Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ee into issues_sort_board

.flayignore

 *.erb
 lib/gitlab/sanitizers/svg/whitelist.rb
 lib/gitlab/diff/position_tracer.rb
+app/controllers/projects/approver_groups_controller.rb
+app/controllers/projects/approvers_controller.rb
 app/policies/project_policy.rb

.gitignore

@@ -21,6 +21,7 @@ eslint-report.html
 /backups/*
 /config/aws.yml
 /config/database.yml
+/config/database_geo.yml
 /config/gitlab.yml
 /config/gitlab_ci.yml
 /config/initializers/rack_attack.rb

.gitlab-ci.yml

@@ -9,6 +9,7 @@ variables:
   MYSQL_ALLOW_EMPTY_PASSWORD: "1"
   # retry tests only in CI environment
   RSPEC_RETRY_RETRY_COUNT: "3"
+  ELASTIC_URL: "http://elasticsearch:9200"
   RAILS_ENV: "test"
   SIMPLECOV: "true"
   SETUP_DB: "true"
@@ -16,6 +17,8 @@ variables:
   GIT_DEPTH: "20"
   PHANTOMJS_VERSION: "2.1.1"
   GET_SOURCES_ATTEMPTS: "3"
+  # This hack is needed to make ES not that memory hungry
+  ES_JAVA_OPTS: "-Xms600m -Xmx600m"
 
 before_script:
   - source ./scripts/prepare_build.sh
@@ -24,6 +27,7 @@ before_script:
   - '[ "$USE_BUNDLE_INSTALL" != "true" ] || retry bundle install --without postgres production --jobs $(nproc) $FLAGS'
   - retry gem install knapsack
   - '[ "$SETUP_DB" != "true" ] || bundle exec rake db:drop db:create db:schema:load db:migrate add_limits_mysql'
+  - '[ "$SETUP_DB" != "true" ] || bundle exec rake geo:db:drop geo:db:create geo:db:schema:load geo:db:migrate'
 
 stages:
 - prepare
@@ -54,6 +58,7 @@ stages:
   services:
     - mysql:latest
     - redis:alpine
+    - elasticsearch:5.1
 
 .rspec-knapsack: &rspec-knapsack
   stage: test
@@ -194,26 +199,6 @@ rake brakeman: *exec
 rake flay: *exec
 license_finder: *exec
 rake downtime_check: *exec
-rake ee_compat_check:
-  <<: *exec
-  only:
-    - branches@gitlab-org/gitlab-ce
-  except:
-    - master
-    - tags
-    - /^[\d-]+-stable(-ee)?$/
-  allow_failure: yes
-  cache:
-    key: "ruby233-ee_compat_check_repo"
-    paths:
-      - ee_compat_check/repo/
-      - vendor/ruby
-  artifacts:
-    name: "${CI_BUILD_NAME}_${CI_BUILD_REF_NAME}_${CI_BUILD_REF}"
-    when: on_failure
-    expire_in: 10d
-    paths:
-      - ee_compat_check/patches/*.patch
 
 rake db:migrate:reset:
   stage: test
@@ -379,9 +364,9 @@ trigger_docs:
   cache: {}
   artifacts: {}
   script:
-    - "curl -X POST -F token=${DOCS_TRIGGER_TOKEN} -F ref=master -F variables[PROJECT]=ce https://gitlab.com/api/v3/projects/1794617/trigger/builds"
+    - "curl -X POST -F token=${DOCS_TRIGGER_TOKEN} -F ref=master -F variables[PROJECT]=ee https://gitlab.com/api/v3/projects/1794617/trigger/builds"
   only:
-    - master@gitlab-org/gitlab-ce
+    - master@gitlab-org/gitlab-ee
 
 # Notify slack in the end
 

.license_encryption_key.pub

+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Hxv3MkkZbMrKtIs6np9
+ccP4OwGBkNhIvhPjcQP48hbbascv5RqsOquQGrYSD2ZrE/kbkRdkIcoHEeTZLif+
+bDKFZFI7o5x0H92o9/GSvxHJhQ8mkmvwxD7lssGShwZEm8WG+U7BZqUV/gGmCDqe
+9W8H8Fq2B0ck8IXjbQ4Zz+JlyV/NHZTZcs69plFiLKh4N6GYVftOVwSomh0bbypP
+OB9WnLC7RC9a2LRrhtf8sqa2rRFmtyMMfgFFzLMzS+w+1K4+QLnWP1gKQVzaFnzk
+pnwKPrqbGFYbRztIVEWbs8jPYlLkGb8ME4C84YVtQgbQcbyisU/VW3wUGkhT+J0k
+xwIDAQAB
+-----END PUBLIC KEY-----

.rubocop.yml

@@ -20,6 +20,7 @@ AllCops:
     - 'node_modules/**/*'
     - 'db/*'
     - 'db/fixtures/**/*'
+    - 'db/geo/*'
     - 'tmp/**/*'
     - 'bin/**/*'
     - 'generator_templates/**/*'
@@ -349,6 +350,7 @@ Style/MutableConstant:
   Exclude:
     - 'db/migrate/**/*'
     - 'db/post_migrate/**/*'
+    - 'db/geo/migrate/**/*'
 
 # Favor unless over if for negative conditions (or control flow or).
 Style/NegatedIf:

.rubocop_todo.yml

@@ -10,7 +10,7 @@
 RSpec/BeforeAfterAll:
   Enabled: false
 
-# Offense count: 15
+# Offense count: 26
 # Configuration parameters: CustomIncludeMethods.
 RSpec/EmptyExampleGroup:
   Enabled: false
@@ -19,23 +19,23 @@ RSpec/EmptyExampleGroup:
 RSpec/ExpectOutput:
   Enabled: false
 
-# Offense count: 63
+# Offense count: 88
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: implicit, each, example
 RSpec/HookArgument:
   Enabled: false
 
-# Offense count: 12
+# Offense count: 25
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: is_expected, should
 RSpec/ImplicitExpect:
   Enabled: false
 
-# Offense count: 36
+# Offense count: 46
 RSpec/RepeatedExample:
   Enabled: false
 
-# Offense count: 34
+# Offense count: 36
 RSpec/ScatteredSetup:
   Enabled: false
 
@@ -43,17 +43,17 @@ RSpec/ScatteredSetup:
 RSpec/SingleArgumentMessageChain:
   Enabled: false
 
-# Offense count: 163
+# Offense count: 172
 Rails/FilePath:
   Enabled: false
 
-# Offense count: 2
+# Offense count: 6
 # Configuration parameters: Include.
 # Include: db/migrate/*.rb
 Rails/ReversibleMigration:
   Enabled: false
 
-# Offense count: 278
+# Offense count: 321
 # Configuration parameters: Blacklist.
 # Blacklist: decrement!, decrement_counter, increment!, increment_counter, toggle!, touch, update_all, update_attribute, update_column, update_columns, update_counters
 Rails/SkipsModelValidations:
@@ -64,26 +64,26 @@ Rails/SkipsModelValidations:
 Security/YAMLLoad:
   Enabled: false
 
-# Offense count: 55
+# Offense count: 48
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: percent_q, bare_percent
 Style/BarePercentLiterals:
   Enabled: false
 
-# Offense count: 1304
+# Offense count: 1336
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: leading, trailing
 Style/DotPosition:
   Enabled: false
 
-# Offense count: 6
+# Offense count: 9
 # Cop supports --auto-correct.
 Style/EachWithObject:
   Enabled: false
 
-# Offense count: 25
+# Offense count: 26
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: empty, nil, both
@@ -95,55 +95,55 @@ Style/EmptyElse:
 Style/EmptyLiteral:
   Enabled: false
 
-# Offense count: 56
+# Offense count: 63
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: compact, expanded
 Style/EmptyMethod:
   Enabled: false
 
-# Offense count: 184
+# Offense count: 203
 # Cop supports --auto-correct.
 # Configuration parameters: AllowForAlignment, ForceEqualSignAlignment.
 Style/ExtraSpacing:
   Enabled: false
 
-# Offense count: 8
+# Offense count: 9
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: format, sprintf, percent
 Style/FormatString:
   Enabled: false
 
-# Offense count: 268
+# Offense count: 318
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Enabled: false
 
-# Offense count: 14
+# Offense count: 17
 Style/IfInsideElse:
   Enabled: false
 
-# Offense count: 179
+# Offense count: 192
 # Cop supports --auto-correct.
 # Configuration parameters: MaxLineLength.
 Style/IfUnlessModifier:
   Enabled: false
 
-# Offense count: 57
+# Offense count: 63
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles, IndentationWidth.
 # SupportedStyles: special_inside_parentheses, consistent, align_brackets
 Style/IndentArray:
   Enabled: false
 
