Gitlab CI v13.3.9 Release Notes
Release Date: 2020-11-02 // over 3 years ago-
๐ Security (9 changes)
- โ Add CSRF protection to runner pause and resume. !1021
- Do not expose Terraform state record in API.
- Path traversal to RCE via LFS upload.
- Update container_repository_name_regex to prevent catastrophic backtracking.
- ๐ฆ Validate nuget package names.
- Prevent private repo from being accessed via internal Kubernetes API.
- Validate each upload param key in multipart.rb.
- ๐ Fix XSS vulnerability for job build dependencies.
- ๐ Fix unauthorized user is able to access schedule pipeline variables and values.