Blog post: https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/
Includes the following fixes:
Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE High Cross-site scripting issue in Web IDE impacts GitLab CE/EE High Missing Authorization issue in Duo Workflows API impacts GitLab EE High Denial of Service issue in import functionality impacts GitLab CE/EE Medium Missing Authorization issue in AI GraphQL mutation impacts GitLab EE Medium Insufficient Access Control Granularity issue in GraphQL runnerUpdate mutation impacts GitLab CE/EE Medium Information Disclosure issue in Mermaid diagram rendering impacts GitLab CE/EE Low
docs
[version specific upgrade docs]()
[deprecations]()
[changelog]()
Test instance:
- gitlab-1001.devtools.eqiad1.wikimedia.cloud
- gitlab-runner-1007.devtools.eqiad1.wikimedia.cloud
- gitlab-runner-1008.devtools.eqiad1.wikimedia.cloud
Replicas:
- gitlab1003.wikimedia.org
- gitlab2002.wikimedia.org
Production:
- gitlab1004.wikimedia.org
- Trusted runners
- Shared runners
- Cloud runners MR opened