Add latest changes from gitlab-org/security/gitlab@15-4-stable-eev15.4.4

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-02 08:46:11 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-02 08:46:11 +0000
commit: 6442864a274d88d16ee303e78b3c3d1aed79265c (patch)
tree: 4f857355fe2e186855c467eb073f074c527af5cc
parent: ddd0f125c2aa83d6a1291ad7366bd7714650bf02 (diff)
download: gitlab-ce-15.4.4.tar.gz
2 files changed, 18 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 29fcd1e0ca4..276bf834d16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,23 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 15.4.4 (2022-11-02)
+
+### Security (12 changes)
+
+- [Datadog API key leak by changing integration URL](gitlab-org/security/gitlab@15e90bacccbc5146411c7a4ac3400470d3985c18) ([merge request](gitlab-org/security/gitlab!2865))
+- [Redact confidential references in Jira issue descriptions](gitlab-org/security/gitlab@8b60fe8c3150348973a9d3ad79d781614db47103) ([merge request](gitlab-org/security/gitlab!2871))
+- [Forbid reading emojis on internal notes](gitlab-org/security/gitlab@ec9b40a9e9d3c91dc690d74d76187e41b5884ff9) ([merge request](gitlab-org/security/gitlab!2836))
+- [Same-site redirect vulnerability](gitlab-org/security/gitlab@de86e0b20c34d1475ab7535bc3ed0d7a21727a20) ([merge request](gitlab-org/security/gitlab!2879))
+- [BYPASS: Stored-XSS with CSP-bypass via scoped labels' color](gitlab-org/security/gitlab@52e8105445cdba63be5c4e866cb289d13b6d6e7c) ([merge request](gitlab-org/security/gitlab!2861))
+- [Fix Running Upstream Pipelines Jobs Without Permission](gitlab-org/security/gitlab@ad2fe7b8555fd568944718f5fb087de8de7b2425) ([merge request](gitlab-org/security/gitlab!2882))
+- [Add length limit to addressable URLs](gitlab-org/security/gitlab@8c44b371bd120979b339e4e5dbb7208fb048eadd) ([merge request](gitlab-org/security/gitlab!2829))
+- [Add a redirect wall before artifact redirect to pages](gitlab-org/security/gitlab@837c0f2245847c43d6cfd8f1d7860e46ffacfe18) ([merge request](gitlab-org/security/gitlab!2812))
+- [Sandbox swagger-ui to prevent injection attacks](gitlab-org/security/gitlab@90567191fae7f7d84d001e52f0adc11155dc564f) ([merge request](gitlab-org/security/gitlab!2849))
+- [Fix external project permission when using CI prefill variables](gitlab-org/security/gitlab@ae39f2b5a5a27b6e85ef642b768963b7ed018a14) ([merge request](gitlab-org/security/gitlab!2822))
+- [Resolve users can view audit events from other members](gitlab-org/security/gitlab@f819d033a190b2b5f7d635395575e5472b1fe8e7) ([merge request](gitlab-org/security/gitlab!2842))
+- [Path traversal fix for Secure Files](gitlab-org/security/gitlab@bd138464ee5fa71755f2b4d9b9aaaa3c8017a165) ([merge request](gitlab-org/security/gitlab!2848))
+
 ## 15.4.3 (2022-10-19)
 
 ### Fixed (4 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 52e5165c62b..c752231be39 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-15.4.3
-\ No newline at end of file
+15.4.4
+\ No newline at end of file
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-02 08:46:11 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-02 08:46:11 +0000
commit	6442864a274d88d16ee303e78b3c3d1aed79265c (patch)
tree	4f857355fe2e186855c467eb073f074c527af5cc
parent	ddd0f125c2aa83d6a1291ad7366bd7714650bf02 (diff)
download	gitlab-ce-15.4.4.tar.gz