GitLab CE - 15.11.7
Security
(2023-06-05)
Security (16 changes)
- Fix DoS on test report artifacts (merge request)
- Fix XSS in Abuse Reports form action (merge request)
- Escape the source branch link correctly (merge request)
- Import source owners with maintainer access if importer is a maintainer (merge request)
- Filter inaccessible issuable notes when exporting project (merge request)
- Block tag names that are prepended with refs/tags/, due to conflicts (merge request)
- Set IP in ActionContoller filter before IP enforcement is evaluated (merge request)
- Prevent primary email returned as verified on unsaved change (merge request)
- Use UntrustedRegexp to protect FrontMatter filter (merge request)
- Improve ambiguous_ref? logic to include heads and tags (merge request)
- Use UntrustedRegexp to protect InlineDiff filter (merge request)
- Ignore user-defined diff paths in diff notes (merge request)
- Reject NPM metadata requests with invalid package_name (merge request)
- Use UntrustedRegexp to protect MathFilter regex (merge request)
- Resolve Overall Project Vulnerability Disclosure (merge request)
- Validate description length in labels (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
June 5, 2023, midnight
name
15.11.7
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!