GitLab
詳細情報
| タイトル | GitLab |
|---|---|
| URL | https://about.gitlab.com/ |
| バージョン | ver 18.10.0 |
| 更新日 | 2026/03/19 |
| 追加日 | 2016/02/23 |
| 種別 | フリーソフト |
| 説明 | GitHubのようなサービスをローカルで提供することができるGitリポジトリ管理ソフト。 |
レビュー
概要
GitLabは、ソフトウェア開発ライフサイクル全体を統合したDevSecOpsプラットフォームです。2011年9月、ウクライナ人プログラマーのDmitry Zaporozhetsが個人プロジェクトとして開発を開始しました。自身が「モダンなオープンソースのGitリポジトリ管理ツールがない」と感じたことがきっかけで、Ruby on Railsで実装されました。毎月22日に定期リリースを行う慣習は創業当初から続いています。
2012年にSid Sijbrandijがコーポレートとして法人化に参加し、CEOとして商業化を推進。Community Edition(CE)のオープンソースモデルを維持しつつ、Enterprise Edition(EE)を追加することで、オープンコアモデルでビジネスを展開しています。現在は5,000万人以上のユーザーが利用する大規模プラットフォームへ成長し、2021年にはNasdaq(GTLB)に上場しました。
主要な特徴・機能
- Gitリポジトリ管理: コードのホスティング・ブランチ管理・マージリクエスト
- CI/CD: 継続的インテグレーション・継続的デリバリーのパイプラインを内蔵
- DevSecOps統合: SAST・SCA・Secret Detection・DASTなどのセキュリティスキャンを開発フローに統合
- イシュートラッカー: バグ管理・プロジェクト計画・マイルストーン管理
- コンテナレジストリ: Dockerイメージの管理・配布
- Kubernetes連携: コンテナオーケストレーション環境との統合
- AI機能(GitLab Duo): コード補完・セキュリティ分析・自動化を支援するAIエージェント
- セルフホスト対応: 自社サーバーでのオンプレミス運用が可能
対象ユーザー
- オープンソースプロジェクトの開発チーム(Community Edition)
- CI/CDやセキュリティ検査を統合した開発環境を必要とする企業(Enterprise Edition)
- GitHubの代替としてセルフホストを希望する組織・エンジニアリングチーム
- 金融・公共・通信・航空宇宙など厳格なコンプライアンスが求められる業界
ライセンス情報
GitLabはオープンコアモデルを採用しています。
- Community Edition(CE): MITライセンスで提供される無料のオープンソース版
- Enterprise Edition(EE): 有償のプレミアム機能を追加したエンタープライズ向け有料版(Free・Premium・Ultimateの各プランあり)
セルフホスト版のほか、GitLab.comによるSaaS(クラウド)版も提供されています。
スクリーンショット
スクリーンショットはありません。
更新グラフ
バージョン履歴
## 18.10.0 (2026-03-18)
### Added (168 changes)
- [Add #find_by_id_through_partition to Ci::Pipeline](https://gitlab.com/gitlab-org/gitlab/-/commit/e50279cb8c263618676cbd40b18f1c7148d881e1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227539))
- [Prevent use of REST lifecycle terms in free text fields](https://gitlab.com/gitlab-org/gitlab/-/commit/976400012a66f51c39bc8ccde080027efad5df64) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226633))
- [Add separate queue for backfilling](https://gitlab.com/gitlab-org/gitlab/-/commit/560b49d28f5bca7d6a1a7b952eee080e671dd9f9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225666)) **GitLab Enterprise Edition**
- [Adds work_item_type_ids filter to GraphQL](https://gitlab.com/gitlab-org/gitlab/-/commit/ac180ce161e0bc0876e25a21bbdc0058e35b811f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225863))
- [Create offline transfer route and controller](https://gitlab.com/gitlab-org/gitlab/-/commit/91533d07e7b47e0bae48be615a32b6f05ff58667) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223795))
- [Show custom WI types within Custom Fields config](https://gitlab.com/gitlab-org/gitlab/-/commit/32df95a8cc3e10d37d7aeef172f67e2cdc3cccd4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227347)) **GitLab Enterprise Edition**
- [Add Vulnerabilities Over Time chart to PDF export](https://gitlab.com/gitlab-org/gitlab/-/commit/e03c6c96ed00f2f0a50c5da5758e84d7ae14cf70) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227283)) **GitLab Enterprise Edition**
- [Add override action display to policy drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/2a1a2b843143fda7a1180b504a2aa9c9530c0091) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226786)) **GitLab Enterprise Edition**
- [Add OmniauthOpenIdConnect strategy](https://gitlab.com/gitlab-org/gitlab/-/commit/363b05b9c0cc947fafc28fb5d04f77cc34df69b0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227022))
- [Add linkedWorkItems field to MergeRequest GraphQL type](https://gitlab.com/gitlab-org/gitlab/-/commit/0ed2ea69cb8f05245e0b26187f6e7ab4c0e96c75) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223761))
- [Add filter bar to Usage Billing user details page](https://gitlab.com/gitlab-org/gitlab/-/commit/6848639e66df60c5e8a5a7f51bd96276871741e5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225604)) **GitLab Enterprise Edition**
- [Add migrations](https://gitlab.com/gitlab-org/gitlab/-/commit/678abb91d25b1868bf8a5d4fb831e024fee89ca0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225703))
- [Redirect issue/epic creation to work item when consolidated list enabled](https://gitlab.com/gitlab-org/gitlab/-/commit/6d1e0469b3a8e034a8ca1dd514c45c5863b63b62) by @kassio ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219392))
- [Add support for archiving/unarchiving work item types](https://gitlab.com/gitlab-org/gitlab/-/commit/a6b9f5702bbb64e4f245939c55fc2aef81d6e42a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225886)) **GitLab Enterprise Edition**
- [Add /dashboard/work_items route with RSS and calendar support](https://gitlab.com/gitlab-org/gitlab/-/commit/06cf07e7012a6884d24006aecb65298983d033c5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227147))
- [Add index on vuln_occ_id on sbom_occurrence_vulnerabilities](https://gitlab.com/gitlab-org/gitlab/-/commit/6f0b1122a15d65ddb22456b15bec398631359a52) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226878))
- [Add background migration to delete CI pipeline placeholder references](https://gitlab.com/gitlab-org/gitlab/-/commit/cf434d835eebad1eac03cca4021cb1d64ead04a7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226159))
(省略されました)
### Added (168 changes)
- [Add #find_by_id_through_partition to Ci::Pipeline](https://gitlab.com/gitlab-org/gitlab/-/commit/e50279cb8c263618676cbd40b18f1c7148d881e1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227539))
- [Prevent use of REST lifecycle terms in free text fields](https://gitlab.com/gitlab-org/gitlab/-/commit/976400012a66f51c39bc8ccde080027efad5df64) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226633))
- [Add separate queue for backfilling](https://gitlab.com/gitlab-org/gitlab/-/commit/560b49d28f5bca7d6a1a7b952eee080e671dd9f9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225666)) **GitLab Enterprise Edition**
- [Adds work_item_type_ids filter to GraphQL](https://gitlab.com/gitlab-org/gitlab/-/commit/ac180ce161e0bc0876e25a21bbdc0058e35b811f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225863))
- [Create offline transfer route and controller](https://gitlab.com/gitlab-org/gitlab/-/commit/91533d07e7b47e0bae48be615a32b6f05ff58667) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223795))
- [Show custom WI types within Custom Fields config](https://gitlab.com/gitlab-org/gitlab/-/commit/32df95a8cc3e10d37d7aeef172f67e2cdc3cccd4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227347)) **GitLab Enterprise Edition**
- [Add Vulnerabilities Over Time chart to PDF export](https://gitlab.com/gitlab-org/gitlab/-/commit/e03c6c96ed00f2f0a50c5da5758e84d7ae14cf70) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227283)) **GitLab Enterprise Edition**
- [Add override action display to policy drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/2a1a2b843143fda7a1180b504a2aa9c9530c0091) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226786)) **GitLab Enterprise Edition**
- [Add OmniauthOpenIdConnect strategy](https://gitlab.com/gitlab-org/gitlab/-/commit/363b05b9c0cc947fafc28fb5d04f77cc34df69b0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227022))
- [Add linkedWorkItems field to MergeRequest GraphQL type](https://gitlab.com/gitlab-org/gitlab/-/commit/0ed2ea69cb8f05245e0b26187f6e7ab4c0e96c75) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223761))
- [Add filter bar to Usage Billing user details page](https://gitlab.com/gitlab-org/gitlab/-/commit/6848639e66df60c5e8a5a7f51bd96276871741e5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225604)) **GitLab Enterprise Edition**
- [Add migrations](https://gitlab.com/gitlab-org/gitlab/-/commit/678abb91d25b1868bf8a5d4fb831e024fee89ca0) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225703))
- [Redirect issue/epic creation to work item when consolidated list enabled](https://gitlab.com/gitlab-org/gitlab/-/commit/6d1e0469b3a8e034a8ca1dd514c45c5863b63b62) by @kassio ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219392))
- [Add support for archiving/unarchiving work item types](https://gitlab.com/gitlab-org/gitlab/-/commit/a6b9f5702bbb64e4f245939c55fc2aef81d6e42a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/225886)) **GitLab Enterprise Edition**