-# Offense count: 120
+# Offense count: 137
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles, IndentationWidth.
 # SupportedStyles: special_inside_parentheses, consistent, align_braces
 Style/IndentHash:
   Enabled: false
 
-# Offense count: 45
+# Offense count: 53
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: line_count_dependent, lambda, literal
@@ -155,7 +155,7 @@ Style/Lambda:
 Style/LineEndConcatenation:
   Enabled: false
 
-# Offense count: 22
+# Offense count: 23
 # Cop supports --auto-correct.
 Style/MethodCallWithoutArgsParentheses:
   Enabled: false
@@ -169,12 +169,12 @@ Style/MethodMissing:
 Style/MultilineIfModifier:
   Enabled: false
 
-# Offense count: 22
+# Offense count: 23
 # Cop supports --auto-correct.
 Style/NestedParenthesizedCalls:
   Enabled: false
 
-# Offense count: 17
+# Offense count: 20
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, MinBodyLength, SupportedStyles.
 # SupportedStyles: skip_modifier_ifs, always
@@ -188,7 +188,7 @@ Style/Next:
 Style/NumericLiteralPrefix:
   Enabled: false
 
-# Offense count: 77
+# Offense count: 87
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, EnforcedStyle, SupportedStyles.
 # SupportedStyles: predicate, comparison
@@ -200,18 +200,18 @@ Style/NumericPredicate:
 Style/ParallelAssignment:
   Enabled: false
 
-# Offense count: 477
+# Offense count: 488
 # Cop supports --auto-correct.
 # Configuration parameters: PreferredDelimiters.
 Style/PercentLiteralDelimiters:
   Enabled: false
 
-# Offense count: 14
+# Offense count: 18
 # Cop supports --auto-correct.
 Style/PerlBackrefs:
   Enabled: false
 
-# Offense count: 72
+# Offense count: 77
 # Configuration parameters: NamePrefix, NamePrefixBlacklist, NameWhitelist.
 # NamePrefix: is_, has_, have_
 # NamePrefixBlacklist: is_, has_, have_
@@ -219,26 +219,26 @@ Style/PerlBackrefs:
 Style/PredicateName:
   Enabled: false
 
-# Offense count: 39
+# Offense count: 42
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: short, verbose
 Style/PreferredHashMethods:
   Enabled: false
 
-# Offense count: 8
+# Offense count: 9
 # Cop supports --auto-correct.
 Style/Proc:
   Enabled: false
 
-# Offense count: 62
+# Offense count: 64
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: compact, exploded
 Style/RaiseArgs:
   Enabled: false
 
-# Offense count: 4
+# Offense count: 6
 # Cop supports --auto-correct.
 Style/RedundantBegin:
   Enabled: false
@@ -248,30 +248,30 @@ Style/RedundantBegin:
 Style/RedundantFreeze:
   Enabled: false
 
-# Offense count: 15
+# Offense count: 16
 # Cop supports --auto-correct.
 # Configuration parameters: AllowMultipleReturnValues.
 Style/RedundantReturn:
   Enabled: false
 
-# Offense count: 365
+# Offense count: 467
 # Cop supports --auto-correct.
 Style/RedundantSelf:
   Enabled: false
 
-# Offense count: 108
+# Offense count: 111
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles, AllowInnerSlashes.
 # SupportedStyles: slashes, percent_r, mixed
 Style/RegexpLiteral:
   Enabled: false
 
-# Offense count: 22
+# Offense count: 27
 # Cop supports --auto-correct.
 Style/RescueModifier:
   Enabled: false
 
-# Offense count: 7
+# Offense count: 8
 # Cop supports --auto-correct.
 Style/SelfAssignment:
   Enabled: false
@@ -282,27 +282,27 @@ Style/SelfAssignment:
 Style/SingleLineMethods:
   Enabled: false
 
-# Offense count: 155
+# Offense count: 183
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: space, no_space
 Style/SpaceBeforeBlockBraces:
   Enabled: false
 
-# Offense count: 8
+# Offense count: 9
 # Cop supports --auto-correct.
 # Configuration parameters: AllowForAlignment.
 Style/SpaceBeforeFirstArg:
   Enabled: false
 
-# Offense count: 38
+# Offense count: 45
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: require_no_space, require_space
 Style/SpaceInLambdaLiteral:
   Enabled: false
 
-# Offense count: 203
+# Offense count: 215
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles, EnforcedStyleForEmptyBraces, SupportedStylesForEmptyBraces, SpaceBeforeBlockParameters.
 # SupportedStyles: space, no_space
@@ -310,12 +310,12 @@ Style/SpaceInLambdaLiteral:
 Style/SpaceInsideBlockBraces:
   Enabled: false
 
-# Offense count: 91
+# Offense count: 101
 # Cop supports --auto-correct.
 Style/SpaceInsideParens:
   Enabled: false
 
-# Offense count: 4
+# Offense count: 6
 # Cop supports --auto-correct.
 Style/SpaceInsidePercentLiteralDelimiters:
   Enabled: false
@@ -327,46 +327,46 @@ Style/SpaceInsidePercentLiteralDelimiters:
 Style/SpecialGlobalVars:
   EnforcedStyle: use_perl_names
 
-# Offense count: 40
+# Offense count: 51
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
 # SupportedStyles: single_quotes, double_quotes
 Style/StringLiteralsInInterpolation:
   Enabled: false
 
-# Offense count: 57
+# Offense count: 62
 # Cop supports --auto-correct.
 # Configuration parameters: IgnoredMethods.
 # IgnoredMethods: respond_to, define_method
 Style/SymbolProc:
   Enabled: false
 
-# Offense count: 5
+# Offense count: 6
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles, AllowSafeAssignment.
 # SupportedStyles: require_parentheses, require_no_parentheses, require_parentheses_when_complex
 Style/TernaryParentheses:
   Enabled: false
 
-# Offense count: 43
+# Offense count: 45
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyleForMultiline, SupportedStylesForMultiline.
 # SupportedStylesForMultiline: comma, consistent_comma, no_comma
 Style/TrailingCommaInArguments:
   Enabled: false
 
-# Offense count: 13
+# Offense count: 12
 # Cop supports --auto-correct.
 # Configuration parameters: AllowNamedUnderscoreVariables.
 Style/TrailingUnderscoreVariable:
   Enabled: false
 
-# Offense count: 70
+# Offense count: 83
 # Cop supports --auto-correct.
 Style/TrailingWhitespace:
   Enabled: false
 
-# Offense count: 3
+# Offense count: 4
 # Cop supports --auto-correct.
 # Configuration parameters: ExactNameMatch, AllowPredicates, AllowDSLWriters, IgnoreClassMethods, Whitelist.
 # Whitelist: to_ary, to_a, to_c, to_enum, to_h, to_hash, to_i, to_int, to_io, to_open, to_path, to_proc, to_r, to_regexp, to_str, to_s, to_sym
@@ -383,7 +383,7 @@ Style/UnlessElse:
 Style/UnneededInterpolation:
   Enabled: false
 
-# Offense count: 8
+# Offense count: 9
 # Cop supports --auto-correct.
 Style/ZeroLengthPredicate:
   Enabled: false

