Today we are releasing version 8.4.4 for GitLab Community Edition (CE) and Enterprise Edition (EE).
This version includes more fixes for Elasticsearch, a re-introduction of the "Send email to users" administration link that was mistakenly removed, and addresses one potential security issue concerning public CI build logs.
Read on for all the details!
In GitLab 8.3, we made CI build logs share the visibility level of their parent project for the sake of simplicity. However, we failed to properly document this change and some users may have been surprised by previously-hidden build logs suddenly becoming visible, possibly exposing sensitive information such as environment variables.
We've addressed this in 8.4.4 by adding a project-level setting to allow anyone (including guests) to access the build logs for a public or internal project. This setting is enabled by default but can be disabled for additional security. Build logs in private projects will still be visible only to members of that project.
If you enabled Elasticsearch indexing prior to this version, Snippets added since that time may not be properly indexed.
To ensure those Snippets are properly indexed, run one of the following commands:
# For Omnibus installations sudo gitlab-rails runner "Snippet.import" # For source installations cd /home/git/gitlab && sudo -u git -H bundle exec rails runner "Snippet.import"
This release includes an update to the
omniauth-saml gem (which itself includes an update to the
ruby-saml gem) in order to properly allow SAML responses that did not include an X.509 certificate in the response body; it now properly fetches the certificate indicated in the settings and uses that one to validate the response.
This release includes one minor database migration which can be run without causing any downtime.
Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a
To update, check out our update page.
Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.
Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.