Gitlab CI v15.1.6 Release Notes

Release Date: 2022-08-30 // 3 months ago
  • ๐Ÿ”’ Security (17 changes)

    • ๐Ÿ”’ [No overriding methods for Sawyer class](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2756))
    • ๐Ÿ”’ [Bump yajl-ruby gem version](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2690))
    • ๐Ÿ”’ [Prevent long loops when generating suggested branch name](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2745))
    • ๐Ÿ”’ [IDOR in Zentao integration issue show page](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2742))
    • ๐Ÿ”’ [Patch VULNDB-255039 (potential Rack cache poisoning)](gitlab-org/security/g[email protected]) ([merge request](gitlab-org/security/gitlab!2695))
    • ๐Ÿ”’ [HTML escape the label background color](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2721))
    • ๐Ÿ”’ [Sandbox jupyter notebook HTML output](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2713))
    • ๐Ÿ”’ [Fix unauthorized GFM references in Incident Timeline](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2709))
    • โšก๏ธ [Optimize handling repositories with huge trees](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2667))
    • ๐Ÿ”’ [Parse commit trailers without using regexp](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2701))
    • ๐Ÿ”’ [Check for pathological markdown input](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2731))
    • ๐Ÿ”’ [Replaced smooshpack to fix the vulnerability in LivePreview](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2664))
    • โšก๏ธ [Update package auth for group IP allowlist](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2685))
    • ๐Ÿ”’ [Don't show pipeline status](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2679))
    • ๐Ÿ”’ [Sanitize img attributes in Banzai::Filter::ImageLinkFilter](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2677))
    • ๐Ÿ”’ [Validate description length for snippets](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2704))
    • ๐Ÿ”’ [Prevent brute force vuln for Git over HTTP(S) requests](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2718))