CHANGELOG-EE.md

+Please view this file on the master branch, on stable branches it's out of date.
+
+## 8.17.3 (2017-03-07)
+
+- No changes.
+
+## 8.17.2 (2017-03-01)
+
+- No changes.
+
+## 8.17.1 (2017-02-28)
+
+- Fix admin email notification recipient group select list.
+- Add repository_storage field back to projects API for admin users.
+- Don't try to update a project's external service caches on a secondary Geo node.
+- Fixed merge request state not updating when approvals feature is active.
+- Improve error messages when squashing fails.
+
+## 8.17.0 (2017-02-22)
+
+- Read-only "auditor" user role. !998
+- Also reset approvals on push when merge request is closed. !1051
+- Copy commit SHA to clipboard. !1066
+- Pull EE specific Gitlab::Auth code in to its own module. !1112
+- Geo: Added `gitlab:geo:check` and improved `gitlab:envinfo` rake tasks. !1120
+- Geo: send the new event type with the backfill function. !1157
+- Re-add removed params from projects and issues V3 API. !1209
+- Add configurable minimum mirror sync time in admin section. !1217
+- Move RepositoryUpdateRemoteMirrorWorker jobs to project_mirror Sidekiq queue. !1234
+- Change Builds word to Pipelines in Mirror settings page.
+- Fix bundle tag in anaytics page.
+- Support v4 API for GitLab Geo endpoints.
+- Fixed merge request environment link not displaying.
+- Reduce queries needed to check if node is a primary or secondary Geo node.
+- Allow squashing merge requests into a single commit.
+
+## 8.16.7 (2017-02-27)
+
+- Fixed merge request state not updating when approvals feature is active.
+
+## 8.16.6 (2017-02-17)
+
+- Geo: send the new event type with the backfill function. !1157
+- Move RepositoryUpdateRemoteMirrorWorker jobs to project_mirror Sidekiq queue. !1234
+- Fixed merge request environment link not displaying.
+- Reduce queries needed to check if node is a primary or secondary Geo node.
+- Read true-up info from license and validate it. !1159
+
+## 8.16.5 (2017-02-14)
+
+- No changes.
+
+## 8.16.4 (2017-02-02)
+
+- Disable all merge acceptance buttons pending MR approval.
+
+## 8.16.3 (2017-01-27)
+
+- Fix sidekiq cluster mishandling of queue names. !1117
+
+## 8.16.2 (2017-01-25)
+
+- Track Mattermost usage in usage ping. !1071
+- Fix count of required approvals displayed on MR edit form. !1082
+- Fix updating approvals count when editing an MR. !1106
+- Don't try to show assignee in approved_merge_request_email if there's no assignee.
+
+## 8.16.1 (2017-01-23)
+
+- No changes.
+
+## 8.16.0 (2017-01-22)
+
+- Allow to limit shared runners minutes quota for group. !965
+- About GitLab link in sidebar that links to help page. !1008
+- Prevent 500 error when uploading/entering a blank license. !1016
+- Add more push rules to the API. !1022 (Robert Schilling)
+- Expose issue weight in the API. !1023 (Robert Schilling)
+- Copy <some text> to clipboard. !1048
+
+## 8.15.7 (2017-02-15)
+
+- No changes.
+
+## 8.15.6 (2017-02-14)
+
+- No changes.
+
+## 8.15.5 (2017-01-20)
+
+- No changes.
+
+## 8.15.4 (2017-01-09)
+
+- No changes.
+
+## 8.15.3 (2017-01-06)
+
+- Disable LDAP permission override in project members edit list.
+- Perform only one fetch per push on Geo secondary nodes.
+
+## 8.15.2 (2016-12-27)
+
+- No changes.
+- Fix ES search for non-default branches.
+
+## 8.15.1 (2016-12-23)
+
+- Fix 404/500 error while navigating to the 'show/destroy' pages. !993
+
+## 8.15.0 (2016-12-22)
+
+- Adds a check ensure only active, ie. non-blocked users can be emailed from the admin panel.
+- Add user activities API.
+- Add milestone total weight to the milestone summary.
+- Allow master/owner to change permission levels when LDAP group sync is enabled. !822
+- Geo: Improve project view UI to teach users how to clone from a secondary Geo node and push to a primary. !905
+- Technical debt follow-up from restricting pushes / merges by group. !927
+- Geo: Enables nodes to be removed even without proper license. !978
+- Update validates_hostname to 1.0.6 to fix a bug in parsing hexadecimal-looking domain names. !982
+
+## 8.14.10 (2017-02-15)
+
+- No changes.
+
+## 8.14.9 (2017-02-14)
+
+- No changes.
+
+## 8.14.8 (2017-01-25)
+
+- No changes.
+
+## 8.14.7 (2017-01-21)
+
+- No changes.
+
+## 8.14.6 (2017-01-10)
+
+- No changes.
+
+## 8.14.5 (2016-12-14)
+
+- Add milestone total weight to the milestone summary.
+
+## 8.14.4 (2016-12-08)
+
+- No changes.
+
+## 8.14.3 (2016-12-02)
+
+- No changes.
+
+## 8.14.2 (2016-12-01)
+
+- No changes.
+
+## 8.14.1 (2016-11-28)
+
+- Fix: MergeRequestSerializer breaks on MergeRequest#rebase_dir_path when source_project doesn't exist anymore.
+
+## 8.14.0 (2016-11-22)
+
+- Added Backfill service for Geo. !861
+- Fix for autosuggested approvers(https://gitlab.com/gitlab-org/gitlab-ee/issues/1273).
+- Gracefully recover from previously failed rebase.
+- Disable retries for remote mirror update worker. !848
+- Fix Approvals API documentation.
+- Add ability to set approvals_before_merge for project through the API.
+- gitlab:check rake task checks ES version according to requirements
+- Convert ASCII-8BIT LDAP DNs to UTF-8 to avoid unnecessary user deletions
+- [Fix] Only owner can see "Projects" button in group edit menu
+
+## 8.13.12 (2017-01-21)
+
+- No changes.
+
+## 8.13.11 (2017-01-10)
+
+- No changes.
+
+## 8.13.10 (2016-12-14)
+
+- No changes.
+
+## 8.13.9 (2016-12-08)
+
+- No changes.
+
+## 8.13.8 (2016-12-02)
+
+- No changes.
+
+## 8.13.7 (2016-11-28)
+
+- No changes.
+
+## 8.13.6 (2016-11-17)
+
+- Disable retries for remote mirror update worker. !848
+- Fixed cache clearing on secondary Geo nodes. !869
+- Geo: fix a problem that prevented git cloning from secondary node. !873
+
+## 8.13.5 (2016-11-08)
+
+- No changes
+
+## 8.13.4 (2016-11-07)
+
+- Weight dropdown in issue filter form does not stay selected. !826
+
+## 8.13.3 (2016-11-02)
+
+- No changes
+
+## 8.13.2 (2016-10-31)
+
+- Don't pass a current user to Member#add_user in LDAP group sync. !830
+
+## 8.13.1 (2016-10-25)
+
+- Hide multiple board actions if user doesnt have permissions. !816
+- Fix Elasticsearch::Transport::Transport::Errors::BadRequest when ES is enabled. !818
+
+## 8.13.0 (2016-10-22)
+
+- Cache the last usage data to avoid unicorn timeouts
+- Add user activity table and service to query for active users
+- Fix 500 error updating mirror URLs for projects
+- Restrict protected branch access to specific groups !645
+- Fix validations related to mirroring settings form. !773
+- Add multiple issue boards. !782
+- Fix Git access panel for Wikis when Kerberos authentication is enabled (Borja Aparicio)
+- Decrease maximum time that GitLab waits for a mirror to finish !791 (Borja Aparicio)
+- User groups (that can be assigned as approvers)
+- Fix a search for non-default branches when ES is enabled
+- Re-organized the Sidekiq queues for EE specific workers
+
+## 8.12.12 (2016-12-08)
+
+- No changes.
+
+## 8.12.11 (2016-12-02)
+
+- No changes.
+
+## 8.12.10 (2016-11-28)
+
+- No changes.
+
+## 8.12.9 (2016-11-07)
+
+- No changes
+
+## 8.12.8 (2016-11-02)
+
+- No changes
+
+## 8.12.7
+
+  - No EE-specific changes
+
+## 8.12.6
+
+  - No EE-specific changes
+
+## 8.12.5
+
+  - No EE-specific changes
+
+## 8.12.4
+
+  - [ES] Indexer works with smaller batches of repositories to not exceed NOFILE limit. !774
+
+## 8.12.3
+
+  - Fix prevent_secrets checkbox on admin view
+
+## 8.12.2
+
+  - Fix bug when protecting a branch due to missing url paramenter in request !760
+  - Ignore unknown project ID in RepositoryUpdateMirrorWorker
+
+## 8.12.1
+
+  - Prevent secrets to be pushed to the repository
+  - Prevent secrets to be pushed to the repository
+
+## 8.12.0 (2016-09-22)
+
+  - Include more data in EE usage ping
+  - Reduce UPDATE queries when moving between import states on projects
+  - [ES] Instrument Elasticsearch::Git::Repository
+  - Request only the LDAP attributes we need
+  - Add 'Sync now' to group members page !704
+  - Add repository size limits and enforce them !740
+  - [ES] Instrument other Gitlab::Elastic classes
+  - [ES] Fix: Elasticsearch does not find partial matches in project names
+  - Faster Active Directory group membership resolution !719
+  - [ES] Global code search
+  - [ES] Improve logging
+  - Fix projects with remote mirrors asynchronously destruction
+
+## 8.11.11 (2016-11-07)
+
+- No changes
+
+## 8.11.10 (2016-11-02)
+
+- No changes
+
+## 8.11.9
+
+  - No EE-specific changes
+
+## 8.11.8
+
+  - No EE-specific changes
+
+## 8.11.7
+
+  - Refactor Protected Branches dropdown. !687
+  - Fix mirrored projects allowing empty import urls. !700
+
+## 8.11.6
+
+  - Exclude blocked users from potential MR approvers.
+
+## 8.11.5
+
+  - API: Restore backward-compatibility for POST /projects/:id/members when membership is locked
+
+## 8.11.4
+
+  - No EE-specific changes
+
+## 8.11.3
+
+  - [ES] Add logging to indexer
+  - Fix missing EE-specific service parameters for Jenkins CI
+  - Set the correct `GL_PROTOCOL` when rebasing !691