- [Add /dashboard/work_items route with RSS and calendar support](https://gitlab.com/gitlab-org/gitlab/-/commit/06cf07e7012a6884d24006aecb65298983d033c5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227147))
- [Add index on vuln_occ_id on sbom_occurrence_vulnerabilities](https://gitlab.com/gitlab-org/gitlab/-/commit/6f0b1122a15d65ddb22456b15bec398631359a52) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226878))
- [Add background migration to delete CI pipeline placeholder references](https://gitlab.com/gitlab-org/gitlab/-/commit/cf434d835eebad1eac03cca4021cb1d64ead04a7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/226159))
(省略されました)
## 18.9.2 (2026-03-10)
### Added (1 change)
- [Support default AI access rules](https://gitlab.com/gitlab-org/security/gitlab/-/commit/54ad755d436bf21a4cfc2c1bb401571d03574ef1) **GitLab Enterprise Edition**
### Fixed (1 change)
- [Stop unblocking policy approvals when security jobs get canceled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/37b4ff3279db044471e9417455c83f9fafea039e) **GitLab Enterprise Edition**
### Changed (1 change)
- [Add backtrace to placeholder user reassignment failure logs](https://gitlab.com/gitlab-org/security/gitlab/-/commit/22887e27b25ceff6e7cc4b7c6d450b7c82ba8aa4)
### Security (14 changes)
- [Add CRLF injection protection to gitlab-http gem](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a1202533f4411662c619bc301e9162c781281430) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5839))
- [Allow HEAD requests to archive endpoints without generating archives](https://gitlab.com/gitlab-org/security/gitlab/-/commit/da4bb345a57e8f593bcce0f6bd7e4fd2c3883e0b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5855))
- [Remove branches with invalid ref names after import](https://gitlab.com/gitlab-org/security/gitlab/-/commit/151ddddbb53286da9ad95a5a59acca3e4f9e198a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5835))
- [Revoke read access to virtual registry through project membership](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4b7c24739c23e628a8a11449efb033216c78083a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5852))
- [Add recursion depth and string size limits to GraphQL variables](https://gitlab.com/gitlab-org/security/gitlab/-/commit/1a5928809b5debd3929af99385f8487e4082deee) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5842))
- [ReferenceRedactor: don't feed href directly back into HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ba625ef7c9a6c8e3e9cf97e7dccfb3aa4b846dad) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5780))
- [Hide job details when repository option is disabled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7176d2ea496daa01706e99d8db0c2b1b6ffea65a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5812))
- [Limit request rate and response length of webhook retry endpoint](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4ab43ff415b23ffcb32a7c5498f6d88185af2462) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5815))
- [Limit webhook custom header key length to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/0354e9afae1af3d4f7a89b9ddcd4187ce49fb5f1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5820))
- [Prevent label creation on unrelated projects on import](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4bd49b9f08e1ea4953a11cd9ff157b72483ac992) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5826))
- [Use MarkupHelper.markdown_field when exposing *_html fields in API](https://gitlab.com/gitlab-org/security/gitlab/-/commit/363c72c8e11e307ef15279f508917b8a25fedd86) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5800))
(省略されました)
### Added (1 change)
- [Support default AI access rules](https://gitlab.com/gitlab-org/security/gitlab/-/commit/54ad755d436bf21a4cfc2c1bb401571d03574ef1) **GitLab Enterprise Edition**
### Fixed (1 change)
- [Stop unblocking policy approvals when security jobs get canceled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/37b4ff3279db044471e9417455c83f9fafea039e) **GitLab Enterprise Edition**
### Changed (1 change)
- [Add backtrace to placeholder user reassignment failure logs](https://gitlab.com/gitlab-org/security/gitlab/-/commit/22887e27b25ceff6e7cc4b7c6d450b7c82ba8aa4)
### Security (14 changes)
- [Add CRLF injection protection to gitlab-http gem](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a1202533f4411662c619bc301e9162c781281430) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5839))
- [Allow HEAD requests to archive endpoints without generating archives](https://gitlab.com/gitlab-org/security/gitlab/-/commit/da4bb345a57e8f593bcce0f6bd7e4fd2c3883e0b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5855))
- [Remove branches with invalid ref names after import](https://gitlab.com/gitlab-org/security/gitlab/-/commit/151ddddbb53286da9ad95a5a59acca3e4f9e198a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5835))
- [Revoke read access to virtual registry through project membership](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4b7c24739c23e628a8a11449efb033216c78083a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5852))
- [Add recursion depth and string size limits to GraphQL variables](https://gitlab.com/gitlab-org/security/gitlab/-/commit/1a5928809b5debd3929af99385f8487e4082deee) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5842))
- [ReferenceRedactor: don't feed href directly back into HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ba625ef7c9a6c8e3e9cf97e7dccfb3aa4b846dad) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5780))
- [Hide job details when repository option is disabled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7176d2ea496daa01706e99d8db0c2b1b6ffea65a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5812))
- [Limit request rate and response length of webhook retry endpoint](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4ab43ff415b23ffcb32a7c5498f6d88185af2462) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5815))
- [Limit webhook custom header key length to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/0354e9afae1af3d4f7a89b9ddcd4187ce49fb5f1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5820))
- [Prevent label creation on unrelated projects on import](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4bd49b9f08e1ea4953a11cd9ff157b72483ac992) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5826))
- [Use MarkupHelper.markdown_field when exposing *_html fields in API](https://gitlab.com/gitlab-org/security/gitlab/-/commit/363c72c8e11e307ef15279f508917b8a25fedd86) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5800))
(省略されました)
## 18.9.1 (2026-02-24)
### Added (1 change)
- [Use namespace opt-in setting for extended logging](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e671a7ddc0a56561bc504a969113ff6fbcef7ecf) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix adding flows when member invites are disabled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bfb85dbc3244e8a3e1f28d3122a0a7804c843a3f) **GitLab Enterprise Edition**
- [Fix semantic code search for Premium plans](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f5a52d57dc42f94cd1472ba94399641b89d11e57) **GitLab Enterprise Edition**
- [Bypass group membership lock for service accounts](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b1b855ee0ce67a2c4ddd870b2b27d590175d4e03) **GitLab Enterprise Edition**
### Security (9 changes)
- [Add rate limiting to bb server importer](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8cb6aacb41313a94e897d7685d639b8214b277e4) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5788))
- [Limit the number of paths segments in URI](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f1e6a7c37f96b850a4d1c6f689190a5c8beef431) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5775))
- [Add package protection rule check to Conan authorize endpoints](https://gitlab.com/gitlab-org/security/gitlab/-/commit/93b8165f1fd0f69a11562b86348c9516ec8fe144) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5787))
