GitLab CE - 15.5.7
Security
(2023-01-09)
Security (10 changes)
- Avoid regex with potential for poorly performing backtracking (merge request)
- Protect web-hook url variables after changing URL (merge request)
- Limit the size of user agent to reduce ReDos attack (merge request)
- Only allow safe params for diff helper (merge request)
- Protect Sentry auth-token after changing URL (merge request)
- Delete project specific licenses when license policy is deleted (merge request)
- Restrict user avatar availability based on visibility restrictions (merge request)
- Policy change to read and destroy token without license for .com (merge request)
- Restrict Grafana API access on public projects (merge request)
- Fix "Race condition enables verified email forgery" (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Jan. 9, 2023, midnight
name
15.5.7
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!