Changelog

All notable changes to this project will be documented in this file.

[1.5.0] - 2025-10-10

🐛 Bug Fixes

• (front) Fix overflowing service account role selection dropdown (#629) (#641) by @hamir-suspect

• Service account project creation and better error message (#635) (#643) by @hamir-suspect

• Service accounts showing up as users (#638) (#644) by @hamir-suspect

💼 Other

• (e2e) User management and project creation (#267) (#642) by @hamir-suspect

[1.5.0-rc.2] - 2025-10-06

🐛 Bug Fixes

• (public-api/v1alpha) Run_now allowed without branch and reference fields (#607) by @hamir-suspect

• (public-api/v1alpha) Handle empty reference fields correctly (#609) by @hamir-suspect

⚙️ Miscellaneous Tasks

• (github_hooks) Update rexml dependency (#610) by @hamir-suspect

• Update change_in directives (#604) (#626) by @hamir-suspect

[1.5.0-rc.1] - 2025-09-23

🚀 Features

• (security-toolbox) Allow scanners to be configured (#421) by @skipi

• (security-toolbox/docker) Configure vuln-severity-source (#446) by @dexyk

• (front) Add css processing to asset pipeline (#452) by @skipi

• (front) Allow some HTML tags in markdown reports (#388) by @skipi

• (front) Add new flutter templates (#461) by @csidyel

• Add project config option to control draft PR builds (#396) by @skipi

• Show artifact size in UI (#485) by @hamir-suspect

• (notifications) Add authorization before sending notification (#465) by @VeljkoMaksimovic

• (front) Display who was last to modify notification (#505) by @VeljkoMaksimovic

• (github_hooks) Handle service account github repo host account (#519) by @hamir-suspect

• (auth) Block connection in case of invalid request ip (#547) by @radwo

• (front) Replace userpilot with posthog (#551) by @skipi

• (front) User email management functionality (#566) by @hamir-suspect

• (plumber) Populate SEMAPHORE_PIPELINE_NAME env. var. (#567) by @dexyk

• (guard) Add posthog integration (#597) by @skipi

• (notifications) Support for tags (#591) by @hamir-suspect

• (front) Add organization_id to workflow query params (#600) by @dexyk

• Support tags for tasks and task just run (#599) by @hamir-suspect

🐛 Bug Fixes

• (api v1alpha) Use pipeline_file as param name in Run wf API (#420) by @DamjanBecirovic

• (velocity) Properly handle reports exceeding size limit (#395) by @skipi

• (plumber) Check if DT permits user to partially rebuild pipeline (#427) by @hamir-suspect

• (plumber) Handle skipped blocks in partial pipeline rebuilds (#429) by @hamir-suspect

• (front) Default simple template for new project onboarding (#430) by @hamir-suspect

• (public-api-gateway) Add AMQP_URL env. var (#432) by @dexyk

• (front) Fix templates that dont have valid semaphore yamls (#433) by @VeljkoMaksimovic

• (ppl) Add label to schedule wf via api request (#436) by @VeljkoMaksimovic

• (public-api-gateway) Add missing rabbitmq init container (#439) by @radwo

• (plumber) Improve job matrix validation - env. var dups (#417) by @dexyk

• (docs) ToC in API refernce page now shows self-hosted agents section (#447) by @DamjanBecirovic

• (github_hooks) GHSA-353f-x4gh-cqq8 (#450) by @skipi

• (github_hooks) Encode branch, tag name when fetching reference (#451) by @dexyk

• (front) Update vulnerable npm packages (#455) by @radwo

• (front) Bring back storage.googleapis.com to connect_src (#456) by @radwo

• (front) Move css loading from js => css (#457) by @skipi

• (front) URL encode branch name in case in contains '&' or '?' character (#458) by @VeljkoMaksimovic

• (front) Specify form_action: self directive (#459) by @VeljkoMaksimovic

• (front) Enable domain in form action (#460) by @dexyk

• (front) Extend timeout for rbac api calls (#462) by @VeljkoMaksimovic

• Several typos (#422) by @pieterocp

• (front) Form action restrictions (#471) by @VeljkoMaksimovic

• (front) Add storage.googleapis.com as a valid img_src to csp (#473) by @VeljkoMaksimovic

