Blog post: https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/
Includes the following fixes:
XSS via the Maven Dependency Proxy High Project level analytics settings leaked in DOM Medium Reports can access and download job artifacts despite use of settings to prevent it Medium Direct Transfer - Authorised project/group exports are accessible to other users Medium Bypassing tag check and branch check through imports Low Project Import/Export - Make project/group export files hidden to everyone except user who initiated it Low
docs
[version specific upgrade docs]()
[deprecations]()
[changelog]()
Test instance:
- gitlab-prod-1002.devtools.eqiad1.wikimedia.cloud
-
gitlab-runner-1002.devtools.eqiad1.wikimedia.cloudno update needed -
gitlab-runner-1003.devtools.eqiad1.wikimedia.cloudno update needed
Replicas:
- gitlab1003.wikimedia.org (gitlab-replica-b)
- gitlab1004.wikimedia.org
Production:
- gitlab2002.wikimedia.org
-
Trusted runnersno update needed -
Shared runnersno update needed -
Cloud runnersno update needed