CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitLab Patch Release: 16.5.2

unknown
On November 14, 2023, we released versions 16.5.2 for GitLab Community Edition and Enterprise Edition. These versions resolve a number of regressions and bugs. GitLab Community Edition and Enterprise Edition 16.5.2 Backport to 16.5: Geo: Bring back legacy project Prometheus metrics Backport artifacts page breadcrumb fixes Fix broken issue rendering when initial ID is null Backport - Create group wiki repo if absent when verifying on primary backport to 16.5: Fix Geo verification state backfill job can exceed batch size Fix assign security check permission checks Update postgres_exporter from 0.14.0 to 0.15.0 (16.5 backport) Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Premium and Ultimate features is granted by a paid subscription . Alternatively, sign up for GitLab.com to use GitLab’s own infrastructure.

CSIRTS triage

vendor: GitLabproduct: GitLabOtheraffected: 16.5.2
What
The release resolves a number of regressions and bugs.
Who is affected
All GitLab installations using version 16.5.2.
Urgency
Remediation urgency is unclear as this release does not address security vulnerabilities.
Action
Consider upgrading to this version for bug fixes.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitLab

Get an email when a new GitLab advisory drops — max one per day, one-click unsubscribe.

Details

Source
GitLab Security Releases (INTL · vendor-psirt · site)
Severity
unknown
Published
2023-11-14
Exploitation
Not in CISA KEV at last sync

Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-16-5-2-released/

Recent advisories for GitLab Patch Release

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from GitLab Security Releases