GitLab - Package Updates

Package Updates

[1.112.4]

• Update gitlab-foss to 18.8.4
• Full Changelog

Package Updates

[1.113.0]

• Update gitlab-foss to 18.9.1
• Full Changelog
• Navigate repositories with collapsible file tree
• Include CI/CD inputs from a file
• Rapid Diffs improves performance for commit changes

Package Updates

[1.114.0]

• Update gitlab-foss to 18.10.0
• Add #find_by_id_through_partition to Ci::Pipeline (merge request)
• Prevent use of REST lifecycle terms in free text fields (merge request)
• Reduce GraphQL query complexity for security inventory query (merge request) GitLab Enterprise Edition
• Add separate queue for backfilling (merge request) GitLab Enterprise Edition
• Adds work_item_type_ids filter to GraphQL (merge request)
• Create offline transfer route and controller (merge request)
• Enable bso_minimal_access_fallback feature flag by default (merge request) GitLab Enterprise Edition
• Show custom WI types within Custom Fields config (merge request) GitLab Enterprise Edition
• Add Vulnerabilities Over Time chart to PDF export (merge request) GitLab Enterprise Edition
• Add override action display to policy drawer (merge request) GitLab Enterprise Edition

Package Updates

[1.114.1]

• Update gitlab-foss to 18.10.1
• Full Changelog

Package Updates

[1.114.2]

• Fix avatar uploads

Package Updates

[1.114.3]

• Update gitlab-foss to 18.10.2
• Full Changelog
• Surface group-level Duo setting with DAP self-hosted (merge request) GitLab Enterprise Edition
• Fix regression: "Git operations for Deploy keys fail on a Geo Site" (merge request) GitLab Enterprise Edition
• Merge branch '588699-treat-scheduled-deletion-as-archived' into 'master' (merge request)

Package Updates

[1.114.4]

• Update gitlab-foss to 18.10.3
• Full Changelog

Package Updates

[1.115.0]

• Update gitlab-foss to 18.11.0
• Full Changelog
• Fix deploy token authentication for Go module proxy (merge request)
• Fix IPv6 literal addresses bypassing no_proxy when outbound proxy is set (merge request)
• Add REST API GET endpoint for Terraform state protection rules by @gerardo-navarro (merge request)
• Add negation support in pipeline expressions by @mewp (merge request)
• Add CI_CONFIG_REF_URI predefined CI/CD variable (merge request)
• Fix privilege escalation in member role management (merge request)
• Fix XSS vulnerability in Analytics dashboards DataTable component (merge request)
• Enhance security for passkey authentication & passkey creation (merge request)
• Add Terraform module support to package protection rules (merge request)
• gitaly-backup: Remove layout arg (merge request)

Package Updates

[1.115.1]

• Update gitlab-foss to 18.11.2
• Full Changelog
• Expose X-Streaming-Format header for api requests (merge request)
• Fix JSON tables with non-string values
• Enforce pagination in issuable discussions endpoint (merge request)
• Unwrap nested a no matter how they're produced (merge request)
• Fix OAuth token not rejected (merge request)
• Owner of a project (Developer in the top-level group) can create a fork inside... (merge request)
• Add configurable Markdown length limit (merge request)
• Fix CSRF bypass via parser-differential in GraphQL API (merge request)
• Fix TOCTOU vulnerability in Web IDE asset authorization (merge request)
• Validate JSON-like responses regardless of Content-Type header (merge request)

Package Updates

[1.115.2]

• Update gitlab-foss to 18.11.3
• GitLab 18.11 release notes
• Fix import_url validation for passwords with special characters
• Fix project moved notification when project is scheduled for deletion
• Downgrade Rugged to 1.7.2 to avoid llhttp collision
• Raise permission for test upstream endpoints GitLab Enterprise Edition
• Gate trial CTA's on FF automatic_self_managed_trial_activation GitLab Enterprise Edition
• 18.11 Backport: Fix missing DuoApiAuthenticator stub in json_validation_spec (merge request)
• Address XSS via file path in global search (merge request)
• Sanitize HTML in Duo Chat markdown renderer (merge request)
• Fix the group permission user search results (merge request)
• Filter tag names with invalid formats during deletion (merge request)
• Prevent source issue disclosure via issue links API (merge request)
• Remove componentProps from analytics dashboards DataTable (merge request)
• Fix value_stream data source passing arbitrary query fields (merge request)
• Fix HTML injection in achievement email notifications (merge request)
• Clarify Jira integration access scope in docs and UI (merge request)
• Authenticate internal API requests pre JSON parsing (merge request)
• Approval rule lock bypass via GraphQL mutations (merge request)
• Gate create_note_email on write-level token scope (merge request)
• Reject oversized job tokens early in AuthJobFinder (merge request)
• Normalize PyPI package names in protection rule checks (merge request)
• Enhance DNS rebinding protection in VirtualRegistries RedirectHandler (merge request)
• Count carriage-return separators in CSV structural char estimate (merge request)
• Fix DoS via unauthenticated POST to Duo Workflow endpoints - 18.11 backport (merge request)
• Remove legacy JiraConnect::Subscriptions#create to close CSRF vector (merge request)
• Remove all namespaced attributes in BaseSanitizationFilter (merge request)
• Filter out non-user-defined rules on approval update (merge request)
• Fix orphaned scan_result_policy_reads on policy project reassignment (merge request)
• Fix confidential issue data leak via move/clone API endpoints (merge request)
• Add Helm package protection rule check to CreatePackageFileService (merge request)
• Scope NuGet symbols lookup to projects within the requested namespace (merge request)
• Security Fix Vulnerability 586634 (merge request)