GitLab EE - 14.10.5
Security
(2022-06-30)
Security (17 changes)
- Fix group IP restrictions not enforced for container registry requests (merge request)
- Update rack gem to version 2.2.3.1 (merge request)
- Gitlab Runner version upgrade (merge request)
- Update ProjectAttributesTransformer to use fixed number of attributes (merge request)
- Escape deploy key title to prevent XSS (merge request)
- Sanitize ZenTao breadcrumb links (merge request)
- Fix permissions in the project labels API (merge request)
- Security fix sentry issue leaks and access level check (merge request)
- Check permissions before exposing user two factor enabled (merge request)
- Filter milestone release by user access (merge request)
- Fix the required access level in the Conan packages finder (merge request)
- Allow inviting only groups with subset of allowed domains to groups (merge request)
- Fix open redirect vulnerability (merge request)
- Adds a filter based on user access to Runner jobs endpoint (merge request)
- Prevent runners from picking IP restricted jobs (merge request)
- Restrict CI lint access to pipeline creators (merge request)
- Catch endless headers when reading HTTP responses (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
June 30, 2022, midnight
name
14.10.5
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!