Update CHANGELOG-EE.md for 11.9.0-ee

[ci skip]

Update CHANGELOG-EE.md for 11.9.0-ee
[ci skip]
6a1fa066 · GitLab Release Tools Bot · 9702ff78 · 6a1fa066 · 9702ff78 · 9702ff78
Commit 6a1fa066 authored Mar 21, 2019 by GitLab Release Tools Bot
68 changed files
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
 Please view this file on the master branch, on stable branches it's out of date.
+## 11.9.0 (2019-03-22)
+### Security (4 changes)
+- Prevent Group SAML authorizing sign in without prior user approval.
+- Respect group membership lock when importing a member from another group.
+- Remove the possibility to share a project with a group that a user is not a member of.
+- Prevent SAML access when disabled by group admin on GitLab.com.
+### Fixed (22 changes)
+- Allow assigning Prometheus alerts to multiple environments. !7361
+- Fix repo pushes while initial Elasticsearch indexing not permitting initial indexing to complete. !9478
+- Fix vulnerability occurrence scope to trailing 30 days. !9494
+- Skip whitelisted vulnerabilities in Container Scanning reports. !9528
+- Fix npm registry for yarn. !9599
+- Renders inline downstream & upstream pipelines. !9627
+- Prunes whole Geo event when there's only a primary. !9630
+- Fix alert notifications for non-public projects. !9636
+- Fix 500 error when visiting merged merge request. !9648
+- Allow plus symbol in maven package version. !9657
+- Show commands applied message when promoting issues to epics. !9669
+- Ensure comments from merge request review is displayed in the same order as user commenting order. !9684
+- Geo - Fix selective sync by namespace. !9732
+- Fix bridge jobs than can be hidden keys too. !9796
+- Fix approval-related UI showing up in free plan. !9819
+- Add 'No approvals required' view to approval rules (behind feature flag). !9899
+- Fix npm package install with a dot in the name. !9900
+- GroupSAML for GitLab.com prevents blank NameID. !9907
+- Fix protected environment initializer. !10150
+- Fix SSH pull mirrors not working. !10272
+- Fix HTML spew in Locked Files page.
+- Fixes Broken new/edit feature flag form.
+### Changed (9 changes, 1 of them is from the community)
+- Remove authorization from /managed_licenses. !8541
+- Consider dismissed items in security reports summary. !9275
+- Add backend for cross-project pipeline dashboard MVC. !9396
+- Create merge request approval rule for each code owner entry. !9455
+- Split severity and confidence values for vulnerabilities. !9495
+- Enforce Geo JWT tokens scope for file uploads and Geo API. !9502
+- Update cluster health empty state. !9540 (George Tsiolis)
+- Add extra graph spacing on the Security Dashboard Group Vulnerability Chart. !9780
+- Add Kerberos URL back to clone panel. !9840
+### Performance (1 change)
+- Eliminate N+1 queries in Epics API. !9897
+### Added (23 changes, 1 of them is from the community)
+- Enabled setting the Security Dashboard as a default view for groups. !7889
+- Add reordering of child epics. !9283
+- Create MR from Vulnerability Solution. !9326
+- Create pool repositories on Geo secondaries. !9428
+- Add date range for security dashboard graph. !9446
+- Add filtering merge requests by approvers. !9468
+- Add audit log for managing feature flags. !9487
+- Add DELETE package API endpoint. !9623
+- Enrich container scanning report. !9641
+- Adapt feedback for Container Scanning vulnerabilities. !9655
+- Enforce merge request approvals from code owners. !9656
+- Added vendored CI/CD template for Dependency Scanning job. !9660
+- Add Insights config behind the "group_insights" feature flag. !9665
+- Add single package API endpoint. !9667
+- Added GET /licenses and DELETE /license/:id endpoints. !9733
+- Add container scanning results to group security dashboard. !9736
+- Add an incident management settings form and create issues from alertmanager alerts. !9773
+- Add API for reordering child epics. !9781
+- Allow guests to comment on epics. !9783
+- Display Recent Boards in Board switcher. !9808
+- Add Ancestors in Epic Sidebar. !9817
+- Add vendored templates for SAST, DAST, Container Scanning and License Management job definitions. !9921
+- Add realtime validation for user fullname and username on validation. !25017 (Ehsan Abdulqader @EhsanZ)
+### Other (12 changes, 1 of them is from the community)
+- Use export-import svg from gitlab-svgs. !9453
+- Renames 'revert dismissal' to 'undo dismiss' on the Group security dashboard. !9500
+- Using positional arguments in request specs have been deprecated. !9506 (Jasper Maes)
+- Splits the severity and confidence constants in the group security dashboard frontend. !9535
+- Add Gitlab.com gold trial callout to /billings. !9611
+- Update project settings section titles and info. !9614
+- Improve visual consistency of values in vulnerability modal. !9616
+- Limit Group Security Dashboard to selected types of report. !9626
+- Make related issues components reusable. !9730
+- sidekiq-cluster: put each sidekiq in a new pgroup. !9775
+- License Management: Load up to a 100 licenses per default. !9913
+- Adds documentation for autoremediation. !10054
 ## 11.8.3 (2019-03-19)
 - No changes.

