debian-mirror-gitlab/CHANGELOG.md

**Note:** This file is automatically generated. Please see the [developer
documentation](doc/development/changelog.md) for instructions on adding your own
entry.

## 13.7.7 (2021-02-11)

### Security (9 changes)

- Cancel running and pending jobs when a project is deleted. !1220
- Prevent Denial of Service Attack on gitlab-shell.
- Prevent exposure of confidential issue titles in file browser.
- Updates authorization for linting API.
- Check user access on API merge request read actions.
- Limit daily invitations to groups and projects.
- Enforce the analytics enabled project setting for project-level analytics features.
- Perform SSL verification for FortiTokenCloud Integration.
- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP.


## 13.7.6 (2021-02-01)

### Security (5 changes)

- Filter sensitive GraphQL variables from logs.
- Avoid exposing release links when the user cannot read git-tag/repository.
- Sanitize target branch on MR page.
- Fix DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting.
- Add routes for unmatched url for not-get requests.


## 13.7.5 (2021-01-25)

### Fixed (2 changes, 1 of them is from the community)

- New project guidelines are no longer displayed. !50736 (Roger Meier)
- Fix LFS not working with S3 specific-storage settings. !52296


## 13.7.4 (2021-01-13)

### Security (1 change)

- Deny implicit flow for confidential apps.


## 13.7.3 (2021-01-08)

### Fixed (7 changes)

- Fix Canary Ingress weight is not reflected on UI immediately. !50246
- Change pages deployments size to bigint. !50262
- Fix viewing container repositories with tags with corrupted manifest. !50362
- Fix the graphQL type for container repository tags. !50419
- Fix(eetrialbanner): fix EE trial banner to allow dismiss. !50436
- Update Helm 2 version to 2.17.0. !50547
- Fix project access token regression. !50800


## 13.7.2 (2021-01-07)

### Security (7 changes)

- Forbid public cache for private repos.
- Deny implicit flow for confidential apps.
- Update NuGet regular expression to protect against ReDoS.
- Fix regular expression backtracking issue in package name validation.
- Fix stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages.
- Update trusted OAuth applications to set them as confidential.
- Upgrade Workhorse to 8.58.2.


## 13.7.1 (2020-12-23)

### Fixed (1 change)

- Fix project transfer corrupting shared runners state. !47316


## 13.7.0 (2020-12-22)

### Security (1 change)

- Fix regular expression backtracking issue in custom emoji name validation.

### Removed (2 changes, 1 of them is from the community)

- Remove Google Code importer. !48139 (Getulio Valentin Sánchez)
- Remove release notes from Tags page. !49979

### Fixed (109 changes, 7 of them are from the community)

- Update user mentions when markdown columns are directly saved to DB. !38034
- Retain spinner when applying MR suggestions. !46203
- Skipped jobs no longer trigger a cancelled deployment. !46614 (David Barr @davebarr)
- Catch wiki timeouts when rendering pages. !46627
- Fix single file snippets display for Geo secondary sites. !46812
- Fix Jira Connect styles not loaded when startup_css is enabled. !47043
- Add migration that updated users that don't need to have 2fa established. !47193
- Fix project integration form validation when integration is inactive. !47201
- Fix project access token build authentication error. !47247
- Support S3 server side encryption in CI cloud native job logs. !47536
- Fix repository clone panel for wikis. !47676
- Hide Mark as draft button in a merged MR even on mobile. !47678 (Takuya Noguchi)
- Eliminate N+1 performance issues in MergeRequest.pipelines in GraphQL API. !47784
- Add cascade delete foreign key to web_hooks on service_id without validation. !47821
- Implement passing dotenv variables to bridge jobs. !47905
- Allow canceling all pipelines with auto-cancel. !47906
- Fix error in Issuable::ImportCsv::BaseService when CSV file is empty. !47918
- Fixed editing labels on the swimlanes sidebar. !47946
- Scroll exactly to the top of a discussion on the MR Overview tab. !47970
- Search page: fix empty results status. !48034
- Move fuzz license check to .pre stage. !48076
- Add link in Access Request API. !48081 (jimcser)
- Add gitlab:db:active task. !48083
- Fix overscroll for MR diffs in mobile view. !48091
- Fix incorrect line height in file header. !48117
- Repopulate historical vulnerability statistics. !48128
- Fixed image diff comments positioning. !48132
- Manually trigger pipelines correctly when branches and tags have the same name. Separate tags and branches in trigger pipeline form. !48142
- Allow failure for Secret Detection job. !48152
- Change services.inherit_from_id foreign key to ON DELETE CASCADE. !48163
- Avoid exception when validating diff_note support. !48187
- Avoid invalid notes on Project Import. !48189
- Update alert setting form to handle JSON payload submit when mapping builder is not enabled. !48231
- Adds id desc to index_ci_builds_on_runner_id_and_id_desc. !48241
- Adds type="button" to the close button for the issue type selector to prevent accidental form submission. !48249
- Remove orphan service hooks. !48263
- Fix console error being thrown when file is renamed. !48275
- Update alert details sidebar assignee dropdown to use correct styling and formatting. !48285
- Consider design repositories when determining if there is a git transfer in progress. !48304
- Set Retry-After header when RackAttack throttling. !48310
- Fix misaligned buttons for CI Jobs page. !48332 (mgandres)
- Use incident instead of issue for operation settings. !48406
- Fix missing item with same name in autocomplete suggestions. !48410 (Paul Ungureanu @ungps)
- Fix misalignment of commit search by message input. !48430
- Prometheus integration name should not have a modifiable input field. !48437
- Fix stretched flash in project commit show page. !48439
- Ensure job trace endpoint is not called if the current job has not started or the browser is not visible. !48516
- Update fog-aws to v3.6.7. !48519
- Fixed double-border style on WebIDE button. !48605
- Fix spacing between buttons on pipeline header. !48660
- Fix vulnerability deduplication logic for the "pipeline security tab". !48704
- Add type filtering in appearance page of the admin panel. !48709 (Paul Ungureanu @ungps)
- Fix confirmation modal showing on project integration. !48720
- Fix import of LFS files in GitHub import. !48722
- Github importer - Avoid touching MR when importing pull request `merged by` field. !48729
- Fix styling of various dropdowns. !48800
- Fix MR buttons when fork is deleted. !48813
- Add menu-item class to non-details-job-component. !48834
- GraphQL: Add gitlay field to CiStatusAction. !48892
- Global Search - Fix Dark Mode Font. !48927
- Fix flex overflow bug. !48931
- Restrict access to job page to developers only when use CI_DEBUG_TRACE is true. !48932
- Resolve Cannot remove namespace. !48973
- Resolve Save button should have a different color on press. !48975
- Fix last_value record in internal_ids for epics. !48988
- Fix failed group imports getting stuck by long error messages. !48989
- Avoid branch name checking when creating a new snippet. !48995
- Ensure default_branch from settings is not blank. !49018
- Make sure Sourcegraph asset always loads successfully. !49030
- Fix avatar size in profile activity. !49047
- Fix margin and selected state in file header. !49059
- Fix comment highlighting for unified diff components. !49061
- Fix Jupyter notebook code and image rendering. !49067
- Fix bug in ProjectRepositoryStorageMove transition to scheduled. !49105
- Do not crash the ingestion of all security reports if there is an invalid report artifact. !49181
- Do not automatically reapply incident label after user removes it. !49188
- Update fog-google to v1.12. !49196
- Check for a status in the current user dropdown. !49203
- Fix pipeline page in dark mode. !49214
- Handle prometheus-formatted alert notifications through HTTP integrations. !49268
- Update repository size after import. !49319
- Fix typo on merge locally step. !49330
- Fix getting security report information on merge requests from forks. !49354
- Conan packages show build and commit information when published using CI. !49426
- Clear emoji status in issue/mr header. !49439
- Hide extra breadcrumb arrow that overlaps with last breadcrumb item. !49456
- Fix division by error when upload max size is set to 0. !49482
- Capture subgroup creation failure during Group Import via archive file. !49484
- Alert Service integration only available for projects. !49561
- Update projects_imported.total usage metric. !49568
- Fix usage data tracking of some issue events. !49571
- Fix copy to clipboard on Firefox. !49648
- Fix outline on selected button in Snippets Rendered/Source buttons. !49676
- Add final newline on submit in blob editor. !49681
- Fail import state whenever repository import fails. !49682
- Fix author on /clone quickaction usage to be current user. !49830
- Upgrade mailroom to v0.0.8. !49834
- Fix the header name for basic auth authentication in package managers APIs. !49836
- Allow opsgenie manage form to be displayed when opsgenie is enabled. !49863
- Add custom cop to prevent invalid HTTParty usage. !49878 (Ethan Reesor (@firelizzard))
- Remove last-child bottom-margin: 0 from page-title class. !49884
- Fix wording of some 400 Bad request API responses. !49895
- Set Web IDE Live Preview default background to white. !49901
- Fix bug in snippets mark as spam mutation. !49912
- Make the strategies env wrap. !49951
- Fix get endpoint not returning members with minimal access. !49996
- Fix feature flag logging is not working on API. !50025
- Resolve No boards found message showing when loading boards. !50140
- Fix Markdown attachments in Releases not rendering with full URL. !50146

### Deprecated (1 change)

- Drop unused feature_filter_type experiment column. !48221

### Changed (124 changes, 12 of them are from the community)

- Move Jenkins to Core. !37797 (Ben Bodenmiller (@bbodenmiller))
- Migrate Bootstrap button to GitLab UI GlButton in IDE. !39988
- Replace bootstrap alerts in ee/app/views/admin/licenses/new.html.haml. !41275 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/profiles/notifications/show.html.haml. !41310 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/admin/runners/show.html.haml. !41378 (Gilang Gumilar)
- Replace Runner Page Title with Runner’s Hash. !44854 (Kev @KevSlashNull)
- Rename Piwik config items and layout file after rebranding to Matomo. !45658 (Kate Grechishkina @kategrechishkina)
- Improve clarity of admin Rate Limiting UI. !46142
- Replace fa-exclamation-triangle icons with GitLab SVG warning-solid icon. !47089
- Add `converted_at` timestamp column to `experiment_users` to record when the user performs an experiment's conversion action. !47093
- Preserve cross references in AsciiDoc documents. !47131 (Guillaume Grossetie)
- Darker background for dark mode, plus small fixes to MR page. !47359
- Add option to uninstall the legacy Tiller server for clusters added before GitLab 13.2. !47457
- Use GitLab UI styles on Integrations page. !47478
- Add a job to the DAST template that shows an error in the console if the user is not licensed to use DAST. !47484
- Add BulkImports::Failure to store import failures of the Group Migration (BulkImports) process. !47526
- Remove brackets in no scopes selected message in access and deploy tokens lists. !47628
- Begin auto-stop countdown for environment after initial creation. !47702
- Change default project listing sort order to name. !47734 (Lee Tickett)
- Finalize new create project UI experiment. !47804
- Make ImportIssuesCsvWorker idempotent. !47808
- Remove "Details" from breadcrumb item and LD+JSON from Project top. !47817 (Takuya Noguchi)
- Convert knative error alert to glalert. !47840
- Remember last used project ordering option across groups. !47850 (Lee Tickett)
- Remove "Details" from breadcrumb and JSON+JD on Group top page. !47854 (Takuya Noguchi)
- Hide open registration user callout on gitlab.com. !47865
- Make "How to merge" modal in merge requests conform to correct modal styling. !47889
- Remove `Add Issues` button and a related modal. !47898
- Remove Feature Flag that controls data limit on Deploy Boards, thus making 10MB limits mandatory. !47950
- Removed boards promotion. !47972
- Replace fa-chevron-down in template selector dropdown. !48015
- Remove http_integrations_list feature flag. !48030
- Add filtering by current iteration to issue lists and issue boards. !48040
- Implement smart cobertura class path correction. !48048
- Replace fa-chevron-down icon in pikaday. !48054
- Add User.location field to GraphQL API. !48059
- Add support for filtering direct group members by 2FA enabled/disabled. !48084
- Iterate on the copy in the “Novice or Experienced” page of the registration onboarding flow. !48086
- Add metrics for count of unique users of alerts and incidents to usage ping. !48087
- Allow Pages to define a storage-specific connection. !48098
- Replace fa-exclamation-triangle in users select. !48116
- Add a generic packages tab to the Packages UI. !48121
- Replace fa icons in single file diff. !48136
- Add `checksum` column into the `vulnerability_remediations` table. !48165
- Replace fa-chevron-down with GitLab SVG in dropdowns. !48171
- Add ldap encrypted credentials to the usage data. !48210
- Replace fa-spinner in metrics dashboard yaml definition. !48227
- Update Design of the Container Registry Cleanup Policy for tags. !48243
- Enable LFS chunked encoding. !48269
- Authorize the project for the cluster agent if it is the agent's project. !48314
- Add GlFormCheckbox to squash commits. !48338
- Add metric for dead Sidekiq jobs. !48361
- Make How to merge modal in merge requests widget conform to correct modal styling. !48370
- Allow filtering project and group members by relationship in GraphQL. !48372
- Add Attributes cleaner to Group Migration. !48374
- Add additional fields to GraphQl terraform state version. !48411
- Bumps Managed-Cluster-Applications CI template to v0.36.0, which upgrades Runner. !48444
- Expose public email field for user in GraphQL. !48468
- Add MAU counter for snippet show action. !48477
- Refine group creation form. !48490
- Geo: Remove unused indexes. !48504
- Update empty state for no commits result. !48538
- Github Importer - import the pull request `merged by` field. !48561
- Refactor container registry list page to grapqhl. !48602
- Transfer a project/group to a new namespace inheriting integrations. !48621
- Replace fa-chevron-down icons with GitLab SVG in gcp cluster form. !48656
- Add containerRepositoriesCount to project and group queries. !48685
- Track test failures on pipeline completion. !48695
- Include actual limit in pipeline limit errors. !48710
- Replace how to merge HAML with Vue component. !48766
- Global Search - Fix Sidebar Whitespace. !48832
- Move CanaryIngress to core. !48836
- Finish removing unused replication columns from terraform state. !48839
- The dependency proxy caches manifests and makes HEAD requests to help with rate limiting. !48845
- Update package_file table to display commits when present. !48882
- Avoid creating wiki empty repo when not present in export files. !48890
- Update nodejs-scan rule to wildcard prefix. !48902
- Add primary key to elasticsearch_indexed_projects. !48919
- Upgrade fog-aws to v3.7.0. !48921
- Add new column `finding_uuid` into `vulnerability_feedback` table. !48923
- Add primary key to elasticsearch_indexed_namespaces. !48944
- Add ability to type a number in related issues and prepend #. !48952
- Improve CI for external repo with configurable maximum mirroring frequency on self-hosted. !48955
- Enable pages_serve_from_deployments FF by default. !48974
- Replace fa-cirlce in runners helper. !48981
- Add GitHub Importer pagination. !48983
- Add primary key to merge_request_context_commit_diff_files. !49024
- Update template to use codequality 0.85.18-gitlab.1. !49034
- Display more pipelines info in package history. !49040
- Use a separate commit to store formatting changes in the Static Site Editor. !49052
- Delete manifests when purging the dependency proxy using the API. !49056
- Auto approve users if Admin approval after sign up setting is disabled. !49068
- Boards - Remove default labels lists generation. !49071
- Sort merge request diff files directory first. !49118
- Add user ID based allowlist for Rack::Attack. !49127
- Sort commit/compare diff files directory first. !49136
- Move IssueType notes and discussions count logic to resolvers. !49160
- Let `rake gitlab:workhorse:install` use vendored workhorse. !49250
- Allow alert list to be visible when alerts exist, even if alerting integrations are disabled. !49257
- EKS: Provide user feedback on AWS authorization errors. !49278
- Remove user_search_secondary_email feature flag. !49312
- Update gitlab-kas to v13.7.0. !49318
- Convert fa-caret-down icons to chevron-down SVG. !49332
- Enable file tree highlighting by default. !49356
- Merge 'Sample Data' and 'Built-in' tabs on Project Templates page. !49374
- Add Merge Train Setting to the graphql api. !49402
- Migrate HAML buttons to Pajamas in app/views/profiles/keys. !49421 (Jonston Chan @JonstonChan)
- Migrate `createBoard` away from boardStore. !49450
- Support merge requests filtered by reviewer in GraphQL API. !49464
- Gradually load more diffs async. !49476
- Require users to copy, download, or print 2FA recovery codes. !49493
- Convert group member filter dropdowns to filtered search bar. !49505
- Update GitLab Workhorse to v8.58.0. !49534
- Refactor container registry to use GraphQL API. !49584
- Remove unneeded pagination code for project importers. !49589
- Update deprecated button on pipeline security table. !49620
- Update ide pipeline alert to use gitlab ui. !49634
- Updates the copy on empty users list tabs. !49642
- Enable LFS chunked encoding by default. !49649
- Add visibility and last updated image repository details. !49703
- Allow updating `hideBacklogList` and `hideClosedList` board attributes. !49947
- Add expires_at param to GroupMemberBuilder data. !49981
- Change the unique index on `security_findings` table. !50046
- Remove dast_unlicensed job. !50129

### Performance (24 changes, 2 of them are from the community)

- Remove redundant index. !47072
- Add database index for deployment rollback targets. !47159
- Add index for API Fuzzing usage data. !47692
- Paginate unit test report. !47953
- Remove .issue-box from static (classic) Issuable list. !47998 (Takuya Noguchi)
- Remove Bootstrap 4's Cards components from Issuables and Todos. !48004 (Takuya Noguchi)
- Fix N+1 when looking up user's solo owned groups. !48340
- Paginate first page of branches using Gitaly. !48595
- Add approvals created_at index. !48684
- Update index for notes to include `system`. !48864
- Remove unnecessary Gitaly calls from raw endpoint. !48917
- Reduce SQL queries when no pipeline hooks are active. !49186
- Improve query that finds all pipelines in the same family. !49240
- Rendering Loading State of Last Commit earlier. !49362
- Fix N+1 queries loading milestones when exporting CSVs. !49429
- Update snippet repository finder for namespace replication. !49518
- Reduce object allocations for large merge request. !49563
- Remove unnecessary Gitaly calls from projects#show. !49565
- Expand index on ci_pipelines. !49604
- Remove unnecessary queries in milestone page. !49662
- Improve the performance of the diff change access check. !49803
- Remove initial data check on project level value stream page. !49936
- Improve UI and performance of branches overview page. !50096
- Use the improved version of Value Stream Analytics backend on the project level. !50141

### Added (125 changes, 13 of them are from the community)

- Configurable personal access token prefix. !20968 (Max Wittig & Diego Louzán)
- Add CI_OPEN_MERGE_REQUESTS environment variable. !38673 (Ben Bodenmiller @bbodenmiller)
- Add Kroki to support more diagrams in AsciiDoc and Markdown. !44851 (Guillaume Grossetie)
- Fix the unreachable CLI image in OpenShift CI template. !44933 (Klaus Mueller @klml)
- Add other role column in user details table. !45635
- Add encrypted ldap secrets support. !45712
- Add the gitlab-experiment gem, with configuration. !45840
- Support Git access for group wikis. !45892
- Add toggle to remove Analytics left nav item. !46011
- Add merge requests total time to merge field to the GraphQL API. !46040
- Cleanup webauthn background migration. !46179 (Jan Beckmann)
- Add GraphQL mutation to update a release. !46611
- Capture design detail views via usage ping. !46751
- Add metric image uploading to incidents via REST API. !46845
- Expose GraphQL resolver for processing CI config. !46912
- Limit maximum deployments per pipeline to 500. !46931
- Enable Crowd auth for git-over-https. !46935 (Thomas Mendoza @tgmachina)
- Create a new `ExperimentSubject` model, associated to the `Experiment` model, and related database migrations. !47042
- Add GraphQL mutations for Devops Adoption Segment. !47066
- Allow passing `commit_id` when creating MR discussions via the API and expose `commit_id` for MR diff notes. !47130 (Johannes Altmanninger @krobelus)
- Adds bulk project repository storage move API. !47142
- Add packages_size to ProjectStatistics API entity. !47156 (Roger Meier)
- Create `vulnerability_findings_remediations` and `vulnerability_remediations` tables. !47166
- Geo: Add verification state machine fields to package files table. !47260
- Add `increment_counter` to Usage Ping API. !47309
- Geo: Add verification indexes for package files. !47372
- Add SEO structured markup for groups. !47374
- Create `incident_management_oncall_schedules` table. !47407
- Add confirm modal to unblock user. !47442
- Add API endoint for Administrators to approve pending users. !47564
- Allow secondary emails in user search. !47587
- Frontend client for increment_counter API. !47622
- Schedule CreateEvidenceWorker jobs in a sliding window. !47638
- Send Static Site Editor events to Usage Ping API. !47640
- Add rake task to disable personal project and group creation. !47655
- Add assign self to group boards sidebar. !47705
- Toggle File-By-File setting from the MR settings dropdown. !47726
- Add regulated field to compliance management frameworks. !47761
- Add lock button to the Terraform State list view. !47842
- Adds migration for user permission uploads. !47846
- Add loading state to boards assignees header dropdown. !47848
- Use CS_ANALYZER_IMAGE in CS template. !47856
- Add cloud_license_enabled column to application_settings. !47882
- Add invitation reminders. !47920
- Create namespace onboarding actions table. !48018
- Expose creation/update times for issue links. !48051
- Add upcoming deployment column to Environments page. !48062
- Add `service_desk_reply_to` to issues list and header. !48089 (Lee Tickett)
- Add iteration_id column to lists. !48103
- Add Epic Board Position model to store relative positioning of epics on a board. !48120
- Add code coverage overall activity to group repository analytics. !48155
- Add confirm modal to reactivate user. !48173
- Email user when registration request is rejected. !48185
- Add artifacts field to JobType. !48207
- Add database index on deployments. !48265
- Add secondary indexes to partitioned audit_events. !48270
- Obfuscate user profile for unconfirmed users. !48271
- Add flash message for setAssignees on group issue boards. !48277
- Add an URL to get user's GPG key if registerd. !48321 (Shimura Rin @blackenedgold)
- Add Operations project setting logic. !48347
- Add GraphQL mutation to delete a release. !48364
- Track MAU for SSE edit. !48377
- Add loading state to assignees header. !48392
- Implement a /clone quick-action to quickly clone an Issue. !48394
- Expose upcoming deployment in environment.json. !48449
- Add Vulnerabilities External Link model. !48465
- Add migration to populate remaining dismissal information for vulnerabilities. !48472
- Mark SCIM-created accounts as provisioned by group. !48483
- Add delete button to terraform list vue. !48485
- Show if a Pipeline was Ran in a Fork. !48517
- Added email notifications when an Issue is cloned. !48534
- Add dependency_proxy_manifests table and associations. !48535
- Add usage metrics for issue clone. !48537
- Implement a /clone_with_notes quick-action to quickly clone an Issue will all its notes. !48539
- Tracks guest package events. !48547
- Retry rsync when source files vanish during backup. !48568
- Add Setting to disable feed_tokens. !48600
- Enable by default usage data API tracking. !48607
- Add GraphQL API to delete container repository tags. !48617
- Github Importer - import pull request reviews from Github. !48632
- Added epic boards and epic board labels tables. !48658
- Allow alerts to be filtered by monitoring tool. !48699
- Adds guest package events to usage data. !48734
- Render http and https URLs as clickable links in Job logs. !48758 (Łukasz Groszkowski @falxcerebri)
- Add Merge Request diff CI variables. !48764 (Jonas Hahnfeld)
- Add admin users serializer and entity. !48791
- Set vulnerability as dismissed when there is dismissal feedback. !48795
- Create package build_info records for Conan, NuGet, PyPI, and Composer packages and package files. !48811
- Add download action to the Terraform state listing. !48837
- Add context to the experiment user records. !48896
- Add index for the `vulnerabilities` table on `project_id`, `state`, and `severity` columns. !48930
- Add uuid column into security_findings table. !48968 (Harrison Brock @harrisonbrock)
- Detect corrupted build logs and report them by incrementing Prometheus counter. !49004
- Add details column to vulnerability findings table. !49005
- Add Project to ContainerRepository GraphQL type. !49019
- Add pipeline information to Terraform state list. !49042
- Add oncall rotations and participants tables. !49058
- Add domain column to alerts table. !49120
- Add dependency proxy predefined environment variables. !49133
- Add usage data rake tasks to prettify JSON output. !49137
- Resolve Transition ID section should include help text. !49204
- Support instance profiles for IAM role for Amazon EKS integration. !49212
- Add `project_id` column into the `vulnerability_remediations` table to scope the records with projects. !49219
- Add member_events column to web_hooks table. !49273
- Upgrade Pages to 1.31.0. !49352
- Add CI/CD analytics GraphQL types. !49384
- Truncate the `security_findings` table. !49385
- Add validating jsonb fields with json schema draft-07. !49451
- Adds sha checksum to composer URL. !49511
- Dependency Proxy for private groups and Dependency Proxy authentication. !49519
- Save usage ping payload in raw_usage_data table. !49559
- Allow downloading of security reports directly from merge request page. !49572
- Show upgrade popover in security widget in merge requests when the user is able to upgrade. !49613
- Introduce frontend for group migration MVC. !49709
- Add issue header mobile dropdown loading state. !49734
- Support extensions as configurable ES6 classes in Editor Lite. !49813
- Allow job to download artifacts in parent-child pipeline hierarchy. !49837
- Add ability to aggregated metrics in Usage Ping. !49886
- Add expiration policy completed at support in container repositories. !49924
- Allow to configure custom service desk email address suffix. !49932
- Add payload_example and payload_attribute_mapping columns to alert_management_http_integrations table. !49941
- Add prefilled variables for run pipeline page. !49985
- Add operations_access_level to project settings API. !50023
- Upgrade GitLab Pages to 1.32.0. !50062
- Add MergeRequest to VulnerabilityType in GraphQL. !50082

### Other (49 changes, 15 of them are from the community)

- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/boards. !41410 (nuwe1)
- Migrate bootstrap dropdown to GlDropdown in app/assets/javascripts/diffs. !41451 (nuwe1)
- Migrate awards list buttons to new buttons. !43061
- Apply GitLab UI button styles to buttons in app/views/projects/graphs directory. !44295 (Lakshit)
- Use GitLab's standard dropdown for the review mode chooser in the WebIDE. !46820
- Replaces elements with the bs-callout class with gl-alert vue component. !47331 (Gary Bell @garybell)
- Add analytics_devops_adoption_snapshots table. !47388
- Add relation name to indexes view. !47422
- Migrate chevron-down icon to svg. !47591
- Disable auto admin mode in features. !47670 (Diego Louzán)
- Remove avg_cycle_analytics from usage ping. !47812
- Remove unused .issue-box CSS. !48002 (Takuya Noguchi)
- Convert shared runner limit alert to gl-alert. !48063
- Remove temporary blocking issues scheduling indexes. !48064
- Update icons to svg in several sort dropdowns. !48092
- Move Terraform state versioning default to database. !48194
- Replace wrong index definition on labels (project_id, title). !48238
- Update GitLab Runner Helm Chart to 0.23.0. !48284
- Add `external_author` alias to `service_desk_reply_to`. !48363 (Lee Tickett)
- Migrate bs-callout to GlAlert in …/unmet_prerequisites_block.vue. !48398
- Improve logging on feature flag modification. !48417
- Replace bootstrap caret-down with chevron-down. !48424
- Convert bootstrap carets to svg chevrons. !48492
- Rename "Cycle Analytics" with "Value Stream Analytics" under /spec. !48531 (Takuya Noguchi)
- Update GitLab Workhorse to v8.56.0. !48592
- Update gitaly gem to 13.6.1. !48601
- Rename "CYCLE_ANALYTICS_*" variables for CI with "VSA_*". !48675 (Takuya Noguchi)
- Adds gl button classes to manifest imports. !48697
- Add btree bloat estimation view. !48698
- Disable auto admin mode on requests and views specs. !48700 (Diego Louzán)
- Move users#show.json to users#activity.json. !48712 (Takuya Noguchi)
- Remove `view_diffs_file_by_file` feature flag. !48966
- Move profiles/keys#get_keys to users#ssh_keys. !48991 (Takuya Noguchi)
- Replace wiki fontawesome icons with emojis. !49097
- Add a project setting to allow editing commit messages. !49152
- Updated UI text to match style guidelines. !49275
- Move profiles/gpg_keys#get_keys to users#gpg_keys. !49448 (Takuya Noguchi)
- Remove references to cross_project_pipeline source in documentation. !49579
- Updated UI text to match style guidelines. !49632
- Migrate bs-callout to GlAlert for components using app/assets/javascripts/vue_shared/components/callout.vue. !49732 (Gary Bell @garybell)
- Bump gitlab-shell version to v13.14.0. !49810
- Track index bloat estimate. !49822
- Conver create merge request button to gl. !49864
- Adds gitlab ui classes to project dir buttons. !49939
- Removed count_uploads_size_in_storage_stats feature flag. !49998
- Delete MockDeploymentService records, used only in development environments. !50030
- Add feed_token specs to spec/features/profiles/personal_access_tokens_spec.rb. !50059
- Replace spec/controllers/ide_controller_spec.rb with request spec. !50075 (Takuya Noguchi)
- Update GitLab Workhorse to v8.57.0.


## 13.6.3 (2020-12-10)

### Fixed (5 changes)

- Fix error 500s creating projects concurrently. !48571
- Fix container_registry url for relative urls. !48661
- Resolve Members page 500 error after Invitation sent via API. !48937
- Add different string encoding method in rack middleware. !49044
- Fix MR rendering issue when user is tool admin and not project member. !49258

### Changed (1 change)

- Update Rake check and docs to require Ruby 2.7. !48552


## 13.6.2 (2020-12-07)

### Security (10 changes)

- Validate zoom links to start with https only. !1055
- Require at least 3 characters when searching for project in the Explore page.
- Do not show emails of users in confirmation page.
- Forbid setting a gitlabUserList strategy to a list from another project.
- Fix mermaid resource consumption in GFM fields.
- Ensure group and project memberships are not leaked via API for users with private profiles.
- GraphQL User: do not expose email if set to private.
- Filter search parameter to prevent data leaks.
- Do not expose starred projects of users with private profile via API.
- Do not show starred & contributed projects of users with private profile.


## 13.6.1 (2020-11-23)

### Fixed (5 changes)

- Fix project transfer corrupting shared runners state. !48032
- Fix project select split button bug. !48065
- Fix tags pages erroring for projects with private pipelines. !48184
- Ensure Alerts list loads when only HTTP integrations are enabled. !48247
- Does not track package events on a read-only instance. !48257

### Changed (1 change)

- Re-name Instance Statistics as Usage Trends. !48183


## 13.6.0 (2020-11-22)

### Removed (3 changes)

- Removed ACE editor from the codebase. !46420
- Remove storage limit column from application settings. !46676
- Remove the ability to resole individual notes. !46775

### Fixed (140 changes, 11 of them are from the community)

- Fix rendering of markdown headings and floated images. !25442 (Gwen_)
- Fix release assets link redirection. !35381
- Fix chatbot replies not including job log. !42010
- Show tar warning message when file/folder changed during backup instead of failing whole backup operation. !42197
- Remove default EKS Region dropdown in cluster create form. !43017
- Remove all records from `security_findings` table. !44312
- Add `position` column into security_findings table. !44815
- Render script newlines in CI Lint view. !45087 (Nejc Habjan)
- Fix a race condition checking whether a project is read-only. !45160
- Limit number of times a background migration is rescheduled. !45298
- Improve project labels page card layout consistency. !45311
- Do not convert unicode versions of trademark, copyright, and registered trademark to emoji. !45457
- Gracefully recover from deleted LFS file. !45459
- Fix Bad Escape in Issue Board Empty State. !45465 (Kev @KevSlashNull)
- Update cluster applications CI template to 0.34.1. !45487
- Fixed multi line comment options in parallel mode. !45557
- Removed not equal filter option for drafts on merge requests. !45649
- Fixed target branch not filtering. !45652
- Fix Merge Request "Edit in Web IDE" dropdown link on MR diffs page. !45653
- Handle malformed strings in URL. !45701
- Reset the pagination cursor when a search result filter changes. !45708
- Fix aria label on IDE tab close button. !45709
- Fix danger-secondary button in the Web IDE dark theme. !45714
- Removes the hamburger icon in the Changes tab in Web IDE. !45717
- Fix exception when saving Jira integration info for an instance. !45718
- Make sure the http_requests_total and http_request_duration_seconds metrics are not empty on application start. !45755
- Configure CSP for displaying Youtube videos in the Static Site Editor. !45767
- Render correct URLs for uploads in service desk issues when custom template is used. !45772
- Upgrade Workhorse to v8.52.0. !45778
- Fix project callbacks when propagating integrations. !45781
- Fix project import search box and make it case insensitive. !45783
- Remove the native styles for modal-dialog - Currently off center. !45789
- Fix when Feature Flags link is shown in search bar results. !45803
- Reset search results filters whenever a user changes scope. !45808
- Project Access Tokens - Delete project bot after token expires. !45828
- Paginate project_runners in ci_cd settings. !45830
- Fix bug with robots and .git suffix. !45866
- Block LFS requests on snippets. !45874
- Fix an N+1 issue in Packages::GroupPackagesFinder. !45875
- Fix sticky header issue status not syncing. !45895
- Download LFS files when importing from Bitbucket Server. !45908
- Fix viewing GitHub-imported diff notes in discussions. !45920
- Boards - Fix Milestone icon alignment in header. !45965
- Reduce whitespace on MR page header. !45966
- Fix CSS for To-Do List on mobile. !45969 (Takuya Noguchi)
- Fix wide content overflow on Notebook output. !45971
- Fix auto-deploy-image fetches deprecated stable repository and causes an error. !45984
- Fixed long paths truncating in merge request sidebar incorrectly. !45994
- Remove positive tabindexes. !46003
- Remove "Report abuse" button from a merged Merge Request. !46031 (Takuya Noguchi)
- Fix single file editor patch branch name. !46044
- Updated list view MR icon. !46059
- Tolerate UTF8 BOM character during frontmatter rendering. !46062
- Fix dropzone paperclip and loading icons. !46093
- Copyedit Project Issue Boards API docs. !46110 (Takuya Noguchi)
- Fix typos when deleting a project repository. !46204 (Edstub207)
- Enable rendering avatars with full url. !46206
- Fix bug accessing import route with no user. !46215
- Fix transaction usage in ContainerExpirationPolicyWorker. !46217
- Remove page_title from single project and group pages. !46223
- Skip GMA and SSO validation when creating project access tokens for project bots. !46257
- Make loading icon on feature flag edit page larger. !46268
- Allow semver versions in composer packages. !46301
- Don't return target-specific broadcasts without a current path supplied. !46322
- Fix tracking of frequently visited projects / groups. !46348
- Do not query snippet infromation on the new snippet's creation. !46355
- Populate missing `dismissed_at` and `dismissed_by_id` attributes of vulnerabilities. !46370
- Add CI Status CSS to the Environments Page. !46382
- Allow project storage to be updated when no repositories exist. !46385
- Add licensed check for wip limits. !46387
- Fix problems with Groups API search query parameter. !46394
- Fix QuickActions not working if written before a codeblock. !46401
- Resolve User stuck in 2FA setup page even if group disable 2FA enforce. !46432
- Job dropdown: Hide tooltip explicitly on click. !46465
- Fix loading current directory when changing branches. !46479
- Allow to apply group labels with service desk templates. !46492
- Fix CI artifacts not uploading with tracing enabled and without NGINX. !46513
- Fix logging handling for API integer params. !46551
- Bugfix email notification recipients for comments on Designs. !46642
- Fix linebreak issue in last commit anchor. !46643
- Upgrade fog-google to v1.11.0. !46648
- Fix 'File name too long' error happening during Project Export when exporting project uploads. !46674
- container registry: show delete selected button on medium viewports. !46699
- Improve thread safety of Ci::BuildTraceChunk data stores. !46717
- Fix 404 error from Commit Signature API when using Rugged. !46736
- Fix example responses for Project Issue Board creation API in the docs. !46749 (Takuya Noguchi)
- Autofocus on search input within labels dropdown after labels are loaded. !46750
- Fix example responses for Group Issue Board creation API in the docs. !46760 (Takuya Noguchi)
- Make the Merge Train process flow more resilient by always refreshing merge requests from beginning. !46768
- Show "No user list selected" in feature flags. !46790
- Skip disabled features when importing a project from Gitea. !46800 (John Kristensen (@jerrykan))
- Fixed create merge request dropdown not re-opening after typing invalid source branch. !46802
- Fix broadcast notification close icon appearance. !46804
- Fix remove label inconsistency. !46805
- Assign new incoming diff lines for renamed files to the correct view type. !46823
- Display submodules in MR tree and file header. !46840
- Fix empty state message in explore projects page. !46860
- Better-behaved tooltips in pipeline dropdown. !46866
- Ensure security report is displayed correctly in merge requests with a lot of CI jobs. !46870
- Fix code lines being cut-off on failed job tab. !46885
- Populate values for `has_vulnerabilities` column of `project_settings` table. !46890
- Fix group destroy not working with Gitaly Cluster. !46934
- Fix setting Comment detail for Jira and modal for groups. !46945
- Fix retried builds icon sprite to use css_class. !46955
- Remove unnecessary expand sha button in pipelines page. !47012
- Fix operations settings when Pipelines are disabled. !47062
- Fix duplicate epic iids and add uniqueness constraint. !47081
- Fix relative path not found on production web server. !47090
- Moved template warning below type. !47103
- Fix top margin in new project page. !47109
- Make delete repo prompts consistent. !47117
- Make register_instructions optional for RunnerSetup. !47123
- Fix milestones param validation for releases API PUT method. !47169
- Fixed create branch button not hiding when issue is closed. !47187
- Fix config variables when having includes. !47189
- Handle nullbytes in auth headers. !47206
- Fix error when updating releases with milestone associations through the UI. !47222
- Fixed diff metadata endpoint being called twice. !47265
- Fix pipeline security tab filters not showing. !47294
- Fix unified component inline display. !47345
- Fix secure MR widget colors in dark mode. !47352
- Fix status emoji tooltip trigger. !47378
- Fix workflow:rules not accessing passed-upstream and trigger variables. !47399
- Fix internal lfs_authenticate API for non-project repositories. !47404
- Fix alerts integration list Snowplow tracking event. !47413
- Resolve Suggest Pipeline flow second step not loading. !47419
- Fix overly aggressive prevent call. !47455
- Fix syntax highlight issue with regular expressions. !47469
- Stop finding commit with empty ref. !47497
- Fix issues list when due date parameter is invalid. !47524
- Bump versions of secrets and klar in the Secure-Binaries template. !47531
- Fixed copy contents functionality for snippets. !47646
- Reject incomplete multibyte chars in UTF8 params. !47658
- Fix deploy token permissions for write_package_registry. !47675
- Fix comment cells not rendering in unified component inline view. !47693
- Replace poorly performing auth event providers query in usage ping. !47710
- Do not fail when cleaning up MR with no repository. !47744
- Clear cached merge_ref_sha on reopen. !47747
- Refactor and UI-polish around activity calendar on user profile. !47797 (Takuya Noguchi)
- Fix for missing user info for Terraform State. !47814