+  - [ES] Elasticsearch workers checks ES settings before running
+
+## 8.11.2
+
+  - Additional documentation on protected branches for EE
+  - Change slash commands docs location
+
+## 8.11.1
+
+  - Pulled due to packaging error.
+
+## 8.11.0 (2016-08-22)
+
+  - Allow projects to be moved between repository storages
+  - Add rake task to remove old repository copies from repositories moved to another storage
+  - Performance improvement of push rules
+  - Temporary fix for #825 - LDAP sync converts access requests to members. !655
+  - Optimize commit and diff changes access check to reduce git operations
+  - Allow syncing a group against all providers at once
+  - Change LdapGroupSyncWorker to use new LDAP group sync classes
+  - Allow LDAP `sync_ssh_keys` setting to be set to `true`
+  - Removed unused GitLab GEO database index
+  - Restrict protected branch access to specific users !581
+  - Enable monitoring for ES classes
+  - [Elastic] Improve code search
+  - [Elastic] Significant improvement of global search performance
+  - [Fix] Push rules check existing commits in some cases
+  - [ES] Limit amount of retries for sidekiq jobs
+  - Fix Projects::UpdateMirrorService to allow tags pointing to blob objects
+
+## 8.10.12
+
+  - No EE-specific changes
+
+## 8.10.11
+
+  - No EE-specific changes
+
+## 8.10.10
+
+  - No EE-specific changes
+
+## 8.10.9
+
+  - Exclude blocked users from potential MR approvers.
+
+## 8.10.8
+
+  - No EE-specific changes
+
+## 8.10.7
+
+  - No EE-specific changes
+
+## 8.10.6
+
+  - Fix race condition with UpdateMirrorWorker Lease. !641
+
+## 8.10.5
+
+  - Used cached value of project count in `Elastic::RepositoriesSearch` to reduce DB load. !637
+
+## 8.10.4
+
+  - Fix available users in userselect dropdown when there is more than one userselect on the page. !604 (Rik de Groot)
+  - Fix updating skipped approvers in search list on removal. !604 (Rik de Groot)
+
+## 8.10.3
+
+  - Fix regression in Git Annex permission check. !599
+  - [Elastic] Fix commit search for some URLs. !605
+  - [Elastic][Fix] Commit search breaks for some URLs on gitlab-ce project
+
+## 8.10.2
+
+  - Fix pagination on search result page when ES search is enabled. !592
+  - Decouple an ES index update from `RepositoryUpdateMirrorWorker`. !593
+  - Fix broken `user_allowed?` check in Git Annex push. !597
+
+## 8.10.1
+
+  - No EE-specific changes
+
+## 8.10.0 (2016-07-22)
+
+  - Add EE license usage ping !557
+  - Rename Git Hooks to Push Rules
+  - Fix EE keys fingerprint add index migration if came from CE
+  - Add todos for MR approvers !547
+  - Replace LDAP group sync exclusive lease with state machine
+  - Prevent the author of an MR from being on the approvers list
+  - Isolate EE LDAP library code in EE module (Part 1) !511
+  - Make Elasticsearch indexer run as an async task
+  - Fix of removing wiki data from index when project is deleted
+  - Ticket-based Kerberos authentication (SPNEGO)
+  - [Elastic] Suppress ActiveRecord::RecordNotFound error in ElasticIndexWorker
+
+## 8.9.10
+
+  - No EE-specific changes
+
+## 8.9.9
+
+  - No EE-specific changes
+
+## 8.9.8
+
+  - No EE-specific changes
+
+## 8.9.7
+
+  - No EE-specific changes
+
+## 8.9.6
+
+  - Avoid adding index for key fingerprint if it already exists. !539
+
+## 8.9.5
+
+  - Fix of quoted text in lock tooltip. !518
+
+## 8.9.4
+
+  - Improve how File Lock feature works with nested items. !497
+
+## 8.9.3
+
+  - Fix encrypted data backwards compatibility after upgrading attr_encrypted gem. !502
+  - Fix creating MRs on forks of deleted projects. !503
+  - Roll back Grack::Auth to fix Git HTTP SPNEGO. !504
+
+## 8.9.2
+
+  - [Elastic] Fix visibility of snippets when searching.
+
+## 8.9.1
+
+  - Improve Geo documentation. !431
+  - Fix remote mirror stuck on started issue. !491
+  - Fix MR creation from forks where target project has approvals enabled. !496
+  - Fix MR edit where target project has approvals enabled. !496
+  - Fix vertical alignment of git-hooks page. !499
+
+## 8.9.0 (2016-06-22)
+
+  - Fix JenkinsService test button
+  - Fix nil user handling in UpdateMirrorService
+  - Allow overriding the number of approvers for a merge request
+  - Allow LDAP to mark users as external based on their group membership. !432
+  - Instrument instance methods of Gitlab::InsecureKeyFingerprint class
+  - Add API endpoint for Merge Request Approvals !449
+  - Send notification email when merge request is approved
+  - Distribute RepositoryUpdateMirror jobs in time and add exclusive lease on them by project_id
+  - [Elastic] Move ES settings to application settings
+  - Always allow merging a merge request whenever fast-forward is possible. !454
+  - Disable mirror flag for projects without import_url
+  - UpdateMirror service return an error status when no mirror
+  - Don't reset approvals when rebasing an MR from the UI
+  - Show flash notice when Git Hooks are updated successfully
+  - Remove explicit Gitlab::Metrics.action assignments, are already automatic.
+  - [Elastic] Project members with guest role can't access confidential issues
+  - Ability to lock file or folder in the repository
+  - Fix: Git hooks don't fire when committing from the UI
+
+## 8.8.9
+
+  - No EE-specific changes
+
+## 8.8.8
+
+  - No EE-specific changes
+
+## 8.8.7
+
+  - No EE-specific changes
+
+## 8.8.6
+
+  - [Elastic] Fix visibility of snippets when searching.
+
+## 8.8.5
+
+  - Make sure OAuth routes that we generate for Geo matches with the ones in Rails routes !444
+
+## 8.8.4
+
+  - Remove license overusage message
+
+## 8.8.3
+
+  - Add standard web hook headers to Jenkins CI post. !374
+  - Gracefully handle malformed DNs in LDAP group sync. !392
+  - Reduce load on DB for license upgrade check. !421
+  - Make it clear the license overusage message is visible only to admins. !423
+  - Fix Git hook validations for fast-forward merges. !427
+  - [Elastic] In search results, only show notes on confidential issues that the user has access to.
+
+## 8.8.2
+
+  - Fix repository mirror updates for new imports stuck in started
+  - [Elastic] Search through the filenames. !409
+  - Fix repository mirror updates for new imports stuck in "started" state. !416
+
+## 8.8.1
+
+  - No EE-specific changes
+
+## 8.8.0 (2016-05-22)
+
+  - [Elastic] Database indexer prints its status
+  - [Elastic][Fix] Database indexer skips projects with invalid HEAD reference
+  - Fix skipping pages when restoring backups
+  - Add EE license via API !400
+  - [Elastic] More efficient snippets search
+  - [Elastic] Add rake task for removing all indexes
+  - [Elastic] Add rake task for clearing indexing status
+  - [Elastic] Improve code search
+  - [Elastic] Fix encoding issues during indexing
+  - Warn admin if current active count exceeds license
+  - [Elastic] Search through the filenames
+  - Set KRB5 as default clone protocol when Kerberos is enabled and user is logged in (Borja Aparicio)
+  - Add support for Admin Groups to SAML
+  - Reduce emails-on-push HTML size by using a simple monospace font
+  - API requests to /internal/authorized_keys are now tagged properly
+  - Geo: Single Sign Out support !380
+
+## 8.7.9
+
+  - No EE-specific changes
+
+## 8.7.8
+
+  - [Elastic] Fix visibility of snippets when searching.
+
+## 8.7.7
+
+  - No EE-specific changes
+
+## 8.7.6
+
+  - Bump GitLab Pages to 0.2.4 to fix Content-Type for predefined 404
+
+## 8.7.5
+
+  - No EE-specific changes
+
+## 8.7.4
+
+  - Delete ProjectImportData record only if Project is not a mirror !370
+  - Fixed typo in GitLab GEO license check alert !379
+  - Fix LDAP access level spillover bug !499
+
+## 8.7.3
+
+  - No EE-specific changes
+
+## 8.7.2
+
+  - Fix MR notifications for slack and hipchat when approvals are fullfiled. !325
+  - GitLab Geo: Merge requests on Secondary should not check mergeable status
+
+## 8.7.1
+
+  - No EE-specific changes
+
+## 8.7.0 (2016-04-22)
+
+  - Update GitLab Pages to 0.2.1: support user-defined 404 pages
+  - Refactor group sync to pull access level logic to its own class. !306
+  - [Elastic] Stabilize database indexer if database is inconsistent
+  - Add ability to sync to remote mirrors. !249
+  - GitLab Geo: Many replication improvements and fixes !354
+
+## 8.6.9
+
+  - No EE-specific changes
+
+## 8.6.8
+
+  - No EE-specific changes
+
+## 8.6.7
+
+  - No EE-specific changes
+
+## 8.6.6
+
+  - Concat AD group recursive member results with regular member results. !333
+  - Fix LDAP group sync regression for groups with member value `uid=<username>`. !335
+  - Don't attempt to include too large diffs in e-mail-on-push messages (Stan Hu). !338
+
+## 8.6.5
+
+  - No EE-specific changes
+
+## 8.6.4
+
+  - No EE-specific changes
+
+## 8.6.3
+
+  - Fix other cases where git hooks would fail due to old commits. !310
+  - Exit ElasticIndexerWorker's job happily if record cannot be found. !311
+  - Fix "Reload with full diff" button not working (Stan Hu). !313
