GitLab 18.4 released with GitLab Duo Model Selection and GitLab Knowledge Graph
GitLab 18.4 released with GitLab Duo Model Selection now generally available, GitLab Knowledge Graph, End user model selection now available with GitLab Duo, CI/CD job tokens can authenticate Git push requests and much more!
New as of September 23: We've introduced the GitLab Duo AI Catalog, a central library where teams can create, share, and collaborate with custom-built agents across their organization.
These are just a few highlights from the 24 improvements in this release. Read on to check out all of the great updates below.
To the wider GitLab community, thank you for the 136 contributions you provided to GitLab 18.4!
At GitLab, everyone can contribute and we couldn't have done it without you!
Q&A + Code: Exploring GitLab 18.4 and Growing the Contributor’s Garden
Tune in to the GitLab Developer Show, where we’ll dive into the latest features in GitLab 18.4 and share how we’re cultivating a thriving community of contributors. See features in action, get insights from our team, and discover how you can grow with GitLab.
Patrick Rice continues his exceptional dedication to GitLab’s open source community as contributor, maintainer,
and mentor.
A top 5 contributor
over the past year, Patrick maintains the GitLab Terraform Provider
and client-go projects,
handling feature additions, releases, issue triage, and community onboarding.
He embodies GitLab’s mission that everyone can contribute, having worked his way up from
contributor to project maintainer.
Patrick’s impact extends beyond code contributions to community building and coaching,
helping new contributors get started and grow in the project.
Patrick previously nominated and supported Heidi Berry who won the 17.11 Notable Contributor award.
He also shared insights with the GitLab for Education
team on working with students learning GitLab to help us grow the next generation of developers.
“I’d love to encourage new contributors to join us in collaborating on the Terraform Provider
and client-go projects,” Patrick says.
“We can always use more friendly faces in our community.”
“Patrick has continued relentlessly supporting the GitLab team and customers,” says Lee Tickett,
Staff Fullstack Engineer at GitLab, who nominated Patrick for the award.
Timo Furrer, Senior Backend Engineer at GitLab, supported the nomination.
“Apart from his daily contributions to the Terraform Provider and client-go,” Timo adds,
“he’s helping GitLab customers directly with their IaC journey by showcasing what is possible with the
GitLab Terraform Provider.”
GitLab Duo Model Selection is now generally available, giving organizations greater control over which AI models power their development workflows.
Owners of top-level groups on Gitlab.com and administrators on Self-Managed and Dedicated can now choose a specific model from a variety of GitLab AI model vendors for use with their GitLab Duo features, accessed through the GitLab-hosted AI gateway.
GitLab users that belong to multiple namespaces on GitLab.com can now also set a default namespace to ensure consistent AI model preferences across all development contexts. For more information on GitLab Duo Model Selection, read the blog.
The GitLab Knowledge Graph provides rich code intelligence across your codebase. Developers can understand and navigate their projects with greater context, making it easier to plan changes, perform impact analysis, and work with GitLab Duo agents to accelerate development tasks.
The GitLab Duo Agent Platform leverages the Knowledge Graph to increase the accuracy of AI agents. By mapping files and definitions across a codebase, the Knowledge Graph provides enhanced context that allows Duo agents to understand relationships across your entire local workspace—unlocking faster and more precise responses to complex questions.
This release of the Knowledge Graph focuses on local code indexing, where the CLI turns your codebase into a live, embeddable graph database for RAG. You can install it with a simple one-line script, parse local repositories, and connect via MCP to query your workspace.
Our vision for the Knowledge Graph project is two-fold: building a vibrant community edition that developers can run locally today, which will serve as the foundation for a future, fully integrated Knowledge Graph Service within GitLab.com and self-managed instances.
This feature is in beta status. Provide feedback in issue 160.
GitLab Duo model selection for end-users is now in public beta on Gitlab.com. Users can now select their preferred model for GitLab Duo Agentic Chat directly in the GitLab UI, giving developers personalized control over their AI assistance experience.
When allowed by namespace owners on GitLab.com, end-users can choose from available GitLab AI Vendor models for use with GitLab Duo Agentic Chat. Namespace owners can continue to set organization-wide model preferences through namespace settings, or allow end-user model selection.
To get started, look for the model dropdown in GitLab Duo Agentic Chat to select your preferred model. Note that changing models will start a fresh conversation, and your preferences will be remembered for future sessions.
You can now allow CI/CD job tokens generated in your project to authenticate Git push requests to the project’s repository. Enable this with the Job token permissions settings in the UI, or alternatively with the ci_push_repository_for_job_token_allowed parameter in the project’s REST API endpoint.