### Deprecated (1 change)

- Deprecate support for Elasticsearch 6.x. !45619

### Changed (143 changes, 5 of them are from the community)

- Match Jira users by email, username or name on jira issues import. !33883
- Use global IDs for GraphQL arguments accepting sentry IDs. !36098
- GraphQL Snippets: use Global-ID scalar. !36117
- Add Google Tag Manger to sign in/up and trial pages. !38395
- Prune loose objects during git garbage collection. !39592
- Throttle container cleanup policies execution by using a limited capacity worker. !40740
- Update leave group modal to gl-modal. !41817
- Split sign in and sign up pages. !42592
- Improve messaging for emails from alerts. !43054
- Replace fa-check icons with GitLab SVG check icon. !43353
- Manually collapsed diff files are now significantly shorter and less visually intrusive. !43911
- Update change username modal. !44325
- Add support for search and inclusion of project labels within Group Labels API. !44415
- Add usage ping for unique users importing issues via CSV. !44742
- Add default regexes and prevent blank regexes for container cleanup policies. !44757
- Enable Sidekiq argument logging by default. !44853
- Search Autocomplete add GFM support for issues. !44930
- New group and project invite mail design. !44940
- Make the repository read-only while running cleanup. !45058
- Use existing group label when promoting project label. !45122
- Update Rack to v2.2.3. !45183
- Remove feedback alert from on-demand scans form. !45217
- Expand scope of coverage badge query to all successful builds. !45321
- Forbid top-level route sitemap.xml. !45359
- Update GraphQL input ids for Board Lists and Issues to be more type specific. !45398
- Update copy branch keyboard shortcut to click sidebar button. !45436
- Rename "a whole number" to "an integer number" in feature flags strategies. !45444
- Expose humanTimeEstimate and humanTotalTimeSpent via graphql. !45508
- Add link to the note on the email sent after adding a comment on an issue. !45511
- Add usage ping for unique users importing groups and projects via the group migration tool. !45536
- Remove resolve comment functionality. !45549
- Render 404 to search engine crawlers instead of redirecting to login. !45552
- Use GitLab SVGs in audit_icon helper. !45562
- Remove temp index on job artifacts. !45565
- Move test report system output to modal. !45575
- Generate a longer Kuberntes Agent Token by default (was 20 characters, now 50). !45620
- Update system note when marking merge request as draft or ready. !45644
- Replaced GlDeprecatedBadge for GlBadge in requirements tabs. !45647
- Add EC2 to AutoDevOps template. !45651
- Replace external-link icons with GitLab SVG. !45685
- Update loading icon for buttons used in MR's set to merge automatically. !45693
- Add fuzzy-search on full path in Groups API. !45729
- Minor UI improvements to Wiki Delete Page button and modal. !45740
- Add canonical link for default explore route. !45746
- Replaced GlDeprecatedBadge for GlBadge in environment header. !45768
- Replace fa-refresh icon with GitLab SVG. !45777
- Allow user snippets to be indexed by search crawlers. !45793
- Add total count to Terraform state GraphQL API. !45798
- Adds feature flag to disable package events. !45802
- increase allowed dotenv variables from 10 to 20. !45815 (jrreid)
- Remove search_filter_by_confidential Feature Flag. !45819
- Replace fa-caret-down with chevron-down SVG in pipeline action buttons. !45881
- Add new search params to metadata. !45896
- Add suggest pipeline for viable merge requests without pipelines. !45926
- Change permanent routable redirect to 301. !45980
- Disallow realtime_changes route in robots.txt. !45986
- Limits the Deploy Boards data to 10 MB. This change is enabled by default behind a feature flag. !46043
- Migrate DeprecatedModal to GitLab UI Modal for promoted labels. !46047
- Remove admin_approval_for_new_user_signups feature flag. !46051
- Show error in pipeline when API Fuzzing not licensed. !46064
- Improving Container Registry Delete Tags Service to log number of successfully deleted tags even if deletion process was interrupted by a timeout. !46079 (Maksim Stankevic, @maksimstankevic)
- Remove scanned_resources_count column from security scan. !46108
- Resolve request IP address on audit event. !46114
- Disallow /autocomplete/projects route in robots.txt. !46115
- Disallow WebIDE route in robots.txt. !46117
- Replace fa-chevron-up with GitLab SVG icon. !46118
- Pre-fetched GraphQL queries for snippet view. !46130
- Make all Project Issue Boards API available even in CE. !46137 (Takuya Noguchi)
- Move Personal Access Token API to Core. !46145
- Update stop all jobs modal to latest modal. !46157
- Replaced GlDeprecated Badge in clusters.vue. !46165
- Update whitelist/blacklist to allowlist/denylist in Signup restrictions window. !46168
- Use allowlist/denylist in application settings backend. !46170
- Update detailed_metric.vue modal to match Pajamas guidelines. !46183
- Use toasts for wiki notifications. !46201
- Refresh design zooming buttons. !46205
- Replace fa-warning icons with GitLab SVG warning-solid icon. !46214
- Disallow some project routes in robots.txt. !46218
- Improve empty search results message for group and project scopes. !46237
- Add minimal access users to group members api endpoints. !46238
- Replace ACE with Editor Lite. !46250
- Use CodeQuality 0.85.18 in the CI template. !46253
- Add rate limit bypass. !46259
- Use Helm 3 by default for GitLab-managed apps in new clusters. !46267
- Update diff_max_patch_bytes from 100kb -> 200kb. !46276
- Expand Diff File collapsed UI to be significantly more obvious. !46286
- Use standard loading state for Design Upload button. !46292
- Allow for return of scoped broadcast messages on shell. !46333
- Add filtering by recorded date to instance statistics measurements GraphQL API. !46344
- Background migration for setting Jira tracker data deployment type. !46368
- Use updated base report for CodeQuality MergeRequest widdget. !46384
- Make files header responsive and remove truncate name. !46406
- Switch to admin clusterRole for GitLab created environment Kubernetes service account. !46417
- Require Git v2.29.0. !46433
- Generate canonical url and remove trailing slash. !46435
- Moves projects_with_error_tracking_enabled ping usage to Core. !46556
- Mark Sidekiq queue selector as no longer experimental. !46562
- Add new incident counts to usage ping. !46602
- Added code coverage regex for Scala Scoverage. !46638 (opensorceror)
- Show error in pipeline when Coverage Fuzzing not licensed. !46652
- Forbid top level route sitemap. !46677
- Package details: on mobile show all the tags. !46679
- Add message in CI linter that it was validated with all the includes. !46713
- Reschedule again background migration which convers 'blocked_by' issue links to 'block'. !46770
- Load CI lint checks without refreshing the page. !46801
- Show code quality severity rating in the merge request details page. !46829
- Move "New subgroup" and "New project" out of the dropdown into individual buttons. !46907
- Admin approval required on user registration by default. !46937
- Update merge request search results design. !46944
- Add emailsDisabled field for issue type. !46947
- Enable 'instance_statistics' feature flag by default. !46962
- Update image upload path (SSE). !46967
- Changes limit for lsif artifacts to 100MB. !46980
- Add user info to Terraform State List. !46984
- Improve the container registry client tags delete method. !46989
- Filter GitHub projects to import using GitHub Search API. !47002
- Add BulkImport::Tracker to store the pagination information of the Group Migration (BulkImport) requests. !47009
- Use new image details API in container registry details. !47054
- Hide apply suggestion button for anonymous users. !47071
- Change the mutation and permissions for image note reposition. !47161
- Extend GraphQL API to commit to a new branch in a single operation. !47203
- Add region field to AWS Role. !47209
- Cache repository raw endpoint. !47225
- Update the tag name field helper text on the Edit Release page. !47234
- Make Terraform/Base.latest.gitlab-ci.yml template safer to use in projects that have non-terraform jobs. !47254
- MR Analytics: Fix chart tooltip covering filter dropdown. !47274
- Replace fa-check icon in custom notifications. !47288
- Use dedicated signing key for CI_JOB_JWT by default. !47336
- Replace fa-check icon in importer status. !47373
- Add pagination to Terraform list view. !47412
- Add new text and tab name for DAG. !47415
- Enable `vue_group_members_list` feature flag by default. !47427
- Improve the look of wikis in search results. !47470
- Dependency proxy feature is moved to GitLab core. !47471
- Remove ci_trace_new_fog_store feature flag. !47522
- Make schema breadcrumb urls absolute. !47523
- Add type annotation for snippet resolvers. !47548
- Remove feature flag to enable tracking unique test cases parsed globally. !47662
- Replace font-awesome icons in prometheus config. !47713
- Replace fa-chevron-down in dropdown button. !47758
- Replace fa-exclamation-triangle in markdown field MERGE_REQUEST_ID. !47786
- Update rack-oauth2 to v1.16.0. !47839 (Vincent Fazio @vfazio)
- Replace fa-chevron-down in project level VSA. !47885

### Performance (14 changes, 2 of them are from the community)

- Don't refresh all discussions for a new diff note on a merge request. !43015
- Add default_branch to ci_daily_build_group_report_result. !45702
- Upgrade labkit to 0.13.1. !45788
- Add Caching to BitBucket Server Import for pull requests. !45790 (Simon Schrottner)
- Resolve admin/license timeout on large instances. !46336
- Gracefully degrade when counting takes too long for a filtered search. !46350
- Add Batch Support for Importing Pull Requests from Bitbucket. !46696 (Simon Schrottner)
- Schedule clean up of merge request refs efficiently. !46758
- Only set an ETag for the notes endpoint after all notes have been sent. !46810
- Parallelize the removal of expired job artifacts. !46971
- Fix pipelines chart query timeout. !47069
- Add NULLS LAST to index on merge request metrics. !47300
- Add missing expression indexes. !47424
- Enable HTTP caching of repository raw, archive, and avatar endpoints. !47430

### Added (119 changes, 6 of them are from the community)

- Show build status in tag list. !34307 (Lee Tickett)
- Enable the ability to upload images via the SSE. !36299
- Add webhooks for feature flag. !41863 (Sashi)
- Add until_executed deduplication strategy. !42223
- Add support for .md.erb files in Static Site Editor. !42353
- Add install GitLab runner popup. !42877
- Add Default Initial Branch Name for Repositories Group Setting. !43290
- Update the milestone dropdown combobox to display separated sections and badge counters. !43427
- Jira Connect automatically synchronizes up to 400 existing merge requests per project when a namespace is connected. !43880
- Add CI JWT signing key to application_setings. !43950
- Add GraphQL endpoints to lock, unlock and delete Terraform states. !43955
- Add ability to sort releases on Releases page. !43963
- Debian RFC822 and .deb metadata extractor. !44029 (Mathieu Parent)
- Add assignees multiselect wrapper. !44087
- Show the environment link on alert details page. !44130
- Associate multiple pipelines with packages and package files. !44348
- Add a stop review job for ECS. !44717
- Add assignee dropdown to group issue boards. !44830
- Add Total Duration to CI/CD Analytics Page. !44863 (Kev @KevSlashNull)
- Add webhooks for creating and updating a release. !44881 (David Barr @davebarr)
- GraphQL API for listing container repositories. !44926
- Add ability to sort search results for issues and merge requests. !45003
- Add db index for DastSiteValidation#state. !45019
- Store test failure data when build finishes. !45027
- Add GraphQL burnup endpoint under milestone and iteration reports. !45121
- Add hostname to GitHub import API. !45188
- GraphQL: Adds downstream, upstream, source job, path, and project to PipelineType. !45212
- Associate Terraform state versions with the CI job that created them. !45347
- Add sha256 and file count to pages_deployments. !45522
- Add basic top level keys license, settings, and counts_weekly for usage data payload. !45540
- Allow sorting of releases from GraphQL. !45577
- UsageData for issues added/removed/edited. !45609
- Enable dashboard security discover button and ignore feature_filter_type column cleanup. !45636
- Add Support for Canary-Weight ingress annotation via API. !45637
- Add default sitemap generator for gitlab-org group. !45645
- Add new Terraform state list page. !45700
- Add Search for User Lists in Strategy. !45820
- Add jobs field with secureReportTypes argument to Ci::PipelineType. !45837
- Add latest version field to Terraform state GraphQL type. !45848
- Add repository_read_only column to Snippets. !45868
- Add availability to user status. !45888
- Add secret detection token revocation columns. !45912
- Add `has_vulnerabilities` column into project_settings table. !45944
- Email user on admin account approval. !45947
- Add API post /invitations by email. !45950
- Add repositionImageDiffNote GraphQL mutation to specifically reposition DiffNotes on images. !45958
- Create snippet_repository_storage_moves database table. !45990
- Expose issue updated by on GraphQL. !46015
- Allow to create todo on GraphQL. !46029
- Add API get /invitations for project and group. !46046
- Migrate Configure Feature Flags Modal to GitLab UI. !46055
- Add User-Agent to web hook service. !46070
- Add links to GraphQL release object for searching related issues and merge requests. !46161
- Migrate Alert Service to HTTP Integrations model. !46188
- Determine image relative paths. !46208
- Add releaseCreate mutation to GraphQL endpoint. !46263
- Add migration to populate pipeline_id in Vulnerability Feedback. !46266
- Add a /draft alias to the /wip quick action. !46277
- Add usage ping for web users of geo secondaries. !46278
- Enable refactored union set operator. !46295
- Add userDiscussionsCount to issues and merge requests GraphQL. !46311
- Add a service for token revocation. !46356
- Forward deployment, add modal to warn users on Retry action. !46416
- Expose moved and movedTo attributes in Issues query. !46447
- Add merge request description templates to Static Site Editor. !46488
- Add container repositories API. !46495
- Track usage of CI Secrets Management (Vault secrets). !46515
- Added GraphQL mutation for creating project and group labels. !46534
- Add total projects imported usage ping. !46541
- Add structured markup for users. !46553
- Container repository details GraphQL API. !46560
- Add iid column to design_management_designs. !46596
- Add search param to Users GraphQL type. !46609
- Add metric count for projects with alerts created. !46636
- Add ability to sort to search API. !46646
- Enable MR CSV export. !46662
- Upgrade GitLab Pages to 1.29.0. !46665
- Add merge requests filters for filtering by environments and deployment dates. !46683
- Add projects_with_enabled_alert_integrations usage ping. !46693
- Remove graphql_lazy_authorization feature flag. !46819
- Allow setting the value of 'require_admin_approval_after_user_signup' via Settings API. !46851
- Add structured data for projects. !46858
- NPM project level API. !46867
- Send email notifications to admins about users pending approval. !46895
- Monokai theme for the Web IDE. !46901
- Enable issue and MR stat links on release progress review. !46910
- Default enable new_pipeline_form. !46915
- Add tooltips to design buttons. !46922 (Lee Tickett)
- Account for uploads as part of used repository storage. !46941
- Add SEO schema markup to breadcrumbs. !46991
- Add locked and confidential badge to issue sticky header. !46996
- Add Web IDE Solarized Light theme support. !46999
- Add POST project CI lint API endpoint. !47026
- Display Group SAML provider ID in admin. !47034
- Adds warnings to API response for /lint. !47037
- Filter jobs by security report type in GraphQL. !47095
- Update container_scanning to version 3 to support FIPS. !47099
- Adds rake task to generate package events file. !47118
- Add container repository destroy GraphQL mutation. !47175
- Add search assignees to group issue boards. !47241
- Add Redis version to admin page. !47242
- Add CI job to Terraform state version GraphQL type. !47339
- Add pipeline to CI job GraphQL type. !47347
- Add group-level integration management for external services. !47391
- Add cloud_license_auth_token column to application_settings. !47396
- Add user callout to alert admins that registration is open by default. !47425
- Include aggregated git-write usage counts. !47511
- Add cleanup status field to graphQL ContainerRepositoryType. !47544
- Global Search - Left Sidebar. !47561
- Add group name and link in admin identities. !47563
- Implement including multiple files from a project. !47609
- Expose GraphQL API for managing HTTP alerting intergations. !47687
- Convert issue header actions to an ellipsis dropdown menu. !47690
- Add alerting support for custom dashboards. !47704
- Support fuzzing HTTP headers with API Fuzzing. !47727
- Store pages content in zip format. !47763
- Upgrade GitLab Pages to 1.30.0. !47780
- Add variable expansion to rules:changes. !47783
- GraphQL: Expose uploads_size for project_statistics and root_storage_statistics. !47820

### Other (68 changes, 26 of them are from the community)

- Migrate .fa-spinner to .spinner for app/helpers. !25033 (nuwe1)
- Remove new_variables_ui feature flag. !41412
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/error_tracking. !41420 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/monitoring. !41422 (nuwe1)
- Replace Deprecated Dropdown in Container Registry Explorer Page. !41425 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/snippets/components/snippet_header.vue. !41428 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/vue_merge_request_widget. !41429 (nuwe1)
- Migrate-Bootstrap-dropdown-to-GitLab-UI-GlDropdown-in-app/assets/javascripts/jobs/components/stages_dropdown.vue. !41452 (nuwe1)
- Replace v-html with GlSprintf in notes/.../discussion_filter_note.vue. !41482 (Takuya Noguchi)
- Update to Ruby v2.7.2. !44223
- Update haml_lint from 0.34.0 to 0.36.0. !44914 (Takuya Noguchi)
- Update Web IDE pipelines panel to use our design system component. !45007 (matejlatin)
- Replace existing Image Resizing FFs with a single of `ops` type enabled by default. !45050
- Remove Cycle Analytics message from en i18n message. !45178 (Takuya Noguchi)
- Specify primary key for tables without. !45198
- Update Tooltip in Groups to use gl-tooltip. !45305
- Print Ruby version in console greeting. !45370
- Fix Rails/SaveBang offenses for spec/services/* and spec/sidekiq/*. !45391 (matthewbried)
- Migrate collapsed notification tooltip. !45453 (artychan)
- Add database view for partitioned tables. !45591
- Add database view for partitions. !45592
- Remove duplicated BS display properties from Issue. !45628 (Takuya Noguchi)
- Replace quick_submit BSTooltip with GlTooltip. !45638 (Kristin Brooks @kristinbrooks)
- Add migration to add a new configuration option for setting the new user signups count. !45643
- Remove unnecessary index on services for usage data. !45655
- Update GitLab Runner Helm Chart to 0.22.0. !45664
- Replace bootstrap classes for alerts in ping consent. !45723
- Add `analytics_devops_adoption_segment_selections` and `analytics_devops_adoption_segments` database tables. !45748
- Refactor secondary_navigation_elements.scss. !45763 (Takuya Noguchi)
- Migrate toggle replies widget from Bootstrap to GlButton. !45780
- Simplify CSS for Merge Requests (list). !45785 (Takuya Noguchi)
- Add auto_rollback_enabled column to project_ci_cd_settings table. !45816
- Add merge trains enabled setting to project ci cd settings. !45834
- Fix incorrect code in Load Performance Testing docs. !45877
- Migrate services specs to consider admin mode. !45988 (Diego Louzán)
- Migrate tooltip in app/assets/javascripts/vue_merge_request_widget/components/mr_widget_author.vue. !46034
- Migrate Bootstrap buttons to GitLab UI buttons for attach a file form actions. !46041
- Replace chevron-down fa-icon in board sidebar. !46075
- Replace down chevron on invite member/group. !46076
- Clarify that external users cannot access all internal projects, groups, and snippets. !46087 (Ben Bodenmiller (@bbodenmiller))
- Declare and assign variable separately in Shell Script. !46121 (Peter Dave Hello @PeterDaveHello)
- Execute `exit 1` when shell script `cd` fails. !46122 (Peter Dave Hello)
- Migrate tooltip in app/assets/javascripts/ide/components/commit_sidebar/list.vue. !46148
- Migrate tooltip in app/assets/javascripts/vue_merge_request_widget/components/mr_file_icon.vue. !46156 (46156)
- Migrate tooltip in app/assets/javascripts/vue_shared/components/awards_list.vue. !46171
- Replace close button in Scheduling Pipelines user notice with GlButton. !46264
- Add performance marks and measures to the MR Diffs app at critical moments. !46434
- Corrected grammar in Sign-in restrictions text. !46500
- Update access token fields to new input style. !46569
- Rename "cycle analytics" with "value stream analytics" under /spec. !46613 (Takuya Noguchi)
- Resolve Implement GraphQL Startup.js for Design Management app. !46660
- Bump workhorse to 8.53.0. !46666
- Remove columns no longer used for replicating terraform state. !46742
- Backfill cleanup schedules for old closed/merged MRs. !46782
- Bump gitlab-shell version to 13.12.0. !47084
- Remove duplicated BS display properties from Merge Request title. !47124 (Takuya Noguchi)
- Remove duplicated BS display properties from various Diffs. !47125 (Takuya Noguchi)
- Expand postgres_indexes view. !47304
- Update terminal empty state alert to gl component. !47340
- Guard against existence of project_features.requirement_access_level in migration. !47458 (Lee Tickett)
- Replace mirror chevron down icon with svg. !47459
- Update chevron-down icon on project branch page. !47460
- Update button styles in project tree header. !47562
- Update button styles in blob header. !47571
- Update icons to svg for issuable pages. !47596
- Update Workhorse version to 8.54.0. !47625
- Update GitLab Shell to v13.13.0. !47875
- Change wording on the project remove fork page. !47878


## 13.5.5 (2020-12-07)

### Security (10 changes)

- Validate zoom links to start with https only. !1055
- Require at least 3 characters when searching for project in the Explore page.
- Do not show emails of users in confirmation page.
- Forbid setting a gitlabUserList strategy to a list from another project.
- Fix mermaid resource consumption in GFM fields.
- Ensure group and project memberships are not leaked via API for users with private profiles.
- GraphQL User: do not expose email if set to private.
- Filter search parameter to prevent data leaks.
- Do not expose starred projects of users with private profile via API.
- Do not show starred & contributed projects of users with private profile.


## 13.5.4 (2020-11-13)

### Fixed (4 changes)

- Fix Vue Labels Select dropdown keyboard scroll. !43874
- Hashed Storage: make migration and rollback resilient to exceptions. !46178
- Fix compliance framework database migration on CE instances. !46761
- Resolve problem when namespace_settings were not created for groups created via admin panel. !46875


## 13.5.3 (2020-11-03)

### Fixed (3 changes)

- Fix IDE issues with special characters. !46398
- Ensure that copy to clipboard button is visible. !46466
- Auto Deploy: fixes issues for fetching other charts from stable repo. !46531

### Added (1 change)

- Add environment variables to override backup/restore DB settings. !45855


## 13.5.2 (2020-11-02)

### Security (9 changes)

- Add CSRF protection to runner pause and resume. !1021
- Do not expose Terraform state record in API.
- Path traversal to RCE via LFS upload.
- Update container_repository_name_regex to prevent catastrophic backtracking.
- Validate nuget package names.
- Prevent private repo from being accessed via internal Kubernetes API.
- Validate each upload param key in multipart.rb.
- Fix XSS vulnerability for job build dependencies.
- Fix unauthorized user is able to access schedule pipeline variables and values.


## 13.5.1 (2020-10-22)

### Other (1 change)

- Update GitLab Shell to v13.11.0. !45660


## 13.5.0 (2020-10-22)

### Security (1 change)

- Update GitLab Runner Helm Chart to 0.21.1.

### Removed (3 changes, 2 of them are from the community)

- Drop Iglu registry URL column. !42939
- Remove coverage_report_view feature flag. !43711 (David Barr @davebarr)
- Remove release_evidence_collection feature flag. !44234 (David Barr @davebarr)

### Fixed (118 changes, 9 of them are from the community)

- Include builds from child pipelines in latest sucessful build for ref/sha. !29710
- Fix branches_to_be_notified API param for hangouts chat service. !35599
- Add empty dependencies value to ECS Deploy job. !36862
- Fix issues with optional merge requests approval in CE. !42119 (Pavel Kuznetsov)
- Fix type of SentryErrorType global ID. !42185
- Remove linux arch only rule for coverage fuzzing. !42316
- Do not show retried builds in the MR code coverage. !42402 (Simon Lenz @koala7)
- Does not refresh project/snippet statistics on a read-only instance. !42417
- Rendering trailing slash in reference links (issue 205151). !42484
- Remove retry icon on failed job if merge pipeline. !42495
- Designs: return an error if uploading designs with duplicate names. !42514 (Sushil Khanchi)
- Unit Test Report: Fix icon for errored status. !42540
- Copy designs to issue when an issue with designs is moved. !42548
- Fix triggering multiple children pipeline with the same artifact. !42595
- Fix caret sizes in navigation. !42605
- Revert required encryption on CI runner tokens. !42623
- Fix Markdown "Preview" tab on New/Edit Release and New Snippet pages. !42640
- Fixed a bug causing 'Missing author note' to be added to notes for mapped users when importing project using GitLab Import. !42648
- Hides batch suggestions button if there is only 1 suggestion. !42681
- Fix GraphQL token authentication when installed under a relative URL. !42706
- Update pipeline failed notification e-mail warning. !42736
- Fix clickable width of release asset links. !42757
- Fix size of edit button on releases page. !42779
- Move before_script into script for CQ template. !42782 (Vicken Simonian @vicken.papaya)
- Resolve Error when quickly reordering designs. !42818
- Eliminate extra spacing on MR diffs from mobile/tablet screen. !42821 (Takuya Noguchi)
- Fix migrating some empty diffs. !42825
- Fix filtering epics when sorting by dates. !42827
- Fix edge case when updating snippet with no repo. !42964
- Fix group deploy tokens permissions for package access. !43007
- Empty state Packages UI links to user docs. !43009
- Allow Unleash clients to request feature flags when repository is private. !43059
- Show incident list for users who can read issues. !43060
- Auto-accept TOS if project bot. !43067
- Fix checking of task lists when MR description starts with a blank line. !43125
- Fix iteration validation not checking parent groups. !43234
- Fix theme selector not working immediately for some themes. !43239
- Reset labels select search text on Enter. !43285
- Ensure JobWaiter keys always expire. !43320
- Make git lfs for push mirrors work to GitHub.com. !43321
- Fix incorrect HTTP response in deactivate user API for internal user. !43356 (Sashi Kumar)
- Fix bug to allow container cleanup policies to properly run. !43359
- Delete project bot when token is revoked. !43373
- Allow to include project files in parent-child pipelines. !43404
- Fix button placement on pipeline graph. !43419
- Fix 500 error in block user API for internal user. !43461 (Sashi Kumar)
- Fix Web hook deletion not working when many hook logs are present. !43464
- Fix copy_indexes migration helper skipping the opclass for indexes with operator classes defined for them. !43471
- Add markdown icon to more file extensions. !43479
- Fix suggested squashed messages for MR. !43508
- Ensure code search results link to searched ref. !43510
- Fix broken user avatars in Jira Development Panel. !43563
- Update database helpers to set the current_schema. !43568
- Remove project bot user membership when project access token expires. !43605
- Improve the Commit box on the Merge Request Changs tab when browsing per commit. !43613
- GraphQL: No longer allows to omit ID when querying for a single board. !43627
- Fix group deploy tokens to return all projects and work with the Maven group endpoint. !43628
- Fix GraphQL backward pagination when merge requests are ordered by merged_at. !43701
- Fix approvedBy filed in MR GraphQL API. !43705
- Customize value of note_target_type for designs. !43727
- Fix displaying a message when design copying is in progress. !43749
- Fix verifying LFS uploads with GitHub. !43852
- Fix Delete User dialog formatted strings. !43871
- Add cleanup migration for JobWaiter Redis keys. !43882
- Include Design Management git repositories in GitLab Backup. !43947
- Add fuzzy search support to labels dropdown. !43969
- Fix broken button default class. !43977
- Fix full screen comment button on snippets. !44083
- Allow unauthenticated users access to public Personal Snippets via the REST API. !44135
- Fix the ability to assign labels based on license feature availability. !44171
- Recover gracefully when issuable counts are too expensive. !44184
- Fix attach file button not working in description fields. !44216
- Fix design scale bug when navigating to a design after zooming. !44262
- Prefer server-provided authentication for LFS push mirroring. !44284
- Return nil when fetching a wiki page with invalid arguments. !44302
- Update Design thumbnail after uploading an image with the same filename. !44305
- Add tooltip for pipeline actions. !44317
- Ensure suggestion works for number text. !44332
- Update NuGet version validation to allow for extended versions. !44335
- Respect DNT when tracking experiments. !44420
- Fix merge conflict button text if "None" code style selected. !44427 (David Barr @davebarr)
- Allow unauthenticated users access to public Project Snippets via the REST API. !44446
- Fix instance statistics GraphQL query with identifier. !44475
- Designs are moved with an Issue that is moved. !44524
- Fix Auto Deploy scale subcommand unintentionally recreates legacy PostgreSQL. !44535
- Fix emoji rendering in certain edge cases. !44542
- Return 422 error rather than 500 when composer.json is missing or malformed. !44587 (David Barr @davebarr)
- Use optimistic locking to safely migrate a build trace chunk. !44588
- Avoid New Environment button glitching when changing tabs. !44603
- Perform git actions with a user with elevated git permissions during a design copy. !44662
- Align badge with avatar in MR List. !44671
- Fix regression when uploading / viewing binary files in the Web IDE. !44699
- Exclude policies with no container repositories when executing them. !44748
- Fix unnecessarily escaped merge error text. !44844
- Fix button row margin on empty project. !44860
- Add note about cross site cookies browser limitaion to Jira App page. !44898
- Allow re-sending invite to minimal access user. !44936
- Fix dark mode for boards and swimlanes. !44951
- Fix dark mode for milestones. !44952
- Add missing 90x avatar size for image scaling. !45025
- Allow size limit to be available by default in the project pages settings form. !45054
- Fixed incorrect parameter in GraphQL startup call. !45115
- Fix table border hover for incidents and alerts. !45117
- Fix Jira Connect App update webhooks. !45151
- Fix scoped label markdown padding. !45153
- Fix redirects to issue sidebar JSON when visiting the login page. !45194
- Revert of Background migration for setting Jira tracker data deployment type. !45205
- Delete any outstanding BackfillJiraTrackerDeploymentType. !45219
- Fix mobile view of filtering bar. !45226
- Fix the maven md5 upload endpoint. !45271
- Redirect when no user is signed in when updating registration. !45276
- Class and markup cleanup to prevent SVG header bar overlap in Static Site Editor. !45334
- Update to Rack v2.1.4. !45340
- Avooid opening 2 modals for enabling review app. !45361
- Fix undefined tooltip text flashing on clipboard icon. !45482
- Fix error when cleaning up MR with no head ref. !45504
- Disable target branch filter option on merge requests dashboard.
- Fixed merge request tabs overlapping with system header.

### Deprecated (2 changes, 1 of them is from the community)

- Set abuse_notification_email instead of admin_notification_email. !41319 (Hiromi Nozawa)
- Drop column instance_statistics_visibility_private. !42969

### Changed (141 changes, 11 of them are from the community)

- Set default Referrer-Policy to strict-origin-when-cross-origin and set it in a header rather than HTML. !26065 (nhirokinet)
- Background migration for setting Jira tracker data deployment type. !37002
- Update clipboard button to use Pajamas. !38421
- Parallelize removal of expired artifacts. !39464
- Update styling of design comment pins. !39797
- Update confidential form buttons to gl-button. !40893
- Replace bootstrap alerts in app/views/admin/broadcast_messages/_form.html.haml. !41271 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/import/shared/_errors.html.haml. !41288 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/projects/diffs/_warning.html.haml. !41295 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/profiles/accounts/show.html.haml. !41299 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/admin/projects/show.html.haml. !41389 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/projects/milestones/show.html.haml. !41396 (Gilang Gumilar)
- Update lock form buttons to gl-button. !41454
- Updated Discard Changes button in WebIDE. !41899
- Migrate DeprecatedModal to GitLab UI Modal. !42113
- Migrate custom Tabs to GlTabs. !42236
- Revert justified-content-end settings buttons. !42273
- Add Web IDE as dropdown item to diff file edit. !42275
- Expose the option to use namespace-per-project instead of namespace-per-environment for Kubernetes clusters. !42309
- Split name to first and last name for signup. !42346
- Move job token specs to core. !42374 (Mathieu Parent)
- Resolve Add filter capabilities to Incident list. !42377
- Remove angle brackets from empty name in U2F device settings. !42440
- Update sidebar operations order. !42493
- Add Gitpod enabled instance setting to Usage Data. !42563
- Add Gitpod enabled user setting to Usage Data. !42570
- Remove accept terms checkbox for signup. !42581
- Add user sign in indicator to Jira connect app. !42628
- Include monitoring tool from payload in system note for alert creation. !42631
- Rename Created to Published in package sort dropdown. !42677
- Breadcrumb like UI for project path in packages list. !42684
- Allow alerts to open on new tab. !42691
- Replace button component. !42716
- Add Issue Link to "Issue opened by" Integration Chat Message. !42785 (Kev @KevSlashNull)
- Hide instance-level integrations on GitLab.com. !42808
- Remove banner that suggests Web IDE for editing gitlab-ci.yml. !42815
- Updated the admin and user SSH key delete confirmation to use GlModal. !42824
- Add confirmation modal on instance-level integration form. !42840
- Use Conan recipe as package name in package API. !42860
- Show wiki tree structure in sidebar and pages overview. !42867
- Allow member mapping to map importer user on Group/Project Import. !42882
- Migrate environments folder tabs to GlTabs. !42894
- Update pypi install command to work with external dependencies. !42916
- Allow designs to be added, changed, or destroyed on locked and moved issues. !42935
- Add a title section to the Package Registry UI. !42963
- Allow time tracking in incidents. !42965
- Feature flags form: Replace fa-chevron-down with GitLab SVG. !42968
- Create a set of models to store the temporary data needed for a bulk import. !42978
- Adjusted deactivation threshold from 180 to 90 days. !42989
- Fix profile scoped label CSS. !43005
- Store pipeline counts by status for instance statistics. !43027
- Remove internal fields from alert details table. !43076
- Add hosts field to alert detail table. !43087
- Update alert GFM reference in highlight bar. !43104
- Replace fa-search with GitLab SVG search icon. !43110
- Update programming language colors and metadata. !43111
- Global Search - Bold Issue's Search Term. !43124
- Replace fa-external-link with GitLab SVG in group folder. !43128
- Add sort by similarity to getProjects GraphQL call. !43136
- Improve two button review submit in merge requests. !43149
- Update user feedback to a dedicated page as opposed to solely a button with a loader. !43189
- Enable project access tokens on GitLab.com. !43190
- VSA: Replace fa-warning with GitLab SVG. !43262
- Add assignee usernames to issue resolver. !43294
- Create ComplianceManagement::Framework Model. !43301
- Add invitation declined page. !43305
- Move approval MR filter and quick actions to CE. !43326 (Pavel Kuznetsov)
- Always set created_by_id when creating a user. !43342
- Description Templates: Replace fontawesome icons with GitLab SVGs. !43379
- Improve WebIDE error messages on committing. !43408
- Remove bootstrap usage from merge_requests/invalid. !43439
- Expose file path from XML Test Report artifact. !43594
- Always show the "Clear cluster cache" button among the advanced Kubernetes cluster configuration options. !43619
- Deprecate lowercase values for sort enums in GraphQL. !43650
- Replace double angle icons with GitLab SVG in issuables sidebar. !43655
- Set performance cookie to last for a year. !43692
- Add snippets to GitLab backups. !43694
- Restore snippet repositories from backups. !43696
- Update issue boards modal to gl-tabs. !43740
- Update nav icons to chevron-down. !43767
- Display alert for partially executed cleanup policies. !43831
- Show keep path for expired locked artifacts. !43866
- Replace fa-search fontawesome icons with GitLab SVG in Vue components. !43879
- Update toggle focus mode icon to gl-icon. !43888
- VSA: Replace fa-warning with GitLab SVG icon. !43994
- Add spam flag to snippet create/update mutations. !44010
- Include cached sql calls in performance bar. !44022
- Updated GraphQL mutation input ids to be more type specific. !44073
- Remove jquery tooltip API call from stop environment button. !44199
- Add filters on Milestone title in the GraphQL API. !44208
- Display conan recipe as package name on package detail page. !44294
- Respect Group's default branch name when present. !44370
- Enable automatic allocation of purchased storage. !44376
- Move remove board column button to sidebar. !44380
- Reposition wiki title on wiki pages. !44390
- Move wiki edit button inline with wiki title. !44391
- Allow users to navigate to the incidents show details page wrapper through `/issues/incidents/:id` from the Incident list. !44438
- Update delete badge modal to gl-modal. !44495
- Remove jquery tooltip from IDE activity bar. !44526
- Remove the `store_instance_statistics_measurements` feature flag. !44566
- Use GitLab SVG icons in file_type_icon_class helper. !44580
- Add pipeline_artifacts_size to RootStorageStatisticsType. !44595
- Copy project homepage default view for anonymous users. !44606 (George Tsiolis)
- Handle the blacklisted ip error in the Go middleware. !44614
- Add limit to number of test cases parsed by JUnit parser. !44615
- Track unique wiki page views in Usage Ping. !44622
- Automatically expand diffs for merge requests with changes to a single file. !44629
- Move feature flags to core. !44642
- Indicate on signin page instance is self-managed. !44681
- Replace fa icon with GitLab SVG in repository preview. !44696
- Replace fa-file-text-o icons with GitLab SVG doc-text icon. !44706
- Replace bootstrap alert in app/views/shared/milestones/_top.html.haml. !44731
- Back-port free instance review for instances with 50+ users from EE Core to CE. !44770
- Search for python packages with normalized name to allow installs of packages with periods and underscores. !44807
- Update integration descriptions to not be project-specific. !44893
- Projects created from templates inherits integrations. !44932
- Update issue and MR sidebar labels to use Vue instead of Haml. !44942
- Replaced blob-content-edit with editor-lite compoennt for Snippet edit form. !44994
- Replace fa-chevron-down with GitLab SVG in project visibility settings. !45021
- Allow more naming conventions for VSA production environment. !45069
- GraphQL: Changes fields in detailedStatus to be nullable. !45072
- Truncate over-long alert fields instead of return error response. !45099
- Raise Puma Worker Killer RAM limits. !45116
- Replace fa icons in CI build table. !45123
- Replace switcher fa- icons in blob viewer models. !45124
- Replace fa-calendar icon with GitLab SVG. !45175
- Minor UI improvements to Wiki edit page. !45247
- Replace fa-angle-double-left and fa-angle-double-right icons with GitLab SVG. !45251
- Remove CSS that ligthens texts in the pipeline. !45253
- Support all stackprof profiling modes. !45277
- Allow automatically selecting repository storage on move. !45338
- Updated GraphQL note mutation input ids to be more type-specific. !45341
- Update GraphQL discussionToggleResolve mutation input id to be more type-specific. !45346
- Update GitLab-Shell to v13.9.0. !45358
- Replace fa-file icons with GitLab SVG document icon. !45380
- Migrate '.fa-spinner' to '.spinner' for 'awards_list.vue'. !45393
- Update gitlab-shell to v13.10.0. !45408
- Replace fa-bitbucket-* icons with GitLab SVG. !45437
- Replace fa-google with GitLab SVG. !45506
- Replace fa-github with GitLab SVG MERGE_REQUEST_ID. !45533
- Move diff header actions into dropdown menu.

