2016-12-08-gitlab-8-dot-14-dot-4-released.html.md 3.01 KB
Newer Older
1 2 3 4 5 6
---
layout: post
title: "GitLab 8.14.4, 8.13.9, and 8.12.12 Released"
date: 2016-12-08 19:00
author: GitLab
author_twitter: gitlab
Rebecca Dodd's avatar
Rebecca Dodd committed
7
categories: releases
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
---

Today we are releasing versions 8.14.4, 8.13.9, and 8.12.12 for GitLab Community
Edition (CE) and Enterprise Edition (EE).

These versions contain important security fixes, and we **strongly
recommend** that all affected GitLab installations be upgraded to one of these
versions **immediately**.

Please read on for more details.

<!-- more -->

## Security fixes in 8.14.4, 8.13.9 and 8.12.12

23
- **CE/EE:** Replace MR access checks with use of `MergeRequestsFinder` ([#23867])
24 25 26

## Security fixes in 8.14.4

27
- **CE/EE:** Destroy a user's session when they delete their account. ([#25015])
28
- **CE/EE:** Filter authentication tokens from Sentry output.
29
- **CE/EE:** XSS when `LegacyDiffNote` is created on a merge request diff containing HTML ([#25249])
30 31 32
- Thanks to Kristiyan Bogdanov via HackerOne.

## Other fixes in 8.14.4
33

34 35 36 37 38 39 40 41 42 43 44
- **CE/EE:** Fix pipeline author for Slack and use pipeline id for pipeline link ([!7506])
- **CE/EE:** Resolve "Highlighting lines is broken" ([!7090])
- **CE/EE:** Fix pipelines tabs ([!7709])
- **CE/EE:** Fix compatibility with Internet Explorer 11 for merge requests ([!7525])
- **CE/EE:** Authorize users into imported GitLab project ([!7936])
- **CE/EE:** Remove caching of Repository#has_visible_content? ([!7947])
- **CE/EE:** Bump gitlab-shell version to 4.0.3 ([!7953])


- **EE:** Prevent remote mirrors from failing when project is in pending_delete ([!938])

45 46 47 48
[#23867]: https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
[#25015]: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015
[#25249]: https://gitlab.com/gitlab-org/gitlab-ce/issues/25249

49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
[!7506]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7506
[!7090]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7090
[!7709]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7709
[!7525]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7525
[!7936]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7936
[!7947]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7947
[!7953]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7953
[!938]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/938

## Upgrade barometer

These versions do include a single migration, and will require brief
downtime of typically less than one minute.

Please be aware that by default the Omnibus packages will stop, run migrations,
and start again, no matter how “big” or “small” the upgrade is. This behavior
can be changed by adding a [`/etc/gitlab/skip-auto-migrations`
file](http://doc.gitlab.com/omnibus/update/README.html).

## Updating

Matija Čupić's avatar
Matija Čupić committed
70
To update, check out our [update page](/update).
71 72 73 74

## Enterprise Edition

Interested in GitLab Enterprise Edition? Check out the [features exclusive to
Matija Čupić's avatar
Matija Čupić committed
75
EE](/features/#enterprise).
76 77

Access to GitLab Enterprise Edition is included with a
Matija Čupić's avatar
Matija Čupić committed
78
[subscription](/pricing/). No time to upgrade GitLab
79
yourself? Subscribers receive upgrade and installation services.