GitLab
詳細情報
| タイトル | GitLab |
|---|---|
| URL | https://about.gitlab.com/ |
| バージョン | ver 18.9.1 |
| 更新日 | 2026/02/26 |
| 追加日 | 2016/02/23 |
| 種別 | フリーソフト |
| 説明 | GitHubのようなサービスをローカルで提供することができるGitリポジトリ管理ソフト。 |
レビュー
概要
GitLabは、ソフトウェア開発ライフサイクル全体を統合したDevSecOpsプラットフォームです。2011年9月、ウクライナ人プログラマーのDmitry Zaporozhetsが個人プロジェクトとして開発を開始しました。自身が「モダンなオープンソースのGitリポジトリ管理ツールがない」と感じたことがきっかけで、Ruby on Railsで実装されました。毎月22日に定期リリースを行う慣習は創業当初から続いています。
2012年にSid Sijbrandijがコーポレートとして法人化に参加し、CEOとして商業化を推進。Community Edition(CE)のオープンソースモデルを維持しつつ、Enterprise Edition(EE)を追加することで、オープンコアモデルでビジネスを展開しています。現在は5,000万人以上のユーザーが利用する大規模プラットフォームへ成長し、2021年にはNasdaq(GTLB)に上場しました。
主要な特徴・機能
- Gitリポジトリ管理: コードのホスティング・ブランチ管理・マージリクエスト
- CI/CD: 継続的インテグレーション・継続的デリバリーのパイプラインを内蔵
- DevSecOps統合: SAST・SCA・Secret Detection・DASTなどのセキュリティスキャンを開発フローに統合
- イシュートラッカー: バグ管理・プロジェクト計画・マイルストーン管理
- コンテナレジストリ: Dockerイメージの管理・配布
- Kubernetes連携: コンテナオーケストレーション環境との統合
- AI機能(GitLab Duo): コード補完・セキュリティ分析・自動化を支援するAIエージェント
- セルフホスト対応: 自社サーバーでのオンプレミス運用が可能
対象ユーザー
- オープンソースプロジェクトの開発チーム(Community Edition)
- CI/CDやセキュリティ検査を統合した開発環境を必要とする企業(Enterprise Edition)
- GitHubの代替としてセルフホストを希望する組織・エンジニアリングチーム
- 金融・公共・通信・航空宇宙など厳格なコンプライアンスが求められる業界
ライセンス情報
GitLabはオープンコアモデルを採用しています。
- Community Edition(CE): MITライセンスで提供される無料のオープンソース版
- Enterprise Edition(EE): 有償のプレミアム機能を追加したエンタープライズ向け有料版(Free・Premium・Ultimateの各プランあり)
セルフホスト版のほか、GitLab.comによるSaaS(クラウド)版も提供されています。
スクリーンショット
スクリーンショットはありません。
更新グラフ
バージョン履歴
## 18.9.1 (2026-02-24)
### Added (1 change)
- [Use namespace opt-in setting for extended logging](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e671a7ddc0a56561bc504a969113ff6fbcef7ecf) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix adding flows when member invites are disabled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bfb85dbc3244e8a3e1f28d3122a0a7804c843a3f) **GitLab Enterprise Edition**
- [Fix semantic code search for Premium plans](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f5a52d57dc42f94cd1472ba94399641b89d11e57) **GitLab Enterprise Edition**
- [Bypass group membership lock for service accounts](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b1b855ee0ce67a2c4ddd870b2b27d590175d4e03) **GitLab Enterprise Edition**
### Security (9 changes)
- [Add rate limiting to bb server importer](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8cb6aacb41313a94e897d7685d639b8214b277e4) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5788))
- [Limit the number of paths segments in URI](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f1e6a7c37f96b850a4d1c6f689190a5c8beef431) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5775))
- [Add package protection rule check to Conan authorize endpoints](https://gitlab.com/gitlab-org/security/gitlab/-/commit/93b8165f1fd0f69a11562b86348c9516ec8fe144) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5787))
- [Add maximum length validation to pipeline trigger description](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a65d14b5c5b8c51a815cebd704911799e0f271f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5778))
- [Register new mime type for json validation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2898a9d5101baaae116f94f59da09b45547358eb) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5786))
- [Check MAXIMUM_SIZE_OF_ROUTING_PAYLOAD in routable_payload decode](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f50ec6d0425aace3f706e032c27c7086b498af44) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5783))
- [Validate relative URL root path in mermaid](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2cc217395de34b2066f6e3e8ca12d832d20087) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5781))
- [Limit JWT token size in Jira Connect events to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/db86c6eba71dd2cee890d9714b9f5ef2fa33b33e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5774))
- [Added pipeline variables permissions check to retry job](https://gitlab.com/gitlab-org/security/gitlab/-/commit/0c1ce6569fd1873af8c74b038c8f86ab4a462d84) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5770))
## 18.8.5 (2026-02-24)
### Fixed (5 changes)
(省略されました)
### Added (1 change)
- [Use namespace opt-in setting for extended logging](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e671a7ddc0a56561bc504a969113ff6fbcef7ecf) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix adding flows when member invites are disabled](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bfb85dbc3244e8a3e1f28d3122a0a7804c843a3f) **GitLab Enterprise Edition**
- [Fix semantic code search for Premium plans](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f5a52d57dc42f94cd1472ba94399641b89d11e57) **GitLab Enterprise Edition**
- [Bypass group membership lock for service accounts](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b1b855ee0ce67a2c4ddd870b2b27d590175d4e03) **GitLab Enterprise Edition**
### Security (9 changes)
- [Add rate limiting to bb server importer](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8cb6aacb41313a94e897d7685d639b8214b277e4) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5788))
- [Limit the number of paths segments in URI](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f1e6a7c37f96b850a4d1c6f689190a5c8beef431) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5775))
- [Add package protection rule check to Conan authorize endpoints](https://gitlab.com/gitlab-org/security/gitlab/-/commit/93b8165f1fd0f69a11562b86348c9516ec8fe144) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5787))
- [Add maximum length validation to pipeline trigger description](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a65d14b5c5b8c51a815cebd704911799e0f271f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5778))
- [Register new mime type for json validation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2898a9d5101baaae116f94f59da09b45547358eb) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5786))
- [Check MAXIMUM_SIZE_OF_ROUTING_PAYLOAD in routable_payload decode](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f50ec6d0425aace3f706e032c27c7086b498af44) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5783))
- [Validate relative URL root path in mermaid](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2cc217395de34b2066f6e3e8ca12d832d20087) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5781))
- [Limit JWT token size in Jira Connect events to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/db86c6eba71dd2cee890d9714b9f5ef2fa33b33e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5774))
- [Added pipeline variables permissions check to retry job](https://gitlab.com/gitlab-org/security/gitlab/-/commit/0c1ce6569fd1873af8c74b038c8f86ab4a462d84) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5770))
## 18.8.5 (2026-02-24)
### Fixed (5 changes)
(省略されました)
## 18.9.0 (2026-02-18)
### Added (194 changes)
- [Adds GraphQL mutations to clear maven cache](https://gitlab.com/gitlab-org/gitlab/-/commit/59c88cc71cb4fe8e7e7360e31a453839a249c80b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223152))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/bf35db522266907404be64debaa6a689243b167d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223509))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/752b98ca0f387897018a6b04e321c2c0674762a8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223508))
- [MR reports security scan: add Resolve with AI](https://gitlab.com/gitlab-org/gitlab/-/commit/ca674d9f04de580bd7bd4baf51db4e8c55eb4774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221765))
- [Constrain organization_id NOT NULL](https://gitlab.com/gitlab-org/gitlab/-/commit/69f0b2f955f7dec25d0b030b6bf913e88116c660) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222741))
