mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-22 13:41:26 +00:00
c25756f91c
Includes multiple security fixes mentioned in https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ (unfortunately, no CVE numbers as of yet) - Directory Traversal to Arbitrary File Read - Account Takeover Through Expired Link - Server Side Request Forgery Through Deprecated Service - Group Two-Factor Authentication Requirement Bypass - Stored XSS in Merge Request Pages - Stored XSS in Merge Request Submission Form - Stored XSS in File View - Stored XSS in Grafana Integration - Contribution Analytics Exposed to Non-members - Incorrect Access Control in Docker Registry via Deploy Tokens - Denial of Service via Permission Checks - Denial of Service in Design For Public Issue - GitHub Tokens Displayed in Plaintext on Integrations Page - Incorrect Access Control via LFS Import - Unescaped HTML in Header - Private Merge Request Titles Leaked via Widget - Project Namespace Exposed via Vulnerability Feedback Endpoint - Denial of Service Through Recursive Requests - Project Authorization Not Being Updated - Incorrect Permission Level For Group Invites - Disclosure of Private Group Epic Information - User IP Address Exposed via Badge images - Update postgresql (GitLab Omnibus) |
||
|---|---|---|
| .. | ||
| gitaly | ||
| gitlab-shell | ||
| gitlab-workhorse | ||
| rubyEnv | ||
| data.json | ||
| default.nix | ||
| fix-grpc-ar.patch | ||
| remove-hardcoded-locations.patch | ||
| reset_token.rake | ||
| update.py | ||
| yarnPkgs.nix | ||