GitLab EE - 16.0.6
Security
(2023-06-28)
Security (12 changes)
- Revert 'security-leaked-ci-job-token-permission-16-0' from '16-0'" (merge request)
- Use fully qualified ref when loading code owner file (merge request)
- Maintainer can leak masked webhook secrets by manipulating URL masking (merge request)
- Remove approvals when the only commit gets amended (merge request)
- Add authorization validation to GithubController#failures action (merge request)
- Fix for fork permissions check in compare controller (merge request)
- Webhook token leaked in Sidekiq logs if log format is 'default' (merge request)
- Mitigate epic reference filter ReDOS (merge request)
- Increasing security for CI_JOB_TOKEN on public and internal projects (merge request)
- Adjust access to value stream create, edit and destroy actions (merge request)
- Sanitize user email addresses in admin confirm user dialog (merge request)
- Obfuscate email of service desk issue creator in issue REST API (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
June 28, 2023, midnight
name
16.0.6
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!