Gitlab CI v13.3.3 Release Notes

Release Date: 2020-09-02 // about 2 months ago
  • ๐Ÿ”’ Security (23 changes, 1 of them is from the community)

    • Check validity of project's import_url before mirroring repository.
    • ๐Ÿ‘‰ Show on two-factor authentication setup page groups that are the cause of this requirement.
    • Prevent interrupted 2FA sign-in from signing-in incorrect user.
    • Create new 2FA code each time user is entering 2FA setup page.
    • โœ‚ Remove all sessions but current while enabling 2FA.
    • Invalidate two factor sign-in when user password changes.
    • โœ‚ Delete members invites created by users being deleted.
    • Prevent OmniAuth from rendering arbitrary error messages.
    • Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
    • Invalidate remember me when an active session is revoked.
    • โž• Add rate limit on webhooks testing feature.
    • โž• Add scope presence validation to OAuth Application creation.
    • ๐Ÿ‘ Allow only running job tokens for API authentication.
    • ๐Ÿš€ Prevent Deploy Tokens to read project resources when repository is disabled.
    • ๐Ÿ”„ Change conan api to use proper workhorse validation.
    • Ensure global ID is of Snippet type in GraphQL destroy mutation.
    • ๐Ÿ›  Fix Improper Access Control on Deploy-Key.
    • Set maximum limit for profile events.
    • Persist EKS External ID before presenting it to the user.
    • Prevent project maintainers from editing group badges.
    • โฌ†๏ธ Upgrade jquery to v3.5.
    • โšก๏ธ Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
    • โšก๏ธ Update GitLab Runner Helm Chart to 0.19.3.