GitLab has released security update versions 10.7.2, 10.6.5, and 10.5.8, which contain many important security fixes, and it is strongly recommended that all GitLab users upgrade to one of these versions immediately. Mainly solve the following problems:
Persistent XSS in "Move Issue" using project namespace
Move Issue contains a persistent XSS vulnerability, which is now resolved in the latest release. The issue number: CVE-2018-10379 .
Download Archive allows unauthorized private repo access
Download Archive contained an inappropriate authorization issue, which has been fixed in this release. Affected users will be notified by email and a separate blog post will be published detailing the issue and its impact.
Mattermost Updates
The respective Mattermost security releases are included in 10.5 and 10.6. The omnibus-gitlab package for 10.7.0 already contains Mattermost security updates. For more information see: Mattermost security updates page
See the announcement for details .
Click to enter the update page .