+
+## 8.6.2
+
+  - Fix old commits triggering git hooks on new branches branched off another branch. !281
+  - Fix issue with deleted user in audit event (Stan Hu). !284
+  - Mark pending todos as done when approving a merge request. !292
+  - GitLab Geo: Display Attachments from Primary node. !302
+
+## 8.6.1
+
+  - Only rename the `light_logo` column in the `appearances` table if its not there yet. !290
+  - Fix diffs in text part of email-on-push messages (Stan Hu). !293
+  - Fix an issue with methods not accessible in some controllers. !295
+  - Ensure Projects::ApproversController inherits from Projects::ApplicationController. !296
+
+## 8.6.0 (2016-03-22)
+
+  - Handle duplicate appearances table creation issue with upgrade from CE to EE
+  - Add confidential issues
+  - Improve weight filter for issues
+  - Update settings and documentation for per-install LDAP sync time
+  - Fire merge request webhooks when a merge request is approved
+  - Add full diff highlighting to Email on push
+  - Clear "stuck" mirror updates before periodically updating all mirrors
+  - LDAP: Don't render Linked LDAP groups forms when LDAP is disabled
+  - [Elastic] Add elastic checker to gitlab:check
+  - [Elastic] Added UPDATE_INDEX option to rake task
+  - [Elastic] Removing repository and wiki index after removing project
+  - [Elastic] Update index on push to wiki
+  - [Elastic] Use subprocesses for ElasticSearch index jobs
+  - [Elastic] More accurate as_indexed_json (More stable database indexer)
+  - [Elastic] Fix: Don't index newly created system messages and awards
+  - [Elastic] Fixed exception on branch removing
+  - [Elastic] Fix bin/elastic_repo_indexer to follow config
+  - GitLab Geo: OAuth authentication
+  - GitLab Geo: Wiki synchronization
+  - GitLab Geo: ReadOnly Middleware improvements
+  - GitLab Geo: SSH Keys synchronization
+  - Allow SSL verification to be configurable when importing GitHub projects
+  - Disable git-hooks for git annex commits
+
+## 8.5.13
+
+  - No EE-specific changes
+
+## 8.5.12
+
+  - No EE-specific changes
+
+## 8.5.11
+
+  - Fix vulnerability that made it possible to enumerate private projects belonging to group
+
+## 8.5.10
+
+  - No EE-specific changes
+
+## 8.5.9
+
+  - No EE-specific changes
+
+## 8.5.8
+
+  - GitLab Geo: Documentation
+
+## 8.5.7
+
+  - No EE-specific changes
+
+## 8.5.6
+
+  - No EE-specific changes
+
+## 8.5.5
+
+  - GitLab Geo: Repository synchronization between primary and secondary nodes
+  - Add documentation for GitLab Pages
+  - Fix importing projects from GitHub Enterprise Edition
+  - Fix syntax error in init file
+  - Only show group member roles if explicitly requested
+  - GitLab Geo: Improve GeoNodes Admin screen
+  - GitLab Geo: Avoid locking yourself out when adding a GeoNode
+
+## 8.5.4
+
+  - [Elastic][Security] Notes exposure
+
+## 8.5.3
+
+  - Prevent LDAP from downgrading a group's last owner
+  - Update gitlab-elastic-search gem to 0.0.11
+
+## 8.5.2
+
+  - Update LDAP groups asynchronously
+  - Fix an issue when weight text was displayed in Issuable collapsed sidebar
+## 8.5.2
+
+  - Fix importing projects from GitHub Enterprise Edition.
+
+## 8.5.1
+
+  - Fix adding pages domain to projects in groups
+
+## 8.5.0 (2016-02-22)
+
+  - Fix Elasticsearch blob results linking to the wrong reference ID (Stan Hu)
+  - Show warning when mirror repository default branch could not be updated because it has diverged from upstream.
+  - More reliable wiki indexer
+  - GitLab Pages gets support for custom domain and custom certificate
+  - Fix of Elastic indexer. It should not trigger record validation for projects
+  - Fix of Elastic indexer. Stabilze indexer when serialized data is corrupted
+  - [Elastic] Don't index unnecessary data into elastic
+
+## 8.4.11
+
+  - No EE-specific changes
+
+## 8.4.10
+
+  - No EE-specific changes
+
+## 8.4.9
+
+  - Fix vulnerability that made it possible to enumerate private projects belonging to group
+
+## 8.4.8
+
+  - No EE-specific changes
+
+## 8.4.7
+
+  - No EE-specific changes
+
+## 8.4.6
+
+  - No EE-specific changes
+
+## 8.4.5
+
+  - Update LDAP groups asynchronously
+
+## 8.4.4
+
+  - Re-introduce "Send email to users" link in Admin area
+  - Fix category values for Jenkins and JenkinsDeprecated services
+  - Fix Elasticsearch indexing for newly added snippets
+  - Make Elasticsearch indexer more stable
+  - Update gitlab-elasticsearch-git to 0.0.10 which contain a few important fixes
+
+## 8.4.3
+
+  - Elasticsearch: fix partial blob indexing on push
+  - Elasticsearch: added advanced indexer for repositories
+  - Fix Mirror User dropdown
+
+## 8.4.2
+
+  - Elasticsearch indexer performance improvements
+  - Don't redirect away from Mirror Repository settings when repo is empty
+  - Fix updating of branches in mirrored repository
+  - Fix a 500 error preventing LDAP users with 2FA enabled from logging in
+  - Rake task gitlab:elastic:index_repositories handles errors and shows progress
+  - Partial indexing of repo on push (indexing changes only)
+
+## 8.4.1
+
+  - No EE-specific changes
+
+## 8.4.0 (2016-01-22)
+
+  - Add ability to create a note for user by admin
+  - Fix "Commit was rejected by git hook", when max_file_size was set null in project's Git hooks
+  - Fix "Approvals are not reset after a new push is made if the request is coming from a fork"
+  - Fix "User is not automatically removed from suggested approvers list if user is deleted"
+  - Add option to enforce a semi-linear history by only allowing merge requests to be merged that have been rebased
+  - Add option to trigger builds when branches or tags are updated from a mirrored upstream repository
+  - Ability to use Elasticsearch as a search engine
+
+## 8.3.10
+
+  - No EE-specific changes
+
+## 8.3.9
+
+  - No EE-specific changes
+
+## 8.3.8
+
+  - Fix vulnerability that made it possible to enumerate private projects belonging to group
+
+## 8.3.7
+
+  - No EE-specific changes
+
+## 8.3.6
+
+  - No EE-specific changes
+
+## 8.3.5
+
+  - No EE-specific changes
+
+## 8.3.4
+
+  - No EE-specific changes
+
+## 8.3.3
+
+  - Fix undefined method call in Jenkins integration service
+
+## 8.3.2
+
+  - No EE-specific changes
+
+## 8.3.1
+
+  - Rename "Group Statistics" to "Contribution Analytics"
+
+## 8.3.0 (2015-12-22)
+
+  - License information can now be retrieved via the API
+  - Show Kerberos clone url when Kerberos enabled and url different than HTTP url (Borja Aparicio)
+  - Fix bug with negative approvals required
+  - Add group contribution analytics page
+  - Add GitLab Pages
+  - Add group contribution statistics page
+  - Automatically import Kerberos identities from Active Directory when Kerberos is enabled (Alex Lossent)
+  - Canonicalization of Kerberos identities to always include realm (Alex Lossent)
+
+## 8.2.6
+
+  - No EE-specific changes
+
+## 8.2.5
+
+  - No EE-specific changes
+
+## 8.2.4
+
+  - No EE-specific changes
+
+## 8.2.3
+
+  - No EE-specific changes
+
+## 8.2.2
+
+  - Fix 404 in redirection after removing a project (Stan Hu)
+  - Ensure cached application settings are refreshed at startup (Stan Hu)
+  - Fix Error 500 when viewing user's personal projects from admin page (Stan Hu)
+  - Fix: Raw private snippets access workflow
+  - Prevent "413 Request entity too large" errors when pushing large files with LFS
+  - Ensure GitLab fires custom update hooks after commit via UI
+
+## 8.2.1
+
+  - Forcefully update builds that didn't want to update with state machine
+  - Fix: saving GitLabCiService as Admin Template
+
+## 8.2.0 (2015-11-22)
+
+  - Invalidate stored jira password if the endpoint URL is changed
+  - Fix: Page is not reloaded periodically to check if rebase is finished
+  - When someone as marked as a required approver for a merge request, an email should be sent
+  - Allow configuring the Jira API path (Alex Lossent)
+  - Fix "Rebase onto master"
+  - Ensure a comment is properly recorded in JIRA when a merge request is accepted
+  - Allow groups to appear in the `Share with group` share if the group owner allows it
+  - Add option to mirror an upstream repository.
+
+## 8.1.4
+
+  - Fix bug in JIRA integration which prevented merge requests from being accepted when using issue closing pattern
+
+## 8.1.3
+
+  - Fix "Rebase onto master"
+
+## 8.1.2
+
+  - Prevent a 500 error related to the JIRA external issue tracker service
+
+## 8.1.1
+
+  - Removed, see 8.1.2
+
+## 8.1.0 (2015-10-22)
+
+  - Add documentation for "Share project with group" API call
+  - Added an issues template (Hannes Rosenögger)
+  - Add documentation for "Share project with group" API call
+  - Ability to disable 'Share with Group' feature (via UI and API)
+
+## 8.0.6
+
+  - No EE-specific changes
+
+## 8.0.5
+
+  - "Multi-project" and "Treat unstable builds as passing" parameters for
+    the Jenkins CI service are now correctly persisted.
+  - Correct the build URL when "Multi-project" is enabled for the Jenkins CI
