaveBang offenses for ee/spec/lib/gitlab/geo/*. !41338 (Rajendra Kadam) - Correctly preserve LFS objects in design or wiki repositories. !41352 - Fix Rails/SaveBang offenses for ee/spec/lib/ee/gitlab/background_migration/*. !41357 (Rajendra Kadam) - Fix Rails/SaveBang offenses for spec/requests/api/*. !41362 (Rajendra Kadam) - Fixes Auto DevOps deploy script for multiple additional hosts separated by comma and space. !41404 - Only create issues if supposed to for Prometheus alerts. !41468 - Selection Highlight Oversteps Bounds of Actual Selection in Web IDE. !41553 - Resolve NoMethodError: undefined method invite_email. !41587 - Fixed repository browser not working with parentheses in branch name. !41591 - Add incident label for manually created incident issues. !41598 - Resolve Static Site Editor Flattens Mixed Lists. !41599 - NotificationsController - Handle mising parent notificationsetting. !41612 - Fail API Fuzzing CI/CD job when scanner errors. !41616 - Fix MR diff file counts for some historic data. !41676 - Fix always visible sidebar TODO button spinner. !41677 - Fixed image comments not showing on the changes tab. !41683 - Resolve design discussion bug where a comment is added twice. !41687 - Remove height limit on environments table. !41688 - Refuse to perform an LFS clean on projects that are fork roots. !41703 - Exclude tmp dirs from backups. !41706 - Fix padding on CI settings tables in mobile version. !41728 - Fixed note having wrong author after deleting. !41747 - Remove excess space above milestone titles. !41749 - Fix merge request chat messages for adding and removing approvals. !41775 - Use 'read' method to get request body in Conan to fix uploads when using Unicorn. !41801 - Improve design management not available message. !41818 (Ben Bodenmiller @bbodenmiller) - Fix the tier of environment alerts feature. !41855 - Prevent merge requests from triggering coverage fuzzing jobs. !41906 - Fix upstream pipeline status when strategy dependent. !41930 - Remove virtual scroll list from pipeline test report. !41935 - Resolve Fix validation on External Wiki service template form. !41964 - Fix button color for merge request settings. !42052 (Mikhail Snetkov) - Use the correct start time when polling for updated notes. !42124 - Fix max seats used not updated in billing summary. !42184 - Fix error when third level trigger pipeline. !42192 - Merge Requests are not blocked when their pipelines are waiting for manual actions unless 'Pipeline must succeed' is checked in the settings. !42207 - Stop applying Ctrl keyboard shortcuts inside Markdown editors on Mac. !42239 - Stop applying Ctrl+P shortcut on MR page on Mac. !42240 - Make SSH keys publicly accessible. !42288 - Fix incident list by restricting query on FOSS. !42301 - Do not add admins as owners to project authorizations during project creation. !42335 - Do not raise error when a member is not found by invite token. !42349 - Fix exception when saving Jira integration info for an instance. !42361 - Fix text overflow events issue name. !42370 - Fix error reporting for Web IDE commits. !42383 - Does not update repository statistics when running housekeeping and repository cleanup on a read-only instance. !42409 - Remove an extra spacing from Dashboard Issues. !42459 (Takuya Noguchi) - Simplify StartupCSS JS Helper and fix autosize issues under StartupCSS. !42462 - Fix daemon memory killer jobs hash thread safety issue. !42468 - Resolve Design comments do not render the blockquotes correctly. !42498 - Resolve On design discussion note, icons are misaligned. !42672 ### Deprecated (1 change) - Remove pipeline_id column from requirements_test_reports. !38924 ### Changed (153 changes, 30 of them are from the community) - Add Service Templates deprecation warning banner. !25587 - Highlight un-focused/un-viewed file's in file tree. !27937 - Support JWT params set by Workhorse during uploads. !33277 - Add timeout support in the delete tags service for the GitLab Registry. !36319 - Store deployment_type of Jira server in jira_tracker_data table. !37003 - Split "Test settings" and "Save changes" to separate buttons. !37413 - Add spacing to design management toolbar buttons. !38889 (George Tsiolis) - Migrate environments pin button. !38891 (George Tsiolis) - Replace fa-tag(s) icons with GitLab SVG icons. !38979 - Re-order diff unfold buttons so that “show more lines above” appears first. !39060 - Replace fa-user(s) icons with GitLab SVG user(s) icon. !39165 - Update order of the Header Metadata in Package details. !39585 - Change active toggle on integration settings page to checkbox. !39586 - Group pipeline warnings and make them collapsible. !39634 - Adjust format for JUnit report duration times. !39644 - Use pointer:crosshair when hovering on the design view. !39671 - Update Prometheus helm chart version to 10.4.1. !39681 - Update GlDeprecatedButton with GlButton in deployment_action_button. !39700 - Add Alert Id to Alert list view. !39706 - Resolve Combine the Overview and Alert Detail sections. !39714 - Tweak file-by-file display and add file current/total display. !39719 - Replace fa-circle icon instances with GitLab SVG check icon. !39745 - Migration of old icon button to component button in Approval Rules (private groups). !39769 - Move related issues to core. !39779 - Change show more button to be a table row so to remove manual CSS styling. !39788 - Improve empty state for Cohorts to match DevOps Score. !39828 - Remove time tracking from incidents sidebar. !39837 - Add smtp_server to usage ping data. !39844 - Replace fa-download icon with GitLab SVG download icon. !39849 - Replace fa-caret-down with SVG icon in MR widget. !39852 - Remove redirection when snippet has a binary blob. !39858 - Search UI Allow issue scope results filtering by state. !39881 - Use dropdown for embed in snippets. !39885 - Update Managed Cluster Applications to v0.29.0, including WAF for ingress, a smaller CI template, and version updates to a few applications. !39890 - Add Flash spacing on merge request show page. !39903 - Rename DevOps Score to DevOps Report. !39953 - Prevent MRs to be dropped from Merge Trains for open discussions. !39957 - Change icon for branch delete button. !39968 - Replace Unicode Characters with ASCII Equivalent in New Project Slug. !39971 (Kev @KevSlashNull) - Prevent form submission in search boxes on New Release and Edit Release pages. !40011 - Move package usage ping data to core. !40032 - Hide projects that are pending delete from the project index. !40035 - Bump swagger-ui-dist. !40077 (Roger Meier) - Truncate job title on log page. !40107 - Add the unique search visits data to the usage ping. !40134 - Increase default page size for Alert and Incident management to 20 from 10. !40139 - Disallow awarding emojis to locked Issuables for users that are not member of the project. !40150 - Add 'kind' to differentiate between NetworkPolicy and CiliumNetworkPolicy Kubernetes network manifests. !40165 - Adjust badge key text and width limits. !40199 (Fabian Schneider @fabsrc) - Improve click surface area of toggle buttons. !40231 - Track edit by editor action for Usage Ping. !40232 - Track unique web ide edit action for usage ping. !40246 - Replace fa-bugs icons with GitLab SVG bug icon. !40273 - Add Alert Management assignee avatar for list and details view. !40275 - Track snippet editor actions. !40277 - Moved Cluster Connect Form to Vue. !40295 - Update issue edit buttons. !40298 - Add filter to exclude non internal users in REST API. !40372 - Include draft merge request into filter response. !40376 - Update gitlab-puma to 4.3.5-gitlab-3. !40389 - Automatically create self monitoring project on new GitLab installations. !40404 - Update default plan limits for maximum package file sizes. !40410 - Re-name Analytics Workspace as instance-level analytics. !40436 - Update issue edit button to gl-button. !40438 - Migrating to gl-button in Environments table. !40444 - Bump marginalia gem version to 1.9.0. !40481 - Move Jira Development Panel integration to Core. !40485 - Update commit toggle description button to gl-button. !40524 - Render markdown attribute definitions as tooltips. !40541 - Bump doorkeeper to 5.1.1. !40546 - Replace fa-trash icons with GitLab SVG remove icon. !40579 - Replace fa-search-* icons with GitLab SVG icons. !40580 - Migrate DevOps Score empty state into Vue component. !40595 - Remove auto close incident feature flag. !40612 - Change invalid Snippet params status code from 403 to 422. !40619 - Migrating setup policy button in registry settings. !40668 - Replace notification icons with Gitlab SVGs. !40709 - Sort TestCase data by status and execution_time. !40722 - Remove file_name and content in snippet mutations. !40727 - GraphQL: Updates PipelineCancel mutation. !40764 - Retrieve security dashboard URL used on Project Severity status report from backend. !40801 (Kev @KevSlashNull) - Track SFE actions in BlobController. !40846 - Replace fa-exclamation-circle and fa-lightbulb-o with GitLab SVG icons. !40857 - Remove frontend unit test report test case sorting. !40885 - Bump doorkeeper to 5.3.0. !40929 - Add IDE edit actions to Usage Data. !40939 - Show keep button for locked artifacts. !40962 - Add type selector dropdown to new issue form. !40981 - Global Search - Redesign Issue Results Title. !41016 - Increase Pypi required_version limit to 255. !41018 - Replace bootstrap alerts in ee/app/views/groups/push_rules/edit.html.haml. !41069 (Jacopo Beschi @jacopo-beschi) - Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/services/prometheus'. !41126 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/views/shared/issuable'. !41132 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/find_file'. !41134 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/gpg_badges.js'. !41136 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/notes/components/note_header.vue'. !41140 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/vue_merge_request_widget/components/deployment/memory_usage.vue'. !41142 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/blob/file_template_selector.js'. !41146 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/ajax_loading_spinner.js'. !41147 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/tree'. !41148 (Gilang Gumilar) - Change logic behind new issues highlight. !41150 - Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/imports'. !41151 (Gilang Gumilar) - Migrate '.fa-spinner' to '.spinner' for 'app/views/imports'. !41153 (Gilang Gumilar) - Replace fa-arrow-* with GitLab SVG icons. !41158 - Remove expired_pat_email_notification feature flag. !41166 - Display provider name for profile social sign-in connectors. !41198 - Adjust the Package Registry breadcrumb to match navigation. !41264 - Replace bootstrap alerts in app/views/projects/forks/error.html.haml. !41292 (Gilang Gumilar) - Replace bootstrap alerts in app/views/projects/blob/edit.html.haml. !41298 (Gilang Gumilar) - Add confirmation dialog when importing multiple projects. !41306 - Replace bootstrap alerts in app/views/shared/_project_limit.html.haml. !41335 (Gilang Gumilar) - Replace bootstrap alerts in app/views/projects/_deletion_failed.html.haml. !41344 (Gilang Gumilar) - Replace bootstrap alerts in app/views/shared/_group_form.html.haml. !41348 (Gilang Gumilar) - Replace bootstrap alerts in app/views/projects/pages/_access.html.haml. !41360 (Gilang Gumilar) - Update Secret-Detection template to use commits file. !41364 - Change 2FA to verify password hash instead of timestamp. !41366 - Replace bootstrap alerts in app/views/admin/groups/_form.html.haml. !41375 (Gilang Gumilar) - Replace bootstrap alerts in app/views/profiles/two_factor_auths/create.html.haml. !41383 (Gilang Gumilar) - Replace bootstrap alerts in app/views/profiles/two_factor_auths/show.html.haml. !41388 (Gilang Gumilar) - Replace bootstrap alerts in app/views/shared/issuable/_form.html.haml. !41390 (Gilang Gumilar) - Replace bootstrap alerts in app/views/shared/_no_password.html.haml. !41397 (Gilang Gumilar) - Replace bootstrap alerts in app/views/projects/merge_requests/_mr_title.html.haml. !41399 (Gilang Gumilar) - Remove pipeline warnings from pipeline view. !41419 - Package Registry: Adjust the max width for non-fluid screens to be 990. !41549 - Add help text to incident type select on new issue form. !41567 - Corrected some spelling mistakes in the project deletion confirmation modal. !41576 - Add ability to update only Snippet descriptions via REST endpoint. !41581 - Place older issues before more recent ones. !41602 - Change name of GitLab Instance Administrators group to GitLab Instance. !41684 - Replace fa-info-circle icons with GitLab SVG information-o icon. !41721 - Improve support for description field on CiliumNetworkPolicy. !41722 - Replace fa-trash-o icons with GitLab SVG remove icon. !41748 - Remove designs from incidents. !41757 - Introduce infinite scrolling to importers. !41789 - Remove email confirmation field on signup form. !41813 - Replaced ACE with Editor Lite on CI linting view. !41895 - Replace fa-question-circle icons with GitLab SVG question-o icon. !41970 - Migrate MR Deployment Widget to GlDropdown. !42004 - Filter the values for deployment platform metrics. !42116 - Present complete alert payload in detail and incident views. !42140 - Update template warning padding on New Issue form. !42154 - Updated gitlab:usage_data:dump_sql_in_yaml rake task with redis usage. !42189 - Update visual styling of container registry metadata. !42202 - Direct support for HTTP basic authentication in API Fuzzing. !42266 - Disable Sidekiq Exporter logs by default. !42267 - Hashed Storage: forced automatic migration of legacy projects via background jobs. !42313 - Add Missing slash in 'Registry setup' section of npm packages. !42360 - Remove job logs from notification e-mails. !42395 - Refactored snippets edit form to Vue. !42412 - Store object counts periodically for instance statistics. !42433 - Increase widget polling for closed and merged merge requests. !42458 - Remove successful signup flash message. !42512 - Update conan remote instructions snippet to show project-level remote. !42526 ### Performance (37 changes, 5 of them are from the community) - Improve group search users scope performance. !38701 - Optimize counts.terraform_reports usage ping counter. !39499 - Fix slow group loading on forking page. !39640 - GlButton migrations for pipeline security tab. !39651 - Optimize markdown rendering in search results. !39833 - Make highlighting limits stricter. !39934 - Increase poll interval for merged MRs widget. !39961 - Reduce MergeRequest::RefreshService loops. !40135 - Improve performance of Gitlab::BacktraceCleaner. !40180 - Improve performance of Rails backtrace cleaner configuration. !40182 - Defer (certain) parts of setting up snowplow telemetry. !40299 - Reduce storage requirements for keeping track of pre-logged-in sessions. !40336 - Increase performance of rendering large amounts of markdown data. !40448 - Replace fa-times with GitLab SVG close icon in dropdowns. !40585 - Replace fa-times with GitLab SVG close icon in promotions. !40586 - Replace fa-times with GitLab SVG close icon in forms. !40587 - Reduce Redis usage when viewing repositories with lots of branches and tags. !40615 - Preload projects to prevent N+1 when populating project name. !40769 - Fix package API query performance when pipelines and multiple versions are present. !40770 - Apply GZip compression to discussion diffs. !40778 - Improve Productivity Analytics and Merge Request Analytics database queries. !40838 - Replace LoadingButton with GlButton for the comment dismissal modal. !40882 - Jdb/refactor inline diff table row. !40906 - Remove the async pages feature flags. !40980 - Graphql Issues - Fix N+1 for Assignees. !41233 - Clean up stale merge request HEAD ref. !41555 - Remove stale merge refs. !41572 - Jdb/refactor parallel diff table row. !41606 - Updates CiPlatformMetrics to do bulk insertions. !41617 - Verify only 1mb of existing LFS object to improve LfsDownloadService performance. !41770 - Drop one of duplicated classname from Project. !41830 (Takuya Noguchi) - Drop one of duplicated classname from Projects. !41831 (Takuya Noguchi) - Drop one of duplicated classname from Serverless Function. !41832 (Takuya Noguchi) - Drop one of duplicated classname from Serverless Functions. !41833 (Takuya Noguchi) - Pass project ID to issue placement worker. !42091 - Enable coverage_report_view feature flag by default. !42094 (fh1ch) - Update MR index to include id. !42222 ### Added (135 changes, 12 of them are from the community) - WebAuthn support (behind feature flag). !26692 (Jan Beckmann) - Add ignore_skipped option for pipeline status badge. !28288 (Fabian Schneider @fabsrc) - Geo: Add migrations for registry and details tables for external MR diff replication. !34248 - Display Merge Request's source branch name in sidebar. !34901 (Ethan Reesor (@firelizzard)) - Add validation to pypi package version. !35080 (Bola Ahmed Buari) - Add ability to get an Issue using GraphQL and REST API. !35176 - Add versioning support to Terraform state backend. !35211 - Show expired milestones at the bottom of the list within dropdown. !36562 - Added EWM work item tracker integration. !36662 - Add user mapping by username when importing projects for Bitbucket Server importer. !36885 - Surround selected text in markdown fields on certain key presses. !37151 - Add json api endpoint that provides CI linting. !37344 - Include max artifact size in authorize response. !37632 - Add link to compare changes intoduced by a git submodule update. !37740 (Daniel Seemer @Phaiax) - Add note to graphql timelog_type. !37748 (Lee Tickett) - Add Gitpod integration. !37985 (Cornelius Ludmann @corneliusludmann) - Geo: Added DB tables for snippets replication. !38688 - Add similarity sorting for projects for GraphQL API. !38916 - Automatically add AJAX API requests to the performance bar. !39069 - Send notification when merge request is set to merge when pipeline succeeds. !39297 (Ravishankar Gnanaprakasam) - Expose group memberships under group via GraphQL. !39331 - Add alert when editing .gitlab-ci.yml. !39508 - Allow Conan packages to be scoped to project-level. !39541 - Add the artifact expiration help url. !39546 (Gilang Gumilar) - Send email notification on disabling 2FA. !39572 - Add package file size limits to plan limits. !39633 - Add AuthenticationEvent to store sign-in events. !39652 - Add virtual actions tracker for Usage Ping. !39694 - GraphQL: Pipeline mutations for retry, cancel, and destroy. !39780 - Add ability to associate Environment with Alert with gitlab_environment_name payload key. !39785 - Add Conan lock file support to Dependency Scanning. !39811 - Add Summary tab for incident issues. !39822 - Incident severity widget. !39859 - Add dedicated SAST and DS CI image variables. !39875 - Add index for expire_at to ci_pipeline_artifacts. !39882 - Adds auto_close_incident column to project_incident_management_settings. !39980 - Adds CI Platform Metrics bookkeeping model. !40036 - Adds package count to usage data. !40039 - Add `/` as keyboard shortcut for search. !40057 - Add new "generic" package type. !40061 - Surface incident severity and icon in the Incident List table. !40112 - Add background worker to rebalance issues. !40124 - Add a system note on Alert creation. !40128 - Add usage pings for project import using various importers (GitLab, Bitbucket, Gitea, GitHub and more). !40130 - Sync LFS objects when push mirroring. !40137 - Add MergeRequest sort options to GraphQL API. !40138 - Add total count to GraphQL release data. !40147 - Add Atlassian Identity to store identity/credentials. !40176 - Add OmniAuth sign-in via Atlassian Cloud. !40178 - Add alert to Issue type in GraphQL. !40214 - Add usage ping and index for DAST On-Demand Scans. !40219 - Filter Merge Requests by author, assignee and milestone in GraphQL. !40265 - Add IssuableSeverity to store Incident severity level. !40272 - Paginate profile group notifications. !40326 - Add keyboard shortcuts for bold, italic, and link in markdown editors. !40328 - Password changed emails must specify that password was changed by admin. !40342 - Add merge_request_reviewers table. !40358 - Add table for storing user settings for board epic swimlanes. !40360 - Wrap dashboards dropdown items text. !40367 - Create `security_findings` table. !40368 - Add issue importers usage pings (FogBugz, Phabricator, Jira). !40382 - Add CI_COMMIT_TIMESTAMP CI variable. !40388 (Nasko Vasilev) - Add admin UI for adjusting package file size limits. !40423 - Add pipeline_artifacts_size to root_storage_statistics. !40425 - Adds monthly package data to usage ping. !40452 - Show the comment authored time in comment search results. !40472 - Add incident management analytics events. !40475 - Make cloud native build logs more resilient. !40506 - Return builds with coverage in MR widget JSON response. !40533 - Expose the todos of the current user on relevant objects in GraphQL. !40555 - Save pages build artifact id in pages metadata. !40592 - Add issue filters when listing board issues in GraphQL. !40602 - Create table for storing Instance Statistics object counts. !40605 - Improve ability to navigate to child pipelines. !40650 - Support custom Azure Blob Storage domains. !40694 - Add toml and json front matter language support to Static Site Editor's WYSIWYG mode. !40718 - Add a warning when any diff files are collapsed. !40752 - Track downloads of group code coverage CSV in snowplow. !40754 - GraphQL: Add retryable and cancelable to PipelineType. !40780 - Format Conan package manager in Dependency List. !40811 - Allows to update incident severity via GraphQL. !40869 - Expose Instance Statistics measurements (object counts) via GraphQL. !40871 - Add job token authentication for the GitLab PyPI package repository. !40888 - Upgrade pages to v1.23.0. !40915 - Add GFM reference format for alerts. !40922 - Destroy issue board via GraphQL. !40930 - Exposes Incident's severity via GraphQL. !40945 - Expose a list of projects starred by the user to GraphQL API. !41076 (Pavel Kuznetsov) - Parallel matrix jobs show relevant variables in job name. !41080 - Rake task to generate raw SQLs for usage ping. !41091 - Make the auto_link_user OmniAuth setting configurable by provider. !41133 - Add release direct asset link info to GraphQL endpoint. !41170 - Add "upcomingRelease" field to GraphQL endpoint. !41183 - Show multiple jobs contributing to code coverage. !41217 - Add update issue by id in vuex for boards. !41226 - Record package creator. !41258 - Make bridge/child pipelines clickable. !41263 - Optimise index on audit events for CSV export. !41266 - Search UI - Implement Merge Request scope results filter by state. !41282 - Migrate live traces before updating build state. !41304 - Export ActionCable metrics to Prometheus. !41358 - Display merged commit sha in fast-forward merge mode. !41369 (Mycroft Kang @TaehyeokKang) - Add admin setting of Elasticsearch client request timeout. !41470 - Add support for environment_url.txt to API Fuzzing. !41523 - Check if usage ping enabled for all tracking using Redis HLL. !41562 - Introduce build states table / model / migration. !41585 - Add bottom spacing to static site editor UI to align with overall UI spacing. !41596 - Migration to cleanup after partitioned audit_events backfill. !41605 - DAST Site validation - Model Layer. !41639 - Automatically resolve alert when receiving end time. !41648 - Show welcome page after sign up. !41662 - Incident highlight bar widget. !41702 - Enable unique search users usage ping HLL metric by default. !41739 - New ActionCable Prometheus metrics added. !41771 - Upgrade GitLab Pages to 1.24.0. !41782 - Add pages_deployments table. !41785 - Surface alert details in a tab on incidents. !41850 - Add forum link to help menu. !41858 - Add namespace ID to user pages in the admin area. !41877 - Track projects using code intelligence. !41881 - Add a front matter editing UI in WYSIWYG mode of the Static Site Editor. !41920 - Add issues and merge_requests filtering by state for search API. !41989 - Log authentication events alongside existing audit events. !42033 - Validate not null external_diff_store field on merge_request_diffs to maintain data integrity. !42045 - Create and resolve To-Dos for designs. !42059 - Set incident severity when it is created from an alert. !42072 - Make Pipeline ID's always a link for downstream/upstream pipelines. !42107 - Create placeholder model for Vulnerability to reserve + as a reference prefix. !42147 - Add `deduplicated` column to `security_findings` table along with the compound index on `scan_id` and `deduplicated` and remove the index on `scan_id`. !42270 - Autocomplete recently viewed issues in the global search bar. !42302 - Upgrade GitLab Pages to 1.25.0. !42350 - Query projects by ids with GraphQL. !42372 - Database changes to support terraform state version replicaiton. !42492 - Add autocomplete search suggestions for recent merge requests. !42560 - Implement allowing child pipeline to have child pipeline. !42580 ### Other (116 changes, 60 of them are from the community) - Migrate .fa-spinner to .spinner for app/views/projects/blob/viewers. !25046 (nuwe1) - Replace issue-created icon with issues icon. !26409 - Remove skip_hased_storage_upgrade feature flag. !29364 (Lee Tickett) - Add indexes to `label_links` database table. !34503 - Add first OpenAPI specification file. !35868 (winniehell) - Replace deprecated button with new button. !38940 - Stricter default timeouts for outgoing HTTP requests. !39188 - Update dependency vuex to ^3.5.1. !39201 - Add the Query Apdex Prometheus metric to usage ping. !39256 - Update spec to glbutton. !39311 - Update prismjs from 1.6.0 to 1.21.0. !39593 (Takuya Noguchi) - Reinstate 60s timeout in Cluster Prometheus. !39595 - Create a POC for 'immer' library. !39738 - Remove default column from services table. !39817 - Implement JSON response for project/pipelines create. !39839 - Syncronize use of maximize and minimize icons in order to deprecate duplicates with different names. !39889 - Add emails user_id foreign key with cascade delete. !39899 - Update GitLab Runner Helm Chart to 0.20.0. !39933 - Add temporary index for container scanning findings. !39962 - Replace some fa-trash icons with GitLab SVG remove