Security Release: 11.11.1, 11.10.5, and 11.9.12
Releases tasks
- https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/release-manager.md
- https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
- https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/security-engineer.md
Version issues:
- 11.11.1: https://gitlab.com/gitlab-org/release/tasks/issues/791
- 11.10.5: https://gitlab.com/gitlab-org/release/tasks/issues/792
- 11.9.12: https://gitlab.com/gitlab-org/release/tasks/issues/793
Security Issues:
CE
- {https://gitlab.com/gitlab-org/gitlab-ce/issues link}
- https://gitlab.com/gitlab-org/gitlab-ce/issues/58320
- https://gitlab.com/gitlab-org/gitlab-ce/issues/55463
- https://gitlab.com/gitlab-org/gitlab-ce/issues/58229
- https://gitlab.com/gitlab-org/gitlab-ce/issues/60796
- https://gitlab.com/gitlab-org/gitlab-ce/issues/53550
- https://gitlab.com/gitlab-org/gitaly/issues/1682
- https://gitlab.com/gitlab-org/gitlab-ce/issues/59379 (public)
- https://gitlab.com/gitlab-org/gitlab-ce/issues/60135
- https://gitlab.com/gitlab-org/gitlab-ce/issues/60881
- https://gitlab.com/gitlab-org/gitlab-ce/issues/60143
- https://gitlab.com/gitlab-org/gitlab-ce/issues/58856
- https://gitlab.com/gitlab-org/gitlab-ce/issues/56408
- https://gitlab.com/gitlab-org/gitlab-ce/issues/60039
EE
- {https://gitlab.com/gitlab-org/gitlab-ee/issues link}
- https://gitlab.com/gitlab-org/gitlab-ee/issues/11379
Security Issues in dev.gitlab.org:
CE
- {https://dev.gitlab.org/gitlab/gitlabhq/issues link}
- https://dev.gitlab.org/gitlab/gitlabhq/issues/2841
Description | Link |
---|---|
Original issue | https://gitlab.com/gitlab-org/gitlab-ce/issues/53550 |
master MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2702 |
master MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/940 |
Backport 11.9 MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3119 |
Backport 11.10 MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3120 |
Backport 11.11 MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3121 |
Backport 11.11 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/937 |
Backport 11.10 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/938 |
Backport 11.9 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/939 |
Description | Link |
---|---|
Original issue | https://gitlab.com/gitlab-org/gitlab-ce/issues/60135 |
master MR |
N/A |
master MR (EE) |
N/A |
Backport 11.9 MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3122 |
Backport 11.10 MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3123 |
Backport 11.11 MR |
N/A |
Backport 11.11 MR (EE) |
N/A |
Backport 11.10 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/943 |
Backport 11.9 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/941 |
Description | Link |
---|---|
Original issue | https://gitlab.com/gitlab-org/gitlab-ce/issues/59379 |
master MR |
N/A (already shipped) https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28305 |
master MR (EE) |
N/A (already shipped) https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28305 |
Backport 11.9 MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3124 |
Backport 11.10 MR |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3125 |
Backport 11.11 MR |
N/A (already shipped) |
Backport 11.11 MR (EE) |
N/A (already shipped) |
Backport 11.10 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/950 |
Backport 11.9 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/949 |
EE
- https://dev.gitlab.org/gitlab/gitlabhq/issues/2851 (this was a merge request that was shipped in 11.8.1 but not master, so it's missing from 11.9 onwards)
Description | Link |
---|---|
Original issue | https://gitlab.com/gitlab-org/gitlab-ce/issues/57367 |
master MR |
N/A |
master MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/825 |
Backport 11.9 MR |
N/A |
Backport 11.10 MR |
N/A |
Backport 11.11 MR |
N/A |
Backport 11.11 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/953 |
Backport 11.10 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/952 |
Backport 11.9 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/951 |
Version | MR |
---|---|
11.11 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
11.10 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
11.9 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
master | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
Description | Link |
---|---|
Original issue | https://gitlab.com/gitlab-org/gitlab-ee/issues/11379 |
master MR |
N/A |
master MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/945 |
Backport 11.9 MR |
N/A |
Backport 11.10 MR |
N/A |
Backport 11.11 MR |
N/A |
Backport 11.11 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/946 |
Backport 11.10 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/947 |
Backport 11.9 MR (EE) |
https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/948 |
QA
{QA issue link}
Blog post
Dev: https://dev.gitlab.org/gitlab/www-gitlab-com/merge_requests/63
gitlab.com: gitlab-com/www-gitlab-com!23644 (merged)
Email notification
https://gitlab.com/gitlab-com/gl-security/security-communications/communications/issues/57
Edited by Luke Duncalfe