GitLab EE - 16.5.3
Security
(2023-11-30)
Security (11 changes)
- Validate adding members with higher role (merge request)
- Enforce ref protection on pipeline schedule updates (merge request)
- Update mermaid version for DOS security fixes (merge request)
- Prevent guest users from being able to add emojis in confidential issues (merge request)
- Do not run ssl cert validation if key has errors (merge request)
- Ensure access is checked when loading releases associated with tags (merge request)
- XSS and ReDoS in Markdown via Banzai pipeline of Jira (merge request)
- Prevent branch names starting with SHA-1 and SHA-256 values (merge request)
- Filter out projects with disabled package registry in Composer finder (merge request)
- Check max role for user for group access to protected ref (merge request)
- Treat security policy bots as external (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
Nov. 30, 2023, midnight
name
16.5.3
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!