GitLab CE - 15.8.5
Security
(2023-03-30)
Security (16 changes)
- Fix rubocop offenses in lib/gitlab/url_sanitizer.rb (merge request)
- Add checks to remove open redirects from Observability URL (merge request)
- Redirect to tree from project root on ref collision (merge request)
- Fixes soft email confirmation alert vulnerability (merge request)
- Restrict Prometheus API access on public projects (merge request)
- Verify that users have access to the parent of the fork (merge request)
- Protect webhook secrets by resetting url_variables (merge request)
- Replace Unicode space chars with spaces (merge request)
- Check access to parent when creating and updating epics (merge request)
- Improve Gitlab::UrlSanitizer regex to match more URIs (merge request)
- Check access to target project before looking for branch (merge request)
- Fix the potential leak of internal notes (merge request)
- Filter namespace environments by feature visibility (merge request)
- Check access to reorder issues in epic tree (merge request)
- Fix security report authorization (merge request)
- Prevent XSS attack in "Maximum page reached" page (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
March 30, 2023, midnight
name
15.8.5
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!