Source: GitLab Blog | Author: Ethan Strike
GitLab Community Edition (CE) 및 Enterprise Edition (EE)용 12.8.6 버전이 출시되었습니다.
이 버전에는 중요한 보안 픽스가 포함되어 있으므로 모든 GitLab 설치를 새로운 버전 중 하나로 즉시 업그레이드하는 것을 권장합니다.
취약성 세부 정보는 약 30 일 후에 이슈 트래커에 공개될 예정입니다.
Please read on for more information regarding this release.
Email Confirmation Not Required on Sign-up
With the release of 12.8.0, a soft email confirmation sign-up flow was enabled by default. For instances with sign-up enabled, users were able to sign up and access the instance for a 2 day grace period with an unconfirmed email address, potentially bypassing domain restrictions. The change was reverted and is assigned CVE-2020-10535.
Affects GitLab CE/EE 12.8.0 through 12.8.5.
We strongly recommend that all installations running an affected version above are upgraded to the latest version as soon as possible.
To update GitLab, see the Update page.