GitLab EE - 15.4.1
Security
(2022-09-29)
Security (15 changes)
- Redact user's private email in group member event webhook (merge request)
- Redact secrets from WebHookLogs (merge request)
- Forbid creating a tag using default branch name (merge request)
- Sanitize Url and check for valid numerical errorId in error tracking (merge request)
- Add security protection for Github (merge request)
- Fix leaking emails in WebHookLogs (merge request)
- Restrict max duration to 1 year for trace display (merge request)
- Use UntrustedRegexp for upload rewriter (merge request)
- Validate httpUrlToRepo to be http or https only (merge request)
- Respect instance level rule for editing approval rules (merge request)
- Prevent users creating issues in ay project via board/issues controller (merge request)
- Prevent serialization of sensible attributes from JsonCache (merge request)
- Update TodoPolicy to handle confidential notes (merge request)
- Enforce group IP restriction on Dependency Proxy (merge request)
- Fixes XSS in widget extensions (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Sept. 29, 2022, midnight
name
15.4.1
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!