icon. !39991 - Replacing deprecated buttons and loading buttons with new buttons. !40163 - Migrate Bootstrap button to GitLab UI GlButton in mr_widget_failed_to_merge. !40170 - Remove unused users.bio database column. !40269 - Remove milestone and iteration feature from Incidents sidebar. !40283 - Drop code_owner column from approval_merge_request_rules. !40322 - Add merge request usage to usage data. !40391 - Migrating buttons and classes to match GitLab UI. !40409 - Display informative messages when service desk is unsupported. !40454 - Add seats related columns for easier data analysis. !40470 - Remove keep latest artifact feature flags. !40478 - Add index on merge_request_id to approval_merge_request_rules. !40556 - Add kubernetes_agents usage metric. !40559 - Adds creator_id field to packages_packages table. !40562 - Add usage ping for distinct count for kubernetes agents for at least one token. !40563 - Add kubernetes_agent_gitops_sync usage ping metric. !40568 - Refactor ee/spec/support/shared_examples/models/* and spec/support/shared_examples/models/* to fix Rails/SaveBang Cop. !40695 (Rajendra Kadam) - Change Vulnerabilities Count Data Retention to 1 year. !40766 - Add warning to stop Puma and Sidekiq when restoring from backup. !40791 - Add --if-exists to pg_dump command-line in backup creation. !40792 - Migrate remove description history button to new button. !40806 - Add NOT NULL constraint to merge_request_metrics.target_project_id. !40836 - Update empty state behavior for incidents list. !40872 - Remove attempt_group_search_optimizations feature flag. !40881 (gaga5lala) - Add Issue actions to UsageData. !40904 - Hide the latest version of templates from the template selector. !40937 - Add target_id column to audit_events table. !40954 - Update Workhorse to v8.44.0. !40970 - Internal API for GitLab Kubernetes agent. !41045 - Use applogger in app/workers/*. !41046 (Rajendra Kadam) - Use applogger in config/initializers/*. !41047 (Rajendra Kadam) - Use applogger in ee/app/models, helpers and workers. !41048 (Rajendra Kadam) - Use applogger in group.rb, access.rb and repo update mirror worker. !41049 (Rajendra Kadam) - Use applogger in some files of lib/gitlab/ldap/sync/*. !41051 (Rajendra Kadam) - Use applogger in lib/gitlab/. !41052 (Rajendra Kadam) - Use applogger in spec/lib/ee/gitlab/. !41053 (Rajendra Kadam) - Use applogger. !41055 (Rajendra Kadam) - Use applogger in some files of ee/lib/* and spec files. !41056 (Rajendra Kadam) - Use applogger in some files in lib/gitlab. !41058 (Rajendra Kadam) - Use applogger in some files of auth/ldap dir. !41061 (Rajendra Kadam) - Use applogger in lib/gitlab. !41063 (Rajendra Kadam) - Use applogger in lib/gitlab/database. !41068 (Rajendra Kadam) - Use applogger in lib/gitlab/. !41071 (Rajendra Kadam) - Use applogger in lib/gitlab/. !41075 (Rajendra Kadam) - Replace v-html with v-safe-html in delete_project_modal.vue. !41130 (Kev @KevSlashNull) - Replace v-html with v-safe-html in fork_groups_list_item.vue. !41143 (Kev @KevSlashNull) - Replace v-html with v-safe-html in list.vue. !41145 (Kev @KevSlashNull) - Replace v-html with v-safe-html in popover.vue. !41197 (Kev @KevSlashNull) - Replace v-html with v-safe-html in suggestions.vue. !41200 (Kev @KevSlashNull) - Replace v-html with GlSprintf in memory_usage.vue. !41204 (Kev @KevSlashNull) - Replace v-html with v-safe-html in parallel_diff_table_row.vue. !41206 (Kev @KevSlashNull) - Replace v-html with v-safe-html in registry_breadcrumb.vue. !41207 (Kev @KevSlashNull) - Replace v-html with v-safe-html in note_signed_out_widget_spec.js. !41219 (Kev @KevSlashNull) - Externalize i18n strings from app/views/shared/web_hooks/_form.html.haml. !41234 (Takuya Noguchi) - Externalize i18n strings from snippets/_header HAML. !41235 (Takuya Noguchi) - Externalize i18n strings from app/views/shared/runners/show.html.haml. !41241 (Takuya Noguchi) - Widen TODO list only on mobile to be mobile-friendly. !41244 (Takuya Noguchi) - Widen issuable list only on mobile to be mobile-friendly. !41249 (Takuya Noguchi) - Use GitLab AppLogger. !41261 (Rajendra Kadam) - Add index to resource_iteration_events for add actions. !41280 - Use GitLab AppLogger. !41290 (Rajendra Kadam) - Update Workhorse to v8.45.0. !41293 - Use GitLab AppLogger in files in lib/gitlab/*. !41302 (Rajendra Kadam) - Replace v-html to v-safe-html directive. !41305 (Kazuya Kojima) - Fix Rails/SaveBang offenses for */spec/services/merge_requests/*. !41315 (Rajendra Kadam) - Fix Rails/SaveBang offenses for */spec/services/ci/*. !41317 (Rajendra Kadam) - Adds an alert handler for bootstrap migration. !41323 - Replace v-html with v-safe-html in delete_user_modal.vue. !41328 (Kev @KevSlashNull) - Fix Rails/SaveBang offenses for */spec/models/ci/*. !41329 (Rajendra Kadam) - Replace v-html with v-safe-html in description.vue. !41336 (Kev @KevSlashNull) - Internationalize Admin Abuse Report. !41355 (suzu-1990) - Internationalize Admin users new. !41367 (Takuya Noguchi) - Externalize i18n strings from admin dashboard. !41387 (Takuya Noguchi) - Fix Rails/SaveBang offenses for 3 files. !41392 (Rajendra Kadam) - Fix Rails/SaveBang offenses for 3 files. !41394 (Rajendra Kadam) - Fix Rails/SaveBang offenses for 3 files. !41395 (Rajendra Kadam) - Fix Rails/SaveBang offenses for 3 files. !41398 (Rajendra Kadam) - Replace GlDeprecatedDropdownDivider with GlDropdown in app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/author_token.vue. !41432 (nuwe1) - Replace v-html with the gl-icon component in time_ago.vue. !41457 (Kev @KevSlashNull) - Replace v-html with v-safe-html in no_changes.vue. !41471 (Kev @KevSlashNull) - Rename job trace to job logs in IDE code. !41522 (Kev @KevSlashNull) - Remove attempt_project_search_optimizations feature flag. !41550 (gaga5lala) - Update gems to use Faraday v1.0.1. !41623 - Ensure namespace settings are backfilled via migration. !41679 - Update design discussions to use GitLab UI components. !41686 - Convert spec_helper to fast_spec_helper. !41755 (gaga5lala) - Migrate Bootstrap button for environment_actions. !41844 - Make Daemon Memory Killer be the default for Sidekiq. !41847 - Refactor relative positioning to enable better testing. !41967 - Lighten header counter badge colors to be more vibrant. !42002 - Remove duplicated container scanning findings. !42041 - Remove .pkgr.yml as not used for 4 years. !42156 (tnir) - Update deprecated software versions to the latest. !42158 (tnir) - Upgrade vendored Dockerfile template to buster. !42169 (Takuya Noguchi) - Add instance statistics visits to usage data. !42211 - Modify DevOps Score UI Text. !42256 - Expand the visible highlight for collapsed diffs (re: !41393). !42343 ## 13.3.9 (2020-11-02) ### Security (9 changes) - Add CSRF protection to runner pause and resume. !1021 - Do not expose Terraform state record in API. - Path traversal to RCE via LFS upload. - Update container_repository_name_regex to prevent catastrophic backtracking. - Validate nuget package names. - Prevent private repo from being accessed via internal Kubernetes API. - Validate each upload param key in multipart.rb. - Fix XSS vulnerability for job build dependencies. - Fix unauthorized user is able to access schedule pipeline variables and values. ## 13.3.8 (2020-10-21) ### Fixed (2 changes) - Make SSH keys publicly accessible. !42288 - Revert required encryption on CI runner tokens. !42623 ### Added (1 change) - Add missing fontawesome file icon classes. !43091 ### Other (1 change) - GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875 ## 13.3.4 (2020-09-02) ### Security (1 change) - Protect OAuth endpoints from brute force/password stuffing. ## 13.3.3 (2020-09-02) ### Security (23 changes, 1 of them is from the community) - Check validity of project's import_url before mirroring repository. - Show on two-factor authentication setup page groups that are the cause of this requirement. - Prevent interrupted 2FA sign-in from signing-in incorrect user. - Create new 2FA code each time user is entering 2FA setup page. - Remove all sessions but current while enabling 2FA. - Invalidate two factor sign-in when user password changes. - Delete members invites created by users being deleted. - Prevent OmniAuth from rendering arbitrary error messages. - Prevent not-2fa authenticated users that are supposed to use it to consume api via session. - Invalidate remember me when an active session is revoked. - Add rate limit on webhooks testing feature. - Add scope presence validation to OAuth Application creation. - Allow only running job tokens for API authentication. - Prevent Deploy Tokens to read project resources when repository is disabled. - Change conan api to use proper workhorse validation. - Ensure global ID is of Snippet type in GraphQL destroy mutation. - Fix Improper Access Control on Deploy-Key. - Set maximum limit for profile events. - Persist EKS External ID before presenting it to the user. - Prevent project maintainers from editing group badges. - Upgrade jquery to v3.5. - Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa) - Update GitLab Runner Helm Chart to 0.19.3. ## 13.3.2 (2020-08-28) ### Removed (1 change) - Display upcoming database deprecation warning only if current database version minimum is not met. !38225 ### Fixed (5 changes) - Fix race condition in concurrent backups. !39894 - Prevent accidental group deletion if path rename fails. !40353 - Fix snippet save button disabled with empty file path. !40412 - Fix exception handling when a concurrent backup fails. !40451 - Scope incident issue counts by given project or group. !40700 ## 13.3.1 (2020-08-25) ### Fixed (2 changes) - Fix bug when promoting an Issue with attachments to an Epic. !39654 - Avoid creating diff position when line-code is nil. !40089 ## 13.3.0 (2020-08-22) ### Security (2 changes) - Improve path traversal validation checks. !33114 - Update GitLab Runner Helm Chart to 0.19.2. ### Removed (3 changes) - Remove Internet Explorer 11 from babel transpilation. !36840 - Remove namespace storage limit setting. !38108 - Geo: Drop tables related to vulnerability export replication. !38299 ### Fixed (116 changes, 14 of them are from the community) - Fix filter by releases at group issues and merge requests search bar. !26740 (Gilang Gumilar) - Disable commenting on lines in files that were or are symlinks or replace or are replaced by symlinks. !35371 - Fix icon alignment on board cards. !35710 (carolcarvalhosa) - Make Add metrics button visible on self monitoring dashboard. !36169 - Keep large spinner while MR file tree is loading. !36446 - Bug Fix: Child pipelines are not found by API endpoints. !36494 - Show relevant error messages when failing to match a CI job entry. !36536 - Don’t show close icon on flash warning. !36581 - Updates to file table in package details UI. !36723 (Adam Alvis (@adamalvis)) - Add graceful timeout handling for analytics. !36811 - Resolve Pasting an image into a comment also uploads design. !37171 - Fix release evidence sometimes not being collected. !37184 - Fix editing note throws js error. !37216 - Fix merge request approvals for EE without a license. !37246 - Fixed ops settings titles. !37259 - Refactor all factories to fix SaveBang Cop. !37268 (Rajendra Kadam) - Resolve Anchor tags to Designs is not working. !37307 - Fix content validation for existing wiki pages. !37310 - Alert management list spacing. !37320 - Fix issue with blank keyset pagination parameters. !37351 - Remove dashed border on designs hover. !37375 - Fix CSV downloads for multiple series in the same chart. !37377 - Fix Pypi and Nuget Storage Statistics. !37386 - Display files in tab counter same as diff stats. !37390 - Fix vertical alignment of design management toolbar buttons. !37398 - Allow LFS to be enabled in project settings even when Repository is disabled. !37401 - Update closed MRs on push. !37414 - Remove old export file when requesting new project export using API. !37427 - Refactor spec/helpers and ee/spec/helpers to fix SaveBang Cop. !37446 (Rajendra Kadam) - Fix ambiguous query error when filtering for Any milestone in Value Stream Analytics. !37451 - Ensure User's preferred_language always has a value. !37464 - Wiki controller should not crash with non-html format. !37466 - Fix local Tiller not being default-enabled on the frontend. !37494 - Fix sizing of pins for new design comments. !37541 - Remove status dropdown in merged tab. !37544 - Resolve UX Polish: Fix icon styles. !37546 - UX Polish: Remove the header Designs on empty state. !37548 - Fix creating release asset links when using the API. !37557 - UX Polish: Update top right Upload button from Green to Grey. !37558 - Fix bio container width on profile page. !37572 - Fix bug in group runners filtered search. !37626 (Arthur de Lapertosa Lisboa) - Move partitioning backfill migration to post-deployment. !37633 - Fix missing path for avatars of bots. !37671 - Fix merge ref head comments for removed lines. !37755 - Query Jira projects by key or name and return all Jira projects in one query. !37799 - Make file icons extension detection be case-insensitive. !37817 - Allow anonymous users to view embedded Grafana metrics in public project. !37844 - Fix dependency proxy not working with object storage. !37878 - Fix review app links are not shown in MR widgets in public projects. !37923 - Fix dark mode container registry text. !37940 - Refactor spec/policies and ee/spec/policies to fix SaveBang Cop. !37956 (Rajendra Kadam) - Static Site Editor: Fix ordered list formatting bug and rendering bug in strong and emphasis nodes with softbreaks. !37964 - Fix overflow issues with monaco file editor. !37984 - Fix error when blob has no auxiliary viewer. !38018 - Fix HTML not rendering in last commit widget. !38047 - Fix 500 error when unconfirmed OAuth2 user with 2FA logs in. !38104 - Fix console errors due to monaco-yaml's outdated use of monaco.Promise. !38135 - Refactor spec/finders and ee/spec/finders to fix SaveBang Cop. !38173 (Rajendra Kadam) - Align activity dropdown height with other dropdowns. !38208 - Fix 500 for pipeline charts page. !38226 - Resolve Pasting an image into a comment still uploades a design. !38280 - Refactor ee/spec/features/* to fix SaveBang Cop. !38289 (Rajendra Kadam) - Add workaround for Chrome 84 SVG bug. !38304 - Fix a Gradle bug where a package without a version would be created and thus not displayed on the UI. !38338 - Fixes the history button link URL being encoded incorrectly. !38392 - Refactor spec/workers/* to fix SaveBang Cop. !38399 (Rajendra Kadam) - Use Gitaly protobuf version as DiffStats cache key. !38414 - Fix highlight commented rows. !38420 - Fix vertical alignment of some svg icons. !38550 - Fix Incident and Alert mobile CSS and alignment. !38577 - Refactor spec/features/merge_requests/* to fix Rails/SaveBang Cop. !38591 (Rajendra Kadam) - Add transparent background to remove button in tree item list. !38597 - Update password change sign-in banner text. !38606 - Display authored message correctly on public snippets viewed by unauthenticated users. !38614 - Fix vertical alignment of svg icons on Jobs page. !38656 - Fix URLs of issues in VSA dashboard. !38703 - Remove duplicate authorized_projects entries during refresh. !38715 - Fix multiline comment rendering. !38721 - Improve rendering of very large files in the Repo File Browser. !38733 - Optimize click area in design version dropdown. !38747 - Fix notification setting for group with dot in name. !38773 - Fix bug where filtering would sometimes display only open issues on different pages listing issues. !38906 - Refactor spec/views/* and ee/spec/views/* to fix Rails/SaveBang Cop. !38981 (Rajendra Kadam) - Refactor spec/support/helpers/* and ee/spec/support/helpers/* to fix Rails/SaveBang Cop. !38995 (Rajendra Kadam) - Fix parallel jobs dropdown from cutting off in small pipeline graphs. !39108 - Add expire_at to PipelineArtifact. !39114 - Add not null constraint for file to ci_pipeline_artifacts. !39118 - Fix gitlab-rake gitlab:license:info crashing when no license exists. !39143 - Fix cancel button on New Release page. !39144 - Fix submit button tooltips for forms with quick submit behavior. !39225 - Fix scroll stuck on editor in snippets. !39251 - Fix: New File page file name field unclickable in mobile view. !39310 - Fix CI job artifacts metadata not extracting on some S3 providers. !39345 - Add default value for file_store to ci_pipeline_artifacts. !39349 - Handle user mapping for Jira server instances. !39362 - Ignore the sources node from the cobertura XML. !39385 - Fix Composer installation code snippet to include package name and version. !39400 - Fix failing bitbucket server import when project slug differs from name. !39433 - Right-aligned Clone dropdown for snippets. !39446 - Fix missing scoped label borders for todos. !39459 - Move gitlab-managed alerts embeds to core as documented. !39509 - Allow crawler access to api. !39520 - Fix panel "more actions" button layout. !39534 - Use history icon on recent search filter tab only on mobile. !39557 (Takuya Noguchi) - Conan packages allow for conan_sources.tgz and conan_export.tgz files. !39559 - Fix horizontal scrolling on blocked/private profile pages. !39568 - Fixed discussion not expanding when replying to a collapsed discussion. !39571 - Fix pagination for bitbucket server importer. !39598 - Fix missing resolve button when replying to notes in MRs. !39614 - Fix Conan recipe display in the package details page. !39643 - Fix bug when promoting an Issue with attachments to an Epic. !39654 - Fix broken date time picker hide button. !39755 - Fix time zone config not respected in multi-threaded servers. !39778 - Use correct order when repositioning existing designs. !39826 - Center align pipeline graph icons. !39848 - Coerce string object storage options to booleans. !39901 ### Deprecated (4 changes) - Deprecation of ECS template. !36143 - Remove Jump to next unresolved thread button in merge request threads. !38375 - Deprecate blob field on GraphQL SnippetType. !39088 - Deprecate additions and deletions attributes in Repositories API. !39653 ### Changed (144 changes, 12 of them are from the community) - Show full commit message by default in merge request diff. !27981 (Gilang Gumilar) - Use fingerprint column on events to ensure event uniqueness. !31021 - Disable application_settings_tokens_optional_encryption feature flag. !31798 (Gilang Gumilar) - Disable ci_runners_tokens_optional_encryption feature flag. !31800 (Gilang Gumilar) - Update Buildkite Service for supported events, fields, and always verify SSL. !33697 (Juanito Fatas) - Allow OAuth to auto link LDAP users via email address. !33767 (Niko Wenselowski) - Pre-fill the email input on sign-in / sign up pages. !33851 - Store user mentions from merge request title or description in the DB. !34378 - Allow multiline Prometheus queries in metrics dashboards yaml. !34508 - Increase contrast between UTC label and input. !34998 - Increase CI instance variable value limit. !35063 - Rewrite integration form in Vue. !35453 - Improved fork page design. !35592 - Add sign_in_count to /users/:id API for admins. !35726 (Luc Didry) - Updates GitLab managed app Ingress version to 1.40.2. !35924 - Make scoped snippet routing a default one. !36091 - Show clone button for activity on project page. !36147 - Replace fa-angle-up icons with GitLab SVG. !36429 - Migrate '.fa-spinner' to `gl-loading-icon` within shared boards haml. !36436 - Package feature moved to core. !36667 - Replace fa-history icons with GitLab SVG history icon. !36691 - Add serverless empty state illustration. !36762 - Allow an issue or MR to be locked and unlocked without page refresh. !36773 - Exclude todos from general analytics accumulator ping. !36813 - Migrate license_management artifacts to license_scanning type. !36817 - When generating markdown for ordered lists, the list marker should not increment. !36851 - Rename snippet GraphQL files field to blob_actions. !36852 - Track milestone and state changes in issues / MRs using resource events. !36936 - Update project remove modal to add additional warnings. !36962 - Replace fa-plus icons with GitLab SVG plus icon. !36972 - Limit database deprecation notice window. !37009 - Changes limit for terraform artifacts to 5MB. !37018 - Replace fa-ban icons with "cancel" from GitLab SVG. !37067 - Move service desk usage data to core. !37080 - Add concurrency support for Git repository backups. !37158 - Replace some FA icons on groups listing page with GitLab SVG icons. !37162 - Remove extraneous `
` tags from the source file when using the Static Site Editor. !37223 - Remove flag and document max artifact size plan limits. !37226 - Replacing View Full Report button with GitLab UI. !37236 - Show meaningful message when applying inapplicable suggestion. !37267 - Return SSH key details in /internal/allowed response. !37289 - Change PagerDuty webhook URL. !37321 - Shorten 'enable LFS' manage for design management. !37385 - Show all snippet files when embedding. !37412 - Add target_details column to AuditEvent table. !37430 - Improve the IA and styling of the Success screen in the Static Site Editor. !37475 - Add Cilium APIs as part of kube_client. !37526 - Introduce `ci_needs_size_limit` to fine control needs. !37568 - Migrate service desk setting button to gl-button. !37612 - External auth adheres to local request setting. !37622 - Remove feature flag managed_apps_local_tiller. !37641 - Bring SAST to Core - bandit, Flawfinder, Gitleaks, Gosec, Kubesec, NodeJsScan, phpcs-security-audit, PMD, Security Code Scan, Sobelow, SpotBugs. !37648 - Replace fa-bell icons with GitLab SVG notifications icon. !37676 - Update gitlab-shell to v13.4.0. !37677 - Move clone button out of blob header. !37696 - Use normal font weight for Design Management dropzone text. !37787 - Replace fa-sign-out icons with GitLab SVG leave icon. !37794 - Add relative positioning on designs. !37835 - Backfill relative positions on designs. !37837 - Add search bar for incidents. !37885 - Add composer tab and package type to package list. !37928 - Add closed issue icon to incidents list for closed incidents. !37949 - Update size limits for SCA artifacts. !37975 - Update label select vue gl button. !37986 - Update suggest gitlab ci popover to gl-button. !37987 - Add pagination to the incident list. !37993 - Rejects duplicated pypi files. !38006 - Use new badge style for 'archived' project badge. !38013 - Remove Duplicate Dashboard item from dashboards dropdown. !38053 - Replace fa-git icons with link svg. !38078 - Enforce namespace storage limit via app setting. !38094 - Replace fa-certificate icon with first-contribution svg. !38154 - Use the uploaded file set by middleware in Repositories::LfsStorageController. !38167 - Migrate new project item select FA icons. !38177 - Add sorting by date for incident list. !38178 - Consistent labels for new/edit group URL. !38180 - Change date time picker units. !38232 - Switch manifest importer to new UI. !38268 - Add incident count badge to the incident list. !38278 - In metrics view, change default dashboard name to Overview. !38292 - Hide languages with few translations. !38312 - Reorganize group member management into tabs. !38344 - Changed wording for optional approvals. !38393 - Upgrade to Gitaly v13.3.0-rc3. !38405 - Re-name "Delete" button to "Archive" in Design Management. !38446 (Getulio Valentin Sánchez @gvso) - Allow users with developer access level for given project to view kubernetes pod logs. !38467 - Set minimum Redis version to 4 and recommended version to 5 in Redis check task. !38475 - Re-name project remove as project delete. !38489 - Replace fa-info-circle icons with GitLab SVG information icon. !38505 - Take DAG view out of beta. !38517 - Specify Ruby image in FailFast template. !38523 - Update color and vertical alignment of project feature toggle. !38537 - Remove repositories from previous storage when storage move succeeds. !38547 - Add database migrations to prepare for future Geo replication. !38549 - Added minimum value of 1KB to wiki_page_max_content_bytes. !38554 (Uday Aggarwal (uday.agg97)) - Stop using priority and weight keys in metrics dashboards. !38572 - Add copy for Jira issues integration to GitLab issues empty state. !38586 - Add Mark as done capability to Alert To Do's. !38595 - Button migration vulnerability charts. !38610 - Change the job stuck page to use UI library components. !38618 - Order projects within the project dropdown by relevance in analytics features. !38675 - Enable New Package details UI, remove feature flag and remove all old code. !38680 - Update the project deletion confirmation modal to be more specific, the confirmation phrase now includes the project full path. !38700 - Replace v-popover directive with GlPopover in ./app/assets/javascripts/pipelines/components/pipelines_list/pipeline_url.vue.vue. !38769 (Gilang Gumilar) - Add installation instructions for Composer. !38779 - Track wiki page views in usage data. !38784 - Update incident_issues usage ping to use issue type column. !38864 - Migrate custom metric form buttons. !38896 (George Tsiolis) - Migrate enable review app button in environments. !38897 (George Tsiolis) - Add migration helper index for Vulnerabilities::Finding table. !38898 - Migrate maintenance mode settings button. !38901 - Replace with in app/assets/javascripts/pipelines/components/graph/action_component.vue. !38923 - Add a cache column for the number of changed files in a merge request diff. !38936 - Change UI and add new actions to monitor dashboard actions menu. !38946 - Support unitless single stat chart in metrics dashboards. !39067 - Update preferences for homepage/dashboard wording. !39092 - Update design mgmt navigation to use gl-button. !39104 - Enable design management reference filter by default. !39113 - Deprecated btn migration. !39154 - Update auto-build-image to v0.4.0 for an updated version of the pack CLI (v0.12.0) for Cloud Native Buildpack builds. !39159 - Change "gauge-chart" to "gauge" in YML panel configuration for gauge charts. !39184 - Enable FF ci_variables_api_filter_environment_scope by default. !39209 - Code navigation displays references when browsing repository. !39214 - Replace fa-book icon with GitLab SVG book icon. !39247 - Replace fa-close icons with GitLab SVG close icon. !39267 - Update auto-deploy-image to v1.0.0, including a locally