- [Add maximum length validation to pipeline trigger description](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a65d14b5c5b8c51a815cebd704911799e0f271f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5778))
- [Register new mime type for json validation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2898a9d5101baaae116f94f59da09b45547358eb) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5786))
- [Check MAXIMUM_SIZE_OF_ROUTING_PAYLOAD in routable_payload decode](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f50ec6d0425aace3f706e032c27c7086b498af44) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5783))
- [Validate relative URL root path in mermaid](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2cc217395de34b2066f6e3e8ca12d832d20087) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5781))
- [Limit JWT token size in Jira Connect events to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/db86c6eba71dd2cee890d9714b9f5ef2fa33b33e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5774))
- [Added pipeline variables permissions check to retry job](https://gitlab.com/gitlab-org/security/gitlab/-/commit/0c1ce6569fd1873af8c74b038c8f86ab4a462d84) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5770))
## 18.8.5 (2026-02-24)
### Fixed (5 changes)
(省略されました)
### Added (1 change)
- [Use namespace opt-in setting for extended logging](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e671a7ddc0a56561bc504a969113ff6fbcef7ecf) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix adding flows when member invites are disabled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bfb85dbc3244e8a3e1f28d3122a0a7804c843a3f) **GitLab Enterprise Edition**
- [Fix semantic code search for Premium plans](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f5a52d57dc42f94cd1472ba94399641b89d11e57) **GitLab Enterprise Edition**
- [Bypass group membership lock for service accounts](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b1b855ee0ce67a2c4ddd870b2b27d590175d4e03) **GitLab Enterprise Edition**
### Security (9 changes)
- [Add rate limiting to bb server importer](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8cb6aacb41313a94e897d7685d639b8214b277e4) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5788))
- [Limit the number of paths segments in URI](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f1e6a7c37f96b850a4d1c6f689190a5c8beef431) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5775))
- [Add package protection rule check to Conan authorize endpoints](https://gitlab.com/gitlab-org/security/gitlab/-/commit/93b8165f1fd0f69a11562b86348c9516ec8fe144) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5787))
- [Add maximum length validation to pipeline trigger description](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a65d14b5c5b8c51a815cebd704911799e0f271f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5778))
- [Register new mime type for json validation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2898a9d5101baaae116f94f59da09b45547358eb) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5786))
- [Check MAXIMUM_SIZE_OF_ROUTING_PAYLOAD in routable_payload decode](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f50ec6d0425aace3f706e032c27c7086b498af44) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5783))
- [Validate relative URL root path in mermaid](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2cc217395de34b2066f6e3e8ca12d832d20087) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5781))
- [Limit JWT token size in Jira Connect events to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/db86c6eba71dd2cee890d9714b9f5ef2fa33b33e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5774))
- [Added pipeline variables permissions check to retry job](https://gitlab.com/gitlab-org/security/gitlab/-/commit/0c1ce6569fd1873af8c74b038c8f86ab4a462d84) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5770))
## 18.8.5 (2026-02-24)
### Fixed (5 changes)
(省略されました)
## 18.9.0 (2026-02-18)
### Added (194 changes)
- [Adds GraphQL mutations to clear maven cache](https://gitlab.com/gitlab-org/gitlab/-/commit/59c88cc71cb4fe8e7e7360e31a453839a249c80b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223152))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/bf35db522266907404be64debaa6a689243b167d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223509))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/752b98ca0f387897018a6b04e321c2c0674762a8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223508))
- [MR reports security scan: add Resolve with AI](https://gitlab.com/gitlab-org/gitlab/-/commit/ca674d9f04de580bd7bd4baf51db4e8c55eb4774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221765))
- [Constrain organization_id NOT NULL](https://gitlab.com/gitlab-org/gitlab/-/commit/69f0b2f955f7dec25d0b030b6bf913e88116c660) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222741))
- [Enable vulnerabilities by age chart by default](https://gitlab.com/gitlab-org/gitlab/-/commit/3e18fdbe807a64bbdc263efb51843eebc292fa94) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223321)) **GitLab Enterprise Edition**
- [Address feedback for profile notification follow-up](https://gitlab.com/gitlab-org/gitlab/-/commit/81dcb33e02f6b1b6d02de98f56e136700bfad337) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222834)) **GitLab Enterprise Edition**
- [Add worker to trigger off secret detection FP workflow](https://gitlab.com/gitlab-org/gitlab/-/commit/0ad7cc99e7b9df64a6f1a0c086237c2f5be19890) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222706)) **GitLab Enterprise Edition**
- [Expose `foundational` field on all item types](https://gitlab.com/gitlab-org/gitlab/-/commit/0e4f8ceb4f2b13035255f92b5192a42d84b108b5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222945)) **GitLab Enterprise Edition**
- [Exclude secrets_fp_detection from CI rate limiting](https://gitlab.com/gitlab-org/gitlab/-/commit/7640a3e927a84e35f17bf6af1c500879547961ed) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223239))
- [Add cursor batch as default BBM](https://gitlab.com/gitlab-org/gitlab/-/commit/926d0130cc52264481fd9fb30682584b7f892fb9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216191))
- [Enable the `dap_onboarding_empty_states` feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/ee9e090e291438cc6d0fcea2fb6740d454900147) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223247)) **GitLab Enterprise Edition**
- [Add Redis key helpers and trust flag infrastructure](https://gitlab.com/gitlab-org/gitlab/-/commit/356b2e0f89619a7b1462bc8774e23463b026e756) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221498))
- [Enable security dashboard feature flags by default](https://gitlab.com/gitlab-org/gitlab/-/commit/5555426c17c1cb464f5d16598b4d609a48cf5a4b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223031)) **GitLab Enterprise Edition**
- [Add rebase option to project setting](https://gitlab.com/gitlab-org/gitlab/-/commit/8adc50bab7ed70d050470ea5cf4aee5e9aea4ec7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221713))
- [Persist tool call approvals for DAP sessions](https://gitlab.com/gitlab-org/gitlab/-/commit/e5c2fb1af59617d2fb9798741a12ba640a4464fd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220804)) **GitLab Enterprise Edition**
- [Release security scan profiles feature](https://gitlab.com/gitlab-org/gitlab/-/commit/656e630486e357ab80d35e276263274910c38cfb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222842)) **GitLab Enterprise Edition**
(省略されました)
### Added (194 changes)
- [Adds GraphQL mutations to clear maven cache](https://gitlab.com/gitlab-org/gitlab/-/commit/59c88cc71cb4fe8e7e7360e31a453839a249c80b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223152))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/bf35db522266907404be64debaa6a689243b167d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223509))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/752b98ca0f387897018a6b04e321c2c0674762a8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223508))
- [MR reports security scan: add Resolve with AI](https://gitlab.com/gitlab-org/gitlab/-/commit/ca674d9f04de580bd7bd4baf51db4e8c55eb4774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221765))
