GitLab CE - 16.6.2
Security
(2023-12-13)
Fixed (1 change)
Security (8 changes)
- Prevent tag names starting with SHA-1 and SHA-256 values (merge request)
- Pass encoded file paths to router (merge request)
- Validate access level of user while rotating token (merge request)
- Fix large time_spent value causing GraphQL error
Integer out of bounds
(merge request) - Restrict Protected branch access via group to direct members (merge request)
- Remove the ability to fork and create MR for auditors (merge request)
- Restrict passing variables on the pipeline schedule API (merge request)
- Smartcard auth: encrypt client cert in params (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Dec. 13, 2023, midnight
name
16.6.2
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab CE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!