ยซ Changelog History


Gitlab CI v11.4.8 Release Notes

Release Date: 2018-11-27 // over 5 years ago

  • ๐Ÿ”’ Security (24 changes)

    • Escape entity title while autocomplete template rendering to prevent XSS. !2571
    • Resolve reflected XSS in Ouath authorize window.
    • ๐Ÿ›  Fix XSS in merge request source branch name.
    • Escape user fullname while rendering autocomplete template to prevent XSS.
    • ๐Ÿ›  Fix CRLF vulnerability in Project hooks.
    • ๐Ÿ›  Fix possible XSS attack in Markdown urls with spaces.
    • ๐ŸŒฒ Redact sensitive information on gitlab-workhorse log.
    • ๐Ÿ”ง Do not follow redirects in Prometheus service when making http requests to the configured api url.
    • Persist only SHA digest of PersonalAccessToken#token.
    • Don't expose confidential information in commit message list.
    • Provide email notification when a user changes their email address.
    • ๐ŸŒ Restrict Personal Access Tokens to API scope on web requests.
    • Redact personal tokens in unsubscribe links.
    • ๐Ÿ›  Fix SSRF in project integrations.
    • ๐Ÿ›  Fixed ability to comment on locked/confidential issues.
    • ๐Ÿ›  Fixed ability of guest users to edit/delete comments on locked or confidential issues.
    • ๐Ÿ›  Fix milestone promotion authorization check.
    • Monkey kubeclient to not follow any redirects.
    • ๐Ÿ”ง Configure mermaid to not render HTML content in diagrams.
    • ๐Ÿ›  Fix a possible symlink time of check to time of use race condition in GitLab Pages.
    • โœ‚ Removed ability to see private group names when the group id is entered in the url.
    • ๐Ÿ›  Fix stored XSS for Environments.
    • Prevent SSRF attacks in HipChat integration.
    • Validate Wiki attachments are valid temporary files.