vendored auto-deploy-app chart instead of charts.gitlab.io. !39272 - Improve environment dropdowns in operations metrics dashboard and highlight selected environment. !39303 - Replace Go Back with Collapse button for expanded Metric charts. !39307 - Replace issues icon with Gitlab SVG. !39313 - Replace fa-power-off icon with GitLab SVG power icon. !39330 - Remove transition animation from the Container Registry UI. !39337 - Replace mis-used CSS class in operations settings. !39338 - Enable Multiline Comments by default. !39370 - Enable delete button on Package group level view list. !39430 - Enabled monaco_blobs FF by default. !39441 - Import the new queries in common_metrics.yml into database. !39475 - Make View full report button open link in new tab. !39501 - Bump CodeQuality templates to version 0.85.10-gitlab.1. !39502 - Allow query/query_range keys in metrics dashboard to contain numbers. !39530 - Enable reorder_designs feature by default. !39555 - Return snippet binary blob content in GraphQL. !39583 - Add anchors to profile preferences. !39589 - Expose ID in Event object returned from the public API. !39669 (Killian Brackey @kbrackey) - Rename create issue button to create incidents in ALert details. !39684 ### Performance (25 changes) - Add mechanism that efficiently increments ActiveRecord counters using Redis. !35878 - Add limit for wiki page content size. !36729 - Reduce 'cached' query calls for Banzai. !36735 - Fix N+1 issue in Explore Projects controller. !36874 - Avoid N+1 of issue associations in Search. !36941 - Replace FontAwesome fa-clock icon with SVG icon. !37123 - Inverse pipeline for its build associations. !37478 - Fix N+1 for project/:id/issues API endpoint. !37508 - Preload build report results for pipeline builds. !37582 - Always use expanded env name to load persisted environment. !37585 - Improve performance of test report with summary and test suite endpoints. !37629 - Preload number of pipeline warnings for commits. !37669 - Add PipelineArtifact data model. !37969 - Replace index for service usage data. !38147 - Serialize fewer pipeline fields for MR widget. !38215 - Improve performance of Banzai reference filters. !38290 - Skip subsequent topology Prometheus queries if timeout occur. !38293 - Remove some unnecessary Redis calls on commit lists. !38343 - Speed up commit lists and file blob pages on repositories with huge amounts of branches or tags. !38484 - Add index for compliance merged MRs to events. !38885 - Swap RepositoryHashCache to UNLINK. !39105 - Increase sidebar performance by not rendering k8s highlight when not needed. !39228 - Use more-efficient indexing for the MergeRequestDiff storage migration. !39470 - Add secure index for coverage fuzzing. !39569 - Performance and robustness improvements for relative positioning. !39807 ### Added (138 changes, 6 of them are from the community) - Add Rust Dockerfile to GitLab templates. !28167 - Add mutation to create a label or default backlog list for an issue board. !31233 - Allow labels argument for merge request create mutation. !32637 - Add btree_gist PGSQL extension and add DB constraints for Iteration date ranges. !33340 - Add cilium to Kubernetes apps list. !33703 - Define matrix builds for more complex pipelines. !33705 - Support getting a todo for an alert in GraphQL API. !34789 - Resolve Set a deploy freeze in the UI. !35163 - Display notes on merge ref head diff. !35422 - Add note_id to timelogs. !35916 (Lee Tickett) - Prompt to resolve unresolved threads on an MR is a button that jumps to the first such thread. !36164 - Expose board list issues via GraphQL. !36259 - Add internal api for getting personal access tokens from gitlab-shell. !36302 (Taylan Develioglu @tdevelioglu) - Add auto_link_user OmniAuth setting. !36664 - Add Draft to WIP for work in progress merge requests. !36666 - Add gauge chart type to the monitoring dashboards. !36674 - Add Prevent forking outside group feature. !36848 - Show Security Warning Modal for fork pipelines. !36951 - Add usage ping for coverage_fuzzing. !36960 - Use _ character for emphasis and * for strong in Static Site Editor markdown syntax. !36965 - Add migration for deployment_type of Jira server in jira_tracker_data table. !36992 - Add system note to alert when corresponding issue is closed. !37039 - Add locked as an argument to updateIssue. !37105 - Add PagerDuty incident integration. !37193 - Add container registry observations to usage ping. !37203 - Support dry-run cherry-picks and reverts via API. !37240 - Show full time range in metrics dashboard charts. !37243 - Geo: Add file store indexes. !37265 - Add ability to turn off "project moved" notifications. !37269 - Add basic incidents list. !37314 - Allow to create merge request pipelines in target project when user has permission. !37322 - Add external column to custom emoji table. !37346 (Rajendra Kadam) - Add issue_type column to issues table. !37402 - Added webPath and descriptionHtml types to the repository GraphQL entities. !37416 - Add monthly usage ping data for analytics. !37417 - Added section names to code owner approvals in merge request form. !37425 - Add a new K8s Pod health metrics dashboard. !37482 - Update versions tab to other versions. !37513 - Add metrics dashboard templates for the standard file blob selector. !37519 - Add custom metrics dashboard templates supports. !37523 - Allow optional keyset pagination for branch list API. !37524 - Add default_membership_role column to saml_providers table. !37552 - Add NuGet lock files support to Dependency Scanning CI template. !37553 - Migrate vulnerability statistics historical data to vulnerability historical statistics. !37554 - Surface timeafo for created date in Incidents List. !37567 - Add parenthesis support for if: conditions. !37574 - Show mapped user in Jira import form dropdown. !37575 - Add GraphQL mutation to re-order designs. !37603 - Display assignees in Incident List. !37608 - Add ENV vars that expose source and target repository for CI Pipelines that run on an External Pull Requests. !37616 (Rafael Dohms @rdohms) - Add DB table and model to track changes of the iterations on issues. !37617 - Migrate all 'incident' labelled issues to have issue type 'incident'. !37668 - Resolve Allow the ability to re-order designs. !37686 - Add target_project_id to merge_request_metrics table. !37713 - Allow user to update issue labels via GraphQL. !37728 - Sets issue type for incident issues to incident. !37781 - Create incident from the incidents list page. !37802 - Add personal_access_tokens list to REST API. !37806 - Allow user to simulate pipeline creation via CI Lint and go beyond syntax checks. !37828 - Adds clarifying documentation on EKS IAM roles. !37870 - Add API support for issue and merge request templates. !37890 (Jan Beckmann) - Add confidential attribute to graphQL for notes update. !37920 - Add confidential attribute to public API for notes update. !37932 - Filter Issues in GraphQL by type of Issue. !38017 - Allows setting of issue subscribe status in GraphQL API. !38051 - Add deployment_events flag to web_hooks table. !38080 - Allow assign/unassign users to issues in GraphQL API. !38081 - Email notification for expired personal access token. !38086 - Upgrade CI to Git v2.28.0. !38152 - Add project milestones to GraphQL API. !38153 - Make the deploy freeze table responsive. !38213 - Add option to query a single board list with GraphQL API. !38216 - Add symlink label text to blob viewer. !38220 - Add support for runbook url to PrometheusAlert table. !38234 - Add dashboard_path to PrometheusMetric. !38237 - Add support for specifying AWS S3 Server Side Encryption (AWS-KMS). !38240 - Add issue status counts to Projects in GraphQL. !38263 - Auto expand collapsed diffs when viewing diffs file-by-file. !38296 - Add hide_backlog_list and hide_closed_list attributes to boards table. !38303 - GraphQL mutation to move issue within board lists. !38309 - Redirect to new metrics dashboard page. !38364 - Add experiments and experiment_users tables for tracking which users are enrolled for which experiments. !38397 - Save usage data in database. !38457 - Move old integrations to Settings > General and introduce instance-level integrations. !38488 - Expose runbook field in alert_management_alert GraphQL API. !38510 - Add CoverageReportsController#index CSV response. !38520 - Add support for never keyword in expire_in job artifacts. !38578 (Fabio Huser) - Add attributes to filter project merge requests by merged at date in GraphQL. !38584 - Add `resolved_on_default_branch` column into `vulnerabilities` table. !38638 - Add alert url into incident issue markdown. !38649 - Return gitaly info in kubernetes internal API. !38654 - Add GraphQL query for a single milestone. !38682 - Add milestone_id param to issue update graphQL mutation. !38684 - Added pre-processing step to the Static Site Editor so code templates (ERB) are interpreted as code not content. !38694 - Backfill null values to prepare for Geo replication feature. !38719 - Update gitlab-shell to v13.5.0. !38720 - UI warning messages for pipeline configurations. !38734 - Enable state tracking for managed applications installed via the management project. !38759 - Set Incident issue type when creating issue. !38760 - Add pre-processing step so inline ERB and HTML syntax are wrapped in codeblocks for code vs. content editing in the static site editor's WYSIWYG mode. !38791 - Add protected branches count to usage ping. !38797 - Add include_parent_milestones param to project and group milestones API endpoints. !38800 - Clean up orphaned LFS file references during GC. !38813 - Add database migrations to ensure Geo replicates all package files when sync object storage is disabled. !38822 - Add pre-processing step so preexisting codeblocks are preserved prior to flagging content as code in the static site editor's WYSIWYG mode. !38834 - Add model for CiliumNetworkPolicy. !38848 - Expose alert information for environments. !38881 - Add Azure Blob Storage support. !38882 - Add webhooks for deployments. !38902 - Add "New Release" page to allow creation of releases through the interface. !38913 - Add GraphQL mutation for updating board list position and collapsed/expanded state. !38942 - Add due_date filter param to Issues REST API. !38973 - Support adding of API requests to the performance bar. !39057 - Expose counts (pipeline, commits) and approvers for a merge request in GraphQL. !39086 - Add total_weight and issues_count fields to the board list graphQL endpoint. !39110 - Make available new UI for adding a panel to a metrics dashboard. !39124 - Improve submission behavior of the New/Edit Release page. !39145 - Allows NuGet to authenticate with Job Token. !39147 - Upgrade Pages to 1.22.0. !39172 - Upgrade Workhorse to v8.38.0. !39223 - JUnit test report on pipeline detail page. !39260 - Allow GraphQL pipeline to resolve non-CI pipelines and expose configSource field. !39275 - GraphQL: Issues - Added 'include_subgroup' parameter. !39279 - Enable `:resource_access_token` feature flag by default. !39287 - Add runbook to metric chart dropdown. !39288 - Add runbooks to metric alerts. !39315 - Preserve active tab on alert details page reload. !39369 - GraphQL: Add user to pipeline + status and email to user + StatusType. !39402 - Add external link icon to list of repositories in importer. !39442 - Add target_type to audit_events. !39461 - Enable read SPDX catalogue from local copy. !39463 - Show runbook for alert in detail view. !39477 - Link to logs from GitLab-managed alert metrics. !39487 - Add SECRET_DETECTION_EXCLUDED_PATHS env var. !39523 - Add pipeline_artifacts_size to project_statistics. !39607 - Setup basic level telemetry for navigation. !39638 - Update gitlab-shell to v13.6.0. !39675 - Empty State for the Incident list. !39718 ### Other (69 changes, 9 of them are from the community) - Remove globe icon from explore projects dropdown. !21659 - Remove mr_tabs_position feature flag. !29340 (Lee Tickett) - Improve Elasticsearch Reindexing documentation. !29788 - Remove createIssues logic from list model. !32236 (nuwe1) - Unify Prometheus metric initialization by always using inline transaction metrics. !32980 - Adds models and tables for cluster agent and cluster agent tokens. !33228 - Remove updated_at column on audit_events table. !35690 - Replace fa-pencil-square-o icons with GitLab SVG icons. !36059 - Replace fa-rss with GitLab SVG icon. !36553 - Limit project moved e-mails to maintainers/owners. !36665 - Backfill personal snippets statistics. !36801 - Set default bullet char character as - when generating markdown in Static Site Editor. !36820 - Replace with in app/assets/javascripts/pipelines/components/graph/linked_pipeline.vue. !36968 - Replace fa-link icons with GitLab SVG link icon. !36973 - Consolidate issuable_header_warning for both MR and issue. !37043 - Remove index from chat_names and service_id. !37054 - Making component diagram click-friendly. !37147 (Arjun Pravin @Sgt.Arjun) - Replace fa-pause with pause svg. !37149 - Replace fa-replace icon with svg. !37228 - Replace fa-key icon with svg. !37251 - Remove app_server_type from top level usage ping. !37279 - Update GitLab Runner Helm Chart to 0.19.0. !37292 - Use ES6 methods instead of `for` loops. !37324 (allenlai18) - Remove legacy pipeline processing service and FF ci_atomic_processing. !37339 - Cleanup migration to drop temporary table untracked_files_for_uploads if exists. !37352 - Fix the MR number in CHANGELOG. !37399 - Immediately update project statistics when running housekeeping or repository cleanup. !37579 - Update GitLab Runner Helm Chart to 0.19.1. !37583 - Add index to resource_milestone_events for add actions. !37636 - Capitalize CloudFlare in documentation. !37704 (Takuya Noguchi) - Use Cloudflare in comments. !37764 (Takuya Noguchi) - Update $gray-400 hex and replace instances of $gray-400 with $gray-200. !37813 - Add link to issue details page from Incident list page. !37814 - Remove link to Cloudflare cert for Pages. !37876 (Takuya Noguchi) - Add incident state columns. !37889 - Move file store updates and mount_uploader into a concern. !37907 - Set appropriate timeouts for PrometheusClient. !37924 - Remove GitlabIssueTrackerService database records. !37931 - Remove title and description columns from services table. !37936 - Fix misalignment of download icon on jobs page. !37966 - Automatically calculate the database connection pool size. !38049 - Remove per-web-transaction redis metrics. !38101 - ee Updating $gray-500 hex value and replacing instances with $gray-300. !38229 - Removes the old UI page. !38277 - Log raw pre-receive message in fast-forward merge. !38354 - Replace times-circle with GitLab SVG clear icon. !38409 - Add telemetry for instance-level and template integrations. !38459 - Add group_id column to the services table. !38499 - Replace fa-play/pause icons with svg. !38535 - Add telemetry for projects inheriting instance settings. !38561 - Move button in Settings > Webhooks to the right. !38650 - Replace deprecated button on vulnerability details page. !38679 - Collect node CPU and memory utilization in usage ping. !38681 - Improve unfurling support for /search. !38699 - Add can_push column to group_deploy_keys_groups table. !38714 - Log raw pre receive error for create branch service. !38749 - Change to glbutton component in CI variables list. !38757 - Replace deprecated buttons in dashboard header. !38830 - Remove :gzip_diff_cache feature flag. !38838 - Replace some fa-trash icons with GitLab SVG remove icon. !38964 - Productivity Analytics: Improve error message when query takes too long to calculate. !39074 - Adds an environment variable override to disable unstructured logs. !39109 - Remove not-null constraint on type column in audit_events. !39192 - Set longer Prometheus timeouts in PrometheusService. !39318 - Use active version of Redis for an example. !39404 (Takuya Noguchi) - Remove FF ci_composite_status and related codes. !39498 - Remove a card-small class from HAML files. !39550 (Takuya Noguchi) - Provide versioning support to Sidekiq workers. !39562 - Replace fa-pencil icon with GitLab SVG. !39648 ## 13.2.10 (2020-10-01) ### Security (14 changes) - Do not store session id in Redis. - Fix permission checks when updating confidentiality and milestone on issues or merge requests. - Purge unaccepted member invitations older than 90 days. - Adds feature flags plan limits. - Prevent SVG XSS via Web IDE. - Ensure user has no solo owned groups before triggering account deletion. - Security fix safe params helper. - Do not bypass admin mode when authenticated with deploy token. - Fixes release asset link filepath ReDoS. - Ensure global ID is of Annotation type in GraphQL destroy mutation. - Validate that membership expiry dates are not in the past. - Rate limit adding new email and re-sending email confirmation. - Fix redaction of confidential Todos. - Update GitLab Runner Helm Chart to 0.19.4. ## 13.2.8 (2020-09-02) ### Security (1 change) - Protect OAuth endpoints from brute force/password stuffing. ## 13.2.7 (2020-09-02) ### Security (23 changes, 1 of them is from the community) - Check validity of project's import_url before mirroring repository. - Show on two-factor authentication setup page groups that are the cause of this requirement. - Prevent interrupted 2FA sign-in from signing-in incorrect user. - Create new 2FA code each time user is entering 2FA setup page. - Remove all sessions but current while enabling 2FA. - Invalidate two factor sign-in when user password changes. - Delete members invites created by users being deleted. - Prevent OmniAuth from rendering arbitrary error messages. - Prevent not-2fa authenticated users that are supposed to use it to consume api via session. - Invalidate remember me when an active session is revoked. - Add rate limit on webhooks testing feature. - Add scope presence validation to OAuth Application creation. - Allow only running job tokens for API authentication. - Prevent Deploy Tokens to read project resources when repository is disabled. - Change conan api to use proper workhorse validation. - Ensure global ID is of Snippet type in GraphQL destroy mutation. - Fix Improper Access Control on Deploy-Key. - Set maximum limit for profile events. - Persist EKS External ID before presenting it to the user. - Prevent project maintainers from editing group badges. - Upgrade jquery to v3.5. - Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa) - Update GitLab Runner Helm Chart to 0.18.3. ## 13.2.6 (2020-08-18) - No changes. ## 13.2.5 (2020-08-17) ### Security (2 changes) - Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy. - Project access is checked during deploy token authentication. ## 13.2.4 (2020-08-11) ### Security (1 change) - Add decompressed archive size validation on Project/Group Import. !38736 ### Fixed (1 change) - Fix automatic issue creation via Prometheus alerts. !37884 ## 13.2.3 (2020-08-05) ### Security (12 changes) - Update kramdown gem to version 2.3.0. - Enforce 2FA on Doorkeeper controllers. - Revoke OAuth grants when a user revokes an application. - Refresh project authorizations when transferring groups. - Stop excess logs from failure to send invite email when group no longer exists. - Verify confirmed email for OAuth Authorize POST endpoint. - Fix XSS in Markdown reference tooltips. - Fix XSS in milestone tooltips. - Fix xss vulnerability on jobs view. - Block 40-character hexadecimal branches. - Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled. - Update GitLab Runner Helm Chart to 0.18.2. ## 13.2.2 (2020-07-29) ### Fixed (3 changes) - Coerce repository_storages_weighted, removes repository_storages. !36376 - Fix JiraImportUsersInput startAt field. !37492 - Provide better git error message when the user is unconfirmed. !37944 ### Changed (1 change) - Skip mass unconfirming users when send_user_confirmation_email setting is off. !38024 ## 13.2.0 (2020-07-22) ### Security (3 changes) - Unconfirm wrongfully verified email addresses and user accounts. !35492 - Make logrotate run as git user for source installations. !35519 - Replace misleading text in re-confirmation emails. !36634 ### Removed (7 changes, 2 of them are from the community) - Remove deprecated dashboard & group milestone pages. !13237 - Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna) - Remove all search autocomplete for groups/projects/other. !31187 - Remove temporary datepicker position fix as it is no longer required. !31836 (Arun Kumar Mohan) - Remove the ability to customize the title and description of some integrations (Bugzilla, Custom Issue Tracker, Redmine, and YouTrack). !33298 - Drop deprecated **_ANALYZER_IMAGE_PREFIX. !34325 - Remove Internet Explorer 11 specific polyfills. !36830 ### Fixed (300 changes, 79 of them are from the community) - Remove broken hyperlink from close and reopen button. !22220 (Lee Tickett) - Fix 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan) - Fix back button when switching MR tabs. !29862 (Lee Tickett) - Remove ability to scroll Issue while in Design View. !29881 - Fix merge request note label URLs. !30428 (Lee Tickett) - Fix default path when creating project from group template. !30597 (Lee Tickett) - Fixed issue (#198424) that prevented k8s authentication with intermediate certificates. !31254 (Abdelrahman Mohamed) - Fix group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta) - Fix issuable listings with any label filter. !31729 - Move prepend to last in ee-app-services. !31838 (Rajendra Kadam) - Fallback to lowest visibility level in snippet visibility radio. !31847 (Jacopo Beschi @jacopo-beschi) - Add class stubs and fix leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam) - Remove usage of spam constants in spec. !31959 (Rajendra Kadam) - Fix leaky constant issue in uninstall progress service check. !32036 (Rajendra Kadam) - Fix leaky constant issue in commit entity spec. !32039 (Rajendra Kadam) - Fix leaky constant issue in task completion status spec. !32043 (Rajendra Kadam) - Fix leaky constant issue in admin mode migration spec. !32074 (Rajendra Kadam) - Fix leaky constant issue in sidekiq middleware server metric spec. !32104 (Rajendra Kadam) - Fix leaky constant issue in sidekiq middleware client metric spec. !32108 (Rajendra Kadam) - Fix leaky constant issue in path regex spec. !32115 (Rajendra Kadam) - Fix leaky constant issue importer and cache headers spec. !32122 (Rajendra Kadam) - Fix leaky constant issue in relation factory spec. !32129 (Rajendra Kadam) - Fix leaky constant issue in test coverage spec. !32134 (Rajendra Kadam) - Prevent emails to user on expiry of impersonation token. !32140 - Fix leaky constant issue in diff collection spec. !32163 (Rajendra Kadam) - Fix leaky constant issue in migration helpers, with lock retries and ignored cols spec. !32170 (Rajendra Kadam) - Fix leaky constant issue in factory spec. !32174 (Rajendra Kadam) - Fix leaky constant issue in creds factory spec. !32176 (Rajendra Kadam) - Use applogger in project import state file. !32182 (Rajendra Kadam) - Use applogger in project.rb. !32183 (Rajendra Kadam) - Use applogger in chat_team.rb. !32184 (Rajendra Kadam) - Use applogger in repository model. !32185 (Rajendra Kadam) - Use applogger in build and ssh host key. !32187 (Rajendra Kadam) - Use applogger in cache attrs and highest role ruby files. !32189 (Rajendra Kadam) - Use applogger in legacy project and namespace. !32190 (Rajendra Kadam) - Use applogger in base.rb. !32191 (Rajendra Kadam) - Use applogger in usage ping and webhook service. !32192 (Rajendra Kadam) - Use applogger in exclusive_lease_guard. !32194 (Rajendra Kadam) - Use applogger in groups destroy service and label create service. !32195 (Rajendra Kadam) - Use applogger in merge_service.rb. !32196 (Rajendra Kadam) - Use applogger in project create service and after import service. !32198 (Rajendra Kadam) - Use applogger in update stats service. !32200 (Rajendra Kadam) - Use applogger in base attachment service. !32201 (Rajendra Kadam) - Use applogger in export service. !32203 (Rajendra Kadam) - Use applogger in akismet service. !32205 (Rajendra Kadam) - Use applogger in file mover file. !32206 (Rajendra Kadam) - Use applogger in commit signature worker. !32207 (Rajendra Kadam) - Use applogger in delete user worker. !32209 (Rajendra Kadam) - Use applogger in email receiver worker. !32211 (Rajendra Kadam) - Use applogger in artifact worker. !32212 (Rajendra Kadam) - Use applogger in new note worker. !32213 (Rajendra Kadam) - Fix duplicate filename displayed in design todos. !32274 (Arun Kumar Mohan) - Add value length validations for instance level variable. !32303 - Resolve image overflow at releases list panel. !32307 - Clean up shared/tmp folder after Import/Export. !32326 - Fix creating release evidence if release is created via UI. !32441 - GraphQL hasNextPage and hasPreviousPage return correct values. !32476 - Fix loading and empty state styling for alerts list. !32531 - Resolve incorrect x-axis padding on the Environments Dashboard. !32533 - Fix time_tracking help link. !32552 - Don't display confidential note icon on confidential issue public notes. !32571 - Update container expiration policy database defaults. !32600 - Fix rendering of emojis in status tooltips. !32604 - Remove `:prevent_closing_blocked_issues` feature flag. !32630 (Lee Tickett) - Hid copy contents button when blob has rendering error. !32632 - Avoid refresh to show endedAt after mutation. !32636 - Fix for metrics creation when saving MR. !32668 - Skip the individual JIRA issues if failed to import vs failing the whole batch. !32673 - Hide "Import from Jira" option from non-entitled users. !32685 - Allow special characters in dashboard path. !32714 - Fix broken help link on operations settings page. !32722 - Allow different in bulk editing issues. !32734 - Fix whitespace changes overgrowing the diff container. !32774 - Improve spacing and wrapping of group actions buttons and stats in group list view. !32786 - Fix "Broadcast Messages" table overflow and button alignment. !32801 - Fix 404 when downloading a non-archive artifact. !32811 - Make commits author button confirm to Pajamas specs. !32821 - Fix filename duplication in design notes in activity feeds. !32823 (Arun Kumar Mohan) - Prevent multiple Auto DevOps deployment jobs running concurrently when using manual