Gitlab CI v15.3.5 Release Notes

Release Date: 2022-11-02 // 3 months ago
  • 🔒 Security (12 changes)

    • 🔒 [Datadog API key leak by changing integration URL](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2864))
    • 🔒 [Redact confidential references in Jira issue descriptions](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2872))
    • 🔒 [Forbid reading emojis on internal notes](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2838))
    • 🔒 [Same-site redirect vulnerability](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2880))
    • 🔒 [BYPASS: Stored-XSS with CSP-bypass via scoped labels' color](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2862))
    • 🔒 [Fix Running Upstream Pipelines Jobs Without Permission](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2883))
    • 🔒 [Add length limit to addressable URLs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2830))
    • 🔒 [Add a redirect wall before artifact redirect to pages](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2813))
    • 🔒 [Sandbox swagger-ui to prevent injection attacks](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2850))
    • 🔒 [Fix external project permission when using CI prefill variables](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2823))
    • 🔒 [Resolve users can view audit events from other members](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2843))
    • 🔒 [Path traversal fix for Secure Files](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2847))