Update GitLab Workspaces Proxy version (!199422) · Merge requests · GitLab.org / GitLab

Issue: Do not use wildcard domains for cookies set by ... (#552058 - closed)

What does this MR do and why?

Update GitLab Workspaces Proxy version

Prior to helm chart version 0.1.20 , the cookies set by the proxy were insecure and on a wildcard domain. This vulnerability has been fixed in Update cookie to not use wildcard domain (gitlab-org/workspaces/gitlab-workspaces-proxy!34 - merged) and Gracefully transition from old cookie to new co... (gitlab-org/workspaces/gitlab-workspaces-proxy!35 - merged) .

A Changelog: security has been added to make this visible in the GitLab release notes to improve its visibility since GitLab Workspaces Proxy is not packaged with GitLab. This was agreed on here.

References

Do not use wildcard domains for cookies set by ... (#552058 - closed)

Screenshots or screen recordings

N.A.

How to set up and validate locally

N.A.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Jul 29, 2025 by Vishal Tak