--- a/ee/changelogs/unreleased/10233-ff-form.yml
+++ b/ee/changelogs/unreleased/10233-ff-form.yml
---
-title: Fixes Broken new/edit feature flag form
-merge_request:
-author:
-type: fixed
--- a/ee/changelogs/unreleased/10248-npm-packages-with-a-dot-on-the-package-name-returns-403-when-trying-to-install.yml
+++ b/ee/changelogs/unreleased/10248-npm-packages-with-a-dot-on-the-package-name-returns-403-when-trying-to-install.yml
---
-title: Fix npm package install with a dot in the name
-merge_request: 9900
-author:
-type: fixed
--- a/ee/changelogs/unreleased/10265-load-100-licenses-per-default.yml
+++ b/ee/changelogs/unreleased/10265-load-100-licenses-per-default.yml
---
-title: 'License Management: Load up to a 100 licenses per default'
-merge_request: 9913
-author:
-type: other
--- a/ee/changelogs/unreleased/10409-documentation-for-auto-remediation.yml
+++ b/ee/changelogs/unreleased/10409-documentation-for-auto-remediation.yml
---
-title: Adds documentation for autoremediation
-merge_request: 10054
-author:
-type: other
--- a/ee/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
+++ b/ee/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
---
-title: Remove the possibility to share a project with a group that a user is not a member
-  of
-merge_request:
-author:
-type: security
--- a/ee/changelogs/unreleased/4925-use-send-email-setting.yml
+++ b/ee/changelogs/unreleased/4925-use-send-email-setting.yml
---
-title: Add an incident management settings form and create issues from alertmanager
-  alerts
-merge_request: 9773
-author:
-type: added
--- a/ee/changelogs/unreleased/5528-enrich_container_scanning_report.yml
+++ b/ee/changelogs/unreleased/5528-enrich_container_scanning_report.yml
---
-title: Enrich container scanning report
-merge_request: 9641
-author:
-type: added
--- a/ee/changelogs/unreleased/55312-svg.yml
+++ b/ee/changelogs/unreleased/55312-svg.yml
---
-title: Use export-import svg from gitlab-svgs
-merge_request: 9453
-author:
-type: other
--- a/ee/changelogs/unreleased/6079-dismissed-items-in-reports.yml
+++ b/ee/changelogs/unreleased/6079-dismissed-items-in-reports.yml
---
-title: Consider dismissed items in security reports summary
-merge_request: 9275
-author:
-type: changed
--- a/ee/changelogs/unreleased/7048_set_security_dashboard_as_default_view_for_groups_be.yml
+++ b/ee/changelogs/unreleased/7048_set_security_dashboard_as_default_view_for_groups_be.yml
---
-title: Enabled setting the Security Dashboard as a default view for groups
-merge_request: 7889
-author:
-type: added
--- a/ee/changelogs/unreleased/7328-epic-in-epic.yml
+++ b/ee/changelogs/unreleased/7328-epic-in-epic.yml
---
-title: Add reordering of child epics
-merge_request: 9283
-author:
-type: added
--- a/ee/changelogs/unreleased/7328-reorder-epics-api.yml
+++ b/ee/changelogs/unreleased/7328-reorder-epics-api.yml
---
-title: Add API for reordering child epics
-merge_request: 9781
-author:
-type: added
--- a/ee/changelogs/unreleased/7565-prometheus-alerts-for-multiple-environments.yml
+++ b/ee/changelogs/unreleased/7565-prometheus-alerts-for-multiple-environments.yml
---
-title: Allow assigning Prometheus alerts to multiple environments
-merge_request: 7361
-author:
-type: fixed
--- a/ee/changelogs/unreleased/7714-boards-fe.yml
+++ b/ee/changelogs/unreleased/7714-boards-fe.yml
---
-title: Display Recent Boards in Board switcher
-merge_request: 9808
-author:
-type: added
--- a/ee/changelogs/unreleased/7861-cross-project-pipeline-dashboard-mvc-2.yml
+++ b/ee/changelogs/unreleased/7861-cross-project-pipeline-dashboard-mvc-2.yml
---
-title: Add backend for cross-project pipeline dashboard MVC.
