Gitlab CI v15.0.4 Release Notes

Release Date: 2022-06-30 // 3 months ago
  • ๐Ÿ”’ Security (17 changes)

    • ๐Ÿ”’ [Fix group IP restrictions not enforced for container registry requests](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2551))
    • โšก๏ธ [Update rack gem to version 2.2.3.1](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2553))
    • ๐Ÿ”’ [Gitlab Runner version upgrade](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2566))
    • โšก๏ธ [Update ProjectAttributesTransformer to use fixed number of attributes](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2548))
    • ๐Ÿš€ [Escape deploy key title to prevent XSS](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2493))
    • ๐Ÿ”’ [Sanitize ZenTao breadcrumb links](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2556))
    • ๐Ÿ”’ [Fix permissions in the project labels API](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2533))
    • ๐Ÿ”’ [Security fix sentry issue leaks and access level check](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2500))
    • ๐Ÿ”’ [Check permissions before exposing user two factor enabled](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2524))
    • ๐Ÿš€ [Filter milestone release by user access](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2536))
    • ๐Ÿ”’ [Fix the required access level in the Conan packages finder](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2482))
    • ๐Ÿ”’ [Allow inviting only groups with subset of allowed domains to groups](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2511))
    • ๐Ÿ”’ [Fix open redirect vulnerability](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2541))
    • ๐Ÿ”’ [Adds a filter based on user access to Runner jobs endpoint](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2496))
    • ๐Ÿ”’ [Prevent runners from picking IP restricted jobs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2504))
    • ๐Ÿ”’ [Restrict CI lint access to pipeline creators](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2514))
    • ๐Ÿ”’ [Catch endless headers when reading HTTP responses](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2528))