GitLab 13.5.0

GitLab is a development collaboration tool and git DVCS frontend. It includes repository management features, code reviews, an issue tracker, activity feeds and wikis. GitLab provides fine-grained access control, user management, 5 permission levels and branch constraints, and can utilize LDAP/AD intranet authorization. Powered by Ruby on Rails it comes as open source package, and as commercial supported enterprise version.

Tags ruby ruby-on-rails git dvcs wiki bugtracker version-control
License MITL
State development

Recent Releases

13.5.022 Oct 2020 11:25 major feature: (2020-10-22). ### Security (1 change). Update GitLab Runner Helm Chart to 0.21.1. ### Removed (3 changes, 2 of them are from the community). Drop Iglu registry URL column. !42939. Remove coverage_report_view feature flag. !43711. Remove release_evidence_collection feature flag. !44234. ### (118 changes, 9 of them are from the community). Include builds from child pipelines in latest sucessful build for ref/sha. !29710. branches_to_be_notified API param for hangouts chat service. !35599. Add empty dependencies value to ECS Deploy job. !36862. with optional merge requests approval in CE. !42119 (Pavel Kuznetsov). type of SentryErrorType global ID. !42185. Remove linux arch only rule for coverage fuzzing. !42316. Do not show retried builds in the MR code coverage. !42402. Does not refresh project/snippet statistics on a read-only instance. !42417. Rendering trailing slash in reference links (). !42484. Remove retry icon on failed job if merge pipeline. !42495. Designs: return an error if uploading designs with duplicate names. !42514 (Sushil Khanchi). Unit Test Report: icon for errored status. !42540. Copy designs to when an with designs is moved. !42548. triggering multiple children pipeline with the same artifact. !42595. caret sizes in navigation. !42605. Revert required encryption on CI runner tokens. !42623. Markdown "Preview" tab on New/Edit Release and New Snippet pages. !42640. a causing 'Missing author note' to be added to notes for mapped users when importing project using GitLab Import. !42648. Hides batch suggestions button if there is only 1 suggestion. !42681. GraphQL token authentication when installed under a relative URL. !42706. Update pipeline failed notification e-mail warning. !42736. clickable width of release asset links. !42757. size of edit button on releases page. !42779. Move before_script into script for CQ template. !42782. Resolve Error when quickly reordering designs. !42818. Eliminate extra spacing
13.4.416 Oct 2020 15:45 minor feature: (2020-10-15). ### (2 changes). rollback portion of migration that adds temporary index for container scanning findings. !44593. Improve merge error when pre-receive hooks fail in fast-forward merge. !44843. ### Other (1 change). Revert 42465 and 42343: Expanded collapsed diff files. !43361.
13.4.307 Oct 2020 21:45 minor bugfix: (2020-10-06). ### (3 changes). Exclude 2FA from upload#show routes and 404s. !42784. Use create_wiki method on ensure_wiki_exists in update_service. !42910. Large backups not working with Azure Blob storage. !44233.
13.4.022 Sep 2020 15:05 major bugfix: (2020-09-22). ### Security (2 changes, 1 of them is from the community). Update lodash to 4.17.20. !41036 (Takuya Noguchi). Update GitLab Runner Helm Chart to 0.20.1. ### Removed (6 changes, 1 of them is from the community). Remove secret_detection job from vendored SAST CI template. !40028. Remove Docker-in-Docker mode from Dependency Scanning documentation. !40631. Removes unused classes on initial Ci::Ref implementation. !41077. Drop Docker-in-Docker mode for SAST and Dependency Scanning. !41260. Remove application settings for Snowplow iglu registry url. !41556. Remove Value Stream Total stage. !42345. ### (160 changes, 41 of them are from the community). Conditionally render the packages scopes in deploy token settings. !35334. advanced filters in log explorer view for gitlab managed applications. !37926. RegExp for dotenv report artifact. !38562. composer 404 with http auth. !38641. Update EKS Kubernetes versions. !38644. skipped status of DAG pipelines. !39205. wrong MR pipeline link when FF-merge strategy is used. !39396. Include also inherited project members in GraphQL API. !39444. Refactor spec/support/shared_examples/services/ and ee/spec/support/shared_examples/services/ to Rails/SaveBang Cop. !39538 (Rajendra Kadam). Removes extra spaces on MR/Epic tabs-containers on mobile. !39549 (Takuya Noguchi). Milestone Dashboard: Move Gray Type Badge Next to the Milestone Title. !39617. GraphQL file uploads accepting non-file input. !39763. Metrics dashboard embeds when using new URLs. !39876. Respect original visibility for instrumented methods. !39951. Take relative_url_path into account when building URLs in snippets. !39960. non-retrying bridges after retried builds in CI pipelines. !39989. Support X-Envelope-To header as a location for Service Desk key. !40001. where conan does not properly check package channel when returning file download urls. !40029. example within file_hooks documentation. !40071 (Roger Meier). miss
13.3.404 Sep 2020 02:05 minor security: (2020-09-02). ### Security (1 change). Protect OAuth endpoints from brute force/password stuffing.