-merge_request: 9396
-author:
-type: changed
--- a/ee/changelogs/unreleased/8013_and_8628_ES_indexing_race_condition.yml
+++ b/ee/changelogs/unreleased/8013_and_8628_ES_indexing_race_condition.yml
---
-title: Fix repo pushes while initial Elasticsearch indexing not permitting initial
-  indexing to complete
-merge_request: 9478
-author:
-type: fixed
--- a/ee/changelogs/unreleased/8541-remove-authorization-for-get-licence.yml
+++ b/ee/changelogs/unreleased/8541-remove-authorization-for-get-licence.yml
---
-title: Remove authorization from /managed_licenses
-merge_request: 8541
-author:
-type: changed
--- a/ee/changelogs/unreleased/8661-add-ci-template-for-dependency-scanning.yml
+++ b/ee/changelogs/unreleased/8661-add-ci-template-for-dependency-scanning.yml
---
-title: Added vendored CI/CD template for Dependency Scanning job
-merge_request: 9660
-author:
-type: added
--- a/ee/changelogs/unreleased/8845-epic-sidebar-list.yml
+++ b/ee/changelogs/unreleased/8845-epic-sidebar-list.yml
---
-title: Add Ancestors in Epic Sidebar
-merge_request: 9817
-author:
-type: added
--- a/ee/changelogs/unreleased/9023-fix-commenting-in-epics-permissions.yml
+++ b/ee/changelogs/unreleased/9023-fix-commenting-in-epics-permissions.yml
---
-title: Allow guests to comment on epics
-merge_request: 9783
-author:
-type: added
--- a/ee/changelogs/unreleased/9117-use-severity-badge-in-vulnerability-modal.yml
+++ b/ee/changelogs/unreleased/9117-use-severity-badge-in-vulnerability-modal.yml
---
-title: Improve visual consistency of values in vulnerability modal.
-merge_request: 9616
-author:
-type: other
--- a/ee/changelogs/unreleased/9137-notes-order.yml
+++ b/ee/changelogs/unreleased/9137-notes-order.yml
---
-title: Ensure comments from merge request review is displayed in the same order as user commenting order
-merge_request: 9684
-author:
-type: fixed
--- a/ee/changelogs/unreleased/9224-create-mr-from-vulnerability-feedback.yml
+++ b/ee/changelogs/unreleased/9224-create-mr-from-vulnerability-feedback.yml
---
-title: Create MR from Vulnerability Solution
-merge_request: 9326
-author:
-type: added
--- a/ee/changelogs/unreleased/9251-skip_whitelisted_vulnerabilities.yml
+++ b/ee/changelogs/unreleased/9251-skip_whitelisted_vulnerabilities.yml
---
-title: Skip whitelisted vulnerabilities in Container Scanning reports
-merge_request: 9528
-author:
-type: fixed
--- a/ee/changelogs/unreleased/9270-relabel-dismiss-button-in-the-more-info-modal-for-vulnerabilities.yml
+++ b/ee/changelogs/unreleased/9270-relabel-dismiss-button-in-the-more-info-modal-for-vulnerabilities.yml
---
-title: Renames 'revert dismissal' to 'undo dismiss' on the Group security dashboard
-merge_request: 9500
-author:
-type: other
--- a/ee/changelogs/unreleased/9310-reduce-the-scope-of-geo-jwt-step-2.yml
+++ b/ee/changelogs/unreleased/9310-reduce-the-scope-of-geo-jwt-step-2.yml
---
-title: Enforce Geo JWT tokens scope for file uploads and Geo API
-merge_request: 9502
-author:
-type: changed
--- a/ee/changelogs/unreleased/9393-limit-report-types-for-group-sec.yml
+++ b/ee/changelogs/unreleased/9393-limit-report-types-for-group-sec.yml
---
-title: Limit Group Security Dashboard to selected types of report
-merge_request: 9626
-author:
-type: bug
--- a/ee/changelogs/unreleased/9397-split-severity-and-confidence-levels.yml