### Performance (21 changes, 1 of them is from the community)

- Improve n+1 in pipeline serializer for triggered pipelines. !42421
- Load issues tab in the milestone page asynchronously. !42473
- Add state_id index for merge_requests list. !42481
- Cleanup request http method/code metrics. !42618
- Optimise cleaning up LFS objects. !42830
- Modify time_period for last 28 days to improve batch counting performance. !42972
- Less inconsistent Edit links in sidebar. !43106
- Performance fix for issue placement. !43315
- Reduce cached SQL for JobsController#show. !43559
- Add index for project_id and sha to deployments table. !43836
- Don't expose http_request_duration_seconds metrics in sidekiq exporter. !43941
- Remove index on issues.relative_position. !43991
- Loads cropper css only when needed. !44137
- Preloading of Fontawesome Icon Font. !44282
- Remove duplicate index from the Vulnerabilities table. !44422 (Borivoje Tasovac @borivojetasovac)
- Optionally use merge request metrics association for merge request diff stats in GraphQL. !44613
- Remove Sentry implementation to investigate performance impact. !44643
- Optimize the loading of diffStats in merge request GraphQL API. !44752
- Preload `user_notes_count` in MergeRequest GraphQL API. !44894
- Remove the commit count from the commits API. !44934
- Enable caching of markdown when viewing blob. !45367

### Added (147 changes, 13 of them are from the community)

- Add canonical links for moved/duplicated issues. !34604
- Change transfer, update and create services for groups and projects to take in consideration shared runners settings. !36080 (Arthur de Lapertosa Lisboa)
- Add approval rules with approvers to usage ping. !36737
- Add index on ci_builds relation to improve Usage Ping metrics collection performance. !37581
- UI to disable shared runners by group. !39249
- Report auth events in manage stage usage ping. !39747
- Display youtube videos on the Static Site Editor. !39756
- Add LSIF to Go Auto DevOps gitlab-ci.yml. !40072
- Measure npm request forwarding usage. !40174
- Make URL links in job logs clickable. !40175 (Łukasz Groszkowski @falxcerebri)
- Add No Access Role for top group members. !40942
- Clean up unused LFS objects during repository housekeeping. !40979
- Send chat notification when deployment starts. !41214 (Sashi Kumar)
- Log failed BatchCount queries. !41552
- Add Group Import usage ping. !41663
- Add Sample Data. !41699
- Add Go(lang) to Packages. !41712 (Ethan Reesor (@firelizzard))
- Copy designs to new issue when issue is moved. !41714
- Add namespace setting to allow to mark if parent group allow subgroups to require 2FA. !41760
- Add cache:when keyword for ci yml config. !41822
- Adds package event tracking. !41846
- Add notification setting for merge request reviewers. !41851
- Track unique number of test cases parsed. !41918
- Introduce '.gitlab/static-site-editor.yml' config file, with support for 'static_site_generator' entry. !41957
- Migrate u2f registrations to webauthn registrations. !42159 (Jan Beckmann)
- Add internal API to download LFS objects. !42161
- Add state field to DastSiteValidation. !42198
- Pre-Collapsed Sections in CI Job Logs. !42231 (Kev @KevSlashNull)
- Improve issuable reaction search. !42321 (Ethan Reesor (@firelizzard))
- Show expanded CI config in CI lint API endpoint. !42380
- Display cluster list node information. !42396
- Validate not null file_store field on packages_package_files to maintain data integrity. !42400
- Add API endpoints to manage individual Terraform state versions. !42415
- Display Contributor badges on notes. !42576 (Mycroft Kang @TaehyeokKang)
- Add expiration policy started at support in container repositories. !42598
- Add a REST API endpoint to list group's descendants. !42620
- Match against description and unicode character when autocompleting GFM emoji. !42669 (Ethan Reesor (@firelizzard))
- Add Debian API skeleton. !42670 (Mathieu Parent)
- Use fuzzy matching for issuable awards. !42674 (Ethan Reesor (@firelizzard))
- Add Documentation URL to Admin Area. !42702
- Add close button to issue, MR, and epic sidebar labels. !42703
- Add :default_branch_name column to namespace_settings. !42778
- Add severity and published sorting for incident issues. !42800
- Replaced ACE with Editor Lite for CI linting. !42814
- Include `used_fields` and `used_deprecated_fields` in GraphQL logs. !42820
- Validate build traces using CRC32 checksums. !42829
- Reference pages_deployments in pages_metadata. !42834
- Display user project count on Admin Dashboard. !42871
- Add runner setup methods. !42878
- Add og:description meta tag to individual "Release" page. !42889
- Add validator for IP address/inet columns. !42893
- Add buttons in the Search page to clear Group and Project filters. !42897
- Update golang version in vendored Dockerfile template. !42917
- Strip markdown from og:description meta tags. !42918
- Add DesignCollection copyState GraphQL field. !42919
- Add projects_creating_incidents to usage ping counts. !42934
- Add project scoped CI lint API endpoint. !42998
- GrahphQL: Adds status to jobs, stages, and groups. !43069
- Destroy issue board list via GraphQL. !43081
- JS client for increment_unique_users API. !43084
- Add missing fontawesome file icon classes. !43091
- Adds button to update merge request draft status on merge request show page. !43098
- Sort incidents list by severity and published columns. !43121
- Update skeleton loader shape on releases pages. !43138
- Add security bot. !43147
- Redirect to documentation pages URL when configuration option is set. !43157
- Add on-demand DAST scan options (scanType, showDebugMessages, useAjaxSpider) ajax spider and set the scan type. !43240
- Enable snippet multiple files. !43246
- Add Debian regexps. !43259 (Mathieu Parent)
- Add sort parameter to Issue and Merge Request scopes. !43295
- Add timeline toggle button for incidents comments. !43302
- Add Gitpod Spring Petclinic to Project Templates. !43319
- Allow a users public GPG Keys to be API accessible. !43332
- Add file name column to CI unit test report. !43338
- Add GraphQL endpoint for Terraform state metadata. !43375
- Store user mentions to DB. !43393
- Upgrade GitLab Pages to 1.26.0. !43416
- Remove graphql_lookahead_support feature flag. !43438
- Introduce 'image_upload_path' entry support for '.gitlab/static-site-editor.yml' config file. !43481
- Introduce 'mounts' entry support for '.gitlab/static-site-editor.yml' config file. !43485
- Introduce required_code_owners_sections table. !43573
- Adds flexible rollout strategy UX and documentation. !43611
- Add table for alert http integrations for project. !43634
- Add a database column to enable or disable the setting that puts newly registered users in a pending state, requiring admin approval for their activation. !43661
- Seed initial version for non-versioned terraform states. !43665
- API support for a specific GPG Key for given user. !43693
- Enable design management reference filter. !43731
- Add GraphQL mutation to create an issue. !43735
- Enable wiki events on git push. !43738
- Adds a Terraform.latest.gitlab-ci.yml to support quick development of Terraform related features. !43802
- Store pipeline counts by status for instance statistics. !43857
- Show labels origin path on project labels page. !43858
- Enable querying for merge requests within a group. !43863
- Add API Fuzzing plan limits db column. !43934
- Enable Gitpod button on file tree view. !43961
- Accept issue filters when getting board lists in GraphQL. !43968
- Add system note on incident severity change. !43998
- Move Tracing usage data ping to Core. !44006
- Update Add Members API to accept user_id array. !44051
- GraphQL: Adds scheduledAt to CiJob. !44054
- IDE editor - Adding syntax highlighting for terraform / hcl. !44056
- Allow to update issue state on GraphQL. !44061
- Add merge request title and description UI to Static Site Editor submission flow. !44071
- GraphQL: Adds action to DetailedStatusType and StatusActioType. !44088
- Feature Flags limits UX and documentation. !44089
- Add Incident Sla timer columns to DB. !44099
- Add the ability to insert a YouTube video. !44102
- Include LFS blobs in archives. !44116
- Add sorting parameters to Releases API. !44118
- Add product analytics for design created and modified events. !44129
- Upgrade GitLab Pages to 1.27.0. !44162
- Add the Alerts integrations table to Alert integrations settings in the Operations section. !44181
- Add Issuable Service Level Agreement (SLA) table. !44253
- Use Web IDE to create new files in empty repos. !44287
- Create an issue board via GraphQL mutation. !44298
- Status icons for alerts integratiosn list. !44318
- Added UsageData metrics for issues added/removed from Epics. !44371
- Added UsageData metrics for Issue designs' usage. !44373
- Add unattended database migration option. !44392
- Add feature flag for a phased rollout of cleanup policies. !44444
- Sync LFS objects when push mirroring over HTTPS. !44457
- Snowplow count of clicks on timeline toggle for incident comments. !44487
- Allow to move issues between projects on GraphQL. !44491
- Support ci_forward_deployment_enabled in edit API. !44510
- Preserve the merge request title and description in the static site editor upon modal close. !44512
- Schedule adding "Missed SLA" label to issues. !44546
- Add usage ping to count Static Site Editor views. !44573
- Move Tracing feature to Core. !44574
- Added new editor-lite Vue component. !44577
- Add Middleman Logo for Project Templates. !44617
- Allow groups to disable 2FA requirement for subgroups. !44712
- Editor Lite to saupport extensions in instance constructor. !44723
- Enable core_security_mr_widget feature flag by default. !44764
- Add apply button when user changes assignees. !44812
- Make alerts searchable by assignee username in GraphQL API. !44911
- Include PostgreSQL system identifier in usage ping. !44972
- Snowplow tracking of Incident details views. !45011
- Show origin path of labels on subgroup labels page. !45040
- Enable one_dimensional_matrix feature flag by default. !45086
- Add support for Generic packages. !45102
- Expose `created_at` in Group and Project members API response. !45156 (Rajendra Kadam)
- Show all inherited labels in projects and subgroups. !45161
- Disallow NULL Bytes (U+0000) in requests. !45223
- Introduce 'admin approvals for new user signups' feature. !45233
- Upgrade GitLab Pages to 1.28.0. !45257
- Add vuex stores for milestone comboxbox. !45287
- Add support for manual bridges for CI pipelines. !45368

### Other (114 changes, 53 of them are from the community)

- Replace-GIDeprecatedDropdown-in-app/assets/javascripts/alert_management. !41409 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/ci_variable_list. !41413 (nuwe1)
- Replace deprecated cluster dropdowns with updated dropdowns. !41414 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/confidential_merge_request/components/dropdown.vue. !41416 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/logs. !41421 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/pages/projects/graphs/components/code_coverage.vue. !41423 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-app/assets/javascripts/pipelines/components/pipelines_list/tokens/pipeline_trigger_author_token.vue. !41424 (nuwe1)
- Replace `GlDeprecatedDropdown` with `GlDropdown` in `app/assets/javascripts/repository/components/breadcrumbs.vue`. !41427 (nuwe1)
- Replace `GlDeprecatedDropdown` with `GlDropdown` in app/assets/javascripts/vue_shared/components/split_button.vue. !41433 (nuwe1)
- Replace GlDeprecatedDropdown with GlDropDown in timezone-dropdown.vue. !41434 (nuwe1)
- Replace-GlDeprecatedDropdown-with-GlDropdown-in-ee/app/assets/javascripts/geo_node_form-and-ee/app/assets/javascripts/geo_replicable. !41438 (nuwe1)
- Remove bootrap alert from gcp offer. !41814
- Update database index on namespaces for type and id. !42128
- Populate issues blocking_issues_count. !42277
- Move shared logic into utils. !42407
- Update button to gl-button on GitLab for Slack page. !42426
- Refactor the invites controller member method. !42727
- Set hook_log css to gl-button. !42730 (Mike Terhar @mterhar)
- Remove an unnecessary element from every page. !42769 (Takuya Noguchi)
- Revise tooltip text of note role badge. !42771 (Mycroft Kang @TaehyeokKang)
- Fix Rails/SaveBang offenses for spec files in spec/services/milestones/*. !42775 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for spec files in spec/services/issuable/*. !42780 (Rajendra Kadam)
- Fixes Rails/SaveBang cop for spec files in ee/spec/models/concerns/*. !42839 (Rajendra Kadam)
- Update GitLab Runner Helm Chart to 0.21.0. !42844
- Notifications icon: Render empty string for custom setting. !42848
- Update GitLab Workhorse to v8.47.0. !42855
- Remove duplicate index on cluster_agents. !42902
- Fixes Rails/SaveBang cop for spec files in spec/models/concerns/*. !42942 (Rajendra Kadam)
- Add issue_email_participants table and related model. !42943
- Add database view for postgres indexes. !42967
- Apply GitLab UI button styles to HAML buttons app/views/projects/blob. !42991 (Andrei Kyrnich @kyrnich)
- Fixes Rails/SaveBang cop for spec files in spec/lib/gitlab/git/*. !43013 (Rajendra Kadam)
- Migrate Recover hidden stage dropdown. !43032
- Remove unused cluster_providers_aws.created_by_user_id column. !43064
- Migrate badge list row buttons to new buttons. !43072
- Apply GitLab UI button styles to HAML buttons app/views/projects/forks. !43101 (Andrei Kyrnich @kyrnich)
- Remove temporary index for fixing broken CS fingerprints. !43126
- Track statistics for index rebuilds. !43156
- Allow get approvals on merge request by GraphQL in CE. !43325 (Pavel Kuznetsov)
- Apply GitLab UI styles to buttons in app/views/shared/labels directory. !43346 (Gary Bell @garybell)
- Update IDE compare changes view button to link style. !43403
- Remove bootstrap from pages/form. !43442
- Update popover to gl-popover on WebIDE commit message. !43499
- Update GitLab Workhorse to v8.48.0. !43586
- Add gl-button class to import and cancel buttons for project member import page. !43620 (Gary Bell @garybell)
- Update Design Management toolbar to use GitLab UI classes. !43682
- Remove type column on audit_events table. !43703
- Update button in modal_copy_button.vue to use GlButton from GitLab UI. !43714
- Migrate deprecated button to GlButton in ingress_modsecurity_settings.vue. !43717
- Migrate button in alert_widget_form.vue. !43720
- Migrate button in fluentd_output_settings.vue. !43724
- Apply GitLab UI button styles to HAML buttons app/views/projects/ci/builds. !43728 (Andrei Kyrnich @kyrnich)
- Log CarrierWave::IntegrityError without sending exception. !43750 (gaga5lala)
- Update node-sass from 4.12.0 to 4.14.1. !43808 (Takuya Noguchi)
- Replace in-repo SVGs with @gitlab/svgs in Cycle Analytics. !43823 (Takuya Noguchi)
- Add more issue change events to usage ping. !43828
- Limit postgres_indexes to owned schemas. !43834
- Add migration to validate design_management_designs.filename text limit constraint. !43952
- Enable track_unique_visits feature flag by default. !43989
- Update GitLab Workhorse to v8.49.0. !43999
- Rate limit documentation for non-configurable limits. !44003
- Fix spelling of PyPI. !44058 (Peter Bittner (@bittner))
- Apply gl-button class to projects/issues/export_csv directory. !44106 (Lakshit)
- Apply GitLab UI button styles to buttons in app/views/sherlock/file_samples. !44109 (Lakshit)
- Remove temporary index for container scanning findings. !44131
- Update doc links in app. !44134
- Add undo helpers for change_column_type_concurrently and cleanup_concurrent_column_type_change. !44155
- Add darkmode support for merge conflict page. !44168
- Remove jquery tooltip API call from delete environment button. !44191
- Add gl-button class to app/views/projects/deployments. !44203 (Lakshit)
- Update Cycle Analytics with Value Stream Analytics in University. !44244 (Takuya Noguchi)
- Apply GitLab UI button styles to buttons in app/views/invites directory. !44289 (Lakshit)
- Apply GitLab UI button styles to buttons in app/views/admin/jobs directory. !44291 (Lakshit)
- Apply GitLab UI button styles to buttons in app/views/projects/services/mattermost_slash_commands. !44293 (Lakshit)
- Apply GitLab UI button styles to buttons in app/views/projects/commits directory. !44331 (Lakshit)
- Apply GitLab UI button styles to buttons in app/views/shared/wikis directory. !44338 (Lakshit)
- Apply GitLab UI button styles to buttons in app/views/projects/compare directory. !44342 (Lakshit)
- Update buttons to use GitLab button class gl-button. !44361 (Gary Bell @garybell)
- Track issue time tracking events in usage ping. !44404
- Fix Rails/SaveBang offenses for spec files in spec/support/shared_example/*. !44424 (matthewbried)
- Bump mini_magick gem version. !44450
- Replace Font Awesome social icons with GitLab SVGs on user profile page. !44599
- Migrating deprecated buttons to GlButtons for modals that have not yet been migrated to the new GlModal component. !44611
- Add product analytics for group-level integrations. !44726
- Add migration helpers for copying check constraints. !44777
- Fix Rails/SaveBang offenses in spec/uploaders/* and spec/tasks/. !44820 (matthewbried)
- Remove d-md-none/d-sm-none when d-sm-none/d-none exists. !44845 (Takuya Noguchi)
- Remove duplicated BS display properties from Admin DevOps report' HAML. !44846 (Takuya Noguchi)
- Remove duplicated BS display properties from Commit's HAML. !44847 (Takuya Noguchi)
- Remove duplicated BS display properties from Diff's HAML. !44848 (Takuya Noguchi)
- Upgrade gitlab-shell to v13.8.0. !44852
- Bump kubeclient to 4.9.1 which includes ability to integrate Kubernetes clusters where their API url is on a sub-path. !44856
- Remove an outdated comment. !44861 (Robin Dupret)
- Migrate collapsed time tracking tooltip. !44874
- GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875
- Fix Rails/SaveBang offenses in spec/support/*. !44884 (matthewbried)
- Track audit event searches via Snowplow. !44888
- Remove duplicated BS display property from Commit/Snippet's HAML. !44917 (Takuya Noguchi)
- Update the copy in the insert image modal to align with copy guidelines. !44949
- Fix Rails/SaveBang offenses in spec/services/projects/*. !44980 (matthewbried)
- Enable usage_data_api feature flag by default. !45004
- Copy profile route under - scope. !45045
- Replacing vue shared tooltip on calendar icon. !45059
- Remove duplicated BS display properties from Environments. !45167 (Takuya Noguchi)
- Remove duplicated BS display properties from Pipelines. !45171 (Takuya Noguchi)
- Populate blocking issues count. !45176
- Remove duplicated BS display properties from Issuables. !45177 (Takuya Noguchi)
- Migrate auto devops message from bootstrap. !45221
- Update Rouge to v3.24. !45225
- Update GitLab Workhorse to v8.51.0. !45256
- Migrate blocked_by issue links to blocks type by swapping source and target. !45262
- Fix documentation link, spacing, and error handling in alert integrations list. !45304
- Replace tooltip with GLTooltip in epic sidebar datepicker. !45392
- Bump cluster applications CI template. !45472


## 13.4.7 (2020-12-07)

### Security (10 changes)

- Validate zoom links to start with https only. !1055
- Require at least 3 characters when searching for project in the Explore page.
- Do not show emails of users in confirmation page.
- Forbid setting a gitlabUserList strategy to a list from another project.
- Fix mermaid resource consumption in GFM fields.
- Ensure group and project memberships are not leaked via API for users with private profiles.
- GraphQL User: do not expose email if set to private.
- Filter search parameter to prevent data leaks.
- Do not expose starred projects of users with private profile via API.
- Do not show starred & contributed projects of users with private profile.


## 13.4.6 (2020-11-03)

### Fixed (1 change)

- Auto Deploy: fixes issues for fetching other charts from stable repo. !46531

### Other (1 change)

- GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875


## 13.4.5 (2020-11-02)

### Security (9 changes)

- Add CSRF protection to runner pause and resume. !1021
- Do not expose Terraform state record in API.
- Path traversal to RCE via LFS upload.
- Update container_repository_name_regex to prevent catastrophic backtracking.
- Validate nuget package names.
- Prevent private repo from being accessed via internal Kubernetes API.
- Validate each upload param key in multipart.rb.
- Fix XSS vulnerability for job build dependencies.
- Fix unauthorized user is able to access schedule pipeline variables and values.


## 13.4.4 (2020-10-15)

### Fixed (2 changes)

- Fix rollback portion of migration that adds temporary index for container scanning findings. !44593
- Improve merge error when pre-receive hooks fail in fast-forward merge. !44843

### Other (1 change)

- Revert 42465 and 42343: Expanded collapsed diff files. !43361


## 13.4.3 (2020-10-06)

### Fixed (3 changes)

- Exclude 2FA from upload#show routes and 404s. !42784
- use create_wiki method on ensure_wiki_exists in update_service. !42910
- Fix large backups not working with Azure Blob storage. !44233


## 13.4.0 (2020-09-22)

### Security (2 changes, 1 of them is from the community)

- Update lodash to 4.17.20. !41036 (Takuya Noguchi)
- Update GitLab Runner Helm Chart to 0.20.1.

### Removed (6 changes, 1 of them is from the community)

- Remove secret_detection job from vendored SAST CI template. !40028
- Remove Docker-in-Docker mode from Dependency Scanning documentation. !40631
- Removes unused classes on initial Ci::Ref implementation. !41077 (Jacopo Beschi @jacopo-beschi)
- Drop Docker-in-Docker mode for SAST and Dependency Scanning. !41260
- Remove application settings for Snowplow iglu registry url. !41556
- Remove Value Stream Total stage. !42345

### Fixed (160 changes, 41 of them are from the community)

- Conditionally render the packages scopes in deploy token settings. !35334
- Fix advanced filters in log explorer view for gitlab managed applications. !37926
- Fix RegExp for dotenv report artifact. !38562
- Fix composer 404 issues with http auth. !38641
- Update EKS Kubernetes versions. !38644
- Fix skipped status of DAG pipelines. !39205
- Fixes wrong MR pipeline link when FF-merge strategy is used. !39396
- Include also inherited project members in GraphQL API. !39444
- Refactor spec/support/shared_examples/services/* and ee/spec/support/shared_examples/services/* to fix Rails/SaveBang Cop. !39538 (Rajendra Kadam)
- Removes extra spaces on MR/Epic tabs-containers on mobile. !39549 (Takuya Noguchi)
- Milestone Dashboard: Move Gray Type Badge Next to the Milestone Title. !39617 (Kev @KevSlashNull)
- Bug fix GraphQL file uploads accepting non-file input. !39763
- Fix Metrics dashboard embeds when using new URLs. !39876
- Respect original visibility for instrumented methods. !39951
- Take relative_url_path into account when building URLs in snippets. !39960
- Fix non-retrying bridges after retried builds in CI pipelines. !39989
- Support X-Envelope-To header as a location for Service Desk key. !40001
- Fix bug where conan does not properly check package channel when returning file download urls. !40029
- Fix example within file_hooks documentation. !40071 (Roger Meier)
- Fix missing pipeline e-mails when job logs moved to object storage. !40075
- Bump gitlab-shell to v13.7.0. !40132
- Avoid raising errors when moving unpositioned items. !40152
- Refactor ee/spec/support/shared_examples/requests/* and spec/support/shared_examples/requests/* to fix Rails/SaveBang Cop. !40185 (Rajendra Kadam)
- Fix Jira importer user mapping limit. !40310
- Fix design management Archive Selected button label. !40325
- Allow snippet move action without an existing file name. !40343
- Resolve Design comments: Text wrapping behavior. !40359
- Fix incorrect merge request diff file count after deletion. !40384
- Fix the broken CSS on the pipeline graph. !40386
- Fix tracking of frequently visited projects and groups. !40415
- Fix snippets edit not loading JSON values. !40417
- Fix incorrect project path warning after failed project path rename. !40422
- Ensure design comment is highlighted when comment is in URL. !40477
- Fixed merge request review styles not loading in FOSS. !40479
- Resolve Fix Resolved threads popup link and placement. !40489
- Fix create & manage label actions in Labels dropdown. !40511
- Always attempt retry of job trace read when file is missing. !40516
- Fix delete confirm message not displaying trailing spaces. !40549
- Fix reading some merge request diffs. !40598
- Fix snowplow tracking event error for new user invite page. !40628
- Fix file file input top position cutoff. !40634
- allow project bot account to clone through http. !40635 (Philippe Vienne @PhilippeVienne)
- Fix spacing and borders in milestone title and description. !40649
- Don't send SameSite=None to incompatible browsers. !40667
- Remove the expiry on user passwords after a user resets their password. !40712
- Fix fork users cannot create pipelines in a fork project when parent project protects all branches. !40724
- Create IssueLink for Vulnerabilities that do not have them. !40726
- Fix auto-deploy-image external chart dependencies. !40730
- Fix client usage of max line rendering. !40741
- Fix docker file icon. !40785
- Fix GitLab file icon in Firefox. !40786
- Initialise charts when container display property is set. !40787
- Fix ActiveRecord::IrreversibleOrderError during restore from backup. !40789
- Fix the filtered search bar to work in the service desk issue list. !40797
- Validates pypi required_python size to avoid 500 error. !40803
- Fix wrong caching logic in ProcessRefChangesService. !40821
- Allow users with expired passwords to sign out. !40830
- Do not show all public groups in global notification settings page. !40879
- Flag errors from psql when restoring from backups. !40911
- Fix report abuse button in issues and mrs. !40918
- Fix issue causing 'Expand All' button to not work in MR diffs view (Remove `autoExpandCollapsedDiffs` feature flag). !40960
- Fix visibility param for ProjectSnippet REST endpoint. !40966
- Fixed an issue where not all URL query parameters would apply to the filter bar on initial load in the Value Stream Analytics page. !40975
- Make file upload button on MR edit page tab accessible. !40995
- Change merge request updated_at when assignees are changed. !41030 (Patrick Herlihy)
- Fix deadlock in backup repositories rake task. !41042
- Change the warning message on project transfer to another namespace. !41059 (Takuya Noguchi)
- Highlight design discussion if any comment in discussion is linked. !41062
- Update pipeline button SVG to be center aligned. !41066
- Fix Style/SelfAssignment cop. !41079 (Rajendra Kadam)
- Multi-project pipelines in Web IDE lead to 404. !41082
- Fix Layout/ClosingParenthesisIndentation cop. !41084 (Rajendra Kadam)
- Fix Layout/EmptyLinesAroundArguments cop. !41086 (Rajendra Kadam)
- Prevent duplicate system notes and events when an issue is moved. !41087
- MR API: Allow `allow_{collaboration,maintainer_to_push}` to be updated. !41088
- Fix Layout/FirstParameterIndentation cop. !41089
- Fix Layout/RescueEnsureAlignment cop. !41093 (Rajendra Kadam)
- Move Jobs/Deploy/ECS.gitlab-ci.yml to the top level of AutoDevOps template. !41096
- Fix Layout/SpaceBeforeFirstArg cop. !41097 (Rajendra Kadam)
- Fix Lint/NonDeterministicRequireOrder cop. !41098 (Rajendra Kadam)
- Fix Lint/RaiseException cop. !41099 (Rajendra Kadam)
- Fix unfinished merge by Merge Train process. !41106
- Fix Style/RedundantSort cop. !41108 (Rajendra Kadam)
- Fix Style/EmptyLiteral cop. !41110 (Rajendra Kadam)
- Fix RSpec/ItBehavesLike cop. !41111 (Rajendra Kadam)
- Fix Style/MultilineIfModifier cop. !41113 (Rajendra Kadam)
- Fix Lint/UriRegexp cop. !41117 (Rajendra Kadam)
- Fix Style/CommentedKeyword cop. !41119 (Rajendra Kadam)
- Fix todos hover style in dark mode. !41122
- Handle todos api argument error. !41167 (gaga5lala)
- Restore doorkeeper generator to hex due to breaking change. !41169
- Render reference definitions as code blocks. !41186
- Show default message in branch selection if none selected. !41211 (Jonston Chan)
- Fix Style/PerlBackrefs cop. !41246 (Rajendra Kadam)
- Fix Style/SingleLineMethods cop. !41247 (Rajendra Kadam)
- Fix Style/EmptyLambdaParameter cop. !41248 (Rajendra Kadam)
- Fix RSpec/LetBeforeExamples cop. !41250 (Rajendra Kadam)
- Drop one of duplicated limit-container-width classname. !41251 (Takuya Noguchi)
- Fix Style/AccessModifierDeclarations co cop. !41252 (Rajendra Kadam)
- Centerize text on Mark all as done button on To-Do List. !41269 (Takuya Noguchi)
- Fix Rails/SaveBang offenses for spec/serializers/*. !41309 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for spec/services/issues/*. !41312 (Rajendra Kadam)
- Ensure issue creation is not blocked by positioning. !41313
- Propagate ENV variables to codequality template. !41318
- Fix Rails/SaveBang offenses for *spec/models/project_services*. !41320 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for spec/requests/api/pages/*. !41324
- Fix Rails/SaveBang offenses for spec/models/cycle_analytics/*. !41326 (Rajendra Kadam)
- Update the 2FA user update check to account for rounding errors. !41327
- Fix Rails/SaveBang offenses for ee/spec/services/projects/*. !41332 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for ee/spec/lib/gitlab/geo/*. !41338 (Rajendra Kadam)
- Correctly preserve LFS objects in design or wiki repositories. !41352
- Fix Rails/SaveBang offenses for ee/spec/lib/ee/gitlab/background_migration/*. !41357 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for spec/requests/api/*. !41362 (Rajendra Kadam)
- Fixes Auto DevOps deploy script for multiple additional hosts separated by comma and space. !41404
- Only create issues if supposed to for Prometheus alerts. !41468
- Selection Highlight Oversteps Bounds of Actual Selection in Web IDE. !41553
- Resolve NoMethodError: undefined method invite_email. !41587
- Fixed repository browser not working with parentheses in branch name. !41591
- Add incident label for manually created incident issues. !41598
- Resolve Static Site Editor Flattens Mixed Lists. !41599
- NotificationsController - Handle mising parent notificationsetting. !41612
- Fail API Fuzzing CI/CD job when scanner errors. !41616
- Fix MR diff file counts for some historic data. !41676
- Fix always visible sidebar TODO button spinner. !41677
- Fixed image comments not showing on the changes tab. !41683
- Resolve design discussion bug where a comment is added twice. !41687
- Remove height limit on environments table. !41688
- Refuse to perform an LFS clean on projects that are fork roots. !41703
- Exclude tmp dirs from backups. !41706
- Fix padding on CI settings tables in mobile version. !41728
- Fixed note having wrong author after deleting. !41747
- Remove excess space above milestone titles. !41749
- Fix merge request chat messages for adding and removing approvals. !41775
- Use 'read' method to get request body in Conan to fix uploads when using Unicorn. !41801
- Improve design management not available message. !41818 (Ben Bodenmiller @bbodenmiller)
- Fix the tier of environment alerts feature. !41855
- Prevent merge requests from triggering coverage fuzzing jobs. !41906
- Fix upstream pipeline status when strategy dependent. !41930
- Remove virtual scroll list from pipeline test report. !41935
- Resolve Fix validation on External Wiki service template form. !41964
- Fix button color for merge request settings. !42052 (Mikhail Snetkov)
- Use the correct start time when polling for updated notes. !42124
- Fix max seats used not updated in billing summary. !42184
- Fix error when third level trigger pipeline. !42192
- Merge Requests are not blocked when their pipelines are waiting for manual actions unless 'Pipeline must succeed' is checked in the settings. !42207
- Stop applying Ctrl keyboard shortcuts inside Markdown editors on Mac. !42239
- Stop applying Ctrl+P shortcut on MR page on Mac. !42240
- Make SSH keys publicly accessible. !42288
- Fix incident list by restricting query on FOSS. !42301
- Do not add admins as owners to project authorizations during project creation. !42335
- Do not raise error when a member is not found by invite token. !42349
- Fix exception when saving Jira integration info for an instance. !42361
- Fix text overflow events issue name. !42370
- Fix error reporting for Web IDE commits. !42383
- Does not update repository statistics when running housekeeping and repository cleanup on a read-only instance. !42409
- Remove an extra spacing from Dashboard Issues. !42459 (Takuya Noguchi)
- Simplify StartupCSS JS Helper and fix autosize issues under StartupCSS. !42462
- Fix daemon memory killer jobs hash thread safety issue. !42468
- Resolve Design comments do not render the blockquotes correctly. !42498
- Resolve On design discussion note, icons are misaligned. !42672

