Today we are releasing versions 8.11.7, 8.10.10 and 8.9.10 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Version 8.11.7 contains a security fix for GitLab, plus fixes for minor regressions. Version 8.10.10 and 8.9.10 only contain the security fix.
Please read on for more details.
- CE/EE: Avoid conflict with admin labels when importing GitHub labels. (!6158)
- CE/EE: Restores
fieldNameto allow only string values in
CE/EE: Allow the Rails cookie to be used for API authentication. (#18302)
- EE: Refactor Protected Branches dropdown. (!687)
- EE: Fix mirrored projects allowing empty import urls. (!700)
Information disclosure through
The private user token was available through the
variable, leading to a potential security risk since it could be stolen through
XSS or other attacks.
See the issue for more information.
This version has no migrations and should not require any downtime.
Please be aware that by default the Omnibus packages will stop, run migrations,
and start again, no matter how “big” or “small” the upgrade is. This behavior
can be changed by adding a
To update, check out our update page.
Sign up for security notices
Want to be alerted to new security patches as soon as they're available? Sign up for our Security Newsletter.
Interested in GitLab Enterprise Edition? Check out the features exclusive to EE.
Access to GitLab Enterprise Edition is included with a subscription. No time to upgrade GitLab yourself? Subscribers receive upgrade and installation services.
We want to hear from you
Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.Share your feedback