+++ b/ee/changelogs/unreleased/9397-split-severity-and-confidence-levels.yml
---
-title: Split severity and confidence values for vulnerabilities
-merge_request: 9495
-author:
-type: changed
--- a/ee/changelogs/unreleased/9397-split-severity-and-confidence-sets-of-values-for-vulnerabilities-FE.yml
+++ b/ee/changelogs/unreleased/9397-split-severity-and-confidence-sets-of-values-for-vulnerabilities-FE.yml
---
-title: Splits the severity and confidence constants in the group security dashboard
-  frontend
-merge_request: 9535
-author:
-type: other
--- a/ee/changelogs/unreleased/9445-kerberos-clone-url-is-no-longer-visible.yml
+++ b/ee/changelogs/unreleased/9445-kerberos-clone-url-is-no-longer-visible.yml
---
-title: Add Kerberos URL back to clone panel
-merge_request: 9840
-author:
-type: changed
--- a/ee/changelogs/unreleased/9486-insights-config-file.yml
+++ b/ee/changelogs/unreleased/9486-insights-config-file.yml
---
-title: Add Insights config behind the "group_insights" feature flag
-merge_request: 9665
-author:
-type: added
--- a/ee/changelogs/unreleased/9504-fix-alert-notify.yml
+++ b/ee/changelogs/unreleased/9504-fix-alert-notify.yml
---
-title: Fix alert notifications for non-public projects
-merge_request: 9636
-author:
-type: fixed
--- a/ee/changelogs/unreleased/9514-add-rest-endpoints-to-delete-packages.yml
+++ b/ee/changelogs/unreleased/9514-add-rest-endpoints-to-delete-packages.yml
---
-title: Add DELETE package API endpoint
-merge_request: 9623
-author:
-type: added
--- a/ee/changelogs/unreleased/9826-fix-broken-downstreams.yml
+++ b/ee/changelogs/unreleased/9826-fix-broken-downstreams.yml
---
-title: Renders inline downstream & upstream pipelines
-merge_request: 9627
-author:
-type: fixed
--- a/ee/changelogs/unreleased/9897-adapt_feedback_for_container_scanning.yml
+++ b/ee/changelogs/unreleased/9897-adapt_feedback_for_container_scanning.yml
---
-title: Adapt feedback for Container Scanning vulnerabilities
-merge_request: 9655
-author:
-type: added
--- a/ee/changelogs/unreleased/9903-geo-selective-sync-by-namespace-is-broken.yml
+++ b/ee/changelogs/unreleased/9903-geo-selective-sync-by-namespace-is-broken.yml
---
-title: Geo - Fix selective sync by namespace
-merge_request: 9732
-author:
-type: fixed
--- a/ee/changelogs/unreleased/billings-gold-trial-callout-fe.yml
+++ b/ee/changelogs/unreleased/billings-gold-trial-callout-fe.yml
---
-title: Add Gitlab.com gold trial callout to /billings
-merge_request: 9611
-author:
-type: other
--- a/ee/changelogs/unreleased/bvl-multiple-codeowner-approval-rules.yml
+++ b/ee/changelogs/unreleased/bvl-multiple-codeowner-approval-rules.yml
---
-title: Create merge request approval rule for each code owner entry
-merge_request: 9455
-author:
-type: changed
--- a/ee/changelogs/unreleased/bvl-require-code-owner-approval.yml
+++ b/ee/changelogs/unreleased/bvl-require-code-owner-approval.yml
---
-title: Enforce merge request approvals from code owners
-merge_request: 9656
-author:
-type: added
--- a/ee/changelogs/unreleased/ce-40396-sidekiq-cluster-pgroups.yml
+++ b/ee/changelogs/unreleased/ce-40396-sidekiq-cluster-pgroups.yml
---
-title: 'sidekiq-cluster: put each sidekiq in a new pgroup'
-merge_request: 9775
-author:
-type: other
