ยซ Changelog History


Gitlab CI v12.0.7 Release Notes

  • ๐Ÿ”’ Security (22 changes)

    • ๐Ÿ”€ Ensure only authorised users can create notes on Merge Requests and Issues.
    • Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
    • Queries for Upload should be scoped by model.
    • Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
    • Limit the size of issuable description and comments.
    • Send TODOs for comments on commits correctly.
    • ๐Ÿ— Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
    • โž• Added image proxy to mitigate potential stealing of IP addresses.
    • Filter out old system notes for epics in notes api endpoint response.
    • Avoid exposing unaccessible repo data upon GFM post processing.
    • ๐Ÿ›  Fix HTML injection for label description.
    • ๐Ÿ‘‰ Make sure HTML text is always escaped when replacing label/milestone references.
    • Prevent DNS rebind on JIRA service integration.
    • ๐Ÿ‘‰ Use admin_group authorization in Groups::RunnersController.
    • ๐Ÿ”€ Prevent disclosure of merge request ID via email.
    • ๐Ÿ‘‰ Show cross-referenced MR-id in issues' activities only to authorized users.
    • Enforce max chars and max render time in markdown math.
    • ๐Ÿ”€ Check permissions before responding in MergeController#pipeline_status.
    • โœ‚ Remove EXIF from users/personal snippet uploads.
    • ๐Ÿ›  Fix project import restricted visibility bypass via API.
    • ๐Ÿ›  Fix weak session management by clearing password reset tokens after login (username/email) are updated.
    • ๐Ÿ›  Fix SSRF via DNS rebinding in Kubernetes Integration.