- [Constrain organization_id NOT NULL](https://gitlab.com/gitlab-org/gitlab/-/commit/69f0b2f955f7dec25d0b030b6bf913e88116c660) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222741))
- [Enable vulnerabilities by age chart by default](https://gitlab.com/gitlab-org/gitlab/-/commit/3e18fdbe807a64bbdc263efb51843eebc292fa94) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223321)) **GitLab Enterprise Edition**
- [Address feedback for profile notification follow-up](https://gitlab.com/gitlab-org/gitlab/-/commit/81dcb33e02f6b1b6d02de98f56e136700bfad337) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222834)) **GitLab Enterprise Edition**
- [Add worker to trigger off secret detection FP workflow](https://gitlab.com/gitlab-org/gitlab/-/commit/0ad7cc99e7b9df64a6f1a0c086237c2f5be19890) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222706)) **GitLab Enterprise Edition**
- [Expose `foundational` field on all item types](https://gitlab.com/gitlab-org/gitlab/-/commit/0e4f8ceb4f2b13035255f92b5192a42d84b108b5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222945)) **GitLab Enterprise Edition**
- [Exclude secrets_fp_detection from CI rate limiting](https://gitlab.com/gitlab-org/gitlab/-/commit/7640a3e927a84e35f17bf6af1c500879547961ed) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223239))
- [Add cursor batch as default BBM](https://gitlab.com/gitlab-org/gitlab/-/commit/926d0130cc52264481fd9fb30682584b7f892fb9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216191))
- [Enable the `dap_onboarding_empty_states` feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/ee9e090e291438cc6d0fcea2fb6740d454900147) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223247)) **GitLab Enterprise Edition**
- [Add Redis key helpers and trust flag infrastructure](https://gitlab.com/gitlab-org/gitlab/-/commit/356b2e0f89619a7b1462bc8774e23463b026e756) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221498))
- [Enable security dashboard feature flags by default](https://gitlab.com/gitlab-org/gitlab/-/commit/5555426c17c1cb464f5d16598b4d609a48cf5a4b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223031)) **GitLab Enterprise Edition**
- [Add rebase option to project setting](https://gitlab.com/gitlab-org/gitlab/-/commit/8adc50bab7ed70d050470ea5cf4aee5e9aea4ec7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221713))
- [Persist tool call approvals for DAP sessions](https://gitlab.com/gitlab-org/gitlab/-/commit/e5c2fb1af59617d2fb9798741a12ba640a4464fd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220804)) **GitLab Enterprise Edition**
- [Release security scan profiles feature](https://gitlab.com/gitlab-org/gitlab/-/commit/656e630486e357ab80d35e276263274910c38cfb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222842)) **GitLab Enterprise Edition**
(省略されました)
## 18.8.4 (2026-02-09)
### Added (1 change)
- [Add REST endpoint for seeding external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9308a66c34904c475f22d3288b75305c3e5fb1e3) **GitLab Enterprise Edition**
### Fixed (4 changes)
- [Add cleanup of replicas without indices to RolloutService](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ee791a6c1947afebbdabb0b96ff6eb9bb26d08ea) **GitLab Enterprise Edition**
- [Add preflight checks to resume_indexing rake task](https://gitlab.com/gitlab-org/security/gitlab/-/commit/884b17351514fe3db1271db6f660ad0636f06606) **GitLab Enterprise Edition**
- [Fix project state getting out of sync when deletion fails](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ea893eb7aab9dbd98ea03da77c47bde3813279f7)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2c7efa3b958dca20816a923003a8de89c8f54d)
### Changed (1 change)
- [Add seed external agents button to Admin](https://gitlab.com/gitlab-org/security/gitlab/-/commit/86e53598ca77513eed0975b3fd611c52894b7983) **GitLab Enterprise Edition**
### Security (13 changes)
- [587546 DoS Customizable Dashboards](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4ddf86cd2bd0b0a281f92391687cc152e60bee12) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5727))
- [Fix SSRF vulnerability in virtual registry upstream checks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a8bad27927fb40962014c85f23dff28c13cf1b79) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5656))
- [Filter groups by accessible to user](https://gitlab.com/gitlab-org/security/gitlab/-/commit/6495ffe052c2ee5627718c36d6eb18af8f6a4e48) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5714))
- [Don't quadratically re-process children in TaskListFilter](https://gitlab.com/gitlab-org/security/gitlab/-/commit/fe2fee5e83ae6476f41b3322c1ca4febf76da857) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5726))
- [Add authorization for pipeline schedule inputs](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4c5126dee6b6361e9099cb944b5b8772231246f6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5690))
- [Fix DoS vulnerability via malformed JSON escape sequences](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9bd81602325b48e823db3b40061eea91f394d89d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5708))
- [Don't render label link tooltip names as HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a7236aeec6c2c1017e6a2970557b513a82d258e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5702))
- [Fix test case title html injection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5d5cab70d2f154d1f22f1c589454a6b386853b07) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5683))
(省略されました)
### Added (1 change)
- [Add REST endpoint for seeding external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9308a66c34904c475f22d3288b75305c3e5fb1e3) **GitLab Enterprise Edition**
### Fixed (4 changes)
- [Add cleanup of replicas without indices to RolloutService](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ee791a6c1947afebbdabb0b96ff6eb9bb26d08ea) **GitLab Enterprise Edition**
- [Add preflight checks to resume_indexing rake task](https://gitlab.com/gitlab-org/security/gitlab/-/commit/884b17351514fe3db1271db6f660ad0636f06606) **GitLab Enterprise Edition**
- [Fix project state getting out of sync when deletion fails](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ea893eb7aab9dbd98ea03da77c47bde3813279f7)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2c7efa3b958dca20816a923003a8de89c8f54d)
### Changed (1 change)
- [Add seed external agents button to Admin](https://gitlab.com/gitlab-org/security/gitlab/-/commit/86e53598ca77513eed0975b3fd611c52894b7983) **GitLab Enterprise Edition**
### Security (13 changes)
- [587546 DoS Customizable Dashboards](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4ddf86cd2bd0b0a281f92391687cc152e60bee12) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5727))
- [Fix SSRF vulnerability in virtual registry upstream checks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a8bad27927fb40962014c85f23dff28c13cf1b79) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5656))
- [Filter groups by accessible to user](https://gitlab.com/gitlab-org/security/gitlab/-/commit/6495ffe052c2ee5627718c36d6eb18af8f6a4e48) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5714))
- [Don't quadratically re-process children in TaskListFilter](https://gitlab.com/gitlab-org/security/gitlab/-/commit/fe2fee5e83ae6476f41b3322c1ca4febf76da857) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5726))
- [Add authorization for pipeline schedule inputs](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4c5126dee6b6361e9099cb944b5b8772231246f6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5690))
- [Fix DoS vulnerability via malformed JSON escape sequences](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9bd81602325b48e823db3b40061eea91f394d89d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5708))
- [Don't render label link tooltip names as HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a7236aeec6c2c1017e6a2970557b513a82d258e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5702))
