We have just released GitLab Community Edition 7.4.4 and GitLab Enterprise Edition 7.4.5 (7.4.5-ee). These releases fix two cross-site scripting (XSS) vulnerabilities. In addition to the security fixes, GitLab Enterprise Edition 7.4.5 also fixes an LDAP group synchronization regression.
GitLab Community Edition 7.4.3 and earlier.
GitLab Enterprise Edition 7.4.4 and earlier.
The two XSS issues have been fixed in GitLab Community Edition 7.4.4 and GitLab Enterprise Edition 7.4.5.
We would like to thank Hugh Davenport for their responsible disclosure of the XSS issues.
Due to an oversight a bug fix for a regression in GitLab 7.4 Enterprise Edition found right before the 7.4 release did not get shipped. Affected users would see an
Missing setting 'active_directory' in error message. GitLab Enterprise Edition 7.4.5 includes the fix for this error.