GitLab - Package updates

girish

[1.40.1]

• Update GitLab to 13.3.3
• Release blog
• This is an important security release, please update ASAP
• Vendor Cross-Account Assume-Role Attack
• Stored XSS on the Vulnerability Page
• Outdated Job Token Can Be Reused to Access Unauthorized Resources
• File Disclosure Via Workhorse File Upload Bypass
• Unauthorized Maintainer Can Edit Group Badge
• Denial of Service Within Wiki Functionality
• Sign-in Vulnerable to Brute-force Attacks
• Invalidated Session Allows Account Access With an Old Password
• Blind SSRF Through Repository Mirroring

girish

[1.40.2]

• Update GitLab to 13.3.5
• Release blog
• Update the 2FA user check to use timestamps
• Coerce string object storage options to booleans
• Fix Jira importer user mapping limit
• Fix auto-deploy-image external chart dependencies
• Fix ActiveRecord::IrreversibleOrderError during restore from backup
• Add path helper method for vulnerability todo
• Fix hanging info/refs cache when error occurs

girish

[1.40.3]

• Update GitLab to 13.3.6

girish

[1.41.0]

• Update Gitlab to 13.4.1
• Release blog
• List and revoke Personal Access Tokens via API
• Revoke PATs for self-managed credential inventory
• Child pipelines can now trigger their own child pipelines
• Mark a to-do as Done in the Design View
• GitLab Runner 13.4 released

girish

[1.41.1]

• Update GitLab to 13.4.2
• Security release
• Fixes Potential Denial Of Service Via Update Release Links API

girish

[1.41.2]

• Update GitLab to 13.4.3

girish

[1.41.3]

• Update GitLab to 13.4.4

girish

[1.42.0]

• Update GitLab to 13.5.2
• Release announcement
• View cluster cost management data in GitLab
• Enable instance-level shared runners when viewing groups
• Trigger downstream or child pipelines with manual jobs

girish

[1.42.1]

• Update GitLab to 13.5.3

girish

[1.42.2]

• Update GitLab to 13.5.4

girish

[1.43.0]

• Update GitLab to 13.6.1
• Release announcement
• Display Code Quality severity ratings
• Group-level management of project integrations
• Fire Webhook on Feature Flag change
• Sort releases by name in UI
• Admin approval required by default for new user registrations
• Export merge requests as a CSV
• Improved user experience for the group member list
• Visualize users, projects, groups, issues, MRs, and pipeline activity
• Configure destination for images uploaded from the Static Site Editor
• Filter Merge Requests by environment and deployment times
• Improved Design Management notifications
• Issues and Merge Requests in VS Code
• Unique design identifier
• GitLab Runner 13.6

girish

[1.44.0]

• Setup new installations with admin email set to admin@cloudron.local

girish

[1.44.1]

• Update GitLab to 13.6.3
• Release announcement

girish

[1.44.2]

• disable changing of usernames by default
• Set trusted_proxies

girish

[1.45.0]

• Update GitLab to 13.7
• Release announcement
• Reviewers for Merge Requests
• Clone an issue with a quick action
• Show deployment status on the Environments page
• Improved group members list filtering and sorting
• Improved UI for project creation
• Choose to show one file at a time directly from merge requests

girish

[1.45.1]

• Update GitLab to 13.7.4
• GitLab Critical Security Release

girish

[1.46.0]

• Update GitLab to 13.8.1
• Release announcement
• Pipeline editor
• CI lint tool in the pipeline editor page
• CI/CD configuration validation in Pipeline Editor
• Visualization of pipeline configuration
• Click and drag multiline merge request comments

girish

[1.46.1]

• Update GitLab to 13.8.2
• Security release

girish

[1.47.0]

• Use base image 3.0

girish

[1.47.1]

• Update GitLab to 13.8.4
• Security release
• Denial of Service Attack on gitlab-shell
• Improper Certificate Validation for Fortinet OTP
• Resource exhaustion due to pending jobs
• Confidential issue titles were exposed
• Improper access control allowed demoted project members to access authored merge requests