In this month's release of GitLab 10.4 – the first of 2018 – we've added
capabilities to improve planning, testing, merge requests, and deployment. This
release also includes new security testing capabilities and the first iteration of
our Web IDE, part of our ambitious product vision for
Complete DevOps.
As part of Complete Devops, we want to offer powerful security tools out of the
box. We recently released static application security testing and are now
expanding that with
Dynamic Application Security Testing (DAST)
and
Static Application Security Testing (SAST) for Docker Containers.
DAST, SAST for Docker Containers, and Browser Performance Testing have also
been added as a best practice to Auto DevOps.
"If you can do it in less than two minutes, do it now" states the two-minute
rule of Getting Things Done.
Writing a small fix or correcting a typo should be fast, but this is rarely the
case when we need to stash changes and switch to a different context.
Delaying a fix or waiting to address feedback on a merge request increases
cycle time, and it's even worse for distributed teams where hours quickly become days,
all for avoiding a git stash
. The new editor, which is
the first release of the GitLab Web IDE,
makes it easier to contribute changes like these from the GitLab interface.
We've also shipped many exciting improvements this month to Epics, Merge
Requests, Geo, Runner, Git LFS, SSH, Monitoring, and Auto DevOps.
Read on to learn more about all of the key features shipped in 10.4!
Key improvements released in GitLab 10.4
Dynamic Application Security Testing (DAST)
Running static checks on your code is the first step to detect
vulnerabilities that can put the security of your code at risk.
Yet, once deployed, your application is exposed to a new category of
possible attacks, such as cross-site scripting or broken authentication
flaws.
Spotting problems automatically gets even better in GitLab 10.4, adding Dynamic
Application Security Testing (DAST) to audit a live version of your application,
for example the Review App created in a previous job, directly from your CI/CD pipeline.
Results are shown in the Merge Request to give easy access to them. Starting with GitLab 10.4.2,
Auto DevOps will run DAST automatically
against the Review Apps of your application.
Deprecations
End of support for the openSUSE 42.2 Omnibus package
GitLab 10.4 will be the last version to include support for openSUSE
42.2, as it will be officially discontinued by
January 16, 2018.
GitLab packages are now available for
openSUSE 42.3.
Planned removal date:
January 22, 2018.
Mattermost configuration changes
With the release of GitLab 11.0, the number of Mattermost configuration
options supported within gitlab.rb
will be reduced. We will continue to
support the
core configuration settings
necessary to run Mattermost, and set up the integration with GitLab.
Going forward, other configuration settings should be set directly within
the Mattermost console, or
passed as environment variables.
Presently with two applications attempting to write to the same config
file, changes can be lost.
Planned removal date:
GitLab 11.0.
The gitlab
Helm chart
The gitlab
Helm chart
is deprecated. For installations on Kubernetes today, we recommend the beta gitlab-omnibus
Helm chart.
A new cloud native GitLab chart is in development with increased scalability, resilience, and other benefits. This chart will replace both existing charts when available later this year.
For more information on GitLab Helm charts, please see our documentation.
Planned removal date:
March 22, 2018.
API V3
In GitLab 8.17 we
announced
the deprecation of API v3.
We are still seeing a high volume of traffic on GitLab.com using API v3
requests.
API v3 will be removed in GitLab 11 and we just wanted to ensure that
developers were migrating to API v4. Please refer to our
documentation that shows
changes between the two API versions.
Planned removal date:
GitLab 11.0
Removals
The complete list of all removed features can be viewed in the GitLab documentation.
Upgrade barometer
To upgrade to GitLab 10.4 from the latest 10.3 version, no downtime is
required. To upgrade without downtime, please consult the
documentation on downtimeless upgrades.
For this release we have migrations, post-deploy migrations, and background
migrations.
You can check the status of background migrations by running this command
from a Rails console: Sidekiq::Queue.new('background_migration').size