GitLab CE - 16.6.1
Security
(2023-11-30)
Fixed (3 changes)
- Revert "Merge branch 'sc1-release-goredis' into 'master'"
- Truncate verification failure message to 255 GitLab Enterprise Edition
- Prefer custom sort order with search in users API
Security (11 changes)
- Validate adding members with higher role (merge request)
- Enforce ref protection on pipeline schedule updates (merge request)
- Update mermaid version for DOS security fixes (merge request)
- Prevent guest users from being able to add emojis in confidential issues (merge request)
- Do not run ssl cert validation if key has errors (merge request)
- Ensure access is checked when loading releases associated with tags (merge request)
- XSS and ReDoS in Markdown via Banzai pipeline of Jira (merge request)
- Prevent branch names starting with SHA-1 and SHA-256 values (merge request)
- Filter out projects with disabled package registry in Composer finder (merge request)
- Check max role for user for group access to protected ref (merge request)
- Treat security policy bots as external (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Nov. 30, 2023, midnight
name
16.6.1
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!