GitLab CE - 16.2.5
Security
(2023-08-31)
Fixed (1 change)
- Geo: Resync direct upload object stored artifacts GitLab Enterprise Edition
Security (13 changes)
- Add authorization checks to import status endpoint (merge request)
- Update commonmarker to 0.23.10 (merge request)
- Remove DAST secret variables when URL is updated (merge request)
- Maintainer can leak sentry token by changing the configured URL (merge request)
- Service account users are external by default (merge request)
- Additional permission check when editing label (merge request)
- Fix ReDOS in bulk_imports endpoint params (merge request)
- Prevent namespace level banned users from accessing API (merge request)
- Requires write_model_experiments on mlflow api (merge request)
- Check prohibit_outer_forks in fork relationship api (merge request)
- Remove GCP private key from streaming audit events UI (merge request)
- Prevent traversal for
path
parameter in refs/switch endpoint (merge request) - Gitaly keyset pager when pagination none only with tree view (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Aug. 31, 2023, midnight
name
16.2.5
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!