Breaking change deployments on GitLab.com

Changes are deployed continuously to GitLab.com. However, breaking changes can require more time to prepare for.

In the month before the GitLab 18.0 release, breaking changes will be deployed during three time windows. The following tables list when each breaking change will be deployed.

Window 1

This window takes place on April 21 - 23, 2025 from 09:00 UTC to 22:00 UTC.

Deprecation Impact Stage Scope
Registration tokens and server-side runner arguments in POST /api/v4/runners endpoint Critical Verify Instance, group, project
runnerRegistrationToken parameter for GitLab Runner Helm Chart Critical Verify Instance, group, project
Registration tokens and server-side runner arguments in gitlab-runner register command Critical Verify Instance, group, project
Support for REST API endpoints that reset runner registration tokens Critical Verify Instance, group, project
GitLab Runner platforms and setup instructions in GraphQL API Low Verify Instance, group, project
CI/CD job token - Limit access from your project setting removal High Verify Project
CI/CD job token - Authorized groups and projects allowlist enforcement High Govern Project
Deprecate License Scanning CI/CD artifact report type   Secure  
OpenTofu CI/CD template Low Depoy Project
Replace add_on_purchase GraphQL field with add_on_purchases Low Fulfillment Instance, group
Replace namespace add_on_purchase GraphQL field with add_on_purchases Low Fulfillment Instance, group
Public use of Secure container registries is deprecated Low Secure Instance
Limit number of scan execution policy actions allowed per policy Low Security risk management Instance, group, project
Pipelines API cancel endpoint returns error for non-cancelable pipelines High Verify Instance, group, project
Deprecate CI job implementation of Repository X-Ray Low Create Project
Pipeline job limits extended to the Commits API Low Verify Project
Deprecation of name field in ProjectMonthlyUsageType GraphQL API Low Fulfillment Project
Rename ‘setPreReceiveSecretDetection’ GraphQL mutation to ‘setSecretPushProtection’ Low Application_security_testing Project
Deprecation of STORAGE enum in NamespaceProjectSortEnum GraphQL API Low Fulfillment Group
Workspaces editor GraphQL field is deprecated Low Create Project
Enforce keyset pagination on audit event API Low Software supply chain security Instance, group, project
Fix typo in user profile visibility updated audit event type Low Software supply chain security Instance
Container Scanning default severity threshold set to medium Low Application security testing Project
maxHoursBeforeTermination GraphQL field is deprecated Low Create Project
RemoteDevelopmentAgentConfig GraphQL type is deprecated Low Create Project
defaultMaxHoursBeforeTermination and maxHoursBeforeTerminationLimit fields are deprecated Low Create Project
GitLab Advanced SAST will be enabled by default Medium Application security testing Instance
SAST jobs no longer use global cache settings Medium Application security testing Instance
Application Security Testing analyzers major version update Low Application security testing Project

Window 2

This window takes place on April 28 - 30, 2025 from 09:00 UTC to 22:00 UTC.

Deprecation Impact Stage Scope
Replace GraphQL field take_ownership_pipeline_schedule with admin_pipeline_schedule in PipelineSchedulePermissions Low Verify Project
GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN is deprecated Medium Verify Instance
The heroku/builder:22 image is deprecated Medium Deploy Project
ciUsedMinutes GraphQL field renamed to ciDuration Medium Verify Instance
mergeTrainIndex and mergeTrainsCount GraphQL fields deprecated Low Verify Project
RunnersRegistrationTokenReset GraphQL mutation is deprecated High Verify Instance, group, project
Behavior change for Upcoming and Started milestone filters Low Plan Group, project

Window 3

This window takes place on May 5 - 7, 2025 from 09:00 UTC to 22:00 UTC.

Deprecation Impact Stage Scope
Runner active GraphQL fields replaced by paused Low Verify  
ZenTao integration Low Foundations Instance
GraphQL deprecation of dependencyProxyTotalSizeInBytes field Low Package Group
The ci_job_token_scope_enabled projects API attribute is deprecated Low Govern Project
Deprecate license metadata format V1 Low Secure Instance
The direction GraphQL argument for ciJobTokenScopeRemoveProject is deprecated Low Govern Project
Replace threshold with maxretries for container registry notifications Low Package Project
GraphQL target field for to-do items replaced with targetEntity Low Foundations Project
ciJobTokenScopeAddProject GraphQL mutation is deprecated Low Govern Project
Guest users can pull packages from private projects on GitLab.com High Package Project
Removal of migrationState field in ContainerRepository GraphQL API Low Package Project
Updated tooling to release CI/CD components to the Catalog High Verify Instance
Increased default security for use of pipeline variables Medium Verify Project
Amazon S3 Signature Version 2 Low Package Project
REST API endpoint pre_receive_secret_detection_enabled is deprecated Medium Application_security_testing Instance
Remove duoProAssignedUsersCount GraphQL field Low Plan Group, project
Secret detection analyzer doesn’t run as root user by default Low Application_security_testing Instance
Remove previousStageJobsOrNeeds from GraphQL Low Verify Instance