GitLab CE - 15.5.5
Security
(2022-11-30)
Security (11 changes)
- Send resolved_address param to gitaly during repository import (merge request)
- Add size validation during nuspec file extraction (merge request)
- Cross-site scripting in Jira Integration (merge request)
- Protect web-hook secret tokens after changing URL (merge request)
- Redact secret tokens from web-hook logs (merge request)
- Prevent unauthorized users from seeing Release information on tag pages (merge request)
- Update after_import to expire cache before removing prohibited branches (merge request)
- Deny all package permissions when group access is restricted by IP (merge request)
- Redact user emails from project webhook data (merge request)
- Disallow local URls for build_runner_session if dictated by app setting (merge request)
- Prevent token bypass for extenal authorisation (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Nov. 30, 2022, midnight
name
15.5.5
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!