### Deprecated (1 change)

- Remove pipeline_id column from requirements_test_reports. !38924

### Changed (153 changes, 30 of them are from the community)

- Add Service Templates deprecation warning banner. !25587
- Highlight un-focused/un-viewed file's in file tree. !27937
- Support JWT params set by Workhorse during uploads. !33277
- Add timeout support in the delete tags service for the GitLab Registry. !36319
- Store deployment_type of Jira server in jira_tracker_data table. !37003
- Split "Test settings" and "Save changes" to separate buttons. !37413
- Add spacing to design management toolbar buttons. !38889 (George Tsiolis)
- Migrate environments pin button. !38891 (George Tsiolis)
- Replace fa-tag(s) icons with GitLab SVG icons. !38979
- Re-order diff unfold buttons so that “show more lines above” appears first. !39060
- Replace fa-user(s) icons with GitLab SVG user(s) icon. !39165
- Update order of the Header Metadata in Package details. !39585
- Change active toggle on integration settings page to checkbox. !39586
- Group pipeline warnings and make them collapsible. !39634
- Adjust format for JUnit report duration times. !39644
- Use pointer:crosshair when hovering on the design view. !39671
- Update Prometheus helm chart version to 10.4.1. !39681
- Update GlDeprecatedButton with GlButton in deployment_action_button. !39700
- Add Alert Id to Alert list view. !39706
- Resolve Combine the Overview and Alert Detail sections. !39714
- Tweak file-by-file display and add file current/total display. !39719
- Replace fa-circle icon instances with GitLab SVG check icon. !39745
- Migration of old icon button to component button in Approval Rules (private groups). !39769
- Move related issues to core. !39779
- Change show more button to be a table row so to remove manual CSS styling. !39788
- Improve empty state for Cohorts to match DevOps Score. !39828
- Remove time tracking from incidents sidebar. !39837
- Add smtp_server to usage ping data. !39844
- Replace fa-download icon with GitLab SVG download icon. !39849
- Replace fa-caret-down with SVG icon in MR widget. !39852
- Remove redirection when snippet has a binary blob. !39858
- Search UI Allow issue scope results filtering by state. !39881
- Use dropdown for embed in snippets. !39885
- Update Managed Cluster Applications to v0.29.0, including WAF for ingress, a smaller CI template, and version updates to a few applications. !39890
- Add Flash spacing on merge request show page. !39903
- Rename DevOps Score to DevOps Report. !39953
- Prevent MRs to be dropped from Merge Trains for open discussions. !39957
- Change icon for branch delete button. !39968
- Replace Unicode Characters with ASCII Equivalent in New Project Slug. !39971 (Kev @KevSlashNull)
- Prevent form submission in search boxes on New Release and Edit Release pages. !40011
- Move package usage ping data to core. !40032
- Hide projects that are pending delete from the project index. !40035
- Bump swagger-ui-dist. !40077 (Roger Meier)
- Truncate job title on log page. !40107
- Add the unique search visits data to the usage ping. !40134
- Increase default page size for Alert and Incident management to 20 from 10. !40139
- Disallow awarding emojis to locked Issuables for users that are not member of the project. !40150
- Add 'kind' to differentiate between NetworkPolicy and CiliumNetworkPolicy Kubernetes network manifests. !40165
- Adjust badge key text and width limits. !40199 (Fabian Schneider @fabsrc)
- Improve click surface area of toggle buttons. !40231
- Track edit by editor action for Usage Ping. !40232
- Track unique web ide edit action for usage ping. !40246
- Replace fa-bugs icons with GitLab SVG bug icon. !40273
- Add Alert Management assignee avatar for list and details view. !40275
- Track snippet editor actions. !40277
- Moved Cluster Connect Form to Vue. !40295
- Update issue edit buttons. !40298
- Add filter to exclude non internal users in REST API. !40372
- Include draft merge request into filter response. !40376
- Update gitlab-puma to 4.3.5-gitlab-3. !40389
- Automatically create self monitoring project on new GitLab installations. !40404
- Update default plan limits for maximum package file sizes. !40410
- Re-name Analytics Workspace as instance-level analytics. !40436
- Update issue edit button to gl-button. !40438
- Migrating to gl-button in Environments table. !40444
- Bump marginalia gem version to 1.9.0. !40481
- Move Jira Development Panel integration to Core. !40485
- Update commit toggle description button to gl-button. !40524
- Render markdown attribute definitions as tooltips. !40541
- Bump doorkeeper to 5.1.1. !40546
- Replace fa-trash icons with GitLab SVG remove icon. !40579
- Replace fa-search-* icons with GitLab SVG icons. !40580
- Migrate DevOps Score empty state into Vue component. !40595
- Remove auto close incident feature flag. !40612
- Change invalid Snippet params status code from 403 to 422. !40619
- Migrating setup policy button in registry settings. !40668
- Replace notification icons with Gitlab SVGs. !40709
- Sort TestCase data by status and execution_time. !40722
- Remove file_name and content in snippet mutations. !40727
- GraphQL: Updates PipelineCancel mutation. !40764
- Retrieve security dashboard URL used on Project Severity status report from backend. !40801 (Kev @KevSlashNull)
- Track SFE actions in BlobController. !40846
- Replace fa-exclamation-circle and fa-lightbulb-o with GitLab SVG icons. !40857
- Remove frontend unit test report test case sorting. !40885
- Bump doorkeeper to 5.3.0. !40929
- Add IDE edit actions to Usage Data. !40939
- Show keep button for locked artifacts. !40962
- Add type selector dropdown to new issue form. !40981
- Global Search - Redesign Issue Results Title. !41016
- Increase Pypi required_version limit to 255. !41018
- Replace bootstrap alerts in ee/app/views/groups/push_rules/edit.html.haml. !41069 (Jacopo Beschi @jacopo-beschi)
- Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/services/prometheus'. !41126 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/views/shared/issuable'. !41132 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/find_file'. !41134 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/gpg_badges.js'. !41136 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/notes/components/note_header.vue'. !41140 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/vue_merge_request_widget/components/deployment/memory_usage.vue'. !41142 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/blob/file_template_selector.js'. !41146 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/assets/javascripts/ajax_loading_spinner.js'. !41147 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/tree'. !41148 (Gilang Gumilar)
- Change logic behind new issues highlight. !41150
- Migrate '.fa-spinner' to '.spinner' for 'app/views/projects/imports'. !41151 (Gilang Gumilar)
- Migrate '.fa-spinner' to '.spinner' for 'app/views/imports'. !41153 (Gilang Gumilar)
- Replace fa-arrow-* with GitLab SVG icons. !41158
- Remove expired_pat_email_notification feature flag. !41166
- Display provider name for profile social sign-in connectors. !41198
- Adjust the Package Registry breadcrumb to match navigation. !41264
- Replace bootstrap alerts in app/views/projects/forks/error.html.haml. !41292 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/projects/blob/edit.html.haml. !41298 (Gilang Gumilar)
- Add confirmation dialog when importing multiple projects. !41306
- Replace bootstrap alerts in app/views/shared/_project_limit.html.haml. !41335 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/projects/_deletion_failed.html.haml. !41344 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/shared/_group_form.html.haml. !41348 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/projects/pages/_access.html.haml. !41360 (Gilang Gumilar)
- Update Secret-Detection template to use commits file. !41364
- Change 2FA to verify password hash instead of timestamp. !41366
- Replace bootstrap alerts in app/views/admin/groups/_form.html.haml. !41375 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/profiles/two_factor_auths/create.html.haml. !41383 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/profiles/two_factor_auths/show.html.haml. !41388 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/shared/issuable/_form.html.haml. !41390 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/shared/_no_password.html.haml. !41397 (Gilang Gumilar)
- Replace bootstrap alerts in app/views/projects/merge_requests/_mr_title.html.haml. !41399 (Gilang Gumilar)
- Remove pipeline warnings from pipeline view. !41419
- Package Registry: Adjust the max width for non-fluid screens to be 990. !41549
- Add help text to incident type select on new issue form. !41567
- Corrected some spelling mistakes in the project deletion confirmation modal. !41576
- Add ability to update only Snippet descriptions via REST endpoint. !41581
- Place older issues before more recent ones. !41602
- Change name of GitLab Instance Administrators group to GitLab Instance. !41684
- Replace fa-info-circle icons with GitLab SVG information-o icon. !41721
- Improve support for description field on CiliumNetworkPolicy. !41722
- Replace fa-trash-o icons with GitLab SVG remove icon. !41748
- Remove designs from incidents. !41757
- Introduce infinite scrolling to importers. !41789
- Remove email confirmation field on signup form. !41813
- Replaced ACE with Editor Lite on CI linting view. !41895
- Replace fa-question-circle icons with GitLab SVG question-o icon. !41970
- Migrate MR Deployment Widget to GlDropdown. !42004
- Filter the values for deployment platform metrics. !42116
- Present complete alert payload in detail and incident views. !42140
- Update template warning padding on New Issue form. !42154
- Updated gitlab:usage_data:dump_sql_in_yaml rake task with redis usage. !42189
- Update visual styling of container registry metadata. !42202
- Direct support for HTTP basic authentication in API Fuzzing. !42266
- Disable Sidekiq Exporter logs by default. !42267
- Hashed Storage: forced automatic migration of legacy projects via background jobs. !42313
- Add Missing slash in 'Registry setup' section of npm packages. !42360
- Remove job logs from notification e-mails. !42395
- Refactored snippets edit form to Vue. !42412
- Store object counts periodically for instance statistics. !42433
- Increase widget polling for closed and merged merge requests. !42458
- Remove successful signup flash message. !42512
- Update conan remote instructions snippet to show project-level remote. !42526

### Performance (37 changes, 5 of them are from the community)

- Improve group search users scope performance. !38701
- Optimize counts.terraform_reports usage ping counter. !39499
- Fix slow group loading on forking page. !39640
- GlButton migrations for pipeline security tab. !39651
- Optimize markdown rendering in search results. !39833
- Make highlighting limits stricter. !39934
- Increase poll interval for merged MRs widget. !39961
- Reduce MergeRequest::RefreshService loops. !40135
- Improve performance of Gitlab::BacktraceCleaner. !40180
- Improve performance of Rails backtrace cleaner configuration. !40182
- Defer (certain) parts of setting up snowplow telemetry. !40299
- Reduce storage requirements for keeping track of pre-logged-in sessions. !40336
- Increase performance of rendering large amounts of markdown data. !40448
- Replace fa-times with GitLab SVG close icon in dropdowns. !40585
- Replace fa-times with GitLab SVG close icon in promotions. !40586
- Replace fa-times with GitLab SVG close icon in forms. !40587
- Reduce Redis usage when viewing repositories with lots of branches and tags. !40615
- Preload projects to prevent N+1 when populating project name. !40769
- Fix package API query performance when pipelines and multiple versions are present. !40770
- Apply GZip compression to discussion diffs. !40778
- Improve Productivity Analytics and Merge Request Analytics database queries. !40838
- Replace LoadingButton with GlButton for the comment dismissal modal. !40882
- Jdb/refactor inline diff table row. !40906
- Remove the async pages feature flags. !40980
- Graphql Issues - Fix N+1 for Assignees. !41233
- Clean up stale merge request HEAD ref. !41555
- Remove stale merge refs. !41572
- Jdb/refactor parallel diff table row. !41606
- Updates CiPlatformMetrics to do bulk insertions. !41617
- Verify only 1mb of existing LFS object to improve LfsDownloadService performance. !41770
- Drop one of duplicated classname from Project. !41830 (Takuya Noguchi)
- Drop one of duplicated classname from Projects. !41831 (Takuya Noguchi)
- Drop one of duplicated classname from Serverless Function. !41832 (Takuya Noguchi)
- Drop one of duplicated classname from Serverless Functions. !41833 (Takuya Noguchi)
- Pass project ID to issue placement worker. !42091
- Enable coverage_report_view feature flag by default. !42094 (fh1ch)
- Update MR index to include id. !42222

### Added (135 changes, 12 of them are from the community)

- WebAuthn support (behind feature flag). !26692 (Jan Beckmann)
- Add ignore_skipped option for pipeline status badge. !28288 (Fabian Schneider @fabsrc)
- Geo: Add migrations for registry and details tables for external MR diff replication. !34248
- Display Merge Request's source branch name in sidebar. !34901 (Ethan Reesor (@firelizzard))
- Add validation to pypi package version. !35080 (Bola Ahmed Buari)
- Add ability to get an Issue using GraphQL and REST API. !35176
- Add versioning support to Terraform state backend. !35211
- Show expired milestones at the bottom of the list within dropdown. !36562
- Added EWM work item tracker integration. !36662
- Add user mapping by username when importing projects for Bitbucket Server importer. !36885
- Surround selected text in markdown fields on certain key presses. !37151
- Add json api endpoint that provides CI linting. !37344
- Include max artifact size in authorize response. !37632
- Add link to compare changes intoduced by a git submodule update. !37740 (Daniel Seemer @Phaiax)
- Add note to graphql timelog_type. !37748 (Lee Tickett)
- Add Gitpod integration. !37985 (Cornelius Ludmann @corneliusludmann)
- Geo: Added DB tables for snippets replication. !38688
- Add similarity sorting for projects for GraphQL API. !38916
- Automatically add AJAX API requests to the performance bar. !39069
- Send notification when merge request is set to merge when pipeline succeeds. !39297 (Ravishankar Gnanaprakasam)
- Expose group memberships under group via GraphQL. !39331
- Add alert when editing .gitlab-ci.yml. !39508
- Allow Conan packages to be scoped to project-level. !39541
- Add the artifact expiration help url. !39546 (Gilang Gumilar)
- Send email notification on disabling 2FA. !39572
- Add package file size limits to plan limits. !39633
- Add AuthenticationEvent to store sign-in events. !39652
- Add virtual actions tracker for Usage Ping. !39694
- GraphQL: Pipeline mutations for retry, cancel, and destroy. !39780
- Add ability to associate Environment with Alert with gitlab_environment_name payload key. !39785
- Add Conan lock file support to Dependency Scanning. !39811
- Add Summary tab for incident issues. !39822
- Incident severity widget. !39859
- Add dedicated SAST and DS CI image variables. !39875
- Add index for expire_at to ci_pipeline_artifacts. !39882
- Adds auto_close_incident column to project_incident_management_settings. !39980
- Adds CI Platform Metrics bookkeeping model. !40036
- Adds package count to usage data. !40039
- Add `/` as keyboard shortcut for search. !40057
- Add new "generic" package type. !40061
- Surface incident severity and icon in the Incident List table. !40112
- Add background worker to rebalance issues. !40124
- Add a system note on Alert creation. !40128
- Add usage pings for project import using various importers (GitLab, Bitbucket, Gitea, GitHub and more). !40130
- Sync LFS objects when push mirroring. !40137
- Add MergeRequest sort options to GraphQL API. !40138
- Add total count to GraphQL release data. !40147
- Add Atlassian Identity to store identity/credentials. !40176
- Add OmniAuth sign-in via Atlassian Cloud. !40178
- Add alert to Issue type in GraphQL. !40214
- Add usage ping and index for DAST On-Demand Scans. !40219
- Filter Merge Requests by author, assignee and milestone in GraphQL. !40265
- Add IssuableSeverity to store Incident severity level. !40272
- Paginate profile group notifications. !40326
- Add keyboard shortcuts for bold, italic, and link in markdown editors. !40328
- Password changed emails must specify that password was changed by admin. !40342
- Add merge_request_reviewers table. !40358
- Add table for storing user settings for board epic swimlanes. !40360
- Wrap dashboards dropdown items text. !40367
- Create `security_findings` table. !40368
- Add issue importers usage pings (FogBugz, Phabricator, Jira). !40382
- Add CI_COMMIT_TIMESTAMP CI variable. !40388 (Nasko Vasilev)
- Add admin UI for adjusting package file size limits. !40423
- Add pipeline_artifacts_size to root_storage_statistics. !40425
- Adds monthly package data to usage ping. !40452
- Show the comment authored time in comment search results. !40472
- Add incident management analytics events. !40475
- Make cloud native build logs more resilient. !40506
- Return builds with coverage in MR widget JSON response. !40533
- Expose the todos of the current user on relevant objects in GraphQL. !40555
- Save pages build artifact id in pages metadata. !40592
- Add issue filters when listing board issues in GraphQL. !40602
- Create table for storing Instance Statistics object counts. !40605
- Improve ability to navigate to child pipelines. !40650
- Support custom Azure Blob Storage domains. !40694
- Add toml and json front matter language support to Static Site Editor's WYSIWYG mode. !40718
- Add a warning when any diff files are collapsed. !40752
- Track downloads of group code coverage CSV in snowplow. !40754
- GraphQL: Add retryable and cancelable to PipelineType. !40780
- Format Conan package manager in Dependency List. !40811
- Allows to update incident severity via GraphQL. !40869
- Expose Instance Statistics measurements (object counts) via GraphQL. !40871
- Add job token authentication for the GitLab PyPI package repository. !40888
- Upgrade pages to v1.23.0. !40915
- Add GFM reference format for alerts. !40922
- Destroy issue board via GraphQL. !40930
- Exposes Incident's severity via GraphQL. !40945
- Expose a list of projects starred by the user to GraphQL API. !41076 (Pavel Kuznetsov)
- Parallel matrix jobs show relevant variables in job name. !41080
- Rake task to generate raw SQLs for usage ping. !41091
- Make the auto_link_user OmniAuth setting configurable by provider. !41133
- Add release direct asset link info to GraphQL endpoint. !41170
- Add "upcomingRelease" field to GraphQL endpoint. !41183
- Show multiple jobs contributing to code coverage. !41217
- Add update issue by id in vuex for boards. !41226
- Record package creator. !41258
- Make bridge/child pipelines clickable. !41263
- Optimise index on audit events for CSV export. !41266
- Search UI - Implement Merge Request scope results filter by state. !41282
- Migrate live traces before updating build state. !41304
- Export ActionCable metrics to Prometheus. !41358
- Display merged commit sha in fast-forward merge mode. !41369 (Mycroft Kang @TaehyeokKang)
- Add admin setting of Elasticsearch client request timeout. !41470
- Add support for environment_url.txt to API Fuzzing. !41523
- Check if usage ping enabled for all tracking using Redis HLL. !41562
- Introduce build states table / model / migration. !41585
- Add bottom spacing to static site editor UI to align with overall UI spacing. !41596
- Migration to cleanup after partitioned audit_events backfill. !41605
- DAST Site validation - Model Layer. !41639
- Automatically resolve alert when receiving end time. !41648
- Show welcome page after sign up. !41662
- Incident highlight bar widget. !41702
- Enable unique search users usage ping HLL metric by default. !41739
- New ActionCable Prometheus metrics added. !41771
- Upgrade GitLab Pages to 1.24.0. !41782
- Add pages_deployments table. !41785
- Surface alert details in a tab on incidents. !41850
- Add forum link to help menu. !41858
- Add namespace ID to user pages in the admin area. !41877
- Track projects using code intelligence. !41881
- Add a front matter editing UI in WYSIWYG mode of the Static Site Editor. !41920
- Add issues and merge_requests filtering by state for search API. !41989
- Log authentication events alongside existing audit events. !42033
- Validate not null external_diff_store field on merge_request_diffs to maintain data integrity. !42045
- Create and resolve To-Dos for designs. !42059
- Set incident severity when it is created from an alert. !42072
- Make Pipeline ID's always a link for downstream/upstream pipelines. !42107
- Create placeholder model for Vulnerability to reserve + as a reference prefix. !42147
- Add `deduplicated` column to `security_findings` table along with the compound index on `scan_id` and `deduplicated` and remove the index on `scan_id`. !42270
- Autocomplete recently viewed issues in the global search bar. !42302
- Upgrade GitLab Pages to 1.25.0. !42350
- Query projects by ids with GraphQL. !42372
- Database changes to support terraform state version replicaiton. !42492
- Add autocomplete search suggestions for recent merge requests. !42560
- Implement allowing child pipeline to have child pipeline. !42580

### Other (116 changes, 60 of them are from the community)

- Migrate .fa-spinner to .spinner for app/views/projects/blob/viewers. !25046 (nuwe1)
- Replace issue-created icon with issues icon. !26409
- Remove skip_hased_storage_upgrade feature flag. !29364 (Lee Tickett)
- Add indexes to `label_links` database table. !34503
- Add first OpenAPI specification file. !35868 (winniehell)
- Replace deprecated button with new button. !38940
- Stricter default timeouts for outgoing HTTP requests. !39188
- Update dependency vuex to ^3.5.1. !39201
- Add the Query Apdex Prometheus metric to usage ping. !39256
- Update spec to glbutton. !39311
- Update prismjs from 1.6.0 to 1.21.0. !39593 (Takuya Noguchi)
- Reinstate 60s timeout in Cluster Prometheus. !39595
- Create a POC for 'immer' library. !39738
- Remove default column from services table. !39817
- Implement JSON response for project/pipelines create. !39839
- Syncronize use of maximize and minimize icons in order to deprecate duplicates with different names. !39889
- Add emails user_id foreign key with cascade delete. !39899
- Update GitLab Runner Helm Chart to 0.20.0. !39933
- Add temporary index for container scanning findings. !39962
- Replace some fa-trash icons with GitLab SVG remove icon. !39991
- Replacing deprecated buttons and loading buttons with new buttons. !40163
- Migrate Bootstrap button to GitLab UI GlButton in mr_widget_failed_to_merge. !40170
- Remove unused users.bio database column. !40269
- Remove milestone and iteration feature from Incidents sidebar. !40283
- Drop code_owner column from approval_merge_request_rules. !40322
- Add merge request usage to usage data. !40391
- Migrating buttons and classes to match GitLab UI. !40409
- Display informative messages when service desk is unsupported. !40454
- Add seats related columns for easier data analysis. !40470
- Remove keep latest artifact feature flags. !40478
- Add index on merge_request_id to approval_merge_request_rules. !40556
- Add kubernetes_agents usage metric. !40559
- Adds creator_id field to packages_packages table. !40562
- Add usage ping for distinct count for kubernetes agents for at least one token. !40563
- Add kubernetes_agent_gitops_sync usage ping metric. !40568
- Refactor ee/spec/support/shared_examples/models/* and spec/support/shared_examples/models/* to fix Rails/SaveBang Cop. !40695 (Rajendra Kadam)
- Change Vulnerabilities Count Data Retention to 1 year. !40766
- Add warning to stop Puma and Sidekiq when restoring from backup. !40791
- Add --if-exists to pg_dump command-line in backup creation. !40792
- Migrate remove description history button to new button. !40806
- Add NOT NULL constraint to merge_request_metrics.target_project_id. !40836
- Update empty state behavior for incidents list. !40872
- Remove attempt_group_search_optimizations feature flag. !40881 (gaga5lala)
- Add Issue actions to UsageData. !40904
- Hide the latest version of templates from the template selector. !40937
- Add target_id column to audit_events table. !40954
- Update Workhorse to v8.44.0. !40970
- Internal API for GitLab Kubernetes agent. !41045
- Use applogger in app/workers/*. !41046 (Rajendra Kadam)
- Use applogger in config/initializers/*. !41047 (Rajendra Kadam)
- Use applogger in ee/app/models, helpers and workers. !41048 (Rajendra Kadam)
- Use applogger in group.rb, access.rb and repo update mirror worker. !41049 (Rajendra Kadam)
- Use applogger in some files of lib/gitlab/ldap/sync/*. !41051 (Rajendra Kadam)
- Use applogger in lib/gitlab/. !41052 (Rajendra Kadam)
- Use applogger in spec/lib/ee/gitlab/. !41053 (Rajendra Kadam)
- Use applogger. !41055 (Rajendra Kadam)
- Use applogger in some files of ee/lib/* and spec files. !41056 (Rajendra Kadam)
- Use applogger in some files in lib/gitlab. !41058 (Rajendra Kadam)
- Use applogger in some files of auth/ldap dir. !41061 (Rajendra Kadam)
- Use applogger in lib/gitlab. !41063 (Rajendra Kadam)
- Use applogger in lib/gitlab/database. !41068 (Rajendra Kadam)
- Use applogger in lib/gitlab/. !41071 (Rajendra Kadam)
- Use applogger in lib/gitlab/. !41075 (Rajendra Kadam)
- Replace v-html with v-safe-html in delete_project_modal.vue. !41130 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in fork_groups_list_item.vue. !41143 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in list.vue. !41145 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in popover.vue. !41197 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in suggestions.vue. !41200 (Kev @KevSlashNull)
- Replace v-html with GlSprintf in memory_usage.vue. !41204 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in parallel_diff_table_row.vue. !41206 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in registry_breadcrumb.vue. !41207 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in note_signed_out_widget_spec.js. !41219 (Kev @KevSlashNull)
- Externalize i18n strings from app/views/shared/web_hooks/_form.html.haml. !41234 (Takuya Noguchi)
- Externalize i18n strings from snippets/_header HAML. !41235 (Takuya Noguchi)
- Externalize i18n strings from app/views/shared/runners/show.html.haml. !41241 (Takuya Noguchi)
- Widen TODO list only on mobile to be mobile-friendly. !41244 (Takuya Noguchi)
- Widen issuable list only on mobile to be mobile-friendly. !41249 (Takuya Noguchi)
- Use GitLab AppLogger. !41261 (Rajendra Kadam)
- Add index to resource_iteration_events for add actions. !41280
- Use GitLab AppLogger. !41290 (Rajendra Kadam)
- Update Workhorse to v8.45.0. !41293
- Use GitLab AppLogger in files in lib/gitlab/*. !41302 (Rajendra Kadam)
- Replace v-html to v-safe-html directive. !41305 (Kazuya Kojima)
- Fix Rails/SaveBang offenses for */spec/services/merge_requests/*. !41315 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for */spec/services/ci/*. !41317 (Rajendra Kadam)
- Adds an alert handler for bootstrap migration. !41323
- Replace v-html with v-safe-html in delete_user_modal.vue. !41328 (Kev @KevSlashNull)
- Fix Rails/SaveBang offenses for */spec/models/ci/*. !41329 (Rajendra Kadam)
- Replace v-html with v-safe-html in description.vue. !41336 (Kev @KevSlashNull)
- Internationalize Admin Abuse Report. !41355 (suzu-1990)
- Internationalize Admin users new. !41367 (Takuya Noguchi)
- Externalize i18n strings from admin dashboard. !41387 (Takuya Noguchi)
- Fix Rails/SaveBang offenses for 3 files. !41392 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for 3 files. !41394 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for 3 files. !41395 (Rajendra Kadam)
- Fix Rails/SaveBang offenses for 3 files. !41398 (Rajendra Kadam)
- Replace GlDeprecatedDropdownDivider with GlDropdown in app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/author_token.vue. !41432 (nuwe1)
- Replace v-html with the gl-icon component in time_ago.vue. !41457 (Kev @KevSlashNull)
- Replace v-html with v-safe-html in no_changes.vue. !41471 (Kev @KevSlashNull)
- Rename job trace to job logs in IDE code. !41522 (Kev @KevSlashNull)
- Remove attempt_project_search_optimizations feature flag. !41550 (gaga5lala)
- Update gems to use Faraday v1.0.1. !41623
- Ensure namespace settings are backfilled via migration. !41679
- Update design discussions to use GitLab UI components. !41686
- Convert spec_helper to fast_spec_helper. !41755 (gaga5lala)
- Migrate Bootstrap button for environment_actions. !41844
- Make Daemon Memory Killer be the default for Sidekiq. !41847
- Refactor relative positioning to enable better testing. !41967
- Lighten header counter badge colors to be more vibrant. !42002
- Remove duplicated container scanning findings. !42041
- Remove .pkgr.yml as not used for 4 years. !42156 (tnir)
- Update deprecated software versions to the latest. !42158 (tnir)
- Upgrade vendored Dockerfile template to buster. !42169 (Takuya Noguchi)
- Add instance statistics visits to usage data. !42211
- Modify DevOps Score UI Text. !42256
- Expand the visible highlight for collapsed diffs (re: !41393). !42343


## 13.3.9 (2020-11-02)

### Security (9 changes)

- Add CSRF protection to runner pause and resume. !1021
- Do not expose Terraform state record in API.
- Path traversal to RCE via LFS upload.
- Update container_repository_name_regex to prevent catastrophic backtracking.
- Validate nuget package names.
- Prevent private repo from being accessed via internal Kubernetes API.
- Validate each upload param key in multipart.rb.
- Fix XSS vulnerability for job build dependencies.
- Fix unauthorized user is able to access schedule pipeline variables and values.


## 13.3.8 (2020-10-21)

### Fixed (2 changes)

- Make SSH keys publicly accessible. !42288
- Revert required encryption on CI runner tokens. !42623

### Added (1 change)

- Add missing fontawesome file icon classes. !43091

### Other (1 change)

- GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875


## 13.3.4 (2020-09-02)

### Security (1 change)

- Protect OAuth endpoints from brute force/password stuffing.


## 13.3.3 (2020-09-02)

### Security (23 changes, 1 of them is from the community)

- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.19.3.


## 13.3.2 (2020-08-28)

### Removed (1 change)

- Display upcoming database deprecation warning only if current database version minimum is not met. !38225

### Fixed (5 changes)

- Fix race condition in concurrent backups. !39894
- Prevent accidental group deletion if path rename fails. !40353
- Fix snippet save button disabled with empty file path. !40412
- Fix exception handling when a concurrent backup fails. !40451
- Scope incident issue counts by given project or group. !40700


## 13.3.1 (2020-08-25)

### Fixed (2 changes)

- Fix bug when promoting an Issue with attachments to an Epic. !39654
- Avoid creating diff position when line-code is nil. !40089


## 13.3.0 (2020-08-22)

### Security (2 changes)

- Improve path traversal validation checks. !33114
- Update GitLab Runner Helm Chart to 0.19.2.

### Removed (3 changes)

- Remove Internet Explorer 11 from babel transpilation. !36840
- Remove namespace storage limit setting. !38108
- Geo: Drop tables related to vulnerability export replication. !38299

### Fixed (116 changes, 14 of them are from the community)

- Fix filter by releases at group issues and merge requests search bar. !26740 (Gilang Gumilar)
- Disable commenting on lines in files that were or are symlinks or replace or are replaced by symlinks. !35371
- Fix icon alignment on board cards. !35710 (carolcarvalhosa)
- Make Add metrics button visible on self monitoring dashboard. !36169
- Keep large spinner while MR file tree is loading. !36446
- Bug Fix: Child pipelines are not found by API endpoints. !36494
- Show relevant error messages when failing to match a CI job entry. !36536
- Don’t show close icon on flash warning. !36581
- Updates to file table in package details UI. !36723 (Adam Alvis (@adamalvis))
- Add graceful timeout handling for analytics. !36811
- Resolve Pasting an image into a comment also uploads design. !37171
- Fix release evidence sometimes not being collected. !37184
- Fix editing note throws js error. !37216
- Fix merge request approvals for EE without a license. !37246
- Fixed ops settings titles. !37259
- Refactor all factories to fix SaveBang Cop. !37268 (Rajendra Kadam)
- Resolve Anchor tags to Designs is not working. !37307
- Fix content validation for existing wiki pages. !37310
- Alert management list spacing. !37320
- Fix issue with blank keyset pagination parameters. !37351
- Remove dashed border on designs hover. !37375
- Fix CSV downloads for multiple series in the same chart. !37377
- Fix Pypi and Nuget Storage Statistics. !37386
- Display files in tab counter same as diff stats. !37390
- Fix vertical alignment of design management toolbar buttons. !37398
- Allow LFS to be enabled in project settings even when Repository is disabled. !37401
- Update closed MRs on push. !37414
- Remove old export file when requesting new project export using API. !37427
- Refactor spec/helpers and ee/spec/helpers to fix SaveBang Cop. !37446 (Rajendra Kadam)
- Fix ambiguous query error when filtering for Any milestone in Value Stream Analytics. !37451
- Ensure User's preferred_language always has a value. !37464
- Wiki controller should not crash with non-html format. !37466
- Fix local Tiller not being default-enabled on the frontend. !37494
- Fix sizing of pins for new design comments. !37541
- Remove status dropdown in merged tab. !37544
- Resolve UX Polish: Fix icon styles. !37546
- UX Polish: Remove the header Designs on empty state. !37548
- Fix creating release asset links when using the API. !37557
- UX Polish: Update top right Upload button from Green to Grey. !37558
- Fix bio container width on profile page. !37572
- Fix bug in group runners filtered search. !37626 (Arthur de Lapertosa Lisboa)
- Move partitioning backfill migration to post-deployment. !37633
- Fix missing path for avatars of bots. !37671
- Fix merge ref head comments for removed lines. !37755
- Query Jira projects by key or name and return all Jira projects in one query. !37799
- Make file icons extension detection be case-insensitive. !37817
- Allow anonymous users to view embedded Grafana metrics in public project. !37844
- Fix dependency proxy not working with object storage. !37878
- Fix review app links are not shown in MR widgets in public projects. !37923
- Fix dark mode container registry text. !37940
- Refactor spec/policies and ee/spec/policies to fix SaveBang Cop. !37956 (Rajendra Kadam)
- Static Site Editor: Fix ordered list formatting bug and rendering bug in strong and emphasis nodes with softbreaks. !37964
- Fix overflow issues with monaco file editor. !37984
- Fix error when blob has no auxiliary viewer. !38018
- Fix HTML not rendering in last commit widget. !38047
- Fix 500 error when unconfirmed OAuth2 user with 2FA logs in. !38104
- Fix console errors due to monaco-yaml's outdated use of monaco.Promise. !38135
- Refactor spec/finders and ee/spec/finders to fix SaveBang Cop. !38173 (Rajendra Kadam)
- Align activity dropdown height with other dropdowns. !38208
- Fix 500 for pipeline charts page. !38226
- Resolve Pasting an image into a comment still uploades a design. !38280
- Refactor ee/spec/features/* to fix SaveBang Cop. !38289 (Rajendra Kadam)
- Add workaround for Chrome 84 SVG bug. !38304
- Fix a Gradle bug where a package without a version would be created and thus not displayed on the UI. !38338
- Fixes the history button link URL being encoded incorrectly. !38392
- Refactor spec/workers/* to fix SaveBang Cop. !38399 (Rajendra Kadam)
- Use Gitaly protobuf version as DiffStats cache key. !38414
- Fix highlight commented rows. !38420
- Fix vertical alignment of some svg icons. !38550
- Fix Incident and Alert mobile CSS and alignment. !38577
- Refactor spec/features/merge_requests/* to fix Rails/SaveBang Cop. !38591 (Rajendra Kadam)
- Add transparent background to remove button in tree item list. !38597
- Update password change sign-in banner text. !38606
- Display authored message correctly on public snippets viewed by unauthenticated users. !38614
- Fix vertical alignment of svg icons on Jobs page. !38656
- Fix URLs of issues in VSA dashboard. !38703
- Remove duplicate authorized_projects entries during refresh. !38715
- Fix multiline comment rendering. !38721
- Improve rendering of very large files in the Repo File Browser. !38733
- Optimize click area in design version dropdown. !38747
- Fix notification setting for group with dot in name. !38773
- Fix bug where filtering would sometimes display only open issues on different pages listing issues. !38906
- Refactor spec/views/* and ee/spec/views/* to fix Rails/SaveBang Cop. !38981 (Rajendra Kadam)
- Refactor spec/support/helpers/* and ee/spec/support/helpers/* to fix Rails/SaveBang Cop. !38995 (Rajendra Kadam)
- Fix parallel jobs dropdown from cutting off in small pipeline graphs. !39108
- Add expire_at to PipelineArtifact. !39114
- Add not null constraint for file to ci_pipeline_artifacts. !39118
- Fix gitlab-rake gitlab:license:info crashing when no license exists. !39143
- Fix cancel button on New Release page. !39144
- Fix submit button tooltips for forms with quick submit behavior. !39225
- Fix scroll stuck on editor in snippets. !39251
- Fix: New File page file name field unclickable in mobile view. !39310
- Fix CI job artifacts metadata not extracting on some S3 providers. !39345
- Add default value for file_store to ci_pipeline_artifacts. !39349
- Handle user mapping for Jira server instances. !39362
- Ignore the sources node from the cobertura XML. !39385
- Fix Composer installation code snippet to include package name and version. !39400
- Fix failing bitbucket server import when project slug differs from name. !39433
- Right-aligned Clone dropdown for snippets. !39446
- Fix missing scoped label borders for todos. !39459
- Move gitlab-managed alerts embeds to core as documented. !39509
- Allow crawler access to api. !39520
- Fix panel "more actions" button layout. !39534
- Use history icon on recent search filter tab only on mobile. !39557 (Takuya Noguchi)
- Conan packages allow for conan_sources.tgz and conan_export.tgz files. !39559
- Fix horizontal scrolling on blocked/private profile pages. !39568
- Fixed discussion not expanding when replying to a collapsed discussion. !39571
- Fix pagination for bitbucket server importer. !39598
- Fix missing resolve button when replying to notes in MRs. !39614
- Fix Conan recipe display in the package details page. !39643
- Fix bug when promoting an Issue with attachments to an Epic. !39654
- Fix broken date time picker hide button. !39755
- Fix time zone config not respected in multi-threaded servers. !39778
- Use correct order when repositioning existing designs. !39826
- Center align pipeline graph icons. !39848
- Coerce string object storage options to booleans. !39901

### Deprecated (4 changes)

- Deprecation of ECS template. !36143
- Remove Jump to next unresolved thread button in merge request threads. !38375
- Deprecate blob field on GraphQL SnippetType. !39088
- Deprecate additions and deletions attributes in Repositories API. !39653

