Blog Product A guide to the high-impact breaking changes in GitLab 17.0
Published on April 10, 2024
6 min read

A guide to the high-impact breaking changes in GitLab 17.0

Find, assess, and mitigate the impact of deprecations and breaking changes in this year’s major release.


GitLab 17.0 is coming on May 16. This version, a major release, will include many exciting improvements to GitLab, but also removes some deprecated features. Visit the Deprecations page to see what is scheduled for removal in 17.0 and keep reading for an overview of the highest impact removals.

Additionally, this year we are introducing three windows during which we expect breaking changes to be enabled on

  • 2024-04-22 09:00 UTC to 2024-04-24 22:00 UTC

  • 2024-04-29 09:00 UTC to 2024-05-01 22:00 UTC

  • 2024-05-06 09:00 UTC to 2024-05-08 22:00 UTC

Note: Some breaking changes may fall slightly outside of these windows in exceptional circumstances.

Update: We have created a public issue with more details about which changes should land in which windows.

High-impact breaking changes in GitLab 17.0

We have identified the following high-impact removals in 17.0. We define “high impact” as potentially disrupting critical workflows, such as continuous integration (CI), continuous deployment (CD), compliance, or the availability of the instance. That’s why we suggest you should prioritize these breaking changes first when preparing for the major release. While you can find detailed information on each breaking change in the linked documentation, we’ve provided some notes about the affected features and potential impact in this overview.

Self-managed deployment

  • Postgres 13 deprecated
    • Impacts all self-managed customers. Failing to upgrade to Postgres 14 will break the deployment.
    • Postgres 14 is already supported starting from GitLab 16.2.0.
  • omniauth-azure-oauth2 gem is deprecated
    • Impacts self-managed customers who use the omniauth-azure-oauth2 provider for authentication.
    • Without migration to omniauth_openid_connect, users will no longer be able to sign in using the Azure login button.
  • Min concurrency and max concurrency in Sidekiq options
    • Impacts GitLab deployments that have sidekiq['min_concurrency'] and sidekiq['max_concurrency'] configured in their gitlab.rb.
    • Failure to migrate will break the deployment.



  • The pull-based deployment features of the GitLab agent for Kubernetes is deprecated

    • Impacts projects using the GitLab agent for Kubernetes for deployments.
    • The change may break CD workflows relying on the GitLab agent for Kubernetes.
    • The agent itself is not deprecated and still used for a number of features, like communicating with the cluster, its API endpoints and pushing information about events in the cluster to GitLab.
  • Agent for Kubernetes option ca-cert-file renamed

    • Impacts customers installing Kubernetes agents behind a self-signed certificate.
    • The change may impact CD workflows relying on connecting Kubernetes clusters to GitLab via the agent.


  • Upgrading the operating system version of GitLab SaaS runners on Linux

    • Impacts pipelines using saas-linux-*-amd64 tagged shared runners on that use outdated Docker-in-Docker or Kaniko versions.
    • The outdated versions will be unable to detect the container runtime and fail, breaking the pipeline.
  • Deprecating Windows Server 2019 in favor of 2022

    • Impacts pipelines using shared-windows and windows-1809 tagged shared runners on
    • Affected jobs will not be picked up by runners, thus blocking the pipeline.
    • You can identify affected jobs by searching for the deprecated tags in your .yml files.
  • Removal of tags from small SaaS runners on Linux

    • Impacts pipelines using shared runners tagged docker, east-c, gce, git-annex, linux, mongo, mysql, ruby, or shared on
    • Affected jobs will not be picked up by runners, thus blocking the pipeline.
    • You can identify affected jobs by searching for the deprecated tags in your .yml files.

Ultimate only

  • Security policy fields newly_detected and match_on_inclusion are deprecated

    • Impacts groups and projects that have merge request approval policies (previously: scan result policies) enabled and use the deprecated keywords.
    • Without migration, the rules enforced by the policies will stop working, causing potential compliance violations.
  • Required Pipeline Configuration is deprecated

    • Impacts Ultimate self-managed customers using required pipeline configuration.
    • Without migration, the required configuration will no longer be used by projects, impacting all pipelines that are run on the instance.
  • Proxy-based DAST is deprecated

    • Impacts projects that are using DAST with the variable DAST_BROWSER_SCAN set to false.
    • Without migration, DAST scans in existing pipelines will fail.
    • Follow the recommended changes outlined in the DAST migration guide to ensure DAST can continue scanning your applications.

See all removals in GitLab 17.0

For more detailed information and to see all the removals coming up in this year's major release, please visit the Deprecations page.

Live demo! Discover the future of AI-driven software development with our GitLab 17 virtual launch event. Register today!

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert