diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-09 12:50:34 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-09 12:50:34 +0000 |
| commit | 201805ee2af83fc75bb50ee8a10aa24f563bb2f4 (patch) | |
| tree | da4405399eb8f953acbeb94357f6a522b8efdcb1 | |
| parent | 2ebfbae281ba0d88522cc9e8b00fb416617ef1e6 (diff) | |
| download | gitlab-ce-201805ee2af83fc75bb50ee8a10aa24f563bb2f4.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@15-6-stable-eev15.6.4
| -rw-r--r-- | CHANGELOG.md | 14 | ||||
| -rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
| -rw-r--r-- | GITLAB_PAGES_VERSION | 2 |
3 files changed, 16 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7600527293c..50ca1101950 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,20 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 15.6.4 (2023-01-09) + +### Security (9 changes) + +- [Avoid regex with potential for poorly performing backtracking](gitlab-org/security/gitlab@76052c2c1d89b47fe1a39d6a2118ced0d26d4e5f) ([merge request](gitlab-org/security/gitlab!2988)) +- [Protect web-hook url variables after changing URL](gitlab-org/security/gitlab@55b7e051e4c6ca50ef1165130c465f1d11bd968f) ([merge request](gitlab-org/security/gitlab!2977)) +- [Limit the size of user agent to reduce ReDos attack](gitlab-org/security/gitlab@b9e42f4fe131f4a17d24d69076444d68c6a31b18) ([merge request](gitlab-org/security/gitlab!2990)) +- [Protect Sentry auth-token after changing URL](gitlab-org/security/gitlab@3b1d4ae2fbd1845d7659b21c65426275fb0b72d3) ([merge request](gitlab-org/security/gitlab!2984)) +- [Delete project specific licenses when license policy is deleted](gitlab-org/security/gitlab@79142b8c727a3d43b3555c4600b0b6cb3e070ebe) ([merge request](gitlab-org/security/gitlab!2943)) +- [Restrict user avatar availability based on visibility restrictions](gitlab-org/security/gitlab@15732554472373586769a8ca46c2b5cbf0b40783) ([merge request](gitlab-org/security/gitlab!2972)) +- [Policy change to read and destroy token without license for .com](gitlab-org/security/gitlab@9219eab8a5180ae34bb92cbd52c5e7be0602b66d) ([merge request](gitlab-org/security/gitlab!2913)) +- [Restrict Grafana API access on public projects](gitlab-org/security/gitlab@7a23bd7fe68a47ac5ae56c212d5ec3695631a4db) ([merge request](gitlab-org/security/gitlab!2958)) +- [Fix "Race condition enables verified email forgery"](gitlab-org/security/gitlab@d0c0852118adaeb8e99f443c06769b9564294290) ([merge request](gitlab-org/security/gitlab!2963)) + ## 15.6.3 (2022-12-21) No changes. diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 17113114fce..5d62dc83196 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -15.6.3
\ No newline at end of file +15.6.4
\ No newline at end of file diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION index 17113114fce..5d62dc83196 100644 --- a/GITLAB_PAGES_VERSION +++ b/GITLAB_PAGES_VERSION @@ -1 +1 @@ -15.6.3
\ No newline at end of file +15.6.4
\ No newline at end of file |