Change Details

Blog post: https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ Includes the following fixes: ``` Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE High Cross-site scripting issue in Web IDE impacts GitLab CE/EE High Missing Authorization issue in Duo Workflows API impacts GitLab EE High Denial of Service issue in import functionality impacts GitLab CE/EE Medium Missing Authorization issue in AI GraphQL mutation impacts GitLab EE Medium Insufficient Access Control Granularity issue in GraphQL runnerUpdate mutation impacts GitLab CE/EE Medium Information Disclosure issue in Mermaid diagram rendering impacts GitLab CE/EE Low ``` [docs](https://wikitech.wikimedia.org/wiki/GitLab/Upgrade#Automated_Upgrade_(sre.gitlab.upgrade_coobook)) [version specific upgrade docs]() [deprecations]() [changelog]() Test instance: [x] gitlab-1001.devtools.eqiad1.wikimedia.cloud [x] gitlab-runner-1007.devtools.eqiad1.wikimedia.cloud [x] gitlab-runner-1008.devtools.eqiad1.wikimedia.cloud Replicas: [x] gitlab1003.wikimedia.org [x] gitlab2002.wikimedia.org Production: [] gitlab1004.wikimedia.org [] Trusted runners [] Shared runners [] Cloud runners

Blog post: https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ Includes the following fixes: ``` Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE High Cross-site scripting issue in Web IDE impacts GitLab CE/EE High Missing Authorization issue in Duo Workflows API impacts GitLab EE High Denial of Service issue in import functionality impacts GitLab CE/EE Medium Missing Authorization issue in AI GraphQL mutation impacts GitLab EE Medium Insufficient Access Control Granularity issue in GraphQL runnerUpdate mutation impacts GitLab CE/EE Medium Information Disclosure issue in Mermaid diagram rendering impacts GitLab CE/EE Low ``` [docs](https://wikitech.wikimedia.org/wiki/GitLab/Upgrade#Automated_Upgrade_(sre.gitlab.upgrade_coobook)) [version specific upgrade docs]() [deprecations]() [changelog]() Test instance: [x] gitlab-1001.devtools.eqiad1.wikimedia.cloud [x] gitlab-runner-1007.devtools.eqiad1.wikimedia.cloud [x] gitlab-runner-1008.devtools.eqiad1.wikimedia.cloud Replicas: [x] gitlab1003.wikimedia.org [x] gitlab2002.wikimedia.org Production: [x] gitlab1004.wikimedia.org [x] Trusted runners [x] Shared runners [x] Cloud runners [MR opened](https://gitlab.wikimedia.org/repos/releng/gitlab-cloud-runner/-/merge_requests/543)

Blog post: https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ Includes the following fixes: ``` Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE High Cross-site scripting issue in Web IDE impacts GitLab CE/EE High Missing Authorization issue in Duo Workflows API impacts GitLab EE High Denial of Service issue in import functionality impacts GitLab CE/EE Medium Missing Authorization issue in AI GraphQL mutation impacts GitLab EE Medium Insufficient Access Control Granularity issue in GraphQL runnerUpdate mutation impacts GitLab CE/EE Medium Information Disclosure issue in Mermaid diagram rendering impacts GitLab CE/EE Low ``` [docs](https://wikitech.wikimedia.org/wiki/GitLab/Upgrade#Automated_Upgrade_(sre.gitlab.upgrade_coobook)) [version specific upgrade docs]() [deprecations]() [changelog]() Test instance: [x] gitlab-1001.devtools.eqiad1.wikimedia.cloud [x] gitlab-runner-1007.devtools.eqiad1.wikimedia.cloud [x] gitlab-runner-1008.devtools.eqiad1.wikimedia.cloud Replicas: [x] gitlab1003.wikimedia.org [x] gitlab2002.wikimedia.org Production: [x] gitlab1004.wikimedia.org [x] Trusted runners [x] Shared runners [x] Cloud runners [MR opened](https://gitlab.wikimedia.org/repos/releng/gitlab-cloud-runnerser/-/merge_requests/543)