### Changed (144 changes, 12 of them are from the community)

- Show full commit message by default in merge request diff. !27981 (Gilang Gumilar)
- Use fingerprint column on events to ensure event uniqueness. !31021
- Disable application_settings_tokens_optional_encryption feature flag. !31798 (Gilang Gumilar)
- Disable ci_runners_tokens_optional_encryption feature flag. !31800 (Gilang Gumilar)
- Update Buildkite Service for supported events, fields, and always verify SSL. !33697 (Juanito Fatas)
- Allow OAuth to auto link LDAP users via email address. !33767 (Niko Wenselowski)
- Pre-fill the email input on sign-in / sign up pages. !33851
- Store user mentions from merge request title or description in the DB. !34378
- Allow multiline Prometheus queries in metrics dashboards yaml. !34508
- Increase contrast between UTC label and input. !34998
- Increase CI instance variable value limit. !35063
- Rewrite integration form in Vue. !35453
- Improved fork page design. !35592
- Add sign_in_count to /users/:id API for admins. !35726 (Luc Didry)
- Updates GitLab managed app Ingress version to 1.40.2. !35924
- Make scoped snippet routing a default one. !36091
- Show clone button for activity on project page. !36147
- Replace fa-angle-up icons with GitLab SVG. !36429
- Migrate '.fa-spinner' to `gl-loading-icon` within shared boards haml. !36436
- Package feature moved to core. !36667
- Replace fa-history icons with GitLab SVG history icon. !36691
- Add serverless empty state illustration. !36762
- Allow an issue or MR to be locked and unlocked without page refresh. !36773
- Exclude todos from general analytics accumulator ping. !36813
- Migrate license_management artifacts to license_scanning type. !36817
- When generating markdown for ordered lists, the list marker should not increment. !36851
- Rename snippet GraphQL files field to blob_actions. !36852
- Track milestone and state changes in issues / MRs using resource events. !36936
- Update project remove modal to add additional warnings. !36962
- Replace fa-plus icons with GitLab SVG plus icon. !36972
- Limit database deprecation notice window. !37009
- Changes limit for terraform artifacts to 5MB. !37018
- Replace fa-ban icons with "cancel" from GitLab SVG. !37067
- Move service desk usage data to core. !37080
- Add concurrency support for Git repository backups. !37158
- Replace some FA icons on groups listing page with GitLab SVG icons. !37162
- Remove extraneous `<br>` tags from the source file when using the Static Site Editor. !37223
- Remove flag and document max artifact size plan limits. !37226
- Replacing View Full Report button with GitLab UI. !37236
- Show meaningful message when applying inapplicable suggestion. !37267
- Return SSH key details in /internal/allowed response. !37289
- Change PagerDuty webhook URL. !37321
- Shorten 'enable LFS' manage for design management. !37385
- Show all snippet files when embedding. !37412
- Add target_details column to AuditEvent table. !37430
- Improve the IA and styling of the Success screen in the Static Site Editor. !37475
- Add Cilium APIs as part of kube_client. !37526
- Introduce `ci_needs_size_limit` to fine control needs. !37568
- Migrate service desk setting button to gl-button. !37612
- External auth adheres to local request setting. !37622
- Remove feature flag managed_apps_local_tiller. !37641
- Bring SAST to Core - bandit, Flawfinder, Gitleaks, Gosec, Kubesec, NodeJsScan, phpcs-security-audit, PMD, Security Code Scan, Sobelow, SpotBugs. !37648
- Replace fa-bell icons with GitLab SVG notifications icon. !37676
- Update gitlab-shell to v13.4.0. !37677
- Move clone button out of blob header. !37696
- Use normal font weight for Design Management dropzone text. !37787
- Replace fa-sign-out icons with GitLab SVG leave icon. !37794
- Add relative positioning on designs. !37835
- Backfill relative positions on designs. !37837
- Add search bar for incidents. !37885
- Add composer tab and package type to package list. !37928
- Add closed issue icon to incidents list for closed incidents. !37949
- Update size limits for SCA artifacts. !37975
- Update label select vue gl button. !37986
- Update suggest gitlab ci popover to gl-button. !37987
- Add pagination to the incident list. !37993
- Rejects duplicated pypi files. !38006
- Use new badge style for 'archived' project badge. !38013
- Remove Duplicate Dashboard item from dashboards dropdown. !38053
- Replace fa-git icons with link svg. !38078
- Enforce namespace storage limit via app setting. !38094
- Replace fa-certificate icon with first-contribution svg. !38154
- Use the uploaded file set by middleware in Repositories::LfsStorageController. !38167
- Migrate new project item select FA icons. !38177
- Add sorting by date for incident list. !38178
- Consistent labels for new/edit group URL. !38180
- Change date time picker units. !38232
- Switch manifest importer to new UI. !38268
- Add incident count badge to the incident list. !38278
- In metrics view, change default dashboard name to Overview. !38292
- Hide languages with few translations. !38312
- Reorganize group member management into tabs. !38344
- Changed wording for optional approvals. !38393
- Upgrade to Gitaly v13.3.0-rc3. !38405
- Re-name "Delete" button to "Archive" in Design Management. !38446 (Getulio Valentin Sánchez @gvso)
- Allow users with developer access level for given project to view kubernetes pod logs. !38467
- Set minimum Redis version to 4 and recommended version to 5 in Redis check task. !38475
- Re-name project remove as project delete. !38489
- Replace fa-info-circle icons with GitLab SVG information icon. !38505
- Take DAG view out of beta. !38517
- Specify Ruby image in FailFast template. !38523
- Update color and vertical alignment of project feature toggle. !38537
- Remove repositories from previous storage when storage move succeeds. !38547
- Add database migrations to prepare for future Geo replication. !38549
- Added minimum value of 1KB to wiki_page_max_content_bytes. !38554 (Uday Aggarwal (uday.agg97))
- Stop using priority and weight keys in metrics dashboards. !38572
- Add copy for Jira issues integration to GitLab issues empty state. !38586
- Add Mark as done capability to Alert To Do's. !38595
- Button migration vulnerability charts. !38610
- Change the job stuck page to use UI library components. !38618
- Order projects within the project dropdown by relevance in analytics features. !38675
- Enable New Package details UI, remove feature flag and remove all old code. !38680
- Update the project deletion confirmation modal to be more specific, the confirmation phrase now includes the project full path. !38700
- Replace v-popover directive with GlPopover in ./app/assets/javascripts/pipelines/components/pipelines_list/pipeline_url.vue.vue. !38769 (Gilang Gumilar)
- Add installation instructions for Composer. !38779
- Track wiki page views in usage data. !38784
- Update incident_issues usage ping to use issue type column. !38864
- Migrate custom metric form buttons. !38896 (George Tsiolis)
- Migrate enable review app button in environments. !38897 (George Tsiolis)
- Add migration helper index for Vulnerabilities::Finding table. !38898
- Migrate maintenance mode settings button. !38901
- Replace <gl-deprecated-button> with <gl-button> in app/assets/javascripts/pipelines/components/graph/action_component.vue. !38923
- Add a cache column for the number of changed files in a merge request diff. !38936
- Change UI and add new actions to monitor dashboard actions menu. !38946
- Support unitless single stat chart in metrics dashboards. !39067
- Update preferences for homepage/dashboard wording. !39092
- Update design mgmt navigation to use gl-button. !39104
- Enable design management reference filter by default. !39113
- Deprecated btn migration. !39154
- Update auto-build-image to v0.4.0 for an updated version of the pack CLI (v0.12.0) for Cloud Native Buildpack builds. !39159
- Change "gauge-chart" to "gauge" in YML panel configuration for gauge charts. !39184
- Enable FF ci_variables_api_filter_environment_scope by default. !39209
- Code navigation displays references when browsing repository. !39214
- Replace fa-book icon with GitLab SVG book icon. !39247
- Replace fa-close icons with GitLab SVG close icon. !39267
- Update auto-deploy-image to v1.0.0, including a locally vendored auto-deploy-app chart instead of charts.gitlab.io. !39272
- Improve environment dropdowns in operations metrics dashboard and highlight selected environment. !39303
- Replace Go Back with Collapse button for expanded Metric charts. !39307
- Replace issues icon with Gitlab SVG. !39313
- Replace fa-power-off icon with GitLab SVG power icon. !39330
- Remove transition animation from the Container Registry UI. !39337
- Replace mis-used CSS class in operations settings. !39338
- Enable Multiline Comments by default. !39370
- Enable delete button on Package group level view list. !39430
- Enabled monaco_blobs FF by default. !39441
- Import the new queries in common_metrics.yml into database. !39475
- Make View full report button open link in new tab. !39501
- Bump CodeQuality templates to version 0.85.10-gitlab.1. !39502
- Allow query/query_range keys in metrics dashboard to contain numbers. !39530
- Enable reorder_designs feature by default. !39555
- Return snippet binary blob content in GraphQL. !39583
- Add anchors to profile preferences. !39589
- Expose ID in Event object returned from the public API. !39669 (Killian Brackey @kbrackey)
- Rename create issue button to create incidents in ALert details. !39684

### Performance (25 changes)

- Add mechanism that efficiently increments ActiveRecord counters using Redis. !35878
- Add limit for wiki page content size. !36729
- Reduce 'cached' query calls for Banzai. !36735
- Fix N+1 issue in Explore Projects controller. !36874
- Avoid N+1 of issue associations in Search. !36941
- Replace FontAwesome fa-clock icon with SVG icon. !37123
- Inverse pipeline for its build associations. !37478
- Fix N+1 for project/:id/issues API endpoint. !37508
- Preload build report results for pipeline builds. !37582
- Always use expanded env name to load persisted environment. !37585
- Improve performance of test report with summary and test suite endpoints. !37629
- Preload number of pipeline warnings for commits. !37669
- Add PipelineArtifact data model. !37969
- Replace index for service usage data. !38147
- Serialize fewer pipeline fields for MR widget. !38215
- Improve performance of Banzai reference filters. !38290
- Skip subsequent topology Prometheus queries if timeout occur. !38293
- Remove some unnecessary Redis calls on commit lists. !38343
- Speed up commit lists and file blob pages on repositories with huge amounts of branches or tags. !38484
- Add index for compliance merged MRs to events. !38885
- Swap RepositoryHashCache to UNLINK. !39105
- Increase sidebar performance by not rendering k8s highlight when not needed. !39228
- Use more-efficient indexing for the MergeRequestDiff storage migration. !39470
- Add secure index for coverage fuzzing. !39569
- Performance and robustness improvements for relative positioning. !39807

### Added (138 changes, 6 of them are from the community)

- Add Rust Dockerfile to GitLab templates. !28167
- Add mutation to create a label or default backlog list for an issue board. !31233
- Allow labels argument for merge request create mutation. !32637
- Add btree_gist PGSQL extension and add DB constraints for Iteration date ranges. !33340
- Add cilium to Kubernetes apps list. !33703
- Define matrix builds for more complex pipelines. !33705
- Support getting a todo for an alert in GraphQL API. !34789
- Resolve Set a deploy freeze in the UI. !35163
- Display notes on merge ref head diff. !35422
- Add note_id to timelogs. !35916 (Lee Tickett)
- Prompt to resolve unresolved threads on an MR is a button that jumps to the first such thread. !36164
- Expose board list issues via GraphQL. !36259
- Add internal api for getting personal access tokens from gitlab-shell. !36302 (Taylan Develioglu @tdevelioglu)
- Add auto_link_user OmniAuth setting. !36664
- Add Draft to WIP for work in progress merge requests. !36666
- Add gauge chart type to the monitoring dashboards. !36674
- Add Prevent forking outside group feature. !36848
- Show Security Warning Modal for fork pipelines. !36951
- Add usage ping for coverage_fuzzing. !36960
- Use _ character for emphasis and * for strong in Static Site Editor markdown syntax. !36965
- Add migration for deployment_type of Jira server in jira_tracker_data table. !36992
- Add system note to alert when corresponding issue is closed. !37039
- Add locked as an argument to updateIssue. !37105
- Add PagerDuty incident integration. !37193
- Add container registry observations to usage ping. !37203
- Support dry-run cherry-picks and reverts via API. !37240
- Show full time range in metrics dashboard charts. !37243
- Geo: Add file store indexes. !37265
- Add ability to turn off "project moved" notifications. !37269
- Add basic incidents list. !37314
- Allow to create merge request pipelines in target project when user has permission. !37322
- Add external column to custom emoji table. !37346 (Rajendra Kadam)
- Add issue_type column to issues table. !37402
- Added webPath and descriptionHtml types to the repository GraphQL entities. !37416
- Add monthly usage ping data for analytics. !37417
- Added section names to code owner approvals in merge request form. !37425
- Add a new K8s Pod health metrics dashboard. !37482
- Update versions tab to other versions. !37513
- Add metrics dashboard templates for the standard file blob selector. !37519
- Add custom metrics dashboard templates supports. !37523
- Allow optional keyset pagination for branch list API. !37524
- Add default_membership_role column to saml_providers table. !37552
- Add NuGet lock files support to Dependency Scanning CI template. !37553
- Migrate vulnerability statistics historical data to vulnerability historical statistics. !37554
- Surface timeafo for created date in Incidents List. !37567
- Add parenthesis support for if: conditions. !37574
- Show mapped user in Jira import form dropdown. !37575
- Add GraphQL mutation to re-order designs. !37603
- Display assignees in Incident List. !37608
- Add ENV vars that expose source and target repository for CI Pipelines that run on an External Pull Requests. !37616 (Rafael Dohms @rdohms)
- Add DB table and model to track changes of the iterations on issues. !37617
- Migrate all 'incident' labelled issues to have issue type 'incident'. !37668
- Resolve Allow the ability to re-order designs. !37686
- Add target_project_id to merge_request_metrics table. !37713
- Allow user to update issue labels via GraphQL. !37728
- Sets issue type for incident issues to incident. !37781
- Create incident from the incidents list page. !37802
- Add personal_access_tokens list to REST API. !37806
- Allow user to simulate pipeline creation via CI Lint and go beyond syntax checks. !37828
- Adds clarifying documentation on EKS IAM roles. !37870
- Add API support for issue and merge request templates. !37890 (Jan Beckmann)
- Add confidential attribute to graphQL for notes update. !37920
- Add confidential attribute to public API for notes update. !37932
- Filter Issues in GraphQL by type of Issue. !38017
- Allows setting of issue subscribe status in GraphQL API. !38051
- Add deployment_events flag to web_hooks table. !38080
- Allow assign/unassign users to issues in GraphQL API. !38081
- Email notification for expired personal access token. !38086
- Upgrade CI to Git v2.28.0. !38152
- Add project milestones to GraphQL API. !38153
- Make the deploy freeze table responsive. !38213
- Add option to query a single board list with GraphQL API. !38216
- Add symlink label text to blob viewer. !38220
- Add support for runbook url to PrometheusAlert table. !38234
- Add dashboard_path to PrometheusMetric. !38237
- Add support for specifying AWS S3 Server Side Encryption (AWS-KMS). !38240
- Add issue status counts to Projects in GraphQL. !38263
- Auto expand collapsed diffs when viewing diffs file-by-file. !38296
- Add hide_backlog_list and hide_closed_list attributes to boards table. !38303
- GraphQL mutation to move issue within board lists. !38309
- Redirect to new metrics dashboard page. !38364
- Add experiments and experiment_users tables for tracking which users are enrolled for which experiments. !38397
- Save usage data in database. !38457
- Move old integrations to Settings > General and introduce instance-level integrations. !38488
- Expose runbook field in alert_management_alert GraphQL API. !38510
- Add CoverageReportsController#index CSV response. !38520
- Add support for never keyword in expire_in job artifacts. !38578 (Fabio Huser)
- Add attributes to filter project merge requests by merged at date in GraphQL. !38584
- Add `resolved_on_default_branch` column into `vulnerabilities` table. !38638
- Add alert url into incident issue markdown. !38649
- Return gitaly info in kubernetes internal API. !38654
- Add GraphQL query for a single milestone. !38682
- Add milestone_id param to issue update graphQL mutation. !38684
- Added pre-processing step to the Static Site Editor so code templates (ERB) are interpreted as code not content. !38694
- Backfill null values to prepare for Geo replication feature. !38719
- Update gitlab-shell to v13.5.0. !38720
- UI warning messages for pipeline configurations. !38734
- Enable state tracking for managed applications installed via the management project. !38759
- Set Incident issue type when creating issue. !38760
- Add pre-processing step so inline ERB and HTML syntax are wrapped in codeblocks for code vs. content editing in the static site editor's WYSIWYG mode. !38791
- Add protected branches count to usage ping. !38797
- Add include_parent_milestones param to project and group milestones API endpoints. !38800
- Clean up orphaned LFS file references during GC. !38813
- Add database migrations to ensure Geo replicates all package files when sync object storage is disabled. !38822
- Add pre-processing step so preexisting codeblocks are preserved prior to flagging content as code in the static site editor's WYSIWYG mode. !38834
- Add model for CiliumNetworkPolicy. !38848
- Expose alert information for environments. !38881
- Add Azure Blob Storage support. !38882
- Add webhooks for deployments. !38902
- Add "New Release" page to allow creation of releases through the interface. !38913
- Add GraphQL mutation for updating board list position and collapsed/expanded state. !38942
- Add due_date filter param to Issues REST API. !38973
- Support adding of API requests to the performance bar. !39057
- Expose counts (pipeline, commits) and approvers for a merge request in GraphQL. !39086
- Add total_weight and issues_count fields to the board list graphQL endpoint. !39110
- Make available new UI for adding a panel to a metrics dashboard. !39124
- Improve submission behavior of the New/Edit Release page. !39145
- Allows NuGet to authenticate with Job Token. !39147
- Upgrade Pages to 1.22.0. !39172
- Upgrade Workhorse to v8.38.0. !39223
- JUnit test report on pipeline detail page. !39260
- Allow GraphQL pipeline to resolve non-CI pipelines and expose configSource field. !39275
- GraphQL: Issues - Added 'include_subgroup' parameter. !39279
- Enable `:resource_access_token` feature flag by default. !39287
- Add runbook to metric chart dropdown. !39288
- Add runbooks to metric alerts. !39315
- Preserve active tab on alert details page reload. !39369
- GraphQL: Add user to pipeline + status and email to user + StatusType. !39402
- Add external link icon to list of repositories in importer. !39442
- Add target_type to audit_events. !39461
- Enable read SPDX catalogue from local copy. !39463
- Show runbook for alert in detail view. !39477
- Link to logs from GitLab-managed alert metrics. !39487
- Add SECRET_DETECTION_EXCLUDED_PATHS env var. !39523
- Add pipeline_artifacts_size to project_statistics. !39607
- Setup basic level telemetry for navigation. !39638
- Update gitlab-shell to v13.6.0. !39675
- Empty State for the Incident list. !39718

### Other (69 changes, 9 of them are from the community)

- Remove globe icon from explore projects dropdown. !21659
- Remove mr_tabs_position feature flag. !29340 (Lee Tickett)
- Improve Elasticsearch Reindexing documentation. !29788
- Remove createIssues logic from list model. !32236 (nuwe1)
- Unify Prometheus metric initialization by always using inline transaction metrics. !32980
- Adds models and tables for cluster agent and cluster agent tokens. !33228
- Remove updated_at column on audit_events table. !35690
- Replace fa-pencil-square-o icons with GitLab SVG icons. !36059
- Replace fa-rss with GitLab SVG icon. !36553
- Limit project moved e-mails to maintainers/owners. !36665
- Backfill personal snippets statistics. !36801
- Set default bullet char character as - when generating markdown in Static Site Editor. !36820
- Replace <gl-deprecated-button> with <gl-button> in app/assets/javascripts/pipelines/components/graph/linked_pipeline.vue. !36968
- Replace fa-link icons with GitLab SVG link icon. !36973
- Consolidate issuable_header_warning for both MR and issue. !37043
- Remove index from chat_names and service_id. !37054
- Making component diagram click-friendly. !37147 (Arjun Pravin @Sgt.Arjun)
- Replace fa-pause with pause svg. !37149
- Replace fa-replace icon with svg. !37228
- Replace fa-key icon with svg. !37251
- Remove app_server_type from top level usage ping. !37279
- Update GitLab Runner Helm Chart to 0.19.0. !37292
- Use ES6 methods instead of `for` loops. !37324 (allenlai18)
- Remove legacy pipeline processing service and FF ci_atomic_processing. !37339
- Cleanup migration to drop temporary table untracked_files_for_uploads if exists. !37352
- Fix the MR number in CHANGELOG. !37399
- Immediately update project statistics when running housekeeping or repository cleanup. !37579
- Update GitLab Runner Helm Chart to 0.19.1. !37583
- Add index to resource_milestone_events for add actions. !37636
- Capitalize CloudFlare in documentation. !37704 (Takuya Noguchi)
- Use Cloudflare in comments. !37764 (Takuya Noguchi)
- Update $gray-400 hex and replace instances of $gray-400 with $gray-200. !37813
- Add link to issue details page from Incident list page. !37814
- Remove link to Cloudflare cert for Pages. !37876 (Takuya Noguchi)
- Add incident state columns. !37889
- Move file store updates and mount_uploader into a concern. !37907
- Set appropriate timeouts for PrometheusClient. !37924
- Remove GitlabIssueTrackerService database records. !37931
- Remove title and description columns from services table. !37936
- Fix misalignment of download icon on jobs page. !37966
- Automatically calculate the database connection pool size. !38049
- Remove per-web-transaction redis metrics. !38101
- ee Updating $gray-500 hex value and replacing instances with $gray-300. !38229
- Removes the old UI page. !38277
- Log raw pre-receive message in fast-forward merge. !38354
- Replace times-circle with GitLab SVG clear icon. !38409
- Add telemetry for instance-level and template integrations. !38459
- Add group_id column to the services table. !38499
- Replace fa-play/pause icons with svg. !38535
- Add telemetry for projects inheriting instance settings. !38561
- Move button in Settings > Webhooks to the right. !38650
- Replace deprecated button on vulnerability details page. !38679
- Collect node CPU and memory utilization in usage ping. !38681
- Improve unfurling support for /search. !38699
- Add can_push column to group_deploy_keys_groups table. !38714
- Log raw pre receive error for create branch service. !38749
- Change to glbutton component in CI variables list. !38757
- Replace deprecated buttons in dashboard header. !38830
- Remove :gzip_diff_cache feature flag. !38838
- Replace some fa-trash icons with GitLab SVG remove icon. !38964
- Productivity Analytics: Improve error message when query takes too long to calculate. !39074
- Adds an environment variable override to disable unstructured logs. !39109
- Remove not-null constraint on type column in audit_events. !39192
- Set longer Prometheus timeouts in PrometheusService. !39318
- Use active version of Redis for an example. !39404 (Takuya Noguchi)
- Remove FF ci_composite_status and related codes. !39498
- Remove a card-small class from HAML files. !39550 (Takuya Noguchi)
- Provide versioning support to Sidekiq workers. !39562
- Replace fa-pencil icon with GitLab SVG. !39648


## 13.2.10 (2020-10-01)

### Security (14 changes)

- Do not store session id in Redis.
- Fix permission checks when updating confidentiality and milestone on issues or merge requests.
- Purge unaccepted member invitations older than 90 days.
- Adds feature flags plan limits.
- Prevent SVG XSS via Web IDE.
- Ensure user has no solo owned groups before triggering account deletion.
- Security fix safe params helper.
- Do not bypass admin mode when authenticated with deploy token.
- Fixes release asset link filepath ReDoS.
- Ensure global ID is of Annotation type in GraphQL destroy mutation.
- Validate that membership expiry dates are not in the past.
- Rate limit adding new email and re-sending email confirmation.
- Fix redaction of confidential Todos.
- Update GitLab Runner Helm Chart to 0.19.4.


## 13.2.8 (2020-09-02)

### Security (1 change)

- Protect OAuth endpoints from brute force/password stuffing.


## 13.2.7 (2020-09-02)

### Security (23 changes, 1 of them is from the community)

- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.18.3.


## 13.2.6 (2020-08-18)

- No changes.

## 13.2.5 (2020-08-17)

### Security (2 changes)

- Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy.
- Project access is checked during deploy token authentication.


## 13.2.4 (2020-08-11)

### Security (1 change)

- Add decompressed archive size validation on Project/Group Import. !38736

### Fixed (1 change)

- Fix automatic issue creation via Prometheus alerts. !37884


## 13.2.3 (2020-08-05)

### Security (12 changes)

- Update kramdown gem to version 2.3.0.
- Enforce 2FA on Doorkeeper controllers.
- Revoke OAuth grants when a user revokes an application.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.
- Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled.
- Update GitLab Runner Helm Chart to 0.18.2.


## 13.2.2 (2020-07-29)

### Fixed (3 changes)

- Coerce repository_storages_weighted, removes repository_storages. !36376
- Fix JiraImportUsersInput startAt field. !37492
- Provide better git error message when the user is unconfirmed. !37944

### Changed (1 change)

- Skip mass unconfirming users when send_user_confirmation_email setting is off. !38024


## 13.2.0 (2020-07-22)

### Security (3 changes)

- Unconfirm wrongfully verified email addresses and user accounts. !35492
- Make logrotate run as git user for source installations. !35519
- Replace misleading text in re-confirmation emails. !36634

### Removed (7 changes, 2 of them are from the community)

- Remove deprecated dashboard & group milestone pages. !13237
- Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna)
- Remove all search autocomplete for groups/projects/other. !31187
- Remove temporary datepicker position fix as it is no longer required. !31836 (Arun Kumar Mohan)
- Remove the ability to customize the title and description of some integrations (Bugzilla, Custom Issue Tracker, Redmine, and YouTrack). !33298
- Drop deprecated **_ANALYZER_IMAGE_PREFIX. !34325
- Remove Internet Explorer 11 specific polyfills. !36830

### Fixed (300 changes, 79 of them are from the community)

- Remove broken hyperlink from close and reopen button. !22220 (Lee Tickett)
- Fix 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan)
- Fix back button when switching MR tabs. !29862 (Lee Tickett)
- Remove ability to scroll Issue while in Design View. !29881
- Fix merge request note label URLs. !30428 (Lee Tickett)
- Fix default path when creating project from group template. !30597 (Lee Tickett)
- Fixed issue (#198424) that prevented k8s authentication with intermediate certificates. !31254 (Abdelrahman Mohamed)
- Fix group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta)
- Fix issuable listings with any label filter. !31729
- Move prepend to last in ee-app-services. !31838 (Rajendra Kadam)
- Fallback to lowest visibility level in snippet visibility radio. !31847 (Jacopo Beschi @jacopo-beschi)
- Add class stubs and fix leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam)
- Remove usage of spam constants in spec. !31959 (Rajendra Kadam)
- Fix leaky constant issue in uninstall progress service check. !32036 (Rajendra Kadam)
- Fix leaky constant issue in commit entity spec. !32039 (Rajendra Kadam)
- Fix leaky constant issue in task completion status spec. !32043 (Rajendra Kadam)
- Fix leaky constant issue in admin mode migration spec. !32074 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware server metric spec. !32104 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware client metric spec. !32108 (Rajendra Kadam)
- Fix leaky constant issue in path regex spec. !32115 (Rajendra Kadam)
- Fix leaky constant issue importer and cache headers spec. !32122 (Rajendra Kadam)
- Fix leaky constant issue in relation factory spec. !32129 (Rajendra Kadam)
- Fix leaky constant issue in test coverage spec. !32134 (Rajendra Kadam)
- Prevent emails to user on expiry of impersonation token. !32140
- Fix leaky constant issue in diff collection spec. !32163 (Rajendra Kadam)
- Fix leaky constant issue in migration helpers, with lock retries and ignored cols spec. !32170 (Rajendra Kadam)
- Fix leaky constant issue in factory spec. !32174 (Rajendra Kadam)
- Fix leaky constant issue in creds factory spec. !32176 (Rajendra Kadam)
- Use applogger in project import state file. !32182 (Rajendra Kadam)
- Use applogger in project.rb. !32183 (Rajendra Kadam)
- Use applogger in chat_team.rb. !32184 (Rajendra Kadam)
- Use applogger in repository model. !32185 (Rajendra Kadam)
- Use applogger in build and ssh host key. !32187 (Rajendra Kadam)
- Use applogger in cache attrs and highest role ruby files. !32189 (Rajendra Kadam)
- Use applogger in legacy project and namespace. !32190 (Rajendra Kadam)
- Use applogger in base.rb. !32191 (Rajendra Kadam)
- Use applogger in usage ping and webhook service. !32192 (Rajendra Kadam)
- Use applogger in exclusive_lease_guard. !32194 (Rajendra Kadam)
- Use applogger in groups destroy service and label create service. !32195 (Rajendra Kadam)
- Use applogger in merge_service.rb. !32196 (Rajendra Kadam)
- Use applogger in project create service and after import service. !32198 (Rajendra Kadam)
- Use applogger in update stats service. !32200 (Rajendra Kadam)
- Use applogger in base attachment service. !32201 (Rajendra Kadam)
- Use applogger in export service. !32203 (Rajendra Kadam)
- Use applogger in akismet service. !32205 (Rajendra Kadam)
- Use applogger in file mover file. !32206 (Rajendra Kadam)
- Use applogger in commit signature worker. !32207 (Rajendra Kadam)
- Use applogger in delete user worker. !32209 (Rajendra Kadam)
- Use applogger in email receiver worker. !32211 (Rajendra Kadam)
- Use applogger in artifact worker. !32212 (Rajendra Kadam)
- Use applogger in new note worker. !32213 (Rajendra Kadam)
- Fix duplicate filename displayed in design todos. !32274 (Arun Kumar Mohan)
- Add value length validations for instance level variable. !32303
- Resolve image overflow at releases list panel. !32307
- Clean up shared/tmp folder after Import/Export. !32326
- Fix creating release evidence if release is created via UI. !32441
- GraphQL hasNextPage and hasPreviousPage return correct values. !32476
- Fix loading and empty state styling for alerts list. !32531
- Resolve incorrect x-axis padding on the Environments Dashboard. !32533
- Fix time_tracking help link. !32552
- Don't display confidential note icon on confidential issue public notes. !32571
- Update container expiration policy database defaults. !32600
- Fix rendering of emojis in status tooltips. !32604
- Remove `:prevent_closing_blocked_issues` feature flag. !32630 (Lee Tickett)
- Hid copy contents button when blob has rendering error. !32632
- Avoid refresh to show endedAt after mutation. !32636
- Fix for metrics creation when saving MR. !32668
- Skip the individual JIRA issues if failed to import vs failing the whole batch. !32673
- Hide "Import from Jira" option from non-entitled users. !32685
- Allow special characters in dashboard path. !32714
- Fix broken help link on operations settings page. !32722
- Allow different in bulk editing issues. !32734
- Fix whitespace changes overgrowing the diff container. !32774
- Improve spacing and wrapping of group actions buttons and stats in group list view. !32786
- Fix "Broadcast Messages" table overflow and button alignment. !32801
- Fix 404 when downloading a non-archive artifact. !32811
- Make commits author button confirm to Pajamas specs. !32821
- Fix filename duplication in design notes in activity feeds. !32823 (Arun Kumar Mohan)
- Prevent multiple Auto DevOps deployment jobs running concurrently when using manual rollout. !32824
- Implement displaying downstream pipeline error details. !32844
- Fix Runner heartbeats that results in considering them offline. !32851
- Conan package registry support for the conan_export.tgz file. !32866
- Fix plural message in account deletion section. !32868
- Fix atomic processing bumping a lock_version. !32914
- AsciiDoc: Add support for built-in alignment roles. !32928 (mnrvwl)
- Fix a bug where some Vue apps would be unable to load when DAG tab is disabled. !32966
- Fix undefined error in Gitlab::Git::Diff. !32967
- Fix spelling error on Ci::RunnersFinder. !32985 (Arthur de Lapertosa Lisboa)
- Fix polling for resource events. !33025
- Fix broken CSS classes inside alert management list. !33038
- Fix bug in snippet create mutation with non ActiveRecord errors. !33085
- Fix overflow issue in MR and Issue comments. !33100
- Fix alignment of button text on the Edit Release page. !33104
- Deduplicate URL parameters when requesting merge request diffs which causes diffs load to fail. !33117
- Fix tabbing through form fields in projects/new flow. !33209
- Fix incorrect commit search results returned when searching with ref. !33216
- Issue list page shows correct status for moved re-opened issues. !33238
- Fix NoMethodError by using the correct method to report exceptions to Sentry. !33260
- Fix KaTeX font paths. !33338
- Resolve Fix Incomplete Kubernetes Cluster Status List. !33344
- Fix auto-merge not running after discussions resolved. !33371
- Fix bug in snippets updating only file_name or content. !33375
- Resolve "WebIDE displays blank file incorrectly". !33391
- Fix invisible emoji modal on Set Status form when clicked the second time. !33398
- vertically center action icon in the CI pipeline. !33427 (Nathanael Weber)
- Wrap auto merge parameters update in database transaction. !33471
- Return 404 response when redirecting request with invalid url. !33492
- Fix ambiguous string concatenation on CleanupProjectsWithMissingNamespace. !33497
- Fix snippet repository import edge cases. !33506
- Rust CI template: Replace --all with --workspace on cargo test. !33517 (Markus Becker)
- Make markdown textarea links tab-accessible. !33518
- Pass hard delete option to snippets bulk destroy. !33520
- Fix CI rules for ECS related jobs. !33527
- Update GitLab Workhorse to v8.34.0. !33543
- Fix snippet repository import fail with older export files. !33584
- Web IDE: Create template files in the folder from which new file request was made. !33585 (Ashesh Vidyut)
- Improve header acccessibility. !33603
- Remove non migrated snippets from failed imports. !33621
- Prevent duplicate issues when importing from CSV. !33626
- Fix sidebar spacing for alert details. !33630
- Fix linking alerts to created issues for the Generic alerts intergration. !33647
- Resolve spacing ux debt on Release assets form field. !33684
- Fix pagination link header. !33714 (Max Wittig)
- When clicking multiple times to leave a single comment, the input field should remain focused. !33742
- Allow wiki pages with +<> characters in their title to be saved. !33803
- Fix force_remove_source_branch not working in API. !33804
- Fix prometheus alerts not being automatically created. !33806
- Fix pagination for resource label events. !33821
- Fix pagination for resource milestone events api. !33845
- Return code navigation path for nil diff_refs. !33850
- Record audit event when an admin creates a new SSH Key for a user via the API. !33859 (Rajendra Kadam)
- Do not create duplicate issues for exising Alert Management alerts. !33860
- Add link text to collapsed left sidebar links for screen readers. !33866
- Update text in error tracking list error message. !33872
- Ensure that alerts are shown when prometheus service is active. !33928
- Fixed dashboard YAML file validaiton for files which do not contain object as root element. !33935
- Fix design note scrolling. !33939
- Updated the Android CI Script. !34007 (s-ayush2903)
- Update validates_hostname gem with support for more TLDs. !34010
- Remove default "archived" parameter value from Groups API's projects endpoint. !34018 (Justin Sleep)
- Fix approval rule type when project rule has users/groups. !34026
- Update wording of addMultipleToDiscussionWarning. !34088
- Show all storages in settings. !34093
- Set author as nullable in snippet GraphQL Type. !34135
- Fix rendering of very long paths in merge request file tree. !34153
- Fix 500 errors and false positive warnings during metrics dashboard validation. !34166
- Remove not null constraint from events tables. !34190
- Ensure we always generate a valid wiki event URL. !34191
- Send information about attached files to the GraphQL mutation. !34221
- Update issue limits template to use minutes. !34254
- Add route for the lost-and-found group and update the route of orphaned projects. !34285
- Make markdown textarea buttons tab accessible. !34300
- GraphQL - properly handle pagination of millisecond-precision timestamps. !34352
- Fix 500 error in BlobController#delete. !34367
- Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup, a fix for multiline K8S_SECRET variables, updated Helm to 2.16.7 and glibc to 2.31. !34399 (verenion)
- Updates Helm version to 2.16.7, which has some fixes. !34452
- Align "External" access level row in the user admin form. !34455 (Eduardo Sanz @esanzgar)
- Fix issues with scroll on iOS / iPad OS. !34486
- Add environment_scope filter to ci-variables API. !34490
- Fix order of integrations to be sorted alphabetically. !34501
- Fix undefined method error. !34522
- Fix static site editor raw (has front matter) <-> body (lacks front matter) content changes sync. !34523
- Use Keys::DestroyService for deleting an SSH key when an admin deletes a key via the API. !34535 (Rajendra Kadam)
- Removed default artifact name for Terraform template. !34557
- Record audit event when a user creates a new SSH Key for themselves via the API. !34645 (Rajendra Kadam)
- Restrict alert assignee user search to current project in alert management details. !34649
- Limit alert assignment to only users who can read alerts. !34681
- Use Keys::DestroyService for deleting an SSH key when a user deletes a key via the API. !34718 (Rajendra Kadam)
- Use GpgKeys::CreateService when an admin creates a new GPG key for a user. !34737 (Rajendra Kadam)
- Sort code coverage graph in ascending order. !34750
- Fix Issue sticky title URL hash offset. !34764
- Fix broken todo GraphQL API filtering when filtering by type. !34790
- Use GpgKeys::CreateService when a user creates GPG keys for themselves via the API. !34817 (Rajendra Kadam)
- Expand healtchecks `500`s when DB is not available. !34844
- Assign plan_id when building a new plan limit. !34845
- Fix 500 errors with filenames that contain glob characters. !34864
- Avoid updating snippet content when snippet_files content is not present. !34865
- Ensure original repository is archived after a shard move. !34895
- Fix issue suggestion text color on dark mode. !34899
- Enclose `release-cli` steps in an array. !34913
- Add DestroyService for GPG keys and use for deleting GPG keys via API. !34935 (Rajendra Kadam)
- Resolve Misleading message displays when MR request is first submitted. !34958
- Cancel review app deployment when MR is merged. !34960
- Add RSpecs for Gitlab::Emoji module. !34980 (Rajendra Kadam)
- Fix directory and last commit not loading for some filenames. !34985
- Fix confidential warning not showing the issuable type. !34988
- Fixed mermaid not rendering when switching diff tabs. !35023
- Use GpgKeys::DestroyService when a user deletes GPG keys for themselves via the API. !35033 (Rajendra Kadam)
- Fix alignment of navigation theme options. !35041
- Support fenced code blocks in Atlassian Document Format converter. !35065
- Fixed size limit for too large snippets. !35076
- Don't include changes in webhook payload when old associations are empty. !35158
- Fix release assets for Guest users of private projects. !35166
- Properly set CI_DEPLOY_FREEZE variable in pipelines. !35226
- Move 'Delete comment' button to bottom of 'More actions' list. !35237
- Only run DAST job if Kubernetes active. !35259
- Add instrumentation to Gitaly streamed responses. !35283
- Fix pages_url for projects with mixed case path. !35300
- Ensure .git/config is updated for forks. !35305
- Defer updating .git/config for imported projects. !35308
- Redirect wiki edit actions for missing pages. !35350
- Fix styling bug for disabled merge button. !35365
- Static Site Editor can’t be opened in projects belonging to a subgroup. !35378
- Resolve timeout in admin/jobs. !35385
- Fix job log text color in dark mode. !35387
- Minor UI fixes for Issue page in dark mode. !35395
- Disable ILM on ELK vendor yaml. !35398
- Improve alert list spacing. !35400
- Fix path conflict for Ghost on UpdateRoutesForLostAndFoundGroupAndOrphanedProjects. !35425
- Add tiller.log to Auto DevOps deployment job artifacts when AUTO_DEVOPS_DEPLOY_DEBUG is set. !35458
- Resolve [Un]Assign Issue to/from Comment Author Action Visibility. !35459
- Add email and email_verified claims to OAuth ID token. !35468 (André Hänsel)
- Make ProjectUpdateRepositoryStorageWorker idempotent. !35483
- Project bot users should always have their emails confirmed by default. !35498
- Only show open Merge Requests in Web IDE. !35514
- Remove Edit dashboard button from self monitoring dashboard. !35521
- Guard against data integrity issues when canceling review app jobs. !35555
- Use FLOAT_TYPE for storage limit. !35559
- Enforce prometheus metric uniqueness across project scope. !35566
- Use full version instead of short version for Sentry Error Release links. !35623
- Propagate error on FF pre-receive failure. !35633
- Support multiple mailboxes incoming email check. !35639
- Fix Profile Applications page to be shown in correct locale. !35661
- Fix 404 when importing project with developer permission. !35667
- Fix incorrect text escaping in the Static Site Editor. !35671
- Use the user's preferred language as default. !35676
- Create associated routes when a new bot user is created. !35711
- Prevent autosave when reply comment via cmd+enter. !35716
- Fix border-radius-base SCSS value. !35740
- Fix alert sort styling issues. !35741
- Change the sort order for alert severity and status. !35774
- Fix unique case where static site editor's custom renderer for identifier syntax didn't robustly handle inline code. !35775 (Derek Knox)
- Save show whitespace changes. !35806
- Fix existing repository_storages_weighted migrations. !35814
- Fix error 500s creating new projects due to empty weights. !35829
- Fix rendering alert issue description field. !35862
- Fixed translation errors on MR Widget. !35888
- Fix 500 errors with invalid access tokens. !35895
- Change PrometheusMetrics identifier index. !35912
- Backfill missing routes for Bot users. !35960
- Add generic message when no pipeline in MR. !35980
- Conditionally render Docker row checkbox. !36000 (gfyoung)
- Fix missing avatar in MR widget. !36034
- Fix comment loading error in issues and merge requests. !36043
- Fix routing for paths starting with help and projects. !36048
- Fix infinite loading spinner for related merge requests on commit pipelines tab. !36077
- Use error.message instead of error in importer.log. !36104
- Remove hardcoded reference to gitlab.com in NPM .gitlab-ci.yml template. !36124
- Remove dashboard panels' tabindex where is not needed. !36168
- Fix Project#pages_url not to downcase url path. !36183
- Remove border from related merge requests/issues counter. !36272
- Fail jobs that fail to render registration response. !36274
- Sort metrics dashboard panels and groups using a stable sort. !36278
- Remove HTML link from plain text mail. !36301
- Fix wrong value of checkbox in integration form. !36329
- Add a Rake task to fix incorrectly-recorded external diffs. !36353
- Fix single file editor with long branch name. !36371
- Allow self monitoring dashboard to be duplicated. !36433
- Propagate DS_JAVA_VERSION for dependency scanning. !36448
- Fix to display speech bubble on hover over image on commits page. !36470 (Adam Alvis @adamalvis)
- Fix to remove speech bubble on hover over image on MR Overview tab. !36474 (Adam Alvis @adamalvis)
- Add DOCKERFILE_PATH to Auto DevOps workflow:rules. !36475
- Show symlink icon in repository browser. !36524
- Snippet comments where any line begins with a slash following an alphabetic character can't be published. !36563
- Exclude services relation from Project Import/Export. !36569
- Permanently close Jira import success alert. !36571
- Fix dashboard schema validation issue. !36577
- Refactor issues controller spec to fix SaveBang Cop. !36582 (Rajendra Kadam)
- Fix positioning of mr/issue count. !36621
- Update to Grape v1.4.0. !36628
- Fix API errors when null value is given for the bio. !36650
- Avoid 500 errors with long expiration dates in tokens. !36657
- Remove CI/CD variable validations on AWS keys. !36679
- Ensure to run unassign issuables worker when not in a transaction. !36680
- Mark existing Project Bot Users as confirmed. !36692
- Fix error message when saving an integration and testing the settings. !36700
- Do not depend on artifacts from previous stages in Auto DevOps deployments. !36741
- Delete tracking records on partitioning migration rollback. !36743
- Updates Helm version to 2.16.9 which has some fixes. !36746
- Web IDE: Page title should not be .editorconfig when the IDE is first loaded. !36783
- Removes fixes that broke the pipeline table. !36803
- Refactor group controllers specs to fix SaveBang Cop. !36853 (Rajendra Kadam)
- Fix the default metrics dashboard to work on K8s versions 1.12 to 1.16. !36863
- Fix incorrect marking MR as Draft. !36869
- Use an array for fetching same_family_pipeline_ids. !36883
- Remove extra Secret-Detection job on merge requests. !36884
- Remove Rails Optimistic Locking monkeypatch. !36893
- Refactor projects controllers specs to fix SaveBang Cop. !36920 (Rajendra Kadam)
- Fix background overflow when design note is selected. !36931
- Fix bulk editing labels bug. !36981
- Fix not being able to add more than one CI variable through the UI. !37001
- Uses --set-string to avoid Helm confusion over short SHA vs Scientific Notation. !37004 (Bryan H. @galador)
- Fix displaying import errors from server. !37073
- Fix failing dashboard schema validation calls. !37108
- Fix showing MLC form on replies. !37139
- Set experiementation cookie for GitLab domain only.
- Prevent duplicate health status text on epics.
- Add DS detection of build.gradle.kts.
- Fix for test report link in MR widget.
- Footer system message fix.

