From eca17098bf8f8b5112b1c2dc0be036f347993b86 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 29 Apr 2022 16:20:18 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@14-9-stable-ee --- CHANGELOG.md | 20 ++++++++++++++++++++ GITALY_SERVER_VERSION | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c34381e64a..bbaa5af86f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,26 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 14.9.4 (2022-04-29) + +### Security (15 changes) + +- [Fixes infinite loop when rendering Ipynb Diffs](gitlab-org/security/gitlab@9836b8e3873e1390e1f6746a1039749c312739b5) ([merge request](gitlab-org/security/gitlab!2401)) +- [Update Import/Export merge/push access levels & exclude ci config path](gitlab-org/security/gitlab@8a27e1e56e965d6b69545a2efb4f55f20cc57b2e) ([merge request](gitlab-org/security/gitlab!2371)) +- [Prevent maintainers from editing PipelineSchedule](gitlab-org/security/gitlab@ee86557a26d0c3f8a983a6f20384f6b778d4ab0b) ([merge request](gitlab-org/security/gitlab!2422)) +- [Add validation to pypi file sha256 values](gitlab-org/security/gitlab@7f78a6b9060745d9fea7f7dc71d4cf090b8e9ab5) ([merge request](gitlab-org/security/gitlab!2416)) +- [Conan Token uses PAT rather than ID in payload](gitlab-org/security/gitlab@574b7397e4b32630276cf1e5896ad4a72e82f02b) ([merge request](gitlab-org/security/gitlab!2345)) +- [[security] Fix markdown API disclosing issue titles of limited projects](gitlab-org/security/gitlab@ff61b763d040ece83387eb7c0f70d0d97aafbd66) ([merge request](gitlab-org/security/gitlab!2406)) +- [Verify that mentioned user can read TODO's note](gitlab-org/security/gitlab@7771534e395f9f433cafa9984cbeeebf86a2d797) ([merge request](gitlab-org/security/gitlab!2396)) +- [Invalidate markdown cache to clear up stored XSS](gitlab-org/security/gitlab@0768d53609d530bee4ef118a929bdd7ac6cbd5de) ([merge request](gitlab-org/security/gitlab!2419)) +- [Allow rate limiting of deploy tokens](gitlab-org/security/gitlab@8738e74dbecece0e0fcdaf5df1323437db77b947) ([merge request](gitlab-org/security/gitlab!2384)) +- [Add suffix to cache name to add isolation](gitlab-org/security/gitlab@d722e72125ded23ea4fd0eeeb775576f7cdd7181) ([merge request](gitlab-org/security/gitlab!2374)) +- [Disable wiki access with CI_JOB_TOKEN when improper access level](gitlab-org/security/gitlab@13524db78a32d13e4081a30cc0db9215c404b435) ([merge request](gitlab-org/security/gitlab!2390)) +- [Sanitize error input to prevent HTML/CSS injection in messages](gitlab-org/security/gitlab@a83683c13f7a0a8af94a88562f5904bfcb1b58e0) ([merge request](gitlab-org/security/gitlab!2377)) +- [Secure debug trace artifact download](gitlab-org/security/gitlab@811ce49adeddb56de0a1ca26652017197fe1b97a) ([merge request](gitlab-org/security/gitlab!2366)) +- [Use password type for all secret integration properties](gitlab-org/security/gitlab@f38cec8b26fa0e33da9247af9e8c53c01e6ec0c6) ([merge request](gitlab-org/security/gitlab!2410)) +- [Limit CI job group_name regexp](gitlab-org/security/gitlab@5a08c0b9dff4518dff91990eecae0ab76c5cf4ed) ([merge request](gitlab-org/security/gitlab!2380)) + ## 14.9.3 (2022-04-12) ### Fixed (4 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index cb408008f92..4a99c04565f 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -14.9.3 \ No newline at end of file +14.9.4 \ No newline at end of file -- cgit v1.2.1