13.2.306 Aug 2020 22:05
### Security (12 changes).
Update kramdown gem to version 2.3.0.
Enforce 2FA on Doorkeeper controllers.
Revoke OAuth grants when a user revokes an application.
Refresh project authorizations when transferring groups.
Stop excess logs from failure to send invite email when group no longer exists.
Verify confirmed email for OAuth Authorize POST endpoint.
XSS in Markdown reference tooltips.
XSS in milestone tooltips.
xss vulnerability on jobs view.
Block 40-character hexadecimal branches.
Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled.
Update GitLab Runner Helm Chart to 0.18.2.
13.2.230 Jul 2020 10:25
### (3 changes).
Coerce repository_storages_weighted, removes repository_storages. !36376.
JiraImportUsersInput startAt field. !37492.
Provide better git error message when the user is unconfirmed. !37944.
### Changed (1 change).
Skip mass unconfirming users when send_user_confirmation_email setting is off. !38024.
13.2.022 Jul 2020 11:05
### Security (3 changes).
Unconfirm wrongfully verified email addresses and user accounts. !35492.
Make logrotate run as git user for source installations. !35519.
Replace misleading text in re-confirmation emails. !36634.
### Removed (7 changes, 2 of them are from the community).
Remove deprecated dashboard group milestone pages. !13237.
Removed UltraAuth integration for OmniAuth. !29330 (Kartikey Tanna).
Remove all search autocomplete for groups/projects/other. !31187.
Remove temporary datepicker position as it is no longer required. !31836 (Arun Kumar Mohan).
Remove the ability to customize the title and description of some integrations (zilla, Custom Tracker, Redmine, and YouTrack). !33298.
Drop deprecated _ANALYZER_IMAGE_PRE. !34325.
Remove Internet Explorer 11 specific polyfills. !36830.
### (300 changes, 79 of them are from the community).
Remove broken hyperlink from and reopen button. !22220 (Lee t).
'Active' checkbox text in Pipeline Schedule form to be a label. !27054 (Jonston Chan).
back button when switching MR tabs. !29862 (Lee t).
Remove ability to scroll while in Design View. !29881.
merge request note label URLs. !30428 (Lee t).
default path when creating project from group template. !30597 (Lee t).
that prevented k8s authentication with intermediate certificates. !31254 (Abdelrahman Mohamed).
group transfer service to deny moving group to its subgroup. !31495 (Abhisek Datta).
issuable listings with any label filter. !31729.
Move prepend to last in ee-app-services. !31838 (Rajendra Kadam).
Fallback to lowest visibility level in snippet visibility radio. !31847.
Add class stubs and leaky constant alert in query limit helper spec. !31949 (Rajendra Kadam).
Remove usage of spam constants in spec. !31959 (Rajendra Kadam).
leaky constant in uninstall progress service check. !32036 (Rajendra Kadam).
leaky constant in commit entity spec. !32039 (Rajendra Kadam).
leaky constant in task completion status spec
13.1.202 Jul 2020 07:25
### Security (18 changes).
Update xterm js dependency to latest stable 3.x version.
Do not show activity for users with private profiles.
stored XSS in markdown renderer.
Upgrade swagger-ui to solve XSS.
group deploy token API authorizations.
Check access when sending TODOs related to merge requests.
Change from hybrid to JSON cookies serializer.
Prevent XSS in group name validations.
Disable caching for wiki attachments.
Disable Github Importer API by settings.
null byte error in upload path.
Update permissions for time tracking endpoints.
Add snippet repository validation after bundle import.
Update Kaminari gem.
note author name rendering.
Sanitize bitbucket repo urls to mitigate XSS.
Stored XSS on the Error Tracking page.
security when rendering issuable.
13.1.124 Jun 2020 13:05
### (4 changes).
Missing templating vars set from URL in metrics dashboard. !34668.
Edit status dropdown overflow. !34847.
Load user before logging git http-requests. !34923.
Do not mask key comments for DeployKeys. !35014.
### Added (1 change).
Periodically recompute project authorizations. !34071.
13.0.407 Jun 2020 03:05
### Security (1 change).
Prevent fetching repository code with unauthorized ci token.
13.0.302 Jun 2020 18:05
### (8 changes, 1 of them is from the community).
redirection to project snippets. !32530.
Geo replication for design thumbnails. !32703.
s downloading build artifacts. !32741.
Auto DevOps manual rollout jobs not being allowed to fail. !32865.
Update deprecated routes in irker integration. !32923 (Marc Jeanmougin).
Change format of variables parameter in Prometheus proxy API for metrics dashboard. !33062.
and MR API performance regression when Markdown cache is stale. !33235.
when user created the. !33294.
8.0.516 Oct 2015 13:25
Correct lookup-by-email for LDAP logins.
Loading spinner sometimes not being hidden on Merge Request tab switches.
8.0.406 Oct 2015 23:25
Message-ID header to be RFC 2111-compliant to prevent e-mails being dropped (Stan Hu).
Referrals for :back and relative URL installs.
Anchors to comments in diffs.
- Remove CI token from build traces.
- "Assign All" button on Runner admin page.
8.0.301 Oct 2015 03:15
URL shown in Slack notifications.
- where projects would appear to be stuck in the forked import state (Stan Hu).
- Error 500 in creating merge requests with 1000 diffs (Stan Hu).
8.0.227 Sep 2015 03:15
default avatar not rendering in network graph (Stan Hu).
- Skip check_initd_configured_correctly on omnibus installs.
- Prevent double-preing of help page paths.
- Clarify confirmation text on user deletion.
- Make commit graphs responsive to window width changes (Stan Hu).
- top margin for sign-in button on public pages.
- LDAP attribute mapping.
- Remove git refs used internally by GitLab from network graph (Stan Hu).
- Use standard Markdown font in Markdown preview instead of -width font (Stan Hu).
- Reply by email for non-UTF-8 messages.
- Add option to use StartTLS with Reply by email IMAP server.
8.0.023 Sep 2015 08:15
Continuous integration fully integrated (all tests, deployments, packaging).
Completely new look and feel.
50 less space used.
Reply by Email.
Quick open in Gmail.
Easily upload files in GitLab.
Public user profile and group pages.
Notification settings within the project s main page.
GitLab 8.0 can be upgraded online.
Better HTTP Support.
Single Sign On to authenticate with Mattermost beta1.
SSL Verification for Web Hooks.
7.527 Nov 2014 07:05
GitLab Community Edition 7.5 brings custom git hooks, various performance
improvements, API extensions and better GitLab CI support.
7.222 Aug 2014 21:41
This release adds an "Explore" page, project stars, a Log for Sidekiq arguments. It adds better labels: colors, ability to rename and remove. Improves the way merge request collects diffs, compare page for large diffs. Exposes the full commit message via API. Fixes 500 error on repository rename, bug when MR download patch return invalid diff.
Repository import timeout increased from 2 to 4 minutes allowing larger repos to be imported.
The API adds support for labels, and the ability to set an import url when creating project for specific user.