- [Enable vulnerabilities by age chart by default](https://gitlab.com/gitlab-org/gitlab/-/commit/3e18fdbe807a64bbdc263efb51843eebc292fa94) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223321)) **GitLab Enterprise Edition**
- [Address feedback for profile notification follow-up](https://gitlab.com/gitlab-org/gitlab/-/commit/81dcb33e02f6b1b6d02de98f56e136700bfad337) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222834)) **GitLab Enterprise Edition**
- [Add worker to trigger off secret detection FP workflow](https://gitlab.com/gitlab-org/gitlab/-/commit/0ad7cc99e7b9df64a6f1a0c086237c2f5be19890) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222706)) **GitLab Enterprise Edition**
- [Expose `foundational` field on all item types](https://gitlab.com/gitlab-org/gitlab/-/commit/0e4f8ceb4f2b13035255f92b5192a42d84b108b5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222945)) **GitLab Enterprise Edition**
- [Exclude secrets_fp_detection from CI rate limiting](https://gitlab.com/gitlab-org/gitlab/-/commit/7640a3e927a84e35f17bf6af1c500879547961ed) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223239))
- [Add cursor batch as default BBM](https://gitlab.com/gitlab-org/gitlab/-/commit/926d0130cc52264481fd9fb30682584b7f892fb9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216191))
- [Enable the `dap_onboarding_empty_states` feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/ee9e090e291438cc6d0fcea2fb6740d454900147) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223247)) **GitLab Enterprise Edition**
- [Add Redis key helpers and trust flag infrastructure](https://gitlab.com/gitlab-org/gitlab/-/commit/356b2e0f89619a7b1462bc8774e23463b026e756) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221498))
- [Enable security dashboard feature flags by default](https://gitlab.com/gitlab-org/gitlab/-/commit/5555426c17c1cb464f5d16598b4d609a48cf5a4b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223031)) **GitLab Enterprise Edition**
- [Add rebase option to project setting](https://gitlab.com/gitlab-org/gitlab/-/commit/8adc50bab7ed70d050470ea5cf4aee5e9aea4ec7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221713))
- [Persist tool call approvals for DAP sessions](https://gitlab.com/gitlab-org/gitlab/-/commit/e5c2fb1af59617d2fb9798741a12ba640a4464fd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220804)) **GitLab Enterprise Edition**
- [Release security scan profiles feature](https://gitlab.com/gitlab-org/gitlab/-/commit/656e630486e357ab80d35e276263274910c38cfb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222842)) **GitLab Enterprise Edition**
(省略されました)
### Added (194 changes)
- [Adds GraphQL mutations to clear maven cache](https://gitlab.com/gitlab-org/gitlab/-/commit/59c88cc71cb4fe8e7e7360e31a453839a249c80b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223152))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/bf35db522266907404be64debaa6a689243b167d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223509))
- [Update table_size database dictionary entries](https://gitlab.com/gitlab-org/gitlab/-/commit/752b98ca0f387897018a6b04e321c2c0674762a8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223508))
- [MR reports security scan: add Resolve with AI](https://gitlab.com/gitlab-org/gitlab/-/commit/ca674d9f04de580bd7bd4baf51db4e8c55eb4774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221765))
- [Constrain organization_id NOT NULL](https://gitlab.com/gitlab-org/gitlab/-/commit/69f0b2f955f7dec25d0b030b6bf913e88116c660) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222741))
- [Enable vulnerabilities by age chart by default](https://gitlab.com/gitlab-org/gitlab/-/commit/3e18fdbe807a64bbdc263efb51843eebc292fa94) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223321)) **GitLab Enterprise Edition**
- [Address feedback for profile notification follow-up](https://gitlab.com/gitlab-org/gitlab/-/commit/81dcb33e02f6b1b6d02de98f56e136700bfad337) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222834)) **GitLab Enterprise Edition**
- [Add worker to trigger off secret detection FP workflow](https://gitlab.com/gitlab-org/gitlab/-/commit/0ad7cc99e7b9df64a6f1a0c086237c2f5be19890) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222706)) **GitLab Enterprise Edition**
- [Expose `foundational` field on all item types](https://gitlab.com/gitlab-org/gitlab/-/commit/0e4f8ceb4f2b13035255f92b5192a42d84b108b5) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222945)) **GitLab Enterprise Edition**
- [Exclude secrets_fp_detection from CI rate limiting](https://gitlab.com/gitlab-org/gitlab/-/commit/7640a3e927a84e35f17bf6af1c500879547961ed) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223239))
- [Add cursor batch as default BBM](https://gitlab.com/gitlab-org/gitlab/-/commit/926d0130cc52264481fd9fb30682584b7f892fb9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216191))
- [Enable the `dap_onboarding_empty_states` feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/ee9e090e291438cc6d0fcea2fb6740d454900147) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223247)) **GitLab Enterprise Edition**
- [Add Redis key helpers and trust flag infrastructure](https://gitlab.com/gitlab-org/gitlab/-/commit/356b2e0f89619a7b1462bc8774e23463b026e756) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221498))
- [Enable security dashboard feature flags by default](https://gitlab.com/gitlab-org/gitlab/-/commit/5555426c17c1cb464f5d16598b4d609a48cf5a4b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/223031)) **GitLab Enterprise Edition**
- [Add rebase option to project setting](https://gitlab.com/gitlab-org/gitlab/-/commit/8adc50bab7ed70d050470ea5cf4aee5e9aea4ec7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221713))
- [Persist tool call approvals for DAP sessions](https://gitlab.com/gitlab-org/gitlab/-/commit/e5c2fb1af59617d2fb9798741a12ba640a4464fd) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220804)) **GitLab Enterprise Edition**
- [Release security scan profiles feature](https://gitlab.com/gitlab-org/gitlab/-/commit/656e630486e357ab80d35e276263274910c38cfb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222842)) **GitLab Enterprise Edition**
(省略されました)
## 18.8.4 (2026-02-09)
### Added (1 change)
- [Add REST endpoint for seeding external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9308a66c34904c475f22d3288b75305c3e5fb1e3) **GitLab Enterprise Edition**
### Fixed (4 changes)
- [Add cleanup of replicas without indices to RolloutService](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ee791a6c1947afebbdabb0b96ff6eb9bb26d08ea) **GitLab Enterprise Edition**
- [Add preflight checks to resume_indexing rake task](https://gitlab.com/gitlab-org/security/gitlab/-/commit/884b17351514fe3db1271db6f660ad0636f06606) **GitLab Enterprise Edition**
- [Fix project state getting out of sync when deletion fails](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ea893eb7aab9dbd98ea03da77c47bde3813279f7)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2c7efa3b958dca20816a923003a8de89c8f54d)
### Changed (1 change)
- [Add seed external agents button to Admin](https://gitlab.com/gitlab-org/security/gitlab/-/commit/86e53598ca77513eed0975b3fd611c52894b7983) **GitLab Enterprise Edition**
### Security (13 changes)
- [587546 DoS Customizable Dashboards](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4ddf86cd2bd0b0a281f92391687cc152e60bee12) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5727))
- [Fix SSRF vulnerability in virtual registry upstream checks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a8bad27927fb40962014c85f23dff28c13cf1b79) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5656))
