Gitlab CI v15.4.1 Release Notes

Release Date: 2022-09-29 // 4 months ago
  • ๐Ÿ”’ Security (15 changes)

    • ๐Ÿ”’ [Redact user's private email in group member event webhook](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2809))
    • ๐Ÿ”’ [Redact secrets from WebHookLogs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2805))
    • ๐Ÿ”’ [Forbid creating a tag using default branch name](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2798))
    • ๐Ÿ”’ [Sanitize Url and check for valid numerical errorId in error tracking](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2819))
    • ๐Ÿ”’ [Add security protection for Github](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2803))
    • ๐Ÿ”’ [Fix leaking emails in WebHookLogs](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2806))
    • ๐Ÿ”’ [Restrict max duration to 1 year for trace display](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2817))
    • ๐Ÿ”’ [Use UntrustedRegexp for upload rewriter](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2790))
    • ๐Ÿ”’ [Validate httpUrlToRepo to be http or https only](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2811))
    • ๐Ÿ”’ [Respect instance level rule for editing approval rules](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2796))
    • ๐Ÿ”’ [Prevent users creating issues in ay project via board/issues controller](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2781))
    • ๐Ÿ”’ [Prevent serialization of sensible attributes from JsonCache](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2818))
    • โšก๏ธ [Update TodoPolicy to handle confidential notes](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2833))
    • ๐Ÿ”’ [Enforce group IP restriction on Dependency Proxy](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2801))
    • ๐Ÿ”’ [Fixes XSS in widget extensions](gitlab-org/security/[email protected]) ([merge request](gitlab-org/security/gitlab!2832))