GitLab EE - 14.0.2
Security
(2021-07-01)
Added (1 change)
- Added omniauth_user check when verifying user cap (merge request) GitLab Enterprise Edition
Security (14 changes)
- Update rdoc to 6.3.1 (merge request)
- Forbid GET requests with mutations (merge request)
- Prevent GraphQL API access by deactivated users (merge request)
- Add sanitizing for name field (merge request)
- Copy feature visibility settings to a fork (merge request)
- Fix XSS on audit log for feature flag actions (merge request)
- Avoid disclosing project in web IDE (merge request)
- Sanitize input on pasteGFM (merge request)
- Fix merge request diff display issue with unsupported encoding (merge request)
- Fix deploy key fallback issue in protected branch (merge request)
- Add total http read timeout (merge request)
- Allow only same-origin URLs for Edit Release Cancel button (merge request)
- Update Nokogiri to 1.11.4 (merge request)
- Add new username validation (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
July 1, 2021, midnight
name
14.0.2
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!