### Deprecated (1 change, 1 of them is from the community)

- Remove the unused worker code and its queue. !32595 (Ravishankar)

### Changed (191 changes, 9 of them are from the community)

- Deduplicate labels with identical title and project. !21384
- Add a GraphQL endpoint to fetch Jira projects through its REST API. !28190
- Change legends in monitor dashboards to tabular layout. !30131
- Move pipelines routing under /-/ scope. !30730
- Set markdown toolbar to use hyphens for lists. !31426
- Use sprites for comment icons on Commits. !31696
- Rate limit project export by user. !31719
- Reorder diffs compare versions dropdowns. !31770 (Gilang Gumilar)
- Enable the `in this group` action in the Search dropdown. !31939
- Externalize i18n strings from ./app/views/shared/_promo.html.haml. !32109 (Gilang Gumilar)
- Add Usage Ping count for all searches. !32111
- Add tags_count to container registry api and controller. !32141
- Externalize i18n strings from ./app/views/shared/milestones/_sidebar.html.haml. !32150 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_form_dates.html.haml. !32162 (Gilang Gumilar)
- Improve Container Registry UI header. !32424
- Added node size to cluster index. !32435
- Enable display of wiki events in activity streams. !32475
- Update operations metrics settings title and description to make them general. !32494
- Track merge_requests_users usage data. !32562
- Adds cluster CPU and Memory to cluster index. !32601
- Allow the snippet create service to accept an array of files. !32649
- Move review related controllers/workers outside EE. !32663
- Move the Members section from settings to the side nav for projects. !32667
- Show more context in unresolved jump button. !32737
- Exclude extra.server fields from exceptions_json.log. !32770
- Improve new/unknown sign-in email styling. !32808
- Allow the snippet update service to accept an array of files. !32832
- Add new issue link to email notification header. !32833
- Bump cluster-applications to 0.17.0, which updates Runner to 0.17.0 and Cilium to 1.7.4. !32931
- Update artifacts section to show when an artifact is locked. !32992
- Show clone button on project page for readme preference. !33023
- Include tag count in the image repository list. !33027
- Clean up gitlab-shell install-from-source path. !33057
- Increase LFS token default time to 2 hours. !33140
- Add the unique visits data to the usage ping. !33146
- Add explicit mention of Merge request in Slack message. !33152
- Expose `release_links.type` via API. !33154
- Add link_type column to release_links table. !33156
- Move broadcast notification dismiss button to the top. !33174
- Remove null constraint for JID in GroupImportState. !33181
- Added provider type icon to cluster list. !33196
- Remove search icon from Project find file button. !33198
- Refine SAST language detection by frameworks. !33226
- Render Merge request reference as link. !33248
- Upgrade to Gitaly v13.1.0-rc1. !33302
- Render Merge request reference as link in email templates. !33316
- Show disabled suggestion button with tooltip message. !33357
- Add update validations to SnippetInputAction. !33379
- Add snippet DB visibility check in spec. !33388 (Jacopo Beschi @jacopo-beschi)
- Add Hugo logo to project templates. !33402
- Add GitBook logo to project templates. !33403
- Add GoMicro logo to project templates. !33404
- Add Jekyll logo to project templates. !33405
- Add Hexo logo to project templates. !33406
- Add UI to disable Service template when instance-level integration is active. !33490
- Rename Add Designs button. !33491
- Add CPU, memory usage charts to self monitoring default dashboard. !33532
- Add database migrations to design_management_designs.filename to enforce a 255 character limit, and modify any filenames that exceed that limit. !33565
- Track Sentry error status updates with dedicated actions. !33623
- Alert Managament: Change sorting order to have newest alerts first. !33642
- Add blobs field to SnippetType in GraphQL. !33657
- Move Usage activity by stage for Configure to Core. !33672
- Format metrics column chart x axis dates. !33681
- Emit Bitbucket Server Importer metrics. !33700
- Style ToastUI contextual menus. !33719
- Update Auto deploy image to v0.16.1, introducing support for AUTO_DEVOPS_DEPLOY_DEBUG. !33799
- Add whether instance has Auto DevOps enabled to usage ping. !33811
- Update local IP address and domain name allow list input label. !33812
- Add date time format to the monitor stacked-column chart. !33814
- Allow Tf Plan to genrate multiple reports. !33867
- Report all unique users for Secure scanners. !33881
- Remove async_merge_request_check_mergeability feature flag. !33917
- Filter potentially-sensitive Sidekiq arguments from logs and Sentry. !33967
- Update Static Site Editor toolbar to group inline-code and code-block buttons together. !34006
- Set default values for SAST_EXCLUDED_PATHS and DS_EXCLUDED_PATHS. !34076
- Add ability to filter self monitoring resource usage charts by instance name. !34084
- Add skeleton loader to cluster list. !34090
- Pick repository storage based on weight. !34095
- Use IP or cookie in known sign-in check. !34102
- Prevents editing of non-markdown kramdown content in the Static Site Editor's WYSIWYG mode. !34185
- Display error for YAML files that are too large. !34199
- Change copy of webhooks / integration help text. !34301
- Use CodeQuality 0.85.10 in the CI template. !34329
- Update board header icons. !34366
- Show Redis instance in performance bar. !34377
- Extend members REST API with the option to unassign Issues and Merge Requests when member leaves team. !34388
- Reorder snippets in lists using `updated_at` column. !34393 (Dibyadarshi Dash @ddash2)
- Add files argument to snippet create mutation. !34449
- Consolidate object storage config in one place. !34460
- Add secret detection template to Auto DevOps. !34467
- Add contextual menu to single stat panels. !34497
- Add allowed actions to snippet input action. !34499
- Add files argument to snippet update mutation. !34514
- Change from vendor specific to Gitlab. !34576
- Enable `:ci_release_generation` feature flag by default. !34633
- Update gl-toggles with deprecated attributes. !34660
- Adjust verbiage on repository storages settings page. !34675
- Change redirect path after integration save. !34697
- Refine UI of integration form. !34707
- Change CI variable font family to monospace. !34788 (Aaron Walker)
- Rename GraphQL AwardEmoji mutations to follow naming conventions, deprecating the old mutations. !34798
- Improve error message when unconfirmed user tries to log in. !34818
- Update LFS setting label. !34829 (George Tsiolis)
- Display error if metrics dashboard YAML is too large. !34834
- Add expand/collapse view to Terraform MR widget. !34879
- Expose storage size limit for namespaces in GraphQL. !34882
- Resolve Add no graph empty state for DAG. !35053
- Remove pending and running tabs from pipelines list and remove count from finished tab. !35062
- Stop removing NaN values from monitoring data series. !35086
- Multiple Kubernetes clusters now available in GitLab core. !35094
- Include snippets size in project statistics. !35120
- Add parallel persistence for author_name on AuditEvent. !35130
- Convert the Image tag UI from a table to a list view. !35138
- Add personal and project snippet monthly counters to usage data. !35155
- Exclude integrations (services) from Project Import/Export. !35249
- Parameterize PG deprecation notice. !35271
- Add inapplicable reason in MR suggestion Tooltip. !35276
- Add snippets_size to namespace_root_storage_statistics. !35311
- Rename Container Expiration Policies to Cleanup policy for tags. !35315
- Expose snippets_size in ProjectStatistics Entity. !35316
- Add snippets_size to ProjectStatistics GraphQL type. !35319
- Update snippet and project statistics after certain events. !35340
- Update the static site editor's markdown mode text to monospace to better reflect a code-editing experience. !35347 (Derek Knox)
- Resolve Remove button row from environments empty state. !35413
- Track last activity for Personal Access Token. !35471
- Add GitLab username and name to the import users from Jira mutation response. !35542
- Use local Tiller by default for GitLab-managed apps. !35562
- Hide cleanup button for clusters with management project. !35576
- Update integration form to use GitLab UI components. !35582
- Add snippets_size to Group entity. !35585
- Add snippets_size to RootStorageStatisticsType. !35586
- Move merge_requests_users metric to stage section. !35593
- Include snippets_size statistic inside RootStorageStatistics. !35601
- Accept multiple blobs in snippets. !35605
- Replace FA exchange icon with GitLab SVG. !35634
- Require namespace path (and username) to be at least 2 chars long. !35649
- Remove count for pending/running/finished pipelines in tabs. !35693
- Display commits search in mobile & adjust text. !35702
- Open source cluster health dashboard and make it available to all users. !35721
- Update snippet statistics after project import. !35730
- Remove the second prompt to accept or decline an invitation. !35777
- Track wiki page views in Snowplow. !35784
- Use the application's default_branch_name when available when initializing a new repo with a README. !35801
- Use native Gitaly pagination for Branch list API. !35819
- Move file link to bottom in Web IDE. !35847
- Package APIs moved to core. !35919
- Allow setting extra tags for Sentry exceptions with GITLAB_SENTRY_EXTRA_TAGS. !35965
- Include personal snippets size in RootStorageStatistics. !35984
- Change Alert fingerprint index to run when status is not resolved. !36024
- Update namespace statistics after personal snippet update/removal. !36031
- Add details rows to Container Registry Tags List. !36036
- Add raw snippet repository file endpoint to API. !36037
- Move monitor stage usage activity to CE. !36067
- Move release stage usage activity to CE. !36083
- Move create stage usage activity to CE. !36086
- Move plan stage usage activity to CE. !36087
- Move manage stage usage activity to CE. !36089
- Move verify stage usage activity to CE. !36090
- Move alert integrations setting to Vue. !36110
- Use new vuex store for code quality MR widget. !36120
- Remove non-unique index on `merge_request_metrics.merge_request_id` column. !36170
- Cleanup policies: display API error messages under form field. !36190
- Replace fa-comment / fa-comments icons with GitLab SVG. !36206
- Update `rack-timeout` to `0.5.2`. !36289
- Bring SAST to Core - eslint. !36392
- Replace initial dashboard loading state with a loading spinner, show dashboard skeleton earlier with smaller loading indicators. !36399
- Merge tslint secure analyzer with eslint secure analyzer. !36400
- Expose issue ID via GraphQL. !36412
- Add broken tag state to tags list items. !36442
- Fix UI quirks with pipeline schedule cron options. !36471
- Update eslint secure analyzer to analyze jsx. !36505
- Display informative error for status updates on duplicate alerts. !36527
- Change default value in application_settings.issues_create_limit to be 0. !36558
- Expose approvals fields for FOSS FE. !36564
- Move service desk feature to core. !36613
- Check WIP status after all other possible statuses. !36624
- Add new models for DAST site profiles as part of DAST on-demand scans. !36659
- Add date to x-axes timestamps. !36675
- Make the Design Collection more visible in the Issue UI. !36681
- Add correlation between trigger job and child pipeline. !36750
- Static Site Editor: Set default sublist indent spaces to four space characters. !36756
- Add managed-apps section in log explorer. !36769
- Use a Confluence icon for the project Confluence integration nav item. !36780
- Remove file_path validation in snippet create action. !36809
- Improve animations of design note selection in design management. !36927
- Add entity_path column to audit_events table. !37041
- Make DAG annotations stick. !37068
- Support multiple files when editing snippets. !37079
- Change loading MR message wording. !37181
- Assign alerts sidebar base.
- Improved UX of the code navigation popover.

### Performance (50 changes, 1 of them is from the community)

- Improve performance of commit search by limiting the number of results requested. !32260
- Add GraphQL lookahead support. !32373
- Update index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial index for secret_detection. !32584
- Add index on id and type for Snippets. !32885
- Use build_stubbed to avoid interacting with the DB in todos helper specs. !32906 (Arun Kumar Mohan)
- Optimize SQL queries on Milestone index page. !32953
- Add build report results data model. !32991
- Improve the performance for loading large diffs on a Merge request. !33037
- Adjust condition for partial indexes on services table. !33044
- Add index to issues and epics on last_edited_by_id. !33075
- Fix preconnect typo in rel link. !33255
- Add project_id, user_id, status, ref index to ci_pipelines. !33290
- Move migration related to ci_builds to post_deployment. !33416
- Remove need to call commit (gitaly call) in ProjectPipelineStatus. !33712
- Reduce redundant queries for Search API users scope. !33795
- Speed up boot time in production. !33929
- Harden CI pipelines usage data queries with an index. !34045
- Use snapshot transfers for repository shard moves when possible. !34113
- Add partial index on locked merge requets. !34127
- Improve pipeline index controller performance by resolving Gitaly N+1 calls. !34160
- Lazy load commit_date and authored_date on Commit. !34181
- Optimize container repository for groups query. !34364
- Further improve the performance for loading large diffs on a Merge request. !34516
- Paginate the notes incremental fetch endpoint. !34628
- Optimize rolling 28 days snippets counter. !34918
- Only load project license if needed. !35068
- Improve query to retrieve job artifacts with files stored locally. !35084
- Preload commits markdown cache. !35314
- Use BatchLoader for Project.forks_count to limit calls to Redis. !35328
- Rework hardening CI pipelines usage data queries with an index. !35494
- Performance improvement for job logs. !35504
- Define a namespace traversal cache. !35713
- MR diff migration: perform I/O outside of database transaction. !35734
- Resolve N+1 in Search API projects scope. !35833
- Optimize deployment counters for last 28 days. !35892
- Trigger stackprof by sending a SIGUSR2 signal. !35993
- Improve the search performance for merge requests. !36072
- Reduce number of scanned commits for code intelligence. !36093
- Improve snippet finders queries. !36292
- Swap Grape over to Gitlab::Json. !36472
- Add oj gem for faster JSON. !36555
- Replace fa-eyes-slash icons with GitLab SVG eye-slash icon. !36602
- Avoid N+1 calls for image_path when rendering commits. !36724
- Enable BulkInsertSafe on Ci::BuildNeed. !36815
- Remove optimized_count_users_by_group_id feature flag. !36953
- Remove unindexed condition on label transfer. !37060
- Speed up project creation for users with many projects. !37070
- Split query for code-nav path into two queries. !37092
- Use memoized start/finish for metrics based on issues table. !37155
- Enable CI Atomic Processing by default.

### Added (298 changes, 23 of them are from the community)

- Release generation via gitlab-ci.yml documentation. !19237
- Add rake task to verify encrypted data through secrets. !21851
- User can apply multiple suggestions at the same time. !22439 (Jesse Hall)
- Resolve Add a button to assign users who have commented on an issue. !23883
- Add custom emoji model and database table. !24229 (Rajendra Kadam)
- Resolve Graph code coverage changes over time for a project. !26174
- Add doc for custom validators in api styleguide. !26734 (Rajendra Kadam)
- Add Scheduled Job for Monitoring Monitor Group Demo Environments. !27360
- Add setting to allow merge on skipped pipeline. !27490 (Mathieu Parent)
- Add dark theme (alpha). !28252
- Show estimate on issues list. !28271 (Lee Tickett)
- Make Fixed Email Notification Generally Available. !28338 (jacopo-beschi)
- Add a link to the `renamed` viewer to fully expand the renamed file (if it's text). !28448
- Focus and toggle metrics dashboard panels via keyboard. !28603
- Remove `scoped_approval_rules` feature flag. !28864 (Lee Tickett)
- Create Group import UI for creating new Groups. !29271
- Add finder for group-level runners. !29283 (Arthur de Lapertosa Lisboa)
- Allow customization of badge key_text and key_width. !29381 (Fabian Schneider @fabsrc)
- Support Workhorse directly uploading files to S3. !29389
- Add frontend support for multiline comments. !29516
- Support first_name and last_name attributes in LDAP user sync. !29542
- Link to test reports from MR Widget. !29729
- Add link to status page detail view for status page published issues. !30249
- Add metrics dashboard name to document title. !30392
- Backfill StatusPage::Published incidents and enable a publish quick action for EE. !30906
- Add missing Merge Request fields. !30935
- Show build status on branch list. !30948 (Lee Tickett)
- Add mutation to create commits in GraphQL. !31102
- Support quick actions when editing issue, merge request, and epic descriptions. !31186
- Add GraphQL support for authored and assigned Merge Requests. !31227
- Add usage data metrics for terraform states. !31280
- Add usage data metrics for terraform reports. !31281
- Add API endpoint for listing bridge jobs. !31370 (Abhijith Sivarajan)
- SpamVerdictService can call external spam check endpoint. !31449
- Move Admin note feature to GitLab Core. !31457 (Rajendra)
- Add DAG serializer for pipelines controller. !31583
- Save repository storages in application settings with weights. !31645
- Add API endpoint for resource milestone events. !31720
- Show import in progress screen for group imports. !31731
- Add Verify/FailFast CI template. !31812
- Improve Add/Remove Issue Labels API. !31864 (Lee Tickett)
- Add mutation to create a merge request in GraphQL. !31867
- Add warning popup for Elastic Stack update. !31972
- Add API support for sharing groups with groups. !32008
- Add the container expiration policy attribute to the project GraphQL type. !32100
- Add GraphQL support for project and group labels. !32113
- Add number of database calls to Prometheus metrics and logs for sidekiq and request. !32131
- Filter pipelines by status. !32151
- Filter pipelines based on url query params. !32230
- Add metrics for Redis usage during Sidekiq job execution. !32265
- Add filters to merge request fields. !32328
- Support reading .editorconfig files inside of the Web IDE. !32378
- [Frontend] Resolvable design discussions. !32399
- Table index added to `metrics_dashboard_annotations` for future pruning of stale metrics Annotations for metrics dashboards are now checked for valid start and end dates. !32433
- Enable GitLab-Flavored Markdown processing for design links. !32446
- Filter Pipelines by Tag Name. !32470
- Adds sorting by column to alert management list. !32478
- Add project specific repository storage API. !32493
- Adapt Limitable for system-wide features. !32574
- Add application limits to instance level CI/CD variables. !32575
- Add model for project level security auto-fix settings. !32577
- Expose Jira imported issues count in GraphQL. !32580
- Organize alerts by status tabs. !32582
- Add note to ECS CI template. !32597
- Add metrics for Redis usage during web requests. !32605
- Add database and GraphQL support for alert assignees. !32609
- Set fingerprints and increment events count for Alert Management alerts. !32613
- Process stuck jira import jobs. !32643
- Allow user to add custom links to their metrics dashboard panels. !32646
- Add tags to experimental queue selector attributes. !32651
- Allow generic endpoint to receive alerts from external Prometheus. !32676
- Customize the Cloud Native Buildpack builder used with Auto Build. !32691
- Add timezone display to alert based issue start time. !32702
- Display dates on metrics dashboards in UTC time zone. !32746
- Store Todo resolution method. !32753
- Add Falco to the managed cluster apps template. !32779
- Add experience_level to user_preferences. !32784
- Add keyboard shortcuts to metrics dashboard. !32804
- Remove metrics dashboard annotations attached to time periods older than two weeks. !32838
- Monitor:Health metrics instrumenation. !32846
- Adds PostHog as a CI/CD Managed Application. !32856
- Groups API has top_level_only option to exclude subgroups. !32870
- Create operations_feature_flags_issues table. !32876
- Allow advanced API projects filtering for admins. !32879
- Add api.js methods to update issues and merge requests. !32893
- Render user-defined links in dashboard yml file on metrics dashboard. !32895
- Create group_deploy_keys_groups intermediate table. !32901
- Add accessibility report MR widget. !32902
- Add a GraphQL mutation for toggling the resolved state of a Discussion. !32934
- Added CI template for Dart. !32942 (agilob)
- Add container expiration policy objects to the GraphQL API. !32944
- Don't hide Commit tab in Web IDE when there are no changes yet. !32979
- Add column for alert slack notifications. !33017
- Add ability to insert an image via SSE. !33029
- Add user root query to GraphQL API. !33041
- Adds groupMembership and projectMembership to GraphQL API. !33049
- Alerts list pagination. !33073
- Add ApplicationSetting ui changes for repository_storages_weighted. !33096
- Resolve Feature proposal: API for import from BitBucket Server. !33097
- Add squash commits options as a project setting. !33099
- Display confirmation modal when user exits SSE and there are unsaved changes. !33103
- Add column dashboard_timezone to project_metrics_setting. !33120
- Allow the assignment of alerts to users from the alert detail view. !33122
- Add solarized dark for Web IDE. !33148
- Add support for artifacts/exclude configuration. !33170
- Add root users query to GraphQL API. !33195
- Added validation for YAML files with metrics dashboard definitions. !33202
- Create issue from alert. !33213
- Add max import file size option. !33215 (Roger Meier)
- Add system note when assigning user to alert. !33217
- Add count of alerts from all sources to usage ping. !33220
- Add button to create an issue from an alert management alert. !33221
- Add more detail to alert integration settings description. !33244
- Add Evidence to Releases GraphQL endpoint. !33254
- Add support for pasting images in the Web IDE. !33256
- Add ProjectAccessToken table. !33272
- Automatically resolve alert when associated issue closes. !33278
- Add Jira Importer user mapping form. !33320
- Add `link_type` to `ReleaseLink` GraphQL type. !33386
- Add setting to enable and disable shared Runners for a group and its descendants. !33411 (Arthur de Lapertosa Lisboa)
- Add  members to project graphQL endpoint. !33418
- Update Static Site Editor WYSIWYG mode to hide front matter. !33441
- Added delete action for Dashboard Annotations in GraphQL. !33468
- Create graphQL endpoint for Jira users import. !33501
- Support IAP protected prometheus installations. !33508
- New instance-level variables UI. !33510
- Add design activity in event streams. !33534
- Allow developer role read-only access to Terraform state. !33573
- Add support for `git filter-repo` to repository cleanup. !33576
- Close open reply input fields in the design view sidebar when leaving a new comment. !33587
- Add dashboard schema validation warnings as metrics dashboard GraphQL field. !33592
- Add time range to user-defined links in metrics dashboard. !33663
- Increase events count for Prometheus alerts. !33706
- Add dashboard validation warning to metrics dashboard. !33769
- Track pod logs refresh action. !33802
- Expose all Jira projects endpoint through a GraphQL. !33861
- Add secret detection template. !33869
- Add new path to access project metrics dashboard. !33905
- Add new raw snippet blob endpoint. !33938
- Add DAG visualization MVC. !33958
- Introduce a feature flag for Vue-based UI for all import providers. !33980
- Add sticky title on Issue pages. !33983
- Allow policies to override parent rules. !33990
- Allow Release asset links to be associated with a type. !33998
- Support user-defined Grafana links in metrics dashboard. !34003
- Adds AWS guidance to CI/CD > Add Variable modal. !34009
- Show custom attributes within Admin Pages. !34017 (Roger Meier)
- Enable Slack notifications for alerts. !34038
- Container expiration policy regular expressions are now validated. !34063
- Add todo when alert is assigned to a user. !34104
- Track merge requests submitted by Static Site Editor. !34105
- Turn off alert issue creation by default. !34107
- Add detailed logs of each Redis instance usage during job execution and web requests. !34110
- Support metrics dashboard with file name. !34115
- Add API to schedule project repository storage moves. !34119
- Update diff discussion positions on demand. !34148
- Add ability for user to manually create a todo for an alert. !34175
- Add validation step on backend for metrics dashboard links. !34204
- Track when Static Site Editor is initialized. !34215
- Bring SAST to Core - brakeman. !34217
- Mask key comments when exposing SSH/Deploy Keys via the API. !34255
- Convert `:release` yaml to `release-cli` commands. !34261
- Validate regex before sending them to CleanupContainerRepositoryWorker. !34282
- Create vulnerability_statistics table. !34289
- Add secret_detection to DOWNLOADABLE_TYPES. !34313
- Enable ability to assign alerts to users with corresponding system notes and todos. !34360
- Rolling 28 day time period counters for snippets. !34363
- Add regex fields to the container expiration policy update mutation. !34389
- Display Multiple Terraform Reports in MR Widget. !34392
- Highlight commented rows. !34432
- Add ci_builds_metadata.secrets column. !34480
- Enable CI Inheriting Env Variables feature. !34495
- Show tooltip on error detail page when hovering over dates. !34506
- Show notification about empty stacktrace. !34517
- Add native code intelligence. !34542
- Add global setting to disable/enable email notification on unknown sign-ins. !34562
- Bump cluster-applications version to v0.20.0. !34569
- Send fixed pipeline notification by default. !34589
- Add search argument for AlertStatusCountsResolver. !34596
- Add clusters_applications_cilium DB table. !34601
- Fetch metrics dashboard templating variable options using a Prometheus query. !34607
- Add Jira users mapping to start Jira import mutation. !34609
- Allow CI_JOB_TOKEN for authenticating to the Terraform state API. !34618
- Search plain text in alert list frontend. !34631
- Trigger unsaved changes warning in snippets on navigating away. !34640
- Add Cilium to the ParseClusterApplicationsArtifactService. !34695
- Use new icon for api preview. !34700 (Roger Meier)
- Remove partial clone feature flag. !34703
- Ability to use an arbitrary YAML blob to create CI pipelines. !34706
- Upgrade GitLab Pages to 1.19.0. !34730
- Add CI_PROJECT_ROOT_NAMESPACE predefined environment variable. !34733
- Add override selector for project-level integrations. !34742
- Create namespace_limits table with additional purchase columns. !34746
- Add mutation to update merge requests. !34748
- Add plan limits for max size per artifact type. !34767
- Add package scope validation to Node.js template. !34778
- Expose project deploy keys for autocompletion. !34875
- Block invalid URLs in metrics dashboard chart links. !34888
- Add release data to GraphQL endpoint. !34937
- Add ref, released_at, milestones to release yml. !34943
- Add option to unassign member from issuables when removing them from a project. !34946
- Add diff stats fields to merge request type. !34966
- Bump Gitaly to v13.2.0-rc1. !34977
- Add prometheus_alert_id and environment_id to Alert management alerts. !34995
- Add full width to single charts in a row. !34999
- Support extensibility for Editor Lite. !35008
- Add snippets_size to ProjectStatistics. !35017
- Add SnippetStatistics model. !35026
- Add metrics settings menu to dashboard header. !35028
- Surface metrics charts on the alert detail page. !35044
- Add milestone stats to GraphQL endpoint. !35066
- Add a custom HTML renderer to the Static Site Editor for markdown identifier syntax. !35077
- Expose ref, milestones, released_at to releaser-cli. !35115
- Add snippet statistics logic. !35118
- Allow files with .md.erb extension for the Static Site Editor. !35136
- Add migration for experimental product analytics table. !35168
- Extend ECS Deploy template with Fargate jobs. !35173
- Upgrade Pages to 1.20.0. !35177
- Automatically close related issue when resolving Alert Management Prometheus Alert. !35208
- Create API to retrieve resource state events. !35210
- Allow diffs to be viewed file-by-file. !35223 (rinslow)
- Add indices for projects with disable_overriding_approvers_per_merge_request. !35224
- Log name of class that failed to obtain exclusive lease. !35228
- Render source job info in TriggeredPipelineEntity. !35232
- Add refresh rate options to dashboard header. !35238
- Add annotation component for DAG. !35240
- Add a custom HTML renderer to the Static Site Editor for embedded ruby (ERB) syntax. !35261
- Display metric label in single stat. !35289
- Add issue column to alert list. !35291
- Expose metrics dashboard URL for alert GraphQL query. !35293
- Allow diffing changes in wiki history. !35330 (gwhyte, Steve Mokris)
- Added support for reordering issues to the v4 API. !35349 (Joel @jjshoe, Lee Tickett @leetickett)
- Add 'not' params to MergeRequests API endpoint. !35391
- Implement GraphQL query to generate JSON for SAST config UI. !35397
- Add system notes for status updates on alerts. !35467
- Enable S3 Workhorse client if consolidated object settings used. !35480
- Rolling 28 day time period counter for deployments. !35493
- Add log statements to Projects::ContainerRepository::DeleteTagsService. !35539
- Provide a label for 'Scheduled Pipeline' in the pipelines overview page. !35554
- Add note about SSH key title being public information. !35574
- Add todo pill styling for resolved alert. !35579
- Add support for Markdown in the user's bio. !35604 (Riccardo Padovani)
- Introduce prepare environment action to annotate non-deployment jobs. !35642
- Add custom Dockerfile paths to Auto DevOps Build stage with DOCKERFILE_PATH. !35662 (thklein)
- Add MergeRequest.diffStatsSummary.fileCount to graphql API. !35685
- Introduces Group Level Delayed Project Removal Setting. !35689
- Update cluster-applications to 0.23.0. !35691
- Resolve user's todo when an alert is resolved. !35700
- Show when alert is new in the Alerts list. !35708
- Convert Import/Export rate limits to configurable application settings. !35728
- Add installed state metrics for Cilium cluster application. !35808
- Add support for linting based on schemas in WebIDE. !35838
- Add a metrics settings button to the dashboard header. !35848
- Prevent a project bot from being removed as member. !35899
- Add background_migration_jobs table to trace background migrations. !35913
- Allow prefixing with Draft to mark MR as WIP. !35940
- FindRemoteRepository is storage scoped. !35962
- Include project and subgroup milestones on Roadmap page. !35973
- Todo Mutations should return the mutated todos. !35998
- Add API support for instance-level Kubernetes clusters. !36001
- Add count to imported Jira issues message. !36075
- Add temporary storage increase column. !36107
- Remove generic_alert_fingerprinting feature flag. !36148
- Upgrade GitLab Pages to 1.21.0. !36214
- Move approvals endpoints to FOSS version. !36237
- Add initial custom HTML renderer to the Static Site Editor to prevent editing in WYSIWYG mode. !36250
- Open new alert when existing alert is resolved. !36261
- Add custom avatars for Alert and Support Bot. !36269
- Add PagerDuty integration columns to `project_incident_management_settings` table. !36277
- Enable Alerts dropdown in Operations Settings. !36296
- Add number of approval project rules to usage ping. !36316
- Add namespace settings table. !36321
- Add a custom HTML renderer to the Static Site Editor for HTML block syntax. !36330
- Expose gitlab managed apps logs inside log explorer. !36336
- Add keyboard shortcut ('b') to copy MR source branch name on MR page. !36338
- Add a custom HTML renderer to the Static Site Editor for font awesome inline HTML syntax. !36361
- Add system note for alert when creating issue. !36370
- Periodically update container registry type settings. !36415
- Expands Jira integration to allow viewing and searching a list of of Jira issues directly within GitLab. !36435
- Show Approve button on merge requests in Core. !36449
- Measure adoption of package registry. !36514
- If a user does not have write access to repo, but a fork exists, the Web IDE button should take them to the fork. !36548
- Enable Batch Suggestins feature flag by default. !36561
- Add default and non-default branch jobs for secret detection. !36570
- Add a custom HTML renderer to the Static Site Editor for markdown identifier instance syntax. !36574
- Add docs for Alert trigger test alerts. !36647
- Support short urls for custom metrics dashboards. !36740
- Update cluster-applications to 0.24.2. !36768
- Add new Confluence integration for projects. !36781
- Add confidential attribute to public API for notes creation. !36793
- Add confidential attribute to graphQL for notes creation. !36799
- Prometheus instances behind Google IAP can now be accessed via manual configurations. !36856
- GraphQL mutation for changing locked status of an issue. !36866
- Default the feature flag to true to always show the default initial branch name setting. !36889
- Enable feature flag 'sectional_codeowners' Sections for Code Owners. !36902
- Add pagination to iterations list. !37052
- Add Jsonnet template for GitLab. !37058
- Enable design activity events by default. !37107