- [Filter groups by accessible to user](https://gitlab.com/gitlab-org/security/gitlab/-/commit/6495ffe052c2ee5627718c36d6eb18af8f6a4e48) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5714))
- [Don't quadratically re-process children in TaskListFilter](https://gitlab.com/gitlab-org/security/gitlab/-/commit/fe2fee5e83ae6476f41b3322c1ca4febf76da857) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5726))
- [Add authorization for pipeline schedule inputs](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4c5126dee6b6361e9099cb944b5b8772231246f6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5690))
- [Fix DoS vulnerability via malformed JSON escape sequences](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9bd81602325b48e823db3b40061eea91f394d89d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5708))
- [Don't render label link tooltip names as HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a7236aeec6c2c1017e6a2970557b513a82d258e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5702))
- [Fix test case title html injection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5d5cab70d2f154d1f22f1c589454a6b386853b07) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5683))
(省略されました)
### Added (1 change)
- [Add REST endpoint for seeding external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9308a66c34904c475f22d3288b75305c3e5fb1e3) **GitLab Enterprise Edition**
### Fixed (4 changes)
- [Add cleanup of replicas without indices to RolloutService](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ee791a6c1947afebbdabb0b96ff6eb9bb26d08ea) **GitLab Enterprise Edition**
- [Add preflight checks to resume_indexing rake task](https://gitlab.com/gitlab-org/security/gitlab/-/commit/884b17351514fe3db1271db6f660ad0636f06606) **GitLab Enterprise Edition**
- [Fix project state getting out of sync when deletion fails](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ea893eb7aab9dbd98ea03da77c47bde3813279f7)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/bd2c7efa3b958dca20816a923003a8de89c8f54d)
### Changed (1 change)
- [Add seed external agents button to Admin](https://gitlab.com/gitlab-org/security/gitlab/-/commit/86e53598ca77513eed0975b3fd611c52894b7983) **GitLab Enterprise Edition**
### Security (13 changes)
- [587546 DoS Customizable Dashboards](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4ddf86cd2bd0b0a281f92391687cc152e60bee12) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5727))
- [Fix SSRF vulnerability in virtual registry upstream checks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a8bad27927fb40962014c85f23dff28c13cf1b79) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5656))
- [Filter groups by accessible to user](https://gitlab.com/gitlab-org/security/gitlab/-/commit/6495ffe052c2ee5627718c36d6eb18af8f6a4e48) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5714))
- [Don't quadratically re-process children in TaskListFilter](https://gitlab.com/gitlab-org/security/gitlab/-/commit/fe2fee5e83ae6476f41b3322c1ca4febf76da857) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5726))
- [Add authorization for pipeline schedule inputs](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4c5126dee6b6361e9099cb944b5b8772231246f6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5690))
- [Fix DoS vulnerability via malformed JSON escape sequences](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9bd81602325b48e823db3b40061eea91f394d89d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5708))
- [Don't render label link tooltip names as HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a7236aeec6c2c1017e6a2970557b513a82d258e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5702))
- [Fix test case title html injection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5d5cab70d2f154d1f22f1c589454a6b386853b07) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5683))
(省略されました)
## 18.8.3 (2026-02-04)
### Fixed (13 changes)
- [Unsubscribe from pipeline status updates when pipeline ID changes](https://gitlab.com/gitlab-org/gitlab/-/commit/5a93d93ceddc12ef98d833717b184bab079e1774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221762))
- [Fix JWT token expiration when memoized before timeout is set](https://gitlab.com/gitlab-org/gitlab/-/commit/a61df840beac37dde7e4d12b4ace6f6f9088fbc4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221379))
- [Fix encoding error in related branches work item widget](https://gitlab.com/gitlab-org/gitlab/-/commit/6089657a222498a6126448ffa6879d6a0fad9cd2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221365))
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/gitlab/-/commit/8948eee503609004a0706c444f605dc5676d8356) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221356))
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/gitlab/-/commit/07b691e621a09c1b1a3c19ab8d726199ac94bb85) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221299))
- [Add work item support to missing chat integrations](https://gitlab.com/gitlab-org/gitlab/-/commit/6e3ce968eea0aee05025e70c5044feede332b98c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221178))
- [Only check optional ActionCable Redis instance if necessary](https://gitlab.com/gitlab-org/gitlab/-/commit/d6eeb7d175d53bca608ee29d639c9160fb661044) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220695))
- [Fixes preserving external author on work item move and clone](https://gitlab.com/gitlab-org/gitlab/-/commit/f4dff41724c940ac233cbdf7a5fd485e54c2b181) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220160))
- [Refactor Redis TLS options parsing to fix ActionCable configuration](https://gitlab.com/gitlab-org/gitlab/-/commit/bac23007c9ac7c5fc8fda53fc19184589c4721cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219997))
- [Open SD issues and tickets on boards in legacy view instead of drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/6b1759e5611f4ae7dc05503e8d87dc1322a29c26) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219758))
- [Add info on UI for new Ticket work item type](https://gitlab.com/gitlab-org/gitlab/-/commit/d6d54c09c9dfe877d763994e2a201f6ffe9c66e4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219750))
- [Fix enforced_scans sync with inject_policy](https://gitlab.com/gitlab-org/gitlab/-/commit/234ded0747283dfa0085af28d7b818a211093c75) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219609)) **GitLab Enterprise Edition**
### Changed (5 changes)
- [Remove duo_workflow Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/84c562165a30eef1c8b6be1c2289acfa379d716a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220973)) **GitLab Enterprise Edition**
- [Adds work items to custom email notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7e017ccf9df05e642203f7e71c3a099144856298) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219926))
- [Display work item type names in chat notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7f5d87a43ea3c4b9c7daf6b7efba69005c754cac) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221046))
- [Remove duo_workflow_in_ci Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/7512dade12309120492cb0657a0f742e52ea6722) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220885)) **GitLab Enterprise Edition**
(省略されました)
### Fixed (13 changes)
- [Unsubscribe from pipeline status updates when pipeline ID changes](https://gitlab.com/gitlab-org/gitlab/-/commit/5a93d93ceddc12ef98d833717b184bab079e1774) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221762))
- [Fix JWT token expiration when memoized before timeout is set](https://gitlab.com/gitlab-org/gitlab/-/commit/a61df840beac37dde7e4d12b4ace6f6f9088fbc4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221379))
