Deprecations
DAST environment variable renaming and removal
GitLab 13.8 renames multiple environment variables to support their broader usage in different workflows. In GitLab 14.0, the old variables will be permanently removed and will no longer work. Any configurations using these variables must be updated to the new variable names. Any scans using these variables in GitLab 14.0 and later will fail to be configured correctly. These variables are:
- DAST_AUTH_EXCLUDE_URLS
will now be DAST_EXCLUDE_URLS
- AUTH_EXCLUDE_URLS
will now be DAST_EXCLUDE_URLS
- AUTH_USERNAME
will now be DAST_USERNAME
- AUTH_PASSWORD
will now be DAST_PASSWORD
- AUTH_USERNAME_FIELD
will now be DAST_USERNAME_FIELD
- AUTH_PASSWORD_FIELD
will now be DAST_PASSWORD_FIELD
- DAST_ZAP_USE_AJAX_SPIDER
will now be DAST_USE_AJAX_SPIDER
- DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED
will be removed, since the feature is being removed
Deprecation date:
Jun 22, 2021
Currently, GitLab supports:
- Text, JSON, and logstash log formatting for app logs.
- Text, JSON, and combined log formatting for access logs.
We will deprecate both logstash and combined, unifying the formatters for both app and access logs with only two options text (for development) and JSON.
Deprecation date:
January 22nd, 2021
Deprecate Container Registry logging hooks
The Container Registry currently supports logging hooks that can only be used for email notifications.
These days, alerts based on log entries are commonly handled by separate tools. As far as we know, none of our users rely on this functionality and it is not used at GitLab either. The implementation of this feature is tightly coupled with the underlying logging library, which is a limitation for our ability to switch dependencies without affecting the available features.
In an effort to simplify the registry features and configurations, we will drop support for logging hooks.
Deprecation date:
January 22nd, 2021
Deprecate Container Registry maxidle and maxactive Redis pool settings
Some of the configuration settings that we currently expose for the Redis connection pool are tied to the underlying Redis client and do not have an equivalent in alternative libraries. As we start working on improving the Redis integration, such as adding support for Sentinel, we decided to start working towards replacing the current Redis client dependency with a more feature-rich alternative that can be better supported. To do this, we need to replace the current Redis pool configuration settings that are tied to the current client library.
We intend to:
- Remove the
redis.pool.maxidle
and redis.pool.maxactive
settings.
- Add
redis.pool.size
(maximum number of connections), redis.pool.minidle
(minimum number of idle connections), and redis.pool.maxlifetime
(maximum amount of time a connection may be reused) settings.
Deprecation date:
January 22nd, 2021
Deprecate Container Registry support for Bugsnag
Bugsnag is one of the error reporting services supported by the Container Registry. As far as we know, none of our users rely on this service, and at GitLab we use Sentry. In an effort to simplify and consolidate the supported error reporting services, we intend to add support for Sentry and remove support for Bugsnag.
Deprecation date:
January 22nd, 2021
Deprecate Container Registry support for NewRelic
NewRelic is one of the error reporting services supported by the Container Registry. As far as we know, none of our users rely on this service, and at GitLab we use Sentry. In an effort to simplify and consolidate the supported error reporting services, we intend to add support for Sentry and remove support for NewRelic.
Deprecation date:
January 22nd, 2021
Deprecate Container Registry support for TLS 1.0 and 1.1
Support for TLS 1.0 and TLS 1.1 has been deprecated and removed for GitLab for security reasons. We will do the same for the GitLab Container Registry, which currently supports 1.0 (default), 1.1, 1.2, and 1.3. and defaults to 1.0.
We will deprecate support for TLS 1.0 and TLS 1.1, showing a warning log message when these are used. Support for these versions will be removed and TLS 1.2 will become the default.
Deprecation date:
January 22nd, 2021
Deprecate Gitaly support for TLS 1.0 and 1.1
Support for TLS 1.0 and TLS 1.1 has been deprecated and removed from GitLab for security reasons. We will do the same for Gitaly as there are cases where the minimum TLS version was not set and was therefore defaulted to TLS 1.0.
Gitaly will be configured to use TLS 1.2 at a minimum for all client and server-side connections.
Deprecation date:
January 22, 2021
Deprecate pulls that use v1 of the Docker registry API
GitLab is disabling pulls via the Docker registry v1 APIs on January 22nd, 2021. Deprecated by Docker in June, 2019, deprecating this feature allows the GitLab team to focus on features and fixes that provide you with more value and target current registry use cases.
Existing users of the v1 registry API on GitLab can move to the v2 registry API by completing the following steps:
- Update your Docker Engine to 17.12 or later so it is compatible with the v2 registry API.
- If you have content in GitLab that is in the v1 format, you can move it to the v2 format by using a newer Docker client (more recent than 1.12) to rebuild the image and push it to GitLab.
