Gitlab CI v15.2.4 Release Notes

Release Date: 2022-08-30 // 3 months ago
  • ๐Ÿ”’ Security (18 changes)

    • ๐Ÿ”’ [No overriding methods for Sawyer class](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2755))
    • โšก๏ธ [Update Oj to v3.13.21](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2729))
    • ๐Ÿ”’ [Bump yajl-ruby gem version](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2689))
    • ๐Ÿ”’ [Prevent long loops when generating suggested branch name](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2744))
    • ๐Ÿ”’ [IDOR in Zentao integration issue show page](gitlab-org/security/[email protected]a4f6d87c8ca37db5c) ([merge request](gitlab-org/security/gitlab!2741))
    • ๐Ÿ”’ [Patch VULNDB-255039 (potential Rack cache poisoning)](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2694))
    • ๐Ÿ”’ [HTML escape the label background color](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2720))
    • ๐Ÿ”’ [Sandbox jupyter notebook HTML output](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2711))
    • ๐Ÿ”’ [Fix unauthorized GFM references in Incident Timeline](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2708))
    • โšก๏ธ [Optimize handling repositories with huge trees](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2666))
    • ๐Ÿ”’ [Parse commit trailers without using regexp](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2700))
    • ๐Ÿ”’ [Check for pathological markdown input](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2732))
    • ๐Ÿ”’ [Replaced smooshpack to fix the vulnerability in LivePreview](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2662))
    • โšก๏ธ [Update package auth for group IP allowlist](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2684))
    • ๐Ÿ”’ [Don't show pipeline status](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2680))
    • ๐Ÿ”’ [Sanitize img attributes in Banzai::Filter::ImageLinkFilter](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2676))
    • ๐Ÿ”’ [Validate description length for snippets](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2703))
    • ๐Ÿ”’ [Prevent brute force vuln for Git over HTTP(S) requests](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2717))