rollout. !32824 - Implement displaying downstream pipeline error details. !32844 - Fix Runner heartbeats that results in considering them offline. !32851 - Conan package registry support for the conan_export.tgz file. !32866 - Fix plural message in account deletion section. !32868 - Fix atomic processing bumping a lock_version. !32914 - AsciiDoc: Add support for built-in alignment roles. !32928 (mnrvwl) - Fix a bug where some Vue apps would be unable to load when DAG tab is disabled. !32966 - Fix undefined error in Gitlab::Git::Diff. !32967 - Fix spelling error on Ci::RunnersFinder. !32985 (Arthur de Lapertosa Lisboa) - Fix polling for resource events. !33025 - Fix broken CSS classes inside alert management list. !33038 - Fix bug in snippet create mutation with non ActiveRecord errors. !33085 - Fix overflow issue in MR and Issue comments. !33100 - Fix alignment of button text on the Edit Release page. !33104 - Deduplicate URL parameters when requesting merge request diffs which causes diffs load to fail. !33117 - Fix tabbing through form fields in projects/new flow. !33209 - Fix incorrect commit search results returned when searching with ref. !33216 - Issue list page shows correct status for moved re-opened issues. !33238 - Fix NoMethodError by using the correct method to report exceptions to Sentry. !33260 - Fix KaTeX font paths. !33338 - Resolve Fix Incomplete Kubernetes Cluster Status List. !33344 - Fix auto-merge not running after discussions resolved. !33371 - Fix bug in snippets updating only file_name or content. !33375 - Resolve "WebIDE displays blank file incorrectly". !33391 - Fix invisible emoji modal on Set Status form when clicked the second time. !33398 - vertically center action icon in the CI pipeline. !33427 (Nathanael Weber) - Wrap auto merge parameters update in database transaction. !33471 - Return 404 response when redirecting request with invalid url. !33492 - Fix ambiguous string concatenation on CleanupProjectsWithMissingNamespace. !33497 - Fix snippet repository import edge cases. !33506 - Rust CI template: Replace --all with --workspace on cargo test. !33517 (Markus Becker) - Make markdown textarea links tab-accessible. !33518 - Pass hard delete option to snippets bulk destroy. !33520 - Fix CI rules for ECS related jobs. !33527 - Update GitLab Workhorse to v8.34.0. !33543 - Fix snippet repository import fail with older export files. !33584 - Web IDE: Create template files in the folder from which new file request was made. !33585 (Ashesh Vidyut) - Improve header acccessibility. !33603 - Remove non migrated snippets from failed imports. !33621 - Prevent duplicate issues when importing from CSV. !33626 - Fix sidebar spacing for alert details. !33630 - Fix linking alerts to created issues for the Generic alerts intergration. !33647 - Resolve spacing ux debt on Release assets form field. !33684 - Fix pagination link header. !33714 (Max Wittig) - When clicking multiple times to leave a single comment, the input field should remain focused. !33742 - Allow wiki pages with +<> characters in their title to be saved. !33803 - Fix force_remove_source_branch not working in API. !33804 - Fix prometheus alerts not being automatically created. !33806 - Fix pagination for resource label events. !33821 - Fix pagination for resource milestone events api. !33845 - Return code navigation path for nil diff_refs. !33850 - Record audit event when an admin creates a new SSH Key for a user via the API. !33859 (Rajendra Kadam) - Do not create duplicate issues for exising Alert Management alerts. !33860 - Add link text to collapsed left sidebar links for screen readers. !33866 - Update text in error tracking list error message. !33872 - Ensure that alerts are shown when prometheus service is active. !33928 - Fixed dashboard YAML file validaiton for files which do not contain object as root element. !33935 - Fix design note scrolling. !33939 - Updated the Android CI Script. !34007 (s-ayush2903) - Update validates_hostname gem with support for more TLDs. !34010 - Remove default "archived" parameter value from Groups API's projects endpoint. !34018 (Justin Sleep) - Fix approval rule type when project rule has users/groups. !34026 - Update wording of addMultipleToDiscussionWarning. !34088 - Show all storages in settings. !34093 - Set author as nullable in snippet GraphQL Type. !34135 - Fix rendering of very long paths in merge request file tree. !34153 - Fix 500 errors and false positive warnings during metrics dashboard validation. !34166 - Remove not null constraint from events tables. !34190 - Ensure we always generate a valid wiki event URL. !34191 - Send information about attached files to the GraphQL mutation. !34221 - Update issue limits template to use minutes. !34254 - Add route for the lost-and-found group and update the route of orphaned projects. !34285 - Make markdown textarea buttons tab accessible. !34300 - GraphQL - properly handle pagination of millisecond-precision timestamps. !34352 - Fix 500 error in BlobController#delete. !34367 - Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup, a fix for multiline K8S_SECRET variables, updated Helm to 2.16.7 and glibc to 2.31. !34399 (verenion) - Updates Helm version to 2.16.7, which has some fixes. !34452 - Align "External" access level row in the user admin form. !34455 (Eduardo Sanz @esanzgar) - Fix issues with scroll on iOS / iPad OS. !34486 - Add environment_scope filter to ci-variables API. !34490 - Fix order of integrations to be sorted alphabetically. !34501 - Fix undefined method error. !34522 - Fix static site editor raw (has front matter) <-> body (lacks front matter) content changes sync. !34523 - Use Keys::DestroyService for deleting an SSH key when an admin deletes a key via the API. !34535 (Rajendra Kadam) - Removed default artifact name for Terraform template. !34557 - Record audit event when a user creates a new SSH Key for themselves via the API. !34645 (Rajendra Kadam) - Restrict alert assignee user search to current project in alert management details. !34649 - Limit alert assignment to only users who can read alerts. !34681 - Use Keys::DestroyService for deleting an SSH key when a user deletes a key via the API. !34718 (Rajendra Kadam) - Use GpgKeys::CreateService when an admin creates a new GPG key for a user. !34737 (Rajendra Kadam) - Sort code coverage graph in ascending order. !34750 - Fix Issue sticky title URL hash offset. !34764 - Fix broken todo GraphQL API filtering when filtering by type. !34790 - Use GpgKeys::CreateService when a user creates GPG keys for themselves via the API. !34817 (Rajendra Kadam) - Expand healtchecks `500`s when DB is not available. !34844 - Assign plan_id when building a new plan limit. !34845 - Fix 500 errors with filenames that contain glob characters. !34864 - Avoid updating snippet content when snippet_files content is not present. !34865 - Ensure original repository is archived after a shard move. !34895 - Fix issue suggestion text color on dark mode. !34899 - Enclose `release-cli` steps in an array. !34913 - Add DestroyService for GPG keys and use for deleting GPG keys via API. !34935 (Rajendra Kadam) - Resolve Misleading message displays when MR request is first submitted. !34958 - Cancel review app deployment when MR is merged. !34960 - Add RSpecs for Gitlab::Emoji module. !34980 (Rajendra Kadam) - Fix directory and last commit not loading for some filenames. !34985 - Fix confidential warning not showing the issuable type. !34988 - Fixed mermaid not rendering when switching diff tabs. !35023 - Use GpgKeys::DestroyService when a user deletes GPG keys for themselves via the API. !35033 (Rajendra Kadam) - Fix alignment of navigation theme options. !35041 - Support fenced code blocks in Atlassian Document Format converter. !35065 - Fixed size limit for too large snippets. !35076 - Don't include changes in webhook payload when old associations are empty. !35158 - Fix release assets for Guest users of private projects. !35166 - Properly set CI_DEPLOY_FREEZE variable in pipelines. !35226 - Move 'Delete comment' button to bottom of 'More actions' list. !35237 - Only run DAST job if Kubernetes active. !35259 - Add instrumentation to Gitaly streamed responses. !35283 - Fix pages_url for projects with mixed case path. !35300 - Ensure .git/config is updated for forks. !35305 - Defer updating .git/config for imported projects. !35308 - Redirect wiki edit actions for missing pages. !35350 - Fix styling bug for disabled merge button. !35365 - Static Site Editor can’t be opened in projects belonging to a subgroup. !35378 - Resolve timeout in admin/jobs. !35385 - Fix job log text color in dark mode. !35387 - Minor UI fixes for Issue page in dark mode. !35395 - Disable ILM on ELK vendor yaml. !35398 - Improve alert list spacing. !35400 - Fix path conflict for Ghost on UpdateRoutesForLostAndFoundGroupAndOrphanedProjects. !35425 - Add tiller.log to Auto DevOps deployment job artifacts when AUTO_DEVOPS_DEPLOY_DEBUG is set. !35458 - Resolve [Un]Assign Issue to/from Comment Author Action Visibility. !35459 - Add email and email_verified claims to OAuth ID token. !35468 (André Hänsel) - Make ProjectUpdateRepositoryStorageWorker idempotent. !35483 - Project bot users should always have their emails confirmed by default. !35498 - Only show open Merge Requests in Web IDE. !35514 - Remove Edit dashboard button from self monitoring dashboard. !35521 - Guard against data integrity issues when canceling review app jobs. !35555 - Use FLOAT_TYPE for storage limit. !35559 - Enforce prometheus metric uniqueness across project scope. !35566 - Use full version instead of short version for Sentry Error Release links. !35623 - Propagate error on FF pre-receive failure. !35633 - Support multiple mailboxes incoming email check. !35639 - Fix Profile Applications page to be shown in correct locale. !35661 - Fix 404 when importing project with developer permission. !35667 - Fix incorrect text escaping in the Static Site Editor. !35671 - Use the user's preferred language as default. !35676 - Create associated routes when a new bot user is created. !35711 - Prevent autosave when reply comment via cmd+enter. !35716 - Fix border-radius-base SCSS value. !35740 - Fix alert sort styling issues. !35741 - Change the sort order for alert severity and status. !35774 - Fix unique case where static site editor's custom renderer for identifier syntax didn't robustly handle inline code. !35775 (Derek Knox) - Save show whitespace changes. !35806 - Fix existing repository_storages_weighted migrations. !35814 - Fix error 500s creating new projects due to empty weights. !35829 - Fix rendering alert issue description field. !35862 - Fixed translation errors on MR Widget. !35888 - Fix 500 errors with invalid access tokens. !35895 - Change PrometheusMetrics identifier index. !35912 - Backfill missing routes for Bot users. !35960 - Add generic message when no pipeline in MR. !35980 - Conditionally render Docker row checkbox. !36000 (gfyoung) - Fix missing avatar in MR widget. !36034 - Fix comment loading error in issues and merge requests. !36043 - Fix routing for paths starting with help and projects. !36048 - Fix infinite loading spinner for related merge requests on commit pipelines tab. !36077 - Use error.message instead of error in importer.log. !36104 - Remove hardcoded reference to gitlab.com in NPM .gitlab-ci.yml template. !36124 - Remove dashboard panels' tabindex where is not needed. !36168 - Fix Project#pages_url not to downcase url path. !36183 - Remove border from related merge requests/issues counter. !36272 - Fail jobs that fail to render registration response. !36274 - Sort metrics dashboard panels and groups using a stable sort. !36278 - Remove HTML link from plain text mail. !36301 - Fix wrong value of checkbox in integration form. !36329 - Add a Rake task to fix incorrectly-recorded external diffs. !36353 - Fix single file editor with long branch name. !36371 - Allow self monitoring dashboard to be duplicated. !36433 - Propagate DS_JAVA_VERSION for dependency scanning. !36448 - Fix to display speech bubble on hover over image on commits page. !36470 (Adam Alvis @adamalvis) - Fix to remove speech bubble on hover over image on MR Overview tab. !36474 (Adam Alvis @adamalvis) - Add DOCKERFILE_PATH to Auto DevOps workflow:rules. !36475 - Show symlink icon in repository browser. !36524 - Snippet comments where any line begins with a slash following an alphabetic character can't be published. !36563 - Exclude services relation from Project Import/Export. !36569 - Permanently close Jira import success alert. !36571 - Fix dashboard schema validation issue. !36577 - Refactor issues controller spec to fix SaveBang Cop. !36582 (Rajendra Kadam) - Fix positioning of mr/issue count. !36621 - Update to Grape v1.4.0. !36628 - Fix API errors when null value is given for the bio. !36650 - Avoid 500 errors with long expiration dates in tokens. !36657 - Remove CI/CD variable validations on AWS keys. !36679 - Ensure to run unassign issuables worker when not in a transaction. !36680 - Mark existing Project Bot Users as confirmed. !36692 - Fix error message when saving an integration and testing the settings. !36700 - Do not depend on artifacts from previous stages in Auto DevOps deployments. !36741 - Delete tracking records on partitioning migration rollback. !36743 - Updates Helm version to 2.16.9 which has some fixes. !36746 - Web IDE: Page title should not be .editorconfig when the IDE is first loaded. !36783 - Removes fixes that broke the pipeline table. !36803 - Refactor group controllers specs to fix SaveBang Cop. !36853 (Rajendra Kadam) - Fix the default metrics dashboard to work on K8s versions 1.12 to 1.16. !36863 - Fix incorrect marking MR as Draft. !36869 - Use an array for fetching same_family_pipeline_ids. !36883 - Remove extra Secret-Detection job on merge requests. !36884 - Remove Rails Optimistic Locking monkeypatch. !36893 - Refactor projects controllers specs to fix SaveBang Cop. !36920 (Rajendra Kadam) - Fix background overflow when design note is selected. !36931 - Fix bulk editing labels bug. !36981 - Fix not being able to add more than one CI variable through the UI. !37001 - Uses --set-string to avoid Helm confusion over short SHA vs Scientific Notation. !37004 (Bryan H. @galador) - Fix displaying import errors from server. !37073 - Fix failing dashboard schema validation calls. !37108 - Fix showing MLC form on replies. !37139 - Set experiementation cookie for GitLab domain only. - Prevent duplicate health status text on epics. - Add DS detection of build.gradle.kts. - Fix for test report link in MR widget. - Footer system message fix. ### Deprecated (1 change, 1 of them is from the community) - Remove the unused worker code and its queue. !32595 (Ravishankar) ### Changed (191 changes, 9 of them are from the community) - Deduplicate labels with identical title and project. !21384 - Add a GraphQL endpoint to fetch Jira projects through its REST API. !28190 - Change legends in monitor dashboards to tabular layout. !30131 - Move pipelines routing under /-/ scope. !30730 - Set markdown toolbar to use hyphens for lists. !31426 - Use sprites for comment icons on Commits. !31696 - Rate limit project export by user. !31719 - Reorder diffs compare versions dropdowns. !31770 (Gilang Gumilar) - Enable the `in this group` action in the Search dropdown. !31939 - Externalize i18n strings from ./app/views/shared/_promo.html.haml. !32109 (Gilang Gumilar) - Add Usage Ping count for all searches. !32111 - Add tags_count to container registry api and controller. !32141 - Externalize i18n strings from ./app/views/shared/milestones/_sidebar.html.haml. !32150 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_form_dates.html.haml. !32162 (Gilang Gumilar) - Improve Container Registry UI header. !32424 - Added node size to cluster index. !32435 - Enable display of wiki events in activity streams. !32475 - Update operations metrics settings title and description to make them general. !32494 - Track merge_requests_users usage data. !32562 - Adds cluster CPU and Memory to cluster index. !32601 - Allow the snippet create service to accept an array of files. !32649 - Move review related controllers/workers outside EE. !32663 - Move the Members section from settings to the side nav for projects. !32667 - Show more context in unresolved jump button. !32737 - Exclude extra.server fields from exceptions_json.log. !32770 - Improve new/unknown sign-in email styling. !32808 - Allow the snippet update service to accept an array of files. !32832 - Add new issue link to email notification header. !32833 - Bump cluster-applications to 0.17.0, which updates Runner to 0.17.0 and Cilium to 1.7.4. !32931 - Update artifacts section to show when an artifact is locked. !32992 - Show clone button on project page for readme preference. !33023 - Include tag count in the image repository list. !33027 - Clean up gitlab-shell install-from-source path. !33057 - Increase LFS token default time to 2 hours. !33140 - Add the unique visits data to the usage ping. !33146 - Add explicit mention of Merge request in Slack message. !33152 - Expose `release_links.type` via API. !33154 - Add link_type column to release_links table. !33156 - Move broadcast notification dismiss button to the top. !33174 - Remove null constraint for JID in GroupImportState. !33181 - Added provider type icon to cluster list. !33196 - Remove search icon from Project find file button. !33198 - Refine SAST language detection by frameworks. !33226 - Render Merge request reference as link. !33248 - Upgrade to Gitaly v13.1.0-rc1. !33302 - Render Merge request reference as link in email templates. !33316 - Show disabled suggestion button with tooltip message. !33357 - Add update validations to SnippetInputAction. !33379 - Add snippet DB visibility check in spec. !33388 (Jacopo Beschi @jacopo-beschi) - Add Hugo logo to project templates. !33402 - Add GitBook logo to project templates. !33403 - Add GoMicro logo to project templates. !33404 - Add Jekyll logo to project templates. !33405 - Add Hexo logo to project templates. !33406 - Add UI to disable Service template when instance-level integration is active. !33490 - Rename Add Designs button. !33491 - Add CPU, memory usage charts to self monitoring default dashboard. !33532 - Add database migrations to design_management_designs.filename to enforce a 255 character limit, and modify any filenames that exceed that limit. !33565 - Track Sentry error status updates with dedicated actions. !33623 - Alert Managament: Change sorting order to have newest alerts first. !33642 - Add blobs field to SnippetType in GraphQL. !33657 - Move Usage activity by stage for Configure to Core. !33672 - Format metrics column chart x axis dates. !33681 - Emit Bitbucket Server Importer metrics. !33700 - Style ToastUI contextual menus. !33719 - Update Auto deploy image to v0.16.1, introducing support for AUTO_DEVOPS_DEPLOY_DEBUG. !33799 - Add whether instance has Auto DevOps enabled to usage ping. !33811 - Update local IP address and domain name allow list input label. !33812 - Add date time format to the monitor stacked-column chart. !33814 - Allow Tf Plan to genrate multiple reports. !33867 - Report all unique users for Secure scanners. !33881 - Remove async_merge_request_check_mergeability feature flag. !33917 - Filter potentially-sensitive Sidekiq arguments from logs and Sentry. !33967 - Update Static Site Editor toolbar to group inline-code and code-block buttons together. !34006 - Set default values for SAST_EXCLUDED_PATHS and DS_EXCLUDED_PATHS. !34076 - Add ability to filter self monitoring resource usage charts by instance name. !34084 - Add skeleton loader to cluster list. !34090 - Pick repository storage based on weight. !34095 - Use IP or cookie in known sign-in check. !34102 - Prevents editing of non-markdown kramdown content in the Static Site Editor's WYSIWYG mode. !34185 - Display error for YAML files that are too large. !34199 - Change copy of webhooks / integration help text. !34301 - Use CodeQuality 0.85.10 in the CI template. !34329 - Update board header icons. !34366 - Show Redis instance in performance bar. !34377 - Extend members REST API with the option to unassign Issues and Merge Requests when member leaves team. !34388 - Reorder snippets in lists using `updated_at` column. !34393 (Dibyadarshi Dash @ddash2) - Add files argument to snippet create mutation. !34449 - Consolidate object storage config in one place. !34460 - Add secret detection template to Auto DevOps. !34467 - Add contextual menu to single stat panels. !34497 - Add allowed actions to snippet input action. !34499 - Add files argument to snippet update mutation. !34514 - Change from vendor specific to Gitlab. !34576 - Enable `:ci_release_generation` feature flag by default. !34633 - Update gl-toggles with deprecated attributes. !34660 - Adjust verbiage on repository storages settings page. !34675 - Change redirect path after integration save. !34697 - Refine UI of integration form. !34707 - Change CI variable font family to monospace. !34788 (Aaron Walker) - Rename GraphQL AwardEmoji mutations to follow naming conventions, deprecating the old mutations. !34798 - Improve error message when unconfirmed user tries to log in. !34818 - Update LFS setting label. !34829 (George Tsiolis) - Display error if metrics dashboard YAML is too large. !34834 - Add expand/collapse view to Terraform MR widget. !34879 - Expose storage size limit for namespaces in GraphQL. !34882 - Resolve Add no graph empty state for DAG. !35053 - Remove pending and running tabs from pipelines list and remove count from finished tab. !35062 - Stop removing NaN values from monitoring data series. !35086 - Multiple Kubernetes clusters now available in GitLab core. !35094 - Include snippets size in project statistics. !35120 - Add parallel persistence for author_name on AuditEvent. !35130 - Convert the Image tag UI from a table to a list view. !35138 - Add personal and project snippet monthly counters to usage data. !35155 - Exclude integrations (services) from Project Import/Export. !35249 - Parameterize PG deprecation notice. !35271 - Add inapplicable reason in MR suggestion Tooltip. !35276 - Add snippets_size to namespace_root_storage_statistics. !35311 - Rename Container Expiration Policies to Cleanup policy for tags. !35315 - Expose snippets_size in ProjectStatistics Entity. !35316 - Add snippets_size to ProjectStatistics GraphQL type. !35319 - Update snippet and project statistics after certain events. !35340 - Update the static site editor's markdown mode text to monospace to better reflect a code-editing experience. !35347 (Derek Knox) - Resolve Remove button row from environments empty state. !35413 - Track last activity for Personal Access Token. !35471 - Add GitLab username and name to the import users from Jira mutation response. !35542 - Use local Tiller by default for GitLab-managed apps. !35562 - Hide cleanup button for clusters with management project. !35576 - Update integration form to use GitLab UI components. !35582 - Add snippets_size to Group entity. !35585 - Add snippets_size to RootStorageStatisticsType. !35586 - Move merge_requests_users metric to stage section. !35593 - Include snippets_size statistic inside RootStorageStatistics. !35601 - Accept multiple blobs in snippets. !35605 - Replace FA exchange icon with GitLab SVG. !35634 - Require namespace path (and username) to be at least 2 chars long. !35649 - Remove count for pending/running/finished pipelines in tabs. !35693 - Display commits search in mobile & adjust text. !35702 - Open source cluster health dashboard and make it available to all users. !35721 - Update snippet statistics after project import. !35730 - Remove the second prompt to accept or decline an invitation. !35777 - Track wiki page views in Snowplow. !35784 - Use the application's default_branch_name when available when initializing a new repo with a README. !35801 - Use native Gitaly pagination for Branch list API. !35819 - Move file link to bottom in Web IDE. !35847 - Package APIs moved to core. !35919 - Allow setting extra tags for Sentry exceptions with GITLAB_SENTRY_EXTRA_TAGS. !35965 - Include personal snippets size in RootStorageStatistics. !35984 - Change Alert fingerprint index to run when status is not resolved. !36024 - Update namespace statistics after personal snippet update/removal. !36031 - Add details rows to Container Registry Tags List. !36036 - Add raw snippet repository file endpoint to API. !36037 - Move monitor stage usage activity to CE. !36067 - Move release stage usage activity to CE. !36083 - Move create stage usage activity to CE. !36086 - Move plan stage usage activity to CE. !36087 - Move manage stage usage activity to CE. !36089 - Move verify stage usage activity to CE. !36090 - Move alert integrations setting to Vue. !36110 - Use new vuex store for code quality MR widget. !36120 - Remove non-unique index on `merge_request_metrics.merge_request_id` column. !36170 - Cleanup policies: display API error messages under form field. !36190 - Replace fa-comment / fa-comments icons with GitLab SVG. !36206 - Update `rack-timeout` to `0.5.2`. !36289 - Bring SAST to Core - eslint. !36392 - Replace initial dashboard loading state with a loading spinner, show dashboard skeleton earlier with smaller loading indicators. !36399 - Merge tslint secure analyzer with eslint secure analyzer. !36400 - Expose issue ID via GraphQL. !36412 - Add broken tag state to tags list items. !36442 - Fix UI quirks with pipeline schedule cron options. !36471 - Update eslint secure analyzer to analyze jsx. !36505 - Display informative error for status updates on duplicate alerts. !36527 - Change default value in application_settings.issues_create_limit to be 0. !36558 - Expose approvals fields for FOSS FE. !36564 - Move service desk feature to core. !36613 - Check WIP status after all other possible statuses. !36624 - Add new models for DAST site profiles as part of DAST on-demand scans. !36659 - Add date to x-axes timestamps. !36675 - Make the Design Collection more visible in the Issue UI. !36681 - Add correlation between trigger job and child pipeline. !36750 - Static Site Editor: Set default sublist indent spaces to four space characters. !36756 - Add managed-apps section in log explorer. !36769 - Use a Confluence icon for the project Confluence integration nav item. !36780 - Remove