--- a/ee/changelogs/unreleased/date-range-group-secure-graph.yml
+++ b/ee/changelogs/unreleased/date-range-group-secure-graph.yml
---
-title: Add date range for security dashboard graph
-merge_request: 9446
-author:
-type: added
--- a/ee/changelogs/unreleased/deprecated-spec-positional-args.yml
+++ b/ee/changelogs/unreleased/deprecated-spec-positional-args.yml
---
-title: Using positional arguments in request specs have been deprecated
-merge_request: 9506
-author: Jasper Maes
-type: other
--- a/ee/changelogs/unreleased/dz-allow-plus-in-version.yml
+++ b/ee/changelogs/unreleased/dz-allow-plus-in-version.yml
---
-title: Allow plus symbol in maven package version
-merge_request: 9657
-author:
-type: fixed
--- a/ee/changelogs/unreleased/dz-npm-registry-yarn-support.yml
+++ b/ee/changelogs/unreleased/dz-npm-registry-yarn-support.yml
---
-title: Fix npm registry for yarn
-merge_request: 9599
-author:
-type: fixed
--- a/ee/changelogs/unreleased/dz-single-package-api.yml
+++ b/ee/changelogs/unreleased/dz-single-package-api.yml
---
-title: Add single package API endpoint
-merge_request: 9667
-author:
-type: added
--- a/ee/changelogs/unreleased/ee-feature-56787-realtime-validation-for-user-fullname-and-username.yml
+++ b/ee/changelogs/unreleased/ee-feature-56787-realtime-validation-for-user-fullname-and-username.yml
---
-title: Add realtime validation for user fullname and username on validation
-merge_request: 25017
-author: Ehsan Abdulqader @EhsanZ
-type: added
--- a/ee/changelogs/unreleased/feature-flags-audit-events.yml
+++ b/ee/changelogs/unreleased/feature-flags-audit-events.yml
---
-title: Add audit log for managing feature flags
-merge_request: 9487
-author:
-type: added
--- a/ee/changelogs/unreleased/fix-protected-environment-initialize.yml
+++ b/ee/changelogs/unreleased/fix-protected-environment-initialize.yml
---
-title: Fix protected environment initializer
-merge_request: 10150
-author:
-type: fixed
--- a/ee/changelogs/unreleased/fix-scope-vulnerability-window-to-time-not-date.yml
+++ b/ee/changelogs/unreleased/fix-scope-vulnerability-window-to-time-not-date.yml
---
-title: Fix vulnerability occurrence scope to trailing 30 days
-merge_request: 9494
-author:
-type: fixed
--- a/ee/changelogs/unreleased/group-security-chart-upper-bound.yml
+++ b/ee/changelogs/unreleased/group-security-chart-upper-bound.yml
---
-title: Add extra graph spacing on the Security Dashboard Group Vulnerability Chart
-merge_request: 9780
-author:
-type: changed
--- a/ee/changelogs/unreleased/gt-update-cluster-health-empty-state.yml
+++ b/ee/changelogs/unreleased/gt-update-cluster-health-empty-state.yml
---
-title: Update cluster health empty state
-merge_request: 9540
-author: George Tsiolis
-type: changed
--- a/ee/changelogs/unreleased/id-1951-filter-merge-requests-by-approvers.yml
+++ b/ee/changelogs/unreleased/id-1951-filter-merge-requests-by-approvers.yml
---
-title: Add filtering merge requests by approvers
-merge_request: 9468
-author:
-type: added
--- a/ee/changelogs/unreleased/improve-admin-licence-page-rest.yml
+++ b/ee/changelogs/unreleased/improve-admin-licence-page-rest.yml
---
-title: Added GET /licenses and DELETE /license/:id endpoints
-merge_request: 9733
-author:
-type: added
--- a/ee/changelogs/unreleased/issue_8844.yml
