Today we are releasing versions 8.12.3, 8.11.8, 8.10.11 and 8.9.11 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Version 8.12.3 contains some security fixes for GitLab, plus fixes for minor regressions. Version 8.11.8, 8.10.11, and 8.9.11 only contain the security fixes.
If you're wondering what happened to 8.12.2, good eye! That version was accidentally packaged without including some fixes for the CE version.
Please read on for more details.
List-Unsubscribelink in angle brackets. (!6511)
v-cloakto resolve disc button. (!6528)
IssuesController#showdegradation including project on loaded notes. (!6540)
git-lfs-authenticateis called. (!6551)
v-cloakattr to hash rocket and string 'true'. (!6553)
CE/EE: Fix duplicate master entries in the merge request versions dropdown. (!6567)
EE: Fix prevent_secrets checkbox on admin view. (!761)
The new Global Code Search feature introduced in GitLab 8.12.0 was returning titles of projects, milestones, issues, and merge requests from internal projects to anonymous. See #1046 for more information.
Thanks to Christian Bönning for reporthing this issue.
Previous versions set
A user with the "Guest" role could fork a project, and therefore gain access to the code, even though this was restricted to the "Reporter" level and above. See #18028 for more information.
This version has no migrations and should not require any downtime.
Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a
To update, check out our update page.
Want to be alerted to new security patches as soon as they're available? Sign up for our Security Newsletter.
Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.
Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.