file_path validation in snippet create action. !36809 - Improve animations of design note selection in design management. !36927 - Add entity_path column to audit_events table. !37041 - Make DAG annotations stick. !37068 - Support multiple files when editing snippets. !37079 - Change loading MR message wording. !37181 - Assign alerts sidebar base. - Improved UX of the code navigation popover. ### Performance (50 changes, 1 of them is from the community) - Improve performance of commit search by limiting the number of results requested. !32260 - Add GraphQL lookahead support. !32373 - Update index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial index for secret_detection. !32584 - Add index on id and type for Snippets. !32885 - Use build_stubbed to avoid interacting with the DB in todos helper specs. !32906 (Arun Kumar Mohan) - Optimize SQL queries on Milestone index page. !32953 - Add build report results data model. !32991 - Improve the performance for loading large diffs on a Merge request. !33037 - Adjust condition for partial indexes on services table. !33044 - Add index to issues and epics on last_edited_by_id. !33075 - Fix preconnect typo in rel link. !33255 - Add project_id, user_id, status, ref index to ci_pipelines. !33290 - Move migration related to ci_builds to post_deployment. !33416 - Remove need to call commit (gitaly call) in ProjectPipelineStatus. !33712 - Reduce redundant queries for Search API users scope. !33795 - Speed up boot time in production. !33929 - Harden CI pipelines usage data queries with an index. !34045 - Use snapshot transfers for repository shard moves when possible. !34113 - Add partial index on locked merge requets. !34127 - Improve pipeline index controller performance by resolving Gitaly N+1 calls. !34160 - Lazy load commit_date and authored_date on Commit. !34181 - Optimize container repository for groups query. !34364 - Further improve the performance for loading large diffs on a Merge request. !34516 - Paginate the notes incremental fetch endpoint. !34628 - Optimize rolling 28 days snippets counter. !34918 - Only load project license if needed. !35068 - Improve query to retrieve job artifacts with files stored locally. !35084 - Preload commits markdown cache. !35314 - Use BatchLoader for Project.forks_count to limit calls to Redis. !35328 - Rework hardening CI pipelines usage data queries with an index. !35494 - Performance improvement for job logs. !35504 - Define a namespace traversal cache. !35713 - MR diff migration: perform I/O outside of database transaction. !35734 - Resolve N+1 in Search API projects scope. !35833 - Optimize deployment counters for last 28 days. !35892 - Trigger stackprof by sending a SIGUSR2 signal. !35993 - Improve the search performance for merge requests. !36072 - Reduce number of scanned commits for code intelligence. !36093 - Improve snippet finders queries. !36292 - Swap Grape over to Gitlab::Json. !36472 - Add oj gem for faster JSON. !36555 - Replace fa-eyes-slash icons with GitLab SVG eye-slash icon. !36602 - Avoid N+1 calls for image_path when rendering commits. !36724 - Enable BulkInsertSafe on Ci::BuildNeed. !36815 - Remove optimized_count_users_by_group_id feature flag. !36953 - Remove unindexed condition on label transfer. !37060 - Speed up project creation for users with many projects. !37070 - Split query for code-nav path into two queries. !37092 - Use memoized start/finish for metrics based on issues table. !37155 - Enable CI Atomic Processing by default. ### Added (298 changes, 23 of them are from the community) - Release generation via gitlab-ci.yml documentation. !19237 - Add rake task to verify encrypted data through secrets. !21851 - User can apply multiple suggestions at the same time. !22439 (Jesse Hall) - Resolve Add a button to assign users who have commented on an issue. !23883 - Add custom emoji model and database table. !24229 (Rajendra Kadam) - Resolve Graph code coverage changes over time for a project. !26174 - Add doc for custom validators in api styleguide. !26734 (Rajendra Kadam) - Add Scheduled Job for Monitoring Monitor Group Demo Environments. !27360 - Add setting to allow merge on skipped pipeline. !27490 (Mathieu Parent) - Add dark theme (alpha). !28252 - Show estimate on issues list. !28271 (Lee Tickett) - Make Fixed Email Notification Generally Available. !28338 (jacopo-beschi) - Add a link to the `renamed` viewer to fully expand the renamed file (if it's text). !28448 - Focus and toggle metrics dashboard panels via keyboard. !28603 - Remove `scoped_approval_rules` feature flag. !28864 (Lee Tickett) - Create Group import UI for creating new Groups. !29271 - Add finder for group-level runners. !29283 (Arthur de Lapertosa Lisboa) - Allow customization of badge key_text and key_width. !29381 (Fabian Schneider @fabsrc) - Support Workhorse directly uploading files to S3. !29389 - Add frontend support for multiline comments. !29516 - Support first_name and last_name attributes in LDAP user sync. !29542 - Link to test reports from MR Widget. !29729 - Add link to status page detail view for status page published issues. !30249 - Add metrics dashboard name to document title. !30392 - Backfill StatusPage::Published incidents and enable a publish quick action for EE. !30906 - Add missing Merge Request fields. !30935 - Show build status on branch list. !30948 (Lee Tickett) - Add mutation to create commits in GraphQL. !31102 - Support quick actions when editing issue, merge request, and epic descriptions. !31186 - Add GraphQL support for authored and assigned Merge Requests. !31227 - Add usage data metrics for terraform states. !31280 - Add usage data metrics for terraform reports. !31281 - Add API endpoint for listing bridge jobs. !31370 (Abhijith Sivarajan) - SpamVerdictService can call external spam check endpoint. !31449 - Move Admin note feature to GitLab Core. !31457 (Rajendra) - Add DAG serializer for pipelines controller. !31583 - Save repository storages in application settings with weights. !31645 - Add API endpoint for resource milestone events. !31720 - Show import in progress screen for group imports. !31731 - Add Verify/FailFast CI template. !31812 - Improve Add/Remove Issue Labels API. !31864 (Lee Tickett) - Add mutation to create a merge request in GraphQL. !31867 - Add warning popup for Elastic Stack update. !31972 - Add API support for sharing groups with groups. !32008 - Add the container expiration policy attribute to the project GraphQL type. !32100 - Add GraphQL support for project and group labels. !32113 - Add number of database calls to Prometheus metrics and logs for sidekiq and request. !32131 - Filter pipelines by status. !32151 - Filter pipelines based on url query params. !32230 - Add metrics for Redis usage during Sidekiq job execution. !32265 - Add filters to merge request fields. !32328 - Support reading .editorconfig files inside of the Web IDE. !32378 - [Frontend] Resolvable design discussions. !32399 - Table index added to `metrics_dashboard_annotations` for future pruning of stale metrics Annotations for metrics dashboards are now checked for valid start and end dates. !32433 - Enable GitLab-Flavored Markdown processing for design links. !32446 - Filter Pipelines by Tag Name. !32470 - Adds sorting by column to alert management list. !32478 - Add project specific repository storage API. !32493 - Adapt Limitable for system-wide features. !32574 - Add application limits to instance level CI/CD variables. !32575 - Add model for project level security auto-fix settings. !32577 - Expose Jira imported issues count in GraphQL. !32580 - Organize alerts by status tabs. !32582 - Add note to ECS CI template. !32597 - Add metrics for Redis usage during web requests. !32605 - Add database and GraphQL support for alert assignees. !32609 - Set fingerprints and increment events count for Alert Management alerts. !32613 - Process stuck jira import jobs. !32643 - Allow user to add custom links to their metrics dashboard panels. !32646 - Add tags to experimental queue selector attributes. !32651 - Allow generic endpoint to receive alerts from external Prometheus. !32676 - Customize the Cloud Native Buildpack builder used with Auto Build. !32691 - Add timezone display to alert based issue start time. !32702 - Display dates on metrics dashboards in UTC time zone. !32746 - Store Todo resolution method. !32753 - Add Falco to the managed cluster apps template. !32779 - Add experience_level to user_preferences. !32784 - Add keyboard shortcuts to metrics dashboard. !32804 - Remove metrics dashboard annotations attached to time periods older than two weeks. !32838 - Monitor:Health metrics instrumenation. !32846 - Adds PostHog as a CI/CD Managed Application. !32856 - Groups API has top_level_only option to exclude subgroups. !32870 - Create operations_feature_flags_issues table. !32876 - Allow advanced API projects filtering for admins. !32879 - Add api.js methods to update issues and merge requests. !32893 - Render user-defined links in dashboard yml file on metrics dashboard. !32895 - Create group_deploy_keys_groups intermediate table. !32901 - Add accessibility report MR widget. !32902 - Add a GraphQL mutation for toggling the resolved state of a Discussion. !32934 - Added CI template for Dart. !32942 (agilob) - Add container expiration policy objects to the GraphQL API. !32944 - Don't hide Commit tab in Web IDE when there are no changes yet. !32979 - Add column for alert slack notifications. !33017 - Add ability to insert an image via SSE. !33029 - Add user root query to GraphQL API. !33041 - Adds groupMembership and projectMembership to GraphQL API. !33049 - Alerts list pagination. !33073 - Add ApplicationSetting ui changes for repository_storages_weighted. !33096 - Resolve Feature proposal: API for import from BitBucket Server. !33097 - Add squash commits options as a project setting. !33099 - Display confirmation modal when user exits SSE and there are unsaved changes. !33103 - Add column dashboard_timezone to project_metrics_setting. !33120 - Allow the assignment of alerts to users from the alert detail view. !33122 - Add solarized dark for Web IDE. !33148 - Add support for artifacts/exclude configuration. !33170 - Add root users query to GraphQL API. !33195 - Added validation for YAML files with metrics dashboard definitions. !33202 - Create issue from alert. !33213 - Add max import file size option. !33215 (Roger Meier) - Add system note when assigning user to alert. !33217 - Add count of alerts from all sources to usage ping. !33220 - Add button to create an issue from an alert management alert. !33221 - Add more detail to alert integration settings description. !33244 - Add Evidence to Releases GraphQL endpoint. !33254 - Add support for pasting images in the Web IDE. !33256 - Add ProjectAccessToken table. !33272 - Automatically resolve alert when associated issue closes. !33278 - Add Jira Importer user mapping form. !33320 - Add `link_type` to `ReleaseLink` GraphQL type. !33386 - Add setting to enable and disable shared Runners for a group and its descendants. !33411 (Arthur de Lapertosa Lisboa) - Add members to project graphQL endpoint. !33418 - Update Static Site Editor WYSIWYG mode to hide front matter. !33441 - Added delete action for Dashboard Annotations in GraphQL. !33468 - Create graphQL endpoint for Jira users import. !33501 - Support IAP protected prometheus installations. !33508 - New instance-level variables UI. !33510 - Add design activity in event streams. !33534 - Allow developer role read-only access to Terraform state. !33573 - Add support for `git filter-repo` to repository cleanup. !33576 - Close open reply input fields in the design view sidebar when leaving a new comment. !33587 - Add dashboard schema validation warnings as metrics dashboard GraphQL field. !33592 - Add time range to user-defined links in metrics dashboard. !33663 - Increase events count for Prometheus alerts. !33706 - Add dashboard validation warning to metrics dashboard. !33769 - Track pod logs refresh action. !33802 - Expose all Jira projects endpoint through a GraphQL. !33861 - Add secret detection template. !33869 - Add new path to access project metrics dashboard. !33905 - Add new raw snippet blob endpoint. !33938 - Add DAG visualization MVC. !33958 - Introduce a feature flag for Vue-based UI for all import providers. !33980 - Add sticky title on Issue pages. !33983 - Allow policies to override parent rules. !33990 - Allow Release asset links to be associated with a type. !33998 - Support user-defined Grafana links in metrics dashboard. !34003 - Adds AWS guidance to CI/CD > Add Variable modal. !34009 - Show custom attributes within Admin Pages. !34017 (Roger Meier) - Enable Slack notifications for alerts. !34038 - Container expiration policy regular expressions are now validated. !34063 - Add todo when alert is assigned to a user. !34104 - Track merge requests submitted by Static Site Editor. !34105 - Turn off alert issue creation by default. !34107 - Add detailed logs of each Redis instance usage during job execution and web requests. !34110 - Support metrics dashboard with file name. !34115 - Add API to schedule project repository storage moves. !34119 - Update diff discussion positions on demand. !34148 - Add ability for user to manually create a todo for an alert. !34175 - Add validation step on backend for metrics dashboard links. !34204 - Track when Static Site Editor is initialized. !34215 - Bring SAST to Core - brakeman. !34217 - Mask key comments when exposing SSH/Deploy Keys via the API. !34255 - Convert `:release` yaml to `release-cli` commands. !34261 - Validate regex before sending them to CleanupContainerRepositoryWorker. !34282 - Create vulnerability_statistics table. !34289 - Add secret_detection to DOWNLOADABLE_TYPES. !34313 - Enable ability to assign alerts to users with corresponding system notes and todos. !34360 - Rolling 28 day time period counters for snippets. !34363 - Add regex fields to the container expiration policy update mutation. !34389 - Display Multiple Terraform Reports in MR Widget. !34392 - Highlight commented rows. !34432 - Add ci_builds_metadata.secrets column. !34480 - Enable CI Inheriting Env Variables feature. !34495 - Show tooltip on error detail page when hovering over dates. !34506 - Show notification about empty stacktrace. !34517 - Add native code intelligence. !34542 - Add global setting to disable/enable email notification on unknown sign-ins. !34562 - Bump cluster-applications version to v0.20.0. !34569 - Send fixed pipeline notification by default. !34589 - Add search argument for AlertStatusCountsResolver. !34596 - Add clusters_applications_cilium DB table. !34601 - Fetch metrics dashboard templating variable options using a Prometheus query. !34607 - Add Jira users mapping to start Jira import mutation. !34609 - Allow CI_JOB_TOKEN for authenticating to the Terraform state API. !34618 - Search plain text in alert list frontend. !34631 - Trigger unsaved changes warning in snippets on navigating away. !34640 - Add Cilium to the ParseClusterApplicationsArtifactService. !34695 - Use new icon for api preview. !34700 (Roger Meier) - Remove partial clone feature flag. !34703 - Ability to use an arbitrary YAML blob to create CI pipelines. !34706 - Upgrade GitLab Pages to 1.19.0. !34730 - Add CI_PROJECT_ROOT_NAMESPACE predefined environment variable. !34733 - Add override selector for project-level integrations. !34742 - Create namespace_limits table with additional purchase columns. !34746 - Add mutation to update merge requests. !34748 - Add plan limits for max size per artifact type. !34767 - Add package scope validation to Node.js template. !34778 - Expose project deploy keys for autocompletion. !34875 - Block invalid URLs in metrics dashboard chart links. !34888 - Add release data to GraphQL endpoint. !34937 - Add ref, released_at, milestones to release yml. !34943 - Add option to unassign member from issuables when removing them from a project. !34946 - Add diff stats fields to merge request type. !34966 - Bump Gitaly to v13.2.0-rc1. !34977 - Add prometheus_alert_id and environment_id to Alert management alerts. !34995 - Add full width to single charts in a row. !34999 - Support extensibility for Editor Lite. !35008 - Add snippets_size to ProjectStatistics. !35017 - Add SnippetStatistics model. !35026 - Add metrics settings menu to dashboard header. !35028 - Surface metrics charts on the alert detail page. !35044 - Add milestone stats to GraphQL endpoint. !35066 - Add a custom HTML renderer to the Static Site Editor for markdown identifier syntax. !35077 - Expose ref, milestones, released_at to releaser-cli. !35115 - Add snippet statistics logic. !35118 - Allow files with .md.erb extension for the Static Site Editor. !35136 - Add migration for experimental product analytics table. !35168 - Extend ECS Deploy template with Fargate jobs. !35173 - Upgrade Pages to 1.20.0. !35177 - Automatically close related issue when resolving Alert Management Prometheus Alert. !35208 - Create API to retrieve resource state events. !35210 - Allow diffs to be viewed file-by-file. !35223 (rinslow) - Add indices for projects with disable_overriding_approvers_per_merge_request. !35224 - Log name of class that failed to obtain exclusive lease. !35228 - Render source job info in TriggeredPipelineEntity. !35232 - Add refresh rate options to dashboard header. !35238 - Add annotation component for DAG. !35240 - Add a custom HTML renderer to the Static Site Editor for embedded ruby (ERB) syntax. !35261 - Display metric label in single stat. !35289 - Add issue column to alert list. !35291 - Expose metrics dashboard URL for alert GraphQL query. !35293 - Allow diffing changes in wiki history. !35330 (gwhyte, Steve Mokris) - Added support for reordering issues to the v4 API. !35349 (Joel @jjshoe, Lee Tickett @leetickett) - Add 'not' params to MergeRequests API endpoint. !35391 - Implement GraphQL query to generate JSON for SAST config UI. !35397 - Add system notes for status updates on alerts. !35467 - Enable S3 Workhorse client if consolidated object settings used. !35480 - Rolling 28 day time period counter for deployments. !35493 - Add log statements to Projects::ContainerRepository::DeleteTagsService. !35539 - Provide a label for 'Scheduled Pipeline' in the pipelines overview page. !35554 - Add note about SSH key title being public information. !35574 - Add todo pill styling for resolved alert. !35579 - Add support for Markdown in the user's bio. !35604 (Riccardo Padovani) - Introduce prepare environment action to annotate non-deployment jobs. !35642 - Add custom Dockerfile paths to Auto DevOps Build stage with DOCKERFILE_PATH. !35662 (thklein) - Add MergeRequest.diffStatsSummary.fileCount to graphql API. !35685 - Introduces Group Level Delayed Project Removal Setting. !35689 - Update cluster-applications to 0.23.0. !35691 - Resolve user's todo when an alert is resolved. !35700 - Show when alert is new in the Alerts list. !35708 - Convert Import/Export rate limits to configurable application settings. !35728 - Add installed state metrics for Cilium cluster application. !35808 - Add support for linting based on schemas in WebIDE. !35838 - Add a metrics settings button to the dashboard header. !35848 - Prevent a project bot from being removed as member. !35899 - Add background_migration_jobs table to trace background migrations. !35913 - Allow prefixing with Draft to mark MR as WIP. !35940 - FindRemoteRepository is storage scoped. !35962 - Include project and subgroup milestones on Roadmap page. !35973 - Todo Mutations should return the mutated todos. !35998 - Add API support for instance-level Kubernetes clusters. !36001 - Add count to imported Jira issues message. !36075 - Add temporary storage increase column. !36107 - Remove generic_alert_fingerprinting feature flag. !36148 - Upgrade GitLab Pages to 1.21.0. !36214 - Move approvals endpoints to FOSS version. !36237 - Add initial custom HTML renderer to the Static Site Editor to prevent editing in WYSIWYG mode. !36250 - Open new alert when existing alert is resolved. !36261 - Add custom avatars for Alert and Support Bot. !36269 - Add PagerDuty integration columns to `project_incident_management_settings` table. !36277 - Enable Alerts dropdown in Operations Settings. !36296 - Add number of approval project rules to usage ping. !36316 - Add namespace settings table. !36321 - Add a custom HTML renderer to the Static Site Editor for HTML block syntax. !36330 - Expose gitlab managed apps logs inside log explorer. !36336 - Add keyboard shortcut ('b') to copy MR source branch name on MR page. !36338 - Add a custom HTML renderer to the Static Site Editor for font awesome inline HTML syntax. !36361 - Add system note for alert when creating issue. !36370 - Periodically update container registry type settings. !36415 - Expands Jira integration to allow viewing and searching a list of of Jira issues directly within GitLab. !36435 - Show Approve button on merge requests in Core. !36449 - Measure adoption of package registry. !36514 - If a user does not have write access to repo, but a fork exists, the Web IDE button should take them to the fork. !36548 - Enable Batch Suggestins feature flag by default. !36561 - Add default and non-default branch jobs for secret detection. !36570 - Add a custom HTML renderer to the Static Site Editor for markdown identifier instance syntax. !36574 - Add docs for Alert trigger test alerts. !36647 - Support short urls for custom metrics dashboards. !36740 - Update cluster-applications to 0.24.2. !36768 - Add new Confluence integration for projects. !36781 - Add confidential attribute to public API for notes creation. !36793 - Add confidential attribute to graphQL for notes creation. !36799 - Prometheus instances behind Google IAP can now be accessed via manual configurations. !36856 - GraphQL mutation for changing locked status of an issue. !36866 - Default the feature flag to true to always show the default initial branch name setting. !36889 - Enable feature flag 'sectional_codeowners' Sections for Code Owners. !36902 - Add pagination to iterations list. !37052 - Add Jsonnet template for GitLab. !37058 - Enable design activity events by default. !37107 ### Other (137 changes, 45 of them are from the community) - Improve fast-forward merge is not possible message. !22834 (Ben Bodenmiller) - Add node ci template. !25668 - Deduplicate merge_request_metrics table. !29566 - Remove unused WAF indexes from CI variables. !30021 - Update the visual design of badges in some areas. !31646 - Extract featurable concern from ProjectFeature. !31700 (Alexander Randa) - Remove update function logic from list model. !31900 (nuwe1) - Remove nextpage function logic from list model. !31904 (nuwe1) - Squash database migrations prior to 2019 into one. !31936 - Update deprecated slot syntax in app/assets/javascripts/reports/components/grouped_test_reports_app.vue. !31975 (Gilang Gumilar) - Replace slot syntax for Vue 3 migration. !31987 (gaslan) - Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue. !31994 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue. !31995 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue. !32010 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/environments/components/environments_app.vue. !32011 (Gilang Gumilar) - Remove setLoadingState logic from issue model. !32226 (nuwe1) - Remove addAssignee logic from issue model. !32231 (nuwe1) - Remove addLabel Logic from issue models. !32233 (nuwe1) - Remove addMilestone logic from issue model. !32235 (nuwe1) - Remove destroy function logic from list model. !32237 (nuwe1) - Remove findAssignee logic from issue model. !32238 (nuwe1) - Remove findLabel logic from issue model. !32239 (nuwe1) - Remove findIssue logic from list model. !32241 (nuwe1) - Remove moveIssue logic from list model. !32242 (nuwe1) - Remove moveMultipleIssues logic from issue model. !32243 (nuwe1) - Remove newIssue logic from list model. !32244 (nuwe1) - Remove onNewIssueResponse logic from list model. !32245 (nuwe1) - Remove removeAllAssignees logic from issue model. !32247 (nuwe1) - Remove removeAssignee logic from issue model. !32248 (nuwe1) - Clarify verbiage for stuck job messages. !32250 - Remove removeLabel logic from issue model. !32251 (nuwe1) - Remove removeLabels logic from issue model. !32252 (nuwe1) - Remove removeMilestone logic from issue model. !32253 (nuwe1) - Remove removeMultipleIssues logic from list model. !32254 (nuwe1) - Remove setFetchingState logic from issue model. !32255 (nuwe1) - Remove updateData logic from issue model. !32256 (nuwe1) - Update U2F docs for Firefox 67+. !32289 (Takuya Noguchi) - Update alert management mobile table alignment. !32295 - Include available instance memory in usage ping. !32315 - Moves merge request reviews into Core. !32558 - Update GitLab Runner Helm Chart to 0.17.0. !32634 - Add snowplow tracking for logs page. !32704 - Extend "Remember me" token after each login. !32730 - Assign alerts sidebar container fix. !32743 - Add anchor for creating a branch. !32745 - Tidy. !32759 (Lee Tickett) - Less verbose JiraService error logs. !32847 - Reduced padding and increased emphasis of titles within the epic tree. !32873 - Add source to resource state events. !32924 - Remove obsolete users.ghost column. !32957 - Move NoPrimary table def to last context in spec. !33015 (Rajendra Kadam) - Document github rate limit behavior. !33090 - Added build_id column to requirements_management_test_reports table. !33184 - Add version history information on U2F support. !33229 (Takuya Noguchi) - Convert IP spoofing errors into client errors. !33280 - Update docs to reflect move web IDE Terminal and file sync to Core. !33419 - Add hovering icon for sorting columns on alert management list. !33429 - Upgrade Grape v1.1.0 to v1.3.3. !33450 - Avoid javascript for omniauth logins. !33459 (Diego Louzán) - Add opacity transition to active design discussion pins. !33493 - Update GitLab Runner Helm Chart to 0.17.1. !33504 - Store pipeline creation errors and warnings into Ci::PipelineMessage. !33762 - Make project selector in various dashboard more translatable. !33771 - Update Workhorse to v8.35.0. !33817 - Remove FF hide_token_from_runners_api. !33947 - Bump omniauth_openid_connect to 0.3.5. !34030 (Roger Meier) - Specify tiers for SAML SSO at self-hosted plans. !34040 (Takuya Noguchi) - Backfill failed imported snippet