Gitlab CI v15.1.1 Release Notes

Release Date: 2022-06-30 // 5 months ago
  • ๐Ÿ”’ Security (16 changes)

    • ๐Ÿ”’ [Fix group IP restrictions not enforced for container registry requests](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2550))
    • ๐Ÿ”’ [Gitlab Runner version upgrade](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2564))
    • โšก๏ธ [Update ProjectAttributesTransformer to use fixed number of attributes](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2547))
    • ๐Ÿš€ [Escape deploy key title to prevent XSS](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2492))
    • ๐Ÿ”’ [Sanitize ZenTao breadcrumb links](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2555))
    • ๐Ÿ”’ [Fix permissions in the project labels API](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2532))
    • ๐Ÿ”’ [Security fix sentry issue leaks and access level check](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2531))
    • ๐Ÿ”’ [Check permissions before exposing user two factor enabled](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2530))
    • ๐Ÿš€ [Filter milestone release by user access](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2535))
    • ๐Ÿ”’ [Fix the required access level in the Conan packages finder](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2513))
    • ๐Ÿ”’ [Allow inviting only groups with subset of allowed domains to groups](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2538))
    • ๐Ÿ”’ [Fix open redirect vulnerability](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2542))
    • ๐Ÿ”’ [Adds a filter based on user access to Runner jobs endpoint](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2508))
    • ๐Ÿ”’ [Prevent runners from picking IP restricted jobs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2505))
    • ๐Ÿ”’ [Restrict CI lint access to pipeline creators](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2516))
    • ๐Ÿ”’ [Catch endless headers when reading HTTP responses](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2527))