13.3.229 Aug 2020 11:25 minor bugfix: (2020-08-28). ### Removed (1 change). Display upcoming database deprecation warning only if current database version minimum is not met. !38225. ### (5 changes). Race condition in concurrent backups. !39894. Prevent accidental group deletion if path rename fails. !40353. Snippet save button disabled with empty file path. !40412. Exception handling when a concurrent backup fails. !40451. Scope incident counts by given project or group. !40700.
13.3.023 Aug 2020 09:45 major feature: (2020-08-22). ### Security (2 changes). Improve path traversal validation checks. !33114. Update GitLab Runner Helm Chart to 0.19.2. ### Removed (3 changes). Remove Internet Explorer 11 from babel transpilation. !36840. Remove namespace storage limit setting. !38108. Geo: Drop tables related to vulnerability export replication. !38299. ### (116 changes, 14 of them are from the community). filter by releases at group and merge requests search bar. !26740 (Gilang Gumilar). Disable commenting on lines in files that were or are symlinks or replace or are replaced by symlinks. !35371. icon alignment on board cards. !35710 (carolcarvalhosa). Make Add metrics button visible on self monitoring dashboard. !36169. Keep large spinner while MR file tree is loading. !36446. : Child pipelines are not found by API endpoints. !36494. Show relevant error messages when failing to match a CI job entry. !36536. Don t show icon on flash warning. !36581. Updates to file table in package details UI. !36723 (Adam Alvis). Add graceful timeout handling for analytics. !36811. Resolve Pasting an image into a comment also uploads design. !37171. release evidence sometimes not being collected. !37184. editing note throws js error. !37216. merge request approvals for EE without a license. !37246. ops settings titles. !37259. Refactor all factories to SaveBang Cop. !37268 (Rajendra Kadam). Resolve Anchor tags to Designs is not working. !37307. content validation for existing wiki pages. !37310. Alert management list spacing. !37320. with blank keyset pagination parameters. !37351. Remove dashed border on designs hover. !37375. CSV downloads for multiple series in the same chart. !37377. Pypi and Nuget Storage Statistics. !37386. Display files in tab counter same as diff stats. !37390. vertical alignment of design management toolbar buttons. !37398. Allow LFS to be enabled in project settings even when Repository is disabled. !37401. Update MRs on push. !374
13.2.412 Aug 2020 19:25 minor feature: (2020-08-11). ### Security (1 change). Add decompressed archive size validation on Project/Group Import. !38736. ### (1 change). Automatic creation via Prometheus alerts. !37884.
13.2.306 Aug 2020 22:05 minor security: (2020-08-05). ### Security (12 changes). Update kramdown gem to version 2.3.0. Enforce 2FA on Doorkeeper controllers. Revoke OAuth grants when a user revokes an application. Refresh project authorizations when transferring groups. Stop excess logs from failure to send invite email when group no longer exists. Verify confirmed email for OAuth Authorize POST endpoint. XSS in Markdown reference tooltips. XSS in milestone tooltips. xss vulnerability on jobs view. Block 40-character hexadecimal branches. Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled. Update GitLab Runner Helm Chart to 0.18.2.
13.2.230 Jul 2020 10:25 minor feature: (2020-07-29). ### (3 changes). Coerce repository_storages_weighted, removes repository_storages. !36376. JiraImportUsersInput startAt field. !37492. Provide better git error message when the user is unconfirmed. !37944. ### Changed (1 change). Skip mass unconfirming users when send_user_confirmation_email setting is off. !38024.