- [Fix test case title html injection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5d5cab70d2f154d1f22f1c589454a6b386853b07) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5683))
(省略されました)
## 18.8.3 (2026-02-04)
### Fixed (13 changes)
- [Unsubscribe from pipeline status updates when pipeline ID changes](https://gitlab.com/gitlab-org/gitlab/-/commit/5a93d93ceddc12ef98d833717b184bab079e1774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221762))
- [Fix JWT token expiration when memoized before timeout is set](https://gitlab.com/gitlab-org/gitlab/-/commit/a61df840beac37dde7e4d12b4ace6f6f9088fbc4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221379))
- [Fix encoding error in related branches work item widget](https://gitlab.com/gitlab-org/gitlab/-/commit/6089657a222498a6126448ffa6879d6a0fad9cd2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221365))
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/gitlab/-/commit/8948eee503609004a0706c444f605dc5676d8356) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221356))
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/gitlab/-/commit/07b691e621a09c1b1a3c19ab8d726199ac94bb85) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221299))
- [Add work item support to missing chat integrations](https://gitlab.com/gitlab-org/gitlab/-/commit/6e3ce968eea0aee05025e70c5044feede332b98c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221178))
- [Only check optional ActionCable Redis instance if necessary](https://gitlab.com/gitlab-org/gitlab/-/commit/d6eeb7d175d53bca608ee29d639c9160fb661044) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220695))
- [Fixes preserving external author on work item move and clone](https://gitlab.com/gitlab-org/gitlab/-/commit/f4dff41724c940ac233cbdf7a5fd485e54c2b181) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220160))
- [Refactor Redis TLS options parsing to fix ActionCable configuration](https://gitlab.com/gitlab-org/gitlab/-/commit/bac23007c9ac7c5fc8fda53fc19184589c4721cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219997))
- [Open SD issues and tickets on boards in legacy view instead of drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/6b1759e5611f4ae7dc05503e8d87dc1322a29c26) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219758))
- [Add info on UI for new Ticket work item type](https://gitlab.com/gitlab-org/gitlab/-/commit/d6d54c09c9dfe877d763994e2a201f6ffe9c66e4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219750))
- [Fix enforced_scans sync with inject_policy](https://gitlab.com/gitlab-org/gitlab/-/commit/234ded0747283dfa0085af28d7b818a211093c75) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219609)) **GitLab Enterprise Edition**
### Changed (5 changes)
- [Remove duo_workflow Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/84c562165a30eef1c8b6be1c2289acfa379d716a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220973)) **GitLab Enterprise Edition**
- [Adds work items to custom email notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7e017ccf9df05e642203f7e71c3a099144856298) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219926))
- [Display work item type names in chat notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7f5d87a43ea3c4b9c7daf6b7efba69005c754cac) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221046))
- [Remove duo_workflow_in_ci Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/7512dade12309120492cb0657a0f742e52ea6722) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220885)) **GitLab Enterprise Edition**
(省略されました)
### Fixed (13 changes)
- [Unsubscribe from pipeline status updates when pipeline ID changes](https://gitlab.com/gitlab-org/gitlab/-/commit/5a93d93ceddc12ef98d833717b184bab079e1774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221762))
- [Fix JWT token expiration when memoized before timeout is set](https://gitlab.com/gitlab-org/gitlab/-/commit/a61df840beac37dde7e4d12b4ace6f6f9088fbc4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221379))
- [Fix encoding error in related branches work item widget](https://gitlab.com/gitlab-org/gitlab/-/commit/6089657a222498a6126448ffa6879d6a0fad9cd2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221365))
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/gitlab/-/commit/8948eee503609004a0706c444f605dc5676d8356) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221356))
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/gitlab/-/commit/07b691e621a09c1b1a3c19ab8d726199ac94bb85) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221299))
- [Add work item support to missing chat integrations](https://gitlab.com/gitlab-org/gitlab/-/commit/6e3ce968eea0aee05025e70c5044feede332b98c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221178))
- [Only check optional ActionCable Redis instance if necessary](https://gitlab.com/gitlab-org/gitlab/-/commit/d6eeb7d175d53bca608ee29d639c9160fb661044) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220695))
- [Fixes preserving external author on work item move and clone](https://gitlab.com/gitlab-org/gitlab/-/commit/f4dff41724c940ac233cbdf7a5fd485e54c2b181) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220160))
- [Refactor Redis TLS options parsing to fix ActionCable configuration](https://gitlab.com/gitlab-org/gitlab/-/commit/bac23007c9ac7c5fc8fda53fc19184589c4721cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219997))
- [Open SD issues and tickets on boards in legacy view instead of drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/6b1759e5611f4ae7dc05503e8d87dc1322a29c26) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219758))
- [Add info on UI for new Ticket work item type](https://gitlab.com/gitlab-org/gitlab/-/commit/d6d54c09c9dfe877d763994e2a201f6ffe9c66e4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219750))
- [Fix enforced_scans sync with inject_policy](https://gitlab.com/gitlab-org/gitlab/-/commit/234ded0747283dfa0085af28d7b818a211093c75) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219609)) **GitLab Enterprise Edition**
### Changed (5 changes)
- [Remove duo_workflow Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/84c562165a30eef1c8b6be1c2289acfa379d716a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220973)) **GitLab Enterprise Edition**
- [Adds work items to custom email notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7e017ccf9df05e642203f7e71c3a099144856298) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219926))
- [Display work item type names in chat notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7f5d87a43ea3c4b9c7daf6b7efba69005c754cac) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221046))
- [Remove duo_workflow_in_ci Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/7512dade12309120492cb0657a0f742e52ea6722) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220885)) **GitLab Enterprise Edition**
(省略されました)
## 18.8.2 (2026-01-20)
### Added (1 change)
- [Rake task to seed AI Catalogs with external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/d55d15507ac1dae272cfc5230616d2ce0e57e3cd) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix beta status of foundational flows](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7aeb7139f08add55324fe431a4bc4cf9c7d15cd5) **GitLab Enterprise Edition**
- [Pass user id to workflow service](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c50eb4c11294b9e368bd3a82854d4756177ea76c) **GitLab Enterprise Edition**
- [Ensure currentSelectedReviewers is always an array](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5236c50c2566011f4fa533f2315fcc7bbcefa69b)
### Security (5 changes)
- [Reject expired keys and blocked users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/11f2df99940e349369021bb7613afebd7665c6af) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5652))
- [Limit JWT token size in Jira Connect to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/51480b19ab4e87c7128927e0cb620eca79bb8ca8) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5659))
- [Fix endless redirection loop in wikis for prepared redirect file](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8a68318f350f598c97781e9bc9568e886a16505b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5658))
