GitLab CE - 15.3.5
Security
(2022-11-02)
Security (12 changes)
- Datadog API key leak by changing integration URL (merge request)
- Redact confidential references in Jira issue descriptions (merge request)
- Forbid reading emojis on internal notes (merge request)
- Same-site redirect vulnerability (merge request)
- BYPASS: Stored-XSS with CSP-bypass via scoped labels' color (merge request)
- Fix Running Upstream Pipelines Jobs Without Permission (merge request)
- Add length limit to addressable URLs (merge request)
- Add a redirect wall before artifact redirect to pages (merge request)
- Sandbox swagger-ui to prevent injection attacks (merge request)
- Fix external project permission when using CI prefill variables (merge request)
- Resolve users can view audit events from other members (merge request)
- Path traversal fix for Secure Files (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Nov. 2, 2022, midnight
name
15.3.5
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!