diff options
author | Milan <mil@nyantec.com> | 2020-03-05 16:37:21 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-05 16:37:21 +0100 |
commit | c25756f91ccfc8b3c085d91de6ec4d6e469ccc20 (patch) | |
tree | b55f469841590eb8cbc4223f91cbd8d2b58e8e11 /pkgs/applications/version-management/gitlab | |
parent | 93fd4b7f0074e1fa3b277b301bd7e0a08100b29a (diff) |
gitlab: 12.8.1 -> 12.8.2 (#81803)
Includes multiple security fixes mentioned in https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ (unfortunately, no CVE numbers as of yet) - Directory Traversal to Arbitrary File Read - Account Takeover Through Expired Link - Server Side Request Forgery Through Deprecated Service - Group Two-Factor Authentication Requirement Bypass - Stored XSS in Merge Request Pages - Stored XSS in Merge Request Submission Form - Stored XSS in File View - Stored XSS in Grafana Integration - Contribution Analytics Exposed to Non-members - Incorrect Access Control in Docker Registry via Deploy Tokens - Denial of Service via Permission Checks - Denial of Service in Design For Public Issue - GitHub Tokens Displayed in Plaintext on Integrations Page - Incorrect Access Control via LFS Import - Unescaped HTML in Header - Private Merge Request Titles Leaked via Widget - Project Namespace Exposed via Vulnerability Feedback Endpoint - Denial of Service Through Recursive Requests - Project Authorization Not Being Updated - Incorrect Permission Level For Group Invites - Disclosure of Private Group Epic Information - User IP Address Exposed via Badge images - Update postgresql (GitLab Omnibus)
Diffstat (limited to 'pkgs/applications/version-management/gitlab')
3 files changed, 8 insertions, 8 deletions
diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json index 87c37f1c75f4a..2772ef5b6f4b9 100644 --- a/pkgs/applications/version-management/gitlab/data.json +++ b/pkgs/applications/version-management/gitlab/data.json @@ -1,11 +1,11 @@ { - "version": "12.8.1", - "repo_hash": "1h844a79scf3an5rv0wi332lrf7mv1zcv2mg6zllk82f7nf341gn", + "version": "12.8.2", + "repo_hash": "1d27s61kglryr5pashwfq55z7fh16fxkx1m4gc82xihwfzarf4x9", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v12.8.1-ee", + "rev": "v12.8.2-ee", "passthru": { - "GITALY_SERVER_VERSION": "12.8.1", + "GITALY_SERVER_VERSION": "12.8.2", "GITLAB_PAGES_VERSION": "1.16.0", "GITLAB_SHELL_VERSION": "11.0.0", "GITLAB_WORKHORSE_VERSION": "8.21.0" diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix index bac51cd278c2d..af97873463e84 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/default.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix @@ -28,14 +28,14 @@ let }; }); in buildGoPackage rec { - version = "12.8.1"; + version = "12.8.2"; pname = "gitaly"; src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - sha256 = "0sjkh0j36dpakqmq7l5gd1ydmx1kxgij53bjvvn37r19liqdijnx"; + sha256 = "1zc44y5yl799vqg12w3iaivk4xwj9i4k6f198svplipa760nl9ic"; }; # Fix a check which assumes that hook files are writeable by their diff --git a/pkgs/applications/version-management/gitlab/gitaly/deps.nix b/pkgs/applications/version-management/gitlab/gitaly/deps.nix index 83a2f0f5f7482..5ab063d1deab6 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/deps.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/deps.nix @@ -1319,8 +1319,8 @@ fetch = { type = "git"; url = "https://github.com/ugorji/go"; - rev = "v1.1.4"; - sha256 = "0ma2qvn5wqvjidpdz74x832a813qnr1cxbx6n6n125ak9b3wbn5w"; + rev = "d75b2dcb6bc8"; + sha256 = "0di1k35gpq9bp958ywranpbskx2vdwlb38s22vl9rybm3wa5g3ps"; }; } { |