惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
The GitHub Blog
The GitHub Blog
T
Threatpost
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - Franky
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell
M
MIT News - Artificial intelligence
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
云风的 BLOG
云风的 BLOG
S
Security Affairs
P
Proofpoint News Feed
L
LINUX DO - 最新话题
宝玉的分享
宝玉的分享
S
Security @ Cisco Blogs
H
Hacker News: Front Page
Security Archives - TechRepublic
Security Archives - TechRepublic
Vercel News
Vercel News
Engineering at Meta
Engineering at Meta
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
美团技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
月光博客
月光博客
量子位
博客园_首页
The Last Watchdog
The Last Watchdog
D
DataBreaches.Net
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
The Register - Security
The Register - Security
Schneier on Security
Schneier on Security
H
Help Net Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
Visual Studio Blog
Google DeepMind News
Google DeepMind News
F
Full Disclosure
C
Cyber Attacks, Cyber Crime and Cyber Security
MyScale Blog
MyScale Blog
aimingoo的专栏
aimingoo的专栏
S
Schneier on Security
L
Lohrmann on Cybersecurity
S
Secure Thoughts
Stack Overflow Blog
Stack Overflow Blog
Cloudbric
Cloudbric
Microsoft Security Blog
Microsoft Security Blog

GitLab

Turn multi-step software delivery into agentic flows you can trust GitLab Duo Security Review spots logic flaws scanners miss Bring GitLab Duo Agent Platform to your terminal Forrester Consulting: GitLab Duo Agent Platform delivers 400% ROI GitLab 19.2 release notes | GitLab Docs When a version bump breaks your build, GitLab fixes it Green DevOps: Why carbon measurement belongs in your CI/CD pipeline GitLab Patch Release: 19.1.2, 19.0.4, 18.11.7 How we used AI agents to migrate GitLab rate limiting Keep your GitLab seats in check with restricted access GitLab Patch Release: 18.8.11 | GitLab Docs Claude Sonnet 5 on GitLab: More reliable, more efficient What Google Antigravity agents get full context with GitLab Orbit GitLab Patch Release: 19.1.1, 19.0.3, 18.11.6 GitLab 19.1 release notes | GitLab Docs AI Catalog updates for governance and operations One vulnerability view: From scanner coverage to AI governance GitLab named a Leader in the 2026 Gartner® Magic Quadrant™ for DevSecOps Platforms GitLab and Capgemini accelerate DevSecOps transformation Introducing the 2026 EMEA GitLab Partner Award winners GitLab Patch Release: 19.0.2, 18.11.5, 18.10.8 Introducing GitLab Orbit GitLab Flex: Commit once, reshape your seats and AI spend GitLab: Built for the agentic engineering era GitLab on Google Cloud: Fully managed, compliant, and AI-ready Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting Mythos-class Claude Fable 5 arrives on GitLab Duo Agent Platform Claude Opus 4.8 on GitLab: Complex agentic work, less disruption Agentic coding is only as good as its context GitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.7 Full security scanner coverage of your codebase in minutes Reduce supply chain risk with SBOM-based dependency scanning Transform MRs from manual tasks to an automated workflow Track CI component usage across your organization Manage CI/CD credentials with GitLab Secrets Manager More AI models for GitLab Duo Agent Platform Self-Hosted GitLab 19.0 | GitLab Docs GitLab Dedicated for Government now GovRAMP-authorized Beyond BYOK: Why governance matters for AI agents Fix bugs with Codex and GitLab 5 ways to fix misleading vulnerability severities with policy Harden your pipeline perimeter for the era of AI-assisted coding GitLab Patch Release: 18.11.3, 18.10.6, 18.9.7 GitLab Act 2 Consolidate your GitLab stack with Gitaly on Kubernetes Limit token exposure with fine-grained PATs Automate deployment processes with GitLab Duo Agent Platform Claude Code and GitLab: Three workflows that ship 8 Agentic AI patterns reshaping team collaboration How to detect and prevent Contagious Interview IDE attacks Atlassian will train on your data: Opt out with GitLab Automate detection testing with GitLab CI/CD and Duo
GitLab Patch Release: 19.0.1, 18.11.4, 18.10.7
CVE-2026-6713 - Incorrect Authorization issue in GraphQL WorkIte · 2026-05-28 · via GitLab

On May 27, 2026, we released versions 19.0.1, 18.11.4, 18.10.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action.

GitLab releases fixes for vulnerabilities in patch releases. There are two types of patch releases: scheduled releases and ad-hoc critical patches for high-severity vulnerabilities. Scheduled releases are released twice a month on the second and fourth Wednesdays. For more information, please visit our releases handbook and security FAQ. You can see all of GitLab release blog posts here.

For security fixes, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched.

We are committed to ensuring that all aspects of GitLab that are exposed to customers or that host customer data are held to the highest security standards. To maintain good security hygiene, it is highly recommended that all customers upgrade to the latest patch release for their supported version. You can read more best practices in securing your GitLab instance in our blog post.

We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.

When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, it means all types are affected.

Security fixes

Table of security fixes

CVE-2026-4868 - Improper Access Control issue in Duo AI workflow runners impacts GitLab EE

GitLab has remediated an issue that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user’s identity due to improper user identity resolution when triggering Duo AI workflow runners.

Impacted Versions: GitLab EE: all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1
CVSS 8.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)

Thanks ahacker1 for reporting this vulnerability through our HackerOne bug bounty program

CVE-2026-1402 - Denial of Service issue in Wiki impacts GitLab CE/EE

GitLab has remediated an issue that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation.

Impacted Versions: GitLab CE/EE: all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1
CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Thanks a92847865 for reporting this vulnerability through our HackerOne bug bounty program

GitLab has remediated an issue that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.

Impacted Versions: GitLab CE/EE: all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1
CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Thanks pollito for reporting this vulnerability through our HackerOne bug bounty program

CVE-2026-5296 - Improper Authorization issue in Duo Workflows API impacts GitLab EE

GitLab has remediated an issue that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow restrictions under certain conditions.

Impacted Versions: GitLab EE: all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1
CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Thanks rogerace for reporting this vulnerability through our HackerOne bug bounty program

CVE-2026-2601 - Missing Authorization issue in Operations impacts GitLab EE

GitLab has remediated an issue that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to improper authorization checks.

Impacted Versions: GitLab EE: all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1
CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Thanks modhanami for reporting this vulnerability through our HackerOne bug bounty program

CVE-2026-8716 - Incorrect Name Resolution issue in Pipelines impacts GitLab CE/EE

GitLab has remediated an issue that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended.

Impacted Versions: GitLab CE/EE: all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1
CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

This vulnerability has been discovered internally by GitLab team member Hordur Freyr Yngvason

CVE-2026-2710 - Incorrect Authorization issue in certain authentication endpoints impacts GitLab CE/EE

GitLab has remediated an issue that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization enforcement.

Impacted Versions: GitLab CE/EE: all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1
CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Thanks s4dmach1ne for reporting this vulnerability through our HackerOne bug bounty program

Bug fixes

19.0.1

18.11.4

18.10.7

Important notes on upgrading

These versions do not include any new migrations, and for multi-node deployments, should not require any downtime.

Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates.

Updating

To update GitLab, see the Update page. To update GitLab Runner, see the Updating the Runner page.

Receive Patch Notifications

To receive patch blog notifications delivered to your inbox, visit our contact us page. To receive release notifications via RSS, subscribe to our patch release RSS feed or our RSS feed for all releases.