GitLab EE - 16.0.8
Security
(2023-08-01)
Fixed (1 change)
Security (13 changes)
- Prevent leaking emails of newly created users (merge request)
- Added redirect to filtered params (merge request)
- Relocate PlantUML config and disable SVG support (merge request)
- Sanitize multiple hardlinks from import archives (merge request)
- Validates project path availability (merge request)
- Fix policy project assign (merge request)
- Fix pipeline schedule authorization for protected branch/tag (merge request)
- Mitigate autolink filter ReDOS (merge request)
- Fix XSS vector in Web IDE (merge request)
- Mitigate project reference filter ReDOS (merge request)
- Add a stricter regex for the Harbor search param (merge request)
- Update pipeline user to the last policy MR author (merge request)
- Prohibit 40 character hex plus a hyphen if branch name is path (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Aug. 1, 2023, midnight
name
16.0.8
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!