### Other (137 changes, 45 of them are from the community)

- Improve fast-forward merge is not possible message. !22834 (Ben Bodenmiller)
- Add node ci template. !25668
- Deduplicate merge_request_metrics table. !29566
- Remove unused WAF indexes from CI variables. !30021
- Update the visual design of badges in some areas. !31646
- Extract featurable concern from ProjectFeature. !31700 (Alexander Randa)
- Remove update function logic from list model. !31900 (nuwe1)
- Remove nextpage function logic from list model. !31904 (nuwe1)
- Squash database migrations prior to 2019 into one. !31936
- Update deprecated slot syntax in app/assets/javascripts/reports/components/grouped_test_reports_app.vue. !31975 (Gilang Gumilar)
- Replace slot syntax for Vue 3 migration. !31987 (gaslan)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue. !31994 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue. !31995 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue. !32010 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/environments/components/environments_app.vue. !32011 (Gilang Gumilar)
- Remove setLoadingState logic from issue model. !32226 (nuwe1)
- Remove addAssignee logic from issue model. !32231 (nuwe1)
- Remove addLabel Logic from issue models. !32233 (nuwe1)
- Remove addMilestone logic from issue model. !32235 (nuwe1)
- Remove destroy function logic from list model. !32237 (nuwe1)
- Remove findAssignee logic from issue model. !32238 (nuwe1)
- Remove findLabel logic from issue model. !32239 (nuwe1)
- Remove findIssue logic from list model. !32241 (nuwe1)
- Remove moveIssue logic from list model. !32242 (nuwe1)
- Remove moveMultipleIssues logic from issue model. !32243 (nuwe1)
- Remove newIssue logic from list model. !32244 (nuwe1)
- Remove onNewIssueResponse logic from list model. !32245 (nuwe1)
- Remove removeAllAssignees logic from issue model. !32247 (nuwe1)
- Remove removeAssignee logic from issue model. !32248 (nuwe1)
- Clarify verbiage for stuck job messages. !32250
- Remove removeLabel logic from issue model. !32251 (nuwe1)
- Remove removeLabels logic from issue model. !32252 (nuwe1)
- Remove removeMilestone logic from issue model. !32253 (nuwe1)
- Remove removeMultipleIssues logic from list model. !32254 (nuwe1)
- Remove setFetchingState logic from issue model. !32255 (nuwe1)
- Remove updateData logic from issue model. !32256 (nuwe1)
- Update U2F docs for Firefox 67+. !32289 (Takuya Noguchi)
- Update alert management mobile table alignment. !32295
- Include available instance memory in usage ping. !32315
- Moves merge request reviews into Core. !32558
- Update GitLab Runner Helm Chart to 0.17.0. !32634
- Add snowplow tracking for logs page. !32704
- Extend "Remember me" token after each login. !32730
- Assign alerts sidebar container fix. !32743
- Add anchor for creating a branch. !32745
- Tidy. !32759 (Lee Tickett)
- Less verbose JiraService error logs. !32847
- Reduced padding and increased emphasis of titles within the epic tree. !32873
- Add source to resource state events. !32924
- Remove obsolete users.ghost column. !32957
- Move NoPrimary table def to last context in spec. !33015 (Rajendra Kadam)
- Document github rate limit behavior. !33090
- Added build_id column to requirements_management_test_reports table. !33184
- Add version history information on U2F support. !33229 (Takuya Noguchi)
- Convert IP spoofing errors into client errors. !33280
- Update docs to reflect move web IDE Terminal and file sync to Core. !33419
- Add hovering icon for sorting columns on alert management list. !33429
- Upgrade Grape v1.1.0 to v1.3.3. !33450
- Avoid javascript for omniauth logins. !33459 (Diego Louzán)
- Add opacity transition to active design discussion pins. !33493
- Update GitLab Runner Helm Chart to 0.17.1. !33504
- Store pipeline creation errors and warnings into Ci::PipelineMessage. !33762
- Make project selector in various dashboard more translatable. !33771
- Update Workhorse to v8.35.0. !33817
- Remove FF hide_token_from_runners_api. !33947
- Bump omniauth_openid_connect to 0.3.5. !34030 (Roger Meier)
- Specify tiers for SAML SSO at self-hosted plans. !34040 (Takuya Noguchi)
- Backfill failed imported snippet repositories. !34052
- Use GitLab SVG icon for file attacher action. !34196
- Suppress progress on pulling on Performance Test. !34368 (Takuya Noguchi)
- Update icon associated with attach a file actions. !34401
- Add GraphQL snippet FileInputType. !34442
- Move filter code into finder. !34470 (Ravishankar)
- Update blue hex values to match GitLab UI. !34530
- Remove legacy job log rendering. !34538
- Update red hex values to match GitLab UI. !34544
- Update green hex values to match GitLab UI. !34547
- Validate the existing not null constraints on columns for ci_job_artifacts, lfs_objects, and uploads tables. !34568
- Move HasStatus module to the Ci namespace. !34577 (blackst0ne)
- Update pinned links to use GlButton. !34620
- Add machine/sysname/release in topology usage ping. !34627
- Remove build dependencies on code quality and license scanning. !34659
- Add :section to approval_merge_request_rule unique index. !34680
- Replace double angle icons with double chevron. !34736
- Update Workhorse to v8.36.0. !34759
- Update heart icon from FontAwesome to GitLab SVG. !34777
- Fix broken CSS for system notes. !34870
- Fix Gitaly duration tracking of RefService RPCs. !34904
- Fix Gitaly duration timings of BlobService RPCs. !34906
- Fix Gitaly duration timings for conflicts and search RPCs. !34909
- Add validation for move action in SnippetInputAction. !34911
- Fix Gitaly duration timings for other CommitService RPCs. !34933
- Add project_key column to jira_tracker_data table. !34949
- Update GitLab Runner Helm Chart to 0.18.0. !34969
- Copy snippet route under - scope. !35020
- Copy project snippet routes under - scope. !35022
- Removes monkey patch to generate 6.0.3 style token. !35104
- Create time-space partitions in separate schema gitlab_partitions_dynamic. !35137
- Edit copy of DAG unsupported data alert. !35170
- Move configuration for Alerts endpoint from "Settings > Integration" to "Settings > Operations > Alerts". !35187
- Clean up GitlabIssueTrackerService database records. !35221
- Throttle ProjectUpdateRepositoryStorageWorker Jobs. !35230
- Suppress progress on docker pulling in builtin templates. !35253 (Takuya Noguchi)
- Create schema for static partitions. !35268
- Add default_branch_name to application_settings. !35282
- Upgrade Gitaly to 13.2.0-rc2. !35345
- Drop partitions_dynamic schema if it exists. !35426
- Avoid grouping statement timeouts in Sentry. !35479
- Database migration to add project_settings.has_confluence. !35485
- Update UI links to docs in core features. !35488
- Update Sidekiq to v5.2.9. !35495
- Move profiles/keys#get_keys to users#ssh_keys. !35507 (Takuya Noguchi)
- Add default_branch_name to ApplicationSettings visible attrs. !35681
- Update GitLab Runner Helm Chart to 0.18.1. !35712
- Prepare database for WebAuthn. !35797 (Jan Beckmann)
- Remove dead Elasticsearch indexing code. !35936
- Add alias expansion to Terraform documentation. !35941 (zmeggyesi)
- Hide dropdown header on list view. !35954
- Update GitLab Elasticsearch Indexer. !35966
- Restore the search autocomplete for groups/project/other. !35983
- Add issues_enabled column to jira_tracker_data table. !35987
- Normalize the 'thumb-up', 'thumb-down' icon. !35988
- Add migration to drop unused daily report results table. !36102
- Updating $gray-200 hex value and remapping current instances to $gray-100. !36128
- Removes ci_ensure_scheduling_type feature flag. !36140
- Update more UI links to docs in core features. !36174
- Format graphql files with prettier. !36244
- Replace FA play icon with svg in pipeline schedule and admin runner page. !36379
- Backfill project snippet statistics. !36444
- Expose blob mode in GraphQL for repository files. !36488
- Drop index of ruby objects in details on audit_events table. !36547
- Expand Operations > Alerts section by default via link follow through. !36649
- Update snippets housecleaning docs. !36715
- Update Rouge to v3.21.0. !36942
- Update GITLAB_WORKHORSE_VERSION to 8.37.0. !36988
- Track the number of unique users who push, change wikis and change design managerment.
- Remove removeIssue logic from list model. (nuwe1)


## 13.1.10 (2020-09-02)

### Security (1 change)

- Protect OAuth endpoints from brute force/password stuffing.


## 13.1.9 (2020-09-02)

### Security (23 changes, 1 of them is from the community)

- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.18.3.


## 13.1.8 (2020-08-18)

- No changes.

## 13.1.7 (2020-08-17)

### Security (2 changes)

- Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy.
- Project access is checked during deploy token authentication.


## 13.1.6 (2020-08-05)

### Security (11 changes)

- Add decompressed archive size validation on Project/Group Import. !562
- Enforce 2FA on Doorkeeper controllers.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Revoke OAuth grants when a user revokes an application.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.
- Update GitLab Runner Helm Chart to 0.17.2.


## 13.1.5 (2020-07-23)

- No changes.

## 13.1.3 (2020-07-06)

- No changes.

## 13.1.2 (2020-07-01)

### Security (18 changes)

- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.


## 13.1.1 (2020-06-23)

### Fixed (4 changes)

- Fix missing templating vars set from URL in metrics dashboard. !34668
- Fix edit status dropdown overflow. !34847
- Load user before logging git http-requests. !34923
- Do not mask key comments for DeployKeys. !35014

### Added (1 change)

- Periodically recompute project authorizations. !34071


## 13.1.0 (2020-06-22)

### Removed (4 changes, 2 of them are from the community)

- Remove deprecated dashboard & group milestone pages. !13237
- Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna)
- Remove all search autocomplete for groups/projects/other. !31187
- Remove temporary datepicker position fix as it is no longer required. !31836 (Arun Kumar Mohan)

### Fixed (154 changes, 57 of them are from the community)

- Fix 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan)
- Fix back button when switching MR tabs. !29862 (Lee Tickett)
- Remove ability to scroll Issue while in Design View. !29881
- Fix merge request note label URLs. !30428 (Lee Tickett)
- Fix default path when creating project from group template. !30597 (Lee Tickett)
- Group authorization refresh to consider shared groups. !31204
- Fix group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta)
- Fix issuable listings with any label filter. !31729
- Move prepend to last in ee-app-services. !31838 (Rajendra Kadam)
- Fallback to lowest visibility level in snippet visibility radio. !31847 (Jacopo Beschi @jacopo-beschi)
- Add class stubs and fix leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam)
- Remove usage of spam constants in spec. !31959 (Rajendra Kadam)
- Fix leaky constant issue in uninstall progress service check. !32036 (Rajendra Kadam)
- Fix leaky constant issue in commit entity spec. !32039 (Rajendra Kadam)
- Fix leaky constant issue in task completion status spec. !32043 (Rajendra Kadam)
- Fix leaky constant issue in admin mode migration spec. !32074 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware server metric spec. !32104 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware client metric spec. !32108 (Rajendra Kadam)
- Fix leaky constant issue in path regex spec. !32115 (Rajendra Kadam)
- Fix leaky constant issue importer and cache headers spec. !32122 (Rajendra Kadam)
- Fix leaky constant issue in relation factory spec. !32129 (Rajendra Kadam)
- Fix leaky constant issue in test coverage spec. !32134 (Rajendra Kadam)
- Prevent emails to user on expiry of impersonation token. !32140
- Fix leaky constant issue in diff collection spec. !32163 (Rajendra Kadam)
- Fix leaky constant issue in migration helpers, with lock retries and ignored cols spec. !32170 (Rajendra Kadam)
- Fix leaky constant issue in factory spec. !32174 (Rajendra Kadam)
- Fix leaky constant issue in creds factory spec. !32176 (Rajendra Kadam)
- Use applogger in project import state file. !32182 (Rajendra Kadam)
- Use applogger in project.rb. !32183 (Rajendra Kadam)
- Use applogger in chat_team.rb. !32184 (Rajendra Kadam)
- Use applogger in repository model. !32185 (Rajendra Kadam)
- Use applogger in build and ssh host key. !32187 (Rajendra Kadam)
- Use applogger in cache attrs and highest role ruby files. !32189 (Rajendra Kadam)
- Use applogger in legacy project and namespace. !32190 (Rajendra Kadam)
- Use applogger in base.rb. !32191 (Rajendra Kadam)
- Use applogger in usage ping and webhook service. !32192 (Rajendra Kadam)
- Use applogger in exclusive_lease_guard. !32194 (Rajendra Kadam)
- Use applogger in groups destroy service and label create service. !32195 (Rajendra Kadam)
- Use applogger in merge_service.rb. !32196 (Rajendra Kadam)
- Use applogger in project create service and after import service. !32198 (Rajendra Kadam)
- Use applogger in update stats service. !32200 (Rajendra Kadam)
- Use applogger in base attachment service. !32201 (Rajendra Kadam)
- Use applogger in export service. !32203 (Rajendra Kadam)
- Use applogger in akismet service. !32205 (Rajendra Kadam)
- Use applogger in file mover file. !32206 (Rajendra Kadam)
- Use applogger in commit signature worker. !32207 (Rajendra Kadam)
- Use applogger in delete user worker. !32209 (Rajendra Kadam)
- Use applogger in email receiver worker. !32211 (Rajendra Kadam)
- Use applogger in artifact worker. !32212 (Rajendra Kadam)
- Use applogger in new note worker. !32213 (Rajendra Kadam)
- Fix duplicate filename displayed in design todos. !32274 (Arun Kumar Mohan)
- Add value length validations for instance level variable. !32303
- Resolve image overflow at releases list panel. !32307
- Clean up shared/tmp folder after Import/Export. !32326
- Fix creating release evidence if release is created via UI. !32441
- GraphQL hasNextPage and hasPreviousPage return correct values. !32476
- Fix loading and empty state styling for alerts list. !32531
- Resolve incorrect x-axis padding on the Environments Dashboard. !32533
- Fix time_tracking help link. !32552
- Don't display confidential note icon on confidential issue public notes. !32571
- Update container expiration policy database defaults. !32600
- Fix rendering of emojis in status tooltips. !32604
- Hid copy contents button when blob has rendering error. !32632
- Avoid refresh to show endedAt after mutation. !32636
- Fix for metrics creation when saving MR. !32668
- Skip the individual JIRA issues if failed to import vs failing the whole batch. !32673
- Hide "Import from Jira" option from non-entitled users. !32685
- Fix broken help link on operations settings page. !32722
- Allow different in bulk editing issues. !32734
- Fix whitespace changes overgrowing the diff container. !32774
- Improve spacing and wrapping of group actions buttons and stats in group list view. !32786
- Fix "Broadcast Messages" table overflow and button alignment. !32801
- Fix 404 when downloading a non-archive artifact. !32811
- Make commits author button confirm to Pajamas specs. !32821
- Fix filename duplication in design notes in activity feeds. !32823 (Arun Kumar Mohan)
- Prevent multiple Auto DevOps deployment jobs running concurrently when using manual rollout. !32824
- Implement displaying downstream pipeline error details. !32844
- Fix Runner heartbeats that results in considering them offline. !32851
- Conan package registry support for the conan_export.tgz file. !32866
- Fix plural message in account deletion section. !32868
- Fix atomic processing bumping a lock_version. !32914
- AsciiDoc: Add support for built-in alignment roles. !32928 (mnrvwl)
- Fix a bug where some Vue apps would be unable to load when DAG tab is disabled. !32966
- Fix undefined error in Gitlab::Git::Diff. !32967
- Fix spelling error on Ci::RunnersFinder. !32985 (Arthur de Lapertosa Lisboa)
- Fix polling for resource events. !33025
- Fix broken CSS classes inside alert management list. !33038
- Fix bug in snippet create mutation with non ActiveRecord errors. !33085
- Fix overflow issue in MR and Issue comments. !33100
- Fix alignment of button text on the Edit Release page. !33104
- Deduplicate URL parameters when requesting merge request diffs which causes diffs load to fail. !33117
- Fix tabbing through form fields in projects/new flow. !33209
- Fix incorrect commit search results returned when searching with ref. !33216
- Fix NoMethodError by using the correct method to report exceptions to Sentry. !33260
- Fix KaTeX font paths. !33338
- Resolve Fix Incomplete Kubernetes Cluster Status List. !33344
- Fix auto-merge not running after discussions resolved. !33371
- Fix bug in snippets updating only file_name or content. !33375
- Fix invisible emoji modal on Set Status form when clicked the second time. !33398
- vertically center action icon in the CI pipeline. !33427 (Nathanael Weber)
- Wrap auto merge parameters update in database transaction. !33471
- Return 404 response when redirecting request with invalid url. !33492
- Fix ambiguous string concatenation on CleanupProjectsWithMissingNamespace. !33497
- Fix snippet repository import edge cases. !33506
- Rust CI template: Replace --all with --workspace on cargo test. !33517 (Markus Becker)
- Make markdown textarea links tab-accessible. !33518
- Pass hard delete option to snippets bulk destroy. !33520
- Fix CI rules for ECS related jobs. !33527
- Update GitLab Workhorse to v8.34.0. !33543
- Fix snippet repository import fail with older export files. !33584
- Web IDE: Create template files in the folder from which new file request was made. !33585 (Ashesh Vidyut)
- Improve header acccessibility. !33603
- Remove non migrated snippets from failed imports. !33621
- Prevent duplicate issues when importing from CSV. !33626
- Fix sidebar spacing for alert details. !33630
- Fix linking alerts to created issues for the Generic alerts intergration. !33647
- Resolve spacing ux debt on Release assets form field. !33684
- Fix pagination link header. !33714 (Max Wittig)
- Fix Value Stream Analytics summary when using non-english locale. !33717
- Fix bug with variable substitution in alerts. !33772
- Allow wiki pages with +<> characters in their title to be saved. !33803
- Fix force_remove_source_branch not working in API. !33804
- Fix prometheus alerts not being automatically created. !33806
- Fix pagination for resource label events. !33821
- Fix relative URL root in wiki_base_path. !33841
- Return code navigation path for nil diff_refs. !33850
- Record audit event when an admin creates a new SSH Key for a user via the API. !33859 (Rajendra Kadam)
- Do not create duplicate issues for exising Alert Management alerts. !33860
- Add link text to collapsed left sidebar links for screen readers. !33866
- Update text in error tracking list error message. !33872
- Adjust wrong column reference for ResetMergeStatus (background job). !33899
- Fixed dashboard YAML file validaiton for files which do not contain object as root element. !33935
- Fix design note scrolling. !33939
- Update validates_hostname gem with support for more TLDs. !34010
- Update wording of addMultipleToDiscussionWarning. !34088
- Show all storages in settings. !34093
- Set author as nullable in snippet GraphQL Type. !34135
- Fix rendering of very long paths in merge request file tree. !34153
- Remove not null constraint from events tables. !34190
- Ensure we always generate a valid wiki event URL. !34191
- Send information about attached files to the GraphQL mutation. !34221
- Update issue limits template to use minutes. !34254
- Add route for the lost-and-found group and update the route of orphaned projects. !34285
- GraphQL - properly handle pagination of millisecond-precision timestamps. !34352
- Fix 500 error in BlobController#delete. !34367
- Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup, a fix for multiline K8S_SECRET variables, updated Helm to 2.16.7 and glibc to 2.31. !34399 (verenion)
- Fix issues with scroll on iOS / iPad OS. !34486
- Fix order of integrations to be sorted alphabetically. !34501
- Fix undefined method error. !34522
- Use Keys::DestroyService for deleting an SSH key when an admin deletes a key via the API. !34535 (Rajendra Kadam)
- Removed default artifact name for Terraform template. !34557
- Footer system message fix.
- Set experiementation cookie for GitLab domain only.
- Add DS detection of build.gradle.kts.

### Changed (76 changes, 5 of them are from the community)

- Add a GraphQL endpoint to fetch Jira projects through its REST API. !28190
- Change legends in monitor dashboards to tabular layout. !30131
- Move pipelines routing under /-/ scope. !30730
- Set markdown toolbar to use hyphens for lists. !31426
- Use sprites for comment icons on Commits. !31696
- Rate limit project export by user. !31719
- Reorder diffs compare versions dropdowns. !31770 (Gilang Gumilar)
- Enable the `in this group` action in the Search dropdown. !31939
- Externalize i18n strings from ./app/views/shared/_promo.html.haml. !32109 (Gilang Gumilar)
- Add Usage Ping count for all searches. !32111
- Add tags_count to container registry api and controller. !32141
- Externalize i18n strings from ./app/views/shared/milestones/_sidebar.html.haml. !32150 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_form_dates.html.haml. !32162 (Gilang Gumilar)
- Improve Container Registry UI header. !32424
- Added node size to cluster index. !32435
- Update operations metrics settings title and description to make them general. !32494
- Track merge_requests_users usage data. !32562
- Adds cluster CPU and Memory to cluster index. !32601
- Allow the snippet create service to accept an array of files. !32649
- Move review related controllers/workers outside EE. !32663
- Move the Members section from settings to the side nav for projects. !32667
- Show more context in unresolved jump button. !32737
- Exclude extra.server fields from exceptions_json.log. !32770
- Improve new/unknown sign-in email styling. !32808
- Allow the snippet update service to accept an array of files. !32832
- Add new issue link to email notification header. !32833
- Bump cluster-applications to 0.17.0, which updates Runner to 0.17.0 and Cilium to 1.7.4. !32931
- Update artifacts section to show when an artifact is locked. !32992
- Include tag count in the image repository list. !33027
- Clean up gitlab-shell install-from-source path. !33057
- Increase LFS token default time to 2 hours. !33140
- Add explicit mention of Merge request in Slack message. !33152
- Expose `release_links.type` via API. !33154
- Add link_type column to release_links table. !33156
- Move broadcast notification dismiss button to the top. !33174
- Remove null constraint for JID in GroupImportState. !33181
- Added provider type icon to cluster list. !33196
- Remove search icon from Project find file button. !33198
- Refine SAST language detection by frameworks. !33226
- Render Merge request reference as link. !33248
- Upgrade to Gitaly v13.1.0-rc1. !33302
- Show disabled suggestion button with tooltip message. !33357
- Add update validations to SnippetInputAction. !33379
- Add snippet DB visibility check in spec. !33388 (Jacopo Beschi @jacopo-beschi)
- Add Hugo logo to project templates. !33402
- Add GitBook logo to project templates. !33403
- Add GoMicro logo to project templates. !33404
- Add Jekyll logo to project templates. !33405
- Add Hexo logo to project templates. !33406
- Rename Add Designs button. !33491
- Add CPU, memory usage charts to self monitoring default dashboard. !33532
- Add database migrations to design_management_designs.filename to enforce a 255 character limit, and modify any filenames that exceed that limit. !33565
- Track Sentry error status updates with dedicated actions. !33623
- Alert Managament: Change sorting order to have newest alerts first. !33642
- Add blobs field to SnippetType in GraphQL. !33657
- Format metrics column chart x axis dates. !33681
- Style ToastUI contextual menus. !33719
- Update Auto deploy image to v0.16.1, introducing support for AUTO_DEVOPS_DEPLOY_DEBUG. !33799
- Add whether instance has Auto DevOps enabled to usage ping. !33811
- Update local IP address and domain name allow list input label. !33812
- Add date time format to the monitor stacked-column chart. !33814
- Allow Tf Plan to genrate multiple reports. !33867
- Remove async_merge_request_check_mergeability feature flag. !33917
- Filter potentially-sensitive Sidekiq arguments from logs and Sentry. !33967
- Update Static Site Editor toolbar to group inline-code and code-block buttons together. !34006
- Set default values for SAST_EXCLUDED_PATHS and DS_EXCLUDED_PATHS. !34076
- Add ability to filter self monitoring resource usage charts by instance name. !34084
- Pick repository storage based on weight. !34095
- Display error for YAML files that are too large. !34199
- Change copy of webhooks / integration help text. !34301
- Update board header icons. !34366
- Show Redis instance in performance bar. !34377
- Add secret detection template to Auto DevOps. !34467
- Add allowed actions to snippet input action. !34499
- Change from vendor specific to Gitlab. !34576
- Assign alerts sidebar base.

### Performance (19 changes, 1 of them is from the community)

- Improve performance of commit search by limiting the number of results requested. !32260
- Add GraphQL lookahead support. !32373
- Update index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial index for secret_detection. !32584
- Add index on id and type for Snippets. !32885
- Use build_stubbed to avoid interacting with the DB in todos helper specs. !32906 (Arun Kumar Mohan)
- Optimize SQL queries on Milestone index page. !32953
- Add build report results data model. !32991
- Adjust condition for partial indexes on services table. !33044
- Add index to issues and epics on last_edited_by_id. !33075
- Fix preconnect typo in rel link. !33255
- Add project_id, user_id, status, ref index to ci_pipelines. !33290
- Move migration related to ci_builds to post_deployment. !33416
- Reduce redundant queries for Search API users scope. !33795
- Speed up boot time in production. !33929
- Harden CI pipelines usage data queries with an index. !34045
- Add partial index on locked merge requets. !34127
- Lazy load commit_date and authored_date on Commit. !34181
- Optimize container repository for groups query. !34364
- Enable CI Atomic Processing by default.

### Added (149 changes, 14 of them are from the community)

- Add rake task to verify encrypted data through secrets. !21851
- User can apply multiple suggestions at the same time. !22439 (Jesse Hall)
- Resolve Add a button to assign users who have commented on an issue. !23883
- Resolve Graph code coverage changes over time for a project. !26174
- Add doc for custom validators in api styleguide. !26734 (Rajendra Kadam)
- Add Scheduled Job for Monitoring Monitor Group Demo Environments. !27360
- Add setting to allow merge on skipped pipeline. !27490 (Mathieu Parent)
- Add dark theme (alpha). !28252
- Show estimate on issues list. !28271 (Lee Tickett)
- Make Fixed Email Notification Generally Available. !28338 (jacopo-beschi)
- Add a link to the `renamed` viewer to fully expand the renamed file (if it's text). !28448
- Focus and toggle metrics dashboard panels via keyboard. !28603
- Remove `scoped_approval_rules` feature flag. !28864 (Lee Tickett)
- Create Group import UI for creating new Groups. !29271
- Add finder for group-level runners. !29283 (Arthur de Lapertosa Lisboa)
- Allow customization of badge key_text and key_width. !29381 (Fabian Schneider @fabsrc)
- Support Workhorse directly uploading files to S3. !29389
- Add frontend support for multiline comments. !29516
- Support first_name and last_name attributes in LDAP user sync. !29542
- Add link to status page detail view for status page published issues. !30249
- Add metrics dashboard name to document title. !30392
- Backfill StatusPage::Published incidents and enable a publish quick action for EE. !30906
- Add missing Merge Request fields. !30935
- Show build status on branch list. !30948 (Lee Tickett)
- Add mutation to create commits in GraphQL. !31102
- Add GraphQL support for authored and assigned Merge Requests. !31227
- Add usage data metrics for terraform states. !31280
- Add usage data metrics for terraform reports. !31281
- Add API endpoint for listing bridge jobs. !31370 (Abhijith Sivarajan)
- SpamVerdictService can call external spam check endpoint. !31449
- Move Admin note feature to GitLab Core. !31457 (Rajendra)
- Add DAG serializer for pipelines controller. !31583
- Save repository storages in application settings with weights. !31645
- Add API endpoint for resource milestone events. !31720
- Show import in progress screen for group imports. !31731
- Add Verify/FailFast CI template. !31812
- Improve Add/Remove Issue Labels API. !31864 (Lee Tickett)
- Add mutation to create a merge request in GraphQL. !31867
- Add warning popup for Elastic Stack update. !31972
- Add API support for sharing groups with groups. !32008
- Add the container expiration policy attribute to the project GraphQL type. !32100
- Add GraphQL support for project and group labels. !32113
- Add number of database calls to Prometheus metrics and logs for sidekiq and request. !32131
- Filter pipelines by status. !32151
- Filter pipelines based on url query params. !32230
- Add metrics for Redis usage during Sidekiq job execution. !32265
- Add filters to merge request fields. !32328
- Support reading .editorconfig files inside of the Web IDE. !32378
- [Frontend] Resolvable design discussions. !32399
- Table index added to `metrics_dashboard_annotations` for future pruning of stale metrics Annotations for metrics dashboards are now checked for valid start and end dates. !32433
- Enable GitLab-Flavored Markdown processing for design links. !32446
- Filter Pipelines by Tag Name. !32470
- Adds sorting by column to alert management list. !32478
- Add project specific repository storage API. !32493
- Adapt Limitable for system-wide features. !32574
- Add application limits to instance level CI/CD variables. !32575
- Add model for project level security auto-fix settings. !32577
- Expose Jira imported issues count in GraphQL. !32580
- Organize alerts by status tabs. !32582
- Add note to ECS CI template. !32597
- Add metrics for Redis usage during web requests. !32605
- Add database and GraphQL support for alert assignees. !32609
- Set fingerprints and increment events count for Alert Management alerts. !32613
- Process stuck jira import jobs. !32643
- Allow user to add custom links to their metrics dashboard panels. !32646
- Add tags to experimental queue selector attributes. !32651
- Allow generic endpoint to receive alerts from external Prometheus. !32676
- Customize the Cloud Native Buildpack builder used with Auto Build. !32691
- Add timezone display to alert based issue start time. !32702
- Display dates on metrics dashboards in UTC time zone. !32746
- Store Todo resolution method. !32753
- Add experience_level to user_preferences. !32784
- Remove metrics dashboard annotations attached to time periods older than two weeks. !32838
- Monitor:Health metrics instrumenation. !32846
- Adds PostHog as a CI/CD Managed Application. !32856
- Groups API has top_level_only option to exclude subgroups. !32870
- Create operations_feature_flags_issues table. !32876
- Add api.js methods to update issues and merge requests. !32893
- Render user-defined links in dashboard yml file on metrics dashboard. !32895
- Add accessibility report MR widget. !32902
- Add a GraphQL mutation for toggling the resolved state of a Discussion. !32934
- Add container expiration policy objects to the GraphQL API. !32944
- Don't hide Commit tab in Web IDE when there are no changes yet. !32979
- Add column for alert slack notifications. !33017
- Add ability to insert an image via SSE. !33029
- Add user root query to GraphQL API. !33041
- Adds groupMembership and projectMembership to GraphQL API. !33049
- Alerts list pagination. !33073
- Add ApplicationSetting ui changes for repository_storages_weighted. !33096
- Display confirmation modal when user exits SSE and there are unsaved changes. !33103
- Add column dashboard_timezone to project_metrics_setting. !33120
- Allow the assignment of alerts to users from the alert detail view. !33122
- Add solarized dark for Web IDE. !33148
- Add support for artifacts/exclude configuration. !33170
- Add root users query to GraphQL API. !33195
- Added validation for YAML files with metrics dashboard definitions. !33202
- Create issue from alert. !33213
- Add max import file size option. !33215 (Roger Meier)
- Add system note when assigning user to alert. !33217
- Add count of alerts from all sources to usage ping. !33220
- Add button to create an issue from an alert management alert. !33221
- Add more detail to alert integration settings description. !33244
- Add Evidence to Releases GraphQL endpoint. !33254
- Add support for pasting images in the Web IDE. !33256
- Add ProjectAccessToken table. !33272
- Automatically resolve alert when associated issue closes. !33278
- Add `link_type` to `ReleaseLink` GraphQL type. !33386
- Add  members to project graphQL endpoint. !33418
- Update Static Site Editor WYSIWYG mode to hide front matter. !33441
- Added delete action for Dashboard Annotations in GraphQL. !33468
- Create graphQL endpoint for Jira users import. !33501
- Support IAP protected prometheus installations. !33508
- New instance-level variables UI. !33510
- Provide `__range` variable for Prometheus queries. !33521
- Add support for `git filter-repo` to repository cleanup. !33576
- Close open reply input fields in the design view sidebar when leaving a new comment. !33587
- Add dashboard schema validation warnings as metrics dashboard GraphQL field. !33592
- Add time range to user-defined links in metrics dashboard. !33663
- Increase events count for Prometheus alerts. !33706
- Track pod logs refresh action. !33802
- Add secret detection template. !33869
- Add DAG visualization MVC. !33958
- Introduce a feature flag for Vue-based UI for all import providers. !33980
- Add sticky title on Issue pages. !33983
- Allow Release asset links to be associated with a type. !33998
- Support user-defined Grafana links in metrics dashboard. !34003
- Adds AWS guidance to CI/CD > Add Variable modal. !34009
- Show custom attributes within Admin Pages. !34017 (Roger Meier)
- Enable Slack notifications for alerts. !34038
- Container expiration policy regular expressions are now validated. !34063
- Add todo when alert is assigned to a user. !34104
- Track merge requests submitted by Static Site Editor. !34105
- Turn off alert issue creation by default. !34107
- Add detailed logs of each Redis instance usage during job execution and web requests. !34110
- Add API to schedule project repository storage moves. !34119
- Add validation step on backend for metrics dashboard links. !34204
- Track when Static Site Editor is initialized. !34215
- Bring SAST to Core - brakeman. !34217
- Mask key comments when exposing SSH/Deploy Keys via the API. !34255
- Convert `:release` yaml to `release-cli` commands. !34261
- Validate regex before sending them to CleanupContainerRepositoryWorker. !34282
- Add secret_detection to DOWNLOADABLE_TYPES. !34313
- Enable ability to assign alerts to users with corresponding system notes and todos. !34360
- Enable CI Inheriting Env Variables feature. !34495
- Show tooltip on error detail page when hovering over dates. !34506
- Add native code intelligence. !34542
- Bump cluster-applications version to v0.20.0. !34569
- Add search argument for AlertStatusCountsResolver. !34596
- Allow CI_JOB_TOKEN for authenticating to the Terraform state API. !34618

### Other (65 changes, 36 of them are from the community)

- Improve fast-forward merge is not possible message. !22834 (Ben Bodenmiller)
- Remove unused WAF indexes from CI variables. !30021
- Update the visual design of badges in some areas. !31646
- Extract featurable concern from ProjectFeature. !31700 (Alexander Randa)
- Remove update function logic from list model. !31900 (nuwe1)
- Remove nextpage function logic from list model. !31904 (nuwe1)
- Squash database migrations prior to 2019 into one. !31936
- Update deprecated slot syntax in app/assets/javascripts/reports/components/grouped_test_reports_app.vue. !31975 (Gilang Gumilar)
- Replace slot syntax for Vue 3 migration. !31987 (gaslan)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/projects/index/components/delete_project_modal.vue. !31994 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue. !31995 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue. !32010 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/environments/components/environments_app.vue. !32011 (Gilang Gumilar)
- Remove setLoadingState logic from issue model. !32226 (nuwe1)
- Remove addAssignee logic from issue model. !32231 (nuwe1)
- Remove addLabel Logic from issue models. !32233 (nuwe1)
- Remove addMilestone logic from issue model. !32235 (nuwe1)
- Remove destroy function logic from list model. !32237 (nuwe1)
- Remove findAssignee logic from issue model. !32238 (nuwe1)
- Remove findLabel logic from issue model. !32239 (nuwe1)
- Remove findIssue logic from list model. !32241 (nuwe1)
- Remove moveIssue logic from list model. !32242 (nuwe1)
- Remove newIssue logic from list model. !32244 (nuwe1)
- Remove removeAllAssignees logic from issue model. !32247 (nuwe1)
- Remove removeAssignee logic from issue model. !32248 (nuwe1)
- Clarify verbiage for stuck job messages. !32250
- Remove removeLabel logic from issue model. !32251 (nuwe1)
- Remove removeLabels logic from issue model. !32252 (nuwe1)
- Remove removeMilestone logic from issue model. !32253 (nuwe1)
- Remove removeMultipleIssues logic from list model. !32254 (nuwe1)
- Remove setFetchingState logic from issue model. !32255 (nuwe1)
- Remove updateData logic from issue model. !32256 (nuwe1)
- Update U2F docs for Firefox 67+. !32289 (Takuya Noguchi)
- Update alert management mobile table alignment. !32295
- Include available instance memory in usage ping. !32315
- Moves merge request reviews into Core. !32558
- Update GitLab Runner Helm Chart to 0.17.0. !32634
- Add snowplow tracking for logs page. !32704
- Extend "Remember me" token after each login. !32730
- Assign alerts sidebar container fix. !32743
- Add anchor for creating a branch. !32745
- Tidy. !32759 (Lee Tickett)
- Less verbose JiraService error logs. !32847
- Reduced padding and increased emphasis of titles within the epic tree. !32873
- Remove obsolete users.ghost column. !32957
- Move NoPrimary table def to last context in spec. !33015 (Rajendra Kadam)
- Document github rate limit behavior. !33090
- Added build_id column to requirements_management_test_reports table. !33184
- Add version history information on U2F support. !33229 (Takuya Noguchi)
- Convert IP spoofing errors into client errors. !33280
- Update docs to reflect move web IDE Terminal and file sync to Core. !33419
- Add hovering icon for sorting columns on alert management list. !33429
- Avoid javascript for omniauth logins. !33459 (Diego Louzán)
- Add opacity transition to active design discussion pins. !33493
- Update GitLab Runner Helm Chart to 0.17.1. !33504
- Make project selector in various dashboard more translatable. !33771
- Update Workhorse to v8.35.0. !33817
- Remove FF hide_token_from_runners_api. !33947
- Bump omniauth_openid_connect to 0.3.5. !34030 (Roger Meier)
- Specify tiers for SAML SSO at self-hosted plans. !34040 (Takuya Noguchi)
- Backfill failed imported snippet repositories. !34052
- Use GitLab SVG icon for file attacher action. !34196
- Add GraphQL snippet FileInputType. !34442
- Update red hex values to match GitLab UI. !34544
- Remove removeIssue logic from list model. (nuwe1)


## 13.0.14 (2020-08-18)

- No changes.