repositories. !34052 - Use GitLab SVG icon for file attacher action. !34196 - Suppress progress on pulling on Performance Test. !34368 (Takuya Noguchi) - Update icon associated with attach a file actions. !34401 - Add GraphQL snippet FileInputType. !34442 - Move filter code into finder. !34470 (Ravishankar) - Update blue hex values to match GitLab UI. !34530 - Remove legacy job log rendering. !34538 - Update red hex values to match GitLab UI. !34544 - Update green hex values to match GitLab UI. !34547 - Validate the existing not null constraints on columns for ci_job_artifacts, lfs_objects, and uploads tables. !34568 - Move HasStatus module to the Ci namespace. !34577 (blackst0ne) - Update pinned links to use GlButton. !34620 - Add machine/sysname/release in topology usage ping. !34627 - Remove build dependencies on code quality and license scanning. !34659 - Add :section to approval_merge_request_rule unique index. !34680 - Replace double angle icons with double chevron. !34736 - Update Workhorse to v8.36.0. !34759 - Update heart icon from FontAwesome to GitLab SVG. !34777 - Fix broken CSS for system notes. !34870 - Fix Gitaly duration tracking of RefService RPCs. !34904 - Fix Gitaly duration timings of BlobService RPCs. !34906 - Fix Gitaly duration timings for conflicts and search RPCs. !34909 - Add validation for move action in SnippetInputAction. !34911 - Fix Gitaly duration timings for other CommitService RPCs. !34933 - Add project_key column to jira_tracker_data table. !34949 - Update GitLab Runner Helm Chart to 0.18.0. !34969 - Copy snippet route under - scope. !35020 - Copy project snippet routes under - scope. !35022 - Removes monkey patch to generate 6.0.3 style token. !35104 - Create time-space partitions in separate schema gitlab_partitions_dynamic. !35137 - Edit copy of DAG unsupported data alert. !35170 - Move configuration for Alerts endpoint from "Settings > Integration" to "Settings > Operations > Alerts". !35187 - Clean up GitlabIssueTrackerService database records. !35221 - Throttle ProjectUpdateRepositoryStorageWorker Jobs. !35230 - Suppress progress on docker pulling in builtin templates. !35253 (Takuya Noguchi) - Create schema for static partitions. !35268 - Add default_branch_name to application_settings. !35282 - Upgrade Gitaly to 13.2.0-rc2. !35345 - Drop partitions_dynamic schema if it exists. !35426 - Avoid grouping statement timeouts in Sentry. !35479 - Database migration to add project_settings.has_confluence. !35485 - Update UI links to docs in core features. !35488 - Update Sidekiq to v5.2.9. !35495 - Move profiles/keys#get_keys to users#ssh_keys. !35507 (Takuya Noguchi) - Add default_branch_name to ApplicationSettings visible attrs. !35681 - Update GitLab Runner Helm Chart to 0.18.1. !35712 - Prepare database for WebAuthn. !35797 (Jan Beckmann) - Remove dead Elasticsearch indexing code. !35936 - Add alias expansion to Terraform documentation. !35941 (zmeggyesi) - Hide dropdown header on list view. !35954 - Update GitLab Elasticsearch Indexer. !35966 - Restore the search autocomplete for groups/project/other. !35983 - Add issues_enabled column to jira_tracker_data table. !35987 - Normalize the 'thumb-up', 'thumb-down' icon. !35988 - Add migration to drop unused daily report results table. !36102 - Updating $gray-200 hex value and remapping current instances to $gray-100. !36128 - Removes ci_ensure_scheduling_type feature flag. !36140 - Update more UI links to docs in core features. !36174 - Format graphql files with prettier. !36244 - Replace FA play icon with svg in pipeline schedule and admin runner page. !36379 - Backfill project snippet statistics. !36444 - Expose blob mode in GraphQL for repository files. !36488 - Drop index of ruby objects in details on audit_events table. !36547 - Expand Operations > Alerts section by default via link follow through. !36649 - Update snippets housecleaning docs. !36715 - Update Rouge to v3.21.0. !36942 - Update GITLAB_WORKHORSE_VERSION to 8.37.0. !36988 - Track the number of unique users who push, change wikis and change design managerment. - Remove removeIssue logic from list model. (nuwe1) ## 13.1.10 (2020-09-02) ### Security (1 change) - Protect OAuth endpoints from brute force/password stuffing. ## 13.1.9 (2020-09-02) ### Security (23 changes, 1 of them is from the community) - Check validity of project's import_url before mirroring repository. - Show on two-factor authentication setup page groups that are the cause of this requirement. - Prevent interrupted 2FA sign-in from signing-in incorrect user. - Create new 2FA code each time user is entering 2FA setup page. - Remove all sessions but current while enabling 2FA. - Invalidate two factor sign-in when user password changes. - Delete members invites created by users being deleted. - Prevent OmniAuth from rendering arbitrary error messages. - Prevent not-2fa authenticated users that are supposed to use it to consume api via session. - Invalidate remember me when an active session is revoked. - Add rate limit on webhooks testing feature. - Add scope presence validation to OAuth Application creation. - Allow only running job tokens for API authentication. - Prevent Deploy Tokens to read project resources when repository is disabled. - Change conan api to use proper workhorse validation. - Ensure global ID is of Snippet type in GraphQL destroy mutation. - Fix Improper Access Control on Deploy-Key. - Set maximum limit for profile events. - Persist EKS External ID before presenting it to the user. - Prevent project maintainers from editing group badges. - Upgrade jquery to v3.5. - Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa) - Update GitLab Runner Helm Chart to 0.18.3. ## 13.1.8 (2020-08-18) - No changes. ## 13.1.7 (2020-08-17) ### Security (2 changes) - Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy. - Project access is checked during deploy token authentication. ## 13.1.6 (2020-08-05) ### Security (11 changes) - Add decompressed archive size validation on Project/Group Import. !562 - Enforce 2FA on Doorkeeper controllers. - Refresh project authorizations when transferring groups. - Stop excess logs from failure to send invite email when group no longer exists. - Verify confirmed email for OAuth Authorize POST endpoint. - Revoke OAuth grants when a user revokes an application. - Fix XSS in Markdown reference tooltips. - Fix XSS in milestone tooltips. - Fix xss vulnerability on jobs view. - Block 40-character hexadecimal branches. - Update GitLab Runner Helm Chart to 0.17.2. ## 13.1.5 (2020-07-23) - No changes. ## 13.1.3 (2020-07-06) - No changes. ## 13.1.2 (2020-07-01) ### Security (18 changes) - Update xterm js dependency to latest stable 3.x version. - Do not show activity for users with private profiles. - Fix stored XSS in markdown renderer. - Upgrade swagger-ui to solve XSS issues. - Fix group deploy token API authorizations. - Check access when sending TODOs related to merge requests. - Change from hybrid to JSON cookies serializer. - Prevent XSS in group name validations. - Disable caching for wiki attachments. - Disable Github Importer API by settings. - Fix null byte error in upload path. - Update permissions for time tracking endpoints. - Add snippet repository validation after bundle import. - Update Kaminari gem. - Fix note author name rendering. - Sanitize bitbucket repo urls to mitigate XSS. - Stored XSS on the Error Tracking page. - Fix security issue when rendering issuable. ## 13.1.1 (2020-06-23) ### Fixed (4 changes) - Fix missing templating vars set from URL in metrics dashboard. !34668 - Fix edit status dropdown overflow. !34847 - Load user before logging git http-requests. !34923 - Do not mask key comments for DeployKeys. !35014 ### Added (1 change) - Periodically recompute project authorizations. !34071 ## 13.1.0 (2020-06-22) ### Removed (4 changes, 2 of them are from the community) - Remove deprecated dashboard & group milestone pages. !13237 - Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna) - Remove all search autocomplete for groups/projects/other. !31187 - Remove temporary datepicker position fix as it is no longer required. !31836 (Arun Kumar Mohan) ### Fixed (154 changes, 57 of them are from the community) - Fix 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan) - Fix back button when switching MR tabs. !29862 (Lee Tickett) - Remove ability to scroll Issue while in Design View. !29881 - Fix merge request note label URLs. !30428 (Lee Tickett) - Fix default path when creating project from group template. !30597 (Lee Tickett) - Group authorization refresh to consider shared groups. !31204 - Fix group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta) - Fix issuable listings with any label filter. !31729 - Move prepend to last in ee-app-services. !31838 (Rajendra Kadam) - Fallback to lowest visibility level in snippet visibility radio. !31847 (Jacopo Beschi @jacopo-beschi) - Add class stubs and fix leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam) - Remove usage of spam constants in spec. !31959 (Rajendra Kadam) - Fix leaky constant issue in uninstall progress service check. !32036 (Rajendra Kadam) - Fix leaky constant issue in commit entity spec. !32039 (Rajendra Kadam) - Fix leaky constant issue in task completion status spec. !32043 (Rajendra Kadam) - Fix leaky constant issue in admin mode migration spec. !32074 (Rajendra Kadam) - Fix leaky constant issue in sidekiq middleware server metric spec. !32104 (Rajendra Kadam) - Fix leaky constant issue in sidekiq middleware client metric spec. !32108 (Rajendra Kadam) - Fix leaky constant issue in path regex spec. !32115 (Rajendra Kadam) - Fix leaky constant issue importer and cache headers spec. !32122 (Rajendra Kadam) - Fix leaky constant issue in relation factory spec. !32129 (Rajendra Kadam) - Fix leaky constant issue in test coverage spec. !32134 (Rajendra Kadam) - Prevent emails to user on expiry of impersonation token. !32140 - Fix leaky constant issue in diff collection spec. !32163 (Rajendra Kadam) - Fix leaky constant issue in migration helpers, with lock retries and ignored cols spec. !32170 (Rajendra Kadam) - Fix leaky constant issue in factory spec. !32174 (Rajendra Kadam) - Fix leaky constant issue in creds factory spec. !32176 (Rajendra Kadam) - Use applogger in project import state file. !32182 (Rajendra Kadam) - Use applogger in project.rb. !32183 (Rajendra Kadam) - Use applogger in chat_team.rb. !32184 (Rajendra Kadam) - Use applogger in repository model. !32185 (Rajendra Kadam) - Use applogger in build and ssh host key. !32187 (Rajendra Kadam) - Use applogger in cache attrs and highest role ruby files. !32189 (Rajendra Kadam) - Use applogger in legacy project and namespace. !32190 (Rajendra Kadam) - Use applogger in base.rb. !32191 (Rajendra Kadam) - Use applogger in usage ping and webhook service. !32192 (Rajendra Kadam) - Use applogger in exclusive_lease_guard. !32194 (Rajendra Kadam) - Use applogger in groups destroy service and label create service. !32195 (Rajendra Kadam) - Use applogger in merge_service.rb. !32196 (Rajendra Kadam) - Use applogger in project create service and after import service. !32198 (Rajendra Kadam) - Use applogger in update stats service. !32200 (Rajendra Kadam) - Use applogger in base attachment service. !32201 (Rajendra Kadam) - Use applogger in export service. !32203 (Rajendra Kadam) - Use applogger in akismet service. !32205 (Rajendra Kadam) - Use applogger in file mover file. !32206 (Rajendra Kadam) - Use applogger in commit signature worker. !32207 (Rajendra Kadam) - Use applogger in delete user worker. !32209 (Rajendra Kadam) - Use applogger in email receiver worker. !32211 (Rajendra Kadam) - Use applogger in artifact worker. !32212 (Rajendra Kadam) - Use applogger in new note worker. !32213 (Rajendra Kadam) - Fix duplicate filename displayed in design todos. !32274 (Arun Kumar Mohan) - Add value length validations for instance level variable. !32303 - Resolve image overflow at releases list panel. !32307 - Clean up shared/tmp folder after Import/Export. !32326 - Fix creating release evidence if release is created via UI. !32441 - GraphQL hasNextPage and hasPreviousPage return correct values. !32476 - Fix loading and empty state styling for alerts list. !32531 - Resolve incorrect x-axis padding on the Environments Dashboard. !32533 - Fix time_tracking help link. !32552 - Don't display confidential note icon on confidential issue public notes. !32571 - Update container expiration policy database defaults. !32600 - Fix rendering of emojis in status tooltips. !32604 - Hid copy contents button when blob has rendering error. !32632 - Avoid refresh to show endedAt after mutation. !32636 - Fix for metrics creation when saving MR. !32668 - Skip the individual JIRA issues if failed to import vs failing the whole batch. !32673 - Hide "Import from Jira" option from non-entitled users. !32685 - Fix broken help link on operations settings page. !32722 - Allow different in bulk editing issues. !32734 - Fix whitespace changes overgrowing the diff container. !32774 - Improve spacing and wrapping of group actions buttons and stats in group list view. !32786 - Fix "Broadcast Messages" table overflow and button alignment. !32801 - Fix 404 when downloading a non-archive artifact. !32811 - Make commits author button confirm to Pajamas specs. !32821 - Fix filename duplication in design notes in activity feeds. !32823 (Arun Kumar Mohan) - Prevent multiple Auto DevOps deployment jobs running concurrently when using manual rollout. !32824 - Implement displaying downstream pipeline error details. !32844 - Fix Runner heartbeats that results in considering them offline. !32851 - Conan package registry support for the conan_export.tgz file. !32866 - Fix plural message in account deletion section. !32868 - Fix atomic processing bumping a lock_version. !32914 - AsciiDoc: Add support for built-in alignment roles. !32928 (mnrvwl) - Fix a bug where some Vue apps would be unable to load when DAG tab is disabled. !32966 - Fix undefined error in Gitlab::Git::Diff. !32967 - Fix spelling error on Ci::RunnersFinder. !32985 (Arthur de Lapertosa Lisboa) - Fix polling for resource events. !33025 - Fix broken CSS classes inside alert management list. !33038 - Fix bug in snippet create mutation with non ActiveRecord errors. !33085 - Fix overflow issue in MR and Issue comments. !33100 - Fix alignment of button text on the Edit Release page. !33104 - Deduplicate URL parameters when requesting merge request diffs which causes diffs load to fail. !33117 - Fix tabbing through form fields in projects/new flow. !33209 - Fix incorrect commit search results returned when searching with ref. !33216 - Fix NoMethodError by using the correct method to report exceptions to Sentry. !33260 - Fix KaTeX font paths. !33338 - Resolve Fix Incomplete Kubernetes Cluster Status List. !33344 - Fix auto-merge not running after discussions resolved. !33371 - Fix bug in snippets updating only file_name or content. !33375 - Fix invisible emoji modal on Set Status form when clicked the second time. !33398 - vertically center action icon in the CI pipeline. !33427 (Nathanael Weber) - Wrap auto merge parameters update in database transaction. !33471 - Return 404 response when redirecting request with invalid url. !33492 - Fix ambiguous string concatenation on CleanupProjectsWithMissingNamespace. !33497 - Fix snippet repository import edge cases. !33506 - Rust CI template: Replace --all with --workspace on cargo test. !33517 (Markus Becker) - Make markdown textarea links tab-accessible. !33518 - Pass hard delete option to snippets bulk destroy. !33520 - Fix CI rules for ECS related jobs. !33527 - Update GitLab Workhorse to v8.34.0. !33543 - Fix snippet repository import fail with older export files. !33584 - Web IDE: Create template files in the folder from which new file request was made. !33585 (Ashesh Vidyut) - Improve header acccessibility. !33603 - Remove non migrated snippets from failed imports. !33621 - Prevent duplicate issues when importing from CSV. !33626 - Fix sidebar spacing for alert details. !33630 - Fix linking alerts to created issues for the Generic alerts intergration. !33647 - Resolve spacing ux debt on Release assets form field. !33684 - Fix pagination link header. !33714 (Max Wittig) - Fix Value Stream Analytics summary when using non-english locale. !33717 - Fix bug with variable substitution in alerts. !33772 - Allow wiki pages with +<> characters in their title to be saved. !33803 - Fix force_remove_source_branch not working in API. !33804 - Fix prometheus alerts not being automatically created. !33806 - Fix pagination for resource label events. !33821 - Fix relative URL root in wiki_base_path. !33841 - Return code navigation path for nil diff_refs. !33850 - Record audit event when an admin creates a new SSH Key for a user via the API. !33859 (Rajendra Kadam) - Do not create duplicate issues for exising Alert Management alerts. !33860 - Add link text to collapsed left sidebar links for screen readers. !33866 - Update text in error tracking list error message. !33872 - Adjust wrong column reference for ResetMergeStatus (background job). !33899 - Fixed dashboard YAML file validaiton for files which do not contain object as root element. !33935 - Fix design note scrolling. !33939 - Update validates_hostname gem with support for more TLDs. !34010 - Update wording of addMultipleToDiscussionWarning. !34088 - Show all storages in settings. !34093 - Set author as nullable in snippet GraphQL Type. !34135 - Fix rendering of very long paths in merge request file tree. !34153 - Remove not null constraint from events tables. !34190 - Ensure we always generate a valid wiki event URL. !34191 - Send information about attached files to the GraphQL mutation. !34221 - Update issue limits template to use minutes. !34254 - Add route for the lost-and-found group and update the route of orphaned projects. !34285 - GraphQL - properly handle pagination of millisecond-precision timestamps. !34352 - Fix 500 error in BlobController#delete. !34367 - Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup, a fix for multiline K8S_SECRET variables, updated Helm to 2.16.7 and glibc to 2.31. !34399 (verenion) - Fix issues with scroll on iOS / iPad OS. !34486 - Fix order of integrations to be sorted alphabetically. !34501 - Fix undefined method error. !34522 - Use Keys::DestroyService for deleting an SSH key when an admin deletes a key via the API. !34535 (Rajendra Kadam) - Removed default artifact name for Terraform template. !34557 - Footer system message fix. - Set experiementation cookie for GitLab domain only. - Add DS detection of build.gradle.kts. ### Changed (76 changes, 5 of them are from the community) - Add a GraphQL endpoint to fetch Jira projects through its REST API. !28190 - Change legends in monitor dashboards to tabular layout. !30131 - Move pipelines routing under /-/ scope. !30730 - Set markdown toolbar to use hyphens for lists. !31426 - Use sprites for comment icons on Commits. !31696 - Rate limit project export by user. !31719 - Reorder diffs compare versions dropdowns. !31770 (Gilang Gumilar) - Enable the `in this group` action in the Search dropdown. !31939 - Externalize i18n strings from ./app/views/shared/_promo.html.haml. !32109 (Gilang Gumilar) - Add Usage Ping count for all searches. !32111 - Add tags_count to container registry api and controller. !32141 - Externalize i18n strings from ./app/views/shared/milestones/_sidebar.html.haml. !32150 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_form_dates.html.haml. !32162 (Gilang Gumilar) - Improve Container Registry UI header. !32424 - Added node size to cluster index. !32435 - Update operations metrics settings title and description to make them general. !32494 - Track merge_requests_users usage data. !32562 - Adds cluster CPU and Memory to cluster index. !32601 - Allow the snippet create service to accept an array of files. !32649 - Move review related controllers/workers outside EE. !32663 - Move the Members section from settings to the side nav for projects. !32667 - Show more context in unresolved jump button. !32737 - Exclude extra.server fields from exceptions_json.log. !32770 - Improve new/unknown sign-in email styling. !32808 - Allow the snippet update service to accept an array of files. !32832 - Add new issue link to email notification header. !32833 - Bump cluster-applications to 0.17.0, which updates Runner to 0.17.0 and Cilium to 1.7.4. !32931 - Update artifacts section to show when an artifact is locked. !32992 - Include tag count in the image repository list. !33027 - Clean up gitlab-shell install-from-source path. !33057 - Increase LFS token default time to 2 hours. !33140 - Add explicit mention of Merge request in Slack message. !33152 - Expose `release_links.type` via API. !33154 - Add link_type column to release_links table. !33156 - Move broadcast notification dismiss button to the top. !33174 - Remove null constraint for JID in GroupImportState. !33181 - Added provider type icon to cluster list. !33196 - Remove search icon from Project find file button. !33198 - Refine SAST language detection by frameworks. !33226 - Render Merge request reference as link. !33248 - Upgrade to Gitaly v13.1.0-rc1. !33302 - Show disabled suggestion button with tooltip message. !33357 - Add update validations to SnippetInputAction. !33379 - Add snippet DB visibility check in spec. !33388 (Jacopo Beschi @jacopo-beschi) - Add Hugo logo to project templates. !33402 - Add GitBook logo to project templates. !33403 - Add GoMicro logo to project templates. !33404 - Add Jekyll logo to project templates. !33405 - Add Hexo logo to project templates. !33406 - Rename Add Designs button. !33491 - Add CPU, memory usage charts to self monitoring default dashboard. !33532 - Add database migrations to design_management_designs.filename to enforce a 255 character limit, and modify any filenames that exceed that limit. !33565 - Track Sentry error status updates with dedicated actions. !33623 - Alert Managament: Change sorting order to have newest alerts first. !33642 - Add blobs field to SnippetType in GraphQL. !33657 - Format metrics column chart x axis dates. !33681 - Style ToastUI contextual menus. !33719 - Update Auto deploy image to v0.16.1, introducing support for AUTO_DEVOPS_DEPLOY_DEBUG. !33799 - Add whether instance has Auto DevOps enabled to usage ping. !33811 - Update local IP address and domain name allow list input label. !33812 - Add date time format to the monitor stacked-column chart. !33814 - Allow Tf Plan to genrate multiple reports. !33867 - Remove async_merge_request_check_mergeability feature flag. !33917 - Filter potentially-sensitive Sidekiq arguments from logs and Sentry. !33967 - Update Static Site Editor toolbar to group inline-code and code-block buttons together. !34006 - Set default values for SAST_EXCLUDED_PATHS and DS_EXCLUDED_PATHS. !34076 - Add ability to filter self monitoring resource usage charts by instance name. !34084 - Pick repository storage based on weight. !34095 - Display error for YAML files that are too large. !34199 - Change copy of webhooks / integration help text. !34301 - Update board header icons. !34366 - Show Redis instance in performance bar. !34377 - Add secret detection template to Auto DevOps. !34467 - Add allowed actions to snippet input action. !34499 - Change from vendor specific to Gitlab. !34576 - Assign alerts sidebar base. ### Performance (19 changes, 1 of them is from the community) - Improve performance of commit search by limiting the number of results requested. !32260 - Add GraphQL lookahead support. !32373 - Update index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial index for secret_detection. !32584 - Add index on id and type for Snippets. !32885 - Use build_stubbed to avoid interacting with the DB in todos helper specs. !32906 (Arun Kumar Mohan) - Optimize SQL queries on Milestone index page. !32953 - Add build report results data model. !32991 - Adjust condition for partial indexes on services table. !33044 - Add index to issues and epics on last_edited_by_id. !33075 - Fix preconnect typo in rel link. !33255 - Add project_id, user_id, status, ref index to ci_pipelines. !33290 - Move migration related to ci_builds to post_deployment. !33416 - Reduce redundant queries for Search API users scope. !33795 - Speed up boot time in production. !33929 - Harden CI pipelines usage data queries with an index. !34045 - Add partial index on locked merge requets. !34127 - Lazy load commit_date and authored_date on Commit. !34181 - Optimize container repository for groups query. !34364 - Enable CI Atomic Processing by default. ### Added (149 changes, 14 of them are from the community) - Add rake task to verify encrypted data through secrets. !21851 - User can apply multiple suggestions at the same time. !22439 (Jesse Hall) - Resolve Add a button to assign users who have commented on an issue. !23883 - Resolve Graph code coverage changes over time for a project. !26174 - Add doc for custom validators in api styleguide. !26734 (Rajendra Kadam) - Add Scheduled Job for Monitoring Monitor Group Demo Environments. !27360 - Add setting to allow merge on skipped pipeline. !27490 (Mathieu Parent) - Add dark theme (alpha). !28252 - Show estimate on issues list. !28271 (Lee Tickett) - Make Fixed Email Notification Generally Available. !28338 (jacopo-beschi) - Add a link to the `renamed` viewer to fully expand the renamed file (if it's text). !28448 - Focus and toggle metrics dashboard panels via keyboard. !28603 - Remove `scoped_approval_rules` feature flag. !28864 (Lee Tickett) - Create Group import UI for creating new Groups. !29271 - Add finder for group-level runners. !29283 (Arthur de Lapertosa Lisboa) - Allow customization of badge key_text and key_width. !29381 (Fabian Schneider @fabsrc) - Support Workhorse directly uploading files to S3. !29389 - Add frontend support for multiline comments. !29516 - Support first_name and last_name attributes in LDAP user sync. !29542 - Add link to status page detail view for status page published issues. !30249 - Add metrics dashboard name to document title. !30392 - Backfill StatusPage::Published incidents and enable a publish quick action for EE. !30906 - Add missing Merge Request fields. !30935 - Show build status on branch list. !30948 (Lee Tickett) - Add mutation to create commits in GraphQL. !31102 - Add GraphQL