+    service.
+
+## 8.0.4
+
+  - Fix multi-project setup for Jenkins
+
+## 8.0.3
+
+  - No EE-specific changes
+
+## 8.0.2
+
+  - No EE-specific changes
+
+## 8.0.1
+
+  - Correct gem dependency versions
+  - Re-add the "Help Text" feature that was inadvertently removed
+
+## 8.0.0 (2015-09-22)
+
+  - Fix navigation issue when viewing Group Settings pages
+  - Guests and Reporters can approve merge request as well
+  - Add fast-forward merge option in project settings
+  - Separate rebase & fast-forward merge features
+
+## 7.14.3
+
+  - No changes
+
+## 7.14.2
+
+  - Fix the rebase before merge feature
+
+## 7.14.1
+
+  - Fix sign in form when just Kerberos is enabled
+
+## 7.14.0 (2015-08-22)
+
+  - Disable adding, updating and removing members from a group that is synced with LDAP
+  - Don't send "Added to group" notifications when group is LDAP synched
+  - Fix importing projects from GitHub Enterprise Edition.
+  - Automatic approver suggestions (based on an authority of the code)
+  - Add support for Jenkins unstable status
+  - Automatic approver suggestions (based on an authority of the code)
+  - Support Kerberos ticket-based authentication for Git HTTP access
+
+## 7.13.3
+
+  - Merge community edition changes for version 7.13.3
+  - Improved validation for an approver
+  - Don't resend admin email to everyone if one delivery fails
+  - Added migration for removing of invalid approvers
+
+## 7.13.2
+
+  - Fix group web hook
+  - Don't resend admin email to everyone if one delivery fails
+
+## 7.13.1
+
+  - Merge community edition changes for version 7.13.1
+  - Fix: "Rebase before merge" doesn't work when source branch is in the same project
+
+## 7.13.0 (2015-07-22)
+
+  - Fix git hook validation on initial push to master branch.
+  - Reset approvals on push
+  - Fix 500 error when the source project of an MR is deleted
+  - Ability to define merge request approvers
+
+## 7.12.2
+
+  - Fixed the alignment of project settings icons
+
+## 7.12.1
+
+  - No changes specific to EE
+
+## 7.12.0 (2015-06-22)
+
+  - Fix error when viewing merge request with a commit that includes "Closes #<issue id>".
+  - Enhance LDAP group synchronization to check also for member attributes that only contain "uid=<username>"
+  - Enhance LDAP group synchronization to check also for submember attributes
+  - Prevent LDAP group sync from removing a group's last owner
+  - Add Git hook to validate maximum file size.
+  - Project setting: approve merge request by N users before accept
+  - Support automatic branch jobs created by Jenkins in CI Status
+  - Add API support for adding and removing LDAP group links
+
+## 7.11.4
+
+  - no changes specific to EE
+
+## 7.11.3
+
+  - Fixed an issue with git annex
+
+## 7.11.2
+
+  - Fixed license upload and verification mechanism
+
+## 7.11.0 (2015-05-22)
+
+  - Skip git hooks commit validation when pushing new tag.
+  - Add Two-factor authentication (2FA) for LDAP logins
+
+## 7.10.1
+
+  - Check if comment exists in Jira before sending a reference
+
+## 7.10.0 (2015-04-22)
+
+  - Improve UI for next pages: Group LDAP sync, Project git hooks, Project share with groups, Admin -> Appearance settigns
+  - Default git hooks for new projects
+  - Fix LDAP group links page by using new group members route.
+  - Skip email confirmation when updated via LDAP.
+
+## 7.9.0 (2015-03-22)
+
+  - Strip prefixes and suffixes from synced SSH keys:
+    `SSHKey:ssh-rsa keykeykey` and `ssh-rsa keykeykey (SSH key)` will now work
+  - Check if LDAP admin group exists before querying for user membership
+  - Use one custom header logo for all GitLab themes in appearance settings
+  - Escape wildcards when searching LDAP by group name.
+  - Group level Web Hooks
+  - Don't allow project to be shared with the group it is already in.
+
+## 7.8.0 (2015-02-22)
+
+  - Improved Jira issue closing integration
+  - Improved message logging for Jira integration
+  - Added option of referencing JIRA issues from GitLab
+  - Update Sidetiq to 0.6.3
+  - Added Github Enterprise importer
+  - When project has MR rebase enabled, MR will have rebase checkbox selected by default
+  - Minor UI fixes for sidebar navigation
+  - Manage large binaries with git annex
+
+## 7.7.0 (2015-01-22)
+
+  - Added custom header logo support (Drew Blessing)
+  - Fixed preview appearance bug
+  - Improve performance for selectboxes: project share page, admin email users page
+
+## 7.6.2
+
+  - Fix failing migrations for MySQL, LDAP
+
+## 7.6.1
+
+  - No changes
+
+## 7.6.0 (2014-12-22)
+
+  - Added Audit events related to membership changes for groups and projects
+  - Added option to attempt a rebase before merging merge request
+  - Dont show LDAP groups settings if LDAP disabled
+  - Added member lock for groups to disallow membership additions on project level
+  - Rebase on merge request. Introduced merge request option to rebase before merging
+  - Better message for failed pushes because of git hooks
+  - Kerberos support for web interface and git HTTP
+
+## 7.5.3
+
+  - Only set up Sidetiq from a Sidekiq server process (fixes Redis::InheritedError)
+
+## 7.5.0 (2014-11-22)
+
+  - Added an ability to check each author commit's email by regex
+  - Added an ability to restrict commit authors to existing Gitlab users
+  - Add an option for automatic daily LDAP user sync
+  - Added git hook for preventing tag removal to API
+  - Added git hook for setting commit message regex to API
+  - Added an ability to block commits with certain filenames by regex expression
+  - Improved a jenkins parser
+
+## 7.4.4
+
+  - Fix broken ldap migration
+
+## 7.4.0 (2014-10-22)
+
+  - Support for multiple LDAP servers
+  - Skip AD specific LDAP checks
+  - Do not show ldap users in dropdowns for groups with enabled ldap-sync
+  - Update the JIRA integration documentation
+  - Reset the homepage to show the GitLab logo by deleting the custom logo.
+
+## 7.3.0 (2014-09-22)
+
+  - Add an option to change the LDAP sync time from default 1 hour
+  - User will receive an email when unsubscribed from admin notifications
+  - Show group sharing members on /my/project/team
+  - Improve explanation of the LDAP permission reset
+  - Fix some navigation issues
+  - Added support for multiple LDAP groups per Gitlab group
+
+## 7.2.0 (2014-08-22)
+
+  - Improve Redmine integration
+  - Better logging for the JIRA issue closing service
+  - Administrators can now send email to all users through the admin interface
+  - JIRA issue transition ID is now customizable
+  - LDAP group settings are now visible in admin group show page and group members page
+
+## 7.1.0 (2014-07-22)
+
+  - Synchronize LDAP-enabled GitLab administrators with an LDAP group (Marvin Frick, sponsored by SinnerSchrader)
+  - Synchronize SSH keys with LDAP (Oleg Girko (Jolla) and Marvin Frick (SinnerSchrader))
+  - Support Jenkins jobs with multiple modules (Marvin Frick, sponsored by SinnerSchrader)
+
+## 7.0.0 (2014-06-22)
+
+  - Fix: empty brand images are displayed as empty image_tag on login page (Marvin Frick, sponsored by SinnerSchrader)
+
+## 6.9.4
+
+  - Fix bug in JIRA Issue closing triggered by commit messages
+  - Fix JIRA issue reference bug
+
+## 6.9.3
+
+  - Fix check CI status only when CI service is enabled(Daniel Aquino)
+
+## 6.9.2
+
+  - Merge community edition changes for version 6.9.2
+
+## 6.9.1
+
+  - Merge community edition changes for version 6.9.1
+
+## 6.9.0 (2014-05-22)
+
+  - Add support for closing Jira tickets with commits and MR
+  - Template for Merge Request description can be added in project settings
+  - Jenkins CI service
+  - Fix LDAP email upper case bug
+
+## 6.8.0 (2014-04-22)
+
+  - Customise sign-in page with custom text and logo
+
+## 6.7.1
+
+  - Handle LDAP errors in Adapter#dn_matches_filter?
+
+## 6.7.0 (2014-03-22)
+
+  - Improve LDAP sign-in speed by reusing connections
+  - Add support for Active Directory nested LDAP groups
+  - Git hooks: Commit message regex
+  - Git hooks: Deny git tag removal
+  - Fix group edit in admin area
+
+## 6.6.0 (2014-02-22)
+
+  - Permission reset button for LDAP groups
+  - Better performance with large numbers of users with access to one project
+
+## 6.5.0 (2014-01-22)
+
+  - Add reset permissions button to Group#members page
+
+## 6.4.0 (2013-12-22)
+
+  - Respect existing group permissions during sync with LDAP group (d3844662ec7ce816b0a85c8b40f66ee6c5ae90a1)
+
+## 6.3.0 (2013-11-22)
+
+  - When looking up a user by DN, use single scope (bc8a875df1609728f1c7674abef46c01168a0d20)
+  - Try sAMAccountName if omniauth nickname is nil (9b7174c333fa07c44cc53b80459a115ef1856e38)
+
+## 6.2.0 (2013-10-22)
+
+  - API: expose ldap_cn and ldap_access group attributes
+  - Use omniauth-ldap nickname attribute as GitLab username
+  - Improve group sharing UI for installation with many groups
+  - Fix empty LDAP group raises exception
+  - Respect LDAP user filter for git access