- [Fix encoding error in related branches work item widget](https://gitlab.com/gitlab-org/gitlab/-/commit/6089657a222498a6126448ffa6879d6a0fad9cd2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221365))
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/gitlab/-/commit/8948eee503609004a0706c444f605dc5676d8356) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221356))
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/gitlab/-/commit/07b691e621a09c1b1a3c19ab8d726199ac94bb85) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221299))
- [Add work item support to missing chat integrations](https://gitlab.com/gitlab-org/gitlab/-/commit/6e3ce968eea0aee05025e70c5044feede332b98c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221178))
- [Only check optional ActionCable Redis instance if necessary](https://gitlab.com/gitlab-org/gitlab/-/commit/d6eeb7d175d53bca608ee29d639c9160fb661044) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220695))
- [Fixes preserving external author on work item move and clone](https://gitlab.com/gitlab-org/gitlab/-/commit/f4dff41724c940ac233cbdf7a5fd485e54c2b181) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220160))
- [Refactor Redis TLS options parsing to fix ActionCable configuration](https://gitlab.com/gitlab-org/gitlab/-/commit/bac23007c9ac7c5fc8fda53fc19184589c4721cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219997))
- [Open SD issues and tickets on boards in legacy view instead of drawer](https://gitlab.com/gitlab-org/gitlab/-/commit/6b1759e5611f4ae7dc05503e8d87dc1322a29c26) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219758))
- [Add info on UI for new Ticket work item type](https://gitlab.com/gitlab-org/gitlab/-/commit/d6d54c09c9dfe877d763994e2a201f6ffe9c66e4) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219750))
- [Fix enforced_scans sync with inject_policy](https://gitlab.com/gitlab-org/gitlab/-/commit/234ded0747283dfa0085af28d7b818a211093c75) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219609)) **GitLab Enterprise Edition**
### Changed (5 changes)
- [Remove duo_workflow Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/84c562165a30eef1c8b6be1c2289acfa379d716a) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220973)) **GitLab Enterprise Edition**
- [Adds work items to custom email notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7e017ccf9df05e642203f7e71c3a099144856298) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/219926))
- [Display work item type names in chat notifications](https://gitlab.com/gitlab-org/gitlab/-/commit/7f5d87a43ea3c4b9c7daf6b7efba69005c754cac) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/221046))
- [Remove duo_workflow_in_ci Feature Flag](https://gitlab.com/gitlab-org/gitlab/-/commit/7512dade12309120492cb0657a0f742e52ea6722) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/220885)) **GitLab Enterprise Edition**
(省略されました)
## 18.8.2 (2026-01-20)
### Added (1 change)
- [Rake task to seed AI Catalogs with external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/d55d15507ac1dae272cfc5230616d2ce0e57e3cd) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix beta status of foundational flows](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7aeb7139f08add55324fe431a4bc4cf9c7d15cd5) **GitLab Enterprise Edition**
- [Pass user id to workflow service](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c50eb4c11294b9e368bd3a82854d4756177ea76c) **GitLab Enterprise Edition**
- [Ensure currentSelectedReviewers is always an array](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5236c50c2566011f4fa533f2315fcc7bbcefa69b)
### Security (5 changes)
- [Reject expired keys and blocked users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/11f2df99940e349369021bb7613afebd7665c6af) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5652))
- [Limit JWT token size in Jira Connect to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/51480b19ab4e87c7128927e0cb620eca79bb8ca8) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5659))
- [Fix endless redirection loop in wikis for prepared redirect file](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8a68318f350f598c97781e9bc9568e886a16505b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5658))
- [Adds size validation to job token before decoding](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ae827a88f454dcc0f4b21c7db522ea530966cee2) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5654))
- [Prevent bypass 2FA with WebAuthn & passkey authentication](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ec6f16d7b95fe87d61d97ecf9a16e8784c172bec) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5653))
## 18.7.2 (2026-01-20)
### Fixed (8 changes)
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8e5a7028c64d134fcca7b2a6ba89cbff0320bf64)
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3469cf61ffc33a5186c5c0dc108d90b521737c61)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e96f86cc5bcdbe0a22468dfc07ef39ef8a903fc2)
- [Fix migration health check endpoint](https://gitlab.com/gitlab-org/security/gitlab/-/commit/35813c8895bc080d7d72d7c69716a374c084da6f)
(省略されました)
### Added (1 change)
- [Rake task to seed AI Catalogs with external agents](https://gitlab.com/gitlab-org/security/gitlab/-/commit/d55d15507ac1dae272cfc5230616d2ce0e57e3cd) **GitLab Enterprise Edition**
### Fixed (3 changes)
- [Fix beta status of foundational flows](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7aeb7139f08add55324fe431a4bc4cf9c7d15cd5) **GitLab Enterprise Edition**
- [Pass user id to workflow service](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c50eb4c11294b9e368bd3a82854d4756177ea76c) **GitLab Enterprise Edition**
- [Ensure currentSelectedReviewers is always an array](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5236c50c2566011f4fa533f2315fcc7bbcefa69b)
### Security (5 changes)
- [Reject expired keys and blocked users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/11f2df99940e349369021bb7613afebd7665c6af) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5652))
- [Limit JWT token size in Jira Connect to prevent DoS](https://gitlab.com/gitlab-org/security/gitlab/-/commit/51480b19ab4e87c7128927e0cb620eca79bb8ca8) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5659))
- [Fix endless redirection loop in wikis for prepared redirect file](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8a68318f350f598c97781e9bc9568e886a16505b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5658))
- [Adds size validation to job token before decoding](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ae827a88f454dcc0f4b21c7db522ea530966cee2) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5654))
- [Prevent bypass 2FA with WebAuthn & passkey authentication](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ec6f16d7b95fe87d61d97ecf9a16e8784c172bec) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5653))
## 18.7.2 (2026-01-20)
### Fixed (8 changes)
- [Disable async_insert in build and pipeline sync operations](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8e5a7028c64d134fcca7b2a6ba89cbff0320bf64)
- [Disable Sidekiq retries for ClickHouse pipeline/build sync workers](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3469cf61ffc33a5186c5c0dc108d90b521737c61)
- [Exclude Git LFS paths from Git HTTP throttling](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e96f86cc5bcdbe0a22468dfc07ef39ef8a903fc2)
- [Fix migration health check endpoint](https://gitlab.com/gitlab-org/security/gitlab/-/commit/35813c8895bc080d7d72d7c69716a374c084da6f)
(省略されました)
## 18.8.1 (2026-01-19)
### Fixed (1 change)
### Changed (2 changes)
- [Disallow creation of new external agents](https://gitlab.com/gitlab-org/gitlab/-/commit/f44382e9baff074d0495678e82447442944832aa) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218920)) **GitLab Enterprise Edition**
