GitLab Security Release: 11.2.3, 11.1.6 and 11.0.6

How to take the right decision in choosing Open Source Databases
August 21, 2018
GitLab 11.3 now comes with Maven Repository and Protected Environments support
September 25, 2018

GitLab Security Release: 11.2.3, 11.1.6 and 11.0.6


Recently GitLab released new version updates 11.2.3, 11.1.6, and 11.0.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain a number of important security fixes, GitLab recommends that all GitLab installations be upgraded to one of these versions right away.

What’s fixed:

1. Persistent XSS in CI/CD Pipeline Tooltip  –  Solved

Versions Affected

          Affects GitLab CE/EE 10.7 and later

2. Zeroconf Endpoints in GCP Issue – Solved

Versions Affected

         Affects and instances deployed to GCP

3.Persistent XSS in Merge Request Changes View – Solved

Versions Affected

        Affects GitLab CE/EE 11.1 and 11.2

4. Sensitive Data Disclosure in Sidekiq Logs – Solved

Versions Affected

        Affects GitLab CE/EE 8.10.0 and later

5. CSRF Vulnerability in System Hooks – Solved

Versions Affected

       Affects GitLab 2.7.0pre and later

6.Orphaned Project Upload Files – Solved

Versions Affected

      Affects GitLab CE/EE 8.10.0 and later.

7.Repository Storage value change via API – Solved

Versions Affected

      Affects GitLab EE 8.10 and later

GitLab 11.2 version release came with enhancements to the Web IDE, support for manifest files to import Android projects, offer instance-wide custom custom project templates.

GitLab security release

The Web IDE makes it faster and easier to contribute changes to your projects by providing an advanced code editor with commit staging right within your browser. With GitLab 11.2 it’s even easier to see the effect of your code changes and debug even before you commit. You can now preview your JavaScript web app in the Web IDE, viewing your changes in real time, right next to the code for client-side evaluation.In addition, with 11.2, you can delete and rename files and switch branches without ever leaving the Web IDE.

With the new support for XML manifest files, you can now import larger project structures with multiple repositories altogether, in bulk, including Android OS code from the Android Open Source Project (AOSP).

With 11.2, GitLab administrators can offer instance-wide custom project templates, allowing users to start new projects quickly by automating repetitive setup tasks.

Interested in GitLab licenses? Contact us to know more.