- [Adds size validation to job token before decoding](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ae827a88f454dcc0f4b21c7db522ea530966cee2) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5654))
- [Prevent bypass 2FA with WebAuthn & passkey authentication](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ec6f16d7b95fe87d61d97ecf9a16e8784c172bec) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5653))
## 18.7.2 (2026-01-20)
### Fixed (8 changes)
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8e5a7028c64d134fcca7b2a6ba89cbff0320bf64)
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3469cf61ffc33a5186c5c0dc108d90b521737c61)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e96f86cc5bcdbe0a22468dfc07ef39ef8a903fc2)
- [Fix migration health check endpoint](https://gitlab.com/gitlab-org/security/gitlab/-/commit/35813c8895bc080d7d72d7c69716a374c084da6f)
(省略されました)
### Added (1 change)
- [Rake task to seed AI Catalogs with external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/d55d15507ac1dae272cfc5230616d2ce0e57e3cd) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix beta status of foundational flows](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7aeb7139f08add55324fe431a4bc4cf9c7d15cd5) **GitLab Enterprise Edition**
- [Pass user id to workflow service](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c50eb4c11294b9e368bd3a82854d4756177ea76c) **GitLab Enterprise Edition**
- [Ensure currentSelectedReviewers is always an array](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5236c50c2566011f4fa533f2315fcc7bbcefa69b)
### Security (5 changes)
- [Reject expired keys and blocked users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/11f2df99940e349369021bb7613afebd7665c6af) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5652))
- [Limit JWT token size in Jira Connect to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/51480b19ab4e87c7128927e0cb620eca79bb8ca8) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5659))
- [Fix endless redirection loop in wikis for prepared redirect file](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8a68318f350f598c97781e9bc9568e886a16505b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5658))
- [Adds size validation to job token before decoding](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ae827a88f454dcc0f4b21c7db522ea530966cee2) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5654))
- [Prevent bypass 2FA with WebAuthn & passkey authentication](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ec6f16d7b95fe87d61d97ecf9a16e8784c172bec) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5653))
## 18.7.2 (2026-01-20)
### Fixed (8 changes)
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8e5a7028c64d134fcca7b2a6ba89cbff0320bf64)
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3469cf61ffc33a5186c5c0dc108d90b521737c61)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e96f86cc5bcdbe0a22468dfc07ef39ef8a903fc2)
- [Fix migration health check endpoint](https://gitlab.com/gitlab-org/security/gitlab/-/commit/35813c8895bc080d7d72d7c69716a374c084da6f)
(省略されました)
## 18.8.1 (2026-01-19)
### Fixed (1 change)
### Changed (2 changes)
- [Disallow creation of new external agents](https://gitlab.com/gitlab-org/gitlab/-/commit/f44382e9baff074d0495678e82447442944832aa) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218920)) **GitLab Enterprise Edition**
- [Release AI Catalog External Agents](https://gitlab.com/gitlab-org/gitlab/-/commit/74685605a678ec099f4b082188b90a41b27b80c2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218867)) **GitLab Enterprise Edition**
### Fixed (1 change)
### Changed (2 changes)
- [Disallow creation of new external agents](https://gitlab.com/gitlab-org/gitlab/-/commit/f44382e9baff074d0495678e82447442944832aa) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218920)) **GitLab Enterprise Edition**
- [Release AI Catalog External Agents](https://gitlab.com/gitlab-org/gitlab/-/commit/74685605a678ec099f4b082188b90a41b27b80c2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218867)) **GitLab Enterprise Edition**
## 18.8.0 (2026-01-14)
### Added (95 changes)
- [Add pipeline link to the single tag page](https://gitlab.com/gitlab-org/gitlab/-/commit/fe715b650020e01462aba99af31dbf13b26c97b9) by @therealrinku ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217508))
- [Add npm vregs model for remote cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/91c909326e500049e79cf81069769dbf965360b7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217303)) **GitLab Enterprise Edition**
- [Filter project pipelines by id](https://gitlab.com/gitlab-org/gitlab/-/commit/d421855c6f2be1afed6499f4a254312d8942dd15) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218207))
- [Add checkbox for web based commit signing](https://gitlab.com/gitlab-org/gitlab/-/commit/1e660621781d740de5935ef6b8c065445554feb8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217416))
- [Add false_positive filter to vulnerability API](https://gitlab.com/gitlab-org/gitlab/-/commit/d3fe3dd531d41802596ff87d67c4d9cb2630d9b8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218045)) **GitLab Enterprise Edition**
- [Enable Geo Primary Verification flag](https://gitlab.com/gitlab-org/gitlab/-/commit/2236b8abef54d8febf484b5217c819286056a520) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216500)) **GitLab Enterprise Edition**
- [Add npm vregs model for local cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/7a420658fa030626a673cbed2d1a6349996e072d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214031)) **GitLab Enterprise Edition**
- [Add sorting for per-user metric tables](https://gitlab.com/gitlab-org/gitlab/-/commit/e2ed448996fcd8ead5dd465c63d700e8e8a250f6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216601)) **GitLab Enterprise Edition**
- [Add `active` parameter support to groups projects API](https://gitlab.com/gitlab-org/gitlab/-/commit/71413a457792d419358a18500ab2bb5d1b38ef14) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218053))
- [Enable granular PAT for avatar endpoints](https://gitlab.com/gitlab-org/gitlab/-/commit/bce5c9d237666afa788cd51cd357367c88d0c23e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218277))
- [Remove `enterprise_disable_ssh_keys` FF](https://gitlab.com/gitlab-org/gitlab/-/commit/967092617bf97b833d82cba655155d83cd164cf6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218265))
- [Add POST endpoint for container protection tag rules API](https://gitlab.com/gitlab-org/gitlab/-/commit/ae56d80fc0aa97ba59ef35d160b0cd200e2c449d) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/213801))
- [Add `GitLab Duo Code Review Comments Sentiment` chart](https://gitlab.com/gitlab-org/gitlab/-/commit/08263c13deb3fd2b89da8c69b0a0230361f4629f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217069)) **GitLab Enterprise Edition**
- [Enable by default UI check for credits for DAP](https://gitlab.com/gitlab-org/gitlab/-/commit/8530310519ea9de6a694fde53463248e27a78def) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218162)) **GitLab Enterprise Edition**
- [Add exponential backoff retry for `include: remote`](https://gitlab.com/gitlab-org/gitlab/-/commit/39359d49e030c9d56193445b61a4822243b7c642) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214062))
- [Invert the logic and rename work item URL feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/c7ae32e3f79e49ced7bb581e0a46deced836c3d1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218024))
- [Support hour and day duration formatting in pipelines.](https://gitlab.com/gitlab-org/gitlab/-/commit/75a366168c95d0c5d9196c11a33ab24ca15b00a2) by @featherless ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217486))
(省略されました)
### Added (95 changes)
- [Add pipeline link to the single tag page](https://gitlab.com/gitlab-org/gitlab/-/commit/fe715b650020e01462aba99af31dbf13b26c97b9) by @therealrinku ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217508))