Deprecation date:
January 22nd, 2021
GitLab Runner installation to ignore the skel directory
In GitLab Runner 14.0, the installation process will ignore the skel
directory by default when creating the user home directory. Refer to issue #4845 for details.
Deprecation date:
Jun 22, 2021
Make pwsh the default shell for newly-registered Windows Runners
In GitLab Runner 13.2, PowerShell Core support was added to the Shell executor. In 14.0, pwsh
will be the default shell for newly-registered Windows runners. Windows CMD
will still be available as a shell option for Windows runners. Refer to issue #26419 for details.
Deprecation date:
Jun 22, 2021
Removal of legacy fields from DAST report
As a part of the migration to a common report format for all of the Secure scanners in GitLab, DAST is making changes to the DAST JSON report. Certain legacy fields are being deprecated in 13.8 and will be completely removed in 14.0. These fields are @generated
, @version
, site
, and spider
. This should not affect any normal DAST operation, but does affect users who consume the JSON report in an automated way and use these fields. Anyone impacted by these changes who needs these fields for business reasons is encouraged to open a new GitLab issue and explain the need.
For more information, see the removal issue.
Deprecation date:
Jun 22, 2021
Remove /usr/lib/gitlab-runner symlink from package
In GitLab Runner 13.3, a symlink was added from /user/lib/gitlab-runner/gitlab-runner
to /usr/bin/gitlab-runner
. In 14.0, we will remove this symlink and the runner will be installed in /usr/bin/gitlab-runner
. Refer to issue #26651 for details.
Deprecation date:
Jun 22, 2021
Remove DAST default template stages
In GitLab 14.0, the stages defined in the current DAST.gitlab-ci.yml
template will be removed to avoid the situation where the template overrides manual changes made by DAST users. This change is being made in response to customer issues where the stages in the template cause problems when used with customized DAST configurations. Because of this removal, gitlab-ci.yml
configurations that do not specify a dast
stage must be updated to include this stage.
In GitLab 13.8, the stages are deprecated and the changes to remove them from the template are included in the DAST.latest.gitlab-ci.yml
template. Anyone can test and see if any changes are needed in their configuration files.
Deprecation date:
Jun 22, 2021
Remove FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL feature flag
In GitLab Runner 13.1, issue #3376, we introduced sigterm
and then sigkill
to a process in the Shell executor. We also introduced a new feature flag, FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL
, so you can use the previous process termination sequence. In GitLab Runner 14.0, issue #6413, we will remove the feature flag.
Deprecation date:
Jun 22, 2021
Remove FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER feature flag
In GitLab Runner 14.0, we will remove the FF_USE_GO_CLOUD_WITH_CACHE_ARCHIVER
feature flag. Refer to issue #27175 for details.
Deprecation date:
Jun 22, 2021
Remove Ubuntu 19.10 (Eoan Ermine) package
Ubuntu 19.10 (Eoan Ermine) reached end of life on Friday, July 17, 2020. In GitLab Runner 14.0, we will remove the Ubuntu 19.10 (Eoan Ermine) from our package distribution. Refer to issue #26036 for details.
Deprecation date:
Jun 22, 2021
Remove legacy DAST domain validation
Starting with GitLab 13.8, the current method of DAST Domain Validation for CI/CD scans is deprecated. In GitLab 14.0, the legacy DAST validation method will be removed. This method of domain validation only disallows scans if the DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED
environment variable is set to true
in the gitlab-ci.yml
file, and a Gitlab-DAST-Permission
header on the site is not set to allow
. This two-step method created a situation in which users had to opt-in to using the variable before they could opt-out from using the header. For users concerned about protecting a site against a full, active scan, permission for a GitLab DAST scan can still be revoked by adding to any website a Gitlab-DAST-Permission
header with a value of deny
. This continues to block GitLab DAST scans attempted against any website that includes this HTTP header.
For more information, see the removal issue.
Deprecation date:
Jun 22, 2021
Remove off peak time mode configuration for Docker Machine autoscaling
In GitLab Runner 13.0, issue #5069, we introduced new timing options for the GitLab Docker Machine executor. In GitLab Runner 14.0, we plan to remove the old configuration option, off peak time mode.
Deprecation date:
Jun 22, 2021
Remove success and failure for finished build metric conversion
In GitLab Runner 13.5, we introduced failed
and success
states for a job. To support Prometheus rules, we chose to convert success/failure
to finished
for the metric. In 14.0, we will remove the conversion. Refer to issue #26900 for details.
Deprecation date:
Jun 22, 2021
Remove translation from step_script to build_script in custom executor
In GitLab Runner 13.2 a translation for step_script
to build_script
was added to the custom executor. In 14.0 the ‘build_script’ stage will be replaced with ‘step_script`. Refer to issue #26426 for details.
Deprecation date:
Jun 22, 2021