CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitLab Patch Release: 18.8.3, 18.7.3, 18.6.5

unknown
On February 4, 2026, we released versions 18.8.3, 18.7.3, and 18.6.5 for GitLab Community Edition and Enterprise Edition. This patch release delivers a set of targeted fixes focused on reliability, entitlement handling, and feature-flag consistency across GitLab Duo Agent Platform deployments. The updates reflect real-world usage across diverse environments and usage models, and are part of the normal hardening cycle for a platform that integrates deeply with GitLab workflows, identity, and usage controls. Core agent capabilities and behaviors are unchanged. This patch release does not include any security fixes. GitLab Community Edition and Enterprise Edition 18.8.3 Backport of ‘Pass user id to workflow service’ Backport of ‘Unlock Duo Workflow foundational flows from experimental features’ Backport of ‘Unlock Duo Workflow foundational flows from experimental features’ Backport of ‘Fix enforced_scans sync with inject_policy’ Backport of “Open service desk issues and tickets on boards in legacy view instead of drawer” Backport of “Add info on UI for new Ticket work item type” [Backport]Fix missing Open the file to view all results’ link in Zoekt Refactor Redis TLS options parsing to fix ActionCable configuration Backport of ‘Fix route constraint for Credits dashboards’ Backport of ‘Fix Zoekt filter order to avoid performance regression’ to 18.8 Backport: Allow to better debug initialize connection Backport of ‘Integrate work items into chat notifications as issue events’ Backport of “Fixes preserving external author on work item move and clone” [Backport] Remove search api preload for commits scope Backport of “Regenerate openapi docs” 18.7.3 Backport of ‘Add FF to toggle namespace filtering for Duo Chat data’ Backport of ‘Remove duo_workflow_in_ci Feature Flag’ Backport of ‘Remove duo_workflow Feature Flag’ Backport of ‘Pass user id to workflow service’ Backport of ‘Fix enforced_scans sync with inject_policy’ Backport of ‘Fix Zoekt filter order to avoid performance

CSIRTS triage

What
This patch release delivers targeted fixes focused on reliability and entitlement handling.
Who is affected
All self-managed GitLab installations.
Urgency
Remediation urgency is unclear as this release does not include security fixes.
Action
Consider upgrading for reliability improvements.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitLab Community Edition and Enterprise Edition

Get an email when a new GitLab Community Edition and Enterprise Edition advisory drops — max one per day, one-click unsubscribe.

Details

Source
GitLab Security Releases (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-02-04
Exploitation
Not in CISA KEV at last sync

Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-8-3-released/

Recent advisories for GitLab Patch Release

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from GitLab Security Releases