Today we are releasing versions 8.11.4 and 8.10.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Version 8.11.4 contains two security fixes for GitLab, plus fixes for minor regressions.
Please read on for more details.
CE/EE: Fixed escaping issue with labels filter. (!6123)
It was possible for an attacker to create a new Issue Board column based on the label of any project, including private ones, potentially leaking the label's name and description. See the issue for more information.
When importing a project from another service, it was possible for a user to create a GitLab group when they didn't have permission to do so. See the issue for more information.
Thanks to Skylar Kelty for responsibly disclosing this issue to us.
This version has no migrations and should not require any downtime.
Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a
To update, check out our update page.
Want to be alerted to new security patches as soon as they're available? Sign up for our Security Newsletter.
Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.
Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.