CHANGELOG.md

@@ -2,6 +2,15 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 8.17.3 (2017-03-07)
+
+- Fix the redirect to custom home page URL. !9518
+- Fix broken migration when upgrading straight to 8.17.1. !9613
+- Make projects dropdown only show projects you are a member of. !9614
+- Fix creating a file in an empty repo using the API. !9632
+- Don't copy tooltip when copying GFM.
+- Fix cherry-picking or reverting through an MR.
+
 ## 8.17.2 (2017-03-01)
 
 - Expire all webpack assets after 8.17.1 included a badly compiled asset. !9602
@@ -24,6 +33,7 @@ entry.
 ## 8.17.0 (2017-02-22)
 
 - API: Fix file downloading. !0 (8267)
+- Read true-up info from license and validate it. !1159
 - Changed composer installer script in the CI PHP example doc. !4342 (Jeffrey Cafferata)
 - Display fullscreen button on small screens. !5302 (winniehell)
 - Add system hook for when a project is updated (other than rename/transfer). !5711 (Tommy Beadle)
@@ -203,8 +213,6 @@ entry.
 
 ## 8.16.7 (2017-02-27)
 
-- No changes.
-- No changes.
 - Fix MR changes tab size count when there are over 100 files in the diff.
 
 ## 8.16.6 (2017-02-17)
@@ -413,6 +421,14 @@ entry.
 - Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
 - Patch XSS vulnerability in RDOC support.
 
+## 8.15.5 (2017-01-20)
+
+- Ensure export files are removed after a namespace is deleted.
+- Don't allow project guests to subscribe to merge requests through the API. (Robert Schilling)
+- Prevent users from creating notes on resources they can't access.
+- Prevent users from deleting system deploy keys via the project deploy key API.
+- Upgrade omniauth gem to 1.3.2.
+
 ## 8.15.4 (2017-01-09)
 
 - Make successful pipeline emails off for watchers. !8176
@@ -695,6 +711,14 @@ entry.
 - Speed up group milestone index by passing group_id to IssuesFinder. !8363
 - Ensure issuable state changes only fire webhooks once.
 
+## 8.14.7 (2017-01-21)
+
+- Ensure export files are removed after a namespace is deleted.
+- Don't allow project guests to subscribe to merge requests through the API. (Robert Schilling)
+- Prevent users from creating notes on resources they can't access.
+- Prevent users from deleting system deploy keys via the project deploy key API.
+- Upgrade omniauth gem to 1.3.2.
+
 ## 8.14.6 (2017-01-10)
 
 - Update the gitlab-markup gem to the version 1.5.1. !8509
@@ -977,6 +1001,14 @@ entry.
 - Fix "Without projects" filter. !6611 (Ben Bodenmiller)
 - Fix 404 when visit /projects page
 
+## 8.13.12 (2017-01-21)
+
+- Ensure export files are removed after a namespace is deleted.
+- Don't allow project guests to subscribe to merge requests through the API. (Robert Schilling)
+- Prevent users from creating notes on resources they can't access.
+- Prevent users from deleting system deploy keys via the project deploy key API.
+- Upgrade omniauth gem to 1.3.2.
+
 ## 8.13.11 (2017-01-10)
 
 - Update the gitlab-markup gem to the version 1.5.1. !8509

Gemfile

@@ -34,6 +34,7 @@ gem 'omniauth-saml',          '~> 1.7.0'
 gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
+gem 'gssapi', group: :kerberos
 gem 'omniauth-authentiq',     '~> 0.3.0'
 gem 'rack-oauth2',            '~> 1.2.1'
 gem 'jwt',                    '~> 1.5.6'
@@ -58,6 +59,7 @@ gem 'browser', '~> 2.2'
 # GitLab fork with several improvements to original library. For full list of changes
 # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
 gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: 'omniauth-ldap'
+gem 'net-ldap'
 
 # Git Wiki
 # Required manually in config/initializers/gollum.rb to control load order
@@ -101,6 +103,14 @@ gem 'unf', '~> 0.1.4'
 # Seed data
 gem 'seed-fu', '~> 2.3.5'
 
+# Search
+gem 'elasticsearch-model', '~> 0.1.9'
+gem 'elasticsearch-rails', '~> 0.1.9'
+gem 'elasticsearch-api',   '5.0.3'
+gem 'gitlab-elasticsearch-git', '1.1.1', require: "elasticsearch/git"
+gem 'aws-sdk'
+gem 'faraday_middleware-aws-signers-v4'
+
 # Markdown and HTML processing
 gem 'html-pipeline',        '~> 1.11.0'
 gem 'deckar01-task_list',   '1.0.6', require: 'task_list/railtie'
@@ -241,6 +251,7 @@ gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus',             '~> 1.0.1'
 gem 'net-ssh',            '~> 3.0.1'
 gem 'base32',             '~> 0.3.0'
+gem "gitlab-license", "~> 1.0"
 
