GitLab EE - 15.0.5
Security
(2022-07-28)
Security (18 changes)
- Security datadog integration leaking (merge request)
- Prevent users who cannot admin a public project from viewing deploy keys (merge request)
- Add additional condition to accept invitation (merge request)
- Update GITLAB_PAGES_VERSION (merge request)
- Add html_escape to build_details_entity (merge request)
- Check permissions when filtering by contact or organization (merge request)
- Use author to run subscribed pipeline (merge request)
- Remove prohibited branches after project import (merge request)
- Remove feature flag
ci_yaml_limit_size
(merge request) - Maintainer can change the visibility of Project and Group (merge request)
- Do not link unverified secondary emails with any users (merge request)
- Forbid exchanging access token for ROP flow to users required 2FA setup (merge request)
- Remove todos from confidential notes when user loses access (merge request)
- Remove group_bot_user and group_access_token after group delete (merge request)
- Protect integration secrets (merge request)
- Protect Grafana and Sentry integrations (merge request)
- Fix IDOR in Jira issue show action (merge request)
- Limit proxied requests to Grafana API (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
July 28, 2022, midnight
name
15.0.5
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!