GitLab EE - 16.11.2
Security
(2024-05-07)
Fixed (1 change)
Changed (1 change)
Security (11 changes)
- Update GITHUB_MEDIA_CDN to avoid SSRF when importing from Github (merge request)
- Prevent namespace banned users from reading project todos (merge request)
- ReDoS in GitRefsFinder when using wildcards in branch search (merge request)
- ReDos in escape and commit reference filters (merge request)
- Validate request origin before MR approval (merge request)
- Check request size before updating user pins (merge request)
- Enforce per_page validation for Branches/TagsFinders (merge request)
- Update Integrations::Discord::ATTACHMENT_REGEX regex (merge request)
- Update BaseMessage::RELATIVE_LINK_REGEX regex (merge request)
- Require confirmation before linking JWT identity (merge request)
- Fix confidentiality check optimization (merge request)
Security
Security wording was detected, but no CVEs were found.
Details
date
May 7, 2024, midnight
name
16.11.2
type
Patch
👇
Register or login to:
- 🔍View and search all GitLab EE releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!