- [Release AI Catalog External Agents](https://gitlab.com/gitlab-org/gitlab/-/commit/74685605a678ec099f4b082188b90a41b27b80c2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218867)) **GitLab Enterprise Edition**
### Fixed (1 change)
### Changed (2 changes)
- [Disallow creation of new external agents](https://gitlab.com/gitlab-org/gitlab/-/commit/f44382e9baff074d0495678e82447442944832aa) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218920)) **GitLab Enterprise Edition**
- [Release AI Catalog External Agents](https://gitlab.com/gitlab-org/gitlab/-/commit/74685605a678ec099f4b082188b90a41b27b80c2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218867)) **GitLab Enterprise Edition**
## 18.8.0 (2026-01-14)
### Added (95 changes)
- [Add pipeline link to the single tag page](https://gitlab.com/gitlab-org/gitlab/-/commit/fe715b650020e01462aba99af31dbf13b26c97b9) by @therealrinku ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217508))
- [Add npm vregs model for remote cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/91c909326e500049e79cf81069769dbf965360b7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217303)) **GitLab Enterprise Edition**
- [Filter project pipelines by id](https://gitlab.com/gitlab-org/gitlab/-/commit/d421855c6f2be1afed6499f4a254312d8942dd15) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218207))
- [Add checkbox for web based commit signing](https://gitlab.com/gitlab-org/gitlab/-/commit/1e660621781d740de5935ef6b8c065445554feb8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217416))
- [Add false_positive filter to vulnerability API](https://gitlab.com/gitlab-org/gitlab/-/commit/d3fe3dd531d41802596ff87d67c4d9cb2630d9b8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218045)) **GitLab Enterprise Edition**
- [Enable Geo Primary Verification flag](https://gitlab.com/gitlab-org/gitlab/-/commit/2236b8abef54d8febf484b5217c819286056a520) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216500)) **GitLab Enterprise Edition**
- [Add npm vregs model for local cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/7a420658fa030626a673cbed2d1a6349996e072d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214031)) **GitLab Enterprise Edition**
- [Add sorting for per-user metric tables](https://gitlab.com/gitlab-org/gitlab/-/commit/e2ed448996fcd8ead5dd465c63d700e8e8a250f6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216601)) **GitLab Enterprise Edition**
- [Add `active` parameter support to groups projects API](https://gitlab.com/gitlab-org/gitlab/-/commit/71413a457792d419358a18500ab2bb5d1b38ef14) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218053))
- [Enable granular PAT for avatar endpoints](https://gitlab.com/gitlab-org/gitlab/-/commit/bce5c9d237666afa788cd51cd357367c88d0c23e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218277))
- [Remove `enterprise_disable_ssh_keys` FF](https://gitlab.com/gitlab-org/gitlab/-/commit/967092617bf97b833d82cba655155d83cd164cf6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218265))
- [Add POST endpoint for container protection tag rules API](https://gitlab.com/gitlab-org/gitlab/-/commit/ae56d80fc0aa97ba59ef35d160b0cd200e2c449d) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/213801))
- [Add `GitLab Duo Code Review Comments Sentiment` chart](https://gitlab.com/gitlab-org/gitlab/-/commit/08263c13deb3fd2b89da8c69b0a0230361f4629f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217069)) **GitLab Enterprise Edition**
- [Enable by default UI check for credits for DAP](https://gitlab.com/gitlab-org/gitlab/-/commit/8530310519ea9de6a694fde53463248e27a78def) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218162)) **GitLab Enterprise Edition**
- [Add exponential backoff retry for `include: remote`](https://gitlab.com/gitlab-org/gitlab/-/commit/39359d49e030c9d56193445b61a4822243b7c642) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214062))
- [Invert the logic and rename work item URL feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/c7ae32e3f79e49ced7bb581e0a46deced836c3d1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218024))
- [Support hour and day duration formatting in pipelines.](https://gitlab.com/gitlab-org/gitlab/-/commit/75a366168c95d0c5d9196c11a33ab24ca15b00a2) by @featherless ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217486))
(省略されました)
### Added (95 changes)
- [Add pipeline link to the single tag page](https://gitlab.com/gitlab-org/gitlab/-/commit/fe715b650020e01462aba99af31dbf13b26c97b9) by @therealrinku ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217508))
- [Add npm vregs model for remote cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/91c909326e500049e79cf81069769dbf965360b7) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217303)) **GitLab Enterprise Edition**
- [Filter project pipelines by id](https://gitlab.com/gitlab-org/gitlab/-/commit/d421855c6f2be1afed6499f4a254312d8942dd15) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218207))
- [Add checkbox for web based commit signing](https://gitlab.com/gitlab-org/gitlab/-/commit/1e660621781d740de5935ef6b8c065445554feb8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217416))
- [Add false_positive filter to vulnerability API](https://gitlab.com/gitlab-org/gitlab/-/commit/d3fe3dd531d41802596ff87d67c4d9cb2630d9b8) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218045)) **GitLab Enterprise Edition**
- [Enable Geo Primary Verification flag](https://gitlab.com/gitlab-org/gitlab/-/commit/2236b8abef54d8febf484b5217c819286056a520) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216500)) **GitLab Enterprise Edition**
- [Add npm vregs model for local cache entries](https://gitlab.com/gitlab-org/gitlab/-/commit/7a420658fa030626a673cbed2d1a6349996e072d) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214031)) **GitLab Enterprise Edition**
- [Add sorting for per-user metric tables](https://gitlab.com/gitlab-org/gitlab/-/commit/e2ed448996fcd8ead5dd465c63d700e8e8a250f6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216601)) **GitLab Enterprise Edition**
- [Add `active` parameter support to groups projects API](https://gitlab.com/gitlab-org/gitlab/-/commit/71413a457792d419358a18500ab2bb5d1b38ef14) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218053))
- [Enable granular PAT for avatar endpoints](https://gitlab.com/gitlab-org/gitlab/-/commit/bce5c9d237666afa788cd51cd357367c88d0c23e) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218277))
- [Remove `enterprise_disable_ssh_keys` FF](https://gitlab.com/gitlab-org/gitlab/-/commit/967092617bf97b833d82cba655155d83cd164cf6) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218265))
- [Add POST endpoint for container protection tag rules API](https://gitlab.com/gitlab-org/gitlab/-/commit/ae56d80fc0aa97ba59ef35d160b0cd200e2c449d) by @gerardo-navarro ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/213801))
- [Add `GitLab Duo Code Review Comments Sentiment` chart](https://gitlab.com/gitlab-org/gitlab/-/commit/08263c13deb3fd2b89da8c69b0a0230361f4629f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217069)) **GitLab Enterprise Edition**
- [Enable by default UI check for credits for DAP](https://gitlab.com/gitlab-org/gitlab/-/commit/8530310519ea9de6a694fde53463248e27a78def) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218162)) **GitLab Enterprise Edition**
- [Add exponential backoff retry for `include: remote`](https://gitlab.com/gitlab-org/gitlab/-/commit/39359d49e030c9d56193445b61a4822243b7c642) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214062))
- [Invert the logic and rename work item URL feature flag](https://gitlab.com/gitlab-org/gitlab/-/commit/c7ae32e3f79e49ced7bb581e0a46deced836c3d1) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/218024))
