Today we are releasing version 8.4.4 for GitLab Community Edition (CE) and Enterprise Edition (EE).
This version includes more fixes for Elasticsearch, a re-introduction of the "Send email to users" administration link that was mistakenly removed, and addresses one potential security issue concerning public CI build logs.
Read on for all the details!
- CE/EE: Update omniauth-saml gem to 1.4.2 (!2684)
- CE/EE: Prevent long-running backup tasks from timing out the database connection (!2757)
- CE/EE: Add a Project setting to allow guests to view build logs (defaults to true)
- EE: Re-introduce "Send email to users" link in Admin area (!161)
- EE: Fix category values for Jenkins and JenkinsDeprecated services (!163)
- EE: Fix Elasticsearch indexing for newly added Snippets (!165)
- EE: Make Elasticsearch indexer more stable (!167)
- EE: Update gitlab-elasticsearch-git to 0.0.10 (!170)
Possible information leak via GitLab CI logs
In GitLab 8.3, we made CI build logs share the visibility level of their parent project for the sake of simplicity. However, we failed to properly document this change and some users may have been surprised by previously-hidden build logs suddenly becoming visible, possibly exposing sensitive information such as environment variables.
We've addressed this in 8.4.4 by adding a project-level setting to allow anyone (including guests) to access the build logs for a public or internal project. This setting is enabled by default but can be disabled for additional security. Build logs in private projects will still be visible only to members of that project.
Elasticsearch Snippet indexing
If you enabled Elasticsearch indexing prior to this version, Snippets added since that time may not be properly indexed.
To ensure those Snippets are properly indexed, run one of the following commands:
# For Omnibus installations sudo gitlab-rails runner "Snippet.import" # For source installations cd /home/git/gitlab && sudo -u git -H bundle exec rails runner "Snippet.import"
This release includes an update to the
omniauth-saml gem (which itself includes an update to the
ruby-saml gem) in order to properly allow SAML responses that did not include an X.509 certificate in the response body; it now properly fetches the certificate indicated in the settings and uses that one to validate the response.
This release includes one minor database migration which can be run without causing any downtime.
Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a
To update, check out our update page.
Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.
Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.