Gitlab CI v15.3.5

« Changelog History

Gitlab CI v15.3.5 Release Notes

• 🔒 Security (12 changes)

  • 🔒 [Datadog API key leak by changing integration URL](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2864))
  • 🔒 [Redact confidential references in Jira issue descriptions](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2872))
  • 🔒 [Forbid reading emojis on internal notes](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2838))
  • 🔒 [Same-site redirect vulnerability](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2880))
  • 🔒 [BYPASS: Stored-XSS with CSP-bypass via scoped labels' color](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2862))
  • 🔒 [Fix Running Upstream Pipelines Jobs Without Permission](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2883))
  • 🔒 [Add length limit to addressable URLs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2830))
  • 🔒 [Add a redirect wall before artifact redirect to pages](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2813))
  • 🔒 [Sandbox swagger-ui to prevent injection attacks](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2850))
  • 🔒 [Fix external project permission when using CI prefill variables](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2823))
  • 🔒 [Resolve users can view audit events from other members](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2843))
  • 🔒 [Path traversal fix for Secure Files](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2847))

• All Versions
• Previous v15.3.4
• Next v15.4.0
• Latest Version