- [Support hour and day duration formatting in pipelines.](https://gitlab.com/gitlab-org/gitlab/-/commit/75a366168c95d0c5d9196c11a33ab24ca15b00a2) by @featherless ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/217486))
(省略されました)
## 18.7.1 (2026-01-07)
### Fixed (1 change)
- [Remove search_glql_fix_null_field_pagination feature flag](https://gitlab.com/gitlab-org/security/gitlab/-/commit/739045bf71d2d6631cb763a502478bd5d11f2d80) **GitLab Enterprise Edition**
### Security (8 changes)
- [Fix 404 errors for Duo Workflow WS connection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8f611a6ed9ab78db1f0d5ebb1329867f4689d76f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5633))
- [Only delete runner projects scoped to the intended runner](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3c26e9f8669d43ed3e25100adb190488a77132b1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5616))
- [Add base authorization check to update feature settings mutation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/dcc442150b40e86a915bc2fcc41bb33be01ab85d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5509))
- [Don't do arbitrary placeholder replacement on HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3e9ac4b689c7be319dbf54e356b9903aa0debec7) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5605))
- [Pass Mermaid images through asset proxy, apply CSP to deny leaks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3eeb3448f3062c9a9119fe7d4826f6c6282678e3) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5606))
- [Fix security issue related to namespace context](https://gitlab.com/gitlab-org/security/gitlab/-/commit/507d2064f4679c02de2b0771ec6f8299d85d8dbd) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5599))
- [backport(18.7): Fix XSS vulnerability in Web IDE VSCode assets](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f34dd0fddc0d015f3c6cd53d9c0a93d1d39926f5) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5604))
- [Limit XML and CSV HTTP responses](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f7bb8670028df4a810ed725472dc6a971e8dfcc6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5602))
## 18.6.3 (2026-01-07)
### Added (1 change)
- [Add status filter argument to work items CSV export](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ebc3d9729ffab1b8b434126e9fddeb7258420f31) **GitLab Enterprise Edition**
### Fixed (5 changes)
- [Fix Elasticsearch pagination with null sortable field values](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5baae4cf5d577bf6aaf5a6d49dc42b65df24cf0a) **GitLab Enterprise Edition**
- [Backport use upstream for DWS API requests in Workhorse](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2ce11772a0519a8154d08b2672f4809d7c4458e8) **GitLab Enterprise Edition**
- [Exclude Git HTTP requests from authenticated web throttle](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c4cd108c60d518a4718b16e1921273236fe1d793)
(省略されました)
### Fixed (1 change)
- [Remove search_glql_fix_null_field_pagination feature flag](https://gitlab.com/gitlab-org/security/gitlab/-/commit/739045bf71d2d6631cb763a502478bd5d11f2d80) **GitLab Enterprise Edition**
### Security (8 changes)
- [Fix 404 errors for Duo Workflow WS connection](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8f611a6ed9ab78db1f0d5ebb1329867f4689d76f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5633))
- [Only delete runner projects scoped to the intended runner](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3c26e9f8669d43ed3e25100adb190488a77132b1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5616))
- [Add base authorization check to update feature settings mutation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/dcc442150b40e86a915bc2fcc41bb33be01ab85d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5509))
- [Don't do arbitrary placeholder replacement on HTML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3e9ac4b689c7be319dbf54e356b9903aa0debec7) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5605))
- [Pass Mermaid images through asset proxy, apply CSP to deny leaks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3eeb3448f3062c9a9119fe7d4826f6c6282678e3) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5606))
- [Fix security issue related to namespace context](https://gitlab.com/gitlab-org/security/gitlab/-/commit/507d2064f4679c02de2b0771ec6f8299d85d8dbd) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5599))
- [backport(18.7): Fix XSS vulnerability in Web IDE VSCode assets](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f34dd0fddc0d015f3c6cd53d9c0a93d1d39926f5) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5604))
- [Limit XML and CSV HTTP responses](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f7bb8670028df4a810ed725472dc6a971e8dfcc6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5602))
## 18.6.3 (2026-01-07)
### Added (1 change)
- [Add status filter argument to work items CSV export](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ebc3d9729ffab1b8b434126e9fddeb7258420f31) **GitLab Enterprise Edition**
### Fixed (5 changes)
- [Fix Elasticsearch pagination with null sortable field values](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5baae4cf5d577bf6aaf5a6d49dc42b65df24cf0a) **GitLab Enterprise Edition**
- [Backport use upstream for DWS API requests in Workhorse](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2ce11772a0519a8154d08b2672f4809d7c4458e8) **GitLab Enterprise Edition**
- [Exclude Git HTTP requests from authenticated web throttle](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c4cd108c60d518a4718b16e1921273236fe1d793)
(省略されました)
## 18.7.0 (2025-12-17)
### Added (198 changes)
- [Enable ff validity_checks by default](https://gitlab.com/gitlab-org/gitlab/-/commit/f5f93e66259f501b2abe3735067b75a6a05214ad) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216525)) **GitLab Enterprise Edition**
- [Add Foundational Flow triggers](https://gitlab.com/gitlab-org/gitlab/-/commit/c63cbb06aa33233ef7cb0ca4b0713b51a0c9c9ae) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216090)) **GitLab Enterprise Edition**
- [Call seeding service before syncing foundational flows](https://gitlab.com/gitlab-org/gitlab/-/commit/cbe8f9d778cbd3bb343796fbc76677bf2c4ccfba) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216150)) **GitLab Enterprise Edition**
- [api: Remove project_repositories_health flag](https://gitlab.com/gitlab-org/gitlab/-/commit/a51b049f1debca21e9002178bb32e62aa90b62be) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214169))
- [feat: Always show FP confidence score when available](https://gitlab.com/gitlab-org/gitlab/-/commit/24cf74656b68a0ee9a5670389ed526979bbb2dce) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216361)) **GitLab Enterprise Edition**
- [Add upgrade notes guidelines for batched background migrations](https://gitlab.com/gitlab-org/gitlab/-/commit/1d5a9f09584d048bfee32097c1bebc5cfef185bf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215919))
- [Add additional_ca_cert_bundle input for DS v2 template](https://gitlab.com/gitlab-org/gitlab/-/commit/9bf06db00ff3916abf1c16d9e10a9c5d7f10cde2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216177)) **GitLab Enterprise Edition**
- [Adds support disabling duo agent platform at namespace](https://gitlab.com/gitlab-org/gitlab/-/commit/9ca64c50bd46cd3985603b5438c2c64733128a21) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216143)) **GitLab Enterprise Edition**
- [Add disabled fields to user hash](https://gitlab.com/gitlab-org/gitlab/-/commit/1a0bdd3c95aeca2adb5cfbe5e26ebccb8cf4c08f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216153)) **GitLab Enterprise Edition**
