gitlab-org/gitlab-foss v18.4.0

on GitLab

The GitLab Knowledge Graph provides rich code intelligence across your codebase. Developers can understand and navigate their projects with greater context, making it easier to plan changes, perform impact analysis, and work with GitLab Duo agents to accelerate development tasks.

The GitLab Duo Agent Platform leverages the Knowledge Graph to increase the accuracy of AI agents. By mapping files and definitions across a codebase, the Knowledge Graph provides enhanced context that allows Duo agents to understand relationships across your entire local workspace—unlocking faster and more precise responses to complex questions.

This feature is in beta status. Provide feedback in issue 160.

The GitLab container registry now supports the media types to
host OpenTofu modules and providers.

Version 3.1.0 of the
OpenTofu CI/CD component supports
a new provider-release template to deploy an OpenTofu provider into the GitLab registry
using the OCI format. Now, you can host private OpenTofu providers directly in GitLab.

In addition, the module-release template now supports a new type input that you can set to oci
to deploy the OpenTofu module in the GitLab registry using the OCI format.

You now have full control over your listing page view, choose which metadata appears and whether to open work items in a drawer, making it easier to focus on the information that matters most to you.

Previously, all metadata fields were always visible, which could make scanning through work items overwhelming. Now you can customize your view by turning on or off specific fields like assignees, labels, dates, and milestones.

With the new toggle that switches between the drawer view and full-page navigation you can quickly review details while maintaining context of your list, or open the full page when you need more screen space for detailed editing and comprehensive navigation.

We've replaced the "epic" filter on the Issues and Epics pages with a more flexible "parent" filter. This change lets you filter by any parent work item, not just epics. You can now easily find child tasks by filtering by their parent issue, or find issues by filtering by their parent epic, giving you better visibility into your work hierarchy across both issue and epic lists.

The GitLab plain text editor now includes the same formatting options as the rich text editor. The plain text editor toolbar has been updated with a "More options" menu that provides access to advanced formatting tools like:

• Code blocks
  
• Details blocks
  
• Horizontal rules
  
• Mermaid diagrams
  
• PlantUML diagrams
  
• Table of contents
  

Both editors now have consistent button placement and separators, making it easier to switch between editing modes while maintaining access to familiar formatting options.

Previously, when using the pipeline editor and validating your changes using the Validate tab, you could only run a simulation for the default branch. In this release, we've expanded this capability. You can now select any branch to simulate pipelines against. This improvement gives you greater flexibility in testing and validating your pipelines. You can ensure they perform as expected across different cases, including your stable branches or feature branches.

We’re also releasing GitLab Runner 18.4 today! GitLab Runner is the highly-scalable build agent that runs your CI/CD jobs and sends the results back to a GitLab instance. GitLab Runner works in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab.

Bug Fixes:

• FIPS runners fail to start jobs with GitLab Runner 18.2.1
  
• The chown command for runners with custom ConfigMap & security context constraints (SCC) fails after Operator v1.37.0 upgrade on OpenShift 4.16.27
  
• Reinstate FF_RETRIEVE_POD_WARNING_EVENTS in GitLab 17.x.x releases due to early removal in 17.2
  
• All GitLab Runner jobs fail due to filesystem permission errors
  
• Build jobs fail sporadically with permission denied error
  
• Gitlab Runner Helm chart upgrade broke the variables
  
• Enabling FF_USE_FASTZIP does not enable fastzip
  
• GitLab Runner encounters an UnsupportedOperation error when trying to stop Spot instances created with one-time requests
  
• Long polling for GitLab Runners does not work properly in Kubernetes deployed environments
  
• Allow admins to override image:kubernetes:user value
  

The list of all changes is in the GitLab Runner CHANGELOG.

Pipeline secret detection now automatically excludes certain file types and directories if they have a low likelihood of containing secrets, improving scan performance. These changes are released in analyzer version 7.11.0.

Version 7.12.0 of the secret detection analyzer adds significant improvements to the way Git commits are fetched. The analyzer now parses --depth and --since options passed from SECRET_DETECTION_LOG_OPTIONS, so you can further specify how many commits you want to scan. The analyzer also selects appropriate fetch strategies based on context, which prevents a known issue where potentially millions of commits were unnecessarily fetched, even with shallow depth configurations.

This enhancement reduces job timeouts, decreases resource consumption, and provides more predictable scan performance. Experience faster secret detection scans, especially in large repositories, with clearer logging that matches the actual fetching behavior.

You can now allow CI/CD job tokens generated in your project to authenticate Git push requests to the project’s repository. Enable this with the Job token permissions settings in the UI, or alternatively with the ci_push_repository_for_job_token_allowed parameter in the project's REST API endpoint.

In GitLab 16.11, we added the artifacts:access keyword enabling users to control whether artifacts can be downloaded by all users with access to the pipeline, only users with the Developer role or higher, or no user at all.

In this release, you can now restrict who can download artifacts to only the Maintainer role or higher, giving you one more option for controlling who can download job artifacts.