GitLab Duo context exclusion allows you to control which project content is excluded as context for GitLab Duo. This is helpful to protect sensitive information such as password files and configuration files. You can exclude individual files, specific directories, specific file types, or any combination of these.
This feature is currently in beta. Provide feedback on GitLab Duo context exclusion in issue 566244.
GitLab Dedicated now supports deployment in all AWS regions, enabling you to select from an expanded list of regions for your primary, secondary, and backup deployment location.
This expansion is enabled by AWS’s rollout of io2 disks across all regions, which meet GitLab Dedicated’s standards for high availability and disaster recovery.
All newly available regions can be selected when provisioning your GitLab Dedicated instance in Switchboard.
Previously, when using the pipeline editor and validating your changes using the Validate tab, you could only run a simulation for the default branch. In this release, we’ve expanded this capability. You can now select any branch to simulate pipelines against. This improvement gives you greater flexibility in testing and validating your pipelines. You can ensure they perform as expected across different cases, including your stable branches or feature branches.
You now have full control over your listing page view, choose which metadata appears and whether to open work items in a drawer, making it easier to focus on the information that matters most to you.
Previously, all metadata fields were always visible, which could make scanning through work items overwhelming. Now you can customize your view by turning on or off specific fields like assignees, labels, dates, and milestones.
With the new toggle that switches between the drawer view and full-page navigation you can quickly review details while maintaining context of your list, or open the full page when you need more screen space for detailed editing and comprehensive navigation.
You can now view all issues from child epics when filtering by a parent epic in issue boards, bringing consistency with how the Issues page already works. This improvement helps you better track and visualize your complete epic hierarchy without missing any issues nested in child epics, making your project management workflow more efficient and reliable.
Users with the Owner role for a group can now bypass user confirmation when reassigning placeholders to active enterprise users in that group. This way, enterprise users do not have to keep checking their emails to confirm reassignments. After the time limit for the setting is reached, email confirmation requests are sent again for all new reassignments.
Enterprise users still receive notification emails after the reassignment is complete, ensuring transparency throughout the process.
The GitLab container registry now supports the media types to
host OpenTofu modules and providers.
Version 3.1.0 of the
OpenTofu CI/CD component supports
a new provider-release template to deploy an OpenTofu provider into the GitLab registry
using the OCI format. Now, you can host private OpenTofu providers directly in GitLab.
In addition, the module-release template now supports a new type input that you can set to oci
to deploy the OpenTofu module in the GitLab registry using the OCI format.
Pipeline secret detection now automatically excludes certain file types and directories if they have a low likelihood of containing secrets, improving scan performance. These changes are released in analyzer version 7.11.0.
Every minute counts when you’re enabling security scans in your merge requests and pipelines.
We routinely ship performance improvements for Advanced SAST, targeting both the engine and its detection rules.
In this release, we’re highlighting a specific improvement that cuts scan runtime by as much as 78% in our benchmark and real-world tests.
We’ve added caching in a performance-sensitive part of the scanning process, leading to significantly faster scans in large repositories.
This improvement is automatically enabled in Advanced SAST analyzer version 2.9.6 and later.
You can see which analyzer version you’re using by checking scan job logs.
In GitLab 16.11, we added the artifacts:access keyword enabling users to control whether artifacts can be downloaded by all users with access to the pipeline, only users with the Developer role or higher, or no user at all.
In this release, you can now restrict who can download artifacts to only the Maintainer role or higher, giving you one more option for controlling who can download job artifacts.
You can now use group or application settings to enable automatic Duo Code Review for multiple projects. This can help you quickly enable Duo Code Review for all projects in a group, rather than individually enabling specific projects.
This feature is currently available in GitLab.com, and we plan to make it available for GitLab Self-Managed in a future release. Provide feedback in issue 517386.
We’ve replaced the “epic” filter on the Issues and Epics pages with a more flexible “parent” filter. This change lets you filter by any parent work item, not just epics. You can now easily find child tasks by filtering by their parent issue, or find issues by filtering by their parent epic, giving you better visibility into your work hierarchy across both issue and epic lists.
The GitLab plain text editor now includes the same formatting options as the rich text editor. The plain text editor toolbar has been updated with a “More options” menu that provides access to advanced formatting tools like:
Code blocks
Details blocks
Horizontal rules
Mermaid diagrams
PlantUML diagrams
Table of contents
Both editors now have consistent button placement and separators, making it easier to switch between editing modes while maintaining access to familiar formatting options.
We’re also releasing GitLab Runner 18.4 today! GitLab Runner is the highly-scalable build agent that runs your CI/CD jobs and sends the results back to a GitLab instance. GitLab Runner works in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab.
