GitLab EE - 15.7.8
Security
(2023-03-02)
Security (12 changes)
- Using builds metadata to determine debug_mode (merge request)
- Fix pagination limits for Commits API (merge request)
- Mask Google IAP account details in Prometheus integration (merge request)
- Stop Group Transfer Service if SAML Provider or SCIM token is present (merge request)
- Protect Datadog API key by changing Datadog site (merge request)
- Protect integrations' sensitive information exposed via API (merge request)
- Disallow maintainer to create an owner access token (merge request)
- Paste only text content in work items title (merge request)
- Jira DVCS OAuth Open Redirect Vulnerability (merge request)
- Block private personal snippet from unauthorized users (merge request)
- Verify Kroki diagram type (merge request)
- Check read_release permission before showing releases in Tags API (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
March 2, 2023, midnight
name
15.7.8
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!