- [Add npm vregs model for remote cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/91c909326e500049e79cf81069769dbf965360b7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217303)) **GitLab Enterprise Edition**
- [Filter project pipelines by id](https://gitlab.com/gitlab-org/gitlab/-/commit/d421855c6f2be1afed6499f4a254312d8942dd15) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218207))
- [Add checkbox for web based commit signing](https://gitlab.com/gitlab-org/gitlab/-/commit/1e660621781d740de5935ef6b8c065445554feb8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217416))
- [Add false_positive filter to vulnerability API](https://gitlab.com/gitlab-org/gitlab/-/commit/d3fe3dd531d41802596ff87d67c4d9cb2630d9b8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218045)) **GitLab Enterprise Edition**
- [Enable Geo Primary Verification flag](https://gitlab.com/gitlab-org/gitlab/-/commit/2236b8abef54d8febf484b5217c819286056a520) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216500)) **GitLab Enterprise Edition**
- [Add npm vregs model for local cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/7a420658fa030626a673cbed2d1a6349996e072d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214031)) **GitLab Enterprise Edition**
- [Add sorting for per-user metric tables](https://gitlab.com/gitlab-org/gitlab/-/commit/e2ed448996fcd8ead5dd465c63d700e8e8a250f6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216601)) **GitLab Enterprise Edition**
- [Add `active` parameter support to groups projects API](https://gitlab.com/gitlab-org/gitlab/-/commit/71413a457792d419358a18500ab2bb5d1b38ef14) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218053))
- [Enable granular PAT for avatar endpoints](https://gitlab.com/gitlab-org/gitlab/-/commit/bce5c9d237666afa788cd51cd357367c88d0c23e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218277))
- [Remove `enterprise_disable_ssh_keys` FF](https://gitlab.com/gitlab-org/gitlab/-/commit/967092617bf97b833d82cba655155d83cd164cf6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218265))
- [Add POST endpoint for container protection tag rules API](https://gitlab.com/gitlab-org/gitlab/-/commit/ae56d80fc0aa97ba59ef35d160b0cd200e2c449d) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/213801))
- [Add `GitLab Duo Code Review Comments Sentiment` chart](https://gitlab.com/gitlab-org/gitlab/-/commit/08263c13deb3fd2b89da8c69b0a0230361f4629f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217069)) **GitLab Enterprise Edition**
- [Enable by default UI check for credits for DAP](https://gitlab.com/gitlab-org/gitlab/-/commit/8530310519ea9de6a694fde53463248e27a78def) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218162)) **GitLab Enterprise Edition**
- [Add exponential backoff retry for `include: remote`](https://gitlab.com/gitlab-org/gitlab/-/commit/39359d49e030c9d56193445b61a4822243b7c642) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214062))
- [Invert the logic and rename work item URL feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/c7ae32e3f79e49ced7bb581e0a46deced836c3d1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218024))
- [Support hour and day duration formatting in pipelines.](https://gitlab.com/gitlab-org/gitlab/-/commit/75a366168c95d0c5d9196c11a33ab24ca15b00a2) by @featherless ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217486))
(省略されました)
## 18.7.1 (2026-01-07)
### Fixed (1 change)
- [Remove search_glql_fix_null_field_pagination feature flag](https://gitlab.com/gitlab-org/security/gitlab/-/commit/739045bf71d2d6631cb763a502478bd5d11f2d80) **GitLab Enterprise Edition**
### Security (8 changes)
- [Fix 404 errors for Duo Workflow WS connection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8f611a6ed9ab78db1f0d5ebb1329867f4689d76f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5633))
- [Only delete runner projects scoped to the intended runner](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3c26e9f8669d43ed3e25100adb190488a77132b1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5616))
- [Add base authorization check to update feature settings mutation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/dcc442150b40e86a915bc2fcc41bb33be01ab85d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5509))
- [Don't do arbitrary placeholder replacement on HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3e9ac4b689c7be319dbf54e356b9903aa0debec7) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5605))
- [Pass Mermaid images through asset proxy, apply CSP to deny leaks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3eeb3448f3062c9a9119fe7d4826f6c6282678e3) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5606))
- [Fix security issue related to namespace context](https://gitlab.com/gitlab-org/security/gitlab/-/commit/507d2064f4679c02de2b0771ec6f8299d85d8dbd) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5599))
- [backport(18.7): Fix XSS vulnerability in Web IDE VSCode assets](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f34dd0fddc0d015f3c6cd53d9c0a93d1d39926f5) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5604))
- [Limit XML and CSV HTTP responses](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f7bb8670028df4a810ed725472dc6a971e8dfcc6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5602))
## 18.6.3 (2026-01-07)
### Added (1 change)
- [Add status filter argument to work items CSV export](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ebc3d9729ffab1b8b434126e9fddeb7258420f31) **GitLab Enterprise Edition**
### Fixed (5 changes)
- [Fix Elasticsearch pagination with null sortable field values](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5baae4cf5d577bf6aaf5a6d49dc42b65df24cf0a) **GitLab Enterprise Edition**
- [Backport use upstream for DWS API requests in Workhorse](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2ce11772a0519a8154d08b2672f4809d7c4458e8) **GitLab Enterprise Edition**
- [Exclude Git HTTP requests from authenticated web throttle](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c4cd108c60d518a4718b16e1921273236fe1d793)
(省略されました)
### Fixed (1 change)
- [Remove search_glql_fix_null_field_pagination feature flag](https://gitlab.com/gitlab-org/security/gitlab/-/commit/739045bf71d2d6631cb763a502478bd5d11f2d80) **GitLab Enterprise Edition**
### Security (8 changes)
- [Fix 404 errors for Duo Workflow WS connection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8f611a6ed9ab78db1f0d5ebb1329867f4689d76f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5633))
- [Only delete runner projects scoped to the intended runner](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3c26e9f8669d43ed3e25100adb190488a77132b1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5616))
- [Add base authorization check to update feature settings mutation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/dcc442150b40e86a915bc2fcc41bb33be01ab85d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5509))
- [Don't do arbitrary placeholder replacement on HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3e9ac4b689c7be319dbf54e356b9903aa0debec7) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5605))
- [Pass Mermaid images through asset proxy, apply CSP to deny leaks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3eeb3448f3062c9a9119fe7d4826f6c6282678e3) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5606))
- [Fix security issue related to namespace context](https://gitlab.com/gitlab-org/security/gitlab/-/commit/507d2064f4679c02de2b0771ec6f8299d85d8dbd) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5599))
- [backport(18.7): Fix XSS vulnerability in Web IDE VSCode assets](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f34dd0fddc0d015f3c6cd53d9c0a93d1d39926f5) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5604))
- [Limit XML and CSV HTTP responses](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f7bb8670028df4a810ed725472dc6a971e8dfcc6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5602))
## 18.6.3 (2026-01-07)
### Added (1 change)
- [Add status filter argument to work items CSV export](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ebc3d9729ffab1b8b434126e9fddeb7258420f31) **GitLab Enterprise Edition**
