GitLab EE - 14.9.2
Security
(2022-03-31)
Security (20 changes)
- Quarantine UsageDataNonSqlMetrics failing test (merge request)
- Disallow login if password matches a fixed list (merge request)
- Update devise-two-factor to 4.0.2 (merge request)
- Limit the number of tags associated with a CI runner (merge request)
- GitLab Pages Security Updates for 14.9 (merge request)
- Upgrade swagger-ui dependency (merge request)
- Modify release link format check to avoid regex if string is too long (merge request)
- Masks variables in error messages (merge request)
- Escape user provided string to prevent XSS (merge request)
- Monkey patch of RDoc to prevent Ruby segfault (merge request)
- Project import maps members' created_by_id users based on source user ID (merge request)
- Redact InvalidURIError error messages (merge request)
- Fix access for approval rules API (merge request)
- Fix kroki exploit (merge request)
- Fix blind SSRF when looking up SSH host keys for mirroring (merge request)
- Escape original content in reference redactor (merge request)
- Security fix for CI/CD analytics visibility (merge request)
- Latest commit exposed through fork of a private project (merge request)
- Fix Asana integration restricted branch filter (merge request)
- Revert "JH need more complex passwords" (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
March 31, 2022, midnight
name
14.9.2
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!