Gitlab CI v15.2.5 Release Notes

Release Date: 2022-09-29 // 4 months ago
  • ๐Ÿ”’ Security (16 changes)

    • ๐Ÿ”’ [Geo: Do not delete object stored files when not GitLab managed](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2775))
    • ๐Ÿ”’ [Redact user's private email in group member event webhook](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2795))
    • ๐Ÿ”’ [Redact secrets from WebHookLogs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2657))
    • ๐Ÿ”’ [Forbid creating a tag using default branch name](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2800))
    • ๐Ÿ”’ [Sanitize Url and check for valid numerical errorId in error tracking](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2786))
    • ๐Ÿ”’ [Add security protection for Github](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2804))
    • ๐Ÿ”’ [Fix leaking emails in WebHookLogs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2808))
    • ๐Ÿ”’ [Restrict max duration to 1 year for trace display](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2816))
    • ๐Ÿ”’ [Use UntrustedRegexp for upload rewriter](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2792))
    • ๐Ÿ”’ [Validate httpUrlToRepo to be http or https only](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2761))
    • ๐Ÿ”’ [Respect instance level rule for editing approval rules](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2783))
    • ๐Ÿ”’ [Prevent users creating issues in ay project via board/issues controller](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2779))
    • ๐Ÿ”’ [Prevent serialization of sensible attributes from JsonCache](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2772))
    • โšก๏ธ [Update TodoPolicy to handle confidential notes](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2749))
    • ๐Ÿ”’ [Enforce group IP restriction on Dependency Proxy](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2765))
    • ๐Ÿ”’ [Fixes XSS in widget extensions](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2675))