- [Set validity_check_es_filter default true](https://gitlab.com/gitlab-org/gitlab/-/commit/3e94ecd21fb82d076997b2f60b2d34ddd48c3c81) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/211927)) **GitLab Enterprise Edition**
- [Clean up FF](https://gitlab.com/gitlab-org/gitlab/-/commit/5506a71352f411d03f3176b572a3300066d9df3f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215796))
- [Add total Duo events by user table](https://gitlab.com/gitlab-org/gitlab/-/commit/61ce76a7bee7570b749b0843520b694a118babcb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215694)) **GitLab Enterprise Edition**
- [Add pagination UI for branch rules](https://gitlab.com/gitlab-org/gitlab/-/commit/1ba82ff6480e08d9aded32e73f75f2ba34b426cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216253)) **GitLab Enterprise Edition**
- [Add limited experience alert to vulnerability report](https://gitlab.com/gitlab-org/gitlab/-/commit/3a57d913ab29cb0585ae53d0756b3715c1b9ec9f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215979)) **GitLab Enterprise Edition**
- [Add security scan profile query type and resolver](https://gitlab.com/gitlab-org/gitlab/-/commit/248f8aba3f821ac3ce2a1b99ae4eeb3a411ea2fb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215667)) **GitLab Enterprise Edition**
- [Add template for multi container scanner](https://gitlab.com/gitlab-org/gitlab/-/commit/b05b8b32de6ef186ea89e045eaa6d031cad250dc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/210414)) **GitLab Enterprise Edition**
- [Add selectable and selectable reason fields](https://gitlab.com/gitlab-org/gitlab/-/commit/c2a2946ad348c8c007125e0ab90a325ba3ada134) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215999))
(省略されました)
### Added (198 changes)
- [Enable ff validity_checks by default](https://gitlab.com/gitlab-org/gitlab/-/commit/f5f93e66259f501b2abe3735067b75a6a05214ad) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216525)) **GitLab Enterprise Edition**
- [Add Foundational Flow triggers](https://gitlab.com/gitlab-org/gitlab/-/commit/c63cbb06aa33233ef7cb0ca4b0713b51a0c9c9ae) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216090)) **GitLab Enterprise Edition**
- [Call seeding service before syncing foundational flows](https://gitlab.com/gitlab-org/gitlab/-/commit/cbe8f9d778cbd3bb343796fbc76677bf2c4ccfba) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216150)) **GitLab Enterprise Edition**
- [api: Remove project_repositories_health flag](https://gitlab.com/gitlab-org/gitlab/-/commit/a51b049f1debca21e9002178bb32e62aa90b62be) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/214169))
- [feat: Always show FP confidence score when available](https://gitlab.com/gitlab-org/gitlab/-/commit/24cf74656b68a0ee9a5670389ed526979bbb2dce) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216361)) **GitLab Enterprise Edition**
- [Add upgrade notes guidelines for batched background migrations](https://gitlab.com/gitlab-org/gitlab/-/commit/1d5a9f09584d048bfee32097c1bebc5cfef185bf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215919))
- [Add additional_ca_cert_bundle input for DS v2 template](https://gitlab.com/gitlab-org/gitlab/-/commit/9bf06db00ff3916abf1c16d9e10a9c5d7f10cde2) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216177)) **GitLab Enterprise Edition**
- [Adds support disabling duo agent platform at namespace](https://gitlab.com/gitlab-org/gitlab/-/commit/9ca64c50bd46cd3985603b5438c2c64733128a21) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216143)) **GitLab Enterprise Edition**
- [Add disabled fields to user hash](https://gitlab.com/gitlab-org/gitlab/-/commit/1a0bdd3c95aeca2adb5cfbe5e26ebccb8cf4c08f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216153)) **GitLab Enterprise Edition**
- [Set validity_check_es_filter default true](https://gitlab.com/gitlab-org/gitlab/-/commit/3e94ecd21fb82d076997b2f60b2d34ddd48c3c81) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/211927)) **GitLab Enterprise Edition**
- [Clean up FF](https://gitlab.com/gitlab-org/gitlab/-/commit/5506a71352f411d03f3176b572a3300066d9df3f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215796))
- [Add total Duo events by user table](https://gitlab.com/gitlab-org/gitlab/-/commit/61ce76a7bee7570b749b0843520b694a118babcb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215694)) **GitLab Enterprise Edition**
- [Add pagination UI for branch rules](https://gitlab.com/gitlab-org/gitlab/-/commit/1ba82ff6480e08d9aded32e73f75f2ba34b426cf) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216253)) **GitLab Enterprise Edition**
- [Add limited experience alert to vulnerability report](https://gitlab.com/gitlab-org/gitlab/-/commit/3a57d913ab29cb0585ae53d0756b3715c1b9ec9f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215979)) **GitLab Enterprise Edition**
- [Add security scan profile query type and resolver](https://gitlab.com/gitlab-org/gitlab/-/commit/248f8aba3f821ac3ce2a1b99ae4eeb3a411ea2fb) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215667)) **GitLab Enterprise Edition**
- [Add template for multi container scanner](https://gitlab.com/gitlab-org/gitlab/-/commit/b05b8b32de6ef186ea89e045eaa6d031cad250dc) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/210414)) **GitLab Enterprise Edition**
- [Add selectable and selectable reason fields](https://gitlab.com/gitlab-org/gitlab/-/commit/c2a2946ad348c8c007125e0ab90a325ba3ada134) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/215999))
(省略されました)
## 18.6.2 (2025-12-10)
### Fixed (3 changes)
- [Handle 429s during github LFS import](https://gitlab.com/gitlab-org/security/gitlab/-/commit/de982c5ce9f7cb3d68b487aef4d5770d1ae32fed)
- [Fix partition missing error in project_daily_statistics backfill](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a9a2a6f278f822d1fb73336a55696fcf94dca055)
- [Update diff note representation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2ad30bf915c8adf50c1ddb56441a61a7a48a9279)
### Changed (2 changes)
- [Fix: Restore branch protection check in cache_suffix_for](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c30a088a7d553805e9c4e7afda52c563c47eb8e6)
- [Ensure LFS imports work correctly with nil revisions](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b32e678fe2ddecefd70a9a9823753847a09c20cf)
### Security (10 changes)
- [Hide private project name to unauthorized users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7060745b8ada531cc1445df9afc9fef3d3aef24a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5550))
- [Apply requestBodyUploader to commit creation endpoints](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3bd577e0ee92c19cb9e48d370e215eae6458ebdc) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5581))
- [Fix "Total 2FA Bypass for Users"](https://gitlab.com/gitlab-org/security/gitlab/-/commit/887505e8fcfa67bd4f483b68bbdf541e6c1139fc) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5573))
- [Add strict validations for dismissal path input](https://gitlab.com/gitlab-org/security/gitlab/-/commit/39a07480e84bf59c161c618e8f2f6d637905596a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5585))
- [Fix merge request delete modal not escaping title](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9fba70dae46e2330d0ff509c6a708c5dd3bd627d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5570))
- [Fixes the logical bug present in the complexity_multiplier method](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2648233caf6d0d58a28c32678d0058c53d0e9a6c) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5529))
- [Require correct permissions to access frameworks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/daecb53efb85e3f5a77872f66916aca49971b2c0) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5540))