## 13.0.13 (2020-08-17)

### Security (2 changes)

- Stop deploy token being mis-used as user in ProjectPolicy and GroupPolicy.
- Project access is checked during deploy token authentication.


## 13.0.12 (2020-08-05)

### Security (10 changes)

- Add decompressed archive size validation on Project/Group Import. !562
- Enforce 2FA on Doorkeeper controllers.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Revoke OAuth grants when a user revokes an application.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.


## 13.0.11 (2020-08-05)

This version has been skipped due to packaging problems.

## 13.0.10 (2020-07-09)

### Fixed (1 change)

- Fix gitlab:*:check Rake tasks. !35944


## 13.0.9 (2020-07-06)

- No changes.

## 13.0.8 (2020-07-01)

### Security (18 changes)

- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.


## 13.0.7 (2020-06-25)

### Fixed (7 changes)

- Group authorization refresh to consider shared groups. !31204
- Fix Value Stream Analytics summary when using non-english locale. !33717
- Fix bug with variable substitution in alerts. !33772
- Fix relative URL root in wiki_base_path. !33841
- Adjust wrong column reference for ResetMergeStatus (background job). !33899
- Updated Auto DevOps with a fix to delete PostgreSQL PVC on environment cleanup. !34657
- Load user before logging git http-requests. !34923

### Added (2 changes)

- Provide `__range` variable for Prometheus queries. !33521
- Periodically recompute project authorizations. !34071


## 13.0.6 (2020-06-10)

- No changes.

## 13.0.4 (2020-06-03)

### Security (1 change)

- Prevent fetching repository code with unauthorized ci token.


## 13.0.3 (2020-05-29)

### Fixed (8 changes, 1 of them is from the community)

- Fixed redirection to project snippets. !32530
- Fix Geo replication for design thumbnails. !32703
- Fix 404s downloading build artifacts. !32741
- Fix Auto DevOps manual rollout jobs not being allowed to fail. !32865
- Update deprecated routes in irker integration. !32923 (Marc Jeanmougin)
- Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062
- Fix issue and MR API performance regression when Markdown cache is stale. !33235
- Fix close issue when user created the issue. !33294


## 13.0.1 (2020-05-27)

### Security (12 changes)

- Add an extra validation to Static Site Editor payload.
- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.


## 13.0.0 (2020-05-22)

### Removed (20 changes, 5 of them are from the community)

- Remove project routes that were deprecated before 12.1. !26808
- Drop x-y-stable version pinning for Secure templates. !29603
- Remove logs from the admin pages. !30485
- Remove deprecated /admin/application_settings redirect. !30532
- Drop support for License-Management CI template. !30645
- Remove deprecated InfluxDB. !30786
- Remove deprecated Release Evidence endpoints. !30975
- Remove deprecated Release Evidence endpoints documentation. !30978
- Drop support for `license_management` artifact. !31247
- Remove deprecated container scanning report parser. !31294
- Remove rake task `gitlab:track_deployment`. !31404
- Remove token attribute from Runners API. !31448
- Remove support for Ruby format variable interpolation (`%{variable}`) in custom dashboards. !31581
- Remove JenkinsDeprecatedService. !31607 (tnwx)
- Remove ruby_memory_bytes metric, duplicate of ruby_process_resident_memory_bytes. !31705
- Remove project_list_show_mr_count feature flag. !31789 (Gilang Gumilar)
- Remove project_list_show_issue_count feature flag. !31793 (Gilang Gumilar)
- Remove set_user_last_activity feature flag. !31795 (Gilang Gumilar)
- Remove registrations_recaptcha feature flag. !31797 (Gilang Gumilar)
- Remove deprecated Sidekiq rake tasks.

### Fixed (171 changes, 54 of them are from the community)

- Allow public access to pipeline schedules. !20806 (Lee Tickett)
- Add user last_activity logging in GraphQL. !23063
- Render TestReport parsing errors back to pipeline test summary. !24188
- Add user popovers to system notes. !24241
- Fix missing RSS feed events. !28054
- Resolve Text for future Release date grammatically incorrect. !28075
- Fix number of approvals given calculation. !28293 (Steffen Köhler)
- Always display new subgroup button when permission is granted. !28309 (Mattias Michaux)
- Correct the permission according to docs. !28657
- Fix duplicated activity and events on deletion of tag. !28861 (Sashi Kumar)
- Fix init.d script to correctly set web server PID. !29164
- Honor per_page in Search API. !29197
- fix: use the source project to generate commit links for un-persisted merge requests. !29243 (Chieh-Min Wang)
- Fix display of some overflowing merge request diffs. !29267
- Move prepend to last line in helper files. !29327 (Rajendra Kadam)
- Prevent duplicate tooltips when hovering over status emoji in comments. !29356
- Update Elastic Stack chart to 2.0.0 to support kubernetes 1.16. !29601
- Fix minor spacing issue at Snippet blob viewer. !29625 (Karthick Venkatesan)
- Eliminate errors in wiki controller during edit. !29645
- Fixed copy as GFM not copying upload links. !29683
- Bump max search depth from 2 to 4 when looking for files SAST analyzers can handle. !29732
- Move snippet raw_url attribute to base entity. !29776
- Return content from repo in snippet raw endpoint. !29781
- Return file name from repo in snippet endpoints. !29785
- Propagation of service templates also covers services with separate data tables. !29805
- Fix bug in personal snippets when somebody is mentioned. !29835 (Sashi Kumar)
- Embed metrics charts for both /metrics and /metrics_dashboard routes. !29838
- Fix admin mode access on GraphiQL controller. !29845 (Diego Louzán)
- Exclude html entities from haml lint. !29847 (Lee Tickett)
- Fixed JS error for anonymous views of a snippet. !29854
- Destroy Dropzone hidden input when form is destroyed. !29882
- Move prepend to last line in lib/gitlab files. !29938 (Rajendra)
- Match Jira keys with trailing characters. !29953
- Fixed Cancel action on Snippet edit for existing snippets. !29993
- Warn user before losing wiki content. !30037
- Move prepend to last line in lib/gitlab files. !30070 (Rajendra Kadam)
- Fix an issue where the Search dropdown results would not be clickable. !30087 (mbergeron)
- Capture all errors when updating repository storage. !30119
- Move alert management behind a feature flag. !30133
- Fix bug when services appear active even though they are not. !30160
- Fix moving an issue when there is a group reference. !30185
- Move prepend to last line in lib/gitlab files. !30194 (Rajendra Kadam)
- Move prepend to last line in lib/gitlab files. !30289 (Rajendra Kadam)
- Move prepend to last line in lib/gitlab files. !30291 (Rajendra Kadam)
- Set NULL `lock_version` values to 0 for CI objects. !30305
- Fix errors creating project with active Prometheus service template. !30340
- Add Activity icons for Wiki updated and destroyed events. !30349
- Gracefully handle orphaned member invites. !30355
- Fix incorrect commits number in commits list. !30412
- Fix second 500 error with NULL restricted visibility levels. !30414
- Move prepend to last line in ee/services. !30425 (Rajendra Kadam)
- Add LFS badge feature flag to RefsController#logs_tree. !30442
- Fix mirror repos docs link. !30443
- Added right margin to Clone Snippet button. !30471
- Fix blob link for the code search. !30473
- Use Jira import owner as the issue author when importing issues from Jira. !30504
- Correctly count wiki pages in sidebar. !30508
- Stretch heatmap metrics full column size. !30524
- Upgrade Unicorn to v5.5.1. !30541
- Avoid copying diffs as Markdown tables. !30572
- Fixes overlapping tooltips when clicking copy buttons. !30622
- Fix 500 error for non-existing snippet on graphql mutations. !30632 (Sashi Kumar)
- Change validation rules for profile email addresses. !30633
- Set timeout for Google OAuth to prevent 503 error. !30653
- Remove extra sleep when obtaining exclusive lease. !30654
- Fix GitLab CI/CD Scala template. !30667
- Fix checkmark position on dropdowns. !30685
- Remove Visibility from terraform widget. !30737
- Use migration bot user in snippet migration. !30762
- Fix discard button not showing for new empty files in Web IDE. !30767
- Disable schema dumping after migrations in production. !30812
- Fix mapping group membets as Jira issues authors/assignees. !30820
- Align styling of snippet search results. !30837
- Move daily create users statistics cronjob to CE. !30843
- Fixed alignment of Snippet Clone copy buttons. !30897
- Increase constrast ratio of text in some tables. !30903
- Ignore .gitattributes if they contain invalid byte sequences. !30922
- Fix bug in Snippet BlobViewer GraphQL definition. !30927
- Fix layout in issue view, on large screen some buttons were misaligned. !30947 (Michele (macno) Azzolari)
- Fix error renaming files using web IDE. !30969
- Handle Snippet file name errors in backfill. !30981
- Correctly track the store that external MR diffs are placed on. !31005
- Fix duplicate index removal on ci_pipelines.project_id. !31043
- Update recursive-open-struct to 1.1.1 to make it compatible with ruby 2.7. !31047
- Revert CODEOWNERS validation of Web requests in diff check. !31087
- Wrap wiki blob search result in its own object. !31155
- Allow multiple usage of EE extension/inclusion on last lines. !31183 (Rajendra Kadam)
- Fix 500 error loading environments index. !31184
- Fix 500 on creating an invalid domains and verification. !31190
- Fix redirect loop on .com when 2FA is required. !31229
- Fix regression and allow SCIM to create SAML identity. !31238
- Fix incorrect number of errors returned when querying sentry errors. !31252
- Fix RST rendering hanging on large files. !31287
- Trim whitespace in directory names in the Web IDE. !31305
- Fix 'not enough data' in Value Stream Analytics when low median values are returned. !31315
- Add tooltip to container registry tags last update column. !31317
- Fix Istio broken Istio metrics installation. !31382
- Link to subgroup milestones correctly from group milestones page. !31383
- Remove kwargs from storage move worker. !31412
- Make edit board text sentence case. !31418
- Katex render and vscode output improvements for markdown. !31433 (Reinhold Gschweicher <pyro4hell@gmail.com>)
- Fix overwrite check in GitLab import/export. !31439
- Fix API requests for branch names ending in .txt. !31446 (Daniel Stone)
- Avoid repository size checkings in snippet migrations for migration bot. !31473
- Use iso 8601 timestamp format in metrics dashboard annotations graphql resource to assure multi browser compatibility. !31474
- In WebIDE get files with relative path instead of web_url. !31478
- Fix snippet migration when user has invalid info. !31488
- Add elipsis to container registry tag name. !31584
- Add instance column to services table if it's missing. !31631
- Fix issue with broken images in Web IDE markdown. !31638
- Fixes bug where variables were not protected by default when using the correct CI/CD admin setting. !31655
- Decode dashboard_path when creating annotations. !31665
- Fix "how to checkout MR" help link. !31688
- Fixed redirection when deleting a project snippet. !31709
- Fix templates API endpoint when project name has dots. !31758
- Remove detection of file in Dependency Scanning template. !31819
- Move prepend to last line in app models. !31826 (Rajendra Kadam)
- Move prepend to last line in app models 2. !31827 (Rajendra Kadam)
- Move prepend to last line in app models 3. !31829 (Rajendra Kadam)
- Move include_if_ee to last line in ee/app 1. !31832 (Rajendra Kadam)
- Restore original sort order of the metrics dashboard select list. !31859
- Fix Snippet update error bug losing changes. !31873
- Replace the outdated link. !31874 (Renamoo)
- Replace let! with let_it_be in user api spec. !31901 (Rajendra Kadam)
- Replace let! with let_it_be in merge request spec. !31909 (Rajendra Kadam)
- angelog Replace let! with let_it_be in pipelines spec. !31916 (Rajendra Kadam)
- Fix public metrics dashboard visibility bug. !31925
- Add nested file detection for Dependency Scanning. !31932
- Add class stubs and fix leaky constant cop alert. !31938 (Rajendra Kadam)
- Add class stubs and fix leaky constant alert in content whitelist spec. !31946 (Rajendra Kadam)
- Fix broken heading of Vue 3 migration guide doc. !31951 (Gilang Gumilar)
- Add class stubs and fix leaky constant alert in query recorder spec. !31954 (Rajendra Kadam)
- Fix no scroll when overflow in IDE right pane. !31961
- Fix leaky constant cop issue in clone dashboard service spec. !31962 (Rajendra Kadam)
- Stub class constant in resolve discussion spec. !31965 (Rajendra Kadam)
- Fix leaky constant issue in upgrade progress service check. !31969 (Rajendra Kadam)
- Clear merge request error on push to source branch. !32001
- Allow only users with `adminNote` permission to edit the design note. !32035
- Fix leaky constant issue in retry build service check. !32038 (Rajendra Kadam)
- Fix leaky constant issue in env assignment spec. !32040 (Rajendra Kadam)
- Fix leaky constant issue in statistics api spec. !32042 (Rajendra Kadam)
- Fix leaky constant issue in merge request policy spec. !32044 (Rajendra Kadam)
- Fix leaky constant issue in tree spec. !32045 (Rajendra Kadam)
- Fix leaky constant issue in mentionable spec. !32049 (Rajendra Kadam)
- Fix leaky constant issue in json serialization spec. !32051 (Rajendra Kadam)
- Fix leaky constant issue in cluster spec. !32053 (Rajendra Kadam)
- Fix bug in Groups API when statistics are requested in an unauthenticated API call. !32057
- Fix leaky constant issue in nulls pt2 spec. !32058 (Rajendra Kadam)
- Fix leaky constant issue in application settings encrypt spec. !32066 (Rajendra Kadam)
- Fix leaky constant issue in system check spec. !32080 (Rajendra Kadam)
- Fix leaky constant issue in simple executor spec. !32082 (Rajendra Kadam)
- Fix leaky constant issue in jwt spec. !32093 (Rajendra Kadam)
- Update android template. !32096
- Fix leaky constant issue in factory spec. !32099 (Rajendra Kadam)
- Fix leaky constant issue in sidekiq middleware spec. !32101 (Rajendra Kadam)
- Fix leaky constant issue connection, master check and attr config spec. !32144 (Rajendra Kadam)
- Fix updating of Markdown fields when Markdown cache version is incremented. !32219
- Fix incorrect regex used in FileUploader#extract_dynamic_path. !32271
- Improve responses in the snippet create/update API endpoints. !32282
- Send Devise emails triggered from the 'Email' model asynchronously. !32286
- Re-enable negative filters for Boards. !32348
- Fix missing space character in alert header. !32395
- Fix display of embedded snippets. !32411 (Jan Beckmann)
- Fixed redirection to project snippets. !32530
- Rake task gitlab:cleanup:orphan_lfs_files should clear the cached value or repository size. !32541
- Fixed enabled merge button incorrectly showing to users who can't merge.
- Fixed misaligned avatar in commit discussion form.
- Fixed cancel reply button not alerting the user.
- Fixes commit message emojis not rendering in Vue file list.
- Fix logging of username in /jwt/auth.
- Fixes branch name not getting escaped correctly on frontend.

### Deprecated (2 changes)

- Deprecate /plugins directory. !29678
- Implement external database checker in dashboard controller. !30389

### Changed (121 changes, 42 of them are from the community)

- Support limits for offset based pagination. !28460
- Redirect issues routes under /-/ scope. !28655
- Add Fluentd into cluster apps page. !28847
- Disallow developers to delete builds of protected branches. !28881 (Alexander Kutelev)
- Store status of repository storage moves. !29095
- Update the example regex in the image expiration policy UI. !29348
- Add WAF and Cilium Log column for Fluentd table. !29457
- Update Fluentd model to support multiple logs. !29458
- Add Cilium to Fluentd UI controls on the Cluster Application page. !29511
- Use alerts instead of toasts in Image Repository details. !29685
- Avoid commit when snippet file_name and content are not present. !29761
- Recreate foreign key in project settings to use nullify instead of cascade. !29767
- Surface alerts add sidebar link. !29775
- Make setting alerts on the monitoring dashboard available to GitLab Core users. !29789
- Keep latest artifact for each ref. !29802
- Change placeholder in search input for Analytics features. !29858 (Gilang Gumilar)
- Test Jira connection before running import. !29926
- Remove snippet file_name from snippet lists. !29937
- Add new keep regex to expiration policy settings ui. !29940
- Alert management can user enable. !30024
- Expose the updated_at attribute in the todos API. !30035
- Update GitLab-managed helm from 2.16.3 to 2.16.6, improving the reliability of GitLab's Kubernetes integration. !30067
- Show correct label and count on Jira import form. !30072
- Copy pipelines routing under - scope. !30159
- Return validation errors for invalid pod name or container name when viewing pod logs. !30165 (Sashi Kumar)
- Move global autocomplete routes to /-/ scope. !30173
- Update the cancel comment note text to a less ambiguous statement. !30189
- Use stricter regex for broadcast target path. !30210
- Change wording of merge request threads counter. !30217
- Indicate topics are optional. !30264 (Ben Bodenmiller)
- Rename Client Side Evaluation to Live Preview. !30309
- Decouple partial clone config from max input size. !30354 (Son Luong Ngoc)
- Update managed jupyter chart to 0.9.0 (stable). !30393
- Hide broadcast messages until the end of the period. !30432
- Add severity icons for alert management. !30472
- Move to supported Elastic helm charts. !30528
- Updated snippet view to show path instead of name for a blob. !30550
- Handle possible RSA key exceptions when generating CI_JOB_JWT. !30702
- Update sidebar packages name. !30712
- Update cron job schedule to have a random time generated on page load. !30729
- Migrate Container-Scanning template to rules syntax. !30775
- Migrate DAST CI template to rules syntax. !30776
- Migrate License-Scanning CI template to rules syntax. !30784
- Code review analytics: Change margin between title and description. !30834
- Productivity Analytics: Remove separator and cleanup title margins. !30839
- Move Auto DevOps Test.gitlab-ci.yml template to rules syntax instead of only/except. !30876
- Change Var to Variable text. !30878
- Move Build.gitlab-ci.yml to `rules` syntax. !30895
- Move Code-Quality.gitlab-ci.yml to `rules` syntax. !30896
- Migrate Dependency-Scanning CI template to rules syntax. !30907
- Apply shared integrations view to project level. !30971
- Exposes description, hosts, details, and timestamps for Alert Management Alert GraphQL. !31091
- Update the example regex in the image expiration policy UI. !31104
- Add clear explanation to the MR widget when no CI is available and Pipeline must succeed option is activated. !31112
- Migrate SAST CI template to rules syntax. !31127
- Update style of buttons on the Releases page. !31129 (Özgür Adem Işıklı @iozguradem)
- Changed test success calculation to exclude skipped tests. !31154
- app:gitlab:check rake task now warns when projects are not in hashed storage. !31172
- Moves embedded metrics for Prometheus alerts to Core. !31203
- Move Deploy.gitlab-ci.yml to `rules` syntax. !31290
- Modify Snippet git path errors to be more helpful. !31333
- Move Browser-Perfomance-Testing.gitlab-ci.yml to `rules` syntax. !31413
- Use gsub instead of the Liquid gem for variable substitution in the Prometheus proxy API. !31482
- Changed terminology of security scanner status from configure to enable. !31503
- Update auto-deploy-image to v0.14.0 with helm 2.16.6, --atomic deployments and improved kubernetes 1.16 support. !31505
- Add ability to add or remove MR labels via API. !31522 (Lee Tickett)
- Disable Docker-in-Docker for Dependency Scanning by default. !31588
- Disable Docker-in-Docker for SAST by default. !31589
- Add migration to import changes to the system dashboard Prometheus queries into DB. !31618
- Ensure links generated by the copy link feature contain variables. !31636
- Migrate from Vue event hub to Mitt in issuables list. !31652 (Arun Kumar Mohan)
- URL params in the monitoring dashboard update variable values defined in yml file. !31662
- Migrate from Vue event hub to Mitt. !31666 (Arun Kumar Mohan)
- Add prefix to template variables in URL in the monitoring dashboard. !31690
- Add fields to GraphQL snippet blob type. !31710
- Make protected_ci_variables setting enabled by default. !31715
- Prepare group import feature to use ndjson. !31741
- Prepare group export feature to use ndjson. !31742
- Remove a lonely dot in Batch Comments. !31783 (Gilang Gumilar)
- Update auto-deploy-image to v0.15.0, with an upgraded PostgreSQL chart used by default for Auto DevOps deployments. !31799
- Force hashed storage to always be enabled. !31801
- Add alert counts by status to GraphQL API. !31818
- Show warning message to user if raw text search is used when filtering pipelines. !31942
- Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/delete_milestone_modal.vue. !31990 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/confidential_merge_request/components/dropdown.vue. !31999 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/diffs/components/diff_discussions.vue. !32004 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/boards/components/board_form.vue. !32005 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/repository/components/breadcrumbs.vue. !32017 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/users/calendar_activities.html.haml. !32094 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/users/_deletion_guidance.html.haml. !32097 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_ref_dropdown.html.haml. !32102 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_recaptcha_form.html.haml. !32106 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_project_limit.html.haml. !32110 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_personal_access_tokens_table.html.haml. !32116 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_milestones_filter.html.haml. !32120 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_milestone_expired.html.haml. !32121 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_label_row.html.haml. !32124 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_group_tips.html.haml. !32127 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_group_form.html.haml. !32132 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_field.html.haml. !32136 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_delete_label_modal.html.haml. !32138 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/_commit_message_container.html.haml. !32139 (Gilang Gumilar)
- Externalize i18n aria-label strings from ./app/views/shared/*. !32142 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_top.html.haml. !32148 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_milestone.html.haml. !32154 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_merge_requests_tab.haml. !32158 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_labels_tab.html.haml. !32159 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_issues_tab.html.haml. !32160 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/milestones/_issuable.html.haml. !32161 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_sidebar.html.haml. !32164 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_nav.html.haml. !32165 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_label_*. !32167 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_report_toggle.html.haml. !32168 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_close_reopen_button.html.haml. !32172 (Gilang Gumilar)
- Externalize i18n strings from ./app/views/shared/issuable/_bulk_update_sidebar.html.haml. !32173 (Gilang Gumilar)
- Add files param to snippet create mutation. !32309
- Cluster index refactor: Add missing pagination. !32338
- Refactored render errors for blob to Vue. !32345
- Format the alert payload into a table view. !32423
- Add presence validation to content and title in snippet rest endpoints. !32522
- Fix jump to definition linking to same file opening a new tab.

### Performance (15 changes, 2 of them are from the community)

- Speed up NOT Issue filters. !27639
- Add indexes on ingress, enabled clusters and successful deployments. !28331
- Add clusters index to improve usage data queries. !28626
- Uses Kubernetes API conventions to create or update a resource leandrogs. !29010 (Leandro Silva)
- Cache TreeSummary response for logs_tree. !29828
- Move release notification from model callbacks to service. !29853 (Ravishankar)
- Delete orphaned rows in application_settings table. !29981
- Improve cacheability of monaco-editor code. !30032
- Project import queries are now partially batched. !30057
- Upgrade json gem to 2.3.0. !30852
- Use process-wide cache for application settings and performance bar. !31135
- Record usage ping finish time. !31222
- Use NOT VALID to enforce a not null constraint on file store columns. !31261
- Enable ref name caching for merge request diffs. !31530
- Skip mergeability check when listing MRs in the API. !31890

### Added (146 changes, 13 of them are from the community)

- Graphql query for issues can now be sorted by priority. !18901
- Add test report API route. !24648
- Add GraphQL support for querying a board's lists. !24812
- Define remove_label quick action as alias of unlabel. !24962 (Jacopo Beschi @jacopo-beschi)
- Create Wiki activity events on pushes to Wiki git repository. !26624
- Allow users to download a CSV of the recent daily code coverage values per job. !27094
- Display x509 signed tags. !27211 (Roger Meier)
- Enabling git versioned snippets. !27705
- Add option to hide the default "thumbs up" and "thumbs down" buttons on issues, merge requests, and snippets. !27734 (Steve Mokris)
- Add sorting issues by label priority to graphQL endpoint. !27936
- Add certification revocation list download and certificate revoke. !28336 (Roger Meier)
- Add WebIDE Dark Theme Support. !28407
- Add secure binaries template. !28566
- LDAP authentication support for admin mode. !28572 (Diego Louzán)
- Add UI for exporting group data to the group settings. !28573
- Allow to assign milestones to a release on the "Edit Release page". !28583
- Add Previous and Next buttons for commit-by-commit navigation. !28596
- Add the global var SECURE_ANALYZERS_PREFIX. !28617
- Allow users to retry obtaining Let's Encrypt certificates for GitLab Pages. !28784
- Add support for cluster applications CI artifact report. !28866
- Add resource_state_events table. !28926
- Migration to add partitioned_foreign_keys table that tracks foreign keys for partitioned tables. !29064
- Collect object store config in usage data. !29149
- Add freeze period model. !29162
- Moved issue board focus mode to Core and available for for everyone. !29200
- Add freeze periods via CI_DEPLOY_FREEZE variable. !29244
- Add intermediate CAs capability to S/MIME email signature. !29352 (Diego Louzán)
- Add responding to ChatOps jobs triggered in Mattermost. !29366 (Brian Kintz)
- Expose Freeze Periods in REST API. !29382
- Add read/write_package_registry to deploy_tokens. !29383
- Add public API for feature flag user lists. !29415
- Create cluster annotations API endpoint. !29502
- Add ability to change metrics dashboard visibility. !29634
- Add percentage of actors feature flag rollout. !29698
- Add metric dashboard public visibility toggle. !29718
- Route to feature flags based on internal id. !29740
- Send email notification for unknown sign-ins. !29741
- Add search by name to registry image repositories. !29763
- Surface alerts add empty state. !29775
- Enable uploadpack filters by default. !29787
- Select the first option if there is only one metric option on alerts dropdown. !29857 (Gilang Gumilar)
- Add table for Alert Management alerts. !29864
- Add policies for managing 'default_branch_protection' setting in groups. !29879
- Add comment_detail column to services. !29891
- Add option to add custom profile image guidelines. !29894 (Roger Meier)
- View a details of a panel in 'full screen mode'. !29902
- Add database relation to preserve users starred metrics dashboard information. !29912
- Add jira imports to usage data. !29925
- Add issues_create_limit to settings api. !29960
- Map labels from Jira to labels in GitLab. !29970
- Add Deployment to ECS process to AutoDevOps. !29971
- GraphQL issue queries can now be sorted by milestone due date. !29992
- Add table for tracking issues published to status page. !29994
- Create Sprints table and barebones model. !30125
- When viewing a single panel, return to a full dashboard by pressing the Escape key. !30126
- Flesh out Sprints relationships and constraints. !30127
- Add GraphQL type for reading Alert Management Alerts. !30140
- Add ability to query Projects using GraphQL API. !30146
- Add `web_url` to branch API response. !30147
- Fix Jira importer URLs. !30155
- Add migrations for global CI variables. !30156
- Add vue routes support to Static Site Editor. !30163
- Integrate CI instance variables in the build process. !30186
- Add raw_blob_request_limit to Application Settings API. !30211
- Empty state for alerts list. !30215
- Create operations_strategies_user_lists table. !30243
- Adds URL parameter for confidential new issue creation. !30250
- Update Jira comment to include more information. !30258
- Add scheduled_at field to jira_imports table. !30284
- Alerts list loading & error state. !30315
- Deploy token authentication for API with Maven endpoints. !30332
- Add metrics dashboard annotations feature, which enables marking interesting events over metrics dashboard charts. !30371
- Add non_archived argument to issues API endpoint. !30381
- Add admin controller actions for interacting with instance variables. !30385
- Add mutation to create a new branch in GraphQL. !30388
- Introduce API for fetching shared projects in a group. !30461
- Display expanded dashboard from a panel's "Link to chart" URL. !30476
- Resolve Design Comment: Edit Comment text. !30479
- Map Jira issue assignee and author. !30498
- Add email notification on group export complete. !30522
- Add option to restrict emails that match a configured regular expression. !30548
- In metrics dashboard use custom variables from URL in queries. !30560
- Add mutation for AlertManagement's Alert status. !30576
- Multiple metrics edit navigates to prom edit page. !30666
- Update metrics dashboard url when a panel is expanded or contracted. !30704
- Add migration bot user. !30738
- Issues Analytics: Add title to page. !30836
- Contribution Analytics: Add title to page. !30842
- Insights Analytics: Add title to page. !30853
- Repository Analytics: Add title to page. !30855
- CI / CD Analytics: Add title to page. !30891
- Enable Monaco for editing Snippets by default. !30892
- Disabled Edit button for binary snippets. !30904
- Monokai and Solarized Dark syntax highlighting theme for Web IDE. !30931
- Updated deprecated buttons in release page. !30941 (Özgür Adem Işıklı @iozguradem)
- Add sorting to AlertManagement Alert Graphql. !30964
- Web IDE: Introduce syntax highlighting for .vue files. !30986
- Solarized light syntax highlighting theme for the Web IDE. !30989
- Deploy tokens can be used in the API with Basic Auth Headers enabling NuGet and PyPI to be used with deploy tokens. !31035
- Skip spam check for GitLab team members on gitlab.com. !31052
- None syntax highlighting theme for Web IDE. !31056
- Issues Analytics: Add title to group-level page. !31057
- Display metrics dashboards starred by user at the top of dashboard select field. !31059
- Add WYSIWYG editor to the Static Site Editor. !31099
- Conan registry is accessible using deploy tokens. !31114
- Add container registry settings to application_settings table. !31125
- Added provider icon to cluster index display. !31134
- Add a CI variable CI_KUBERNETES_ACTIVE as an alternative to only:kubernetes/except:kubernetes that works with the rules syntax. !31146
- Enable Alert Management functionality. !31171
- Allow monitoring dashboard users to open single panels in a new tab. !31206
- Create dashboard annotations via Graphql. !31249
- Enable deploy token authentication for the NPM registry. !31264
- Add read and write package registry scopes to deploy tokens. !31267
- Read only storage move API. !31285
- Add Design Management (via Designs tab on Issues) to GitLab FOSS. !31309
- Exposes issue IID in Alert Management Alert's GraphQL endpoint. !31313
- New API endpoint for starring metrics dashboards. !31316
- Add search bar to container registry image list. !31322
- Highlight focused Design discussion in image markers. !31323
- Allow showing merge request diffs compared to current version of target branch. !31325
- Add alert on project issues page to show Jira import is in progress. !31329
- Add API CRUD actions for instance-level CI/CD variables. !31342
- Add alert on project issues page to show Jira import has finished. !31375
- Filter pipelines by trigger author and branch name. !31386
- Add incident_labeled_issues to usage ping. !31406
- Refactored Snippet view to Vue. !31450
- Make report-type artifacts available for download. !31513
- Render dropdown and text elements based on variables defined in monitoring dashboard yml file. !31524
- Add expunge deleted messages option to mailroom. !31531 (Diego Louzán)
- Log Cloudflare request headers. !31532
- Allow Web IDE markdown to preview uncommitted images. !31540
- Add Webex Teams project integration service. !31543 (Sebastian Leuser)
- Add Rubocop cop to flag keyword arguments usage in Sidekiq workers. !31551 (Arun Kumar Mohan)
- Allow users to star/unstar dashboards which will appear at the top of their dashboards options. !31597
- Add ability to create merge request from vulnerability page. !31620
- Add confidential status support for comment and replies. !31622
- Add Web IDE pipelines usage counter. !31658
- Ruby metrics now include USS and PSS memory readings. !31707
- Add issues_created_gitlab_alerts to usage ping. !31802
- Add Alert Detail view. !31877
- New API endpoint for removing stars from metrics dashboards. !31892
- View raw file of any zip artifacts. !31912
- Add search to Alert Management Alerts GraphQL query. !32047
- Add "Keep divergent refs" option for push mirrors. !32381
- Add fields to Alert Details view. !32392
- Update GitLab Pages to 1.18.0.

### Other (70 changes, 25 of them are from the community)

- Remove Admin -> Settings -> Geo navigation. !21005 (Lee Tickett)
- removes store logic from issue board models. !21400 (nuwe1)
- removes store logic from issue board models. !21408 (nuwe1)
- Moves updateIssue from issue model to board store. !21414 (nuwe1)
- Improve error handling of squash and rebase. !23740
- Remove obsolete bot_type column. !27076
- Remove obsolete columns from resource_milestone_events. !28536
- Add index to issue_id and created_at of resource_weight_events. !28930
- Clean up & Re-arrange the keyboard shortcuts modal. !28992
- Remove ci_expose_arbitrary_artifacts_in_mr feature flag. !29363 (Lee Tickett)
- Remove git_archive_path feature flag. !29369 (Lee Tickett)
- Rename Snippet search results title. !29599
- Update to Rails 6.0.2.2. !29743
- Log server responses of API bad requests in api_json.log. !29839
- Clean up refresh fix for cancel automatic merge. !29844
- Add snippet repository backfilling migration. !29927
- Remove the SIDEKIQ_REQUEST_STORE configuration. !29955
- Increase label list label column width. !29963
- Refactor count queries to single query on Projects::EnvironmentsController. !30073 (Sashi Kumar)
- Update text on self-managed sign in page. !30135
- Remove namespaces.plan_id column. !30351
- Migrate models and policies specs to consider admin mode. !30430 (Diego Louzán)
- Upgrade Nokogiri to v1.10.9. !30435
- Add snippet migration rake tasks. !30489
- Error tracking target blank empty state. !30525
- Remove elasticsearch_experimental_indexer column. !30628
- Update the template for Static Site Editor / Middleman. !30642
- Remove unused cluster configuration workers. !30695
- Remove deprecated Snippet `code` attribute from Project Snippets API. !30739
- Update merge request widget question mark icons. !30759
- Value Stream Analytics: Add title and remove separator. !30841
- Remove mention of github-markup in Wiki clone help. !30962
- Alert Management mobile styling. !31082
- Allow Auto DevOps Test stage to start immediately. !31185
- Enable async_merge_request_check_mergeability by default. !31196
- Cleanup background migration for populating user_highest_roles table. !31218
- Add docs for alert management list. !31225
- Remove extra spaces from markdown toolbar items. !31288
- Use cookies with metadata to prevent reuse as another cookie. !31311
- Add inherit_from_id column to services table. !31320
- Organize package models by package type. !31346 (Sashi Kumar)
- Apply active class on active link element in HAML pagination. !31396
- Update GitLab Runner Helm Chart to 0.16.1. !31492
- Log when container registry permissions are denied. !31536
- Add epic_id to resource_state_events. !31587
- Update doorkeeper to latest version 5.0.3. !31673
- Add Foreign Key on projects.namespaces_id. !31675
- Fix misalignment of author dropdown on the commits search page. !31686
- Update css-loader ^1.0.0 -> ^2.1.1. !31743 (Pirate Praveen)
- Fix database schema inconsistency with not-null checks. !31930
- Removes create_confidential_merge_request feature flag leandrogs. !31968 (Leandro Silva)
- Update deprecated slot syntax in ./app/assets/javascripts/issue_show/components/fields/description.vue. !31979 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue. !31980 (Gilang Gumilar)
- Update group and project export info messages. !31981 (briankabiro)
- Relocate Nuget presenter helpers to presenters module. !31985 (Sashi Kumar)
- Update deprecated slot syntax in ./app/assets/javascripts/pages/admin/users/components/delete_user_modal.vue. !31992 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/performance_bar/components/detailed_metric.vue. !32006 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/profile/account/components/delete_account_modal.vue. !32007 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/environments/components/stop_environment_modal.vue. !32012 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/serverless/components/area.vue. !32015 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/releases/components/app_edit.vue. !32018 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/releases/components/evidence_block.vue. !32019 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/ide/components/ide_review.vue. !32025 (Gilang Gumilar)
- Update deprecated slot syntax in ./app/assets/javascripts/ide/components/pipelines/list.vue. !32027 (Gilang Gumilar)
- Update alert management table background colour to correct gray. !32068
- Validate package types in package metadatum models. !32091 (Sashi Kumar)
- Update error tracking table background colour to correct gray. !32133
- Update GitLab Elasticsearch Indexer to v2.3.0. !32199
- Update asciidoctor-plantuml gem to v0.0.12. !32376
- Use visitUrl in Alert management. !32414

## 12.10.14 through 12.0.0

- See [changelogs/archive-12.md](changelogs/archive-12.md)

## 11.11.8 through 11.0.0

- See [changelogs/archive-11.md](changelogs/archive-11.md)

## 10.8.6 through 10.0.0

- See [changelogs/archive-10.md](changelogs/archive-10.md)

## 9.5.10 through 0.8.0

- See [changelogs/archive.md](changelogs/archive.md)