mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-25 03:17:13 +00:00
c25756f91c
Includes multiple security fixes mentioned in https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ (unfortunately, no CVE numbers as of yet) - Directory Traversal to Arbitrary File Read - Account Takeover Through Expired Link - Server Side Request Forgery Through Deprecated Service - Group Two-Factor Authentication Requirement Bypass - Stored XSS in Merge Request Pages - Stored XSS in Merge Request Submission Form - Stored XSS in File View - Stored XSS in Grafana Integration - Contribution Analytics Exposed to Non-members - Incorrect Access Control in Docker Registry via Deploy Tokens - Denial of Service via Permission Checks - Denial of Service in Design For Public Issue - GitHub Tokens Displayed in Plaintext on Integrations Page - Incorrect Access Control via LFS Import - Unescaped HTML in Header - Private Merge Request Titles Leaked via Widget - Project Namespace Exposed via Vulnerability Feedback Endpoint - Denial of Service Through Recursive Requests - Project Authorization Not Being Updated - Incorrect Permission Level For Group Invites - Disclosure of Private Group Epic Information - User IP Address Exposed via Badge images - Update postgresql (GitLab Omnibus) |
||
|---|---|---|
| .. | ||
| applications | ||
| build-support | ||
| common-updater | ||
| data | ||
| desktops | ||
| development | ||
| games | ||
| misc | ||
| os-specific | ||
| servers | ||
| shells | ||
| stdenv | ||
| test | ||
| tools | ||
| top-level | ||