GitLab CE - 14.8.6
Security
(2022-04-29)
Security (14 changes)
- Update Import/Export merge/push access levels & exclude ci config path (merge request)
- Prevent maintainers from editing PipelineSchedule (merge request)
- Add validation to pypi file sha256 values (merge request)
- Conan Token uses PAT rather than ID in payload (merge request)
- [security] Fix markdown API disclosing issue titles of limited projects (merge request)
- Verify that mentioned user can read TODO's note (merge request)
- Invalidate markdown cache to clear up stored XSS (merge request)
- Allow rate limiting of deploy tokens (merge request)
- Add suffix to cache name to add isolation (merge request)
- Disable wiki access with CI_JOB_TOKEN when improper access level (merge request)
- Sanitize error input to prevent HTML/CSS injection in messages (merge request)
- Secure debug trace artifact download (merge request)
- Use password type for all secret integration properties (merge request)
- Limit CI job group_name regexp (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
April 29, 2022, midnight
name
14.8.6
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!