+++ b/ee/changelogs/unreleased/issue_8844.yml
---
-title: Show commands applied message when promoting issues to epics
-merge_request: 9669
-author:
-type: fixed
--- a/ee/changelogs/unreleased/jc-geo-dupe.yml
+++ b/ee/changelogs/unreleased/jc-geo-dupe.yml
---
-title: Create pool repositories on Geo secondaries
-merge_request: 9428
-author:
-type: added
--- a/ee/changelogs/unreleased/jej-group-saml-link-origin-verification.yml
+++ b/ee/changelogs/unreleased/jej-group-saml-link-origin-verification.yml
---
-title: Prevent Group SAML authorizing sign in without prior user approval
-merge_request:
-author:
-type: security
--- a/ee/changelogs/unreleased/jej-improve-group-saml-name-id.yml
+++ b/ee/changelogs/unreleased/jej-improve-group-saml-name-id.yml
---
-title: GroupSAML for GitLab.com prevents blank NameID
-merge_request: 9907
-author:
-type: fixed
--- a/ee/changelogs/unreleased/project-settings-freshen-titles-descriptions.yml
+++ b/ee/changelogs/unreleased/project-settings-freshen-titles-descriptions.yml
---
-title: Update project settings section titles and info
-merge_request: 9614
-author:
-type: other
--- a/ee/changelogs/unreleased/related-mrs.yml
+++ b/ee/changelogs/unreleased/related-mrs.yml
---
-title: Make related issues components reusable
-merge_request: 9730
-author:
-type: other
--- a/ee/changelogs/unreleased/security-jej-restrict-group-saml-when-not-enabled.yml
+++ b/ee/changelogs/unreleased/security-jej-restrict-group-saml-when-not-enabled.yml
---
-title: Prevent SAML access when disabled by group admin on GitLab.com
-merge_request:
-author:
-type: security
--- a/ee/changelogs/unreleased/security-maintainer-can-ignore-membership-lock.yml
+++ b/ee/changelogs/unreleased/security-maintainer-can-ignore-membership-lock.yml
---
-title: Respect group membership lock when importing a member from another group
-merge_request:
-author:
-type: security
--- a/ee/changelogs/unreleased/sh-fix-bad-html-path-locks.yml
+++ b/ee/changelogs/unreleased/sh-fix-bad-html-path-locks.yml
---
-title: Fix HTML spew in Locked Files page
-merge_request:
-author:
-type: fixed
--- a/ee/changelogs/unreleased/sh-fix-epics-api-nplus-one.yml
+++ b/ee/changelogs/unreleased/sh-fix-epics-api-nplus-one.yml
---
-title: Eliminate N+1 queries in Epics API
-merge_request: 9897
-author:
-type: performance
--- a/ee/changelogs/unreleased/sh-fix-ssh-pull-mirorrs.yml
+++ b/ee/changelogs/unreleased/sh-fix-ssh-pull-mirorrs.yml
---
-title: Fix SSH pull mirrors not working
-merge_request: 10272
-author:
-type: fixed
--- a/ee/changelogs/unreleased/show-container-scan-results.yml
+++ b/ee/changelogs/unreleased/show-container-scan-results.yml
---
-title: Add container scanning results to group security dashboard
-merge_request: 9736
-author:
-type: added
--- a/ee/changelogs/unreleased/tc-geo-fix-prune-worker-nil.yml
+++ b/ee/changelogs/unreleased/tc-geo-fix-prune-worker-nil.yml
---
-title: Prunes whole Geo event when there's only a primary
-merge_request: 9630
-author:
-type: fixed
--- a/ee/changelogs/unreleased/vendored-templates-for-security-products.yml
+++ b/ee/changelogs/unreleased/vendored-templates-for-security-products.yml
---
-title: Add vendored templates for SAST, DAST, Container Scanning and License Management job definitions
-merge_request: 9921
-author:
-type: added