GitLab CE - 15.10.5
Security
(2023-05-01)
Security (9 changes)
- Set minimum role for importing projects to Maintainer (merge request)
- Commit trailers now only match public user email addresses (merge request)
- Handle invalid URLs in asset proxy (merge request)
- Relay state to check for only allowing sub paths (merge request)
- Prohibit 40 character hex sets at beginning of path-based branch name (merge request)
- Add specs for external users flag (merge request)
- Update policy to prevent banned members from accessing public projects (merge request)
- Use dummy filename as filename when viewing raw xml files (merge request)
- Authorize access to vulnerabilitiesCountByDay resolver (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
May 1, 2023, midnight
name
15.10.5
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!