You can now configure Operational Container Scanning (OCS) to only return vulnerabilties at or above a certain severity level.
After you set a severity threshold, vulnerabilities below the severity you choose are no longer returned in the Vulnerability Report, API payloads, and other reporting mechanisms.
This can help you focus on the vulnerabilities you want to remediate.
We gratefully acknowledge this community contribution from John Walsh.
To learn more about contributing to GitLab, check out the Community Contribution program.
Version 7.12.0 of the secret detection analyzer adds significant improvements to the way Git commits are fetched. The analyzer now parses --depth and --since options passed from SECRET_DETECTION_LOG_OPTIONS, so you can further specify how many commits you want to scan. The analyzer also selects appropriate fetch strategies based on context, which prevents a known issue where potentially millions of commits were unnecessarily fetched, even with shallow depth configurations.
This enhancement reduces job timeouts, decreases resource consumption, and provides more predictable scan performance. Experience faster secret detection scans, especially in large repositories, with clearer logging that matches the actual fetching behavior.
When troubleshooting vulnerabilities that have been automatically resolved, and later redetected, it can be helpful to compare the current pipeline to the pipeline where the vulnerability was resolved.
If a vulnerability is automatically resolved, the vulnerability notes in the vulnerability details page now include the pipeline ID where it occurred.
GitLab Self-Managed customers with GitLab Duo Enterprise can now use additional supported models with Gitlab Duo. OpenAI GPT-5 is now supported on Azure OpenAI. Open source OpenAI GPT OSS 20B and 120B aer also now supported on vLLM and Azure OpenAI. To leave feedback on using these models with GitLab Duo Self-Hosted, see issue 523918.
GitLab Duo Code Review on GitLab Duo Self-Hosted is now generally available. Use Code Review on GitLab Duo Self-Hosted to accelerate your development process without compromising on data sovereignty. When Code Review reviews your merge requests, it identifies potential bugs and suggests improvements for you to apply directly. Use Code Review to iterate on and improve your changes before you ask a human to review. This feature includes support for Mistral, Meta Llama, Anthropic Claude, and OpenAI GPT model families.
The GitLab Duo AI Catalog is a centralized hub for discovering and managing AI agents that perform complex tasks like creating merge requests and answering technical questions. You can:
Browse agents created by the GitLab team and community.
Create custom agents for your projects.
Share agents across projects through GitLab Duo Chat (Agentic).
This feature is an experiment and controlled by the global_ai_catalog feature flag:
For GitLab.com, contact support to enable it for your group.
For GitLab Self-Managed, enable it in the Admin panel or use the Rails console with Feature.enable(:global_ai_catalog).
GitLab Duo Agent Platform now available on GitLab Duo Self-Hosted
GitLab Duo Self-Hosted customers can now access the GitLab Duo Agent Platform in experimental status. The GitLab Duo Workflow Service is now integrated into the existing self-hosted AI gateway Docker image and provides support for AI agents and workflow automation. Administrators can configure a single model for use across all agents.
For more information about the power of GitLab Duo Agent Platform, read the blog.
Bug fixes, performance improvements, and UI improvements
At GitLab, we’re dedicated to providing the best possible experience for our users. With every release, we work tirelessly to fix bugs, improve performance, and enhance UI. Whether you’re one of the over 1 million users on GitLab.com or using our platform elsewhere, we’re committed to making sure your time with us is smooth and seamless.
Click the links below to see all the bug fixes, performance enhancements, and UI improvements we’ve delivered in 18.4.
The GitLab Helm chart default configuration relies on Bitnami charts and container images for PostgreSQL and Redis.
Bitnami will discontinue these images from their free catalogs on September 29th, 2025. Brownouts taking down images temporarily started on August 28th, 2025.
GitLab chart bundles Bitnami’s PostgreSQL and Redis for demo and testing purposes only, so no production environments should be affected.
As a temporary solution, GitLab has migrated the chart configuration to the Bitnami legacy repository. However, unpatched GitLab chart environments (GitLab 17.11 and earlier, GitLab 18.0.5. GitLab 18.1.4, and GitLab 18.2.1 or earlier) will continue to pull images from the deprecated Bitnami repository, which will cause deployment failures after September 29th and may cause deployment failures during the brownout phase.
If you’re running an affected GitLab chart configuration, you must do one of the following:
- Migrate to a supported GitLab reference architecture.
- Upgrade to a patched chart version.
- Configure the legacy repository in your chart values. For an example, see merge request 4421.
We are still discussing alternatives and next steps.
We want to hear from you
Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.
Share your feedback