Recently GitLab released new version updates 11.2.3, 11.1.6, and 11.0.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain a number of important security fixes, GitLab recommends that all GitLab installations be upgraded to one of these versions right away.
1. Persistent XSS in CI/CD Pipeline Tooltip – Solved
Affects GitLab CE/EE 10.7 and later
2. GitLab.com Zeroconf Endpoints in GCP Issue – Solved
Affects GitLab.com and instances deployed to GCP
3.Persistent XSS in Merge Request Changes View – Solved
Affects GitLab CE/EE 11.1 and 11.2
4. Sensitive Data Disclosure in Sidekiq Logs – Solved
Affects GitLab CE/EE 8.10.0 and later
5. CSRF Vulnerability in System Hooks – Solved
Affects GitLab 2.7.0pre and later
6.Orphaned Project Upload Files – Solved
Affects GitLab CE/EE 8.10.0 and later.
7.Repository Storage value change via API – Solved
Affects GitLab EE 8.10 and later
GitLab 11.2 version release came with enhancements to the Web IDE, support for manifest files to import Android projects, offer instance-wide custom custom project templates.
With the new support for XML manifest files, you can now import larger project structures with multiple repositories altogether, in bulk, including Android OS code from the Android Open Source Project (AOSP).
With 11.2, GitLab administrators can offer instance-wide custom project templates, allowing users to start new projects quickly by automating repetitive setup tasks.
Interested in GitLab licenses? Contact us to know more.