support for authored and assigned Merge Requests. !31227 - Add usage data metrics for terraform states. !31280 - Add usage data metrics for terraform reports. !31281 - Add API endpoint for listing bridge jobs. !31370 (Abhijith Sivarajan) - SpamVerdictService can call external spam check endpoint. !31449 - Move Admin note feature to GitLab Core. !31457 (Rajendra) - Add DAG serializer for pipelines controller. !31583 - Save repository storages in application settings with weights. !31645 - Add API endpoint for resource milestone events. !31720 - Show import in progress screen for group imports. !31731 - Add Verify/FailFast CI template. !31812 - Improve Add/Remove Issue Labels API. !31864 (Lee Tickett) - Add mutation to create a merge request in GraphQL. !31867 - Add warning popup for Elastic Stack update. !31972 - Add API support for sharing groups with groups. !32008 - Add the container expiration policy attribute to the project GraphQL type. !32100 - Add GraphQL support for project and group labels. !32113 - Add number of database calls to Prometheus metrics and logs for sidekiq and request. !32131 - Filter pipelines by status. !32151 - Filter pipelines based on url query params. !32230 - Add metrics for Redis usage during Sidekiq job execution. !32265 - Add filters to merge request fields. !32328 - Support reading .editorconfig files inside of the Web IDE. !32378 - [Frontend] Resolvable design discussions. !32399 - Table index added to `metrics_dashboard_annotations` for future pruning of stale metrics Annotations for metrics dashboards are now checked for valid start and end dates. !32433 - Enable GitLab-Flavored Markdown processing for design links. !32446 - Filter Pipelines by Tag Name. !32470 - Adds sorting by column to alert management list. !32478 - Add project specific repository storage API. !32493 - Adapt Limitable for system-wide features. !32574 - Add application limits to instance level CI/CD variables. !32575 - Add model for project level security auto-fix settings. !32577 - Expose Jira imported issues count in GraphQL. !32580 - Organize alerts by status tabs. !32582 - Add note to ECS CI template. !32597 - Add metrics for Redis usage during web requests. !32605 - Add database and GraphQL support for alert assignees. !32609 - Set fingerprints and increment events count for Alert Management alerts. !32613 - Process stuck jira import jobs. !32643 - Allow user to add custom links to their metrics dashboard panels. !32646 - Add tags to experimental queue selector attributes. !32651 - Allow generic endpoint to receive alerts from external Prometheus. !32676 - Customize the Cloud Native Buildpack builder used with Auto Build. !32691 - Add timezone display to alert based issue start time. !32702 - Display dates on metrics dashboards in UTC time zone. !32746 - Store Todo resolution method. !32753 - Add experience_level to user_preferences. !32784 - Remove metrics dashboard annotations attached to time periods older than two weeks. !32838 - Monitor:Health metrics instrumenation. !32846 - Adds PostHog as a CI/CD Managed Application. !32856 - Groups API has top_level_only option to exclude subgroups. !32870 - Create operations_feature_flags_issues table. !32876 - Add api.js methods to update issues and merge requests. !32893 - Render user-defined links in dashboard yml file on metrics dashboard. !32895 - Add accessibility report MR widget. !32902 - Add a GraphQL mutation for toggling the resolved state of a Discussion. !32934 - Add container expiration policy objects to the GraphQL API. !32944 - Don't hide Commit tab in Web IDE when there are no changes yet. !32979 - Add column for alert slack notifications. !33017 - Add ability to insert an image via SSE. !33029 - Add user root query to GraphQL API. !33041 - Adds groupMembership and projectMembership to GraphQL API. !33049 - Alerts list pagination. !33073 - Add ApplicationSetting ui changes for repository_storages_weighted. !33096 - Display confirmation modal when user exits SSE and there are unsaved changes. !33103 - Add column dashboard_timezone to project_metrics_setting. !33120 - Allow the assignment of alerts to users from the alert detail view. !33122 - Add solarized dark for Web IDE. !33148 - Add support for artifacts/exclude configuration. !33170 - Add root users query to GraphQL API. !33195 - Added validation for YAML files with metrics dashboard definitions. !33202 - Create issue from alert. !33213 - Add max import file size option. !33215 (Roger Meier) - Add system note when assigning user to alert. !33217 - Add count of alerts from all sources to usage ping. !33220 - Add button to create an issue from an alert management alert. !33221 - Add more detail to alert integration settings description. !33244 - Add Evidence to Releases GraphQL endpoint. !33254 - Add support for pasting images in the Web IDE. !33256 - Add ProjectAccessToken table. !33272 - Automatically resolve alert when associated issue closes. !33278 - Add `link_type` to `ReleaseLink` GraphQL type. !33386 - Add members to project graphQL endpoint. !33418 - Update Static Site Editor WYSIWYG mode to hide front matter. !33441 - Added delete action for Dashboard Annotations in GraphQL. !33468 - Create graphQL endpoint for Jira users import. !33501 - Support IAP protected prometheus installations. !33508 - New instance-level variables UI. !33510 - Provide `__range` variable for Prometheus queries. !33521 - Add support for `git filter-repo` to repository cleanup. !33576 - Close open reply input fields in the design view sidebar when leaving a new comment. !33587 - Add dashboard schema validation warnings as metrics dashboard GraphQL field. !33592 - Add time range to user-defined links in metrics dashboard. !33663 - Increase events count for Prometheus alerts. !33706 - Track pod logs refresh action. !33802 - Add secret detection template. !33869 - Add DAG visualization MVC. !33958 - Introduce a feature flag for Vue-based UI for all import providers. !33980 - Add sticky title on Issue pages. !33983 - Allow Release asset links to be associated with a type. !33998 - Support user-defined Grafana links in metrics dashboard. !34003 - Adds AWS guidance to CI/CD > Add Variable modal. !34009 - Show custom attributes within Admin Pages. !34017 (Roger Meier) - Enable Slack notifications for alerts. !34038 - Container expiration policy regular expressions are now validated. !34063 - Add todo when alert is assigned to a user. !34104 - Track merge requests submitted by Static Site Editor. !34105 - Turn off alert issue creation by default. !34107 - Add detailed logs of each Redis instance usage during job execution and web requests. !34110 - Add API to schedule project repository storage moves. !34119 - Add validation step on backend for metrics dashboard links. !34204 - Track when Static Site Editor is initialized. !34215 - Bring SAST to Core - brakeman. !34217 - Mask key comments when exposing SSH/Deploy Keys via the API. !34255 - Convert `:release` yaml to `release-cli` commands. !34261 - Validate regex before sending them to CleanupContainerRepositoryWorker. !34282 - Add secret_detection to DOWNLOADABLE_TYPES. !34313 - Enable ability to assign alerts to users with corresponding system notes and todos. !34360 - Enable CI Inheriting Env Variables feature. !34495 - Show tooltip on error detail page when hovering over dates. !34506 - Add native code intelligence. !34542 - Bump cluster-applications version to v0.20.0. !34569 - Add search argument for AlertStatusCountsResolver. !34596 - Allow CI_JOB_TOKEN for authenticating to the Terraform state API. !34618 ### Other (65 changes, 36 of them are from the community) - Improve fast-forward merge is not possible message. !22834 (Ben Bodenmiller) - Remove unused WAF indexes from CI variables. !30021 - Update the visual design of badges in some areas. !31646 - Extract featurable concern from ProjectFeature. !31700 (Alexander Randa) - Remove update function logic from list model. !31900 (nuwe1) - Remove nextpage function logic from list model. !31904 (nuwe1) - Squash database migrations prior to 2019 into one. !31936 - Update deprecated slot syntax in app/assets/javascripts/reports/components/grouped_test_reports_app.vue. !31975 (Gilang Gumilar) - Replace slot syntax for Vue 3 migration. !31987 (gaslan) - Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue. !31994 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue. !31995 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue. !32010 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/environments/components/environments_app.vue. !32011 (Gilang Gumilar) - Remove setLoadingState logic from issue model. !32226 (nuwe1) - Remove addAssignee logic from issue model. !32231 (nuwe1) - Remove addLabel Logic from issue models. !32233 (nuwe1) - Remove addMilestone logic from issue model. !32235 (nuwe1) - Remove destroy function logic from list model. !32237 (nuwe1) - Remove findAssignee logic from issue model. !32238 (nuwe1) - Remove findLabel logic from issue model. !32239 (nuwe1) - Remove findIssue logic from list model. !32241 (nuwe1) - Remove moveIssue logic from list model. !32242 (nuwe1) - Remove newIssue logic from list model. !32244 (nuwe1) - Remove removeAllAssignees logic from issue model. !32247 (nuwe1) - Remove removeAssignee logic from issue model. !32248 (nuwe1) - Clarify verbiage for stuck job messages. !32250 - Remove removeLabel logic from issue model. !32251 (nuwe1) - Remove removeLabels logic from issue model. !32252 (nuwe1) - Remove removeMilestone logic from issue model. !32253 (nuwe1) - Remove removeMultipleIssues logic from list model. !32254 (nuwe1) - Remove setFetchingState logic from issue model. !32255 (nuwe1) - Remove updateData logic from issue model. !32256 (nuwe1) - Update U2F docs for Firefox 67+. !32289 (Takuya Noguchi) - Update alert management mobile table alignment. !32295 - Include available instance memory in usage ping. !32315 - Moves merge request reviews into Core. !32558 - Update GitLab Runner Helm Chart to 0.17.0. !32634 - Add snowplow tracking for logs page. !32704 - Extend "Remember me" token after each login. !32730 - Assign alerts sidebar container fix. !32743 - Add anchor for creating a branch. !32745 - Tidy. !32759 (Lee Tickett) - Less verbose JiraService error logs. !32847 - Reduced padding and increased emphasis of titles within the epic tree. !32873 - Remove obsolete users.ghost column. !32957 - Move NoPrimary table def to last context in spec. !33015 (Rajendra Kadam) - Document github rate limit behavior. !33090 - Added build_id column to requirements_management_test_reports table. !33184 - Add version history information on U2F support. !33229 (Takuya Noguchi) - Convert IP spoofing errors into client errors. !33280 - Update docs to reflect move web IDE Terminal and file sync to Core. !33419 - Add hovering icon for sorting columns on alert management list. !33429 - Avoid javascript for omniauth logins. !33459 (Diego Louzán) - Add opacity transition to active design discussion pins. !33493 - Update GitLab Runner Helm Chart to 0.17.1. !33504 - Make project selector in various dashboard more translatable. !33771 - Update Workhorse to v8.35.0. !33817 - Remove FF hide_token_from_runners_api. !33947 - Bump omniauth_openid_connect to 0.3.5. !34030 (Roger Meier) - Specify tiers for SAML SSO at self-hosted plans. !34040 (Takuya Noguchi) - Backfill failed imported snippet repositories. !34052 - Use GitLab SVG icon for file attacher action. !34196 - Add GraphQL snippet FileInputType. !34442 - Update red hex values to match GitLab UI. !34544 - Remove removeIssue logic from list model. (nuwe1) ## 13.0.14 (2020-08-18) - No changes. ## 13.0.13 (2020-08-17) ### Security (2 changes) - Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy. - Project access is checked during deploy token authentication. ## 13.0.12 (2020-08-05) ### Security (10 changes) - Add decompressed archive size validation on Project/Group Import. !562 - Enforce 2FA on Doorkeeper controllers. - Refresh project authorizations when transferring groups. - Stop excess logs from failure to send invite email when group no longer exists. - Verify confirmed email for OAuth Authorize POST endpoint. - Revoke OAuth grants when a user revokes an application. - Fix XSS in Markdown reference tooltips. - Fix XSS in milestone tooltips. - Fix xss vulnerability on jobs view. - Block 40-character hexadecimal branches. ## 13.0.11 (2020-08-05) This version has been skipped due to packaging problems. ## 13.0.10 (2020-07-09) ### Fixed (1 change) - Fix gitlab:*:check Rake tasks. !35944 ## 13.0.9 (2020-07-06) - No changes. ## 13.0.8 (2020-07-01) ### Security (18 changes) - Update xterm js dependency to latest stable 3.x version. - Do not show activity for users with private profiles. - Fix stored XSS in markdown renderer. - Upgrade swagger-ui to solve XSS issues. - Fix group deploy token API authorizations. - Check access when sending TODOs related to merge requests. - Change from hybrid to JSON cookies serializer. - Prevent XSS in group name validations. - Disable caching for wiki attachments. - Disable Github Importer API by settings. - Fix null byte error in upload path. - Update permissions for time tracking endpoints. - Add snippet repository validation after bundle import. - Update Kaminari gem. - Fix note author name rendering. - Sanitize bitbucket repo urls to mitigate XSS. - Stored XSS on the Error Tracking page. - Fix security issue when rendering issuable. ## 13.0.7 (2020-06-25) ### Fixed (7 changes) - Group authorization refresh to consider shared groups. !31204 - Fix Value Stream Analytics summary when using non-english locale. !33717 - Fix bug with variable substitution in alerts. !33772 - Fix relative URL root in wiki_base_path. !33841 - Adjust wrong column reference for ResetMergeStatus (background job). !33899 - Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup. !34657 - Load user before logging git http-requests. !34923 ### Added (2 changes) - Provide `__range` variable for Prometheus queries. !33521 - Periodically recompute project authorizations. !34071 ## 13.0.6 (2020-06-10) - No changes. ## 13.0.4 (2020-06-03) ### Security (1 change) - Prevent fetching repository code with unauthorized ci token. ## 13.0.3 (2020-05-29) ### Fixed (8 changes, 1 of them is from the community) - Fixed redirection to project snippets. !32530 - Fix Geo replication for design thumbnails. !32703 - Fix 404s downloading build artifacts. !32741 - Fix Auto DevOps manual rollout jobs not being allowed to fail. !32865 - Update deprecated routes in irker integration. !32923 (Marc Jeanmougin) - Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062 - Fix issue and MR API performance regression when Markdown cache is stale. !33235 - Fix close issue when user created the issue. !33294 ## 13.0.1 (2020-05-27) ### Security (12 changes) - Add an extra validation to Static Site Editor payload. - Hide EKS secret key in admin integrations settings. - Added data integrity check before updating a deploy key. - Display only verified emails on notifications and profile page. - Require confirmed email address for GitLab OAuth authentication. - Kubernetes cluster details page no longer exposes Service Token. - Fix confirming unverified emails with soft email confirmation flow enabled. - Disallow user to control PUT request using mermaid markdown in issue description. - Check forked project permissions before allowing fork. - Limit memory footprint of a command that generates ZIP artifacts metadata. - Fix file enuming using Group Import. - Prevent XSS in the monitoring dashboard. ## 13.0.0 (2020-05-22) ### Removed (20 changes, 5 of them are from the community) - Remove project routes that were deprecated before 12.1. !26808 - Drop x-y-stable version pinning for Secure templates. !29603 - Remove logs from the admin pages. !30485 - Remove deprecated /admin/application_settings redirect. !30532 - Drop support for License-Management CI template. !30645 - Remove deprecated InfluxDB. !30786 - Remove deprecated Release Evidence endpoints. !30975 - Remove deprecated Release Evidence endpoints documentation. !30978 - Drop support for `license_management` artifact. !31247 - Remove deprecated container scanning report parser. !31294 - Remove rake task `gitlab:track_deployment`. !31404 - Remove token attribute from Runners API. !31448 - Remove support for Ruby format variable interpolation (`%{variable}`) in custom dashboards. !31581 - Remove JenkinsDeprecatedService. !31607 (tnwx) - Remove ruby_memory_bytes metric, duplicate of ruby_process_resident_memory_bytes. !31705 - Remove project_list_show_mr_count feature flag. !31789 (Gilang Gumilar) - Remove project_list_show_issue_count feature flag. !31793 (Gilang Gumilar) - Remove set_user_last_activity feature flag. !31795 (Gilang Gumilar) - Remove registrations_recaptcha feature flag. !31797 (Gilang Gumilar) - Remove deprecated Sidekiq rake tasks. ### Fixed (171 changes, 54 of them are from the community) - Allow public access to pipeline schedules. !20806 (Lee Tickett) - Add user last_activity logging in GraphQL. !23063 - Render TestReport parsing errors back to pipeline test summary. !24188 - Add user popovers to system notes. !24241 - Fix missing RSS feed events. !28054 - Resolve Text for future Release date grammatically incorrect. !28075 - Fix number of approvals given calculation. !28293 (Steffen Köhler) - Always display new subgroup button when permission is granted. !28309 (Mattias Michaux) - Correct the permission according to docs. !28657 - Fix duplicated activity and events on deletion of tag. !28861 (Sashi Kumar) - Fix init.d script to correctly set web server PID. !29164 - Honor per_page in Search API. !29197 - fix: use the source project to generate commit links for un-persisted merge requests. !29243 (Chieh-Min Wang) - Fix display of some overflowing merge request diffs. !29267 - Move prepend to last line in helper files. !29327 (Rajendra Kadam) - Prevent duplicate tooltips when hovering over status emoji in comments. !29356 - Update Elastic Stack chart to 2.0.0 to support kubernetes 1.16. !29601 - Fix minor spacing issue at Snippet blob viewer. !29625 (Karthick Venkatesan) - Eliminate errors in wiki controller during edit. !29645 - Fixed copy as GFM not copying upload links. !29683 - Bump max search depth from 2 to 4 when looking for files SAST analyzers can handle. !29732 - Move snippet raw_url attribute to base entity. !29776 - Return content from repo in snippet raw endpoint. !29781 - Return file name from repo in snippet endpoints. !29785 - Propagation of service templates also covers services with separate data tables. !29805 - Fix bug in personal snippets when somebody is mentioned. !29835 (Sashi Kumar) - Embed metrics charts for both /metrics and /metrics_dashboard routes. !29838 - Fix admin mode access on GraphiQL controller. !29845 (Diego Louzán) - Exclude html entities from haml lint. !29847 (Lee Tickett) - Fixed JS error for anonymous views of a snippet. !29854 - Destroy Dropzone hidden input when form is destroyed. !29882 - Move prepend to last line in lib/gitlab files. !29938 (Rajendra) - Match Jira keys with trailing characters. !29953 - Fixed Cancel action on Snippet edit for existing snippets. !29993 - Warn user before losing wiki content. !30037 - Move prepend to last line in lib/gitlab files. !30070 (Rajendra Kadam) - Fix an issue where the Search dropdown results would not be clickable. !30087 (mbergeron) - Capture all errors when updating repository storage. !30119 - Move alert management behind a feature flag. !30133 - Fix bug when services appear active even though they are not. !30160 - Fix moving an issue when there is a group reference. !30185 - Move prepend to last line in lib/gitlab files. !30194 (Rajendra Kadam) - Move prepend to last line in lib/gitlab files. !30289 (Rajendra Kadam) - Move prepend to last line in lib/gitlab files. !30291 (Rajendra Kadam) - Set NULL `lock_version` values to 0 for CI objects. !30305 - Fix errors creating project with active Prometheus service template. !30340 - Add Activity icons for Wiki updated and destroyed events. !30349 - Gracefully handle orphaned member invites. !30355 - Fix incorrect commits number in commits list. !30412 - Fix second 500 error with NULL restricted visibility levels. !30414 - Move prepend to last line in ee/services. !30425 (Rajendra Kadam) - Add LFS badge feature flag to RefsController#logs_tree. !30442 - Fix mirror repos docs link. !30443 - Added right margin to Clone Snippet button. !30471 - Fix blob link for the code search. !30473 - Use Jira import owner as the issue author when importing issues from Jira. !30504 - Correctly count wiki pages in sidebar. !30508 - Stretch heatmap metrics full column size. !30524 - Upgrade Unicorn to v5.5.1. !30541 - Avoid copying diffs as Markdown tables. !30572 - Fixes overlapping tooltips when clicking copy buttons. !30622 - Fix 500 error for non-existing snippet on graphql mutations. !30632 (Sashi Kumar) - Change validation rules for profile email addresses. !30633 - Set timeout for Google OAuth to prevent 503 error. !30653 - Remove extra sleep when obtaining exclusive lease. !30654 - Fix GitLab CI/CD Scala template. !30667 - Fix checkmark position on dropdowns. !30685 - Remove Visibility from terraform widget. !30737 - Use migration bot user in snippet migration. !30762 - Fix discard button not showing for new empty files in Web IDE. !30767 - Disable schema dumping after migrations in production. !30812 - Fix mapping group membets as Jira issues authors/assignees. !30820 - Align styling of snippet search results. !30837 - Move daily create users statistics cronjob to CE. !30843 - Fixed alignment of Snippet Clone copy buttons. !30897 - Increase constrast ratio of text in some tables. !30903 - Ignore .gitattributes if they contain invalid byte sequences. !30922 - Fix bug in Snippet BlobViewer GraphQL definition. !30927 - Fix layout in issue view, on large screen some buttons were misaligned. !30947 (Michele (macno) Azzolari) - Fix error renaming files using web IDE. !30969 - Handle Snippet file name errors in backfill. !30981 - Correctly track the store that external MR diffs are placed on. !31005 - Fix duplicate index removal on ci_pipelines.project_id. !31043 - Update recursive-open-struct to 1.1.1 to make it compatible with ruby 2.7. !31047 - Revert CODEOWNERS validation of Web requests in diff check. !31087 - Wrap wiki blob search result in its own object. !31155 - Allow multiple usage of EE extension/inclusion on last lines. !31183 (Rajendra Kadam) - Fix 500 error loading environments index. !31184 - Fix 500 on creating an invalid domains and verification. !31190 - Fix redirect loop on .com when 2FA is required. !31229 - Fix regression and allow SCIM to create SAML identity. !31238 - Fix incorrect number of errors returned when querying sentry errors. !31252 - Fix RST rendering hanging on large files. !31287 - Trim whitespace in directory names in the Web IDE. !31305 - Fix 'not enough data' in Value Stream Analytics when low median values are returned. !31315 - Add tooltip to container registry tags last update column. !31317 - Fix Istio broken Istio metrics installation. !31382 - Link to subgroup milestones correctly from group milestones page. !31383 - Remove kwargs from storage move worker. !31412 - Make edit board text sentence case. !31418 - Katex render and vscode output improvements for markdown. !31433 (Reinhold Gschweicher ) - Fix overwrite check in GitLab import/export. !31439 - Fix API requests for branch names ending in .txt. !31446 (Daniel Stone) - Avoid repository size checkings in snippet migrations for migration bot. !31473 - Use iso 8601 timestamp format in metrics dashboard annotations graphql resource to assure multi browser compatibility. !31474 - In WebIDE get files with relative path instead of web_url. !31478 - Fix snippet migration when user has invalid info. !31488 - Add elipsis to container registry tag name. !31584 - Add instance column to services table if it's missing. !31631 - Fix issue with broken images in Web IDE markdown. !31638 - Fixes bug where variables were not protected by default when using the correct CI/CD admin setting. !31655 - Decode dashboard_path when creating annotations. !31665 - Fix "how to checkout MR" help link. !31688 - Fixed redirection when deleting a project snippet. !31709 - Fix templates API endpoint when project name has dots. !31758 - Remove detection of file in Dependency Scanning template. !31819 - Move prepend to last line in app models. !31826 (Rajendra Kadam) - Move prepend to last line in app models 2. !31827 (Rajendra Kadam) - Move prepend to last line in app models 3. !31829 (Rajendra Kadam) - Move include_if_ee to last line in ee/app 1. !31832 (Rajendra Kadam) - Restore original sort order of the metrics dashboard select list. !31859 - Fix Snippet update error bug losing changes. !31873 - Replace the outdated link. !31874 (Renamoo) - Replace let! with let_it_be in user api spec. !31901 (Rajendra Kadam) - Replace let! with let_it_be in merge request spec. !31909 (Rajendra Kadam) - angelog Replace let! with let_it_be in pipelines spec. !31916 (Rajendra Kadam) - Fix public metrics dashboard visibility bug. !31925 - Add nested file detection for Dependency Scanning. !31932 - Add class stubs and fix leaky constant cop alert. !31938 (Rajendra Kadam) - Add class stubs and fix leaky constant alert in content whitelist spec. !31946 (Rajendra Kadam) - Fix broken heading of Vue 3 migration guide doc. !31951 (Gilang Gumilar) - Add class stubs and fix leaky constant alert in query recorder spec. !31954 (Rajendra Kadam) - Fix no scroll when overflow in IDE right pane. !31961 - Fix leaky constant cop issue in clone dashboard service spec. !31962 (Rajendra Kadam) - Stub class constant in resolve discussion spec. !31965 (Rajendra Kadam) - Fix leaky constant issue in upgrade progress service check. !31969 (Rajendra Kadam) - Clear merge request error on push to source branch. !32001 - Allow only users with `adminNote` permission to edit the design note. !32035 - Fix leaky constant issue in retry build service check. !32038 (Rajendra Kadam) - Fix leaky constant issue in env assignment spec. !32040 (Rajendra Kadam) - Fix leaky constant issue in statistics api spec. !32042 (Rajendra Kadam) - Fix leaky constant issue in merge request policy spec. !32044 (Rajendra Kadam) - Fix leaky constant issue