13.2.022 Jul 2020 11:05 major feature: (2020-07-22). ### Security (3 changes). Unconfirm wrongfully verified email addresses and user accounts. !35492. Make logrotate run as git user for source installations. !35519. Replace misleading text in re-confirmation emails. !36634. ### Removed (7 changes, 2 of them are from the community). Remove deprecated dashboard group milestone pages. !13237. Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna). Remove all search autocomplete for groups/projects/other. !31187. Remove temporary datepicker position as it is no longer required. !31836 (Arun Kumar Mohan). Remove the ability to customize the title and description of some integrations (zilla, Custom Tracker, Redmine, and YouTrack). !33298. Drop deprecated _ANALYZER_IMAGE_PRE. !34325. Remove Internet Explorer 11 specific polyfills. !36830. ### (300 changes, 79 of them are from the community). Remove broken hyperlink from and reopen button. !22220 (Lee t). 'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan). back button when switching MR tabs. !29862 (Lee t). Remove ability to scroll while in Design View. !29881. merge request note label URLs. !30428 (Lee t). default path when creating project from group template. !30597 (Lee t). that prevented k8s authentication with intermediate certificates. !31254 (Abdelrahman Mohamed). group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta). issuable listings with any label filter. !31729. Move prepend to last in ee-app-services. !31838 (Rajendra Kadam). Fallback to lowest visibility level in snippet visibility radio. !31847. Add class stubs and leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam). Remove usage of spam constants in spec. !31959 (Rajendra Kadam). leaky constant in uninstall progress service check. !32036 (Rajendra Kadam). leaky constant in commit entity spec. !32039 (Rajendra Kadam). leaky constant in task completion status spec
13.1.202 Jul 2020 07:25 minor security: (2020-07-01). ### Security (18 changes). Update xterm js dependency to latest stable 3.x version. Do not show activity for users with private profiles. stored XSS in markdown renderer. Upgrade swagger-ui to solve XSS. group deploy token API authorizations. Check access when sending TODOs related to merge requests. Change from hybrid to JSON cookies serializer. Prevent XSS in group name validations. Disable caching for wiki attachments. Disable Github Importer API by settings. null byte error in upload path. Update permissions for time tracking endpoints. Add snippet repository validation after bundle import. Update Kaminari gem. note author name rendering. Sanitize bitbucket repo urls to mitigate XSS. Stored XSS on the Error Tracking page. security when rendering issuable.
13.1.124 Jun 2020 13:05 minor bugfix: (2020-06-23). ### (4 changes). Missing templating vars set from URL in metrics dashboard. !34668. Edit status dropdown overflow. !34847. Load user before logging git http-requests. !34923. Do not mask key comments for DeployKeys. !35014. ### Added (1 change). Periodically recompute project authorizations. !34071.
13.0.407 Jun 2020 03:05 minor security: (2020-06-03). ### Security (1 change). Prevent fetching repository code with unauthorized ci token.
13.0.302 Jun 2020 18:05 minor bugfix: (2020-05-29). ### (8 changes, 1 of them is from the community). redirection to project snippets. !32530. Geo replication for design thumbnails. !32703. s downloading build artifacts. !32741. Auto DevOps manual rollout jobs not being allowed to fail. !32865. Update deprecated routes in irker integration. !32923 (Marc Jeanmougin). Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062. and MR API performance regression when Markdown cache is stale. !33235. when user created the. !33294.
8.0.516 Oct 2015 13:25 minor bugfix: Correct lookup-by-email for LDAP logins. Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.406 Oct 2015 23:25 minor bugfix: Message-ID header to be RFC 2111-compliant to prevent e-mails being dropped (Stan Hu). Referrals for :back and relative URL installs. Anchors to comments in diffs. - Remove CI token from build traces. - "Assign All" button on Runner admin page.
8.0.301 Oct 2015 03:15 minor bugfix: URL shown in Slack notifications. - where projects would appear to be stuck in the forked import state (Stan Hu). - Error 500 in creating merge requests with 1000 diffs (Stan Hu).
8.0.227 Sep 2015 03:15 minor bugfix: default avatar not rendering in network graph (Stan Hu). - Skip check_initd_configured_correctly on omnibus installs. - Prevent double-preing of help page paths. - Clarify confirmation text on user deletion. - Make commit graphs responsive to window width changes (Stan Hu). - top margin for sign-in button on public pages. - LDAP attribute mapping. - Remove git refs used internally by GitLab from network graph (Stan Hu). - Use standard Markdown font in Markdown preview instead of -width font (Stan Hu). - Reply by email for non-UTF-8 messages. - Add option to use StartTLS with Reply by email IMAP server.
8.0.023 Sep 2015 08:15 major feature: Continuous integration fully integrated (all tests, deployments, packaging). Completely new look and feel. Turbo Merges. 50 less space used. Reply by Email. Quick open in Gmail. Easily upload files in GitLab. Public user profile and group pages. Notification settings within the project s main page. GitLab 8.0 can be upgraded online. Better HTTP Support. Single Sign On to authenticate with Mattermost beta1. SSL Verification for Web Hooks.
7.527 Nov 2014 07:05 major feature: GitLab Community Edition 7.5 brings custom git hooks, various performance improvements, API extensions and better GitLab CI support.
7.222 Aug 2014 21:41 major feature: This release adds an "Explore" page, project stars, a Log for Sidekiq arguments. It adds better labels: colors, ability to rename and remove. Improves the way merge request collects diffs, compare page for large diffs. Exposes the full commit message via API. Fixes 500 error on repository rename, bug when MR download patch return invalid diff. Repository import timeout increased from 2 to 4 minutes allowing larger repos to be imported. The API adds support for labels, and the ability to set an import url when creating project for specific user.