 # Sentry integration
 gem 'sentry-raven', '~> 2.0.0'

Gemfile.lock

@@ -67,6 +67,14 @@ GEM
       execjs
       json
     awesome_print (1.2.0)
+    aws-sdk (2.7.8)
+      aws-sdk-resources (= 2.7.8)
+    aws-sdk-core (2.7.8)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-resources (2.7.8)
+      aws-sdk-core (= 2.7.8)
+    aws-sigv4 (1.0.0)
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
@@ -168,6 +176,19 @@ GEM
       railties (>= 4.2)
     dropzonejs-rails (0.7.2)
       rails (> 3.1)
+    elasticsearch (5.0.3)
+      elasticsearch-api (= 5.0.3)
+      elasticsearch-transport (= 5.0.3)
+    elasticsearch-api (5.0.3)
+      multi_json
+    elasticsearch-model (0.1.9)
+      activesupport (> 3)
+      elasticsearch (> 0.4)
+      hashie
+    elasticsearch-rails (0.1.9)
+    elasticsearch-transport (5.0.3)
+      faraday
+      multi_json
     email_reply_trimmer (0.1.6)
     email_spec (1.6.0)
       launchy (~> 2.1)
@@ -190,6 +211,9 @@ GEM
       multipart-post (>= 1.2, < 3)
     faraday_middleware (0.10.0)
       faraday (>= 0.7.4, < 0.10)
+    faraday_middleware-aws-signers-v4 (0.1.5)
+      aws-sdk (~> 2.1)
+      faraday (~> 0.9)
     faraday_middleware-multi_json (0.0.6)
       faraday_middleware
       multi_json
@@ -254,6 +278,14 @@ GEM
       mime-types (>= 1.19)
       rugged (>= 0.23.0b)
     github-markup (1.4.0)
+    gitlab-elasticsearch-git (1.1.1)
+      activemodel (~> 4.2)
+      activesupport (~> 4.2)
+      charlock_holmes (~> 0.7)
+      elasticsearch-api
+      elasticsearch-model (~> 0.1.9)
+      github-linguist (~> 4.7)
+      rugged (~> 0.24)
     gitlab-flowdock-git-hook (1.0.1)
       flowdock (~> 0.7)
       gitlab-grit (>= 2.4.1)
@@ -263,6 +295,7 @@ GEM
       diff-lcs (~> 1.1)
       mime-types (>= 1.16, < 3)
       posix-spawn (~> 0.3)
+    gitlab-license (1.0.0)
     gitlab-markup (1.5.1)
     gitlab_omniauth-ldap (1.2.1)
       net-ldap (~> 0.9)
@@ -324,6 +357,8 @@ GEM
     grpc (1.1.2)
       google-protobuf (~> 3.1)
       googleauth (~> 0.5.1)
+    gssapi (1.2.0)
+      ffi (>= 1.0.1)
     haml (4.0.7)
       tilt
     haml_lint (0.21.0)
@@ -369,6 +404,7 @@ GEM
     jira-ruby (1.1.2)
       activesupport
       oauth (~> 0.5, >= 0.5.0)
+    jmespath (1.3.1)
     jquery-atwho-rails (1.3.2)
     jquery-rails (4.1.1)
       rails-dom-testing (>= 1, < 3)
@@ -838,6 +874,7 @@ DEPENDENCIES
   asciidoctor-plantuml (= 0.0.7)
   attr_encrypted (~> 3.0.0)
   awesome_print (~> 1.2.0)
+  aws-sdk
   babosa (~> 1.0.2)
   base32 (~> 0.3.0)
   benchmark-ips (~> 2.3.0)
@@ -866,9 +903,13 @@ DEPENDENCIES
   diffy (~> 3.1.0)
   doorkeeper (~> 4.2.0)
   dropzonejs-rails (~> 0.7.1)
+  elasticsearch-api (= 5.0.3)
+  elasticsearch-model (~> 0.1.9)
+  elasticsearch-rails (~> 0.1.9)
   email_reply_trimmer (~> 0.1)
   email_spec (~> 1.6.0)
   factory_girl_rails (~> 4.7.0)
+  faraday_middleware-aws-signers-v4
   ffaker (~> 2.4)
   flay (~> 2.6.1)
   fog-aws (~> 0.9)
@@ -884,7 +925,9 @@ DEPENDENCIES
   gemojione (~> 3.0)
   gitaly (~> 0.2.1)
   github-linguist (~> 4.7.0)
+  gitlab-elasticsearch-git (= 1.1.1)
   gitlab-flowdock-git-hook (~> 1.0.1)
+  gitlab-license (~> 1.0)
   gitlab-markup (~> 1.5.1)
   gitlab_omniauth-ldap (~> 1.2.1)
   gollum-lib (~> 4.2)
@@ -893,6 +936,7 @@ DEPENDENCIES
   google-api-client (~> 0.8.6)
   grape (~> 0.19.0)
   grape-entity (~> 0.6.0)
+  gssapi
   haml_lint (~> 0.21.0)
   hamlit (~> 2.6.1)
   health_check (~> 2.6.0)
@@ -918,6 +962,7 @@ DEPENDENCIES
   minitest (~> 5.7.0)
   mousetrap-rails (~> 1.4.6)
   mysql2 (~> 0.3.16)
+  net-ldap
   net-ssh (~> 3.0.1)
   nokogiri (~> 1.6.7, >= 1.6.7.2)
   oauth2 (~> 1.2.0)

LICENSE

+The GitLab Enterprise Edition (EE) license (the “EE License”)
 Copyright (c) 2011-2017 GitLab B.V.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+This software and associated documentation files (the "Software") may only be
+used if you (and any entity that you represent) have agreed to, and are in
+compliance with, the GitLab Subscription Terms of Service, available at
+https://about.gitlab.com/terms/#subscription (the “EE Terms”), and otherwise
+have a valid GitLab Enterprise Edition subscription for the correct number of
+user seats. Subject to the foregoing sentence, you are free to modify this
+Software and publish patches to the Software. You agree that GitLab and/or its
+licensors (as applicable) retain all right, title and interest in and to all
+Software incorporated in such modifications and/or patches, and all such
+Software may only be used, copied, modified, displayed, distributed, or
+otherwise exploited with a valid GitLab Enterprise Edition subscription for the
+correct number of user seats.  Subject to the foregoing, it is forbidden to
+copy, merge, publish, distribute, sublicense, and/or sell the Software.
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+This EE License applies only to the part of this Software that is not
+distributed as part of GitLab Community Edition (CE), and that is not a file
+that produces client-side JavaScript, in whole or in part. Any part of this
+Software distributed as part of GitLab CE or that is a file that produces
+client-side JavaScript, in whole or in part, is copyrighted under the MIT Expat
+license. The full text of this EE License shall be included in all copies or
+substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

 # GitLab
 
-[![Build status](https://gitlab.com/gitlab-org/gitlab-ce/badges/master/build.svg)](https://gitlab.com/gitlab-org/gitlab-ce/commits/master)
+[![Build status](https://gitlab.com/gitlab-org/gitlab-ee/badges/master/build.svg)](https://gitlab.com/gitlab-org/gitlab-ee/commits/master)
 [![CE coverage report](https://gitlab.com/gitlab-org/gitlab-ce/badges/master/coverage.svg?job=coverage)](https://gitlab-org.gitlab.io/gitlab-ce/coverage-ruby)
 [![Code Climate](https://codeclimate.com/github/gitlabhq/gitlabhq.svg)](https://codeclimate.com/github/gitlabhq/gitlabhq)
 [![Core Infrastructure Initiative Best Practices](https://bestpractices.coreinfrastructure.org/projects/42/badge)](https://bestpractices.coreinfrastructure.org/projects/42)
@@ -9,6 +9,36 @@
 
 The canonical source of GitLab Community Edition is [hosted on GitLab.com](https://gitlab.com/gitlab-org/gitlab-ce/).
 
+The source of GitLab Enterprise Edition is [hosted on GitLab.com](https://gitlab.com/gitlab-org/gitlab-ee).
+
+# ![logo](https://about.gitlab.com/images/gitlab_logo.png) GitLab
+
+## Free trial
+
+You can request a free trial of GitLab Enterprise Edition [on our website](https://about.gitlab.com/free-trial/).
+
+## Subscriber onboarding information
+
+Thank you for purchasing a GitLab subscription!
+
+For standard subscribers, please see **emergency contact info and other useful information** in [the Standard subscribers README](https://gitlab.com/standard/standard-subscriber-information/tree/master#README).
+
+GitLab Enterprise Edition repository:
+https://gitlab.com/gitlab-com/gitlab-ee
+
+Download GitLab Enterprise Edition:
+https://about.gitlab.com/downloads-ee
+
+Documentation:
+http://doc.gitlab.com/ee/
+
+To upgrade from CE, just perform a normal upgrade, but use an EE package:
+https://about.gitlab.com/update/#ee
+
+If you need help with your GitLab installation and for any technical questions please contact us at subscribers@gitlab.com
+
+For all other questions, contact us at sales@gitlab.com
+
 ## Open source software to collaborate on code
 
 To see how GitLab looks please see the [features page on our website](https://about.gitlab.com/features/).
@@ -100,7 +130,7 @@ For upgrading information please see our [update page](https://about.gitlab.com/
 
 ## Documentation
 
-All documentation can be found on [docs.gitlab.com/ce/](https://docs.gitlab.com/ce/).
+All documentation can be found on [doc.gitlab.com/ee/](http://doc.gitlab.com/ee/).
 
 ## Getting help
 

VERSION

-8.18.0-pre
+8.18.0-ee-pre