in tree spec. !32045 (Rajendra Kadam) - Fix leaky constant issue in mentionable spec. !32049 (Rajendra Kadam) - Fix leaky constant issue in json serialization spec. !32051 (Rajendra Kadam) - Fix leaky constant issue in cluster spec. !32053 (Rajendra Kadam) - Fix bug in Groups API when statistics are requested in an unauthenticated API call. !32057 - Fix leaky constant issue in nulls pt2 spec. !32058 (Rajendra Kadam) - Fix leaky constant issue in application settings encrypt spec. !32066 (Rajendra Kadam) - Fix leaky constant issue in system check spec. !32080 (Rajendra Kadam) - Fix leaky constant issue in simple executor spec. !32082 (Rajendra Kadam) - Fix leaky constant issue in jwt spec. !32093 (Rajendra Kadam) - Update android template. !32096 - Fix leaky constant issue in factory spec. !32099 (Rajendra Kadam) - Fix leaky constant issue in sidekiq middleware spec. !32101 (Rajendra Kadam) - Fix leaky constant issue connection, master check and attr config spec. !32144 (Rajendra Kadam) - Fix updating of Markdown fields when Markdown cache version is incremented. !32219 - Fix incorrect regex used in FileUploader#extract_dynamic_path. !32271 - Improve responses in the snippet create/update API endpoints. !32282 - Send Devise emails triggered from the 'Email' model asynchronously. !32286 - Re-enable negative filters for Boards. !32348 - Fix missing space character in alert header. !32395 - Fix display of embedded snippets. !32411 (Jan Beckmann) - Fixed redirection to project snippets. !32530 - Rake task gitlab:cleanup:orphan_lfs_files should clear the cached value or repository size. !32541 - Fixed enabled merge button incorrectly showing to users who can't merge. - Fixed misaligned avatar in commit discussion form. - Fixed cancel reply button not alerting the user. - Fixes commit message emojis not rendering in Vue file list. - Fix logging of username in /jwt/auth. - Fixes branch name not getting escaped correctly on frontend. ### Deprecated (2 changes) - Deprecate /plugins directory. !29678 - Implement external database checker in dashboard controller. !30389 ### Changed (121 changes, 42 of them are from the community) - Support limits for offset based pagination. !28460 - Redirect issues routes under /-/ scope. !28655 - Add Fluentd into cluster apps page. !28847 - Disallow developers to delete builds of protected branches. !28881 (Alexander Kutelev) - Store status of repository storage moves. !29095 - Update the example regex in the image expiration policy UI. !29348 - Add WAF and Cilium Log column for Fluentd table. !29457 - Update Fluentd model to support multiple logs. !29458 - Add Cilium to Fluentd UI controls on the Cluster Application page. !29511 - Use alerts instead of toasts in Image Repository details. !29685 - Avoid commit when snippet file_name and content are not present. !29761 - Recreate foreign key in project settings to use nullify instead of cascade. !29767 - Surface alerts add sidebar link. !29775 - Make setting alerts on the monitoring dashboard available to GitLab Core users. !29789 - Keep latest artifact for each ref. !29802 - Change placeholder in search input for Analytics features. !29858 (Gilang Gumilar) - Test Jira connection before running import. !29926 - Remove snippet file_name from snippet lists. !29937 - Add new keep regex to expiration policy settings ui. !29940 - Alert management can user enable. !30024 - Expose the updated_at attribute in the todos API. !30035 - Update GitLab-managed helm from 2.16.3 to 2.16.6, improving the reliability of GitLab's Kubernetes integration. !30067 - Show correct label and count on Jira import form. !30072 - Copy pipelines routing under - scope. !30159 - Return validation errors for invalid pod name or container name when viewing pod logs. !30165 (Sashi Kumar) - Move global autocomplete routes to /-/ scope. !30173 - Update the cancel comment note text to a less ambiguous statement. !30189 - Use stricter regex for broadcast target path. !30210 - Change wording of merge request threads counter. !30217 - Indicate topics are optional. !30264 (Ben Bodenmiller) - Rename Client Side Evaluation to Live Preview. !30309 - Decouple partial clone config from max input size. !30354 (Son Luong Ngoc) - Update managed jupyter chart to 0.9.0 (stable). !30393 - Hide broadcast messages until the end of the period. !30432 - Add severity icons for alert management. !30472 - Move to supported Elastic helm charts. !30528 - Updated snippet view to show path instead of name for a blob. !30550 - Handle possible RSA key exceptions when generating CI_JOB_JWT. !30702 - Update sidebar packages name. !30712 - Update cron job schedule to have a random time generated on page load. !30729 - Migrate Container-Scanning template to rules syntax. !30775 - Migrate DAST CI template to rules syntax. !30776 - Migrate License-Scanning CI template to rules syntax. !30784 - Code review analytics: Change margin between title and description. !30834 - Productivity Analytics: Remove separator and cleanup title margins. !30839 - Move Auto DevOps Test.gitlab-ci.yml template to rules syntax instead of only/except. !30876 - Change Var to Variable text. !30878 - Move Build.gitlab-ci.yml to `rules` syntax. !30895 - Move Code-Quality.gitlab-ci.yml to `rules` syntax. !30896 - Migrate Dependency-Scanning CI template to rules syntax. !30907 - Apply shared integrations view to project level. !30971 - Exposes description, hosts, details, and timestamps for Alert Management Alert GraphQL. !31091 - Update the example regex in the image expiration policy UI. !31104 - Add clear explanation to the MR widget when no CI is available and Pipeline must succeed option is activated. !31112 - Migrate SAST CI template to rules syntax. !31127 - Update style of buttons on the Releases page. !31129 (Özgür Adem Işıklı @iozguradem) - Changed test success calculation to exclude skipped tests. !31154 - app:gitlab:check rake task now warns when projects are not in hashed storage. !31172 - Moves embedded metrics for Prometheus alerts to Core. !31203 - Move Deploy.gitlab-ci.yml to `rules` syntax. !31290 - Modify Snippet git path errors to be more helpful. !31333 - Move Browser-Perfomance-Testing.gitlab-ci.yml to `rules` syntax. !31413 - Use gsub instead of the Liquid gem for variable substitution in the Prometheus proxy API. !31482 - Changed terminology of security scanner status from configure to enable. !31503 - Update auto-deploy-image to v0.14.0 with helm 2.16.6, --atomic deployments and improved kubernetes 1.16 support. !31505 - Add ability to add or remove MR labels via API. !31522 (Lee Tickett) - Disable Docker-in-Docker for Dependency Scanning by default. !31588 - Disable Docker-in-Docker for SAST by default. !31589 - Add migration to import changes to the system dashboard Prometheus queries into DB. !31618 - Ensure links generated by the copy link feature contain variables. !31636 - Migrate from Vue event hub to Mitt in issuables list. !31652 (Arun Kumar Mohan) - URL params in the monitoring dashboard update variable values defined in yml file. !31662 - Migrate from Vue event hub to Mitt. !31666 (Arun Kumar Mohan) - Add prefix to template variables in URL in the monitoring dashboard. !31690 - Add fields to GraphQL snippet blob type. !31710 - Make protected_ci_variables setting enabled by default. !31715 - Prepare group import feature to use ndjson. !31741 - Prepare group export feature to use ndjson. !31742 - Remove a lonely dot in Batch Comments. !31783 (Gilang Gumilar) - Update auto-deploy-image to v0.15.0, with an upgraded PostgreSQL chart used by default for Auto DevOps deployments. !31799 - Force hashed storage to always be enabled. !31801 - Add alert counts by status to GraphQL API. !31818 - Show warning message to user if raw text search is used when filtering pipelines. !31942 - Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/delete_milestone_modal.vue. !31990 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/confidential_merge_request/components/dropdown.vue. !31999 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/diffs/components/diff_discussions.vue. !32004 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/boards/components/board_form.vue. !32005 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/repository/components/breadcrumbs.vue. !32017 (Gilang Gumilar) - Externalize i18n strings from ./app/views/users/calendar_activities.html.haml. !32094 (Gilang Gumilar) - Externalize i18n strings from ./app/views/users/_deletion_guidance.html.haml. !32097 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_ref_dropdown.html.haml. !32102 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_recaptcha_form.html.haml. !32106 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_project_limit.html.haml. !32110 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_personal_access_tokens_table.html.haml. !32116 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_milestones_filter.html.haml. !32120 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_milestone_expired.html.haml. !32121 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_label_row.html.haml. !32124 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_group_tips.html.haml. !32127 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_group_form.html.haml. !32132 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_field.html.haml. !32136 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_delete_label_modal.html.haml. !32138 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/_commit_message_container.html.haml. !32139 (Gilang Gumilar) - Externalize i18n aria-label strings from ./app/views/shared/*. !32142 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_top.html.haml. !32148 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_milestone.html.haml. !32154 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_merge_requests_tab.haml. !32158 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_labels_tab.html.haml. !32159 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_issues_tab.html.haml. !32160 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/milestones/_issuable.html.haml. !32161 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/issuable/_sidebar.html.haml. !32164 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/issuable/_nav.html.haml. !32165 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/issuable/_label_*. !32167 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_report_toggle.html.haml. !32168 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_button.html.haml. !32172 (Gilang Gumilar) - Externalize i18n strings from ./app/views/shared/issuable/_bulk_update_sidebar.html.haml. !32173 (Gilang Gumilar) - Add files param to snippet create mutation. !32309 - Cluster index refactor: Add missing pagination. !32338 - Refactored render errors for blob to Vue. !32345 - Format the alert payload into a table view. !32423 - Add presence validation to content and title in snippet rest endpoints. !32522 - Fix jump to definition linking to same file opening a new tab. ### Performance (15 changes, 2 of them are from the community) - Speed up NOT Issue filters. !27639 - Add indexes on ingress, enabled clusters and successful deployments. !28331 - Add clusters index to improve usage data queries. !28626 - Uses Kubernetes API conventions to create or update a resource leandrogs. !29010 (Leandro Silva) - Cache TreeSummary response for logs_tree. !29828 - Move release notification from model callbacks to service. !29853 (Ravishankar) - Delete orphaned rows in application_settings table. !29981 - Improve cacheability of monaco-editor code. !30032 - Project import queries are now partially batched. !30057 - Upgrade json gem to 2.3.0. !30852 - Use process-wide cache for application settings and performance bar. !31135 - Record usage ping finish time. !31222 - Use NOT VALID to enforce a not null constraint on file store columns. !31261 - Enable ref name caching for merge request diffs. !31530 - Skip mergeability check when listing MRs in the API. !31890 ### Added (146 changes, 13 of them are from the community) - Graphql query for issues can now be sorted by priority. !18901 - Add test report API route. !24648 - Add GraphQL support for querying a board's lists. !24812 - Define remove_label quick action as alias of unlabel. !24962 (Jacopo Beschi @jacopo-beschi) - Create Wiki activity events on pushes to Wiki git repository. !26624 - Allow users to download a CSV of the recent daily code coverage values per job. !27094 - Display x509 signed tags. !27211 (Roger Meier) - Enabling git versioned snippets. !27705 - Add option to hide the default "thumbs up" and "thumbs down" buttons on issues, merge requests, and snippets. !27734 (Steve Mokris) - Add sorting issues by label priority to graphQL endpoint. !27936 - Add certification revocation list download and certificate revoke. !28336 (Roger Meier) - Add WebIDE Dark Theme Support. !28407 - Add secure binaries template. !28566 - LDAP authentication support for admin mode. !28572 (Diego Louzán) - Add UI for exporting group data to the group settings. !28573 - Allow to assign milestones to a release on the "Edit Release page". !28583 - Add Previous and Next buttons for commit-by-commit navigation. !28596 - Add the global var SECURE_ANALYZERS_PREFIX. !28617 - Allow users to retry obtaining Let's Encrypt certificates for GitLab Pages. !28784 - Add support for cluster applications CI artifact report. !28866 - Add resource_state_events table. !28926 - Migration to add partitioned_foreign_keys table that tracks foreign keys for partitioned tables. !29064 - Collect object store config in usage data. !29149 - Add freeze period model. !29162 - Moved issue board focus mode to Core and available for for everyone. !29200 - Add freeze periods via CI_DEPLOY_FREEZE variable. !29244 - Add intermediate CAs capability to S/MIME email signature. !29352 (Diego Louzán) - Add responding to ChatOps jobs triggered in Mattermost. !29366 (Brian Kintz) - Expose Freeze Periods in REST API. !29382 - Add read/write_package_registry to deploy_tokens. !29383 - Add public API for feature flag user lists. !29415 - Create cluster annotations API endpoint. !29502 - Add ability to change metrics dashboard visibility. !29634 - Add percentage of actors feature flag rollout. !29698 - Add metric dashboard public visibility toggle. !29718 - Route to feature flags based on internal id. !29740 - Send email notification for unknown sign-ins. !29741 - Add search by name to registry image repositories. !29763 - Surface alerts add empty state. !29775 - Enable uploadpack filters by default. !29787 - Select the first option if there is only one metric option on alerts dropdown. !29857 (Gilang Gumilar) - Add table for Alert Management alerts. !29864 - Add policies for managing 'default_branch_protection' setting in groups. !29879 - Add comment_detail column to services. !29891 - Add option to add custom profile image guidelines. !29894 (Roger Meier) - View a details of a panel in 'full screen mode'. !29902 - Add database relation to preserve users starred metrics dashboard information. !29912 - Add jira imports to usage data. !29925 - Add issues_create_limit to settings api. !29960 - Map labels from Jira to labels in GitLab. !29970 - Add Deployment to ECS process to AutoDevOps. !29971 - GraphQL issue queries can now be sorted by milestone due date. !29992 - Add table for tracking issues published to status page. !29994 - Create Sprints table and barebones model. !30125 - When viewing a single panel, return to a full dashboard by pressing the Escape key. !30126 - Flesh out Sprints relationships and constraints. !30127 - Add GraphQL type for reading Alert Management Alerts. !30140 - Add ability to query Projects using GraphQL API. !30146 - Add `web_url` to branch API response. !30147 - Fix Jira importer URLs. !30155 - Add migrations for global CI variables. !30156 - Add vue routes support to Static Site Editor. !30163 - Integrate CI instance variables in the build process. !30186 - Add raw_blob_request_limit to Application Settings API. !30211 - Empty state for alerts list. !30215 - Create operations_strategies_user_lists table. !30243 - Adds URL parameter for confidential new issue creation. !30250 - Update Jira comment to include more information. !30258 - Add scheduled_at field to jira_imports table. !30284 - Alerts list loading & error state. !30315 - Deploy token authentication for API with Maven endpoints. !30332 - Add metrics dashboard annotations feature, which enables marking interesting events over metrics dashboard charts. !30371 - Add non_archived argument to issues API endpoint. !30381 - Add admin controller actions for interacting with instance variables. !30385 - Add mutation to create a new branch in GraphQL. !30388 - Introduce API for fetching shared projects in a group. !30461 - Display expanded dashboard from a panel's "Link to chart" URL. !30476 - Resolve Design Comment: Edit Comment text. !30479 - Map Jira issue assignee and author. !30498 - Add email notification on group export complete. !30522 - Add option to restrict emails that match a configured regular expression. !30548 - In metrics dashboard use custom variables from URL in queries. !30560 - Add mutation for AlertManagement's Alert status. !30576 - Multiple metrics edit navigates to prom edit page. !30666 - Update metrics dashboard url when a panel is expanded or contracted. !30704 - Add migration bot user. !30738 - Issues Analytics: Add title to page. !30836 - Contribution Analytics: Add title to page. !30842 - Insights Analytics: Add title to page. !30853 - Repository Analytics: Add title to page. !30855 - CI / CD Analytics: Add title to page. !30891 - Enable Monaco for editing Snippets by default. !30892 - Disabled Edit button for binary snippets. !30904 - Monokai and Solarized Dark syntax highlighting theme for Web IDE. !30931 - Updated deprecated buttons in release page. !30941 (Özgür Adem Işıklı @iozguradem) - Add sorting to AlertManagement Alert Graphql. !30964 - Web IDE: Introduce syntax highlighting for .vue files. !30986 - Solarized light syntax highlighting theme for the Web IDE. !30989 - Deploy tokens can be used in the API with Basic Auth Headers enabling NuGet and PyPI to be used with deploy tokens. !31035 - Skip spam check for GitLab team members on gitlab.com. !31052 - None syntax highlighting theme for Web IDE. !31056 - Issues Analytics: Add title to group-level page. !31057 - Display metrics dashboards starred by user at the top of dashboard select field. !31059 - Add WYSIWYG editor to the Static Site Editor. !31099 - Conan registry is accessible using deploy tokens. !31114 - Add container registry settings to application_settings table. !31125 - Added provider icon to cluster index display. !31134 - Add a CI variable CI_KUBERNETES_ACTIVE as an alternative to only:kubernetes/except:kubernetes that works with the rules syntax. !31146 - Enable Alert Management functionality. !31171 - Allow monitoring dashboard users to open single panels in a new tab. !31206 - Create dashboard annotations via Graphql. !31249 - Enable deploy token authentication for the NPM registry. !31264 - Add read and write package registry scopes to deploy tokens. !31267 - Read only storage move API. !31285 - Add Design Management (via Designs tab on Issues) to GitLab FOSS. !31309 - Exposes issue IID in Alert Management Alert's GraphQL endpoint. !31313 - New API endpoint for starring metrics dashboards. !31316 - Add search bar to container registry image list. !31322 - Highlight focused Design discussion in image markers. !31323 - Allow showing merge request diffs compared to current version of target branch. !31325 - Add alert on project issues page to show Jira import is in progress. !31329 - Add API CRUD actions for instance-level CI/CD variables. !31342 - Add alert on project issues page to show Jira import has finished. !31375 - Filter pipelines by trigger author and branch name. !31386 - Add incident_labeled_issues to usage ping. !31406 - Refactored Snippet view to Vue. !31450 - Make report-type artifacts available for download. !31513 - Render dropdown and text elements based on variables defined in monitoring dashboard yml file. !31524 - Add expunge deleted messages option to mailroom. !31531 (Diego Louzán) - Log Cloudflare request headers. !31532 - Allow Web IDE markdown to preview uncommitted images. !31540 - Add Webex Teams project integration service. !31543 (Sebastian Leuser) - Add Rubocop cop to flag keyword arguments usage in Sidekiq workers. !31551 (Arun Kumar Mohan) - Allow users to star/unstar dashboards which will appear at the top of their dashboards options. !31597 - Add ability to create merge request from vulnerability page. !31620 - Add confidential status support for comment and replies. !31622 - Add Web IDE pipelines usage counter. !31658 - Ruby metrics now include USS and PSS memory readings. !31707 - Add issues_created_gitlab_alerts to usage ping. !31802 - Add Alert Detail view. !31877 - New API endpoint for removing stars from metrics dashboards. !31892 - View raw file of any zip artifacts. !31912 - Add search to Alert Management Alerts GraphQL query. !32047 - Add "Keep divergent refs" option for push mirrors. !32381 - Add fields to Alert Details view. !32392 - Update GitLab Pages to 1.18.0. ### Other (70 changes, 25 of them are from the community) - Remove Admin -> Settings -> Geo navigation. !21005 (Lee Tickett) - removes store logic from issue board models. !21400 (nuwe1) - removes store logic from issue board models. !21408 (nuwe1) - Moves updateIssue from issue model to board store. !21414 (nuwe1) - Improve error handling of squash and rebase. !23740 - Remove obsolete bot_type column. !27076 - Remove obsolete columns from resource_milestone_events. !28536 - Add index to issue_id and created_at of resource_weight_events. !28930 - Clean up & Re-arrange the keyboard shortcuts modal. !28992 - Remove ci_expose_arbitrary_artifacts_in_mr feature flag. !29363 (Lee Tickett) - Remove git_archive_path feature flag. !29369 (Lee Tickett) - Rename Snippet search results title. !29599 - Update to Rails 6.0.2.2. !29743 - Log server responses of API bad requests in api_json.log. !29839 - Clean up refresh fix for cancel automatic merge. !29844 - Add snippet repository backfilling migration. !29927 - Remove the SIDEKIQ_REQUEST_STORE configuration. !29955 - Increase label list label column width. !29963 - Refactor count queries to single query on Projects::EnvironmentsController. !30073 (Sashi Kumar) - Update text on self-managed sign in page. !30135 - Remove namespaces.plan_id column. !30351 - Migrate models and policies specs to consider admin mode. !30430 (Diego Louzán) - Upgrade Nokogiri to v1.10.9. !30435 - Add snippet migration rake tasks. !30489 - Error tracking target blank empty state. !30525 - Remove elasticsearch_experimental_indexer column. !30628 - Update the template for Static Site Editor / Middleman. !30642 - Remove unused cluster configuration workers. !30695 - Remove deprecated Snippet `code` attribute from Project Snippets API. !30739 - Update merge request widget question mark icons. !30759 - Value Stream Analytics: Add title and remove separator. !30841 - Remove mention of github-markup in Wiki clone help. !30962 - Alert Management mobile styling. !31082 - Allow Auto DevOps Test stage to start immediately. !31185 - Enable async_merge_request_check_mergeability by default. !31196 - Cleanup background migration for populating user_highest_roles table. !31218 - Add docs for alert management list. !31225 - Remove extra spaces from markdown toolbar items. !31288 - Use cookies with metadata to prevent reuse as another cookie. !31311 - Add inherit_from_id column to services table. !31320 - Organize package models by package type. !31346 (Sashi Kumar) - Apply active class on active link element in HAML pagination. !31396 - Update GitLab Runner Helm Chart to 0.16.1. !31492 - Log when container registry permissions are denied. !31536 - Add epic_id to resource_state_events. !31587 - Update doorkeeper to latest version 5.0.3. !31673 - Add Foreign Key on projects.namespaces_id. !31675 - Fix misalignment of author dropdown on the commits search page. !31686 - Update css-loader ^1.0.0 -> ^2.1.1. !31743 (Pirate Praveen) - Fix database schema inconsistency with not-null checks. !31930 - Removes create_confidential_merge_request feature flag leandrogs. !31968 (Leandro Silva) - Update deprecated slot syntax in ./app/assets/javascripts/issue_show/components/fields/description.vue. !31979 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue. !31980 (Gilang Gumilar) - Update group and project export info messages. !31981 (briankabiro) - Relocate Nuget presenter helpers to presenters module. !31985 (Sashi Kumar) - Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue. !31992 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/performance_bar/components/detailed_metric.vue. !32006 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/profile/account/components/delete_account_modal.vue. !32007 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/environments/components/stop_environment_modal.vue. !32012 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/serverless/components/area.vue. !32015 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/releases/components/app_edit.vue. !32018 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/releases/components/evidence_block.vue. !32019 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/ide/components/ide_review.vue. !32025 (Gilang Gumilar) - Update deprecated slot syntax in ./app/assets/javascripts/ide/components/pipelines/list.vue. !32027 (Gilang Gumilar) - Update alert management table background colour to correct gray. !32068 - Validate package types in package metadatum models. !32091 (Sashi Kumar) - Update error tracking table background colour to correct gray. !32133 - Update GitLab Elasticsearch Indexer to v2.3.0. !32199 - Update asciidoctor-plantuml gem to v0.0.12. !32376 - Use visitUrl in Alert management. !32414 ## 12.10.14 through 12.0.0 - See [changelogs/archive-12.md](changelogs/archive-12.md) ## 11.11.8 through 11.0.0 - See [changelogs/archive-11.md](changelogs/archive-11.md) ## 10.8.6 through 10.0.0 - See [changelogs/archive-10.md](changelogs/archive-10.md) ## 9.5.10 through 0.8.0 - See [changelogs/archive.md](changelogs/archive.md)