3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/applications/version-management/gitlab
Florian Klink 5bf07d665f gitlab: 12.5.3 -> 12.5.4
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/

Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.

When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.

The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.

CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory

closes #75506.
2019-12-11 15:16:36 +01:00
..
gitaly gitlab: 12.5.2 -> 12.5.3 2019-12-04 11:30:40 +01:00
gitlab-shell gitlab: 12.5.2 -> 12.5.3 2019-12-04 11:30:40 +01:00
gitlab-workhorse gitlab-workhorse: 8.14.0 -> 8.14.1 2019-11-28 00:18:03 +01:00
rubyEnv gitlab: 12.4.3 -> 12.5.0 2019-11-26 17:32:01 +01:00
data.json gitlab: 12.5.3 -> 12.5.4 2019-12-11 15:16:36 +01:00
default.nix gitlab: 12.4.3 -> 12.5.0 2019-11-26 17:32:01 +01:00
fix-grpc-ar.patch
remove-hardcoded-locations.patch gitlab: 12.3.5 -> 12.4.0 2019-10-28 14:56:37 +01:00
reset_token.rake
update.py Revert "gitlab: fix updater shebang" 2019-11-28 16:15:07 +01:00
yarnPkgs.nix gitlab: 12.4.3 -> 12.5.0 2019-11-26 17:32:01 +01:00