发布日期: 2023年11月21日 发布版本: GitLab 18.5.2, 18.4.4, 18.3.6 适用版本: GitLab Community Edition (CE) 和 Enterprise Edition (EE) 关键安全更新: 包含重要的bug和安全修复 推荐行动: 强烈建议所有受影响版本的安装尽快升级到最新版本 具体安全修复: - CVE-2025-11224: Cross-site scripting issue in k8s proxy impacts GitLab CE/EE - CVE-2025-11865: Incorrect Authorization issue in workflows impacts GitLab EE - CVE-2025-2615: Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE - CVE-2025-7000: Information Disclosure issue in access control impacts GitLab CE/EE - CVE-2025-6945: Prompt Injection issue in GitLab Duo review impacts GitLab EE - CVE-2025-11990: Client Side Path Traversal issue in branch names impacts GitLab EE - CVE-2025-6171: Information Disclosure issue in packages API endpoint impacts GitLab CE/EE - CVE-2025-7736: Improper Access Control issue in GitLab Pages impacts GitLab CE/EE - CVE-2025-12983: Denial of service issue in markdown impacts GitLab CE/EE 其他重要信息: 包含libxml2的安全更新,fix了一系列bug以提高稳定性和性能