### Fixed (5 changes)
- [Fix Elasticsearch pagination with null sortable field values](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5baae4cf5d577bf6aaf5a6d49dc42b65df24cf0a) **GitLab Enterprise Edition**
- [Backport use upstream for DWS API requests in Workhorse](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2ce11772a0519a8154d08b2672f4809d7c4458e8) **GitLab Enterprise Edition**
- [Exclude Git HTTP requests from authenticated web throttle](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c4cd108c60d518a4718b16e1921273236fe1d793)
(省略されました)
## 18.7.0 (2025-12-17)
### Added (198 changes)
- [Enable ff validity_checks by default](https://gitlab.com/gitlab-org/gitlab/-/commit/f5f93e66259f501b2abe3735067b75a6a05214ad) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216525)) **GitLab Enterprise Edition**
- [Add Foundational Flow triggers](https://gitlab.com/gitlab-org/gitlab/-/commit/c63cbb06aa33233ef7cb0ca4b0713b51a0c9c9ae) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216090)) **GitLab Enterprise Edition**
- [Call seeding service before syncing foundational flows](https://gitlab.com/gitlab-org/gitlab/-/commit/cbe8f9d778cbd3bb343796fbc76677bf2c4ccfba) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216150)) **GitLab Enterprise Edition**
- [api: Remove project_repositories_health flag](https://gitlab.com/gitlab-org/gitlab/-/commit/a51b049f1debca21e9002178bb32e62aa90b62be) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214169))
- [feat: Always show FP confidence score when available](https://gitlab.com/gitlab-org/gitlab/-/commit/24cf74656b68a0ee9a5670389ed526979bbb2dce) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216361)) **GitLab Enterprise Edition**
- [Add upgrade notes guidelines for batched background migrations](https://gitlab.com/gitlab-org/gitlab/-/commit/1d5a9f09584d048bfee32097c1bebc5cfef185bf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215919))
- [Add additional_ca_cert_bundle input for DS v2 template](https://gitlab.com/gitlab-org/gitlab/-/commit/9bf06db00ff3916abf1c16d9e10a9c5d7f10cde2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216177)) **GitLab Enterprise Edition**
- [Adds support disabling duo agent platform at namespace](https://gitlab.com/gitlab-org/gitlab/-/commit/9ca64c50bd46cd3985603b5438c2c64733128a21) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216143)) **GitLab Enterprise Edition**
- [Add disabled fields to user hash](https://gitlab.com/gitlab-org/gitlab/-/commit/1a0bdd3c95aeca2adb5cfbe5e26ebccb8cf4c08f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216153)) **GitLab Enterprise Edition**
- [Set validity_check_es_filter default true](https://gitlab.com/gitlab-org/gitlab/-/commit/3e94ecd21fb82d076997b2f60b2d34ddd48c3c81) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/211927)) **GitLab Enterprise Edition**
- [Clean up FF](https://gitlab.com/gitlab-org/gitlab/-/commit/5506a71352f411d03f3176b572a3300066d9df3f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215796))
- [Add total Duo events by user table](https://gitlab.com/gitlab-org/gitlab/-/commit/61ce76a7bee7570b749b0843520b694a118babcb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215694)) **GitLab Enterprise Edition**
- [Add pagination UI for branch rules](https://gitlab.com/gitlab-org/gitlab/-/commit/1ba82ff6480e08d9aded32e73f75f2ba34b426cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216253)) **GitLab Enterprise Edition**
- [Add limited experience alert to vulnerability report](https://gitlab.com/gitlab-org/gitlab/-/commit/3a57d913ab29cb0585ae53d0756b3715c1b9ec9f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215979)) **GitLab Enterprise Edition**
- [Add security scan profile query type and resolver](https://gitlab.com/gitlab-org/gitlab/-/commit/248f8aba3f821ac3ce2a1b99ae4eeb3a411ea2fb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215667)) **GitLab Enterprise Edition**
- [Add template for multi container scanner](https://gitlab.com/gitlab-org/gitlab/-/commit/b05b8b32de6ef186ea89e045eaa6d031cad250dc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/210414)) **GitLab Enterprise Edition**
- [Add selectable and selectable reason fields](https://gitlab.com/gitlab-org/gitlab/-/commit/c2a2946ad348c8c007125e0ab90a325ba3ada134) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215999))
(省略されました)
### Added (198 changes)
- [Enable ff validity_checks by default](https://gitlab.com/gitlab-org/gitlab/-/commit/f5f93e66259f501b2abe3735067b75a6a05214ad) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216525)) **GitLab Enterprise Edition**
- [Add Foundational Flow triggers](https://gitlab.com/gitlab-org/gitlab/-/commit/c63cbb06aa33233ef7cb0ca4b0713b51a0c9c9ae) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216090)) **GitLab Enterprise Edition**
- [Call seeding service before syncing foundational flows](https://gitlab.com/gitlab-org/gitlab/-/commit/cbe8f9d778cbd3bb343796fbc76677bf2c4ccfba) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216150)) **GitLab Enterprise Edition**
- [api: Remove project_repositories_health flag](https://gitlab.com/gitlab-org/gitlab/-/commit/a51b049f1debca21e9002178bb32e62aa90b62be) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214169))
- [feat: Always show FP confidence score when available](https://gitlab.com/gitlab-org/gitlab/-/commit/24cf74656b68a0ee9a5670389ed526979bbb2dce) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216361)) **GitLab Enterprise Edition**
- [Add upgrade notes guidelines for batched background migrations](https://gitlab.com/gitlab-org/gitlab/-/commit/1d5a9f09584d048bfee32097c1bebc5cfef185bf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215919))
- [Add additional_ca_cert_bundle input for DS v2 template](https://gitlab.com/gitlab-org/gitlab/-/commit/9bf06db00ff3916abf1c16d9e10a9c5d7f10cde2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216177)) **GitLab Enterprise Edition**
- [Adds support disabling duo agent platform at namespace](https://gitlab.com/gitlab-org/gitlab/-/commit/9ca64c50bd46cd3985603b5438c2c64733128a21) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216143)) **GitLab Enterprise Edition**
- [Add disabled fields to user hash](https://gitlab.com/gitlab-org/gitlab/-/commit/1a0bdd3c95aeca2adb5cfbe5e26ebccb8cf4c08f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216153)) **GitLab Enterprise Edition**
- [Set validity_check_es_filter default true](https://gitlab.com/gitlab-org/gitlab/-/commit/3e94ecd21fb82d076997b2f60b2d34ddd48c3c81) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/211927)) **GitLab Enterprise Edition**
- [Clean up FF](https://gitlab.com/gitlab-org/gitlab/-/commit/5506a71352f411d03f3176b572a3300066d9df3f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215796))
- [Add total Duo events by user table](https://gitlab.com/gitlab-org/gitlab/-/commit/61ce76a7bee7570b749b0843520b694a118babcb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215694)) **GitLab Enterprise Edition**
- [Add pagination UI for branch rules](https://gitlab.com/gitlab-org/gitlab/-/commit/1ba82ff6480e08d9aded32e73f75f2ba34b426cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216253)) **GitLab Enterprise Edition**
- [Add limited experience alert to vulnerability report](https://gitlab.com/gitlab-org/gitlab/-/commit/3a57d913ab29cb0585ae53d0756b3715c1b9ec9f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215979)) **GitLab Enterprise Edition**
- [Add security scan profile query type and resolver](https://gitlab.com/gitlab-org/gitlab/-/commit/248f8aba3f821ac3ce2a1b99ae4eeb3a411ea2fb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215667)) **GitLab Enterprise Edition**
- [Add template for multi container scanner](https://gitlab.com/gitlab-org/gitlab/-/commit/b05b8b32de6ef186ea89e045eaa6d031cad250dc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/210414)) **GitLab Enterprise Edition**
- [Add selectable and selectable reason fields](https://gitlab.com/gitlab-org/gitlab/-/commit/c2a2946ad348c8c007125e0ab90a325ba3ada134) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215999))
(省略されました)
RSS[全体]
Tw[@softantenna]