GitLab CE - 16.2.2
Security
(2023-08-01)
Added (1 change)
Fixed (2 changes)
- Disable IAT verification by default
- Enable descendant_security_scans by default GitLab Enterprise Edition
Security (17 changes)
- Fix undefined method licenses for nil:NilClass bug (merge request)
- Fix undefined method page error in list dependencies (merge request)
- Add pagination for license scanning (merge request)
- Prevent leaking emails of newly created users (merge request)
- Added redirect to filtered params (merge request)
- Relocate PlantUML config and disable SVG support (merge request)
- Sanitize multiple hardlinks from import archives (merge request)
- Validates project path availability (merge request)
- Fix policy project assign (merge request)
- Fix bug where comments on files with incorrect sha breaks UI (merge request)
- Fix pipeline schedule authorization for protected branch/tag (merge request)
- Mitigate autolink filter ReDOS (merge request)
- Fix XSS vector in Web IDE (merge request)
- Mitigate project reference filter ReDOS (merge request)
- Add a stricter regex for the Harbor search param (merge request)
- Update pipeline user to the last policy MR author (merge request)
- Prohibit 40 character hex plus a hyphen if branch name is path (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Aug. 1, 2023, midnight
name
16.2.2
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!