- [Stop preserving various exif tags](https://gitlab.com/gitlab-org/security/gitlab/-/commit/83c482c7395eb687001daa4e7a2856acd30cef82) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5532))
## 18.5.4 (2025-12-10)
### Fixed (2 changes)
(省略されました)
### Fixed (3 changes)
- [Handle 429s during github LFS import](https://gitlab.com/gitlab-org/security/gitlab/-/commit/de982c5ce9f7cb3d68b487aef4d5770d1ae32fed)
- [Fix partition missing error in project_daily_statistics backfill](https://gitlab.com/gitlab-org/security/gitlab/-/commit/a9a2a6f278f822d1fb73336a55696fcf94dca055)
- [Update diff note representation](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2ad30bf915c8adf50c1ddb56441a61a7a48a9279)
### Changed (2 changes)
- [Fix: Restore branch protection check in cache_suffix_for](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c30a088a7d553805e9c4e7afda52c563c47eb8e6)
- [Ensure LFS imports work correctly with nil revisions](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b32e678fe2ddecefd70a9a9823753847a09c20cf)
### Security (10 changes)
- [Hide private project name to unauthorized users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7060745b8ada531cc1445df9afc9fef3d3aef24a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5550))
- [Apply requestBodyUploader to commit creation endpoints](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3bd577e0ee92c19cb9e48d370e215eae6458ebdc) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5581))
- [Fix "Total 2FA Bypass for Users"](https://gitlab.com/gitlab-org/security/gitlab/-/commit/887505e8fcfa67bd4f483b68bbdf541e6c1139fc) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5573))
- [Add strict validations for dismissal path input](https://gitlab.com/gitlab-org/security/gitlab/-/commit/39a07480e84bf59c161c618e8f2f6d637905596a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5585))
- [Fix merge request delete modal not escaping title](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9fba70dae46e2330d0ff509c6a708c5dd3bd627d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5570))
- [Fixes the logical bug present in the complexity_multiplier method](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2648233caf6d0d58a28c32678d0058c53d0e9a6c) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5529))
- [Require correct permissions to access frameworks](https://gitlab.com/gitlab-org/security/gitlab/-/commit/daecb53efb85e3f5a77872f66916aca49971b2c0) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5540))
- [Stop preserving various exif tags](https://gitlab.com/gitlab-org/security/gitlab/-/commit/83c482c7395eb687001daa4e7a2856acd30cef82) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5532))
## 18.5.4 (2025-12-10)
### Fixed (2 changes)
(省略されました)
## 18.6.1 (2025-11-25)
### Fixed (3 changes)
- [Fix /admin/sidekiq not loading CSS assets in Cloud Native GitLab](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ccf15957c87ce3fe5dd6e5ed83bd59c9ea81c876)
- [Fix BackfillTimelogsNamespace finalization order](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4460d317e1c5b8a76406d09d0cfad0f1b56b1b48)
- [Fix custom role approvers lookup for inherited users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/743ff5eb22638654df2598fa054243606d301cac) **GitLab Enterprise Edition**
### Security (5 changes)
- [Override organization of signup users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a175db6ae54ee6430a1c87b0e1bc83b5469b257) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5520))
- [Use Gitlab::Json.safe_parse to prevent parsing of large JSON objects](https://gitlab.com/gitlab-org/security/gitlab/-/commit/124790eb84c20cd00b8e05c06f7d514b75bcd3b0) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5495))
- [Limit JSON parsing depth, size, and elements in HTTParty](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c83315f5257169a6dce0eb04eb14dc4894915a6e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5504))
- [Add protection suffix to cache depending on role](https://gitlab.com/gitlab-org/security/gitlab/-/commit/44f7d7162660a5dbe506dac85acb7eb47a1ef6a6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5483))
## 18.5.3 (2025-11-25)
### Fixed (6 changes)
- [Fix custom role approvers lookup for inherited users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/72d4caccc77ed4ab55936353f8ed5f1c8fd8f35e) **GitLab Enterprise Edition**
- [Revert "Support nested variables expention in rules:if"](https://gitlab.com/gitlab-org/security/gitlab/-/commit/49c0aa322da8a85508a98f0657cf046bbead1a1b)
- [Fix /admin/sidekiq not loading CSS assets in Cloud Native GitLab](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7627f8b8b2437092c47126761d887810d1b8740f)
- [Relax blobs complexity in favor of limiting data](https://gitlab.com/gitlab-org/security/gitlab/-/commit/26a7f1e8fc314e4a31631c1070e21113fd5750e1)
- [Fix missing gitaly_context forward in BranchPushService](https://gitlab.com/gitlab-org/security/gitlab/-/commit/54b93a422709b4087e0e06d3cbf061e082e05a7a)
### Security (5 changes)
- [Override organization of signup users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5ed73cbb59f02d20ff64f94b517b016f37ddab42) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5521))
(省略されました)
### Fixed (3 changes)
- [Fix /admin/sidekiq not loading CSS assets in Cloud Native GitLab](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ccf15957c87ce3fe5dd6e5ed83bd59c9ea81c876)
- [Fix BackfillTimelogsNamespace finalization order](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4460d317e1c5b8a76406d09d0cfad0f1b56b1b48)
- [Fix custom role approvers lookup for inherited users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/743ff5eb22638654df2598fa054243606d301cac) **GitLab Enterprise Edition**
### Security (5 changes)
- [Override organization of signup users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a175db6ae54ee6430a1c87b0e1bc83b5469b257) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5520))
- [Use Gitlab::Json.safe_parse to prevent parsing of large JSON objects](https://gitlab.com/gitlab-org/security/gitlab/-/commit/124790eb84c20cd00b8e05c06f7d514b75bcd3b0) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5495))
- [Limit JSON parsing depth, size, and elements in HTTParty](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c83315f5257169a6dce0eb04eb14dc4894915a6e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5504))
- [Add protection suffix to cache depending on role](https://gitlab.com/gitlab-org/security/gitlab/-/commit/44f7d7162660a5dbe506dac85acb7eb47a1ef6a6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5483))
## 18.5.3 (2025-11-25)
### Fixed (6 changes)
- [Fix custom role approvers lookup for inherited users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/72d4caccc77ed4ab55936353f8ed5f1c8fd8f35e) **GitLab Enterprise Edition**
- [Revert "Support nested variables expention in rules:if"](https://gitlab.com/gitlab-org/security/gitlab/-/commit/49c0aa322da8a85508a98f0657cf046bbead1a1b)
- [Fix /admin/sidekiq not loading CSS assets in Cloud Native GitLab](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7627f8b8b2437092c47126761d887810d1b8740f)
- [Relax blobs complexity in favor of limiting data](https://gitlab.com/gitlab-org/security/gitlab/-/commit/26a7f1e8fc314e4a31631c1070e21113fd5750e1)
- [Fix missing gitaly_context forward in BranchPushService](https://gitlab.com/gitlab-org/security/gitlab/-/commit/54b93a422709b4087e0e06d3cbf061e082e05a7a)
### Security (5 changes)
- [Override organization of signup users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5ed73cbb59f02d20ff64f94b517b016f37ddab42) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5521))
(省略されました)
RSS[全体]
Tw[@softantenna]