GitLab CE - 16.4.3
Security
(2023-11-30)
Fixed (1 change)
- Fix assign security check permission checks GitLab Enterprise Edition
Security (10 changes)
- Enforce ref protection on pipeline schedule updates (merge request)
- Update mermaid version for DOS security fixes (merge request)
- Prevent guest users from being able to add emojis in confidential issues (merge request)
- Do not run ssl cert validation if key has errors (merge request)
- Ensure access is checked when loading releases associated with tags (merge request)
- XSS and ReDoS in Markdown via Banzai pipeline of Jira (merge request)
- Prevent branch names starting with SHA-1 and SHA-256 values (merge request)
- Filter out projects with disabled package registry in Composer finder (merge request)
- Check max role for user for group access to protected ref (merge request)
- Treat security policy bots as external (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Nov. 30, 2023, midnight
name
16.4.3
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!