• (artifacthub) Reduce log noise and merge log messages for better visibility (#476) by @hamir-suspect

• (branch_hub) Implement archive action and respond with status :OK (#479) by @hamir-suspect

• (repository_hub) URL encode branch and tag names for GitLab API (#481) by @radwo

• (front) Pipeline status message shows who triggered pipeline correctly (#483) by @VeljkoMaksimovic

• (zebra) Add ff for cachehub protection (#486) by @VeljkoMaksimovic

• (github-hooks) Support ready_for_review hook from github (#518) by @skipi

• (guard) Differentiate between various types of GRPC errors (#522) by @skipi

• (guard) Use correct field for generating service account email domains (#523) by @skipi

• (front) Remove redundant checks from add people button visibility check (#431) by @skipi

• (hooks_processor) Add support for handling tag deletion hooks in Bitbucket worker (#524) by @dexyk

• (rbac_ee) Add debug logs (#528) by @hamir-suspect

• (zebra) Workflow editor job not working because of forked_pr evaluation (#546) by @hamir-suspect

• (docs) Bad example for oidc setup with gcp (#549) by @hamir-suspect

• (guard) Retract roles from service account user on destroy action (#550) by @hamir-suspect

• (docs) Fix OpenID Connect acronym in the documentation (OICD -> OIDC) (#560) by @ilyasgaraev

• (fromt) HTML sanitize test reports (#561) by @VeljkoMaksimovic

• (front) Add skip onboarding button (#526) by @hamir-suspect

• (repository_hub) Don't parse JSON when removing webhook (#569) by @skipi

• (self-hosted-hub) Fix agent cleanup logic and handle job failures during cleanup (#570) by @dexyk

• Lock go tool versions to reduce flakiness (#580) by @skipi

• (guard) Fix template assigns (#598) by @skipi

• (rbac) Emit event when owner is assigned org role (#568) by @VeljkoMaksimovic

• Notifications processing crash for task triggered pipelines (#601) by @hamir-suspect

• Typo in tag reference pattern matching (#603) by @hamir-suspect

💼 Other

• (front) Add feature flag for pipeline rebuilds in the UI (#419) by @skipi

• (guard) Error handling in update emails script (#423) by @VeljkoMaksimovic

• (guard) Change abuseprevention address in guard (#437) by @VeljkoMaksimovic

• (public-api) Increase memory resources (#440) by @radwo

• (bootstrapper) Fix CVE-2025-22868, bump go to 1.23 (#444) by @skipi

• (front) Treat ppl name as a plain txt (#445) by @radwo

• (github_hooks) Check signature on all githubapp calls (#448) by @radwo

• (front) Strengthen CSP with base-uri and restrict external domains (#453) by @radwo

• (front) Restrict host in pollman (#454) by @radwo

• (front) Enable live reload for front service in local development (#441) by @radwo

• (auth) Switch to battle tested RemoteIp in IpFilter (#475) by @radwo

• (front) Read org_id from headers (#477) by @radwo

• (front) Ensure resource ownership match for test results (#478) by @radwo

• (front) Add note about the project access when modifying notification (#508) by @VeljkoMaksimovic

• (github_hooks) Log which github event is received (#530) by @VeljkoMaksimovic

📚 Documentation

• Update container-registry.md (added Redis 8.0 and Valkey 8.1) (#424) by @d-stefanovic

• Reorganize sidebars and readd infracost recipe (#438) by @TomFern

• Update arm agent types (#402) by @bogyo210

• Add Trivy security scanner recipe (#464) by @TomFern

• Add note for cache in forked prs (#497) by @VeljkoMaksimovic

• Update to v1.4 and add latest changes (#512) by @TomFern

• Unify sidebars and simplify navigation (#517) by @TomFern

• Specify parser in docs for PHPUnit (#376) by @tbogosavljevic

• Update install-package commands (#443) by @tbogosavljevic

• Update changelog (#587) by @bogyo210

⚙️ Miscellaneous Tasks

• (hooks_processor) Do not log internal requests (#411) by @hamir-suspect

• (github_hooks) Upgrade rails version (#506) by @hamir-suspect

• (docs) Configure CODEOWNERS for docs directory (#553) by @DamjanBecirovic

• Update change_in directives (#604) by @hamir-suspect