GitLab CE - 15.3.2
Security
(2022-08-30)
Security (17 changes)
- No overriding methods for Sawyer class (merge request)
- Update Oj to v3.13.21 (merge request)
- Prevent long loops when generating suggested branch name (merge request)
- IDOR in Zentao integration issue show page (merge request)
- Patch VULNDB-255039 (potential Rack cache poisoning) (merge request)
- HTML escape the label background color (merge request)
- Sandbox jupyter notebook HTML output (merge request)
- Fix unauthorized GFM references in Incident Timeline (merge request)
- Optimize handling repositories with huge trees (merge request)
- Parse commit trailers without using regexp (merge request)
- Check for pathological markdown input (merge request)
- Replaced smooshpack to fix the vulnerability in LivePreview (merge request)
- Update package auth for group IP allowlist (merge request)
- Don't show pipeline status (merge request)
- Sanitize img attributes in Banzai::Filter::ImageLinkFilter (merge request)
- Validate description length for snippets (merge request)
- Prevent brute force vuln for Git over HTTP(S) requests (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Aug. 30, 2022, midnight
name
15.3.2
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!