CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.7

unknown
Today, we are releasing versions 18.9.8, 18.8.10, 18.7.7, 18.6.8, and 18.5.7 for GitLab Community Edition and Enterprise Edition. These versions resolve a number of regressions and bugs. This patch release does not include any security fixes. This patch release addresses a regression introduced in GitLab 18.4 where issues appeared duplicated in Epic swimlane board views — showing under both their direct parent epic and the grandparent epic — even when no filter was applied. This caused boards to become cluttered and made iteration planning unreliable for teams using nested epic hierarchies. The fix restores the intended behavior: issues appear only under their direct parent epic in unfiltered swimlane views, while the full hierarchy is still shown when a user explicitly filters by a specific parent epic. Customers affected by this issue are encouraged to upgrade to the patched version. GitLab Community Edition and Enterprise Edition 18.9.8 Backport of Fix swimlane problem Backport of Fix flaky new_project_spec CI/CD from repo URL test to 18-9 Backport ‘Pass down DOCKER_VERSION to release env pipeline’ and ‘Remove Helm based release environment QA’ to 18-9-stable-ee Backport ‘Bump nginx to version 1.30.1’ to 18-9 [18.9] Mattermost Security Updates May 13, 2026 18.8.10 [18.8] Scope start-rails-specs changes rule to MR pipelines 18.8 Backport of ‘update zlib to 3.2.3’ [Backport 18.8]Fix PG::UniqueViolation in project_daily_statistics sync trigger Docs backport: Add note about Agent Platform flow configurations not available until 18.11 Backport of Fix swimlane problem Backport ‘Pass GIT_VERSION/DOCKER_VERSION to release env pipeline’ and ‘Remove Helm based release environment QA’ to 18-8-stable-ee 18.8 backport of ‘Update rack to 2.2.23’ Backport: fix: Set sv timeout when restarting Gitaly to 18.8 [18.8] Remove Mattermost for SLES-12.5 18.7.7 [18.7] Update dependency oj to v3.16.15 [18.7] GLQL advanced finder, remove project_ids Backport oj and oj-introspect gem update

CSIRTS triage

What
This patch release resolves regressions and bugs but does not include security fixes.
Who is affected
Users of the specified GitLab versions are affected.
Urgency
While this release does not address security issues, upgrading is still recommended for bug fixes.
Action
Upgrade to versions 18.9.8, 18.8.10, 18.7.7, 18.6.8, or 18.5.7.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitLab

Get an email when a new GitLab advisory drops — max one per day, one-click unsubscribe.

Details

Source
GitLab Security Releases (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-05-27
Exploitation
Not in CISA KEV at last sync

Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-9-8-released/

Recent advisories for GitLab Patch Release

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from GitLab Security Releases