CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitLab Patch Release: 18.11.2, 18.10.5

unknown
On April 29, 2026, we released versions 18.11.2 and 18.10.5 for GitLab Community Edition and Enterprise Edition. These out-of-band patch releases fix an observability gap to ensure we continue to meet our disaster recovery RTO/RPO commitments for our GitLab Dedicated customers. These versions also resolve a number of regressions and bugs. This patch release does not include any security fixes. GitLab Community Edition and Enterprise Edition 18.11.2 Revert “Merge branch ‘ia-refactor-role-permission-enablement’ into ‘master’” ‘Add Code Suggestion to the DAP supported features for self-hosted models’ ‘Clear persisted filters when loading /work_items page’ ‘Allow Duo Core user to still use DAP code review’ ‘GraphQL mutation to retry failed reassigments’ into 18.11 “Resolve sidekiq spikes when a User is banned” Fix MCP OAuth discovery failing on relative URL installs ’*_oldest_unsynced_time’ metric addition 18.10.5 ‘Add Code Suggestion to the DAP supported features for self-hosted models’ “Update Duo CLI version for remote flows” “BBM - Skip 3 migrations referencing dropped tables” ‘Allow Duo Core user to still use DAP code review’ “Resolve sidekiq spikes when a User is banned” ‘Fix: self-hosted feature setting missing model_definitions’ “fix: Skip CreateOrUpdateDefaultTrackedContextWorker on Geo secondaries” ’*_oldest_unsynced_time’ metric addition Important notes on upgrading This patch includes database migrations that may impact your upgrade process. Impact on your installation: Single-node instances : This patch will cause downtime during the upgrade as migrations must complete before GitLab can start. Multi-node instances : With proper zero-downtime upgrade procedures , this patch can be applied without downtime. Regular migrations The following version includes regular migrations that run during the upgrade process: 18.10.5 Post-deploy migrations The following version includes post-deploy migrations that can run after the upgrade: 18.11.2 18.10.5 To learn more abo

CSIRTS triage

What
Patch releases fix regressions and bugs but do not include security fixes.
Who is affected
Users of GitLab Community Edition and Enterprise Edition versions 18.11.2 and 18.10.5.
Urgency
While this patch does not address security issues, it is important for overall system stability.
Action
Upgrade to the latest versions 18.11.2 or 18.10.5.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitLab

Get an email when a new GitLab advisory drops — max one per day, one-click unsubscribe.

Details

Source
GitLab Security Releases (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-04-29
Exploitation
Not in CISA KEV at last sync

Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-11-2-released/

Recent advisories for GitLab Patch Release

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from GitLab Security Releases