New features are regularly released to GitLab SaaS (GitLab.com), with a packaged release available for GitLab Self-Managed every month. Read on to learn more about the new features available on GitLab.com. Note that it may take a few days for a feature to become fully available on GitLab.com, due to deployment schedule and potential
feature flags.
Additional information on
past
releases is available; be sure to check out the
release for other features we've launched recently. We also have information about
upcoming releases
if you're interested in seeing what we are doing next.
Preview
Key improvements released in GitLab Preview
OpenAI GPT-5 is now available as a GitLab AI Vendor model when selecting a model for GitLab Duo Agent Platform. When configured by Owners of a top-level group on GitLab.com and instance Administrators on Self-Managed and Dedicated, end-users can select to use GPT-5 with GitLab Duo features. Top-level owners and administrators can continue to set organization-wide model preferences through namespace or instance settings, or allow end-user to choose from all available GitLab AI Vendor models.
To get started using GPT-5, select your preferred model from the model dropdown list in GitLab Duo Agentic Chat.
You can now add scripts to your CI/CD configurations to automate DAST authentication workflows. Authentication scripts enable automating complex authentication flows, including support for time-based, one-time passwords (OTP MFA).
This enhancement helps your team maintain critical security controls while conducting thorough, automated security scans. By supporting real-world authentication scenarios, scripts reduce friction and ensure accurate security assessments of production software.
You can now access a new personal homepage that consolidates all your important GitLab activities in one place, making it easier to pick up where you left off. The homepage brings together your to-do items, assigned issues, merge requests, review requests, and recently viewed content, helping you navigate GitLab’s large surface area and stay focused on what matters the most to you.
Misaligned markdown tables are difficult to read and edit, even though they render correctly.
The new Reformat table feature in the plain text editor’s toolbar realigns table
columns with a single click, preserving alignment settings and indentation. To use it:
Select any markdown table in wiki pages, issues, or merge requests.
From the More options menu, select Reformat table.
This makes documentation maintenance faster and collaboration easier when working with
complex tables.
New rules have been added to GitLab’s pipeline secret detection. Some existing rules have also been updated to improve quality and reduce false positives. These changes are released in version 7.15.0 of the secrets analyzer.
The vulnerabilities GraphQL API now exposes the original severity of vulnerabilities.
This allows you to determine what the severity of the vulnerability was before severity overrides were applied.
You can now use Mistral Codestral on Gitlab Duo Self-Hosted for classic Duo Chat. This model is supported for Gitlab Duo Self-Hosted customers on GitLab Self-Managed instances.
The Inactive tab now consistently displays all inactive items in one unified location across GitLab. This includes archived projects, projects pending deletion, and groups pending deletion.
This tab is available on the group overview page, as well as in group and project lists throughout Your work, Explore, and the Admin area.
All users with the appropriate permissions can view inactive items, while only group owners and project owners and maintainers can take further actions on them.
As part of this update, a new active parameter is now available in both the Projects and Groups REST APIs, and GraphQL APIs.
Managing inactive content is a critical part of maintaining a GitLab instance.
This update makes it easier to find and recover content that was archived or is pending deletion, allowing you to maintain better control over your GitLab resources while reducing the risk of accidentally losing valuable work.
The clear separation of active from inactive content also provides a more focused search experience when navigating through groups and projects across all areas of GitLab.
You can now use CI/CD variables in the environment:deployment_tier field, making it easier to dynamically configure deployment tiers based on pipeline conditions.
Pipeline secret detection alerts you to exposed credentials, like passwords or API keys, in your projects. However, until GitLab 18.5, you had to manually check whether each detection represented an active token. This could make effectively triaging detections difficult and time consuming.
Now that validity checks is in beta, enable it to display the status of detected GitLab secrets. Active secrets can be used to impersonate legitimate activity, so you should rotate them as soon as possible. To watch validity checks in action, see the validity checks playlist.
External controls can be attached to requirements when creating compliance frameworks in GitLab.
By default, GitLab automatically requests the status of external controls from external systems every 12 hours
during compliance scans, setting the control status to ‘pending’. External systems then respond by using the
external controls API to update the status to ‘pass’ or ‘fail’.
In GitLab 18.5, you can now disable this automatic 12-hour ping by turning off the Ping enabled setting when
configuring external controls. When the 12-hour ping is disabled:
GitLab will not automatically request status updates from external systems.
The external control displays a Disabled badge in the compliance framework UI.
You have complete control over when external control statuses are updated using the external controls API.
This prevents the system from resetting the external control statuses to ‘pending’ and gives you full control over
status update timing.
We’ve upgraded the Admin area groups list to provide a more consistent experience for GitLab administrators:
Delayed deletion protection: Group deletions now follow the same safe deletion flow used throughout GitLab, preventing accidental data loss.
Faster interactions: Filter, sort, and paginate groups without page reloads for a more responsive experience.
Consistent interface: The groups list now matches the look and behavior of other group lists across GitLab.
This update brings the administrator experience in line with GitLab design standards, and adds important safety features to protect your data. Future enhancements to group management will automatically appear in all group lists throughout the platform.
GitLab Duo Agent Platform is now in beta for GitLab Duo Self-Hosted. This feature is available to all Self-Managed GitLab Duo Enterprise customers. Self-Managed instance administrators using AWS Bedrock or Azure OpenAI can configure Anthropic Claude or OpenAI GPT models for use with GitLab Duo Agent Platform. Self-Hosted administrators can also configure compatible models to use with Gitlab Duo Agent Platform.
We’ve made changes to the group overview list to deliver a more consistent and efficient experience across GitLab.
These improvements make it easier to navigate your groups and projects while providing more valuable information at a glance:
Richer project information: Projects now display stars, forks, issues, merge requests, and relevant dates, giving you a complete activity overview at a glance.
Streamlined actions: Edit or delete groups and projects directly from the overview using the actions menu. Archived and pending deletion items appear in the Inactive tab.
Consistent experience: The group overview now matches the look and behavior of other group and project lists throughout GitLab for a more intuitive experience.
These enhancements save time by putting more information and actions at your fingertips. This update also lays the groundwork for future features like bulk editing and advanced filtering options.
